fix(chat): invalidate workspace pending tasks cache on manual stop

When user manually stops a chat, only the per-session pending task cache was cleared. The sidebar reads the workspace-level aggregate pending tasks query, which remained stale — causing the loading spinner to keep spinning. Now invalidate the aggregate cache too. Closes MUL-1384
2026-06-19 04:38:50 +02:00 · 2026-04-24 16:57:43 +08:00
961 changed files with 12642 additions and 98970 deletions
--- a/.env.example
+++ b/.env.example
@@ -11,21 +11,17 @@ DATABASE_URL=postgres://multica:multica@localhost:5432/multica?sslmode=disable
 # DATABASE_MIN_CONNS=5

 # Server
-# APP_ENV gates production safety checks. Docker self-host pins APP_ENV to
-# "production" by default. Local dev can leave it unset.
+# APP_ENV gates dev-only auth shortcuts (primarily the 888888 master code).
+#   - Docker self-host: docker-compose.selfhost.yml already pins APP_ENV to
+#     "production" by default, so 888888 is DISABLED — a public instance can't
+#     be logged into with any email + 888888.
+#   - Local dev (make dev): leave APP_ENV unset so 888888 works out of the box.
+#   - Docker self-host on a private network you fully control, or evaluation
+#     without Resend: set APP_ENV=development to re-enable 888888. Do NOT
+#     enable on a publicly reachable instance.
 # See SELF_HOSTING.md for the full login setup.
 APP_ENV=
-# Optional local/testing shortcut. Empty by default, so there is no fixed
-# verification code. Without RESEND_API_KEY, generated codes print to stdout.
-# If you need deterministic local automation, set a 6-digit value such as
-# 888888 and keep APP_ENV non-production. This is ignored when APP_ENV=production.
-MULTICA_DEV_VERIFICATION_CODE=
 PORT=8080
-# Prometheus metrics are disabled by default. When enabled, bind to loopback
-# unless you protect the listener with private networking, allowlists, or
-# proxy auth. Do not expose this endpoint through the public app/API ingress.
-# HTTP request metrics start accumulating only when this listener is enabled.
-# METRICS_ADDR=127.0.0.1:9090
 JWT_SECRET=change-me-in-production
 MULTICA_SERVER_URL=ws://localhost:8080/ws
 MULTICA_APP_URL=http://localhost:3000
@@ -49,7 +45,8 @@ MULTICA_BACKEND_IMAGE=ghcr.io/multica-ai/multica-backend
 MULTICA_WEB_IMAGE=ghcr.io/multica-ai/multica-web

 # Email (Resend)
-# For local/dev use, leave RESEND_API_KEY empty — generated codes print to stdout.
+# For local/dev use, leave RESEND_API_KEY empty — codes print to stdout, and
+# master code 888888 works (only when APP_ENV != "production"; see above).
 # For production, set your Resend API key and change RESEND_FROM_EMAIL to a domain verified in your Resend account.
 RESEND_API_KEY=
 RESEND_FROM_EMAIL=noreply@multica.ai
@@ -63,9 +60,6 @@ GOOGLE_CLIENT_SECRET=
 GOOGLE_REDIRECT_URI=http://localhost:3000/auth/callback

 # S3 / CloudFront
-# S3_BUCKET — bucket NAME only (e.g. "my-bucket"). Do NOT include the
-# ".s3.<region>.amazonaws.com" suffix; the server builds the public URL
-# from S3_BUCKET + S3_REGION. S3_REGION must match the bucket's real region.
 S3_BUCKET=
 S3_REGION=us-west-2
 CLOUDFRONT_KEY_PAIR_ID=
@@ -132,8 +126,5 @@ ALLOWED_EMAILS=
 # will run a no-op analytics client and ship nothing. See docs/analytics.md.
 POSTHOG_API_KEY=
 POSTHOG_HOST=https://us.i.posthog.com
-# Optional override for the `environment` PostHog event property.
-# Defaults from APP_ENV and normalizes to production / staging / dev.
-ANALYTICS_ENVIRONMENT=
 # Force the no-op client even when POSTHOG_API_KEY is set (CI / opt-out).
 ANALYTICS_DISABLED=
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -40,8 +40,6 @@ Closes #
 - [ ] I have added or updated tests where applicable
 - [ ] If this change affects the UI, I have included before/after screenshots
 - [ ] I have updated relevant documentation to reflect my changes
- [ ] If I added a new runtime / coding tool / UI tab, I synced the change to **landing copy** (`apps/web/features/landing/i18n/`), **starter-content** (`packages/views/onboarding/utils/starter-content-content-*.ts`), and **relevant docs** (`apps/docs/content/docs/`)
- [ ] If this PR touches Chinese product copy, I checked it against `apps/docs/content/docs/developers/conventions.zh.mdx` (terminology, mixed-rule for `task` / `issue` / `skill`)
 - [ ] I have considered and documented any risks above
 - [ ] I will address all reviewer comments before requesting merge

--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -29,17 +29,8 @@ jobs:
      - name: Install dependencies
        run: pnpm install

-      - name: Verify reserved-slugs.ts is up to date
-        # Re-runs the generator and fails on any drift from the
-        # checked-in TypeScript output. The Go side embeds the JSON
-        # source directly, so a passing diff here proves both sides
-        # share one source of truth.
-        run: |
-          pnpm generate:reserved-slugs
-          git diff --exit-code -- packages/core/paths/reserved-slugs.ts
-
-      - name: Build, type check, lint, and test
-        run: pnpm exec turbo build typecheck lint test --filter='!@multica/docs'
+      - name: Build, type check, and test
+        run: pnpm exec turbo build typecheck test --filter='!@multica/docs'

  backend:
    runs-on: ubuntu-latest
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -56,12 +56,6 @@ jobs:

  release:
    needs: verify
-    # Only run on the canonical upstream repo. Forks don't have the
-    # HOMEBREW_TAP_GITHUB_TOKEN secret and should not be publishing to
-    # `multica-ai/homebrew-tap` anyway. Without this guard, every fork's
-    # tag push fails this job (401 against the upstream tap), which makes
-    # downstream CI go red without affecting the actual artifact pipeline.
-    if: github.repository_owner == 'multica-ai'
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -2,21 +2,6 @@

 This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.

-## Conventions reference
-
-The single source of truth for **code naming, the i18n translation glossary, and the Chinese voice guide** is the docs site:
-
- **`apps/docs/content/docs/developers/conventions.mdx`** (English)
- **`apps/docs/content/docs/developers/conventions.zh.mdx`** (Chinese)
-
-Read that page before:
-
- Writing or editing translations (`packages/views/locales/`)
- Naming a new route, package, file, DB column, or TS type
- Writing Chinese product copy (UI strings, error messages, docs)
-
-The legacy `packages/views/locales/glossary.md` is now a stub redirecting to the docs page; do not rely on it.
-
 ## Project Context

 Multica is an AI-native task management platform — like Linear, but with AI agents as first-class citizens.
@@ -146,38 +131,10 @@ make start-worktree     # Start using .env.worktree
 - Go code follows standard Go conventions (gofmt, go vet).
 - Keep comments in code **English only**.
 - Prefer existing patterns/components over introducing parallel abstractions.
- Unless the user explicitly asks for backwards compatibility, do **not** add compatibility layers, fallback paths, dual-write logic, legacy adapters, or temporary shims **for internal, non-boundary code** (a function calling another function in the same package, a component reading its own state, a store helper, etc.).
- This rule does **not** apply at API boundaries: the desktop app cannot assume the backend it talks to has the same shape as the one it was built against (older desktop installs will outlive any given server build). API response handling must follow the rules in **API Response Compatibility** below — that is a defensive boundary, not a legacy shim.
+- Unless the user explicitly asks for backwards compatibility, do **not** add compatibility layers, fallback paths, dual-write logic, legacy adapters, or temporary shims.
 - If a flow or API is being replaced and the product is not yet live, prefer removing the old path instead of preserving both old and new behavior.
 - Avoid broad refactors unless required by the task.
 - New global (pre-workspace) routes MUST use a single word (`/login`, `/inbox`) or a `/{noun}/{verb}` pair (`/workspaces/new`). NEVER add hyphenated word-group root routes (`/new-workspace`, `/create-team`) — they collide with common user workspace names and force endless reserved-slug audits. Reserving the noun (`workspaces`) automatically protects the entire `/workspaces/*` subtree.
- The reserved-slug list lives in **one** place: `server/internal/handler/reserved_slugs.json`. The Go side embeds the JSON; `packages/core/paths/reserved-slugs.ts` is generated from it by `pnpm generate:reserved-slugs`. Edit the JSON, run the generator, commit both. CI re-runs the generator and fails on any drift, so a stale TS file cannot land.
-
-### API Response Compatibility
-
-The desktop app installed on a user's machine is older than any backend it talks to: a user on 0.2.26 will hit a server running 0.3.x, then 0.4.x, then beyond. Every response shape is a contract that **will** drift, and the frontend must survive drift without white-screening. Three concrete incidents already happened from violating this — #2143, #2147, #2192.
-
-When writing code that consumes an API response, follow these rules:
-
- **Parse, don't cast.** Untyped JSON crossing the network is not `T`. Use `parseWithFallback` in `packages/core/api/schema.ts` with a `zod` schema and an explicit fallback. On validation failure it logs a warning and returns the fallback; it never throws into the UI.
- **No bare `as` casts on response bodies.** Every endpoint method whose response is consumed by UI logic must run through a schema before returning.
- **Optional-chain and default everywhere downstream.** Treat every field as possibly missing. Use explicit boolean checks (`=== true`) over truthy/falsy negation, which silently treats `undefined` and `null` as `false`.
- **Don't pin a UI affordance to a single backend field.** If a button or indicator depends on exactly one boolean from the server, a backend bug deletes it. Combine signals (cursor presence, page length, etc.) so the affordance stays available in the worst case.
- **Enum drift downgrades, not crashes.** A new server-side enum value should render a generic fallback. `switch` statements on server-driven strings must have a `default` branch.
- **When you add or change an endpoint:** add the schema in the same PR, and write at least one test that feeds a malformed response through it (missing field, wrong type, `null` array). The test fails closed if a future change breaks the contract.
-
-This is not premature defense — it is the *only* defense for an installed-app architecture. CSR-only browser apps can ship a fix in minutes; an Electron build sitting on a developer's laptop cannot.
-
-### Backend Handler UUID Parsing Convention
-
-Every Go handler in `server/internal/handler/` follows these rules. The convention exists because `util.ParseUUID` used to silently return a zero UUID on invalid input, which caused #1661 — a `DELETE` returning 204 success while the SQL `DELETE` matched zero rows.
-
- **Resource path params that accept either a UUID or a human-readable identifier** (e.g. `chi.URLParam(r, "id")` for an issue, which accepts both `MUL-123` and a UUID) MUST be resolved through the dedicated loader (`loadIssueForUser` / `loadSkillForUser` / `loadAgentForUser` / `requireDaemonRuntimeAccess`). After resolution, all subsequent DB calls — especially `Queries.Delete*` / `Queries.Update*` — MUST use `entity.ID` from the resolved object. Never round-trip the raw URL string through `parseUUID` for a write query.
- **Pure-UUID inputs from request boundaries** (URL params that are always UUIDs, request body fields, query params, headers) MUST be validated with `parseUUIDOrBadRequest(w, s, fieldName)`. On invalid input it writes a 400 and returns `ok=false` — return immediately.
- **Trusted UUID round-trips** (sqlc-returned UUIDs being passed back into queries, test fixtures) use `parseUUID(s)` which calls `util.MustParseUUID` and panics on invalid input. A panic here means an unguarded user-input string slipped in — that is a real bug. `chi`'s `middleware.Recoverer` translates the panic into a 500 so the process keeps running.
- **`util.ParseUUID(s) (pgtype.UUID, error)`** is the only safe variant outside the handler package. Always check the error.
-
-When adding a `Queries.Delete*` or `Queries.Update*` call, ask: "Where did this UUID come from?" If the answer is "raw user input that hasn't been validated," route it through `parseUUIDOrBadRequest` or a loader first.

 ### Package Boundary Rules

--- a/CLI_AND_DAEMON.md
+++ b/CLI_AND_DAEMON.md
@@ -70,10 +70,10 @@ Opens your browser for OAuth authentication, creates a 90-day personal access to
 ### Token Login

 ```bash
-multica login --token <mul_...>
+multica login --token
 ```

-Authenticate using a personal access token directly. Useful for headless environments. Pass `--token=` with an empty value to be prompted interactively (so the token never lands in shell history).
+Authenticate by pasting a personal access token directly. Useful for headless environments.

 ### Check Status

@@ -140,15 +140,12 @@ The daemon auto-detects these AI CLIs on your PATH:
 |-----|---------|-------------|
 | [Claude Code](https://docs.anthropic.com/en/docs/claude-code) | `claude` | Anthropic's coding agent |
 | [Codex](https://github.com/openai/codex) | `codex` | OpenAI's coding agent |
-| [GitHub Copilot CLI](https://docs.github.com/en/copilot) | `copilot` | GitHub's coding agent (model routed by your GitHub entitlement) |
 | OpenCode | `opencode` | Open-source coding agent |
 | OpenClaw | `openclaw` | Open-source coding agent |
 | Hermes | `hermes` | Nous Research coding agent |
 | Gemini | `gemini` | Google's coding agent |
 | [Pi](https://pi.dev/) | `pi` | Pi coding agent |
 | [Cursor Agent](https://cursor.com/) | `cursor-agent` | Cursor's headless coding agent |
-| Kimi | `kimi` | Moonshot coding agent |
-| Kiro CLI | `kiro-cli` | Kiro ACP coding agent |

 You need at least one installed. The daemon registers each detected CLI as an available runtime.

@@ -169,28 +166,11 @@ Daemon behavior is configured via flags or environment variables:
 | Poll interval | `--poll-interval` | `MULTICA_DAEMON_POLL_INTERVAL` | `3s` |
 | Heartbeat interval | `--heartbeat-interval` | `MULTICA_DAEMON_HEARTBEAT_INTERVAL` | `15s` |
 | Agent timeout | `--agent-timeout` | `MULTICA_AGENT_TIMEOUT` | `2h` |
-| Codex semantic inactivity timeout | `--codex-semantic-inactivity-timeout` | `MULTICA_CODEX_SEMANTIC_INACTIVITY_TIMEOUT` | `10m` |
 | Max concurrent tasks | `--max-concurrent-tasks` | `MULTICA_DAEMON_MAX_CONCURRENT_TASKS` | `20` |
 | Daemon ID | `--daemon-id` | `MULTICA_DAEMON_ID` | hostname |
 | Device name | `--device-name` | `MULTICA_DAEMON_DEVICE_NAME` | hostname |
 | Runtime name | `--runtime-name` | `MULTICA_AGENT_RUNTIME_NAME` | `Local Agent` |
 | Workspaces root | — | `MULTICA_WORKSPACES_ROOT` | `~/multica_workspaces` |
-| GC enabled | — | `MULTICA_GC_ENABLED` | `true` (set `false`/`0` to disable) |
-| GC scan interval | — | `MULTICA_GC_INTERVAL` | `1h` |
-| GC TTL (done/cancelled issues) | — | `MULTICA_GC_TTL` | `24h` |
-| GC orphan TTL (no `.gc_meta.json`) | — | `MULTICA_GC_ORPHAN_TTL` | `72h` |
-| GC artifact TTL (open issues) | — | `MULTICA_GC_ARTIFACT_TTL` | `12h` (set `0` to disable) |
-| GC artifact patterns | — | `MULTICA_GC_ARTIFACT_PATTERNS` | `node_modules,.next,.turbo` |
-
-#### Workspace garbage collection
-
-The daemon periodically scans `MULTICA_WORKSPACES_ROOT` and reclaims disk space in three modes:
-
- **Full task cleanup** — when an issue's status is `done` or `cancelled` and has been idle for `MULTICA_GC_TTL`, the entire task directory is removed.
- **Orphan cleanup** — task directories with no `.gc_meta.json` (e.g. left over from a daemon crash) are removed once they exceed `MULTICA_GC_ORPHAN_TTL`.
- **Artifact-only cleanup** — when a task has been completed for at least `MULTICA_GC_ARTIFACT_TTL` but the issue is still open, regenerable build outputs whose directory basename matches `MULTICA_GC_ARTIFACT_PATTERNS` are removed; the rest of the workdir (source, `.git`, `output/`, `logs/`, `.gc_meta.json`) is preserved so the agent can resume the same workdir on the next task.
-
-Patterns are basename-only — entries containing `/` or `\` are silently dropped — and `.git` subtrees are never descended into. The default list (`node_modules`, `.next`, `.turbo`) is intentionally narrow; extend it per deployment if your repos consistently produce other regenerable directories (for example, `MULTICA_GC_ARTIFACT_PATTERNS=node_modules,.next,.turbo,target,__pycache__`). To disable artifact cleanup entirely, set `MULTICA_GC_ARTIFACT_TTL=0`.

 Agent-specific overrides:

@@ -198,12 +178,8 @@ Agent-specific overrides:
 |----------|-------------|
 | `MULTICA_CLAUDE_PATH` | Custom path to the `claude` binary |
 | `MULTICA_CLAUDE_MODEL` | Override the Claude model used |
-| `MULTICA_CLAUDE_ARGS` | Default extra arguments for Claude Code runs |
 | `MULTICA_CODEX_PATH` | Custom path to the `codex` binary |
 | `MULTICA_CODEX_MODEL` | Override the Codex model used |
-| `MULTICA_CODEX_ARGS` | Default extra arguments for Codex runs |
-| `MULTICA_COPILOT_PATH` | Custom path to the `copilot` binary |
-| `MULTICA_COPILOT_MODEL` | Override the Copilot model used (note: GitHub Copilot routes models through your account entitlement, so this may not be honoured) |
 | `MULTICA_OPENCODE_PATH` | Custom path to the `opencode` binary |
 | `MULTICA_OPENCODE_MODEL` | Override the OpenCode model used |
 | `MULTICA_OPENCLAW_PATH` | Custom path to the `openclaw` binary |
@@ -216,12 +192,6 @@ Agent-specific overrides:
 | `MULTICA_PI_MODEL` | Override the Pi model used |
 | `MULTICA_CURSOR_PATH` | Custom path to the `cursor-agent` binary |
 | `MULTICA_CURSOR_MODEL` | Override the Cursor Agent model used |
-| `MULTICA_KIMI_PATH` | Custom path to the `kimi` binary |
-| `MULTICA_KIMI_MODEL` | Override the Kimi model used |
-| `MULTICA_KIRO_PATH` | Custom path to the `kiro-cli` binary |
-| `MULTICA_KIRO_MODEL` | Override the Kiro model used |
-
-`MULTICA_CLAUDE_ARGS` and `MULTICA_CODEX_ARGS` are parsed with POSIX shellword quoting, so values such as `--model "gpt-5.1 codex" --sandbox read-only` are split like a shell command line. Agent arguments are applied in this order: hardcoded Multica defaults, daemon-wide env defaults, then per-agent `custom_args` from the task.

 ### Self-Hosted Server

@@ -305,12 +275,10 @@ multica workspace members <workspace-id>
 multica issue list
 multica issue list --status in_progress
 multica issue list --priority urgent --assignee "Agent Name"
-multica issue list --assignee-id 5fb87ac7-23b5-4a7a-81fa-ed295a54545d
-multica issue list --full-id
 multica issue list --limit 20 --output json
 ```

-Table output shows a routable issue `KEY` such as `MUL-123`; copy that key into follow-up commands like `issue get`, `issue comment list`, `issue status`, or `--parent`. Add `--full-id` when you need canonical UUIDs. Available filters: `--status`, `--priority`, `--assignee` / `--assignee-id`, `--project`, `--limit`. Use `--assignee-id <uuid>` for unambiguous filtering when names overlap.
+Available filters: `--status`, `--priority`, `--assignee`, `--project`, `--limit`.

 ### Get Issue

@@ -323,10 +291,9 @@ multica issue get <id> --output json

 ```bash
 multica issue create --title "Fix login bug" --description "..." --priority high --assignee "Lambda"
-multica issue create --title "Fix login bug" --assignee-id 5fb87ac7-23b5-4a7a-81fa-ed295a54545d
 ```

-Flags: `--title` (required), `--description`, `--status`, `--priority`, `--assignee` / `--assignee-id`, `--parent`, `--project`, `--due-date`. Pass `--assignee-id <uuid>` (mutually exclusive with `--assignee`) when scripting against the IDs returned by `multica workspace members --output json` / `multica agent list --output json`.
+Flags: `--title` (required), `--description`, `--status`, `--priority`, `--assignee`, `--parent`, `--project`, `--due-date`.

 ### Update Issue

@@ -338,12 +305,9 @@ multica issue update <id> --title "New title" --priority urgent

 ```bash
 multica issue assign <id> --to "Lambda"
-multica issue assign <id> --to-id 5fb87ac7-23b5-4a7a-81fa-ed295a54545d
 multica issue assign <id> --unassign
 ```

-Pass `--to-id <uuid>` to assign by canonical UUID (mutually exclusive with `--to`); useful when names overlap across members and agents.
-
 ### Change Status

 ```bash
@@ -394,19 +358,17 @@ Subscribers receive notifications about issue activity (new comments, status cha
 ```bash
 # List all execution runs for an issue
 multica issue runs <issue-id>
-multica issue runs <issue-id> --full-id
 multica issue runs <issue-id> --output json

 # View messages for a specific execution run
 multica issue run-messages <task-id>
-multica issue run-messages <short-task-id> --issue <issue-id>
 multica issue run-messages <task-id> --output json

 # Incremental fetch (only messages after a given sequence number)
 multica issue run-messages <task-id> --since 42 --output json
 ```

-The `runs` command shows all past and current executions for an issue, including running tasks. Table output uses short task UUID prefixes by default; pass `--full-id` to print canonical task UUIDs. The `run-messages` command accepts full task UUIDs directly; copied short task prefixes must be scoped with `--issue <issue-id>` so the CLI only checks that issue's runs. It shows the detailed message log (tool calls, thinking, text, errors) for a single run. Use `--since` for efficient polling of in-progress runs.
+The `runs` command shows all past and current executions for an issue, including running tasks. The `run-messages` command shows the detailed message log (tool calls, thinking, text, errors) for a single run. Use `--since` for efficient polling of in-progress runs.

 ## Projects

@@ -516,12 +478,9 @@ Autopilots are scheduled/triggered automations that dispatch agent tasks (either

 ```bash
 multica autopilot list
-multica autopilot list --full-id
 multica autopilot list --status active --output json
 ```

-Autopilot table IDs are short UUID prefixes; follow-up autopilot commands accept copied prefixes when they are unique in the current workspace. Use `--full-id` to print canonical UUIDs.
-
 ### Get Autopilot Details

 ```bash
--- a/CLI_INSTALL.md
+++ b/CLI_INSTALL.md
@@ -140,7 +140,7 @@ multica auth status
 Expected output should show the authenticated user and server URL.

 **If login fails:**
- If no browser is available (headless environment), the user can generate a Personal Access Token at `https://app.multica.ai/settings` and run: `multica login --token <mul_...>` (use `--token=` with an empty value to be prompted interactively).
+- If no browser is available (headless environment), the user can generate a Personal Access Token at `https://app.multica.ai/settings` and run: `multica login --token`
 - If the server URL needs to be customized: `multica config set server_url <url>` before logging in.

 ---
@@ -166,12 +166,12 @@ Wait 3 seconds, then verify:
 multica daemon status
 ```

-Expected output should show `running` status with detected agents (e.g. `claude`, `codex`, `copilot`, `opencode`, `openclaw`, `hermes`, `gemini`, `pi`, `cursor-agent`).
+Expected output should show `running` status with detected agents (e.g. `claude`, `codex`, `opencode`, `openclaw`, `hermes`, `gemini`, `pi`, `cursor-agent`).

 **If daemon fails to start:**
 - Check logs: `multica daemon logs`
 - If a port conflict occurs, the daemon may already be running under a different profile.
- If no agents are detected, ensure at least one AI CLI (`claude`, `codex`, `copilot`, `opencode`, `openclaw`, `hermes`, `gemini`, `pi`, or `cursor-agent`) is installed and on the `$PATH`.
+- If no agents are detected, ensure at least one AI CLI (`claude`, `codex`, `opencode`, `openclaw`, `hermes`, `gemini`, `pi`, or `cursor-agent`) is installed and on the `$PATH`.

 ---

@@ -185,12 +185,12 @@ multica daemon status

 Confirm:
 1. Status is `running`
-2. At least one agent is listed (e.g. `claude`, `codex`, `copilot`, `opencode`, `openclaw`, `hermes`, `gemini`, `pi`, or `cursor-agent`)
+2. At least one agent is listed (e.g. `claude`, `codex`, `opencode`, `openclaw`, `hermes`, `gemini`, `pi`, or `cursor-agent`)
 3. At least one workspace is being watched

 If the agents list is empty, tell the user:

-> "The Multica daemon is running but no AI agent CLIs were detected. Please install at least one supported CLI (`claude`, `codex`, `copilot`, `opencode`, `openclaw`, `hermes`, `gemini`, `pi`, or `cursor-agent`), then restart the daemon with `multica daemon stop && multica daemon start`."
+> "The Multica daemon is running but no AI agent CLIs were detected. Please install at least one supported CLI (`claude`, `codex`, `opencode`, `openclaw`, `hermes`, `gemini`, `pi`, or `cursor-agent`), then restart the daemon with `multica daemon stop && multica daemon start`."

 ---

--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -373,8 +373,7 @@ done

 #### 2. Create a test user and token (automated auth)

-For deterministic local automation, set `MULTICA_DEV_VERIFICATION_CODE=888888`
-in your env file before starting the backend:
+In non-production environments the verification code is fixed at `888888`:

 ```bash
 curl -s -X POST "$SERVER/auth/send-code" \
@@ -477,9 +476,7 @@ This automatically:
 3. Starts and manages its own daemon instance
 4. Connects to the local backend

-Login in the Desktop UI with `dev@localhost` and the generated code from the
-backend logs. If you set `MULTICA_DEV_VERIFICATION_CODE=888888` before starting
-the backend, you can use `888888` instead.
+Login in the Desktop UI with `dev@localhost` and code `888888`.

 If the backend runs on a non-default port (worktree), create
 `apps/desktop/.env.development.local`:
--- a/2
+++ b/2
@@ -15,7 +15,7 @@ COPY server/ ./server/
 # Build binaries
 ARG VERSION=dev
 ARG COMMIT=unknown
-RUN cd server && CGO_ENABLED=0 go build -ldflags "-s -w -X main.version=${VERSION} -X main.commit=${COMMIT}" -o bin/server ./cmd/server
+RUN cd server && CGO_ENABLED=0 go build -ldflags "-s -w" -o bin/server ./cmd/server
 RUN cd server && CGO_ENABLED=0 go build -ldflags "-s -w -X main.version=${VERSION} -X main.commit=${COMMIT}" -o bin/multica ./cmd/multica
 RUN cd server && CGO_ENABLED=0 go build -ldflags "-s -w" -o bin/migrate ./cmd/migrate

--- a/HANDOFF_ARCHITECTURE_AUDIT.md
+++ b/HANDOFF_ARCHITECTURE_AUDIT.md
@@ -0,0 +1,383 @@
+# Architecture Audit — Workspace & Realtime Cache
+
+> 基于代码审计整理的 4 个任务。优先级：P0 一个、P1 一个、P2 两个。每个任务都包含问题、根因、受影响的 issue、复现步骤、修复方案、改动范围。
+
+---
+
+## 任务 1 — [P0] 空闲后列表数据陈旧
+
+**关联 issue**：[#951](https://github.com/multica-ai/multica/issues/951)
+
+### 问题
+
+用户登录后静置一段时间，Issue 列表里缺失一部分数据（其他成员期间新建/变更的 issue 不出现）。登出再登入可以恢复。`ec5af33b` 声称 "Closes #951"，但 issue 仍为 OPEN 状态 —— 因为它只修了 401 一种场景，没修 WS 半开这一种。
+
+### 根因
+
+系统把 cache 新鲜度的全部责任压给了 WebSocket 推送：
+
+- `packages/core/query-client.ts:7` — `staleTime: Infinity`，cache 永不主动过期
+- `packages/core/query-client.ts:9` — `refetchOnWindowFocus: false`，tab 重新获得焦点也不 refetch
+- 依赖 WS 推送 `issue:created` / `issue:updated` 事件 invalidate cache
+
+但 WS 层存在一个**不对称**：
+
+- **服务端**：`server/internal/realtime/hub.go:83-96, 420-475` 有 54s ping / 60s pongWait，会清理死连接
+- **客户端**：`packages/core/api/ws-client.ts`（142 行全貌）**完全没有心跳检测**，只靠 `onclose` 事件触发重连
+
+浏览器原生 `WebSocket` API 不把 ping/pong 帧暴露给 JS，所以 JS 层无法主动探测 "半开" 连接。当 NAT / 负载均衡器 / 笔记本睡眠导致 TCP 连接被静默切断时：
+
+1. 浏览器 `readyState` 仍是 `OPEN`
+2. `onclose` 不触发
+3. `ws-client.ts:70-73` 的 3 秒重连逻辑不跑
+4. `packages/core/realtime/use-realtime-sync.ts:462-487` 的 `onReconnect` 全量 invalidate 不跑
+5. 期间的 WS 事件进黑洞
+6. cache 保持旧快照
+
+### 复现
+
+**浏览器 DevTools 里的 "Block request URL" 不行** —— 那会触发 `onclose`，走正常重连 → 不复现。真正的半开需要在网络层静默丢包。
+
+**方法 A（推荐，最接近真实场景）**：macOS 用 pfctl 丢包
+
+```bash
+# 假设后端在 8080
+sudo pfctl -E
+echo "block drop out quick proto tcp to any port 8080" | sudo pfctl -f -
+
+# 观察:
+# - Console 里没有 "disconnected, reconnecting in 3s" 日志
+# - Network 里 WS 连接仍显示 Pending / 101
+# 用另一个账号/CLI 创建一个 issue
+# 回到原客户端: 列表不更新
+# 登出再登入: 列表恢复完整
+
+sudo pfctl -d  # 解除
+```
+
+**方法 B（不动网络）**：临时修改代码，在 `packages/core/api/ws-client.ts:52` 的 `onmessage` 处理器里加一行 `return;` 在前面，吞掉所有入站消息。效果等价于半开。
+
+### 修复方案（三个选项，推荐 C）
+
+#### 选项 A — 浏览器端心跳探活（治本，改动大）
+
+在 `ws-client.ts` 加客户端侧的心跳检测：记录 `lastMessageTime`，定时器检查若超过 N 秒没收到任何消息就主动 `ws.close()`，触发现有重连逻辑。
+
+- 优点：从根本上解决半开问题
+- 缺点：浏览器原生 API 没有 ping 能力，需要服务端配合发"应用层 heartbeat"消息供客户端更新 `lastMessageTime`；服务端改 + 客户端改
+
+#### 选项 B — Page Visibility API 触发 invalidate（治标，改动小）
+
+在 `packages/core/platform/core-provider.tsx` 加 `visibilitychange` 监听，tab 重新可见时强制 `queryClient.invalidateQueries({ queryKey: issueKeys.all(wsId) })`（及其他关键 key）。
+
+- 优点：~10 行代码，能兜住 80% 场景（睡眠、切后台 tab）
+- 缺点：treats symptom, 不是真正的半开检测；对"一直保持 tab 可见但网络层断了"的场景无效
+
+#### 选项 C — **A + B 组合**（推荐）
+
+- 短期上 B，立刻止血
+- 中期上 A，把 cache 新鲜度从"只信 WS"改成"WS 是优化，Visibility 是兜底"
+- 可选加 `refetchOnWindowFocus: true` 或把 `staleTime` 改成一个有限值（比如 5 min），作为第三层保险
+
+### 改动范围
+
+| 方案 | 文件 | 改动规模 |
+|---|---|---|
+| B | `packages/core/platform/core-provider.tsx` | ~10 行 |
+| A 客户端 | `packages/core/api/ws-client.ts` | ~30 行 |
+| A 服务端 | `server/internal/realtime/hub.go` | 加 app-level heartbeat message |
+
+### 验证
+
+修完之后：
+
+1. 跑方法 A 复现流程，确认数据不再丢失
+2. 加 e2e 测试：模拟 `document.dispatchEvent(new Event('visibilitychange'))` + 验证 issue list 被 refetch
+
+---
+
+## 任务 2 — [P1] Workspace 不在 URL 路径中
+
+**关联 issue**：MUL-723（slug 不在 URL）、MUL-43（切换 workspace 报错）、MUL-509（手机端无法切换）
+
+> **注意**：审计中提到的 MUL-43 / MUL-476 issue 编号需要当面核对一次 —— agent 查询 GitHub 后返回的标题对不上（看起来是别的 PR）。交接时请让执行人以具体症状为准。
+
+### 问题
+
+当前 workspace 身份完全靠 `X-Workspace-ID` HTTP header + Zustand store + localStorage 承载，URL 里没有 workspace 信息。所有路径都是 `/issues`、`/issues/:id` 这种 workspace-agnostic 的。
+
+### 根因
+
+**数据库和 API 已经支持 slug**：
+
+- `server/migrations/001_init.up.sql:15-23` — workspace 表有 `slug TEXT UNIQUE NOT NULL`
+- `server/pkg/db/queries/workspace.sql:11-13` — 有 `GetWorkspaceBySlug` 查询
+- `packages/core/types/workspace.ts:8-19` — Workspace 类型里有 slug 字段
+
+**但前端路由和导航层没用它**：
+
+- Web 路由：`apps/web/app/(dashboard)/` 下 25 个 route file 都是 workspace-implicit
+- Desktop 路由：`apps/desktop/src/renderer/src/routes.tsx:71-143` 同样
+- Navigation 适配器 `apps/web/platform/navigation.tsx` 直接透传 `router.push`，没有任何 workspace 前缀逻辑
+
+**workspace 切换只靠 sidebar UI**（`packages/views/layout/app-sidebar.tsx:284-286`）：
+
+```tsx
+if (ws.id !== workspace?.id) {
+  push("/issues");              // 硬跳 /issues（workspace-implicit！）
+  switchWorkspace(ws);           // 然后改 store
+}
+```
+
+这种设计使得：
+
+- 手机端因为没 sidebar UI，也没 URL 层切换入口，**完全切不了 workspace**（MUL-509）
+- 把 `/issues/xxx` 链接发给处于不同 workspace 的同事，会打开错误 workspace 下的 issue，或找不到报错（MUL-43 系列）
+- 分享链接没有 workspace 上下文，接收方必须先手动切对 workspace
+
+### 复现
+
+1. **MUL-723**：登录 → 观察地址栏，没有任何 workspace 标识
+2. **MUL-43**：
+   - 加入两个 workspace A 和 B
+   - 在 A 中打开某个 issue `/issues/abc123`
+   - 切到 B，URL 不变 → 访问失败 / 显示错数据
+3. **MUL-509**：手机浏览器打开，尝试切 workspace → 无法切换（UI 不显示 sidebar 触发器或触发器无法切）
+
+### 修复方案（三个选项，推荐 A）
+
+#### 选项 A — `/ws/:slug/...` URL 前缀（根本方案，推荐）
+
+所有路径加上 workspace slug 前缀。例如 `/issues/abc123` → `/ws/my-team/issues/abc123`。
+
+**要改的地方**：
+
+1. **Web 路由目录结构**：`apps/web/app/(dashboard)/` 下全部搬到 `apps/web/app/(dashboard)/ws/[slug]/...`（~25 个文件）
+2. **Desktop 路由**：`apps/desktop/src/renderer/src/routes.tsx:71-143` 给所有路径加 `/ws/:slug` 前缀
+3. **Navigation 适配器**：
+   - `apps/web/platform/navigation.tsx` — `push(path)` 内部前置 `/ws/${workspace.slug}`，`pathname` 读取时去掉前缀
+   - `apps/desktop/src/renderer/src/platform/navigation.tsx` — 同上
+4. **Sidebar 切换逻辑**：`packages/views/layout/app-sidebar.tsx:284-286` 改成 `push('/ws/${ws.slug}/issues')`（或依赖适配器自动加前缀就不用改）
+5. **服务端中间件**：`server/internal/middleware/workspace.go:41-46` 增加 "从 URL path 解析 slug → 查 ID → 校验 membership" 的逻辑，header 继续作为 fallback（迁移期兼容）
+
+**预计改动**：~50-100 个文件（大部分是 route 搬迁，不是逻辑改动）、~5-7 人天
+
+**不改也能工作的部分**：
+- `packages/core/api/client.ts` — 仍旧走 header，不用改
+- 所有 `packages/views/` 下的组件 —— 它们用 `useNavigation().push()` 抽象，适配器层处理前缀就行
+
+**风险**：
+- 旧的 bookmark URL 失效（如果产品还没正式 ship，问题不大）
+- E2E 测试需要更新所有 URL 断言
+
+#### 选项 B — `?ws=slug` query param（折中）
+
+URL 形如 `/issues?ws=my-team`。改动更小（~30 个文件），URL 丑但向后兼容。推荐度低于 A。
+
+#### 选项 C — 只修症状不动架构
+
+在 `switchWorkspace` 和各个 query 之间加 debounce、error boundary 等 workaround。不解决根因，技术债越攒越多。**不推荐**。
+
+### 改动范围（选项 A）
+
+| 模块 | 文件数 | 备注 |
+|---|---|---|
+| Web routes | ~25 | 目录搬迁 |
+| Desktop routes | 1 | 路径前缀 |
+| Navigation adapters | 2 | 前缀逻辑 |
+| Server middleware | 1-2 | slug → ID 解析 |
+| 组件（不用改） | 30-40 | 用 `useNavigation` 的不受影响 |
+| E2E tests | 20-30 | URL 断言更新 |
+
+---
+
+## 任务 3 — [P1] Workspace 切换时 navigation 状态未隔离
+
+**关联 issue**：MUL-43（切换报错）、MUL-476（本地缓存未按 workspace 隔离）
+
+> 同上，这两个编号建议交接时核对症状。
+
+### 问题
+
+绝大多数 workspace-scoped 的 Zustand store 都正确使用了 `createWorkspaceAwareStorage`（key 后缀加 wsId 自动隔离），但 **`useNavigationStore` 是个例外**：它持久化了 `lastPath`，但用的是 global storage，切换 workspace 后里面仍是上个 workspace 的路径。
+
+### 根因
+
+**`packages/core/navigation/store.ts:15-31`**：
+
+```typescript
+export const useNavigationStore = create<NavigationState>()(
+  persist(
+    (set) => ({
+      lastPath: "/issues",
+      onPathChange: (path) => { /* ... */ set({ lastPath: path }); },
+    }),
+    {
+      name: "multica_navigation",
+      storage: createJSONStorage(() => createPersistStorage(defaultStorage)), // ← 这里用的是 global，不是 workspace-aware
+      partialize: (state) => ({ lastPath: state.lastPath }),
+    }
+  )
+);
+// ← 没有调 registerForWorkspaceRehydration
+```
+
+**对比：其他 store 都是正确的**：
+
+| Store | 是否 workspace-aware | 是否注册 rehydration |
+|---|---|---|
+| useNavigationStore | ❌ | ❌ |
+| useIssuesScopeStore | ✅ | ✅ |
+| useIssueDraftStore | ✅ | ✅ |
+| useRecentIssuesStore | ✅ | ✅ |
+| useIssueViewStore | ✅ | ✅ |
+| myIssuesViewStore | ✅ | ✅ |
+| useChatStore | ✅（手动用 wsKey）| ✅ |
+
+另外 `packages/core/platform/storage-cleanup.ts:10-19` 的 `WORKSPACE_SCOPED_KEYS` 列表里也漏了 `multica_navigation`。
+
+**现有的 workaround**：`packages/views/layout/app-sidebar.tsx:285` 切 workspace 时硬跳到 `/issues`，正是为了绕开这个 bug。修好 navigation store 之后这行 hack 可以删掉。
+
+### 复现
+
+1. 在 workspace A 中打开一个具体 issue `/issues/abc123`
+2. 切到 workspace B
+3. 观察：如果没有 sidebar 的硬跳 workaround，会尝试恢复到 `/issues/abc123`，但那个 issue 不属于 B，导致 404 或错误
+
+目前因为有硬跳 workaround，症状表现为"切 workspace 后总是回到 issue 首页"—— 这本身也是 bug（用户期望记住上次位置）。
+
+### 修复方案（推荐 Option C：组合）
+
+**三处改动**：
+
+1. `packages/core/navigation/store.ts:28` —— 把 `createPersistStorage(defaultStorage)` 改成 `createWorkspaceAwareStorage(defaultStorage)`
+2. 同文件在末尾加：`registerForWorkspaceRehydration(() => useNavigationStore.persist.rehydrate());`
+3. `packages/core/platform/storage-cleanup.ts:10-19` 的 `WORKSPACE_SCOPED_KEYS` 数组里加 `"multica_navigation"`
+
+**可选**：清理 `packages/views/layout/app-sidebar.tsx:285` 的 `push("/issues")` workaround（改完之后不再需要）。
+
+### 改动范围
+
+| 文件 | 改动 |
+|---|---|
+| `packages/core/navigation/store.ts` | 改 storage 类型、加 rehydration 注册（~3 行） |
+| `packages/core/platform/storage-cleanup.ts` | 数组加一行 |
+| `packages/core/platform/workspace-storage.test.ts` | 加 rehydration 的单测 |
+| `packages/views/layout/app-sidebar.tsx`（可选） | 移除硬跳 workaround |
+
+**风险**：极低。只是把 navigation store 对齐到其他 store 已经在用的模式。
+
+---
+
+## 任务 4 — [P2] Workspace 生命周期副作用散落
+
+**关联 issue**：MUL-727（创建后闪页）、MUL-728（删除确认）、MUL-820（接受邀请不自动切）
+
+### 问题
+
+创建 / 删除 / 切换 / 加入 workspace 的副作用分散在 mutation 的 `onSuccess` 和各处 UI 回调里，没有统一抽象。几个具体 bug：
+
+### 4.1 MUL-727 — 创建 workspace 后闪一下 `/issues` 再跳 `/onboarding`
+
+**根因**：两个 `onSuccess` 回调同时跑，顺序不确定。
+
+- `packages/core/workspace/mutations.ts:7-21` 的 `useCreateWorkspace.onSuccess` 里调了 `switchWorkspace(newWs)` —— 同步改 Zustand，`/issues` 路由开始用新 workspace 渲染
+- `packages/views/modals/create-workspace.tsx:68-70` 的 UI `onSuccess` 里调了 `router.push("/onboarding")` —— 异步 schedule 导航
+
+于是：`/issues` 先渲染（闪一下）→ 导航到 `/onboarding`。
+
+**修复**：把 `switchWorkspace` 从 mutation 里拿出来，让 UI 层主导。在 `create-workspace.tsx` 的 `onSuccess` 里先 `switchWorkspace` 再 `push`，保证同一个微任务里完成。
+
+**文件**：`packages/core/workspace/mutations.ts`、`packages/views/modals/create-workspace.tsx`、可能 `packages/views/onboarding/step-workspace.tsx`
+
+### 4.2 MUL-728 — 删除 workspace 的"缺少确认"
+
+**核查结果**：`packages/views/settings/components/workspace-tab.tsx:102-119, 236-255` **已经有 AlertDialog 确认**了。
+
+**真实问题**：删除成功后**没有导航**，用户停在 `/settings`，而当前 workspace 已经是删除后系统挑的另一个。
+
+**修复**：在 `handleDeleteWorkspace` 的 `onConfirm` 成功分支里加 `push("/issues")`。
+
+**文件**：`packages/views/settings/components/workspace-tab.tsx`（加一行）
+
+### 4.3 MUL-820 — 接受邀请不自动切换 workspace
+
+**核查结果**：有两条路径：
+
+- ✅ `/invite/:id` 独立页（`packages/views/invite/invite-page.tsx:32-52`）是**正确的**：accept → switchWorkspace → push("/issues")
+- ❌ **Sidebar 下拉里的 "Join" 按钮**（`packages/views/layout/app-sidebar.tsx:203-209, 321-324`）**是错的**：只 invalidate cache，不切也不跳
+
+**修复（推荐 Option 2）**：Sidebar 的 "Join" 改成跳转到 `/invite/:id` 页面，不再就地接受。单一入口、单一行为。
+
+```tsx
+<DropdownMenuItem onClick={() => push(`/invite/${inv.id}`)}>
+  {inv.workspace_name}
+</DropdownMenuItem>
+```
+
+**文件**：`packages/views/layout/app-sidebar.tsx`（~10 行）
+
+### 复现
+
+| Issue | 步骤 |
+|---|---|
+| MUL-727 | 创建新 workspace → 仔细看是否闪了一下 `/issues` 再跳 `/onboarding` |
+| MUL-728 | 删除当前 workspace → 观察删完后是否留在 `/settings` 页面（BUG: 没有自动跳走） |
+| MUL-820 | 被邀请用户登录 → sidebar 下拉 → 点 "Join" → 观察当前 workspace 是否切过去（BUG: 不切）|
+
+### 长期架构建议（可选）
+
+抽一个 `useWorkspaceLifecycle` hook 统一管这些副作用。Agent 报告里有完整设计，文件：`packages/core/workspace/hooks.ts`（新建）。但建议先修 MUL-727/728/820 三个具体 bug，hook 抽象作为后续迭代。
+
+### 改动范围
+
+| Issue | 文件 | 改动规模 |
+|---|---|---|
+| MUL-727 | mutations.ts + create-workspace.tsx | ~10 行 |
+| MUL-728 | workspace-tab.tsx | ~1 行 |
+| MUL-820 | app-sidebar.tsx | ~10 行 |
+
+---
+
+## 总览
+
+| 任务 | Issue | 优先级 | 预估规模 | 风险 |
+|---|---|---|---|---|
+| 1. WS 半开 + 陈旧 cache | #951 | **P0** | Option B ~10 行；Option C ~1-2 天 | 低 |
+| 2. Workspace URL 化 | MUL-723/43/509 | P1 | 5-7 人天（大部分是搬迁）| 中（影响面大、e2e 要改）|
+| 3. Navigation store 隔离 | MUL-43/476 | P1 | ~0.5 天 | 低 |
+| 4. Workspace 生命周期 bug | MUL-727/728/820 | P2 | ~1 天 | 低 |
+
+### 建议推进顺序
+
+1. **立刻做**：任务 1 的 Option B（visibilitychange 触发 invalidate）—— 代码最少、收益最明显，能当天止血
+2. **同步开始**：任务 3（navigation store 隔离）—— 影响小、风险低、顺便清掉一个 workaround
+3. **规划立项**：任务 2（URL 化）—— 大改造，需要单独开一个 iteration
+4. **次要修补**：任务 4 的三个小 bug —— 可以拆成独立 PR，各自 review
+
+### 重要澄清
+
+- **Issue 编号核对**：MUL-43 / MUL-476 的编号需要核对一次，agent 查询 GitHub 返回的标题看起来对不上（可能是内部 issue tracker 编号 vs GitHub 编号混用）。以症状为准。
+- **MUL-728 实际状态**：确认对话框已经存在，真实缺的是"删除后跳走"。
+- **MUL-820 实际状态**：`/invite/:id` 页面路径工作正常，只是 sidebar 下拉按钮坏了。
+
+### 所有关键代码位置索引
+
+```
+packages/core/query-client.ts:7-10          # staleTime: Infinity
+packages/core/api/ws-client.ts:1-142        # 客户端 WS，无心跳
+packages/core/realtime/use-realtime-sync.ts:462-487  # onReconnect 全量 invalidate
+packages/core/platform/core-provider.tsx    # 加 visibilitychange 的位置
+packages/core/navigation/store.ts:15-31     # lastPath 未隔离
+packages/core/platform/storage-cleanup.ts:10-19  # WORKSPACE_SCOPED_KEYS
+packages/core/workspace/store.ts:43-77      # hydrateWorkspace / switchWorkspace
+packages/core/workspace/mutations.ts:7-57   # create/leave/delete 三个 mutation
+packages/views/layout/app-sidebar.tsx:203-324  # 侧边栏切 workspace、接受邀请入口
+packages/views/modals/create-workspace.tsx:63-82  # 创建 workspace 入口
+packages/views/settings/components/workspace-tab.tsx:102-119  # 删除 workspace 入口
+packages/views/invite/invite-page.tsx:32-52 # 接受邀请正确实现参考
+
+server/internal/realtime/hub.go:83-96       # 服务端 WS 心跳
+server/internal/middleware/workspace.go:41-46  # wsId resolution
+server/migrations/001_init.up.sql:15-23     # workspace.slug 已存在
+```
--- a/6
+++ b/6
@@ -91,7 +91,7 @@ selfhost: ## Create .env if needed, then pull and start the official self-hosted
 		echo "        $${MULTICA_WEB_IMAGE:-ghcr.io/multica-ai/multica-web}:$${MULTICA_IMAGE_TAG:-latest}"; \
 		echo ""; \
 		echo "Log in: configure RESEND_API_KEY in .env for email codes,"; \
-		echo "        or read the generated code from backend logs when Resend is unset."; \
+		echo "        or set APP_ENV=development in .env (private networks only) to enable code 888888."; \
 		echo ""; \
 		echo "Next — install the CLI and connect your machine:"; \
 		echo "  brew install multica-ai/tap/multica"; \
@@ -130,7 +130,7 @@ selfhost-build: ## Build backend/web from the current checkout and start the sel
 		echo "  Backend:  http://localhost:$${PORT:-8080}"; \
 		echo ""; \
 		echo "Log in: configure RESEND_API_KEY in .env for email codes,"; \
-		echo "        or read the generated code from backend logs when Resend is unset."; \
+		echo "        or set APP_ENV=development in .env (private networks only) to enable code 888888."; \
 		echo ""; \
 		echo "Built images locally via docker-compose.selfhost.build.yml."; \
 		echo "Local tags: multica-backend:dev and multica-web:dev."; \
@@ -277,7 +277,7 @@ COMMIT  ?= $(shell git rev-parse --short HEAD 2>/dev/null || echo unknown)
 DATE    ?= $(shell date -u '+%Y-%m-%dT%H:%M:%SZ')

 build: ## Build the server, CLI, and migrate binaries into server/bin
-	cd server && go build -ldflags "-X main.version=$(VERSION) -X main.commit=$(COMMIT)" -o bin/server ./cmd/server
+	cd server && go build -o bin/server ./cmd/server
 	cd server && go build -ldflags "-X main.version=$(VERSION) -X main.commit=$(COMMIT) -X main.date=$(DATE)" -o bin/multica ./cmd/multica
 	cd server && go build -o bin/migrate ./cmd/migrate

--- a/README.md
+++ b/README.md
@@ -30,24 +30,12 @@ Turn coding agents into real teammates — assign tasks, track progress, compoun

 Multica turns coding agents into real teammates. Assign issues to an agent like you'd assign to a colleague — they'll pick up the work, write code, report blockers, and update statuses autonomously.

-No more copy-pasting prompts. No more babysitting runs. Your agents show up on the board, participate in conversations, and compound reusable skills over time. Think of it as open-source infrastructure for managed agents — vendor-neutral, self-hosted, and designed for human + AI teams. Works with **Claude Code**, **Codex**, **GitHub Copilot CLI**, **OpenClaw**, **OpenCode**, **Hermes**, **Gemini**, **Pi**, **Cursor Agent**, **Kimi**, and **Kiro CLI**.
+No more copy-pasting prompts. No more babysitting runs. Your agents show up on the board, participate in conversations, and compound reusable skills over time. Think of it as open-source infrastructure for managed agents — vendor-neutral, self-hosted, and designed for human + AI teams. Works with **Claude Code**, **Codex**, **OpenClaw**, **OpenCode**, **Hermes**, **Gemini**, **Pi**, and **Cursor Agent**.

 <p align="center">
  <img src="docs/assets/hero-screenshot.png" alt="Multica board view" width="800">
 </p>

-## Why "Multica"?
-
-Multica — **Mul**tiplexed **I**nformation and **C**omputing **A**gent.
-
-The name is a nod to Multics, the pioneering operating system of the 1960s that introduced time-sharing — letting multiple users share a single machine as if each had it to themselves. Unix was born as a deliberate simplification of Multics: one user, one task, one elegant philosophy.
-
-We think the same inflection is happening again. For decades, software teams have been single-threaded — one engineer, one task, one context switch at a time. AI agents change that equation. Multica brings time-sharing back, but for an era where the "users" multiplexing the system are both humans and autonomous agents.
-
-In Multica, agents are first-class teammates. They get assigned issues, report progress, raise blockers, and ship code — just like their human colleagues. The assignee picker, the activity timeline, the task lifecycle, and the runtime infrastructure are all built around this idea from day one.
-
-Like Multics before it, the bet is on multiplexing: a small team shouldn't feel small. With the right system, two engineers and a fleet of agents can move like twenty.
-
 ## Features

 Multica manages the full agent lifecycle: from task assignment to execution monitoring to skill reuse.
@@ -110,7 +98,7 @@ multica setup          # Connect to Multica Cloud, log in, start daemon
 multica setup           # Configure, authenticate, and start the daemon
 ```

-The daemon runs in the background and auto-detects agent CLIs (`claude`, `codex`, `copilot`, `openclaw`, `opencode`, `hermes`, `gemini`, `pi`, `cursor-agent`, `kimi`, `kiro-cli`) on your PATH.
+The daemon runs in the background and auto-detects agent CLIs (`claude`, `codex`, `openclaw`, `opencode`, `hermes`, `gemini`, `pi`, `cursor-agent`) on your PATH.

 ### 2. Verify your runtime

@@ -120,7 +108,7 @@ Open your workspace in the Multica web app. Navigate to **Settings → Runtimes*

 ### 3. Create an agent

-Go to **Settings → Agents** and click **New Agent**. Pick the runtime you just connected and choose a provider (Claude Code, Codex, GitHub Copilot CLI, OpenClaw, OpenCode, Hermes, Gemini, Pi, Cursor Agent, Kimi, or Kiro CLI). Give your agent a name — this is how it will appear on the board, in comments, and in assignments.
+Go to **Settings → Agents** and click **New Agent**. Pick the runtime you just connected and choose a provider (Claude Code, Codex, OpenClaw, OpenCode, Hermes, Gemini, Pi, or Cursor Agent). Give your agent a name — this is how it will appear on the board, in comments, and in assignments.

 ### 4. Assign your first task

@@ -172,9 +160,9 @@ See the [CLI and Daemon Guide](CLI_AND_DAEMON.md) for the full command reference
                            │
                     ┌──────┴───────┐
                     │ Agent Daemon │  runs on your machine
-                     └──────────────┘  (Claude Code, Codex, GitHub Copilot CLI,
-                                        OpenCode, OpenClaw, Hermes, Gemini,
-                                        Pi, Cursor Agent, Kimi, Kiro CLI)
+                     └──────────────┘  (Claude Code, Codex, OpenCode,
+                                        OpenClaw, Hermes, Gemini,
+                                        Pi, Cursor Agent)
 ```

 | Layer | Stack |
@@ -182,7 +170,7 @@ See the [CLI and Daemon Guide](CLI_AND_DAEMON.md) for the full command reference
 | Frontend | Next.js 16 (App Router) |
 | Backend | Go (Chi router, sqlc, gorilla/websocket) |
 | Database | PostgreSQL 17 with pgvector |
-| Agent Runtime | Local daemon executing Claude Code, Codex, GitHub Copilot CLI, OpenClaw, OpenCode, Hermes, Gemini, Pi, Cursor Agent, Kimi, or Kiro CLI |
+| Agent Runtime | Local daemon executing Claude Code, Codex, OpenClaw, OpenCode, Hermes, Gemini, Pi, or Cursor Agent |

 ## Development

--- a/README.zh-CN.md
+++ b/README.zh-CN.md
@@ -30,24 +30,12 @@

 Multica 将编码 Agent 变成真正的队友。像分配给同事一样分配给 Agent——它们会自主接手工作、编写代码、报告阻塞问题、更新状态。

-不再需要复制粘贴 prompt，不再需要盯着运行过程。你的 Agent 出现在看板上、参与对话、随着时间积累可复用的技能。可以理解为开源的 Managed Agents 基础设施——厂商中立、可自部署、专为人类 + AI 团队设计。支持 **Claude Code**、**Codex**、**GitHub Copilot CLI**、**OpenClaw**、**OpenCode**、**Hermes**、**Gemini**、**Pi**、**Cursor Agent**、**Kimi** 和 **Kiro CLI**。
+不再需要复制粘贴 prompt，不再需要盯着运行过程。你的 Agent 出现在看板上、参与对话、随着时间积累可复用的技能。可以理解为开源的 Managed Agents 基础设施——厂商中立、可自部署、专为人类 + AI 团队设计。支持 **Claude Code**、**Codex**、**OpenClaw**、**OpenCode**、**Hermes**、**Gemini**、**Pi** 和 **Cursor Agent**。

 <p align="center">
  <img src="docs/assets/hero-screenshot.png" alt="Multica 看板视图" width="800">
 </p>

-## 为什么叫 "Multica"？
-
-Multica——**Mul**tiplexed **I**nformation and **C**omputing **A**gent。
-
-这个名字是在向 20 世纪 60 年代具有开创意义的操作系统 Multics 致意。Multics 首创了分时系统，让多个用户能够共享同一台机器，同时又像各自独占它一样使用。Unix 则是在有意简化 Multics 的基础上诞生的，强调一个用户、一个任务、一种优雅的哲学。
-
-我们认为，类似的转折点正在再次出现。几十年来，软件团队一直处于一种单线程的工作模式，一个工程师处理一个任务，一次只专注于一个上下文。AI agents 改变了这个等式。Multica 将"分时"重新带回这个时代，只不过今天在系统中进行多路复用的"用户"，既包括人类，也包括自主代理。
-
-在 Multica 中，agents 是一级团队成员。它们会被分配 issue，汇报进展，提出阻塞，并交付代码，就像人类同事一样。任务分配、活动时间线、任务生命周期，以及运行时基础设施，Multica 从第一天起就是围绕这一理念构建的。
-
-和当年的 Multics 一样，这一判断建立在"多路复用"之上。一个小团队不该因为人数少就显得能力有限。有了合适的系统，两名工程师加上一组 agents，就能发挥出二十人团队的推进速度。
-
 ## 功能特性

 Multica 管理完整的 Agent 生命周期：从任务分配到执行监控再到技能复用。
@@ -111,7 +99,7 @@ multica setup          # 连接 Multica Cloud，登录，启动 daemon
 multica setup           # 配置、认证、启动 daemon（一条命令搞定）
 ```

-daemon 在后台运行，保持你的机器与 Multica 的连接。它会自动检测 PATH 中可用的 Agent CLI（`claude`、`codex`、`copilot`、`openclaw`、`opencode`、`hermes`、`gemini`、`pi`、`cursor-agent`、`kimi`、`kiro-cli`）。
+daemon 在后台运行，保持你的机器与 Multica 的连接。它会自动检测 PATH 中可用的 Agent CLI（`claude`、`codex`、`openclaw`、`opencode`、`hermes`、`gemini`、`pi`、`cursor-agent`）。

 ### 2. 确认运行时已连接

@@ -121,7 +109,7 @@ daemon 在后台运行，保持你的机器与 Multica 的连接。它会自动

 ### 3. 创建 Agent

-进入 **设置 → Agents**，点击 **新建 Agent**。选择你刚连接的 Runtime，选择 Provider（Claude Code、Codex、GitHub Copilot CLI、OpenClaw、OpenCode、Hermes、Gemini、Pi、Cursor Agent、Kimi 或 Kiro CLI），并为 Agent 起个名字——它将以这个名字出现在看板、评论和任务分配中。
+进入 **设置 → Agents**，点击 **新建 Agent**。选择你刚连接的 Runtime，选择 Provider（Claude Code、Codex、OpenClaw、OpenCode、Hermes、Gemini、Pi 或 Cursor Agent），并为 Agent 起个名字——它将以这个名字出现在看板、评论和任务分配中。

 ### 4. 分配你的第一个任务

@@ -154,9 +142,9 @@ daemon 在后台运行，保持你的机器与 Multica 的连接。它会自动
                            │
                     ┌──────┴───────┐
                     │ Agent Daemon │  运行在你的机器上
-                     └──────────────┘  （Claude Code、Codex、GitHub Copilot CLI、
-                                        OpenCode、OpenClaw、Hermes、Gemini、
-                                        Pi、Cursor Agent、Kimi、Kiro CLI）
+                     └──────────────┘  （Claude Code、Codex、OpenCode、
+                                        OpenClaw、Hermes、Gemini、
+                                        Pi、Cursor Agent）
 ```

 | 层级 | 技术栈 |
@@ -164,7 +152,7 @@ daemon 在后台运行，保持你的机器与 Multica 的连接。它会自动
 | 前端 | Next.js 16 (App Router) |
 | 后端 | Go (Chi router, sqlc, gorilla/websocket) |
 | 数据库 | PostgreSQL 17 with pgvector |
-| Agent 运行时 | 本地 daemon 执行 Claude Code、Codex、GitHub Copilot CLI、OpenClaw、OpenCode、Hermes、Gemini、Pi、Cursor Agent、Kimi 或 Kiro CLI |
+| Agent 运行时 | 本地 daemon 执行 Claude Code、Codex、OpenClaw、OpenCode、Hermes、Gemini、Pi 或 Cursor Agent |

 ## 开发

--- a/SELF_HOSTING.md
+++ b/SELF_HOSTING.md
@@ -26,7 +26,7 @@ multica setup self-host

 This installs the `multica` CLI, checks out the latest self-host assets, pulls the official Multica images from GHCR, and configures everything for localhost.

-Open http://localhost:3000. To log in, configure `RESEND_API_KEY` in `.env` for email-based codes (recommended), or leave Resend unset and copy the generated code from the backend logs. See [Step 2 — Log In](#step-2--log-in) for details.
+Open http://localhost:3000. To log in, configure `RESEND_API_KEY` in `.env` for email-based codes (recommended), or set `APP_ENV=development` in `.env` to enable the dev master code **`888888`**. See [Step 2 — Log In](#step-2--log-in) for details.

 > **Prerequisites:** Docker and Docker Compose must be installed. The script checks for this and provides install links if missing.
 >
@@ -67,15 +67,15 @@ Once ready:

 ### Step 2 — Log In

-Open http://localhost:3000 in your browser. The Docker self-host stack defaults to `APP_ENV=production` (set in `docker-compose.selfhost.yml`), and there is no fixed verification code by default. Pick one of the following to log in:
+Open http://localhost:3000 in your browser. The Docker self-host stack defaults to `APP_ENV=production` (set in `docker-compose.selfhost.yml`), so the dev master code is **disabled by default** for safety on public deployments. Pick one of the following to log in:

 - **Recommended (production):** configure `RESEND_API_KEY` in `.env`, then restart the backend. Real verification codes will be sent to the email address you enter. See [Advanced Configuration → Email](SELF_HOSTING_ADVANCED.md#email-required-for-authentication).
- **Without email configured:** the verification code is generated server-side and printed to the backend container logs (look for `[DEV] Verification code for ...:`). Useful for one-off testing on a single machine.
- **Deterministic local/private testing:** set `APP_ENV=development` and `MULTICA_DEV_VERIFICATION_CODE=888888` in `.env`, then restart the backend. This fixed code is ignored when `APP_ENV=production`.
+- **Evaluation / private network:** set `APP_ENV=development` in `.env` and restart the backend. Verification code **`888888`** will then work for any email address.
+- **Without configuring either:** the verification code is generated server-side and printed to the backend container logs (look for `[DEV] Verification code for ...:`). Useful for one-off testing on a single machine.

 Changes to `ALLOW_SIGNUP` and `GOOGLE_CLIENT_ID` also take effect after restarting the backend / compose stack. The web UI reads both from `/api/config` at runtime, so no web rebuild is needed.

-> **Warning:** do **not** set `MULTICA_DEV_VERIFICATION_CODE` on a publicly reachable instance — anyone who knows an email address can then log in with that fixed code.
+> **Warning:** do **not** set `APP_ENV=development` on a publicly reachable instance — anyone who knows an email address can then log in with `888888`.

 ### Step 3 — Install CLI & Start Daemon

@@ -92,15 +92,12 @@ brew install multica-ai/tap/multica
 You also need at least one AI agent CLI installed:
 - [Claude Code](https://docs.anthropic.com/en/docs/claude-code) (`claude` on PATH)
 - [Codex](https://github.com/openai/codex) (`codex` on PATH)
- [GitHub Copilot CLI](https://docs.github.com/en/copilot) (`copilot` on PATH)
 - [OpenClaw](https://github.com/openclaw/openclaw) (`openclaw` on PATH)
 - [OpenCode](https://github.com/anomalyco/opencode) (`opencode` on PATH)
 - [Hermes](https://github.com/NousResearch/hermes) (`hermes` on PATH)
 - Gemini (`gemini` on PATH)
 - [Pi](https://pi.dev/) (`pi` on PATH)
 - [Cursor Agent](https://cursor.com/) (`cursor-agent` on PATH)
- Kimi (`kimi` on PATH)
- Kiro CLI (`kiro-cli` on PATH)

 ### b) One-command setup

--- a/SELF_HOSTING_ADVANCED.md
+++ b/SELF_HOSTING_ADVANCED.md
@@ -32,7 +32,7 @@ Multica uses email-based magic link authentication via [Resend](https://resend.c
 | `RESEND_API_KEY` | Your Resend API key |
 | `RESEND_FROM_EMAIL` | Sender email address (default: `noreply@multica.ai`) |

-> **Note:** If Resend is not configured, generated verification codes are printed to backend logs. A fixed local testing code is disabled by default; to opt in on a private test instance, set `APP_ENV=development` and `MULTICA_DEV_VERIFICATION_CODE` to a 6-digit value. It is ignored when `APP_ENV=production`.
+> **Note:** The dev master verification code `888888` is gated by `APP_ENV != "production"`. The Docker self-host stack defaults to `APP_ENV=production` (so `888888` is disabled), which protects publicly reachable instances. For local development without email configured, set `APP_ENV=development` in your `.env` to enable `888888` — never do this on a public instance.

 ### Google OAuth (Optional)

@@ -56,15 +56,13 @@ Changes take effect after restarting the backend / compose stack. The web UI rea

 ### File Storage (Optional)

-For file uploads and attachments, configure S3 and (optionally) CloudFront:
+For file uploads and attachments, configure S3 and CloudFront:

 | Variable | Description |
 |----------|-------------|
-| `S3_BUCKET` | Bucket name only (e.g. `my-bucket`). Do **not** include the `.s3.<region>.amazonaws.com` suffix — the server constructs the public URL from `S3_BUCKET` + `S3_REGION` |
-| `S3_REGION` | AWS region (default: `us-west-2`). Must match the bucket's actual region — used for both SDK signing and public URLs |
-| `AWS_ACCESS_KEY_ID` / `AWS_SECRET_ACCESS_KEY` | Static credentials. When both are unset, the AWS SDK default credential chain is used |
-| `AWS_ENDPOINT_URL` | Custom S3-compatible endpoint (e.g. MinIO, R2, B2). Setting this switches the public URL to path-style |
-| `CLOUDFRONT_DOMAIN` | CloudFront distribution domain — when set, public URLs use this host instead of the S3 host |
+| `S3_BUCKET` | S3 bucket name |
+| `S3_REGION` | AWS region (default: `us-west-2`) |
+| `CLOUDFRONT_DOMAIN` | CloudFront distribution domain |
 | `CLOUDFRONT_KEY_PAIR_ID` | CloudFront key pair ID for signed URLs |
 | `CLOUDFRONT_PRIVATE_KEY` | CloudFront private key (PEM format) |

@@ -81,7 +79,6 @@ The `Secure` flag on session cookies is derived automatically from the scheme of
 | Variable | Default | Description |
 |----------|---------|-------------|
 | `PORT` | `8080` | Backend server port |
-| `METRICS_ADDR` | empty | Optional Prometheus metrics listener, for example `127.0.0.1:9090` |
 | `FRONTEND_PORT` | `3000` | Frontend port |
 | `CORS_ALLOWED_ORIGINS` | Value of `FRONTEND_ORIGIN` | Comma-separated list of allowed origins |
 | `LOG_LEVEL` | `info` | Log level: `debug`, `info`, `warn`, `error` |
@@ -105,8 +102,6 @@ Agent-specific overrides:
 | `MULTICA_CLAUDE_MODEL` | Override the Claude model used |
 | `MULTICA_CODEX_PATH` | Custom path to the `codex` binary |
 | `MULTICA_CODEX_MODEL` | Override the Codex model used |
-| `MULTICA_COPILOT_PATH` | Custom path to the `copilot` (GitHub Copilot CLI) binary |
-| `MULTICA_COPILOT_MODEL` | Override the Copilot model used (note: GitHub Copilot routes models through your account entitlement, so this may not be honoured) |
 | `MULTICA_OPENCODE_PATH` | Custom path to the `opencode` binary |
 | `MULTICA_OPENCODE_MODEL` | Override the OpenCode model used |
 | `MULTICA_OPENCLAW_PATH` | Custom path to the `openclaw` binary |
@@ -186,47 +181,16 @@ In production, put a reverse proxy in front of both the backend and frontend to

 ### Caddy (Recommended)

-**Single-domain layout** — frontend and backend served on the same hostname (this is what `docker-compose.selfhost.yml` defaults to):
-
-```
-multica.example.com {
-    # WebSocket route — must come before the catch-all
-    @multica_ws path /ws /ws/*
-    handle @multica_ws {
-        reverse_proxy localhost:8080 {
-            flush_interval -1
-        }
-    }
-
-    # Everything else → frontend
-    reverse_proxy localhost:3000
-}
-```
-
-**Separate-domain layout** — frontend and backend on different hostnames:
-
 ```
 app.example.com {
    reverse_proxy localhost:3000
 }

 api.example.com {
-    @multica_ws path /ws /ws/*
-    handle @multica_ws {
-        reverse_proxy localhost:8080 {
-            flush_interval -1
-        }
-    }
-
    reverse_proxy localhost:8080
 }
 ```

-Two non-obvious bits inside the `/ws` block are worth calling out — both are common reasons real-time updates "stop working" on a Caddy-fronted self-host:
-
- **`path /ws /ws/*` (not `/ws*`)** — bare `handle /ws` is an exact match, so future path variants under `/ws/` fall through to the frontend block. The obvious shortcut `handle /ws*` overcorrects in the other direction: Caddy's `*` is a glob without a path-segment boundary, so it would also catch unrelated paths like `/ws-foo`, which is a legitimate workspace URL (only the exact slug `ws` is reserved). Listing `/ws` and `/ws/*` explicitly covers both real cases without overreach.
- **`flush_interval -1`** — disables response buffering so WebSocket frames are forwarded as soon as they arrive. Without it, frames can sit behind Caddy's default flush window, which looks like delayed comments, missing typing indicators, or "comments only appear after a page refresh."
-
 ### Nginx

 ```nginx
@@ -344,28 +308,6 @@ dependency-aware readiness probes and external monitoring that should fail when
 the database is unavailable or migrations are not fully applied. `/healthz` is
 kept as an alias for operator familiarity.

-## Prometheus Metrics
-
-The backend can expose Prometheus metrics on a separate management listener:
-
-```bash
-METRICS_ADDR=127.0.0.1:9090 ./server/bin/server
-curl http://127.0.0.1:9090/metrics
-```
-
-`METRICS_ADDR` is empty by default, so no metrics listener is started. The
-public API port does not serve `/metrics`; keep it that way for internet-facing
-deployments. HTTP request metrics start accumulating only after the metrics
-listener is enabled. Metrics can reveal internal routes, traffic volume,
-dependency state, and runtime health.
-
-For Docker or Kubernetes deployments, prefer a private scrape path: bind the
-metrics listener to an internal interface and protect it with private
-networking, allowlists, NetworkPolicy, or proxy authentication. If you bind
-`METRICS_ADDR=0.0.0.0:9090` inside a container, only publish that port to a
-trusted network, for example a host-local mapping such as
-`127.0.0.1:9090:9090`.
-
 ## Upgrading

 ```bash
--- a/SELF_HOSTING_AI.md
+++ b/SELF_HOSTING_AI.md
@@ -37,7 +37,7 @@ multica setup self-host

 The `multica setup self-host` command will:
 1. Configure CLI to connect to localhost:8080 / localhost:3000
-2. Open a browser for login — use the emailed code, or the generated code printed in backend logs when Resend is unset
+2. Open a browser for login — use verification code `888888` with any email
 3. Discover workspaces automatically
 4. Start the daemon in the background

--- a/apps/desktop/.env.production
+++ b/apps/desktop/.env.production
@@ -0,0 +1,12 @@
+# Production environment for `pnpm package` / `pnpm build`.
+# electron-vite (Vite under the hood) reads this automatically in
+# production mode and inlines the values into the renderer bundle via
+# import.meta.env.VITE_*. These are public URLs, not secrets.
+
+# Backend API + websocket the desktop app talks to.
+VITE_API_URL=https://api.multica.ai
+VITE_WS_URL=wss://api.multica.ai/ws
+
+# Public web app URL — used to build shareable links like "Copy link to
+# issue" that users paste into Slack / messages. See platform/navigation.tsx.
+VITE_APP_URL=https://multica.ai
--- a/apps/desktop/build/icon.ico
+++ b/apps/desktop/build/icon.ico
--- a/apps/desktop/build/icon.png
+++ b/apps/desktop/build/icon.png
--- a/apps/desktop/electron-builder.yml
+++ b/apps/desktop/electron-builder.yml
@@ -32,47 +32,11 @@ mac:
 dmg:
  artifactName: multica-desktop-${version}-mac-${arch}.${ext}
 linux:
-  # Override the Linux executable name to avoid leaking the scoped npm
-  # package name (`@multica/desktop`) into the installed binary, the
-  # `.desktop` file, and the hicolor icon filename. Without this override
-  # electron-builder defaults `executableName` to the package `name`,
-  # which after slash-stripping becomes `@multicadesktop` — producing
-  # `/usr/share/applications/@multicadesktop.desktop`,
-  # `Icon=@multicadesktop`, and
-  # `/usr/share/icons/hicolor/*/apps/@multicadesktop.png`. The leading `@`
-  # violates the freedesktop desktop-entry naming guidance, so GNOME /
-  # Ubuntu fail to associate the running window with the `.desktop` entry
-  # and fall back to the theme's default app icon (the Settings gear on
-  # Yaru). Forcing `multica` makes every Linux identity slot agree and
-  # matches `StartupWMClass=Multica` (productName-derived).
-  executableName: multica
-  # Pin StartupWMClass explicitly to the WM_CLASS that Electron emits on
-  # X11. Electron derives WM_CLASS from `app.getName()`, which in packaged
-  # builds resolves to `productName` (`Multica`). Without an explicit
-  # `StartupWMClass`, electron-builder writes `productName` as the default
-  # — making this declaration redundant with current settings — but
-  # pinning the value here turns a silent future drift (e.g. if anyone
-  # renames productName or sets app.setName at boot) into a visible diff
-  # against this file. The WM_CLASS ↔ StartupWMClass match is what lets
-  # GNOME associate the running window with the `.desktop` entry and
-  # therefore render the right icon. The post-build verification step in
-  # PR #2437 is `xprop WM_CLASS` on a real Ubuntu install.
-  desktop:
-    entry:
-      StartupWMClass: Multica
  target:
    - AppImage
    - deb
    - rpm
  artifactName: multica-desktop-${version}-linux-${arch}.${ext}
-rpm:
-  # Disable RPM build-id symlinks. Electron apps embed the upstream Electron
-  # binary, whose GNU build-id is identical across every app shipping the same
-  # Electron version (Slack, VS Code, Discord, ...). Without this, our RPM
-  # would own /usr/lib/.build-id/<hash> paths and collide with any other
-  # Electron RPM already installed, breaking `dnf install` on Fedora/RHEL.
-  fpm:
-    - "--rpm-rpmbuild-define=_build_id_links none"
 win:
  target:
    - nsis
--- a/apps/desktop/src/main/app-version.ts
+++ b/apps/desktop/src/main/app-version.ts
@@ -1,33 +0,0 @@
-import { app } from "electron";
-import { execSync } from "node:child_process";
-
-/**
- * Resolve the running app version. In packaged builds this is the value
- * `electron-builder` baked into package.json via `extraMetadata.version`
- * (driven by `git describe` — see `apps/desktop/scripts/package.mjs`), so
- * `app.getVersion()` matches the GitHub Release tag exactly.
- *
- * In dev (`pnpm dev:desktop`) `app.getVersion()` only sees the static
- * `apps/desktop/package.json` value, which is "0.1.0" and never bumped —
- * the Settings → Updates panel and any other UI surfacing the version
- * would mislead developers into thinking they're running ancient builds.
- * Fall back to `git describe --tags --always --dirty` (same source the
- * packager uses) so dev shows e.g. `0.2.19-14-gabcdef-dirty`. If git is
- * unavailable for whatever reason, we just return the package.json value.
- */
-export function getAppVersion(): string {
-  if (app.isPackaged) {
-    return app.getVersion();
-  }
-  try {
-    const raw = execSync("git describe --tags --always --dirty", {
-      cwd: app.getAppPath(),
-      encoding: "utf-8",
-      stdio: ["ignore", "pipe", "ignore"],
-    }).trim();
-    if (!raw) return app.getVersion();
-    return raw.replace(/^v/, "");
-  } catch {
-    return app.getVersion();
-  }
-}
--- a/apps/desktop/src/main/daemon-manager.ts
+++ b/apps/desktop/src/main/daemon-manager.ts
@@ -1,4 +1,4 @@
-import { app, ipcMain, BrowserWindow, shell } from "electron";
+import { app, ipcMain, BrowserWindow } from "electron";
 import { execFile } from "child_process";
 import {
  readFile,
@@ -914,20 +914,6 @@ export function setupDaemonManager(
    stopLogTail();
  });

-  // Reveal the daemon's log file in the user's default editor / Console
-  // app. Acts as the escape hatch when the in-app log viewer isn't enough
-  // (full history, complex search, copy-to-clipboard at scale).
-  ipcMain.handle("daemon:open-log-file", async () => {
-    const active = await ensureActiveProfile();
-    const logPath = profileLogPath(active.name);
-    if (!existsSync(logPath)) {
-      return { success: false, error: "Log file not found yet" };
-    }
-    // shell.openPath returns "" on success, error string on failure.
-    const error = await shell.openPath(logPath);
-    return error === "" ? { success: true } : { success: false, error };
-  });
-
  // First-run CLI install kicks off here. Status bar shows "Setting up…"
  // until the managed binary is on disk (instant on subsequent launches).
  currentState = "installing_cli";
--- a/apps/desktop/src/main/index.ts
+++ b/apps/desktop/src/main/index.ts
@@ -1,4 +1,4 @@
-import { app, BrowserWindow, ipcMain, nativeImage, Notification } from "electron";
+import { app, BrowserWindow, ipcMain, nativeImage } from "electron";
 import { homedir } from "os";
 import { join } from "path";
 import { electronApp, optimizer, is } from "@electron-toolkit/utils";
@@ -7,29 +7,11 @@ import { setupAutoUpdater } from "./updater";
 import { setupDaemonManager } from "./daemon-manager";
 import { openExternalSafely } from "./external-url";
 import { installContextMenu } from "./context-menu";
-import { getAppVersion } from "./app-version";
-import { loadRuntimeConfig } from "./runtime-config-loader";
-import type { RuntimeConfigResult } from "../shared/runtime-config";

-// Bundled icon used for dock/taskbar branding. macOS/Windows production
-// builds let the OS pick up the icon from the .app bundle / .exe resources,
-// but Linux production needs an explicit BrowserWindow `icon` — AppImage
-// direct-launch doesn't register the .desktop entry, so GNOME has no path
-// from the running window to the hicolor icon and falls back to the
-// theme default. Consumed in createWindow() (all platforms in dev, Linux
-// in prod) and the macOS dev dock branch.
-//
-// `asarUnpack: resources/**` in electron-builder.yml extracts the icon to
-// `app.asar.unpacked/`, but `__dirname` resolves into `app.asar/`. The
-// Linux native window-icon code path expects a real filesystem path
-// (unlike Electron's nativeImage loader which transparently reads from
-// asar), so swap the segment — same pattern as bundledCliPath() in
-// daemon-manager.ts. In dev `__dirname` has no `app.asar`, so the replace
-// is a no-op.
-const BUNDLED_ICON_PATH = join(__dirname, "../../resources/icon.png").replace(
-  "app.asar",
-  "app.asar.unpacked",
-);
+// Bundled icon used for dev-mode dock/taskbar branding. In production the
+// app bundle icon (from electron-builder) wins; this path is only consumed
+// by the `is.dev` branch below.
+const DEV_ICON_PATH = join(__dirname, "../../resources/icon.png");

 // macOS/Linux GUI launches inherit a minimal PATH from launchd that omits
 // the user's shell config (~/.zshrc, Homebrew, nvm, ~/.local/bin, etc.).
@@ -54,10 +36,6 @@ if (process.platform !== "win32") {
 const PROTOCOL = "multica";

 let mainWindow: BrowserWindow | null = null;
-let runtimeConfigResult: RuntimeConfigResult = {
-  ok: false,
-  error: { message: "Runtime config has not loaded yet" },
-};

 // --- Deep link helpers ---------------------------------------------------

@@ -93,25 +71,7 @@ function handleDeepLink(url: string): void {

 // --- Window creation -----------------------------------------------------

-// Tracks the OS-preferred language as last seen by the running process.
-// Updated on each window-focus check so we can emit a `locale:system-changed`
-// event to the renderer when the user changes their OS language without
-// quitting the app — without restart, app.getPreferredSystemLanguages()
-// would still report the boot value forever.
-let lastKnownSystemLocale = "en";
-
-function getSystemLocale(): string {
-  return app.getPreferredSystemLanguages()[0] ?? "en";
-}
-
 function createWindow(): void {
-  // Pass the OS-preferred language to the renderer via additionalArguments
-  // instead of a sync IPC call. process.argv is available to the preload
-  // script before the first network request, so the renderer's i18next
-  // instance can initialize with the right locale on the very first paint.
-  const systemLocale = getSystemLocale();
-  lastKnownSystemLocale = systemLocale;
-
  mainWindow = new BrowserWindow({
    width: 1280,
    height: 800,
@@ -121,19 +81,13 @@ function createWindow(): void {
    trafficLightPosition: { x: 16, y: 13 },
    show: false,
    autoHideMenuBar: true,
-    // Windows/Linux pick up the window/taskbar icon from this option.
-    // On macOS it's ignored (dock comes from app.dock.setIcon below).
-    // Linux production needs this explicitly because AppImage direct-launch
-    // does not install a .desktop entry, so the WM has no other path to
-    // the bundled icon; without it Ubuntu falls back to the theme default.
-    ...(is.dev || process.platform === "linux"
-      ? { icon: BUNDLED_ICON_PATH }
-      : {}),
+    // Windows/Linux pick up the window/taskbar icon from this option in
+    // dev — on macOS it's ignored (dock comes from app.dock.setIcon below).
+    ...(is.dev ? { icon: DEV_ICON_PATH } : {}),
    webPreferences: {
      preload: join(__dirname, "../preload/index.js"),
      sandbox: false,
      webSecurity: false,
-      additionalArguments: [`--multica-locale=${systemLocale}`],
    },
  });

@@ -151,39 +105,11 @@ function createWindow(): void {
    mainWindow?.show();
  });

-  // Detect OS language changes while the app is running. Electron has no
-  // dedicated event for this on any platform, so we poll on focus regain —
-  // catches the common case where users switch System Settings → Language
-  // and bring the app back. The renderer decides whether to act (it ignores
-  // the signal when the user has an explicit Settings choice).
-  mainWindow.on("focus", () => {
-    const current = getSystemLocale();
-    if (current === lastKnownSystemLocale) return;
-    lastKnownSystemLocale = current;
-    mainWindow?.webContents.send("locale:system-changed", current);
-  });
-
  mainWindow.webContents.setWindowOpenHandler((details) => {
    openExternalSafely(details.url);
    return { action: "deny" };
  });

-  // Prevent Cmd+R / Ctrl+R / Shift+Cmd+R / Shift+Ctrl+R / F5 from
-  // reloading the page. In a desktop app an accidental reload destroys
-  // in-memory state (tabs, drafts, WS connections) with no URL bar to
-  // navigate back. DevTools refresh (via the DevTools UI) still works.
-  mainWindow.webContents.on("before-input-event", (_event, input) => {
-    if (input.type !== "keyDown") return;
-    const cmdOrCtrl =
-      process.platform === "darwin" ? input.meta : input.control;
-    if (
-      (cmdOrCtrl && input.key.toLowerCase() === "r") ||
-      input.key === "F5"
-    ) {
-      _event.preventDefault();
-    }
-  });
-
  installContextMenu(mainWindow.webContents);

  if (is.dev && process.env["ELECTRON_RENDERER_URL"]) {
@@ -244,25 +170,7 @@ if (!gotTheLock) {
    if (deepLinkUrl) handleDeepLink(deepLinkUrl);
  });

-  app.whenReady().then(async () => {
-    const viteEnv = import.meta.env as ImportMetaEnv & {
-      readonly VITE_API_URL?: string;
-      readonly VITE_WS_URL?: string;
-      readonly VITE_APP_URL?: string;
-    };
-
-    runtimeConfigResult = await loadRuntimeConfig({
-      isDev: is.dev,
-      // electron-vite exposes VITE_* on import.meta.env for the main process;
-      // keep dev URL overrides on the same source the renderer used before
-      // runtime config moved endpoint resolution into main/preload.
-      env: {
-        apiUrl: viteEnv.VITE_API_URL,
-        wsUrl: viteEnv.VITE_WS_URL,
-        appUrl: viteEnv.VITE_APP_URL,
-      },
-    });
-
+  app.whenReady().then(() => {
    electronApp.setAppUserModelId(
      is.dev ? "ai.multica.desktop.dev" : "ai.multica.desktop",
    );
@@ -271,7 +179,7 @@ if (!gotTheLock) {
    // so the Canary dev build is visually distinct from a stock Electron
    // run. `app.dock` is macOS-only — guard the call.
    if (is.dev && process.platform === "darwin" && app.dock) {
-      const icon = nativeImage.createFromPath(BUNDLED_ICON_PATH);
+      const icon = nativeImage.createFromPath(DEV_ICON_PATH);
      if (!icon.isEmpty()) app.dock.setIcon(icon);
    }

@@ -295,14 +203,7 @@ if (!gotTheLock) {
    ipcMain.on("app:get-info", (event) => {
      const p = process.platform;
      const os = p === "darwin" ? "macos" : p === "win32" ? "windows" : p === "linux" ? "linux" : "unknown";
-      event.returnValue = { version: getAppVersion(), os };
-    });
-
-    // Sync IPC: preload exposes the validated runtime config before renderer
-    // boot. If desktop.json exists but is invalid, renderer receives the
-    // blocking error and must not silently fall back to the cloud defaults.
-    ipcMain.on("runtime-config:get", (event) => {
-      event.returnValue = runtimeConfigResult;
+      event.returnValue = { version: app.getVersion(), os };
    });

    // IPC: toggle immersive mode — hides the macOS traffic lights so full-screen
@@ -313,64 +214,6 @@ if (!gotTheLock) {
      mainWindow?.setWindowButtonVisibility(!immersive);
    });

-    // IPC: show a native OS notification for a new inbox item. The renderer
-    // only fires this when the app is unfocused (it gates on
-    // `document.hasFocus()`), so we don't fight macOS foreground suppression
-    // here. Clicking the banner focuses the main window and routes to the
-    // inbox item via a renderer-side listener.
-    ipcMain.on(
-      "notification:show",
-      (
-        _event,
-        {
-          slug,
-          itemId,
-          issueKey,
-          title,
-          body,
-        }: {
-          slug: string;
-          itemId: string;
-          issueKey: string;
-          title: string;
-          body: string;
-        },
-      ) => {
-        if (!Notification.isSupported()) return;
-        const notification = new Notification({ title, body });
-        notification.on("click", () => {
-          if (!mainWindow) return;
-          if (mainWindow.isMinimized()) mainWindow.restore();
-          mainWindow.show();
-          mainWindow.focus();
-          // Ship the full context back — the renderer pins the route to the
-          // source workspace (slug), marks the row read (itemId), and uses
-          // issueKey as the ?issue=<…> selector.
-          mainWindow.webContents.send("inbox:open", {
-            slug,
-            itemId,
-            issueKey,
-          });
-        });
-        notification.show();
-      },
-    );
-
-    // IPC: update the dock / taskbar unread badge. Values above 99 render as
-    // "99+". macOS is the primary target (user-visible dock badge); Linux
-    // Unity launchers also respect `setBadgeCount`. Windows' taskbar overlay
-    // needs a pre-rendered PNG and is deferred — the OS notification + the
-    // in-app inbox sidebar cover the core UX there for now.
-    ipcMain.on("badge:set", (_event, rawCount: number) => {
-      const count = Math.max(0, Math.floor(rawCount));
-      if (process.platform === "darwin") {
-        const label = count === 0 ? "" : count > 99 ? "99+" : String(count);
-        app.dock?.setBadge(label);
-      } else {
-        app.setBadgeCount(count);
-      }
-    });
-
    createWindow();

    setupAutoUpdater(() => mainWindow);
--- a/apps/desktop/src/main/runtime-config-loader.test.ts
+++ b/apps/desktop/src/main/runtime-config-loader.test.ts
@@ -1,90 +0,0 @@
-import { mkdtemp, writeFile } from "fs/promises";
-import { join } from "path";
-import { tmpdir } from "os";
-import { describe, expect, it } from "vitest";
-import { loadRuntimeConfig } from "./runtime-config-loader";
-
-describe("loadRuntimeConfig", () => {
-  it("uses dev env and ignores desktop.json during electron-vite dev", async () => {
-    const dir = await mkdtemp(join(tmpdir(), "multica-desktop-config-"));
-    const configPath = join(dir, "desktop.json");
-    await writeFile(
-      configPath,
-      JSON.stringify({ schemaVersion: 1, apiUrl: "https://prod.example.com" }),
-    );
-
-    await expect(
-      loadRuntimeConfig({
-        isDev: true,
-        configPath,
-        env: {
-          apiUrl: "http://localhost:8080",
-          wsUrl: "ws://localhost:8080/ws",
-          appUrl: "http://localhost:3000",
-        },
-      }),
-    ).resolves.toEqual({
-      ok: true,
-      config: {
-        schemaVersion: 1,
-        apiUrl: "http://localhost:8080",
-        wsUrl: "ws://localhost:8080/ws",
-        appUrl: "http://localhost:3000",
-      },
-    });
-  });
-
-  it("uses cloud defaults when packaged config is absent", async () => {
-    const dir = await mkdtemp(join(tmpdir(), "multica-desktop-config-"));
-    await expect(
-      loadRuntimeConfig({
-        isDev: false,
-        configPath: join(dir, "missing.json"),
-        env: {},
-      }),
-    ).resolves.toEqual({
-      ok: true,
-      config: {
-        schemaVersion: 1,
-        apiUrl: "https://api.multica.ai",
-        wsUrl: "wss://api.multica.ai/ws",
-        appUrl: "https://multica.ai",
-      },
-    });
-  });
-
-  it("parses a valid packaged desktop.json", async () => {
-    const dir = await mkdtemp(join(tmpdir(), "multica-desktop-config-"));
-    const configPath = join(dir, "desktop.json");
-    await writeFile(
-      configPath,
-      JSON.stringify({ schemaVersion: 1, apiUrl: "https://api.example.com" }),
-    );
-
-    await expect(
-      loadRuntimeConfig({ isDev: false, configPath, env: {} }),
-    ).resolves.toEqual({
-      ok: true,
-      config: {
-        schemaVersion: 1,
-        apiUrl: "https://api.example.com",
-        wsUrl: "wss://api.example.com/ws",
-        appUrl: "https://example.com",
-      },
-    });
-  });
-
-  it("fails closed when packaged desktop.json is invalid", async () => {
-    const dir = await mkdtemp(join(tmpdir(), "multica-desktop-config-"));
-    const configPath = join(dir, "desktop.json");
-    await writeFile(configPath, "{");
-
-    const result = await loadRuntimeConfig({ isDev: false, configPath, env: {} });
-
-    expect(result.ok).toBe(false);
-    if (!result.ok) {
-      expect(result.error.message).toContain(configPath);
-      expect(result.error.message).toContain("Invalid desktop runtime config JSON");
-    }
-  });
-});
--- a/apps/desktop/src/main/runtime-config-loader.ts
+++ b/apps/desktop/src/main/runtime-config-loader.ts
@@ -1,60 +0,0 @@
-import { app } from "electron";
-import { readFile } from "fs/promises";
-import { join } from "path";
-import {
-  DEFAULT_RUNTIME_CONFIG,
-  parseRuntimeConfig,
-  runtimeConfigFromDevEnv,
-  type RuntimeConfig,
-  type RuntimeConfigEnv,
-  type RuntimeConfigResult,
-} from "../shared/runtime-config";
-
-export async function loadRuntimeConfig(options: {
-  isDev: boolean;
-  env: RuntimeConfigEnv;
-  configPath?: string;
-}): Promise<RuntimeConfigResult> {
-  if (options.isDev) {
-    try {
-      return { ok: true, config: runtimeConfigFromDevEnv(options.env) };
-    } catch (err) {
-      return { ok: false, error: { message: errorMessage(err) } };
-    }
-  }
-
-  const configPath = options.configPath ?? desktopConfigPath();
-  try {
-    const raw = await readFile(configPath, "utf-8");
-    return { ok: true, config: parseRuntimeConfig(raw) };
-  } catch (err) {
-    if (isMissingFileError(err)) {
-      return { ok: true, config: { ...DEFAULT_RUNTIME_CONFIG } };
-    }
-    return {
-      ok: false,
-      error: {
-        message: `Invalid ${configPath}: ${errorMessage(err)}`,
-      },
-    };
-  }
-}
-
-export function desktopConfigPath(): string {
-  return join(app.getPath("home"), ".multica", "desktop.json");
-}
-
-function isMissingFileError(err: unknown): boolean {
-  return Boolean(
-    err &&
-      typeof err === "object" &&
-      "code" in err &&
-      (err as NodeJS.ErrnoException).code === "ENOENT",
-  );
-}
-
-function errorMessage(err: unknown): string {
-  return err instanceof Error ? err.message : String(err);
-}
-
-export type { RuntimeConfig, RuntimeConfigResult };
--- a/apps/desktop/src/preload/index.d.ts
+++ b/apps/desktop/src/preload/index.d.ts
@@ -1,5 +1,4 @@
 import { ElectronAPI } from "@electron-toolkit/preload";
-import type { RuntimeConfigResult } from "../shared/runtime-config";

 interface DesktopAPI {
  /** App version + normalized OS, captured synchronously at preload time. */
@@ -7,12 +6,6 @@ interface DesktopAPI {
    version: string;
    os: "macos" | "windows" | "linux" | "unknown";
  };
-  /** OS-preferred locale (BCP 47) injected by main via additionalArguments. */
-  systemLocale: string;
-  /** Subscribe to OS language changes detected after boot. Returns an unsubscribe function. */
-  onSystemLocaleChanged: (callback: (locale: string) => void) => () => void;
-  /** Validated runtime endpoint config, or a blocking config error. */
-  runtimeConfig: RuntimeConfigResult;
  /** Listen for auth token delivered via deep link. Returns an unsubscribe function. */
  onAuthToken: (callback: (token: string) => void) => () => void;
  /** Listen for invitation IDs delivered via deep link. Returns an unsubscribe function. */
@@ -21,24 +14,6 @@ interface DesktopAPI {
  openExternal: (url: string) => Promise<void>;
  /** Hide macOS traffic lights for full-screen modals; restore when false. */
  setImmersiveMode: (immersive: boolean) => Promise<void>;
-  /** Show a native OS notification for a new inbox item. */
-  showNotification: (payload: {
-    slug: string;
-    itemId: string;
-    issueKey: string;
-    title: string;
-    body: string;
-  }) => void;
-  /** Update the OS dock / taskbar unread badge. Pass 0 to clear. */
-  setUnreadBadge: (count: number) => void;
-  /** Listen for "open inbox row" requests from notification clicks. Returns an unsubscribe function. */
-  onInboxOpen: (
-    callback: (payload: {
-      slug: string;
-      itemId: string;
-      issueKey: string;
-    }) => void,
-  ) => () => void;
 }

 interface DaemonStatus {
@@ -75,7 +50,6 @@ interface DaemonAPI {
  startLogStream: () => void;
  stopLogStream: () => void;
  onLogLine: (callback: (line: string) => void) => () => void;
-  openLogFile: () => Promise<{ success: boolean; error?: string }>;
 }

 interface UpdaterAPI {
--- a/apps/desktop/src/preload/index.ts
+++ b/apps/desktop/src/preload/index.ts
@@ -1,6 +1,5 @@
 import { contextBridge, ipcRenderer } from "electron";
 import { electronAPI } from "@electron-toolkit/preload";
-import type { RuntimeConfigResult } from "../shared/runtime-config";

 // Synchronously fetch app metadata from main at preload time so the renderer
 // can pass it into CoreProvider during the initial render — the alternative
@@ -22,53 +21,12 @@ function fetchAppInfo(): { version: string; os: "macos" | "windows" | "linux" |
  return { version: "unknown", os };
 }

-function fetchRuntimeConfig(): RuntimeConfigResult {
-  try {
-    const result = ipcRenderer.sendSync("runtime-config:get") as RuntimeConfigResult | undefined;
-    if (result && typeof result === "object" && "ok" in result) return result;
-  } catch (err) {
-    return {
-      ok: false,
-      error: {
-        message: err instanceof Error ? err.message : String(err),
-      },
-    };
-  }
-  return { ok: false, error: { message: "Runtime config unavailable" } };
-}
-
 const appInfo = fetchAppInfo();
-const runtimeConfig = fetchRuntimeConfig();
-
-// Read the OS-preferred locale that main injected via additionalArguments.
-// Zero IPC, zero blocking — process.argv is populated before preload runs.
-function fetchSystemLocale(): string {
-  const arg = process.argv.find((a) => a.startsWith("--multica-locale="));
-  return arg?.split("=")[1] ?? "en";
-}
-
-const systemLocale = fetchSystemLocale();

 const desktopAPI = {
  /** App version + normalized OS. Read once at preload time so the renderer
   *  can use it synchronously when initializing the API client. */
  appInfo,
-  /** OS-preferred locale (BCP 47), passed from main via additionalArguments.
-   *  Used by the renderer's LocaleAdapter as the system-preference signal. */
-  systemLocale,
-  /** Subscribe to OS language changes detected after boot. The renderer
-   *  decides whether to act (no-op when the user has an explicit Settings
-   *  choice). Returns an unsubscribe function. */
-  onSystemLocaleChanged: (callback: (locale: string) => void) => {
-    const handler = (_event: Electron.IpcRendererEvent, locale: string) =>
-      callback(locale);
-    ipcRenderer.on("locale:system-changed", handler);
-    return () => {
-      ipcRenderer.removeListener("locale:system-changed", handler);
-    };
-  },
-  /** Validated runtime endpoint config, or a blocking config error. */
-  runtimeConfig,
  /** Listen for auth token delivered via deep link */
  onAuthToken: (callback: (token: string) => void) => {
    const handler = (_event: Electron.IpcRendererEvent, token: string) =>
@@ -92,50 +50,6 @@ const desktopAPI = {
  /** Toggle immersive mode — hide macOS traffic lights for full-screen modals */
  setImmersiveMode: (immersive: boolean) =>
    ipcRenderer.invoke("window:setImmersive", immersive),
-  /**
-   * Show a native OS notification for a new inbox item. Fired from the
-   * renderer only when the app is unfocused — in-focus feedback is the
-   * inbox sidebar's unread styling. `slug`, `itemId`, and `issueKey` are
-   * all round-tripped on click: slug pins routing to the source workspace
-   * (the user may switch workspaces before clicking the banner), itemId
-   * lets the renderer mark the row read, issueKey maps to the inbox URL
-   * param.
-   */
-  showNotification: (payload: {
-    slug: string;
-    itemId: string;
-    issueKey: string;
-    title: string;
-    body: string;
-  }) => ipcRenderer.send("notification:show", payload),
-  /**
-   * Update the OS dock / taskbar unread badge. Pass 0 to clear. Values
-   * above 99 render as "99+" (capping is handled in the main process).
-   */
-  setUnreadBadge: (count: number) =>
-    ipcRenderer.send("badge:set", Math.max(0, Math.floor(count))),
-  /**
-   * Subscribe to "open this inbox row" requests sent by the main process
-   * when the user clicks an OS notification banner. Returns an unsubscribe
-   * function. The payload echoes the `slug`, `itemId`, and `issueKey` that
-   * were passed to `showNotification`.
-   */
-  onInboxOpen: (
-    callback: (payload: {
-      slug: string;
-      itemId: string;
-      issueKey: string;
-    }) => void,
-  ) => {
-    const handler = (
-      _event: Electron.IpcRendererEvent,
-      payload: { slug: string; itemId: string; issueKey: string },
-    ) => callback(payload);
-    ipcRenderer.on("inbox:open", handler);
-    return () => {
-      ipcRenderer.removeListener("inbox:open", handler);
-    };
-  },
 };

 interface DaemonStatus {
@@ -187,8 +101,6 @@ const daemonAPI = {
    ipcRenderer.on("daemon:log-line", handler);
    return () => ipcRenderer.removeListener("daemon:log-line", handler);
  },
-  openLogFile: (): Promise<{ success: boolean; error?: string }> =>
-    ipcRenderer.invoke("daemon:open-log-file"),
 };

 const updaterAPI = {
--- a/apps/desktop/src/renderer/src/App.tsx
+++ b/apps/desktop/src/renderer/src/App.tsx
@@ -1,23 +1,19 @@
 import { useEffect, useLayoutEffect, useMemo, useRef, useState } from "react";
 import { useQuery, useQueryClient } from "@tanstack/react-query";
 import { CoreProvider } from "@multica/core/platform";
-import { pickLocale } from "@multica/core/i18n";
 import { useAuthStore } from "@multica/core/auth";
 import { workspaceKeys, workspaceListOptions } from "@multica/core/workspace/queries";
 import { api } from "@multica/core/api";
 import { useHasOnboarded } from "@multica/core/paths";
 import { ThemeProvider } from "@multica/ui/components/common/theme-provider";
 import { MulticaIcon } from "@multica/ui/components/common/multica-icon";
-import { Toaster } from "@multica/ui/components/ui/sonner";
+import { Toaster } from "sonner";
 import { DesktopLoginPage } from "./pages/login";
 import { DesktopShell } from "./components/desktop-layout";
 import { PageviewTracker } from "./components/pageview-tracker";
 import { UpdateNotification } from "./components/update-notification";
 import { useTabStore } from "./stores/tab-store";
 import { useWindowOverlayStore } from "./stores/window-overlay-store";
-import { useDaemonIPCBridge } from "./platform/daemon-ipc-bridge";
-import { createDesktopLocaleAdapter } from "./platform/i18n-adapter";
-import { RESOURCES } from "@multica/views/locales";


 function AppContent() {
@@ -33,16 +29,11 @@ function AppContent() {
  // first render.
  const [bootstrapping, setBootstrapping] = useState(false);

-  const runtimeConfig = window.desktopAPI.runtimeConfig.ok
-    ? window.desktopAPI.runtimeConfig.config
-    : null;
-
  // Tell the main process which backend URL we talk to, so daemon-manager
  // can pick the matching CLI profile (server_url from ~/.multica config).
  useEffect(() => {
-    if (!runtimeConfig) return;
-    window.daemonAPI.setTargetApiUrl(runtimeConfig.apiUrl);
-  }, [runtimeConfig]);
+    window.daemonAPI.setTargetApiUrl(DAEMON_TARGET_API_URL);
+  }, []);

  // Listen for invite IDs delivered via deep link (multica://invite/<id>).
  // We open the overlay regardless of login state — if the user isn't logged
@@ -108,68 +99,21 @@ function AppContent() {
  const wsCount = workspaces.length;
  const hasOnboarded = useHasOnboarded();

-  // Bridge local daemon IPC status into the runtimes cache so this user's
-  // own daemon flips to offline/online sub-second instead of waiting on the
-  // server's 75s sweeper. Resolves wsId from the active tab so workspace
-  // switches automatically rebind the subscription.
-  const activeWorkspaceSlug = useTabStore((s) => s.activeWorkspaceSlug);
-  const activeWsId = activeWorkspaceSlug
-    ? workspaces.find((w) => w.slug === activeWorkspaceSlug)?.id
-    : undefined;
-  useDaemonIPCBridge(activeWsId);
-
-  // Pre-workspace overlay routing for desktop. Mirrors the web entry-point
-  // judgment in callback / login:
-  //   un-onboarded:
-  //     pending invites on email → /invitations overlay
-  //     no invites               → /onboarding overlay
-  //   already onboarded:
-  //     zero workspaces          → /workspaces/new overlay
-  //     ≥1 workspaces            → no overlay, fall through to dashboard
-  //
-  // The "un-onboarded but in workspace" state is now physically impossible
-  // because backend transactions atomically set onboarded_at when a user
-  // joins the `member` table. Anyone with workspaces is by definition
-  // onboarded.
+  // Onboarding and zero-workspace both resolve to an overlay, but
+  // onboarding wins: a user who hasn't completed it gets the onboarding
+  // overlay regardless of how many workspaces already exist.
  useEffect(() => {
-    if (!user || !workspaceListFetched) return undefined;
+    if (!user || !workspaceListFetched) return;
    const { overlay, open } = useWindowOverlayStore.getState();
-    if (overlay) return undefined;
-    if (wsCount > 0) return undefined;
+    if (overlay) return;
    if (!hasOnboarded) {
-      // Look up pending invitations by email. Network blip is non-fatal —
-      // fall through to onboarding so the user isn't stuck on a blank
-      // window. The sidebar's pending-invitations dropdown will surface
-      // missed invites later once they're onboarded.
-      let cancelled = false;
-      void api
-        .listMyInvitations()
-        .then((invites) => {
-          if (cancelled) return;
-          const { overlay: latestOverlay, open: latestOpen } =
-            useWindowOverlayStore.getState();
-          if (latestOverlay) return;
-          if (invites.length > 0) {
-            qc.setQueryData(workspaceKeys.myInvitations(), invites);
-            latestOpen({ type: "invitations" });
-          } else {
-            latestOpen({ type: "onboarding" });
-          }
-        })
-        .catch(() => {
-          if (cancelled) return;
-          const { overlay: latestOverlay, open: latestOpen } =
-            useWindowOverlayStore.getState();
-          if (latestOverlay) return;
-          latestOpen({ type: "onboarding" });
-        });
-      return () => {
-        cancelled = true;
-      };
+      open({ type: "onboarding" });
+      return;
    }
-    open({ type: "new-workspace" });
-    return undefined;
-  }, [user, workspaceListFetched, wsCount, workspaces, hasOnboarded, qc]);
+    if (wsCount === 0) {
+      open({ type: "new-workspace" });
+    }
+  }, [user, workspaceListFetched, wsCount, workspaces, hasOnboarded]);

  // Validate persisted tab state against the current user's workspace list,
  // and pick an active workspace if none is set. Runs in useLayoutEffect
@@ -234,21 +178,9 @@ function AppContent() {
  );
 }

-function BlockingRuntimeConfigError({ message }: { message: string }) {
-  return (
-    <div className="flex h-screen items-center justify-center bg-background p-8 text-foreground">
-      <div className="max-w-xl rounded-lg border bg-card p-6 shadow-sm">
-        <h1 className="text-lg font-semibold">Desktop configuration error</h1>
-        <p className="mt-3 text-sm text-muted-foreground">
-          Multica Desktop could not load <code>~/.multica/desktop.json</code>. Fix or remove the file and restart the app.
-        </p>
-        <pre className="mt-4 whitespace-pre-wrap rounded-md bg-muted p-3 text-xs text-muted-foreground">
-          {message}
-        </pre>
-      </div>
-    </div>
-  );
-}
+// Backend the daemon should connect to — same URL the renderer talks to.
+const DAEMON_TARGET_API_URL =
+  import.meta.env.VITE_API_URL || "http://localhost:8080";

 // On logout, wipe desktop-only in-memory state and stop the daemon so that
 // a subsequent login as a different user never inherits the previous user's
@@ -272,61 +204,22 @@ async function handleDaemonLogout() {

 export default function App() {
  const { version, os } = window.desktopAPI.appInfo;
-  const systemLocale = window.desktopAPI.systemLocale;
-  const runtimeConfigResult = window.desktopAPI.runtimeConfig;
  // Stable identity reference so downstream effects (WS reconnect) don't
  // tear down on every parent render.
  const identity = useMemo(
    () => ({ platform: "desktop", version, os }),
    [version, os],
  );
-  // Locale resolution happens once at app boot. Switching language goes
-  // through window.location.reload() to avoid hydration mismatch.
-  const localeAdapter = useMemo(
-    () => createDesktopLocaleAdapter(systemLocale),
-    [systemLocale],
-  );
-  const locale = useMemo(() => pickLocale(localeAdapter), [localeAdapter]);
-  const resources = useMemo(
-    () => ({ [locale]: RESOURCES[locale] }),
-    [locale],
-  );
-
-  // React to OS-level language changes detected by main on focus regain.
-  // Only act when the user is following the system signal (no explicit
-  // Settings choice) — otherwise their preference wins. Cross-device sync
-  // for the explicit-choice case is handled inside CoreProvider.
-  useEffect(() => {
-    return window.desktopAPI.onSystemLocaleChanged((nextSystemLocale) => {
-      if (localeAdapter.getUserChoice()) return;
-      const next = pickLocale({
-        ...localeAdapter,
-        getSystemPreferences: () =>
-          nextSystemLocale ? [nextSystemLocale] : [],
-      });
-      if (next === locale) return;
-      localeAdapter.persist(next);
-      window.location.reload();
-    });
-  }, [localeAdapter, locale]);
-
  return (
    <ThemeProvider>
-      {runtimeConfigResult.ok ? (
-        <CoreProvider
-          apiBaseUrl={runtimeConfigResult.config.apiUrl}
-          wsUrl={runtimeConfigResult.config.wsUrl}
-          onLogout={handleDaemonLogout}
-          identity={identity}
-          locale={locale}
-          resources={resources}
-          localeAdapter={localeAdapter}
-        >
-          <AppContent />
-        </CoreProvider>
-      ) : (
-        <BlockingRuntimeConfigError message={runtimeConfigResult.error.message} />
-      )}
+      <CoreProvider
+        apiBaseUrl={import.meta.env.VITE_API_URL || "http://localhost:8080"}
+        wsUrl={import.meta.env.VITE_WS_URL || "ws://localhost:8080/ws"}
+        onLogout={handleDaemonLogout}
+        identity={identity}
+      >
+        <AppContent />
+      </CoreProvider>
      <Toaster />
      <UpdateNotification />
    </ThemeProvider>
--- a/apps/desktop/src/renderer/src/components/daemon-panel.tsx
+++ b/apps/desktop/src/renderer/src/components/daemon-panel.tsx
@@ -1,261 +1,150 @@
+import { useState, useEffect, useRef, useCallback } from "react";
 import {
-  Fragment,
-  useCallback,
-  useEffect,
-  useMemo,
-  useRef,
-  useState,
-  type ReactNode,
-} from "react";
-import {
-  ArrowDown,
-  Copy as CopyIcon,
-  Search,
+  Play,
+  Square,
+  RotateCw,
  Server,
-  Trash2,
+  ChevronDown,
  X,
 } from "lucide-react";
 import { cn } from "@multica/ui/lib/utils";
 import { Button } from "@multica/ui/components/ui/button";
-import {
-  Dialog,
-  DialogContent,
-  DialogTitle,
-} from "@multica/ui/components/ui/dialog";
 import { toast } from "sonner";
-import type { DaemonStatus } from "../../../shared/daemon-types";
 import {
-  DAEMON_STATE_COLORS,
-  DAEMON_STATE_LABELS,
-  formatUptime,
-} from "../../../shared/daemon-types";
-import { parseLogLine, type LogLevel, type ParsedLogLine } from "./parse-daemon-log";
+  Sheet,
+  SheetContent,
+  SheetHeader,
+  SheetTitle,
+} from "@multica/ui/components/ui/sheet";
+import type { DaemonStatus, DaemonState } from "../../../shared/daemon-types";
+import { DAEMON_STATE_COLORS, DAEMON_STATE_LABELS } from "../../../shared/daemon-types";

 interface DaemonPanelProps {
  open: boolean;
  onOpenChange: (open: boolean) => void;
  status: DaemonStatus;
-  /** Number of runtimes this local daemon has registered (for the context badge). */
-  runtimeCount: number;
+}
+
+const LOG_LEVEL_COLORS: Record<string, string> = {
+  INFO: "text-info",
+  WARN: "text-warning",
+  ERROR: "text-destructive",
+  DEBUG: "text-muted-foreground",
+};
+
+function colorizeLogLine(line: string): { level: string; className: string } {
+  for (const [level, className] of Object.entries(LOG_LEVEL_COLORS)) {
+    if (line.includes(level)) return { level, className };
+  }
+  return { level: "", className: "text-muted-foreground" };
+}
+
+function InfoRow({ label, value }: { label: string; value: React.ReactNode }) {
+  return (
+    <div className="flex items-baseline justify-between gap-4 py-1">
+      <span className="shrink-0 text-xs text-muted-foreground">{label}</span>
+      <span className="truncate text-right text-sm">{value}</span>
+    </div>
+  );
+}
+
+function StatusDot({ state }: { state: DaemonState }) {
+  return <span className={cn("inline-block size-2 rounded-full", DAEMON_STATE_COLORS[state])} />;
+}
+
+interface LogEntry {
+  id: number;
+  line: string;
 }

 const MAX_LOG_LINES = 500;
-const LEVELS: readonly LogLevel[] = ["DEBUG", "INFO", "WARN", "ERROR"];
+let logIdCounter = 0;

-const LEVEL_BADGE_CLASS: Record<LogLevel, string> = {
-  DEBUG: "border-muted-foreground/25 text-muted-foreground/70",
-  INFO: "border-foreground/15 text-foreground/80",
-  WARN: "border-warning/40 text-warning",
-  ERROR: "border-destructive/40 text-destructive",
-};
-
-// What gets rendered in the viewport — a single line or a folded group of
-// consecutive lines that share the same `message`. The group form is what
-// turns a wall of `DBG poll: no tasks` into a single placeholder.
-type DisplayItem =
-  | { kind: "line"; line: ParsedLogLine }
-  | { kind: "group"; first: ParsedLogLine; rest: ParsedLogLine[] };
-
-export function DaemonPanel({
-  open,
-  onOpenChange,
-  status,
-  runtimeCount,
-}: DaemonPanelProps) {
-  const [logs, setLogs] = useState<ParsedLogLine[]>([]);
-  const [search, setSearch] = useState("");
-  // Each level chip is an independent toggle. DEBUG is off by default so
-  // poll-loop noise doesn't drown out real events when the panel opens —
-  // users opt in if they want to see it.
-  const [enabledLevels, setEnabledLevels] = useState<Set<LogLevel>>(
-    () => new Set<LogLevel>(["INFO", "WARN", "ERROR"]),
-  );
+export function DaemonPanel({ open, onOpenChange, status }: DaemonPanelProps) {
+  const [logs, setLogs] = useState<LogEntry[]>([]);
  const [autoScroll, setAutoScroll] = useState(true);
-  const [expandedFields, setExpandedFields] = useState<Set<number>>(new Set());
-  const [expandedGroups, setExpandedGroups] = useState<Set<number>>(new Set());
-
-  const idCounterRef = useRef(0);
+  const [actionLoading, setActionLoading] = useState(false);
  const logContainerRef = useRef<HTMLDivElement>(null);

-  // --- Log stream subscription ---
-  // Active only while the modal is open. On open we replay the file's tail
-  // (~200 lines) so users have context for "what just happened"; on close
-  // we tear down the watcher so the main process isn't doing work for a
-  // hidden UI.
  useEffect(() => {
    if (!open) return;
-    setLogs([]);
-    setExpandedFields(new Set());
-    setExpandedGroups(new Set());
-    idCounterRef.current = 0;

    window.daemonAPI.startLogStream();
    const unsub = window.daemonAPI.onLogLine((line) => {
      setLogs((prev) => {
-        const id = ++idCounterRef.current;
-        const parsed = parseLogLine(line, id);
-        const next =
-          prev.length >= MAX_LOG_LINES
-            ? [...prev.slice(prev.length - MAX_LOG_LINES + 1), parsed]
-            : [...prev, parsed];
-        return next;
+        const next = [...prev, { id: ++logIdCounter, line }];
+        return next.length > MAX_LOG_LINES ? next.slice(-MAX_LOG_LINES) : next;
      });
    });
+
    return () => {
      unsub();
      window.daemonAPI.stopLogStream();
    };
  }, [open]);

-  // --- Derived: counts per level (for filter chip badges) ---
-  const levelCounts = useMemo(() => {
-    const counts: Record<LogLevel, number> = {
-      DEBUG: 0,
-      INFO: 0,
-      WARN: 0,
-      ERROR: 0,
-    };
-    for (const l of logs) {
-      if (l.level) counts[l.level] += 1;
-    }
-    return counts;
-  }, [logs]);
-
-  // --- Derived: filtered list (level toggle + search) ---
-  // Lines that didn't parse (level = null) always pass — they're typically
-  // panic stack traces / partial writes; never silently drop them.
-  const filtered = useMemo(() => {
-    let result = logs;
-    result = result.filter((l) => {
-      if (!l.level) return true;
-      return enabledLevels.has(l.level);
-    });
-    if (search) {
-      const q = search.toLowerCase();
-      result = result.filter((l) => l.raw.toLowerCase().includes(q));
-    }
-    return result;
-  }, [logs, enabledLevels, search]);
-
-  // --- Derived: collapse runs of consecutive lines that share the same
-  // message into a single group placeholder. The most common case is the
-  // 1-min `DBG poll: no tasks` heartbeat that otherwise pushes real events
-  // off-screen. Grouping happens AFTER filtering so toggling DEBUG off
-  // doesn't strand groups.
-  const displayed = useMemo<DisplayItem[]>(() => {
-    const out: DisplayItem[] = [];
-    for (const line of filtered) {
-      const last = out[out.length - 1];
-      if (!last) {
-        out.push({ kind: "line", line });
-        continue;
-      }
-      const lastMessage =
-        last.kind === "line" ? last.line.message : last.first.message;
-      if (lastMessage && lastMessage === line.message) {
-        if (last.kind === "line") {
-          out[out.length - 1] = {
-            kind: "group",
-            first: last.line,
-            rest: [line],
-          };
-        } else {
-          last.rest.push(line);
-        }
-      } else {
-        out.push({ kind: "line", line });
-      }
-    }
-    return out;
-  }, [filtered]);
-
-  // --- Auto-scroll: pin to bottom while live; release on user scroll ---
  useEffect(() => {
-    if (!autoScroll) return;
-    const el = logContainerRef.current;
-    if (el) el.scrollTop = el.scrollHeight;
-  }, [displayed, autoScroll]);
+    if (autoScroll && logContainerRef.current) {
+      logContainerRef.current.scrollTop = logContainerRef.current.scrollHeight;
+    }
+  }, [logs, autoScroll]);

-  const handleScroll = useCallback(() => {
+  const handleLogScroll = useCallback(() => {
    const el = logContainerRef.current;
    if (!el) return;
    const atBottom = el.scrollHeight - el.scrollTop - el.clientHeight < 40;
-    // Only flip auto-scroll OFF on user-initiated scroll-up; never flip ON
-    // here. Re-enabling lives in the "Jump to latest" footer button so a
-    // burst of lines doesn't yank a reading user back to the bottom.
-    if (!atBottom && autoScroll) setAutoScroll(false);
-  }, [autoScroll]);
-
-  const handleResume = useCallback(() => {
-    setAutoScroll(true);
-    const el = logContainerRef.current;
-    if (el) el.scrollTop = el.scrollHeight;
+    setAutoScroll(atBottom);
  }, []);

-  const handleCopy = useCallback(async () => {
-    const text = filtered.map((l) => l.raw).join("\n");
-    try {
-      await navigator.clipboard.writeText(text);
-      toast.success(
-        `Copied ${filtered.length} line${filtered.length === 1 ? "" : "s"}`,
-      );
-    } catch (err) {
-      toast.error("Failed to copy", {
-        description: err instanceof Error ? err.message : String(err),
-      });
+  const scrollToBottom = useCallback(() => {
+    if (logContainerRef.current) {
+      logContainerRef.current.scrollTop = logContainerRef.current.scrollHeight;
+      setAutoScroll(true);
    }
-  }, [filtered]);
-
-  const handleClear = useCallback(() => {
-    setLogs([]);
-    setExpandedFields(new Set());
-    setExpandedGroups(new Set());
  }, []);

-  const toggleLevel = useCallback((lv: LogLevel) => {
-    setEnabledLevels((prev) => {
-      const next = new Set(prev);
-      if (next.has(lv)) next.delete(lv);
-      else next.add(lv);
-      return next;
-    });
+  const handleStart = useCallback(async () => {
+    setActionLoading(true);
+    const result = await window.daemonAPI.start();
+    setActionLoading(false);
+    if (!result.success) {
+      toast.error("Failed to start daemon", { description: result.error });
+    }
  }, []);

-  const toggleFields = useCallback((id: number) => {
-    setExpandedFields((prev) => {
-      const next = new Set(prev);
-      if (next.has(id)) next.delete(id);
-      else next.add(id);
-      return next;
-    });
+  const handleStop = useCallback(async () => {
+    setActionLoading(true);
+    const result = await window.daemonAPI.stop();
+    setActionLoading(false);
+    if (!result.success) {
+      toast.error("Failed to stop daemon", { description: result.error });
+    }
  }, []);

-  const toggleGroup = useCallback((id: number) => {
-    setExpandedGroups((prev) => {
-      const next = new Set(prev);
-      if (next.has(id)) next.delete(id);
-      else next.add(id);
-      return next;
-    });
+  const handleRestart = useCallback(async () => {
+    setActionLoading(true);
+    const result = await window.daemonAPI.restart();
+    setActionLoading(false);
+    if (!result.success) {
+      toast.error("Failed to restart daemon", { description: result.error });
+    }
  }, []);

-  const hasActiveFilter = !!search || enabledLevels.size < LEVELS.length;
+  const isTransitioning = status.state === "starting" || status.state === "stopping";

  return (
-    <Dialog open={open} onOpenChange={onOpenChange}>
-      <DialogContent
-        className="flex h-[85vh] flex-col gap-0 overflow-hidden p-0 sm:max-w-5xl"
+    <Sheet open={open} onOpenChange={onOpenChange}>
+      <SheetContent
+        side="right"
+        className="flex flex-col sm:max-w-md"
        showCloseButton={false}
+        style={{ WebkitAppRegion: "no-drag" } as React.CSSProperties}
      >
-        {/* Header */}
-        <div className="flex shrink-0 items-center justify-between gap-3 border-b px-4 py-3">
-          <div className="flex min-w-0 items-center gap-2">
-            <Server className="size-4 shrink-0 text-muted-foreground" />
-            <DialogTitle className="text-sm font-medium">
-              Local daemon logs
-            </DialogTitle>
-            <ContextBadge status={status} runtimeCount={runtimeCount} />
-          </div>
+        <SheetHeader className="flex-row items-center justify-between gap-2 pr-3">
+          <SheetTitle className="flex items-center gap-2">
+            <Server className="size-4" />
+            Local Daemon
+          </SheetTitle>
          <button
            type="button"
            onClick={() => onOpenChange(false)}
@@ -264,412 +153,157 @@ export function DaemonPanel({
          >
            <X className="size-4" />
          </button>
-        </div>
+        </SheetHeader>

-        {/* Toolbar */}
-        <div className="flex shrink-0 flex-wrap items-center gap-2 border-b px-4 py-2">
-          {/* Search */}
-          <div className="relative w-56">
-            <Search className="pointer-events-none absolute left-2 top-1/2 size-3.5 -translate-y-1/2 text-muted-foreground" />
-            <input
-              value={search}
-              onChange={(e) => setSearch(e.target.value)}
-              placeholder="Search…"
-              className="h-7 w-full rounded-md border bg-background pl-7 pr-2 text-xs placeholder:text-muted-foreground focus:outline-none focus:ring-1 focus:ring-ring"
+        <div className="flex-1 min-h-0 flex flex-col gap-4 px-4">
+          <div className="shrink-0 space-y-4">
+          {/* Status info */}
+          <div className="rounded-lg border p-3 space-y-0.5">
+            <InfoRow
+              label="Status"
+              value={
+                <span className="flex items-center gap-1.5">
+                  <StatusDot state={status.state} />
+                  {DAEMON_STATE_LABELS[status.state]}
+                </span>
+              }
            />
-          </div>
-
-          {/* Level toggle chips. Each chip is independent — click to
-              show/hide that level. DEBUG starts hidden because the
-              poll-loop heartbeat dominates otherwise. */}
-          <div className="flex items-center gap-1">
-            {LEVELS.map((lv) => (
-              <FilterChip
-                key={lv}
-                active={enabledLevels.has(lv)}
-                onClick={() => toggleLevel(lv)}
-                label={lv}
-                count={levelCounts[lv]}
-                variant={lv}
+            {status.uptime && <InfoRow label="Uptime" value={status.uptime} />}
+            <InfoRow label="Profile" value={status.profile || "default"} />
+            {status.serverUrl && (
+              <InfoRow
+                label="Server"
+                value={
+                  <span className="font-mono text-xs" title={status.serverUrl}>
+                    {status.serverUrl}
+                  </span>
+                }
              />
-            ))}
+            )}
+            {status.agents && status.agents.length > 0 && (
+              <InfoRow label="Agents" value={status.agents.join(", ")} />
+            )}
+            {status.deviceName && <InfoRow label="Device" value={status.deviceName} />}
+            {status.daemonId && (
+              <InfoRow
+                label="Daemon ID"
+                value={<span className="font-mono text-xs">{status.daemonId}</span>}
+              />
+            )}
+            {typeof status.workspaceCount === "number" && (
+              <InfoRow label="Workspaces" value={status.workspaceCount} />
+            )}
+            {status.pid && (
+              <InfoRow
+                label="PID"
+                value={<span className="font-mono text-xs">{status.pid}</span>}
+              />
+            )}
          </div>

-          {/* Right-aligned actions */}
-          <div className="ml-auto flex items-center gap-1">
-            <Button
-              variant="ghost"
-              size="sm"
-              className="h-7"
-              onClick={handleCopy}
-              disabled={filtered.length === 0}
-            >
-              <CopyIcon className="size-3.5 mr-1.5" />
-              Copy
-            </Button>
-            <Button
-              variant="ghost"
-              size="sm"
-              className="h-7"
-              onClick={handleClear}
-              disabled={logs.length === 0}
-            >
-              <Trash2 className="size-3.5 mr-1.5" />
-              Clear
-            </Button>
-          </div>
-        </div>
-
-        {/* Logs viewport */}
-        <div
-          ref={logContainerRef}
-          onScroll={handleScroll}
-          className="min-h-0 flex-1 overflow-y-auto bg-muted/20 px-2 py-1 font-mono text-xs"
-        >
-          {displayed.length === 0 ? (
-            <EmptyState
-              hasLogs={logs.length > 0}
-              hasFilter={hasActiveFilter}
-              isRunning={status.state === "running"}
-            />
+          {/* Actions */}
+          {status.state === "installing_cli" ? (
+            <div className="rounded-lg border border-dashed p-3 text-sm text-muted-foreground">
+              Setting up the local runtime… this only happens the first time.
+            </div>
+          ) : status.state === "cli_not_found" ? (
+            <div className="rounded-lg border border-destructive/40 bg-destructive/5 p-3 space-y-2">
+              <p className="text-sm">
+                Couldn&apos;t download the local runtime. Check your network
+                connection and try again.
+              </p>
+              <Button
+                size="sm"
+                variant="outline"
+                onClick={async () => {
+                  setActionLoading(true);
+                  try {
+                    await window.daemonAPI.retryInstall();
+                  } finally {
+                    setActionLoading(false);
+                  }
+                }}
+                disabled={actionLoading}
+              >
+                <RotateCw className="size-3.5 mr-1.5" />
+                Retry
+              </Button>
+            </div>
          ) : (
-            <div className="flex flex-col">
-              {displayed.map((item) =>
-                item.kind === "line" ? (
-                  <LogLineRow
-                    key={item.line.id}
-                    line={item.line}
-                    expanded={expandedFields.has(item.line.id)}
-                    onToggle={() => toggleFields(item.line.id)}
-                    search={search}
-                  />
-                ) : (
-                  <GroupRows
-                    key={item.first.id}
-                    first={item.first}
-                    rest={item.rest}
-                    expanded={expandedGroups.has(item.first.id)}
-                    onToggle={() => toggleGroup(item.first.id)}
-                    expandedFields={expandedFields}
-                    onToggleFields={toggleFields}
-                    search={search}
-                  />
-                ),
+            <div className="flex gap-2">
+              {status.state === "stopped" ? (
+                <Button size="sm" onClick={handleStart} disabled={actionLoading}>
+                  <Play className="size-3.5 mr-1.5" />
+                  Start
+                </Button>
+              ) : (
+                <>
+                  <Button
+                    variant="outline"
+                    size="sm"
+                    onClick={handleStop}
+                    disabled={actionLoading || isTransitioning}
+                  >
+                    <Square className="size-3.5 mr-1.5" />
+                    Stop
+                  </Button>
+                  <Button
+                    variant="outline"
+                    size="sm"
+                    onClick={handleRestart}
+                    disabled={actionLoading || isTransitioning}
+                  >
+                    <RotateCw className="size-3.5 mr-1.5" />
+                    Restart
+                  </Button>
+                </>
              )}
            </div>
          )}
-        </div>

-        {/* Status bar — count only. The "is the user following" state is
-            communicated implicitly by the presence of the Jump-to-latest
-            button below; an explicit "Paused" word read as "log stream is
-            paused" (it isn't — data keeps flowing into the buffer). */}
-        <div className="flex shrink-0 items-center justify-between border-t bg-muted/30 px-4 py-1.5 text-xs text-muted-foreground">
-          <span className="tabular-nums">
-            Showing {filtered.length} of {logs.length}
-            {logs.length === MAX_LOG_LINES && (
-              <span className="ml-1 text-muted-foreground/60">
-                (buffer full)
-              </span>
-            )}
-          </span>
-          {!autoScroll && (
-            <button
-              type="button"
-              onClick={handleResume}
-              className="inline-flex items-center gap-1 rounded-md px-2 py-0.5 hover:bg-muted hover:text-foreground"
-            >
-              <ArrowDown className="size-3" />
-              Jump to latest
-            </button>
-          )}
-        </div>
-      </DialogContent>
-    </Dialog>
-  );
-}
-
-// ---------- Sub-components ----------
-
-function ContextBadge({
-  status,
-  runtimeCount,
-}: {
-  status: DaemonStatus;
-  runtimeCount: number;
-}) {
-  const isRunning = status.state === "running";
-  return (
-    <span className="inline-flex items-center gap-1.5 rounded-md border bg-background px-1.5 py-0.5 text-xs font-normal">
-      <span
-        className={cn(
-          "size-1.5 rounded-full",
-          DAEMON_STATE_COLORS[status.state],
-        )}
-      />
-      <span
-        className={cn(
-          "tabular-nums",
-          isRunning ? "text-foreground" : "text-muted-foreground",
-        )}
-      >
-        {DAEMON_STATE_LABELS[status.state]}
-      </span>
-      {isRunning && status.uptime && (
-        <span className="text-muted-foreground">
-          · {formatUptime(status.uptime)}
-        </span>
-      )}
-      {isRunning && runtimeCount > 0 && (
-        <span className="text-muted-foreground">
-          · {runtimeCount} runtime{runtimeCount === 1 ? "" : "s"}
-        </span>
-      )}
-    </span>
-  );
-}
-
-function FilterChip({
-  active,
-  onClick,
-  label,
-  count,
-  variant,
-}: {
-  active: boolean;
-  onClick: () => void;
-  label: string;
-  count: number;
-  variant?: LogLevel;
-}) {
-  return (
-    <button
-      type="button"
-      onClick={onClick}
-      className={cn(
-        "inline-flex h-7 items-center gap-1 rounded-md border bg-background px-2 text-xs transition-colors hover:bg-accent",
-        active
-          ? variant
-            ? LEVEL_BADGE_CLASS[variant]
-            : "bg-accent text-accent-foreground"
-          : "border-dashed text-muted-foreground/50",
-      )}
-    >
-      {label}
-      <span
-        className={cn(
-          "tabular-nums",
-          active ? "text-current/80" : "text-muted-foreground/40",
-        )}
-      >
-        {count}
-      </span>
-    </button>
-  );
-}
-
-function LevelBadge({ level }: { level: LogLevel }) {
-  return (
-    <span
-      className={cn(
-        "inline-flex h-4 shrink-0 items-center rounded border px-1 text-[10px] font-medium uppercase tracking-wide",
-        LEVEL_BADGE_CLASS[level],
-      )}
-    >
-      {level}
-    </span>
-  );
-}
-
-function LogLineRow({
-  line,
-  expanded,
-  onToggle,
-  search,
-}: {
-  line: ParsedLogLine;
-  expanded: boolean;
-  onToggle: () => void;
-  search: string;
-}) {
-  const fieldEntries = Object.entries(line.fields);
-  const hasFields = fieldEntries.length > 0;
-
-  // Unparseable line — render the raw text so nothing is hidden. Common
-  // for panic stack traces and partial writes during log rotation.
-  if (!line.timestamp || !line.level) {
-    return (
-      <div className="break-all whitespace-pre-wrap px-2 py-0.5 text-muted-foreground/70">
-        {highlight(line.raw, search)}
-      </div>
-    );
-  }
-
-  return (
-    <div
-      className={cn(
-        "grid grid-cols-[auto_auto_minmax(0,1fr)] items-baseline gap-2 rounded px-2 py-0.5 hover:bg-accent/30",
-        hasFields && "cursor-pointer",
-      )}
-      onClick={hasFields ? onToggle : undefined}
-    >
-      <span className="shrink-0 tabular-nums text-muted-foreground/60">
-        {line.timestamp}
-      </span>
-      <LevelBadge level={line.level} />
-      <div className="min-w-0">
-        <div className="flex min-w-0 items-baseline gap-2">
-          <span className="break-words">{highlight(line.message, search)}</span>
-          {hasFields && !expanded && (
-            <span className="min-w-0 truncate text-muted-foreground/60">
-              {fieldEntries
-                .map(([k, v]) => `${k}=${truncateValue(v)}`)
-                .join("  ")}
-            </span>
-          )}
-        </div>
-        {expanded && hasFields && (
-          <div className="ml-1 mt-1 grid grid-cols-[max-content_minmax(0,1fr)] gap-x-3 gap-y-0.5 text-muted-foreground">
-            {fieldEntries.map(([k, v]) => (
-              <Fragment key={k}>
-                <span className="text-muted-foreground/70">{k}</span>
-                <span className="break-all text-foreground/85">{v}</span>
-              </Fragment>
-            ))}
          </div>
-        )}
-      </div>
-    </div>
-  );
-}
-
-function GroupRows({
-  first,
-  rest,
-  expanded,
-  onToggle,
-  expandedFields,
-  onToggleFields,
-  search,
-}: {
-  first: ParsedLogLine;
-  rest: ParsedLogLine[];
-  expanded: boolean;
-  onToggle: () => void;
-  expandedFields: Set<number>;
-  onToggleFields: (id: number) => void;
-  search: string;
-}) {
-  // Folded: show the first occurrence so the user still sees a sample
-  // (timestamp, level, message), then a click-to-expand placeholder for
-  // the suppressed run. The placeholder uses a dashed border + italics
-  // so the eye reads it as "not a real line".
-  if (!expanded) {
-    return (
-      <>
-        <LogLineRow
-          line={first}
-          expanded={expandedFields.has(first.id)}
-          onToggle={() => onToggleFields(first.id)}
-          search={search}
-        />
-        <button
-          type="button"
-          onClick={onToggle}
-          className="my-0.5 ml-2 inline-flex w-fit items-center gap-2 rounded border border-dashed border-muted-foreground/25 bg-muted/30 px-2 py-0.5 text-[11px] italic text-muted-foreground/70 hover:bg-muted/60 hover:text-foreground"
-        >
-          <span>···</span>
-          <span>
-            {rest.length} more &ldquo;{truncateValue(first.message, 48)}
-            &rdquo; — click to expand
-          </span>
-        </button>
-      </>
-    );
-  }
-
-  // Unfolded: render every line, then a small "collapse" affordance at
-  // the end so the user can put the toothpaste back in the tube.
-  return (
-    <>
-      <LogLineRow
-        line={first}
-        expanded={expandedFields.has(first.id)}
-        onToggle={() => onToggleFields(first.id)}
-        search={search}
-      />
-      {rest.map((l) => (
-        <LogLineRow
-          key={l.id}
-          line={l}
-          expanded={expandedFields.has(l.id)}
-          onToggle={() => onToggleFields(l.id)}
-          search={search}
-        />
-      ))}
-      <button
-        type="button"
-        onClick={onToggle}
-        className="my-0.5 ml-2 inline-flex w-fit items-center gap-2 rounded border border-dashed border-muted-foreground/25 px-2 py-0.5 text-[11px] italic text-muted-foreground/60 hover:text-foreground"
-      >
-        <span>···</span>
-        <span>collapse {rest.length + 1} repeated</span>
-      </button>
-    </>
-  );
-}
-
-function EmptyState({
-  hasLogs,
-  hasFilter,
-  isRunning,
-}: {
-  hasLogs: boolean;
-  hasFilter: boolean;
-  isRunning: boolean;
-}) {
-  let title: string;
-  let subtitle: string;
-  if (hasFilter) {
-    title = "No matching log lines";
-    subtitle = "Try a different search or level toggle.";
-  } else if (!isRunning) {
-    title = "Daemon isn't running";
-    subtitle = "Start the daemon to see logs here.";
-  } else if (!hasLogs) {
-    title = "Waiting for logs…";
-    subtitle = "New entries will appear in real time.";
-  } else {
-    title = "";
-    subtitle = "";
-  }
-  return (
-    <div className="flex h-full flex-col items-center justify-center gap-1 text-center text-muted-foreground/70">
-      <p className="text-sm">{title}</p>
-      <p className="text-xs text-muted-foreground/50">{subtitle}</p>
-    </div>
-  );
-}
-
-// ---------- Helpers ----------
-
-function truncateValue(value: string, max = 32): string {
-  return value.length > max ? `${value.slice(0, max)}…` : value;
-}
-
-function highlight(text: string, query: string): ReactNode {
-  if (!query) return text;
-  const q = query.toLowerCase();
-  const lower = text.toLowerCase();
-  const idx = lower.indexOf(q);
-  if (idx === -1) return text;
-  return (
-    <>
-      {text.slice(0, idx)}
-      <mark className="rounded bg-warning/30 px-0.5 text-foreground">
-        {text.slice(idx, idx + query.length)}
-      </mark>
-      {text.slice(idx + query.length)}
-    </>
+
+          {/* Logs — fills remaining vertical space down to the sheet bottom */}
+          <div className="flex-1 min-h-0 flex flex-col gap-2 pb-4">
+            <div className="flex items-center justify-between shrink-0">
+              <h3 className="text-sm font-medium">Logs</h3>
+              {!autoScroll && (
+                <Button
+                  variant="ghost"
+                  size="sm"
+                  className="h-6 px-2 text-xs"
+                  onClick={scrollToBottom}
+                >
+                  <ChevronDown className="size-3 mr-1" />
+                  Scroll to bottom
+                </Button>
+              )}
+            </div>
+            <div
+              ref={logContainerRef}
+              onScroll={handleLogScroll}
+              className="flex-1 min-h-0 overflow-y-auto rounded-lg border bg-muted/30 p-2 font-mono text-xs leading-relaxed"
+            >
+              {logs.length === 0 ? (
+                <p className="text-muted-foreground/50 text-center py-8">
+                  {status.state === "running"
+                    ? "Waiting for logs…"
+                    : "Start the daemon to see logs"}
+                </p>
+              ) : (
+                logs.map((entry) => {
+                  const { className } = colorizeLogLine(entry.line);
+                  return (
+                    <div key={entry.id} className={cn("whitespace-pre-wrap break-all", className)}>
+                      {entry.line}
+                    </div>
+                  );
+                })
+              )}
+            </div>
+          </div>
+        </div>
+      </SheetContent>
+    </Sheet>
  );
 }
--- a/apps/desktop/src/renderer/src/components/daemon-runtime-card.tsx
+++ b/apps/desktop/src/renderer/src/components/daemon-runtime-card.tsx
@@ -1,94 +1,22 @@
-import { useState, useEffect, useCallback, useMemo } from "react";
+import { useState, useEffect, useCallback } from "react";
 import {
-  AlertCircle,
  Play,
  Square,
  RotateCw,
  Server,
  Activity,
-  ScrollText,
 } from "lucide-react";
-import { useQuery } from "@tanstack/react-query";
-import { useWorkspaceId } from "@multica/core/hooks";
-import { runtimeListOptions } from "@multica/core/runtimes";
-import { agentTaskSnapshotOptions } from "@multica/core/agents";
 import { cn } from "@multica/ui/lib/utils";
 import { Button } from "@multica/ui/components/ui/button";
-import {
-  Card,
-  CardAction,
-  CardDescription,
-  CardHeader,
-  CardTitle,
-} from "@multica/ui/components/ui/card";
-import {
-  Dialog,
-  DialogContent,
-  DialogDescription,
-  DialogFooter,
-  DialogHeader,
-  DialogTitle,
-} from "@multica/ui/components/ui/dialog";
 import { toast } from "sonner";
 import { DaemonPanel } from "./daemon-panel";
 import type { DaemonStatus } from "../../../shared/daemon-types";
-import {
-  DAEMON_STATE_COLORS,
-  DAEMON_STATE_LABELS,
-  daemonStateDescription,
-  formatUptime,
-} from "../../../shared/daemon-types";
+import { DAEMON_STATE_COLORS, DAEMON_STATE_LABELS, formatUptime } from "../../../shared/daemon-types";

-/**
- * Header card on the desktop Runtimes page that surfaces the daemon embedded
- * in this Electron app. The same daemon process registers N runtimes with the
- * server (one per detected CLI), which appear in the runtime list below — so
- * this card is the parent control surface for "what's running on this Mac".
- *
- * Why this lives only on desktop: web users don't have an embedded daemon;
- * they bring their own (CLI-launched or remote VM) and just see runtimes in
- * the list. The `desktop-runtimes-page` wrapper is the only mount point.
- */
 export function DaemonRuntimeCard() {
  const [status, setStatus] = useState<DaemonStatus>({ state: "stopped" });
  const [panelOpen, setPanelOpen] = useState(false);
  const [actionLoading, setActionLoading] = useState(false);
-  const [confirmStop, setConfirmStop] = useState(false);
-
-  const wsId = useWorkspaceId();
-  const { data: runtimes = [] } = useQuery(runtimeListOptions(wsId));
-  // Snapshot also includes each agent's latest terminal; the filter below
-  // drops anything that isn't running/dispatched, so terminal rows pass
-  // through harmlessly.
-  const { data: snapshot = [] } = useQuery(agentTaskSnapshotOptions(wsId));
-
-  // Set of runtime IDs registered by THIS daemon (one per detected CLI).
-  // Used both to count "how many CLIs am I contributing" and to figure
-  // out which active tasks would be impacted by a Stop.
-  const localRuntimeIds = useMemo(() => {
-    if (!status.daemonId) return new Set<string>();
-    return new Set(
-      runtimes
-        .filter((r) => r.daemon_id === status.daemonId)
-        .map((r) => r.id),
-    );
-  }, [runtimes, status.daemonId]);
-
-  const runtimeCount = localRuntimeIds.size;
-
-  // Tasks that are actually doing work on this daemon right now —
-  // running or dispatched. Queued tasks haven't claimed a runtime yet,
-  // so stopping the daemon won't break them (they'll wait for any
-  // available daemon). The number drives the Stop-confirmation dialog.
-  const affectedTasks = useMemo(
-    () =>
-      snapshot.filter(
-        (t) =>
-          localRuntimeIds.has(t.runtime_id) &&
-          (t.status === "running" || t.status === "dispatched"),
-      ),
-    [snapshot, localRuntimeIds],
-  );

  useEffect(() => {
    window.daemonAPI.getStatus().then((s) => setStatus(s));
@@ -108,10 +36,7 @@ export function DaemonRuntimeCard() {
    }
  }, []);

-  // The actual stop call, separated from the click handler so we can call
-  // it both from the direct path (no active tasks) and from the confirm
-  // dialog's confirm button.
-  const performStop = useCallback(async () => {
+  const handleStop = useCallback(async () => {
    setActionLoading(true);
    const result = await window.daemonAPI.stop();
    if (!result.success) {
@@ -119,214 +44,112 @@ export function DaemonRuntimeCard() {
    }
  }, []);

-  // Click on the Stop button. If there's nothing running, just stop;
-  // otherwise pop a confirm dialog explaining the blast radius.
-  const handleStopClick = useCallback(() => {
-    if (affectedTasks.length === 0) {
-      void performStop();
-    } else {
-      setConfirmStop(true);
-    }
-  }, [affectedTasks.length, performStop]);
-
  const handleRestart = useCallback(async () => {
    setActionLoading(true);
    const result = await window.daemonAPI.restart();
    if (!result.success) {
      toast.error("Failed to restart daemon", { description: result.error });
-      return;
-    }
-    // Success feedback — the daemon takes a few seconds to come back online,
-    // and the only other UI signal is the state badge flipping briefly. A
-    // toast confirms the click was received and tells the user what to expect.
-    toast.success("Restarting daemon", {
-      description: "Runtimes will be back online in a few seconds.",
-    });
-  }, []);
-
-  const handleRetryInstall = useCallback(async () => {
-    setActionLoading(true);
-    try {
-      await window.daemonAPI.retryInstall();
-    } finally {
-      setActionLoading(false);
    }
  }, []);

+  const isTransitioning = status.state === "starting" || status.state === "stopping";
  const isRunning = status.state === "running";
-  const isStopped = status.state === "stopped";
-  const isCliMissing = status.state === "cli_not_found";
-  const isTransitioning =
-    status.state === "starting" || status.state === "stopping";
-  const isInstalling = status.state === "installing_cli";
+  const isStopped = status.state === "stopped" || status.state === "cli_not_found";
+
+  const stopPropagation = (e: React.MouseEvent) => e.stopPropagation();

  return (
    <>
-      <Card size="sm">
-        <CardHeader>
-          <CardTitle className="flex items-center gap-2">
-            <Server className="size-4 text-muted-foreground" />
-            Local daemon
-            <span className="inline-flex items-center gap-1.5 rounded-md border bg-background px-1.5 py-0.5 text-xs font-normal">
-              <span
-                className={cn(
-                  "size-1.5 rounded-full",
-                  DAEMON_STATE_COLORS[status.state],
+      <div
+        role="button"
+        tabIndex={0}
+        onClick={() => setPanelOpen(true)}
+        onKeyDown={(e) => {
+          if (e.key === "Enter" || e.key === " ") {
+            e.preventDefault();
+            setPanelOpen(true);
+          }
+        }}
+        className="border-b px-4 py-3 cursor-pointer transition-colors hover:bg-muted/40 focus-visible:outline-none focus-visible:bg-muted/40"
+      >
+        <div className="flex items-start justify-between gap-3">
+          <div className="flex items-center gap-2.5">
+            <div className="flex size-8 items-center justify-center rounded-lg bg-muted">
+              <Server className="size-4 text-muted-foreground" />
+            </div>
+            <div>
+              <h3 className="text-sm font-medium">Local Daemon</h3>
+              <div className="flex items-center gap-1.5 mt-0.5">
+                <span className={cn("size-1.5 rounded-full", DAEMON_STATE_COLORS[status.state])} />
+                <span className="text-xs text-muted-foreground">{DAEMON_STATE_LABELS[status.state]}</span>
+                {isRunning && status.uptime && (
+                  <>
+                    <span className="text-xs text-muted-foreground">·</span>
+                    <span className="text-xs text-muted-foreground">{formatUptime(status.uptime)}</span>
+                  </>
                )}
-              />
-              <span
-                className={cn(
-                  "tabular-nums",
-                  isRunning ? "text-foreground" : "text-muted-foreground",
+                {isRunning && status.agents && status.agents.length > 0 && (
+                  <>
+                    <span className="text-xs text-muted-foreground">·</span>
+                    <span className="text-xs text-muted-foreground">{status.agents.join(", ")}</span>
+                  </>
                )}
+              </div>
+            </div>
+          </div>
+
+          <div
+            className="flex items-center gap-1.5 shrink-0"
+            onClick={stopPropagation}
+          >
+            {isStopped && (
+              <Button
+                size="sm"
+                variant="outline"
+                onClick={handleStart}
+                disabled={actionLoading || status.state === "cli_not_found"}
              >
-                {DAEMON_STATE_LABELS[status.state]}
-              </span>
-              {isRunning && status.uptime && (
-                <span className="text-muted-foreground">
-                  · {formatUptime(status.uptime)}
-                </span>
-              )}
-            </span>
-          </CardTitle>
-          <CardDescription>
-            {daemonStateDescription(status.state, runtimeCount)}
-          </CardDescription>
-          <CardAction className="self-center">
-            <div className="flex items-center gap-1.5">
-              {isRunning && (
-                <>
-                  <Button
-                    size="sm"
-                    variant="ghost"
-                    onClick={() => setPanelOpen(true)}
-                  >
-                    <ScrollText className="size-3.5 mr-1.5" />
-                    View logs
-                  </Button>
-                  <Button
-                    size="sm"
-                    variant="outline"
-                    onClick={handleRestart}
-                    disabled={actionLoading}
-                  >
-                    <RotateCw className="size-3.5 mr-1.5" />
-                    Restart
-                  </Button>
-                  <Button
-                    size="sm"
-                    variant="destructive"
-                    onClick={handleStopClick}
-                    disabled={actionLoading}
-                  >
-                    <Square className="size-3.5 mr-1.5" />
-                    Stop
-                  </Button>
-                </>
-              )}
-
-              {isStopped && (
+                {actionLoading ? (
+                  <Activity className="size-3.5 mr-1.5 animate-pulse" />
+                ) : (
+                  <Play className="size-3.5 mr-1.5" />
+                )}
+                Start
+              </Button>
+            )}
+            {isRunning && (
+              <>
                <Button
                  size="sm"
-                  onClick={handleStart}
-                  disabled={actionLoading}
-                >
-                  {actionLoading ? (
-                    <Activity className="size-3.5 mr-1.5 animate-pulse" />
-                  ) : (
-                    <Play className="size-3.5 mr-1.5" />
-                  )}
-                  Start
-                </Button>
-              )}
-
-              {isCliMissing && (
-                <Button
-                  size="sm"
-                  variant="outline"
-                  onClick={handleRetryInstall}
+                  variant="ghost"
+                  onClick={handleRestart}
                  disabled={actionLoading}
                >
                  <RotateCw className="size-3.5 mr-1.5" />
-                  Retry setup
+                  Restart
                </Button>
-              )}
-
-              {(isTransitioning || isInstalling) && (
-                <Button size="sm" variant="outline" disabled>
-                  <Activity className="size-3.5 mr-1.5 animate-pulse" />
-                  {DAEMON_STATE_LABELS[status.state]}
+                <Button
+                  size="sm"
+                  variant="outline"
+                  onClick={handleStop}
+                  disabled={actionLoading}
+                >
+                  <Square className="size-3.5 mr-1.5" />
+                  Stop
                </Button>
-              )}
-            </div>
-          </CardAction>
-        </CardHeader>
-      </Card>
+              </>
+            )}
+            {isTransitioning && (
+              <Button size="sm" variant="outline" disabled>
+                <Activity className="size-3.5 mr-1.5 animate-pulse" />
+                {DAEMON_STATE_LABELS[status.state]}
+              </Button>
+            )}
+          </div>
+        </div>
+      </div>

-      <DaemonPanel
-        open={panelOpen}
-        onOpenChange={setPanelOpen}
-        status={status}
-        runtimeCount={runtimeCount}
-      />
-
-      <StopConfirmDialog
-        open={confirmStop}
-        onOpenChange={setConfirmStop}
-        affectedCount={affectedTasks.length}
-        onConfirm={() => {
-          setConfirmStop(false);
-          void performStop();
-        }}
-      />
+      <DaemonPanel open={panelOpen} onOpenChange={setPanelOpen} status={status} />
    </>
  );
 }
-
-// ---------- Sub-components ----------
-
-function StopConfirmDialog({
-  open,
-  onOpenChange,
-  affectedCount,
-  onConfirm,
-}: {
-  open: boolean;
-  onOpenChange: (v: boolean) => void;
-  affectedCount: number;
-  onConfirm: () => void;
-}) {
-  const plural = affectedCount === 1 ? "" : "s";
-  const verb = affectedCount === 1 ? "is" : "are";
-
-  return (
-    <Dialog open={open} onOpenChange={onOpenChange}>
-      <DialogContent className="max-w-sm" showCloseButton={false}>
-        <div className="flex items-start gap-3">
-          <div className="flex h-10 w-10 shrink-0 items-center justify-center rounded-full bg-destructive/10">
-            <AlertCircle className="h-5 w-5 text-destructive" />
-          </div>
-          <DialogHeader className="flex-1 gap-1">
-            <DialogTitle className="text-sm font-semibold">
-              Stop daemon with {affectedCount} active task{plural}?
-            </DialogTitle>
-            <DialogDescription className="text-xs leading-relaxed">
-              {affectedCount} task{plural} {verb} currently running on this
-              device. Stopping now will interrupt {affectedCount === 1 ? "it" : "them"}{" "}
-              — affected tasks get marked <strong>failed</strong> once the
-              timeout hits. The daemon won&apos;t auto-restart.
-            </DialogDescription>
-          </DialogHeader>
-        </div>
-        <DialogFooter>
-          <Button variant="ghost" onClick={() => onOpenChange(false)}>
-            Cancel
-          </Button>
-          <Button variant="destructive" onClick={onConfirm}>
-            Stop daemon
-          </Button>
-        </DialogFooter>
-      </DialogContent>
-    </Dialog>
-  );
-}
--- a/apps/desktop/src/renderer/src/components/daemon-settings-tab.tsx
+++ b/apps/desktop/src/renderer/src/components/daemon-settings-tab.tsx
@@ -1,13 +1,7 @@
-import { useState, useEffect, useCallback, type ReactNode } from "react";
+import { useState, useEffect, useCallback } from "react";
 import { Button } from "@multica/ui/components/ui/button";
 import { Switch } from "@multica/ui/components/ui/switch";
-import { cn } from "@multica/ui/lib/utils";
-import type { DaemonPrefs, DaemonStatus } from "../../../shared/daemon-types";
-import {
-  DAEMON_STATE_COLORS,
-  DAEMON_STATE_LABELS,
-  formatUptime,
-} from "../../../shared/daemon-types";
+import type { DaemonPrefs } from "../../../shared/daemon-types";

 function SettingRow({
  label,
@@ -16,7 +10,7 @@ function SettingRow({
 }: {
  label: string;
  description: string;
-  children: ReactNode;
+  children: React.ReactNode;
 }) {
  return (
    <div className="flex items-center justify-between gap-6 py-4">
@@ -29,44 +23,14 @@ function SettingRow({
  );
 }

-// One row inside the diagnostics block. Values that are likely to be
-// long IDs / URLs render as monospaced + truncated with a tooltip.
-function DiagnosticsRow({
-  label,
-  value,
-  mono,
-}: {
-  label: string;
-  value: ReactNode;
-  mono?: boolean;
-}) {
-  return (
-    <div className="grid grid-cols-[140px_minmax(0,1fr)] items-baseline gap-3 py-1.5">
-      <span className="text-xs text-muted-foreground">{label}</span>
-      <span
-        className={cn(
-          "min-w-0 truncate text-sm",
-          mono && "font-mono text-xs",
-        )}
-        title={typeof value === "string" ? value : undefined}
-      >
-        {value}
-      </span>
-    </div>
-  );
-}
-
 export function DaemonSettingsTab() {
  const [prefs, setPrefs] = useState<DaemonPrefs>({ autoStart: true, autoStop: false });
  const [cliInstalled, setCliInstalled] = useState<boolean | null>(null);
  const [saving, setSaving] = useState(false);
-  const [status, setStatus] = useState<DaemonStatus>({ state: "stopped" });

  useEffect(() => {
    window.daemonAPI.getPrefs().then(setPrefs);
    window.daemonAPI.isCliInstalled().then(setCliInstalled);
-    window.daemonAPI.getStatus().then(setStatus);
-    return window.daemonAPI.onStatusChange(setStatus);
  }, []);

  const updatePref = useCallback(
@@ -134,68 +98,6 @@ export function DaemonSettingsTab() {
          )}
        </div>
      </div>
-
-      {/* Diagnostics — moved out of the logs panel so the panel can focus
-          on logs. These fields matter for support tickets and bug reports,
-          not for everyday use. */}
-      <div className="mt-8">
-        <h3 className="text-sm font-semibold">Diagnostics</h3>
-        <p className="text-xs text-muted-foreground mt-1">
-          Identification and connection details. Useful when filing a bug
-          report or investigating why a runtime isn&apos;t showing up.
-        </p>
-        <div className="mt-3 rounded-lg border bg-muted/20 px-4 py-2">
-          <DiagnosticsRow
-            label="State"
-            value={
-              <span className="inline-flex items-center gap-1.5">
-                <span
-                  className={cn(
-                    "size-1.5 rounded-full",
-                    DAEMON_STATE_COLORS[status.state],
-                  )}
-                />
-                {DAEMON_STATE_LABELS[status.state]}
-              </span>
-            }
-          />
-          <DiagnosticsRow
-            label="Uptime"
-            value={status.uptime ? formatUptime(status.uptime) : "—"}
-          />
-          <DiagnosticsRow
-            label="PID"
-            value={status.pid ?? "—"}
-            mono={!!status.pid}
-          />
-          <DiagnosticsRow
-            label="Daemon ID"
-            value={status.daemonId ?? "—"}
-            mono={!!status.daemonId}
-          />
-          <DiagnosticsRow
-            label="Profile"
-            value={status.profile || "default"}
-          />
-          <DiagnosticsRow
-            label="Server URL"
-            value={status.serverUrl ?? "—"}
-            mono={!!status.serverUrl}
-          />
-          <DiagnosticsRow
-            label="Device name"
-            value={status.deviceName ?? "—"}
-          />
-          <DiagnosticsRow
-            label="Workspaces"
-            value={
-              typeof status.workspaceCount === "number"
-                ? status.workspaceCount
-                : "—"
-            }
-          />
-        </div>
-      </div>
    </div>
  );
 }
--- a/apps/desktop/src/renderer/src/components/desktop-layout.tsx
+++ b/apps/desktop/src/renderer/src/components/desktop-layout.tsx
@@ -12,11 +12,9 @@ import {
 import { ModalRegistry } from "@multica/views/modals/registry";
 import { AppSidebar } from "@multica/views/layout";
 import { SearchCommand, SearchTrigger } from "@multica/views/search";
-import { ChatFab, ChatWindow } from "@multica/views/chat";
 import { StarterContentPrompt } from "@multica/views/onboarding";
-import { WorkspaceSlugProvider, paths, useCurrentWorkspace } from "@multica/core/paths";
+import { WorkspaceSlugProvider } from "@multica/core/paths";
 import { getCurrentSlug, subscribeToCurrentSlug } from "@multica/core/platform";
-import { useDesktopUnreadBadge } from "@multica/views/platform";
 import { DesktopNavigationProvider } from "@/platform/navigation";
 import { TabBar } from "./tab-bar";
 import { TabContent } from "./tab-content";
@@ -98,38 +96,6 @@ function useInternalLinkHandler() {
  }, []);
 }

-/**
- * Bridge between the renderer and the Electron main process for inbox-level
- * OS integration. Mounted inside WorkspaceSlugProvider so it can resolve the
- * current workspace's id for the badge hook.
- *
- * Two responsibilities:
- *   1. Mirror the unread inbox count onto the dock/taskbar badge.
- *   2. When the user clicks an OS notification, open the notified
- *      workspace's inbox focused on that item. The route uses the `slug`
- *      that the notification was *emitted* with — not the currently active
- *      workspace — so a notification from workspace A always opens A's
- *      inbox even if the user has since switched to workspace B. Marking
- *      the row read is handled by InboxPage's selected-item effect, which
- *      covers both click-to-select and URL-param-select paths.
- */
-function DesktopInboxBridge() {
-  const workspace = useCurrentWorkspace();
-  useDesktopUnreadBadge(workspace?.id ?? null);
-
-  useEffect(() => {
-    return window.desktopAPI.onInboxOpen(({ slug, issueKey }) => {
-      if (!slug) return;
-      const inboxPath = `${paths.workspace(slug).inbox()}?issue=${encodeURIComponent(issueKey)}`;
-      window.dispatchEvent(
-        new CustomEvent("multica:navigate", { detail: { path: inboxPath } }),
-      );
-    });
-  }, []);
-
-  return null;
-}
-
 export function DesktopShell() {
  useInternalLinkHandler();
  useActiveTitleSync();
@@ -151,18 +117,15 @@ export function DesktopShell() {
          users see the window-level overlay (new-workspace flow)
          triggered by IndexRedirect, not a route. */}
      <WorkspaceSlugProvider slug={slug}>
-        <DesktopInboxBridge />
        <div className="flex h-screen">
          <SidebarProvider className="flex-1">
            {slug && <AppSidebar topSlot={<SidebarTopBar />} searchSlot={<SearchTrigger />} />}
            {/* Right side: header + content container */}
            <div className="flex flex-1 min-w-0 flex-col">
              <MainTopBar />
-              {/* Content area with inset styling — relative so ChatWindow/ChatFab are constrained here */}
+              {/* Content area with inset styling */}
              <div className="relative flex flex-1 min-h-0 flex-col overflow-hidden mr-2 mb-2 ml-0.5 rounded-xl shadow-sm bg-background">
                <TabContent />
-                {slug && <ChatWindow />}
-                {slug && <ChatFab />}
              </div>
            </div>
          </SidebarProvider>
--- a/apps/desktop/src/renderer/src/components/pageview-tracker.test.tsx
+++ b/apps/desktop/src/renderer/src/components/pageview-tracker.test.tsx
@@ -1,243 +0,0 @@
-import { describe, expect, it, vi, beforeEach } from "vitest";
-import { render } from "@testing-library/react";
-
-// vi.hoisted shared state — every store mock reads the same object so each
-// test can mutate it then re-render to drive the tracker.
-const state = vi.hoisted(() => ({
-  user: null as { id: string } | null,
-  overlay: null as { type: string; invitationId?: string } | null,
-  activeWorkspaceSlug: null as string | null,
-  byWorkspace: {} as Record<
-    string,
-    { activeTabId: string; tabs: { id: string; path: string }[] }
-  >,
-  capturePageview: vi.fn<(path?: string) => void>(),
-}));
-
-vi.mock("@multica/core/analytics", () => ({
-  capturePageview: state.capturePageview,
-}));
-
-// Auth store — single selector pattern (`s => s.user`).
-vi.mock("@multica/core/auth", () => {
-  const useAuthStore = (selector: (s: typeof state) => unknown) =>
-    selector(state);
-  return { useAuthStore };
-});
-
-// Window overlay store — same shape.
-vi.mock("@/stores/window-overlay-store", () => {
-  const useWindowOverlayStore = (selector: (s: typeof state) => unknown) =>
-    selector(state);
-  return { useWindowOverlayStore };
-});
-
-// Tab store — selectors read activeWorkspaceSlug + byWorkspace. Also expose
-// getState() for the seed pass and the helpers the tracker imports
-// (useActiveTabIdentity, getActiveTab) so we don't have to re-import them
-// from the real store inside a mocked module.
-vi.mock("@/stores/tab-store", () => {
-  const useTabStore = Object.assign(
-    (selector: (s: typeof state) => unknown) => selector(state),
-    { getState: () => state },
-  );
-  const getActiveTab = (s: typeof state) => {
-    const slug = s.activeWorkspaceSlug;
-    if (!slug) return null;
-    const group = s.byWorkspace[slug];
-    if (!group) return null;
-    return group.tabs.find((t) => t.id === group.activeTabId) ?? null;
-  };
-  const useActiveTabIdentity = () => ({
-    slug: state.activeWorkspaceSlug,
-    tabId: state.activeWorkspaceSlug
-      ? (state.byWorkspace[state.activeWorkspaceSlug]?.activeTabId ?? null)
-      : null,
-  });
-  return { useTabStore, getActiveTab, useActiveTabIdentity };
-});
-
-import { PageviewTracker } from "./pageview-tracker";
-
-function reset() {
-  state.user = { id: "u1" };
-  state.overlay = null;
-  state.activeWorkspaceSlug = null;
-  state.byWorkspace = {};
-  state.capturePageview.mockClear();
-}
-
-beforeEach(() => {
-  reset();
-});
-
-describe("PageviewTracker", () => {
-  it("suppresses pageview when switching to a previously-visible tab on its existing path", () => {
-    state.byWorkspace = {
-      acme: {
-        activeTabId: "tA",
-        tabs: [
-          { id: "tA", path: "/acme/issues" },
-          { id: "tB", path: "/acme/inbox" },
-        ],
-      },
-    };
-    state.activeWorkspaceSlug = "acme";
-
-    const { rerender } = render(<PageviewTracker />);
-    // Initial mount on tA — seeded as observed, no pageview because both
-    // tabs were already in the persisted store before the tracker mounted.
-    expect(state.capturePageview).not.toHaveBeenCalled();
-
-    // Switch to tB (already-known tab on its already-known path).
-    state.byWorkspace = {
-      acme: {
-        activeTabId: "tB",
-        tabs: [
-          { id: "tA", path: "/acme/issues" },
-          { id: "tB", path: "/acme/inbox" },
-        ],
-      },
-    };
-    rerender(<PageviewTracker />);
-    expect(state.capturePageview).not.toHaveBeenCalled();
-
-    // Switch back to tA — still no pageview.
-    state.byWorkspace = {
-      acme: {
-        activeTabId: "tA",
-        tabs: [
-          { id: "tA", path: "/acme/issues" },
-          { id: "tB", path: "/acme/inbox" },
-        ],
-      },
-    };
-    rerender(<PageviewTracker />);
-    expect(state.capturePageview).not.toHaveBeenCalled();
-  });
-
-  it("fires pageview when a new tab is opened (openInNewTab / addTab)", () => {
-    state.byWorkspace = {
-      acme: {
-        activeTabId: "tA",
-        tabs: [{ id: "tA", path: "/acme/issues" }],
-      },
-    };
-    state.activeWorkspaceSlug = "acme";
-
-    const { rerender } = render(<PageviewTracker />);
-    state.capturePageview.mockClear();
-
-    // Simulate openInNewTab("/acme/agents") → new tab tC added and activated.
-    state.byWorkspace = {
-      acme: {
-        activeTabId: "tC",
-        tabs: [
-          { id: "tA", path: "/acme/issues" },
-          { id: "tC", path: "/acme/agents" },
-        ],
-      },
-    };
-    rerender(<PageviewTracker />);
-
-    expect(state.capturePageview).toHaveBeenCalledTimes(1);
-    expect(state.capturePageview).toHaveBeenCalledWith("/acme/agents");
-  });
-
-  it("fires pageview when switchWorkspace opens a new path in another workspace", () => {
-    state.byWorkspace = {
-      acme: {
-        activeTabId: "tA",
-        tabs: [{ id: "tA", path: "/acme/issues" }],
-      },
-    };
-    state.activeWorkspaceSlug = "acme";
-
-    const { rerender } = render(<PageviewTracker />);
-    state.capturePageview.mockClear();
-
-    // Cross-workspace navigation: switchWorkspace("butter", "/butter/inbox")
-    // creates a fresh tab in the destination workspace and makes it active.
-    state.byWorkspace = {
-      acme: { activeTabId: "tA", tabs: [{ id: "tA", path: "/acme/issues" }] },
-      butter: {
-        activeTabId: "tD",
-        tabs: [{ id: "tD", path: "/butter/inbox" }],
-      },
-    };
-    state.activeWorkspaceSlug = "butter";
-    rerender(<PageviewTracker />);
-
-    expect(state.capturePageview).toHaveBeenCalledTimes(1);
-    expect(state.capturePageview).toHaveBeenCalledWith("/butter/inbox");
-  });
-
-  it("fires pageview on intra-tab navigation (path changes for the same tabId)", () => {
-    state.byWorkspace = {
-      acme: {
-        activeTabId: "tA",
-        tabs: [{ id: "tA", path: "/acme/issues" }],
-      },
-    };
-    state.activeWorkspaceSlug = "acme";
-
-    const { rerender } = render(<PageviewTracker />);
-    state.capturePageview.mockClear();
-
-    state.byWorkspace = {
-      acme: {
-        activeTabId: "tA",
-        tabs: [{ id: "tA", path: "/acme/issues/123" }],
-      },
-    };
-    rerender(<PageviewTracker />);
-
-    expect(state.capturePageview).toHaveBeenCalledTimes(1);
-    expect(state.capturePageview).toHaveBeenCalledWith("/acme/issues/123");
-  });
-
-  it("fires overlay and login pageviews and suppresses re-entry into the same tab afterward", () => {
-    state.byWorkspace = {
-      acme: {
-        activeTabId: "tA",
-        tabs: [{ id: "tA", path: "/acme/issues" }],
-      },
-    };
-    state.activeWorkspaceSlug = "acme";
-
-    const { rerender } = render(<PageviewTracker />);
-    state.capturePageview.mockClear();
-
-    // Open onboarding overlay.
-    state.overlay = { type: "onboarding" };
-    rerender(<PageviewTracker />);
-    expect(state.capturePageview).toHaveBeenLastCalledWith("/onboarding");
-
-    // Close overlay back to the tab — the tab is already observed on
-    // /acme/issues so this is a re-activation, no pageview.
-    state.capturePageview.mockClear();
-    state.overlay = null;
-    rerender(<PageviewTracker />);
-    expect(state.capturePageview).not.toHaveBeenCalled();
-
-    // Logout fires /login.
-    state.user = null;
-    rerender(<PageviewTracker />);
-    expect(state.capturePageview).toHaveBeenLastCalledWith("/login");
-  });
-
-  it("suppresses on initial mount when the active tab was restored from persistence", () => {
-    state.byWorkspace = {
-      acme: {
-        activeTabId: "tA",
-        tabs: [{ id: "tA", path: "/acme/issues" }],
-      },
-    };
-    state.activeWorkspaceSlug = "acme";
-
-    render(<PageviewTracker />);
-    // Restored tab — seeded, treated as a re-activation.
-    expect(state.capturePageview).not.toHaveBeenCalled();
-  });
-});
-
--- a/apps/desktop/src/renderer/src/components/pageview-tracker.tsx
+++ b/apps/desktop/src/renderer/src/components/pageview-tracker.tsx
@@ -1,17 +1,11 @@
-import { useEffect, useRef } from "react";
+import { useEffect } from "react";
 import { capturePageview } from "@multica/core/analytics";
 import { useAuthStore } from "@multica/core/auth";
-import {
-  getActiveTab,
-  useActiveTabIdentity,
-  useTabStore,
-} from "@/stores/tab-store";
+import { useTabStore } from "@/stores/tab-store";
 import { useWindowOverlayStore, type WindowOverlay } from "@/stores/window-overlay-store";

 /**
- * Fires a PostHog $pageview whenever the user's visible surface changes,
- * EXCEPT for re-activations of an already-known tab on its already-known
- * path.
+ * Fires a PostHog $pageview whenever the user's visible surface changes.
 *
 * Desktop has three layers that can own the visible page:
 *
@@ -23,18 +17,10 @@ import { useWindowOverlayStore, type WindowOverlay } from "@/stores/window-overl
 *   3. Otherwise → the active tab's path (workspace-scoped, e.g.
 *      `/acme/issues/123`). Kept in sync by `useTabRouterSync`.
 *
- * Tab-switch suppression: re-activating an already-open tab surfaces a
- * previously-visited path under a `(workspace, tabId)` we have already
- * seen — the pageview was emitted when the user originally navigated
- * there, so re-emitting on every switch just inflates PostHog billing
- * without adding signal (real-data audit: desktop tab switches were
- * ~50% of all `$pageview` events).
- *
- * Newly opened tabs (`openInNewTab`, `addTab`) and cross-workspace
- * `switchWorkspace(slug, path)` to a previously-unseen tab still fire,
- * because their key is not in the observed map yet. The map is seeded
- * from the persisted tab store on first render so tabs restored from a
- * previous session don't all re-emit on first activation.
+ * The overlay takes precedence over the tab path because it is visually in
+ * front of the tab system; the logged-out state shadows both because the
+ * shell doesn't render at all yet. This keeps the `$pageview` stream aligned
+ * with what the user actually sees.
 *
 * PostHog's `capture_pageview: true` auto-capture is intentionally off (see
 * `initAnalytics`) so this component owns the event shape, matching the web
@@ -43,75 +29,34 @@ import { useWindowOverlayStore, type WindowOverlay } from "@/stores/window-overl
 export function PageviewTracker() {
  const user = useAuthStore((s) => s.user);
  const overlay = useWindowOverlayStore((s) => s.overlay);
-  const { slug: activeWorkspaceSlug, tabId: activeTabId } = useActiveTabIdentity();
-  const activeTabPath = useTabStore((s) => getActiveTab(s)?.path ?? null);
+  const activeTabPath = useTabStore((s) => {
+    const slug = s.activeWorkspaceSlug;
+    if (!slug) return null;
+    const group = s.byWorkspace[slug];
+    if (!group) return null;
+    return group.tabs.find((t) => t.id === group.activeTabId)?.path ?? null;
+  });

-  // (slug:tabId) → last path observed while that tab was visible. Lets us
-  // tell "re-activating a tab on a path we already saw" (suppress) apart
-  // from "newly opened tab" or "intra-tab navigation" (fire). Seeded
-  // synchronously on first render from the persisted tab store so
-  // session-restored tabs don't re-emit on first click.
-  const observedTabsRef = useRef<Map<string, string> | null>(null);
-  if (observedTabsRef.current === null) {
-    const seed = new Map<string, string>();
-    for (const [slug, group] of Object.entries(useTabStore.getState().byWorkspace)) {
-      for (const tab of group.tabs) {
-        seed.set(`${slug}:${tab.id}`, tab.path);
-      }
-    }
-    observedTabsRef.current = seed;
-  }
-  const lastSurfaceRef = useRef<{
-    kind: "login" | "overlay" | "tab" | null;
-    key: string | null;
-    path: string | null;
-  }>({ kind: null, key: null, path: null });
+  const path = resolvePath(user, overlay, activeTabPath);

  useEffect(() => {
-    let kind: "login" | "overlay" | "tab";
-    let path: string;
-    let key: string | null = null;
-
-    if (!user) {
-      kind = "login";
-      path = "/login";
-    } else if (overlay) {
-      kind = "overlay";
-      path = overlayPath(overlay);
-    } else if (activeTabPath && activeTabId && activeWorkspaceSlug) {
-      kind = "tab";
-      key = `${activeWorkspaceSlug}:${activeTabId}`;
-      path = activeTabPath;
-    } else {
-      return;
-    }
-
-    const observed = observedTabsRef.current!;
-    const last = lastSurfaceRef.current;
-    const next = { kind, key, path };
-
-    if (kind === "tab" && key !== null) {
-      const knownPath = observed.get(key);
-      const isReactivation =
-        last.key !== key && knownPath !== undefined && knownPath === path;
-      observed.set(key, path);
-      if (isReactivation) {
-        lastSurfaceRef.current = next;
-        return;
-      }
-    }
-
-    const unchanged =
-      last.kind === kind && last.key === key && last.path === path;
-    if (unchanged) return;
-
+    if (!path) return;
    capturePageview(path);
-    lastSurfaceRef.current = next;
-  }, [user, overlay, activeWorkspaceSlug, activeTabId, activeTabPath]);
+  }, [path]);

  return null;
 }

+function resolvePath(
+  user: unknown,
+  overlay: WindowOverlay | null,
+  activeTabPath: string | null,
+): string | null {
+  if (!user) return "/login";
+  if (overlay) return overlayPath(overlay);
+  return activeTabPath;
+}
+
 function overlayPath(overlay: WindowOverlay): string {
  switch (overlay.type) {
    case "new-workspace":
@@ -120,7 +65,5 @@ function overlayPath(overlay: WindowOverlay): string {
      return "/onboarding";
    case "invite":
      return `/invite/${overlay.invitationId}`;
-    case "invitations":
-      return "/invitations";
  }
 }
--- a/apps/desktop/src/renderer/src/components/parse-daemon-log.test.ts
+++ b/apps/desktop/src/renderer/src/components/parse-daemon-log.test.ts
@@ -1,124 +0,0 @@
-import { describe, it, expect } from "vitest";
-import { parseLogLine } from "./parse-daemon-log";
-
-// All sample lines below are taken verbatim from real daemon output (Go
-// `slog` + `lmittmann/tint` v1.1.3 with NoColor=true). The parser must
-// stay aligned with what tint actually writes — not what we assume.
-
-describe("parseLogLine", () => {
-  it("parses tint's 3-letter INF level", () => {
-    const line =
-      "17:52:35.587 INF task completed component=daemon task=c45266e5 status=completed";
-    const r = parseLogLine(line, 1);
-    expect(r.timestamp).toBe("17:52:35.587");
-    expect(r.level).toBe("INFO");
-    expect(r.message).toBe("task completed");
-    expect(r.fields).toEqual({
-      component: "daemon",
-      task: "c45266e5",
-      status: "completed",
-    });
-  });
-
-  it("parses 3-letter DBG / WRN / ERR levels", () => {
-    expect(parseLogLine("17:53:06.644 DBG agent component=daemon", 1).level).toBe("DEBUG");
-    expect(parseLogLine("07:48:09.391 WRN claim task failed component=daemon", 1).level).toBe("WARN");
-    expect(parseLogLine("12:00:00.000 ERR something bad component=daemon", 1).level).toBe("ERROR");
-  });
-
-  it("still accepts 4-letter level names (defensive against config changes)", () => {
-    const r = parseLogLine("12:00:00.000 INFO regular component=daemon", 1);
-    expect(r.level).toBe("INFO");
-    expect(r.message).toBe("regular");
-  });
-
-  it("tolerates the +N / -N delta tint appends for non-standard slog levels", () => {
-    // tint emits e.g. "INF+1" when slog.Log is called with LevelInfo+1.
-    // We treat the base level as canonical and drop the delta from the UI.
-    const r = parseLogLine("12:00:00.000 INF+1 unusual delta component=daemon", 1);
-    expect(r.level).toBe("INFO");
-    expect(r.message).toBe("unusual delta");
-  });
-
-  it("preserves message text containing colons and special chars", () => {
-    // Real sample: "tool #1: Skill component=daemon task=..."
-    const r = parseLogLine(
-      "17:52:54.578 INF tool #1: Skill component=daemon task=8791b717",
-      1,
-    );
-    expect(r.message).toBe("tool #1: Skill");
-    expect(r.fields).toEqual({ component: "daemon", task: "8791b717" });
-  });
-
-  it("unquotes a double-quoted value containing escaped quotes", () => {
-    // Real sample with escaped quotes inside the agent's emitted text.
-    const line =
-      '17:53:06.644 DBG agent component=daemon task=8791b717 text="The issue is just \\"ping\\" with no description."';
-    const r = parseLogLine(line, 1);
-    expect(r.message).toBe("agent");
-    expect(r.fields.text).toBe('The issue is just "ping" with no description.');
-    expect(r.fields.task).toBe("8791b717");
-  });
-
-  it("handles a quoted value containing a URL with embedded escaped quotes and a colon", () => {
-    // Real sample: error="Post \"http://...\": dial tcp ..."
-    const line =
-      '07:48:09.391 WRN claim task failed component=daemon runtime_id=03f8ff17-276d error="Post \\"http://localhost:8080/api/daemon/runtimes/abc/tasks/claim\\": dial tcp [::1]:8080: connect: connection refused"';
-    const r = parseLogLine(line, 1);
-    expect(r.level).toBe("WARN");
-    expect(r.message).toBe("claim task failed");
-    expect(r.fields.runtime_id).toBe("03f8ff17-276d");
-    expect(r.fields.error).toBe(
-      'Post "http://localhost:8080/api/daemon/runtimes/abc/tasks/claim": dial tcp [::1]:8080: connect: connection refused',
-    );
-  });
-
-  it("handles a quoted value with internal whitespace (e.g. args array)", () => {
-    const line =
-      '17:52:48.757 INF agent command component=daemon exec=claude args="[-p --output-format stream-json --verbose]"';
-    const r = parseLogLine(line, 1);
-    expect(r.message).toBe("agent command");
-    expect(r.fields.exec).toBe("claude");
-    expect(r.fields.args).toBe("[-p --output-format stream-json --verbose]");
-  });
-
-  it("handles message words ending with characters before the field block", () => {
-    // 'execenv:' is part of the message — the colon shouldn't confuse parsing.
-    const r = parseLogLine(
-      "17:52:48.757 INF execenv: prepared env component=daemon repos_available=0",
-      1,
-    );
-    expect(r.message).toBe("execenv: prepared env");
-    expect(r.fields).toEqual({ component: "daemon", repos_available: "0" });
-  });
-
-  it("falls back to raw rendering for non-matching lines (panic stack frame)", () => {
-    const r = parseLogLine("\tat github.com/multica/foo (line 42)", 1);
-    expect(r.timestamp).toBeNull();
-    expect(r.level).toBeNull();
-    expect(r.message).toBe("\tat github.com/multica/foo (line 42)");
-    expect(r.fields).toEqual({});
-    expect(r.raw).toBe("\tat github.com/multica/foo (line 42)");
-  });
-
-  it("falls back to raw rendering for unrecognised level tokens", () => {
-    // If tint ever emits something we don't know, never crash; show raw.
-    const r = parseLogLine("12:00:00.000 TRACE something exotic", 1);
-    expect(r.timestamp).toBeNull();
-    expect(r.level).toBeNull();
-    expect(r.raw).toBe("12:00:00.000 TRACE something exotic");
-  });
-
-  it("attaches an id to every parsed line for stable React keys", () => {
-    const a = parseLogLine("17:52:35.587 INF first component=daemon", 7);
-    const b = parseLogLine("17:52:35.588 INF second component=daemon", 8);
-    expect(a.id).toBe(7);
-    expect(b.id).toBe(8);
-  });
-
-  it("returns empty fields object when there are no key=value pairs", () => {
-    const r = parseLogLine("17:52:35.587 INF a bare message with no fields", 1);
-    expect(r.message).toBe("a bare message with no fields");
-    expect(r.fields).toEqual({});
-  });
-});
--- a/apps/desktop/src/renderer/src/components/parse-daemon-log.ts
+++ b/apps/desktop/src/renderer/src/components/parse-daemon-log.ts
@@ -1,96 +0,0 @@
-// Pure parser for daemon log lines. The daemon writes via Go's slog with
-// the `tint` handler in NoColor mode (the file isn't a TTY), so each line
-// has a stable shape:
-//
-//   HH:MM:SS.mmm  LEVEL  message text  key=value key2="quoted value"
-//
-// We split it into structured pieces so the UI can render timestamp,
-// level, message and structured fields in separate columns and let users
-// filter / search across them. Anything that doesn't match (panic stack
-// traces, third-party prints, partial writes during log rotation) falls
-// back to a raw view — we never drop input.
-
-export type LogLevel = "DEBUG" | "INFO" | "WARN" | "ERROR";
-
-export interface ParsedLogLine {
-  /** Monotonic id assigned at receive time; stable across re-renders. */
-  id: number;
-  /** "HH:MM:SS.mmm" or null when the line didn't match the standard shape. */
-  timestamp: string | null;
-  level: LogLevel | null;
-  /** Human-readable message body, with structured fields stripped off. */
-  message: string;
-  /** key/value pairs trailing the message. Empty if there were none. */
-  fields: Record<string, string>;
-  /** The original line, kept for fallback rendering and copy-to-clipboard. */
-  raw: string;
-}
-
-// `tint` v1.x emits the 3-letter short form (DBG / INF / WRN / ERR) and,
-// for non-standard slog levels, appends a signed delta (e.g. "INF+1",
-// "DBG-2"). We accept both the short and 4-letter long forms (defensive
-// against future config changes) and normalize them to a canonical
-// 4-letter LogLevel. The optional `[+-]\d+` suffix is captured into the
-// regex and discarded — surfacing `INF+1` to the UI doesn't help users
-// and complicates the level filter chips.
-const HEADER_RE =
-  /^(\d{2}:\d{2}:\d{2}\.\d{3})\s+(DEBUG|DBG|INFO|INF|WARN|WRN|ERROR|ERR)(?:[+-]\d+)?\s+(.+)$/;
-
-const LEVEL_NORMALIZE: Record<string, LogLevel> = {
-  DEBUG: "DEBUG",
-  DBG: "DEBUG",
-  INFO: "INFO",
-  INF: "INFO",
-  WARN: "WARN",
-  WRN: "WARN",
-  ERROR: "ERROR",
-  ERR: "ERROR",
-};
-// Anchored to the END of the remaining string so we peel one field at a
-// time from the right. `value` is either a double-quoted string (which may
-// contain escaped chars) or any non-whitespace run.
-const TRAILING_FIELD_RE = /\s+([a-zA-Z_][a-zA-Z0-9_.]*)=("(?:[^"\\]|\\.)*"|\S+)$/;
-
-function unquote(value: string): string {
-  if (value.length >= 2 && value.startsWith('"') && value.endsWith('"')) {
-    return value.slice(1, -1).replace(/\\"/g, '"').replace(/\\\\/g, "\\");
-  }
-  return value;
-}
-
-function extractTrailingFields(rest: string): {
-  message: string;
-  fields: Record<string, string>;
-} {
-  const fields: Record<string, string> = {};
-  let work = rest;
-  while (true) {
-    const match = work.match(TRAILING_FIELD_RE);
-    if (!match || match.index === undefined) break;
-    fields[match[1]!] = unquote(match[2]!);
-    work = work.slice(0, match.index);
-  }
-  return { message: work.trim(), fields };
-}
-
-export function parseLogLine(raw: string, id: number): ParsedLogLine {
-  const match = raw.match(HEADER_RE);
-  if (!match) {
-    return { id, timestamp: null, level: null, message: raw, fields: {}, raw };
-  }
-  const [, timestamp, level, rest] = match;
-  const normalized = LEVEL_NORMALIZE[level!];
-  if (!normalized) {
-    // Unknown level token — keep raw shape so we don't mis-categorize.
-    return { id, timestamp: null, level: null, message: raw, fields: {}, raw };
-  }
-  const { message, fields } = extractTrailingFields(rest!);
-  return {
-    id,
-    timestamp: timestamp!,
-    level: normalized,
-    message,
-    fields,
-    raw,
-  };
-}
--- a/apps/desktop/src/renderer/src/components/tab-bar.tsx
+++ b/apps/desktop/src/renderer/src/components/tab-bar.tsx
@@ -5,6 +5,7 @@ import {
  Bot,
  Monitor,
  BookOpenText,
+  MessageSquare,
  Settings,
  X,
  Plus,
@@ -39,6 +40,7 @@ const TAB_ICONS: Record<string, LucideIcon> = {
  Bot,
  Monitor,
  BookOpenText,
+  MessageSquare,
  Settings,
 };

--- a/apps/desktop/src/renderer/src/components/updates-settings-tab.tsx
+++ b/apps/desktop/src/renderer/src/components/updates-settings-tab.tsx
@@ -5,13 +5,12 @@ import { Button } from "@multica/ui/components/ui/button";
 type CheckState =
  | { status: "idle" }
  | { status: "checking" }
-  | { status: "up-to-date" }
+  | { status: "up-to-date"; currentVersion: string }
  | { status: "available"; latestVersion: string }
  | { status: "error"; message: string };

 export function UpdatesSettingsTab() {
  const [state, setState] = useState<CheckState>({ status: "idle" });
-  const currentVersion = window.desktopAPI.appInfo.version;

  const handleCheck = useCallback(async () => {
    setState({ status: "checking" });
@@ -23,7 +22,7 @@ export function UpdatesSettingsTab() {
    setState(
      result.available
        ? { status: "available", latestVersion: result.latestVersion }
-        : { status: "up-to-date" },
+        : { status: "up-to-date", currentVersion: result.currentVersion },
    );
  }, []);

@@ -36,15 +35,6 @@ export function UpdatesSettingsTab() {
      </p>

      <div className="mt-6 divide-y">
-        <div className="flex items-center justify-between gap-6 py-4">
-          <div className="min-w-0">
-            <p className="text-sm font-medium">Current version</p>
-            <p className="text-sm text-muted-foreground mt-0.5 font-mono">
-              v{currentVersion}
-            </p>
-          </div>
-        </div>
-
        <div className="flex items-start justify-between gap-6 py-4">
          <div className="min-w-0">
            <p className="text-sm font-medium">Check for updates</p>
@@ -55,7 +45,7 @@ export function UpdatesSettingsTab() {
            {state.status === "up-to-date" && (
              <p className="text-sm text-muted-foreground mt-2 inline-flex items-center gap-1.5">
                <Check className="size-3.5 text-success" />
-                You&apos;re on the latest version.
+                You&apos;re on the latest version (v{state.currentVersion}).
              </p>
            )}
            {state.status === "available" && (
--- a/apps/desktop/src/renderer/src/components/window-overlay.tsx
+++ b/apps/desktop/src/renderer/src/components/window-overlay.tsx
@@ -1,7 +1,6 @@
 import { useQuery } from "@tanstack/react-query";
 import { NewWorkspacePage } from "@multica/views/workspace/new-workspace-page";
 import { InvitePage } from "@multica/views/invite";
-import { InvitationsPage } from "@multica/views/invitations";
 import { OnboardingFlow } from "@multica/views/onboarding";
 import { useNavigation } from "@multica/views/navigation";
 import { paths } from "@multica/core/paths";
@@ -59,7 +58,6 @@ function WindowOverlayInner() {
          onBack={onBack}
        />
      )}
-      {overlay.type === "invitations" && <InvitationsPage />}
      {overlay.type === "onboarding" && (
        <OnboardingFlow
          onComplete={(ws) => {
--- a/apps/desktop/src/renderer/src/components/workspace-route-layout.tsx
+++ b/apps/desktop/src/renderer/src/components/workspace-route-layout.tsx
@@ -9,7 +9,6 @@ import {
 import { setCurrentWorkspace } from "@multica/core/platform";
 import { useAuthStore } from "@multica/core/auth";
 import { useWorkspaceSeen } from "@multica/views/workspace/use-workspace-seen";
-import { WorkspacePresencePrefetch } from "@multica/views/layout";
 import { useTabStore } from "@/stores/tab-store";

 /**
@@ -83,7 +82,6 @@ export function WorkspaceRouteLayout() {

  return (
    <WorkspaceSlugProvider slug={workspaceSlug}>
-      <WorkspacePresencePrefetch />
      <Outlet />
    </WorkspaceSlugProvider>
  );
--- a/apps/desktop/src/renderer/src/pages/agent-detail-page.tsx
+++ b/apps/desktop/src/renderer/src/pages/agent-detail-page.tsx
@@ -1,18 +0,0 @@
-import { useParams } from "react-router-dom";
-import { useQuery } from "@tanstack/react-query";
-import { AgentDetailPage as SharedAgentDetailPage } from "@multica/views/agents";
-import { useWorkspaceId } from "@multica/core/hooks";
-import { agentListOptions } from "@multica/core/workspace/queries";
-import { useDocumentTitle } from "@/hooks/use-document-title";
-
-export function AgentDetailPage() {
-  const { id } = useParams<{ id: string }>();
-  const wsId = useWorkspaceId();
-  const { data: agents = [] } = useQuery(agentListOptions(wsId));
-  const agent = agents.find((a) => a.id === id) ?? null;
-
-  useDocumentTitle(agent?.name ?? "Agent");
-
-  if (!id) return null;
-  return <SharedAgentDetailPage agentId={id} />;
-}
--- a/apps/desktop/src/renderer/src/pages/issue-detail-page.tsx
+++ b/apps/desktop/src/renderer/src/pages/issue-detail-page.tsx
@@ -1,7 +1,6 @@
 import { useParams } from "react-router-dom";
 import { useQuery } from "@tanstack/react-query";
 import { IssueDetail } from "@multica/views/issues/components";
-import { ErrorBoundary } from "@multica/ui/components/common/error-boundary";
 import { useWorkspaceId } from "@multica/core/hooks";
 import { issueDetailOptions } from "@multica/core/issues/queries";
 import { useDocumentTitle } from "@/hooks/use-document-title";
@@ -14,9 +13,5 @@ export function IssueDetailPage() {
  useDocumentTitle(issue ? `${issue.identifier}: ${issue.title}` : "Issue");

  if (!id) return null;
-  return (
-    <ErrorBoundary resetKeys={[id]}>
-      <IssueDetail issueId={id} />
-    </ErrorBoundary>
-  );
+  return <IssueDetail issueId={id} />;
 }
--- a/apps/desktop/src/renderer/src/pages/login.tsx
+++ b/apps/desktop/src/renderer/src/pages/login.tsx
@@ -2,23 +2,14 @@ import { LoginPage } from "@multica/views/auth";
 import { DragStrip } from "@multica/views/platform";
 import { MulticaIcon } from "@multica/ui/components/common/multica-icon";

-function requireRuntimeAppUrl(): string {
-  const runtimeConfig = window.desktopAPI.runtimeConfig;
-  if (!runtimeConfig.ok) {
-    throw new Error(
-      "Invariant violated: DesktopLoginPage rendered before App accepted runtime config",
-    );
-  }
-  return runtimeConfig.config.appUrl;
-}
+const WEB_URL = import.meta.env.VITE_APP_URL || "http://localhost:3000";

 export function DesktopLoginPage() {
-  const webUrl = requireRuntimeAppUrl();
  const handleGoogleLogin = () => {
    // Open web login page in the default browser with platform=desktop flag.
    // The web callback will redirect back via multica:// deep link with the token.
    window.desktopAPI.openExternal(
-      `${webUrl}/login?platform=desktop`,
+      `${WEB_URL}/login?platform=desktop`,
    );
  };

--- a/apps/desktop/src/renderer/src/pages/runtime-detail-page.tsx
+++ b/apps/desktop/src/renderer/src/pages/runtime-detail-page.tsx
@@ -1,18 +0,0 @@
-import { useParams } from "react-router-dom";
-import { useQuery } from "@tanstack/react-query";
-import { RuntimeDetailPage as SharedRuntimeDetailPage } from "@multica/views/runtimes";
-import { useWorkspaceId } from "@multica/core/hooks";
-import { runtimeListOptions } from "@multica/core/runtimes/queries";
-import { useDocumentTitle } from "@/hooks/use-document-title";
-
-export function RuntimeDetailPage() {
-  const { id } = useParams<{ id: string }>();
-  const wsId = useWorkspaceId();
-  const { data: runtimes } = useQuery(runtimeListOptions(wsId));
-  const runtime = runtimes?.find((r) => r.id === id);
-
-  useDocumentTitle(runtime?.name ?? "Runtime");
-
-  if (!id) return null;
-  return <SharedRuntimeDetailPage runtimeId={id} />;
-}
--- a/apps/desktop/src/renderer/src/platform/daemon-ipc-bridge.ts
+++ b/apps/desktop/src/renderer/src/platform/daemon-ipc-bridge.ts
@@ -1,76 +0,0 @@
-"use client";
-
-import { useEffect } from "react";
-import { useQueryClient } from "@tanstack/react-query";
-import { runtimeKeys } from "@multica/core/runtimes";
-import type { AgentRuntime } from "@multica/core/types";
-
-/**
- * DesktopAPI exposes a richer DaemonStatus shape than the public AgentRuntime
- * type — we redeclare the fields we consume here to avoid coupling the bridge
- * to the desktop preload typings (which live in apps/desktop/src/preload).
- */
-interface DaemonStatusLike {
-  state: "running" | "stopped" | "starting" | "stopping" | "installing_cli" | "cli_not_found";
-  daemonId?: string;
-}
-
-/**
- * Merges a local DaemonStatus into an AgentRuntime row. Only the `status`
- * field is overridden; other fields (name, provider, last_seen_at, etc)
- * remain server-authoritative. We deliberately ignore intermediate states
- * (starting / stopping / installing_cli / cli_not_found) so the cache
- * doesn't flap during boot — if the daemon is in such a state, the runtime
- * is effectively offline anyway, and the server-side sweeper will mark it
- * within 75s.
- */
-function mergeDaemonStatus(rt: AgentRuntime, status: DaemonStatusLike): AgentRuntime {
-  if (status.state === "stopped" || status.state === "stopping") {
-    return { ...rt, status: "offline" };
-  }
-  if (status.state === "running") {
-    return {
-      ...rt,
-      status: "online",
-      last_seen_at: new Date().toISOString(),
-    };
-  }
-  return rt;
-}
-
-/**
- * Subscribes to local daemon status changes via Electron IPC and writes them
- * into the runtimes Query cache for the active workspace.
- *
- * Why: the server-side runtime sweeper takes up to 75s to flip a runtime to
- * offline (heartbeat timeout 45s + sweep interval 30s). On the desktop app
- * we know about local daemon state instantly via IPC, so we use it to
- * pre-populate the cache and give users a sub-second feedback loop. Web and
- * "looking at someone else's daemon" still go through the server path.
- *
- * Same-daemon-multiple-runtimes: a single daemon can back several runtimes
- * in the same workspace (one per provider). We map across all matches so
- * every related runtime row sees the same status flip.
- */
-export function useDaemonIPCBridge(wsId: string | undefined): void {
-  const qc = useQueryClient();
-
-  useEffect(() => {
-    if (!wsId) return;
-    if (typeof window === "undefined") return;
-    const daemonAPI = (window as unknown as { daemonAPI?: { onStatusChange?: (cb: (s: DaemonStatusLike) => void) => () => void } }).daemonAPI;
-    if (!daemonAPI?.onStatusChange) return;
-
-    const unsubscribe = daemonAPI.onStatusChange((status) => {
-      if (!status.daemonId) return;
-      qc.setQueryData<AgentRuntime[]>(runtimeKeys.list(wsId), (old) => {
-        if (!old) return old;
-        return old.map((rt) =>
-          rt.daemon_id === status.daemonId ? mergeDaemonStatus(rt, status) : rt,
-        );
-      });
-    });
-
-    return unsubscribe;
-  }, [wsId, qc]);
-}
--- a/apps/desktop/src/renderer/src/platform/i18n-adapter.ts
+++ b/apps/desktop/src/renderer/src/platform/i18n-adapter.ts
@@ -1,31 +0,0 @@
-import type { LocaleAdapter, SupportedLocale } from "@multica/core/i18n";
-
-const STORAGE_KEY = "multica-locale";
-
-// Desktop adapter:
-//   - User choice: localStorage (set by Settings switcher).
-//   - System preference: locale main injected via additionalArguments
-//     (read from preload, exposed on window.desktopAPI.systemLocale).
-//   - Persist: localStorage. The Settings switcher additionally PATCHes
-//     /api/me when logged in so user.language follows the user across devices.
-export function createDesktopLocaleAdapter(systemLocale: string): LocaleAdapter {
-  return {
-    getUserChoice() {
-      try {
-        return window.localStorage.getItem(STORAGE_KEY);
-      } catch {
-        return null;
-      }
-    },
-    getSystemPreferences() {
-      return systemLocale ? [systemLocale] : [];
-    },
-    persist(locale: SupportedLocale) {
-      try {
-        window.localStorage.setItem(STORAGE_KEY, locale);
-      } catch {
-        // Best-effort
-      }
-    },
-  };
-}
--- a/apps/desktop/src/renderer/src/platform/navigation.tsx
+++ b/apps/desktop/src/renderer/src/platform/navigation.tsx
@@ -15,15 +15,11 @@ import {
 } from "@/stores/tab-store";
 import { useWindowOverlayStore } from "@/stores/window-overlay-store";

-function requireRuntimeAppUrl(scope: string): string {
-  const runtimeConfig = window.desktopAPI.runtimeConfig;
-  if (!runtimeConfig.ok) {
-    throw new Error(
-      `Invariant violated: ${scope} rendered before App accepted runtime config`,
-    );
-  }
-  return runtimeConfig.config.appUrl;
-}
+// Public web app URL — injected at build time via .env.production. In dev
+// (no VITE_APP_URL set) falls back to the local web dev server so "Copy
+// link" in a dev build yields a URL that points at the running dev
+// frontend, not the prod host. Matches the fallback used in pages/login.tsx.
+const APP_URL = import.meta.env.VITE_APP_URL || "http://localhost:3000";

 /**
 * Extract the leading workspace slug from a path, or null if the path isn't
@@ -65,13 +61,6 @@ function tryRouteToOverlay(path: string, router?: DataRouter): boolean {
    }
    return true;
  }
-  if (path === "/invitations") {
-    overlay.open({ type: "invitations" });
-    if (router && router.state.location.pathname !== "/") {
-      router.navigate("/", { replace: true });
-    }
-    return true;
-  }
  if (path.startsWith("/invite/")) {
    let id = "";
    try {
@@ -120,17 +109,16 @@ export function DesktopNavigationProvider({
 }: {
  children: React.ReactNode;
 }) {
-  const appUrl = requireRuntimeAppUrl("DesktopNavigationProvider");
  // Primitive-only subscriptions so this component doesn't re-render on
  // unrelated store updates (e.g. an inactive tab's router tick). We
  // resolve the active router here only to subscribe once per tab switch.
  const { tabId: activeTabId } = useActiveTabIdentity();
  const router = useActiveTabRouter();
  // Mirror the active tab router's full location (pathname + search) so
-  // shell-level consumers of useNavigation() — ChatWindow in particular —
-  // can read URL search params. Must stay in sync with TabNavigationProvider
-  // below; a partial shape here (just pathname) silently broke focus-mode
-  // anchor resolution on `/inbox?issue=…`.
+  // shell-level consumers of useNavigation() can read URL search params.
+  // Must stay in sync with TabNavigationProvider below; a partial shape
+  // here (just pathname) silently broke focus-mode anchor resolution on
+  // `/inbox?issue=…`.
  const [location, setLocation] = useState<{ pathname: string; search: string }>(
    () => ({
      pathname: router?.state.location.pathname ?? "/",
@@ -191,9 +179,9 @@ export function DesktopNavigationProvider({
        const tabId = store.openTab(path, title ?? path, icon);
        if (tabId) store.setActiveTab(tabId);
      },
-      getShareableUrl: (path: string) => `${appUrl}${path}`,
+      getShareableUrl: (path: string) => `${APP_URL}${path}`,
    }),
-    [appUrl, location],
+    [location],
  );

  return <NavigationProvider value={adapter}>{children}</NavigationProvider>;
@@ -216,7 +204,6 @@ export function TabNavigationProvider({
  router: DataRouter;
  children: React.ReactNode;
 }) {
-  const appUrl = requireRuntimeAppUrl("TabNavigationProvider");
  const [location, setLocation] = useState(router.state.location);

  useEffect(() => {
@@ -252,9 +239,9 @@ export function TabNavigationProvider({
        const tabId = store.openTab(path, title ?? path, icon);
        if (tabId) store.setActiveTab(tabId);
      },
-      getShareableUrl: (path: string) => `${appUrl}${path}`,
+      getShareableUrl: (path: string) => `${APP_URL}${path}`,
    }),
-    [appUrl, router, location],
+    [router, location],
  );

  return <NavigationProvider value={adapter}>{children}</NavigationProvider>;
--- a/apps/desktop/src/renderer/src/routes.tsx
+++ b/apps/desktop/src/renderer/src/routes.tsx
@@ -10,8 +10,6 @@ import { IssueDetailPage } from "./pages/issue-detail-page";
 import { ProjectDetailPage } from "./pages/project-detail-page";
 import { AutopilotDetailPage } from "./pages/autopilot-detail-page";
 import { SkillDetailPage } from "./pages/skill-detail-page";
-import { AgentDetailPage } from "./pages/agent-detail-page";
-import { RuntimeDetailPage } from "./pages/runtime-detail-page";
 import { IssuesPage } from "@multica/views/issues/components";
 import { ProjectsPage } from "@multica/views/projects/components";
 import { AutopilotsPage } from "@multica/views/autopilots/components";
@@ -20,8 +18,8 @@ import { SkillsPage } from "@multica/views/skills";
 import { DesktopRuntimesPage } from "./components/desktop-runtimes-page";
 import { AgentsPage } from "@multica/views/agents";
 import { InboxPage } from "@multica/views/inbox";
+import { ChatPage } from "@multica/views/chat";
 import { SettingsPage } from "@multica/views/settings";
-import { ErrorBoundary } from "@multica/ui/components/common/error-boundary";
 import { Download, Server } from "lucide-react";
 import { DaemonSettingsTab } from "./components/daemon-settings-tab";
 import { UpdatesSettingsTab } from "./components/updates-settings-tab";
@@ -84,15 +82,7 @@ export const appRoutes: RouteObject[] = [
        element: <WorkspaceRouteLayout />,
        children: [
          { index: true, element: <Navigate to="issues" replace /> },
-          {
-            path: "issues",
-            element: (
-              <ErrorBoundary>
-                <IssuesPage />
-              </ErrorBoundary>
-            ),
-            handle: { title: "Issues" },
-          },
+          { path: "issues", element: <IssuesPage />, handle: { title: "Issues" } },
          {
            path: "issues/:id",
            element: <IssueDetailPage />,
@@ -128,11 +118,6 @@ export const appRoutes: RouteObject[] = [
            element: <DesktopRuntimesPage />,
            handle: { title: "Runtimes" },
          },
-          {
-            path: "runtimes/:id",
-            element: <RuntimeDetailPage />,
-            handle: { title: "Runtime" },
-          },
          { path: "skills", element: <SkillsPage />, handle: { title: "Skills" } },
          {
            path: "skills/:id",
@@ -140,12 +125,8 @@ export const appRoutes: RouteObject[] = [
            handle: { title: "Skill" },
          },
          { path: "agents", element: <AgentsPage />, handle: { title: "Agents" } },
-          {
-            path: "agents/:id",
-            element: <AgentDetailPage />,
-            handle: { title: "Agent" },
-          },
          { path: "inbox", element: <InboxPage />, handle: { title: "Inbox" } },
+          { path: "chat", element: <ChatPage />, handle: { title: "Chat" } },
          {
            path: "settings",
            element: (
--- a/apps/desktop/src/renderer/src/stores/tab-store.ts
+++ b/apps/desktop/src/renderer/src/stores/tab-store.ts
@@ -101,6 +101,7 @@ interface TabStore {

 const ROUTE_ICONS: Record<string, string> = {
  inbox: "Inbox",
+  chat: "MessageSquare",
  "my-issues": "CircleUser",
  issues: "ListTodo",
  projects: "FolderKanban",
--- a/apps/desktop/src/renderer/src/stores/window-overlay-store.ts
+++ b/apps/desktop/src/renderer/src/stores/window-overlay-store.ts
@@ -15,7 +15,6 @@ import { create } from "zustand";
 export type WindowOverlay =
  | { type: "new-workspace" }
  | { type: "invite"; invitationId: string }
-  | { type: "invitations" }
  | { type: "onboarding" };

 interface WindowOverlayStore {
--- a/apps/desktop/src/shared/daemon-types.ts
+++ b/apps/desktop/src/shared/daemon-types.ts
@@ -51,35 +51,3 @@ export function formatUptime(uptime?: string): string {
  const m = match[2] ? `${match[2]}m` : "";
  return `${h}${m}`.trim() || uptime;
 }
-
-/**
- * User-facing description for the local daemon's current state. Replaces the
- * raw state label ("Running" / "Stopped") with a sentence that answers
- * "what does this mean for me?" — i.e. whether tasks can run on this device.
- *
- * `runtimeCount` is the number of runtimes the local daemon has registered
- * (claude / codex / gemini / ... — one per detected CLI). It's only consulted
- * when state === "running".
- */
-export function daemonStateDescription(state: DaemonState, runtimeCount: number): string {
-  switch (state) {
-    case "running":
-      if (runtimeCount === 0) {
-        return "Running, but no runtimes have registered yet.";
-      }
-      if (runtimeCount === 1) {
-        return "Running here · 1 runtime available for tasks.";
-      }
-      return `Running here · ${runtimeCount} runtimes available for tasks.`;
-    case "stopped":
-      return "Not running · this device can't take new tasks.";
-    case "starting":
-      return "Starting up the local daemon…";
-    case "stopping":
-      return "Shutting down the local daemon…";
-    case "installing_cli":
-      return "Setting up the runtime for the first time. Only happens once.";
-    case "cli_not_found":
-      return "Setup failed · couldn't download the runtime. Check your network.";
-  }
-}
--- a/apps/desktop/src/shared/runtime-config.test.ts
+++ b/apps/desktop/src/shared/runtime-config.test.ts
@@ -1,151 +0,0 @@
-import { describe, expect, it } from "vitest";
-import {
-  DEFAULT_RUNTIME_CONFIG,
-  deriveWsUrl,
-  parseRuntimeConfig,
-  runtimeConfigFromDevEnv,
-} from "./runtime-config";
-
-describe("runtime config", () => {
-  it("uses cloud defaults without a desktop.json file", () => {
-    expect(DEFAULT_RUNTIME_CONFIG).toEqual({
-      schemaVersion: 1,
-      apiUrl: "https://api.multica.ai",
-      wsUrl: "wss://api.multica.ai/ws",
-      appUrl: "https://multica.ai",
-    });
-  });
-
-  it("derives https/wss compatible URLs from apiUrl", () => {
-    expect(
-      parseRuntimeConfig(
-        JSON.stringify({
-          schemaVersion: 1,
-          apiUrl: "https://congvc-x99.taila6fa8a.ts.net:18443",
-        }),
-      ),
-    ).toEqual({
-      schemaVersion: 1,
-      apiUrl: "https://congvc-x99.taila6fa8a.ts.net:18443",
-      wsUrl: "wss://congvc-x99.taila6fa8a.ts.net:18443/ws",
-      appUrl: "https://congvc-x99.taila6fa8a.ts.net:18443",
-    });
-  });
-
-  it("strips the leading api. label when deriving appUrl", () => {
-    expect(
-      parseRuntimeConfig(
-        JSON.stringify({ schemaVersion: 1, apiUrl: "https://api.multica.ai" }),
-      ),
-    ).toEqual({
-      schemaVersion: 1,
-      apiUrl: "https://api.multica.ai",
-      wsUrl: "wss://api.multica.ai/ws",
-      appUrl: "https://multica.ai",
-    });
-  });
-
-  it("derives ws for http api URLs", () => {
-    expect(deriveWsUrl("http://localhost:8080")).toBe("ws://localhost:8080/ws");
-  });
-
-  it("accepts explicit appUrl and wsUrl", () => {
-    expect(
-      parseRuntimeConfig(
-        JSON.stringify({
-          schemaVersion: 1,
-          apiUrl: "https://api.example.com/",
-          wsUrl: "wss://ws.example.com/socket/",
-          appUrl: "https://app.example.com/",
-        }),
-      ),
-    ).toEqual({
-      schemaVersion: 1,
-      apiUrl: "https://api.example.com",
-      wsUrl: "wss://ws.example.com/socket",
-      appUrl: "https://app.example.com",
-    });
-  });
-
-  it("rejects invalid JSON", () => {
-    expect(() => parseRuntimeConfig("{")).toThrow(/Invalid desktop runtime config JSON/);
-  });
-
-  it("rejects unsupported schema versions", () => {
-    expect(() =>
-      parseRuntimeConfig(JSON.stringify({ schemaVersion: 2, apiUrl: "https://api.example.com" })),
-    ).toThrow(/schemaVersion/);
-  });
-
-  it("rejects non-http api schemes", () => {
-    expect(() =>
-      parseRuntimeConfig(JSON.stringify({ schemaVersion: 1, apiUrl: "file:///tmp/multica" })),
-    ).toThrow(/apiUrl must use http or https/);
-  });
-
-  it("rejects non-ws websocket schemes", () => {
-    expect(() =>
-      parseRuntimeConfig(
-        JSON.stringify({
-          schemaVersion: 1,
-          apiUrl: "https://api.example.com",
-          wsUrl: "https://api.example.com/ws",
-        }),
-      ),
-    ).toThrow(/wsUrl must use ws or wss/);
-  });
-
-  it("preserves electron-vite dev env precedence", () => {
-    expect(
-      runtimeConfigFromDevEnv({
-        apiUrl: "http://dev-api.example.test:8080/",
-        wsUrl: "ws://dev-api.example.test:8080/ws/",
-        appUrl: "http://dev-app.example.test:3000/",
-      }),
-    ).toEqual({
-      schemaVersion: 1,
-      apiUrl: "http://dev-api.example.test:8080",
-      wsUrl: "ws://dev-api.example.test:8080/ws",
-      appUrl: "http://dev-app.example.test:3000",
-    });
-  });
-
-  it("falls back to local web URL when dev apiUrl is localhost", () => {
-    expect(runtimeConfigFromDevEnv({ apiUrl: "http://localhost:8080" })).toEqual({
-      schemaVersion: 1,
-      apiUrl: "http://localhost:8080",
-      wsUrl: "ws://localhost:8080/ws",
-      appUrl: "http://localhost:3000",
-    });
-  });
-
-  it("derives dev appUrl by stripping the leading api. label", () => {
-    // When the dev renderer is pointed at a remote backend (e.g. a test
-    // environment), copy-link / share URLs must reflect that environment's
-    // public web host, not the api host. Multica's convention exposes the
-    // api at `api.<web-host>`, so stripping the leading label gives the
-    // right web origin without a separate VITE_APP_URL.
-    expect(
-      runtimeConfigFromDevEnv({ apiUrl: "https://api.test.multica.ai" }),
-    ).toEqual({
-      schemaVersion: 1,
-      apiUrl: "https://api.test.multica.ai",
-      wsUrl: "wss://api.test.multica.ai/ws",
-      appUrl: "https://test.multica.ai",
-    });
-  });
-
-  it("dev VITE_APP_URL still wins over apiUrl-derived value", () => {
-    expect(
-      runtimeConfigFromDevEnv({
-        apiUrl: "https://api.test.multica.ai",
-        appUrl: "https://staging.multica.ai",
-      }),
-    ).toEqual({
-      schemaVersion: 1,
-      apiUrl: "https://api.test.multica.ai",
-      wsUrl: "wss://api.test.multica.ai/ws",
-      appUrl: "https://staging.multica.ai",
-    });
-  });
-});
--- a/apps/desktop/src/shared/runtime-config.ts
+++ b/apps/desktop/src/shared/runtime-config.ts
@@ -1,179 +0,0 @@
-export interface RuntimeConfig {
-  schemaVersion: 1;
-  apiUrl: string;
-  wsUrl: string;
-  appUrl: string;
-}
-
-export interface RuntimeConfigError {
-  message: string;
-}
-
-export type RuntimeConfigResult =
-  | { ok: true; config: RuntimeConfig }
-  | { ok: false; error: RuntimeConfigError };
-
-export const DEFAULT_RUNTIME_CONFIG: RuntimeConfig = Object.freeze({
-  schemaVersion: 1,
-  apiUrl: "https://api.multica.ai",
-  wsUrl: "wss://api.multica.ai/ws",
-  appUrl: "https://multica.ai",
-});
-
-const LOCAL_DEV_RUNTIME_CONFIG: RuntimeConfig = Object.freeze({
-  schemaVersion: 1,
-  apiUrl: "http://localhost:8080",
-  wsUrl: "ws://localhost:8080/ws",
-  appUrl: "http://localhost:3000",
-});
-
-export interface RuntimeConfigEnv {
-  apiUrl?: string;
-  wsUrl?: string;
-  appUrl?: string;
-}
-
-export function runtimeConfigFromDevEnv(env: RuntimeConfigEnv): RuntimeConfig {
-  const apiUrl = normalizeHttpUrl(
-    env.apiUrl || LOCAL_DEV_RUNTIME_CONFIG.apiUrl,
-    "VITE_API_URL",
-  );
-  return {
-    schemaVersion: 1,
-    apiUrl,
-    wsUrl: env.wsUrl
-      ? normalizeWsUrl(env.wsUrl, "VITE_WS_URL")
-      : deriveWsUrl(apiUrl),
-    appUrl: env.appUrl
-      ? normalizeHttpUrl(env.appUrl, "VITE_APP_URL")
-      : deriveDevAppUrl(apiUrl),
-  };
-}
-
-export function parseRuntimeConfig(raw: string): RuntimeConfig {
-  let parsed: unknown;
-  try {
-    parsed = JSON.parse(raw);
-  } catch (err) {
-    throw new Error(
-      `Invalid desktop runtime config JSON: ${err instanceof Error ? err.message : "parse failed"}`,
-    );
-  }
-
-  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
-    throw new Error("Invalid desktop runtime config: expected a JSON object");
-  }
-
-  const obj = parsed as Record<string, unknown>;
-  if (obj.schemaVersion !== 1) {
-    throw new Error("Unsupported desktop runtime config schemaVersion: expected 1");
-  }
-
-  const apiUrl = requiredString(obj.apiUrl, "apiUrl");
-  const appUrl = optionalString(obj.appUrl, "appUrl");
-  const wsUrl = optionalString(obj.wsUrl, "wsUrl");
-
-  const normalizedApiUrl = normalizeHttpUrl(apiUrl, "apiUrl");
-  return {
-    schemaVersion: 1,
-    apiUrl: normalizedApiUrl,
-    wsUrl: wsUrl ? normalizeWsUrl(wsUrl, "wsUrl") : deriveWsUrl(normalizedApiUrl),
-    appUrl: appUrl ? normalizeHttpUrl(appUrl, "appUrl") : deriveAppUrl(normalizedApiUrl),
-  };
-}
-
-export function deriveWsUrl(apiUrl: string): string {
-  const url = new URL(apiUrl);
-  if (url.protocol === "https:") url.protocol = "wss:";
-  else if (url.protocol === "http:") url.protocol = "ws:";
-  else throw new Error("apiUrl must use http or https");
-  url.pathname = joinPath(url.pathname, "/ws");
-  url.search = "";
-  url.hash = "";
-  return trimTrailingSlash(url.toString());
-}
-
-// Convention: api hosts are exposed at `api.<web-host>` (api.multica.ai →
-// multica.ai, api.test.multica.ai → test.multica.ai). Strip the leading
-// `api.` label so a single `apiUrl` configuration produces the right
-// shareable web URL. Hosts that don't match the convention (no leading
-// `api.` label, or short two-label hosts like `api.local`) fall through
-// untouched — those deployments must set `appUrl` explicitly.
-export function deriveAppUrl(apiUrl: string): string {
-  const url = new URL(apiUrl);
-  url.pathname = "";
-  url.search = "";
-  url.hash = "";
-  if (url.hostname.startsWith("api.") && url.hostname.split(".").length >= 3) {
-    url.hostname = url.hostname.slice("api.".length);
-  }
-  return trimTrailingSlash(url.toString());
-}
-
-// Dev variant: when the api host is the local backend (`localhost:8080` /
-// `127.0.0.1:8080`), the renderer is served from a different port (3000),
-// so deriving by host alone is wrong. Fall back to the local dev web URL
-// in that case; for any non-local host (e.g. a remote test environment),
-// trust the production-style derivation so `apiUrl=https://api.test.x`
-// yields `appUrl=https://test.x` without a separate VITE_APP_URL.
-export function deriveDevAppUrl(apiUrl: string): string {
-  const url = new URL(apiUrl);
-  if (url.hostname === "localhost" || url.hostname === "127.0.0.1") {
-    return LOCAL_DEV_RUNTIME_CONFIG.appUrl;
-  }
-  return deriveAppUrl(apiUrl);
-}
-
-function requiredString(value: unknown, field: string): string {
-  if (typeof value !== "string" || value.trim().length === 0) {
-    throw new Error(`Invalid desktop runtime config: ${field} must be a non-empty string`);
-  }
-  return value;
-}
-
-function optionalString(value: unknown, field: string): string | undefined {
-  if (value === undefined) return undefined;
-  if (typeof value !== "string" || value.trim().length === 0) {
-    throw new Error(`Invalid desktop runtime config: ${field} must be a non-empty string when set`);
-  }
-  return value;
-}
-
-function normalizeHttpUrl(value: string, field: string): string {
-  let url: URL;
-  try {
-    url = new URL(value.trim());
-  } catch {
-    throw new Error(`Invalid desktop runtime config: ${field} must be a valid URL`);
-  }
-  if (url.protocol !== "http:" && url.protocol !== "https:") {
-    throw new Error(`Invalid desktop runtime config: ${field} must use http or https`);
-  }
-  url.search = "";
-  url.hash = "";
-  return trimTrailingSlash(url.toString());
-}
-
-function normalizeWsUrl(value: string, field: string): string {
-  let url: URL;
-  try {
-    url = new URL(value.trim());
-  } catch {
-    throw new Error(`Invalid desktop runtime config: ${field} must be a valid URL`);
-  }
-  if (url.protocol !== "ws:" && url.protocol !== "wss:") {
-    throw new Error(`Invalid desktop runtime config: ${field} must use ws or wss`);
-  }
-  url.search = "";
-  url.hash = "";
-  return trimTrailingSlash(url.toString());
-}
-
-function joinPath(base: string, suffix: string): string {
-  const normalizedBase = base.endsWith("/") ? base.slice(0, -1) : base;
-  return `${normalizedBase}${suffix}`;
-}
-
-function trimTrailingSlash(value: string): string {
-  return value.replace(/\/+$/, "");
-}
--- a/apps/desktop/test/setup.ts
+++ b/apps/desktop/test/setup.ts
@@ -1,38 +1 @@
 import "@testing-library/jest-dom/vitest";
-
-function createMemoryStorage(): Storage {
-  const values = new Map<string, string>();
-
-  return {
-    get length() {
-      return values.size;
-    },
-    clear: () => values.clear(),
-    getItem: (key: string) => values.get(key) ?? null,
-    key: (index: number) => Array.from(values.keys())[index] ?? null,
-    removeItem: (key: string) => {
-      values.delete(key);
-    },
-    setItem: (key: string, value: string) => {
-      values.set(key, value);
-    },
-  };
-}
-
-const localStorageIsUsable =
-  typeof globalThis.localStorage?.getItem === "function" &&
-  typeof globalThis.localStorage?.setItem === "function" &&
-  typeof globalThis.localStorage?.removeItem === "function" &&
-  typeof globalThis.localStorage?.clear === "function";
-
-if (!localStorageIsUsable) {
-  const storage = createMemoryStorage();
-  Object.defineProperty(globalThis, "localStorage", {
-    configurable: true,
-    value: storage,
-  });
-  Object.defineProperty(window, "localStorage", {
-    configurable: true,
-    value: storage,
-  });
-}
--- a/apps/desktop/vitest.config.ts
+++ b/apps/desktop/vitest.config.ts
@@ -1,14 +1,8 @@
-import { resolve } from "path";
 import { defineConfig } from "vitest/config";
 import react from "@vitejs/plugin-react";

 export default defineConfig({
  plugins: [react()],
-  resolve: {
-    alias: {
-      "@": resolve(__dirname, "src/renderer/src"),
-    },
-  },
  test: {
    globals: true,
    include: ["src/**/*.test.{ts,tsx}", "scripts/**/*.test.mjs"],
--- a/apps/docs/app/[lang]/[...slug]/page.tsx
+++ b/apps/docs/app/[lang]/[...slug]/page.tsx
@@ -9,14 +9,6 @@ import { notFound } from "next/navigation";
 import defaultMdxComponents from "fumadocs-ui/mdx";
 import type { Metadata } from "next";
 import { docsAlternates } from "@/lib/site";
-import { i18n, type Lang } from "@/lib/i18n";
-import { DocsLocaleProvider, LocaleLink } from "@/components/locale-link";
-
-function asLang(lang: string): Lang {
-  return (i18n.languages as readonly string[]).includes(lang)
-    ? (lang as Lang)
-    : (i18n.defaultLanguage as Lang);
-}

 export default async function Page(props: {
  params: Promise<{ lang: string; slug: string[] }>;
@@ -26,16 +18,13 @@ export default async function Page(props: {
  if (!page) notFound();

  const MDX = page.data.body;
-  const lang = asLang(params.lang);

  return (
    <DocsPage toc={page.data.toc}>
      <DocsTitle>{page.data.title}</DocsTitle>
      <DocsDescription>{page.data.description}</DocsDescription>
      <DocsBody>
-        <DocsLocaleProvider lang={lang}>
-          <MDX components={{ ...defaultMdxComponents, a: LocaleLink }} />
-        </DocsLocaleProvider>
+        <MDX components={{ ...defaultMdxComponents }} />
      </DocsBody>
    </DocsPage>
  );
--- a/apps/docs/app/[lang]/page.tsx
+++ b/apps/docs/app/[lang]/page.tsx
@@ -8,7 +8,6 @@ import { Byline, NumberedCards, NumberedCard, NumberedSteps, Step } from "@/comp
 import { i18n, type Lang } from "@/lib/i18n";
 import { homeCopy } from "@/lib/translations";
 import { docsAlternates } from "@/lib/site";
-import { DocsLocaleProvider, LocaleLink } from "@/components/locale-link";

 function asLang(lang: string): Lang {
  return (i18n.languages as readonly string[]).includes(lang)
@@ -53,18 +52,15 @@ export default async function Page({
      />
      <Byline items={[...copy.byline]} />
      <DocsBody>
-        <DocsLocaleProvider lang={lang}>
-          <MDX
-            components={{
-              ...defaultMdxComponents,
-              a: LocaleLink,
-              NumberedCards,
-              NumberedCard,
-              NumberedSteps,
-              Step,
-            }}
-          />
-        </DocsLocaleProvider>
+        <MDX
+          components={{
+            ...defaultMdxComponents,
+            NumberedCards,
+            NumberedCard,
+            NumberedSteps,
+            Step,
+          }}
+        />
      </DocsBody>
    </DocsPage>
  );
--- a/apps/docs/components/editorial.tsx
+++ b/apps/docs/components/editorial.tsx
@@ -1,9 +1,5 @@
-"use client";
-
 import Link from "next/link";
 import type { ReactNode } from "react";
-import { useDocsLocale } from "@/components/locale-link";
-import { prefixLocale } from "@/lib/locale-link";

 /**
 * Byline — editorial metadata strip with ruled top + bottom borders.
@@ -59,10 +55,9 @@ export function NumberedCard({
  tag?: string;
  children: ReactNode;
 }) {
-  const lang = useDocsLocale();
  return (
    <Link
-      href={prefixLocale(href, lang)}
+      href={href}
      className="group flex flex-col gap-2.5 border-r border-border px-0 py-5 pr-4 no-underline last:border-r-0 md:px-4 md:first:pl-0 md:last:pr-0"
    >
      <div className="font-mono text-[0.6875rem] uppercase tracking-[0.08em] text-muted-foreground">
--- a/apps/docs/components/locale-link.tsx
+++ b/apps/docs/components/locale-link.tsx
@@ -1,48 +0,0 @@
-"use client";
-
-import Link from "next/link";
-import {
-  createContext,
-  useContext,
-  type AnchorHTMLAttributes,
-  type ReactNode,
-} from "react";
-import { i18n, type Lang } from "@/lib/i18n";
-import { prefixLocale } from "@/lib/locale-link";
-
-const DocsLocaleContext = createContext<Lang>(i18n.defaultLanguage as Lang);
-
-// Wraps the rendered MDX subtree so descendant <LocaleLink>s and any
-// editorial component using `useDocsLocale()` know which language the page
-// was rendered in. Mounted at each docs page entry; never elsewhere.
-export function DocsLocaleProvider({
-  lang,
-  children,
-}: {
-  lang: Lang;
-  children: ReactNode;
-}) {
-  return (
-    <DocsLocaleContext.Provider value={lang}>
-      {children}
-    </DocsLocaleContext.Provider>
-  );
-}
-
-export function useDocsLocale(): Lang {
-  return useContext(DocsLocaleContext);
-}
-
-// Drop-in replacement for the MDX-rendered `<a>` element. Keeps the same
-// surface shape as the default `a` from `defaultMdxComponents` but routes
-// internal links through the locale prefixer + next/link so client-side
-// navigation stays inside the active locale.
-export function LocaleLink({
-  href,
-  ...rest
-}: AnchorHTMLAttributes<HTMLAnchorElement> & { href?: string }) {
-  const lang = useDocsLocale();
-  if (!href) return <a {...rest} />;
-  const final = prefixLocale(href, lang);
-  return <Link href={final} {...rest} />;
-}
--- a/apps/docs/content/docs/agents-create.mdx
+++ b/apps/docs/content/docs/agents-create.mdx
@@ -21,7 +21,7 @@ The form has only two required fields: **name** (unique within the workspace) an

 ## Pick an AI coding tool

-Each runtime is backed by a specific AI coding tool. Multica supports 11 of them. The most common choices:
+Each runtime is backed by a specific AI coding tool. Multica supports 10 of them. The most common choices:

 | Tool | Good for |
 |---|---|
@@ -31,7 +31,7 @@ Each runtime is backed by a specific AI coding tool. Multica supports 11 of them
 | **Copilot** | Teams leveraging their GitHub account entitlements |
 | **Gemini** | Users in the Google ecosystem |

-The other six (Hermes, Kimi, Kiro CLI, OpenCode, Pi, OpenClaw), along with each tool's full capability matrix (session resume, MCP, skill injection path, model selection), are covered in [AI coding tools comparison](/providers).
+The other five (Hermes, Kimi, OpenCode, Pi, OpenClaw), along with each tool's full capability matrix (session resume, MCP, skill injection path, model selection), are covered in [AI coding tools comparison](/providers).

 ## Writing system instructions

@@ -123,5 +123,5 @@ Archived agents can't be assigned new tasks.
 ## Next steps

 - [Skills](/skills) — attach knowledge packs to an agent
- [AI coding tools comparison](/providers) — full capability matrix across all 11 tools
+- [AI coding tools comparison](/providers) — full capability matrix across all 10 tools
 - [Assigning issues to agents](/assigning-issues) — put your new agent to work
--- a/apps/docs/content/docs/agents-create.zh.mdx
+++ b/apps/docs/content/docs/agents-create.zh.mdx
@@ -21,7 +21,7 @@ multica agent create

 ## 选一款 AI 编程工具

-运行时背后是一款具体的 AI 编程工具。Multica 支持 11 款，最常用的几款：
+运行时背后是一款具体的 AI 编程工具。Multica 支持 10 款，最常用的几款：

 | 工具 | 适合 |
 |---|---|
@@ -31,7 +31,7 @@ multica agent create
 | **Copilot** | 用 GitHub 账号权益的团队 |
 | **Gemini** | Google 生态用户 |

-另外 6 款（Hermes、Kimi、Kiro CLI、OpenCode、Pi、OpenClaw）以及每款工具的完整能力差别（会话恢复、MCP、skill 注入路径、模型选择）见 [AI 编程工具对照](/providers)。
+另外 5 款（Hermes、Kimi、OpenCode、Pi、OpenClaw）以及每款工具的完整能力差别（会话恢复、MCP、skill 注入路径、模型选择）见 [AI 编程工具对照](/providers)。

 ## 写系统指令

@@ -123,5 +123,5 @@ claude --model <model> --max-turns 100 --append-system-prompt "always respond in
 ## 下一步

 - [Skills](/skills) —— 给智能体挂专业知识包
- [AI 编程工具对照](/providers) —— 11 款工具的完整能力差别
+- [AI 编程工具对照](/providers) —— 10 款工具的完整能力差别
 - [把 issue 分配给智能体](/assigning-issues) —— 创建完之后怎么用起来
--- a/apps/docs/content/docs/assigning-issues.mdx
+++ b/apps/docs/content/docs/assigning-issues.mdx
@@ -32,10 +32,9 @@ The command-line equivalent:

 ```bash
 multica issue assign MUL-42 --to alice
-multica issue assign MUL-42 --to-id 5fb87ac7-23b5-4a7a-81fa-ed295a54545d
 ```

-`--to` takes a member username or an agent name (fuzzy match). When names overlap — e.g. an agent `J` alongside `Cursor - J` — pass `--to-id <uuid>` instead, using the `user_id` (member) or `id` (agent) from `multica workspace members --output json` / `multica agent list --output json`. UUID matching is strict and unambiguous, which is what you want from scripts and from agents driving the CLI. `--to` and `--to-id` are mutually exclusive.
+`--to` takes a member username or an agent name. Giving agents memorable names makes this step smoother — if multiple agents share a name in the workspace, the first one listed wins, so rename before assigning.

 Unassign:

--- a/apps/docs/content/docs/assigning-issues.zh.mdx
+++ b/apps/docs/content/docs/assigning-issues.zh.mdx
@@ -32,10 +32,9 @@ import { Callout } from "fumadocs-ui/components/callout";

 ```bash
 multica issue assign MUL-42 --to alice
-multica issue assign MUL-42 --to-id 5fb87ac7-23b5-4a7a-81fa-ed295a54545d
 ```

-`--to` 后跟成员用户名或智能体名字（模糊匹配）。如果工作区里有同名 / 互相含子串的成员或智能体（例如 agent `J` 旁边还有 `Cursor - J`），改用 `--to-id <uuid>`：UUID 来自 `multica workspace members --output json` 的 `user_id` 或 `multica agent list --output json` 的 `id`，是唯一精确的方式，特别适合脚本和驱动 CLI 的智能体。`--to` 和 `--to-id` 互斥。
+`--to` 后跟成员用户名或智能体名字。给智能体起个好记的名字会让这一步顺很多——工作区里重名的会按列出顺序选第一个，建议先改名再分配。

 取消分配：

--- a/apps/docs/content/docs/auth-setup.mdx
+++ b/apps/docs/content/docs/auth-setup.mdx
@@ -1,6 +1,6 @@
 ---
 title: Sign-in and signup configuration
-description: Configure email + verification code sign-in, Google OAuth, signup allowlists, and local test codes.
+description: Configure email + verification code sign-in, Google OAuth, and signup allowlists. Avoid the 888888 trap.
 ---

 import { Callout } from "fumadocs-ui/components/callout";
@@ -27,24 +27,17 @@ The user enters an email on the sign-in page → the server sends a 6-digit code

 **What happens if you don't set `RESEND_API_KEY`**: the server doesn't error, but **every email that should have been sent is written to the server's stdout only**. Handy for local development (copy the code from the logs); in production it's a black hole.

-## Fixed local testing codes
+## The 888888 trap

 <Callout type="warning">
-**Do not enable a fixed verification code on a publicly reachable instance.**
+**If `APP_ENV` is not set to `production`, anyone can sign in to any account with the code `888888`.**

-The old behavior where non-production instances accepted `888888` by default has been removed. Unless you explicitly configure it, typing `888888` is treated like any other wrong code.
+Multica has a development-only master code, `888888` — a backdoor so local development doesn't depend on Resend. The rule is straightforward: when `APP_ENV != "production"`, **any email** plus `888888` passes verification.

-Local development without Resend should use the generated code printed in server logs. If you need deterministic local/private automation, set `MULTICA_DEV_VERIFICATION_CODE` to a 6-digit value such as `888888`, and keep `APP_ENV` non-production:
-
-```bash
-APP_ENV=development
-MULTICA_DEV_VERIFICATION_CODE=888888
-```
-
-This shortcut is ignored when `APP_ENV=production`.
+**Production deployments must set `APP_ENV=production`**. If you deploy via `make selfhost` / `docker-compose.selfhost.yml`, this value is already set to `production` by default; but if you deploy from source yourself, write your own Docker config, or redefine environment variables in Kubernetes — you must add `APP_ENV=production` yourself.
 </Callout>

-Production deployments should leave `MULTICA_DEV_VERIFICATION_CODE` empty and set `APP_ENV=production`. If you deploy via `make selfhost` / `docker-compose.selfhost.yml`, `APP_ENV` defaults to `production`.
+To check whether your deployment has this trap: open the sign-in page, enter **any email** to request a code, then enter `888888`. If you get in, your `APP_ENV` is not set to `production`, and **the entire instance is wide open**.

 ## Google OAuth configuration

--- a/apps/docs/content/docs/auth-setup.zh.mdx
+++ b/apps/docs/content/docs/auth-setup.zh.mdx
@@ -1,12 +1,12 @@
 ---
 title: 登录与注册配置
-description: 配 Email 验证码登录、Google OAuth、注册白名单和本地测试验证码。
+description: 配 Email 验证码登录 + Google OAuth + 注册白名单。避开最坑的 888888 陷阱。
 ---

 import { Callout } from "fumadocs-ui/components/callout";
 import { Mermaid } from "@/components/mermaid";

-Multica 支持两种登录方式：**Email + 验证码**（默认）和 **Google OAuth**（可选）。登录成功后 server 签发一个 30 天有效期的 JWT cookie。这一页讲怎么配、怎么限制谁能注册、以及本地测试验证码怎么安全使用。
+Multica 支持两种登录方式：**Email + 验证码**（默认）和 **Google OAuth**（可选）。登录成功后 server 签发一个 30 天有效期的 JWT cookie。这一页讲怎么配、怎么限制谁能注册、以及自部署最容易踩的一个陷阱。

 上面用到的环境变量的清单见 [环境变量](/environment-variables)；token 怎么用、生命周期细节见 [认证与令牌](/auth-tokens)。

@@ -27,24 +27,17 @@ Multica 支持两种登录方式：**Email + 验证码**（默认）和 **Google

 **不配 `RESEND_API_KEY` 的后果**：server 不报错，但**所有本该发出去的邮件只打到 server 的 stdout**。本地开发方便（你从日志抄验证码），生产环境等于黑洞。

-## 固定本地测试验证码
+## 888888 陷阱

 <Callout type="warning">
-**不要在公网可访问实例上启用固定验证码。**
+**`APP_ENV` 不设为 `production`，任何人都能用验证码 `888888` 登录任何账号。**

-旧版「非 production 默认接受 `888888`」的行为已经移除。除非你显式配置，否则输入 `888888` 会和普通错误验证码一样被拒绝。
+Multica 有一个开发用的主验证码（master code）`888888`——为了本地开发不依赖 Resend 而设的后门。判定逻辑很简单：`APP_ENV != "production"` 时，**任何邮箱**输 `888888` 都能通过。

-不配 Resend 的本地开发，应使用 server 日志里打印的随机验证码。如果你需要确定性的本地/私有自动化测试，可以把 `MULTICA_DEV_VERIFICATION_CODE` 设成一个 6 位数字，比如 `888888`，并保持 `APP_ENV` 为非 production：
-
-```bash
-APP_ENV=development
-MULTICA_DEV_VERIFICATION_CODE=888888
-```
-
-`APP_ENV=production` 时这个快捷码会被忽略。
+**生产部署必须设 `APP_ENV=production`**。如果你用 `make selfhost` / `docker-compose.selfhost.yml` 自部署，这个值已经默认设为 `production`；但如果你自己从源码部署、自己写 Docker 配置、或者在 Kubernetes 里重新定义环境变量——一定要自己把 `APP_ENV=production` 加上。
 </Callout>

-生产部署应保持 `MULTICA_DEV_VERIFICATION_CODE` 为空，并设置 `APP_ENV=production`。如果你用 `make selfhost` / `docker-compose.selfhost.yml` 自部署，`APP_ENV` 默认就是 `production`。
+检查你的部署是否有这个陷阱：打开登录页，输入**任意邮箱**请求验证码，再在验证码栏输 `888888`。如果能登进去 = 你的 `APP_ENV` 没设成 `production`，**整个实例处于完全开放状态**。

 ## 怎么配 Google OAuth

--- a/apps/docs/content/docs/auth-tokens.mdx
+++ b/apps/docs/content/docs/auth-tokens.mdx
@@ -38,7 +38,7 @@ In day-to-day use you'll only touch the first two directly. The **[daemon](/daem
 2. Enter the code; the server issues a JWT cookie (browser) or exchanges it for a PAT (CLI).

 <Callout type="warning">
-**Self-hosting operators, take note**: keep `MULTICA_DEV_VERIFICATION_CODE` empty on public deployments. If you enable a fixed local test code, anyone who can request a code can sign in with that value while `APP_ENV` is non-production. See [Self-host auth configuration](/auth-setup).
+**Self-hosting operators, take note**: if `APP_ENV` is not set to `production`, the verification code is always `888888` — anyone can sign in as anyone. See [Self-host auth configuration](/auth-setup).
 </Callout>

 ### Google OAuth
--- a/apps/docs/content/docs/auth-tokens.zh.mdx
+++ b/apps/docs/content/docs/auth-tokens.zh.mdx
@@ -38,7 +38,7 @@ Multica 有三种令牌，对应三种使用场景：浏览器 Web UI、命令
 2. 输入验证码，server 签发 JWT cookie（浏览器）或交换出 PAT（CLI）

 <Callout type="warning">
-**自部署运维注意**：公网部署时保持 `MULTICA_DEV_VERIFICATION_CODE` 为空。如果启用固定本地测试验证码，在 `APP_ENV` 非 production 时，任何能请求验证码的人都能用该固定值登录。详见 [自部署的认证配置](/auth-setup)。
+**自部署运维注意**：如果环境变量 `APP_ENV` 不是 `production`，验证码恒为 `888888`——任何人能登录任何账号。详见 [自部署的认证配置](/auth-setup)。
 </Callout>

 ### Google OAuth
--- a/apps/docs/content/docs/autopilots.mdx
+++ b/apps/docs/content/docs/autopilots.mdx
@@ -25,6 +25,10 @@ An autopilot has two execution modes. **Start with "create issue" mode.**
 - **Create issue mode** (`create_issue`) — default, **recommended**. Each trigger first creates an issue in the workspace (the title supports interpolation like `{{date}}`), then assigns the issue to the agent through the normal assignment flow. All work lands on the issue board with the same history, comments, and status as a manually assigned issue.
 - **Run-only mode** (`run_only`) — skips issue creation and enqueues a `task` directly. The run is invisible on the board — you can only see it in the autopilot's run history.

+<Callout type="warning">
+**Run-only mode is currently unstable.** The CLI labels it "not yet supported end-to-end," and the dispatch path has known issues. New users should stick to create issue mode and wait for run-only mode to ship a stable release before switching.
+</Callout>
+
 ## Run it on a schedule

 Every autopilot needs at least one `schedule` trigger. Cron uses the **standard 5-field format** (minute hour day month weekday), with **1-minute** minimum granularity (no seconds). Timezone is IANA-formatted (for example, `Asia/Shanghai`) and determines which timezone the cron expression is interpreted in.
--- a/apps/docs/content/docs/autopilots.zh.mdx
+++ b/apps/docs/content/docs/autopilots.zh.mdx
@@ -25,6 +25,10 @@ Autopilot 有两种执行模式，**建议从"先建 issue 模式"开始**：
 - **先建 issue 模式**（`create_issue`）—— 默认，**推荐**。每次触发先在工作区里建一个 issue（标题支持 `{{date}}` 这样的插值），再按分配流程把 issue 派给智能体。所有工作都落在 issue 看板上，历史、评论、状态和手动分配的 issue 完全一致。
 - **直跑模式**（`run_only`）—— 不建 issue，直接入队一个 `task`。看板上看不到这一次运行——只能在 Autopilot 的运行历史里看到。

+<Callout type="warning">
+**直跑模式当前不稳定**——目前在 CLI 里被标注为"not yet supported end-to-end"，派发路径有已知问题。新用户只使用先建 issue 模式，等直跑模式 ship 稳定版再切。
+</Callout>
+
 ## 让它按时间跑

 每个 Autopilot 至少要一个 `schedule` 触发器。Cron 是**标准 5 字段格式**（分 时 日 月 周），最小粒度 **1 分钟**（没有秒级）。时区用 IANA 格式（例如 `Asia/Shanghai`），决定 cron 表达式按哪个时区解读。
--- a/apps/docs/content/docs/cli.mdx
+++ b/apps/docs/content/docs/cli.mdx
@@ -40,25 +40,20 @@ For the difference between token types, see [Authentication and tokens](/auth-to
 | `multica workspace list` | List every workspace you can access |
 | `multica workspace get <slug>` | Show details for one workspace |
 | `multica workspace members` | List members of the current workspace |
-| `multica workspace update <id> --name "..." [--description "..."] [--context "..."] [--issue-prefix "..."]` | Update workspace metadata (admin/owner). Long fields accept `--description-stdin` / `--context-stdin`. |

 ## Issues and projects

-<Callout type="info">
-`list` commands (`multica issue list`, `autopilot list`, `project list`, etc.) print short, copy-paste-ready IDs by default — issue keys like `MUL-123` for issues, short UUID prefixes for the rest. The `<id>` argument on the follow-up commands below accepts either the short ID or the full UUID, so the typical flow is `multica issue list` → copy the key → `multica issue get MUL-123`. Pass `--full-id` to a list command when you need the canonical UUID.
-</Callout>
-
 | Command | Purpose |
 |---|---|
-| `multica issue list` | List issues (prints copy-paste-ready issue keys) |
-| `multica issue get <id>` | Show a single issue (accepts an issue key or a UUID) |
+| `multica issue list` | List issues |
+| `multica issue get <id>` | Show a single issue |
 | `multica issue create --title "..."` | Create a new issue |
 | `multica issue update <id> ...` | Update an issue (status, priority, assignee, etc.) |
 | `multica issue assign <id> --agent <slug>` | Assign to an agent (triggers a task immediately) |
 | `multica issue status <id> --set <status>` | Shortcut to change status |
 | `multica issue search <query>` | Keyword search |
 | `multica issue runs <id>` | Show agent runs on an issue |
-| `multica issue rerun <id>` | Re-enqueue a fresh task for the issue's current agent assignee |
+| `multica issue rerun <id>` | Rerun the most recent agent task |
 | `multica issue comment <id> ...` | Nested: view / post comments |
 | `multica issue subscriber <id> ...` | Nested: subscribe / unsubscribe |
 | `multica project list/get/create/update/delete/status` | Project CRUD |
@@ -103,6 +98,7 @@ For the difference between token types, see [Authentication and tokens](/auth-to
 | `multica runtime list` | List runtimes in the current workspace |
 | `multica runtime usage` | Show resource usage |
 | `multica runtime activity` | Recent activity log |
+| `multica runtime ping <id>` | Ping a runtime to check it's online |
 | `multica runtime update <id> ...` | Update a runtime's configuration |

 ## Miscellaneous
--- a/apps/docs/content/docs/cli.zh.mdx
+++ b/apps/docs/content/docs/cli.zh.mdx
@@ -40,25 +40,20 @@ Token 类型的详细区分见 [认证与令牌](/auth-tokens)。
 | `multica workspace list` | 列出你有权访问的所有工作区 |
 | `multica workspace get <slug>` | 查看一个工作区的详情 |
 | `multica workspace members` | 列出当前工作区的成员 |
-| `multica workspace update <id> --name "..." [--description "..."] [--context "..."] [--issue-prefix "..."]` | 修改 workspace 元数据（admin/owner 权限）。长文本可用 `--description-stdin` / `--context-stdin`。 |

 ## Issue 和 Project

-<Callout type="info">
-`list` 类命令（`multica issue list`、`autopilot list`、`project list` 等）表格里默认显示**可直接复制**的短 ID：issue 是 key（如 `MUL-123`），其余资源是 UUID 短前缀。下面表格里的 `<id>` 同时接受短 ID 和完整 UUID，所以典型用法是 `multica issue list` → 复制 key → `multica issue get MUL-123`。需要完整 UUID 时给 `list` 加 `--full-id`。
-</Callout>
-
 | 命令 | 用途 |
 |---|---|
-| `multica issue list` | 列出 issue（默认显示可复制的 issue key） |
-| `multica issue get <id>` | 查看单条 issue（接受 issue key 或 UUID） |
+| `multica issue list` | 列出 issue |
+| `multica issue get <id>` | 查看单条 issue |
 | `multica issue create --title "..."` | 创建新 issue |
 | `multica issue update <id> ...` | 修改 issue（状态、优先级、分配人等） |
 | `multica issue assign <id> --agent <slug>` | 分配给智能体（立即触发任务） |
 | `multica issue status <id> --set <status>` | 快捷改状态 |
 | `multica issue search <query>` | 关键字搜索 |
 | `multica issue runs <id>` | 查看 issue 上智能体跑过的任务 |
-| `multica issue rerun <id>` | 给该 issue 当前的智能体分配人重新创建一条任务 |
+| `multica issue rerun <id>` | 重跑最近一次智能体任务 |
 | `multica issue comment <id> ...` | 嵌套：看 / 发评论 |
 | `multica issue subscriber <id> ...` | 嵌套：订阅 / 取消订阅 |
 | `multica project list/get/create/update/delete/status` | Project CRUD |
@@ -103,6 +98,7 @@ Token 类型的详细区分见 [认证与令牌](/auth-tokens)。
 | `multica runtime list` | 列出当前工作区的 runtime |
 | `multica runtime usage` | 查看资源使用情况 |
 | `multica runtime activity` | 近期活动记录 |
+| `multica runtime ping <id>` | 立即戳一次 runtime 检查在线 |
 | `multica runtime update <id> ...` | 更新 runtime 配置 |

 ## 杂项
--- a/apps/docs/content/docs/cli/installation.zh.mdx
+++ b/apps/docs/content/docs/cli/installation.zh.mdx
@@ -78,7 +78,7 @@ multica daemon status

 Confirm:
 1. Status is `running`
-2. At least one agent is listed (e.g. `claude`, `codex`, `gemini`, `opencode`, `openclaw`, `hermes`, `kiro`, or `pi`)
+2. At least one agent is listed (e.g. `claude`, `codex`, `gemini`, `opencode`, `openclaw`, `hermes`, or `pi`)
 3. At least one workspace is being watched

 If the agents list is empty, install at least one supported AI agent CLI:
@@ -88,8 +88,6 @@ If the agents list is empty, install at least one supported AI agent CLI:
 - OpenCode (`opencode`)
 - OpenClaw (`openclaw`)
 - Hermes (`hermes`)
- Kimi (`kimi`)
- Kiro CLI (`kiro-cli`)

 Then restart the daemon:

--- a/apps/docs/content/docs/cli/reference.zh.mdx
+++ b/apps/docs/content/docs/cli/reference.zh.mdx
@@ -18,10 +18,10 @@ Opens your browser for OAuth authentication, creates a 90-day personal access to
 ### Token Login

 ```bash
-multica login --token <mul_...>
+multica login --token
 ```

-Authenticate using a personal access token directly. Useful for headless environments. Pass `--token=` with an empty value to be prompted interactively (so the token never lands in shell history).
+Authenticate by pasting a personal access token directly. Useful for headless environments.

 ### Check Status

@@ -92,10 +92,6 @@ The daemon auto-detects these AI CLIs on your PATH:
 | OpenCode | `opencode` | Open-source coding agent |
 | OpenClaw | `openclaw` | Open-source coding agent |
 | Hermes | `hermes` | Nous Research coding agent |
-| Kimi | `kimi` | Moonshot coding agent |
-| Kiro CLI | `kiro-cli` | Kiro ACP coding agent |
-| Pi | `pi` | Inflection coding agent |
-| Cursor Agent | `cursor-agent` | Cursor coding agent |

 You need at least one installed. The daemon registers each detected CLI as an available runtime.

@@ -138,14 +134,6 @@ Agent-specific overrides:
 | `MULTICA_HERMES_MODEL` | Override the Hermes model used |
 | `MULTICA_GEMINI_PATH` | Custom path to the `gemini` binary |
 | `MULTICA_GEMINI_MODEL` | Override the Gemini model used |
-| `MULTICA_PI_PATH` | Custom path to the `pi` binary |
-| `MULTICA_PI_MODEL` | Override the Pi model used |
-| `MULTICA_CURSOR_PATH` | Custom path to the `cursor-agent` binary |
-| `MULTICA_CURSOR_MODEL` | Override the Cursor model used |
-| `MULTICA_KIMI_PATH` | Custom path to the `kimi` binary |
-| `MULTICA_KIMI_MODEL` | Override the Kimi model used |
-| `MULTICA_KIRO_PATH` | Custom path to the `kiro-cli` binary |
-| `MULTICA_KIRO_MODEL` | Override the Kiro model used |

 ### Self-Hosted Server

@@ -213,28 +201,6 @@ multica workspace get <workspace-id> --output json
 multica workspace members <workspace-id>
 ```

-### Update Workspace
-
-需要 admin 或 owner 权限。所有字段都是部分更新（PATCH 语义）：未传的字段保持不变。
-
-```bash
-multica workspace update <workspace-id> --name "Acme Eng"
-multica workspace update <workspace-id> \
-  --description "Engineering team workspace" \
-  --issue-prefix ENG
-```
-
-长文本走 stdin（保留换行/反斜杠）：
-
-```bash
-cat <<'CTX' | multica workspace update <workspace-id> --context-stdin
-我们是一支 5 人 AI-native 团队。
-工作语言：中文 + 英文混合。
-CTX
-```
-
-可编辑字段：`--name`、`--description` / `--description-stdin`、`--context` / `--context-stdin`、`--issue-prefix`。`slug` 创建后只读，不暴露在 CLI。`--description` 与 `--description-stdin`（以及 `context` 同名对）互斥。未传任何字段 flag 时命令拒绝执行，避免空 PATCH 触发无意义的 workspace 更新事件。`--issue-prefix ""` 也会被拒绝：当前后端在 prefix 为空时静默跳过该字段，CLI 在本地拦下避免“看似成功的 no-op”。
-
 ## Issues

 ### List Issues
@@ -243,31 +209,25 @@ CTX
 multica issue list
 multica issue list --status in_progress
 multica issue list --priority urgent --assignee "Agent Name"
-multica issue list --assignee-id 5fb87ac7-23b5-4a7a-81fa-ed295a54545d
-multica issue list --full-id
 multica issue list --limit 20 --output json
 ```

-表格输出默认显示可直接复制到后续命令的 issue `KEY`（例如 `MUL-123`）；需要完整 UUID 时使用 `--full-id`。Available filters: `--status`, `--priority`, `--assignee` / `--assignee-id`, `--project`, `--limit`. 在重名 workspace 下用 `--assignee-id <uuid>` 可以精确锁定一个成员或 agent。
+Available filters: `--status`, `--priority`, `--assignee`, `--project`, `--limit`.

 ### Get Issue

 ```bash
-multica issue get MUL-123
-multica issue get <uuid>
+multica issue get <id>
 multica issue get <id> --output json
 ```

-`<id>` 同时接受 issue key（`multica issue list` 表格里直接显示，例如 `MUL-123`）和完整 UUID（给 `list` 加 `--full-id` 可显示）。同样的规则适用于下面 `update` / `assign` / `status` / `comment` / `subscriber` / `runs` 等接受 `<id>` 的命令。
-
 ### Create Issue

 ```bash
 multica issue create --title "Fix login bug" --description "..." --priority high --assignee "Lambda"
-multica issue create --title "Fix login bug" --assignee-id 5fb87ac7-23b5-4a7a-81fa-ed295a54545d
 ```

-Flags: `--title` (required), `--description`, `--status`, `--priority`, `--assignee` / `--assignee-id`, `--parent`, `--project`, `--due-date`. 脚本里如果已经拿到了 UUID（例如来自 `multica workspace members --output json`），传 `--assignee-id <uuid>`（与 `--assignee` 互斥）以精确锁定。
+Flags: `--title` (required), `--description`, `--status`, `--priority`, `--assignee`, `--parent`, `--project`, `--due-date`.

 ### Update Issue

@@ -279,12 +239,9 @@ multica issue update <id> --title "New title" --priority urgent

 ```bash
 multica issue assign <id> --to "Lambda"
-multica issue assign <id> --to-id 5fb87ac7-23b5-4a7a-81fa-ed295a54545d
 multica issue assign <id> --unassign
 ```

-`--to-id <uuid>`（与 `--to` 互斥）按 UUID 精确分配；适合重名 workspace 下脚本化场景。
-
 ### Change Status

 ```bash
@@ -314,20 +271,16 @@ multica issue comment delete <comment-id>
 ```bash
 # List all execution runs for an issue
 multica issue runs <issue-id>
-multica issue runs <issue-id> --full-id
 multica issue runs <issue-id> --output json

 # View messages for a specific execution run
 multica issue run-messages <task-id>
-multica issue run-messages <short-task-id> --issue <issue-id>
 multica issue run-messages <task-id> --output json

 # Incremental fetch (only messages after a given sequence number)
 multica issue run-messages <task-id> --since 42 --output json
 ```

-`runs` 的表格输出默认显示 task UUID 短前缀；需要完整 task UUID 时使用 `--full-id`。`run-messages` 可直接接受完整 task UUID；从 `runs` 表格复制短前缀时需要同时传 `--issue <issue-id>`，CLI 只会在该 issue 的 runs 内解析。
-
 ## Projects

 Projects group related issues (e.g. a sprint, an epic, a workstream). Every project
--- a/apps/docs/content/docs/cloud-quickstart.mdx
+++ b/apps/docs/content/docs/cloud-quickstart.mdx
@@ -7,7 +7,7 @@ import { Callout } from "fumadocs-ui/components/callout";

 This page walks you end-to-end through Multica Cloud — **sign up → install the [CLI](/cli) → start the [daemon](/daemon-runtimes) → create an [agent](/agents) → assign your first [task](/tasks)**. Takes about 5 minutes.

-One prerequisite: you already have at least one [AI coding tool](/providers) installed locally ([Claude Code](/providers#claude-code), [Codex](/providers#codex), [Cursor](/providers#cursor), [Copilot](/providers#copilot), [Gemini](/providers#gemini), [Hermes](/providers#hermes), [Kimi](/providers#kimi), [Kiro CLI](/providers#kiro-cli), [OpenCode](/providers#opencode), [OpenClaw](/providers#openclaw), or [Pi](/providers#pi)). The daemon auto-detects them on startup and refuses to start if none are present.
+One prerequisite: you already have at least one [AI coding tool](/providers) installed locally ([Claude Code](/providers#claude-code), [Codex](/providers#codex), [Cursor](/providers#cursor), [Copilot](/providers#copilot), [Gemini](/providers#gemini), [Hermes](/providers#hermes), [Kimi](/providers#kimi), [OpenCode](/providers#opencode), [OpenClaw](/providers#openclaw), or [Pi](/providers#pi)). The daemon auto-detects them on startup and refuses to start if none are present.

 ## 1. Create an account

@@ -99,7 +99,7 @@ Assign the issue to the agent you just created — click its avatar in the web U
 multica issue assign MUL-1 --to my-agent-name
 ```

-`--to` takes the **name** of an agent or member. A substring match works — if the agent is called `my-code-reviewer`, `reviewer` resolves to it. If your workspace has overlapping names, pass `--to-id <uuid>` instead (mutually exclusive with `--to`); look up the UUID via `multica agent list --output json` or `multica workspace members --output json`.
+`--to` takes the **name** of an agent or member. A substring match works — if the agent is called `my-code-reviewer`, `reviewer` resolves to it.

 **What happens next from the daemon**:

@@ -114,6 +114,6 @@ The web UI updates in **real time** (via WebSocket) — no refresh needed.

 - [Daemon and runtimes](/daemon-runtimes) — how the daemon operates and what runtimes mean
 - [Tasks](/tasks) — task lifecycle and retry rules
- [AI coding tools compared](/providers) — capability differences across the 11 tools
+- [AI coding tools compared](/providers) — capability differences across the 10 tools
 - [Desktop app](/desktop-app) — if you'd rather not run the daemon yourself
 - [Self-host quickstart](/self-host-quickstart) — run your own backend
--- a/apps/docs/content/docs/cloud-quickstart.zh.mdx
+++ b/apps/docs/content/docs/cloud-quickstart.zh.mdx
@@ -7,7 +7,7 @@ import { Callout } from "fumadocs-ui/components/callout";

 这一页带你走一遍 Multica Cloud 的端到端流程——**注册 → 装 [命令行工具](/cli) → 启动 [守护进程](/daemon-runtimes) → 创建 [智能体](/agents) → 分配第一个 [任务](/tasks)**，约 5 分钟完成。

-前置只有一个：你本地已经装了至少一款 [AI 编程工具](/providers)（[Claude Code](/providers#claude-code)、[Codex](/providers#codex)、[Cursor](/providers#cursor)、[Copilot](/providers#copilot)、[Gemini](/providers#gemini)、[Hermes](/providers#hermes)、[Kimi](/providers#kimi)、[Kiro CLI](/providers#kiro-cli)、[OpenCode](/providers#opencode)、[OpenClaw](/providers#openclaw)、[Pi](/providers#pi)）中的一款。守护进程启动时会自动探测它们，没装任何一个的话守护进程会直接拒绝启动。
+前置只有一个：你本地已经装了至少一款 [AI 编程工具](/providers)（[Claude Code](/providers#claude-code)、[Codex](/providers#codex)、[Cursor](/providers#cursor)、[Copilot](/providers#copilot)、[Gemini](/providers#gemini)、[Hermes](/providers#hermes)、[Kimi](/providers#kimi)、[OpenCode](/providers#opencode)、[OpenClaw](/providers#openclaw)、[Pi](/providers#pi)）中的一款。守护进程启动时会自动探测它们，没装任何一个的话守护进程会直接拒绝启动。

 ## 1. 注册账号

@@ -99,7 +99,7 @@ multica issue create --title "给 README 加一段 ASCII 架构图"
 multica issue assign MUL-1 --to my-agent-name
 ```

-`--to` 后面填智能体或成员的**名字**，子串就行——如果智能体叫 `my-code-reviewer`，填 `reviewer` 也能命中。如果工作区里名字相互重叠或冲突，改用 `--to-id <uuid>`（与 `--to` 互斥）；UUID 来自 `multica agent list --output json` 或 `multica workspace members --output json`。
+`--to` 后面填智能体或成员的**名字**，子串就行——如果智能体叫 `my-code-reviewer`，填 `reviewer` 也能命中。

 **接下来守护进程会**：

@@ -114,6 +114,6 @@ Web 界面会**实时**（通过 WebSocket）显示进度——不需要刷新

 - [守护进程与运行时](/daemon-runtimes) —— 守护进程怎么运作、运行时概念
 - [执行任务](/tasks) —— 任务生命周期、重试规则
- [AI 编程工具对照](/providers) —— 11 款工具的能力差异
+- [AI 编程工具对照](/providers) —— 10 款工具的能力差异
 - [桌面应用](/desktop-app) —— 不想自己跑守护进程的话
 - [Self-Host 快速上手](/self-host-quickstart) —— 在自己服务器上跑一套
--- a/apps/docs/content/docs/daemon-runtimes.mdx
+++ b/apps/docs/content/docs/daemon-runtimes.mdx
@@ -21,7 +21,7 @@ multica daemon start
 On startup it does four things:

 1. Reads the credentials saved when you logged in
-2. Detects AI coding tools installed on your `PATH` (11 built-in: [Claude Code](/providers#claude-code), [Codex](/providers#codex), [Cursor](/providers#cursor), [Copilot](/providers#copilot), [Gemini](/providers#gemini), [Hermes](/providers#hermes), [Kimi](/providers#kimi), [Kiro CLI](/providers#kiro-cli), [OpenCode](/providers#opencode), [OpenClaw](/providers#openclaw), [Pi](/providers#pi))
+2. Detects AI coding tools installed on your `PATH` (10 built-in: [Claude Code](/providers#claude-code), [Codex](/providers#codex), [Cursor](/providers#cursor), [Copilot](/providers#copilot), [Gemini](/providers#gemini), [Hermes](/providers#hermes), [Kimi](/providers#kimi), [OpenCode](/providers#opencode), [OpenClaw](/providers#openclaw), [Pi](/providers#pi))
 3. Registers itself with the server, along with a runtime for each detected tool
 4. Keeps **polling every 3 seconds** for tasks to pick up, and **sends a heartbeat every 15 seconds**

@@ -37,7 +37,7 @@ Common commands:

 Full CLI reference in [CLI commands](/cli).

-**The desktop app ships with a daemon.** If you use the [desktop app](/desktop-app), you don't need to run `multica daemon start` manually — it launches the daemon automatically on startup. See the [Desktop app](/desktop-app) page for which option fits your workflow.
+**The desktop app ships with a daemon.** If you use the [desktop app](/desktop-app), you don't need to run `multica daemon start` manually — it launches the daemon automatically on startup.

 ## Why one machine has multiple runtimes

@@ -108,4 +108,4 @@ More scenarios in [Troubleshooting](/troubleshooting).
 ## Next

 - [Tasks](/tasks) — the full lifecycle of a task once the daemon picks it up
- [Providers Matrix](/providers) — capability differences across the 11 AI coding tools
+- [Providers Matrix](/providers) — capability differences across the 10 AI coding tools
--- a/apps/docs/content/docs/daemon-runtimes.zh.mdx
+++ b/apps/docs/content/docs/daemon-runtimes.zh.mdx
@@ -21,7 +21,7 @@ multica daemon start
 启动后它会做四件事：

 1. 读取你登录时保存的凭证
-2. 探测本机 `PATH` 上已安装的 AI 编程工具（内置支持 11 款：[Claude Code](/providers#claude-code)、[Codex](/providers#codex)、[Cursor](/providers#cursor)、[Copilot](/providers#copilot)、[Gemini](/providers#gemini)、[Hermes](/providers#hermes)、[Kimi](/providers#kimi)、[Kiro CLI](/providers#kiro-cli)、[OpenCode](/providers#opencode)、[OpenClaw](/providers#openclaw)、[Pi](/providers#pi)）
+2. 探测本机 `PATH` 上已安装的 AI 编程工具（内置支持 10 款：[Claude Code](/providers#claude-code)、[Codex](/providers#codex)、[Cursor](/providers#cursor)、[Copilot](/providers#copilot)、[Gemini](/providers#gemini)、[Hermes](/providers#hermes)、[Kimi](/providers#kimi)、[OpenCode](/providers#opencode)、[OpenClaw](/providers#openclaw)、[Pi](/providers#pi)）
 3. 向服务器注册自己，以及每款检测到的工具对应的运行时
 4. 持续**每 3 秒轮询一次**是否有任务要领，**每 15 秒发一次心跳**

@@ -37,7 +37,7 @@ multica daemon start

 完整 CLI 参考见 [CLI 命令速查](/cli)。

-**桌面应用自带守护进程。**用 [桌面应用](/desktop-app) 就不必手动 `multica daemon start`——它启动时会自动拉起守护进程。哪种方式更适合你的工作流，详见 [桌面应用](/desktop-app) 页面。
+**桌面应用自带守护进程。**用 [桌面应用](/desktop-app) 就不必手动 `multica daemon start`——它启动时会自动拉起守护进程。

 ## 为什么一台机器会有多个运行时

@@ -108,4 +108,4 @@ Multica 对并发有两层限额：
 ## 下一步

 - [执行任务](/tasks) —— 守护进程领到任务后，它的完整生命周期
- [Providers Matrix](/providers) —— 11 款 AI 编程工具的能力差异对照
+- [Providers Matrix](/providers) —— 10 款 AI 编程工具的能力差异对照
--- a/apps/docs/content/docs/desktop-app.mdx
+++ b/apps/docs/content/docs/desktop-app.mdx
@@ -5,7 +5,7 @@ description: What Multica Desktop is, how it differs from the web app, and when

 import { Callout } from "fumadocs-ui/components/callout";

-Multica Desktop is a native desktop app for macOS, Windows, and Linux. For the environment it is configured for, it talks to the same backend as the web app and shows the same data. By default Desktop uses Multica Cloud; self-hosted instances can be configured with a local runtime config file. Desktop also adds a few things the browser can't: **independent tab groups per [workspace](/workspaces)**, **automatic [daemon](/daemon-runtimes) startup**, and **one-click upgrades**.
+Multica Desktop is a native desktop app for macOS, Windows, and Linux. It talks to the same backend as the web app and shows the same data, but it adds a few things the browser can't: **independent tab groups per [workspace](/workspaces)**, **automatic [daemon](/daemon-runtimes) startup**, and **one-click upgrades**.

 ## Desktop or web — which to pick

@@ -67,33 +67,11 @@ Grab the installer for your platform from the [Multica downloads page](https://m
 On first launch you'll need to sign in — the same email + verification code flow as the web app. Once you're in, Desktop syncs your workspace list automatically.

 <Callout type="info">
-**Desktop defaults to Multica Cloud, but can be pointed at a self-hosted instance with a local config file.** There is still no in-app "connect to self-host" picker. Desktop reads `~/.multica/desktop.json` before the renderer starts; if the file is missing, it uses the Cloud defaults.
-
-Minimal self-host config:
-
-```json
-{
-  "schemaVersion": 1,
-  "apiUrl": "https://api.your-domain"
-}
-```
-
-`apiUrl` is required and must use `http` or `https`. Desktop derives `wsUrl` as `/ws` on the same origin (`wss` for `https`, `ws` for `http`) and derives `appUrl` from the API origin. If your deployment uses different origins, set them explicitly:
-
-```json
-{
-  "schemaVersion": 1,
-  "apiUrl": "https://api.your-domain",
-  "wsUrl": "wss://api.your-domain/ws",
-  "appUrl": "https://your-domain"
-}
-```
-
-If `desktop.json` exists but is invalid, Desktop fails closed and shows a blocking config error instead of silently falling back to Cloud. For development builds, `VITE_API_URL` / `VITE_WS_URL` / `VITE_APP_URL` still take precedence during `electron-vite dev`. Runtime Desktop self-host configuration was implemented for [issue #1371](https://github.com/multica-ai/multica/issues/1371).
+**Which backend Desktop connects to** is determined by the address you select at sign-in. It defaults to Multica Cloud; if you're running self-hosted, click "Connect to a self-hosted instance" on the first login screen and fill in your server address.
 </Callout>

 ## Next steps

 - [Cloud Quickstart](/cloud-quickstart) — the Cloud onboarding flow for Desktop
- [Self-Host Quickstart](/self-host-quickstart) — running your own backend and connecting with the CLI or Desktop runtime config
+- [Self-Host Quickstart](/self-host-quickstart) — connecting Desktop to a self-hosted backend
 - [Daemon and runtimes](/daemon-runtimes) — how the daemon works (Desktop starts it for you, but the behavior is the same)
--- a/apps/docs/content/docs/desktop-app.zh.mdx
+++ b/apps/docs/content/docs/desktop-app.zh.mdx
@@ -5,7 +5,7 @@ description: Multica Desktop 是什么、和 Web 有什么区别、什么时候

 import { Callout } from "fumadocs-ui/components/callout";

-Multica Desktop 是原生桌面应用——macOS / Windows / Linux 三个平台。对它当前配置的环境来说，它和 Web 版连同一个后端、看到的数据完全一样。Desktop 默认使用 Multica Cloud；自部署实例可以通过本地运行时配置文件接入。它还给了几个 Web 做不到的能力：**[工作区](/workspaces) 独立的多标签页**、**自动启动 [守护进程](/daemon-runtimes)**、**一键升级**。
+Multica Desktop 是原生桌面应用——macOS / Windows / Linux 三个平台。它和 Web 版连同一个后端，看到的数据完全一样，但给了几个 Web 做不到的能力：**[工作区](/workspaces) 独立的多标签页**、**自动启动 [守护进程](/daemon-runtimes)**、**一键升级**。

 ## Desktop 和 Web 该用哪个

@@ -67,33 +67,11 @@ macOS 版本已经签名 + 公证，第一次打开不会有"未知开发者"的
 安装后第一次打开需要登录——和 Web 版一样的 email + 验证码流程。登录成功后 Desktop 自动把工作区列表同步下来。

 <Callout type="info">
-**Desktop 默认连接 Multica Cloud，但可以通过本地配置文件指向自部署实例。** 应用内仍然没有“连接自部署”的切换入口。Desktop 会在 renderer 启动前读取 `~/.multica/desktop.json`；如果这个文件不存在，就使用 Cloud 默认值。
-
-最小自部署配置：
-
-```json
-{
-  "schemaVersion": 1,
-  "apiUrl": "https://api.your-domain"
-}
-```
-
-`apiUrl` 是必填项，必须使用 `http` 或 `https`。Desktop 会自动从它推导 `wsUrl`（同源 `/ws`，`https` 对应 `wss`，`http` 对应 `ws`）和 `appUrl`（API 的同源地址）。如果你的部署使用不同域名，可以显式设置：
-
-```json
-{
-  "schemaVersion": 1,
-  "apiUrl": "https://api.your-domain",
-  "wsUrl": "wss://api.your-domain/ws",
-  "appUrl": "https://your-domain"
-}
-```
-
-如果 `desktop.json` 存在但内容无效，Desktop 会 fail closed，显示阻塞式配置错误，而不是悄悄回退到 Cloud。开发构建里，`electron-vite dev` 仍然优先使用 `VITE_API_URL` / `VITE_WS_URL` / `VITE_APP_URL`。Desktop 运行时自部署配置能力对应 [issue #1371](https://github.com/multica-ai/multica/issues/1371)。
+**桌面版连哪个后端** 由登录时选的地址决定。默认连 Multica Cloud；如果你用自部署版本，在首次登录页点"连接到自部署实例"填你的 server 地址即可。
 </Callout>

 ## 下一步

 - [Cloud Quickstart](/cloud-quickstart) —— Desktop 版的 Cloud 接入流程
- [Self-Host Quickstart](/self-host-quickstart) —— 自部署后端，并通过 CLI 或 Desktop 运行时配置连接
+- [Self-Host Quickstart](/self-host-quickstart) —— Desktop 连自部署后端
 - [守护进程与运行时](/daemon-runtimes) —— 守护进程机制（Desktop 自动起它，但行为一样）
--- a/apps/docs/content/docs/developers/conventions.mdx
+++ b/apps/docs/content/docs/developers/conventions.mdx
@@ -1,301 +0,0 @@
---
-title: Conventions
-description: Single source of truth for code naming, i18n translation glossary, and Chinese voice guide.
---
-
-This page is the single source of truth for code naming, the i18n translation glossary, and the Chinese voice guide. Anything that used to live in `packages/views/locales/glossary.md` or in scattered comments now lives here.
-
-If you write Multica code, change a translation, or write Chinese product copy, this is the page to reference.
-
---
-
-## 1. Code naming
-
-### Routes
-
-Pre-workspace routes (the routes that exist before the user is in a workspace) MUST use either a single word or the `/{noun}/{verb}` pattern.
-
- ✅ `/login`, `/inbox`, `/workspaces/new`
- ❌ `/new-workspace`, `/create-team`, `/accept-invite`
-
-Hyphenated word groups at the root collide with user-chosen workspace slugs and force endless reserved-slug audits. Reserving the noun (`workspaces`) automatically protects the entire `/workspaces/*` subtree.
-
-### Workspace-scoped routes
-
-Always live under `/{slug}/{section}` — `/{slug}/issues`, `/{slug}/agents`, `/{slug}/settings`. Never duplicate workspace routing logic; use `useNavigation().push()` from shared code, never framework-specific link APIs.
-
-### Packages and modules
-
-The monorepo enforces strict package boundaries:
-
-| Package | May depend on | Must NOT depend on |
-| --- | --- | --- |
-| `packages/core` | nothing app-specific | `react-dom`, `localStorage`, `process.env`, `next/*`, UI libraries |
-| `packages/ui` | nothing | `@multica/core`, business logic |
-| `packages/views` | `core/`, `ui/` | `next/*`, `react-router-dom`, stores |
-| `apps/web/platform/` | `next/*` | other apps |
-| `apps/desktop/.../platform/` | `react-router-dom`, electron | other apps |
-
-If logic appears in both apps, it MUST be extracted to a shared package. There are no exceptions for "small" duplication.
-
-### Files and components
-
- Files: `kebab-case.tsx` / `kebab-case.ts` (e.g. `agent-row-actions.tsx`)
- Components: `PascalCase` (e.g. `AgentRowActions`)
- Hooks: `useCamelCase` (e.g. `useWorkspaceId`)
- Tests: colocated as `<file>.test.ts(x)`
- Stores (Zustand): `<feature>-store.ts`, exported as `use<Feature>Store`
-
-### Database (Go + sqlc)
-
- Tables: `snake_case` singular (`user`, `workspace`, `agent_runtime`)
- Columns: `snake_case` (`workspace_id`, `created_at`, `last_seen_at`)
- Foreign keys: `<table>_id`
- Booleans: `is_<state>` or `<state>_at` (timestamp form preferred for state changes)
- Migration files: `NNN_descriptive_name.up.sql` + `.down.sql` — always provide both directions
-
-### Go
-
- Standard `gofmt` + `go vet`. No exceptions.
- Handler files mirror domain: `agent.go`, `auth.go`, `runtime.go`
- Tests: `<file>_test.go` colocated
- For UUID parsing in handlers, follow the rule in the root `CLAUDE.md` — `parseUUIDOrBadRequest` for boundary input, `parseUUID` (panicking) for trusted round-trips, never `util.ParseUUID` directly without checking the error.
-
-### TypeScript
-
- API responses on the wire are `snake_case`; the api client converts to `camelCase` at the boundary. Inside TS code, **always camelCase**.
- Types: `PascalCase` (`Issue`, `AgentRuntime`); never `IPrefix`, never `_t` suffix.
- Enums: prefer string literal unions; reserve `enum` for runtime-iterable cases.
- TanStack Query keys: factory functions in `<feature>/queries.ts`, e.g. `issueKeys.detail(id)`.
-
-### Issue keys
-
-Every issue has a human-readable key like `MUL-123`: workspace `issue_prefix` (3 letters, uppercase) + sequence number. The prefix is set at workspace creation and is never changed afterward.
-
-### Comments in code
-
-English only. The repo enforces this for both Go and TypeScript. If you find a Chinese comment in code, it's a bug — replace it.
-
-### Commit messages
-
-Conventional format: `feat(scope)`, `fix(scope)`, `refactor(scope)`, `docs`, `test(scope)`, `chore(scope)`. Atomic commits grouped by intent.
-
---
-
-## 2. i18n translation glossary
-
-This is the **mandatory** glossary for every translation PR. It used to live at `packages/views/locales/glossary.md`; that file is now a stub pointing here.
-
-### The core distinction: entity vs concept
-
-Multica's product nouns split into two categories:
-
- **Entity** — has a URL, a database row, an API type. In Chinese text, render as **lowercase English** so it visually reads like a type name and signals "this is a Multica system entity".
- **Concept** — generic noun, not a database entity. **Translate fully** so Chinese users don't see jagged English embedded in flowing text.
-
-This rule is aligned with `apps/docs/content/docs/*.zh.mdx` — the docs are the de facto Chinese voice standard and have been battle-tested across 20+ pages.
-
-### Entities — mixed rule (`issue` / `skill` / `task`)
-
-`issue` / `skill` / `task` are Multica's core entities. They have schema columns, API fields, and product UI labels that are all English. In Chinese text, they follow a **mixed rule** — what to use depends on where the word appears:
-
-| Context | Render | Example |
-| --- | --- | --- |
-| **UI strings, state names, code references** | lowercase English | "排队中的 task"、"创建子 issue"、"为智能体注入 skill" |
-| **Doc titles / section headings** | Title-case English **or** the Chinese term | "Issue 与 project"、"Skills"、"执行任务" |
-| **Long-form doc prose, when the entity is the running subject** | Chinese term, with English in parentheses on first mention | "**执行任务**（task）是智能体每一次工作的单位" |
-| **API / DB fields** | always `task` / `issue` / `skill` | `task_id`, `issue_status`, `skill_uuid` |
-
-Chinese term reference:
-
- `task` ↔ `执行任务` (or shortened to `任务` once context is clear)
- `issue` has no settled Chinese translation — leave English; titles may capitalize as `Issue`
- `skill` has no settled Chinese translation — leave English; titles may capitalize as `Skills`
-
-**Why `issue` / `skill` / `task` aren't forced into Chinese the way `project` / `autopilot` are**:
-
- **`issue` / `task`**: dev teams talk in English. The Chinese candidates ("任务" — too vague, almost synonymous with "工作"; "工单" — IT ticket connotation; "议题" — GitHub-style but doesn't match the product feel) all read worse than `issue`. **But** in long-form doc prose, repeating lowercase `task` 50× breaks the rhythm — so prose is allowed to use `执行任务`, while UI strings and state names stay lowercase English.
- **`skill`**: Multica-specific concept with no established Chinese term.
- **`project` → "项目"**: settled mainstream Chinese word. Feishu / Tower / Teambition / PingCode / GitHub Projects — every Chinese product translates it. No product keeps `project` in Chinese context.
- **`autopilot` → "自动化"**: in Chinese, "autopilot" associates with Tesla's "自动驾驶" and doesn't match what the feature does (run tasks on a schedule). Notion and Feishu both use "自动化"; that's the industry consensus.
-
-### Don't translate — brands and acronyms
-
-| Category | Terms |
-| --- | --- |
-| Brands | **Multica**, GitHub, Slack, Google, Anthropic, OpenAI, Claude, Codex, Cursor, Linear, Jira |
-| Acronyms | API, CLI, URL, SDK, OAuth, JWT, SSO, WebSocket, HTTP, JSON, YAML, SQL |
-
-### Translate fully — concepts
-
-| English | Chinese |
-| --- | --- |
-| Workspace | **工作区** |
-| Agent | **智能体** |
-| Project | **项目** |
-| Autopilot | **自动化** |
-| Daemon | **守护进程** |
-| Runtime | **运行时** |
-| Inbox | **收件箱** |
-| Comment | **评论** |
-| Reply | **回复** |
-| Notifications | **通知** |
-| Member | **成员** |
-| Label | **标签** |
-| Settings | **设置** |
-| Onboarding | **上手引导** |
-
-### Translate fully — generic UI words
-
-| English | Chinese |
-| --- | --- |
-| Invite / Invitation | 邀请 |
-| Search | 搜索 |
-| Email | 邮箱 (label) / 邮件 (action) |
-| Password | 密码 |
-| Sign in / Log in | 登录 |
-| Sign up | 注册 |
-| Sign out / Log out | 退出登录 |
-| Save / Cancel / Delete | 保存 / 取消 / 删除 |
-| Confirm / Continue / Back | 确认 / 继续 / 返回 |
-| Edit / New / Create / Add | 编辑 / 新建 / 创建 / 添加 |
-| Remove / Send / Open / Close | 移除 / 发送 / 打开 / 关闭 |
-| Done / Loading... | 完成 / 加载中... |
-| Profile / Account / Appearance | 个人资料 / 账号 / 外观 |
-| Theme / Language | 主题 / 语言 |
-| Light / Dark / System | 浅色 / 深色 / 跟随系统 |
-| Active / Archived | 活跃 (or 启用) / 已归档 |
-| Status / Priority | 状态 / 优先级 |
-| Assignee / Reporter | 负责人 / 报告人 |
-| Description / Title | 描述 / 标题 |
-| Date / Time | 日期 / 时间 |
-| Today / Yesterday / Tomorrow | 今天 / 昨天 / 明天 |
-| Empty / Failed / Success | 空 / 失败 / 成功 |
-| Error / Warning | 错误 / 警告 |
-
-### Roles and status enums (lowercase English, not translated)
-
-These are schema-level identifiers; render as lowercase English even in Chinese context.
-
- Roles: `owner` / `admin` / `member`
- Issue status: `backlog` / `todo` / `in_progress` / `in_review` / `done` / `blocked` / `cancelled`
-
-In UI, surface them in English (optionally `code-style` wrapped):
-
- "你需要 owner 权限"
- "已切换到 in_progress"
-
-### Word combination rules
-
-Always put **a single space** between an English word (entity / brand / acronym) and surrounding Chinese:
-
- "Create new issue" → "新建 issue"
- "Assign to agent" → "分配给智能体"
- "Configure runtime" → "配置运行时"
- "Stop daemon" → "停止守护进程"
-
-### Plurals and counts
-
-i18next uses `_one` / `_other`; Chinese has no grammatical number, only fill `_other`.
-
-```json
-// en/issues.json
-{
-  "issue_count_one": "{{count}} issue",
-  "issue_count_other": "{{count}} issues"
-}
-
-// zh-Hans/issues.json
-{
-  "issue_count_other": "{{count}} 个 issue"
-}
-```
-
-Common count formats:
-
- `{{count}} issues` → `{{count}} 个 issue`
- `{{count}} agents` → `{{count}} 个智能体`
- `{{count}} workspaces` → `{{count}} 个工作区`
- `{{count}} comments` → `{{count}} 条评论`
- `{{count}} members` → `{{count}} 位成员`
- `{{count}} skills` → `{{count}} 个 skill`
-
-### Interpolation
-
-Use `{{var}}`. Chinese translations may reorder for natural sentence flow.
-
-```json
-// en
-{ "welcome_message": "Welcome back, {{name}}!" }
-
-// zh-Hans
-{ "welcome_message": "欢迎回来，{{name}}！" }
-```
-
-### Translation key naming
-
-Three-level nesting: `feature.component.action`.
-
-```json
-{
-  "feature_or_component": {
-    "subcomponent_or_section": {
-      "action_or_label": "..."
-    }
-  }
-}
-```
-
-Examples:
-
- `issues.toolbar.batch_update_success`
- `issues.detail.comment_form.placeholder`
- `inbox.empty.title`
- `settings.preferences.language.title`
-
-### Web-only / desktop-only copy
-
- Shared copy: top level of the namespace JSON
- Web-only: `web` section
- Desktop-only: `desktop` section
-
-See `auth.json` for the canonical example (the `web` section contains `prefer_desktop` / `desktop_handoff.*`).
-
---
-
-## 3. Chinese voice and style
-
-### Punctuation
-
- Full-width punctuation in Chinese: `，。：；！？`
- Quotes: straight double quotes `"..."` to match the English source. Do not use `「」` or curly quotes.
- Ellipsis: three dots `...` not the single character `…`. Match the English source.
- Mixed Chinese-English: a single space on each side of the English word (see Word combination rules).
-
-### Style principles
-
- **Concise and direct.** Avoid translation-ese: "对于 X 来说"、"作为 X"、"我们的"。
- **Error messages**: gentle but clear. "无法保存修改" beats "保存修改失败了！".
- **Buttons**: verb first, 2–4 characters. "取消"、"保存修改"、"立即同步".
- **Tooltips**: full short sentence. "复制链接到剪贴板".
- **Placeholders**: example-style. "输入 issue 标题...".
-
-### Where to look when in doubt
-
-When the glossary doesn't cover a term, look at:
-
-1. `apps/docs/content/docs/*.zh.mdx` — the de facto Chinese voice standard, 20+ pages of consistent translation
-2. `packages/views/locales/zh-Hans/auth.json` and `editor.json` — JSON structure + selector API patterns
-3. `packages/views/auth/login-page.tsx` — component-level selector API call site
-4. `packages/views/settings/components/preferences-tab.tsx` — language switcher reference
-
---
-
-## Updating this page
-
-If you change a rule here, also:
-
-1. Apply it in the relevant locale JSONs / CLAUDE.md / docs page
-2. Note the change in the PR description so reviewers know to look for downstream sweep
-
-This page is the contract; nothing else overrides it.
--- a/apps/docs/content/docs/developers/conventions.zh.mdx
+++ b/apps/docs/content/docs/developers/conventions.zh.mdx
@@ -1,301 +0,0 @@
---
-title: 规范
-description: 代码命名规范、i18n 翻译术语表、中文风格指南的唯一权威来源。
---
-
-本页是代码命名规范、i18n 翻译术语表、中文风格指南的唯一权威来源。原本散落在 `packages/views/locales/glossary.md` 和各处注释里的规则现在都收拢到这里。
-
-写 Multica 代码、改翻译、写中文产品文案，都从这一页查。
-
---
-
-## 1. 代码命名
-
-### 路由
-
-工作区前置路由（用户进入工作区之前能访问的路由）必须用单个单词，或者 `/{noun}/{verb}` 格式。
-
- ✅ `/login`、`/inbox`、`/workspaces/new`
- ❌ `/new-workspace`、`/create-team`、`/accept-invite`
-
-根目录的连字符词组会跟用户自选 workspace slug 冲突，逼着团队不停审保留字列表。把名词（`workspaces`）保留下来，整个 `/workspaces/*` 子树自动受保护。
-
-### 工作区路由
-
-永远用 `/{slug}/{section}` —— `/{slug}/issues`、`/{slug}/agents`、`/{slug}/settings`。共享代码不要复制路由逻辑，统一走 `useNavigation().push()`，不要直接用框架的 link API。
-
-### 包与模块
-
-monorepo 的包边界是硬约束：
-
-| 包 | 可依赖 | 不能依赖 |
-| --- | --- | --- |
-| `packages/core` | 仅平台无关基础库 | `react-dom`、`localStorage`、`process.env`、`next/*`、UI 库 |
-| `packages/ui` | 无业务依赖 | `@multica/core`、业务逻辑 |
-| `packages/views` | `core/`、`ui/` | `next/*`、`react-router-dom`、stores |
-| `apps/web/platform/` | `next/*` | 其他 app |
-| `apps/desktop/.../platform/` | `react-router-dom`、electron | 其他 app |
-
-两个 app 都有的逻辑，**必须**抽到共享包。"小段重复"也不算例外。
-
-### 文件与组件
-
- 文件名：`kebab-case.tsx` / `kebab-case.ts`（如 `agent-row-actions.tsx`）
- 组件：`PascalCase`（如 `AgentRowActions`）
- Hook：`useCamelCase`（如 `useWorkspaceId`）
- 测试：与源文件同目录，命名 `<file>.test.ts(x)`
- Zustand store：`<feature>-store.ts`，导出名 `use<Feature>Store`
-
-### 数据库（Go + sqlc）
-
- 表名：`snake_case` 单数（`user`、`workspace`、`agent_runtime`）
- 字段：`snake_case`（`workspace_id`、`created_at`、`last_seen_at`）
- 外键：`<table>_id`
- 布尔：`is_<state>` 或者 `<state>_at`（状态变化优先用时间戳形式）
- 迁移文件：`NNN_descriptive_name.up.sql` + `.down.sql`，**永远写双向**
-
-### Go
-
- 标准 `gofmt` + `go vet`，无例外
- Handler 文件按域命名：`agent.go`、`auth.go`、`runtime.go`
- 测试：`<file>_test.go` 同目录
- handler 里 UUID 解析遵守根 `CLAUDE.md` 的规则：边界输入用 `parseUUIDOrBadRequest`，可信回环用 `parseUUID`（panic 版），永远不要直接用 `util.ParseUUID` 不查 error
-
-### TypeScript
-
- 网络上 API 响应是 `snake_case`，api client 在边界处转成 `camelCase`。**TS 代码内部一律 camelCase**
- 类型：`PascalCase`（`Issue`、`AgentRuntime`），不加 `IPrefix`，不加 `_t` 后缀
- 枚举：优先用 string literal union，需要 runtime 迭代时才用 `enum`
- TanStack Query key：用 `<feature>/queries.ts` 里的工厂函数，例如 `issueKeys.detail(id)`
-
-### Issue 编号
-
-每个 issue 有人类可读的编号，比如 `MUL-123`：工作区 `issue_prefix`（3 个大写字母）+ 流水号。前缀在工作区创建时定，之后不可改。
-
-### 代码注释
-
-**只允许英文**。Go 和 TypeScript 都强制。如果在代码里看到中文注释，那就是 bug，替换掉。
-
-### Commit message
-
-Conventional 格式：`feat(scope)`、`fix(scope)`、`refactor(scope)`、`docs`、`test(scope)`、`chore(scope)`。按意图原子化分组。
-
---
-
-## 2. i18n 翻译术语表
-
-这是每个翻译 PR 都必须遵守的术语表。原本在 `packages/views/locales/glossary.md`，那个文件现在是个 stub，指向这一页。
-
-### 核心区分：实体 vs 概念
-
-Multica 的产品名词分两类：
-
- **实体（typed entity）** —— 有 URL、有数据库 row、是 API 响应里某种 type 的东西。中文里**用小写英文**呈现，视觉上像类型名，告诉读者"这是 Multica 系统里的特定实体"。
- **概念（concept）** —— 不是数据库实体的普通名词。**完整翻译成中文**，CN 用户看不到生硬的英文。
-
-这套规则与 `apps/docs/content/docs/*.zh.mdx` 完全对齐 —— docs 是已经实战 20+ 篇的 CN voice 标准。
-
-### 实体词的混合规则（`issue` / `skill` / `task`）
-
-`issue` / `skill` / `task` 是 Multica 的核心实体。schema 字段、API 字段、产品 UI 标签都用英文。中文里采用**混合规则** —— 词出现在哪里决定怎么写：
-
-| 场景 | 写法 | 例 |
-| --- | --- | --- |
-| **UI 短句 / 状态名 / 代码上下文** | 小写英文 | "排队中的 task"、"创建子 issue"、"为智能体注入 skill" |
-| **doc 标题 / 章节标题** | 首字母大写英文，**或**对应中文术语 | "Issue 与 project"、"Skills"、"执行任务" |
-| **doc 正文长篇讨论中作为主语** | 中文术语，首次出现配括号英文 | "**执行任务**（task）是智能体每一次工作的单位" |
-| **API / DB 字段** | 永远 `task` / `issue` / `skill` | `task_id`、`issue_status`、`skill_uuid` |
-
-中文术语对照：
-
- `task` ↔ `执行任务`（上下文清楚后可简写为「任务」）
- `issue` 没有公认中文译法 —— 保留英文；标题可大写为 `Issue`
- `skill` 没有公认中文译法 —— 保留英文；标题可大写为 `Skills`
-
-**为什么 `issue` / `skill` / `task` 不强制译，而 `project` / `autopilot` 必译**：
-
- **`issue` / `task`**：dev 团队习惯说英文，"任务"在中文里和"工作"几乎同义太空泛，"工单"是 IT 工单语义，"议题"是 GitHub 风格但用户场景不匹配 —— 三个候选都不如 `issue` 准确。**但**在长篇 doc 正文里，重复 50 次 `task` 节奏不顺，所以正文允许用 `执行任务`，UI 短句、状态名仍保持小写英文。
- **`skill`**：Multica 特有概念，没有公认中文译法。
- **`project` 翻成「项目」**：中文里早就稳定的日常词。飞书 / Tower / Teambition / PingCode / GitHub Projects 中文版 0 例外都翻译成「项目」，没有产品保留 `project`。
- **`autopilot` 翻成「自动化」**：autopilot 在中文里联想到特斯拉的「自动驾驶」，跟产品功能（按周期跑 task）对应不上。Notion / 飞书都用「自动化」，是行业共识。
-
-### 完整翻译 —— 概念词
-
-| 英 | 中 |
-| --- | --- |
-| Workspace | **工作区** |
-| Agent | **智能体** |
-| Project | **项目** |
-| Autopilot | **自动化** |
-| Daemon | **守护进程** |
-| Runtime | **运行时** |
-| Inbox | **收件箱** |
-| Comment | **评论** |
-| Reply | **回复** |
-| Notifications | **通知** |
-| Member | **成员** |
-| Label | **标签** |
-| Settings | **设置** |
-| Onboarding | **上手引导** |
-
-### 不翻 —— 品牌名 + 通用缩写
-
-| 类别 | 词 |
-| --- | --- |
-| 品牌 | **Multica**、GitHub、Slack、Google、Anthropic、OpenAI、Claude、Codex、Cursor、Linear、Jira |
-| 缩写 | API、CLI、URL、SDK、OAuth、JWT、SSO、WebSocket、HTTP、JSON、YAML、SQL |
-
-### 完整翻译 —— 通用 UI 词
-
-| 英 | 中 |
-| --- | --- |
-| Invite / Invitation | 邀请 |
-| Search | 搜索 |
-| Email | 邮箱（label）/ 邮件（action） |
-| Password | 密码 |
-| Sign in / Log in | 登录 |
-| Sign up | 注册 |
-| Sign out / Log out | 退出登录 |
-| Save / Cancel / Delete | 保存 / 取消 / 删除 |
-| Confirm / Continue / Back | 确认 / 继续 / 返回 |
-| Edit / New / Create / Add | 编辑 / 新建 / 创建 / 添加 |
-| Remove / Send / Open / Close | 移除 / 发送 / 打开 / 关闭 |
-| Done / Loading... | 完成 / 加载中... |
-| Profile / Account / Appearance | 个人资料 / 账号 / 外观 |
-| Theme / Language | 主题 / 语言 |
-| Light / Dark / System | 浅色 / 深色 / 跟随系统 |
-| Active / Archived | 活跃（或 启用）/ 已归档 |
-| Status / Priority | 状态 / 优先级 |
-| Assignee / Reporter | 负责人 / 报告人 |
-| Description / Title | 描述 / 标题 |
-| Date / Time | 日期 / 时间 |
-| Today / Yesterday / Tomorrow | 今天 / 昨天 / 明天 |
-| Empty / Failed / Success | 空 / 失败 / 成功 |
-| Error / Warning | 错误 / 警告 |
-
-### 角色名 + 状态名（小写英文，不翻）
-
-这些是 schema-level 标识符，中文环境也保持小写英文：
-
- 角色：`owner` / `admin` / `member`
- Issue 状态：`backlog` / `todo` / `in_progress` / `in_review` / `done` / `blocked` / `cancelled`
-
-UI 里展示这些值时保持英文（必要时用 code-style 包起来）：
-
- "你需要 owner 权限"
- "已切换到 in_progress"
-
-### 词组组合规则
-
-英文词（实体名 + 品牌名 + 缩写）与中文之间**加单空格**：
-
- "Create new issue" → "新建 issue"
- "Assign to agent" → "分配给智能体"
- "Configure runtime" → "配置运行时"
- "Stop daemon" → "停止守护进程"
-
-### 复数与计数
-
-i18next 用 `_one` / `_other`；中文不区分语法单复数，只填 `_other`。
-
-```json
-// en/issues.json
-{
-  "issue_count_one": "{{count}} issue",
-  "issue_count_other": "{{count}} issues"
-}
-
-// zh-Hans/issues.json
-{
-  "issue_count_other": "{{count}} 个 issue"
-}
-```
-
-常见计数格式：
-
- `{{count}} issues` → `{{count}} 个 issue`
- `{{count}} agents` → `{{count}} 个智能体`
- `{{count}} workspaces` → `{{count}} 个工作区`
- `{{count}} comments` → `{{count}} 条评论`
- `{{count}} members` → `{{count}} 位成员`
- `{{count}} skills` → `{{count}} 个 skill`
-
-### 插值
-
-用 `{{var}}` 形式。中文翻译可以调整位置以符合中文语序。
-
-```json
-// en
-{ "welcome_message": "Welcome back, {{name}}!" }
-
-// zh-Hans
-{ "welcome_message": "欢迎回来，{{name}}！" }
-```
-
-### Key 命名约定
-
-3 层嵌套：`feature.component.action`。
-
-```json
-{
-  "feature_or_component": {
-    "subcomponent_or_section": {
-      "action_or_label": "..."
-    }
-  }
-}
-```
-
-实例：
-
- `issues.toolbar.batch_update_success`
- `issues.detail.comment_form.placeholder`
- `inbox.empty.title`
- `settings.preferences.language.title`
-
-### Web-only / Desktop-only 文案位置
-
- 共享文案：放 namespace JSON 顶层
- Web-only：放 `web` 段
- Desktop-only：放 `desktop` 段
-
-参考 `auth.json`（`web` 段含 `prefer_desktop` / `desktop_handoff.*`）。
-
---
-
-## 3. 中文风格
-
-### 标点
-
- 中文用全角标点：`，。：；！？`
- 引号：用 `"..."`（直引号），与英文 source 保持一致。**不要**用 `「」` 或弯引号
- 省略号：用 `...`（三点）而非 `…`（单字符），与英文 source 保持一致
- 中英混排：英文词左右各加 1 个空格（详见词组组合规则）
-
-### 风格原则
-
- **简洁直白**：避免翻译腔，"对于 X 来说"、"作为 X"、"我们的"
- **错误信息**：温和但明确，"无法保存修改" 优于 "保存修改失败了！"
- **按钮**：动词开头，2-4 字最佳。"取消"、"保存修改"、"立即同步"
- **Tooltip**：完整短句。"复制链接到剪贴板"
- **placeholder**：示例性提示。"输入 issue 标题..."
-
-### 拿不准的时候去哪查
-
-术语表没覆盖的词，按这个顺序查：
-
-1. `apps/docs/content/docs/*.zh.mdx` —— CN voice 事实标准，20+ 篇高度一致
-2. `packages/views/locales/zh-Hans/auth.json` 和 `editor.json` —— JSON 结构 + selector API 用法参考
-3. `packages/views/auth/login-page.tsx` —— 组件层 selector API 调用参考
-4. `packages/views/settings/components/preferences-tab.tsx` —— 语言切换器参考
-
---
-
-## 修改这一页时
-
-改本页规则的同时还要：
-
-1. 把规则在相关 locale JSON / CLAUDE.md / docs 页面里同步落地
-2. PR 描述里写明改了什么，方便 reviewer 检查下游是否跟着改了
-
-本页是契约，其他文档不能 override。
--- a/apps/docs/content/docs/developers/meta.json
+++ b/apps/docs/content/docs/developers/meta.json
@@ -1,4 +0,0 @@
-{
-  "title": "Developers",
-  "pages": ["conventions"]
-}
--- a/apps/docs/content/docs/developers/meta.zh.json
+++ b/apps/docs/content/docs/developers/meta.zh.json
@@ -1,4 +1,4 @@
 {
  "title": "Developers",
-  "pages": ["contributing", "architecture", "conventions"]
+  "pages": ["contributing", "architecture"]
 }
--- a/apps/docs/content/docs/environment-variables.mdx
+++ b/apps/docs/content/docs/environment-variables.mdx
@@ -7,21 +7,20 @@ import { Callout } from "fumadocs-ui/components/callout";

 A self-hosted Multica [server](/self-host-quickstart) reads its configuration from environment variables at startup — database, sign-in, email, storage, signup allowlists all live here. This page groups every variable by purpose: each section spells out **what happens if you leave it unset** and **which ones you must set in production**. For how to actually configure the auth-related ones, see [Sign-in and signup configuration](/auth-setup).

-## Core server variables
+## The five required at startup

-These are the core variables you must think about before deploying — some have defaults that let the server start, but in production you should set the required ones explicitly.
+These are the five you must think about before deploying — some have defaults that let the server start, but in production you should set all of them explicitly.

 | Variable | Default | Required in production? |
 |---|---|---|
 | `DATABASE_URL` | `postgres://multica:multica@localhost:5432/multica?sslmode=disable` | **Yes** |
 | `PORT` | `8080` | No (unless you change the port) |
 | `JWT_SECRET` | `multica-dev-secret-change-in-production` | **Yes** (the default is unsafe) |
-| `APP_ENV` | empty | **Yes** (must be `production`) |
+| `APP_ENV` | empty | **Yes** (must be `production` — see the next section for the trap) |
 | `FRONTEND_ORIGIN` | empty | **Yes** (self-host must set its own domain) |
-| `MULTICA_DEV_VERIFICATION_CODE` | empty | No (must stay empty in production) |

 <Callout type="warning">
-**Keep `MULTICA_DEV_VERIFICATION_CODE` empty in production.** A fixed local test code is disabled by default, but if you opt in with `MULTICA_DEV_VERIFICATION_CODE=888888`, anyone who can request a code can sign in with that fixed value while `APP_ENV` is non-production. The shortcut is ignored when `APP_ENV=production`.
+**If `APP_ENV` is not set to `production`, anyone can sign in to any account using the code `888888`.** Multica has a development-only master code, `888888` — when `APP_ENV != "production"`, **any email** plus `888888` passes verification. The behavior is intentional for local development (no Resend dependency); **in production, failing to set `production` is equivalent to disabling auth entirely**. See [Sign-in and signup configuration → The 888888 trap](/auth-setup#the-888888-trap).
 </Callout>

 ### Database connection pool
@@ -66,19 +65,13 @@ Multica stores user-uploaded attachments (images and files in comments). **S3 is

 | Variable | Default | Description |
 |---|---|---|
-| `S3_BUCKET` | empty | **Bucket name only** (for example `my-bucket`). Do **not** include the `.s3.<region>.amazonaws.com` suffix — the server constructs the public host from `S3_BUCKET` + `S3_REGION`. Setting this enables S3 storage |
-| `S3_REGION` | `us-west-2` | AWS region. Must match the bucket's actual region — it is used both for SDK signing and for building the public URL |
+| `S3_BUCKET` | empty | Setting this enables S3 storage |
+| `S3_REGION` | `us-west-2` | AWS region |
 | `AWS_ACCESS_KEY_ID` / `AWS_SECRET_ACCESS_KEY` | empty | Static credentials. When both are unset, the AWS SDK default credential chain is used (IAM role / environment credentials) |
 | `AWS_ENDPOINT_URL` | empty | Custom S3-compatible endpoint (for example [MinIO](https://min.io/)). Setting this switches to path-style URLs |

 **When `S3_BUCKET` is unset**: the server logs `"S3_BUCKET not set, cloud upload disabled"` at startup, and all uploads fall back to local disk.

-**Public URLs** are constructed in this order of priority:
-
-1. `https://<CLOUDFRONT_DOMAIN>/<key>` if `CLOUDFRONT_DOMAIN` is set.
-2. `<AWS_ENDPOINT_URL>/<S3_BUCKET>/<key>` (path-style) if `AWS_ENDPOINT_URL` is set.
-3. `https://<S3_BUCKET>.s3.<S3_REGION>.amazonaws.com/<key>` (virtual-hosted-style). When `S3_BUCKET` contains dots, the server falls back to `https://s3.<S3_REGION>.amazonaws.com/<S3_BUCKET>/<key>` (path-style) because the AWS-issued wildcard TLS certificate does not validate dotted bucket hosts.
-
 ### Local disk (when S3 is not configured)

 | Variable | Default | Description |
--- a/apps/docs/content/docs/environment-variables.zh.mdx
+++ b/apps/docs/content/docs/environment-variables.zh.mdx
@@ -7,21 +7,20 @@ import { Callout } from "fumadocs-ui/components/callout";

 Multica 的 [自部署](/self-host-quickstart) 服务器启动时从环境变量读取配置——数据库、登录、邮件、存储、注册白名单都在这里配。这一页按用途分组给完整清单：每组说清楚**不设会怎样**、**生产必须设哪几个**。Auth 相关那几个怎么真正配见 [登录与注册配置](/auth-setup)。

-## 核心 server 环境变量
+## 启动必填的五个

-这些是你部署前必须考虑的核心变量——有些有默认值能让 server 启动，但生产环境里你应该显式配置必填项。
+这五个是你部署前必须考虑的——有些有默认值能让 server 启动，但生产环境里你应该全部显式配。

 | 环境变量 | 默认值 | 生产必须设？ |
 |---|---|---|
 | `DATABASE_URL` | `postgres://multica:multica@localhost:5432/multica?sslmode=disable` | **是** |
 | `PORT` | `8080` | 否（除非换端口）|
 | `JWT_SECRET` | `multica-dev-secret-change-in-production` | **是**（默认值不安全）|
-| `APP_ENV` | 空 | **是**（必须 `production`）|
+| `APP_ENV` | 空 | **是**（必须 `production`——见下一节陷阱）|
 | `FRONTEND_ORIGIN` | 空 | **是**（self-host 要填你自己的域名）|
-| `MULTICA_DEV_VERIFICATION_CODE` | 空 | 否（生产必须保持为空）|

 <Callout type="warning">
-**生产环境保持 `MULTICA_DEV_VERIFICATION_CODE` 为空。** 固定本地测试验证码默认关闭；如果你设置 `MULTICA_DEV_VERIFICATION_CODE=888888`，在 `APP_ENV` 非 production 时，任何能请求验证码的人都能用这个固定值登录。`APP_ENV=production` 时该快捷码会被忽略。
+**`APP_ENV` 不设为 `production`，任何人都能用 `888888` 登录任何账号。** Multica 有一个开发用的主验证码（master code）`888888`——`APP_ENV != "production"` 时**任何邮箱**输 `888888` 都能通过。本地开发时故意留空方便调试；**生产环境一旦不设 `production`，等于 auth 完全失效**。详见 [登录与注册配置 → 888888 陷阱](/auth-setup#888888-陷阱)。
 </Callout>

 ### 数据库连接池
@@ -66,19 +65,13 @@ Multica 存储用户上传的附件（评论里的图片、文件等）。**优

 | 环境变量 | 默认值 | 说明 |
 |---|---|---|
-| `S3_BUCKET` | 空 | **只填 bucket 名**（例如 `my-bucket`），**不要**带 `.s3.<region>.amazonaws.com` 后缀——server 会用 `S3_BUCKET` + `S3_REGION` 自己拼公开 host。设了就启用 S3 存储 |
-| `S3_REGION` | `us-west-2` | AWS 区域。必须和 bucket 所在区域一致——SDK 签名和公开 URL 都用它 |
+| `S3_BUCKET` | 空 | 设了就启用 S3 存储 |
+| `S3_REGION` | `us-west-2` | AWS 区域 |
 | `AWS_ACCESS_KEY_ID` / `AWS_SECRET_ACCESS_KEY` | 空 | 静态凭证。全未设时用 AWS SDK 默认凭证链（IAM role / 环境凭证）|
 | `AWS_ENDPOINT_URL` | 空 | 自定义 S3 兼容端点（例如 [MinIO](https://min.io/)）。设了会切到 path-style URL |

 **`S3_BUCKET` 未设时**：server 启动时打 info 日志 `"S3_BUCKET not set, cloud upload disabled"`，所有上传回落到本地磁盘。

-**公开 URL** 按优先级拼装：
-
-1. 设了 `CLOUDFRONT_DOMAIN` → `https://<CLOUDFRONT_DOMAIN>/<key>`
-2. 设了 `AWS_ENDPOINT_URL` → `<AWS_ENDPOINT_URL>/<S3_BUCKET>/<key>`（path-style）
-3. 默认走 AWS S3 → `https://<S3_BUCKET>.s3.<S3_REGION>.amazonaws.com/<key>`（virtual-hosted-style）。bucket 名含点时会回落到 `https://s3.<S3_REGION>.amazonaws.com/<S3_BUCKET>/<key>`（path-style），因为 AWS 通配证书无法覆盖含点 host。
-
 ### 本地磁盘（S3 未配时）

 | 环境变量 | 默认值 | 说明 |
--- a/apps/docs/content/docs/getting-started/self-hosting.zh.mdx
+++ b/apps/docs/content/docs/getting-started/self-hosting.zh.mdx
@@ -31,7 +31,7 @@ curl -fsSL https://raw.githubusercontent.com/multica-ai/multica/main/scripts/ins
 multica setup self-host
 ```

-This installs the CLI, checks out the latest self-host assets, pulls the official Multica images from GHCR, and configures everything for localhost. Then open http://localhost:3000 and pick a login method: configure `RESEND_API_KEY` in `.env` for email-based codes (recommended), or leave Resend unset and copy the generated code from backend logs. See [Step 2 — Log In](#step-2--log-in) for details.
+This installs the CLI, checks out the latest self-host assets, pulls the official Multica images from GHCR, and configures everything for localhost. Then open http://localhost:3000 and pick a login method: configure `RESEND_API_KEY` in `.env` for email-based codes (recommended), or set `APP_ENV=development` in `.env` to enable the dev master code **`888888`**. See [Step 2 — Log In](#step-2--log-in) for details.

 <Callout>
 If the self-host server is already running and you only need the CLI on a macOS/Linux machine, install it with Homebrew: `brew install multica-ai/tap/multica`.
@@ -68,16 +68,16 @@ If you prefer running the Docker Compose steps manually: `cp .env.example .env`,

 ### Step 2 — Log In

-Open http://localhost:3000. The Docker self-host stack defaults to `APP_ENV=production` (set in `docker-compose.selfhost.yml`), and there is no fixed verification code by default. Pick one of the following to log in:
+Open http://localhost:3000. The Docker self-host stack defaults to `APP_ENV=production` (set in `docker-compose.selfhost.yml`), so the dev master code is **disabled by default** for safety on public deployments. Pick one of the following to log in:

 - **Recommended (production):** configure `RESEND_API_KEY` in `.env`, then restart the backend. Real verification codes will be sent to the email address you enter. See [Configuration](#configuration) below.
- **Without email configured:** the verification code is generated server-side and printed to the backend container logs (look for `[DEV] Verification code for ...:`). Useful for one-off testing on a single machine.
- **Deterministic local/private testing:** set `APP_ENV=development` and `MULTICA_DEV_VERIFICATION_CODE=888888` in `.env`, then restart the backend. This fixed code is ignored when `APP_ENV=production`.
+- **Evaluation / private network:** set `APP_ENV=development` in `.env` and restart the backend. Verification code **`888888`** will then work for any email address.
+- **Without configuring either:** the verification code is generated server-side and printed to the backend container logs (look for `[DEV] Verification code for ...:`). Useful for one-off testing on a single machine.

 Changes to `ALLOW_SIGNUP` and `GOOGLE_CLIENT_ID` also take effect after restarting the backend / compose stack. The web UI reads both from `/api/config` at runtime, so no web rebuild is needed.

 <Callout>
-**Warning:** do **not** set `MULTICA_DEV_VERIFICATION_CODE` on a publicly reachable instance — anyone who knows an email address can then log in with that fixed code.
+**Warning:** do **not** set `APP_ENV=development` on a publicly reachable instance — anyone who knows an email address can then log in with `888888`.
 </Callout>

 ### Step 3 — Install CLI & Start Daemon
@@ -212,15 +212,13 @@ Changes take effect after restarting the backend / compose stack. The web UI rea

 ### File Storage (Optional)

-For file uploads and attachments, configure S3 and (optionally) CloudFront:
+For file uploads and attachments, configure S3 and CloudFront:

 | Variable | Description |
 |----------|-------------|
-| `S3_BUCKET` | Bucket name only (e.g. `my-bucket`). Do **not** include the `.s3.<region>.amazonaws.com` suffix — the server constructs the public URL from `S3_BUCKET` + `S3_REGION` |
-| `S3_REGION` | AWS region (default: `us-west-2`). Must match the bucket's actual region — used for both SDK signing and public URLs |
-| `AWS_ACCESS_KEY_ID` / `AWS_SECRET_ACCESS_KEY` | Static credentials. When both are unset, the AWS SDK default credential chain is used |
-| `AWS_ENDPOINT_URL` | Custom S3-compatible endpoint (e.g. MinIO, R2, B2). Setting this switches the public URL to path-style |
-| `CLOUDFRONT_DOMAIN` | CloudFront distribution domain — when set, public URLs use this host instead of the S3 host |
+| `S3_BUCKET` | S3 bucket name |
+| `S3_REGION` | AWS region (default: `us-west-2`) |
+| `CLOUDFRONT_DOMAIN` | CloudFront distribution domain |
 | `CLOUDFRONT_KEY_PAIR_ID` | CloudFront key pair ID for signed URLs |
 | `CLOUDFRONT_PRIVATE_KEY` | CloudFront private key (PEM format) |

@@ -337,47 +335,16 @@ In production, put a reverse proxy in front of both the backend and frontend to

 ### Caddy (Recommended)

-**Single-domain layout** — frontend and backend served on the same hostname (this is what `docker-compose.selfhost.yml` defaults to):
-
-```
-multica.example.com {
-    # WebSocket route — must come before the catch-all
-    @multica_ws path /ws /ws/*
-    handle @multica_ws {
-        reverse_proxy localhost:8080 {
-            flush_interval -1
-        }
-    }
-
-    # Everything else → frontend
-    reverse_proxy localhost:3000
-}
-```
-
-**Separate-domain layout** — frontend and backend on different hostnames:
-
 ```
 app.example.com {
    reverse_proxy localhost:3000
 }

 api.example.com {
-    @multica_ws path /ws /ws/*
-    handle @multica_ws {
-        reverse_proxy localhost:8080 {
-            flush_interval -1
-        }
-    }
-
    reverse_proxy localhost:8080
 }
 ```

-Two non-obvious bits inside the `/ws` block are worth calling out — both are common reasons real-time updates "stop working" on a Caddy-fronted self-host:
-
- **`path /ws /ws/*` (not `/ws*`)** — bare `handle /ws` is an exact match, so future path variants under `/ws/` fall through to the frontend block. The obvious shortcut `handle /ws*` overcorrects in the other direction: Caddy's `*` is a glob without a path-segment boundary, so it would also catch unrelated paths like `/ws-foo`, which is a legitimate workspace URL (only the exact slug `ws` is reserved). Listing `/ws` and `/ws/*` explicitly covers both real cases without overreach.
- **`flush_interval -1`** — disables response buffering so WebSocket frames are forwarded as soon as they arrive. Without it, frames can sit behind Caddy's default flush window, which looks like delayed comments, missing typing indicators, or "comments only appear after a page refresh."
-
 ### Nginx

 ```nginx
--- a/apps/docs/content/docs/guides/agents.zh.mdx
+++ b/apps/docs/content/docs/guides/agents.zh.mdx
@@ -40,7 +40,7 @@ The daemon auto-detects which CLIs are available on your PATH and registers them

 Multica supports two layers of skills:

- **Local skills** — Skills already installed in your local runtime (e.g., `.claude/skills/`, `.opencode/skills/`) are automatically discovered and used by agents. You do **not** need to upload them to Multica.
+- **Local skills** — Skills already installed in your local runtime (e.g., `.claude/skills/`, `.config/opencode/skills/`) are automatically discovered and used by agents. You do **not** need to upload them to Multica.
 - **Workspace skills** — Skills created or imported in the Multica Skills page are shared across the workspace. They are automatically injected into agent runs as supplementary context, so every team member's agents benefit from them.

 Workspace skills are designed for team-wide sharing and collaboration — codify your team's best practices once, and every agent can leverage them:
--- a/apps/docs/content/docs/how-multica-works.mdx
+++ b/apps/docs/content/docs/how-multica-works.mdx
@@ -13,7 +13,7 @@ Multica is a **distributed** platform. The web interface you see is just the fro

 - **Multica server** — the workspaces, issue lists, and comment threads you see all live in its database. It's also a WebSocket hub that pushes real-time updates between you and your teammates. It does **not** execute any agent tasks.
 - **Daemon** — part of the Multica CLI, running on your own machine. On start it detects which AI coding tools are installed locally, registers with the server, and begins polling for tasks every 3 seconds and sending heartbeats every 15 seconds.
- **AI coding tools** — one of the eleven (or several in parallel): [Claude Code](/providers#claude-code), [Codex](/providers#codex), [Cursor](/providers#cursor), [Copilot](/providers#copilot), [Gemini](/providers#gemini), [Hermes](/providers#hermes), [Kimi](/providers#kimi), [Kiro CLI](/providers#kiro-cli), [OpenCode](/providers#opencode), [OpenClaw](/providers#openclaw), [Pi](/providers#pi). Once the daemon has picked up a task, it uses these tools to actually do the work.
+- **AI coding tools** — one of the ten (or several in parallel): [Claude Code](/providers#claude-code), [Codex](/providers#codex), [Cursor](/providers#cursor), [Copilot](/providers#copilot), [Gemini](/providers#gemini), [Hermes](/providers#hermes), [Kimi](/providers#kimi), [OpenCode](/providers#opencode), [OpenClaw](/providers#openclaw), [Pi](/providers#pi). Once the daemon has picked up a task, it uses these tools to actually do the work.

 Because the toolchain stays local, **your API keys, code directories, and authorized tools** are only ever used on your machine — the Multica server never sees any of them. This holds whether you self-host or use Cloud.

--- a/apps/docs/content/docs/how-multica-works.zh.mdx
+++ b/apps/docs/content/docs/how-multica-works.zh.mdx
@@ -13,7 +13,7 @@ Multica 是一个**分布式**平台。你看到的 Web 界面只是前台——

 - **Multica 服务器**——你看到的工作区、issue 列表、评论线都存在它的数据库里。它同时是 WebSocket hub，把你和同事之间的实时更新推送过去。它**不**执行任何智能体任务。
 - **守护进程**（daemon）——Multica CLI 的一部分，跑在你自己的机器上。启动后它探测本地装了哪些 AI 编程工具，注册到 server，开始每 3 秒领一次任务、每 15 秒发一次心跳。
- **AI 编程工具**——[Claude Code](/providers#claude-code)、[Codex](/providers#codex)、[Cursor](/providers#cursor)、[Copilot](/providers#copilot)、[Gemini](/providers#gemini)、[Hermes](/providers#hermes)、[Kimi](/providers#kimi)、[Kiro CLI](/providers#kiro-cli)、[OpenCode](/providers#opencode)、[OpenClaw](/providers#openclaw)、[Pi](/providers#pi) 11 款之一（或多款并存）。守护进程领到任务后，用这些工具真正去写代码。
+- **AI 编程工具**——[Claude Code](/providers#claude-code)、[Codex](/providers#codex)、[Cursor](/providers#cursor)、[Copilot](/providers#copilot)、[Gemini](/providers#gemini)、[Hermes](/providers#hermes)、[Kimi](/providers#kimi)、[OpenCode](/providers#opencode)、[OpenClaw](/providers#openclaw)、[Pi](/providers#pi) 十款之一（或多款并存）。守护进程领到任务后，用这些工具真正去写代码。

 工具链在本地的结果：**你的 API 密钥、代码目录、已授权的工具**都只在本地使用；Multica 服务器一个都看不到。自部署还是用 Cloud 都不改变这一点。

--- a/apps/docs/content/docs/index.mdx
+++ b/apps/docs/content/docs/index.mdx
@@ -13,7 +13,7 @@ This page explains where agents run and the ways you can start using Multica.

 Agents do **not** execute tasks on Multica's servers. Multica currently supports one runtime model:

- **Local [daemon](/daemon-runtimes)** — you run `multica daemon` on your own machine, and it drives the [AI coding tools](/providers) installed locally. Eleven are built in today: [Claude Code](/providers#claude-code), [Codex](/providers#codex), [Cursor](/providers#cursor), [Copilot](/providers#copilot), [Gemini](/providers#gemini), [Hermes](/providers#hermes), [Kimi](/providers#kimi), [Kiro CLI](/providers#kiro-cli), [OpenCode](/providers#opencode), [OpenClaw](/providers#openclaw), [Pi](/providers#pi). Your API keys, toolchain, and code directories stay on your machine.
+- **Local [daemon](/daemon-runtimes)** — you run `multica daemon` on your own machine, and it drives the [AI coding tools](/providers) installed locally. Ten are built in today: [Claude Code](/providers#claude-code), [Codex](/providers#codex), [Cursor](/providers#cursor), [Copilot](/providers#copilot), [Gemini](/providers#gemini), [Hermes](/providers#hermes), [Kimi](/providers#kimi), [OpenCode](/providers#opencode), [OpenClaw](/providers#openclaw), [Pi](/providers#pi). Your API keys, toolchain, and code directories stay on your machine.

 <Callout type="info">
 **Cloud runtimes are coming**, currently waitlist-only. Once live, you won't need a local daemon — agent tasks will execute on Multica Cloud directly. Sign up on the [Downloads](https://multica.ai/download) page to get notified.
--- a/apps/docs/content/docs/index.zh.mdx
+++ b/apps/docs/content/docs/index.zh.mdx
@@ -13,7 +13,7 @@ Multica 是一个任务协作平台，让人类和 AI [智能体](/agents) 在

 智能体执行任务**不**发生在 Multica 服务器上。目前 Multica 支持一种运行方式：

- **本地 [守护进程](/daemon-runtimes)** — 你在自己的机器上运行 `multica daemon`，由它调用本地安装的 [AI 编程工具](/providers)。目前内置 11 款：[Claude Code](/providers#claude-code)、[Codex](/providers#codex)、[Cursor](/providers#cursor)、[Copilot](/providers#copilot)、[Gemini](/providers#gemini)、[Hermes](/providers#hermes)、[Kimi](/providers#kimi)、[Kiro CLI](/providers#kiro-cli)、[OpenCode](/providers#opencode)、[OpenClaw](/providers#openclaw)、[Pi](/providers#pi)。你的 API 密钥、工具链、代码目录都保留在本地。
+- **本地 [守护进程](/daemon-runtimes)** — 你在自己的机器上运行 `multica daemon`，由它调用本地安装的 [AI 编程工具](/providers)。目前内置十种：[Claude Code](/providers#claude-code)、[Codex](/providers#codex)、[Cursor](/providers#cursor)、[Copilot](/providers#copilot)、[Gemini](/providers#gemini)、[Hermes](/providers#hermes)、[Kimi](/providers#kimi)、[OpenCode](/providers#opencode)、[OpenClaw](/providers#openclaw)、[Pi](/providers#pi)。你的 API 密钥、工具链、代码目录都保留在本地。

 <Callout type="info">
 **云端运行时即将开放**，目前处于等待名单阶段。上线后，你无需在本地运行守护进程，即可在 Multica Cloud 上直接执行智能体任务。在 [下载页面](https://multica.ai/download) 登记邮箱以获取通知。
--- a/apps/docs/content/docs/meta.json
+++ b/apps/docs/content/docs/meta.json
@@ -9,9 +9,7 @@
    "workspaces",
    "members-roles",
    "issues",
-    "projects",
    "comments",
-    "project-resources",
    "---Agents---",
    "agents",
    "agents-create",
@@ -34,8 +32,6 @@
    "---Reference---",
    "cli",
    "auth-tokens",
-    "desktop-app",
-    "---Developers---",
-    "developers"
+    "desktop-app"
  ]
 }
--- a/apps/docs/content/docs/meta.zh.json
+++ b/apps/docs/content/docs/meta.zh.json
@@ -9,7 +9,6 @@
    "workspaces",
    "members-roles",
    "issues",
-    "projects",
    "comments",
    "---智能体---",
    "agents",
@@ -33,8 +32,6 @@
    "---参考---",
    "cli",
    "auth-tokens",
-    "desktop-app",
-    "---开发者---",
-    "developers"
+    "desktop-app"
  ]
 }
--- a/apps/docs/content/docs/project-resources.mdx
+++ b/apps/docs/content/docs/project-resources.mdx
@@ -1,144 +0,0 @@
---
-title: Project Resources
-description: Attach typed pointers (Git repos today, more later) to a project so agents can pick them up as scoped context.
---
-
-A **Project Resource** is a typed pointer — a Git repo URL today, a Notion page or document link tomorrow — attached to a [project](/workspaces). When an [agent](/agents) runs against an issue inside that project, the daemon automatically writes the project's resource list into the agent's working directory and into its [meta-skill](/skills) prompt.
-
-The result: the agent knows which repo to check out, which docs are the "primary references" for this project, without anyone copy-pasting context into the issue body.
-
-## Mental model
-
-A project is no longer just a label. It is a small **resource container**:
-
- A project has 0..N **resources**.
- A resource has a `resource_type` (e.g. `github_repo`) and a `resource_ref` (a JSON payload typed by `resource_type`).
- New resource types add a string + a handler. **No schema migration. No frontend rewrite.**
-
-This shape is intentional — it's the same pattern Multica already uses for agent providers: a `type` discriminator and a typed payload. It keeps the schema stable so adding "Notion page", "Google Doc", "uploaded file", or "external URL" later is a small, additive change.
-
-## Today: `github_repo`
-
-The first resource type ships ready to use:
-
-```json
-{
-  "resource_type": "github_repo",
-  "resource_ref": {
-    "url": "https://github.com/owner/repo",
-    "default_branch_hint": "main"
-  }
-}
-```
-
-`default_branch_hint` is optional — if present, the daemon surfaces it in the meta-skill so the agent knows which branch to base its work on.
-
-## Attaching repos at project creation
-
-In the **Web** or **Desktop** app, opening *New project* now shows a **Repos** pill alongside Status / Priority / Lead. Selecting workspace-bound repos (or pasting an ad-hoc URL) attaches them as `github_repo` resources the moment the project is created.
-
-From the **CLI**:
-
-```bash
-# Create + attach in one shot. The server attaches resources in the same
-# transaction as the project create — invalid resources roll back the whole
-# operation, so you never end up with a project that has half its resources.
-multica project create \
-  --title "Agent UX 2026" \
-  --repo https://github.com/multica-ai/multica
-
-# Manage resources later
-multica project resource list <project-id>
-multica project resource add  <project-id> --type github_repo --url <url>
-multica project resource remove <project-id> <resource-id>
-
-# Generic escape hatch for any resource_type the server understands —
-# no CLI change needed when a new type ships:
-multica project resource add <project-id> \
-  --type notion_page \
-  --ref '{"page_id":"…","title":"…"}'
-```
-
-`--repo` may be repeated; each value is attached as a separate `github_repo` resource.
-
-## What the agent sees at runtime
-
-When the daemon spawns an agent for an issue inside a project, two things happen:
-
-### 1. `.multica/project/resources.json`
-
-A structured pass-through of the API response, written into the agent's working directory:
-
-```json
-{
-  "project_id": "…",
-  "project_title": "Agent UX 2026",
-  "resources": [
-    {
-      "id": "…",
-      "resource_type": "github_repo",
-      "resource_ref": {
-        "url": "https://github.com/multica-ai/multica",
-        "default_branch_hint": "main"
-      }
-    }
-  ]
-}
-```
-
-Skills, helper scripts, or the agent itself can parse this file when they need the *exact* set of resources for the run.
-
-### 2. A "Project Context" section in the meta-skill prompt
-
-The agent's `CLAUDE.md` / `AGENTS.md` (depending on provider) now includes a human-readable summary:
-
-```
-## Project Context
-
-This issue belongs to **Agent UX 2026**.
-
-Project resources (also written to `.multica/project/resources.json`):
-
- **GitHub repo**: https://github.com/multica-ai/multica (default branch: `main`)
-
-Resources are pointers — open them only when relevant to the task. For
-`github_repo` resources, use `multica repo checkout <url>` to fetch the code.
-```
-
-The text is intentionally minimal. The full payload is on disk; the prompt only orients the agent so it knows the project exists and what's attached.
-
-### Failure mode
-
-Resource fetch is **best-effort**. If the API call fails, the project section is omitted from the prompt and the file is not written, but the task still starts. Agents never block on missing project context.
-
-## Adding a new resource type
-
-The whole point of the abstraction is that new types are cheap. The full path:
-
-1. **Server validator** (`server/internal/handler/project_resource.go`) — add a case in `validateAndNormalizeResourceRef` that parses and normalizes the new payload.
-2. **Daemon meta-skill formatter** (`server/internal/daemon/execenv/runtime_config.go`) — add a case in `formatProjectResource` so the agent prompt renders the new type as a readable bullet.
-3. **TypeScript types** (`packages/core/types/project.ts`) — extend `ProjectResourceType` and add the payload interface.
-4. **UI renderer** (`packages/views/projects/components/project-resources-section.tsx`) — add a case in `ResourceRow` for the new type.
-
-There is **no schema migration**, no new sqlc query, no new endpoint, **and no CLI change** — the CLI's generic `--ref '<json>'` flag accepts any payload the validator understands, so day-one support for a new type is purely the four steps above. (You may *optionally* add a per-type CLI shortcut later; not required.)
-
-The same `project_resource` table and the same three CRUD calls handle every type.
-
-## Workspace repos vs. project repos
-
-The repo list shown to the agent (`## Repositories` block in `CLAUDE.md` / `AGENTS.md`) is chosen by the daemon claim handler with this precedence:
-
- **Project has at least one `github_repo` resource** → only those repos are surfaced to the agent. Workspace-bound repos are intentionally hidden so the agent doesn't have to guess which one belongs to this issue.
- **Project has no `github_repo` resources (or the issue isn't in a project)** → fall back to the workspace's repo list as before.
-
-This keeps the agent's working set tight: when a project is explicit about its repos, that's the authoritative answer. The structured resource list at `.multica/project/resources.json` always carries the full set, so a skill that wants to inspect everything still can.
-
-The daemon mirrors this on the checkout side: when a task arrives with project-scoped `github_repo` URLs, those URLs are merged into the per-workspace allowlist *and* synced into the local repo cache before the agent spawns. So a project repo URL that isn't bound at the workspace level is still a valid argument to `multica repo checkout` — the daemon won't reject it as "not configured." The allowlist split is internal: workspace-bound URLs and task-scoped URLs are tracked separately, so a workspace-repos refresh doesn't accidentally revoke a project URL mid-run.
-
-## What's intentionally **not** in scope here
-
- **Cross-project sharing.** Each resource lives on exactly one project today.
- **Per-skill resource scoping.** All resources are visible to every skill on the agent's run; type-aware filtering is a follow-up.
- **Caching / sync.** `github_repo` is just metadata — checkout still happens via `multica repo checkout` on demand. Cached document text for Notion / Google Docs will arrive with those types.
-
-These are deliberate omissions — the goal of the first cut is to validate the abstraction with the smallest set of moving parts.
--- a/apps/docs/content/docs/projects.mdx
+++ b/apps/docs/content/docs/projects.mdx
@@ -1,49 +0,0 @@
---
-title: Projects
-description: Group related issues and track them as one unit — with priority, status, progress, and an owner.
---
-
-import { Callout } from "fumadocs-ui/components/callout";
-
-A **project** in Multica is a container for related [issues](/issues). Use it when a body of work is bigger than one issue but smaller than a full workspace — a launch, a migration, a feature with multiple parts, an investigation that branches into several threads.
-
-Each project has a name, an icon, a description, a **lead** (a member or an [agent](/agents)), a **status** (`planned` / `in_progress` / `paused` / `completed` / `cancelled`), a **priority** (`urgent` / `high` / `medium` / `low` / `none`), and a **progress** percentage that's auto-derived from the status of its linked issues.
-
-## How projects relate to issues
-
-Projects and issues are independent objects with a many-to-one relationship: an issue can belong to **at most one** project; a project holds **any number of** issues. Linking and unlinking is reversible at any time — drag in the board view, or use the project picker on the issue's right-side properties panel.
-
-The progress bar on a project is computed from its linked issues — the more issues hit `done`, the further it fills. Issues that are `cancelled` are excluded from the count; issues in `backlog` count toward the denominator but not the numerator.
-
-## Pinning to the sidebar
-
-Click the pin icon in a project's top-right corner to add it to your sidebar's pinned list. Pinned projects stay one click away no matter where you are in the workspace; everyone on the team can pin independently — pins are personal.
-
-The sidebar **Workspace → Projects** link always shows every project in the workspace; pinning is a personal shortcut on top of that.
-
-## Attaching resources
-
-Each project has a **Resources** section where you attach GitHub repositories. Once attached, any [agent](/agents) assigned to issues in this project can read and write to those repos when executing tasks — Multica passes the repo URLs as context to the [daemon](/daemon-runtimes).
-
-Resources are per-project; if multiple projects share a repo, attach it to each one.
-
-## Deleting a project
-
-Deleting a project **does not delete its issues**. The linked issues are simply unlinked and revert to the workspace's flat issue list. This is intentional — work that was scoped to a project is rarely throwaway, even when the framing of the project changes.
-
-<Callout type="info">
-If you want to delete the work too, archive or delete the issues first, then delete the project.
-</Callout>
-
-## Project lead
-
-The lead is the person — or agent — accountable for the project. It's a soft signal, not an access control: any workspace member can edit a project regardless of who's lead. A project's lead can be:
-
- A workspace member (human teammate)
- An [agent](/agents) — useful when the project's work is mostly delegated to an agent (e.g., "Weekly bug triage" led by a triage agent)
-
-## Next
-
- [Issues](/issues) — the unit of work that lives inside projects
- [Agents as project lead](/agents) — when an agent is the right owner
- [How Multica works](/how-multica-works) — the broader picture
--- a/apps/docs/content/docs/projects.zh.mdx
+++ b/apps/docs/content/docs/projects.zh.mdx
@@ -1,49 +0,0 @@
---
-title: 项目
-description: 把相关的 issue 归为一组当成一个单元来跟进 —— 有优先级、状态、进度和负责人。
---
-
-import { Callout } from "fumadocs-ui/components/callout";
-
-Multica 里的**项目**（project）是相关 [issue](/issues) 的容器。当一摊工作比单个 issue 大、又比整个工作区小的时候用它 —— 一次发布、一次迁移、一个分多块做的功能、一个会拆出多个线索的调研。
-
-每个项目有名字、图标、描述、**负责人**（lead，可以是成员，也可以是 [智能体](/agents)）、**状态**（`planned` / `in_progress` / `paused` / `completed` / `cancelled`）、**优先级**（`urgent` / `high` / `medium` / `low` / `none`），以及一个根据关联 issue 状态自动算出来的**进度**百分比。
-
-## 项目和 issue 的关系
-
-项目和 issue 是独立对象，多对一关系：一个 issue **最多属于一个**项目；一个项目可以容纳**任意多个** issue。关联和解除关联随时可逆 —— 在看板视图里拖动，或者在 issue 右侧 properties 面板用项目选择器。
-
-项目的进度条是按关联 issue 状态自动算出来的 —— 越多 issue 到 `done`，进度条越满。`cancelled` 的 issue 不计入分母；`backlog` 的 issue 计入分母但不计入分子。
-
-## pin 到侧边栏
-
-点项目右上角的 pin 图标，可以把这个项目加到侧边栏的固定区。pin 过的项目无论你在工作区哪里都一键可达；每个人独立 pin —— pin 是个人偏好。
-
-侧边栏 **Workspace → Projects** 链接始终展示工作区里所有项目；pin 只是在这之上的个人快捷方式。
-
-## 关联 resources
-
-每个项目有一个 **Resources** 区，可以挂 GitHub 仓库。挂上之后，被分配到这个项目里 issue 的 [智能体](/agents) 在执行 task 时可以读写这些仓库 —— Multica 会把仓库 URL 作为上下文传给 [守护进程](/daemon-runtimes)。
-
-Resources 是项目级别的；多个项目要共享同一个仓库，要分别挂上。
-
-## 删除项目
-
-删除项目**不会**删除它的 issue。关联的 issue 只是解除关联，回到工作区的扁平 issue 列表。这是刻意的 —— 即使项目本身的框架变了，里面的工作通常也不会是一次性的。
-
-<Callout type="info">
-如果你确实想把工作也删掉，先归档或删除 issue，再删除项目。
-</Callout>
-
-## 项目负责人
-
-负责人是为这个项目负总责的人 —— 或者智能体。这是一个软信号，不是权限控制：工作区任何成员都可以编辑项目，不管谁是负责人。项目负责人可以是：
-
- 工作区里的成员（人）
- [智能体](/agents) —— 当项目里的工作大部分要交给智能体时合适（例如"每周 bug 巡检"由一个巡检智能体担任 lead）
-
-## 下一步
-
- [Issues](/issues) —— 项目里装的工作单元
- [智能体担任项目负责人](/agents) —— 什么时候由智能体当 lead 合适
- [Multica 怎么运转](/how-multica-works) —— 整体视图
--- a/apps/docs/content/docs/providers.mdx
+++ b/apps/docs/content/docs/providers.mdx
@@ -1,11 +1,11 @@
 ---
 title: AI coding tools matrix
-description: Multica supports 11 AI coding tools; they implement the same interface, but the capability details diverge significantly.
+description: Multica supports 10 AI coding tools; they implement the same interface, but the capability details diverge significantly.
 ---

 import { Callout } from "fumadocs-ui/components/callout";

-Multica ships with built-in support for **11 AI coding tools**. They all implement the same interface — queue, dispatch, execute, return results — so you can drive any of them from the same Multica board. **But the capability details diverge significantly**: whether session resumption actually works, whether MCP is supported, where skill files live, how models are selected. This page is the full matrix.
+Multica ships with built-in support for **10 AI coding tools**. They all implement the same interface — queue, dispatch, execute, return results — so you can drive any of them from the same Multica board. **But the capability details diverge significantly**: whether session resumption actually works, whether MCP is supported, where skill files live, how models are selected. This page is the full matrix.

 For guidance on picking a tool when creating an agent, see [Creating and configuring agents](/agents-create).

@@ -20,16 +20,15 @@ For guidance on picking a tool when creating an agent, see [Creating and configu
 | **Gemini** | Google | ❌ | ❌ | `.agent_context/skills/` | Static |
 | **Hermes** | Nous Research | ✅ | ❌ | `.agent_context/skills/` (fallback) | Dynamic discovery |
 | **Kimi** | Moonshot | ✅ | ❌ | `.kimi/skills/` | Dynamic discovery |
-| **Kiro CLI** | Amazon | ✅ | ❌ | `.kiro/skills/` | Dynamic discovery |
-| **OpenCode** | SST | ✅ | ❌ | `.opencode/skills/` | Dynamic discovery |
+| **OpenCode** | SST | ✅ | ❌ | `.config/opencode/skills/` | Dynamic discovery |
 | **OpenClaw** | Open source | ✅ | ❌ | `.agent_context/skills/` (fallback) | Bound to the agent, can't be switched per task |
-| **Pi** | Inflection AI | ✅ (session is a file path) | ❌ | `.pi/skills/` | Dynamic discovery |
+| **Pi** | Inflection AI | ✅ (session is a file path) | ❌ | `.pi/agent/skills/` | Dynamic discovery |

 ## What each tool is for

 ### Claude Code

-From Anthropic. **First choice for new users** — the most complete feature set: session resumption actually works, it's the **only one of the 11 that truly reads MCP configuration**, and it supports fine-tuning flags like `--max-turns` and `--append-system-prompt`. Requires an Anthropic API key.
+From Anthropic. **First choice for new users** — the most complete feature set: session resumption actually works, it's the **only one of the 10 that truly reads MCP configuration**, and it supports fine-tuning flags like `--max-turns` and `--append-system-prompt`. Requires an Anthropic API key.

 ### Codex

@@ -55,10 +54,6 @@ From Nous Research. Uses the ACP protocol (shares a transport with Kimi). Sessio

 From Moonshot, aimed at the Chinese market. Shares the ACP protocol with Hermes, but the skill path `.kimi/skills/` is Kimi CLI's native discovery mechanism — different from Hermes's fallback.

-### Kiro CLI
-
-From Amazon. Uses ACP over stdio via `kiro-cli acp`. Session resumption works through ACP `session/load`, model selection works through `session/set_model`, and skills are copied into `.kiro/skills/` for native project-level discovery.
-
 ### OpenCode

 From SST, open source. Dynamically discovers available models (scans the CLI's configuration file). Session resumption works. **Suitable for tinkerers who want to customize their model catalog.**
@@ -77,7 +72,7 @@ The session resumption mechanism is covered in [Tasks](/tasks#can-a-task-continu

 | Status | Tools | Meaning |
 |---|---|---|
-| ✅ Really works | Claude Code, Copilot, Hermes, Kimi, Kiro CLI, OpenCode, OpenClaw, Pi | Pass the resume id and it continues from the previous context |
+| ✅ Really works | Claude Code, Copilot, Hermes, Kimi, OpenCode, OpenClaw, Pi | Pass the resume id and it continues from the previous context |
 | ⚠️ Code exists but unreachable | Codex, Cursor | Resume paths exist in the code but aren't actually reached (Codex silently falls back; Cursor doesn't return session id) — **treat as unsupported** |
 | ❌ None | Gemini | The CLI has no resume mechanism |

@@ -85,7 +80,7 @@ The session resumption mechanism is covered in [Tasks](/tasks#can-a-task-continu

 ## MCP configuration: only Claude Code actually reads it

-**Of the 11 tools, only Claude Code actually consumes `mcp_config`**. The other 10 accept the field but **completely ignore it** — no error, no warning, the config just has no effect.
+**Of the 10 tools, only Claude Code actually consumes `mcp_config`**. The other 9 accept the field but **completely ignore it** — no error, no warning, the config just has no effect.

 <Callout type="warning">
 If you set `mcp_config` in an agent configuration but pick a tool other than Claude Code, your MCP servers have **no effect** on that agent. MCP integration currently covers Claude Code only.
@@ -102,9 +97,8 @@ Each tool uses **its own** skill discovery path. Before a task runs, the Multica
 | Copilot | `.github/skills/` | ✅ Native |
 | Cursor | `.cursor/skills/` | ✅ Native |
 | Kimi | `.kimi/skills/` | ✅ Native |
-| Kiro CLI | `.kiro/skills/` | ✅ Native |
-| OpenCode | `.opencode/skills/` | ✅ Native |
-| Pi | `.pi/skills/` | ✅ Native |
+| OpenCode | `.config/opencode/skills/` | ✅ Native |
+| Pi | `.pi/agent/skills/` | ✅ Native |
 | Gemini | `.agent_context/skills/` | ⚠️ Generic fallback |
 | Hermes | `.agent_context/skills/` | ⚠️ Generic fallback |
 | OpenClaw | `.agent_context/skills/` | ⚠️ Generic fallback |
--- a/apps/docs/content/docs/providers.zh.mdx
+++ b/apps/docs/content/docs/providers.zh.mdx
@@ -1,11 +1,11 @@
 ---
 title: AI 编程工具对照
-description: Multica 支持 11 款 AI 编程工具；它们实现同一套接口，但能力细节差异很大。
+description: Multica 支持 10 款 AI 编程工具；它们实现同一套接口，但能力细节差异很大。
 ---

 import { Callout } from "fumadocs-ui/components/callout";

-Multica 内置支持 **11 款 AI 编程工具**。它们都实现了同一套接口——排队、派发、执行、结果回传，所以你可以从 Multica 的同一个看板上指挥任意一款。**但它们在能力细节上差异很大**：会话恢复是否真用、是否支持 MCP、skill 文件该放在哪里、模型怎么选。这一页是完整对照。
+Multica 内置支持 **10 款 AI 编程工具**。它们都实现了同一套接口——排队、派发、执行、结果回传，所以你可以从 Multica 的同一个看板上指挥任意一款。**但它们在能力细节上差异很大**：会话恢复是否真用、是否支持 MCP、skill 文件该放在哪里、模型怎么选。这一页是完整对照。

 创建智能体时挑选工具的指引见 [创建和配置智能体](/agents-create)。

@@ -20,16 +20,15 @@ Multica 内置支持 **11 款 AI 编程工具**。它们都实现了同一套接
 | **Gemini** | Google | ❌ | ❌ | `.agent_context/skills/` | 静态 |
 | **Hermes** | Nous Research | ✅ | ❌ | `.agent_context/skills/` （fallback）| 动态发现 |
 | **Kimi** | Moonshot | ✅ | ❌ | `.kimi/skills/` | 动态发现 |
-| **Kiro CLI** | Amazon | ✅ | ❌ | `.kiro/skills/` | 动态发现 |
-| **OpenCode** | SST | ✅ | ❌ | `.opencode/skills/` | 动态发现 |
+| **OpenCode** | SST | ✅ | ❌ | `.config/opencode/skills/` | 动态发现 |
 | **OpenClaw** | 开源项目 | ✅ | ❌ | `.agent_context/skills/` （fallback）| 绑定在智能体上，不能在任务里切换 |
-| **Pi** | Inflection AI | ✅（session 为文件路径）| ❌ | `.pi/skills/` | 动态发现 |
+| **Pi** | Inflection AI | ✅（session 为文件路径）| ❌ | `.pi/agent/skills/` | 动态发现 |

 ## 每款工具的定位

 ### Claude Code

-Anthropic 出品。**新用户首选**——功能最完整：会话恢复真用，是 **11 款里唯一真读 MCP 配置**的工具，支持 `--max-turns`、`--append-system-prompt` 等细调参数。需要一个 Anthropic API 密钥。
+Anthropic 出品。**新用户首选**——功能最完整：会话恢复真用，是 **10 款里唯一真读 MCP 配置**的工具，支持 `--max-turns`、`--append-system-prompt` 等细调参数。需要一个 Anthropic API 密钥。

 ### Codex

@@ -55,10 +54,6 @@ Nous Research 出品。使用 ACP 协议（和 Kimi 共享传输层）。会话

 Moonshot 出品，中国市场向。和 Hermes 共享 ACP 协议，但 skill 路径 `.kimi/skills/` 是 Kimi CLI 的原生发现机制——和 Hermes 的 fallback 不一样。

-### Kiro CLI
-
-Amazon 出品。通过 `kiro-cli acp` 使用 ACP stdio 协议。会话恢复走 ACP `session/load`，模型选择走 `session/set_model`，skill 会复制到 `.kiro/skills/` 让 Kiro 做项目级原生发现。
-
 ### OpenCode

 SST 出品，开源。动态发现可用模型（扫 CLI 的配置文件）。会话恢复真用。**适合爱折腾、想自定义模型目录**的开发者。
@@ -77,7 +72,7 @@ Inflection AI 出品，极简主义。**会话恢复机制特殊**——session

 | 状态 | 工具 | 含义 |
 |---|---|---|
-| ✅ 真用 | Claude Code、Copilot、Hermes、Kimi、Kiro CLI、OpenCode、OpenClaw、Pi | 传 resume id，会从上次上下文接着继续 |
+| ✅ 真用 | Claude Code、Copilot、Hermes、Kimi、OpenCode、OpenClaw、Pi | 传 resume id，会从上次上下文接着继续 |
 | ⚠️ 代码存在但不可达 | Codex、Cursor | 代码里有 resume 路径但实际走不到（Codex 静默回落、Cursor session id 不回传）—— **当作不支持** |
 | ❌ 无 | Gemini | CLI 无 resume 机制 |

@@ -85,7 +80,7 @@ Inflection AI 出品，极简主义。**会话恢复机制特殊**——session

 ## MCP 配置：只有 Claude Code 真的读

-**11 款工具里只有 Claude Code 实际消费 `mcp_config`**。其他 10 款会接收这个字段但**完全忽略**——不报错、不警告，只是配置不生效。
+**10 款工具里只有 Claude Code 实际消费 `mcp_config`**。其他 9 款会接收这个字段但**完全忽略**——不报错、不警告，只是配置不生效。

 <Callout type="warning">
 如果你在智能体配置里设置了 `mcp_config`，但选了 Claude Code 之外的工具，你的 MCP server 对这个智能体**没有效果**。目前的 MCP 集成只覆盖 Claude Code。
@@ -102,9 +97,8 @@ Inflection AI 出品，极简主义。**会话恢复机制特殊**——session
 | Copilot | `.github/skills/` | ✅ 原生 |
 | Cursor | `.cursor/skills/` | ✅ 原生 |
 | Kimi | `.kimi/skills/` | ✅ 原生 |
-| Kiro CLI | `.kiro/skills/` | ✅ 原生 |
-| OpenCode | `.opencode/skills/` | ✅ 原生 |
-| Pi | `.pi/skills/` | ✅ 原生 |
+| OpenCode | `.config/opencode/skills/` | ✅ 原生 |
+| Pi | `.pi/agent/skills/` | ✅ 原生 |
 | Gemini | `.agent_context/skills/` | ⚠️ 通用 fallback |
 | Hermes | `.agent_context/skills/` | ⚠️ 通用 fallback |
 | OpenClaw | `.agent_context/skills/` | ⚠️ 通用 fallback |
--- a/apps/docs/content/docs/self-host-quickstart.mdx
+++ b/apps/docs/content/docs/self-host-quickstart.mdx
@@ -45,19 +45,19 @@ Once it's up:
 - **Frontend**: [http://localhost:3000](http://localhost:3000)
 - **Backend**: [http://localhost:8080](http://localhost:8080)

-## 2. Important: keep production safety on
+## 2. Important: set `APP_ENV` to `production`

 <Callout type="warning">
-**`docker-compose.selfhost.yml` sets `APP_ENV` to `production` by default** and leaves `MULTICA_DEV_VERIFICATION_CODE` empty, so there is no fixed code on public instances.
+**`docker-compose.selfhost.yml` sets `APP_ENV` to `production` by default** — this prevents the development "master code `888888`" from being enabled on an instance you've exposed to the public internet.

-Only set `MULTICA_DEV_VERIFICATION_CODE` for local or private test automation. If a fixed code is enabled while `APP_ENV` is non-production, anyone who can request a code can sign in with that fixed value. See [Auth setup → Fixed local testing codes](/auth-setup#fixed-local-testing-codes).
+**But if your `.env` leaves `APP_ENV` empty or sets it to another value**, `888888` is enabled — **anyone can log in as any email by typing `888888` as the verification code**. See [Auth setup → The 888888 trap](/auth-setup#the-888888-trap).

-Before any public deployment, make sure `.env` has `APP_ENV=production` and `MULTICA_DEV_VERIFICATION_CODE` is empty.
+Before any public deployment, make sure `.env` has `APP_ENV=production`.
 </Callout>

 ## 3. Configure the email service (optional but recommended)

-Without email configured, your users can't receive verification codes by email; the server prints generated codes to stdout instead.
+Without email configured, your users can't receive verification codes — **unless `APP_ENV != production`, in which case `888888` works** (see the warning above).

 To actually send verification emails:

@@ -80,7 +80,6 @@ Open [http://localhost:3000](http://localhost:3000):

 - Enter your email
 - Grab the verification code from the Resend email (or, if you haven't configured Resend, from the server container stdout — look for the `[DEV] Verification code` line)
- Do not use `888888` unless you explicitly set `MULTICA_DEV_VERIFICATION_CODE=888888` on a non-production private instance
 - Log in and create your first workspace

 ## 5. Point the CLI at your own server
@@ -116,4 +115,4 @@ Same flow as Cloud — see [Cloud quickstart → Steps 5-6](/cloud-quickstart#5-
 - [Environment variables](/environment-variables) — full env reference
 - [Auth setup](/auth-setup) — Resend / OAuth / signup allowlist in detail
 - [Troubleshooting](/troubleshooting) — start here when things go wrong
- [Desktop app](/desktop-app) — optional Desktop setup via `~/.multica/desktop.json`; the web frontend + CLI remains the quickest self-host path
+- [Desktop app](/desktop-app) — the desktop app can also connect to your self-hosted backend
--- a/apps/docs/content/docs/self-host-quickstart.zh.mdx
+++ b/apps/docs/content/docs/self-host-quickstart.zh.mdx
@@ -44,19 +44,19 @@ make selfhost
 - **前端**：[http://localhost:3000](http://localhost:3000)
 - **后端**：[http://localhost:8080](http://localhost:8080)

-## 2. 重要：保持生产安全配置
+## 2. 重要：改 `APP_ENV` 成 `production`

 <Callout type="warning">
-**`docker-compose.selfhost.yml` 默认把 `APP_ENV` 设成 `production`**，并让 `MULTICA_DEV_VERIFICATION_CODE` 为空，所以公网实例默认没有固定验证码。
+**`docker-compose.selfhost.yml` 默认把 `APP_ENV` 设成 `production`**——这防止开发用的"万能验证码 `888888`"在你公网暴露的实例上启用。

-只在本地或私有测试自动化里设置 `MULTICA_DEV_VERIFICATION_CODE`。如果在 `APP_ENV` 非 production 时启用了固定验证码，任何能请求验证码的人都能用这个固定值登录。详见 [登录与注册配置 → 固定本地测试验证码](/auth-setup#固定本地测试验证码)。
+**但如果你的 `.env` 里把 `APP_ENV` 留空或改成其他值**，`888888` 会被启用——**任何人输入任何邮箱 + `888888` 都能登录**。详见 [登录与注册配置 → 888888 陷阱](/auth-setup#888888-陷阱)。

-公网部署前一定检查 `.env` 里 `APP_ENV=production`，且 `MULTICA_DEV_VERIFICATION_CODE` 为空。
+公网部署前一定检查 `.env` 里 `APP_ENV=production`。
 </Callout>

 ## 3. 配置邮件服务（可选但推荐）

-如果不配邮件，用户无法通过邮件收到验证码；server 会把生成的验证码打印到 stdout。
+如果不配邮件，你的用户无法收到验证码——**但如果 `APP_ENV != production` 你可以用 `888888` 登录**（见上方警告）。

 要真的发验证码邮件：

@@ -79,7 +79,6 @@ make selfhost

 - 输入你的邮箱
 - 从 Resend 邮件里拿验证码（或者前面没配 Resend 的话从 server 容器的 stdout 里抄 `[DEV] Verification code` 这行）
- 不要直接使用 `888888`；只有在非 production 私有实例上显式设置 `MULTICA_DEV_VERIFICATION_CODE=888888` 后它才会生效
 - 登录后创建第一个工作区

 ## 5. 连接命令行工具到你自己的 server
@@ -115,4 +114,4 @@ multica setup self-host
 - [环境变量](/environment-variables) —— 完整 env 清单
 - [登录与注册配置](/auth-setup) —— Resend / OAuth / 注册白名单详细配置
 - [故障排查](/troubleshooting) —— 遇到问题先来这里
- [桌面应用](/desktop-app) —— 可以通过 `~/.multica/desktop.json` 连接 Desktop；Web 前端 + CLI 仍然是最快的自部署路径
+- [桌面应用](/desktop-app) —— 桌面应用也能连你的自部署后端
--- a/Show More
+++ b/Show More