From 969fbf8925be958b381194ec76ed98aca21e6734 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 19 May 2026 22:41:55 +0800
Subject: [PATCH 01/77] docs: add design spec + Plan 1 (Rust backend
 implementation)

- specs/2026-05-19-rust-navigation-platform-design.md
  Architectural redesign: Rust (Axum + SQLite + tower-sessions) backend,
  SvelteKit SPA front, single Docker image. New design system, i18n,
  3NF data model, edit mode UX. All open questions resolved per
  industry best practice.
- plans/2026-05-19-plan-1-rust-backend.md
  33-task TDD plan for the server/ crate end-to-end.

Plans 2-5 (frontend foundation, read-only, edit mode, deploy) to follow
after Plan 1 lands.
---
 .../plans/2026-05-19-plan-1-rust-backend.md   | 4803 +++++++++++++++++
 ...6-05-19-rust-navigation-platform-design.md |  791 +++
 2 files changed, 5594 insertions(+)
 create mode 100644 docs/superpowers/plans/2026-05-19-plan-1-rust-backend.md
 create mode 100644 docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md

diff --git a/docs/superpowers/plans/2026-05-19-plan-1-rust-backend.md b/docs/superpowers/plans/2026-05-19-plan-1-rust-backend.md
new file mode 100644
index 0000000..77ef5c1
--- /dev/null
+++ b/docs/superpowers/plans/2026-05-19-plan-1-rust-backend.md
@@ -0,0 +1,4803 @@
+# Rust Backend Implementation Plan (Plan 1 of 5)
+
+> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
+
+**Goal:** Stand up the Rust backend (`server/` crate) end-to-end — from repo restructure through schema, repos, public read API, password-based auth, full CRUD, CLI password reset, and SPA fallback — so that `cargo run` produces a working API at `:8080` that the frontend (built later) can consume.
+
+**Architecture:** Single binary using Axum 0.7 + Tokio + SQLx (SQLite). 3NF schema migrated via `sqlx::migrate!`. Repository trait pattern (`NavRepo`, `ConfigRepo`) decouples handlers from SQL. Sessions stored in SQLite via `tower-sessions-sqlx-store`. Public read endpoint `/api/nav` returns the full bundle in one round-trip; writes are fine-grained behind a `RequireAuth` extractor. Static frontend bundle served by `tower_http::services::ServeDir` with SPA fallback. CLI subcommand for password reset (`navsrv reset-password`). Tests are integration-first using an in-memory SQLite per test.
+
+**Tech Stack:** Rust 1.79 · Axum 0.7 · Tokio 1 · SQLx 0.7 (sqlite + chrono + migrate) · tower-sessions 0.10 + sqlx-store · tower-governor 0.3 · tower-http 0.5 (compression + ServeDir + headers) · bcrypt 0.15 · clap 4 (derive) · figment 0.10 + dotenvy · serde 1 / serde_json 1 · validator 0.16 · thiserror 1 · anyhow 1 · tracing + tracing-subscriber · reqwest 0.12 (favicon proxy) · multer 3 (multipart) · rand 0.8 · chrono 0.4
+
+**Spec reference:** `docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md`
+
+---
+
+## Conventions
+
+- **Working directory** for every `cargo` command: `server/`. Every `pnpm` command: `web/`.
+- **Branch / commit style:** Conventional Commits. Each task ends with one commit; commit subject ≤ 72 chars; body explains *why*. No `Co-Authored-By` trailer.
+- **Test layout:** `cargo test` only — unit tests beside source via `#[cfg(test)] mod tests`, integration tests under `server/tests/`.
+- **Error policy:** All fallible code returns `Result<T, AppError>`. Handlers `?` propagate; `AppError: IntoResponse` produces JSON `{ "error": "...", "message": "..."? }`.
+- **No `unwrap` / `expect`** in non-test code, except at well-justified panics (e.g. router builder constants).
+- **Time:** epoch milliseconds (`i64`) at the storage boundary; `chrono::DateTime<Utc>` only when serializing.
+
+---
+
+## Phase 0: Repository Restructure (Tasks 1–4)
+
+Goal: get the existing SvelteKit project into `web/` so the new `server/` can sit beside it cleanly. Frontend must still `pnpm dev` after the move.
+
+### Task 1: Snapshot pre-move state
+
+**Files:**
+- Read-only: `package.json`, `svelte.config.js`, `vite.config.ts`, `tsconfig.json`, `playwright.config.js`, `src/`, `static/`
+
+- [ ] **Step 1: Verify clean working tree**
+
+```bash
+git status
+```
+
+Expected: `nothing to commit, working tree clean`. If not, stop and resolve.
+
+- [ ] **Step 2: Confirm current dev server still runs (baseline)**
+
+```bash
+pnpm install --frozen-lockfile
+pnpm dev --host 127.0.0.1 --port 5173 &
+sleep 4
+curl -sf http://127.0.0.1:5173 | head -c 200
+kill %1
+```
+
+Expected: HTML containing `<title>` of the existing site.
+
+- [ ] **Step 3: Record the file list that will move**
+
+```bash
+git ls-files | grep -E '^(src/|static/|package\.json$|pnpm-lock\.yaml$|svelte\.config\.js$|vite\.config\.ts$|tsconfig\.json$|playwright\.config\.js$|\.eslintrc\.cjs$|\.eslintignore$|\.prettierrc$|\.prettierignore$|\.npmrc$)' > /tmp/web-files.txt
+wc -l /tmp/web-files.txt
+```
+
+Expected: a numeric count > 10. This list drives Task 2.
+
+### Task 2: Move frontend into `web/`
+
+**Files:**
+- Create dir: `web/`
+- Move: every path in `/tmp/web-files.txt` → `web/<same-relative-path>`
+
+- [ ] **Step 1: Create the target directory**
+
+```bash
+mkdir -p web
+```
+
+- [ ] **Step 2: `git mv` each tracked frontend path**
+
+```bash
+while read -r path; do
+  mkdir -p "web/$(dirname "$path")"
+  git mv "$path" "web/$path"
+done < /tmp/web-files.txt
+```
+
+Expected: no errors. Run `git status` — only `R` (renamed) entries.
+
+- [ ] **Step 3: Move untracked but project-relevant files**
+
+```bash
+[ -d node_modules ] && rm -rf node_modules
+[ -d build ]        && rm -rf build
+[ -d .svelte-kit ]  && rm -rf .svelte-kit
+[ -f .eslintignore ] && git mv .eslintignore web/.eslintignore 2>/dev/null || true
+```
+
+(The `git mv` calls above already handled tracked dotfiles; this step just sweeps build artifacts.)
+
+- [ ] **Step 4: Verify root has no leftover frontend files**
+
+```bash
+ls -la
+```
+
+Expected: only `web/`, `config/` (existing nginx), `Dockerfile` (will be replaced), `README.md`, `.git`, `.gitignore`, `.dockerignore`, `.editorconfig`, `snapshot_*.png`, `docs/`, `.github/`. No `src/`, no `package.json`, no `node_modules`.
+
+- [ ] **Step 5: Commit the move (rename-only commit)**
+
+```bash
+git add -A
+git commit -m "$(cat <<'EOF'
+chore: move SvelteKit project into web/ subdirectory
+
+Prepares for split-repo layout (web/ + server/) per spec §9.3.
+Pure rename — no logic changes.
+EOF
+)"
+```
+
+### Task 3: Adjust `web/vite.config.ts` to proxy `/api` to backend
+
+**Files:**
+- Modify: `web/vite.config.ts`
+
+- [ ] **Step 1: Read current config**
+
+```bash
+cat web/vite.config.ts
+```
+
+- [ ] **Step 2: Replace contents**
+
+```typescript
+// web/vite.config.ts
+import { sveltekit } from '@sveltejs/kit/vite';
+import type { UserConfig } from 'vite';
+
+const config: UserConfig = {
+  plugins: [sveltekit()],
+  server: {
+    port: 5173,
+    strictPort: true,
+    proxy: {
+      '/api': {
+        target: 'http://127.0.0.1:8080',
+        changeOrigin: false,
+      },
+    },
+  },
+};
+
+export default config;
+```
+
+- [ ] **Step 3: Verify dev server still boots**
+
+```bash
+cd web
+pnpm install --frozen-lockfile
+pnpm dev --port 5173 &
+sleep 4
+curl -sf http://127.0.0.1:5173/ | head -c 200
+curl -s -o /dev/null -w '%{http_code}\n' http://127.0.0.1:5173/api/nav
+kill %1
+cd ..
+```
+
+Expected: HTML on `/`. `/api/nav` returns either `502` (no backend yet) or connection refused — both prove the proxy is active. Anything 2xx would mean the proxy is wrong.
+
+- [ ] **Step 4: Commit**
+
+```bash
+git add web/vite.config.ts
+git commit -m "$(cat <<'EOF'
+chore(web): proxy /api → 127.0.0.1:8080 in vite dev server
+
+Backend will listen on :8080 (Plan 1, Phase 1). Same-origin in
+production via ServeDir; this proxy only affects dev mode.
+EOF
+)"
+```
+
+### Task 4: Update root `.gitignore` and `.dockerignore` for the new layout
+
+**Files:**
+- Modify: `.gitignore`, `.dockerignore`
+
+- [ ] **Step 1: Update `.gitignore`**
+
+Replace contents with:
+
+```gitignore
+# OS
+.DS_Store
+Thumbs.db
+
+# Editors
+.vscode/
+.idea/
+
+# Frontend
+web/node_modules/
+web/.svelte-kit/
+web/build/
+web/.env
+web/.env.*
+!web/.env.example
+
+# Backend
+server/target/
+server/.env
+server/.env.*
+!server/.env.example
+server/dev-data/
+
+# Local volumes / runtime
+data/
+*.log
+*.pid
+
+# Worktrees (per ~/.claude/rules/worktree-location.md)
+.worktrees/
+
+# Tests
+test-results/
+playwright-report/
+```
+
+- [ ] **Step 2: Update `.dockerignore`**
+
+```
+# Build artifacts
+**/node_modules
+**/.svelte-kit
+**/build
+**/target
+
+# Local data / env
+**/.env
+**/.env.*
+!**/.env.example
+**/dev-data
+data/
+
+# Git / dev
+.git
+.gitignore
+.github
+.worktrees
+.vscode
+.idea
+docs
+tests
+*.md
+!README.md
+snapshot_*.png
+```
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add .gitignore .dockerignore
+git commit -m "chore: ignore web/ + server/ artefacts and local data dir"
+```
+
+---
+
+## Phase 1: Backend Scaffold (Tasks 5–9)
+
+Goal: a `server/` crate that compiles, runs, and exposes `GET /api/health`. Lays down `AppError`, `Settings`, and integration-test infrastructure.
+
+### Task 5: Create `server/Cargo.toml`
+
+**Files:**
+- Create: `server/Cargo.toml`
+- Create: `server/.gitignore`
+- Create: `server/rust-toolchain.toml`
+
+- [ ] **Step 1: Make the crate directory**
+
+```bash
+mkdir -p server/src server/tests server/migrations
+```
+
+- [ ] **Step 2: Write `server/Cargo.toml`**
+
+```toml
+[package]
+name = "navsrv"
+version = "0.1.0"
+edition = "2021"
+rust-version = "1.79"
+default-run = "navsrv"
+
+[[bin]]
+name = "navsrv"
+path = "src/main.rs"
+
+[dependencies]
+axum = { version = "0.7", features = ["macros", "multipart"] }
+tokio = { version = "1", features = ["full"] }
+tower = "0.4"
+tower-http = { version = "0.5", features = ["fs", "trace", "compression-gzip", "set-header"] }
+tower-sessions = "0.10"
+tower-sessions-sqlx-store = { version = "0.10", features = ["sqlite"] }
+tower_governor = "0.3"
+
+sqlx = { version = "0.7", default-features = false, features = ["runtime-tokio-rustls", "sqlite", "chrono", "macros", "migrate"] }
+
+serde = { version = "1", features = ["derive"] }
+serde_json = "1"
+validator = { version = "0.16", features = ["derive"] }
+
+bcrypt = "0.15"
+rand = "0.8"
+
+clap = { version = "4", features = ["derive"] }
+figment = { version = "0.10", features = ["toml", "env"] }
+dotenvy = "0.15"
+
+thiserror = "1"
+anyhow = "1"
+
+tracing = "0.1"
+tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] }
+
+chrono = { version = "0.4", default-features = false, features = ["clock", "serde"] }
+
+reqwest = { version = "0.12", default-features = false, features = ["rustls-tls"] }
+mime = "0.3"
+multer = "3"
+bytes = "1"
+async-trait = "0.1"
+
+[dev-dependencies]
+axum-test = "15"
+tempfile = "3"
+serde_json = "1"
+
+[profile.release]
+lto = "thin"
+codegen-units = 1
+strip = true
+```
+
+- [ ] **Step 3: Write `server/rust-toolchain.toml`**
+
+```toml
+[toolchain]
+channel = "1.79"
+components = ["rustfmt", "clippy"]
+profile = "minimal"
+```
+
+- [ ] **Step 4: Write `server/.gitignore`**
+
+```gitignore
+target/
+dev-data/
+.env
+.env.*
+!.env.example
+*.log
+```
+
+- [ ] **Step 5: Stub a no-op `src/main.rs` so the crate compiles**
+
+```rust
+// server/src/main.rs
+fn main() {}
+```
+
+- [ ] **Step 6: Verify it builds (cold compile is slow; that's expected)**
+
+```bash
+cd server
+cargo build --quiet
+cd ..
+```
+
+Expected: compiles without errors.
+
+- [ ] **Step 7: Commit**
+
+```bash
+git add server/Cargo.toml server/Cargo.lock server/.gitignore server/rust-toolchain.toml server/src/main.rs
+git commit -m "feat(server): scaffold navsrv crate with locked toolchain and deps"
+```
+
+### Task 6: `AppError` + `IntoResponse`
+
+**Files:**
+- Create: `server/src/error.rs`
+- Create: `server/src/lib.rs`
+- Modify: `server/src/main.rs`
+
+- [ ] **Step 1: Write a failing test**
+
+Create `server/src/error.rs`:
+
+```rust
+//! Unified application error type.
+
+use axum::http::StatusCode;
+use axum::response::{IntoResponse, Response};
+use axum::Json;
+use serde_json::json;
+use thiserror::Error;
+
+#[derive(Debug, Error)]
+pub enum AppError {
+    #[error("not found")]
+    NotFound,
+
+    #[error("unauthenticated")]
+    Unauthenticated,
+
+    #[error("forbidden")]
+    Forbidden,
+
+    #[error("validation failed: {0}")]
+    Validation(String),
+
+    #[error("conflict: {0}")]
+    Conflict(String),
+
+    #[error("rate limited")]
+    RateLimited,
+
+    #[error(transparent)]
+    Sqlx(#[from] sqlx::Error),
+
+    #[error(transparent)]
+    Bcrypt(#[from] bcrypt::BcryptError),
+
+    #[error(transparent)]
+    Io(#[from] std::io::Error),
+
+    #[error(transparent)]
+    Json(#[from] serde_json::Error),
+
+    #[error(transparent)]
+    Other(#[from] anyhow::Error),
+}
+
+impl AppError {
+    pub fn status(&self) -> StatusCode {
+        match self {
+            AppError::NotFound => StatusCode::NOT_FOUND,
+            AppError::Unauthenticated => StatusCode::UNAUTHORIZED,
+            AppError::Forbidden => StatusCode::FORBIDDEN,
+            AppError::Validation(_) => StatusCode::UNPROCESSABLE_ENTITY,
+            AppError::Conflict(_) => StatusCode::CONFLICT,
+            AppError::RateLimited => StatusCode::TOO_MANY_REQUESTS,
+            AppError::Sqlx(sqlx::Error::RowNotFound) => StatusCode::NOT_FOUND,
+            _ => StatusCode::INTERNAL_SERVER_ERROR,
+        }
+    }
+
+    fn code(&self) -> &'static str {
+        match self {
+            AppError::NotFound => "not_found",
+            AppError::Unauthenticated => "unauthenticated",
+            AppError::Forbidden => "forbidden",
+            AppError::Validation(_) => "validation_failed",
+            AppError::Conflict(_) => "conflict",
+            AppError::RateLimited => "rate_limited",
+            _ => "internal",
+        }
+    }
+}
+
+impl IntoResponse for AppError {
+    fn into_response(self) -> Response {
+        let status = self.status();
+        let code = self.code();
+        // Internal errors must not leak details to clients.
+        let message = match &self {
+            AppError::Validation(m) | AppError::Conflict(m) => Some(m.clone()),
+            AppError::NotFound
+            | AppError::Unauthenticated
+            | AppError::Forbidden
+            | AppError::RateLimited => None,
+            other => {
+                tracing::error!(error = %other, "internal error");
+                None
+            }
+        };
+        let body = match message {
+            Some(m) => json!({ "error": code, "message": m }),
+            None => json!({ "error": code }),
+        };
+        (status, Json(body)).into_response()
+    }
+}
+
+pub type Result<T> = std::result::Result<T, AppError>;
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use axum::http::StatusCode;
+
+    #[test]
+    fn validation_error_is_422_with_message() {
+        let err = AppError::Validation("name too long".into());
+        assert_eq!(err.status(), StatusCode::UNPROCESSABLE_ENTITY);
+        let resp = err.into_response();
+        assert_eq!(resp.status(), StatusCode::UNPROCESSABLE_ENTITY);
+    }
+
+    #[test]
+    fn not_found_is_404_no_message() {
+        let err = AppError::NotFound;
+        assert_eq!(err.status(), StatusCode::NOT_FOUND);
+    }
+
+    #[test]
+    fn sqlx_row_not_found_maps_to_404() {
+        let err: AppError = sqlx::Error::RowNotFound.into();
+        assert_eq!(err.status(), StatusCode::NOT_FOUND);
+    }
+}
+```
+
+- [ ] **Step 2: Add a library entry so tests can find it**
+
+Create `server/src/lib.rs`:
+
+```rust
+//! navsrv internal library — exposed for integration tests.
+pub mod error;
+```
+
+- [ ] **Step 3: Update `main.rs` to use the lib**
+
+```rust
+// server/src/main.rs
+fn main() {}
+```
+
+(unchanged for now; we just need the library exposed.)
+
+- [ ] **Step 4: Add `[lib]` to `Cargo.toml`** (insert after `[[bin]]`)
+
+```toml
+[lib]
+name = "navsrv"
+path = "src/lib.rs"
+```
+
+- [ ] **Step 5: Run tests**
+
+```bash
+cd server
+cargo test --lib error::tests
+cd ..
+```
+
+Expected: 3 tests pass.
+
+- [ ] **Step 6: Commit**
+
+```bash
+git add server/Cargo.toml server/src/lib.rs server/src/error.rs
+git commit -m "feat(server): AppError with IntoResponse and unit tests"
+```
+
+### Task 7: `Settings` from env (figment + dotenvy)
+
+**Files:**
+- Create: `server/src/config.rs`
+- Create: `server/.env.example`
+- Modify: `server/src/lib.rs`
+
+- [ ] **Step 1: Define `Settings`**
+
+Create `server/src/config.rs`:
+
+```rust
+//! Runtime configuration loaded from env (with optional .env).
+
+use figment::providers::Env;
+use figment::Figment;
+use serde::Deserialize;
+use std::path::PathBuf;
+
+#[derive(Debug, Clone, Deserialize)]
+pub struct Settings {
+    /// TCP port to listen on.
+    #[serde(default = "default_port")]
+    pub port: u16,
+    /// Directory holding `data.db`, `INITIAL_PASSWORD.txt`, and the icon cache.
+    #[serde(default = "default_data_dir")]
+    pub data_dir: PathBuf,
+    /// Directory holding the SvelteKit build output (HTML/JS/CSS).
+    #[serde(default = "default_static_dir")]
+    pub static_dir: PathBuf,
+    /// Initial admin password, if provided. When None, a random one is generated on first boot.
+    pub bootstrap_admin_password: Option<String>,
+    /// Set true on prod deployments to require Secure cookies.
+    #[serde(default)]
+    pub secure_cookies: bool,
+    /// `tracing-subscriber` env filter, e.g. "info,sqlx=warn".
+    #[serde(default = "default_log")]
+    pub rust_log: String,
+}
+
+fn default_port() -> u16 { 8080 }
+fn default_data_dir() -> PathBuf { PathBuf::from("./dev-data") }
+fn default_static_dir() -> PathBuf { PathBuf::from("../web/build") }
+fn default_log() -> String { "info,sqlx=warn,tower_http=info".into() }
+
+impl Settings {
+    pub fn load() -> anyhow::Result<Self> {
+        // Best-effort .env loading; ignore if missing.
+        let _ = dotenvy::dotenv();
+        let s: Settings = Figment::new()
+            .merge(Env::raw().split("__"))
+            .extract()?;
+        std::fs::create_dir_all(&s.data_dir)?;
+        Ok(s)
+    }
+
+    pub fn db_url(&self) -> String {
+        let path = self.data_dir.join("data.db");
+        format!("sqlite://{}?mode=rwc", path.display())
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn defaults_are_sane() {
+        // SAFETY: this is single-threaded test code; std::env safe in tests.
+        std::env::remove_var("PORT");
+        std::env::remove_var("DATA_DIR");
+        std::env::remove_var("STATIC_DIR");
+        std::env::remove_var("BOOTSTRAP_ADMIN_PASSWORD");
+        std::env::remove_var("SECURE_COOKIES");
+        std::env::remove_var("RUST_LOG");
+        let s = Settings::load().unwrap();
+        assert_eq!(s.port, 8080);
+        assert!(s.data_dir.ends_with("dev-data"));
+        assert!(!s.secure_cookies);
+        assert!(s.bootstrap_admin_password.is_none());
+    }
+
+    #[test]
+    fn db_url_uses_data_dir() {
+        let s = Settings {
+            port: 8080,
+            data_dir: PathBuf::from("/tmp/x"),
+            static_dir: PathBuf::from("/tmp/static"),
+            bootstrap_admin_password: None,
+            secure_cookies: false,
+            rust_log: "info".into(),
+        };
+        assert_eq!(s.db_url(), "sqlite:///tmp/x/data.db?mode=rwc");
+    }
+}
+```
+
+- [ ] **Step 2: Write `server/.env.example`**
+
+```env
+# Server
+PORT=8080
+DATA_DIR=./dev-data
+STATIC_DIR=../web/build
+RUST_LOG=info,sqlx=warn,tower_http=info
+
+# Auth
+# Set on first boot only. Leave empty to have one generated and written
+# to ${DATA_DIR}/INITIAL_PASSWORD.txt.
+BOOTSTRAP_ADMIN_PASSWORD=
+
+# Security
+# Set true behind HTTPS terminator. Cookies become Secure-only.
+SECURE_COOKIES=false
+```
+
+- [ ] **Step 3: Expose module from `lib.rs`**
+
+```rust
+// server/src/lib.rs
+pub mod config;
+pub mod error;
+```
+
+- [ ] **Step 4: Run tests**
+
+```bash
+cd server
+cargo test --lib config::tests
+cd ..
+```
+
+Expected: 2 tests pass.
+
+- [ ] **Step 5: Commit**
+
+```bash
+git add server/src/config.rs server/src/lib.rs server/.env.example
+git commit -m "feat(server): Settings loader from env with safe defaults"
+```
+
+### Task 8: Axum app with `/api/health`
+
+**Files:**
+- Create: `server/src/app.rs`
+- Create: `server/src/routes/mod.rs`
+- Create: `server/src/routes/health.rs`
+- Modify: `server/src/lib.rs`, `server/src/main.rs`
+- Create: `server/tests/health.rs`
+
+- [ ] **Step 1: Write the failing integration test first**
+
+Create `server/tests/health.rs`:
+
+```rust
+use axum_test::TestServer;
+use navsrv::app::build_app_for_tests;
+
+#[tokio::test]
+async fn health_returns_ok_json() {
+    let app = build_app_for_tests().await.expect("app builds");
+    let server = TestServer::new(app).expect("server");
+    let res = server.get("/api/health").await;
+    res.assert_status_ok();
+    res.assert_json(&serde_json::json!({ "status": "ok" }));
+}
+```
+
+- [ ] **Step 2: Run the test — expect compile error (no `app` module yet)**
+
+```bash
+cd server
+cargo test --test health -- --nocapture
+```
+
+Expected: error referencing missing `navsrv::app`.
+
+- [ ] **Step 3: Write `routes/health.rs`**
+
+```rust
+// server/src/routes/health.rs
+use axum::{routing::get, Json, Router};
+use serde_json::{json, Value};
+
+pub fn router() -> Router {
+    Router::new().route("/health", get(health))
+}
+
+async fn health() -> Json<Value> {
+    Json(json!({ "status": "ok" }))
+}
+```
+
+- [ ] **Step 4: Write `routes/mod.rs`**
+
+```rust
+// server/src/routes/mod.rs
+use axum::Router;
+
+pub mod health;
+
+pub fn api() -> Router {
+    Router::new().nest("/api", Router::new().merge(health::router()))
+}
+```
+
+- [ ] **Step 5: Write `app.rs`**
+
+```rust
+// server/src/app.rs
+use axum::Router;
+use tower_http::compression::CompressionLayer;
+use tower_http::set_header::SetResponseHeaderLayer;
+use axum::http::{header, HeaderValue};
+
+use crate::routes;
+
+/// Build the full HTTP application (without listener).
+pub fn build_app() -> Router {
+    Router::new()
+        .merge(routes::api())
+        .layer(CompressionLayer::new())
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::X_CONTENT_TYPE_OPTIONS,
+            HeaderValue::from_static("nosniff"),
+        ))
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::REFERRER_POLICY,
+            HeaderValue::from_static("same-origin"),
+        ))
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::X_FRAME_OPTIONS,
+            HeaderValue::from_static("DENY"),
+        ))
+}
+
+/// Test variant: no DB / sessions yet — just the bare router.
+pub async fn build_app_for_tests() -> anyhow::Result<Router> {
+    Ok(build_app())
+}
+```
+
+- [ ] **Step 6: Update `lib.rs`**
+
+```rust
+// server/src/lib.rs
+pub mod app;
+pub mod config;
+pub mod error;
+pub mod routes;
+```
+
+- [ ] **Step 7: Update `main.rs`**
+
+```rust
+// server/src/main.rs
+use anyhow::Context;
+use navsrv::{app::build_app, config::Settings};
+use std::net::SocketAddr;
+use tokio::net::TcpListener;
+
+#[tokio::main]
+async fn main() -> anyhow::Result<()> {
+    let settings = Settings::load().context("load settings")?;
+    init_tracing(&settings.rust_log);
+
+    let app = build_app();
+    let addr = SocketAddr::from(([0, 0, 0, 0], settings.port));
+    let listener = TcpListener::bind(addr).await.context("bind")?;
+    tracing::info!(%addr, "navsrv listening");
+    axum::serve(listener, app).await.context("serve")?;
+    Ok(())
+}
+
+fn init_tracing(filter: &str) {
+    use tracing_subscriber::{fmt, EnvFilter};
+    let env = EnvFilter::try_new(filter).unwrap_or_else(|_| EnvFilter::new("info"));
+    fmt().with_env_filter(env).with_target(false).compact().init();
+}
+```
+
+- [ ] **Step 8: Run the integration test**
+
+```bash
+cd server
+cargo test --test health
+cd ..
+```
+
+Expected: PASS.
+
+- [ ] **Step 9: Smoke-run the binary**
+
+```bash
+cd server
+PORT=8081 cargo run &
+SERVER_PID=$!
+sleep 2
+curl -sf http://127.0.0.1:8081/api/health
+kill $SERVER_PID
+cd ..
+```
+
+Expected: `{"status":"ok"}`.
+
+- [ ] **Step 10: Commit**
+
+```bash
+git add server/src/app.rs server/src/lib.rs server/src/main.rs server/src/routes server/tests/health.rs
+git commit -m "feat(server): axum app with /api/health and security headers"
+```
+
+### Task 9: Tracing-aware request layer
+
+**Files:**
+- Modify: `server/src/app.rs`
+
+- [ ] **Step 1: Add a `TraceLayer` so each request gets logged**
+
+Update `build_app()`:
+
+```rust
+// server/src/app.rs (replace prior contents)
+use axum::http::{header, HeaderValue, Request};
+use axum::Router;
+use tower_http::compression::CompressionLayer;
+use tower_http::set_header::SetResponseHeaderLayer;
+use tower_http::trace::{DefaultOnResponse, TraceLayer};
+use tracing::Level;
+
+use crate::routes;
+
+pub fn build_app() -> Router {
+    let trace = TraceLayer::new_for_http()
+        .make_span_with(|req: &Request<_>| {
+            let method = req.method();
+            let uri = req.uri().path();
+            tracing::info_span!("http", %method, %uri)
+        })
+        .on_response(DefaultOnResponse::new().level(Level::INFO));
+
+    Router::new()
+        .merge(routes::api())
+        .layer(trace)
+        .layer(CompressionLayer::new())
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::X_CONTENT_TYPE_OPTIONS,
+            HeaderValue::from_static("nosniff"),
+        ))
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::REFERRER_POLICY,
+            HeaderValue::from_static("same-origin"),
+        ))
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::X_FRAME_OPTIONS,
+            HeaderValue::from_static("DENY"),
+        ))
+}
+
+pub async fn build_app_for_tests() -> anyhow::Result<Router> {
+    Ok(build_app())
+}
+```
+
+- [ ] **Step 2: Re-run tests**
+
+```bash
+cd server
+cargo test
+cd ..
+```
+
+Expected: all green.
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add server/src/app.rs
+git commit -m "feat(server): structured request logging via TraceLayer"
+```
+
+---
+
+## Phase 2: Data Layer (Tasks 10–19)
+
+Goal: SQLite pool with WAL pragmas, migration `0001_init.sql`, `NavRepo` + `ConfigRepo` traits with `sqlx` impls, all unit-tested against in-memory SQLite.
+
+### Task 10: SQLite pool helper
+
+**Files:**
+- Create: `server/src/db.rs`
+- Modify: `server/src/lib.rs`
+
+- [ ] **Step 1: Write tests first**
+
+Create `server/src/db.rs`:
+
+```rust
+//! SQLite connection pool with safe defaults (WAL, foreign keys, busy timeout).
+
+use sqlx::sqlite::{SqlitePoolOptions, SqliteConnectOptions, SqliteJournalMode, SqliteSynchronous};
+use sqlx::{ConnectOptions, SqlitePool};
+use std::str::FromStr;
+use std::time::Duration;
+
+/// Build a pool against the given URL, applying recommended pragmas.
+pub async fn connect(url: &str) -> sqlx::Result<SqlitePool> {
+    let opts = SqliteConnectOptions::from_str(url)?
+        .create_if_missing(true)
+        .journal_mode(SqliteJournalMode::Wal)
+        .synchronous(SqliteSynchronous::Normal)
+        .foreign_keys(true)
+        .busy_timeout(Duration::from_secs(5))
+        .log_statements(tracing::log::LevelFilter::Debug);
+
+    SqlitePoolOptions::new()
+        .max_connections(5)
+        .acquire_timeout(Duration::from_secs(5))
+        .connect_with(opts)
+        .await
+}
+
+/// Run all bundled migrations against the pool.
+pub async fn migrate(pool: &SqlitePool) -> sqlx::Result<()> {
+    sqlx::migrate!("./migrations").run(pool).await?;
+    Ok(())
+}
+
+#[cfg(test)]
+pub async fn connect_in_memory() -> sqlx::Result<SqlitePool> {
+    let pool = connect("sqlite::memory:").await?;
+    migrate(&pool).await?;
+    Ok(pool)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[tokio::test]
+    async fn pool_runs_pragmas() {
+        let pool = connect("sqlite::memory:").await.unwrap();
+        let row: (String,) = sqlx::query_as("PRAGMA journal_mode")
+            .fetch_one(&pool)
+            .await
+            .unwrap();
+        // SQLite returns "memory" for in-memory DBs even after WAL request, so just sanity-check connectivity.
+        assert!(!row.0.is_empty());
+        let row: (i64,) = sqlx::query_as("PRAGMA foreign_keys")
+            .fetch_one(&pool)
+            .await
+            .unwrap();
+        assert_eq!(row.0, 1);
+    }
+}
+```
+
+- [ ] **Step 2: Re-export from lib**
+
+```rust
+// server/src/lib.rs
+pub mod app;
+pub mod config;
+pub mod db;
+pub mod error;
+pub mod routes;
+```
+
+- [ ] **Step 3: Run tests (the migrate test will fail until Task 11 — skip for now)**
+
+```bash
+cd server
+cargo test --lib db::tests::pool_runs_pragmas
+cd ..
+```
+
+Expected: PASS.
+
+- [ ] **Step 4: Commit**
+
+```bash
+git add server/src/db.rs server/src/lib.rs
+git commit -m "feat(server): SQLite pool with WAL/foreign-keys/busy-timeout"
+```
+
+### Task 11: Migration `0001_init.sql`
+
+**Files:**
+- Create: `server/migrations/0001_init.sql`
+
+- [ ] **Step 1: Write the migration**
+
+```sql
+-- server/migrations/0001_init.sql
+
+PRAGMA foreign_keys = ON;
+
+CREATE TABLE sites (
+  id          INTEGER PRIMARY KEY,
+  value       TEXT    NOT NULL UNIQUE,
+  name        TEXT    NOT NULL,
+  name_i18n   TEXT,
+  sort_order  INTEGER NOT NULL DEFAULT 0,
+  is_default  INTEGER NOT NULL DEFAULT 0
+);
+
+CREATE TABLE groups (
+  id                INTEGER PRIMARY KEY,
+  slug              TEXT    NOT NULL UNIQUE,
+  name              TEXT    NOT NULL,
+  name_i18n         TEXT,
+  sort_order        INTEGER NOT NULL DEFAULT 0,
+  collapsed_default INTEGER NOT NULL DEFAULT 0
+);
+
+CREATE TABLE items (
+  id               INTEGER PRIMARY KEY,
+  group_id         INTEGER REFERENCES groups(id) ON DELETE SET NULL,
+  name             TEXT    NOT NULL,
+  name_i18n        TEXT,
+  description      TEXT,
+  description_i18n TEXT,
+  icon_kind        TEXT    NOT NULL CHECK (icon_kind IN ('asset','url','auto-favicon')),
+  icon_value       TEXT    NOT NULL,
+  sort_order       INTEGER NOT NULL DEFAULT 0,
+  created_at       INTEGER NOT NULL,
+  updated_at       INTEGER NOT NULL
+);
+
+CREATE TABLE item_links (
+  item_id     INTEGER NOT NULL REFERENCES items(id) ON DELETE CASCADE,
+  site_id     INTEGER NOT NULL REFERENCES sites(id) ON DELETE CASCADE,
+  url         TEXT    NOT NULL,
+  PRIMARY KEY (item_id, site_id)
+);
+
+CREATE TABLE tags (
+  id          INTEGER PRIMARY KEY,
+  slug        TEXT    NOT NULL UNIQUE,
+  name        TEXT    NOT NULL,
+  name_i18n   TEXT
+);
+
+CREATE TABLE item_tags (
+  item_id INTEGER NOT NULL REFERENCES items(id) ON DELETE CASCADE,
+  tag_id  INTEGER NOT NULL REFERENCES tags(id)  ON DELETE CASCADE,
+  PRIMARY KEY (item_id, tag_id)
+);
+
+CREATE TABLE config (
+  key   TEXT PRIMARY KEY,
+  value TEXT NOT NULL
+);
+
+CREATE INDEX idx_items_group_sort ON items(group_id, sort_order);
+CREATE INDEX idx_item_links_site  ON item_links(site_id);
+CREATE INDEX idx_item_tags_tag    ON item_tags(tag_id);
+
+INSERT INTO config (key, value) VALUES ('schema_version', '1');
+```
+
+- [ ] **Step 2: Add a migrate test in `db.rs`**
+
+Append to the `tests` module:
+
+```rust
+    #[tokio::test]
+    async fn migrate_creates_tables() {
+        let pool = connect_in_memory().await.unwrap();
+        let row: (i64,) = sqlx::query_as(
+            "SELECT count(*) FROM sqlite_master WHERE type='table' AND name='items'",
+        )
+        .fetch_one(&pool)
+        .await
+        .unwrap();
+        assert_eq!(row.0, 1);
+    }
+```
+
+- [ ] **Step 3: Run**
+
+```bash
+cd server
+cargo test --lib db::tests
+cd ..
+```
+
+Expected: 2 PASS.
+
+- [ ] **Step 4: Commit**
+
+```bash
+git add server/migrations/0001_init.sql server/src/db.rs
+git commit -m "feat(server): initial schema migration (sites/groups/items/links/tags/config)"
+```
+
+### Task 12: `NavRepo` trait and DTOs
+
+**Files:**
+- Create: `server/src/repo/mod.rs`
+- Create: `server/src/repo/nav.rs`
+- Create: `server/src/dto.rs`
+- Modify: `server/src/lib.rs`
+
+- [ ] **Step 1: Define DTOs**
+
+```rust
+// server/src/dto.rs
+use serde::{Deserialize, Serialize};
+
+fn empty() -> String { String::new() }
+fn zero() -> i64 { 0 }
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct Site {
+    pub id: i64,
+    pub value: String,
+    pub name: String,
+    pub name_i18n: Option<serde_json::Value>,
+    pub sort_order: i64,
+    pub is_default: bool,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct Group {
+    pub id: i64,
+    pub slug: String,
+    pub name: String,
+    pub name_i18n: Option<serde_json::Value>,
+    pub sort_order: i64,
+    pub collapsed_default: bool,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct Tag {
+    pub id: i64,
+    pub slug: String,
+    pub name: String,
+    pub name_i18n: Option<serde_json::Value>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "kebab-case")]
+pub enum IconKind { Asset, Url, AutoFavicon }
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct Item {
+    pub id: i64,
+    pub group_id: Option<i64>,
+    pub name: String,
+    pub name_i18n: Option<serde_json::Value>,
+    pub description: Option<String>,
+    pub description_i18n: Option<serde_json::Value>,
+    pub icon_kind: IconKind,
+    pub icon_value: String,
+    pub sort_order: i64,
+    pub links: std::collections::BTreeMap<String, String>, // site.value -> URL
+    pub tag_slugs: Vec<String>,
+    #[serde(default = "zero")]
+    pub created_at: i64,
+    #[serde(default = "zero")]
+    pub updated_at: i64,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct Meta {
+    pub site_name: String,
+    pub site_avatar_path: Option<String>,
+    pub site_copyright: String,
+    pub site_icp: Option<Link>,
+    pub site_police: Option<Link>,
+    pub default_theme: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct Link { pub text: String, pub url: String }
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct NavBundle {
+    pub schema_version: i64,
+    pub meta: Meta,
+    pub sites: Vec<Site>,
+    pub groups: Vec<Group>,
+    pub items: Vec<Item>,
+    pub tags: Vec<Tag>,
+}
+
+// ----- Write payloads -----
+
+#[derive(Debug, Deserialize)]
+pub struct ItemPayload {
+    pub group_id: Option<i64>,
+    pub name: String,
+    #[serde(default)] pub name_i18n: Option<serde_json::Value>,
+    #[serde(default)] pub description: Option<String>,
+    #[serde(default)] pub description_i18n: Option<serde_json::Value>,
+    pub icon_kind: IconKind,
+    pub icon_value: String,
+    #[serde(default)] pub links: std::collections::BTreeMap<String, String>,
+    #[serde(default)] pub tag_slugs: Vec<String>,
+}
+
+#[derive(Debug, Deserialize, Default)]
+pub struct ItemPatch {
+    #[serde(default)] pub group_id: Option<Option<i64>>,
+    #[serde(default)] pub name: Option<String>,
+    #[serde(default)] pub name_i18n: Option<Option<serde_json::Value>>,
+    #[serde(default)] pub description: Option<Option<String>>,
+    #[serde(default)] pub description_i18n: Option<Option<serde_json::Value>>,
+    #[serde(default)] pub icon_kind: Option<IconKind>,
+    #[serde(default)] pub icon_value: Option<String>,
+    #[serde(default)] pub links: Option<std::collections::BTreeMap<String, String>>,
+    #[serde(default)] pub tag_slugs: Option<Vec<String>>,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct ReorderEntry { pub id: i64, pub sort_order: i64, #[serde(default)] pub group_id: Option<Option<i64>> }
+
+#[derive(Debug, Deserialize)]
+pub struct GroupPayload {
+    pub slug: String,
+    pub name: String,
+    #[serde(default)] pub name_i18n: Option<serde_json::Value>,
+    #[serde(default)] pub collapsed_default: bool,
+}
+
+#[derive(Debug, Deserialize, Default)]
+pub struct GroupPatch {
+    #[serde(default)] pub slug: Option<String>,
+    #[serde(default)] pub name: Option<String>,
+    #[serde(default)] pub name_i18n: Option<Option<serde_json::Value>>,
+    #[serde(default)] pub collapsed_default: Option<bool>,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct SitePayload {
+    pub value: String,
+    pub name: String,
+    #[serde(default)] pub name_i18n: Option<serde_json::Value>,
+    #[serde(default)] pub is_default: bool,
+}
+
+#[derive(Debug, Deserialize, Default)]
+pub struct SitePatch {
+    #[serde(default)] pub value: Option<String>,
+    #[serde(default)] pub name: Option<String>,
+    #[serde(default)] pub name_i18n: Option<Option<serde_json::Value>>,
+    #[serde(default)] pub is_default: Option<bool>,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct TagPayload {
+    pub slug: String,
+    pub name: String,
+    #[serde(default)] pub name_i18n: Option<serde_json::Value>,
+}
+
+#[derive(Debug, Deserialize, Default)]
+pub struct TagPatch {
+    #[serde(default)] pub slug: Option<String>,
+    #[serde(default)] pub name: Option<String>,
+    #[serde(default)] pub name_i18n: Option<Option<serde_json::Value>>,
+}
+```
+
+- [ ] **Step 2: Write the trait**
+
+```rust
+// server/src/repo/nav.rs
+use crate::dto::*;
+use crate::error::Result;
+use async_trait::async_trait;
+
+#[async_trait]
+pub trait NavRepo: Send + Sync {
+    // ----- Bundle -----
+    async fn get_bundle(&self) -> Result<(Vec<Site>, Vec<Group>, Vec<Item>, Vec<Tag>)>;
+
+    // ----- Sites -----
+    async fn list_sites(&self) -> Result<Vec<Site>>;
+    async fn create_site(&self, p: SitePayload) -> Result<Site>;
+    async fn patch_site(&self, id: i64, p: SitePatch) -> Result<Site>;
+    async fn delete_site(&self, id: i64) -> Result<()>;
+    async fn reorder_sites(&self, entries: Vec<ReorderEntry>) -> Result<()>;
+
+    // ----- Groups -----
+    async fn list_groups(&self) -> Result<Vec<Group>>;
+    async fn create_group(&self, p: GroupPayload) -> Result<Group>;
+    async fn patch_group(&self, id: i64, p: GroupPatch) -> Result<Group>;
+    async fn delete_group(&self, id: i64) -> Result<()>;
+    async fn reorder_groups(&self, entries: Vec<ReorderEntry>) -> Result<()>;
+
+    // ----- Items -----
+    async fn create_item(&self, p: ItemPayload) -> Result<Item>;
+    async fn patch_item(&self, id: i64, p: ItemPatch) -> Result<Item>;
+    async fn delete_item(&self, id: i64) -> Result<()>;
+    async fn reorder_items(&self, entries: Vec<ReorderEntry>) -> Result<()>;
+
+    // ----- Tags -----
+    async fn list_tags(&self) -> Result<Vec<Tag>>;
+    async fn create_tag(&self, p: TagPayload) -> Result<Tag>;
+    async fn patch_tag(&self, id: i64, p: TagPatch) -> Result<Tag>;
+    async fn delete_tag(&self, id: i64) -> Result<()>;
+}
+```
+
+- [ ] **Step 3: Re-export modules**
+
+```rust
+// server/src/repo/mod.rs
+pub mod nav;
+pub use nav::NavRepo;
+```
+
+```rust
+// server/src/lib.rs
+pub mod app;
+pub mod config;
+pub mod db;
+pub mod dto;
+pub mod error;
+pub mod repo;
+pub mod routes;
+```
+
+- [ ] **Step 4: Compile-check**
+
+```bash
+cd server
+cargo check --lib
+cd ..
+```
+
+Expected: clean.
+
+- [ ] **Step 5: Commit**
+
+```bash
+git add server/src/repo server/src/dto.rs server/src/lib.rs
+git commit -m "feat(server): NavRepo trait and DTOs (read + write payloads)"
+```
+
+### Task 13: `SqlxNavRepo` — sites + groups + tags
+
+**Files:**
+- Create: `server/src/repo/sqlx_impl.rs`
+- Modify: `server/src/repo/mod.rs`
+- Create: `server/tests/repo_sites.rs`
+
+- [ ] **Step 1: Write the sites integration test first**
+
+```rust
+// server/tests/repo_sites.rs
+use navsrv::db::connect_in_memory;
+use navsrv::dto::{SitePatch, SitePayload};
+use navsrv::repo::{NavRepo, SqlxNavRepo};
+
+#[tokio::test]
+async fn create_list_patch_delete_site() {
+    let pool = connect_in_memory().await.unwrap();
+    let repo = SqlxNavRepo::new(pool);
+
+    let s = repo.create_site(SitePayload {
+        value: "shangHai".into(),
+        name: "上海".into(),
+        name_i18n: Some(serde_json::json!({"en":"Shanghai"})),
+        is_default: true,
+    }).await.unwrap();
+    assert_eq!(s.value, "shangHai");
+    assert!(s.is_default);
+
+    let s2 = repo.create_site(SitePayload {
+        value: "beiJing".into(), name: "北京".into(), name_i18n: None, is_default: false,
+    }).await.unwrap();
+
+    let all = repo.list_sites().await.unwrap();
+    assert_eq!(all.len(), 2);
+
+    let patched = repo.patch_site(s2.id, SitePatch {
+        name: Some("Beijing".into()), ..Default::default()
+    }).await.unwrap();
+    assert_eq!(patched.name, "Beijing");
+
+    repo.delete_site(s.id).await.unwrap();
+    assert_eq!(repo.list_sites().await.unwrap().len(), 1);
+}
+
+#[tokio::test]
+async fn unique_value_constraint_returns_conflict() {
+    let pool = connect_in_memory().await.unwrap();
+    let repo = SqlxNavRepo::new(pool);
+    repo.create_site(SitePayload {
+        value: "x".into(), name: "X".into(), name_i18n: None, is_default: false,
+    }).await.unwrap();
+    let err = repo.create_site(SitePayload {
+        value: "x".into(), name: "Y".into(), name_i18n: None, is_default: false,
+    }).await.unwrap_err();
+    use navsrv::error::AppError;
+    assert!(matches!(err, AppError::Conflict(_)), "got {err:?}");
+}
+```
+
+- [ ] **Step 2: Stub the impl so the test compiles**
+
+```rust
+// server/src/repo/sqlx_impl.rs
+use crate::dto::*;
+use crate::error::{AppError, Result};
+use crate::repo::nav::NavRepo;
+use async_trait::async_trait;
+use sqlx::SqlitePool;
+
+pub struct SqlxNavRepo { pool: SqlitePool }
+
+impl SqlxNavRepo {
+    pub fn new(pool: SqlitePool) -> Self { Self { pool } }
+}
+
+fn now_ms() -> i64 {
+    use std::time::{SystemTime, UNIX_EPOCH};
+    SystemTime::now().duration_since(UNIX_EPOCH).map(|d| d.as_millis() as i64).unwrap_or(0)
+}
+
+fn map_unique_violation(err: sqlx::Error) -> AppError {
+    if let Some(db_err) = err.as_database_error() {
+        // SQLite returns "UNIQUE constraint failed: ..." in the error message.
+        let msg = db_err.message();
+        if msg.contains("UNIQUE constraint failed") {
+            return AppError::Conflict(msg.to_string());
+        }
+    }
+    AppError::Sqlx(err)
+}
+
+fn json_opt(v: Option<sqlx::types::JsonValue>) -> Option<serde_json::Value> { v.map(|x| x) }
+
+#[async_trait]
+impl NavRepo for SqlxNavRepo {
+    async fn get_bundle(&self) -> Result<(Vec<Site>, Vec<Group>, Vec<Item>, Vec<Tag>)> {
+        let sites = self.list_sites().await?;
+        let groups = self.list_groups().await?;
+        let tags = self.list_tags().await?;
+        let items = self.list_items_full().await?;
+        Ok((sites, groups, items, tags))
+    }
+
+    async fn list_sites(&self) -> Result<Vec<Site>> {
+        let rows = sqlx::query!(
+            r#"SELECT id as "id!: i64", value, name,
+                      name_i18n as "name_i18n: serde_json::Value",
+                      sort_order as "sort_order!: i64",
+                      is_default
+               FROM sites ORDER BY sort_order, id"#
+        ).fetch_all(&self.pool).await?;
+        Ok(rows.into_iter().map(|r| Site {
+            id: r.id, value: r.value, name: r.name,
+            name_i18n: r.name_i18n,
+            sort_order: r.sort_order, is_default: r.is_default != 0,
+        }).collect())
+    }
+
+    async fn create_site(&self, p: SitePayload) -> Result<Site> {
+        let res = sqlx::query!(
+            "INSERT INTO sites (value, name, name_i18n, is_default) VALUES (?, ?, ?, ?)",
+            p.value, p.name, p.name_i18n, p.is_default
+        ).execute(&self.pool).await.map_err(map_unique_violation)?;
+        let id = res.last_insert_rowid();
+        // refetch
+        let sites = self.list_sites().await?;
+        sites.into_iter().find(|s| s.id == id).ok_or(AppError::NotFound)
+    }
+
+    async fn patch_site(&self, id: i64, p: SitePatch) -> Result<Site> {
+        let mut tx = self.pool.begin().await?;
+        if let Some(v) = p.value { sqlx::query!("UPDATE sites SET value=? WHERE id=?", v, id).execute(&mut *tx).await.map_err(map_unique_violation)?; }
+        if let Some(v) = p.name  { sqlx::query!("UPDATE sites SET name=? WHERE id=?", v, id).execute(&mut *tx).await?; }
+        if let Some(v) = p.name_i18n { sqlx::query!("UPDATE sites SET name_i18n=? WHERE id=?", v, id).execute(&mut *tx).await?; }
+        if let Some(v) = p.is_default { sqlx::query!("UPDATE sites SET is_default=? WHERE id=?", v, id).execute(&mut *tx).await?; }
+        tx.commit().await?;
+        let sites = self.list_sites().await?;
+        sites.into_iter().find(|s| s.id == id).ok_or(AppError::NotFound)
+    }
+
+    async fn delete_site(&self, id: i64) -> Result<()> {
+        let res = sqlx::query!("DELETE FROM sites WHERE id=?", id).execute(&self.pool).await?;
+        if res.rows_affected() == 0 { return Err(AppError::NotFound); }
+        Ok(())
+    }
+
+    async fn reorder_sites(&self, entries: Vec<ReorderEntry>) -> Result<()> {
+        let mut tx = self.pool.begin().await?;
+        for e in entries {
+            sqlx::query!("UPDATE sites SET sort_order=? WHERE id=?", e.sort_order, e.id).execute(&mut *tx).await?;
+        }
+        tx.commit().await?; Ok(())
+    }
+
+    // ---- Groups ----
+
+    async fn list_groups(&self) -> Result<Vec<Group>> {
+        let rows = sqlx::query!(
+            r#"SELECT id as "id!: i64", slug, name,
+                      name_i18n as "name_i18n: serde_json::Value",
+                      sort_order as "sort_order!: i64",
+                      collapsed_default
+               FROM groups ORDER BY sort_order, id"#
+        ).fetch_all(&self.pool).await?;
+        Ok(rows.into_iter().map(|r| Group {
+            id: r.id, slug: r.slug, name: r.name,
+            name_i18n: r.name_i18n,
+            sort_order: r.sort_order,
+            collapsed_default: r.collapsed_default != 0,
+        }).collect())
+    }
+
+    async fn create_group(&self, p: GroupPayload) -> Result<Group> {
+        let res = sqlx::query!(
+            "INSERT INTO groups (slug, name, name_i18n, collapsed_default) VALUES (?, ?, ?, ?)",
+            p.slug, p.name, p.name_i18n, p.collapsed_default
+        ).execute(&self.pool).await.map_err(map_unique_violation)?;
+        let id = res.last_insert_rowid();
+        self.list_groups().await?.into_iter().find(|g| g.id == id).ok_or(AppError::NotFound)
+    }
+
+    async fn patch_group(&self, id: i64, p: GroupPatch) -> Result<Group> {
+        let mut tx = self.pool.begin().await?;
+        if let Some(v) = p.slug { sqlx::query!("UPDATE groups SET slug=? WHERE id=?", v, id).execute(&mut *tx).await.map_err(map_unique_violation)?; }
+        if let Some(v) = p.name { sqlx::query!("UPDATE groups SET name=? WHERE id=?", v, id).execute(&mut *tx).await?; }
+        if let Some(v) = p.name_i18n { sqlx::query!("UPDATE groups SET name_i18n=? WHERE id=?", v, id).execute(&mut *tx).await?; }
+        if let Some(v) = p.collapsed_default { sqlx::query!("UPDATE groups SET collapsed_default=? WHERE id=?", v, id).execute(&mut *tx).await?; }
+        tx.commit().await?;
+        self.list_groups().await?.into_iter().find(|g| g.id == id).ok_or(AppError::NotFound)
+    }
+
+    async fn delete_group(&self, id: i64) -> Result<()> {
+        let res = sqlx::query!("DELETE FROM groups WHERE id=?", id).execute(&self.pool).await?;
+        if res.rows_affected() == 0 { return Err(AppError::NotFound); }
+        Ok(())
+    }
+
+    async fn reorder_groups(&self, entries: Vec<ReorderEntry>) -> Result<()> {
+        let mut tx = self.pool.begin().await?;
+        for e in entries {
+            sqlx::query!("UPDATE groups SET sort_order=? WHERE id=?", e.sort_order, e.id).execute(&mut *tx).await?;
+        }
+        tx.commit().await?; Ok(())
+    }
+
+    // ---- Tags ----
+
+    async fn list_tags(&self) -> Result<Vec<Tag>> {
+        let rows = sqlx::query!(
+            r#"SELECT id as "id!: i64", slug, name,
+                      name_i18n as "name_i18n: serde_json::Value"
+               FROM tags ORDER BY id"#
+        ).fetch_all(&self.pool).await?;
+        Ok(rows.into_iter().map(|r| Tag {
+            id: r.id, slug: r.slug, name: r.name, name_i18n: r.name_i18n,
+        }).collect())
+    }
+
+    async fn create_tag(&self, p: TagPayload) -> Result<Tag> {
+        let res = sqlx::query!(
+            "INSERT INTO tags (slug, name, name_i18n) VALUES (?, ?, ?)",
+            p.slug, p.name, p.name_i18n
+        ).execute(&self.pool).await.map_err(map_unique_violation)?;
+        let id = res.last_insert_rowid();
+        self.list_tags().await?.into_iter().find(|t| t.id == id).ok_or(AppError::NotFound)
+    }
+
+    async fn patch_tag(&self, id: i64, p: TagPatch) -> Result<Tag> {
+        let mut tx = self.pool.begin().await?;
+        if let Some(v) = p.slug { sqlx::query!("UPDATE tags SET slug=? WHERE id=?", v, id).execute(&mut *tx).await.map_err(map_unique_violation)?; }
+        if let Some(v) = p.name { sqlx::query!("UPDATE tags SET name=? WHERE id=?", v, id).execute(&mut *tx).await?; }
+        if let Some(v) = p.name_i18n { sqlx::query!("UPDATE tags SET name_i18n=? WHERE id=?", v, id).execute(&mut *tx).await?; }
+        tx.commit().await?;
+        self.list_tags().await?.into_iter().find(|t| t.id == id).ok_or(AppError::NotFound)
+    }
+
+    async fn delete_tag(&self, id: i64) -> Result<()> {
+        let res = sqlx::query!("DELETE FROM tags WHERE id=?", id).execute(&self.pool).await?;
+        if res.rows_affected() == 0 { return Err(AppError::NotFound); }
+        Ok(())
+    }
+
+    // ---- Items: stubbed for Task 14/15 ----
+
+    async fn create_item(&self, _p: ItemPayload) -> Result<Item> { unimplemented!("Task 14") }
+    async fn patch_item(&self, _id: i64, _p: ItemPatch) -> Result<Item> { unimplemented!("Task 14") }
+    async fn delete_item(&self, _id: i64) -> Result<()> { unimplemented!("Task 14") }
+    async fn reorder_items(&self, _entries: Vec<ReorderEntry>) -> Result<()> { unimplemented!("Task 14") }
+}
+
+impl SqlxNavRepo {
+    async fn list_items_full(&self) -> Result<Vec<Item>> {
+        // Implemented in Task 14.
+        let _ = &self.pool;
+        Ok(Vec::new())
+    }
+}
+```
+
+- [ ] **Step 3: Re-export from `repo/mod.rs`**
+
+```rust
+// server/src/repo/mod.rs
+pub mod nav;
+pub mod sqlx_impl;
+pub use nav::NavRepo;
+pub use sqlx_impl::SqlxNavRepo;
+```
+
+- [ ] **Step 4: Run tests (offline mode for sqlx macros)**
+
+`sqlx::query!` requires `DATABASE_URL` at build time *or* `SQLX_OFFLINE=true` with prepared metadata. We use offline metadata after generating it once:
+
+```bash
+cd server
+DATABASE_URL=sqlite::memory: SQLX_OFFLINE=false cargo test --test repo_sites
+cd ..
+```
+
+Expected: 2 PASS.
+
+- [ ] **Step 5: Generate `.sqlx` metadata for offline builds**
+
+```bash
+cd server
+cargo install sqlx-cli --no-default-features --features sqlite --version ^0.7 || true
+DATABASE_URL=sqlite:./dev-data/data.db cargo sqlx prepare -- --bin navsrv
+ls -la .sqlx | head
+cd ..
+```
+
+Expected: `.sqlx/` directory with `query-*.json` files.
+
+- [ ] **Step 6: Commit**
+
+```bash
+git add server/src/repo server/tests/repo_sites.rs server/.sqlx
+git commit -m "feat(server): NavRepo sqlx impl for sites/groups/tags"
+```
+
+### Task 14: `SqlxNavRepo` — items + item_links + item_tags
+
+**Files:**
+- Modify: `server/src/repo/sqlx_impl.rs`
+- Create: `server/tests/repo_items.rs`
+
+- [ ] **Step 1: Write the failing test**
+
+```rust
+// server/tests/repo_items.rs
+use navsrv::db::connect_in_memory;
+use navsrv::dto::*;
+use navsrv::repo::{NavRepo, SqlxNavRepo};
+
+async fn make_repo_with_seed() -> (SqlxNavRepo, i64, i64) {
+    let pool = connect_in_memory().await.unwrap();
+    let repo = SqlxNavRepo::new(pool);
+    let g = repo.create_group(GroupPayload { slug: "tools".into(), name: "Tools".into(), name_i18n: None, collapsed_default: false }).await.unwrap();
+    let s = repo.create_site(SitePayload { value: "shangHai".into(), name: "上海".into(), name_i18n: None, is_default: true }).await.unwrap();
+    (repo, g.id, s.id)
+}
+
+#[tokio::test]
+async fn create_item_with_links_and_tags() {
+    let (repo, gid, _sid) = make_repo_with_seed().await;
+    let _t = repo.create_tag(TagPayload { slug: "fav".into(), name: "Favorite".into(), name_i18n: None }).await.unwrap();
+    let mut links = std::collections::BTreeMap::new();
+    links.insert("shangHai".into(), "http://10.0.0.1".into());
+    let item = repo.create_item(ItemPayload {
+        group_id: Some(gid),
+        name: "RouterOS".into(),
+        name_i18n: None,
+        description: None,
+        description_i18n: None,
+        icon_kind: IconKind::Asset,
+        icon_value: "routerOS.png".into(),
+        links,
+        tag_slugs: vec!["fav".into()],
+    }).await.unwrap();
+    assert_eq!(item.name, "RouterOS");
+    assert_eq!(item.links.get("shangHai").map(String::as_str), Some("http://10.0.0.1"));
+    assert_eq!(item.tag_slugs, vec!["fav"]);
+}
+
+#[tokio::test]
+async fn patch_item_replaces_links_and_tags() {
+    let (repo, gid, _sid) = make_repo_with_seed().await;
+    repo.create_tag(TagPayload { slug: "a".into(), name: "A".into(), name_i18n: None }).await.unwrap();
+    repo.create_tag(TagPayload { slug: "b".into(), name: "B".into(), name_i18n: None }).await.unwrap();
+    let mut links = std::collections::BTreeMap::new();
+    links.insert("shangHai".into(), "http://1".into());
+    let item = repo.create_item(ItemPayload {
+        group_id: Some(gid), name: "x".into(), name_i18n: None, description: None, description_i18n: None,
+        icon_kind: IconKind::Asset, icon_value: "x.png".into(),
+        links: links.clone(), tag_slugs: vec!["a".into()],
+    }).await.unwrap();
+    let mut new_links = std::collections::BTreeMap::new();
+    new_links.insert("shangHai".into(), "http://2".into());
+    let p = ItemPatch { links: Some(new_links), tag_slugs: Some(vec!["b".into()]), ..Default::default() };
+    let updated = repo.patch_item(item.id, p).await.unwrap();
+    assert_eq!(updated.links.get("shangHai").map(String::as_str), Some("http://2"));
+    assert_eq!(updated.tag_slugs, vec!["b"]);
+}
+
+#[tokio::test]
+async fn delete_item_cascades_links_and_tags() {
+    let (repo, gid, _sid) = make_repo_with_seed().await;
+    let mut links = std::collections::BTreeMap::new();
+    links.insert("shangHai".into(), "http://1".into());
+    let item = repo.create_item(ItemPayload {
+        group_id: Some(gid), name: "x".into(), name_i18n: None, description: None, description_i18n: None,
+        icon_kind: IconKind::Asset, icon_value: "x.png".into(),
+        links, tag_slugs: vec![],
+    }).await.unwrap();
+    repo.delete_item(item.id).await.unwrap();
+    let (_, _, items, _) = repo.get_bundle().await.unwrap();
+    assert!(items.is_empty());
+}
+
+#[tokio::test]
+async fn reorder_items_writes_sort_order() {
+    let (repo, gid, _sid) = make_repo_with_seed().await;
+    let a = repo.create_item(ItemPayload { group_id: Some(gid), name: "a".into(), name_i18n:None, description:None, description_i18n:None, icon_kind: IconKind::Asset, icon_value:"a.png".into(), links: Default::default(), tag_slugs: vec![]}).await.unwrap();
+    let b = repo.create_item(ItemPayload { group_id: Some(gid), name: "b".into(), name_i18n:None, description:None, description_i18n:None, icon_kind: IconKind::Asset, icon_value:"b.png".into(), links: Default::default(), tag_slugs: vec![]}).await.unwrap();
+    repo.reorder_items(vec![
+        ReorderEntry { id: b.id, sort_order: 0, group_id: Some(Some(gid)) },
+        ReorderEntry { id: a.id, sort_order: 1, group_id: Some(Some(gid)) },
+    ]).await.unwrap();
+    let (_, _, items, _) = repo.get_bundle().await.unwrap();
+    assert_eq!(items[0].id, b.id);
+    assert_eq!(items[1].id, a.id);
+}
+```
+
+- [ ] **Step 2: Implement items in `sqlx_impl.rs`**
+
+Replace the four `unimplemented!` stubs and the `list_items_full` body with:
+
+```rust
+    async fn create_item(&self, p: ItemPayload) -> Result<Item> {
+        let now = now_ms();
+        let kind_str = match p.icon_kind { IconKind::Asset => "asset", IconKind::Url => "url", IconKind::AutoFavicon => "auto-favicon" };
+
+        let mut tx = self.pool.begin().await?;
+        let res = sqlx::query!(
+            r#"INSERT INTO items
+                (group_id, name, name_i18n, description, description_i18n,
+                 icon_kind, icon_value, sort_order, created_at, updated_at)
+               VALUES (?, ?, ?, ?, ?, ?, ?, COALESCE((SELECT MAX(sort_order)+1 FROM items WHERE group_id IS ?), 0), ?, ?)"#,
+            p.group_id, p.name, p.name_i18n, p.description, p.description_i18n,
+            kind_str, p.icon_value, p.group_id, now, now
+        ).execute(&mut *tx).await?;
+        let id = res.last_insert_rowid();
+
+        for (site_value, url) in &p.links {
+            sqlx::query!(
+                r#"INSERT INTO item_links (item_id, site_id, url)
+                    SELECT ?, sites.id, ? FROM sites WHERE sites.value = ?"#,
+                id, url, site_value
+            ).execute(&mut *tx).await?;
+        }
+
+        for slug in &p.tag_slugs {
+            sqlx::query!(
+                r#"INSERT INTO item_tags (item_id, tag_id)
+                    SELECT ?, tags.id FROM tags WHERE tags.slug = ?"#,
+                id, slug
+            ).execute(&mut *tx).await?;
+        }
+        tx.commit().await?;
+        self.fetch_item(id).await
+    }
+
+    async fn patch_item(&self, id: i64, p: ItemPatch) -> Result<Item> {
+        let now = now_ms();
+        let mut tx = self.pool.begin().await?;
+        if let Some(v) = p.group_id { sqlx::query!("UPDATE items SET group_id=?, updated_at=? WHERE id=?", v, now, id).execute(&mut *tx).await?; }
+        if let Some(v) = p.name { sqlx::query!("UPDATE items SET name=?, updated_at=? WHERE id=?", v, now, id).execute(&mut *tx).await?; }
+        if let Some(v) = p.name_i18n { sqlx::query!("UPDATE items SET name_i18n=?, updated_at=? WHERE id=?", v, now, id).execute(&mut *tx).await?; }
+        if let Some(v) = p.description { sqlx::query!("UPDATE items SET description=?, updated_at=? WHERE id=?", v, now, id).execute(&mut *tx).await?; }
+        if let Some(v) = p.description_i18n { sqlx::query!("UPDATE items SET description_i18n=?, updated_at=? WHERE id=?", v, now, id).execute(&mut *tx).await?; }
+        if let Some(v) = p.icon_kind {
+            let s = match v { IconKind::Asset => "asset", IconKind::Url => "url", IconKind::AutoFavicon => "auto-favicon" };
+            sqlx::query!("UPDATE items SET icon_kind=?, updated_at=? WHERE id=?", s, now, id).execute(&mut *tx).await?;
+        }
+        if let Some(v) = p.icon_value { sqlx::query!("UPDATE items SET icon_value=?, updated_at=? WHERE id=?", v, now, id).execute(&mut *tx).await?; }
+
+        if let Some(links) = p.links {
+            sqlx::query!("DELETE FROM item_links WHERE item_id=?", id).execute(&mut *tx).await?;
+            for (site_value, url) in links {
+                sqlx::query!(
+                    r#"INSERT INTO item_links (item_id, site_id, url)
+                        SELECT ?, sites.id, ? FROM sites WHERE sites.value = ?"#,
+                    id, url, site_value
+                ).execute(&mut *tx).await?;
+            }
+        }
+        if let Some(tag_slugs) = p.tag_slugs {
+            sqlx::query!("DELETE FROM item_tags WHERE item_id=?", id).execute(&mut *tx).await?;
+            for slug in tag_slugs {
+                sqlx::query!(
+                    r#"INSERT INTO item_tags (item_id, tag_id)
+                        SELECT ?, tags.id FROM tags WHERE tags.slug = ?"#,
+                    id, slug
+                ).execute(&mut *tx).await?;
+            }
+        }
+        tx.commit().await?;
+        self.fetch_item(id).await
+    }
+
+    async fn delete_item(&self, id: i64) -> Result<()> {
+        let res = sqlx::query!("DELETE FROM items WHERE id=?", id).execute(&self.pool).await?;
+        if res.rows_affected() == 0 { return Err(AppError::NotFound); }
+        Ok(())
+    }
+
+    async fn reorder_items(&self, entries: Vec<ReorderEntry>) -> Result<()> {
+        let now = now_ms();
+        let mut tx = self.pool.begin().await?;
+        for e in entries {
+            match e.group_id {
+                Some(gid) => { sqlx::query!("UPDATE items SET sort_order=?, group_id=?, updated_at=? WHERE id=?", e.sort_order, gid, now, e.id).execute(&mut *tx).await?; }
+                None      => { sqlx::query!("UPDATE items SET sort_order=?, updated_at=? WHERE id=?", e.sort_order, now, e.id).execute(&mut *tx).await?; }
+            }
+        }
+        tx.commit().await?; Ok(())
+    }
+```
+
+- [ ] **Step 3: Replace `list_items_full`**
+
+```rust
+impl SqlxNavRepo {
+    pub(crate) async fn fetch_item(&self, id: i64) -> Result<Item> {
+        self.list_items_full().await?.into_iter().find(|i| i.id == id).ok_or(AppError::NotFound)
+    }
+
+    pub(crate) async fn list_items_full(&self) -> Result<Vec<Item>> {
+        let item_rows = sqlx::query!(
+            r#"SELECT id as "id!: i64", group_id,
+                      name, name_i18n as "name_i18n: serde_json::Value",
+                      description, description_i18n as "description_i18n: serde_json::Value",
+                      icon_kind, icon_value,
+                      sort_order as "sort_order!: i64",
+                      created_at as "created_at!: i64",
+                      updated_at as "updated_at!: i64"
+               FROM items
+               ORDER BY group_id, sort_order, id"#
+        ).fetch_all(&self.pool).await?;
+
+        let link_rows = sqlx::query!(
+            r#"SELECT il.item_id as "item_id!: i64", s.value as "site_value!", il.url as "url!"
+               FROM item_links il JOIN sites s ON s.id = il.site_id"#
+        ).fetch_all(&self.pool).await?;
+
+        let tag_rows = sqlx::query!(
+            r#"SELECT it.item_id as "item_id!: i64", t.slug as "slug!"
+               FROM item_tags it JOIN tags t ON t.id = it.tag_id"#
+        ).fetch_all(&self.pool).await?;
+
+        let mut items: Vec<Item> = item_rows.into_iter().map(|r| {
+            let kind = match r.icon_kind.as_str() {
+                "url" => IconKind::Url,
+                "auto-favicon" => IconKind::AutoFavicon,
+                _ => IconKind::Asset,
+            };
+            Item {
+                id: r.id, group_id: r.group_id,
+                name: r.name, name_i18n: r.name_i18n,
+                description: r.description, description_i18n: r.description_i18n,
+                icon_kind: kind, icon_value: r.icon_value,
+                sort_order: r.sort_order,
+                links: Default::default(), tag_slugs: Vec::new(),
+                created_at: r.created_at, updated_at: r.updated_at,
+            }
+        }).collect();
+
+        let by_id: std::collections::HashMap<i64, usize> =
+            items.iter().enumerate().map(|(i, it)| (it.id, i)).collect();
+
+        for r in link_rows {
+            if let Some(&idx) = by_id.get(&r.item_id) {
+                items[idx].links.insert(r.site_value, r.url);
+            }
+        }
+        for r in tag_rows {
+            if let Some(&idx) = by_id.get(&r.item_id) {
+                items[idx].tag_slugs.push(r.slug);
+            }
+        }
+        Ok(items)
+    }
+}
+```
+
+- [ ] **Step 4: Re-prepare sqlx metadata and run tests**
+
+```bash
+cd server
+DATABASE_URL=sqlite:./dev-data/data.db cargo sqlx prepare -- --bin navsrv --tests
+cargo test --test repo_items
+cd ..
+```
+
+Expected: 4 PASS.
+
+- [ ] **Step 5: Commit**
+
+```bash
+git add server/src/repo/sqlx_impl.rs server/tests/repo_items.rs server/.sqlx
+git commit -m "feat(server): NavRepo sqlx impl for items + links + tags"
+```
+
+### Task 15: `ConfigRepo` (kv access for site meta + admin hash)
+
+**Files:**
+- Create: `server/src/repo/config.rs`
+- Modify: `server/src/repo/mod.rs`
+- Create: `server/tests/repo_config.rs`
+
+- [ ] **Step 1: Test first**
+
+```rust
+// server/tests/repo_config.rs
+use navsrv::db::connect_in_memory;
+use navsrv::repo::{ConfigRepo, SqlxConfigRepo};
+
+#[tokio::test]
+async fn upsert_get_delete_config() {
+    let pool = connect_in_memory().await.unwrap();
+    let repo = SqlxConfigRepo::new(pool);
+    repo.upsert("site_name", "My Site").await.unwrap();
+    assert_eq!(repo.get("site_name").await.unwrap().as_deref(), Some("My Site"));
+    assert_eq!(repo.get("missing").await.unwrap(), None);
+
+    repo.upsert("site_name", "Renamed").await.unwrap();
+    assert_eq!(repo.get("site_name").await.unwrap().as_deref(), Some("Renamed"));
+
+    repo.delete("site_name").await.unwrap();
+    assert_eq!(repo.get("site_name").await.unwrap(), None);
+}
+
+#[tokio::test]
+async fn many_pairs() {
+    let pool = connect_in_memory().await.unwrap();
+    let repo = SqlxConfigRepo::new(pool);
+    repo.upsert_many(&[("a", "1"), ("b", "2")]).await.unwrap();
+    let all = repo.get_many(&["a", "b", "c"]).await.unwrap();
+    assert_eq!(all.get("a").map(String::as_str), Some("1"));
+    assert_eq!(all.get("b").map(String::as_str), Some("2"));
+    assert!(all.get("c").is_none());
+}
+```
+
+- [ ] **Step 2: Trait + impl**
+
+```rust
+// server/src/repo/config.rs
+use crate::error::Result;
+use async_trait::async_trait;
+use sqlx::SqlitePool;
+use std::collections::BTreeMap;
+
+#[async_trait]
+pub trait ConfigRepo: Send + Sync {
+    async fn get(&self, key: &str) -> Result<Option<String>>;
+    async fn get_many(&self, keys: &[&str]) -> Result<BTreeMap<String, String>>;
+    async fn upsert(&self, key: &str, value: &str) -> Result<()>;
+    async fn upsert_many(&self, pairs: &[(&str, &str)]) -> Result<()>;
+    async fn delete(&self, key: &str) -> Result<()>;
+}
+
+pub struct SqlxConfigRepo { pool: SqlitePool }
+
+impl SqlxConfigRepo {
+    pub fn new(pool: SqlitePool) -> Self { Self { pool } }
+}
+
+#[async_trait]
+impl ConfigRepo for SqlxConfigRepo {
+    async fn get(&self, key: &str) -> Result<Option<String>> {
+        let row = sqlx::query_scalar!("SELECT value FROM config WHERE key = ?", key)
+            .fetch_optional(&self.pool).await?;
+        Ok(row)
+    }
+
+    async fn get_many(&self, keys: &[&str]) -> Result<BTreeMap<String, String>> {
+        let mut out = BTreeMap::new();
+        for k in keys {
+            if let Some(v) = self.get(k).await? { out.insert((*k).to_string(), v); }
+        }
+        Ok(out)
+    }
+
+    async fn upsert(&self, key: &str, value: &str) -> Result<()> {
+        sqlx::query!(
+            "INSERT INTO config (key, value) VALUES (?, ?)
+             ON CONFLICT(key) DO UPDATE SET value=excluded.value",
+            key, value
+        ).execute(&self.pool).await?;
+        Ok(())
+    }
+
+    async fn upsert_many(&self, pairs: &[(&str, &str)]) -> Result<()> {
+        let mut tx = self.pool.begin().await?;
+        for (k, v) in pairs {
+            sqlx::query!(
+                "INSERT INTO config (key, value) VALUES (?, ?)
+                 ON CONFLICT(key) DO UPDATE SET value=excluded.value",
+                k, v
+            ).execute(&mut *tx).await?;
+        }
+        tx.commit().await?; Ok(())
+    }
+
+    async fn delete(&self, key: &str) -> Result<()> {
+        sqlx::query!("DELETE FROM config WHERE key = ?", key).execute(&self.pool).await?;
+        Ok(())
+    }
+}
+```
+
+- [ ] **Step 3: Re-export**
+
+```rust
+// server/src/repo/mod.rs
+pub mod config;
+pub mod nav;
+pub mod sqlx_impl;
+pub use config::{ConfigRepo, SqlxConfigRepo};
+pub use nav::NavRepo;
+pub use sqlx_impl::SqlxNavRepo;
+```
+
+- [ ] **Step 4: Re-prepare and test**
+
+```bash
+cd server
+DATABASE_URL=sqlite:./dev-data/data.db cargo sqlx prepare -- --bin navsrv --tests
+cargo test --test repo_config
+cd ..
+```
+
+Expected: 2 PASS.
+
+- [ ] **Step 5: Commit**
+
+```bash
+git add server/src/repo/config.rs server/src/repo/mod.rs server/tests/repo_config.rs server/.sqlx
+git commit -m "feat(server): ConfigRepo (kv) sqlx impl with batch upsert"
+```
+
+### Task 16: AppState + wire repos into Axum
+
+**Files:**
+- Create: `server/src/state.rs`
+- Modify: `server/src/app.rs`, `server/src/main.rs`, `server/src/lib.rs`
+
+- [ ] **Step 1: Define `AppState`**
+
+```rust
+// server/src/state.rs
+use crate::repo::{ConfigRepo, NavRepo};
+use std::sync::Arc;
+
+#[derive(Clone)]
+pub struct AppState {
+    pub nav: Arc<dyn NavRepo>,
+    pub config: Arc<dyn ConfigRepo>,
+}
+
+impl AppState {
+    pub fn new(nav: Arc<dyn NavRepo>, config: Arc<dyn ConfigRepo>) -> Self {
+        Self { nav, config }
+    }
+}
+```
+
+- [ ] **Step 2: Make `app.rs` accept state**
+
+```rust
+// server/src/app.rs (replace previous)
+use axum::http::{header, HeaderValue, Request};
+use axum::Router;
+use tower_http::compression::CompressionLayer;
+use tower_http::set_header::SetResponseHeaderLayer;
+use tower_http::trace::{DefaultOnResponse, TraceLayer};
+use tracing::Level;
+
+use crate::routes;
+use crate::state::AppState;
+
+pub fn build_app(state: AppState) -> Router {
+    let trace = TraceLayer::new_for_http()
+        .make_span_with(|req: &Request<_>| {
+            let method = req.method();
+            let uri = req.uri().path();
+            tracing::info_span!("http", %method, %uri)
+        })
+        .on_response(DefaultOnResponse::new().level(Level::INFO));
+
+    Router::new()
+        .merge(routes::api(state.clone()))
+        .with_state(state)
+        .layer(trace)
+        .layer(CompressionLayer::new())
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::X_CONTENT_TYPE_OPTIONS,
+            HeaderValue::from_static("nosniff"),
+        ))
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::REFERRER_POLICY,
+            HeaderValue::from_static("same-origin"),
+        ))
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::X_FRAME_OPTIONS,
+            HeaderValue::from_static("DENY"),
+        ))
+}
+
+pub async fn build_app_for_tests() -> anyhow::Result<Router> {
+    use crate::db::connect_in_memory;
+    use crate::repo::{SqlxConfigRepo, SqlxNavRepo};
+    use std::sync::Arc;
+    let pool = connect_in_memory().await?;
+    let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg = Arc::new(SqlxConfigRepo::new(pool));
+    let state = AppState::new(nav, cfg);
+    Ok(build_app(state))
+}
+```
+
+- [ ] **Step 3: Update `routes/mod.rs` to take state**
+
+```rust
+// server/src/routes/mod.rs
+use axum::Router;
+
+pub mod health;
+
+use crate::state::AppState;
+
+pub fn api(state: AppState) -> Router {
+    Router::new()
+        .nest("/api", Router::new()
+            .merge(health::router()))
+        .with_state(state)
+}
+```
+
+(Health does not need state yet — but the wiring is here for later routes.)
+
+- [ ] **Step 4: Update `main.rs`**
+
+```rust
+// server/src/main.rs
+use anyhow::Context;
+use navsrv::{
+    app::build_app,
+    config::Settings,
+    db::{connect, migrate},
+    repo::{SqlxConfigRepo, SqlxNavRepo},
+    state::AppState,
+};
+use std::net::SocketAddr;
+use std::sync::Arc;
+use tokio::net::TcpListener;
+
+#[tokio::main]
+async fn main() -> anyhow::Result<()> {
+    let settings = Settings::load().context("load settings")?;
+    init_tracing(&settings.rust_log);
+
+    let pool = connect(&settings.db_url()).await.context("db connect")?;
+    migrate(&pool).await.context("migrate")?;
+
+    let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg = Arc::new(SqlxConfigRepo::new(pool));
+    let state = AppState::new(nav, cfg);
+
+    let app = build_app(state);
+    let addr = SocketAddr::from(([0, 0, 0, 0], settings.port));
+    let listener = TcpListener::bind(addr).await.context("bind")?;
+    tracing::info!(%addr, "navsrv listening");
+    axum::serve(listener, app).await.context("serve")?;
+    Ok(())
+}
+
+fn init_tracing(filter: &str) {
+    use tracing_subscriber::{fmt, EnvFilter};
+    let env = EnvFilter::try_new(filter).unwrap_or_else(|_| EnvFilter::new("info"));
+    fmt().with_env_filter(env).with_target(false).compact().init();
+}
+```
+
+- [ ] **Step 5: Re-export**
+
+```rust
+// server/src/lib.rs
+pub mod app;
+pub mod config;
+pub mod db;
+pub mod dto;
+pub mod error;
+pub mod repo;
+pub mod routes;
+pub mod state;
+```
+
+- [ ] **Step 6: Verify**
+
+```bash
+cd server
+cargo test
+cd ..
+```
+
+Expected: all green.
+
+- [ ] **Step 7: Commit**
+
+```bash
+git add server/src/state.rs server/src/app.rs server/src/main.rs server/src/routes/mod.rs server/src/lib.rs
+git commit -m "refactor(server): introduce AppState carrying repo trait objects"
+```
+
+---
+
+## Phase 3: Public Read API (Tasks 17–18)
+
+Goal: `GET /api/nav` returns the full bundle from the seeded DB.
+
+### Task 17: Build `NavBundle` from repos
+
+**Files:**
+- Create: `server/src/services/mod.rs`
+- Create: `server/src/services/bundle.rs`
+- Modify: `server/src/lib.rs`
+
+- [ ] **Step 1: Create the assembler**
+
+```rust
+// server/src/services/mod.rs
+pub mod bundle;
+```
+
+```rust
+// server/src/services/bundle.rs
+use crate::dto::*;
+use crate::error::Result;
+use crate::repo::{ConfigRepo, NavRepo};
+use std::sync::Arc;
+
+pub async fn assemble_bundle(
+    nav: Arc<dyn NavRepo>,
+    config: Arc<dyn ConfigRepo>,
+) -> Result<NavBundle> {
+    let (sites, groups, items, tags) = nav.get_bundle().await?;
+
+    let cfg = config.get_many(&[
+        "site_name", "site_avatar_path", "site_copyright",
+        "site_icp_text", "site_icp_url",
+        "site_police_text", "site_police_url",
+        "default_theme",
+    ]).await?;
+
+    let icp = match (cfg.get("site_icp_text").cloned(), cfg.get("site_icp_url").cloned()) {
+        (Some(text), Some(url)) => Some(Link { text, url }),
+        _ => None,
+    };
+    let police = match (cfg.get("site_police_text").cloned(), cfg.get("site_police_url").cloned()) {
+        (Some(text), Some(url)) => Some(Link { text, url }),
+        _ => None,
+    };
+
+    let meta = Meta {
+        site_name: cfg.get("site_name").cloned().unwrap_or_else(|| "Navigation".into()),
+        site_avatar_path: cfg.get("site_avatar_path").cloned(),
+        site_copyright: cfg.get("site_copyright").cloned().unwrap_or_default(),
+        site_icp: icp,
+        site_police: police,
+        default_theme: cfg.get("default_theme").cloned().unwrap_or_else(|| "system".into()),
+    };
+
+    Ok(NavBundle {
+        schema_version: 1,
+        meta,
+        sites,
+        groups,
+        items,
+        tags,
+    })
+}
+```
+
+- [ ] **Step 2: Re-export**
+
+```rust
+// server/src/lib.rs
+pub mod app;
+pub mod config;
+pub mod db;
+pub mod dto;
+pub mod error;
+pub mod repo;
+pub mod routes;
+pub mod services;
+pub mod state;
+```
+
+- [ ] **Step 3: Compile-check**
+
+```bash
+cd server
+cargo check
+cd ..
+```
+
+Expected: clean.
+
+- [ ] **Step 4: Commit**
+
+```bash
+git add server/src/services server/src/lib.rs
+git commit -m "feat(server): assemble_bundle service composing nav + config"
+```
+
+### Task 18: `GET /api/nav` handler
+
+**Files:**
+- Create: `server/src/routes/nav.rs`
+- Modify: `server/src/routes/mod.rs`
+- Create: `server/tests/api_nav.rs`
+
+- [ ] **Step 1: Write test first**
+
+```rust
+// server/tests/api_nav.rs
+use axum_test::TestServer;
+use navsrv::app::build_app_for_tests;
+
+#[tokio::test]
+async fn nav_endpoint_returns_empty_bundle_initially() {
+    let app = build_app_for_tests().await.unwrap();
+    let server = TestServer::new(app).unwrap();
+    let res = server.get("/api/nav").await;
+    res.assert_status_ok();
+    let body: serde_json::Value = res.json();
+    assert_eq!(body["schemaVersion"], 1);
+    assert!(body["sites"].as_array().unwrap().is_empty());
+    assert!(body["items"].as_array().unwrap().is_empty());
+    assert_eq!(body["meta"]["defaultTheme"], "system");
+}
+```
+
+- [ ] **Step 2: Use camelCase serialization**
+
+Modify `server/src/dto.rs` — add `#[serde(rename_all = "camelCase")]` to every struct that ends up in JSON. Apply to `Site`, `Group`, `Tag`, `Item`, `Meta`, `Link`, `NavBundle` (and write payloads):
+
+```rust
+// At top of every relevant struct, add the attribute. Example:
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct Site { /* ... */ }
+```
+
+Apply to all DTOs uniformly.
+
+- [ ] **Step 3: Write the handler**
+
+```rust
+// server/src/routes/nav.rs
+use axum::{extract::State, routing::get, Json, Router};
+
+use crate::dto::NavBundle;
+use crate::error::Result;
+use crate::services::bundle::assemble_bundle;
+use crate::state::AppState;
+
+pub fn router() -> Router<AppState> {
+    Router::new().route("/nav", get(get_nav))
+}
+
+async fn get_nav(State(s): State<AppState>) -> Result<Json<NavBundle>> {
+    let bundle = assemble_bundle(s.nav.clone(), s.config.clone()).await?;
+    Ok(Json(bundle))
+}
+```
+
+- [ ] **Step 4: Wire into `routes/mod.rs`**
+
+```rust
+// server/src/routes/mod.rs
+use axum::Router;
+
+pub mod health;
+pub mod nav;
+
+use crate::state::AppState;
+
+pub fn api(state: AppState) -> Router {
+    Router::new()
+        .nest("/api", Router::new()
+            .merge(health::router())
+            .merge(nav::router()))
+        .with_state(state)
+}
+```
+
+- [ ] **Step 5: Run tests**
+
+```bash
+cd server
+cargo test --test api_nav
+cd ..
+```
+
+Expected: PASS.
+
+- [ ] **Step 6: Commit**
+
+```bash
+git add server/src/routes server/src/dto.rs server/tests/api_nav.rs
+git commit -m "feat(server): GET /api/nav returns full NavBundle (camelCase)"
+```
+
+---
+
+## Phase 4: Authentication and Bootstrap (Tasks 19–28)
+
+Goal: single-admin password auth backed by bcrypt + signed session cookies stored in SQLite. First boot generates a password if env doesn't supply one and writes it to `INITIAL_PASSWORD.txt`. CLI subcommand `navsrv reset-password` for recovery.
+
+### Task 19: Password hashing utility
+
+**Files:**
+- Create: `server/src/auth/mod.rs`
+- Create: `server/src/auth/password.rs`
+- Modify: `server/src/lib.rs`
+
+- [ ] **Step 1: Test first**
+
+Create `server/src/auth/password.rs`:
+
+```rust
+//! bcrypt-based password hashing.
+
+use crate::error::{AppError, Result};
+
+pub const BCRYPT_COST: u32 = 12;
+
+pub fn hash(plain: &str) -> Result<String> {
+    if plain.is_empty() {
+        return Err(AppError::Validation("password must not be empty".into()));
+    }
+    Ok(bcrypt::hash(plain, BCRYPT_COST)?)
+}
+
+pub fn verify(plain: &str, hashed: &str) -> Result<bool> {
+    Ok(bcrypt::verify(plain, hashed)?)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn hash_then_verify_roundtrip() {
+        let h = hash("hunter2").unwrap();
+        assert!(verify("hunter2", &h).unwrap());
+        assert!(!verify("wrong", &h).unwrap());
+    }
+
+    #[test]
+    fn empty_password_rejected() {
+        let err = hash("").unwrap_err();
+        assert!(matches!(err, AppError::Validation(_)));
+    }
+}
+```
+
+- [ ] **Step 2: Module file**
+
+```rust
+// server/src/auth/mod.rs
+pub mod password;
+```
+
+- [ ] **Step 3: Re-export**
+
+```rust
+// server/src/lib.rs
+pub mod app;
+pub mod auth;
+pub mod config;
+pub mod db;
+pub mod dto;
+pub mod error;
+pub mod repo;
+pub mod routes;
+pub mod services;
+pub mod state;
+```
+
+- [ ] **Step 4: Run**
+
+```bash
+cd server
+cargo test --lib auth::password::tests
+cd ..
+```
+
+Expected: 2 PASS.
+
+- [ ] **Step 5: Commit**
+
+```bash
+git add server/src/auth server/src/lib.rs
+git commit -m "feat(server): bcrypt password hash/verify utility"
+```
+
+### Task 20: Bootstrap service — env or random + INITIAL_PASSWORD.txt
+
+**Files:**
+- Create: `server/src/services/bootstrap.rs`
+- Modify: `server/src/services/mod.rs`
+- Create: `server/tests/bootstrap.rs`
+
+- [ ] **Step 1: Write the failing test**
+
+```rust
+// server/tests/bootstrap.rs
+use navsrv::db::connect_in_memory;
+use navsrv::repo::{ConfigRepo, SqlxConfigRepo};
+use navsrv::services::bootstrap::{ensure_admin_password, BootstrapOutcome};
+use std::sync::Arc;
+use tempfile::TempDir;
+
+#[tokio::test]
+async fn first_boot_with_env_writes_hash_only() {
+    let pool = connect_in_memory().await.unwrap();
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool));
+    let dir = TempDir::new().unwrap();
+
+    let out = ensure_admin_password(cfg.clone(), dir.path(), Some("env-pw".into()))
+        .await
+        .unwrap();
+    assert!(matches!(out, BootstrapOutcome::SetFromEnv));
+    assert!(cfg.get("admin_password_hash").await.unwrap().is_some());
+    assert!(!dir.path().join("INITIAL_PASSWORD.txt").exists());
+}
+
+#[tokio::test]
+async fn first_boot_without_env_generates_and_writes_file() {
+    let pool = connect_in_memory().await.unwrap();
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool));
+    let dir = TempDir::new().unwrap();
+
+    let out = ensure_admin_password(cfg.clone(), dir.path(), None).await.unwrap();
+    let pw = match out {
+        BootstrapOutcome::Generated(pw) => pw,
+        _ => panic!("expected Generated"),
+    };
+    assert_eq!(pw.len(), 24);
+    let path = dir.path().join("INITIAL_PASSWORD.txt");
+    assert!(path.exists());
+    let content = std::fs::read_to_string(&path).unwrap();
+    assert!(content.contains(&pw));
+}
+
+#[tokio::test]
+async fn second_boot_is_idempotent() {
+    let pool = connect_in_memory().await.unwrap();
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool));
+    let dir = TempDir::new().unwrap();
+
+    ensure_admin_password(cfg.clone(), dir.path(), Some("first".into())).await.unwrap();
+    let out = ensure_admin_password(cfg.clone(), dir.path(), Some("ignored".into())).await.unwrap();
+    assert!(matches!(out, BootstrapOutcome::AlreadySet));
+}
+```
+
+- [ ] **Step 2: Implement service**
+
+```rust
+// server/src/services/bootstrap.rs
+use crate::auth::password;
+use crate::error::Result;
+use crate::repo::ConfigRepo;
+use rand::distributions::{Alphanumeric, DistString};
+use std::path::Path;
+use std::sync::Arc;
+
+const PASSWORD_LEN: usize = 24;
+
+pub enum BootstrapOutcome {
+    AlreadySet,
+    SetFromEnv,
+    Generated(String),
+}
+
+pub async fn ensure_admin_password(
+    config: Arc<dyn ConfigRepo>,
+    data_dir: &Path,
+    env_password: Option<String>,
+) -> Result<BootstrapOutcome> {
+    if config.get("admin_password_hash").await?.is_some() {
+        return Ok(BootstrapOutcome::AlreadySet);
+    }
+
+    let now = chrono::Utc::now().timestamp_millis().to_string();
+
+    if let Some(pw) = env_password.filter(|s| !s.is_empty()) {
+        let hash = password::hash(&pw)?;
+        config.upsert_many(&[
+            ("admin_password_hash", &hash),
+            ("admin_password_updated_at", &now),
+        ]).await?;
+        tracing::warn!(
+            "Admin password set from env. Please change it via UI immediately."
+        );
+        return Ok(BootstrapOutcome::SetFromEnv);
+    }
+
+    let pw = Alphanumeric.sample_string(&mut rand::thread_rng(), PASSWORD_LEN);
+    let hash = password::hash(&pw)?;
+    config.upsert_many(&[
+        ("admin_password_hash", &hash),
+        ("admin_password_updated_at", &now),
+    ]).await?;
+
+    let path = data_dir.join("INITIAL_PASSWORD.txt");
+    let body = format!(
+        "Initial admin password (single use):\n{pw}\n\n\
+        After logging in and changing the password via UI, this file is deleted automatically.\n"
+    );
+    std::fs::write(&path, body)?;
+    #[cfg(unix)]
+    {
+        use std::os::unix::fs::PermissionsExt;
+        let perms = std::fs::Permissions::from_mode(0o600);
+        std::fs::set_permissions(&path, perms)?;
+    }
+    tracing::warn!(?path, "Generated initial admin password — see file above");
+    tracing::warn!("INITIAL ADMIN PASSWORD: {pw}");
+
+    Ok(BootstrapOutcome::Generated(pw))
+}
+```
+
+- [ ] **Step 3: Re-export**
+
+```rust
+// server/src/services/mod.rs
+pub mod bootstrap;
+pub mod bundle;
+```
+
+- [ ] **Step 4: Run tests**
+
+```bash
+cd server
+cargo test --test bootstrap
+cd ..
+```
+
+Expected: 3 PASS.
+
+- [ ] **Step 5: Commit**
+
+```bash
+git add server/src/services server/tests/bootstrap.rs
+git commit -m "feat(server): bootstrap admin password (env or random+INITIAL_PASSWORD.txt)"
+```
+
+### Task 21: Wire `tower-sessions` with SQLite store
+
+**Files:**
+- Create: `server/src/auth/session.rs`
+- Modify: `server/src/auth/mod.rs`, `server/src/app.rs`, `server/src/main.rs`, `server/migrations/0001_init.sql`
+
+- [ ] **Step 1: Add the `tower_sessions_sqlx_store` table to migration**
+
+Append to `server/migrations/0001_init.sql`:
+
+```sql
+CREATE TABLE tower_sessions (
+  id          TEXT PRIMARY KEY NOT NULL,
+  data        BLOB NOT NULL,
+  expiry_date INTEGER NOT NULL
+);
+```
+
+- [ ] **Step 2: Session helper**
+
+```rust
+// server/src/auth/session.rs
+use sqlx::SqlitePool;
+use std::time::Duration;
+use tower_sessions::cookie::time::Duration as CookieDur;
+use tower_sessions::cookie::SameSite;
+use tower_sessions::{Expiry, SessionManagerLayer};
+use tower_sessions_sqlx_store::SqliteStore;
+
+pub const SESSION_KEY_AUTHED: &str = "authed";
+
+pub fn layer(pool: SqlitePool, secure: bool) -> SessionManagerLayer<SqliteStore> {
+    let store = SqliteStore::new(pool).with_table_name("tower_sessions").expect("valid table");
+    SessionManagerLayer::new(store)
+        .with_name("__Host-sid")
+        .with_secure(secure)
+        .with_http_only(true)
+        .with_same_site(SameSite::Lax)
+        .with_expiry(Expiry::OnInactivity(CookieDur::days(30)))
+}
+
+/// Background task: prune expired sessions every hour.
+pub async fn run_pruner(pool: SqlitePool) {
+    let mut tick = tokio::time::interval(Duration::from_secs(3600));
+    loop {
+        tick.tick().await;
+        let now = chrono::Utc::now().timestamp_millis();
+        if let Err(e) = sqlx::query("DELETE FROM tower_sessions WHERE expiry_date < ?")
+            .bind(now)
+            .execute(&pool)
+            .await
+        {
+            tracing::warn!(error = %e, "session pruner failed");
+        }
+    }
+}
+```
+
+- [ ] **Step 3: Re-export**
+
+```rust
+// server/src/auth/mod.rs
+pub mod password;
+pub mod session;
+```
+
+- [ ] **Step 4: Update `app.rs` to accept the session layer**
+
+```rust
+// server/src/app.rs (replace previous)
+use axum::http::{header, HeaderValue, Request};
+use axum::Router;
+use tower_http::compression::CompressionLayer;
+use tower_http::set_header::SetResponseHeaderLayer;
+use tower_http::trace::{DefaultOnResponse, TraceLayer};
+use tower_sessions::SessionManagerLayer;
+use tower_sessions_sqlx_store::SqliteStore;
+use tracing::Level;
+
+use crate::routes;
+use crate::state::AppState;
+
+pub fn build_app(
+    state: AppState,
+    session_layer: SessionManagerLayer<SqliteStore>,
+) -> Router {
+    let trace = TraceLayer::new_for_http()
+        .make_span_with(|req: &Request<_>| {
+            let method = req.method();
+            let uri = req.uri().path();
+            tracing::info_span!("http", %method, %uri)
+        })
+        .on_response(DefaultOnResponse::new().level(Level::INFO));
+
+    Router::new()
+        .merge(routes::api(state.clone()))
+        .with_state(state)
+        .layer(session_layer)
+        .layer(trace)
+        .layer(CompressionLayer::new())
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::X_CONTENT_TYPE_OPTIONS,
+            HeaderValue::from_static("nosniff"),
+        ))
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::REFERRER_POLICY,
+            HeaderValue::from_static("same-origin"),
+        ))
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::X_FRAME_OPTIONS,
+            HeaderValue::from_static("DENY"),
+        ))
+}
+
+pub async fn build_app_for_tests() -> anyhow::Result<Router> {
+    use crate::auth::session::layer as session_layer;
+    use crate::db::connect_in_memory;
+    use crate::repo::{SqlxConfigRepo, SqlxNavRepo};
+    use std::sync::Arc;
+    let pool = connect_in_memory().await?;
+    let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    let state = AppState::new(nav, cfg);
+    Ok(build_app(state, session_layer(pool, false)))
+}
+```
+
+- [ ] **Step 5: Update `main.rs`**
+
+```rust
+// server/src/main.rs (extend after `migrate(...)`)
+use anyhow::Context;
+use navsrv::{
+    app::build_app,
+    auth::session::{layer as session_layer, run_pruner},
+    config::Settings,
+    db::{connect, migrate},
+    repo::{SqlxConfigRepo, SqlxNavRepo},
+    services::bootstrap::ensure_admin_password,
+    state::AppState,
+};
+use std::net::SocketAddr;
+use std::sync::Arc;
+use tokio::net::TcpListener;
+
+#[tokio::main]
+async fn main() -> anyhow::Result<()> {
+    let settings = Settings::load().context("load settings")?;
+    init_tracing(&settings.rust_log);
+
+    let pool = connect(&settings.db_url()).await.context("db connect")?;
+    migrate(&pool).await.context("migrate")?;
+
+    let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg = Arc::new(SqlxConfigRepo::new(pool.clone()));
+
+    ensure_admin_password(cfg.clone(), &settings.data_dir, settings.bootstrap_admin_password.clone()).await?;
+
+    let state = AppState::new(nav, cfg);
+    let app = build_app(state, session_layer(pool.clone(), settings.secure_cookies));
+    tokio::spawn(run_pruner(pool));
+
+    let addr = SocketAddr::from(([0, 0, 0, 0], settings.port));
+    let listener = TcpListener::bind(addr).await.context("bind")?;
+    tracing::info!(%addr, "navsrv listening");
+    axum::serve(listener, app).await.context("serve")?;
+    Ok(())
+}
+
+fn init_tracing(filter: &str) {
+    use tracing_subscriber::{fmt, EnvFilter};
+    let env = EnvFilter::try_new(filter).unwrap_or_else(|_| EnvFilter::new("info"));
+    fmt().with_env_filter(env).with_target(false).compact().init();
+}
+```
+
+- [ ] **Step 6: Re-prepare and test**
+
+```bash
+cd server
+DATABASE_URL=sqlite:./dev-data/data.db cargo sqlx prepare -- --bin navsrv --tests
+cargo test
+cd ..
+```
+
+Expected: all green.
+
+- [ ] **Step 7: Commit**
+
+```bash
+git add server/src/auth server/src/app.rs server/src/main.rs server/migrations/0001_init.sql server/.sqlx
+git commit -m "feat(server): tower-sessions wired with SQLite store + 30d sliding cookie"
+```
+
+### Task 22: `POST /api/auth/login` + rate limit
+
+**Files:**
+- Create: `server/src/routes/auth.rs`
+- Modify: `server/src/routes/mod.rs`
+- Create: `server/tests/api_auth.rs`
+
+- [ ] **Step 1: Write failing test**
+
+```rust
+// server/tests/api_auth.rs
+use axum_test::TestServer;
+use navsrv::app::build_app_for_tests;
+use navsrv::auth::password;
+use navsrv::repo::{ConfigRepo, SqlxConfigRepo};
+use navsrv::db::connect_in_memory;
+
+async fn server_with_password(pw: &str) -> (TestServer, std::sync::Arc<dyn ConfigRepo>) {
+    use navsrv::app::build_app;
+    use navsrv::auth::session::layer as session_layer;
+    use navsrv::repo::SqlxNavRepo;
+    use navsrv::state::AppState;
+    use std::sync::Arc;
+    let pool = connect_in_memory().await.unwrap();
+    let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    cfg.upsert("admin_password_hash", &password::hash(pw).unwrap()).await.unwrap();
+    let state = AppState::new(nav, cfg.clone());
+    let app = build_app(state, session_layer(pool, false));
+    (TestServer::new(app).unwrap(), cfg)
+}
+
+#[tokio::test]
+async fn login_with_correct_password_returns_204_and_cookie() {
+    let (server, _cfg) = server_with_password("hunter2").await;
+    let res = server.post("/api/auth/login").json(&serde_json::json!({"password":"hunter2"})).await;
+    res.assert_status(axum::http::StatusCode::NO_CONTENT);
+    assert!(res.cookie("__Host-sid").value().len() > 0);
+}
+
+#[tokio::test]
+async fn login_with_wrong_password_returns_401() {
+    let (server, _) = server_with_password("hunter2").await;
+    let res = server.post("/api/auth/login").json(&serde_json::json!({"password":"nope"})).await;
+    res.assert_status(axum::http::StatusCode::UNAUTHORIZED);
+}
+
+#[tokio::test]
+async fn me_unauth_returns_false() {
+    let app = build_app_for_tests().await.unwrap();
+    let server = TestServer::new(app).unwrap();
+    let res = server.get("/api/auth/me").await;
+    res.assert_status_ok();
+    res.assert_json(&serde_json::json!({"authenticated": false}));
+}
+
+#[tokio::test]
+async fn logout_clears_session() {
+    let (mut server, _) = server_with_password("hunter2").await;
+    server.do_save_cookies();
+    server.post("/api/auth/login").json(&serde_json::json!({"password":"hunter2"})).await
+        .assert_status(axum::http::StatusCode::NO_CONTENT);
+    server.get("/api/auth/me").await.assert_json(&serde_json::json!({"authenticated": true}));
+    server.post("/api/auth/logout").await.assert_status(axum::http::StatusCode::NO_CONTENT);
+    server.get("/api/auth/me").await.assert_json(&serde_json::json!({"authenticated": false}));
+}
+```
+
+- [ ] **Step 2: Implement handlers**
+
+```rust
+// server/src/routes/auth.rs
+use axum::{extract::State, http::StatusCode, routing::{get, post}, Json, Router};
+use serde::Deserialize;
+use serde_json::json;
+use tower_sessions::Session;
+
+use crate::auth::password;
+use crate::auth::session::SESSION_KEY_AUTHED;
+use crate::error::{AppError, Result};
+use crate::state::AppState;
+
+pub fn router() -> Router<AppState> {
+    Router::new()
+        .route("/auth/login",  post(login))
+        .route("/auth/logout", post(logout))
+        .route("/auth/me",     get(me))
+}
+
+#[derive(Deserialize)]
+struct LoginBody { password: String }
+
+async fn login(
+    State(s): State<AppState>,
+    session: Session,
+    Json(body): Json<LoginBody>,
+) -> Result<StatusCode> {
+    let hashed = s.config.get("admin_password_hash").await?
+        .ok_or(AppError::Unauthenticated)?;
+    if !password::verify(&body.password, &hashed)? {
+        return Err(AppError::Unauthenticated);
+    }
+    session.insert(SESSION_KEY_AUTHED, true).await
+        .map_err(|e| AppError::Other(anyhow::anyhow!(e)))?;
+    Ok(StatusCode::NO_CONTENT)
+}
+
+async fn logout(session: Session) -> Result<StatusCode> {
+    session.flush().await
+        .map_err(|e| AppError::Other(anyhow::anyhow!(e)))?;
+    Ok(StatusCode::NO_CONTENT)
+}
+
+async fn me(session: Session) -> Result<Json<serde_json::Value>> {
+    let authed = session.get::<bool>(SESSION_KEY_AUTHED).await
+        .map_err(|e| AppError::Other(anyhow::anyhow!(e)))?
+        .unwrap_or(false);
+    Ok(Json(json!({ "authenticated": authed })))
+}
+```
+
+- [ ] **Step 3: Mount router**
+
+```rust
+// server/src/routes/mod.rs (replace)
+use axum::Router;
+
+pub mod auth;
+pub mod health;
+pub mod nav;
+
+use crate::state::AppState;
+
+pub fn api(state: AppState) -> Router {
+    Router::new()
+        .nest("/api", Router::new()
+            .merge(health::router())
+            .merge(nav::router())
+            .merge(auth::router()))
+        .with_state(state)
+}
+```
+
+- [ ] **Step 4: Re-prepare and test**
+
+```bash
+cd server
+DATABASE_URL=sqlite:./dev-data/data.db cargo sqlx prepare -- --bin navsrv --tests
+cargo test --test api_auth
+cd ..
+```
+
+Expected: 4 PASS.
+
+- [ ] **Step 5: Commit**
+
+```bash
+git add server/src/routes server/tests/api_auth.rs server/.sqlx
+git commit -m "feat(server): /api/auth login/logout/me with bcrypt + session"
+```
+
+### Task 23: `RequireAuth` extractor
+
+**Files:**
+- Create: `server/src/auth/middleware.rs`
+- Modify: `server/src/auth/mod.rs`
+
+- [ ] **Step 1: Write extractor**
+
+```rust
+// server/src/auth/middleware.rs
+use axum::async_trait;
+use axum::extract::FromRequestParts;
+use axum::http::request::Parts;
+use tower_sessions::Session;
+
+use crate::auth::session::SESSION_KEY_AUTHED;
+use crate::error::AppError;
+
+pub struct RequireAuth;
+
+#[async_trait]
+impl<S> FromRequestParts<S> for RequireAuth
+where
+    S: Send + Sync,
+{
+    type Rejection = AppError;
+
+    async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
+        let session = Session::from_request_parts(parts, state)
+            .await
+            .map_err(|_| AppError::Unauthenticated)?;
+        let authed = session.get::<bool>(SESSION_KEY_AUTHED).await
+            .map_err(|_| AppError::Unauthenticated)?
+            .unwrap_or(false);
+        if authed { Ok(Self) } else { Err(AppError::Unauthenticated) }
+    }
+}
+```
+
+- [ ] **Step 2: Re-export**
+
+```rust
+// server/src/auth/mod.rs
+pub mod middleware;
+pub mod password;
+pub mod session;
+pub use middleware::RequireAuth;
+```
+
+- [ ] **Step 3: Compile-check**
+
+```bash
+cd server
+cargo check
+cd ..
+```
+
+Expected: clean.
+
+- [ ] **Step 4: Commit**
+
+```bash
+git add server/src/auth
+git commit -m "feat(server): RequireAuth extractor returning 401 when unauthenticated"
+```
+
+### Task 24: Login rate limit (`tower-governor`)
+
+**Files:**
+- Modify: `server/src/routes/auth.rs`, `server/src/routes/mod.rs`
+
+- [ ] **Step 1: Wrap login route with governor**
+
+```rust
+// server/src/routes/auth.rs (top of file, replace router())
+use std::sync::Arc;
+use tower_governor::governor::GovernorConfigBuilder;
+use tower_governor::GovernorLayer;
+
+pub fn router() -> Router<AppState> {
+    let conf = GovernorConfigBuilder::default()
+        .per_second(180)             // 5 attempts per 15 minutes ≈ 1 per 180s
+        .burst_size(5)
+        .finish()
+        .expect("governor config");
+    let governor = GovernorLayer { config: Arc::new(conf) };
+
+    Router::new()
+        .route("/auth/login", post(login).layer(governor))
+        .route("/auth/logout", post(logout))
+        .route("/auth/me", get(me))
+}
+```
+
+- [ ] **Step 2: Map governor's response to `AppError::RateLimited`**
+
+`tower-governor` returns `429 Too Many Requests` automatically with a `text/plain` body. We accept that as-is (matches our error code semantically); no extra mapping needed.
+
+- [ ] **Step 3: Run tests (rate limit test would be flaky in CI; we keep it manual)**
+
+```bash
+cd server
+cargo test --test api_auth
+cd ..
+```
+
+Expected: still PASS.
+
+- [ ] **Step 4: Commit**
+
+```bash
+git add server/src/routes/auth.rs
+git commit -m "feat(server): rate-limit /api/auth/login (5 burst per 15 min)"
+```
+
+### Task 25: `POST /api/config/password` + auto-delete `INITIAL_PASSWORD.txt`
+
+**Files:**
+- Create: `server/src/routes/config.rs`
+- Modify: `server/src/routes/mod.rs`
+- Modify: `server/src/state.rs` (add data_dir reference)
+- Create: `server/tests/api_config_password.rs`
+
+- [ ] **Step 1: Extend `AppState` to know `data_dir`**
+
+```rust
+// server/src/state.rs
+use crate::repo::{ConfigRepo, NavRepo};
+use std::path::PathBuf;
+use std::sync::Arc;
+
+#[derive(Clone)]
+pub struct AppState {
+    pub nav: Arc<dyn NavRepo>,
+    pub config: Arc<dyn ConfigRepo>,
+    pub data_dir: PathBuf,
+}
+
+impl AppState {
+    pub fn new(nav: Arc<dyn NavRepo>, config: Arc<dyn ConfigRepo>, data_dir: PathBuf) -> Self {
+        Self { nav, config, data_dir }
+    }
+}
+```
+
+- [ ] **Step 2: Update construction sites**
+
+In `server/src/main.rs` change `AppState::new(nav, cfg)` → `AppState::new(nav, cfg, settings.data_dir.clone())`.
+
+In `server/src/app.rs::build_app_for_tests`, set `data_dir = std::env::temp_dir()`:
+
+```rust
+    let state = AppState::new(nav, cfg.clone(), std::env::temp_dir());
+```
+
+- [ ] **Step 3: Test first**
+
+```rust
+// server/tests/api_config_password.rs
+use axum_test::TestServer;
+use navsrv::app::build_app;
+use navsrv::auth::{password, session::layer as session_layer};
+use navsrv::db::connect_in_memory;
+use navsrv::repo::{ConfigRepo, SqlxConfigRepo, SqlxNavRepo};
+use navsrv::state::AppState;
+use std::sync::Arc;
+use tempfile::TempDir;
+
+async fn boot() -> (TestServer, std::sync::Arc<dyn ConfigRepo>, TempDir) {
+    let pool = connect_in_memory().await.unwrap();
+    let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    cfg.upsert("admin_password_hash", &password::hash("old").unwrap()).await.unwrap();
+    let dir = TempDir::new().unwrap();
+    std::fs::write(dir.path().join("INITIAL_PASSWORD.txt"), "old").unwrap();
+    let state = AppState::new(nav, cfg.clone(), dir.path().to_path_buf());
+    let app = build_app(state, session_layer(pool, false));
+    let mut server = TestServer::new(app).unwrap();
+    server.do_save_cookies();
+    server.post("/api/auth/login").json(&serde_json::json!({"password":"old"})).await
+        .assert_status_success();
+    (server, cfg, dir)
+}
+
+#[tokio::test]
+async fn change_password_replaces_hash_and_deletes_initial_file() {
+    let (server, cfg, dir) = boot().await;
+    let res = server.post("/api/config/password")
+        .json(&serde_json::json!({"current":"old","next":"newPwLongEnough"}))
+        .await;
+    res.assert_status(axum::http::StatusCode::NO_CONTENT);
+
+    let h = cfg.get("admin_password_hash").await.unwrap().unwrap();
+    assert!(password::verify("newPwLongEnough", &h).unwrap());
+    assert!(!password::verify("old", &h).unwrap());
+
+    assert!(!dir.path().join("INITIAL_PASSWORD.txt").exists(),
+        "INITIAL_PASSWORD.txt should be deleted after first successful change");
+}
+
+#[tokio::test]
+async fn change_password_with_wrong_current_returns_401() {
+    let (server, _cfg, _dir) = boot().await;
+    server.post("/api/config/password")
+        .json(&serde_json::json!({"current":"WRONG","next":"newPwLongEnough"}))
+        .await
+        .assert_status(axum::http::StatusCode::UNAUTHORIZED);
+}
+```
+
+- [ ] **Step 4: Implement**
+
+```rust
+// server/src/routes/config.rs
+use axum::{extract::State, http::StatusCode, routing::{patch, post}, Json, Router};
+use serde::Deserialize;
+
+use crate::auth::{password, RequireAuth};
+use crate::error::{AppError, Result};
+use crate::state::AppState;
+
+pub fn router() -> Router<AppState> {
+    Router::new()
+        .route("/config", patch(patch_config))
+        .route("/config/password", post(change_password))
+}
+
+#[derive(Deserialize)]
+struct ConfigEntry { key: String, value: String }
+
+async fn patch_config(
+    _auth: RequireAuth,
+    State(s): State<AppState>,
+    Json(items): Json<Vec<ConfigEntry>>,
+) -> Result<StatusCode> {
+    let pairs: Vec<(&str, &str)> = items.iter().map(|i| (i.key.as_str(), i.value.as_str())).collect();
+    s.config.upsert_many(&pairs).await?;
+    Ok(StatusCode::NO_CONTENT)
+}
+
+#[derive(Deserialize)]
+struct ChangePassword { current: String, next: String }
+
+async fn change_password(
+    _auth: RequireAuth,
+    State(s): State<AppState>,
+    Json(body): Json<ChangePassword>,
+) -> Result<StatusCode> {
+    if body.next.len() < 8 {
+        return Err(AppError::Validation("password must be at least 8 chars".into()));
+    }
+    let current_hash = s.config.get("admin_password_hash").await?
+        .ok_or(AppError::Unauthenticated)?;
+    if !password::verify(&body.current, &current_hash)? {
+        return Err(AppError::Unauthenticated);
+    }
+    let new_hash = password::hash(&body.next)?;
+    let now = chrono::Utc::now().timestamp_millis().to_string();
+    s.config.upsert_many(&[
+        ("admin_password_hash", &new_hash),
+        ("admin_password_updated_at", &now),
+    ]).await?;
+
+    let initial = s.data_dir.join("INITIAL_PASSWORD.txt");
+    if initial.exists() {
+        if let Err(e) = std::fs::remove_file(&initial) {
+            tracing::warn!(error=%e, ?initial, "failed to remove INITIAL_PASSWORD.txt");
+        }
+    }
+    Ok(StatusCode::NO_CONTENT)
+}
+```
+
+- [ ] **Step 5: Mount**
+
+```rust
+// server/src/routes/mod.rs (replace)
+use axum::Router;
+
+pub mod auth;
+pub mod config;
+pub mod health;
+pub mod nav;
+
+use crate::state::AppState;
+
+pub fn api(state: AppState) -> Router {
+    Router::new()
+        .nest("/api", Router::new()
+            .merge(health::router())
+            .merge(nav::router())
+            .merge(auth::router())
+            .merge(config::router()))
+        .with_state(state)
+}
+```
+
+- [ ] **Step 6: Run tests**
+
+```bash
+cd server
+cargo test --test api_config_password
+cd ..
+```
+
+Expected: 2 PASS.
+
+- [ ] **Step 7: Commit**
+
+```bash
+git add server/src/routes server/src/state.rs server/src/main.rs server/src/app.rs server/tests/api_config_password.rs
+git commit -m "feat(server): change-password endpoint deletes INITIAL_PASSWORD.txt on success"
+```
+
+### Task 26: CLI `navsrv reset-password` (clap-derive)
+
+**Files:**
+- Create: `server/src/cli.rs`
+- Modify: `server/src/main.rs`, `server/src/lib.rs`
+- Create: `server/tests/cli.rs`
+
+- [ ] **Step 1: Write the CLI module**
+
+```rust
+// server/src/cli.rs
+use anyhow::Context;
+use clap::{Parser, Subcommand};
+use std::io::{self, Write};
+
+use crate::auth::password;
+use crate::config::Settings;
+use crate::db::{connect, migrate};
+use crate::repo::{ConfigRepo, SqlxConfigRepo};
+
+#[derive(Parser, Debug)]
+#[command(name = "navsrv", version)]
+pub struct Cli {
+    #[command(subcommand)]
+    pub command: Option<Command>,
+}
+
+#[derive(Subcommand, Debug)]
+pub enum Command {
+    /// Reset the admin password. Reads new password from --password or stdin.
+    ResetPassword {
+        /// New password. If omitted, prompted on stdin.
+        #[arg(long)]
+        password: Option<String>,
+    },
+}
+
+pub async fn run_command(cmd: Command) -> anyhow::Result<()> {
+    match cmd {
+        Command::ResetPassword { password: maybe } => {
+            let settings = Settings::load()?;
+            let pool = connect(&settings.db_url()).await.context("db connect")?;
+            migrate(&pool).await.context("migrate")?;
+            let cfg: std::sync::Arc<dyn ConfigRepo> =
+                std::sync::Arc::new(SqlxConfigRepo::new(pool.clone()));
+            let pw = match maybe {
+                Some(p) => p,
+                None => {
+                    let mut buf = String::new();
+                    print!("New admin password: "); io::stdout().flush().ok();
+                    io::stdin().read_line(&mut buf).context("read stdin")?;
+                    buf.trim().to_string()
+                }
+            };
+            if pw.len() < 8 {
+                anyhow::bail!("password must be at least 8 chars");
+            }
+            let hash = password::hash(&pw)?;
+            let now = chrono::Utc::now().timestamp_millis().to_string();
+            cfg.upsert_many(&[
+                ("admin_password_hash", &hash),
+                ("admin_password_updated_at", &now),
+            ]).await?;
+
+            // Invalidate all sessions.
+            sqlx::query("DELETE FROM tower_sessions").execute(&pool).await?;
+
+            // Remove leftover INITIAL_PASSWORD.txt if any.
+            let initial = settings.data_dir.join("INITIAL_PASSWORD.txt");
+            if initial.exists() { let _ = std::fs::remove_file(&initial); }
+
+            println!("Admin password reset; all sessions invalidated.");
+            Ok(())
+        }
+    }
+}
+```
+
+- [ ] **Step 2: Re-export**
+
+```rust
+// server/src/lib.rs (add `cli`)
+pub mod app;
+pub mod auth;
+pub mod cli;
+pub mod config;
+pub mod db;
+pub mod dto;
+pub mod error;
+pub mod repo;
+pub mod routes;
+pub mod services;
+pub mod state;
+```
+
+- [ ] **Step 3: Branch in `main.rs`**
+
+```rust
+// server/src/main.rs (replace)
+use anyhow::Context;
+use clap::Parser;
+use navsrv::{
+    app::build_app,
+    auth::session::{layer as session_layer, run_pruner},
+    cli::{Cli, Command, run_command},
+    config::Settings,
+    db::{connect, migrate},
+    repo::{SqlxConfigRepo, SqlxNavRepo},
+    services::bootstrap::ensure_admin_password,
+    state::AppState,
+};
+use std::net::SocketAddr;
+use std::sync::Arc;
+use tokio::net::TcpListener;
+
+#[tokio::main]
+async fn main() -> anyhow::Result<()> {
+    let cli = Cli::parse();
+    let settings = Settings::load().context("load settings")?;
+    init_tracing(&settings.rust_log);
+
+    if let Some(cmd) = cli.command {
+        return run_command(cmd).await;
+    }
+
+    let pool = connect(&settings.db_url()).await.context("db connect")?;
+    migrate(&pool).await.context("migrate")?;
+
+    let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg = Arc::new(SqlxConfigRepo::new(pool.clone()));
+
+    ensure_admin_password(cfg.clone(), &settings.data_dir, settings.bootstrap_admin_password.clone()).await?;
+
+    let state = AppState::new(nav, cfg, settings.data_dir.clone());
+    let app = build_app(state, session_layer(pool.clone(), settings.secure_cookies));
+    tokio::spawn(run_pruner(pool));
+
+    let addr = SocketAddr::from(([0, 0, 0, 0], settings.port));
+    let listener = TcpListener::bind(addr).await.context("bind")?;
+    tracing::info!(%addr, "navsrv listening");
+    axum::serve(listener, app).await.context("serve")?;
+    Ok(())
+}
+
+fn init_tracing(filter: &str) {
+    use tracing_subscriber::{fmt, EnvFilter};
+    let env = EnvFilter::try_new(filter).unwrap_or_else(|_| EnvFilter::new("info"));
+    fmt().with_env_filter(env).with_target(false).compact().init();
+}
+```
+
+- [ ] **Step 4: Integration test driving the CLI directly**
+
+```rust
+// server/tests/cli.rs
+use navsrv::auth::password;
+use navsrv::cli::{run_command, Command};
+use navsrv::config::Settings;
+
+#[tokio::test]
+async fn reset_password_flow() {
+    let dir = tempfile::TempDir::new().unwrap();
+    std::env::set_var("DATA_DIR", dir.path());
+    std::env::remove_var("BOOTSTRAP_ADMIN_PASSWORD");
+    std::env::set_var("RUST_LOG", "warn");
+    // Touch a fake initial password file to ensure it gets removed.
+    std::fs::write(dir.path().join("INITIAL_PASSWORD.txt"), "old").unwrap();
+
+    run_command(Command::ResetPassword { password: Some("brand-new-pw".into()) }).await.unwrap();
+
+    let s = Settings::load().unwrap();
+    let pool = navsrv::db::connect(&s.db_url()).await.unwrap();
+    let h: (String,) = sqlx::query_as("SELECT value FROM config WHERE key='admin_password_hash'")
+        .fetch_one(&pool).await.unwrap();
+    assert!(password::verify("brand-new-pw", &h.0).unwrap());
+    assert!(!dir.path().join("INITIAL_PASSWORD.txt").exists());
+
+    // cleanup env
+    std::env::remove_var("DATA_DIR");
+}
+```
+
+> Note: this test mutates process env; mark it `#[serial]` if more env-touching tests are added later.
+
+- [ ] **Step 5: Run**
+
+```bash
+cd server
+cargo test --test cli
+cd ..
+```
+
+Expected: PASS.
+
+- [ ] **Step 6: Commit**
+
+```bash
+git add server/src/cli.rs server/src/main.rs server/src/lib.rs server/tests/cli.rs
+git commit -m "feat(server): CLI 'reset-password' subcommand invalidates sessions"
+```
+
+---
+
+## Phase 5: CRUD Endpoints (Tasks 27–32)
+
+Goal: write endpoints for items / groups / sites / tags / icons / favicon, all gated by `RequireAuth`.
+
+### Task 27: items CRUD + reorder endpoints
+
+**Files:**
+- Create: `server/src/routes/items.rs`
+- Modify: `server/src/routes/mod.rs`
+- Create: `server/tests/api_items.rs`
+
+- [ ] **Step 1: Test first**
+
+```rust
+// server/tests/api_items.rs
+use axum_test::TestServer;
+use navsrv::app::build_app;
+use navsrv::auth::{password, session::layer as session_layer};
+use navsrv::db::connect_in_memory;
+use navsrv::repo::{ConfigRepo, SqlxConfigRepo, SqlxNavRepo, NavRepo};
+use navsrv::state::AppState;
+use navsrv::dto::{GroupPayload, SitePayload};
+use std::sync::Arc;
+
+async fn auth_server() -> (TestServer, i64) {
+    let pool = connect_in_memory().await.unwrap();
+    let nav: Arc<dyn NavRepo> = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    cfg.upsert("admin_password_hash", &password::hash("pw").unwrap()).await.unwrap();
+    let g = nav.create_group(GroupPayload { slug: "tools".into(), name:"Tools".into(), name_i18n: None, collapsed_default: false }).await.unwrap();
+    nav.create_site(SitePayload { value: "shangHai".into(), name:"上海".into(), name_i18n: None, is_default: true }).await.unwrap();
+
+    let state = AppState::new(nav, cfg, std::env::temp_dir());
+    let app = build_app(state, session_layer(pool, false));
+    let mut server = TestServer::new(app).unwrap();
+    server.do_save_cookies();
+    server.post("/api/auth/login").json(&serde_json::json!({"password":"pw"})).await
+        .assert_status_success();
+    (server, g.id)
+}
+
+#[tokio::test]
+async fn create_then_list_via_bundle() {
+    let (server, gid) = auth_server().await;
+    let body = serde_json::json!({
+        "groupId": gid,
+        "name": "Router",
+        "iconKind": "asset",
+        "iconValue": "router.png",
+        "links": { "shangHai": "http://10.0.0.1" },
+        "tagSlugs": []
+    });
+    let res = server.post("/api/items").json(&body).await;
+    res.assert_status(axum::http::StatusCode::CREATED);
+    let v: serde_json::Value = res.json();
+    let id = v["id"].as_i64().unwrap();
+    assert_eq!(v["name"], "Router");
+
+    let bundle: serde_json::Value = server.get("/api/nav").await.json();
+    let item = bundle["items"].as_array().unwrap().iter().find(|i| i["id"].as_i64() == Some(id)).unwrap();
+    assert_eq!(item["links"]["shangHai"], "http://10.0.0.1");
+}
+
+#[tokio::test]
+async fn patch_changes_name() {
+    let (server, gid) = auth_server().await;
+    let id = server.post("/api/items").json(&serde_json::json!({
+        "groupId": gid, "name": "old", "iconKind":"asset", "iconValue":"x.png"
+    })).await.json::<serde_json::Value>()["id"].as_i64().unwrap();
+
+    let res = server.patch(&format!("/api/items/{id}"))
+        .json(&serde_json::json!({ "name": "new" })).await;
+    res.assert_status_ok();
+    let v: serde_json::Value = res.json();
+    assert_eq!(v["name"], "new");
+}
+
+#[tokio::test]
+async fn delete_removes_item() {
+    let (server, gid) = auth_server().await;
+    let id = server.post("/api/items").json(&serde_json::json!({
+        "groupId": gid, "name": "x", "iconKind":"asset", "iconValue":"x.png"
+    })).await.json::<serde_json::Value>()["id"].as_i64().unwrap();
+    server.delete(&format!("/api/items/{id}")).await.assert_status(axum::http::StatusCode::NO_CONTENT);
+
+    let bundle: serde_json::Value = server.get("/api/nav").await.json();
+    assert!(bundle["items"].as_array().unwrap().iter().all(|i| i["id"].as_i64() != Some(id)));
+}
+
+#[tokio::test]
+async fn unauthed_returns_401() {
+    let pool = connect_in_memory().await.unwrap();
+    let nav: Arc<dyn NavRepo> = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    let state = AppState::new(nav, cfg, std::env::temp_dir());
+    let app = build_app(state, session_layer(pool, false));
+    let server = TestServer::new(app).unwrap();
+    server.post("/api/items").json(&serde_json::json!({
+        "name":"x","iconKind":"asset","iconValue":"x.png"
+    })).await.assert_status(axum::http::StatusCode::UNAUTHORIZED);
+}
+```
+
+- [ ] **Step 2: Implement handlers**
+
+```rust
+// server/src/routes/items.rs
+use axum::{extract::{Path, State}, http::StatusCode, routing::{delete, patch, post}, Json, Router};
+
+use crate::auth::RequireAuth;
+use crate::dto::{Item, ItemPatch, ItemPayload, ReorderEntry};
+use crate::error::Result;
+use crate::state::AppState;
+
+pub fn router() -> Router<AppState> {
+    Router::new()
+        .route("/items",          post(create))
+        .route("/items/reorder",  post(reorder))
+        .route("/items/:id",      patch(update).delete(remove))
+}
+
+async fn create(_auth: RequireAuth, State(s): State<AppState>, Json(body): Json<ItemPayload>) -> Result<(StatusCode, Json<Item>)> {
+    let item = s.nav.create_item(body).await?;
+    Ok((StatusCode::CREATED, Json(item)))
+}
+
+async fn update(_auth: RequireAuth, State(s): State<AppState>, Path(id): Path<i64>, Json(body): Json<ItemPatch>) -> Result<Json<Item>> {
+    Ok(Json(s.nav.patch_item(id, body).await?))
+}
+
+async fn remove(_auth: RequireAuth, State(s): State<AppState>, Path(id): Path<i64>) -> Result<StatusCode> {
+    s.nav.delete_item(id).await?;
+    Ok(StatusCode::NO_CONTENT)
+}
+
+async fn reorder(_auth: RequireAuth, State(s): State<AppState>, Json(entries): Json<Vec<ReorderEntry>>) -> Result<StatusCode> {
+    s.nav.reorder_items(entries).await?;
+    Ok(StatusCode::NO_CONTENT)
+}
+```
+
+- [ ] **Step 3: Mount**
+
+```rust
+// server/src/routes/mod.rs (replace)
+use axum::Router;
+
+pub mod auth;
+pub mod config;
+pub mod health;
+pub mod items;
+pub mod nav;
+
+use crate::state::AppState;
+
+pub fn api(state: AppState) -> Router {
+    Router::new()
+        .nest("/api", Router::new()
+            .merge(health::router())
+            .merge(nav::router())
+            .merge(auth::router())
+            .merge(config::router())
+            .merge(items::router()))
+        .with_state(state)
+}
+```
+
+- [ ] **Step 4: Run**
+
+```bash
+cd server
+cargo test --test api_items
+cd ..
+```
+
+Expected: 4 PASS.
+
+- [ ] **Step 5: Commit**
+
+```bash
+git add server/src/routes server/tests/api_items.rs
+git commit -m "feat(server): /api/items CRUD + reorder behind RequireAuth"
+```
+
+### Task 28: groups, sites, tags CRUD endpoints
+
+**Files:**
+- Create: `server/src/routes/groups.rs`, `server/src/routes/sites.rs`, `server/src/routes/tags.rs`
+- Modify: `server/src/routes/mod.rs`
+- Create: `server/tests/api_groups_sites_tags.rs`
+
+- [ ] **Step 1: groups.rs**
+
+```rust
+// server/src/routes/groups.rs
+use axum::{extract::{Path, State}, http::StatusCode, routing::{patch, post}, Json, Router};
+
+use crate::auth::RequireAuth;
+use crate::dto::{Group, GroupPatch, GroupPayload, ReorderEntry};
+use crate::error::Result;
+use crate::state::AppState;
+
+pub fn router() -> Router<AppState> {
+    Router::new()
+        .route("/groups",         post(create))
+        .route("/groups/reorder", post(reorder))
+        .route("/groups/:id",     patch(update).delete(remove))
+}
+
+async fn create(_a: RequireAuth, State(s): State<AppState>, Json(body): Json<GroupPayload>) -> Result<(StatusCode, Json<Group>)> {
+    Ok((StatusCode::CREATED, Json(s.nav.create_group(body).await?)))
+}
+async fn update(_a: RequireAuth, State(s): State<AppState>, Path(id): Path<i64>, Json(body): Json<GroupPatch>) -> Result<Json<Group>> {
+    Ok(Json(s.nav.patch_group(id, body).await?))
+}
+async fn remove(_a: RequireAuth, State(s): State<AppState>, Path(id): Path<i64>) -> Result<StatusCode> {
+    s.nav.delete_group(id).await?; Ok(StatusCode::NO_CONTENT)
+}
+async fn reorder(_a: RequireAuth, State(s): State<AppState>, Json(entries): Json<Vec<ReorderEntry>>) -> Result<StatusCode> {
+    s.nav.reorder_groups(entries).await?; Ok(StatusCode::NO_CONTENT)
+}
+```
+
+- [ ] **Step 2: sites.rs**
+
+```rust
+// server/src/routes/sites.rs
+use axum::{extract::{Path, State}, http::StatusCode, routing::{patch, post}, Json, Router};
+
+use crate::auth::RequireAuth;
+use crate::dto::{ReorderEntry, Site, SitePatch, SitePayload};
+use crate::error::Result;
+use crate::state::AppState;
+
+pub fn router() -> Router<AppState> {
+    Router::new()
+        .route("/sites",         post(create))
+        .route("/sites/reorder", post(reorder))
+        .route("/sites/:id",     patch(update).delete(remove))
+}
+
+async fn create(_a: RequireAuth, State(s): State<AppState>, Json(body): Json<SitePayload>) -> Result<(StatusCode, Json<Site>)> {
+    Ok((StatusCode::CREATED, Json(s.nav.create_site(body).await?)))
+}
+async fn update(_a: RequireAuth, State(s): State<AppState>, Path(id): Path<i64>, Json(body): Json<SitePatch>) -> Result<Json<Site>> {
+    Ok(Json(s.nav.patch_site(id, body).await?))
+}
+async fn remove(_a: RequireAuth, State(s): State<AppState>, Path(id): Path<i64>) -> Result<StatusCode> {
+    s.nav.delete_site(id).await?; Ok(StatusCode::NO_CONTENT)
+}
+async fn reorder(_a: RequireAuth, State(s): State<AppState>, Json(entries): Json<Vec<ReorderEntry>>) -> Result<StatusCode> {
+    s.nav.reorder_sites(entries).await?; Ok(StatusCode::NO_CONTENT)
+}
+```
+
+- [ ] **Step 3: tags.rs**
+
+```rust
+// server/src/routes/tags.rs
+use axum::{extract::{Path, State}, http::StatusCode, routing::{patch, post}, Json, Router};
+
+use crate::auth::RequireAuth;
+use crate::dto::{Tag, TagPatch, TagPayload};
+use crate::error::Result;
+use crate::state::AppState;
+
+pub fn router() -> Router<AppState> {
+    Router::new()
+        .route("/tags",      post(create))
+        .route("/tags/:id",  patch(update).delete(remove))
+}
+
+async fn create(_a: RequireAuth, State(s): State<AppState>, Json(body): Json<TagPayload>) -> Result<(StatusCode, Json<Tag>)> {
+    Ok((StatusCode::CREATED, Json(s.nav.create_tag(body).await?)))
+}
+async fn update(_a: RequireAuth, State(s): State<AppState>, Path(id): Path<i64>, Json(body): Json<TagPatch>) -> Result<Json<Tag>> {
+    Ok(Json(s.nav.patch_tag(id, body).await?))
+}
+async fn remove(_a: RequireAuth, State(s): State<AppState>, Path(id): Path<i64>) -> Result<StatusCode> {
+    s.nav.delete_tag(id).await?; Ok(StatusCode::NO_CONTENT)
+}
+```
+
+- [ ] **Step 4: Mount**
+
+```rust
+// server/src/routes/mod.rs (replace)
+use axum::Router;
+
+pub mod auth;
+pub mod config;
+pub mod groups;
+pub mod health;
+pub mod items;
+pub mod nav;
+pub mod sites;
+pub mod tags;
+
+use crate::state::AppState;
+
+pub fn api(state: AppState) -> Router {
+    Router::new()
+        .nest("/api", Router::new()
+            .merge(health::router())
+            .merge(nav::router())
+            .merge(auth::router())
+            .merge(config::router())
+            .merge(items::router())
+            .merge(groups::router())
+            .merge(sites::router())
+            .merge(tags::router()))
+        .with_state(state)
+}
+```
+
+- [ ] **Step 5: Smoke-test**
+
+```rust
+// server/tests/api_groups_sites_tags.rs
+use axum_test::TestServer;
+use navsrv::app::build_app;
+use navsrv::auth::{password, session::layer as session_layer};
+use navsrv::db::connect_in_memory;
+use navsrv::repo::{ConfigRepo, SqlxConfigRepo, SqlxNavRepo};
+use navsrv::state::AppState;
+use std::sync::Arc;
+
+async fn boot() -> TestServer {
+    let pool = connect_in_memory().await.unwrap();
+    let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    cfg.upsert("admin_password_hash", &password::hash("pw").unwrap()).await.unwrap();
+    let state = AppState::new(nav, cfg, std::env::temp_dir());
+    let app = build_app(state, session_layer(pool, false));
+    let mut server = TestServer::new(app).unwrap();
+    server.do_save_cookies();
+    server.post("/api/auth/login").json(&serde_json::json!({"password":"pw"})).await.assert_status_success();
+    server
+}
+
+#[tokio::test]
+async fn group_lifecycle() {
+    let server = boot().await;
+    let g: serde_json::Value = server.post("/api/groups").json(&serde_json::json!({
+        "slug":"net","name":"Network"
+    })).await.json();
+    let id = g["id"].as_i64().unwrap();
+    server.patch(&format!("/api/groups/{id}")).json(&serde_json::json!({"name":"NET"})).await.assert_status_ok();
+    server.delete(&format!("/api/groups/{id}")).await.assert_status(axum::http::StatusCode::NO_CONTENT);
+}
+
+#[tokio::test]
+async fn site_lifecycle() {
+    let server = boot().await;
+    let s: serde_json::Value = server.post("/api/sites").json(&serde_json::json!({
+        "value":"sh","name":"Shanghai"
+    })).await.json();
+    let id = s["id"].as_i64().unwrap();
+    server.patch(&format!("/api/sites/{id}")).json(&serde_json::json!({"name":"SH"})).await.assert_status_ok();
+    server.delete(&format!("/api/sites/{id}")).await.assert_status(axum::http::StatusCode::NO_CONTENT);
+}
+
+#[tokio::test]
+async fn tag_lifecycle() {
+    let server = boot().await;
+    let t: serde_json::Value = server.post("/api/tags").json(&serde_json::json!({
+        "slug":"fav","name":"Favorite"
+    })).await.json();
+    let id = t["id"].as_i64().unwrap();
+    server.patch(&format!("/api/tags/{id}")).json(&serde_json::json!({"name":"⭐"})).await.assert_status_ok();
+    server.delete(&format!("/api/tags/{id}")).await.assert_status(axum::http::StatusCode::NO_CONTENT);
+}
+```
+
+- [ ] **Step 6: Run**
+
+```bash
+cd server
+cargo test --test api_groups_sites_tags
+cd ..
+```
+
+Expected: 3 PASS.
+
+- [ ] **Step 7: Commit**
+
+```bash
+git add server/src/routes server/tests/api_groups_sites_tags.rs
+git commit -m "feat(server): groups/sites/tags CRUD endpoints"
+```
+
+### Task 29: Icon upload endpoint (multipart)
+
+**Files:**
+- Create: `server/src/routes/icons.rs`
+- Modify: `server/src/routes/mod.rs`
+- Create: `server/tests/api_icons.rs`
+
+- [ ] **Step 1: Implement**
+
+```rust
+// server/src/routes/icons.rs
+use axum::{
+    extract::{Multipart, State},
+    http::StatusCode,
+    routing::post,
+    Json, Router,
+};
+use rand::distributions::{Alphanumeric, DistString};
+use serde_json::{json, Value};
+
+use crate::auth::RequireAuth;
+use crate::error::{AppError, Result};
+use crate::state::AppState;
+
+pub fn router() -> Router<AppState> {
+    Router::new().route("/icons/upload", post(upload))
+}
+
+async fn upload(
+    _auth: RequireAuth,
+    State(s): State<AppState>,
+    mut form: Multipart,
+) -> Result<(StatusCode, Json<Value>)> {
+    let icons_dir = s.data_dir.join("icons");
+    std::fs::create_dir_all(&icons_dir)?;
+
+    while let Some(field) = form.next_field().await
+        .map_err(|e| AppError::Validation(format!("multipart: {e}")))?
+    {
+        if field.name() != Some("file") { continue; }
+        let filename = field.file_name().map(str::to_owned).unwrap_or_else(|| "icon".into());
+        let ext = std::path::Path::new(&filename).extension()
+            .and_then(|s| s.to_str()).unwrap_or("png").to_lowercase();
+        if !matches!(ext.as_str(), "png"|"jpg"|"jpeg"|"webp"|"svg"|"gif") {
+            return Err(AppError::Validation("unsupported icon type".into()));
+        }
+        let mime = field.content_type().map(str::to_owned);
+        let data = field.bytes().await
+            .map_err(|e| AppError::Validation(format!("multipart read: {e}")))?;
+        if data.len() > 1024 * 1024 {
+            return Err(AppError::Validation("icon larger than 1MiB".into()));
+        }
+        let nonce = Alphanumeric.sample_string(&mut rand::thread_rng(), 8);
+        let stored = format!("{nonce}.{ext}");
+        let path = icons_dir.join(&stored);
+        std::fs::write(&path, &data)?;
+        let public_path = format!("/icons/{stored}");
+        return Ok((StatusCode::CREATED, Json(json!({
+            "path": public_path,
+            "size": data.len(),
+            "mime": mime
+        }))));
+    }
+    Err(AppError::Validation("no `file` field".into()))
+}
+```
+
+- [ ] **Step 2: Mount + test**
+
+```rust
+// server/src/routes/mod.rs add `pub mod icons;` and `.merge(icons::router())`
+```
+
+```rust
+// server/tests/api_icons.rs
+use axum_test::TestServer;
+use navsrv::app::build_app;
+use navsrv::auth::{password, session::layer as session_layer};
+use navsrv::db::connect_in_memory;
+use navsrv::repo::{ConfigRepo, SqlxConfigRepo, SqlxNavRepo};
+use navsrv::state::AppState;
+use std::sync::Arc;
+
+#[tokio::test]
+async fn upload_writes_file_under_data_dir_icons() {
+    let pool = connect_in_memory().await.unwrap();
+    let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    cfg.upsert("admin_password_hash", &password::hash("pw").unwrap()).await.unwrap();
+    let dir = tempfile::TempDir::new().unwrap();
+    let state = AppState::new(nav, cfg, dir.path().to_path_buf());
+    let app = build_app(state, session_layer(pool, false));
+    let mut server = TestServer::new(app).unwrap();
+    server.do_save_cookies();
+    server.post("/api/auth/login").json(&serde_json::json!({"password":"pw"})).await.assert_status_success();
+
+    let res = server.post("/api/icons/upload")
+        .multipart(axum_test::multipart::MultipartForm::new()
+            .add_part(
+                "file",
+                axum_test::multipart::Part::bytes(b"\x89PNG\r\n\x1a\n".to_vec())
+                    .file_name("hello.png")
+                    .mime_type("image/png"),
+            )).await;
+    res.assert_status(axum::http::StatusCode::CREATED);
+    let body: serde_json::Value = res.json();
+    let path = body["path"].as_str().unwrap();
+    assert!(path.starts_with("/icons/"));
+    assert!(dir.path().join("icons").join(path.trim_start_matches("/icons/")).exists());
+}
+```
+
+- [ ] **Step 3: Run**
+
+```bash
+cd server
+cargo test --test api_icons
+cd ..
+```
+
+Expected: PASS.
+
+- [ ] **Step 4: Commit**
+
+```bash
+git add server/src/routes server/tests/api_icons.rs
+git commit -m "feat(server): /api/icons/upload (multipart, ≤1MiB, ext-allow-list)"
+```
+
+### Task 30: Favicon proxy with cache
+
+**Files:**
+- Create: `server/src/services/favicon.rs`
+- Create: `server/src/routes/favicon.rs`
+- Modify: `server/src/services/mod.rs`, `server/src/routes/mod.rs`, `server/src/state.rs`
+
+- [ ] **Step 1: Service**
+
+```rust
+// server/src/services/favicon.rs
+use crate::error::{AppError, Result};
+use bytes::Bytes;
+use std::path::{Path, PathBuf};
+use std::time::{Duration, SystemTime};
+
+const TTL: Duration = Duration::from_secs(7 * 24 * 3600); // 7 days
+const MAX_BYTES: u64 = 256 * 1024;                        // 256 KiB
+
+pub struct FaviconService { cache_dir: PathBuf, http: reqwest::Client }
+
+impl FaviconService {
+    pub fn new(cache_dir: PathBuf) -> Self {
+        std::fs::create_dir_all(&cache_dir).ok();
+        let http = reqwest::Client::builder()
+            .timeout(Duration::from_secs(5))
+            .user_agent("navsrv-favicon/0.1")
+            .build().expect("http client");
+        Self { cache_dir, http }
+    }
+
+    pub async fn fetch(&self, host: &str) -> Result<(String, Bytes)> {
+        if !is_safe_host(host) {
+            return Err(AppError::Validation("bad host".into()));
+        }
+        let cached = self.cache_dir.join(host);
+        if let Ok(meta) = std::fs::metadata(&cached) {
+            if let Ok(age) = SystemTime::now().duration_since(meta.modified()?) {
+                if age < TTL {
+                    let bytes = Bytes::from(std::fs::read(&cached)?);
+                    return Ok(("image/png".into(), bytes));
+                }
+            }
+        }
+        let url = format!("https://www.google.com/s2/favicons?domain={host}&sz=64");
+        let resp = self.http.get(&url).send().await
+            .map_err(|e| AppError::Other(anyhow::anyhow!(e)))?;
+        if !resp.status().is_success() {
+            return Err(AppError::NotFound);
+        }
+        let bytes = resp.bytes().await
+            .map_err(|e| AppError::Other(anyhow::anyhow!(e)))?;
+        if bytes.len() as u64 > MAX_BYTES {
+            return Err(AppError::Validation("favicon too large".into()));
+        }
+        std::fs::write(&cached, &bytes)?;
+        Ok(("image/png".into(), bytes))
+    }
+}
+
+fn is_safe_host(host: &str) -> bool {
+    !host.is_empty()
+        && host.len() <= 253
+        && host.chars().all(|c| c.is_ascii_alphanumeric() || c == '.' || c == '-')
+}
+
+pub fn cache_dir(data_dir: &Path) -> PathBuf { data_dir.join("icons").join("_cache") }
+```
+
+- [ ] **Step 2: Route**
+
+```rust
+// server/src/routes/favicon.rs
+use axum::{
+    extract::{Query, State},
+    http::{header, HeaderMap, HeaderValue},
+    response::IntoResponse,
+    routing::get,
+    Router,
+};
+use serde::Deserialize;
+
+use crate::error::Result;
+use crate::services::favicon::FaviconService;
+use crate::state::AppState;
+use std::sync::Arc;
+
+pub fn router() -> Router<AppState> {
+    Router::new().route("/favicon", get(favicon))
+}
+
+#[derive(Deserialize)]
+struct Q { host: String }
+
+async fn favicon(State(s): State<AppState>, Query(q): Query<Q>) -> Result<impl IntoResponse> {
+    let svc: &Arc<FaviconService> = &s.favicon;
+    let (mime, bytes) = svc.fetch(&q.host).await?;
+    let mut h = HeaderMap::new();
+    h.insert(header::CONTENT_TYPE, HeaderValue::from_str(&mime).unwrap());
+    h.insert(header::CACHE_CONTROL, HeaderValue::from_static("public, max-age=86400"));
+    Ok((h, bytes))
+}
+```
+
+- [ ] **Step 3: Add `favicon` to `AppState`**
+
+```rust
+// server/src/state.rs
+use crate::repo::{ConfigRepo, NavRepo};
+use crate::services::favicon::FaviconService;
+use std::path::PathBuf;
+use std::sync::Arc;
+
+#[derive(Clone)]
+pub struct AppState {
+    pub nav: Arc<dyn NavRepo>,
+    pub config: Arc<dyn ConfigRepo>,
+    pub data_dir: PathBuf,
+    pub favicon: Arc<FaviconService>,
+}
+
+impl AppState {
+    pub fn new(
+        nav: Arc<dyn NavRepo>,
+        config: Arc<dyn ConfigRepo>,
+        data_dir: PathBuf,
+    ) -> Self {
+        let favicon = Arc::new(FaviconService::new(
+            crate::services::favicon::cache_dir(&data_dir),
+        ));
+        Self { nav, config, data_dir, favicon }
+    }
+}
+```
+
+- [ ] **Step 4: Mount + re-export**
+
+```rust
+// server/src/services/mod.rs
+pub mod bootstrap;
+pub mod bundle;
+pub mod favicon;
+```
+
+```rust
+// server/src/routes/mod.rs (add `pub mod favicon;` and `.merge(favicon::router())`)
+```
+
+- [ ] **Step 5: Compile-check (no network test — would be flaky)**
+
+```bash
+cd server
+cargo check
+cd ..
+```
+
+Expected: clean.
+
+- [ ] **Step 6: Commit**
+
+```bash
+git add server/src/services server/src/routes server/src/state.rs
+git commit -m "feat(server): /api/favicon proxy with 7d disk cache (size+host guarded)"
+```
+
+---
+
+## Phase 6: Static Frontend Hosting + Bootstrap Seed (Tasks 31–33)
+
+Goal: serve the SPA build, plus seed the DB from a `bootstrap.json` produced by the frontend pipeline. End state: `cargo run` produces a working app at `:8080` for the frontend (built later) to consume; first boot pre-populates the spec's default groups + items.
+
+### Task 31: `ServeDir` + SPA fallback
+
+**Files:**
+- Modify: `server/src/app.rs`, `server/src/main.rs`
+
+- [ ] **Step 1: Add static file mount**
+
+```rust
+// server/src/app.rs (replace)
+use axum::http::{header, HeaderValue, Request};
+use axum::response::IntoResponse;
+use axum::Router;
+use std::path::PathBuf;
+use tower_http::compression::CompressionLayer;
+use tower_http::services::{ServeDir, ServeFile};
+use tower_http::set_header::SetResponseHeaderLayer;
+use tower_http::trace::{DefaultOnResponse, TraceLayer};
+use tower_sessions::SessionManagerLayer;
+use tower_sessions_sqlx_store::SqliteStore;
+use tracing::Level;
+
+use crate::routes;
+use crate::state::AppState;
+
+pub fn build_app(
+    state: AppState,
+    session_layer: SessionManagerLayer<SqliteStore>,
+    static_dir: PathBuf,
+) -> Router {
+    let trace = TraceLayer::new_for_http()
+        .make_span_with(|req: &Request<_>| {
+            let method = req.method();
+            let uri = req.uri().path();
+            tracing::info_span!("http", %method, %uri)
+        })
+        .on_response(DefaultOnResponse::new().level(Level::INFO));
+
+    let index_html = static_dir.join("index.html");
+    let serve_dir = ServeDir::new(static_dir.clone()).fallback(ServeFile::new(index_html));
+
+    Router::new()
+        .merge(routes::api(state.clone()))
+        .with_state(state)
+        .nest_service("/icons", ServeDir::new(static_dir.parent().map(|p| p.join("data/icons")).unwrap_or_else(|| PathBuf::from("./data/icons"))))
+        .fallback_service(serve_dir)
+        .layer(session_layer)
+        .layer(trace)
+        .layer(CompressionLayer::new())
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::X_CONTENT_TYPE_OPTIONS,
+            HeaderValue::from_static("nosniff"),
+        ))
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::REFERRER_POLICY,
+            HeaderValue::from_static("same-origin"),
+        ))
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::X_FRAME_OPTIONS,
+            HeaderValue::from_static("DENY"),
+        ))
+}
+
+pub async fn build_app_for_tests() -> anyhow::Result<Router> {
+    use crate::auth::session::layer as session_layer;
+    use crate::db::connect_in_memory;
+    use crate::repo::{SqlxConfigRepo, SqlxNavRepo};
+    use std::sync::Arc;
+    let pool = connect_in_memory().await?;
+    let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    let dir = std::env::temp_dir();
+    let state = AppState::new(nav, cfg, dir.clone());
+    Ok(build_app(state, session_layer(pool, false), dir))
+}
+```
+
+> Note: `/icons` serves the user-uploaded files from `data_dir/icons`, while `static_dir/icons` (frontend bundled icons) is served by the SPA `ServeDir` fallback. Frontend chooses the URL per `iconKind`.
+
+- [ ] **Step 2: Pass `static_dir` from `main.rs`**
+
+```rust
+// server/src/main.rs (in main fn, replace build_app call)
+let app = build_app(
+    state,
+    session_layer(pool.clone(), settings.secure_cookies),
+    settings.static_dir.clone(),
+);
+```
+
+- [ ] **Step 3: Smoke-test SPA fallback**
+
+Add `server/tests/spa_fallback.rs`:
+
+```rust
+use axum_test::TestServer;
+use navsrv::app::build_app;
+use navsrv::auth::session::layer as session_layer;
+use navsrv::db::connect_in_memory;
+use navsrv::repo::{SqlxConfigRepo, SqlxNavRepo};
+use navsrv::state::AppState;
+use std::sync::Arc;
+use tempfile::TempDir;
+
+#[tokio::test]
+async fn unknown_path_falls_back_to_index_html() {
+    let dir = TempDir::new().unwrap();
+    std::fs::write(dir.path().join("index.html"), "<html><body>SPA</body></html>").unwrap();
+
+    let pool = connect_in_memory().await.unwrap();
+    let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    let state = AppState::new(nav, cfg, dir.path().to_path_buf());
+
+    let app = build_app(state, session_layer(pool, false), dir.path().to_path_buf());
+    let server = TestServer::new(app).unwrap();
+    let res = server.get("/some/spa/route").await;
+    res.assert_status_ok();
+    assert!(res.text().contains("SPA"));
+}
+```
+
+- [ ] **Step 4: Run**
+
+```bash
+cd server
+cargo test --test spa_fallback
+cd ..
+```
+
+Expected: PASS.
+
+- [ ] **Step 5: Commit**
+
+```bash
+git add server/src/app.rs server/src/main.rs server/tests/spa_fallback.rs
+git commit -m "feat(server): ServeDir + SPA fallback; user icons served from /icons"
+```
+
+### Task 32: `bootstrap.json` seed (build.rs + MigrationService)
+
+**Files:**
+- Create: `server/build.rs`
+- Create: `server/bootstrap.json` (placeholder for tests; real one comes from frontend stage in Plan 5)
+- Create: `server/src/services/migration.rs`
+- Modify: `server/src/services/mod.rs`, `server/src/main.rs`
+- Create: `server/tests/seed.rs`
+
+- [ ] **Step 1: Write a placeholder `bootstrap.json` schema**
+
+```json
+{
+  "schemaVersion": 1,
+  "meta": {
+    "siteName": "Navigation",
+    "siteAvatarPath": "/avatar.png",
+    "siteCopyright": "Copyright © 2026 — All rights reserved.",
+    "siteIcp":  null,
+    "sitePolice": null,
+    "defaultTheme": "system"
+  },
+  "sites": [
+    { "value": "shangHai", "name": "上海", "name_i18n": { "en": "Shanghai" }, "is_default": true,  "sort_order": 0 },
+    { "value": "beiJing",  "name": "北京", "name_i18n": { "en": "Beijing"  }, "is_default": false, "sort_order": 1 }
+  ],
+  "groups": [
+    { "slug": "network", "name": "网络", "name_i18n": { "en": "Network" }, "sort_order": 0 },
+    { "slug": "media",   "name": "媒体", "name_i18n": { "en": "Media"   }, "sort_order": 1 },
+    { "slug": "nas",     "name": "NAS",  "name_i18n": { "en": "NAS"     }, "sort_order": 2 },
+    { "slug": "tools",   "name": "工具", "name_i18n": { "en": "Tools"   }, "sort_order": 3 }
+  ],
+  "tags": [],
+  "items": []
+}
+```
+
+(Real item list is produced by `scripts/dump-bootstrap.mjs` in Plan 5; this placeholder unblocks `cargo build`.)
+
+- [ ] **Step 2: `build.rs` to surface bootstrap to compile**
+
+```rust
+// server/build.rs
+fn main() {
+    println!("cargo:rerun-if-changed=bootstrap.json");
+}
+```
+
+- [ ] **Step 3: Migration service**
+
+```rust
+// server/src/services/migration.rs
+use crate::dto::*;
+use crate::error::{AppError, Result};
+use crate::repo::{ConfigRepo, NavRepo};
+use serde::Deserialize;
+use std::sync::Arc;
+
+const BOOTSTRAP_JSON: &str = include_str!("../../bootstrap.json");
+
+#[derive(Deserialize)]
+struct BootstrapDoc {
+    #[serde(rename = "schemaVersion")]
+    _schema_version: i64,
+    meta: BootstrapMeta,
+    sites: Vec<BootstrapSite>,
+    groups: Vec<BootstrapGroup>,
+    tags: Vec<BootstrapTag>,
+    items: Vec<BootstrapItem>,
+}
+
+#[derive(Deserialize)]
+struct BootstrapMeta {
+    #[serde(rename = "siteName")] site_name: String,
+    #[serde(rename = "siteAvatarPath")] site_avatar_path: Option<String>,
+    #[serde(rename = "siteCopyright")] site_copyright: String,
+    #[serde(rename = "siteIcp")] site_icp: Option<Link>,
+    #[serde(rename = "sitePolice")] site_police: Option<Link>,
+    #[serde(rename = "defaultTheme")] default_theme: String,
+}
+
+#[derive(Deserialize)]
+struct BootstrapSite { value: String, name: String, #[serde(default)] name_i18n: Option<serde_json::Value>, #[serde(default)] is_default: bool, #[serde(default)] sort_order: i64 }
+
+#[derive(Deserialize)]
+struct BootstrapGroup { slug: String, name: String, #[serde(default)] name_i18n: Option<serde_json::Value>, #[serde(default)] sort_order: i64, #[serde(default)] collapsed_default: bool }
+
+#[derive(Deserialize)]
+struct BootstrapTag { slug: String, name: String, #[serde(default)] name_i18n: Option<serde_json::Value> }
+
+#[derive(Deserialize)]
+struct BootstrapItem {
+    name: String,
+    #[serde(default)] name_i18n: Option<serde_json::Value>,
+    #[serde(rename = "groupSlug")] group_slug: Option<String>,
+    #[serde(rename = "iconKind")] icon_kind: IconKind,
+    #[serde(rename = "iconValue")] icon_value: String,
+    #[serde(default)] links: std::collections::BTreeMap<String, String>,
+    #[serde(default, rename = "tagSlugs")] tag_slugs: Vec<String>,
+}
+
+pub async fn seed_if_empty(
+    nav: Arc<dyn NavRepo>,
+    config: Arc<dyn ConfigRepo>,
+) -> Result<()> {
+    let (sites, _, items, _) = nav.get_bundle().await?;
+    if !sites.is_empty() || !items.is_empty() {
+        return Ok(());
+    }
+    let doc: BootstrapDoc = serde_json::from_str(BOOTSTRAP_JSON)
+        .map_err(|e| AppError::Other(anyhow::anyhow!(e)))?;
+
+    // Meta → config kv
+    let mut pairs: Vec<(String, String)> = Vec::new();
+    pairs.push(("site_name".into(), doc.meta.site_name));
+    if let Some(p) = doc.meta.site_avatar_path { pairs.push(("site_avatar_path".into(), p)); }
+    pairs.push(("site_copyright".into(), doc.meta.site_copyright));
+    pairs.push(("default_theme".into(), doc.meta.default_theme));
+    if let Some(l) = doc.meta.site_icp { pairs.push(("site_icp_text".into(), l.text)); pairs.push(("site_icp_url".into(), l.url)); }
+    if let Some(l) = doc.meta.site_police { pairs.push(("site_police_text".into(), l.text)); pairs.push(("site_police_url".into(), l.url)); }
+    let pair_refs: Vec<(&str, &str)> = pairs.iter().map(|(k,v)| (k.as_str(), v.as_str())).collect();
+    config.upsert_many(&pair_refs).await?;
+
+    // Sites
+    for s in doc.sites {
+        nav.create_site(SitePayload {
+            value: s.value, name: s.name, name_i18n: s.name_i18n, is_default: s.is_default,
+        }).await?;
+    }
+    // Groups (track id by slug)
+    let mut group_id_by_slug = std::collections::HashMap::new();
+    for g in doc.groups {
+        let created = nav.create_group(GroupPayload {
+            slug: g.slug.clone(), name: g.name, name_i18n: g.name_i18n, collapsed_default: g.collapsed_default,
+        }).await?;
+        group_id_by_slug.insert(g.slug, created.id);
+    }
+    // Tags
+    for t in doc.tags {
+        nav.create_tag(TagPayload { slug: t.slug, name: t.name, name_i18n: t.name_i18n }).await?;
+    }
+    // Items
+    for it in doc.items {
+        let group_id = it.group_slug.and_then(|s| group_id_by_slug.get(&s).copied());
+        nav.create_item(ItemPayload {
+            group_id,
+            name: it.name,
+            name_i18n: it.name_i18n,
+            description: None,
+            description_i18n: None,
+            icon_kind: it.icon_kind,
+            icon_value: it.icon_value,
+            links: it.links,
+            tag_slugs: it.tag_slugs,
+        }).await?;
+    }
+    Ok(())
+}
+```
+
+- [ ] **Step 4: Re-export and call from main**
+
+```rust
+// server/src/services/mod.rs
+pub mod bootstrap;
+pub mod bundle;
+pub mod favicon;
+pub mod migration;
+```
+
+```rust
+// server/src/main.rs (in main fn, after ensure_admin_password call)
+navsrv::services::migration::seed_if_empty(nav.clone() as _, cfg.clone() as _).await?;
+```
+
+- [ ] **Step 5: Test**
+
+```rust
+// server/tests/seed.rs
+use navsrv::db::connect_in_memory;
+use navsrv::repo::{ConfigRepo, NavRepo, SqlxConfigRepo, SqlxNavRepo};
+use navsrv::services::migration::seed_if_empty;
+use std::sync::Arc;
+
+#[tokio::test]
+async fn seed_populates_sites_and_groups() {
+    let pool = connect_in_memory().await.unwrap();
+    let nav: Arc<dyn NavRepo> = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    seed_if_empty(nav.clone(), cfg.clone()).await.unwrap();
+    let (sites, groups, _items, _tags) = nav.get_bundle().await.unwrap();
+    assert!(sites.iter().any(|s| s.value == "shangHai"));
+    assert!(groups.iter().any(|g| g.slug == "network"));
+    assert_eq!(cfg.get("site_name").await.unwrap().as_deref(), Some("Navigation"));
+}
+
+#[tokio::test]
+async fn seed_idempotent() {
+    let pool = connect_in_memory().await.unwrap();
+    let nav: Arc<dyn NavRepo> = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    seed_if_empty(nav.clone(), cfg.clone()).await.unwrap();
+    let count_before = nav.get_bundle().await.unwrap().0.len();
+    seed_if_empty(nav.clone(), cfg.clone()).await.unwrap();
+    let count_after = nav.get_bundle().await.unwrap().0.len();
+    assert_eq!(count_before, count_after);
+}
+```
+
+- [ ] **Step 6: Run**
+
+```bash
+cd server
+cargo test --test seed
+cd ..
+```
+
+Expected: 2 PASS.
+
+- [ ] **Step 7: Commit**
+
+```bash
+git add server/build.rs server/bootstrap.json server/src/services server/src/main.rs server/tests/seed.rs
+git commit -m "feat(server): seed_if_empty migrates bootstrap.json into SQLite"
+```
+
+### Task 33: README + final lint pass
+
+**Files:**
+- Create: `server/README.md`
+- Modify: root `README.md` (add backend section)
+
+- [ ] **Step 1: `server/README.md`**
+
+````markdown
+# navsrv
+
+Rust backend for the navigation site (Plan 1 of 5). Serves the SPA + JSON API at `:8080`.
+
+## Quickstart (dev)
+
+```bash
+cd server
+cp .env.example .env       # edit if needed
+cargo run                  # listens on :8080
+```
+
+On first boot, an admin password is generated and printed. It's also written to
+`./dev-data/INITIAL_PASSWORD.txt`. Log in via the SPA to change it; the file is
+auto-deleted after a successful change.
+
+To start the SPA dev server (port 5173) talking to this backend:
+
+```bash
+cd ../web
+pnpm dev
+# /api/* is proxied to localhost:8080 by web/vite.config.ts
+```
+
+## Configuration (env)
+
+| Var                       | Default               | Notes                                  |
+|---------------------------|-----------------------|----------------------------------------|
+| `PORT`                    | `8080`                |                                        |
+| `DATA_DIR`                | `./dev-data`          | SQLite DB + uploads + INITIAL_PASSWORD |
+| `STATIC_DIR`              | `../web/build`        | SvelteKit `pnpm build` output          |
+| `BOOTSTRAP_ADMIN_PASSWORD`| (unset)               | First boot only; else random+file      |
+| `SECURE_COOKIES`          | `false`               | Set `true` behind HTTPS                |
+| `RUST_LOG`                | `info,sqlx=warn,...`  | tracing-subscriber filter              |
+
+## CLI
+
+```
+navsrv reset-password [--password <new>]   # invalidates all sessions; deletes INITIAL_PASSWORD.txt
+```
+
+## Tests
+
+```bash
+cargo test
+cargo clippy --all-targets -- -D warnings
+cargo fmt --check
+```
+````
+
+- [ ] **Step 2: Append to root README** (just a pointer)
+
+Insert before the existing `## Pre-install` section:
+
+```markdown
+## Project layout
+
+- `web/` — SvelteKit SPA (`pnpm dev` / `pnpm build`)
+- `server/` — Rust backend (`cargo run`); see `server/README.md`
+- `docs/superpowers/` — design specs and implementation plans
+
+The production deploy is a single Docker image bundling both (Plan 5).
+```
+
+- [ ] **Step 3: Final lint pass**
+
+```bash
+cd server
+cargo fmt
+cargo clippy --all-targets -- -D warnings
+cargo test
+cd ..
+```
+
+Expected:
+- `fmt` makes no changes (or only stable cosmetic ones)
+- `clippy` is clean
+- All tests pass
+
+- [ ] **Step 4: Commit**
+
+```bash
+git add server/README.md README.md
+git commit -m "docs: server README with quickstart + CLI; root README pointers"
+```
+
+---
+
+## Self-Review Summary (filled by writer)
+
+**Spec coverage:**
+
+| Spec section | Where covered |
+|---|---|
+| §2.1 Topology (single process, port 8080) | Task 8, 31 |
+| §2.2 module boundaries | Tasks 6–18 (one module per task) |
+| §3.1 schema 3NF | Task 11 |
+| §3.1 SQLite WAL pragmas | Task 10 |
+| §3.2 API endpoints | Tasks 18, 22, 25, 27–30 |
+| §3.3 NavBundle camelCase | Task 17–18 |
+| §6.1 Bootstrap (env or random + INITIAL_PASSWORD.txt) | Task 20 |
+| §6.2 Session 30d sliding | Task 21 |
+| §6.3 CLI reset-password invalidates sessions | Task 26 |
+| §6.4 rate limit on login | Task 24 |
+| §6.4 security headers | Task 8 |
+| §9.1 seed_if_empty from bootstrap.json | Task 32 |
+| §9.3 web/ + server/ split | Tasks 1–4 |
+
+**Out of scope (in later plans):**
+- Frontend (Plans 2–4)
+- Real `bootstrap.json` produced from existing TS constants — `scripts/dump-bootstrap.mjs` is in Plan 5
+- Dockerfile + CI — Plan 5
+- Playwright e2e — Plan 5
+
+**Type / signature consistency:** verified —
+- `SqlxNavRepo::list_items_full` is `pub(crate)`; only callers are in the same crate (Task 14, 17)
+- `AppState::new` signature evolves twice (Task 16 → Task 25 added `data_dir` → Task 30 added `favicon`); each change updates **every** call site listed in Files
+- `NavRepo` trait is implemented exhaustively before any handler relies on a method
+- `ItemPayload` / `ItemPatch` shape stays stable from Task 12 forward
+
+**Verification gates:** every task ends with at least one `cargo test` invocation. Final task runs `clippy -D warnings` + `fmt --check`.
+
diff --git a/docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md b/docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md
new file mode 100644
index 0000000..209d2ae
--- /dev/null
+++ b/docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md
@@ -0,0 +1,791 @@
+# Navigation Platform — Architecture Redesign (Rust + SvelteKit)
+
+**Date:** 2026-05-19
+**Status:** Draft for review
+**Owner:** Pico
+**Supersedes:** existing static-only nav site (SvelteKit + adapter-static, hard-coded `nav.ts`)
+
+---
+
+## 1. Overview
+
+### 1.1 Goal
+
+将当前纯静态、数据硬编码、单一视觉风格的导航站重构为：**数据驱动 + 在线编辑 + 鉴权 + 全新 design system + i18n + a11y** 的可演进平台。前端继续 SvelteKit（`adapter-static`），后端新增 Rust（Axum + SQLite）单进程统一 serve 静态产物与 API。
+
+### 1.2 Why
+
+| 现状痛点 | 影响 |
+|---|---|
+| 导航项 / 区域 / 站点信息硬编码在 TypeScript 常量 | 改一项需改源码 + 重构建 + 重部署 |
+| 无搜索 / 分组 / 标签 / 收藏 / 主题 | 项目数 ↑ 后体验下降 |
+| 文案中英混排在常量里 | 违反 i18n 原则、不可切换 |
+| `<div on:click>` 充当 button | a11y 不达 WCAG AA |
+| `Record<string, IUrl>` 类型松散 | 新增 site 不会触发编译期错误 |
+| 视觉风格固定（紫蓝渐变 + 圆角 + 抖动 hover） | 个性化能力差 |
+
+### 1.3 Non-Goals (out of scope)
+
+- 多用户 / OAuth / SSO（保持单管理员）
+- 操作日志 / 审计
+- 实时多端同步（SSE / WebSocket）
+- PWA / 离线
+- 健康检查 ping 链接
+- 远端备份（git / S3）—— 用户自行 `rsync /app/data`
+- 邮件密码重置 —— 用 CLI 子命令替代
+- 多产物 build（同一份代码出多个独立站）
+- SSR —— 前端继续 SPA `adapter-static`
+
+### 1.4 Hard Constraints
+
+- 单 Docker 镜像、单进程、单端口（默认 8080）
+- 数据卷 `/app/data` 含 SQLite + 上传图标 + admin hash；删容器不丢数据
+- 不引入 Tailwind / 任何 UI 库 / 任何 i18n 库 —— 自建 design system 与 i18n
+- 不破坏现有 Docker bind mount 用户的 `/app/data`（首次上线一次性迁移）
+- 所有用户可见文案走 i18n
+- 所有交互元素 `<button>`，键盘可达，焦点可见
+- TypeScript 全严格、零 `any`，Rust 全 `#[deny(warnings)]` 编译
+
+---
+
+## 2. Architecture
+
+### 2.1 Topology
+
+```
+┌──────────────────────────────────────────────────────────────┐
+│  Docker container (single process, port 8080)                │
+│                                                              │
+│   ┌──────────────────────────┐    ┌──────────────────────┐   │
+│   │  Axum (Rust)             │    │  SQLite (file)       │   │
+│   │  /            → static   │    │  /app/data/data.db   │   │
+│   │  /assets/*    → static   │◄───┤  ├─ sites           │   │
+│   │  /icons/*     → static   │    │  ├─ groups          │   │
+│   │  /api/nav     read       │    │  ├─ items           │   │
+│   │  /api/items/* CRUD       │    │  ├─ item_links      │   │
+│   │  /api/groups/* CRUD      │    │  ├─ tags            │   │
+│   │  /api/sites/* CRUD       │    │  ├─ item_tags       │   │
+│   │  /api/tags/* CRUD        │    │  ├─ config (kv)     │   │
+│   │  /api/config CRUD        │    │  └─ sessions        │   │
+│   │  /api/auth/{login,...}   │    └──────────────────────┘   │
+│   │  /api/favicon            │                               │
+│   │                          │    /app/data/icons/_cache/    │
+│   │  middleware:             │       (favicon cache blobs)   │
+│   │   ─ tower-sessions       │                               │
+│   │   ─ tower-governor       │                               │
+│   │   ─ tower-http compress  │                               │
+│   │   ─ tracing              │                               │
+│   └──────────────────────────┘                               │
+│                                                              │
+│   /app/static     ← frontend build artifacts (read-only)     │
+│   /app/data       ← writable volume                          │
+└──────────────────────────────────────────────────────────────┘
+```
+
+- **TLS**：容器内 HTTP only。生产部署前置 caddy / traefik / nginx；提供 `docker-compose.yml` sample with caddy
+- **Reverse proxy not required** for basic deploy（容器自己 serve 全部 + http 即可）
+- **No SSR**: SvelteKit `adapter-static` 出 SPA；Axum 用 `tower_http::services::ServeDir` + fallback to `/index.html` 兜底前端路由
+
+### 2.2 Rust crate 模块边界
+
+| 模块 | 职责 | 公共接口 |
+|---|---|---|
+| `app::config` | env / .env 加载（`figment`） | `Settings::load()` |
+| `app::error` | 统一错误 + `IntoResponse` | `AppError`, `Result<T>` |
+| `app::auth` | 密码 / session / 中间件 | `RequireAuth` extractor、`hash_password`, `verify_password` |
+| `app::repo` | 仓储模式 DB 访问 | `NavRepo`, `ConfigRepo`（trait + sqlx 实现） |
+| `app::services` | favicon 抓取 / 迁移 / 密码 | `FaviconService`, `MigrationService` |
+| `app::routes` | HTTP handler，仅做参数解析 + 调 services / repo | `pub fn router(state: AppState) -> Router` |
+| `app::cli` | `reset-password`、`bootstrap-admin` 子命令 | clap-derive subcommand |
+| `app::main` | 入口；启动迁移；构建 router；监听 | `fn main()` |
+
+**关键约束**：
+- handler 不直接写 SQL；所有 DB 通过 `*Repo` trait
+- service 只接 trait（不接具体 struct），便于测试用 mock
+- `AppState { repo: Arc<dyn NavRepo>, config_repo: Arc<dyn ConfigRepo>, favicon: Arc<FaviconService>, settings: Arc<Settings> }`
+
+### 2.3 Frontend / Backend 协议
+
+- 前端开发：vite dev server (port 5173) + proxy `/api/*` → `localhost:8080`
+- 前端生产：build 产出 `/build`，被 Rust binary 嵌入式 serve（`ServeDir("./static")`）
+- 数据契约：所有 API 返回 `application/json`；schema 由 zod (前端) ↔ serde + validator (Rust) 手维护一致；`schemaVersion: 1` 字段贯穿
+- 错误：4xx/5xx 全部 `{ error: string, message?: string, fields?: Record<string,string> }`
+
+---
+
+## 3. Data Model + API Contract
+
+### 3.1 SQLite schema (3NF)
+
+```sql
+-- migrations/0001_init.sql
+
+CREATE TABLE sites (
+  id          INTEGER PRIMARY KEY,
+  value       TEXT    NOT NULL UNIQUE,           -- 'shangHai' (stable id used in URL/store)
+  name        TEXT    NOT NULL,                  -- '上海' (default locale)
+  name_i18n   TEXT,                              -- JSON e.g. {"en":"Shanghai"}
+  sort_order  INTEGER NOT NULL DEFAULT 0,
+  is_default  INTEGER NOT NULL DEFAULT 0
+);
+
+CREATE TABLE groups (
+  id          INTEGER PRIMARY KEY,
+  slug        TEXT    NOT NULL UNIQUE,           -- 'network'
+  name        TEXT    NOT NULL,
+  name_i18n   TEXT,
+  sort_order  INTEGER NOT NULL DEFAULT 0,
+  collapsed_default INTEGER NOT NULL DEFAULT 0   -- 默认是否折叠（前端可被 uiPrefs 覆盖）
+);
+
+CREATE TABLE items (
+  id          INTEGER PRIMARY KEY,
+  group_id    INTEGER REFERENCES groups(id) ON DELETE SET NULL,
+  name        TEXT    NOT NULL,
+  name_i18n   TEXT,
+  description TEXT,                              -- 可选；hover tooltip / search 命中
+  description_i18n TEXT,
+  icon_kind   TEXT    NOT NULL CHECK (icon_kind IN ('asset','url','auto-favicon')),
+  icon_value  TEXT    NOT NULL,                  -- asset 文件名 | https URL | hostname
+  sort_order  INTEGER NOT NULL DEFAULT 0,
+  created_at  INTEGER NOT NULL,
+  updated_at  INTEGER NOT NULL
+);
+
+CREATE TABLE item_links (                        -- item × site → URL
+  item_id     INTEGER NOT NULL REFERENCES items(id) ON DELETE CASCADE,
+  site_id     INTEGER NOT NULL REFERENCES sites(id) ON DELETE CASCADE,
+  url         TEXT    NOT NULL,
+  PRIMARY KEY (item_id, site_id)
+);
+
+CREATE TABLE tags (
+  id          INTEGER PRIMARY KEY,
+  slug        TEXT    NOT NULL UNIQUE,
+  name        TEXT    NOT NULL,
+  name_i18n   TEXT
+);
+
+CREATE TABLE item_tags (
+  item_id INTEGER NOT NULL REFERENCES items(id) ON DELETE CASCADE,
+  tag_id  INTEGER NOT NULL REFERENCES tags(id)  ON DELETE CASCADE,
+  PRIMARY KEY (item_id, tag_id)
+);
+
+CREATE TABLE config (
+  key   TEXT PRIMARY KEY,
+  value TEXT NOT NULL
+);
+-- bootstrap keys:
+-- site_name, site_copyright, site_icp_text, site_icp_url,
+-- site_police_text, site_police_url, site_avatar_path,
+-- admin_password_hash, admin_password_updated_at,
+-- default_theme ('system'|'light'|'dark'), schema_version
+
+CREATE TABLE sessions (                          -- tower-sessions sqlx-store
+  id         TEXT PRIMARY KEY,
+  data       BLOB NOT NULL,
+  expiry_date INTEGER NOT NULL
+);
+
+-- indexes
+CREATE INDEX idx_items_group_sort ON items(group_id, sort_order);
+CREATE INDEX idx_item_links_site  ON item_links(site_id);
+CREATE INDEX idx_item_tags_tag    ON item_tags(tag_id);
+```
+
+**Schema 演进**：sqlx `migrations/NNNN_*.sql`，启动时 `sqlx::migrate!()` 自动跑；版本号写到 `config.schema_version`。
+
+**SQLite 运行模式**：连接 pragma `journal_mode=WAL` + `synchronous=NORMAL` + `foreign_keys=ON` + `busy_timeout=5000`；写并发安全 + 读不阻塞。
+
+### 3.2 API endpoints
+
+| Method | Path | Auth | Body / Query | Response |
+|---|---|---|---|---|
+| `GET`    | `/api/nav` | – | – | `NavBundle`（整包，见 3.3）|
+| `GET`    | `/api/auth/me` | – | – | `{ authenticated: boolean }` |
+| `POST`   | `/api/auth/login` | – | `{ password }` | `204` + `Set-Cookie: __Host-sid=...` |
+| `POST`   | `/api/auth/logout` | session | – | `204` |
+| `POST`   | `/api/items` | session | `ItemPayload` | `201 Item` |
+| `PATCH`  | `/api/items/:id` | session | `Partial<ItemPayload>` | `200 Item` |
+| `DELETE` | `/api/items/:id` | session | – | `204` |
+| `POST`   | `/api/items/reorder` | session | `[{id, sort_order, group_id?}]` | `204` |
+| `POST`   | `/api/groups` | session | `GroupPayload` | `201 Group` |
+| `PATCH`  | `/api/groups/:id` | session | `Partial<GroupPayload>` | `200 Group` |
+| `DELETE` | `/api/groups/:id` | session | – | `204` |
+| `POST`   | `/api/groups/reorder` | session | `[{id, sort_order}]` | `204` |
+| `POST`   | `/api/sites` | session | `SitePayload` | `201 Site` |
+| `PATCH`  | `/api/sites/:id` | session | `Partial<SitePayload>` | `200 Site` |
+| `DELETE` | `/api/sites/:id` | session | – | `204` |
+| `POST`   | `/api/sites/reorder` | session | `[{id, sort_order}]` | `204` |
+| `POST`   | `/api/tags` | session | `TagPayload` | `201 Tag` |
+| `PATCH`  | `/api/tags/:id` | session | `Partial<TagPayload>` | `200 Tag` |
+| `DELETE` | `/api/tags/:id` | session | – | `204` |
+| `PATCH`  | `/api/config` | session | `[{ key, value }]` | `204` |
+| `POST`   | `/api/config/password` | session | `{ current, next }` | `204` |
+| `POST`   | `/api/icons/upload` | session | `multipart/form-data` | `201 { path }` |
+| `GET`    | `/api/favicon` | – | `?host=…` | `image/*` (cached) |
+
+### 3.3 NavBundle TypeScript / Rust 契约（手维护一致）
+
+```ts
+// src/lib/types/nav.ts
+import { z } from 'zod';
+
+export const NavBundleSchema = z.object({
+  schemaVersion: z.literal(1),
+  meta: z.object({
+    siteName: z.string(),
+    siteAvatarPath: z.string().optional(),
+    siteCopyright: z.string(),
+    siteIcp: z.object({ text: z.string(), url: z.string().url() }).nullable(),
+    sitePolice: z.object({ text: z.string(), url: z.string().url() }).nullable(),
+    defaultTheme: z.enum(['system','light','dark']),
+  }),
+  sites:  z.array(SiteSchema),
+  groups: z.array(GroupSchema),
+  items:  z.array(ItemSchema),  // 含 links: Record<siteValue, url> + tagSlugs: string[]
+  tags:   z.array(TagSchema),
+});
+export type NavBundle = z.infer<typeof NavBundleSchema>;
+```
+
+**为什么整包返回**：导航站数据量极小（百级），整包 1 RTT 简化前端缓存语义；写操作走细粒度 endpoint，写完只 patch 本地 store，不重 fetch（除冲突）。
+
+---
+
+## 4. Frontend State + Components
+
+### 4.1 Store layering
+
+```
+              ┌──────────────────────┐
+              │ navDataStore         │   ← async, GET /api/nav, zod-validated
+              │ NavBundle            │
+              └──────────┬───────────┘
+                         │
+       ┌─────────────────┼─────────────────┐
+       ▼                 ▼                 ▼
+ ┌──────────────┐ ┌──────────────┐  ┌──────────────┐
+ │ uiPrefs (LS) │ │ session      │  │ editMode     │
+ │ ─ siteValue  │ │ ─ authed     │  │ ─ on/off     │
+ │ ─ theme      │ │              │  │ ─ dirty: Set │
+ │ ─ favorites  │ │              │  │              │
+ │ ─ locale     │ │              │  │              │
+ │ ─ groupOpen  │ │              │  │              │
+ └──────────────┘ └──────────────┘  └──────────────┘
+
+       ┌────────── derived (pure) ──────────┐
+       ▼                                    ▼
+   visibleSectionsStore              searchHitsStore
+   (current site × searchTerm        (字符串模糊匹配命中)
+    × activeTagSlugs filter,
+    grouped + favorites first)
+```
+
+- `navDataStore`: 远端真理；接口：`load()`, `refetch()`, `applyPatch(itemId, patch)`, `applyReorder(...)`, `applyDelete(id)`...
+- `uiPrefs`: 启动时从 LS hydrate；订阅自动写回；schema 版本号字段允许未来兼容迁移
+- `session`: 启动调一次 `/api/auth/me`；登录后置 true；401 自动置 false
+- `editMode`: 仅 `session.authed === true` 时可置 on
+- 所有 derived 是**纯函数**，不订阅任何 LS / API；测试零 I/O
+
+### 4.2 Component tree
+
+```
++layout.svelte
+├─ <AppShell>                           (新；toast + dialog portal + theme provider)
+├─ <Header>
+│   ├─ <Brand>                          (logo + site name)
+│   ├─ <SearchBar>                      ("/" 聚焦, fuzzy, esc clear)
+│   ├─ <TagFilterChips>
+│   ├─ <SiteSelect>                     (refactor 现有)
+│   ├─ <ThemeToggle>                    (新)
+│   ├─ <LocaleToggle>                   (新)
+│   └─ <AuthControls>
+│        ├─ <LoginButton>               (未登录)
+│        └─ <EditToggle> + <UserMenu>   (已登录)
+├─ <main>
+│   └─ +page.svelte
+│        ├─ <FavoritesSection>          (only if favorites.length > 0)
+│        ├─ <GroupSection>              ✕ N
+│        │    ├─ <GroupHeader>          (折叠 / 重命名 / 排序)
+│        │    └─ <NavGrid>
+│        │         └─ <NavItem>         ✕ M
+│        │              ├─ <NavIcon>    (asset | url | auto-favicon)
+│        │              ├─ <NavLabel>   (双击编辑 in editMode)
+│        │              ├─ <FavoriteStar>
+│        │              └─ <ItemContextMenu>  (editMode only)
+│        ├─ <UngroupedSection>          (group_id IS NULL)
+│        ├─ <NewItemAffordance>         (editMode only; "＋" 卡片)
+│        └─ <SearchEmptyState> | <DataEmptyState>
+├─ <Footer>                             (重做)
+├─ <ToastViewport>                      (aria-live)
+├─ <DialogPortal>
+│    ├─ <LoginDialog>
+│    ├─ <ItemEditDialog>
+│    ├─ <GroupEditDialog>
+│    ├─ <SiteEditDialog>
+│    ├─ <TagEditDialog>
+│    └─ <SiteSettingsDialog>            (站名 / 备案 / avatar / 主题默认)
+```
+
+### 4.3 类型严格
+
+- 所有 props `export let x: T`，禁 `any`
+- store 用 `Writable<T>` / `Readable<T>` 显式泛型
+- `apiClient<TReq, TRes>(method, path, body, resSchema): Promise<TRes>` 强制响应经 zod parse
+- API 返回类型与 Rust serde struct **手维护一致**（小仓库；不引入 ts-rs / openapi）
+
+---
+
+## 5. Edit Mode UX
+
+### 5.1 进入 / 退出
+
+- 未登录 → Header 显示 `<LoginButton>` → 点击 → `<LoginDialog>` → 成功 → `session.authed = true` → 出现 `<EditToggle>` + `<UserMenu>`
+- `<EditToggle>` 按下 → `editMode.on = true` → 整个 nav 区域加 `outline: 2px dashed var(--accent-500)` + 顶部 banner "编辑中"
+- 退出：`<EditToggle>` 再按 / `<UserMenu>` → 退出登录 / Esc / 30 分钟无操作 toggle 自动关（不踢登录态）
+
+### 5.2 操作矩阵
+
+| 操作 | 触发 | 即时反馈 | 后端调用 | 失败处理 |
+|---|---|---|---|---|
+| 重排 nav 项 | 拖拽 ≡ 手柄（`svelte-dnd-action`）| 本地 reorder 立即生效 | `POST /api/items/reorder` (debounce 300ms) | 回滚 + toast.error |
+| 跨分组拖动 | 拖到另一 group container | 同上 | 同上（含 `group_id`） | 同上 |
+| 重命名 item | 双击 `<NavLabel>` → contenteditable | onBlur / Enter 提交 | `PATCH /api/items/:id` | 回滚 + 保留焦点 |
+| 详细编辑 item | 右键菜单 / 长按（移动）→ `<ItemEditDialog>` | 表单完整字段 | `PATCH /api/items/:id` | 表单 inline error |
+| 删除 item | 右键 → "删除" → `<ConfirmToast>`（3s 撤销窗口） | optimistic 隐藏 | `DELETE /api/items/:id` after 3s | 撤销 / toast.error |
+| 新增 item | grid 末尾 `＋` 占位 | 弹 `<ItemEditDialog>` | `POST /api/items` | 表单 inline error |
+| 重命名 group | header `✎` | inline editable | `PATCH /api/groups/:id` | 回滚 |
+| 重排 group | 拖 group header | 本地 reorder | `POST /api/groups/reorder` | 同上 |
+| 新增 group | "+ 新建分组" 按钮 | inline 创建 + 立刻可输入 | `POST /api/groups` | 表单 inline error |
+| 删除 group | header 菜单 → 删除 | 项目落到"未分组" | `DELETE /api/groups/:id` (cascade `SET NULL`) | toast.error |
+| 管理 sites | `<SiteSelect>` 末尾 "管理…" | `<SiteEditDialog>` | site CRUD endpoints | 表单 inline error |
+| 管理 tags | Header tag chip 末尾 "管理…" | `<TagEditDialog>` | tag CRUD endpoints | 表单 inline error |
+| 站点元信息 | `<UserMenu>` → "站点设置" | `<SiteSettingsDialog>`（站名 / 备案 / avatar 上传 / 默认主题） | `PATCH /api/config` + `POST /api/icons/upload` | 表单 inline error |
+| 改密码 | `<UserMenu>` → "修改密码" | dialog | `POST /api/config/password` | 表单 inline error |
+
+### 5.3 一致性 / 失败 / 离线
+
+- 所有写：optimistic update + 失败回滚 + toast；连续 2 次失败自动 `navDataStore.refetch()`
+- 写操作发出前对比 `updated_at`（item / config）做乐观锁，409 冲突时拉新值 + diff 提示
+- `editMode.on` + 任意 dialog 有未保存改动 → `beforeunload` 提示
+- 网络断开：写入队列暂存；恢复后批量 retry；UI 显示 offline banner
+
+---
+
+## 6. Auth + Security + Password Recovery
+
+### 6.1 Bootstrap（safe-by-default）
+
+首次启动按以下优先级解析管理员初始密码（业界做法，参考 GitLab Omnibus / Jenkins / Postgres 镜像）：
+
+1. **env `BOOTSTRAP_ADMIN_PASSWORD` 已设** → bcrypt(cost=12) → 写 `config.admin_password_hash` + `admin_password_updated_at`
+2. **env 未设** → 生成 24 字符 URL-safe 随机密码 → bcrypt 同上 → **同时**：
+   - 在启动日志打印一次（`⚠ INITIAL ADMIN PASSWORD: <pw>`）
+   - 写到 `/app/data/INITIAL_PASSWORD.txt`（mode 0600）
+3. 启动日志统一强提示：`Please change the admin password via UI immediately and then delete /app/data/INITIAL_PASSWORD.txt`
+4. 用户首次通过 UI 修改密码后，后端检测到 `admin_password_updated_at` 变化 → 自动删除 `INITIAL_PASSWORD.txt`
+5. 之后启动 env 与文件均被忽略（hash 已存且已被用户修改过）；密码丢失走 §6.3 CLI 重置
+
+### 6.2 登录流
+
+- `POST /api/auth/login { password }` → `tower-governor` 限 5 次 / 15min / IP → bcrypt verify → 成功签发 session
+- Session: `tower-sessions` + `tower-sessions-sqlx-store`（SQLite 存）
+- Cookie: `__Host-sid`、`HttpOnly`、`Secure`（生产）、`SameSite=Lax`、`Path=/`、TTL 30 天，每次写延期
+- `POST /api/auth/logout` 销毁 session；前端清 `session.authed = false`
+
+### 6.3 密码恢复（CLI 重置）
+
+- 二进制提供子命令：`navsrv reset-password [--password=<new>]`（不传交互式 prompt）
+- 流程：
+  - 用户 `docker exec -it nav-container navsrv reset-password`
+  - 子命令打开同一 SQLite，写入新 bcrypt hash + 更新 `admin_password_updated_at`
+  - 立即吊销所有现有 session（`DELETE FROM sessions`）
+- 文档：README 加"忘记密码"段落
+- 没有 UI 入口；登录页只有 `Forgot password? See README.` 提示
+
+### 6.4 输入校验 / 防护
+
+- Rust：`serde` + `validator`：name ≤ 80 char、url 必须 `http(s)://`、reject `javascript:` / `data:`
+- 前端：表单同等校验 + 提交前 zod parse；后端是真值
+- XSS：Svelte 默认 escape；`<NavIcon>` `src` 限 `/icons/...` 同源 + `https://` 同源校验通过的图源
+- CSRF：SameSite=Lax + 同源 → 不需要显式 token
+- 速率限制：login 5 / 15min；写接口 60 / min / session
+- 安全 header（tower-http）：`X-Content-Type-Options: nosniff`, `Referrer-Policy: same-origin`, `X-Frame-Options: DENY`
+
+---
+
+## 7. Design System (new)
+
+> **Note**: 本节定义**原则 + tokens 框架 + 起点风格**。具体视觉决策（确切色值、字号阶梯、最终 mockup）在 implement 阶段由 frontend-design / ui-ux-pro-max skill 深化；本节锁定的是**词汇与边界**，不是像素。
+
+### 7.1 风格方向（已锁定）
+
+**现代极简（modern minimal）** — 业界对"工具属性产品 + 高频使用"场景的默认选择（Linear / Raycast / Vercel / Stripe Dashboard）：
+
+- 克制中性色（warm neutral 偏向）+ 单一 accent（待 implement 阶段从可选 indigo / violet / teal 中选定）
+- 强信息层级：通过 weight + size + 间距分层，**不**靠装饰
+- 微圆角：6/10/14px 三档；不用 24px 大圆角
+- Subtle shadow：1px border + 极弱 shadow，hover 时 shadow 升级 + 轻微 translateY(-2px)
+- 排版：2-axis scale（size + weight），≤ 5 个字号档位
+- 动效：仅 transition（150–250ms ease-out）；不用 spring / 抖动 / 旋转
+- 暗 / 亮主题双调；`prefers-color-scheme` 自动 + 用户 toggle 覆盖
+- 尊重 `prefers-reduced-motion`
+
+### 7.2 Design tokens（结构）
+
+```scss
+// src/lib/design/tokens.scss
+:root {
+  /* Spacing — 4px base, exponential */
+  --sp-1: 4px;  --sp-2: 8px;  --sp-3: 12px;  --sp-4: 16px;
+  --sp-5: 24px; --sp-6: 32px; --sp-7: 48px;  --sp-8: 64px;
+
+  /* Radius */
+  --rd-sm: 6px; --rd-md: 10px; --rd-lg: 14px; --rd-pill: 999px;
+
+  /* Type */
+  --ft-sans: -apple-system, BlinkMacSystemFont, ...;
+  --ft-mono: ui-monospace, SFMono-Regular, ...;
+  --fs-xs: 12px; --fs-sm: 13px; --fs-md: 15px; --fs-lg: 18px; --fs-xl: 24px;
+  --fw-regular: 400; --fw-medium: 500; --fw-semibold: 600;
+  --lh-tight: 1.2; --lh-base: 1.5; --lh-loose: 1.7;
+
+  /* Color (light) */
+  --c-bg:        #fafaf9;
+  --c-surface:   #ffffff;
+  --c-surface-2: #f4f4f3;
+  --c-border:    #e5e5e3;
+  --c-text:      #1a1a18;
+  --c-text-2:    #5a5a55;
+  --c-text-3:    #8a8a85;
+  --c-accent:    #4f46e5;        /* 单 accent，待最终实现敲定 */
+  --c-accent-bg: #eef2ff;
+  --c-success:   #047857;
+  --c-warn:      #b45309;
+  --c-danger:    #b91c1c;
+
+  /* Shadow */
+  --sh-sm: 0 1px 2px rgba(0,0,0,0.04);
+  --sh-md: 0 4px 12px rgba(0,0,0,0.06);
+  --sh-lg: 0 12px 32px rgba(0,0,0,0.08);
+
+  /* Motion */
+  --tr-fast: 120ms ease-out;
+  --tr-base: 180ms ease-out;
+  --tr-slow: 260ms ease-out;
+}
+
+[data-theme="dark"] {
+  --c-bg:        #0e0e0d;
+  --c-surface:   #18181a;
+  --c-surface-2: #232326;
+  --c-border:    #2c2c30;
+  --c-text:      #f5f5f3;
+  --c-text-2:    #b5b5b0;
+  --c-text-3:    #767672;
+  --c-accent:    #818cf8;
+  --c-accent-bg: #1e1b4b;
+  --sh-sm: 0 1px 2px rgba(0,0,0,0.4);
+  --sh-md: 0 4px 12px rgba(0,0,0,0.45);
+  --sh-lg: 0 12px 32px rgba(0,0,0,0.5);
+}
+
+@media (prefers-reduced-motion: reduce) {
+  :root { --tr-fast: 0ms; --tr-base: 0ms; --tr-slow: 0ms; }
+}
+```
+
+### 7.3 Component primitives
+
+新建 `src/lib/components/ui/`：
+- `Button.svelte` — 三种 intent (primary / secondary / ghost) × 三种 size (sm / md / lg) + icon-only variant
+- `Input.svelte` / `Textarea.svelte` — 含 leading icon、错误态、help text
+- `Dialog.svelte` — focus trap + escape + body scroll lock + portal
+- `Toast.svelte` + `ToastViewport.svelte` — 4 intents、aria-live polite
+- `Menu.svelte` (context menu) — 键盘 navigable
+- `Chip.svelte` — tag filter / status
+- `Switch.svelte` — toggle 切换
+- `Card.svelte` — surface + radius + shadow
+- `IconButton.svelte`
+- `Skeleton.svelte`
+- 全部受 design tokens 驱动
+
+### 7.4 Footer 重做
+
+- 现状：`copyright | ICP 备案 | 公安备案`，三段 grid，断点切列
+- 新设计原则：
+  - 主行：`版权` + 一段 inline 的 ICP / 公安链接（不再要 `divider` 装饰条）
+  - 次行（可选）：`Built with ❤︎ — Source on GitHub` 之类（用户自定义）
+  - 移动端：自动堆叠
+  - 全部内容来自 `config` 表，不再硬编码
+  - i18n：英文 locale 下隐藏中国大陆备案信息，或显示对应英文翻译（用户在 site settings 填）
+
+### 7.5 现有视觉资产处置
+
+- 紫蓝渐变背景 → 保留作为 hero / 头像光晕的可选 accent，不做主背景
+- shark-bounce 动画 → 移除（不符合"现代极简"，且违反 reduced-motion）
+- 圆角 24px 大圆角 → 缩小到 14px (`--rd-lg`)，`box-shadow` 用 `--sh-md`
+- nav-item 重投影 → 替换为 1px border + subtle shadow + accent ring on focus / hover
+- 抖动 hover → 替换为 `transform: translateY(-2px)` + shadow upgrade
+
+---
+
+## 8. i18n + a11y + Type Safety + Errors
+
+### 8.1 i18n（前端，自实现 ~150 行）
+
+- 文件：`src/lib/i18n/{en.json, zh.json}`，flat key
+- store：`localeStore: Writable<'zh' | 'en'>`，LS 持久化
+- API：`t(key: string, params?: Record<string, string | number>): string`（Svelte derived，自动响应 locale 变化）
+- Key 命名：`<domain>.<module>.<purpose>`
+  - `header.search.placeholder`
+  - `editor.item.deleteConfirm`
+  - `auth.login.title`
+  - `error.network.offline`
+- 数据层 i18n：`name`、`name_i18n: { en?: string }` 字段；显示时 `record.name_i18n?.[locale] ?? record.name`
+- 切换 UI：Header `<LocaleToggle>`，icon: `语 / EN`
+- **不引入** `svelte-i18n` / `i18next`
+
+### 8.2 a11y（WCAG 2.1 AA）
+
+- 所有交互元素 `<button type="button">`（清除现有 `<div on:click>`）
+- Tab 顺序合理；可跳过 nav 区的 `Skip to content` 链接（visually hidden until focus）
+- 键盘：Enter / Space 激活；Esc 关 dialog；Tab trap 在 dialog 内；`/` 聚焦搜索；`g` 进入 group quick switch（路线图）
+- ARIA：search `role="searchbox"`、toggle `aria-pressed`、dialog `role="dialog" aria-modal="true" aria-labelledby`、toast `aria-live="polite" / assertive`
+- 焦点环：`outline: 2px solid var(--c-accent); outline-offset: 2px;`，所有可聚焦元素可见
+- 颜色对比：light + dark 主题分别确保 ≥ 4.5:1（normal text）/ 3:1（large text）
+- `prefers-reduced-motion`：tokens 已处理（动效降为 0ms）
+
+### 8.3 类型严格（双端）
+
+- TypeScript：`strict: true`、`noUncheckedIndexedAccess: true`、零 `any`（用 `unknown` + 类型 narrowing）
+- zod schema 单一源 → `z.infer` 出 TS 类型 → 后端 serde struct 手维护一致
+- Rust：`#[deny(warnings)]`、clippy `-W clippy::pedantic`（合理放宽）
+- API client：`apiClient<TRes>(method, path, body, resSchema): Promise<TRes>` —— **禁止裸 fetch**
+
+### 8.4 错误处理边界
+
+- 仅在 fetch / 表单 / 文件上传三处加显式错误处理
+- 内部纯函数不写 try/catch；Rust handler 错误一律 `?` 返 `AppError`
+- toast 系统：`info` / `success` / `warn` / `error`，aria-live polite/assertive
+- 网络失败：retry button；连续 3 次失败 banner "无法连接服务"
+- 401：自动弹 LoginDialog；登录后重试原请求
+
+---
+
+## 9. Migration + Docker + Dev Workflow
+
+### 9.1 一次性数据迁移
+
+- 前端 build stage 跑 `scripts/dump-bootstrap.mjs`（dynamic-import 当前 `src/lib/constants/{nav,siteInfo}.ts` 后 `JSON.stringify` 输出 `build/bootstrap.json`）
+- Rust `build.rs` 把 stage 间拷贝过来的 `bootstrap.json` 通过 `include_str!("../bootstrap.json")` 编译期嵌入 binary
+- `MigrationService::seed_if_empty()`：启动后检查 `sites + items` 为空 → 反序列化嵌入字符串 → 写入 SQLite
+- 备案 / 站名 / avatar 路径进 `config` 表
+- 默认 group（按用途预分；用户登录后可任意调整 / 合并 / 重命名）：
+  - **网络 / Network** (`network`)：RouterOS / OpenWRT / K2P / qBittorrent / Jackett
+  - **媒体 / Media** (`media`)：Jellyfin / Surveillance / 相册
+  - **NAS / Storage** (`nas`)：Synology / 文件夹 / Nas Tools
+  - **工具 / Tools** (`tools`)：Esxi / Home Assistant / 思源笔记 / 博客 / Portainer / 青龙
+- 幂等：再次启动检测非空跳过；本 seed 一次性，重置数据需用户清空 volume
+
+### 9.2 Docker（multi-stage）
+
+```dockerfile
+# ──── Stage 1: build frontend ────
+FROM node:20-alpine AS web-build
+WORKDIR /web
+RUN corepack enable
+COPY web/pnpm-lock.yaml web/package.json ./
+RUN pnpm install --frozen-lockfile
+COPY web/ ./
+COPY scripts/dump-bootstrap.mjs /scripts/dump-bootstrap.mjs
+RUN pnpm build && \
+    node /scripts/dump-bootstrap.mjs > build/bootstrap.json
+# /web/build 含 SPA 资产 + bootstrap.json
+
+# ──── Stage 2: build server ────
+FROM rust:1.79-slim AS server-build
+WORKDIR /server
+RUN apt-get update && apt-get install -y pkg-config libssl-dev && rm -rf /var/lib/apt/lists/*
+# 缓存依赖层
+COPY server/Cargo.toml server/Cargo.lock ./
+RUN mkdir src && echo 'fn main(){}' > src/main.rs && \
+    cargo build --release && \
+    rm -rf src target/release/deps/navsrv* target/release/navsrv*
+COPY server/ ./
+COPY --from=web-build /web/build/bootstrap.json ./bootstrap.json
+RUN cargo build --release
+
+# ──── Stage 3: runtime ────
+FROM gcr.io/distroless/cc-debian12
+COPY --from=server-build /server/target/release/navsrv /usr/local/bin/navsrv
+COPY --from=web-build    /web/build                   /app/static
+ENV PORT=8080 DATA_DIR=/app/data STATIC_DIR=/app/static
+VOLUME /app/data
+EXPOSE 8080
+USER nonroot
+CMD ["navsrv"]
+```
+
+提供 `docker-compose.yml` sample：
+- service `nav`（本镜像，端口 8080，volume `./data:/app/data`，env `BOOTSTRAP_ADMIN_PASSWORD`）
+- service `caddy`（前置 TLS，反代 nav:8080）
+
+### 9.3 目录结构（重构后）
+
+> 仓库采用 **web/ + server/ 双子项目**：前端、后端各自自包含，根目录只放跨子项目资源（Dockerfile / docker-compose / docs / scripts / e2e tests / README）。**不**引入 pnpm/cargo workspace（YAGNI）。
+
+```
+navigation_website/
+├─ web/                                # SvelteKit 子项目（自包含）
+│  ├─ package.json
+│  ├─ pnpm-lock.yaml
+│  ├─ svelte.config.js                 # adapter-static
+│  ├─ vite.config.ts                   # dev proxy /api → :8080
+│  ├─ tsconfig.json
+│  ├─ static/                          # avatar.png / navIcons/*
+│  └─ src/
+│     ├─ app.html, app.scss, app.d.ts
+│     ├─ routes/
+│     │   ├─ +layout.svelte
+│     │   ├─ +page.svelte
+│     │   └─ +error.svelte
+│     └─ lib/
+│        ├─ api/client.ts              # apiClient + zod parse
+│        ├─ design/tokens.scss
+│        ├─ i18n/{store,en,zh}.ts
+│        ├─ stores/{nav,uiPrefs,session,editMode,toast}.ts
+│        ├─ types/nav.ts               # zod schemas + TS types
+│        ├─ components/
+│        │   ├─ ui/                    # design system primitives
+│        │   ├─ Header/
+│        │   ├─ Nav/
+│        │   ├─ Edit/
+│        │   └─ Footer.svelte
+│        └─ utils/{isURL,fuzzy,debounce}
+│
+├─ server/                             # Rust crate（自包含）
+│  ├─ Cargo.toml
+│  ├─ Cargo.lock
+│  ├─ build.rs
+│  ├─ migrations/
+│  │   └─ 0001_init.sql
+│  └─ src/
+│     ├─ main.rs
+│     ├─ config.rs, error.rs
+│     ├─ auth/{mod,middleware,password,session}.rs
+│     ├─ cli.rs                        # reset-password / bootstrap-admin 子命令
+│     ├─ routes/{mod,nav,items,groups,sites,tags,config,auth,favicon,health}.rs
+│     ├─ repo/{mod,nav,config}.rs
+│     └─ services/{mod,favicon,migration,bootstrap}.rs
+│
+├─ scripts/
+│  └─ dump-bootstrap.mjs               # 把 web/ 旧常量转 bootstrap.json
+├─ docs/superpowers/{specs,plans}/     # 设计 + 实施计划
+├─ tests/                              # Playwright e2e（跨前后端）
+│  └─ playwright.config.ts
+│
+├─ Dockerfile                          # multi-stage：web + server → distroless
+├─ docker-compose.yml                  # sample（含 caddy 前置 TLS）
+├─ .editorconfig
+├─ .gitignore
+├─ .dockerignore
+└─ README.md
+```
+
+**职责边界**：
+- `web/` 内一切命令以 `web/` 为 cwd（`pnpm i && pnpm dev/build/test`）
+- `server/` 内一切命令以 `server/` 为 cwd（`cargo run / cargo test`）
+- 根目录命令仅 `docker build` / `docker compose up` / `playwright test`
+- 旧 repo 根的 `src/` `static/` `package.json` `pnpm-lock.yaml` `svelte.config.js` `vite.config.ts` `tsconfig.json` `playwright.config.js` `.eslintrc.cjs` `.eslintignore` `.prettierrc` `.prettierignore` 全部 `git mv` 进 `web/`（playwright 移到根 `tests/`）
+
+### 9.4 Dev workflow
+
+```bash
+# Terminal A: 后端
+cd server
+cargo run                     # listens :8080, auto-migrates SQLite at ./dev-data/data.db
+
+# Terminal B: 前端
+cd web
+pnpm dev                      # listens :5173, vite proxies /api → localhost:8080
+```
+
+### 9.5 部署运维
+
+- `docker run -d --name nav -p 8080:8080 -v ./data:/app/data -e BOOTSTRAP_ADMIN_PASSWORD=changeme navsrv:latest`
+- 改密码：UI 自助 / `docker exec -it nav navsrv reset-password`
+- 备份：`rsync ./data /backup/nav/$(date +%F)/`
+- 升级：`docker pull` + 重启容器；schema 自动迁移
+
+---
+
+## 10. Roadmap & Scope Discipline
+
+### 10.1 路线图（**本期不做**）
+
+| 项 | 推迟原因 |
+|---|---|
+| 多用户 / OAuth / SSO | 单管理员场景够用 |
+| 操作日志 / 审计 | YAGNI |
+| 实时多端同步（SSE / WS） | 个人站访问不大 |
+| PWA / 离线 | 同上 |
+| 健康检查（ping 链接） | 可后续 cron 跑 |
+| 远端备份（git / S3） | 用户 cron rsync |
+| 邮件密码重置 | CLI 替代 |
+| 多产物 build | 用户已确认仅"区域切换" |
+| `g` quick switch / cmd-K palette | 路线图候选 |
+
+### 10.2 范围纪律（**不顺手做**）
+
+- 不引入 Tailwind / DaisyUI / shadcn / 任何 UI 库
+- 不引入 svelte-i18n / svelte-i18next
+- 不引入 ORM 之外（仅 sqlx）
+- 不写"防御性"`if (!x) return` 满天飞 —— TypeScript 严格 + Rust 类型已保证
+- 不为假想未来需求加扩展点（如可插拔 DataProvider，已被实际架构吸收）
+- 不重构未在本 spec 第 9 节登记的文件
+
+### 10.3 已验收的核心决策（用户确认）
+
+- [x] 后端：Rust + Axum + SQLite + tower-sessions
+- [x] 部署：单 Docker 镜像、单进程、Rust 直接 serve 静态前端
+- [x] 编辑形态：同页"编辑模式"（inline 拖拽 + 双击 + 右键菜单 + dialog）
+- [x] 鉴权：单管理员密码 + bcrypt + signed cookie
+- [x] 密码恢复：CLI 子命令 `navsrv reset-password`
+- [x] UI：重建 design system 全新风格（不用 Tailwind）
+- [x] Footer 重做
+- [x] 数据范式：3NF（item × site 多对多 link 表，不用 JSON 列）
+- [x] 多站点语义：增强现有"区域切换"（不做多用户 / 多产物）
+- [x] 数据加载：runtime fetch（不打 build-time 注入）
+- [x] i18n：自实现，前端 + 数据层双轨
+- [x] 设计风格：**现代极简（Linear / Raycast 风格）**
+- [x] Footer：主行 inline 备案 + 次行 Built-with + 英文 locale 隐藏中国大陆备案
+- [x] Session TTL：**30 天 sliding**
+- [x] Bootstrap 密码：env 优先；未设时生成随机密码写日志 + `INITIAL_PASSWORD.txt`，改密码后自动删
+- [x] 默认分组：**网络 / 媒体 / NAS / 工具** 四组按用途预分
+
+### 10.4 待 implement 阶段细化（不在本 spec 范围）
+
+- 最终配色（accent 色值 / 中性色阶完整曲线）
+- 字号 / 行高的精确阶梯
+- 完整 keyboard shortcut 表
+- favicon 缓存策略 TTL
+- session SQLite 表清理 cron
+- error code 体系
+- Playwright 端到端测试覆盖矩阵
+
+---
+
+## 11. Open Questions（已全部按业界最佳实践拍板）
+
+| # | 问题 | 决策 | 依据 |
+|---|---|---|---|
+| 1 | Design system 起点风格 | 现代极简（Linear / Raycast 风） | 工具属性 + 高频使用场景默认；信息密度友好；暗 / 亮主题易做 |
+| 2 | Footer 设计 | 主行 inline 备案 + 次行 Built-with + 英文 locale 隐藏大陆备案 | ICP / 公安备案是大陆法规要求，对非中文用户无意义；分行减视觉噪声 |
+| 3 | Session TTL | 30 天 sliding | GitHub 14d / Linear 90d 之间的工业默认；个人单管理员场景平衡摩擦与风险 |
+| 4 | Bootstrap 密码 | env 优先；未设生成随机密码写日志 + 文件，修改后自动删除 | 参考 GitLab Omnibus / Postgres 镜像；safe-by-default 但不挡新手 |
+| 5 | 默认分组 | 按用途预分 4 组（网络 / 媒体 / NAS / 工具） | 良好初始体验；结构是可改的，预设结构 ≫ 一锅烩 |
+
+详见 §6.1 / §7.1 / §7.4 / §10.3 各节落定。

From 3eaa09c02086623c1c71f1c22821c026fa65910b Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 20 May 2026 19:44:49 +0800
Subject: [PATCH 02/77] =?UTF-8?q?feat:=20Rust=20backend=20(Plan=201)=20?=
 =?UTF-8?q?=E2=80=94=20Axum=20+=20SQLite=20+=20auth=20+=20CRUD=20+=20CLI?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Single-process Rust binary serving JSON API + SPA.
- 3NF SQLite schema (sites/groups/items/links/tags/config) with WAL +
  foreign keys + busy timeout
- NavRepo + ConfigRepo trait + sqlx impl; .sqlx offline metadata committed
- /api/nav public read returns full NavBundle (camelCase)
- Full CRUD endpoints behind RequireAuth
- Single-admin auth: bcrypt cost 12 + signed cookie session via
  tower-sessions (SQLite store), 30d sliding
- Login rate limited (tower-governor 5 burst per 15min)
- Bootstrap admin password: env-var or auto-generated 24-char password
  written to INITIAL_PASSWORD.txt (auto-deleted on first password change)
- /api/icons/upload (multipart, ≤1 MiB, ext-allow-list)
- /api/favicon proxy with 7d disk cache
- ServeDir + SPA fallback (Rust serves SPA + /api/* in one process)
- CLI: navsrv reset-password [--password=…] invalidates all sessions
- Repo split: web/ + server/ subprojects
- 40 cargo tests; clippy --all-targets -D warnings clean; fmt clean
---
 .dockerignore                                 |   32 +-
 .gitignore                                    |   51 +-
 README.md                                     |    8 +
 server/.env.example                           |   14 +
 server/.gitignore                             |    6 +
 ...7db2ab007dca57ef0edaa604172a8206dd975.json |   12 +
 ...64ac52e99659718ad419812da54831f7a190a.json |   32 +
 ...62f9b924bfe56c03c27ccffb8a9e09cbf4833.json |   50 +
 ...2d353da71aaff9e95817a32ec9f27ccb93f82.json |   12 +
 ...93badbad9930e00ba20b0dc1de8c65d199ede.json |   12 +
 ...99b639e22039fb91c83f9d613b92cf46c1bd3.json |   12 +
 ...f104fe634b84f6f0195cb4c94f5d188c189da.json |   12 +
 ...351800b27ba75e058ce84af0ed027ffd70a5a.json |   12 +
 ...58789df6f08fbbb6a8448b9736036de309932.json |   12 +
 ...88df0ec7456df24ad633b34d69cf6f8dab040.json |   12 +
 ...a9256458667e74836a1f3f0ac309b13639d57.json |   12 +
 ...60ebb3a3200f5892644704aea628b45e81654.json |   12 +
 ...1cf41de8a71bb7fe0a75a3e8d504196f82628.json |   12 +
 ...7fab5ba6ad361a1bfddc88dd4c41190515778.json |   12 +
 ...879dd341f9eb8b27a92d6de7a05c028b7c6fe.json |   12 +
 ...baa02d6d653c00e94dd7c26cafd6d73eb2c46.json |   12 +
 ...c182cbe94a1f5d8b67e7c4179d08562ecf5bf.json |   80 +
 ...3b68d506b3706cc8d1ecace476be0375adb7c.json |   50 +
 ...49d8a55fcb34a56d34a625f9831c01297b30a.json |   12 +
 ...2a15109e57de882a4d5a76e35a5b04ab0991d.json |   12 +
 ...e522c15589cdde0a5c9711bdfb8efd7b79915.json |   12 +
 ...13f9ddb01a1a19266c22bea75ce536a65ec7b.json |   12 +
 ...e4e20568aad24916ff9a906ffcbfdf1758530.json |   12 +
 ...398c6fbe7d09262def5624d4c65e01317d0c8.json |   12 +
 ...8503678e4cf199514958e63d23c1ed3d484c5.json |   12 +
 ...6f5436ffc4031ca7480cd75904939b90b6d3b.json |   12 +
 ...fc366bb64a9615b49e379c807c79efcffe854.json |   12 +
 ...a73b6efc65c44156c0bb7eb22b382aacb890b.json |   20 +
 ...0d7376694b86ca986e32503710cb069f74e97.json |   12 +
 ...781e0e0678d1bee286dd90352646052958da3.json |   12 +
 ...329ba01b0cc99fe21660b76535b69080fcd96.json |   12 +
 ...ac607091d7cc6923c55d181a344963a475d7a.json |   12 +
 ...77fb93cd4820017e8398cf0bc5494ef8dc129.json |   12 +
 ...5214d5257599ed5d9d8fa48c80e22ceb24c07.json |   12 +
 ...e727f416d7c1c1e03d49026a12f385c350935.json |   12 +
 ...f2747f2d87a96e042abc979dcea23acefff2c.json |   12 +
 ...6a45f3835d7265618cca762389a5811a7f254.json |   12 +
 ...9727dd5e9aa33541890087c4000124fbd5255.json |   12 +
 ...2931ab1d15cef4930ecf341f4978c5f650043.json |   12 +
 ...2495958548a65a6fb4f036f15cff740031806.json |   12 +
 ...a880a6cf46dba14d98b0a54f0c672600f5db6.json |   26 +
 ...8c8441f11778e4ac5ef328d51fb76f63e464b.json |   38 +
 ...8351f81a5678389dc8fc1343e5c2fc207f74b.json |   12 +
 ...e7158cbf5737bf8f20c06eadaca32fd356344.json |   12 +
 ...1df901cd0200a902421054b0cd2ad7e448753.json |   12 +
 ...b6d1e5e6eb96ec425552298d77e1775371d45.json |   12 +
 server/Cargo.lock                             | 4103 +++++++++++++++++
 server/Cargo.toml                             |   60 +
 server/README.md                              |   48 +
 server/bootstrap.json                         |   23 +
 server/build.rs                               |    3 +
 server/migrations/0001_init.sql               |   72 +
 server/rust-toolchain.toml                    |    4 +
 server/src/app.rs                             |   65 +
 server/src/auth/middleware.rs                 |   33 +
 server/src/auth/mod.rs                        |    4 +
 server/src/auth/password.rs                   |   34 +
 server/src/auth/session.rs                    |   39 +
 server/src/cli.rs                             |   71 +
 server/src/config.rs                          |   89 +
 server/src/db.rs                              |   71 +
 server/src/dto.rs                             |  214 +
 server/src/error.rs                           |  122 +
 server/src/lib.rs                             |   11 +
 server/src/main.rs                            |   65 +
 server/src/repo/config.rs                     |   78 +
 server/src/repo/mod.rs                        |    6 +
 server/src/repo/nav.rs                        |   35 +
 server/src/repo/sqlx_impl.rs                  |  608 +++
 server/src/routes/auth.rs                     |   82 +
 server/src/routes/config.rs                   |   78 +
 server/src/routes/favicon.rs                  |   34 +
 server/src/routes/groups.rs                   |   50 +
 server/src/routes/health.rs                   |   10 +
 server/src/routes/icons.rs                    |   72 +
 server/src/routes/items.rs                    |   54 +
 server/src/routes/mod.rs                      |   33 +
 server/src/routes/nav.rs                      |   15 +
 server/src/routes/sites.rs                    |   50 +
 server/src/routes/tags.rs                     |   41 +
 server/src/services/bootstrap.rs              |   64 +
 server/src/services/bundle.rs                 |   63 +
 server/src/services/favicon.rs                |   70 +
 server/src/services/migration.rs              |  168 +
 server/src/services/mod.rs                    |    4 +
 server/src/state.rs                           |   26 +
 server/tests/api_auth.rs                      |   78 +
 server/tests/api_config_password.rs           |   58 +
 server/tests/api_groups_sites_tags.rs         |   93 +
 server/tests/api_icons.rs                     |   48 +
 server/tests/api_items.rs                     |  138 +
 server/tests/api_nav.rs                       |   15 +
 server/tests/bootstrap.rs                     |   54 +
 server/tests/cli.rs                           |   31 +
 server/tests/health.rs                        |   11 +
 server/tests/repo_config.rs                   |   34 +
 server/tests/repo_items.rs                    |  184 +
 server/tests/repo_sites.rs                    |   74 +
 server/tests/seed.rs                          |   31 +
 server/tests/spa_fallback.rs                  |   29 +
 .eslintignore => web/.eslintignore            |    0
 .eslintrc.cjs => web/.eslintrc.cjs            |    0
 .npmrc => web/.npmrc                          |    0
 .prettierignore => web/.prettierignore        |    0
 .prettierrc => web/.prettierrc                |    0
 package.json => web/package.json              |    1 +
 .../playwright.config.js                      |    0
 pnpm-lock.yaml => web/pnpm-lock.yaml          |    0
 {src => web/src}/app.d.ts                     |    0
 {src => web/src}/app.html                     |    0
 {src => web/src}/app.scss                     |    0
 {src => web/src}/lib/components/Avatar.svelte |    0
 {src => web/src}/lib/components/Footer.svelte |    0
 {src => web/src}/lib/components/Header.svelte |    0
 {src => web/src}/lib/components/Nav.svelte    |    0
 .../src}/lib/components/SiteSelect.svelte     |    0
 {src => web/src}/lib/constants/avatar.ts      |    0
 {src => web/src}/lib/constants/nav.ts         |    0
 {src => web/src}/lib/constants/siteInfo.ts    |    0
 {src => web/src}/lib/store/siteStore.ts       |    0
 {src => web/src}/lib/utils/index.ts           |    0
 {src => web/src}/lib/utils/isURL.ts           |    0
 {src => web/src}/routes/+layout.svelte        |    0
 {src => web/src}/routes/+page.svelte          |    0
 {src => web/src}/service-worker.ts            |    0
 {static => web/static}/avatar.png             |  Bin
 {static => web/static}/favicon.png            |  Bin
 {static => web/static}/manifest.json          |    0
 {static => web/static}/navIcons/album.png     |  Bin
 {static => web/static}/navIcons/blog.png      |  Bin
 {static => web/static}/navIcons/esxi.png      |  Bin
 {static => web/static}/navIcons/file.png      |  Bin
 .../static}/navIcons/homeAssistant.svg        |    0
 {static => web/static}/navIcons/jackett.png   |  Bin
 {static => web/static}/navIcons/jellyfin.svg  |    0
 .../static}/navIcons/moviePilot.svg           |    0
 {static => web/static}/navIcons/nasTools.png  |  Bin
 {static => web/static}/navIcons/openWRT.png   |  Bin
 {static => web/static}/navIcons/phicomm.png   |  Bin
 {static => web/static}/navIcons/plex.png      |  Bin
 {static => web/static}/navIcons/portainer.svg |    0
 .../static}/navIcons/qBittorrent.png          |  Bin
 {static => web/static}/navIcons/qinglong.png  |  Bin
 {static => web/static}/navIcons/routerOS.png  |  Bin
 {static => web/static}/navIcons/singBox.svg   |    0
 .../static}/navIcons/siyuanNote.png           |  Bin
 .../static}/navIcons/surveillanceStation.png  |  Bin
 {static => web/static}/navIcons/synology.png  |  Bin
 svelte.config.js => web/svelte.config.js      |    0
 {tests => web/tests}/test.ts                  |    0
 tsconfig.json => web/tsconfig.json            |    0
 vite.config.ts => web/vite.config.ts          |   13 +-
 157 files changed, 8506 insertions(+), 33 deletions(-)
 create mode 100644 server/.env.example
 create mode 100644 server/.gitignore
 create mode 100644 server/.sqlx/query-018c014e9b876efe39ee03b4dac7db2ab007dca57ef0edaa604172a8206dd975.json
 create mode 100644 server/.sqlx/query-0db0cdc73f5f3b0a724c13e3fa064ac52e99659718ad419812da54831f7a190a.json
 create mode 100644 server/.sqlx/query-14d0e90d88368fd2b1b382532b962f9b924bfe56c03c27ccffb8a9e09cbf4833.json
 create mode 100644 server/.sqlx/query-1557cdb522eeb4b2393e1bb6e3f2d353da71aaff9e95817a32ec9f27ccb93f82.json
 create mode 100644 server/.sqlx/query-1a8e3c65c434b2159b7df6bc7b593badbad9930e00ba20b0dc1de8c65d199ede.json
 create mode 100644 server/.sqlx/query-1bf99816bc9be757b49c2b1075e99b639e22039fb91c83f9d613b92cf46c1bd3.json
 create mode 100644 server/.sqlx/query-1fe34b94c20773d35ab0d740b40f104fe634b84f6f0195cb4c94f5d188c189da.json
 create mode 100644 server/.sqlx/query-2aea185fc7a3724953adef82f75351800b27ba75e058ce84af0ed027ffd70a5a.json
 create mode 100644 server/.sqlx/query-2efab86a43e8e6c658393bcd90458789df6f08fbbb6a8448b9736036de309932.json
 create mode 100644 server/.sqlx/query-35c8b3e80537de0a2088a6ee4da88df0ec7456df24ad633b34d69cf6f8dab040.json
 create mode 100644 server/.sqlx/query-4003dd1d7f77ad559bab2d85679a9256458667e74836a1f3f0ac309b13639d57.json
 create mode 100644 server/.sqlx/query-4b84fda8f718e500a61e42b414b60ebb3a3200f5892644704aea628b45e81654.json
 create mode 100644 server/.sqlx/query-5309baf627ca79102c18538856a1cf41de8a71bb7fe0a75a3e8d504196f82628.json
 create mode 100644 server/.sqlx/query-5317be5ee01f4ad4a6681a368157fab5ba6ad361a1bfddc88dd4c41190515778.json
 create mode 100644 server/.sqlx/query-563b6cfe1cde0eb0b2019903d8e879dd341f9eb8b27a92d6de7a05c028b7c6fe.json
 create mode 100644 server/.sqlx/query-5a0667baad5f3321fb5a5f0cd24baa02d6d653c00e94dd7c26cafd6d73eb2c46.json
 create mode 100644 server/.sqlx/query-5ad2f300b77f5983877f6e576d0c182cbe94a1f5d8b67e7c4179d08562ecf5bf.json
 create mode 100644 server/.sqlx/query-60833943deb5e25462d920d36833b68d506b3706cc8d1ecace476be0375adb7c.json
 create mode 100644 server/.sqlx/query-642aadbfbbca043f19b80a1d1b749d8a55fcb34a56d34a625f9831c01297b30a.json
 create mode 100644 server/.sqlx/query-6b0782599be7e8dad4b38a303432a15109e57de882a4d5a76e35a5b04ab0991d.json
 create mode 100644 server/.sqlx/query-6da968dd1c08041c5bc91d4d807e522c15589cdde0a5c9711bdfb8efd7b79915.json
 create mode 100644 server/.sqlx/query-79a3d48f7c65db8e17e469ed54713f9ddb01a1a19266c22bea75ce536a65ec7b.json
 create mode 100644 server/.sqlx/query-7dc83626e527405130beee7cf3de4e20568aad24916ff9a906ffcbfdf1758530.json
 create mode 100644 server/.sqlx/query-86cade496a9deb55a0a57c08666398c6fbe7d09262def5624d4c65e01317d0c8.json
 create mode 100644 server/.sqlx/query-8d846a4e80eda9d30d2c18addbc8503678e4cf199514958e63d23c1ed3d484c5.json
 create mode 100644 server/.sqlx/query-9add219f4eb09bf47fd82bd426a6f5436ffc4031ca7480cd75904939b90b6d3b.json
 create mode 100644 server/.sqlx/query-9bd2d1d1e871dde77b4768390d2fc366bb64a9615b49e379c807c79efcffe854.json
 create mode 100644 server/.sqlx/query-9f446fea4be730b92077288cf55a73b6efc65c44156c0bb7eb22b382aacb890b.json
 create mode 100644 server/.sqlx/query-a00bce4b3500492530c5c8c017e0d7376694b86ca986e32503710cb069f74e97.json
 create mode 100644 server/.sqlx/query-acecac2afa949dc59110a3d84d7781e0e0678d1bee286dd90352646052958da3.json
 create mode 100644 server/.sqlx/query-ba826f8413816631d43cfec3c17329ba01b0cc99fe21660b76535b69080fcd96.json
 create mode 100644 server/.sqlx/query-bed47da1cfc8e819d2de79a8440ac607091d7cc6923c55d181a344963a475d7a.json
 create mode 100644 server/.sqlx/query-c09e30cdab3b984f5f5989ccbe577fb93cd4820017e8398cf0bc5494ef8dc129.json
 create mode 100644 server/.sqlx/query-cdca47905108f250bfcc425e06e5214d5257599ed5d9d8fa48c80e22ceb24c07.json
 create mode 100644 server/.sqlx/query-d343261c0578c677c168814cf88e727f416d7c1c1e03d49026a12f385c350935.json
 create mode 100644 server/.sqlx/query-d69cd4da9c0ed4e3528c1ee2494f2747f2d87a96e042abc979dcea23acefff2c.json
 create mode 100644 server/.sqlx/query-d92d9ce82fe2a58d01b99a324bc6a45f3835d7265618cca762389a5811a7f254.json
 create mode 100644 server/.sqlx/query-d95fee43c4950b9d7ac420d4a119727dd5e9aa33541890087c4000124fbd5255.json
 create mode 100644 server/.sqlx/query-da9e4028a1d46d942fcff8b5dfc2931ab1d15cef4930ecf341f4978c5f650043.json
 create mode 100644 server/.sqlx/query-dbf1e31abbead0d1ceb936d58f82495958548a65a6fb4f036f15cff740031806.json
 create mode 100644 server/.sqlx/query-ddf98d9fc5694bca2b491fbcc7da880a6cf46dba14d98b0a54f0c672600f5db6.json
 create mode 100644 server/.sqlx/query-df27ff82e851bb95aef3e576ab68c8441f11778e4ac5ef328d51fb76f63e464b.json
 create mode 100644 server/.sqlx/query-dfc31268416854e485b22a4706e8351f81a5678389dc8fc1343e5c2fc207f74b.json
 create mode 100644 server/.sqlx/query-e8a2d24de286cb8df5657c88f39e7158cbf5737bf8f20c06eadaca32fd356344.json
 create mode 100644 server/.sqlx/query-ece38ab6133af02692986502a961df901cd0200a902421054b0cd2ad7e448753.json
 create mode 100644 server/.sqlx/query-f645842429f85616ae093960947b6d1e5e6eb96ec425552298d77e1775371d45.json
 create mode 100644 server/Cargo.lock
 create mode 100644 server/Cargo.toml
 create mode 100644 server/README.md
 create mode 100644 server/bootstrap.json
 create mode 100644 server/build.rs
 create mode 100644 server/migrations/0001_init.sql
 create mode 100644 server/rust-toolchain.toml
 create mode 100644 server/src/app.rs
 create mode 100644 server/src/auth/middleware.rs
 create mode 100644 server/src/auth/mod.rs
 create mode 100644 server/src/auth/password.rs
 create mode 100644 server/src/auth/session.rs
 create mode 100644 server/src/cli.rs
 create mode 100644 server/src/config.rs
 create mode 100644 server/src/db.rs
 create mode 100644 server/src/dto.rs
 create mode 100644 server/src/error.rs
 create mode 100644 server/src/lib.rs
 create mode 100644 server/src/main.rs
 create mode 100644 server/src/repo/config.rs
 create mode 100644 server/src/repo/mod.rs
 create mode 100644 server/src/repo/nav.rs
 create mode 100644 server/src/repo/sqlx_impl.rs
 create mode 100644 server/src/routes/auth.rs
 create mode 100644 server/src/routes/config.rs
 create mode 100644 server/src/routes/favicon.rs
 create mode 100644 server/src/routes/groups.rs
 create mode 100644 server/src/routes/health.rs
 create mode 100644 server/src/routes/icons.rs
 create mode 100644 server/src/routes/items.rs
 create mode 100644 server/src/routes/mod.rs
 create mode 100644 server/src/routes/nav.rs
 create mode 100644 server/src/routes/sites.rs
 create mode 100644 server/src/routes/tags.rs
 create mode 100644 server/src/services/bootstrap.rs
 create mode 100644 server/src/services/bundle.rs
 create mode 100644 server/src/services/favicon.rs
 create mode 100644 server/src/services/migration.rs
 create mode 100644 server/src/services/mod.rs
 create mode 100644 server/src/state.rs
 create mode 100644 server/tests/api_auth.rs
 create mode 100644 server/tests/api_config_password.rs
 create mode 100644 server/tests/api_groups_sites_tags.rs
 create mode 100644 server/tests/api_icons.rs
 create mode 100644 server/tests/api_items.rs
 create mode 100644 server/tests/api_nav.rs
 create mode 100644 server/tests/bootstrap.rs
 create mode 100644 server/tests/cli.rs
 create mode 100644 server/tests/health.rs
 create mode 100644 server/tests/repo_config.rs
 create mode 100644 server/tests/repo_items.rs
 create mode 100644 server/tests/repo_sites.rs
 create mode 100644 server/tests/seed.rs
 create mode 100644 server/tests/spa_fallback.rs
 rename .eslintignore => web/.eslintignore (100%)
 rename .eslintrc.cjs => web/.eslintrc.cjs (100%)
 rename .npmrc => web/.npmrc (100%)
 rename .prettierignore => web/.prettierignore (100%)
 rename .prettierrc => web/.prettierrc (100%)
 rename package.json => web/package.json (96%)
 rename playwright.config.js => web/playwright.config.js (100%)
 rename pnpm-lock.yaml => web/pnpm-lock.yaml (100%)
 rename {src => web/src}/app.d.ts (100%)
 rename {src => web/src}/app.html (100%)
 rename {src => web/src}/app.scss (100%)
 rename {src => web/src}/lib/components/Avatar.svelte (100%)
 rename {src => web/src}/lib/components/Footer.svelte (100%)
 rename {src => web/src}/lib/components/Header.svelte (100%)
 rename {src => web/src}/lib/components/Nav.svelte (100%)
 rename {src => web/src}/lib/components/SiteSelect.svelte (100%)
 rename {src => web/src}/lib/constants/avatar.ts (100%)
 rename {src => web/src}/lib/constants/nav.ts (100%)
 rename {src => web/src}/lib/constants/siteInfo.ts (100%)
 rename {src => web/src}/lib/store/siteStore.ts (100%)
 rename {src => web/src}/lib/utils/index.ts (100%)
 rename {src => web/src}/lib/utils/isURL.ts (100%)
 rename {src => web/src}/routes/+layout.svelte (100%)
 rename {src => web/src}/routes/+page.svelte (100%)
 rename {src => web/src}/service-worker.ts (100%)
 rename {static => web/static}/avatar.png (100%)
 rename {static => web/static}/favicon.png (100%)
 rename {static => web/static}/manifest.json (100%)
 rename {static => web/static}/navIcons/album.png (100%)
 rename {static => web/static}/navIcons/blog.png (100%)
 rename {static => web/static}/navIcons/esxi.png (100%)
 rename {static => web/static}/navIcons/file.png (100%)
 rename {static => web/static}/navIcons/homeAssistant.svg (100%)
 rename {static => web/static}/navIcons/jackett.png (100%)
 rename {static => web/static}/navIcons/jellyfin.svg (100%)
 rename {static => web/static}/navIcons/moviePilot.svg (100%)
 rename {static => web/static}/navIcons/nasTools.png (100%)
 rename {static => web/static}/navIcons/openWRT.png (100%)
 rename {static => web/static}/navIcons/phicomm.png (100%)
 rename {static => web/static}/navIcons/plex.png (100%)
 rename {static => web/static}/navIcons/portainer.svg (100%)
 rename {static => web/static}/navIcons/qBittorrent.png (100%)
 rename {static => web/static}/navIcons/qinglong.png (100%)
 rename {static => web/static}/navIcons/routerOS.png (100%)
 rename {static => web/static}/navIcons/singBox.svg (100%)
 rename {static => web/static}/navIcons/siyuanNote.png (100%)
 rename {static => web/static}/navIcons/surveillanceStation.png (100%)
 rename {static => web/static}/navIcons/synology.png (100%)
 rename svelte.config.js => web/svelte.config.js (100%)
 rename {tests => web/tests}/test.ts (100%)
 rename tsconfig.json => web/tsconfig.json (100%)
 rename vite.config.ts => web/vite.config.ts (53%)

diff --git a/.dockerignore b/.dockerignore
index d918727..c05b4d2 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,15 +1,25 @@
-# README.md
-README.md
+# Build artifacts
+**/node_modules
+**/.svelte-kit
+**/build
+**/target
 
-# .git
+# Local data / env
+**/.env
+**/.env.*
+!**/.env.example
+**/dev-data
+data/
+
+# Git / dev
 .git
 .gitignore
-
-# .vscode
+.github
+.worktrees
 .vscode
-
-# node_modules
-node_modules
-
-#editorconfig
-.editorconfig
+.idea
+docs
+tests
+*.md
+!README.md
+snapshot_*.png
diff --git a/.gitignore b/.gitignore
index 9cab67b..f6a93cd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,19 +1,34 @@
+# OS
 .DS_Store
-node_modules
-/build
-/.svelte-kit
-/package
-.env
-.env.*
-!.env.example
-.vercel
-.output
-vite.config.js.timestamp-*
-vite.config.ts.timestamp-*
-.yarn/*
-!.yarn/patches
-!.yarn/releases
-!.yarn/plugins
-!.yarn/sdks
-!.yarn/versions
-.pnp.*
+Thumbs.db
+
+# Editors
+.vscode/
+.idea/
+
+# Frontend
+web/node_modules/
+web/.svelte-kit/
+web/build/
+web/.env
+web/.env.*
+!web/.env.example
+
+# Backend
+server/target/
+server/.env
+server/.env.*
+!server/.env.example
+server/dev-data/
+
+# Local volumes / runtime
+data/
+*.log
+*.pid
+
+# Worktrees (per ~/.claude/rules/worktree-location.md)
+.worktrees/
+
+# Tests
+test-results/
+playwright-report/
diff --git a/README.md b/README.md
index 149567e..8eacc30 100644
--- a/README.md
+++ b/README.md
@@ -22,6 +22,14 @@ A static navigation website written in svelte3.
 
     ![H5 Site Switch](./snapshot_h5_site_switch.png)
 
+## Project layout
+
+- `web/` — SvelteKit SPA (`pnpm dev` / `pnpm build`)
+- `server/` — Rust backend (`cargo run`); see `server/README.md`
+- `docs/superpowers/` — design specs and implementation plans
+
+The production deploy is a single Docker image bundling both (Plan 5).
+
 ## Pre-install
 
 - [Install git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
diff --git a/server/.env.example b/server/.env.example
new file mode 100644
index 0000000..13b9d38
--- /dev/null
+++ b/server/.env.example
@@ -0,0 +1,14 @@
+# Server
+PORT=8080
+DATA_DIR=./dev-data
+STATIC_DIR=../web/build
+RUST_LOG=info,sqlx=warn,tower_http=info
+
+# Auth
+# Set on first boot only. Leave empty to have one generated and written
+# to ${DATA_DIR}/INITIAL_PASSWORD.txt.
+BOOTSTRAP_ADMIN_PASSWORD=
+
+# Security
+# Set true behind HTTPS terminator. Cookies become Secure-only.
+SECURE_COOKIES=false
diff --git a/server/.gitignore b/server/.gitignore
new file mode 100644
index 0000000..738d184
--- /dev/null
+++ b/server/.gitignore
@@ -0,0 +1,6 @@
+target/
+dev-data/
+.env
+.env.*
+!.env.example
+*.log
diff --git a/server/.sqlx/query-018c014e9b876efe39ee03b4dac7db2ab007dca57ef0edaa604172a8206dd975.json b/server/.sqlx/query-018c014e9b876efe39ee03b4dac7db2ab007dca57ef0edaa604172a8206dd975.json
new file mode 100644
index 0000000..7910743
--- /dev/null
+++ b/server/.sqlx/query-018c014e9b876efe39ee03b4dac7db2ab007dca57ef0edaa604172a8206dd975.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO item_tags (item_id, tag_id)\n                        SELECT ?, tags.id FROM tags WHERE tags.slug = ?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "018c014e9b876efe39ee03b4dac7db2ab007dca57ef0edaa604172a8206dd975"
+}
diff --git a/server/.sqlx/query-0db0cdc73f5f3b0a724c13e3fa064ac52e99659718ad419812da54831f7a190a.json b/server/.sqlx/query-0db0cdc73f5f3b0a724c13e3fa064ac52e99659718ad419812da54831f7a190a.json
new file mode 100644
index 0000000..42e8005
--- /dev/null
+++ b/server/.sqlx/query-0db0cdc73f5f3b0a724c13e3fa064ac52e99659718ad419812da54831f7a190a.json
@@ -0,0 +1,32 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT il.item_id as \"item_id!: i64\", s.value as \"site_value!\", il.url as \"url!\"\n               FROM item_links il JOIN sites s ON s.id = il.site_id",
+  "describe": {
+    "columns": [
+      {
+        "name": "item_id!: i64",
+        "ordinal": 0,
+        "type_info": "Int64"
+      },
+      {
+        "name": "site_value!",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "url!",
+        "ordinal": 2,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 0
+    },
+    "nullable": [
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "0db0cdc73f5f3b0a724c13e3fa064ac52e99659718ad419812da54831f7a190a"
+}
diff --git a/server/.sqlx/query-14d0e90d88368fd2b1b382532b962f9b924bfe56c03c27ccffb8a9e09cbf4833.json b/server/.sqlx/query-14d0e90d88368fd2b1b382532b962f9b924bfe56c03c27ccffb8a9e09cbf4833.json
new file mode 100644
index 0000000..02499ec
--- /dev/null
+++ b/server/.sqlx/query-14d0e90d88368fd2b1b382532b962f9b924bfe56c03c27ccffb8a9e09cbf4833.json
@@ -0,0 +1,50 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id as \"id!: i64\", value, name,\n                      name_i18n as \"name_i18n: serde_json::Value\",\n                      sort_order as \"sort_order!: i64\",\n                      is_default\n               FROM sites ORDER BY sort_order, id",
+  "describe": {
+    "columns": [
+      {
+        "name": "id!: i64",
+        "ordinal": 0,
+        "type_info": "Int64"
+      },
+      {
+        "name": "value",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "name",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "name_i18n: serde_json::Value",
+        "ordinal": 3,
+        "type_info": "Text"
+      },
+      {
+        "name": "sort_order!: i64",
+        "ordinal": 4,
+        "type_info": "Int64"
+      },
+      {
+        "name": "is_default",
+        "ordinal": 5,
+        "type_info": "Int64"
+      }
+    ],
+    "parameters": {
+      "Right": 0
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      true,
+      false,
+      false
+    ]
+  },
+  "hash": "14d0e90d88368fd2b1b382532b962f9b924bfe56c03c27ccffb8a9e09cbf4833"
+}
diff --git a/server/.sqlx/query-1557cdb522eeb4b2393e1bb6e3f2d353da71aaff9e95817a32ec9f27ccb93f82.json b/server/.sqlx/query-1557cdb522eeb4b2393e1bb6e3f2d353da71aaff9e95817a32ec9f27ccb93f82.json
new file mode 100644
index 0000000..f0ebce5
--- /dev/null
+++ b/server/.sqlx/query-1557cdb522eeb4b2393e1bb6e3f2d353da71aaff9e95817a32ec9f27ccb93f82.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE sites SET sort_order=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "1557cdb522eeb4b2393e1bb6e3f2d353da71aaff9e95817a32ec9f27ccb93f82"
+}
diff --git a/server/.sqlx/query-1a8e3c65c434b2159b7df6bc7b593badbad9930e00ba20b0dc1de8c65d199ede.json b/server/.sqlx/query-1a8e3c65c434b2159b7df6bc7b593badbad9930e00ba20b0dc1de8c65d199ede.json
new file mode 100644
index 0000000..877912e
--- /dev/null
+++ b/server/.sqlx/query-1a8e3c65c434b2159b7df6bc7b593badbad9930e00ba20b0dc1de8c65d199ede.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE sites SET name=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "1a8e3c65c434b2159b7df6bc7b593badbad9930e00ba20b0dc1de8c65d199ede"
+}
diff --git a/server/.sqlx/query-1bf99816bc9be757b49c2b1075e99b639e22039fb91c83f9d613b92cf46c1bd3.json b/server/.sqlx/query-1bf99816bc9be757b49c2b1075e99b639e22039fb91c83f9d613b92cf46c1bd3.json
new file mode 100644
index 0000000..c418ce5
--- /dev/null
+++ b/server/.sqlx/query-1bf99816bc9be757b49c2b1075e99b639e22039fb91c83f9d613b92cf46c1bd3.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE items SET description_i18n=?, updated_at=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": []
+  },
+  "hash": "1bf99816bc9be757b49c2b1075e99b639e22039fb91c83f9d613b92cf46c1bd3"
+}
diff --git a/server/.sqlx/query-1fe34b94c20773d35ab0d740b40f104fe634b84f6f0195cb4c94f5d188c189da.json b/server/.sqlx/query-1fe34b94c20773d35ab0d740b40f104fe634b84f6f0195cb4c94f5d188c189da.json
new file mode 100644
index 0000000..654d3bf
--- /dev/null
+++ b/server/.sqlx/query-1fe34b94c20773d35ab0d740b40f104fe634b84f6f0195cb4c94f5d188c189da.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO config (key, value) VALUES (?, ?)\n             ON CONFLICT(key) DO UPDATE SET value=excluded.value",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "1fe34b94c20773d35ab0d740b40f104fe634b84f6f0195cb4c94f5d188c189da"
+}
diff --git a/server/.sqlx/query-2aea185fc7a3724953adef82f75351800b27ba75e058ce84af0ed027ffd70a5a.json b/server/.sqlx/query-2aea185fc7a3724953adef82f75351800b27ba75e058ce84af0ed027ffd70a5a.json
new file mode 100644
index 0000000..2ef9298
--- /dev/null
+++ b/server/.sqlx/query-2aea185fc7a3724953adef82f75351800b27ba75e058ce84af0ed027ffd70a5a.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE groups SET sort_order=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "2aea185fc7a3724953adef82f75351800b27ba75e058ce84af0ed027ffd70a5a"
+}
diff --git a/server/.sqlx/query-2efab86a43e8e6c658393bcd90458789df6f08fbbb6a8448b9736036de309932.json b/server/.sqlx/query-2efab86a43e8e6c658393bcd90458789df6f08fbbb6a8448b9736036de309932.json
new file mode 100644
index 0000000..c583685
--- /dev/null
+++ b/server/.sqlx/query-2efab86a43e8e6c658393bcd90458789df6f08fbbb6a8448b9736036de309932.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO item_links (item_id, site_id, url)\n                    SELECT ?, sites.id, ? FROM sites WHERE sites.value = ?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": []
+  },
+  "hash": "2efab86a43e8e6c658393bcd90458789df6f08fbbb6a8448b9736036de309932"
+}
diff --git a/server/.sqlx/query-35c8b3e80537de0a2088a6ee4da88df0ec7456df24ad633b34d69cf6f8dab040.json b/server/.sqlx/query-35c8b3e80537de0a2088a6ee4da88df0ec7456df24ad633b34d69cf6f8dab040.json
new file mode 100644
index 0000000..f6ce780
--- /dev/null
+++ b/server/.sqlx/query-35c8b3e80537de0a2088a6ee4da88df0ec7456df24ad633b34d69cf6f8dab040.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE groups SET slug=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "35c8b3e80537de0a2088a6ee4da88df0ec7456df24ad633b34d69cf6f8dab040"
+}
diff --git a/server/.sqlx/query-4003dd1d7f77ad559bab2d85679a9256458667e74836a1f3f0ac309b13639d57.json b/server/.sqlx/query-4003dd1d7f77ad559bab2d85679a9256458667e74836a1f3f0ac309b13639d57.json
new file mode 100644
index 0000000..8aed6cd
--- /dev/null
+++ b/server/.sqlx/query-4003dd1d7f77ad559bab2d85679a9256458667e74836a1f3f0ac309b13639d57.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE sites SET name_i18n=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "4003dd1d7f77ad559bab2d85679a9256458667e74836a1f3f0ac309b13639d57"
+}
diff --git a/server/.sqlx/query-4b84fda8f718e500a61e42b414b60ebb3a3200f5892644704aea628b45e81654.json b/server/.sqlx/query-4b84fda8f718e500a61e42b414b60ebb3a3200f5892644704aea628b45e81654.json
new file mode 100644
index 0000000..3a7406f
--- /dev/null
+++ b/server/.sqlx/query-4b84fda8f718e500a61e42b414b60ebb3a3200f5892644704aea628b45e81654.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO items\n                (group_id, name, name_i18n, description, description_i18n,\n                 icon_kind, icon_value, sort_order, created_at, updated_at)\n               VALUES (?, ?, ?, ?, ?, ?, ?, COALESCE((SELECT MAX(sort_order)+1 FROM items WHERE group_id IS ?), 0), ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 10
+    },
+    "nullable": []
+  },
+  "hash": "4b84fda8f718e500a61e42b414b60ebb3a3200f5892644704aea628b45e81654"
+}
diff --git a/server/.sqlx/query-5309baf627ca79102c18538856a1cf41de8a71bb7fe0a75a3e8d504196f82628.json b/server/.sqlx/query-5309baf627ca79102c18538856a1cf41de8a71bb7fe0a75a3e8d504196f82628.json
new file mode 100644
index 0000000..bcf15a9
--- /dev/null
+++ b/server/.sqlx/query-5309baf627ca79102c18538856a1cf41de8a71bb7fe0a75a3e8d504196f82628.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "DELETE FROM tags WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": []
+  },
+  "hash": "5309baf627ca79102c18538856a1cf41de8a71bb7fe0a75a3e8d504196f82628"
+}
diff --git a/server/.sqlx/query-5317be5ee01f4ad4a6681a368157fab5ba6ad361a1bfddc88dd4c41190515778.json b/server/.sqlx/query-5317be5ee01f4ad4a6681a368157fab5ba6ad361a1bfddc88dd4c41190515778.json
new file mode 100644
index 0000000..55711d6
--- /dev/null
+++ b/server/.sqlx/query-5317be5ee01f4ad4a6681a368157fab5ba6ad361a1bfddc88dd4c41190515778.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE groups SET collapsed_default=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "5317be5ee01f4ad4a6681a368157fab5ba6ad361a1bfddc88dd4c41190515778"
+}
diff --git a/server/.sqlx/query-563b6cfe1cde0eb0b2019903d8e879dd341f9eb8b27a92d6de7a05c028b7c6fe.json b/server/.sqlx/query-563b6cfe1cde0eb0b2019903d8e879dd341f9eb8b27a92d6de7a05c028b7c6fe.json
new file mode 100644
index 0000000..0a2c447
--- /dev/null
+++ b/server/.sqlx/query-563b6cfe1cde0eb0b2019903d8e879dd341f9eb8b27a92d6de7a05c028b7c6fe.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE items SET sort_order=?, updated_at=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": []
+  },
+  "hash": "563b6cfe1cde0eb0b2019903d8e879dd341f9eb8b27a92d6de7a05c028b7c6fe"
+}
diff --git a/server/.sqlx/query-5a0667baad5f3321fb5a5f0cd24baa02d6d653c00e94dd7c26cafd6d73eb2c46.json b/server/.sqlx/query-5a0667baad5f3321fb5a5f0cd24baa02d6d653c00e94dd7c26cafd6d73eb2c46.json
new file mode 100644
index 0000000..e2dae30
--- /dev/null
+++ b/server/.sqlx/query-5a0667baad5f3321fb5a5f0cd24baa02d6d653c00e94dd7c26cafd6d73eb2c46.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO tags (slug, name, name_i18n) VALUES (?, ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": []
+  },
+  "hash": "5a0667baad5f3321fb5a5f0cd24baa02d6d653c00e94dd7c26cafd6d73eb2c46"
+}
diff --git a/server/.sqlx/query-5ad2f300b77f5983877f6e576d0c182cbe94a1f5d8b67e7c4179d08562ecf5bf.json b/server/.sqlx/query-5ad2f300b77f5983877f6e576d0c182cbe94a1f5d8b67e7c4179d08562ecf5bf.json
new file mode 100644
index 0000000..8eb797e
--- /dev/null
+++ b/server/.sqlx/query-5ad2f300b77f5983877f6e576d0c182cbe94a1f5d8b67e7c4179d08562ecf5bf.json
@@ -0,0 +1,80 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id as \"id!: i64\", group_id,\n                      name, name_i18n as \"name_i18n: serde_json::Value\",\n                      description, description_i18n as \"description_i18n: serde_json::Value\",\n                      icon_kind, icon_value,\n                      sort_order as \"sort_order!: i64\",\n                      created_at as \"created_at!: i64\",\n                      updated_at as \"updated_at!: i64\"\n               FROM items\n               ORDER BY group_id, sort_order, id",
+  "describe": {
+    "columns": [
+      {
+        "name": "id!: i64",
+        "ordinal": 0,
+        "type_info": "Int64"
+      },
+      {
+        "name": "group_id",
+        "ordinal": 1,
+        "type_info": "Int64"
+      },
+      {
+        "name": "name",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "name_i18n: serde_json::Value",
+        "ordinal": 3,
+        "type_info": "Text"
+      },
+      {
+        "name": "description",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "description_i18n: serde_json::Value",
+        "ordinal": 5,
+        "type_info": "Text"
+      },
+      {
+        "name": "icon_kind",
+        "ordinal": 6,
+        "type_info": "Text"
+      },
+      {
+        "name": "icon_value",
+        "ordinal": 7,
+        "type_info": "Text"
+      },
+      {
+        "name": "sort_order!: i64",
+        "ordinal": 8,
+        "type_info": "Int64"
+      },
+      {
+        "name": "created_at!: i64",
+        "ordinal": 9,
+        "type_info": "Int64"
+      },
+      {
+        "name": "updated_at!: i64",
+        "ordinal": 10,
+        "type_info": "Int64"
+      }
+    ],
+    "parameters": {
+      "Right": 0
+    },
+    "nullable": [
+      true,
+      true,
+      false,
+      true,
+      true,
+      true,
+      false,
+      false,
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "5ad2f300b77f5983877f6e576d0c182cbe94a1f5d8b67e7c4179d08562ecf5bf"
+}
diff --git a/server/.sqlx/query-60833943deb5e25462d920d36833b68d506b3706cc8d1ecace476be0375adb7c.json b/server/.sqlx/query-60833943deb5e25462d920d36833b68d506b3706cc8d1ecace476be0375adb7c.json
new file mode 100644
index 0000000..44bda0a
--- /dev/null
+++ b/server/.sqlx/query-60833943deb5e25462d920d36833b68d506b3706cc8d1ecace476be0375adb7c.json
@@ -0,0 +1,50 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id as \"id!: i64\", slug, name,\n                      name_i18n as \"name_i18n: serde_json::Value\",\n                      sort_order as \"sort_order!: i64\",\n                      collapsed_default\n               FROM groups ORDER BY sort_order, id",
+  "describe": {
+    "columns": [
+      {
+        "name": "id!: i64",
+        "ordinal": 0,
+        "type_info": "Int64"
+      },
+      {
+        "name": "slug",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "name",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "name_i18n: serde_json::Value",
+        "ordinal": 3,
+        "type_info": "Text"
+      },
+      {
+        "name": "sort_order!: i64",
+        "ordinal": 4,
+        "type_info": "Int64"
+      },
+      {
+        "name": "collapsed_default",
+        "ordinal": 5,
+        "type_info": "Int64"
+      }
+    ],
+    "parameters": {
+      "Right": 0
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      true,
+      false,
+      false
+    ]
+  },
+  "hash": "60833943deb5e25462d920d36833b68d506b3706cc8d1ecace476be0375adb7c"
+}
diff --git a/server/.sqlx/query-642aadbfbbca043f19b80a1d1b749d8a55fcb34a56d34a625f9831c01297b30a.json b/server/.sqlx/query-642aadbfbbca043f19b80a1d1b749d8a55fcb34a56d34a625f9831c01297b30a.json
new file mode 100644
index 0000000..7444cdf
--- /dev/null
+++ b/server/.sqlx/query-642aadbfbbca043f19b80a1d1b749d8a55fcb34a56d34a625f9831c01297b30a.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "DELETE FROM item_links WHERE item_id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": []
+  },
+  "hash": "642aadbfbbca043f19b80a1d1b749d8a55fcb34a56d34a625f9831c01297b30a"
+}
diff --git a/server/.sqlx/query-6b0782599be7e8dad4b38a303432a15109e57de882a4d5a76e35a5b04ab0991d.json b/server/.sqlx/query-6b0782599be7e8dad4b38a303432a15109e57de882a4d5a76e35a5b04ab0991d.json
new file mode 100644
index 0000000..442af47
--- /dev/null
+++ b/server/.sqlx/query-6b0782599be7e8dad4b38a303432a15109e57de882a4d5a76e35a5b04ab0991d.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE groups SET name_i18n=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "6b0782599be7e8dad4b38a303432a15109e57de882a4d5a76e35a5b04ab0991d"
+}
diff --git a/server/.sqlx/query-6da968dd1c08041c5bc91d4d807e522c15589cdde0a5c9711bdfb8efd7b79915.json b/server/.sqlx/query-6da968dd1c08041c5bc91d4d807e522c15589cdde0a5c9711bdfb8efd7b79915.json
new file mode 100644
index 0000000..3be9abe
--- /dev/null
+++ b/server/.sqlx/query-6da968dd1c08041c5bc91d4d807e522c15589cdde0a5c9711bdfb8efd7b79915.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE tags SET slug=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "6da968dd1c08041c5bc91d4d807e522c15589cdde0a5c9711bdfb8efd7b79915"
+}
diff --git a/server/.sqlx/query-79a3d48f7c65db8e17e469ed54713f9ddb01a1a19266c22bea75ce536a65ec7b.json b/server/.sqlx/query-79a3d48f7c65db8e17e469ed54713f9ddb01a1a19266c22bea75ce536a65ec7b.json
new file mode 100644
index 0000000..471f936
--- /dev/null
+++ b/server/.sqlx/query-79a3d48f7c65db8e17e469ed54713f9ddb01a1a19266c22bea75ce536a65ec7b.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "DELETE FROM config WHERE key = ?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": []
+  },
+  "hash": "79a3d48f7c65db8e17e469ed54713f9ddb01a1a19266c22bea75ce536a65ec7b"
+}
diff --git a/server/.sqlx/query-7dc83626e527405130beee7cf3de4e20568aad24916ff9a906ffcbfdf1758530.json b/server/.sqlx/query-7dc83626e527405130beee7cf3de4e20568aad24916ff9a906ffcbfdf1758530.json
new file mode 100644
index 0000000..d4b9d5b
--- /dev/null
+++ b/server/.sqlx/query-7dc83626e527405130beee7cf3de4e20568aad24916ff9a906ffcbfdf1758530.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE items SET icon_kind=?, updated_at=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": []
+  },
+  "hash": "7dc83626e527405130beee7cf3de4e20568aad24916ff9a906ffcbfdf1758530"
+}
diff --git a/server/.sqlx/query-86cade496a9deb55a0a57c08666398c6fbe7d09262def5624d4c65e01317d0c8.json b/server/.sqlx/query-86cade496a9deb55a0a57c08666398c6fbe7d09262def5624d4c65e01317d0c8.json
new file mode 100644
index 0000000..45e05e8
--- /dev/null
+++ b/server/.sqlx/query-86cade496a9deb55a0a57c08666398c6fbe7d09262def5624d4c65e01317d0c8.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "DELETE FROM items WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": []
+  },
+  "hash": "86cade496a9deb55a0a57c08666398c6fbe7d09262def5624d4c65e01317d0c8"
+}
diff --git a/server/.sqlx/query-8d846a4e80eda9d30d2c18addbc8503678e4cf199514958e63d23c1ed3d484c5.json b/server/.sqlx/query-8d846a4e80eda9d30d2c18addbc8503678e4cf199514958e63d23c1ed3d484c5.json
new file mode 100644
index 0000000..d8e9599
--- /dev/null
+++ b/server/.sqlx/query-8d846a4e80eda9d30d2c18addbc8503678e4cf199514958e63d23c1ed3d484c5.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO item_links (item_id, site_id, url)\n                        SELECT ?, sites.id, ? FROM sites WHERE sites.value = ?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": []
+  },
+  "hash": "8d846a4e80eda9d30d2c18addbc8503678e4cf199514958e63d23c1ed3d484c5"
+}
diff --git a/server/.sqlx/query-9add219f4eb09bf47fd82bd426a6f5436ffc4031ca7480cd75904939b90b6d3b.json b/server/.sqlx/query-9add219f4eb09bf47fd82bd426a6f5436ffc4031ca7480cd75904939b90b6d3b.json
new file mode 100644
index 0000000..0fbef6b
--- /dev/null
+++ b/server/.sqlx/query-9add219f4eb09bf47fd82bd426a6f5436ffc4031ca7480cd75904939b90b6d3b.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO config (key, value) VALUES (?, ?)\n                 ON CONFLICT(key) DO UPDATE SET value=excluded.value",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "9add219f4eb09bf47fd82bd426a6f5436ffc4031ca7480cd75904939b90b6d3b"
+}
diff --git a/server/.sqlx/query-9bd2d1d1e871dde77b4768390d2fc366bb64a9615b49e379c807c79efcffe854.json b/server/.sqlx/query-9bd2d1d1e871dde77b4768390d2fc366bb64a9615b49e379c807c79efcffe854.json
new file mode 100644
index 0000000..a64ffac
--- /dev/null
+++ b/server/.sqlx/query-9bd2d1d1e871dde77b4768390d2fc366bb64a9615b49e379c807c79efcffe854.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "DELETE FROM groups WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": []
+  },
+  "hash": "9bd2d1d1e871dde77b4768390d2fc366bb64a9615b49e379c807c79efcffe854"
+}
diff --git a/server/.sqlx/query-9f446fea4be730b92077288cf55a73b6efc65c44156c0bb7eb22b382aacb890b.json b/server/.sqlx/query-9f446fea4be730b92077288cf55a73b6efc65c44156c0bb7eb22b382aacb890b.json
new file mode 100644
index 0000000..f8d9b86
--- /dev/null
+++ b/server/.sqlx/query-9f446fea4be730b92077288cf55a73b6efc65c44156c0bb7eb22b382aacb890b.json
@@ -0,0 +1,20 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT value FROM config WHERE key = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "value",
+        "ordinal": 0,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "9f446fea4be730b92077288cf55a73b6efc65c44156c0bb7eb22b382aacb890b"
+}
diff --git a/server/.sqlx/query-a00bce4b3500492530c5c8c017e0d7376694b86ca986e32503710cb069f74e97.json b/server/.sqlx/query-a00bce4b3500492530c5c8c017e0d7376694b86ca986e32503710cb069f74e97.json
new file mode 100644
index 0000000..10fd99c
--- /dev/null
+++ b/server/.sqlx/query-a00bce4b3500492530c5c8c017e0d7376694b86ca986e32503710cb069f74e97.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE groups SET name=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "a00bce4b3500492530c5c8c017e0d7376694b86ca986e32503710cb069f74e97"
+}
diff --git a/server/.sqlx/query-acecac2afa949dc59110a3d84d7781e0e0678d1bee286dd90352646052958da3.json b/server/.sqlx/query-acecac2afa949dc59110a3d84d7781e0e0678d1bee286dd90352646052958da3.json
new file mode 100644
index 0000000..355a5dd
--- /dev/null
+++ b/server/.sqlx/query-acecac2afa949dc59110a3d84d7781e0e0678d1bee286dd90352646052958da3.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE sites SET is_default=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "acecac2afa949dc59110a3d84d7781e0e0678d1bee286dd90352646052958da3"
+}
diff --git a/server/.sqlx/query-ba826f8413816631d43cfec3c17329ba01b0cc99fe21660b76535b69080fcd96.json b/server/.sqlx/query-ba826f8413816631d43cfec3c17329ba01b0cc99fe21660b76535b69080fcd96.json
new file mode 100644
index 0000000..c9c60d8
--- /dev/null
+++ b/server/.sqlx/query-ba826f8413816631d43cfec3c17329ba01b0cc99fe21660b76535b69080fcd96.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE items SET sort_order=?, group_id=?, updated_at=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 4
+    },
+    "nullable": []
+  },
+  "hash": "ba826f8413816631d43cfec3c17329ba01b0cc99fe21660b76535b69080fcd96"
+}
diff --git a/server/.sqlx/query-bed47da1cfc8e819d2de79a8440ac607091d7cc6923c55d181a344963a475d7a.json b/server/.sqlx/query-bed47da1cfc8e819d2de79a8440ac607091d7cc6923c55d181a344963a475d7a.json
new file mode 100644
index 0000000..636fe4e
--- /dev/null
+++ b/server/.sqlx/query-bed47da1cfc8e819d2de79a8440ac607091d7cc6923c55d181a344963a475d7a.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE sites SET value=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "bed47da1cfc8e819d2de79a8440ac607091d7cc6923c55d181a344963a475d7a"
+}
diff --git a/server/.sqlx/query-c09e30cdab3b984f5f5989ccbe577fb93cd4820017e8398cf0bc5494ef8dc129.json b/server/.sqlx/query-c09e30cdab3b984f5f5989ccbe577fb93cd4820017e8398cf0bc5494ef8dc129.json
new file mode 100644
index 0000000..c3c68f8
--- /dev/null
+++ b/server/.sqlx/query-c09e30cdab3b984f5f5989ccbe577fb93cd4820017e8398cf0bc5494ef8dc129.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO groups (slug, name, name_i18n, collapsed_default) VALUES (?, ?, ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 4
+    },
+    "nullable": []
+  },
+  "hash": "c09e30cdab3b984f5f5989ccbe577fb93cd4820017e8398cf0bc5494ef8dc129"
+}
diff --git a/server/.sqlx/query-cdca47905108f250bfcc425e06e5214d5257599ed5d9d8fa48c80e22ceb24c07.json b/server/.sqlx/query-cdca47905108f250bfcc425e06e5214d5257599ed5d9d8fa48c80e22ceb24c07.json
new file mode 100644
index 0000000..a8c8b97
--- /dev/null
+++ b/server/.sqlx/query-cdca47905108f250bfcc425e06e5214d5257599ed5d9d8fa48c80e22ceb24c07.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE items SET name_i18n=?, updated_at=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": []
+  },
+  "hash": "cdca47905108f250bfcc425e06e5214d5257599ed5d9d8fa48c80e22ceb24c07"
+}
diff --git a/server/.sqlx/query-d343261c0578c677c168814cf88e727f416d7c1c1e03d49026a12f385c350935.json b/server/.sqlx/query-d343261c0578c677c168814cf88e727f416d7c1c1e03d49026a12f385c350935.json
new file mode 100644
index 0000000..8ca0947
--- /dev/null
+++ b/server/.sqlx/query-d343261c0578c677c168814cf88e727f416d7c1c1e03d49026a12f385c350935.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "DELETE FROM sites WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": []
+  },
+  "hash": "d343261c0578c677c168814cf88e727f416d7c1c1e03d49026a12f385c350935"
+}
diff --git a/server/.sqlx/query-d69cd4da9c0ed4e3528c1ee2494f2747f2d87a96e042abc979dcea23acefff2c.json b/server/.sqlx/query-d69cd4da9c0ed4e3528c1ee2494f2747f2d87a96e042abc979dcea23acefff2c.json
new file mode 100644
index 0000000..3a1ef85
--- /dev/null
+++ b/server/.sqlx/query-d69cd4da9c0ed4e3528c1ee2494f2747f2d87a96e042abc979dcea23acefff2c.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE tags SET name=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "d69cd4da9c0ed4e3528c1ee2494f2747f2d87a96e042abc979dcea23acefff2c"
+}
diff --git a/server/.sqlx/query-d92d9ce82fe2a58d01b99a324bc6a45f3835d7265618cca762389a5811a7f254.json b/server/.sqlx/query-d92d9ce82fe2a58d01b99a324bc6a45f3835d7265618cca762389a5811a7f254.json
new file mode 100644
index 0000000..7a4702e
--- /dev/null
+++ b/server/.sqlx/query-d92d9ce82fe2a58d01b99a324bc6a45f3835d7265618cca762389a5811a7f254.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO item_tags (item_id, tag_id)\n                    SELECT ?, tags.id FROM tags WHERE tags.slug = ?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "d92d9ce82fe2a58d01b99a324bc6a45f3835d7265618cca762389a5811a7f254"
+}
diff --git a/server/.sqlx/query-d95fee43c4950b9d7ac420d4a119727dd5e9aa33541890087c4000124fbd5255.json b/server/.sqlx/query-d95fee43c4950b9d7ac420d4a119727dd5e9aa33541890087c4000124fbd5255.json
new file mode 100644
index 0000000..3e348e8
--- /dev/null
+++ b/server/.sqlx/query-d95fee43c4950b9d7ac420d4a119727dd5e9aa33541890087c4000124fbd5255.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO sites (value, name, name_i18n, is_default) VALUES (?, ?, ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 4
+    },
+    "nullable": []
+  },
+  "hash": "d95fee43c4950b9d7ac420d4a119727dd5e9aa33541890087c4000124fbd5255"
+}
diff --git a/server/.sqlx/query-da9e4028a1d46d942fcff8b5dfc2931ab1d15cef4930ecf341f4978c5f650043.json b/server/.sqlx/query-da9e4028a1d46d942fcff8b5dfc2931ab1d15cef4930ecf341f4978c5f650043.json
new file mode 100644
index 0000000..5cd5e06
--- /dev/null
+++ b/server/.sqlx/query-da9e4028a1d46d942fcff8b5dfc2931ab1d15cef4930ecf341f4978c5f650043.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE items SET icon_value=?, updated_at=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": []
+  },
+  "hash": "da9e4028a1d46d942fcff8b5dfc2931ab1d15cef4930ecf341f4978c5f650043"
+}
diff --git a/server/.sqlx/query-dbf1e31abbead0d1ceb936d58f82495958548a65a6fb4f036f15cff740031806.json b/server/.sqlx/query-dbf1e31abbead0d1ceb936d58f82495958548a65a6fb4f036f15cff740031806.json
new file mode 100644
index 0000000..f919aec
--- /dev/null
+++ b/server/.sqlx/query-dbf1e31abbead0d1ceb936d58f82495958548a65a6fb4f036f15cff740031806.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE items SET name=?, updated_at=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": []
+  },
+  "hash": "dbf1e31abbead0d1ceb936d58f82495958548a65a6fb4f036f15cff740031806"
+}
diff --git a/server/.sqlx/query-ddf98d9fc5694bca2b491fbcc7da880a6cf46dba14d98b0a54f0c672600f5db6.json b/server/.sqlx/query-ddf98d9fc5694bca2b491fbcc7da880a6cf46dba14d98b0a54f0c672600f5db6.json
new file mode 100644
index 0000000..b150598
--- /dev/null
+++ b/server/.sqlx/query-ddf98d9fc5694bca2b491fbcc7da880a6cf46dba14d98b0a54f0c672600f5db6.json
@@ -0,0 +1,26 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT it.item_id as \"item_id!: i64\", t.slug as \"slug!\"\n               FROM item_tags it JOIN tags t ON t.id = it.tag_id",
+  "describe": {
+    "columns": [
+      {
+        "name": "item_id!: i64",
+        "ordinal": 0,
+        "type_info": "Int64"
+      },
+      {
+        "name": "slug!",
+        "ordinal": 1,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 0
+    },
+    "nullable": [
+      false,
+      false
+    ]
+  },
+  "hash": "ddf98d9fc5694bca2b491fbcc7da880a6cf46dba14d98b0a54f0c672600f5db6"
+}
diff --git a/server/.sqlx/query-df27ff82e851bb95aef3e576ab68c8441f11778e4ac5ef328d51fb76f63e464b.json b/server/.sqlx/query-df27ff82e851bb95aef3e576ab68c8441f11778e4ac5ef328d51fb76f63e464b.json
new file mode 100644
index 0000000..2957267
--- /dev/null
+++ b/server/.sqlx/query-df27ff82e851bb95aef3e576ab68c8441f11778e4ac5ef328d51fb76f63e464b.json
@@ -0,0 +1,38 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id as \"id!: i64\", slug, name,\n                      name_i18n as \"name_i18n: serde_json::Value\"\n               FROM tags ORDER BY id",
+  "describe": {
+    "columns": [
+      {
+        "name": "id!: i64",
+        "ordinal": 0,
+        "type_info": "Int64"
+      },
+      {
+        "name": "slug",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "name",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "name_i18n: serde_json::Value",
+        "ordinal": 3,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 0
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      true
+    ]
+  },
+  "hash": "df27ff82e851bb95aef3e576ab68c8441f11778e4ac5ef328d51fb76f63e464b"
+}
diff --git a/server/.sqlx/query-dfc31268416854e485b22a4706e8351f81a5678389dc8fc1343e5c2fc207f74b.json b/server/.sqlx/query-dfc31268416854e485b22a4706e8351f81a5678389dc8fc1343e5c2fc207f74b.json
new file mode 100644
index 0000000..ea1dc66
--- /dev/null
+++ b/server/.sqlx/query-dfc31268416854e485b22a4706e8351f81a5678389dc8fc1343e5c2fc207f74b.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "DELETE FROM item_tags WHERE item_id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": []
+  },
+  "hash": "dfc31268416854e485b22a4706e8351f81a5678389dc8fc1343e5c2fc207f74b"
+}
diff --git a/server/.sqlx/query-e8a2d24de286cb8df5657c88f39e7158cbf5737bf8f20c06eadaca32fd356344.json b/server/.sqlx/query-e8a2d24de286cb8df5657c88f39e7158cbf5737bf8f20c06eadaca32fd356344.json
new file mode 100644
index 0000000..8ea2b39
--- /dev/null
+++ b/server/.sqlx/query-e8a2d24de286cb8df5657c88f39e7158cbf5737bf8f20c06eadaca32fd356344.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE tags SET name_i18n=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "e8a2d24de286cb8df5657c88f39e7158cbf5737bf8f20c06eadaca32fd356344"
+}
diff --git a/server/.sqlx/query-ece38ab6133af02692986502a961df901cd0200a902421054b0cd2ad7e448753.json b/server/.sqlx/query-ece38ab6133af02692986502a961df901cd0200a902421054b0cd2ad7e448753.json
new file mode 100644
index 0000000..d8bcf00
--- /dev/null
+++ b/server/.sqlx/query-ece38ab6133af02692986502a961df901cd0200a902421054b0cd2ad7e448753.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE items SET description=?, updated_at=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": []
+  },
+  "hash": "ece38ab6133af02692986502a961df901cd0200a902421054b0cd2ad7e448753"
+}
diff --git a/server/.sqlx/query-f645842429f85616ae093960947b6d1e5e6eb96ec425552298d77e1775371d45.json b/server/.sqlx/query-f645842429f85616ae093960947b6d1e5e6eb96ec425552298d77e1775371d45.json
new file mode 100644
index 0000000..535f0bb
--- /dev/null
+++ b/server/.sqlx/query-f645842429f85616ae093960947b6d1e5e6eb96ec425552298d77e1775371d45.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "UPDATE items SET group_id=?, updated_at=? WHERE id=?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": []
+  },
+  "hash": "f645842429f85616ae093960947b6d1e5e6eb96ec425552298d77e1775371d45"
+}
diff --git a/server/Cargo.lock b/server/Cargo.lock
new file mode 100644
index 0000000..25efe52
--- /dev/null
+++ b/server/Cargo.lock
@@ -0,0 +1,4103 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 3
+
+[[package]]
+name = "adler2"
+version = "2.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa"
+
+[[package]]
+name = "ahash"
+version = "0.8.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5a15f179cd60c4584b8a8c596927aadc462e27f2ca70c04e0071964a73ba7a75"
+dependencies = [
+ "cfg-if",
+ "getrandom 0.3.4",
+ "once_cell",
+ "version_check",
+ "zerocopy",
+]
+
+[[package]]
+name = "aho-corasick"
+version = "1.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301"
+dependencies = [
+ "memchr",
+]
+
+[[package]]
+name = "allocator-api2"
+version = "0.2.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923"
+
+[[package]]
+name = "android_system_properties"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "anstream"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "824a212faf96e9acacdbd09febd34438f8f711fb84e09a8916013cd7815ca28d"
+dependencies = [
+ "anstyle",
+ "anstyle-parse",
+ "anstyle-query",
+ "anstyle-wincon",
+ "colorchoice",
+ "is_terminal_polyfill",
+ "utf8parse",
+]
+
+[[package]]
+name = "anstyle"
+version = "1.0.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "940b3a0ca603d1eade50a4846a2afffd5ef57a9feac2c0e2ec2e14f9ead76000"
+
+[[package]]
+name = "anstyle-parse"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "52ce7f38b242319f7cabaa6813055467063ecdc9d355bbb4ce0c68908cd8130e"
+dependencies = [
+ "utf8parse",
+]
+
+[[package]]
+name = "anstyle-query"
+version = "1.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "40c48f72fd53cd289104fc64099abca73db4166ad86ea0b4341abe65af83dadc"
+dependencies = [
+ "windows-sys 0.61.2",
+]
+
+[[package]]
+name = "anstyle-wincon"
+version = "3.0.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "291e6a250ff86cd4a820112fb8898808a366d8f9f58ce16d1f538353ad55747d"
+dependencies = [
+ "anstyle",
+ "once_cell_polyfill",
+ "windows-sys 0.61.2",
+]
+
+[[package]]
+name = "anyhow"
+version = "1.0.102"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c"
+
+[[package]]
+name = "async-compression"
+version = "0.4.42"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e79b3f8a79cccc2898f31920fc69f304859b3bd567490f75ebf51ae1c792a9ac"
+dependencies = [
+ "compression-codecs",
+ "compression-core",
+ "pin-project-lite",
+ "tokio",
+]
+
+[[package]]
+name = "async-trait"
+version = "0.1.89"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9035ad2d096bed7955a320ee7e2230574d28fd3c3a0f186cbea1ff3c7eed5dbb"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "atoi"
+version = "2.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f28d99ec8bfea296261ca1af174f24225171fea9664ba9003cbebee704810528"
+dependencies = [
+ "num-traits",
+]
+
+[[package]]
+name = "atomic"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a89cbf775b137e9b968e67227ef7f775587cde3fd31b0d8599dbd0f598a48340"
+dependencies = [
+ "bytemuck",
+]
+
+[[package]]
+name = "atomic-waker"
+version = "1.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
+
+[[package]]
+name = "auto-future"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3c1e7e457ea78e524f48639f551fd79703ac3f2237f5ecccdf4708f8a75ad373"
+
+[[package]]
+name = "autocfg"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8"
+
+[[package]]
+name = "axum"
+version = "0.7.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "edca88bc138befd0323b20752846e6587272d3b03b0343c8ea28a6f819e6e71f"
+dependencies = [
+ "async-trait",
+ "axum-core",
+ "axum-macros",
+ "bytes",
+ "futures-util",
+ "http 1.4.0",
+ "http-body",
+ "http-body-util",
+ "hyper",
+ "hyper-util",
+ "itoa",
+ "matchit",
+ "memchr",
+ "mime",
+ "multer",
+ "percent-encoding",
+ "pin-project-lite",
+ "rustversion",
+ "serde",
+ "serde_json",
+ "serde_path_to_error",
+ "serde_urlencoded",
+ "sync_wrapper",
+ "tokio",
+ "tower 0.5.3",
+ "tower-layer",
+ "tower-service",
+ "tracing",
+]
+
+[[package]]
+name = "axum-core"
+version = "0.4.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "09f2bd6146b97ae3359fa0cc6d6b376d9539582c7b4220f041a33ec24c226199"
+dependencies = [
+ "async-trait",
+ "bytes",
+ "futures-util",
+ "http 1.4.0",
+ "http-body",
+ "http-body-util",
+ "mime",
+ "pin-project-lite",
+ "rustversion",
+ "sync_wrapper",
+ "tower-layer",
+ "tower-service",
+ "tracing",
+]
+
+[[package]]
+name = "axum-macros"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "57d123550fa8d071b7255cb0cc04dc302baa6c8c4a79f55701552684d8399bce"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "axum-test"
+version = "15.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ac63648e380fd001402a02ec804e7686f9c4751f8cad85b7de0b53dae483a128"
+dependencies = [
+ "anyhow",
+ "auto-future",
+ "axum",
+ "bytes",
+ "cookie",
+ "http 1.4.0",
+ "http-body-util",
+ "hyper",
+ "hyper-util",
+ "mime",
+ "pretty_assertions",
+ "reserve-port",
+ "rust-multipart-rfc7578_2",
+ "serde",
+ "serde_json",
+ "serde_urlencoded",
+ "smallvec",
+ "tokio",
+ "tower 0.5.3",
+ "url",
+]
+
+[[package]]
+name = "base64"
+version = "0.21.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567"
+
+[[package]]
+name = "base64"
+version = "0.22.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
+
+[[package]]
+name = "base64ct"
+version = "1.8.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06"
+
+[[package]]
+name = "bcrypt"
+version = "0.15.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e65938ed058ef47d92cf8b346cc76ef48984572ade631927e9937b5ffc7662c7"
+dependencies = [
+ "base64 0.22.1",
+ "blowfish",
+ "getrandom 0.2.17",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "bitflags"
+version = "2.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c4512299f36f043ab09a583e57bceb5a5aab7a73db1805848e8fef3c9e8c78b3"
+dependencies = [
+ "serde_core",
+]
+
+[[package]]
+name = "block-buffer"
+version = "0.10.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
+dependencies = [
+ "generic-array",
+]
+
+[[package]]
+name = "blowfish"
+version = "0.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e412e2cd0f2b2d93e02543ceae7917b3c70331573df19ee046bcbc35e45e87d7"
+dependencies = [
+ "byteorder",
+ "cipher",
+]
+
+[[package]]
+name = "bumpalo"
+version = "3.20.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5d20789868f4b01b2f2caec9f5c4e0213b41e3e5702a50157d699ae31ced2fcb"
+
+[[package]]
+name = "bytemuck"
+version = "1.25.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c8efb64bd706a16a1bdde310ae86b351e4d21550d98d056f22f8a7f7a2183fec"
+
+[[package]]
+name = "byteorder"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
+
+[[package]]
+name = "bytes"
+version = "1.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33"
+
+[[package]]
+name = "cc"
+version = "1.2.62"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a1dce859f0832a7d088c4f1119888ab94ef4b5d6795d1ce05afb7fe159d79f98"
+dependencies = [
+ "find-msvc-tools",
+ "shlex",
+]
+
+[[package]]
+name = "cfg-if"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801"
+
+[[package]]
+name = "cfg_aliases"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724"
+
+[[package]]
+name = "chrono"
+version = "0.4.44"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c673075a2e0e5f4a1dde27ce9dee1ea4558c7ffe648f576438a20ca1d2acc4b0"
+dependencies = [
+ "iana-time-zone",
+ "num-traits",
+ "serde",
+ "windows-link",
+]
+
+[[package]]
+name = "cipher"
+version = "0.4.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad"
+dependencies = [
+ "crypto-common",
+ "inout",
+]
+
+[[package]]
+name = "clap"
+version = "4.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1ddb117e43bbf7dacf0a4190fef4d345b9bad68dfc649cb349e7d17d28428e51"
+dependencies = [
+ "clap_builder",
+ "clap_derive",
+]
+
+[[package]]
+name = "clap_builder"
+version = "4.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "714a53001bf66416adb0e2ef5ac857140e7dc3a0c48fb28b2f10762fc4b5069f"
+dependencies = [
+ "anstream",
+ "anstyle",
+ "clap_lex",
+ "strsim",
+]
+
+[[package]]
+name = "clap_derive"
+version = "4.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f2ce8604710f6733aa641a2b3731eaa1e8b3d9973d5e3565da11800813f997a9"
+dependencies = [
+ "heck 0.5.0",
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "clap_lex"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c8d4a3bb8b1e0c1050499d1815f5ab16d04f0959b233085fb31653fbfc9d98f9"
+
+[[package]]
+name = "colorchoice"
+version = "1.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1d07550c9036bf2ae0c684c4297d503f838287c83c53686d05370d0e139ae570"
+
+[[package]]
+name = "compression-codecs"
+version = "0.4.38"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ce2548391e9c1929c21bf6aa2680af86fe4c1b33e6cea9ac1cfeec0bd11218cf"
+dependencies = [
+ "compression-core",
+ "flate2",
+ "memchr",
+]
+
+[[package]]
+name = "compression-core"
+version = "0.4.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cc14f565cf027a105f7a44ccf9e5b424348421a1d8952a8fc9d499d313107789"
+
+[[package]]
+name = "const-oid"
+version = "0.9.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
+
+[[package]]
+name = "cookie"
+version = "0.18.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4ddef33a339a91ea89fb53151bd0a4689cfce27055c291dfa69945475d22c747"
+dependencies = [
+ "percent-encoding",
+ "time",
+ "version_check",
+]
+
+[[package]]
+name = "core-foundation-sys"
+version = "0.8.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
+
+[[package]]
+name = "cpufeatures"
+version = "0.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "crc"
+version = "3.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5eb8a2a1cd12ab0d987a5d5e825195d372001a4094a0376319d5a0ad71c1ba0d"
+dependencies = [
+ "crc-catalog",
+]
+
+[[package]]
+name = "crc-catalog"
+version = "2.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "217698eaf96b4a3f0bc4f3662aaa55bdf913cd54d7204591faa790070c6d0853"
+
+[[package]]
+name = "crc32fast"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9481c1c90cbf2ac953f07c8d4a58aa3945c425b7185c9154d67a65e4230da511"
+dependencies = [
+ "cfg-if",
+]
+
+[[package]]
+name = "crossbeam-queue"
+version = "0.3.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0f58bbc28f91df819d0aa2a2c00cd19754769c2fad90579b3592b1c9ba7a3115"
+dependencies = [
+ "crossbeam-utils",
+]
+
+[[package]]
+name = "crossbeam-utils"
+version = "0.8.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"
+
+[[package]]
+name = "crypto-common"
+version = "0.1.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "78c8292055d1c1df0cce5d180393dc8cce0abec0a7102adb6c7b1eef6016d60a"
+dependencies = [
+ "generic-array",
+ "typenum",
+]
+
+[[package]]
+name = "dashmap"
+version = "5.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856"
+dependencies = [
+ "cfg-if",
+ "hashbrown 0.14.5",
+ "lock_api",
+ "once_cell",
+ "parking_lot_core",
+]
+
+[[package]]
+name = "der"
+version = "0.7.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb"
+dependencies = [
+ "const-oid",
+ "pem-rfc7468",
+ "zeroize",
+]
+
+[[package]]
+name = "deranged"
+version = "0.5.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7cd812cc2bc1d69d4764bd80df88b4317eaef9e773c75226407d9bc0876b211c"
+dependencies = [
+ "powerfmt",
+ "serde_core",
+]
+
+[[package]]
+name = "diff"
+version = "0.1.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "56254986775e3233ffa9c4d7d3faaf6d36a2c09d30b20687e9f88bc8bafc16c8"
+
+[[package]]
+name = "digest"
+version = "0.10.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
+dependencies = [
+ "block-buffer",
+ "const-oid",
+ "crypto-common",
+ "subtle",
+]
+
+[[package]]
+name = "displaydoc"
+version = "0.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "dotenvy"
+version = "0.15.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b"
+
+[[package]]
+name = "either"
+version = "1.15.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719"
+dependencies = [
+ "serde",
+]
+
+[[package]]
+name = "encoding_rs"
+version = "0.8.35"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "75030f3c4f45dafd7586dd6780965a8c7e8e285a5ecb86713e63a79c5b2766f3"
+dependencies = [
+ "cfg-if",
+]
+
+[[package]]
+name = "equivalent"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f"
+
+[[package]]
+name = "errno"
+version = "0.3.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
+dependencies = [
+ "libc",
+ "windows-sys 0.61.2",
+]
+
+[[package]]
+name = "etcetera"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "136d1b5283a1ab77bd9257427ffd09d8667ced0570b6f938942bc7568ed5b943"
+dependencies = [
+ "cfg-if",
+ "home",
+ "windows-sys 0.48.0",
+]
+
+[[package]]
+name = "event-listener"
+version = "2.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0"
+
+[[package]]
+name = "fastrand"
+version = "2.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9f1f227452a390804cdb637b74a86990f2a7d7ba4b7d5693aac9b4dd6defd8d6"
+
+[[package]]
+name = "figment"
+version = "0.10.19"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8cb01cd46b0cf372153850f4c6c272d9cbea2da513e07538405148f95bd789f3"
+dependencies = [
+ "atomic",
+ "pear",
+ "serde",
+ "toml",
+ "uncased",
+ "version_check",
+]
+
+[[package]]
+name = "find-msvc-tools"
+version = "0.1.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582"
+
+[[package]]
+name = "flate2"
+version = "1.1.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "843fba2746e448b37e26a819579957415c8cef339bf08564fe8b7ddbd959573c"
+dependencies = [
+ "crc32fast",
+ "miniz_oxide",
+]
+
+[[package]]
+name = "flume"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "da0e4dd2a88388a1f4ccc7c9ce104604dab68d9f408dc34cd45823d5a9069095"
+dependencies = [
+ "futures-core",
+ "futures-sink",
+ "spin",
+]
+
+[[package]]
+name = "fnv"
+version = "1.0.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
+
+[[package]]
+name = "foldhash"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2"
+
+[[package]]
+name = "form_urlencoded"
+version = "1.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cb4cb245038516f5f85277875cdaa4f7d2c9a0fa0468de06ed190163b1581fcf"
+dependencies = [
+ "percent-encoding",
+]
+
+[[package]]
+name = "forwarded-header-value"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8835f84f38484cc86f110a805655697908257fb9a7af005234060891557198e9"
+dependencies = [
+ "nonempty",
+ "thiserror 1.0.69",
+]
+
+[[package]]
+name = "futures"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b147ee9d1f6d097cef9ce628cd2ee62288d963e16fb287bd9286455b241382d"
+dependencies = [
+ "futures-channel",
+ "futures-core",
+ "futures-executor",
+ "futures-io",
+ "futures-sink",
+ "futures-task",
+ "futures-util",
+]
+
+[[package]]
+name = "futures-channel"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d"
+dependencies = [
+ "futures-core",
+ "futures-sink",
+]
+
+[[package]]
+name = "futures-core"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d"
+
+[[package]]
+name = "futures-executor"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "baf29c38818342a3b26b5b923639e7b1f4a61fc5e76102d4b1981c6dc7a7579d"
+dependencies = [
+ "futures-core",
+ "futures-task",
+ "futures-util",
+]
+
+[[package]]
+name = "futures-intrusive"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1d930c203dd0b6ff06e0201a4a2fe9149b43c684fd4420555b26d21b1a02956f"
+dependencies = [
+ "futures-core",
+ "lock_api",
+ "parking_lot",
+]
+
+[[package]]
+name = "futures-io"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cecba35d7ad927e23624b22ad55235f2239cfa44fd10428eecbeba6d6a717718"
+
+[[package]]
+name = "futures-macro"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e835b70203e41293343137df5c0664546da5745f82ec9b84d40be8336958447b"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "futures-sink"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c39754e157331b013978ec91992bde1ac089843443c49cbc7f46150b0fad0893"
+
+[[package]]
+name = "futures-task"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393"
+
+[[package]]
+name = "futures-timer"
+version = "3.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f288b0a4f20f9a56b5d1da57e2227c661b7b16168e2f72365f57b63326e29b24"
+
+[[package]]
+name = "futures-util"
+version = "0.3.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6"
+dependencies = [
+ "futures-channel",
+ "futures-core",
+ "futures-io",
+ "futures-macro",
+ "futures-sink",
+ "futures-task",
+ "memchr",
+ "pin-project-lite",
+ "slab",
+]
+
+[[package]]
+name = "generic-array"
+version = "0.14.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
+dependencies = [
+ "typenum",
+ "version_check",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0"
+dependencies = [
+ "cfg-if",
+ "js-sys",
+ "libc",
+ "wasi",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.3.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd"
+dependencies = [
+ "cfg-if",
+ "js-sys",
+ "libc",
+ "r-efi 5.3.0",
+ "wasip2",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0de51e6874e94e7bf76d726fc5d13ba782deca734ff60d5bb2fb2607c7406555"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "r-efi 6.0.0",
+ "wasip2",
+ "wasip3",
+]
+
+[[package]]
+name = "governor"
+version = "0.6.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "68a7f542ee6b35af73b06abc0dad1c1bae89964e4e253bc4b587b91c9637867b"
+dependencies = [
+ "cfg-if",
+ "dashmap",
+ "futures",
+ "futures-timer",
+ "no-std-compat",
+ "nonzero_ext",
+ "parking_lot",
+ "portable-atomic",
+ "quanta",
+ "rand 0.8.6",
+ "smallvec",
+ "spinning_top",
+]
+
+[[package]]
+name = "hashbrown"
+version = "0.14.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
+dependencies = [
+ "ahash",
+ "allocator-api2",
+]
+
+[[package]]
+name = "hashbrown"
+version = "0.15.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1"
+dependencies = [
+ "foldhash",
+]
+
+[[package]]
+name = "hashbrown"
+version = "0.17.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ed5909b6e89a2db4456e54cd5f673791d7eca6732202bbf2a9cc504fe2f9b84a"
+
+[[package]]
+name = "hashlink"
+version = "0.8.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e8094feaf31ff591f651a2664fb9cfd92bba7a60ce3197265e9482ebe753c8f7"
+dependencies = [
+ "hashbrown 0.14.5",
+]
+
+[[package]]
+name = "heck"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8"
+dependencies = [
+ "unicode-segmentation",
+]
+
+[[package]]
+name = "heck"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"
+
+[[package]]
+name = "hex"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
+
+[[package]]
+name = "hkdf"
+version = "0.12.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7"
+dependencies = [
+ "hmac",
+]
+
+[[package]]
+name = "hmac"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
+dependencies = [
+ "digest",
+]
+
+[[package]]
+name = "home"
+version = "0.5.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cc627f471c528ff0c4a49e1d5e60450c8f6461dd6d10ba9dcd3a61d3dff7728d"
+dependencies = [
+ "windows-sys 0.61.2",
+]
+
+[[package]]
+name = "http"
+version = "0.2.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1"
+dependencies = [
+ "bytes",
+ "fnv",
+ "itoa",
+]
+
+[[package]]
+name = "http"
+version = "1.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e3ba2a386d7f85a81f119ad7498ebe444d2e22c2af0b86b069416ace48b3311a"
+dependencies = [
+ "bytes",
+ "itoa",
+]
+
+[[package]]
+name = "http-body"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184"
+dependencies = [
+ "bytes",
+ "http 1.4.0",
+]
+
+[[package]]
+name = "http-body-util"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b021d93e26becf5dc7e1b75b1bed1fd93124b374ceb73f43d4d4eafec896a64a"
+dependencies = [
+ "bytes",
+ "futures-core",
+ "http 1.4.0",
+ "http-body",
+ "pin-project-lite",
+]
+
+[[package]]
+name = "http-range-header"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9171a2ea8a68358193d15dd5d70c1c10a2afc3e7e4c5bc92bc9f025cebd7359c"
+
+[[package]]
+name = "httparse"
+version = "1.10.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6dbf3de79e51f3d586ab4cb9d5c3e2c14aa28ed23d180cf89b4df0454a69cc87"
+
+[[package]]
+name = "httpdate"
+version = "1.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"
+
+[[package]]
+name = "hyper"
+version = "1.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6299f016b246a94207e63da54dbe807655bf9e00044f73ded42c3ac5305fbcca"
+dependencies = [
+ "atomic-waker",
+ "bytes",
+ "futures-channel",
+ "futures-core",
+ "http 1.4.0",
+ "http-body",
+ "httparse",
+ "httpdate",
+ "itoa",
+ "pin-project-lite",
+ "smallvec",
+ "tokio",
+ "want",
+]
+
+[[package]]
+name = "hyper-rustls"
+version = "0.27.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "33ca68d021ef39cf6463ab54c1d0f5daf03377b70561305bb89a8f83aab66e0f"
+dependencies = [
+ "http 1.4.0",
+ "hyper",
+ "hyper-util",
+ "rustls 0.23.40",
+ "tokio",
+ "tokio-rustls",
+ "tower-service",
+ "webpki-roots 1.0.7",
+]
+
+[[package]]
+name = "hyper-util"
+version = "0.1.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "96547c2556ec9d12fb1578c4eaf448b04993e7fb79cbaad930a656880a6bdfa0"
+dependencies = [
+ "base64 0.22.1",
+ "bytes",
+ "futures-channel",
+ "futures-util",
+ "http 1.4.0",
+ "http-body",
+ "hyper",
+ "ipnet",
+ "libc",
+ "percent-encoding",
+ "pin-project-lite",
+ "socket2",
+ "tokio",
+ "tower-service",
+ "tracing",
+]
+
+[[package]]
+name = "iana-time-zone"
+version = "0.1.65"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e31bc9ad994ba00e440a8aa5c9ef0ec67d5cb5e5cb0cc7f8b744a35b389cc470"
+dependencies = [
+ "android_system_properties",
+ "core-foundation-sys",
+ "iana-time-zone-haiku",
+ "js-sys",
+ "log",
+ "wasm-bindgen",
+ "windows-core",
+]
+
+[[package]]
+name = "iana-time-zone-haiku"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f"
+dependencies = [
+ "cc",
+]
+
+[[package]]
+name = "icu_collections"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2984d1cd16c883d7935b9e07e44071dca8d917fd52ecc02c04d5fa0b5a3f191c"
+dependencies = [
+ "displaydoc",
+ "potential_utf",
+ "utf8_iter",
+ "yoke",
+ "zerofrom",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_locale_core"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "92219b62b3e2b4d88ac5119f8904c10f8f61bf7e95b640d25ba3075e6cac2c29"
+dependencies = [
+ "displaydoc",
+ "litemap",
+ "tinystr",
+ "writeable",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_normalizer"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c56e5ee99d6e3d33bd91c5d85458b6005a22140021cc324cea84dd0e72cff3b4"
+dependencies = [
+ "icu_collections",
+ "icu_normalizer_data",
+ "icu_properties",
+ "icu_provider",
+ "smallvec",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_normalizer_data"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "da3be0ae77ea334f4da67c12f149704f19f81d1adf7c51cf482943e84a2bad38"
+
+[[package]]
+name = "icu_properties"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bee3b67d0ea5c2cca5003417989af8996f8604e34fb9ddf96208a033901e70de"
+dependencies = [
+ "icu_collections",
+ "icu_locale_core",
+ "icu_properties_data",
+ "icu_provider",
+ "zerotrie",
+ "zerovec",
+]
+
+[[package]]
+name = "icu_properties_data"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e2bbb201e0c04f7b4b3e14382af113e17ba4f63e2c9d2ee626b720cbce54a14"
+
+[[package]]
+name = "icu_provider"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "139c4cf31c8b5f33d7e199446eff9c1e02decfc2f0eec2c8d71f65befa45b421"
+dependencies = [
+ "displaydoc",
+ "icu_locale_core",
+ "writeable",
+ "yoke",
+ "zerofrom",
+ "zerotrie",
+ "zerovec",
+]
+
+[[package]]
+name = "id-arena"
+version = "2.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954"
+
+[[package]]
+name = "idna"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7d20d6b07bfbc108882d88ed8e37d39636dcc260e15e30c45e6ba089610b917c"
+dependencies = [
+ "unicode-bidi",
+ "unicode-normalization",
+]
+
+[[package]]
+name = "idna"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3b0875f23caa03898994f6ddc501886a45c7d3d62d04d2d90788d47be1b1e4de"
+dependencies = [
+ "idna_adapter",
+ "smallvec",
+ "utf8_iter",
+]
+
+[[package]]
+name = "idna_adapter"
+version = "1.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cb68373c0d6620ef8105e855e7745e18b0d00d3bdb07fb532e434244cdb9a714"
+dependencies = [
+ "icu_normalizer",
+ "icu_properties",
+]
+
+[[package]]
+name = "if_chain"
+version = "1.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cd62e6b5e86ea8eeeb8db1de02880a6abc01a397b2ebb64b5d74ac255318f5cb"
+
+[[package]]
+name = "indexmap"
+version = "2.14.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d466e9454f08e4a911e14806c24e16fba1b4c121d1ea474396f396069cf949d9"
+dependencies = [
+ "equivalent",
+ "hashbrown 0.17.1",
+ "serde",
+ "serde_core",
+]
+
+[[package]]
+name = "inlinable_string"
+version = "0.1.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c8fae54786f62fb2918dcfae3d568594e50eb9b5c25bf04371af6fe7516452fb"
+
+[[package]]
+name = "inout"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01"
+dependencies = [
+ "generic-array",
+]
+
+[[package]]
+name = "ipnet"
+version = "2.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d98f6fed1fde3f8c21bc40a1abb88dd75e67924f9cffc3ef95607bad8017f8e2"
+
+[[package]]
+name = "is_terminal_polyfill"
+version = "1.70.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a6cb138bb79a146c1bd460005623e142ef0181e3d0219cb493e02f7d08a35695"
+
+[[package]]
+name = "itoa"
+version = "1.0.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8f42a60cbdf9a97f5d2305f08a87dc4e09308d1276d28c869c684d7777685682"
+
+[[package]]
+name = "js-sys"
+version = "0.3.98"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "67df7112613f8bfd9150013a0314e196f4800d3201ae742489d999db2f979f08"
+dependencies = [
+ "cfg-if",
+ "futures-util",
+ "once_cell",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "lazy_static"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
+dependencies = [
+ "spin",
+]
+
+[[package]]
+name = "leb128fmt"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2"
+
+[[package]]
+name = "libc"
+version = "0.2.186"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "68ab91017fe16c622486840e4c83c9a37afeff978bd239b5293d61ece587de66"
+
+[[package]]
+name = "libm"
+version = "0.2.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b6d2cec3eae94f9f509c767b45932f1ada8350c4bdb85af2fcab4a3c14807981"
+
+[[package]]
+name = "libredox"
+version = "0.1.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e02f3bb43d335493c96bf3fd3a321600bf6bd07ed34bc64118e9293bdffea46c"
+dependencies = [
+ "bitflags",
+ "libc",
+ "plain",
+ "redox_syscall 0.7.5",
+]
+
+[[package]]
+name = "libsqlite3-sys"
+version = "0.27.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cf4e226dcd58b4be396f7bd3c20da8fdee2911400705297ba7d2d7cc2c30f716"
+dependencies = [
+ "cc",
+ "pkg-config",
+ "vcpkg",
+]
+
+[[package]]
+name = "linux-raw-sys"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "32a66949e030da00e8c7d4434b251670a91556f4144941d37452769c25d58a53"
+
+[[package]]
+name = "litemap"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "92daf443525c4cce67b150400bc2316076100ce0b3686209eb8cf3c31612e6f0"
+
+[[package]]
+name = "lock_api"
+version = "0.4.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "224399e74b87b5f3557511d98dff8b14089b3dadafcab6bb93eab67d3aace965"
+dependencies = [
+ "scopeguard",
+ "serde",
+]
+
+[[package]]
+name = "log"
+version = "0.4.29"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897"
+
+[[package]]
+name = "lru-slab"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "112b39cec0b298b6c1999fee3e31427f74f676e4cb9879ed1a121b43661a4154"
+
+[[package]]
+name = "matchers"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d1525a2a28c7f4fa0fc98bb91ae755d1e2d1505079e05539e35bc876b5d65ae9"
+dependencies = [
+ "regex-automata",
+]
+
+[[package]]
+name = "matchit"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0e7465ac9959cc2b1404e8e2367b43684a6d13790fe23056cc8c6c5a6b7bcb94"
+
+[[package]]
+name = "md-5"
+version = "0.10.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d89e7ee0cfbedfc4da3340218492196241d89eefb6dab27de5df917a6d2e78cf"
+dependencies = [
+ "cfg-if",
+ "digest",
+]
+
+[[package]]
+name = "memchr"
+version = "2.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79"
+
+[[package]]
+name = "mime"
+version = "0.3.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
+
+[[package]]
+name = "mime_guess"
+version = "2.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f7c44f8e672c00fe5308fa235f821cb4198414e1c77935c1ab6948d3fd78550e"
+dependencies = [
+ "mime",
+ "unicase",
+]
+
+[[package]]
+name = "minimal-lexical"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
+
+[[package]]
+name = "miniz_oxide"
+version = "0.8.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1fa76a2c86f704bdb222d66965fb3d63269ce38518b83cb0575fca855ebb6316"
+dependencies = [
+ "adler2",
+ "simd-adler32",
+]
+
+[[package]]
+name = "mio"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "50b7e5b27aa02a74bac8c3f23f448f8d87ff11f92d3aac1a6ed369ee08cc56c1"
+dependencies = [
+ "libc",
+ "wasi",
+ "windows-sys 0.61.2",
+]
+
+[[package]]
+name = "multer"
+version = "3.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "83e87776546dc87511aa5ee218730c92b666d7264ab6ed41f9d215af9cd5224b"
+dependencies = [
+ "bytes",
+ "encoding_rs",
+ "futures-util",
+ "http 1.4.0",
+ "httparse",
+ "memchr",
+ "mime",
+ "spin",
+ "version_check",
+]
+
+[[package]]
+name = "navsrv"
+version = "0.1.0"
+dependencies = [
+ "anyhow",
+ "async-trait",
+ "axum",
+ "axum-test",
+ "bcrypt",
+ "bytes",
+ "chrono",
+ "clap",
+ "dotenvy",
+ "figment",
+ "mime",
+ "multer",
+ "rand 0.8.6",
+ "reqwest",
+ "serde",
+ "serde_json",
+ "sqlx",
+ "tempfile",
+ "thiserror 1.0.69",
+ "tokio",
+ "tower 0.4.13",
+ "tower-http 0.5.2",
+ "tower-sessions",
+ "tower-sessions-sqlx-store",
+ "tower_governor",
+ "tracing",
+ "tracing-subscriber",
+ "validator",
+]
+
+[[package]]
+name = "no-std-compat"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b93853da6d84c2e3c7d730d6473e8817692dd89be387eb01b94d7f108ecb5b8c"
+
+[[package]]
+name = "nom"
+version = "7.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
+dependencies = [
+ "memchr",
+ "minimal-lexical",
+]
+
+[[package]]
+name = "nonempty"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e9e591e719385e6ebaeb5ce5d3887f7d5676fceca6411d1925ccc95745f3d6f7"
+
+[[package]]
+name = "nonzero_ext"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "38bf9645c8b145698bb0b18a4637dcacbc421ea49bef2317e4fd8065a387cf21"
+
+[[package]]
+name = "nu-ansi-term"
+version = "0.50.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5"
+dependencies = [
+ "windows-sys 0.61.2",
+]
+
+[[package]]
+name = "num-bigint-dig"
+version = "0.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e661dda6640fad38e827a6d4a310ff4763082116fe217f279885c97f511bb0b7"
+dependencies = [
+ "lazy_static",
+ "libm",
+ "num-integer",
+ "num-iter",
+ "num-traits",
+ "rand 0.8.6",
+ "smallvec",
+ "zeroize",
+]
+
+[[package]]
+name = "num-conv"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "521739c6d2bac4aa25192232afe6841231376b2b26d4d9fae5ecf8ca5772e441"
+
+[[package]]
+name = "num-integer"
+version = "0.1.46"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f"
+dependencies = [
+ "num-traits",
+]
+
+[[package]]
+name = "num-iter"
+version = "0.1.45"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf"
+dependencies = [
+ "autocfg",
+ "num-integer",
+ "num-traits",
+]
+
+[[package]]
+name = "num-traits"
+version = "0.2.19"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
+dependencies = [
+ "autocfg",
+ "libm",
+]
+
+[[package]]
+name = "once_cell"
+version = "1.21.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50"
+
+[[package]]
+name = "once_cell_polyfill"
+version = "1.70.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "384b8ab6d37215f3c5301a95a4accb5d64aa607f1fcb26a11b5303878451b4fe"
+
+[[package]]
+name = "parking_lot"
+version = "0.12.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "93857453250e3077bd71ff98b6a65ea6621a19bb0f559a85248955ac12c45a1a"
+dependencies = [
+ "lock_api",
+ "parking_lot_core",
+]
+
+[[package]]
+name = "parking_lot_core"
+version = "0.9.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "redox_syscall 0.5.18",
+ "smallvec",
+ "windows-link",
+]
+
+[[package]]
+name = "paste"
+version = "1.0.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
+
+[[package]]
+name = "pear"
+version = "0.2.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bdeeaa00ce488657faba8ebf44ab9361f9365a97bd39ffb8a60663f57ff4b467"
+dependencies = [
+ "inlinable_string",
+ "pear_codegen",
+ "yansi",
+]
+
+[[package]]
+name = "pear_codegen"
+version = "0.2.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4bab5b985dc082b345f812b7df84e1bef27e7207b39e448439ba8bd69c93f147"
+dependencies = [
+ "proc-macro2",
+ "proc-macro2-diagnostics",
+ "quote",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "pem-rfc7468"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412"
+dependencies = [
+ "base64ct",
+]
+
+[[package]]
+name = "percent-encoding"
+version = "2.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220"
+
+[[package]]
+name = "pin-project"
+version = "1.1.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2466b2336ed02bcdca6b294417127b90ec92038d1d5c4fbeac971a922e0e0924"
+dependencies = [
+ "pin-project-internal",
+]
+
+[[package]]
+name = "pin-project-internal"
+version = "1.1.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c96395f0a926bc13b1c17622aaddda1ecb55d49c8f1bf9777e4d877800a43f8b"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "pin-project-lite"
+version = "0.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd"
+
+[[package]]
+name = "pkcs1"
+version = "0.7.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f"
+dependencies = [
+ "der",
+ "pkcs8",
+ "spki",
+]
+
+[[package]]
+name = "pkcs8"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
+dependencies = [
+ "der",
+ "spki",
+]
+
+[[package]]
+name = "pkg-config"
+version = "0.3.33"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "19f132c84eca552bf34cab8ec81f1c1dcc229b811638f9d283dceabe58c5569e"
+
+[[package]]
+name = "plain"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b4596b6d070b27117e987119b4dac604f3c58cfb0b191112e24771b2faeac1a6"
+
+[[package]]
+name = "portable-atomic"
+version = "1.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c33a9471896f1c69cecef8d20cbe2f7accd12527ce60845ff44c153bb2a21b49"
+
+[[package]]
+name = "potential_utf"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0103b1cef7ec0cf76490e969665504990193874ea05c85ff9bab8b911d0a0564"
+dependencies = [
+ "zerovec",
+]
+
+[[package]]
+name = "powerfmt"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
+
+[[package]]
+name = "ppv-lite86"
+version = "0.2.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9"
+dependencies = [
+ "zerocopy",
+]
+
+[[package]]
+name = "pretty_assertions"
+version = "1.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3ae130e2f271fbc2ac3a40fb1d07180839cdbbe443c7a27e1e3c13c5cac0116d"
+dependencies = [
+ "diff",
+ "yansi",
+]
+
+[[package]]
+name = "prettyplease"
+version = "0.2.37"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b"
+dependencies = [
+ "proc-macro2",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "proc-macro-error"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c"
+dependencies = [
+ "proc-macro-error-attr",
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+ "version_check",
+]
+
+[[package]]
+name = "proc-macro-error-attr"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "version_check",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.106"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "proc-macro2-diagnostics"
+version = "0.10.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "af066a9c399a26e020ada66a034357a868728e72cd426f3adcd35f80d88d88c8"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+ "version_check",
+ "yansi",
+]
+
+[[package]]
+name = "quanta"
+version = "0.12.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f3ab5a9d756f0d97bdc89019bd2e4ea098cf9cde50ee7564dde6b81ccc8f06c7"
+dependencies = [
+ "crossbeam-utils",
+ "libc",
+ "once_cell",
+ "raw-cpuid",
+ "wasi",
+ "web-sys",
+ "winapi",
+]
+
+[[package]]
+name = "quinn"
+version = "0.11.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b9e20a958963c291dc322d98411f541009df2ced7b5a4f2bd52337638cfccf20"
+dependencies = [
+ "bytes",
+ "cfg_aliases",
+ "pin-project-lite",
+ "quinn-proto",
+ "quinn-udp",
+ "rustc-hash",
+ "rustls 0.23.40",
+ "socket2",
+ "thiserror 2.0.18",
+ "tokio",
+ "tracing",
+ "web-time",
+]
+
+[[package]]
+name = "quinn-proto"
+version = "0.11.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "434b42fec591c96ef50e21e886936e66d3cc3f737104fdb9b737c40ffb94c098"
+dependencies = [
+ "bytes",
+ "getrandom 0.3.4",
+ "lru-slab",
+ "rand 0.9.4",
+ "ring",
+ "rustc-hash",
+ "rustls 0.23.40",
+ "rustls-pki-types",
+ "slab",
+ "thiserror 2.0.18",
+ "tinyvec",
+ "tracing",
+ "web-time",
+]
+
+[[package]]
+name = "quinn-udp"
+version = "0.5.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "addec6a0dcad8a8d96a771f815f0eaf55f9d1805756410b39f5fa81332574cbd"
+dependencies = [
+ "cfg_aliases",
+ "libc",
+ "once_cell",
+ "socket2",
+ "tracing",
+ "windows-sys 0.60.2",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.45"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924"
+dependencies = [
+ "proc-macro2",
+]
+
+[[package]]
+name = "r-efi"
+version = "5.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"
+
+[[package]]
+name = "r-efi"
+version = "6.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf"
+
+[[package]]
+name = "rand"
+version = "0.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5ca0ecfa931c29007047d1bc58e623ab12e5590e8c7cc53200d5202b69266d8a"
+dependencies = [
+ "libc",
+ "rand_chacha 0.3.1",
+ "rand_core 0.6.4",
+]
+
+[[package]]
+name = "rand"
+version = "0.9.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "44c5af06bb1b7d3216d91932aed5265164bf384dc89cd6ba05cf59a35f5f76ea"
+dependencies = [
+ "rand_chacha 0.9.0",
+ "rand_core 0.9.5",
+]
+
+[[package]]
+name = "rand_chacha"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
+dependencies = [
+ "ppv-lite86",
+ "rand_core 0.6.4",
+]
+
+[[package]]
+name = "rand_chacha"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb"
+dependencies = [
+ "ppv-lite86",
+ "rand_core 0.9.5",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
+dependencies = [
+ "getrandom 0.2.17",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.9.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "76afc826de14238e6e8c374ddcc1fa19e374fd8dd986b0d2af0d02377261d83c"
+dependencies = [
+ "getrandom 0.3.4",
+]
+
+[[package]]
+name = "raw-cpuid"
+version = "11.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "498cd0dc59d73224351ee52a95fee0f1a617a2eae0e7d9d720cc622c73a54186"
+dependencies = [
+ "bitflags",
+]
+
+[[package]]
+name = "redox_syscall"
+version = "0.5.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d"
+dependencies = [
+ "bitflags",
+]
+
+[[package]]
+name = "redox_syscall"
+version = "0.7.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4666a1a60d8412eab19d94f6d13dcc9cea0a5ef4fdf6a5db306537413c661b1b"
+dependencies = [
+ "bitflags",
+]
+
+[[package]]
+name = "regex"
+version = "1.12.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e10754a14b9137dd7b1e3e5b0493cc9171fdd105e0ab477f51b72e7f3ac0e276"
+dependencies = [
+ "aho-corasick",
+ "memchr",
+ "regex-automata",
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-automata"
+version = "0.4.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6e1dd4122fc1595e8162618945476892eefca7b88c52820e74af6262213cae8f"
+dependencies = [
+ "aho-corasick",
+ "memchr",
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-syntax"
+version = "0.8.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a"
+
+[[package]]
+name = "reqwest"
+version = "0.12.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147"
+dependencies = [
+ "base64 0.22.1",
+ "bytes",
+ "futures-core",
+ "http 1.4.0",
+ "http-body",
+ "http-body-util",
+ "hyper",
+ "hyper-rustls",
+ "hyper-util",
+ "js-sys",
+ "log",
+ "percent-encoding",
+ "pin-project-lite",
+ "quinn",
+ "rustls 0.23.40",
+ "rustls-pki-types",
+ "serde",
+ "serde_json",
+ "serde_urlencoded",
+ "sync_wrapper",
+ "tokio",
+ "tokio-rustls",
+ "tower 0.5.3",
+ "tower-http 0.6.11",
+ "tower-service",
+ "url",
+ "wasm-bindgen",
+ "wasm-bindgen-futures",
+ "web-sys",
+ "webpki-roots 1.0.7",
+]
+
+[[package]]
+name = "reserve-port"
+version = "2.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "94070964579245eb2f76e62a7668fe87bd9969ed6c41256f3bf614e3323dd3cc"
+dependencies = [
+ "thiserror 2.0.18",
+]
+
+[[package]]
+name = "ring"
+version = "0.17.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7"
+dependencies = [
+ "cc",
+ "cfg-if",
+ "getrandom 0.2.17",
+ "libc",
+ "untrusted",
+ "windows-sys 0.52.0",
+]
+
+[[package]]
+name = "rmp"
+version = "0.8.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4ba8be72d372b2c9b35542551678538b562e7cf86c3315773cae48dfbfe7790c"
+dependencies = [
+ "num-traits",
+]
+
+[[package]]
+name = "rmp-serde"
+version = "1.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72f81bee8c8ef9b577d1681a70ebbc962c232461e397b22c208c43c04b67a155"
+dependencies = [
+ "rmp",
+ "serde",
+]
+
+[[package]]
+name = "rsa"
+version = "0.9.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b8573f03f5883dcaebdfcf4725caa1ecb9c15b2ef50c43a07b816e06799bb12d"
+dependencies = [
+ "const-oid",
+ "digest",
+ "num-bigint-dig",
+ "num-integer",
+ "num-traits",
+ "pkcs1",
+ "pkcs8",
+ "rand_core 0.6.4",
+ "signature",
+ "spki",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "rust-multipart-rfc7578_2"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "03b748410c0afdef2ebbe3685a6a862e2ee937127cdaae623336a459451c8d57"
+dependencies = [
+ "bytes",
+ "futures-core",
+ "futures-util",
+ "http 0.2.12",
+ "mime",
+ "mime_guess",
+ "rand 0.8.6",
+ "thiserror 1.0.69",
+]
+
+[[package]]
+name = "rustc-hash"
+version = "2.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "94300abf3f1ae2e2b8ffb7b58043de3d399c73fa6f4b73826402a5c457614dbe"
+
+[[package]]
+name = "rustix"
+version = "1.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b6fe4565b9518b83ef4f91bb47ce29620ca828bd32cb7e408f0062e9930ba190"
+dependencies = [
+ "bitflags",
+ "errno",
+ "libc",
+ "linux-raw-sys",
+ "windows-sys 0.61.2",
+]
+
+[[package]]
+name = "rustls"
+version = "0.21.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e"
+dependencies = [
+ "ring",
+ "rustls-webpki 0.101.7",
+ "sct",
+]
+
+[[package]]
+name = "rustls"
+version = "0.23.40"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ef86cd5876211988985292b91c96a8f2d298df24e75989a43a3c73f2d4d8168b"
+dependencies = [
+ "once_cell",
+ "ring",
+ "rustls-pki-types",
+ "rustls-webpki 0.103.13",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "rustls-pemfile"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c"
+dependencies = [
+ "base64 0.21.7",
+]
+
+[[package]]
+name = "rustls-pki-types"
+version = "1.14.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "30a7197ae7eb376e574fe940d068c30fe0462554a3ddbe4eca7838e049c937a9"
+dependencies = [
+ "web-time",
+ "zeroize",
+]
+
+[[package]]
+name = "rustls-webpki"
+version = "0.101.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
+[[package]]
+name = "rustls-webpki"
+version = "0.103.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e"
+dependencies = [
+ "ring",
+ "rustls-pki-types",
+ "untrusted",
+]
+
+[[package]]
+name = "rustversion"
+version = "1.0.22"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d"
+
+[[package]]
+name = "ryu"
+version = "1.0.23"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f"
+
+[[package]]
+name = "scopeguard"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
+
+[[package]]
+name = "sct"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
+[[package]]
+name = "semver"
+version = "1.0.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8a7852d02fc848982e0c167ef163aaff9cd91dc640ba85e263cb1ce46fae51cd"
+
+[[package]]
+name = "serde"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
+dependencies = [
+ "serde_core",
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_core"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
+dependencies = [
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_derive"
+version = "1.0.228"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "serde_json"
+version = "1.0.149"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86"
+dependencies = [
+ "itoa",
+ "memchr",
+ "serde",
+ "serde_core",
+ "zmij",
+]
+
+[[package]]
+name = "serde_path_to_error"
+version = "0.1.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "10a9ff822e371bb5403e391ecd83e182e0e77ba7f6fe0160b795797109d1b457"
+dependencies = [
+ "itoa",
+ "serde",
+ "serde_core",
+]
+
+[[package]]
+name = "serde_spanned"
+version = "0.6.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bf41e0cfaf7226dca15e8197172c295a782857fcb97fad1808a166870dee75a3"
+dependencies = [
+ "serde",
+]
+
+[[package]]
+name = "serde_urlencoded"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd"
+dependencies = [
+ "form_urlencoded",
+ "itoa",
+ "ryu",
+ "serde",
+]
+
+[[package]]
+name = "sha1"
+version = "0.10.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest",
+]
+
+[[package]]
+name = "sha2"
+version = "0.10.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest",
+]
+
+[[package]]
+name = "sharded-slab"
+version = "0.1.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6"
+dependencies = [
+ "lazy_static",
+]
+
+[[package]]
+name = "shlex"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
+
+[[package]]
+name = "signal-hook-registry"
+version = "1.4.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b"
+dependencies = [
+ "errno",
+ "libc",
+]
+
+[[package]]
+name = "signature"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
+dependencies = [
+ "digest",
+ "rand_core 0.6.4",
+]
+
+[[package]]
+name = "simd-adler32"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "703d5c7ef118737c72f1af64ad2f6f8c5e1921f818cdcb97b8fe6fc69bf66214"
+
+[[package]]
+name = "slab"
+version = "0.4.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0c790de23124f9ab44544d7ac05d60440adc586479ce501c1d6d7da3cd8c9cf5"
+
+[[package]]
+name = "smallvec"
+version = "1.15.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03"
+
+[[package]]
+name = "socket2"
+version = "0.6.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3a766e1110788c36f4fa1c2b71b387a7815aa65f88ce0229841826633d93723e"
+dependencies = [
+ "libc",
+ "windows-sys 0.61.2",
+]
+
+[[package]]
+name = "spin"
+version = "0.9.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
+dependencies = [
+ "lock_api",
+]
+
+[[package]]
+name = "spinning_top"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d96d2d1d716fb500937168cc09353ffdc7a012be8475ac7308e1bdf0e3923300"
+dependencies = [
+ "lock_api",
+]
+
+[[package]]
+name = "spki"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
+dependencies = [
+ "base64ct",
+ "der",
+]
+
+[[package]]
+name = "sqlformat"
+version = "0.2.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7bba3a93db0cc4f7bdece8bb09e77e2e785c20bfebf79eb8340ed80708048790"
+dependencies = [
+ "nom",
+ "unicode_categories",
+]
+
+[[package]]
+name = "sqlx"
+version = "0.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c9a2ccff1a000a5a59cd33da541d9f2fdcd9e6e8229cc200565942bff36d0aaa"
+dependencies = [
+ "sqlx-core",
+ "sqlx-macros",
+ "sqlx-mysql",
+ "sqlx-postgres",
+ "sqlx-sqlite",
+]
+
+[[package]]
+name = "sqlx-core"
+version = "0.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "24ba59a9342a3d9bab6c56c118be528b27c9b60e490080e9711a04dccac83ef6"
+dependencies = [
+ "ahash",
+ "atoi",
+ "byteorder",
+ "bytes",
+ "chrono",
+ "crc",
+ "crossbeam-queue",
+ "either",
+ "event-listener",
+ "futures-channel",
+ "futures-core",
+ "futures-intrusive",
+ "futures-io",
+ "futures-util",
+ "hashlink",
+ "hex",
+ "indexmap",
+ "log",
+ "memchr",
+ "once_cell",
+ "paste",
+ "percent-encoding",
+ "rustls 0.21.12",
+ "rustls-pemfile",
+ "serde",
+ "serde_json",
+ "sha2",
+ "smallvec",
+ "sqlformat",
+ "thiserror 1.0.69",
+ "time",
+ "tokio",
+ "tokio-stream",
+ "tracing",
+ "url",
+ "webpki-roots 0.25.4",
+]
+
+[[package]]
+name = "sqlx-macros"
+version = "0.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4ea40e2345eb2faa9e1e5e326db8c34711317d2b5e08d0d5741619048a803127"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "sqlx-core",
+ "sqlx-macros-core",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "sqlx-macros-core"
+version = "0.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5833ef53aaa16d860e92123292f1f6a3d53c34ba8b1969f152ef1a7bb803f3c8"
+dependencies = [
+ "dotenvy",
+ "either",
+ "heck 0.4.1",
+ "hex",
+ "once_cell",
+ "proc-macro2",
+ "quote",
+ "serde",
+ "serde_json",
+ "sha2",
+ "sqlx-core",
+ "sqlx-mysql",
+ "sqlx-postgres",
+ "sqlx-sqlite",
+ "syn 1.0.109",
+ "tempfile",
+ "tokio",
+ "url",
+]
+
+[[package]]
+name = "sqlx-mysql"
+version = "0.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1ed31390216d20e538e447a7a9b959e06ed9fc51c37b514b46eb758016ecd418"
+dependencies = [
+ "atoi",
+ "base64 0.21.7",
+ "bitflags",
+ "byteorder",
+ "bytes",
+ "chrono",
+ "crc",
+ "digest",
+ "dotenvy",
+ "either",
+ "futures-channel",
+ "futures-core",
+ "futures-io",
+ "futures-util",
+ "generic-array",
+ "hex",
+ "hkdf",
+ "hmac",
+ "itoa",
+ "log",
+ "md-5",
+ "memchr",
+ "once_cell",
+ "percent-encoding",
+ "rand 0.8.6",
+ "rsa",
+ "serde",
+ "sha1",
+ "sha2",
+ "smallvec",
+ "sqlx-core",
+ "stringprep",
+ "thiserror 1.0.69",
+ "time",
+ "tracing",
+ "whoami",
+]
+
+[[package]]
+name = "sqlx-postgres"
+version = "0.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7c824eb80b894f926f89a0b9da0c7f435d27cdd35b8c655b114e58223918577e"
+dependencies = [
+ "atoi",
+ "base64 0.21.7",
+ "bitflags",
+ "byteorder",
+ "chrono",
+ "crc",
+ "dotenvy",
+ "etcetera",
+ "futures-channel",
+ "futures-core",
+ "futures-io",
+ "futures-util",
+ "hex",
+ "hkdf",
+ "hmac",
+ "home",
+ "itoa",
+ "log",
+ "md-5",
+ "memchr",
+ "once_cell",
+ "rand 0.8.6",
+ "serde",
+ "serde_json",
+ "sha2",
+ "smallvec",
+ "sqlx-core",
+ "stringprep",
+ "thiserror 1.0.69",
+ "time",
+ "tracing",
+ "whoami",
+]
+
+[[package]]
+name = "sqlx-sqlite"
+version = "0.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b244ef0a8414da0bed4bb1910426e890b19e5e9bccc27ada6b797d05c55ae0aa"
+dependencies = [
+ "atoi",
+ "chrono",
+ "flume",
+ "futures-channel",
+ "futures-core",
+ "futures-executor",
+ "futures-intrusive",
+ "futures-util",
+ "libsqlite3-sys",
+ "log",
+ "percent-encoding",
+ "serde",
+ "sqlx-core",
+ "time",
+ "tracing",
+ "url",
+ "urlencoding",
+]
+
+[[package]]
+name = "stable_deref_trait"
+version = "1.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596"
+
+[[package]]
+name = "stringprep"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7b4df3d392d81bd458a8a621b8bffbd2302a12ffe288a9d931670948749463b1"
+dependencies = [
+ "unicode-bidi",
+ "unicode-normalization",
+ "unicode-properties",
+]
+
+[[package]]
+name = "strsim"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
+
+[[package]]
+name = "subtle"
+version = "2.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
+
+[[package]]
+name = "syn"
+version = "1.0.109"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
+[[package]]
+name = "syn"
+version = "2.0.117"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
+[[package]]
+name = "sync_wrapper"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263"
+dependencies = [
+ "futures-core",
+]
+
+[[package]]
+name = "synstructure"
+version = "0.13.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "tempfile"
+version = "3.27.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "32497e9a4c7b38532efcdebeef879707aa9f794296a4f0244f6f69e9bc8574bd"
+dependencies = [
+ "fastrand",
+ "getrandom 0.4.2",
+ "once_cell",
+ "rustix",
+ "windows-sys 0.61.2",
+]
+
+[[package]]
+name = "thiserror"
+version = "1.0.69"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52"
+dependencies = [
+ "thiserror-impl 1.0.69",
+]
+
+[[package]]
+name = "thiserror"
+version = "2.0.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4"
+dependencies = [
+ "thiserror-impl 2.0.18",
+]
+
+[[package]]
+name = "thiserror-impl"
+version = "1.0.69"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "thiserror-impl"
+version = "2.0.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "thread_local"
+version = "1.1.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185"
+dependencies = [
+ "cfg-if",
+]
+
+[[package]]
+name = "time"
+version = "0.3.47"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c"
+dependencies = [
+ "deranged",
+ "itoa",
+ "num-conv",
+ "powerfmt",
+ "serde_core",
+ "time-core",
+ "time-macros",
+]
+
+[[package]]
+name = "time-core"
+version = "0.1.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca"
+
+[[package]]
+name = "time-macros"
+version = "0.2.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2e70e4c5a0e0a8a4823ad65dfe1a6930e4f4d756dcd9dd7939022b5e8c501215"
+dependencies = [
+ "num-conv",
+ "time-core",
+]
+
+[[package]]
+name = "tinystr"
+version = "0.8.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c8323304221c2a851516f22236c5722a72eaa19749016521d6dff0824447d96d"
+dependencies = [
+ "displaydoc",
+ "zerovec",
+]
+
+[[package]]
+name = "tinyvec"
+version = "1.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3e61e67053d25a4e82c844e8424039d9745781b3fc4f32b8d55ed50f5f667ef3"
+dependencies = [
+ "tinyvec_macros",
+]
+
+[[package]]
+name = "tinyvec_macros"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
+
+[[package]]
+name = "tokio"
+version = "1.52.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8fc7f01b389ac15039e4dc9531aa973a135d7a4135281b12d7c1bc79fd57fffe"
+dependencies = [
+ "bytes",
+ "libc",
+ "mio",
+ "parking_lot",
+ "pin-project-lite",
+ "signal-hook-registry",
+ "socket2",
+ "tokio-macros",
+ "windows-sys 0.61.2",
+]
+
+[[package]]
+name = "tokio-macros"
+version = "2.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "385a6cb71ab9ab790c5fe8d67f1645e6c450a7ce006a33de03daa956cf70a496"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "tokio-rustls"
+version = "0.26.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1729aa945f29d91ba541258c8df89027d5792d85a8841fb65e8bf0f4ede4ef61"
+dependencies = [
+ "rustls 0.23.40",
+ "tokio",
+]
+
+[[package]]
+name = "tokio-stream"
+version = "0.1.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "32da49809aab5c3bc678af03902d4ccddea2a87d028d86392a4b1560c6906c70"
+dependencies = [
+ "futures-core",
+ "pin-project-lite",
+ "tokio",
+]
+
+[[package]]
+name = "tokio-util"
+version = "0.7.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ae9cec805b01e8fc3fd2fe289f89149a9b66dd16786abd8b19cfa7b48cb0098"
+dependencies = [
+ "bytes",
+ "futures-core",
+ "futures-sink",
+ "pin-project-lite",
+ "tokio",
+]
+
+[[package]]
+name = "toml"
+version = "0.8.23"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dc1beb996b9d83529a9e75c17a1686767d148d70663143c7854d8b4a09ced362"
+dependencies = [
+ "serde",
+ "serde_spanned",
+ "toml_datetime",
+ "toml_edit",
+]
+
+[[package]]
+name = "toml_datetime"
+version = "0.6.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "22cddaf88f4fbc13c51aebbf5f8eceb5c7c5a9da2ac40a13519eb5b0a0e8f11c"
+dependencies = [
+ "serde",
+]
+
+[[package]]
+name = "toml_edit"
+version = "0.22.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "41fe8c660ae4257887cf66394862d21dbca4a6ddd26f04a3560410406a2f819a"
+dependencies = [
+ "indexmap",
+ "serde",
+ "serde_spanned",
+ "toml_datetime",
+ "toml_write",
+ "winnow",
+]
+
+[[package]]
+name = "toml_write"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5d99f8c9a7727884afe522e9bd5edbfc91a3312b36a77b5fb8926e4c31a41801"
+
+[[package]]
+name = "tower"
+version = "0.4.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b8fa9be0de6cf49e536ce1851f987bd21a43b771b09473c3549a6c853db37c1c"
+dependencies = [
+ "tower-layer",
+ "tower-service",
+ "tracing",
+]
+
+[[package]]
+name = "tower"
+version = "0.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4"
+dependencies = [
+ "futures-core",
+ "futures-util",
+ "pin-project-lite",
+ "sync_wrapper",
+ "tokio",
+ "tower-layer",
+ "tower-service",
+ "tracing",
+]
+
+[[package]]
+name = "tower-cookies"
+version = "0.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4fd0118512cf0b3768f7fcccf0bef1ae41d68f2b45edc1e77432b36c97c56c6d"
+dependencies = [
+ "async-trait",
+ "axum-core",
+ "cookie",
+ "futures-util",
+ "http 1.4.0",
+ "parking_lot",
+ "pin-project-lite",
+ "tower-layer",
+ "tower-service",
+]
+
+[[package]]
+name = "tower-http"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e9cd434a998747dd2c4276bc96ee2e0c7a2eadf3cae88e52be55a05fa9053f5"
+dependencies = [
+ "async-compression",
+ "bitflags",
+ "bytes",
+ "futures-core",
+ "futures-util",
+ "http 1.4.0",
+ "http-body",
+ "http-body-util",
+ "http-range-header",
+ "httpdate",
+ "mime",
+ "mime_guess",
+ "percent-encoding",
+ "pin-project-lite",
+ "tokio",
+ "tokio-util",
+ "tower-layer",
+ "tower-service",
+ "tracing",
+]
+
+[[package]]
+name = "tower-http"
+version = "0.6.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4cfcf7e2740e6fc6d4d688b4ef00650406bb94adf4731e43c096c3a19fe40840"
+dependencies = [
+ "bitflags",
+ "bytes",
+ "futures-util",
+ "http 1.4.0",
+ "http-body",
+ "pin-project-lite",
+ "tower 0.5.3",
+ "tower-layer",
+ "tower-service",
+ "url",
+]
+
+[[package]]
+name = "tower-layer"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e"
+
+[[package]]
+name = "tower-service"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3"
+
+[[package]]
+name = "tower-sessions"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f3db9ccda3dabcbaad83dda82d9486eaa0a6983fe0cecfe113087a990cd240e1"
+dependencies = [
+ "async-trait",
+ "http 1.4.0",
+ "time",
+ "tokio",
+ "tower-cookies",
+ "tower-layer",
+ "tower-service",
+ "tower-sessions-core",
+ "tower-sessions-memory-store",
+ "tracing",
+]
+
+[[package]]
+name = "tower-sessions-core"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bc792f6a4179356f9093447edebe14bb73dbc99be636886281313cb98b47201b"
+dependencies = [
+ "async-trait",
+ "axum-core",
+ "base64 0.21.7",
+ "futures",
+ "http 1.4.0",
+ "parking_lot",
+ "rand 0.8.6",
+ "serde",
+ "serde_json",
+ "thiserror 1.0.69",
+ "time",
+ "tokio",
+ "tracing",
+]
+
+[[package]]
+name = "tower-sessions-memory-store"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4d780288cc38a7f001b39a22392c29b1398bda163c846f07b1253713042bc549"
+dependencies = [
+ "async-trait",
+ "time",
+ "tokio",
+ "tower-sessions-core",
+]
+
+[[package]]
+name = "tower-sessions-sqlx-store"
+version = "0.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f93bb337be75252391f9cff681fac300fa9df91bdccdc00c88c88b174637b00d"
+dependencies = [
+ "async-trait",
+ "rmp-serde",
+ "sqlx",
+ "thiserror 1.0.69",
+ "time",
+ "tower-sessions-core",
+]
+
+[[package]]
+name = "tower_governor"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3790eac6ad3fb8d9d96c2b040ae06e2517aa24b067545d1078b96ae72f7bb9a7"
+dependencies = [
+ "axum",
+ "forwarded-header-value",
+ "governor",
+ "http 1.4.0",
+ "pin-project",
+ "thiserror 1.0.69",
+ "tower 0.4.13",
+ "tracing",
+]
+
+[[package]]
+name = "tracing"
+version = "0.1.44"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100"
+dependencies = [
+ "log",
+ "pin-project-lite",
+ "tracing-attributes",
+ "tracing-core",
+]
+
+[[package]]
+name = "tracing-attributes"
+version = "0.1.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "tracing-core"
+version = "0.1.36"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a"
+dependencies = [
+ "once_cell",
+ "valuable",
+]
+
+[[package]]
+name = "tracing-log"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3"
+dependencies = [
+ "log",
+ "once_cell",
+ "tracing-core",
+]
+
+[[package]]
+name = "tracing-serde"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "704b1aeb7be0d0a84fc9828cae51dab5970fee5088f83d1dd7ee6f6246fc6ff1"
+dependencies = [
+ "serde",
+ "tracing-core",
+]
+
+[[package]]
+name = "tracing-subscriber"
+version = "0.3.23"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cb7f578e5945fb242538965c2d0b04418d38ec25c79d160cd279bf0731c8d319"
+dependencies = [
+ "matchers",
+ "nu-ansi-term",
+ "once_cell",
+ "regex-automata",
+ "serde",
+ "serde_json",
+ "sharded-slab",
+ "smallvec",
+ "thread_local",
+ "tracing",
+ "tracing-core",
+ "tracing-log",
+ "tracing-serde",
+]
+
+[[package]]
+name = "try-lock"
+version = "0.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b"
+
+[[package]]
+name = "typenum"
+version = "1.20.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "40ce102ab67701b8526c123c1bab5cbe42d7040ccfd0f64af1a385808d2f43de"
+
+[[package]]
+name = "uncased"
+version = "0.9.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e1b88fcfe09e89d3866a5c11019378088af2d24c3fbd4f0543f96b479ec90697"
+dependencies = [
+ "version_check",
+]
+
+[[package]]
+name = "unicase"
+version = "2.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dbc4bc3a9f746d862c45cb89d705aa10f187bb96c76001afab07a0d35ce60142"
+
+[[package]]
+name = "unicode-bidi"
+version = "0.3.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c1cb5db39152898a79168971543b1cb5020dff7fe43c8dc468b0885f5e29df5"
+
+[[package]]
+name = "unicode-ident"
+version = "1.0.24"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75"
+
+[[package]]
+name = "unicode-normalization"
+version = "0.1.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5fd4f6878c9cb28d874b009da9e8d183b5abc80117c40bbd187a1fde336be6e8"
+dependencies = [
+ "tinyvec",
+]
+
+[[package]]
+name = "unicode-properties"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7df058c713841ad818f1dc5d3fd88063241cc61f49f5fbea4b951e8cf5a8d71d"
+
+[[package]]
+name = "unicode-segmentation"
+version = "1.13.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9629274872b2bfaf8d66f5f15725007f635594914870f65218920345aa11aa8c"
+
+[[package]]
+name = "unicode-xid"
+version = "0.2.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853"
+
+[[package]]
+name = "unicode_categories"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "39ec24b3121d976906ece63c9daad25b85969647682eee313cb5779fdd69e14e"
+
+[[package]]
+name = "untrusted"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
+
+[[package]]
+name = "url"
+version = "2.5.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ff67a8a4397373c3ef660812acab3268222035010ab8680ec4215f38ba3d0eed"
+dependencies = [
+ "form_urlencoded",
+ "idna 1.1.0",
+ "percent-encoding",
+ "serde",
+]
+
+[[package]]
+name = "urlencoding"
+version = "2.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da"
+
+[[package]]
+name = "utf8_iter"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be"
+
+[[package]]
+name = "utf8parse"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
+
+[[package]]
+name = "validator"
+version = "0.16.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b92f40481c04ff1f4f61f304d61793c7b56ff76ac1469f1beb199b1445b253bd"
+dependencies = [
+ "idna 0.4.0",
+ "lazy_static",
+ "regex",
+ "serde",
+ "serde_derive",
+ "serde_json",
+ "url",
+ "validator_derive",
+]
+
+[[package]]
+name = "validator_derive"
+version = "0.16.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bc44ca3088bb3ba384d9aecf40c6a23a676ce23e09bdaca2073d99c207f864af"
+dependencies = [
+ "if_chain",
+ "lazy_static",
+ "proc-macro-error",
+ "proc-macro2",
+ "quote",
+ "regex",
+ "syn 1.0.109",
+ "validator_types",
+]
+
+[[package]]
+name = "validator_types"
+version = "0.16.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "111abfe30072511849c5910134e8baf8dc05de4c0e5903d681cbd5c9c4d611e3"
+dependencies = [
+ "proc-macro2",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "valuable"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65"
+
+[[package]]
+name = "vcpkg"
+version = "0.2.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
+
+[[package]]
+name = "version_check"
+version = "0.9.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
+
+[[package]]
+name = "want"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e"
+dependencies = [
+ "try-lock",
+]
+
+[[package]]
+name = "wasi"
+version = "0.11.1+wasi-snapshot-preview1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b"
+
+[[package]]
+name = "wasip2"
+version = "1.0.3+wasi-0.2.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "20064672db26d7cdc89c7798c48a0fdfac8213434a1186e5ef29fd560ae223d6"
+dependencies = [
+ "wit-bindgen 0.57.1",
+]
+
+[[package]]
+name = "wasip3"
+version = "0.4.0+wasi-0.3.0-rc-2026-01-06"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5"
+dependencies = [
+ "wit-bindgen 0.51.0",
+]
+
+[[package]]
+name = "wasite"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b"
+
+[[package]]
+name = "wasm-bindgen"
+version = "0.2.121"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "49ace1d07c165b0864824eee619580c4689389afa9dc9ed3a4c75040d82e6790"
+dependencies = [
+ "cfg-if",
+ "once_cell",
+ "rustversion",
+ "wasm-bindgen-macro",
+ "wasm-bindgen-shared",
+]
+
+[[package]]
+name = "wasm-bindgen-futures"
+version = "0.4.71"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "96492d0d3ffba25305a7dc88720d250b1401d7edca02cc3bcd50633b424673b8"
+dependencies = [
+ "js-sys",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "wasm-bindgen-macro"
+version = "0.2.121"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e68e6f4afd367a562002c05637acb8578ff2dea1943df76afb9e83d177c8578"
+dependencies = [
+ "quote",
+ "wasm-bindgen-macro-support",
+]
+
+[[package]]
+name = "wasm-bindgen-macro-support"
+version = "0.2.121"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d95a9ec35c64b2a7cb35d3fead40c4238d0940c86d107136999567a4703259f2"
+dependencies = [
+ "bumpalo",
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+ "wasm-bindgen-shared",
+]
+
+[[package]]
+name = "wasm-bindgen-shared"
+version = "0.2.121"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c4e0100b01e9f0d03189a92b96772a1fb998639d981193d7dbab487302513441"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "wasm-encoder"
+version = "0.244.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "990065f2fe63003fe337b932cfb5e3b80e0b4d0f5ff650e6985b1048f62c8319"
+dependencies = [
+ "leb128fmt",
+ "wasmparser",
+]
+
+[[package]]
+name = "wasm-metadata"
+version = "0.244.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909"
+dependencies = [
+ "anyhow",
+ "indexmap",
+ "wasm-encoder",
+ "wasmparser",
+]
+
+[[package]]
+name = "wasmparser"
+version = "0.244.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe"
+dependencies = [
+ "bitflags",
+ "hashbrown 0.15.5",
+ "indexmap",
+ "semver",
+]
+
+[[package]]
+name = "web-sys"
+version = "0.3.98"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4b572dff8bcf38bad0fa19729c89bb5748b2b9b1d8be70cf90df697e3a8f32aa"
+dependencies = [
+ "js-sys",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "web-time"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb"
+dependencies = [
+ "js-sys",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "webpki-roots"
+version = "0.25.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1"
+
+[[package]]
+name = "webpki-roots"
+version = "1.0.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "52f5ee44c96cf55f1b349600768e3ece3a8f26010c05265ab73f945bb1a2eb9d"
+dependencies = [
+ "rustls-pki-types",
+]
+
+[[package]]
+name = "whoami"
+version = "1.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5d4a4db5077702ca3015d3d02d74974948aba2ad9e12ab7df718ee64ccd7e97d"
+dependencies = [
+ "libredox",
+ "wasite",
+]
+
+[[package]]
+name = "winapi"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
+dependencies = [
+ "winapi-i686-pc-windows-gnu",
+ "winapi-x86_64-pc-windows-gnu",
+]
+
+[[package]]
+name = "winapi-i686-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+
+[[package]]
+name = "winapi-x86_64-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+
+[[package]]
+name = "windows-core"
+version = "0.62.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b8e83a14d34d0623b51dce9581199302a221863196a1dde71a7663a4c2be9deb"
+dependencies = [
+ "windows-implement",
+ "windows-interface",
+ "windows-link",
+ "windows-result",
+ "windows-strings",
+]
+
+[[package]]
+name = "windows-implement"
+version = "0.60.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "053e2e040ab57b9dc951b72c264860db7eb3b0200ba345b4e4c3b14f67855ddf"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "windows-interface"
+version = "0.59.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3f316c4a2570ba26bbec722032c4099d8c8bc095efccdc15688708623367e358"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "windows-link"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
+
+[[package]]
+name = "windows-result"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7781fa89eaf60850ac3d2da7af8e5242a5ea78d1a11c49bf2910bb5a73853eb5"
+dependencies = [
+ "windows-link",
+]
+
+[[package]]
+name = "windows-strings"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7837d08f69c77cf6b07689544538e017c1bfcf57e34b4c0ff58e6c2cd3b37091"
+dependencies = [
+ "windows-link",
+]
+
+[[package]]
+name = "windows-sys"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9"
+dependencies = [
+ "windows-targets 0.48.5",
+]
+
+[[package]]
+name = "windows-sys"
+version = "0.52.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d"
+dependencies = [
+ "windows-targets 0.52.6",
+]
+
+[[package]]
+name = "windows-sys"
+version = "0.60.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb"
+dependencies = [
+ "windows-targets 0.53.5",
+]
+
+[[package]]
+name = "windows-sys"
+version = "0.61.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc"
+dependencies = [
+ "windows-link",
+]
+
+[[package]]
+name = "windows-targets"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c"
+dependencies = [
+ "windows_aarch64_gnullvm 0.48.5",
+ "windows_aarch64_msvc 0.48.5",
+ "windows_i686_gnu 0.48.5",
+ "windows_i686_msvc 0.48.5",
+ "windows_x86_64_gnu 0.48.5",
+ "windows_x86_64_gnullvm 0.48.5",
+ "windows_x86_64_msvc 0.48.5",
+]
+
+[[package]]
+name = "windows-targets"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"
+dependencies = [
+ "windows_aarch64_gnullvm 0.52.6",
+ "windows_aarch64_msvc 0.52.6",
+ "windows_i686_gnu 0.52.6",
+ "windows_i686_gnullvm 0.52.6",
+ "windows_i686_msvc 0.52.6",
+ "windows_x86_64_gnu 0.52.6",
+ "windows_x86_64_gnullvm 0.52.6",
+ "windows_x86_64_msvc 0.52.6",
+]
+
+[[package]]
+name = "windows-targets"
+version = "0.53.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4945f9f551b88e0d65f3db0bc25c33b8acea4d9e41163edf90dcd0b19f9069f3"
+dependencies = [
+ "windows-link",
+ "windows_aarch64_gnullvm 0.53.1",
+ "windows_aarch64_msvc 0.53.1",
+ "windows_i686_gnu 0.53.1",
+ "windows_i686_gnullvm 0.53.1",
+ "windows_i686_msvc 0.53.1",
+ "windows_x86_64_gnu 0.53.1",
+ "windows_x86_64_gnullvm 0.53.1",
+ "windows_x86_64_msvc 0.53.1",
+]
+
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8"
+
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
+
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.53.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a9d8416fa8b42f5c947f8482c43e7d89e73a173cead56d044f6a56104a6d1b53"
+
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc"
+
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
+
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.53.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b9d782e804c2f632e395708e99a94275910eb9100b2114651e04744e9b125006"
+
+[[package]]
+name = "windows_i686_gnu"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e"
+
+[[package]]
+name = "windows_i686_gnu"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
+
+[[package]]
+name = "windows_i686_gnu"
+version = "0.53.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "960e6da069d81e09becb0ca57a65220ddff016ff2d6af6a223cf372a506593a3"
+
+[[package]]
+name = "windows_i686_gnullvm"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
+
+[[package]]
+name = "windows_i686_gnullvm"
+version = "0.53.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fa7359d10048f68ab8b09fa71c3daccfb0e9b559aed648a8f95469c27057180c"
+
+[[package]]
+name = "windows_i686_msvc"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406"
+
+[[package]]
+name = "windows_i686_msvc"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
+
+[[package]]
+name = "windows_i686_msvc"
+version = "0.53.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e7ac75179f18232fe9c285163565a57ef8d3c89254a30685b57d83a38d326c2"
+
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e"
+
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
+
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.53.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9c3842cdd74a865a8066ab39c8a7a473c0778a3f29370b5fd6b4b9aa7df4a499"
+
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc"
+
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
+
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.53.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0ffa179e2d07eee8ad8f57493436566c7cc30ac536a3379fdf008f47f6bb7ae1"
+
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538"
+
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.52.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
+
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.53.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d6bbff5f0aada427a1e5a6da5f1f98158182f26556f345ac9e04d36d0ebed650"
+
+[[package]]
+name = "winnow"
+version = "0.7.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "df79d97927682d2fd8adb29682d1140b343be4ac0f08fd68b7765d9c059d3945"
+dependencies = [
+ "memchr",
+]
+
+[[package]]
+name = "wit-bindgen"
+version = "0.51.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5"
+dependencies = [
+ "wit-bindgen-rust-macro",
+]
+
+[[package]]
+name = "wit-bindgen"
+version = "0.57.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1ebf944e87a7c253233ad6766e082e3cd714b5d03812acc24c318f549614536e"
+
+[[package]]
+name = "wit-bindgen-core"
+version = "0.51.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ea61de684c3ea68cb082b7a88508a8b27fcc8b797d738bfc99a82facf1d752dc"
+dependencies = [
+ "anyhow",
+ "heck 0.5.0",
+ "wit-parser",
+]
+
+[[package]]
+name = "wit-bindgen-rust"
+version = "0.51.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21"
+dependencies = [
+ "anyhow",
+ "heck 0.5.0",
+ "indexmap",
+ "prettyplease",
+ "syn 2.0.117",
+ "wasm-metadata",
+ "wit-bindgen-core",
+ "wit-component",
+]
+
+[[package]]
+name = "wit-bindgen-rust-macro"
+version = "0.51.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0c0f9bfd77e6a48eccf51359e3ae77140a7f50b1e2ebfe62422d8afdaffab17a"
+dependencies = [
+ "anyhow",
+ "prettyplease",
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+ "wit-bindgen-core",
+ "wit-bindgen-rust",
+]
+
+[[package]]
+name = "wit-component"
+version = "0.244.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2"
+dependencies = [
+ "anyhow",
+ "bitflags",
+ "indexmap",
+ "log",
+ "serde",
+ "serde_derive",
+ "serde_json",
+ "wasm-encoder",
+ "wasm-metadata",
+ "wasmparser",
+ "wit-parser",
+]
+
+[[package]]
+name = "wit-parser"
+version = "0.244.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736"
+dependencies = [
+ "anyhow",
+ "id-arena",
+ "indexmap",
+ "log",
+ "semver",
+ "serde",
+ "serde_derive",
+ "serde_json",
+ "unicode-xid",
+ "wasmparser",
+]
+
+[[package]]
+name = "writeable"
+version = "0.6.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1ffae5123b2d3fc086436f8834ae3ab053a283cfac8fe0a0b8eaae044768a4c4"
+
+[[package]]
+name = "yansi"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cfe53a6657fd280eaa890a3bc59152892ffa3e30101319d168b781ed6529b049"
+
+[[package]]
+name = "yoke"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "abe8c5fda708d9ca3df187cae8bfb9ceda00dd96231bed36e445a1a48e66f9ca"
+dependencies = [
+ "stable_deref_trait",
+ "yoke-derive",
+ "zerofrom",
+]
+
+[[package]]
+name = "yoke-derive"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "de844c262c8848816172cef550288e7dc6c7b7814b4ee56b3e1553f275f1858e"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+ "synstructure",
+]
+
+[[package]]
+name = "zerocopy"
+version = "0.8.48"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eed437bf9d6692032087e337407a86f04cd8d6a16a37199ed57949d415bd68e9"
+dependencies = [
+ "zerocopy-derive",
+]
+
+[[package]]
+name = "zerocopy-derive"
+version = "0.8.48"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "70e3cd084b1788766f53af483dd21f93881ff30d7320490ec3ef7526d203bad4"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "zerofrom"
+version = "0.1.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0ec05a11813ea801ff6d75110ad09cd0824ddba17dfe17128ea0d5f68e6c5272"
+dependencies = [
+ "zerofrom-derive",
+]
+
+[[package]]
+name = "zerofrom-derive"
+version = "0.1.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "11532158c46691caf0f2593ea8358fed6bbf68a0315e80aae9bd41fbade684a1"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+ "synstructure",
+]
+
+[[package]]
+name = "zeroize"
+version = "1.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0"
+
+[[package]]
+name = "zerotrie"
+version = "0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0f9152d31db0792fa83f70fb2f83148effb5c1f5b8c7686c3459e361d9bc20bf"
+dependencies = [
+ "displaydoc",
+ "yoke",
+ "zerofrom",
+]
+
+[[package]]
+name = "zerovec"
+version = "0.11.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "90f911cbc359ab6af17377d242225f4d75119aec87ea711a880987b18cd7b239"
+dependencies = [
+ "yoke",
+ "zerofrom",
+ "zerovec-derive",
+]
+
+[[package]]
+name = "zerovec-derive"
+version = "0.11.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "625dc425cab0dca6dc3c3319506e6593dcb08a9f387ea3b284dbd52a92c40555"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.117",
+]
+
+[[package]]
+name = "zmij"
+version = "1.0.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa"
diff --git a/server/Cargo.toml b/server/Cargo.toml
new file mode 100644
index 0000000..3e009f6
--- /dev/null
+++ b/server/Cargo.toml
@@ -0,0 +1,60 @@
+[package]
+name = "navsrv"
+version = "0.1.0"
+edition = "2021"
+rust-version = "1.79"
+default-run = "navsrv"
+
+[[bin]]
+name = "navsrv"
+path = "src/main.rs"
+
+[lib]
+name = "navsrv"
+path = "src/lib.rs"
+
+[dependencies]
+axum = { version = "0.7", features = ["macros", "multipart"] }
+tokio = { version = "1", features = ["full"] }
+tower = "0.4"
+tower-http = { version = "0.5", features = ["fs", "trace", "compression-gzip", "set-header"] }
+tower-sessions = "0.10"
+tower-sessions-sqlx-store = { version = "0.10", features = ["sqlite"] }
+tower_governor = "0.3"
+
+sqlx = { version = "0.7", default-features = false, features = ["runtime-tokio-rustls", "sqlite", "chrono", "json", "macros", "migrate"] }
+
+serde = { version = "1", features = ["derive"] }
+serde_json = "1"
+validator = { version = "0.16", features = ["derive"] }
+
+bcrypt = "0.15"
+rand = "0.8"
+
+clap = { version = "4", features = ["derive"] }
+figment = { version = "0.10", features = ["toml", "env"] }
+dotenvy = "0.15"
+
+thiserror = "1"
+anyhow = "1"
+
+tracing = "0.1"
+tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] }
+
+chrono = { version = "0.4", default-features = false, features = ["clock", "serde"] }
+
+reqwest = { version = "0.12", default-features = false, features = ["rustls-tls"] }
+mime = "0.3"
+multer = "3"
+bytes = "1"
+async-trait = "0.1"
+
+[dev-dependencies]
+axum-test = "15"
+tempfile = "3"
+serde_json = "1"
+
+[profile.release]
+lto = "thin"
+codegen-units = 1
+strip = true
diff --git a/server/README.md b/server/README.md
new file mode 100644
index 0000000..9262ff1
--- /dev/null
+++ b/server/README.md
@@ -0,0 +1,48 @@
+# navsrv
+
+Rust backend for the navigation site (Plan 1 of 5). Serves the SPA + JSON API at `:8080`.
+
+## Quickstart (dev)
+
+```bash
+cd server
+cp .env.example .env       # edit if needed
+cargo run                  # listens on :8080
+```
+
+On first boot, an admin password is generated and printed. It's also written to
+`./dev-data/INITIAL_PASSWORD.txt`. Log in via the SPA to change it; the file is
+auto-deleted after a successful change.
+
+To start the SPA dev server (port 5173) talking to this backend:
+
+```bash
+cd ../web
+pnpm dev
+# /api/* is proxied to localhost:8080 by web/vite.config.ts
+```
+
+## Configuration (env)
+
+| Var                       | Default               | Notes                                  |
+|---------------------------|-----------------------|----------------------------------------|
+| `PORT`                    | `8080`                |                                        |
+| `DATA_DIR`                | `./dev-data`          | SQLite DB + uploads + INITIAL_PASSWORD |
+| `STATIC_DIR`              | `../web/build`        | SvelteKit `pnpm build` output          |
+| `BOOTSTRAP_ADMIN_PASSWORD`| (unset)               | First boot only; else random+file      |
+| `SECURE_COOKIES`          | `false`               | Set `true` behind HTTPS                |
+| `RUST_LOG`                | `info,sqlx=warn,...`  | tracing-subscriber filter              |
+
+## CLI
+
+```
+navsrv reset-password [--password <new>]   # invalidates all sessions; deletes INITIAL_PASSWORD.txt
+```
+
+## Tests
+
+```bash
+cargo test
+cargo clippy --all-targets -- -D warnings
+cargo fmt --check
+```
diff --git a/server/bootstrap.json b/server/bootstrap.json
new file mode 100644
index 0000000..2c4543d
--- /dev/null
+++ b/server/bootstrap.json
@@ -0,0 +1,23 @@
+{
+  "schemaVersion": 1,
+  "meta": {
+    "siteName": "Navigation",
+    "siteAvatarPath": "/avatar.png",
+    "siteCopyright": "Copyright © 2026 — All rights reserved.",
+    "siteIcp":  null,
+    "sitePolice": null,
+    "defaultTheme": "system"
+  },
+  "sites": [
+    { "value": "shangHai", "name": "上海", "name_i18n": { "en": "Shanghai" }, "is_default": true,  "sort_order": 0 },
+    { "value": "beiJing",  "name": "北京", "name_i18n": { "en": "Beijing"  }, "is_default": false, "sort_order": 1 }
+  ],
+  "groups": [
+    { "slug": "network", "name": "网络", "name_i18n": { "en": "Network" }, "sort_order": 0 },
+    { "slug": "media",   "name": "媒体", "name_i18n": { "en": "Media"   }, "sort_order": 1 },
+    { "slug": "nas",     "name": "NAS",  "name_i18n": { "en": "NAS"     }, "sort_order": 2 },
+    { "slug": "tools",   "name": "工具", "name_i18n": { "en": "Tools"   }, "sort_order": 3 }
+  ],
+  "tags": [],
+  "items": []
+}
diff --git a/server/build.rs b/server/build.rs
new file mode 100644
index 0000000..23e373a
--- /dev/null
+++ b/server/build.rs
@@ -0,0 +1,3 @@
+fn main() {
+    println!("cargo:rerun-if-changed=bootstrap.json");
+}
diff --git a/server/migrations/0001_init.sql b/server/migrations/0001_init.sql
new file mode 100644
index 0000000..2c51208
--- /dev/null
+++ b/server/migrations/0001_init.sql
@@ -0,0 +1,72 @@
+-- server/migrations/0001_init.sql
+
+PRAGMA foreign_keys = ON;
+
+CREATE TABLE sites (
+  id          INTEGER PRIMARY KEY,
+  value       TEXT    NOT NULL UNIQUE,
+  name        TEXT    NOT NULL,
+  name_i18n   TEXT,
+  sort_order  INTEGER NOT NULL DEFAULT 0,
+  is_default  INTEGER NOT NULL DEFAULT 0
+);
+
+CREATE TABLE groups (
+  id                INTEGER PRIMARY KEY,
+  slug              TEXT    NOT NULL UNIQUE,
+  name              TEXT    NOT NULL,
+  name_i18n         TEXT,
+  sort_order        INTEGER NOT NULL DEFAULT 0,
+  collapsed_default INTEGER NOT NULL DEFAULT 0
+);
+
+CREATE TABLE items (
+  id               INTEGER PRIMARY KEY,
+  group_id         INTEGER REFERENCES groups(id) ON DELETE SET NULL,
+  name             TEXT    NOT NULL,
+  name_i18n        TEXT,
+  description      TEXT,
+  description_i18n TEXT,
+  icon_kind        TEXT    NOT NULL CHECK (icon_kind IN ('asset','url','auto-favicon')),
+  icon_value       TEXT    NOT NULL,
+  sort_order       INTEGER NOT NULL DEFAULT 0,
+  created_at       INTEGER NOT NULL,
+  updated_at       INTEGER NOT NULL
+);
+
+CREATE TABLE item_links (
+  item_id     INTEGER NOT NULL REFERENCES items(id) ON DELETE CASCADE,
+  site_id     INTEGER NOT NULL REFERENCES sites(id) ON DELETE CASCADE,
+  url         TEXT    NOT NULL,
+  PRIMARY KEY (item_id, site_id)
+);
+
+CREATE TABLE tags (
+  id          INTEGER PRIMARY KEY,
+  slug        TEXT    NOT NULL UNIQUE,
+  name        TEXT    NOT NULL,
+  name_i18n   TEXT
+);
+
+CREATE TABLE item_tags (
+  item_id INTEGER NOT NULL REFERENCES items(id) ON DELETE CASCADE,
+  tag_id  INTEGER NOT NULL REFERENCES tags(id)  ON DELETE CASCADE,
+  PRIMARY KEY (item_id, tag_id)
+);
+
+CREATE TABLE config (
+  key   TEXT PRIMARY KEY,
+  value TEXT NOT NULL
+);
+
+CREATE INDEX idx_items_group_sort ON items(group_id, sort_order);
+CREATE INDEX idx_item_links_site  ON item_links(site_id);
+CREATE INDEX idx_item_tags_tag    ON item_tags(tag_id);
+
+INSERT INTO config (key, value) VALUES ('schema_version', '1');
+
+CREATE TABLE tower_sessions (
+  id          TEXT PRIMARY KEY NOT NULL,
+  data        BLOB NOT NULL,
+  expiry_date INTEGER NOT NULL
+);
diff --git a/server/rust-toolchain.toml b/server/rust-toolchain.toml
new file mode 100644
index 0000000..85f3606
--- /dev/null
+++ b/server/rust-toolchain.toml
@@ -0,0 +1,4 @@
+[toolchain]
+channel = "stable"
+components = ["rustfmt", "clippy"]
+profile = "minimal"
diff --git a/server/src/app.rs b/server/src/app.rs
new file mode 100644
index 0000000..5c59373
--- /dev/null
+++ b/server/src/app.rs
@@ -0,0 +1,65 @@
+use axum::http::{header, HeaderValue, Request};
+use axum::Router;
+use std::path::PathBuf;
+use tower_http::compression::CompressionLayer;
+use tower_http::services::{ServeDir, ServeFile};
+use tower_http::set_header::SetResponseHeaderLayer;
+use tower_http::trace::{DefaultOnResponse, TraceLayer};
+use tower_sessions::SessionManagerLayer;
+use tower_sessions_sqlx_store::SqliteStore;
+use tracing::Level;
+
+use crate::routes;
+use crate::state::AppState;
+
+pub fn build_app(
+    state: AppState,
+    session_layer: SessionManagerLayer<SqliteStore>,
+    static_dir: PathBuf,
+) -> Router {
+    let trace = TraceLayer::new_for_http()
+        .make_span_with(|req: &Request<_>| {
+            let method = req.method();
+            let uri = req.uri().path();
+            tracing::info_span!("http", %method, %uri)
+        })
+        .on_response(DefaultOnResponse::new().level(Level::INFO));
+
+    let index_html = static_dir.join("index.html");
+    let serve_dir = ServeDir::new(static_dir.clone()).fallback(ServeFile::new(index_html));
+
+    let user_icons_dir = state.data_dir.join("icons");
+
+    Router::new()
+        .merge(routes::api(state))
+        .nest_service("/icons", ServeDir::new(user_icons_dir))
+        .fallback_service(serve_dir)
+        .layer(session_layer)
+        .layer(trace)
+        .layer(CompressionLayer::new())
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::X_CONTENT_TYPE_OPTIONS,
+            HeaderValue::from_static("nosniff"),
+        ))
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::REFERRER_POLICY,
+            HeaderValue::from_static("same-origin"),
+        ))
+        .layer(SetResponseHeaderLayer::if_not_present(
+            header::X_FRAME_OPTIONS,
+            HeaderValue::from_static("DENY"),
+        ))
+}
+
+pub async fn build_app_for_tests() -> anyhow::Result<Router> {
+    use crate::auth::session::layer as session_layer;
+    use crate::db::connect_in_memory;
+    use crate::repo::{SqlxConfigRepo, SqlxNavRepo};
+    use std::sync::Arc;
+    let pool = connect_in_memory().await?;
+    let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    let dir = std::env::temp_dir();
+    let state = AppState::new(nav, cfg, dir.clone());
+    Ok(build_app(state, session_layer(pool, false), dir))
+}
diff --git a/server/src/auth/middleware.rs b/server/src/auth/middleware.rs
new file mode 100644
index 0000000..ca0e55a
--- /dev/null
+++ b/server/src/auth/middleware.rs
@@ -0,0 +1,33 @@
+use axum::async_trait;
+use axum::extract::FromRequestParts;
+use axum::http::request::Parts;
+use tower_sessions::Session;
+
+use crate::auth::session::SESSION_KEY_AUTHED;
+use crate::error::AppError;
+
+pub struct RequireAuth;
+
+#[async_trait]
+impl<S> FromRequestParts<S> for RequireAuth
+where
+    S: Send + Sync,
+{
+    type Rejection = AppError;
+
+    async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
+        let session = Session::from_request_parts(parts, state)
+            .await
+            .map_err(|_| AppError::Unauthenticated)?;
+        let authed = session
+            .get::<bool>(SESSION_KEY_AUTHED)
+            .await
+            .map_err(|_| AppError::Unauthenticated)?
+            .unwrap_or(false);
+        if authed {
+            Ok(Self)
+        } else {
+            Err(AppError::Unauthenticated)
+        }
+    }
+}
diff --git a/server/src/auth/mod.rs b/server/src/auth/mod.rs
new file mode 100644
index 0000000..8fc2dfe
--- /dev/null
+++ b/server/src/auth/mod.rs
@@ -0,0 +1,4 @@
+pub mod middleware;
+pub mod password;
+pub mod session;
+pub use middleware::RequireAuth;
diff --git a/server/src/auth/password.rs b/server/src/auth/password.rs
new file mode 100644
index 0000000..19488aa
--- /dev/null
+++ b/server/src/auth/password.rs
@@ -0,0 +1,34 @@
+//! bcrypt-based password hashing.
+
+use crate::error::{AppError, Result};
+
+pub const BCRYPT_COST: u32 = 12;
+
+pub fn hash(plain: &str) -> Result<String> {
+    if plain.is_empty() {
+        return Err(AppError::Validation("password must not be empty".into()));
+    }
+    Ok(bcrypt::hash(plain, BCRYPT_COST)?)
+}
+
+pub fn verify(plain: &str, hashed: &str) -> Result<bool> {
+    Ok(bcrypt::verify(plain, hashed)?)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn hash_then_verify_roundtrip() {
+        let h = hash("hunter2").unwrap();
+        assert!(verify("hunter2", &h).unwrap());
+        assert!(!verify("wrong", &h).unwrap());
+    }
+
+    #[test]
+    fn empty_password_rejected() {
+        let err = hash("").unwrap_err();
+        assert!(matches!(err, AppError::Validation(_)));
+    }
+}
diff --git a/server/src/auth/session.rs b/server/src/auth/session.rs
new file mode 100644
index 0000000..2331599
--- /dev/null
+++ b/server/src/auth/session.rs
@@ -0,0 +1,39 @@
+use sqlx::SqlitePool;
+use std::time::Duration;
+use tower_sessions::cookie::time::Duration as CookieDur;
+use tower_sessions::cookie::SameSite;
+use tower_sessions::{Expiry, SessionManagerLayer};
+use tower_sessions_sqlx_store::SqliteStore;
+
+pub const SESSION_KEY_AUTHED: &str = "authed";
+
+pub fn layer(pool: SqlitePool, secure: bool) -> SessionManagerLayer<SqliteStore> {
+    let store = SqliteStore::new(pool)
+        .with_table_name("tower_sessions")
+        .expect("valid table");
+    // RFC 6265bis: `__Host-` prefix REQUIRES Secure. Use it only when secure=true
+    // (HTTPS deploy) so dev-mode HTTP cookies aren't silently rejected by clients.
+    let name = if secure { "__Host-sid" } else { "sid" };
+    SessionManagerLayer::new(store)
+        .with_name(name)
+        .with_secure(secure)
+        .with_http_only(true)
+        .with_same_site(SameSite::Lax)
+        .with_expiry(Expiry::OnInactivity(CookieDur::days(30)))
+}
+
+/// Background task: prune expired sessions every hour.
+pub async fn run_pruner(pool: SqlitePool) {
+    let mut tick = tokio::time::interval(Duration::from_secs(3600));
+    loop {
+        tick.tick().await;
+        let now = chrono::Utc::now().timestamp_millis();
+        if let Err(e) = sqlx::query("DELETE FROM tower_sessions WHERE expiry_date < ?")
+            .bind(now)
+            .execute(&pool)
+            .await
+        {
+            tracing::warn!(error = %e, "session pruner failed");
+        }
+    }
+}
diff --git a/server/src/cli.rs b/server/src/cli.rs
new file mode 100644
index 0000000..b3a0fc5
--- /dev/null
+++ b/server/src/cli.rs
@@ -0,0 +1,71 @@
+use anyhow::Context;
+use clap::{Parser, Subcommand};
+use std::io::{self, Write};
+
+use crate::auth::password;
+use crate::config::Settings;
+use crate::db::{connect, migrate};
+use crate::repo::{ConfigRepo, SqlxConfigRepo};
+
+#[derive(Parser, Debug)]
+#[command(name = "navsrv", version)]
+pub struct Cli {
+    #[command(subcommand)]
+    pub command: Option<Command>,
+}
+
+#[derive(Subcommand, Debug)]
+pub enum Command {
+    /// Reset the admin password. Reads new password from --password or stdin.
+    ResetPassword {
+        /// New password. If omitted, prompted on stdin.
+        #[arg(long)]
+        password: Option<String>,
+    },
+}
+
+pub async fn run_command(cmd: Command) -> anyhow::Result<()> {
+    match cmd {
+        Command::ResetPassword { password: maybe } => {
+            let settings = Settings::load()?;
+            let pool = connect(&settings.db_url()).await.context("db connect")?;
+            migrate(&pool).await.context("migrate")?;
+            let cfg: std::sync::Arc<dyn ConfigRepo> =
+                std::sync::Arc::new(SqlxConfigRepo::new(pool.clone()));
+            let pw = match maybe {
+                Some(p) => p,
+                None => {
+                    let mut buf = String::new();
+                    print!("New admin password: ");
+                    io::stdout().flush().ok();
+                    io::stdin().read_line(&mut buf).context("read stdin")?;
+                    buf.trim().to_string()
+                }
+            };
+            if pw.len() < 8 {
+                anyhow::bail!("password must be at least 8 chars");
+            }
+            let hash = password::hash(&pw)?;
+            let now = chrono::Utc::now().timestamp_millis().to_string();
+            cfg.upsert_many(&[
+                ("admin_password_hash", &hash),
+                ("admin_password_updated_at", &now),
+            ])
+            .await?;
+
+            // Invalidate all sessions.
+            sqlx::query("DELETE FROM tower_sessions")
+                .execute(&pool)
+                .await?;
+
+            // Remove leftover INITIAL_PASSWORD.txt if any.
+            let initial = settings.data_dir.join("INITIAL_PASSWORD.txt");
+            if initial.exists() {
+                let _ = std::fs::remove_file(&initial);
+            }
+
+            println!("Admin password reset; all sessions invalidated.");
+            Ok(())
+        }
+    }
+}
diff --git a/server/src/config.rs b/server/src/config.rs
new file mode 100644
index 0000000..522143a
--- /dev/null
+++ b/server/src/config.rs
@@ -0,0 +1,89 @@
+//! Runtime configuration loaded from env (with optional .env).
+
+use figment::providers::Env;
+use figment::Figment;
+use serde::Deserialize;
+use std::path::PathBuf;
+
+#[derive(Debug, Clone, Deserialize)]
+pub struct Settings {
+    /// TCP port to listen on.
+    #[serde(default = "default_port")]
+    pub port: u16,
+    /// Directory holding `data.db`, `INITIAL_PASSWORD.txt`, and the icon cache.
+    #[serde(default = "default_data_dir")]
+    pub data_dir: PathBuf,
+    /// Directory holding the SvelteKit build output (HTML/JS/CSS).
+    #[serde(default = "default_static_dir")]
+    pub static_dir: PathBuf,
+    /// Initial admin password, if provided. When None, a random one is generated on first boot.
+    pub bootstrap_admin_password: Option<String>,
+    /// Set true on prod deployments to require Secure cookies.
+    #[serde(default)]
+    pub secure_cookies: bool,
+    /// `tracing-subscriber` env filter, e.g. "info,sqlx=warn".
+    #[serde(default = "default_log")]
+    pub rust_log: String,
+}
+
+fn default_port() -> u16 {
+    8080
+}
+fn default_data_dir() -> PathBuf {
+    PathBuf::from("./dev-data")
+}
+fn default_static_dir() -> PathBuf {
+    PathBuf::from("../web/build")
+}
+fn default_log() -> String {
+    "info,sqlx=warn,tower_http=info".into()
+}
+
+impl Settings {
+    pub fn load() -> anyhow::Result<Self> {
+        // Best-effort .env loading; ignore if missing.
+        let _ = dotenvy::dotenv();
+        let s: Settings = Figment::new().merge(Env::raw().split("__")).extract()?;
+        std::fs::create_dir_all(&s.data_dir)?;
+        Ok(s)
+    }
+
+    pub fn db_url(&self) -> String {
+        let path = self.data_dir.join("data.db");
+        format!("sqlite://{}?mode=rwc", path.display())
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn defaults_are_sane() {
+        // SAFETY: this is single-threaded test code; std::env safe in tests.
+        std::env::remove_var("PORT");
+        std::env::remove_var("DATA_DIR");
+        std::env::remove_var("STATIC_DIR");
+        std::env::remove_var("BOOTSTRAP_ADMIN_PASSWORD");
+        std::env::remove_var("SECURE_COOKIES");
+        std::env::remove_var("RUST_LOG");
+        let s = Settings::load().unwrap();
+        assert_eq!(s.port, 8080);
+        assert!(s.data_dir.ends_with("dev-data"));
+        assert!(!s.secure_cookies);
+        assert!(s.bootstrap_admin_password.is_none());
+    }
+
+    #[test]
+    fn db_url_uses_data_dir() {
+        let s = Settings {
+            port: 8080,
+            data_dir: PathBuf::from("/tmp/x"),
+            static_dir: PathBuf::from("/tmp/static"),
+            bootstrap_admin_password: None,
+            secure_cookies: false,
+            rust_log: "info".into(),
+        };
+        assert_eq!(s.db_url(), "sqlite:///tmp/x/data.db?mode=rwc");
+    }
+}
diff --git a/server/src/db.rs b/server/src/db.rs
new file mode 100644
index 0000000..0382425
--- /dev/null
+++ b/server/src/db.rs
@@ -0,0 +1,71 @@
+//! SQLite connection pool with safe defaults (WAL, foreign keys, busy timeout).
+
+use sqlx::sqlite::{SqliteConnectOptions, SqliteJournalMode, SqlitePoolOptions, SqliteSynchronous};
+use sqlx::{ConnectOptions, SqlitePool};
+use std::str::FromStr;
+use std::time::Duration;
+
+/// Build a pool against the given URL, applying recommended pragmas.
+pub async fn connect(url: &str) -> sqlx::Result<SqlitePool> {
+    let opts = SqliteConnectOptions::from_str(url)?
+        .create_if_missing(true)
+        .journal_mode(SqliteJournalMode::Wal)
+        .synchronous(SqliteSynchronous::Normal)
+        .foreign_keys(true)
+        .busy_timeout(Duration::from_secs(5))
+        .log_statements(tracing::log::LevelFilter::Debug);
+
+    SqlitePoolOptions::new()
+        .max_connections(5)
+        .acquire_timeout(Duration::from_secs(5))
+        .connect_with(opts)
+        .await
+}
+
+/// Run all bundled migrations against the pool.
+pub async fn migrate(pool: &SqlitePool) -> sqlx::Result<()> {
+    sqlx::migrate!("./migrations").run(pool).await?;
+    Ok(())
+}
+
+/// Build an in-memory pool with migrations applied. Used by unit and
+/// integration tests; not intended for production callers.
+#[doc(hidden)]
+pub async fn connect_in_memory() -> sqlx::Result<SqlitePool> {
+    let pool = connect("sqlite::memory:").await?;
+    migrate(&pool).await?;
+    Ok(pool)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[tokio::test]
+    async fn pool_runs_pragmas() {
+        let pool = connect("sqlite::memory:").await.unwrap();
+        let row: (String,) = sqlx::query_as("PRAGMA journal_mode")
+            .fetch_one(&pool)
+            .await
+            .unwrap();
+        // SQLite returns "memory" for in-memory DBs even after WAL request, so just sanity-check connectivity.
+        assert!(!row.0.is_empty());
+        let row: (i64,) = sqlx::query_as("PRAGMA foreign_keys")
+            .fetch_one(&pool)
+            .await
+            .unwrap();
+        assert_eq!(row.0, 1);
+    }
+
+    #[tokio::test]
+    async fn migrate_creates_tables() {
+        let pool = connect_in_memory().await.unwrap();
+        let row: (i64,) = sqlx::query_as(
+            "SELECT count(*) FROM sqlite_master WHERE type='table' AND name='items'",
+        )
+        .fetch_one(&pool)
+        .await
+        .unwrap();
+        assert_eq!(row.0, 1);
+    }
+}
diff --git a/server/src/dto.rs b/server/src/dto.rs
new file mode 100644
index 0000000..93bc25e
--- /dev/null
+++ b/server/src/dto.rs
@@ -0,0 +1,214 @@
+use serde::{Deserialize, Serialize};
+
+fn zero() -> i64 {
+    0
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct Site {
+    pub id: i64,
+    pub value: String,
+    pub name: String,
+    pub name_i18n: Option<serde_json::Value>,
+    pub sort_order: i64,
+    pub is_default: bool,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct Group {
+    pub id: i64,
+    pub slug: String,
+    pub name: String,
+    pub name_i18n: Option<serde_json::Value>,
+    pub sort_order: i64,
+    pub collapsed_default: bool,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct Tag {
+    pub id: i64,
+    pub slug: String,
+    pub name: String,
+    pub name_i18n: Option<serde_json::Value>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "kebab-case")]
+pub enum IconKind {
+    Asset,
+    Url,
+    AutoFavicon,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct Item {
+    pub id: i64,
+    pub group_id: Option<i64>,
+    pub name: String,
+    pub name_i18n: Option<serde_json::Value>,
+    pub description: Option<String>,
+    pub description_i18n: Option<serde_json::Value>,
+    pub icon_kind: IconKind,
+    pub icon_value: String,
+    pub sort_order: i64,
+    pub links: std::collections::BTreeMap<String, String>, // site.value -> URL
+    pub tag_slugs: Vec<String>,
+    #[serde(default = "zero")]
+    pub created_at: i64,
+    #[serde(default = "zero")]
+    pub updated_at: i64,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct Meta {
+    pub site_name: String,
+    pub site_avatar_path: Option<String>,
+    pub site_copyright: String,
+    pub site_icp: Option<Link>,
+    pub site_police: Option<Link>,
+    pub default_theme: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct Link {
+    pub text: String,
+    pub url: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct NavBundle {
+    pub schema_version: i64,
+    pub meta: Meta,
+    pub sites: Vec<Site>,
+    pub groups: Vec<Group>,
+    pub items: Vec<Item>,
+    pub tags: Vec<Tag>,
+}
+
+// ----- Write payloads -----
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct ItemPayload {
+    pub group_id: Option<i64>,
+    pub name: String,
+    #[serde(default)]
+    pub name_i18n: Option<serde_json::Value>,
+    #[serde(default)]
+    pub description: Option<String>,
+    #[serde(default)]
+    pub description_i18n: Option<serde_json::Value>,
+    pub icon_kind: IconKind,
+    pub icon_value: String,
+    #[serde(default)]
+    pub links: std::collections::BTreeMap<String, String>,
+    #[serde(default)]
+    pub tag_slugs: Vec<String>,
+}
+
+#[derive(Debug, Deserialize, Default)]
+#[serde(rename_all = "camelCase")]
+pub struct ItemPatch {
+    #[serde(default)]
+    pub group_id: Option<Option<i64>>,
+    #[serde(default)]
+    pub name: Option<String>,
+    #[serde(default)]
+    pub name_i18n: Option<Option<serde_json::Value>>,
+    #[serde(default)]
+    pub description: Option<Option<String>>,
+    #[serde(default)]
+    pub description_i18n: Option<Option<serde_json::Value>>,
+    #[serde(default)]
+    pub icon_kind: Option<IconKind>,
+    #[serde(default)]
+    pub icon_value: Option<String>,
+    #[serde(default)]
+    pub links: Option<std::collections::BTreeMap<String, String>>,
+    #[serde(default)]
+    pub tag_slugs: Option<Vec<String>>,
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct ReorderEntry {
+    pub id: i64,
+    pub sort_order: i64,
+    #[serde(default)]
+    pub group_id: Option<Option<i64>>,
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct GroupPayload {
+    pub slug: String,
+    pub name: String,
+    #[serde(default)]
+    pub name_i18n: Option<serde_json::Value>,
+    #[serde(default)]
+    pub collapsed_default: bool,
+}
+
+#[derive(Debug, Deserialize, Default)]
+#[serde(rename_all = "camelCase")]
+pub struct GroupPatch {
+    #[serde(default)]
+    pub slug: Option<String>,
+    #[serde(default)]
+    pub name: Option<String>,
+    #[serde(default)]
+    pub name_i18n: Option<Option<serde_json::Value>>,
+    #[serde(default)]
+    pub collapsed_default: Option<bool>,
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct SitePayload {
+    pub value: String,
+    pub name: String,
+    #[serde(default)]
+    pub name_i18n: Option<serde_json::Value>,
+    #[serde(default)]
+    pub is_default: bool,
+}
+
+#[derive(Debug, Deserialize, Default)]
+#[serde(rename_all = "camelCase")]
+pub struct SitePatch {
+    #[serde(default)]
+    pub value: Option<String>,
+    #[serde(default)]
+    pub name: Option<String>,
+    #[serde(default)]
+    pub name_i18n: Option<Option<serde_json::Value>>,
+    #[serde(default)]
+    pub is_default: Option<bool>,
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct TagPayload {
+    pub slug: String,
+    pub name: String,
+    #[serde(default)]
+    pub name_i18n: Option<serde_json::Value>,
+}
+
+#[derive(Debug, Deserialize, Default)]
+#[serde(rename_all = "camelCase")]
+pub struct TagPatch {
+    #[serde(default)]
+    pub slug: Option<String>,
+    #[serde(default)]
+    pub name: Option<String>,
+    #[serde(default)]
+    pub name_i18n: Option<Option<serde_json::Value>>,
+}
diff --git a/server/src/error.rs b/server/src/error.rs
new file mode 100644
index 0000000..734919d
--- /dev/null
+++ b/server/src/error.rs
@@ -0,0 +1,122 @@
+//! Unified application error type.
+
+use axum::http::StatusCode;
+use axum::response::{IntoResponse, Response};
+use axum::Json;
+use serde_json::json;
+use thiserror::Error;
+
+#[derive(Debug, Error)]
+pub enum AppError {
+    #[error("not found")]
+    NotFound,
+
+    #[error("unauthenticated")]
+    Unauthenticated,
+
+    #[error("forbidden")]
+    Forbidden,
+
+    #[error("validation failed: {0}")]
+    Validation(String),
+
+    #[error("conflict: {0}")]
+    Conflict(String),
+
+    #[error("rate limited")]
+    RateLimited,
+
+    #[error(transparent)]
+    Sqlx(#[from] sqlx::Error),
+
+    #[error(transparent)]
+    Bcrypt(#[from] bcrypt::BcryptError),
+
+    #[error(transparent)]
+    Io(#[from] std::io::Error),
+
+    #[error(transparent)]
+    Json(#[from] serde_json::Error),
+
+    #[error(transparent)]
+    Other(#[from] anyhow::Error),
+}
+
+impl AppError {
+    pub fn status(&self) -> StatusCode {
+        match self {
+            AppError::NotFound => StatusCode::NOT_FOUND,
+            AppError::Unauthenticated => StatusCode::UNAUTHORIZED,
+            AppError::Forbidden => StatusCode::FORBIDDEN,
+            AppError::Validation(_) => StatusCode::UNPROCESSABLE_ENTITY,
+            AppError::Conflict(_) => StatusCode::CONFLICT,
+            AppError::RateLimited => StatusCode::TOO_MANY_REQUESTS,
+            AppError::Sqlx(sqlx::Error::RowNotFound) => StatusCode::NOT_FOUND,
+            _ => StatusCode::INTERNAL_SERVER_ERROR,
+        }
+    }
+
+    fn code(&self) -> &'static str {
+        match self {
+            AppError::NotFound => "not_found",
+            AppError::Unauthenticated => "unauthenticated",
+            AppError::Forbidden => "forbidden",
+            AppError::Validation(_) => "validation_failed",
+            AppError::Conflict(_) => "conflict",
+            AppError::RateLimited => "rate_limited",
+            _ => "internal",
+        }
+    }
+}
+
+impl IntoResponse for AppError {
+    fn into_response(self) -> Response {
+        let status = self.status();
+        let code = self.code();
+        // Internal errors must not leak details to clients.
+        let message = match &self {
+            AppError::Validation(m) | AppError::Conflict(m) => Some(m.clone()),
+            AppError::NotFound
+            | AppError::Unauthenticated
+            | AppError::Forbidden
+            | AppError::RateLimited => None,
+            other => {
+                tracing::error!(error = %other, "internal error");
+                None
+            }
+        };
+        let body = match message {
+            Some(m) => json!({ "error": code, "message": m }),
+            None => json!({ "error": code }),
+        };
+        (status, Json(body)).into_response()
+    }
+}
+
+pub type Result<T> = std::result::Result<T, AppError>;
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use axum::http::StatusCode;
+
+    #[test]
+    fn validation_error_is_422_with_message() {
+        let err = AppError::Validation("name too long".into());
+        assert_eq!(err.status(), StatusCode::UNPROCESSABLE_ENTITY);
+        let resp = err.into_response();
+        assert_eq!(resp.status(), StatusCode::UNPROCESSABLE_ENTITY);
+    }
+
+    #[test]
+    fn not_found_is_404_no_message() {
+        let err = AppError::NotFound;
+        assert_eq!(err.status(), StatusCode::NOT_FOUND);
+    }
+
+    #[test]
+    fn sqlx_row_not_found_maps_to_404() {
+        let err: AppError = sqlx::Error::RowNotFound.into();
+        assert_eq!(err.status(), StatusCode::NOT_FOUND);
+    }
+}
diff --git a/server/src/lib.rs b/server/src/lib.rs
new file mode 100644
index 0000000..592e277
--- /dev/null
+++ b/server/src/lib.rs
@@ -0,0 +1,11 @@
+pub mod app;
+pub mod auth;
+pub mod cli;
+pub mod config;
+pub mod db;
+pub mod dto;
+pub mod error;
+pub mod repo;
+pub mod routes;
+pub mod services;
+pub mod state;
diff --git a/server/src/main.rs b/server/src/main.rs
new file mode 100644
index 0000000..b91dd0c
--- /dev/null
+++ b/server/src/main.rs
@@ -0,0 +1,65 @@
+use anyhow::Context;
+use clap::Parser;
+use navsrv::{
+    app::build_app,
+    auth::session::{layer as session_layer, run_pruner},
+    cli::{run_command, Cli},
+    config::Settings,
+    db::{connect, migrate},
+    repo::{SqlxConfigRepo, SqlxNavRepo},
+    services::bootstrap::ensure_admin_password,
+    state::AppState,
+};
+use std::net::SocketAddr;
+use std::sync::Arc;
+use tokio::net::TcpListener;
+
+#[tokio::main]
+async fn main() -> anyhow::Result<()> {
+    let cli = Cli::parse();
+    let settings = Settings::load().context("load settings")?;
+    init_tracing(&settings.rust_log);
+
+    if let Some(cmd) = cli.command {
+        return run_command(cmd).await;
+    }
+
+    let pool = connect(&settings.db_url()).await.context("db connect")?;
+    migrate(&pool).await.context("migrate")?;
+
+    let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg = Arc::new(SqlxConfigRepo::new(pool.clone()));
+
+    ensure_admin_password(
+        cfg.clone(),
+        &settings.data_dir,
+        settings.bootstrap_admin_password.clone(),
+    )
+    .await?;
+
+    navsrv::services::migration::seed_if_empty(nav.clone() as _, cfg.clone() as _).await?;
+
+    let state = AppState::new(nav, cfg, settings.data_dir.clone());
+    let app = build_app(
+        state,
+        session_layer(pool.clone(), settings.secure_cookies),
+        settings.static_dir.clone(),
+    );
+    tokio::spawn(run_pruner(pool));
+
+    let addr = SocketAddr::from(([0, 0, 0, 0], settings.port));
+    let listener = TcpListener::bind(addr).await.context("bind")?;
+    tracing::info!(%addr, "navsrv listening");
+    axum::serve(listener, app).await.context("serve")?;
+    Ok(())
+}
+
+fn init_tracing(filter: &str) {
+    use tracing_subscriber::{fmt, EnvFilter};
+    let env = EnvFilter::try_new(filter).unwrap_or_else(|_| EnvFilter::new("info"));
+    fmt()
+        .with_env_filter(env)
+        .with_target(false)
+        .compact()
+        .init();
+}
diff --git a/server/src/repo/config.rs b/server/src/repo/config.rs
new file mode 100644
index 0000000..62c795e
--- /dev/null
+++ b/server/src/repo/config.rs
@@ -0,0 +1,78 @@
+use crate::error::Result;
+use async_trait::async_trait;
+use sqlx::SqlitePool;
+use std::collections::BTreeMap;
+
+#[async_trait]
+pub trait ConfigRepo: Send + Sync {
+    async fn get(&self, key: &str) -> Result<Option<String>>;
+    async fn get_many(&self, keys: &[&str]) -> Result<BTreeMap<String, String>>;
+    async fn upsert(&self, key: &str, value: &str) -> Result<()>;
+    async fn upsert_many(&self, pairs: &[(&str, &str)]) -> Result<()>;
+    async fn delete(&self, key: &str) -> Result<()>;
+}
+
+pub struct SqlxConfigRepo {
+    pool: SqlitePool,
+}
+
+impl SqlxConfigRepo {
+    pub fn new(pool: SqlitePool) -> Self {
+        Self { pool }
+    }
+}
+
+#[async_trait]
+impl ConfigRepo for SqlxConfigRepo {
+    async fn get(&self, key: &str) -> Result<Option<String>> {
+        let row = sqlx::query_scalar!("SELECT value FROM config WHERE key = ?", key)
+            .fetch_optional(&self.pool)
+            .await?;
+        Ok(row)
+    }
+
+    async fn get_many(&self, keys: &[&str]) -> Result<BTreeMap<String, String>> {
+        let mut out = BTreeMap::new();
+        for k in keys {
+            if let Some(v) = self.get(k).await? {
+                out.insert((*k).to_string(), v);
+            }
+        }
+        Ok(out)
+    }
+
+    async fn upsert(&self, key: &str, value: &str) -> Result<()> {
+        sqlx::query!(
+            "INSERT INTO config (key, value) VALUES (?, ?)
+             ON CONFLICT(key) DO UPDATE SET value=excluded.value",
+            key,
+            value
+        )
+        .execute(&self.pool)
+        .await?;
+        Ok(())
+    }
+
+    async fn upsert_many(&self, pairs: &[(&str, &str)]) -> Result<()> {
+        let mut tx = self.pool.begin().await?;
+        for (k, v) in pairs {
+            sqlx::query!(
+                "INSERT INTO config (key, value) VALUES (?, ?)
+                 ON CONFLICT(key) DO UPDATE SET value=excluded.value",
+                k,
+                v
+            )
+            .execute(&mut *tx)
+            .await?;
+        }
+        tx.commit().await?;
+        Ok(())
+    }
+
+    async fn delete(&self, key: &str) -> Result<()> {
+        sqlx::query!("DELETE FROM config WHERE key = ?", key)
+            .execute(&self.pool)
+            .await?;
+        Ok(())
+    }
+}
diff --git a/server/src/repo/mod.rs b/server/src/repo/mod.rs
new file mode 100644
index 0000000..7a7c115
--- /dev/null
+++ b/server/src/repo/mod.rs
@@ -0,0 +1,6 @@
+pub mod config;
+pub mod nav;
+pub mod sqlx_impl;
+pub use config::{ConfigRepo, SqlxConfigRepo};
+pub use nav::NavRepo;
+pub use sqlx_impl::SqlxNavRepo;
diff --git a/server/src/repo/nav.rs b/server/src/repo/nav.rs
new file mode 100644
index 0000000..5e199ba
--- /dev/null
+++ b/server/src/repo/nav.rs
@@ -0,0 +1,35 @@
+use crate::dto::*;
+use crate::error::Result;
+use async_trait::async_trait;
+
+#[async_trait]
+pub trait NavRepo: Send + Sync {
+    // ----- Bundle -----
+    async fn get_bundle(&self) -> Result<(Vec<Site>, Vec<Group>, Vec<Item>, Vec<Tag>)>;
+
+    // ----- Sites -----
+    async fn list_sites(&self) -> Result<Vec<Site>>;
+    async fn create_site(&self, p: SitePayload) -> Result<Site>;
+    async fn patch_site(&self, id: i64, p: SitePatch) -> Result<Site>;
+    async fn delete_site(&self, id: i64) -> Result<()>;
+    async fn reorder_sites(&self, entries: Vec<ReorderEntry>) -> Result<()>;
+
+    // ----- Groups -----
+    async fn list_groups(&self) -> Result<Vec<Group>>;
+    async fn create_group(&self, p: GroupPayload) -> Result<Group>;
+    async fn patch_group(&self, id: i64, p: GroupPatch) -> Result<Group>;
+    async fn delete_group(&self, id: i64) -> Result<()>;
+    async fn reorder_groups(&self, entries: Vec<ReorderEntry>) -> Result<()>;
+
+    // ----- Items -----
+    async fn create_item(&self, p: ItemPayload) -> Result<Item>;
+    async fn patch_item(&self, id: i64, p: ItemPatch) -> Result<Item>;
+    async fn delete_item(&self, id: i64) -> Result<()>;
+    async fn reorder_items(&self, entries: Vec<ReorderEntry>) -> Result<()>;
+
+    // ----- Tags -----
+    async fn list_tags(&self) -> Result<Vec<Tag>>;
+    async fn create_tag(&self, p: TagPayload) -> Result<Tag>;
+    async fn patch_tag(&self, id: i64, p: TagPatch) -> Result<Tag>;
+    async fn delete_tag(&self, id: i64) -> Result<()>;
+}
diff --git a/server/src/repo/sqlx_impl.rs b/server/src/repo/sqlx_impl.rs
new file mode 100644
index 0000000..c8fedc0
--- /dev/null
+++ b/server/src/repo/sqlx_impl.rs
@@ -0,0 +1,608 @@
+//! `NavRepo` implementation backed by a SQLite pool.
+//!
+//! Sites/Groups/Tags are fully implemented here. Item methods are stubbed
+//! and filled in by Task 14.
+
+use crate::dto::*;
+use crate::error::{AppError, Result};
+use crate::repo::nav::NavRepo;
+use async_trait::async_trait;
+use sqlx::SqlitePool;
+
+pub struct SqlxNavRepo {
+    pool: SqlitePool,
+}
+
+impl SqlxNavRepo {
+    pub fn new(pool: SqlitePool) -> Self {
+        Self { pool }
+    }
+}
+
+fn now_ms() -> i64 {
+    use std::time::{SystemTime, UNIX_EPOCH};
+    SystemTime::now()
+        .duration_since(UNIX_EPOCH)
+        .map(|d| d.as_millis() as i64)
+        .unwrap_or(0)
+}
+
+fn map_unique_violation(err: sqlx::Error) -> AppError {
+    if let Some(db_err) = err.as_database_error() {
+        let msg = db_err.message();
+        if msg.contains("UNIQUE constraint failed") {
+            return AppError::Conflict(msg.to_string());
+        }
+    }
+    AppError::Sqlx(err)
+}
+
+#[async_trait]
+impl NavRepo for SqlxNavRepo {
+    async fn get_bundle(&self) -> Result<(Vec<Site>, Vec<Group>, Vec<Item>, Vec<Tag>)> {
+        let sites = self.list_sites().await?;
+        let groups = self.list_groups().await?;
+        let tags = self.list_tags().await?;
+        let items = self.list_items_full().await?;
+        Ok((sites, groups, items, tags))
+    }
+
+    // ---- Sites ----
+
+    async fn list_sites(&self) -> Result<Vec<Site>> {
+        let rows = sqlx::query!(
+            r#"SELECT id as "id!: i64", value, name,
+                      name_i18n as "name_i18n: serde_json::Value",
+                      sort_order as "sort_order!: i64",
+                      is_default
+               FROM sites ORDER BY sort_order, id"#
+        )
+        .fetch_all(&self.pool)
+        .await?;
+        Ok(rows
+            .into_iter()
+            .map(|r| Site {
+                id: r.id,
+                value: r.value,
+                name: r.name,
+                name_i18n: r.name_i18n,
+                sort_order: r.sort_order,
+                is_default: r.is_default != 0,
+            })
+            .collect())
+    }
+
+    async fn create_site(&self, p: SitePayload) -> Result<Site> {
+        let res = sqlx::query!(
+            "INSERT INTO sites (value, name, name_i18n, is_default) VALUES (?, ?, ?, ?)",
+            p.value,
+            p.name,
+            p.name_i18n,
+            p.is_default
+        )
+        .execute(&self.pool)
+        .await
+        .map_err(map_unique_violation)?;
+        let id = res.last_insert_rowid();
+        self.list_sites()
+            .await?
+            .into_iter()
+            .find(|s| s.id == id)
+            .ok_or(AppError::NotFound)
+    }
+
+    async fn patch_site(&self, id: i64, p: SitePatch) -> Result<Site> {
+        let mut tx = self.pool.begin().await?;
+        if let Some(v) = p.value {
+            sqlx::query!("UPDATE sites SET value=? WHERE id=?", v, id)
+                .execute(&mut *tx)
+                .await
+                .map_err(map_unique_violation)?;
+        }
+        if let Some(v) = p.name {
+            sqlx::query!("UPDATE sites SET name=? WHERE id=?", v, id)
+                .execute(&mut *tx)
+                .await?;
+        }
+        if let Some(v) = p.name_i18n {
+            sqlx::query!("UPDATE sites SET name_i18n=? WHERE id=?", v, id)
+                .execute(&mut *tx)
+                .await?;
+        }
+        if let Some(v) = p.is_default {
+            sqlx::query!("UPDATE sites SET is_default=? WHERE id=?", v, id)
+                .execute(&mut *tx)
+                .await?;
+        }
+        tx.commit().await?;
+        self.list_sites()
+            .await?
+            .into_iter()
+            .find(|s| s.id == id)
+            .ok_or(AppError::NotFound)
+    }
+
+    async fn delete_site(&self, id: i64) -> Result<()> {
+        let res = sqlx::query!("DELETE FROM sites WHERE id=?", id)
+            .execute(&self.pool)
+            .await?;
+        if res.rows_affected() == 0 {
+            return Err(AppError::NotFound);
+        }
+        Ok(())
+    }
+
+    async fn reorder_sites(&self, entries: Vec<ReorderEntry>) -> Result<()> {
+        let mut tx = self.pool.begin().await?;
+        for e in entries {
+            sqlx::query!(
+                "UPDATE sites SET sort_order=? WHERE id=?",
+                e.sort_order,
+                e.id
+            )
+            .execute(&mut *tx)
+            .await?;
+        }
+        tx.commit().await?;
+        Ok(())
+    }
+
+    // ---- Groups ----
+
+    async fn list_groups(&self) -> Result<Vec<Group>> {
+        let rows = sqlx::query!(
+            r#"SELECT id as "id!: i64", slug, name,
+                      name_i18n as "name_i18n: serde_json::Value",
+                      sort_order as "sort_order!: i64",
+                      collapsed_default
+               FROM groups ORDER BY sort_order, id"#
+        )
+        .fetch_all(&self.pool)
+        .await?;
+        Ok(rows
+            .into_iter()
+            .map(|r| Group {
+                id: r.id,
+                slug: r.slug,
+                name: r.name,
+                name_i18n: r.name_i18n,
+                sort_order: r.sort_order,
+                collapsed_default: r.collapsed_default != 0,
+            })
+            .collect())
+    }
+
+    async fn create_group(&self, p: GroupPayload) -> Result<Group> {
+        let res = sqlx::query!(
+            "INSERT INTO groups (slug, name, name_i18n, collapsed_default) VALUES (?, ?, ?, ?)",
+            p.slug,
+            p.name,
+            p.name_i18n,
+            p.collapsed_default
+        )
+        .execute(&self.pool)
+        .await
+        .map_err(map_unique_violation)?;
+        let id = res.last_insert_rowid();
+        self.list_groups()
+            .await?
+            .into_iter()
+            .find(|g| g.id == id)
+            .ok_or(AppError::NotFound)
+    }
+
+    async fn patch_group(&self, id: i64, p: GroupPatch) -> Result<Group> {
+        let mut tx = self.pool.begin().await?;
+        if let Some(v) = p.slug {
+            sqlx::query!("UPDATE groups SET slug=? WHERE id=?", v, id)
+                .execute(&mut *tx)
+                .await
+                .map_err(map_unique_violation)?;
+        }
+        if let Some(v) = p.name {
+            sqlx::query!("UPDATE groups SET name=? WHERE id=?", v, id)
+                .execute(&mut *tx)
+                .await?;
+        }
+        if let Some(v) = p.name_i18n {
+            sqlx::query!("UPDATE groups SET name_i18n=? WHERE id=?", v, id)
+                .execute(&mut *tx)
+                .await?;
+        }
+        if let Some(v) = p.collapsed_default {
+            sqlx::query!("UPDATE groups SET collapsed_default=? WHERE id=?", v, id)
+                .execute(&mut *tx)
+                .await?;
+        }
+        tx.commit().await?;
+        self.list_groups()
+            .await?
+            .into_iter()
+            .find(|g| g.id == id)
+            .ok_or(AppError::NotFound)
+    }
+
+    async fn delete_group(&self, id: i64) -> Result<()> {
+        let res = sqlx::query!("DELETE FROM groups WHERE id=?", id)
+            .execute(&self.pool)
+            .await?;
+        if res.rows_affected() == 0 {
+            return Err(AppError::NotFound);
+        }
+        Ok(())
+    }
+
+    async fn reorder_groups(&self, entries: Vec<ReorderEntry>) -> Result<()> {
+        let mut tx = self.pool.begin().await?;
+        for e in entries {
+            sqlx::query!(
+                "UPDATE groups SET sort_order=? WHERE id=?",
+                e.sort_order,
+                e.id
+            )
+            .execute(&mut *tx)
+            .await?;
+        }
+        tx.commit().await?;
+        Ok(())
+    }
+
+    // ---- Tags ----
+
+    async fn list_tags(&self) -> Result<Vec<Tag>> {
+        let rows = sqlx::query!(
+            r#"SELECT id as "id!: i64", slug, name,
+                      name_i18n as "name_i18n: serde_json::Value"
+               FROM tags ORDER BY id"#
+        )
+        .fetch_all(&self.pool)
+        .await?;
+        Ok(rows
+            .into_iter()
+            .map(|r| Tag {
+                id: r.id,
+                slug: r.slug,
+                name: r.name,
+                name_i18n: r.name_i18n,
+            })
+            .collect())
+    }
+
+    async fn create_tag(&self, p: TagPayload) -> Result<Tag> {
+        let res = sqlx::query!(
+            "INSERT INTO tags (slug, name, name_i18n) VALUES (?, ?, ?)",
+            p.slug,
+            p.name,
+            p.name_i18n
+        )
+        .execute(&self.pool)
+        .await
+        .map_err(map_unique_violation)?;
+        let id = res.last_insert_rowid();
+        self.list_tags()
+            .await?
+            .into_iter()
+            .find(|t| t.id == id)
+            .ok_or(AppError::NotFound)
+    }
+
+    async fn patch_tag(&self, id: i64, p: TagPatch) -> Result<Tag> {
+        let mut tx = self.pool.begin().await?;
+        if let Some(v) = p.slug {
+            sqlx::query!("UPDATE tags SET slug=? WHERE id=?", v, id)
+                .execute(&mut *tx)
+                .await
+                .map_err(map_unique_violation)?;
+        }
+        if let Some(v) = p.name {
+            sqlx::query!("UPDATE tags SET name=? WHERE id=?", v, id)
+                .execute(&mut *tx)
+                .await?;
+        }
+        if let Some(v) = p.name_i18n {
+            sqlx::query!("UPDATE tags SET name_i18n=? WHERE id=?", v, id)
+                .execute(&mut *tx)
+                .await?;
+        }
+        tx.commit().await?;
+        self.list_tags()
+            .await?
+            .into_iter()
+            .find(|t| t.id == id)
+            .ok_or(AppError::NotFound)
+    }
+
+    async fn delete_tag(&self, id: i64) -> Result<()> {
+        let res = sqlx::query!("DELETE FROM tags WHERE id=?", id)
+            .execute(&self.pool)
+            .await?;
+        if res.rows_affected() == 0 {
+            return Err(AppError::NotFound);
+        }
+        Ok(())
+    }
+
+    // ---- Items ----
+
+    async fn create_item(&self, p: ItemPayload) -> Result<Item> {
+        let now = now_ms();
+        let kind_str = match p.icon_kind {
+            IconKind::Asset => "asset",
+            IconKind::Url => "url",
+            IconKind::AutoFavicon => "auto-favicon",
+        };
+
+        let mut tx = self.pool.begin().await?;
+        let res = sqlx::query!(
+            r#"INSERT INTO items
+                (group_id, name, name_i18n, description, description_i18n,
+                 icon_kind, icon_value, sort_order, created_at, updated_at)
+               VALUES (?, ?, ?, ?, ?, ?, ?, COALESCE((SELECT MAX(sort_order)+1 FROM items WHERE group_id IS ?), 0), ?, ?)"#,
+            p.group_id, p.name, p.name_i18n, p.description, p.description_i18n,
+            kind_str, p.icon_value, p.group_id, now, now
+        ).execute(&mut *tx).await?;
+        let id = res.last_insert_rowid();
+
+        for (site_value, url) in &p.links {
+            sqlx::query!(
+                r#"INSERT INTO item_links (item_id, site_id, url)
+                    SELECT ?, sites.id, ? FROM sites WHERE sites.value = ?"#,
+                id,
+                url,
+                site_value
+            )
+            .execute(&mut *tx)
+            .await?;
+        }
+
+        for slug in &p.tag_slugs {
+            sqlx::query!(
+                r#"INSERT INTO item_tags (item_id, tag_id)
+                    SELECT ?, tags.id FROM tags WHERE tags.slug = ?"#,
+                id,
+                slug
+            )
+            .execute(&mut *tx)
+            .await?;
+        }
+        tx.commit().await?;
+        self.fetch_item(id).await
+    }
+
+    async fn patch_item(&self, id: i64, p: ItemPatch) -> Result<Item> {
+        let now = now_ms();
+        let mut tx = self.pool.begin().await?;
+        if let Some(v) = p.group_id {
+            sqlx::query!(
+                "UPDATE items SET group_id=?, updated_at=? WHERE id=?",
+                v,
+                now,
+                id
+            )
+            .execute(&mut *tx)
+            .await?;
+        }
+        if let Some(v) = p.name {
+            sqlx::query!(
+                "UPDATE items SET name=?, updated_at=? WHERE id=?",
+                v,
+                now,
+                id
+            )
+            .execute(&mut *tx)
+            .await?;
+        }
+        if let Some(v) = p.name_i18n {
+            sqlx::query!(
+                "UPDATE items SET name_i18n=?, updated_at=? WHERE id=?",
+                v,
+                now,
+                id
+            )
+            .execute(&mut *tx)
+            .await?;
+        }
+        if let Some(v) = p.description {
+            sqlx::query!(
+                "UPDATE items SET description=?, updated_at=? WHERE id=?",
+                v,
+                now,
+                id
+            )
+            .execute(&mut *tx)
+            .await?;
+        }
+        if let Some(v) = p.description_i18n {
+            sqlx::query!(
+                "UPDATE items SET description_i18n=?, updated_at=? WHERE id=?",
+                v,
+                now,
+                id
+            )
+            .execute(&mut *tx)
+            .await?;
+        }
+        if let Some(v) = p.icon_kind {
+            let s = match v {
+                IconKind::Asset => "asset",
+                IconKind::Url => "url",
+                IconKind::AutoFavicon => "auto-favicon",
+            };
+            sqlx::query!(
+                "UPDATE items SET icon_kind=?, updated_at=? WHERE id=?",
+                s,
+                now,
+                id
+            )
+            .execute(&mut *tx)
+            .await?;
+        }
+        if let Some(v) = p.icon_value {
+            sqlx::query!(
+                "UPDATE items SET icon_value=?, updated_at=? WHERE id=?",
+                v,
+                now,
+                id
+            )
+            .execute(&mut *tx)
+            .await?;
+        }
+
+        if let Some(links) = p.links {
+            sqlx::query!("DELETE FROM item_links WHERE item_id=?", id)
+                .execute(&mut *tx)
+                .await?;
+            for (site_value, url) in links {
+                sqlx::query!(
+                    r#"INSERT INTO item_links (item_id, site_id, url)
+                        SELECT ?, sites.id, ? FROM sites WHERE sites.value = ?"#,
+                    id,
+                    url,
+                    site_value
+                )
+                .execute(&mut *tx)
+                .await?;
+            }
+        }
+        if let Some(tag_slugs) = p.tag_slugs {
+            sqlx::query!("DELETE FROM item_tags WHERE item_id=?", id)
+                .execute(&mut *tx)
+                .await?;
+            for slug in tag_slugs {
+                sqlx::query!(
+                    r#"INSERT INTO item_tags (item_id, tag_id)
+                        SELECT ?, tags.id FROM tags WHERE tags.slug = ?"#,
+                    id,
+                    slug
+                )
+                .execute(&mut *tx)
+                .await?;
+            }
+        }
+        tx.commit().await?;
+        self.fetch_item(id).await
+    }
+
+    async fn delete_item(&self, id: i64) -> Result<()> {
+        let res = sqlx::query!("DELETE FROM items WHERE id=?", id)
+            .execute(&self.pool)
+            .await?;
+        if res.rows_affected() == 0 {
+            return Err(AppError::NotFound);
+        }
+        Ok(())
+    }
+
+    async fn reorder_items(&self, entries: Vec<ReorderEntry>) -> Result<()> {
+        let now = now_ms();
+        let mut tx = self.pool.begin().await?;
+        for e in entries {
+            match e.group_id {
+                Some(gid) => {
+                    sqlx::query!(
+                        "UPDATE items SET sort_order=?, group_id=?, updated_at=? WHERE id=?",
+                        e.sort_order,
+                        gid,
+                        now,
+                        e.id
+                    )
+                    .execute(&mut *tx)
+                    .await?;
+                }
+                None => {
+                    sqlx::query!(
+                        "UPDATE items SET sort_order=?, updated_at=? WHERE id=?",
+                        e.sort_order,
+                        now,
+                        e.id
+                    )
+                    .execute(&mut *tx)
+                    .await?;
+                }
+            }
+        }
+        tx.commit().await?;
+        Ok(())
+    }
+}
+
+impl SqlxNavRepo {
+    pub(crate) async fn fetch_item(&self, id: i64) -> Result<Item> {
+        self.list_items_full()
+            .await?
+            .into_iter()
+            .find(|i| i.id == id)
+            .ok_or(AppError::NotFound)
+    }
+
+    pub(crate) async fn list_items_full(&self) -> Result<Vec<Item>> {
+        let item_rows = sqlx::query!(
+            r#"SELECT id as "id!: i64", group_id,
+                      name, name_i18n as "name_i18n: serde_json::Value",
+                      description, description_i18n as "description_i18n: serde_json::Value",
+                      icon_kind, icon_value,
+                      sort_order as "sort_order!: i64",
+                      created_at as "created_at!: i64",
+                      updated_at as "updated_at!: i64"
+               FROM items
+               ORDER BY group_id, sort_order, id"#
+        )
+        .fetch_all(&self.pool)
+        .await?;
+
+        let link_rows = sqlx::query!(
+            r#"SELECT il.item_id as "item_id!: i64", s.value as "site_value!", il.url as "url!"
+               FROM item_links il JOIN sites s ON s.id = il.site_id"#
+        )
+        .fetch_all(&self.pool)
+        .await?;
+
+        let tag_rows = sqlx::query!(
+            r#"SELECT it.item_id as "item_id!: i64", t.slug as "slug!"
+               FROM item_tags it JOIN tags t ON t.id = it.tag_id"#
+        )
+        .fetch_all(&self.pool)
+        .await?;
+
+        let mut items: Vec<Item> = item_rows
+            .into_iter()
+            .map(|r| {
+                let kind = match r.icon_kind.as_str() {
+                    "url" => IconKind::Url,
+                    "auto-favicon" => IconKind::AutoFavicon,
+                    _ => IconKind::Asset,
+                };
+                Item {
+                    id: r.id,
+                    group_id: r.group_id,
+                    name: r.name,
+                    name_i18n: r.name_i18n,
+                    description: r.description,
+                    description_i18n: r.description_i18n,
+                    icon_kind: kind,
+                    icon_value: r.icon_value,
+                    sort_order: r.sort_order,
+                    links: Default::default(),
+                    tag_slugs: Vec::new(),
+                    created_at: r.created_at,
+                    updated_at: r.updated_at,
+                }
+            })
+            .collect();
+
+        let by_id: std::collections::HashMap<i64, usize> =
+            items.iter().enumerate().map(|(i, it)| (it.id, i)).collect();
+
+        for r in link_rows {
+            if let Some(&idx) = by_id.get(&r.item_id) {
+                items[idx].links.insert(r.site_value, r.url);
+            }
+        }
+        for r in tag_rows {
+            if let Some(&idx) = by_id.get(&r.item_id) {
+                items[idx].tag_slugs.push(r.slug);
+            }
+        }
+        Ok(items)
+    }
+}
diff --git a/server/src/routes/auth.rs b/server/src/routes/auth.rs
new file mode 100644
index 0000000..24fe651
--- /dev/null
+++ b/server/src/routes/auth.rs
@@ -0,0 +1,82 @@
+use axum::{
+    extract::State,
+    http::StatusCode,
+    routing::{get, post},
+    Json, Router,
+};
+use serde::Deserialize;
+use serde_json::json;
+use tower_governor::governor::GovernorConfigBuilder;
+use tower_governor::key_extractor::GlobalKeyExtractor;
+use tower_governor::GovernorLayer;
+use tower_sessions::Session;
+
+use crate::auth::password;
+use crate::auth::session::SESSION_KEY_AUTHED;
+use crate::error::{AppError, Result};
+use crate::state::AppState;
+
+pub fn router() -> Router<AppState> {
+    // 5 attempts per 15 minutes ≈ 1 token replenished every 180s with a burst of 5.
+    // GlobalKeyExtractor: single shared bucket for the login route. This avoids
+    // per-IP keying which would require `into_make_service_with_connect_info`
+    // wiring at the serve site — out of scope for this task.
+    let conf = Box::new(
+        GovernorConfigBuilder::default()
+            .per_second(180)
+            .burst_size(5)
+            .key_extractor(GlobalKeyExtractor)
+            .finish()
+            .expect("governor config"),
+    );
+    let governor = GovernorLayer {
+        config: Box::leak(conf),
+    };
+
+    Router::new()
+        .route("/auth/login", post(login).layer(governor))
+        .route("/auth/logout", post(logout))
+        .route("/auth/me", get(me))
+}
+
+#[derive(Deserialize)]
+struct LoginBody {
+    password: String,
+}
+
+async fn login(
+    State(s): State<AppState>,
+    session: Session,
+    Json(body): Json<LoginBody>,
+) -> Result<StatusCode> {
+    let hashed = s
+        .config
+        .get("admin_password_hash")
+        .await?
+        .ok_or(AppError::Unauthenticated)?;
+    if !password::verify(&body.password, &hashed)? {
+        return Err(AppError::Unauthenticated);
+    }
+    session
+        .insert(SESSION_KEY_AUTHED, true)
+        .await
+        .map_err(|e| AppError::Other(anyhow::anyhow!(e)))?;
+    Ok(StatusCode::NO_CONTENT)
+}
+
+async fn logout(session: Session) -> Result<StatusCode> {
+    session
+        .flush()
+        .await
+        .map_err(|e| AppError::Other(anyhow::anyhow!(e)))?;
+    Ok(StatusCode::NO_CONTENT)
+}
+
+async fn me(session: Session) -> Result<Json<serde_json::Value>> {
+    let authed = session
+        .get::<bool>(SESSION_KEY_AUTHED)
+        .await
+        .map_err(|e| AppError::Other(anyhow::anyhow!(e)))?
+        .unwrap_or(false);
+    Ok(Json(json!({ "authenticated": authed })))
+}
diff --git a/server/src/routes/config.rs b/server/src/routes/config.rs
new file mode 100644
index 0000000..4a67293
--- /dev/null
+++ b/server/src/routes/config.rs
@@ -0,0 +1,78 @@
+use axum::{
+    extract::State,
+    http::StatusCode,
+    routing::{patch, post},
+    Json, Router,
+};
+use serde::Deserialize;
+
+use crate::auth::{password, RequireAuth};
+use crate::error::{AppError, Result};
+use crate::state::AppState;
+
+pub fn router() -> Router<AppState> {
+    Router::new()
+        .route("/config", patch(patch_config))
+        .route("/config/password", post(change_password))
+}
+
+#[derive(Deserialize)]
+struct ConfigEntry {
+    key: String,
+    value: String,
+}
+
+async fn patch_config(
+    _auth: RequireAuth,
+    State(s): State<AppState>,
+    Json(items): Json<Vec<ConfigEntry>>,
+) -> Result<StatusCode> {
+    let pairs: Vec<(&str, &str)> = items
+        .iter()
+        .map(|i| (i.key.as_str(), i.value.as_str()))
+        .collect();
+    s.config.upsert_many(&pairs).await?;
+    Ok(StatusCode::NO_CONTENT)
+}
+
+#[derive(Deserialize)]
+struct ChangePassword {
+    current: String,
+    next: String,
+}
+
+async fn change_password(
+    _auth: RequireAuth,
+    State(s): State<AppState>,
+    Json(body): Json<ChangePassword>,
+) -> Result<StatusCode> {
+    if body.next.len() < 8 {
+        return Err(AppError::Validation(
+            "password must be at least 8 chars".into(),
+        ));
+    }
+    let current_hash = s
+        .config
+        .get("admin_password_hash")
+        .await?
+        .ok_or(AppError::Unauthenticated)?;
+    if !password::verify(&body.current, &current_hash)? {
+        return Err(AppError::Unauthenticated);
+    }
+    let new_hash = password::hash(&body.next)?;
+    let now = chrono::Utc::now().timestamp_millis().to_string();
+    s.config
+        .upsert_many(&[
+            ("admin_password_hash", &new_hash),
+            ("admin_password_updated_at", &now),
+        ])
+        .await?;
+
+    let initial = s.data_dir.join("INITIAL_PASSWORD.txt");
+    if initial.exists() {
+        if let Err(e) = std::fs::remove_file(&initial) {
+            tracing::warn!(error=%e, ?initial, "failed to remove INITIAL_PASSWORD.txt");
+        }
+    }
+    Ok(StatusCode::NO_CONTENT)
+}
diff --git a/server/src/routes/favicon.rs b/server/src/routes/favicon.rs
new file mode 100644
index 0000000..c4937fb
--- /dev/null
+++ b/server/src/routes/favicon.rs
@@ -0,0 +1,34 @@
+use axum::{
+    extract::{Query, State},
+    http::{header, HeaderMap, HeaderValue},
+    response::IntoResponse,
+    routing::get,
+    Router,
+};
+use serde::Deserialize;
+
+use crate::error::Result;
+use crate::services::favicon::FaviconService;
+use crate::state::AppState;
+use std::sync::Arc;
+
+pub fn router() -> Router<AppState> {
+    Router::new().route("/favicon", get(favicon))
+}
+
+#[derive(Deserialize)]
+struct Q {
+    host: String,
+}
+
+async fn favicon(State(s): State<AppState>, Query(q): Query<Q>) -> Result<impl IntoResponse> {
+    let svc: &Arc<FaviconService> = &s.favicon;
+    let (mime, bytes) = svc.fetch(&q.host).await?;
+    let mut h = HeaderMap::new();
+    h.insert(header::CONTENT_TYPE, HeaderValue::from_str(&mime).unwrap());
+    h.insert(
+        header::CACHE_CONTROL,
+        HeaderValue::from_static("public, max-age=86400"),
+    );
+    Ok((h, bytes))
+}
diff --git a/server/src/routes/groups.rs b/server/src/routes/groups.rs
new file mode 100644
index 0000000..cfee6d9
--- /dev/null
+++ b/server/src/routes/groups.rs
@@ -0,0 +1,50 @@
+use axum::{
+    extract::{Path, State},
+    http::StatusCode,
+    routing::{patch, post},
+    Json, Router,
+};
+
+use crate::auth::RequireAuth;
+use crate::dto::{Group, GroupPatch, GroupPayload, ReorderEntry};
+use crate::error::Result;
+use crate::state::AppState;
+
+pub fn router() -> Router<AppState> {
+    Router::new()
+        .route("/groups", post(create))
+        .route("/groups/reorder", post(reorder))
+        .route("/groups/:id", patch(update).delete(remove))
+}
+
+async fn create(
+    _a: RequireAuth,
+    State(s): State<AppState>,
+    Json(body): Json<GroupPayload>,
+) -> Result<(StatusCode, Json<Group>)> {
+    Ok((StatusCode::CREATED, Json(s.nav.create_group(body).await?)))
+}
+async fn update(
+    _a: RequireAuth,
+    State(s): State<AppState>,
+    Path(id): Path<i64>,
+    Json(body): Json<GroupPatch>,
+) -> Result<Json<Group>> {
+    Ok(Json(s.nav.patch_group(id, body).await?))
+}
+async fn remove(
+    _a: RequireAuth,
+    State(s): State<AppState>,
+    Path(id): Path<i64>,
+) -> Result<StatusCode> {
+    s.nav.delete_group(id).await?;
+    Ok(StatusCode::NO_CONTENT)
+}
+async fn reorder(
+    _a: RequireAuth,
+    State(s): State<AppState>,
+    Json(entries): Json<Vec<ReorderEntry>>,
+) -> Result<StatusCode> {
+    s.nav.reorder_groups(entries).await?;
+    Ok(StatusCode::NO_CONTENT)
+}
diff --git a/server/src/routes/health.rs b/server/src/routes/health.rs
new file mode 100644
index 0000000..f26b16d
--- /dev/null
+++ b/server/src/routes/health.rs
@@ -0,0 +1,10 @@
+use axum::{routing::get, Json, Router};
+use serde_json::{json, Value};
+
+pub fn router<S: Clone + Send + Sync + 'static>() -> Router<S> {
+    Router::new().route("/health", get(health))
+}
+
+async fn health() -> Json<Value> {
+    Json(json!({ "status": "ok" }))
+}
diff --git a/server/src/routes/icons.rs b/server/src/routes/icons.rs
new file mode 100644
index 0000000..1ea59ee
--- /dev/null
+++ b/server/src/routes/icons.rs
@@ -0,0 +1,72 @@
+use axum::{
+    extract::{Multipart, State},
+    http::StatusCode,
+    routing::post,
+    Json, Router,
+};
+use rand::distributions::{Alphanumeric, DistString};
+use serde_json::{json, Value};
+
+use crate::auth::RequireAuth;
+use crate::error::{AppError, Result};
+use crate::state::AppState;
+
+pub fn router() -> Router<AppState> {
+    Router::new().route("/icons/upload", post(upload))
+}
+
+async fn upload(
+    _auth: RequireAuth,
+    State(s): State<AppState>,
+    mut form: Multipart,
+) -> Result<(StatusCode, Json<Value>)> {
+    let icons_dir = s.data_dir.join("icons");
+    std::fs::create_dir_all(&icons_dir)?;
+
+    while let Some(field) = form
+        .next_field()
+        .await
+        .map_err(|e| AppError::Validation(format!("multipart: {e}")))?
+    {
+        if field.name() != Some("file") {
+            continue;
+        }
+        let filename = field
+            .file_name()
+            .map(str::to_owned)
+            .unwrap_or_else(|| "icon".into());
+        let ext = std::path::Path::new(&filename)
+            .extension()
+            .and_then(|s| s.to_str())
+            .unwrap_or("png")
+            .to_lowercase();
+        if !matches!(
+            ext.as_str(),
+            "png" | "jpg" | "jpeg" | "webp" | "svg" | "gif"
+        ) {
+            return Err(AppError::Validation("unsupported icon type".into()));
+        }
+        let mime = field.content_type().map(str::to_owned);
+        let data = field
+            .bytes()
+            .await
+            .map_err(|e| AppError::Validation(format!("multipart read: {e}")))?;
+        if data.len() > 1024 * 1024 {
+            return Err(AppError::Validation("icon larger than 1MiB".into()));
+        }
+        let nonce = Alphanumeric.sample_string(&mut rand::thread_rng(), 8);
+        let stored = format!("{nonce}.{ext}");
+        let path = icons_dir.join(&stored);
+        std::fs::write(&path, &data)?;
+        let public_path = format!("/icons/{stored}");
+        return Ok((
+            StatusCode::CREATED,
+            Json(json!({
+                "path": public_path,
+                "size": data.len(),
+                "mime": mime
+            })),
+        ));
+    }
+    Err(AppError::Validation("no `file` field".into()))
+}
diff --git a/server/src/routes/items.rs b/server/src/routes/items.rs
new file mode 100644
index 0000000..949b36c
--- /dev/null
+++ b/server/src/routes/items.rs
@@ -0,0 +1,54 @@
+use axum::{
+    extract::{Path, State},
+    http::StatusCode,
+    routing::{patch, post},
+    Json, Router,
+};
+
+use crate::auth::RequireAuth;
+use crate::dto::{Item, ItemPatch, ItemPayload, ReorderEntry};
+use crate::error::Result;
+use crate::state::AppState;
+
+pub fn router() -> Router<AppState> {
+    Router::new()
+        .route("/items", post(create))
+        .route("/items/reorder", post(reorder))
+        .route("/items/:id", patch(update).delete(remove))
+}
+
+async fn create(
+    _auth: RequireAuth,
+    State(s): State<AppState>,
+    Json(body): Json<ItemPayload>,
+) -> Result<(StatusCode, Json<Item>)> {
+    let item = s.nav.create_item(body).await?;
+    Ok((StatusCode::CREATED, Json(item)))
+}
+
+async fn update(
+    _auth: RequireAuth,
+    State(s): State<AppState>,
+    Path(id): Path<i64>,
+    Json(body): Json<ItemPatch>,
+) -> Result<Json<Item>> {
+    Ok(Json(s.nav.patch_item(id, body).await?))
+}
+
+async fn remove(
+    _auth: RequireAuth,
+    State(s): State<AppState>,
+    Path(id): Path<i64>,
+) -> Result<StatusCode> {
+    s.nav.delete_item(id).await?;
+    Ok(StatusCode::NO_CONTENT)
+}
+
+async fn reorder(
+    _auth: RequireAuth,
+    State(s): State<AppState>,
+    Json(entries): Json<Vec<ReorderEntry>>,
+) -> Result<StatusCode> {
+    s.nav.reorder_items(entries).await?;
+    Ok(StatusCode::NO_CONTENT)
+}
diff --git a/server/src/routes/mod.rs b/server/src/routes/mod.rs
new file mode 100644
index 0000000..5947e55
--- /dev/null
+++ b/server/src/routes/mod.rs
@@ -0,0 +1,33 @@
+use axum::Router;
+
+pub mod auth;
+pub mod config;
+pub mod favicon;
+pub mod groups;
+pub mod health;
+pub mod icons;
+pub mod items;
+pub mod nav;
+pub mod sites;
+pub mod tags;
+
+use crate::state::AppState;
+
+pub fn api(state: AppState) -> Router {
+    Router::new()
+        .nest(
+            "/api",
+            Router::new()
+                .merge(health::router())
+                .merge(nav::router())
+                .merge(auth::router())
+                .merge(config::router())
+                .merge(items::router())
+                .merge(groups::router())
+                .merge(sites::router())
+                .merge(tags::router())
+                .merge(icons::router())
+                .merge(favicon::router()),
+        )
+        .with_state(state)
+}
diff --git a/server/src/routes/nav.rs b/server/src/routes/nav.rs
new file mode 100644
index 0000000..decc079
--- /dev/null
+++ b/server/src/routes/nav.rs
@@ -0,0 +1,15 @@
+use axum::{extract::State, routing::get, Json, Router};
+
+use crate::dto::NavBundle;
+use crate::error::Result;
+use crate::services::bundle::assemble_bundle;
+use crate::state::AppState;
+
+pub fn router() -> Router<AppState> {
+    Router::new().route("/nav", get(get_nav))
+}
+
+async fn get_nav(State(s): State<AppState>) -> Result<Json<NavBundle>> {
+    let bundle = assemble_bundle(s.nav.clone(), s.config.clone()).await?;
+    Ok(Json(bundle))
+}
diff --git a/server/src/routes/sites.rs b/server/src/routes/sites.rs
new file mode 100644
index 0000000..9d1638c
--- /dev/null
+++ b/server/src/routes/sites.rs
@@ -0,0 +1,50 @@
+use axum::{
+    extract::{Path, State},
+    http::StatusCode,
+    routing::{patch, post},
+    Json, Router,
+};
+
+use crate::auth::RequireAuth;
+use crate::dto::{ReorderEntry, Site, SitePatch, SitePayload};
+use crate::error::Result;
+use crate::state::AppState;
+
+pub fn router() -> Router<AppState> {
+    Router::new()
+        .route("/sites", post(create))
+        .route("/sites/reorder", post(reorder))
+        .route("/sites/:id", patch(update).delete(remove))
+}
+
+async fn create(
+    _a: RequireAuth,
+    State(s): State<AppState>,
+    Json(body): Json<SitePayload>,
+) -> Result<(StatusCode, Json<Site>)> {
+    Ok((StatusCode::CREATED, Json(s.nav.create_site(body).await?)))
+}
+async fn update(
+    _a: RequireAuth,
+    State(s): State<AppState>,
+    Path(id): Path<i64>,
+    Json(body): Json<SitePatch>,
+) -> Result<Json<Site>> {
+    Ok(Json(s.nav.patch_site(id, body).await?))
+}
+async fn remove(
+    _a: RequireAuth,
+    State(s): State<AppState>,
+    Path(id): Path<i64>,
+) -> Result<StatusCode> {
+    s.nav.delete_site(id).await?;
+    Ok(StatusCode::NO_CONTENT)
+}
+async fn reorder(
+    _a: RequireAuth,
+    State(s): State<AppState>,
+    Json(entries): Json<Vec<ReorderEntry>>,
+) -> Result<StatusCode> {
+    s.nav.reorder_sites(entries).await?;
+    Ok(StatusCode::NO_CONTENT)
+}
diff --git a/server/src/routes/tags.rs b/server/src/routes/tags.rs
new file mode 100644
index 0000000..c51884d
--- /dev/null
+++ b/server/src/routes/tags.rs
@@ -0,0 +1,41 @@
+use axum::{
+    extract::{Path, State},
+    http::StatusCode,
+    routing::{patch, post},
+    Json, Router,
+};
+
+use crate::auth::RequireAuth;
+use crate::dto::{Tag, TagPatch, TagPayload};
+use crate::error::Result;
+use crate::state::AppState;
+
+pub fn router() -> Router<AppState> {
+    Router::new()
+        .route("/tags", post(create))
+        .route("/tags/:id", patch(update).delete(remove))
+}
+
+async fn create(
+    _a: RequireAuth,
+    State(s): State<AppState>,
+    Json(body): Json<TagPayload>,
+) -> Result<(StatusCode, Json<Tag>)> {
+    Ok((StatusCode::CREATED, Json(s.nav.create_tag(body).await?)))
+}
+async fn update(
+    _a: RequireAuth,
+    State(s): State<AppState>,
+    Path(id): Path<i64>,
+    Json(body): Json<TagPatch>,
+) -> Result<Json<Tag>> {
+    Ok(Json(s.nav.patch_tag(id, body).await?))
+}
+async fn remove(
+    _a: RequireAuth,
+    State(s): State<AppState>,
+    Path(id): Path<i64>,
+) -> Result<StatusCode> {
+    s.nav.delete_tag(id).await?;
+    Ok(StatusCode::NO_CONTENT)
+}
diff --git a/server/src/services/bootstrap.rs b/server/src/services/bootstrap.rs
new file mode 100644
index 0000000..a364703
--- /dev/null
+++ b/server/src/services/bootstrap.rs
@@ -0,0 +1,64 @@
+use crate::auth::password;
+use crate::error::Result;
+use crate::repo::ConfigRepo;
+use rand::distributions::{Alphanumeric, DistString};
+use std::path::Path;
+use std::sync::Arc;
+
+const PASSWORD_LEN: usize = 24;
+
+pub enum BootstrapOutcome {
+    AlreadySet,
+    SetFromEnv,
+    Generated(String),
+}
+
+pub async fn ensure_admin_password(
+    config: Arc<dyn ConfigRepo>,
+    data_dir: &Path,
+    env_password: Option<String>,
+) -> Result<BootstrapOutcome> {
+    if config.get("admin_password_hash").await?.is_some() {
+        return Ok(BootstrapOutcome::AlreadySet);
+    }
+
+    let now = chrono::Utc::now().timestamp_millis().to_string();
+
+    if let Some(pw) = env_password.filter(|s| !s.is_empty()) {
+        let hash = password::hash(&pw)?;
+        config
+            .upsert_many(&[
+                ("admin_password_hash", &hash),
+                ("admin_password_updated_at", &now),
+            ])
+            .await?;
+        tracing::warn!("Admin password set from env. Please change it via UI immediately.");
+        return Ok(BootstrapOutcome::SetFromEnv);
+    }
+
+    let pw = Alphanumeric.sample_string(&mut rand::thread_rng(), PASSWORD_LEN);
+    let hash = password::hash(&pw)?;
+    config
+        .upsert_many(&[
+            ("admin_password_hash", &hash),
+            ("admin_password_updated_at", &now),
+        ])
+        .await?;
+
+    let path = data_dir.join("INITIAL_PASSWORD.txt");
+    let body = format!(
+        "Initial admin password (single use):\n{pw}\n\n\
+        After logging in and changing the password via UI, this file is deleted automatically.\n"
+    );
+    std::fs::write(&path, body)?;
+    #[cfg(unix)]
+    {
+        use std::os::unix::fs::PermissionsExt;
+        let perms = std::fs::Permissions::from_mode(0o600);
+        std::fs::set_permissions(&path, perms)?;
+    }
+    tracing::warn!(?path, "Generated initial admin password — see file above");
+    tracing::warn!("INITIAL ADMIN PASSWORD: {pw}");
+
+    Ok(BootstrapOutcome::Generated(pw))
+}
diff --git a/server/src/services/bundle.rs b/server/src/services/bundle.rs
new file mode 100644
index 0000000..42244c2
--- /dev/null
+++ b/server/src/services/bundle.rs
@@ -0,0 +1,63 @@
+use crate::dto::*;
+use crate::error::Result;
+use crate::repo::{ConfigRepo, NavRepo};
+use std::sync::Arc;
+
+pub async fn assemble_bundle(
+    nav: Arc<dyn NavRepo>,
+    config: Arc<dyn ConfigRepo>,
+) -> Result<NavBundle> {
+    let (sites, groups, items, tags) = nav.get_bundle().await?;
+
+    let cfg = config
+        .get_many(&[
+            "site_name",
+            "site_avatar_path",
+            "site_copyright",
+            "site_icp_text",
+            "site_icp_url",
+            "site_police_text",
+            "site_police_url",
+            "default_theme",
+        ])
+        .await?;
+
+    let icp = match (
+        cfg.get("site_icp_text").cloned(),
+        cfg.get("site_icp_url").cloned(),
+    ) {
+        (Some(text), Some(url)) => Some(Link { text, url }),
+        _ => None,
+    };
+    let police = match (
+        cfg.get("site_police_text").cloned(),
+        cfg.get("site_police_url").cloned(),
+    ) {
+        (Some(text), Some(url)) => Some(Link { text, url }),
+        _ => None,
+    };
+
+    let meta = Meta {
+        site_name: cfg
+            .get("site_name")
+            .cloned()
+            .unwrap_or_else(|| "Navigation".into()),
+        site_avatar_path: cfg.get("site_avatar_path").cloned(),
+        site_copyright: cfg.get("site_copyright").cloned().unwrap_or_default(),
+        site_icp: icp,
+        site_police: police,
+        default_theme: cfg
+            .get("default_theme")
+            .cloned()
+            .unwrap_or_else(|| "system".into()),
+    };
+
+    Ok(NavBundle {
+        schema_version: 1,
+        meta,
+        sites,
+        groups,
+        items,
+        tags,
+    })
+}
diff --git a/server/src/services/favicon.rs b/server/src/services/favicon.rs
new file mode 100644
index 0000000..048e63f
--- /dev/null
+++ b/server/src/services/favicon.rs
@@ -0,0 +1,70 @@
+use crate::error::{AppError, Result};
+use bytes::Bytes;
+use std::path::{Path, PathBuf};
+use std::time::{Duration, SystemTime};
+
+const TTL: Duration = Duration::from_secs(7 * 24 * 3600); // 7 days
+const MAX_BYTES: u64 = 256 * 1024; // 256 KiB
+
+pub struct FaviconService {
+    cache_dir: PathBuf,
+    http: reqwest::Client,
+}
+
+impl FaviconService {
+    pub fn new(cache_dir: PathBuf) -> Self {
+        std::fs::create_dir_all(&cache_dir).ok();
+        let http = reqwest::Client::builder()
+            .timeout(Duration::from_secs(5))
+            .user_agent("navsrv-favicon/0.1")
+            .build()
+            .expect("http client");
+        Self { cache_dir, http }
+    }
+
+    pub async fn fetch(&self, host: &str) -> Result<(String, Bytes)> {
+        if !is_safe_host(host) {
+            return Err(AppError::Validation("bad host".into()));
+        }
+        let cached = self.cache_dir.join(host);
+        if let Ok(meta) = std::fs::metadata(&cached) {
+            if let Ok(age) = SystemTime::now().duration_since(meta.modified()?) {
+                if age < TTL {
+                    let bytes = Bytes::from(std::fs::read(&cached)?);
+                    return Ok(("image/png".into(), bytes));
+                }
+            }
+        }
+        let url = format!("https://www.google.com/s2/favicons?domain={host}&sz=64");
+        let resp = self
+            .http
+            .get(&url)
+            .send()
+            .await
+            .map_err(|e| AppError::Other(anyhow::anyhow!(e)))?;
+        if !resp.status().is_success() {
+            return Err(AppError::NotFound);
+        }
+        let bytes = resp
+            .bytes()
+            .await
+            .map_err(|e| AppError::Other(anyhow::anyhow!(e)))?;
+        if bytes.len() as u64 > MAX_BYTES {
+            return Err(AppError::Validation("favicon too large".into()));
+        }
+        std::fs::write(&cached, &bytes)?;
+        Ok(("image/png".into(), bytes))
+    }
+}
+
+fn is_safe_host(host: &str) -> bool {
+    !host.is_empty()
+        && host.len() <= 253
+        && host
+            .chars()
+            .all(|c| c.is_ascii_alphanumeric() || c == '.' || c == '-')
+}
+
+pub fn cache_dir(data_dir: &Path) -> PathBuf {
+    data_dir.join("icons").join("_cache")
+}
diff --git a/server/src/services/migration.rs b/server/src/services/migration.rs
new file mode 100644
index 0000000..b42a8db
--- /dev/null
+++ b/server/src/services/migration.rs
@@ -0,0 +1,168 @@
+use crate::dto::*;
+use crate::error::{AppError, Result};
+use crate::repo::{ConfigRepo, NavRepo};
+use serde::Deserialize;
+use std::sync::Arc;
+
+const BOOTSTRAP_JSON: &str = include_str!("../../bootstrap.json");
+
+#[derive(Deserialize)]
+struct BootstrapDoc {
+    #[serde(rename = "schemaVersion")]
+    _schema_version: i64,
+    meta: BootstrapMeta,
+    sites: Vec<BootstrapSite>,
+    groups: Vec<BootstrapGroup>,
+    tags: Vec<BootstrapTag>,
+    items: Vec<BootstrapItem>,
+}
+
+#[derive(Deserialize)]
+struct BootstrapMeta {
+    #[serde(rename = "siteName")]
+    site_name: String,
+    #[serde(rename = "siteAvatarPath")]
+    site_avatar_path: Option<String>,
+    #[serde(rename = "siteCopyright")]
+    site_copyright: String,
+    #[serde(rename = "siteIcp")]
+    site_icp: Option<Link>,
+    #[serde(rename = "sitePolice")]
+    site_police: Option<Link>,
+    #[serde(rename = "defaultTheme")]
+    default_theme: String,
+}
+
+#[derive(Deserialize)]
+struct BootstrapSite {
+    value: String,
+    name: String,
+    #[serde(default)]
+    name_i18n: Option<serde_json::Value>,
+    #[serde(default)]
+    is_default: bool,
+    #[serde(default)]
+    #[allow(dead_code)]
+    sort_order: i64,
+}
+
+#[derive(Deserialize)]
+struct BootstrapGroup {
+    slug: String,
+    name: String,
+    #[serde(default)]
+    name_i18n: Option<serde_json::Value>,
+    #[serde(default)]
+    #[allow(dead_code)]
+    sort_order: i64,
+    #[serde(default)]
+    collapsed_default: bool,
+}
+
+#[derive(Deserialize)]
+struct BootstrapTag {
+    slug: String,
+    name: String,
+    #[serde(default)]
+    name_i18n: Option<serde_json::Value>,
+}
+
+#[derive(Deserialize)]
+struct BootstrapItem {
+    name: String,
+    #[serde(default)]
+    name_i18n: Option<serde_json::Value>,
+    #[serde(rename = "groupSlug")]
+    group_slug: Option<String>,
+    #[serde(rename = "iconKind")]
+    icon_kind: IconKind,
+    #[serde(rename = "iconValue")]
+    icon_value: String,
+    #[serde(default)]
+    links: std::collections::BTreeMap<String, String>,
+    #[serde(default, rename = "tagSlugs")]
+    tag_slugs: Vec<String>,
+}
+
+pub async fn seed_if_empty(nav: Arc<dyn NavRepo>, config: Arc<dyn ConfigRepo>) -> Result<()> {
+    let (sites, _, items, _) = nav.get_bundle().await?;
+    if !sites.is_empty() || !items.is_empty() {
+        return Ok(());
+    }
+    let doc: BootstrapDoc =
+        serde_json::from_str(BOOTSTRAP_JSON).map_err(|e| AppError::Other(anyhow::anyhow!(e)))?;
+
+    // Meta → config kv
+    let mut pairs: Vec<(String, String)> = Vec::new();
+    pairs.push(("site_name".into(), doc.meta.site_name));
+    if let Some(p) = doc.meta.site_avatar_path {
+        pairs.push(("site_avatar_path".into(), p));
+    }
+    pairs.push(("site_copyright".into(), doc.meta.site_copyright));
+    pairs.push(("default_theme".into(), doc.meta.default_theme));
+    if let Some(l) = doc.meta.site_icp {
+        pairs.push(("site_icp_text".into(), l.text));
+        pairs.push(("site_icp_url".into(), l.url));
+    }
+    if let Some(l) = doc.meta.site_police {
+        pairs.push(("site_police_text".into(), l.text));
+        pairs.push(("site_police_url".into(), l.url));
+    }
+    let pair_refs: Vec<(&str, &str)> = pairs
+        .iter()
+        .map(|(k, v)| (k.as_str(), v.as_str()))
+        .collect();
+    config.upsert_many(&pair_refs).await?;
+
+    // Sites
+    for s in doc.sites {
+        nav.create_site(SitePayload {
+            value: s.value,
+            name: s.name,
+            name_i18n: s.name_i18n,
+            is_default: s.is_default,
+        })
+        .await?;
+    }
+    // Groups (track id by slug)
+    let mut group_id_by_slug = std::collections::HashMap::new();
+    for g in doc.groups {
+        let created = nav
+            .create_group(GroupPayload {
+                slug: g.slug.clone(),
+                name: g.name,
+                name_i18n: g.name_i18n,
+                collapsed_default: g.collapsed_default,
+            })
+            .await?;
+        group_id_by_slug.insert(g.slug, created.id);
+    }
+    // Tags
+    for t in doc.tags {
+        nav.create_tag(TagPayload {
+            slug: t.slug,
+            name: t.name,
+            name_i18n: t.name_i18n,
+        })
+        .await?;
+    }
+    // Items
+    for it in doc.items {
+        let group_id = it
+            .group_slug
+            .and_then(|s| group_id_by_slug.get(&s).copied());
+        nav.create_item(ItemPayload {
+            group_id,
+            name: it.name,
+            name_i18n: it.name_i18n,
+            description: None,
+            description_i18n: None,
+            icon_kind: it.icon_kind,
+            icon_value: it.icon_value,
+            links: it.links,
+            tag_slugs: it.tag_slugs,
+        })
+        .await?;
+    }
+    Ok(())
+}
diff --git a/server/src/services/mod.rs b/server/src/services/mod.rs
new file mode 100644
index 0000000..d1a5730
--- /dev/null
+++ b/server/src/services/mod.rs
@@ -0,0 +1,4 @@
+pub mod bootstrap;
+pub mod bundle;
+pub mod favicon;
+pub mod migration;
diff --git a/server/src/state.rs b/server/src/state.rs
new file mode 100644
index 0000000..8f88102
--- /dev/null
+++ b/server/src/state.rs
@@ -0,0 +1,26 @@
+use crate::repo::{ConfigRepo, NavRepo};
+use crate::services::favicon::FaviconService;
+use std::path::PathBuf;
+use std::sync::Arc;
+
+#[derive(Clone)]
+pub struct AppState {
+    pub nav: Arc<dyn NavRepo>,
+    pub config: Arc<dyn ConfigRepo>,
+    pub data_dir: PathBuf,
+    pub favicon: Arc<FaviconService>,
+}
+
+impl AppState {
+    pub fn new(nav: Arc<dyn NavRepo>, config: Arc<dyn ConfigRepo>, data_dir: PathBuf) -> Self {
+        let favicon = Arc::new(FaviconService::new(crate::services::favicon::cache_dir(
+            &data_dir,
+        )));
+        Self {
+            nav,
+            config,
+            data_dir,
+            favicon,
+        }
+    }
+}
diff --git a/server/tests/api_auth.rs b/server/tests/api_auth.rs
new file mode 100644
index 0000000..4a7f93a
--- /dev/null
+++ b/server/tests/api_auth.rs
@@ -0,0 +1,78 @@
+use axum_test::TestServer;
+use navsrv::app::build_app_for_tests;
+use navsrv::auth::password;
+use navsrv::db::connect_in_memory;
+use navsrv::repo::{ConfigRepo, SqlxConfigRepo};
+
+async fn server_with_password(pw: &str) -> (TestServer, std::sync::Arc<dyn ConfigRepo>) {
+    use navsrv::app::build_app;
+    use navsrv::auth::session::layer as session_layer;
+    use navsrv::repo::SqlxNavRepo;
+    use navsrv::state::AppState;
+    use std::sync::Arc;
+    let pool = connect_in_memory().await.unwrap();
+    let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    cfg.upsert("admin_password_hash", &password::hash(pw).unwrap())
+        .await
+        .unwrap();
+    let dir = std::env::temp_dir();
+    let state = AppState::new(nav, cfg.clone(), dir.clone());
+    let app = build_app(state, session_layer(pool, false), dir);
+    (TestServer::new(app).unwrap(), cfg)
+}
+
+#[tokio::test]
+async fn login_with_correct_password_returns_204_and_cookie() {
+    let (server, _cfg) = server_with_password("hunter2").await;
+    let res = server
+        .post("/api/auth/login")
+        .json(&serde_json::json!({ "password": "hunter2" }))
+        .await;
+    res.assert_status(axum::http::StatusCode::NO_CONTENT);
+    // Test runs in insecure mode (secure=false) so cookie name is plain "sid".
+    // Production HTTPS deploys get `__Host-sid` automatically (see auth/session.rs).
+    assert!(!res.cookie("sid").value().is_empty());
+}
+
+#[tokio::test]
+async fn login_with_wrong_password_returns_401() {
+    let (server, _) = server_with_password("hunter2").await;
+    let res = server
+        .post("/api/auth/login")
+        .json(&serde_json::json!({ "password": "nope" }))
+        .await;
+    res.assert_status(axum::http::StatusCode::UNAUTHORIZED);
+}
+
+#[tokio::test]
+async fn me_unauth_returns_false() {
+    let app = build_app_for_tests().await.unwrap();
+    let server = TestServer::new(app).unwrap();
+    let res = server.get("/api/auth/me").await;
+    res.assert_status_ok();
+    res.assert_json(&serde_json::json!({ "authenticated": false }));
+}
+
+#[tokio::test]
+async fn logout_clears_session() {
+    let (mut server, _) = server_with_password("hunter2").await;
+    server.do_save_cookies();
+    server
+        .post("/api/auth/login")
+        .json(&serde_json::json!({ "password": "hunter2" }))
+        .await
+        .assert_status(axum::http::StatusCode::NO_CONTENT);
+    server
+        .get("/api/auth/me")
+        .await
+        .assert_json(&serde_json::json!({ "authenticated": true }));
+    server
+        .post("/api/auth/logout")
+        .await
+        .assert_status(axum::http::StatusCode::NO_CONTENT);
+    server
+        .get("/api/auth/me")
+        .await
+        .assert_json(&serde_json::json!({ "authenticated": false }));
+}
diff --git a/server/tests/api_config_password.rs b/server/tests/api_config_password.rs
new file mode 100644
index 0000000..4ba0894
--- /dev/null
+++ b/server/tests/api_config_password.rs
@@ -0,0 +1,58 @@
+use axum_test::TestServer;
+use navsrv::app::build_app;
+use navsrv::auth::{password, session::layer as session_layer};
+use navsrv::db::connect_in_memory;
+use navsrv::repo::{ConfigRepo, SqlxConfigRepo, SqlxNavRepo};
+use navsrv::state::AppState;
+use std::sync::Arc;
+use tempfile::TempDir;
+
+async fn boot() -> (TestServer, std::sync::Arc<dyn ConfigRepo>, TempDir) {
+    let pool = connect_in_memory().await.unwrap();
+    let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    cfg.upsert("admin_password_hash", &password::hash("old").unwrap())
+        .await
+        .unwrap();
+    let dir = TempDir::new().unwrap();
+    std::fs::write(dir.path().join("INITIAL_PASSWORD.txt"), "old").unwrap();
+    let state = AppState::new(nav, cfg.clone(), dir.path().to_path_buf());
+    let app = build_app(state, session_layer(pool, false), dir.path().to_path_buf());
+    let mut server = TestServer::new(app).unwrap();
+    server.do_save_cookies();
+    server
+        .post("/api/auth/login")
+        .json(&serde_json::json!({"password":"old"}))
+        .await
+        .assert_status_success();
+    (server, cfg, dir)
+}
+
+#[tokio::test]
+async fn change_password_replaces_hash_and_deletes_initial_file() {
+    let (server, cfg, dir) = boot().await;
+    let res = server
+        .post("/api/config/password")
+        .json(&serde_json::json!({"current":"old","next":"newPwLongEnough"}))
+        .await;
+    res.assert_status(axum::http::StatusCode::NO_CONTENT);
+
+    let h = cfg.get("admin_password_hash").await.unwrap().unwrap();
+    assert!(password::verify("newPwLongEnough", &h).unwrap());
+    assert!(!password::verify("old", &h).unwrap());
+
+    assert!(
+        !dir.path().join("INITIAL_PASSWORD.txt").exists(),
+        "INITIAL_PASSWORD.txt should be deleted after first successful change"
+    );
+}
+
+#[tokio::test]
+async fn change_password_with_wrong_current_returns_401() {
+    let (server, _cfg, _dir) = boot().await;
+    server
+        .post("/api/config/password")
+        .json(&serde_json::json!({"current":"WRONG","next":"newPwLongEnough"}))
+        .await
+        .assert_status(axum::http::StatusCode::UNAUTHORIZED);
+}
diff --git a/server/tests/api_groups_sites_tags.rs b/server/tests/api_groups_sites_tags.rs
new file mode 100644
index 0000000..0cb6a29
--- /dev/null
+++ b/server/tests/api_groups_sites_tags.rs
@@ -0,0 +1,93 @@
+use axum_test::TestServer;
+use navsrv::app::build_app;
+use navsrv::auth::{password, session::layer as session_layer};
+use navsrv::db::connect_in_memory;
+use navsrv::repo::{ConfigRepo, NavRepo, SqlxConfigRepo, SqlxNavRepo};
+use navsrv::state::AppState;
+use std::sync::Arc;
+
+async fn boot() -> TestServer {
+    let pool = connect_in_memory().await.unwrap();
+    let nav: Arc<dyn NavRepo> = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    cfg.upsert("admin_password_hash", &password::hash("pw").unwrap())
+        .await
+        .unwrap();
+    let dir = std::env::temp_dir();
+    let state = AppState::new(nav, cfg, dir.clone());
+    let app = build_app(state, session_layer(pool, false), dir);
+    let mut server = TestServer::new(app).unwrap();
+    server.do_save_cookies();
+    server
+        .post("/api/auth/login")
+        .json(&serde_json::json!({"password":"pw"}))
+        .await
+        .assert_status_success();
+    server
+}
+
+#[tokio::test]
+async fn group_lifecycle() {
+    let server = boot().await;
+    let g: serde_json::Value = server
+        .post("/api/groups")
+        .json(&serde_json::json!({
+            "slug":"net","name":"Network"
+        }))
+        .await
+        .json();
+    let id = g["id"].as_i64().unwrap();
+    server
+        .patch(&format!("/api/groups/{id}"))
+        .json(&serde_json::json!({"name":"NET"}))
+        .await
+        .assert_status_ok();
+    server
+        .delete(&format!("/api/groups/{id}"))
+        .await
+        .assert_status(axum::http::StatusCode::NO_CONTENT);
+}
+
+#[tokio::test]
+async fn site_lifecycle() {
+    let server = boot().await;
+    let s: serde_json::Value = server
+        .post("/api/sites")
+        .json(&serde_json::json!({
+            "value":"sh","name":"Shanghai"
+        }))
+        .await
+        .json();
+    let id = s["id"].as_i64().unwrap();
+    server
+        .patch(&format!("/api/sites/{id}"))
+        .json(&serde_json::json!({"name":"SH"}))
+        .await
+        .assert_status_ok();
+    server
+        .delete(&format!("/api/sites/{id}"))
+        .await
+        .assert_status(axum::http::StatusCode::NO_CONTENT);
+}
+
+#[tokio::test]
+async fn tag_lifecycle() {
+    let server = boot().await;
+    let t: serde_json::Value = server
+        .post("/api/tags")
+        .json(&serde_json::json!({
+            "slug":"fav","name":"Favorite"
+        }))
+        .await
+        .json();
+    let id = t["id"].as_i64().unwrap();
+    server
+        .patch(&format!("/api/tags/{id}"))
+        .json(&serde_json::json!({"name":"⭐"}))
+        .await
+        .assert_status_ok();
+    server
+        .delete(&format!("/api/tags/{id}"))
+        .await
+        .assert_status(axum::http::StatusCode::NO_CONTENT);
+}
diff --git a/server/tests/api_icons.rs b/server/tests/api_icons.rs
new file mode 100644
index 0000000..d8ed078
--- /dev/null
+++ b/server/tests/api_icons.rs
@@ -0,0 +1,48 @@
+use axum_test::TestServer;
+use navsrv::app::build_app;
+use navsrv::auth::{password, session::layer as session_layer};
+use navsrv::db::connect_in_memory;
+use navsrv::repo::{ConfigRepo, SqlxConfigRepo, SqlxNavRepo};
+use navsrv::state::AppState;
+use std::sync::Arc;
+
+#[tokio::test]
+async fn upload_writes_file_under_data_dir_icons() {
+    let pool = connect_in_memory().await.unwrap();
+    let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    cfg.upsert("admin_password_hash", &password::hash("pw").unwrap())
+        .await
+        .unwrap();
+    let dir = tempfile::TempDir::new().unwrap();
+    let state = AppState::new(nav, cfg, dir.path().to_path_buf());
+    let app = build_app(state, session_layer(pool, false), dir.path().to_path_buf());
+    let mut server = TestServer::new(app).unwrap();
+    server.do_save_cookies();
+    server
+        .post("/api/auth/login")
+        .json(&serde_json::json!({"password":"pw"}))
+        .await
+        .assert_status_success();
+
+    let res = server
+        .post("/api/icons/upload")
+        .multipart(
+            axum_test::multipart::MultipartForm::new().add_part(
+                "file",
+                axum_test::multipart::Part::bytes(b"\x89PNG\r\n\x1a\n".to_vec())
+                    .file_name("hello.png")
+                    .mime_type("image/png"),
+            ),
+        )
+        .await;
+    res.assert_status(axum::http::StatusCode::CREATED);
+    let body: serde_json::Value = res.json();
+    let path = body["path"].as_str().unwrap();
+    assert!(path.starts_with("/icons/"));
+    assert!(dir
+        .path()
+        .join("icons")
+        .join(path.trim_start_matches("/icons/"))
+        .exists());
+}
diff --git a/server/tests/api_items.rs b/server/tests/api_items.rs
new file mode 100644
index 0000000..2dad010
--- /dev/null
+++ b/server/tests/api_items.rs
@@ -0,0 +1,138 @@
+use axum_test::TestServer;
+use navsrv::app::build_app;
+use navsrv::auth::{password, session::layer as session_layer};
+use navsrv::db::connect_in_memory;
+use navsrv::dto::{GroupPayload, SitePayload};
+use navsrv::repo::{ConfigRepo, NavRepo, SqlxConfigRepo, SqlxNavRepo};
+use navsrv::state::AppState;
+use std::sync::Arc;
+
+async fn auth_server() -> (TestServer, i64) {
+    let pool = connect_in_memory().await.unwrap();
+    let nav: Arc<dyn NavRepo> = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    cfg.upsert("admin_password_hash", &password::hash("pw").unwrap())
+        .await
+        .unwrap();
+    let g = nav
+        .create_group(GroupPayload {
+            slug: "tools".into(),
+            name: "Tools".into(),
+            name_i18n: None,
+            collapsed_default: false,
+        })
+        .await
+        .unwrap();
+    nav.create_site(SitePayload {
+        value: "shangHai".into(),
+        name: "上海".into(),
+        name_i18n: None,
+        is_default: true,
+    })
+    .await
+    .unwrap();
+
+    let dir = std::env::temp_dir();
+    let state = AppState::new(nav, cfg, dir.clone());
+    let app = build_app(state, session_layer(pool, false), dir);
+    let mut server = TestServer::new(app).unwrap();
+    server.do_save_cookies();
+    server
+        .post("/api/auth/login")
+        .json(&serde_json::json!({"password":"pw"}))
+        .await
+        .assert_status_success();
+    (server, g.id)
+}
+
+#[tokio::test]
+async fn create_then_list_via_bundle() {
+    let (server, gid) = auth_server().await;
+    let body = serde_json::json!({
+        "groupId": gid,
+        "name": "Router",
+        "iconKind": "asset",
+        "iconValue": "router.png",
+        "links": { "shangHai": "http://10.0.0.1" },
+        "tagSlugs": []
+    });
+    let res = server.post("/api/items").json(&body).await;
+    res.assert_status(axum::http::StatusCode::CREATED);
+    let v: serde_json::Value = res.json();
+    let id = v["id"].as_i64().unwrap();
+    assert_eq!(v["name"], "Router");
+
+    let bundle: serde_json::Value = server.get("/api/nav").await.json();
+    let item = bundle["items"]
+        .as_array()
+        .unwrap()
+        .iter()
+        .find(|i| i["id"].as_i64() == Some(id))
+        .unwrap();
+    assert_eq!(item["links"]["shangHai"], "http://10.0.0.1");
+}
+
+#[tokio::test]
+async fn patch_changes_name() {
+    let (server, gid) = auth_server().await;
+    let id = server
+        .post("/api/items")
+        .json(&serde_json::json!({
+            "groupId": gid, "name": "old", "iconKind":"asset", "iconValue":"x.png"
+        }))
+        .await
+        .json::<serde_json::Value>()["id"]
+        .as_i64()
+        .unwrap();
+
+    let res = server
+        .patch(&format!("/api/items/{id}"))
+        .json(&serde_json::json!({ "name": "new" }))
+        .await;
+    res.assert_status_ok();
+    let v: serde_json::Value = res.json();
+    assert_eq!(v["name"], "new");
+}
+
+#[tokio::test]
+async fn delete_removes_item() {
+    let (server, gid) = auth_server().await;
+    let id = server
+        .post("/api/items")
+        .json(&serde_json::json!({
+            "groupId": gid, "name": "x", "iconKind":"asset", "iconValue":"x.png"
+        }))
+        .await
+        .json::<serde_json::Value>()["id"]
+        .as_i64()
+        .unwrap();
+    server
+        .delete(&format!("/api/items/{id}"))
+        .await
+        .assert_status(axum::http::StatusCode::NO_CONTENT);
+
+    let bundle: serde_json::Value = server.get("/api/nav").await.json();
+    assert!(bundle["items"]
+        .as_array()
+        .unwrap()
+        .iter()
+        .all(|i| i["id"].as_i64() != Some(id)));
+}
+
+#[tokio::test]
+async fn unauthed_returns_401() {
+    let pool = connect_in_memory().await.unwrap();
+    let nav: Arc<dyn NavRepo> = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    let dir = std::env::temp_dir();
+    let state = AppState::new(nav, cfg, dir.clone());
+    let app = build_app(state, session_layer(pool, false), dir);
+    let server = TestServer::new(app).unwrap();
+    server
+        .post("/api/items")
+        .json(&serde_json::json!({
+            "name":"x","iconKind":"asset","iconValue":"x.png"
+        }))
+        .await
+        .assert_status(axum::http::StatusCode::UNAUTHORIZED);
+}
diff --git a/server/tests/api_nav.rs b/server/tests/api_nav.rs
new file mode 100644
index 0000000..7672faf
--- /dev/null
+++ b/server/tests/api_nav.rs
@@ -0,0 +1,15 @@
+use axum_test::TestServer;
+use navsrv::app::build_app_for_tests;
+
+#[tokio::test]
+async fn nav_endpoint_returns_empty_bundle_initially() {
+    let app = build_app_for_tests().await.unwrap();
+    let server = TestServer::new(app).unwrap();
+    let res = server.get("/api/nav").await;
+    res.assert_status_ok();
+    let body: serde_json::Value = res.json();
+    assert_eq!(body["schemaVersion"], 1);
+    assert!(body["sites"].as_array().unwrap().is_empty());
+    assert!(body["items"].as_array().unwrap().is_empty());
+    assert_eq!(body["meta"]["defaultTheme"], "system");
+}
diff --git a/server/tests/bootstrap.rs b/server/tests/bootstrap.rs
new file mode 100644
index 0000000..39b38a4
--- /dev/null
+++ b/server/tests/bootstrap.rs
@@ -0,0 +1,54 @@
+use navsrv::db::connect_in_memory;
+use navsrv::repo::{ConfigRepo, SqlxConfigRepo};
+use navsrv::services::bootstrap::{ensure_admin_password, BootstrapOutcome};
+use std::sync::Arc;
+use tempfile::TempDir;
+
+#[tokio::test]
+async fn first_boot_with_env_writes_hash_only() {
+    let pool = connect_in_memory().await.unwrap();
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool));
+    let dir = TempDir::new().unwrap();
+
+    let out = ensure_admin_password(cfg.clone(), dir.path(), Some("env-pw".into()))
+        .await
+        .unwrap();
+    assert!(matches!(out, BootstrapOutcome::SetFromEnv));
+    assert!(cfg.get("admin_password_hash").await.unwrap().is_some());
+    assert!(!dir.path().join("INITIAL_PASSWORD.txt").exists());
+}
+
+#[tokio::test]
+async fn first_boot_without_env_generates_and_writes_file() {
+    let pool = connect_in_memory().await.unwrap();
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool));
+    let dir = TempDir::new().unwrap();
+
+    let out = ensure_admin_password(cfg.clone(), dir.path(), None)
+        .await
+        .unwrap();
+    let pw = match out {
+        BootstrapOutcome::Generated(pw) => pw,
+        _ => panic!("expected Generated"),
+    };
+    assert_eq!(pw.len(), 24);
+    let path = dir.path().join("INITIAL_PASSWORD.txt");
+    assert!(path.exists());
+    let content = std::fs::read_to_string(&path).unwrap();
+    assert!(content.contains(&pw));
+}
+
+#[tokio::test]
+async fn second_boot_is_idempotent() {
+    let pool = connect_in_memory().await.unwrap();
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool));
+    let dir = TempDir::new().unwrap();
+
+    ensure_admin_password(cfg.clone(), dir.path(), Some("first".into()))
+        .await
+        .unwrap();
+    let out = ensure_admin_password(cfg.clone(), dir.path(), Some("ignored".into()))
+        .await
+        .unwrap();
+    assert!(matches!(out, BootstrapOutcome::AlreadySet));
+}
diff --git a/server/tests/cli.rs b/server/tests/cli.rs
new file mode 100644
index 0000000..5a7c974
--- /dev/null
+++ b/server/tests/cli.rs
@@ -0,0 +1,31 @@
+use navsrv::auth::password;
+use navsrv::cli::{run_command, Command};
+use navsrv::config::Settings;
+
+#[tokio::test]
+async fn reset_password_flow() {
+    let dir = tempfile::TempDir::new().unwrap();
+    std::env::set_var("DATA_DIR", dir.path());
+    std::env::remove_var("BOOTSTRAP_ADMIN_PASSWORD");
+    std::env::set_var("RUST_LOG", "warn");
+    // Touch a fake initial password file to ensure it gets removed.
+    std::fs::write(dir.path().join("INITIAL_PASSWORD.txt"), "old").unwrap();
+
+    run_command(Command::ResetPassword {
+        password: Some("brand-new-pw".into()),
+    })
+    .await
+    .unwrap();
+
+    let s = Settings::load().unwrap();
+    let pool = navsrv::db::connect(&s.db_url()).await.unwrap();
+    let h: (String,) = sqlx::query_as("SELECT value FROM config WHERE key='admin_password_hash'")
+        .fetch_one(&pool)
+        .await
+        .unwrap();
+    assert!(password::verify("brand-new-pw", &h.0).unwrap());
+    assert!(!dir.path().join("INITIAL_PASSWORD.txt").exists());
+
+    // cleanup env
+    std::env::remove_var("DATA_DIR");
+}
diff --git a/server/tests/health.rs b/server/tests/health.rs
new file mode 100644
index 0000000..1b96d84
--- /dev/null
+++ b/server/tests/health.rs
@@ -0,0 +1,11 @@
+use axum_test::TestServer;
+use navsrv::app::build_app_for_tests;
+
+#[tokio::test]
+async fn health_returns_ok_json() {
+    let app = build_app_for_tests().await.expect("app builds");
+    let server = TestServer::new(app).expect("server");
+    let res = server.get("/api/health").await;
+    res.assert_status_ok();
+    res.assert_json(&serde_json::json!({ "status": "ok" }));
+}
diff --git a/server/tests/repo_config.rs b/server/tests/repo_config.rs
new file mode 100644
index 0000000..68a3705
--- /dev/null
+++ b/server/tests/repo_config.rs
@@ -0,0 +1,34 @@
+use navsrv::db::connect_in_memory;
+use navsrv::repo::{ConfigRepo, SqlxConfigRepo};
+
+#[tokio::test]
+async fn upsert_get_delete_config() {
+    let pool = connect_in_memory().await.unwrap();
+    let repo = SqlxConfigRepo::new(pool);
+    repo.upsert("site_name", "My Site").await.unwrap();
+    assert_eq!(
+        repo.get("site_name").await.unwrap().as_deref(),
+        Some("My Site")
+    );
+    assert_eq!(repo.get("missing").await.unwrap(), None);
+
+    repo.upsert("site_name", "Renamed").await.unwrap();
+    assert_eq!(
+        repo.get("site_name").await.unwrap().as_deref(),
+        Some("Renamed")
+    );
+
+    repo.delete("site_name").await.unwrap();
+    assert_eq!(repo.get("site_name").await.unwrap(), None);
+}
+
+#[tokio::test]
+async fn many_pairs() {
+    let pool = connect_in_memory().await.unwrap();
+    let repo = SqlxConfigRepo::new(pool);
+    repo.upsert_many(&[("a", "1"), ("b", "2")]).await.unwrap();
+    let all = repo.get_many(&["a", "b", "c"]).await.unwrap();
+    assert_eq!(all.get("a").map(String::as_str), Some("1"));
+    assert_eq!(all.get("b").map(String::as_str), Some("2"));
+    assert!(!all.contains_key("c"));
+}
diff --git a/server/tests/repo_items.rs b/server/tests/repo_items.rs
new file mode 100644
index 0000000..e919203
--- /dev/null
+++ b/server/tests/repo_items.rs
@@ -0,0 +1,184 @@
+use navsrv::db::connect_in_memory;
+use navsrv::dto::*;
+use navsrv::repo::{NavRepo, SqlxNavRepo};
+
+async fn make_repo_with_seed() -> (SqlxNavRepo, i64, i64) {
+    let pool = connect_in_memory().await.unwrap();
+    let repo = SqlxNavRepo::new(pool);
+    let g = repo
+        .create_group(GroupPayload {
+            slug: "tools".into(),
+            name: "Tools".into(),
+            name_i18n: None,
+            collapsed_default: false,
+        })
+        .await
+        .unwrap();
+    let s = repo
+        .create_site(SitePayload {
+            value: "shangHai".into(),
+            name: "上海".into(),
+            name_i18n: None,
+            is_default: true,
+        })
+        .await
+        .unwrap();
+    (repo, g.id, s.id)
+}
+
+#[tokio::test]
+async fn create_item_with_links_and_tags() {
+    let (repo, gid, _sid) = make_repo_with_seed().await;
+    let _t = repo
+        .create_tag(TagPayload {
+            slug: "fav".into(),
+            name: "Favorite".into(),
+            name_i18n: None,
+        })
+        .await
+        .unwrap();
+    let mut links = std::collections::BTreeMap::new();
+    links.insert("shangHai".into(), "http://10.0.0.1".into());
+    let item = repo
+        .create_item(ItemPayload {
+            group_id: Some(gid),
+            name: "RouterOS".into(),
+            name_i18n: None,
+            description: None,
+            description_i18n: None,
+            icon_kind: IconKind::Asset,
+            icon_value: "routerOS.png".into(),
+            links,
+            tag_slugs: vec!["fav".into()],
+        })
+        .await
+        .unwrap();
+    assert_eq!(item.name, "RouterOS");
+    assert_eq!(
+        item.links.get("shangHai").map(String::as_str),
+        Some("http://10.0.0.1")
+    );
+    assert_eq!(item.tag_slugs, vec!["fav"]);
+}
+
+#[tokio::test]
+async fn patch_item_replaces_links_and_tags() {
+    let (repo, gid, _sid) = make_repo_with_seed().await;
+    repo.create_tag(TagPayload {
+        slug: "a".into(),
+        name: "A".into(),
+        name_i18n: None,
+    })
+    .await
+    .unwrap();
+    repo.create_tag(TagPayload {
+        slug: "b".into(),
+        name: "B".into(),
+        name_i18n: None,
+    })
+    .await
+    .unwrap();
+    let mut links = std::collections::BTreeMap::new();
+    links.insert("shangHai".into(), "http://1".into());
+    let item = repo
+        .create_item(ItemPayload {
+            group_id: Some(gid),
+            name: "x".into(),
+            name_i18n: None,
+            description: None,
+            description_i18n: None,
+            icon_kind: IconKind::Asset,
+            icon_value: "x.png".into(),
+            links: links.clone(),
+            tag_slugs: vec!["a".into()],
+        })
+        .await
+        .unwrap();
+    let mut new_links = std::collections::BTreeMap::new();
+    new_links.insert("shangHai".into(), "http://2".into());
+    let p = ItemPatch {
+        links: Some(new_links),
+        tag_slugs: Some(vec!["b".into()]),
+        ..Default::default()
+    };
+    let updated = repo.patch_item(item.id, p).await.unwrap();
+    assert_eq!(
+        updated.links.get("shangHai").map(String::as_str),
+        Some("http://2")
+    );
+    assert_eq!(updated.tag_slugs, vec!["b"]);
+}
+
+#[tokio::test]
+async fn delete_item_cascades_links_and_tags() {
+    let (repo, gid, _sid) = make_repo_with_seed().await;
+    let mut links = std::collections::BTreeMap::new();
+    links.insert("shangHai".into(), "http://1".into());
+    let item = repo
+        .create_item(ItemPayload {
+            group_id: Some(gid),
+            name: "x".into(),
+            name_i18n: None,
+            description: None,
+            description_i18n: None,
+            icon_kind: IconKind::Asset,
+            icon_value: "x.png".into(),
+            links,
+            tag_slugs: vec![],
+        })
+        .await
+        .unwrap();
+    repo.delete_item(item.id).await.unwrap();
+    let (_, _, items, _) = repo.get_bundle().await.unwrap();
+    assert!(items.is_empty());
+}
+
+#[tokio::test]
+async fn reorder_items_writes_sort_order() {
+    let (repo, gid, _sid) = make_repo_with_seed().await;
+    let a = repo
+        .create_item(ItemPayload {
+            group_id: Some(gid),
+            name: "a".into(),
+            name_i18n: None,
+            description: None,
+            description_i18n: None,
+            icon_kind: IconKind::Asset,
+            icon_value: "a.png".into(),
+            links: Default::default(),
+            tag_slugs: vec![],
+        })
+        .await
+        .unwrap();
+    let b = repo
+        .create_item(ItemPayload {
+            group_id: Some(gid),
+            name: "b".into(),
+            name_i18n: None,
+            description: None,
+            description_i18n: None,
+            icon_kind: IconKind::Asset,
+            icon_value: "b.png".into(),
+            links: Default::default(),
+            tag_slugs: vec![],
+        })
+        .await
+        .unwrap();
+    repo.reorder_items(vec![
+        ReorderEntry {
+            id: b.id,
+            sort_order: 0,
+            group_id: Some(Some(gid)),
+        },
+        ReorderEntry {
+            id: a.id,
+            sort_order: 1,
+            group_id: Some(Some(gid)),
+        },
+    ])
+    .await
+    .unwrap();
+    let (_, _, items, _) = repo.get_bundle().await.unwrap();
+    assert_eq!(items[0].id, b.id);
+    assert_eq!(items[1].id, a.id);
+}
diff --git a/server/tests/repo_sites.rs b/server/tests/repo_sites.rs
new file mode 100644
index 0000000..43d28e7
--- /dev/null
+++ b/server/tests/repo_sites.rs
@@ -0,0 +1,74 @@
+use navsrv::db::connect_in_memory;
+use navsrv::dto::{SitePatch, SitePayload};
+use navsrv::error::AppError;
+use navsrv::repo::{NavRepo, SqlxNavRepo};
+
+#[tokio::test]
+async fn create_list_patch_delete_site() {
+    let pool = connect_in_memory().await.unwrap();
+    let repo = SqlxNavRepo::new(pool);
+
+    let s = repo
+        .create_site(SitePayload {
+            value: "shangHai".into(),
+            name: "上海".into(),
+            name_i18n: Some(serde_json::json!({"en": "Shanghai"})),
+            is_default: true,
+        })
+        .await
+        .unwrap();
+    assert_eq!(s.value, "shangHai");
+    assert!(s.is_default);
+
+    let s2 = repo
+        .create_site(SitePayload {
+            value: "beiJing".into(),
+            name: "北京".into(),
+            name_i18n: None,
+            is_default: false,
+        })
+        .await
+        .unwrap();
+
+    let all = repo.list_sites().await.unwrap();
+    assert_eq!(all.len(), 2);
+
+    let patched = repo
+        .patch_site(
+            s2.id,
+            SitePatch {
+                name: Some("Beijing".into()),
+                ..Default::default()
+            },
+        )
+        .await
+        .unwrap();
+    assert_eq!(patched.name, "Beijing");
+
+    repo.delete_site(s.id).await.unwrap();
+    assert_eq!(repo.list_sites().await.unwrap().len(), 1);
+}
+
+#[tokio::test]
+async fn unique_value_constraint_returns_conflict() {
+    let pool = connect_in_memory().await.unwrap();
+    let repo = SqlxNavRepo::new(pool);
+    repo.create_site(SitePayload {
+        value: "x".into(),
+        name: "X".into(),
+        name_i18n: None,
+        is_default: false,
+    })
+    .await
+    .unwrap();
+    let err = repo
+        .create_site(SitePayload {
+            value: "x".into(),
+            name: "Y".into(),
+            name_i18n: None,
+            is_default: false,
+        })
+        .await
+        .unwrap_err();
+    assert!(matches!(err, AppError::Conflict(_)), "got {err:?}");
+}
diff --git a/server/tests/seed.rs b/server/tests/seed.rs
new file mode 100644
index 0000000..1ebec3b
--- /dev/null
+++ b/server/tests/seed.rs
@@ -0,0 +1,31 @@
+use navsrv::db::connect_in_memory;
+use navsrv::repo::{ConfigRepo, NavRepo, SqlxConfigRepo, SqlxNavRepo};
+use navsrv::services::migration::seed_if_empty;
+use std::sync::Arc;
+
+#[tokio::test]
+async fn seed_populates_sites_and_groups() {
+    let pool = connect_in_memory().await.unwrap();
+    let nav: Arc<dyn NavRepo> = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    seed_if_empty(nav.clone(), cfg.clone()).await.unwrap();
+    let (sites, groups, _items, _tags) = nav.get_bundle().await.unwrap();
+    assert!(sites.iter().any(|s| s.value == "shangHai"));
+    assert!(groups.iter().any(|g| g.slug == "network"));
+    assert_eq!(
+        cfg.get("site_name").await.unwrap().as_deref(),
+        Some("Navigation")
+    );
+}
+
+#[tokio::test]
+async fn seed_idempotent() {
+    let pool = connect_in_memory().await.unwrap();
+    let nav: Arc<dyn NavRepo> = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    seed_if_empty(nav.clone(), cfg.clone()).await.unwrap();
+    let count_before = nav.get_bundle().await.unwrap().0.len();
+    seed_if_empty(nav.clone(), cfg.clone()).await.unwrap();
+    let count_after = nav.get_bundle().await.unwrap().0.len();
+    assert_eq!(count_before, count_after);
+}
diff --git a/server/tests/spa_fallback.rs b/server/tests/spa_fallback.rs
new file mode 100644
index 0000000..1a27651
--- /dev/null
+++ b/server/tests/spa_fallback.rs
@@ -0,0 +1,29 @@
+use axum_test::TestServer;
+use navsrv::app::build_app;
+use navsrv::auth::session::layer as session_layer;
+use navsrv::db::connect_in_memory;
+use navsrv::repo::{SqlxConfigRepo, SqlxNavRepo};
+use navsrv::state::AppState;
+use std::sync::Arc;
+use tempfile::TempDir;
+
+#[tokio::test]
+async fn unknown_path_falls_back_to_index_html() {
+    let dir = TempDir::new().unwrap();
+    std::fs::write(
+        dir.path().join("index.html"),
+        "<html><body>SPA</body></html>",
+    )
+    .unwrap();
+
+    let pool = connect_in_memory().await.unwrap();
+    let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    let state = AppState::new(nav, cfg, dir.path().to_path_buf());
+
+    let app = build_app(state, session_layer(pool, false), dir.path().to_path_buf());
+    let server = TestServer::new(app).unwrap();
+    let res = server.get("/some/spa/route").await;
+    res.assert_status_ok();
+    assert!(res.text().contains("SPA"));
+}
diff --git a/.eslintignore b/web/.eslintignore
similarity index 100%
rename from .eslintignore
rename to web/.eslintignore
diff --git a/.eslintrc.cjs b/web/.eslintrc.cjs
similarity index 100%
rename from .eslintrc.cjs
rename to web/.eslintrc.cjs
diff --git a/.npmrc b/web/.npmrc
similarity index 100%
rename from .npmrc
rename to web/.npmrc
diff --git a/.prettierignore b/web/.prettierignore
similarity index 100%
rename from .prettierignore
rename to web/.prettierignore
diff --git a/.prettierrc b/web/.prettierrc
similarity index 100%
rename from .prettierrc
rename to web/.prettierrc
diff --git a/package.json b/web/package.json
similarity index 96%
rename from package.json
rename to web/package.json
index 86511db..c1a08a8 100644
--- a/package.json
+++ b/web/package.json
@@ -2,6 +2,7 @@
   "name": "navigation-website",
   "version": "1.0.0",
   "type": "module",
+  "packageManager": "pnpm@9.15.9",
   "scripts": {
     "dev": "vite dev",
     "build": "vite build",
diff --git a/playwright.config.js b/web/playwright.config.js
similarity index 100%
rename from playwright.config.js
rename to web/playwright.config.js
diff --git a/pnpm-lock.yaml b/web/pnpm-lock.yaml
similarity index 100%
rename from pnpm-lock.yaml
rename to web/pnpm-lock.yaml
diff --git a/src/app.d.ts b/web/src/app.d.ts
similarity index 100%
rename from src/app.d.ts
rename to web/src/app.d.ts
diff --git a/src/app.html b/web/src/app.html
similarity index 100%
rename from src/app.html
rename to web/src/app.html
diff --git a/src/app.scss b/web/src/app.scss
similarity index 100%
rename from src/app.scss
rename to web/src/app.scss
diff --git a/src/lib/components/Avatar.svelte b/web/src/lib/components/Avatar.svelte
similarity index 100%
rename from src/lib/components/Avatar.svelte
rename to web/src/lib/components/Avatar.svelte
diff --git a/src/lib/components/Footer.svelte b/web/src/lib/components/Footer.svelte
similarity index 100%
rename from src/lib/components/Footer.svelte
rename to web/src/lib/components/Footer.svelte
diff --git a/src/lib/components/Header.svelte b/web/src/lib/components/Header.svelte
similarity index 100%
rename from src/lib/components/Header.svelte
rename to web/src/lib/components/Header.svelte
diff --git a/src/lib/components/Nav.svelte b/web/src/lib/components/Nav.svelte
similarity index 100%
rename from src/lib/components/Nav.svelte
rename to web/src/lib/components/Nav.svelte
diff --git a/src/lib/components/SiteSelect.svelte b/web/src/lib/components/SiteSelect.svelte
similarity index 100%
rename from src/lib/components/SiteSelect.svelte
rename to web/src/lib/components/SiteSelect.svelte
diff --git a/src/lib/constants/avatar.ts b/web/src/lib/constants/avatar.ts
similarity index 100%
rename from src/lib/constants/avatar.ts
rename to web/src/lib/constants/avatar.ts
diff --git a/src/lib/constants/nav.ts b/web/src/lib/constants/nav.ts
similarity index 100%
rename from src/lib/constants/nav.ts
rename to web/src/lib/constants/nav.ts
diff --git a/src/lib/constants/siteInfo.ts b/web/src/lib/constants/siteInfo.ts
similarity index 100%
rename from src/lib/constants/siteInfo.ts
rename to web/src/lib/constants/siteInfo.ts
diff --git a/src/lib/store/siteStore.ts b/web/src/lib/store/siteStore.ts
similarity index 100%
rename from src/lib/store/siteStore.ts
rename to web/src/lib/store/siteStore.ts
diff --git a/src/lib/utils/index.ts b/web/src/lib/utils/index.ts
similarity index 100%
rename from src/lib/utils/index.ts
rename to web/src/lib/utils/index.ts
diff --git a/src/lib/utils/isURL.ts b/web/src/lib/utils/isURL.ts
similarity index 100%
rename from src/lib/utils/isURL.ts
rename to web/src/lib/utils/isURL.ts
diff --git a/src/routes/+layout.svelte b/web/src/routes/+layout.svelte
similarity index 100%
rename from src/routes/+layout.svelte
rename to web/src/routes/+layout.svelte
diff --git a/src/routes/+page.svelte b/web/src/routes/+page.svelte
similarity index 100%
rename from src/routes/+page.svelte
rename to web/src/routes/+page.svelte
diff --git a/src/service-worker.ts b/web/src/service-worker.ts
similarity index 100%
rename from src/service-worker.ts
rename to web/src/service-worker.ts
diff --git a/static/avatar.png b/web/static/avatar.png
similarity index 100%
rename from static/avatar.png
rename to web/static/avatar.png
diff --git a/static/favicon.png b/web/static/favicon.png
similarity index 100%
rename from static/favicon.png
rename to web/static/favicon.png
diff --git a/static/manifest.json b/web/static/manifest.json
similarity index 100%
rename from static/manifest.json
rename to web/static/manifest.json
diff --git a/static/navIcons/album.png b/web/static/navIcons/album.png
similarity index 100%
rename from static/navIcons/album.png
rename to web/static/navIcons/album.png
diff --git a/static/navIcons/blog.png b/web/static/navIcons/blog.png
similarity index 100%
rename from static/navIcons/blog.png
rename to web/static/navIcons/blog.png
diff --git a/static/navIcons/esxi.png b/web/static/navIcons/esxi.png
similarity index 100%
rename from static/navIcons/esxi.png
rename to web/static/navIcons/esxi.png
diff --git a/static/navIcons/file.png b/web/static/navIcons/file.png
similarity index 100%
rename from static/navIcons/file.png
rename to web/static/navIcons/file.png
diff --git a/static/navIcons/homeAssistant.svg b/web/static/navIcons/homeAssistant.svg
similarity index 100%
rename from static/navIcons/homeAssistant.svg
rename to web/static/navIcons/homeAssistant.svg
diff --git a/static/navIcons/jackett.png b/web/static/navIcons/jackett.png
similarity index 100%
rename from static/navIcons/jackett.png
rename to web/static/navIcons/jackett.png
diff --git a/static/navIcons/jellyfin.svg b/web/static/navIcons/jellyfin.svg
similarity index 100%
rename from static/navIcons/jellyfin.svg
rename to web/static/navIcons/jellyfin.svg
diff --git a/static/navIcons/moviePilot.svg b/web/static/navIcons/moviePilot.svg
similarity index 100%
rename from static/navIcons/moviePilot.svg
rename to web/static/navIcons/moviePilot.svg
diff --git a/static/navIcons/nasTools.png b/web/static/navIcons/nasTools.png
similarity index 100%
rename from static/navIcons/nasTools.png
rename to web/static/navIcons/nasTools.png
diff --git a/static/navIcons/openWRT.png b/web/static/navIcons/openWRT.png
similarity index 100%
rename from static/navIcons/openWRT.png
rename to web/static/navIcons/openWRT.png
diff --git a/static/navIcons/phicomm.png b/web/static/navIcons/phicomm.png
similarity index 100%
rename from static/navIcons/phicomm.png
rename to web/static/navIcons/phicomm.png
diff --git a/static/navIcons/plex.png b/web/static/navIcons/plex.png
similarity index 100%
rename from static/navIcons/plex.png
rename to web/static/navIcons/plex.png
diff --git a/static/navIcons/portainer.svg b/web/static/navIcons/portainer.svg
similarity index 100%
rename from static/navIcons/portainer.svg
rename to web/static/navIcons/portainer.svg
diff --git a/static/navIcons/qBittorrent.png b/web/static/navIcons/qBittorrent.png
similarity index 100%
rename from static/navIcons/qBittorrent.png
rename to web/static/navIcons/qBittorrent.png
diff --git a/static/navIcons/qinglong.png b/web/static/navIcons/qinglong.png
similarity index 100%
rename from static/navIcons/qinglong.png
rename to web/static/navIcons/qinglong.png
diff --git a/static/navIcons/routerOS.png b/web/static/navIcons/routerOS.png
similarity index 100%
rename from static/navIcons/routerOS.png
rename to web/static/navIcons/routerOS.png
diff --git a/static/navIcons/singBox.svg b/web/static/navIcons/singBox.svg
similarity index 100%
rename from static/navIcons/singBox.svg
rename to web/static/navIcons/singBox.svg
diff --git a/static/navIcons/siyuanNote.png b/web/static/navIcons/siyuanNote.png
similarity index 100%
rename from static/navIcons/siyuanNote.png
rename to web/static/navIcons/siyuanNote.png
diff --git a/static/navIcons/surveillanceStation.png b/web/static/navIcons/surveillanceStation.png
similarity index 100%
rename from static/navIcons/surveillanceStation.png
rename to web/static/navIcons/surveillanceStation.png
diff --git a/static/navIcons/synology.png b/web/static/navIcons/synology.png
similarity index 100%
rename from static/navIcons/synology.png
rename to web/static/navIcons/synology.png
diff --git a/svelte.config.js b/web/svelte.config.js
similarity index 100%
rename from svelte.config.js
rename to web/svelte.config.js
diff --git a/tests/test.ts b/web/tests/test.ts
similarity index 100%
rename from tests/test.ts
rename to web/tests/test.ts
diff --git a/tsconfig.json b/web/tsconfig.json
similarity index 100%
rename from tsconfig.json
rename to web/tsconfig.json
diff --git a/vite.config.ts b/web/vite.config.ts
similarity index 53%
rename from vite.config.ts
rename to web/vite.config.ts
index 92ea959..3b1bdc8 100644
--- a/vite.config.ts
+++ b/web/vite.config.ts
@@ -4,10 +4,15 @@ import type { UserConfig } from 'vite';
 const config: UserConfig = {
   plugins: [sveltekit()],
   server: {
-    fs: {
-      allow: []
-    }
-  }
+    port: 5173,
+    strictPort: true,
+    proxy: {
+      '/api': {
+        target: 'http://127.0.0.1:8080',
+        changeOrigin: false,
+      },
+    },
+  },
 };
 
 export default config;
\ No newline at end of file

From cfe7b2e0ba7d1c7e9b5dac3db58871123fcdd82e Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 20 May 2026 19:44:49 +0800
Subject: [PATCH 03/77] =?UTF-8?q?chore(web):=20upgrade=20Svelte=203=20?=
 =?UTF-8?q?=E2=86=92=20Svelte=205=20+=20Kit=202=20+=20Vite=205=20+=20ESLin?=
 =?UTF-8?q?t=209=20(Plan=201.5)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Frontend toolchain modernization. Visual zero-regression vs baseline.
- Svelte 3.58 → 5.1 (runes API: \$props/\$state/\$derived/\$effect/\$bindable)
- SvelteKit next → 2.x stable
- Vite 4.3 → 5.4
- ESLint 8 → 9 flat config; eslint-plugin-svelte (svelte3 deprecated)
- Prettier 2 → 3 + prettier-plugin-svelte 3
- pnpm 9 (lockfile v6) → 10 (lockfile v9), pinned via packageManager
- zod ^3.23 added for Plan 2 API contract validation
- 5 .svelte components rewritten for runes (auto-store, {@render})
- siteStore typing fixed for Svelte 5 stricter overloads
---
 .../2026-05-20-plan-1.5-svelte5-upgrade.md    | 1082 ++++++
 web/.eslintignore                             |   13 -
 web/.eslintrc.cjs                             |   20 -
 web/.prettierignore                           |    3 +
 web/.prettierrc                               |   16 +-
 web/eslint.config.js                          |   28 +
 web/package.json                              |   49 +-
 web/pnpm-lock.yaml                            | 3306 ++++++++++-------
 web/src/app.html                              |   26 +-
 web/src/app.scss                              |   52 +-
 web/src/lib/components/Footer.svelte          |    2 +-
 web/src/lib/components/Header.svelte          |    1 -
 web/src/lib/components/Nav.svelte             |   32 +-
 web/src/lib/components/SiteSelect.svelte      |   69 +-
 web/src/lib/constants/avatar.ts               |    2 +-
 web/src/lib/constants/nav.ts                  |   10 +-
 web/src/lib/constants/siteInfo.ts             |   12 +-
 web/src/lib/store/siteStore.ts                |   10 +-
 web/src/lib/utils/index.ts                    |    2 +-
 web/src/lib/utils/isURL.ts                    |    2 +-
 web/src/routes/+layout.svelte                 |    4 +-
 web/src/service-worker.ts                     |    4 +-
 web/static/manifest.json                      |    2 +-
 web/svelte.config.js                          |   19 +-
 web/tsconfig.json                             |    3 +-
 web/vite.config.ts                            |   10 +-
 26 files changed, 3177 insertions(+), 1602 deletions(-)
 create mode 100644 docs/superpowers/plans/2026-05-20-plan-1.5-svelte5-upgrade.md
 delete mode 100644 web/.eslintignore
 delete mode 100644 web/.eslintrc.cjs
 create mode 100644 web/eslint.config.js

diff --git a/docs/superpowers/plans/2026-05-20-plan-1.5-svelte5-upgrade.md b/docs/superpowers/plans/2026-05-20-plan-1.5-svelte5-upgrade.md
new file mode 100644
index 0000000..29ed802
--- /dev/null
+++ b/docs/superpowers/plans/2026-05-20-plan-1.5-svelte5-upgrade.md
@@ -0,0 +1,1082 @@
+# Frontend Toolchain Modernization (Plan 1.5)
+
+> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
+
+**Goal:** Upgrade `web/` from Svelte 3.58 + SvelteKit "next" + Vite 4.3 + ESLint 8 + Prettier 2 to the 2026 best-practice baseline — **Svelte 5 (runes API) + SvelteKit 2.x + Vite 5 + ESLint 9 flat config + Prettier 3** — and rewrite the 5 existing `.svelte` files using runes. After this plan, `pnpm dev` still serves the site with **zero visual or behavioral change**, but every subsequent component (Plans 2/3/4) can use modern runes idioms from day one.
+
+**Architecture:** This plan is purely a toolchain + idiom upgrade. No new features. The site works the same way for end users; the difference is internal — modern reactivity primitives (`$state` / `$derived` / `$effect` / `$props`), flat ESLint config, latest Vite/Kit dev server, deprecated plugin replacements (`eslint-plugin-svelte` instead of `eslint-plugin-svelte3`).
+
+**Tech Stack (target after this plan):**
+- `svelte` ^5.x — runes API (stable since 2024 Q4)
+- `@sveltejs/kit` ^2.x stable (no longer `next`)
+- `@sveltejs/adapter-static` ^3.x
+- `vite` ^5.x
+- `typescript` ^5.x (already present, may bump minor)
+- `eslint` ^9.x with **flat config** (`eslint.config.js`)
+- `eslint-plugin-svelte` ^2.x (replaces deprecated `eslint-plugin-svelte3`)
+- `@typescript-eslint/eslint-plugin` ^8.x and `parser` ^8.x (ESLint 9 compat)
+- `prettier` ^3.x
+- `prettier-plugin-svelte` ^3.x
+- `svelte-check` ^4.x
+- `@playwright/test` ^1.49 (compatible refresh)
+- New addition: `zod` ^3.23 (Plans 2+ depend on this for API contract validation)
+- `pnpm-lock.yaml` regenerated under pnpm 10 (lockfile v9). The `packageManager` pin in `web/package.json` is updated from `pnpm@9.15.9` → `pnpm@10.x`.
+
+**Spec reference:** `docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md` § 7 (design system) and § 9 (dev workflow). This plan does not change spec semantics; it modernizes the implementation substrate.
+
+**Predecessors:**
+- Plan 1 (Rust backend) merged into `feat/rust-platform` — provides `/api/nav` etc. that this plan still proxies but does not consume yet.
+
+---
+
+## Conventions
+
+- **Working directory:** every `pnpm` command runs in `web/` unless noted.
+- **Sub-branch:** all work on `plan-1.5/svelte5-upgrade`, branched from `feat/rust-platform`.
+- **Commits:** Conventional Commits, no `Co-Authored-By` trailer. Each task is one commit.
+- **Verification gate:** every task ends with at least one of `pnpm dev` (smoke), `pnpm check` (svelte-check), `pnpm lint`, or `pnpm build`.
+- **Visual no-regression:** Phase 1 commits must keep the dev server visually identical to baseline (snapshot from Task 1). The only allowed differences after upgrade are internal (Svelte runes, modern compile output).
+- **Pin precise versions** in `package.json` upper bounds (`^X.Y.Z`) — no `next` / `latest` references.
+
+---
+
+## Phase 0: Toolchain Upgrade (Tasks 1–6)
+
+Goal: get `pnpm dev` and `pnpm check` running cleanly on the new stack **without yet rewriting any `.svelte` file**. Components stay in Svelte 3 syntax; Svelte 5 has a legacy compatibility mode that accepts the old syntax during the transition. Phase 1 then rewrites them.
+
+### Task 1: Baseline snapshot
+
+**Files:**
+- Read-only verification
+
+- [ ] **Step 1: Confirm clean tree on `plan-1.5/svelte5-upgrade`**
+
+```bash
+git status
+git branch --show-current
+```
+
+Expected: branch `plan-1.5/svelte5-upgrade`, tree clean.
+
+- [ ] **Step 2: Boot current dev server and capture title + first 200 bytes**
+
+```bash
+cd web
+pnpm install --frozen-lockfile
+pnpm dev --host 127.0.0.1 --port 5173 > /tmp/web-baseline.log 2>&1 &
+DEV_PID=$!
+sleep 6
+curl -sf http://127.0.0.1:5173/ -o /tmp/web-baseline.html
+head -c 200 /tmp/web-baseline.html
+grep -oE '<title>[^<]+</title>' /tmp/web-baseline.html
+kill $DEV_PID 2>/dev/null
+cd ..
+```
+
+Expected: HTML with `<title>XXXX 的小站导航</title>` (or whatever the configured site name is). Save the output for Phase 2 visual no-regression check.
+
+- [ ] **Step 3: Run lint to capture pre-upgrade state**
+
+```bash
+cd web
+pnpm lint 2>&1 | tail -20 || true
+cd ..
+```
+
+Capture the lint output to `/tmp/web-lint-pre.txt`. We expect this to be the last green run on the old stack — Phase 0 will replace the lint setup.
+
+- [ ] **Step 4: No code changes; do not commit**
+
+This task is verification only. Tree must remain clean.
+
+### Task 2: Upgrade `package.json` deps
+
+**Files:**
+- Modify: `web/package.json`
+
+- [ ] **Step 1: Read current package.json**
+
+```bash
+cat web/package.json
+```
+
+- [ ] **Step 2: Replace contents**
+
+```json
+{
+  "name": "navigation-website",
+  "version": "1.0.0",
+  "type": "module",
+  "packageManager": "pnpm@10.0.0",
+  "scripts": {
+    "dev": "vite dev",
+    "build": "vite build",
+    "preview": "vite preview",
+    "test": "playwright test",
+    "check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
+    "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
+    "lint": "prettier --check . && eslint .",
+    "format": "prettier --write ."
+  },
+  "devDependencies": {
+    "@playwright/test": "^1.49.0",
+    "@sveltejs/adapter-static": "^3.0.6",
+    "@sveltejs/kit": "^2.8.0",
+    "@sveltejs/vite-plugin-svelte": "^4.0.0",
+    "@typescript-eslint/eslint-plugin": "^8.13.0",
+    "@typescript-eslint/parser": "^8.13.0",
+    "eslint": "^9.14.0",
+    "eslint-config-prettier": "^9.1.0",
+    "eslint-plugin-svelte": "^2.46.0",
+    "globals": "^15.12.0",
+    "prettier": "^3.3.3",
+    "prettier-plugin-svelte": "^3.2.7",
+    "sass": "^1.81.0",
+    "svelte": "^5.1.16",
+    "svelte-check": "^4.0.7",
+    "tslib": "^2.8.1",
+    "typescript": "^5.6.3",
+    "typescript-eslint": "^8.13.0",
+    "vite": "^5.4.10"
+  },
+  "dependencies": {
+    "zod": "^3.23.8"
+  }
+}
+```
+
+Notes on the change set:
+- Removed `@sveltejs/adapter-auto` (not needed; we always use `adapter-static`).
+- Removed `eslint-plugin-svelte3` (deprecated → `eslint-plugin-svelte`).
+- Removed `prettier-plugin-svelte` 2.x → 3.x.
+- Removed `svelte-preprocess` (Svelte 5 + `@sveltejs/vite-plugin-svelte` 4 handle TS preprocessing natively; the standalone preprocess package is only needed for non-Vite setups).
+- Added `@sveltejs/vite-plugin-svelte` ^4 (was a peer of Kit; now explicit).
+- Added `globals` ^15 (used by ESLint 9 flat config to declare browser/node globals).
+- Added `typescript-eslint` ^8 (the new aggregated package; supersedes the separate parser+plugin pair, but we keep both pinned for explicitness).
+- Added `zod` ^3.23 to dependencies (not devDependencies — it's runtime).
+- `packageManager` bumped to `pnpm@10`.
+
+- [ ] **Step 3: Verify JSON parses**
+
+```bash
+node --eval 'JSON.parse(require("fs").readFileSync("web/package.json","utf8"))' && echo OK
+```
+
+- [ ] **Step 4: Do not run install yet** — Tasks 3 changes lockfile mechanics first.
+
+- [ ] **Step 5: Commit (config-only commit)**
+
+```bash
+git add web/package.json
+git commit -m "chore(web): upgrade deps to Svelte 5 + Kit 2 + Vite 5 + ESLint 9 + Prettier 3"
+```
+
+### Task 3: Regenerate `pnpm-lock.yaml` under pnpm 10
+
+**Files:**
+- Modify: `web/pnpm-lock.yaml` (full regenerate)
+- Modify: `web/node_modules` (deleted, reinstalled)
+
+- [ ] **Step 1: Activate pnpm 10 via corepack**
+
+```bash
+corepack enable
+corepack prepare pnpm@10.0.0 --activate
+pnpm --version
+```
+
+Expected: `10.x` printed.
+
+- [ ] **Step 2: Wipe old lockfile + node_modules**
+
+```bash
+cd web
+rm -rf node_modules pnpm-lock.yaml .svelte-kit
+cd ..
+```
+
+- [ ] **Step 3: Fresh install (creates lockfile v9)**
+
+```bash
+cd web
+pnpm install
+cd ..
+```
+
+Expected: install succeeds, `pnpm-lock.yaml` written. Lockfile header should read `lockfileVersion: '9.0'`. If pnpm still warns about peer-dep mismatches, note them but don't add overrides unless install fails outright.
+
+- [ ] **Step 4: Verify the lockfile version**
+
+```bash
+head -3 web/pnpm-lock.yaml
+```
+
+Expected first line: `lockfileVersion: '9.0'` (or higher if pnpm 10 ships v10+; either is acceptable).
+
+- [ ] **Step 5: Commit lockfile**
+
+```bash
+git add web/pnpm-lock.yaml
+git commit -m "chore(web): regenerate pnpm-lock.yaml under pnpm 10 (lockfile v9)"
+```
+
+### Task 4: Update `svelte.config.js` + `vite.config.ts` for Kit 2 / Vite 5
+
+**Files:**
+- Modify: `web/svelte.config.js`
+- Modify: `web/vite.config.ts`
+- Verify: `web/tsconfig.json` (svelte-kit sync regenerates `.svelte-kit/tsconfig.json` automatically; the user-facing tsconfig may need a tiny tweak)
+
+- [ ] **Step 1: Read current `svelte.config.js`**
+
+```bash
+cat web/svelte.config.js
+```
+
+It looks like (Svelte 3 era):
+
+```js
+import adapter from '@sveltejs/adapter-static';
+import preprocess from 'svelte-preprocess';
+
+const config = {
+  preprocess: preprocess(),
+  kit: { adapter: adapter({ fallback: 'index.html' }) },
+};
+export default config;
+```
+
+- [ ] **Step 2: Replace with Svelte 5 + Kit 2 form**
+
+```js
+// web/svelte.config.js
+import adapter from '@sveltejs/adapter-static';
+import { vitePreprocess } from '@sveltejs/vite-plugin-svelte';
+
+/** @type {import('@sveltejs/kit').Config} */
+const config = {
+  preprocess: vitePreprocess(),
+  kit: {
+    adapter: adapter({
+      pages: 'build',
+      assets: 'build',
+      fallback: 'index.html',
+      precompress: false,
+      strict: true,
+    }),
+  },
+};
+
+export default config;
+```
+
+Key changes:
+- `vitePreprocess()` from `@sveltejs/vite-plugin-svelte` (replaces `svelte-preprocess`).
+- Explicit adapter options (Kit 2 requires explicit pages/assets paths or omits them; we set both).
+- `fallback: 'index.html'` keeps SPA-mode routing — every unknown path serves the SPA shell. The Rust backend's `ServeDir` fallback (Plan 1 Task 31) provides the same behavior in production.
+
+- [ ] **Step 3: Verify `vite.config.ts` matches Vite 5**
+
+The current `vite.config.ts` (from Plan 1 Task 3):
+
+```ts
+import { sveltekit } from '@sveltejs/kit/vite';
+import type { UserConfig } from 'vite';
+
+const config: UserConfig = {
+  plugins: [sveltekit()],
+  server: {
+    port: 5173,
+    strictPort: true,
+    proxy: {
+      '/api': {
+        target: 'http://127.0.0.1:8080',
+        changeOrigin: false,
+      },
+    },
+  },
+};
+
+export default config;
+```
+
+Vite 5 / Kit 2 require **no changes** to this file — it stays compatible. Verify by re-reading and confirming.
+
+- [ ] **Step 4: Tweak `tsconfig.json` if needed**
+
+Read current:
+
+```bash
+cat web/tsconfig.json
+```
+
+If it `extends "./.svelte-kit/tsconfig.json"`, leave alone. SvelteKit 2 generates the inner config slightly differently but exports the same path. Make sure `compilerOptions` doesn't override `module` / `moduleResolution` in a way Vite 5 dislikes — if it does, remove those overrides and let svelte-kit own them.
+
+Recommended user-facing `web/tsconfig.json`:
+
+```json
+{
+  "extends": "./.svelte-kit/tsconfig.json",
+  "compilerOptions": {
+    "allowJs": true,
+    "checkJs": true,
+    "esModuleInterop": true,
+    "forceConsistentCasingInFileNames": true,
+    "resolveJsonModule": true,
+    "skipLibCheck": true,
+    "sourceMap": true,
+    "strict": true,
+    "moduleResolution": "bundler"
+  }
+}
+```
+
+- [ ] **Step 5: Run `svelte-kit sync` to regenerate generated configs**
+
+```bash
+cd web
+pnpm exec svelte-kit sync
+cd ..
+```
+
+Expected: `.svelte-kit/tsconfig.json` and `.svelte-kit/types/` regenerated, no errors.
+
+- [ ] **Step 6: Commit**
+
+```bash
+git add web/svelte.config.js web/tsconfig.json
+git commit -m "chore(web): migrate svelte.config.js + tsconfig to Kit 2 / Svelte 5"
+```
+
+### Task 5: Replace ESLint config with flat-config (ESLint 9)
+
+**Files:**
+- Delete: `web/.eslintrc.cjs`, `web/.eslintignore`
+- Create: `web/eslint.config.js`
+
+- [ ] **Step 1: Inspect old config**
+
+```bash
+cat web/.eslintrc.cjs
+cat web/.eslintignore 2>/dev/null || echo "(no eslintignore)"
+```
+
+- [ ] **Step 2: Remove the legacy config files**
+
+```bash
+git rm web/.eslintrc.cjs
+[ -f web/.eslintignore ] && git rm web/.eslintignore
+```
+
+- [ ] **Step 3: Write `eslint.config.js`**
+
+```js
+// web/eslint.config.js
+import js from '@eslint/js';
+import ts from 'typescript-eslint';
+import svelte from 'eslint-plugin-svelte';
+import prettier from 'eslint-config-prettier';
+import globals from 'globals';
+
+/** @type {import('eslint').Linter.Config[]} */
+export default [
+  js.configs.recommended,
+  ...ts.configs.recommended,
+  ...svelte.configs['flat/recommended'],
+  prettier,
+  ...svelte.configs['flat/prettier'],
+  {
+    languageOptions: {
+      globals: { ...globals.browser, ...globals.node },
+    },
+  },
+  {
+    files: ['**/*.svelte'],
+    languageOptions: {
+      parserOptions: { parser: ts.parser },
+    },
+  },
+  {
+    ignores: [
+      'build/',
+      '.svelte-kit/',
+      'node_modules/',
+      'static/',
+      'pnpm-lock.yaml',
+    ],
+  },
+];
+```
+
+Notes:
+- Flat config replaces `.eslintrc.cjs`. `extends:` is gone — composition is just spreading config arrays.
+- `js.configs.recommended` is the new way to opt in to ESLint's built-in recommended rules.
+- `ts.configs.recommended` is from the `typescript-eslint` aggregated package.
+- `svelte.configs['flat/recommended']` plus `svelte.configs['flat/prettier']` are the eslint-plugin-svelte 2.x flat-config exports.
+- `prettier` (from `eslint-config-prettier`) disables stylistic rules that conflict with Prettier.
+
+- [ ] **Step 4: Add the `@eslint/js` package**
+
+```bash
+cd web
+pnpm add -D @eslint/js@^9.14.0
+cd ..
+```
+
+(This was missed in Task 2's package.json; it's a runtime dep of the flat config above.)
+
+- [ ] **Step 5: Run lint to verify the config compiles**
+
+```bash
+cd web
+pnpm lint 2>&1 | tail -30
+cd ..
+```
+
+Expected: lint either passes or fails with **rule violations from the actual codebase** (not config errors). Phase 1 will rewrite the offending components, so failures here are acceptable as long as they're rule-driven, not config-driven.
+
+If you see `Error: Cannot find module ...` or `Failed to load config`, the config has a structural bug — fix before committing.
+
+- [ ] **Step 6: Commit**
+
+```bash
+git add web/eslint.config.js web/package.json web/pnpm-lock.yaml
+git commit -m "chore(web): migrate ESLint to 9.x flat config (eslint.config.js)"
+```
+
+### Task 6: Update Prettier 3 config + verify svelte-check compiles
+
+**Files:**
+- Modify: `web/.prettierrc`
+- Modify (maybe): `web/.prettierignore`
+
+- [ ] **Step 1: Inspect current `.prettierrc`**
+
+```bash
+cat web/.prettierrc
+```
+
+It's typically:
+
+```json
+{
+  "useTabs": false,
+  "singleQuote": true,
+  "trailingComma": "none",
+  "printWidth": 100,
+  "plugins": ["prettier-plugin-svelte"],
+  "pluginSearchDirs": ["."],
+  "overrides": [{ "files": "*.svelte", "options": { "parser": "svelte" } }]
+}
+```
+
+- [ ] **Step 2: Replace with Prettier 3 form**
+
+```json
+{
+  "useTabs": false,
+  "singleQuote": true,
+  "trailingComma": "none",
+  "printWidth": 100,
+  "plugins": ["prettier-plugin-svelte"],
+  "overrides": [
+    { "files": "*.svelte", "options": { "parser": "svelte" } }
+  ]
+}
+```
+
+Removed `pluginSearchDirs` (deprecated in Prettier 3). The `--plugin-search-dir` flag was already removed from the `lint` script in Task 2.
+
+- [ ] **Step 3: Verify `.prettierignore` covers build artefacts**
+
+Make sure it contains at least:
+
+```
+build/
+.svelte-kit/
+node_modules/
+pnpm-lock.yaml
+static/
+```
+
+If not, replace with:
+
+```
+.DS_Store
+build/
+.svelte-kit/
+node_modules/
+pnpm-lock.yaml
+static/
+```
+
+- [ ] **Step 4: Format the entire codebase under Prettier 3**
+
+```bash
+cd web
+pnpm format
+cd ..
+```
+
+Prettier 3 may reformat some files (mainly stylistic — e.g. arrow-parens, quote consistency). Inspect the diff with `git diff --stat` — should be small and cosmetic.
+
+- [ ] **Step 5: Run svelte-check to confirm compile is clean**
+
+```bash
+cd web
+pnpm check 2>&1 | tail -25
+cd ..
+```
+
+Expected: `Done — found 0 errors and 0 warnings`. Svelte 5 will compile the existing Svelte 3 components in legacy mode and print **deprecation warnings** about `export let` and `$:` reactive statements; that's the trigger for Phase 1's rewrite. Note these as expected.
+
+If you see actual `Error:` lines (not "deprecation"), stop and report — something is genuinely broken.
+
+- [ ] **Step 6: Commit**
+
+```bash
+git add web/.prettierrc web/.prettierignore web/src
+git commit -m "chore(web): bump Prettier to 3.x; reformat under new config"
+```
+
+(The `web/src` add captures the cosmetic reformat from Step 4.)
+
+---
+
+## Phase 1: Rewrite Components in Runes (Tasks 7–11)
+
+Goal: replace Svelte 3 idioms (`export let prop`, `$: derived`) with Svelte 5 runes (`let { prop }: Props = $props()`, `$derived`, `$state`, `$effect`). Each task is one component file. The dev server must keep serving the same UI throughout.
+
+**Runes cheat sheet for this codebase:**
+- `export let foo: T` → `let { foo }: { foo: T } = $props();`
+- `let count = 0; $: doubled = count * 2;` → `let count = $state(0); let doubled = $derived(count * 2);`
+- `$: { sideEffect(count); }` → `$effect(() => { sideEffect(count); });`
+- Stores still work the same: `import { foo } from '...'; $foo` reads.
+- No `<script>` tag changes for `import` order.
+
+### Task 7: Avatar.svelte + Footer.svelte + +layout.svelte (no-prop pure-display components)
+
+**Files:**
+- Modify: `web/src/lib/components/Avatar.svelte`
+- Modify: `web/src/lib/components/Footer.svelte`
+- Modify: `web/src/routes/+layout.svelte`
+
+These three have no props and no reactive state — they only import constants and render. Svelte 5 leaves them mostly as-is, but we add the `<script lang="ts">` formality and remove any deprecation triggers.
+
+- [ ] **Step 1: Avatar.svelte**
+
+Read the file first; current content:
+
+```svelte
+<script lang="ts">
+  import { avatarURL } from '$lib/constants/avatar';
+  import { siteName } from '$lib/constants/siteInfo';
+</script>
+
+<div class="avatar">
+  <img src={avatarURL} alt={siteName} />
+</div>
+
+<style lang="scss">
+  /* unchanged */
+</style>
+```
+
+This file already uses no `export let` and no `$:`. **No changes needed.** Svelte 5 accepts it natively. Skip to Step 2.
+
+- [ ] **Step 2: Footer.svelte**
+
+Same situation — pure import + render. Read; if it has no `export let` and no `$:`, leave it alone. Otherwise rewrite the affected blocks per the runes cheat sheet.
+
+- [ ] **Step 3: +layout.svelte**
+
+Read; the file currently looks like:
+
+```svelte
+<script lang="ts">
+  import Header from '$lib/components/Header.svelte';
+  import Footer from '$lib/components/Footer.svelte';
+  import '../app.scss';
+</script>
+
+<Header />
+
+<main>
+  <slot />
+</main>
+
+<Footer />
+
+<style lang="scss"> /* unchanged */ </style>
+```
+
+In Svelte 5, `<slot />` is **deprecated** in favor of snippets / `{@render children()}`. Replace:
+
+```svelte
+<script lang="ts">
+  import Header from '$lib/components/Header.svelte';
+  import Footer from '$lib/components/Footer.svelte';
+  import '../app.scss';
+
+  let { children } = $props();
+</script>
+
+<Header />
+
+<main>
+  {@render children()}
+</main>
+
+<Footer />
+
+<style lang="scss"> /* unchanged */ </style>
+```
+
+(Keep the `<style>` block byte-for-byte identical; only the `<script>` and the slot site change.)
+
+- [ ] **Step 4: Verify**
+
+```bash
+cd web
+pnpm check 2>&1 | tail -10
+pnpm dev --host 127.0.0.1 --port 5173 > /tmp/web-after.log 2>&1 &
+DEV_PID=$!
+sleep 6
+curl -sf http://127.0.0.1:5173/ | head -c 200
+diff <(head -c 200 /tmp/web-baseline.html) <(curl -sf http://127.0.0.1:5173/ | head -c 200) || echo "(differences are OK if cosmetic only)"
+kill $DEV_PID 2>/dev/null
+cd ..
+```
+
+Expected: `pnpm check` is clean (zero deprecation warnings about layout's `<slot>`). Visual smoke test: HTML still has `<title>` + same body structure.
+
+- [ ] **Step 5: Commit**
+
+```bash
+git add web/src/routes/+layout.svelte web/src/lib/components/Avatar.svelte web/src/lib/components/Footer.svelte
+git commit -m "refactor(web): rewrite +layout/Avatar/Footer for Svelte 5 (replace <slot> with children snippet)"
+```
+
+### Task 8: Header.svelte (with child + reactive title)
+
+**Files:**
+- Modify: `web/src/lib/components/Header.svelte`
+
+- [ ] **Step 1: Read current**
+
+```svelte
+<script lang="ts">
+  import { siteName } from '$lib/constants/siteInfo';
+  import { avatarURL } from '$lib/constants/avatar';
+  import SiteSelect from './SiteSelect.svelte';
+</script>
+
+<header class="header">
+  <a href="/" class="header-logo">
+    <img src={avatarURL} alt={siteName} />
+    <span class="name">{siteName}</span>
+  </a>
+  <SiteSelect />
+</header>
+
+<style lang="scss"> /* unchanged */ </style>
+```
+
+- [ ] **Step 2: Verify it has no `export let` / `$:`** — looks like it doesn't. **No changes needed**, but bump the `<script lang="ts">` if missing (it's there).
+
+- [ ] **Step 3: Run check**
+
+```bash
+cd web
+pnpm check 2>&1 | tail -5
+cd ..
+```
+
+Expected: no warnings about Header.
+
+- [ ] **Step 4: Commit (no-op note)**
+
+If literally no diff occurred, **skip this commit** and merge the work into Task 9's commit instead. Keep the plan honest — record "Task 8: no rewrite needed (Header already runes-compatible)" in the next commit body.
+
+### Task 9: SiteSelect.svelte (state + window listener)
+
+**Files:**
+- Modify: `web/src/lib/components/SiteSelect.svelte`
+
+- [ ] **Step 1: Read current**
+
+```svelte
+<script lang="ts">
+  import { get } from 'svelte/store';
+  import { onDestroy } from 'svelte';
+  import { siteList, type ISite } from '$lib/constants/nav';
+  import { siteStore } from '$lib/store/siteStore';
+
+  let site = get(siteStore);
+
+  const unsubscribe = siteStore.subscribe((siteInfo: ISite) => {
+    site = siteInfo;
+  });
+
+  let visible = false;
+
+  const handleBtnClick = (evt: Event) => {
+    evt.stopPropagation();
+    visible = !visible;
+  };
+
+  const handleItemClick = (site: ISite) => {
+    siteStore.set(site);
+    visible = false;
+  };
+
+  const handleWindowClick = () => {
+    visible = false;
+  };
+
+  onDestroy(() => {
+    unsubscribe();
+  });
+</script>
+
+<svelte:window on:click={handleWindowClick} />
+
+<div class={`site-select ${visible ? 'site-select-show' : ''}`}>
+  <!-- ... -->
+</div>
+```
+
+- [ ] **Step 2: Rewrite using runes**
+
+```svelte
+<script lang="ts">
+  import { siteList, type ISite } from '$lib/constants/nav';
+  import { siteStore } from '$lib/store/siteStore';
+
+  // Svelte 5 still supports auto-subscription via `$store`; no manual subscribe needed.
+  let visible = $state(false);
+
+  function handleBtnClick(evt: Event) {
+    evt.stopPropagation();
+    visible = !visible;
+  }
+
+  function handleItemClick(s: ISite) {
+    siteStore.set(s);
+    visible = false;
+  }
+
+  function handleWindowClick() {
+    visible = false;
+  }
+</script>
+
+<svelte:window onclick={handleWindowClick} />
+
+<div class={`site-select ${visible ? 'site-select-show' : ''}`}>
+  <div class="site-select-btn" onclick={handleBtnClick}>{$siteStore?.name ?? ''}</div>
+  <div class="site-select-list">
+    {#each siteList as siteItem}
+      <div
+        class={`site-select-list-item ${$siteStore.value === siteItem.value ? 'site-select-list-item-active' : ''}`}
+        onclick={(evt) => {
+          evt.stopPropagation();
+          handleItemClick(siteItem);
+        }}
+      >
+        <div class="nav-item-name">{siteItem.name || ''}</div>
+      </div>
+    {/each}
+  </div>
+</div>
+
+<style lang="scss"> /* unchanged */ </style>
+```
+
+Key changes:
+- Removed `import { get } from 'svelte/store'` and `import { onDestroy } from 'svelte'` — auto-subscription via `$siteStore` reads the live value at every render.
+- Removed manual `siteStore.subscribe(...)` and `onDestroy` cleanup — `$siteStore` handles both.
+- `let visible = $state(false)` instead of `let visible = false`.
+- Svelte 5 prefers `onclick={fn}` over `on:click={fn}` (legacy syntax still accepted but emits deprecation warnings).
+- `<svelte:window onclick={...}>` — same syntax change.
+
+> **Accessibility note:** `<div onclick>` triggers an a11y warning in Svelte 5. The Plan 2/3 design system rewrite will replace these with `<button>` elements; for this plan we only do the runes rewrite and accept the warning. Add `<!-- svelte-ignore a11y_click_events_have_key_events -->` and `<!-- svelte-ignore a11y_no_static_element_interactions -->` directly above the offending `<div>` blocks if you want the build to be warning-free this commit.
+
+- [ ] **Step 3: Verify**
+
+```bash
+cd web
+pnpm check 2>&1 | tail -10
+cd ..
+```
+
+Expected: 0 errors, 0 warnings (with the `svelte-ignore` directives), or a small number of accessibility warnings that we'll resolve in Plan 2/3.
+
+- [ ] **Step 4: Commit**
+
+```bash
+git add web/src/lib/components/SiteSelect.svelte
+git commit -m "refactor(web): rewrite SiteSelect for Svelte 5 runes ($state + auto-store)"
+```
+
+### Task 10: Nav.svelte (store-driven list)
+
+**Files:**
+- Modify: `web/src/lib/components/Nav.svelte`
+
+- [ ] **Step 1: Read current**
+
+```svelte
+<script lang="ts">
+  import { get } from 'svelte/store';
+  import { onDestroy } from 'svelte';
+  import type { INavItem } from '$lib/constants/nav';
+  import { isURL } from '$lib/utils/index';
+  import { availableNavListStore, siteStore } from '$lib/store/siteStore';
+
+  let navList = get(availableNavListStore);
+  const unsubscribe = availableNavListStore.subscribe(($navList: INavItem[]) => {
+    navList = $navList;
+  });
+
+  onDestroy(() => {
+    unsubscribe();
+  });
+
+  const handleClick = (nav: INavItem) => {
+    const site = get(siteStore);
+    const link = nav?.link?.[site?.value || ''];
+    if (link) {
+      window.open(link, '_blank', 'noreferrer,noreferrer');
+    }
+  };
+</script>
+
+<div class="nav">
+  {#each navList as nav}
+    <div class="nav-item" on:click={() => handleClick(nav)}>
+      <!-- ... -->
+    </div>
+  {/each}
+</div>
+```
+
+- [ ] **Step 2: Rewrite using runes**
+
+```svelte
+<script lang="ts">
+  import type { INavItem } from '$lib/constants/nav';
+  import { isURL } from '$lib/utils/index';
+  import { availableNavListStore, siteStore } from '$lib/store/siteStore';
+
+  function handleClick(nav: INavItem) {
+    const link = nav?.link?.[$siteStore?.value || ''];
+    if (link) {
+      window.open(link, '_blank', 'noreferrer,noreferrer');
+    }
+  }
+</script>
+
+<div class="nav">
+  {#each $availableNavListStore as nav}
+    <!-- svelte-ignore a11y_click_events_have_key_events -->
+    <!-- svelte-ignore a11y_no_static_element_interactions -->
+    <div class="nav-item" onclick={() => handleClick(nav)}>
+      <div class="nav-item-icon">
+        <img src={isURL(nav.source) ? nav.source : `/navIcons/${nav.source}`} alt={nav.name} />
+      </div>
+      <div class="nav-item-name">
+        {nav.name || ''}
+      </div>
+    </div>
+  {/each}
+</div>
+
+<style lang="scss"> /* unchanged */ </style>
+```
+
+Key changes:
+- Removed `get` and `onDestroy` imports.
+- Removed manual subscribe/unsubscribe — used `$availableNavListStore` directly in the template.
+- Replaced `on:click` with `onclick`.
+- Added `svelte-ignore` directives for a11y warnings (Plan 2/3 fixes via `<button>`).
+
+- [ ] **Step 3: Verify**
+
+```bash
+cd web
+pnpm check 2>&1 | tail -5
+pnpm dev --host 127.0.0.1 --port 5173 > /dev/null 2>&1 &
+DEV_PID=$!
+sleep 6
+curl -sf http://127.0.0.1:5173/ | grep -oE 'class="nav"' | head -1
+kill $DEV_PID 2>/dev/null
+cd ..
+```
+
+Expected: page renders the nav grid; element is in the HTML output.
+
+- [ ] **Step 4: Commit**
+
+```bash
+git add web/src/lib/components/Nav.svelte
+git commit -m "refactor(web): rewrite Nav for Svelte 5 runes (auto-store, onclick)"
+```
+
+### Task 11: +page.svelte
+
+**Files:**
+- Modify: `web/src/routes/+page.svelte`
+
+- [ ] **Step 1: Read current**
+
+```svelte
+<script lang="ts">
+  import { siteName } from '$lib/constants/siteInfo';
+  import Nav from '$lib/components/Nav.svelte';
+</script>
+
+<svelte:head>
+  <title>{siteName}</title>
+</svelte:head>
+
+<Nav />
+
+<style lang="scss"> /* unchanged */ </style>
+```
+
+- [ ] **Step 2: Verify** — no `export let` / `$:` / `<slot>`. **No rewrite needed**, the file already runes-compatible.
+
+- [ ] **Step 3: Run check + dev**
+
+```bash
+cd web
+pnpm check 2>&1 | tail -5
+cd ..
+```
+
+- [ ] **Step 4: Commit (skip if no diff)**
+
+If `git diff` for this file shows no changes, no commit for Task 11. Note in Phase 2 verification.
+
+---
+
+## Phase 2: Verification + Wrap-up (Task 12)
+
+### Task 12: Full pipeline green
+
+**Files:**
+- No code changes; verification only
+
+- [ ] **Step 1: Build the site**
+
+```bash
+cd web
+pnpm build
+ls -la build | head -10
+cd ..
+```
+
+Expected: `build/` directory contains `index.html`, `_app/`, and asset files. Build prints no errors.
+
+- [ ] **Step 2: svelte-check clean**
+
+```bash
+cd web
+pnpm check 2>&1 | tail -5
+cd ..
+```
+
+Expected: `0 errors / 0 warnings` (a11y warnings should now be silenced by the `svelte-ignore` directives placed in Tasks 9–10; if any remain, add directives or fix the markup).
+
+- [ ] **Step 3: Lint clean**
+
+```bash
+cd web
+pnpm lint 2>&1 | tail -10
+cd ..
+```
+
+Expected: `prettier --check` clean and `eslint` clean. If eslint reports new issues from `eslint-plugin-svelte` 2.x rules (e.g. `svelte/valid-compile`), fix or downgrade rule severity inline in `eslint.config.js`. Don't blanket-disable.
+
+- [ ] **Step 4: Visual no-regression smoke**
+
+```bash
+cd web
+pnpm preview --host 127.0.0.1 --port 4173 > /dev/null 2>&1 &
+PREVIEW_PID=$!
+sleep 4
+curl -sf http://127.0.0.1:4173/ -o /tmp/web-after.html
+diff <(head -c 500 /tmp/web-baseline.html) <(head -c 500 /tmp/web-after.html) | head -30 || true
+grep -oE '<title>[^<]+</title>' /tmp/web-after.html
+kill $PREVIEW_PID 2>/dev/null
+cd ..
+```
+
+Expected: `<title>` tag matches baseline. Differences in surrounding HTML are expected (Vite 5 / Kit 2 emit slightly different scaffolding, hashes change), but the user-visible content (title, body markup, classes from our `.svelte` files) should be identical.
+
+- [ ] **Step 5: Run Playwright smoke if config still resolves**
+
+```bash
+cd web
+pnpm test --reporter=list 2>&1 | tail -20 || echo "(playwright config may need refresh — fix in Plan 5)"
+cd ..
+```
+
+If Playwright fails because of config drift (the upstream `@playwright/test` 1.49 may reject the existing `web/playwright.config.js`), note as a known issue and **don't fix in this plan** — Plan 5 owns the e2e refresh. Document the failure and skip.
+
+- [ ] **Step 6: Commit summary doc** *(optional, only if anything in the plan fell back/changed)*
+
+If no deviations, skip the commit. Otherwise add a single doc paragraph to `docs/superpowers/plans/2026-05-20-plan-1.5-svelte5-upgrade.md` under a new `## Execution Notes` section recording deviations (e.g., "Playwright tests deferred to Plan 5"), then:
+
+```bash
+git add docs/superpowers/plans/2026-05-20-plan-1.5-svelte5-upgrade.md
+git commit -m "docs: record Plan 1.5 execution deviations"
+```
+
+---
+
+## Self-Review (filled by writer)
+
+**Spec coverage**
+
+| Plan-1.5 Goal | Covered by |
+|---|---|
+| Svelte 5 + runes | Tasks 7–11 |
+| SvelteKit 2.x stable | Task 2 (deps) + Task 4 (config) |
+| Vite 5 | Task 2 (deps) |
+| ESLint 9 flat config | Task 5 |
+| Prettier 3 | Tasks 2 + 6 |
+| `eslint-plugin-svelte` (deprecation fix) | Task 5 |
+| zod ^3.23 added (for Plan 2) | Task 2 |
+| pnpm 10 + lockfile v9 | Task 3 |
+| Visual zero-regression | Tasks 7, 10, 12 |
+
+**Type / signature consistency**
+
+- `vitePreprocess()` (named export) replaces `preprocess()` (default export of removed `svelte-preprocess`). Verified across `svelte.config.js`.
+- `$props()` used in Task 7 (+layout) and Task 9 (SiteSelect would have used it if it had props — it doesn't, hence runes here are only `$state`).
+- Store auto-subscription `$store` works identically to Svelte 3; no API drift.
+
+**Placeholder scan**
+
+- No "TBD" / "TODO" markers in the plan.
+- Each task either has explicit content to commit OR explicitly says "skip if no diff" (Tasks 8, 11) — both branches handled.
+
+**Scope discipline**
+
+- This plan does not introduce new features. It only modernizes the substrate.
+- `svelte-ignore` directives are temporary scaffolding — Plan 2/3 will remove them by replacing `<div onclick>` with `<button>` per the spec a11y requirements.
+- The Playwright failure (if any) is explicitly deferred to Plan 5 to keep this plan focused.
+
+**Verification gates**
+
+- Phase 0 ends with `pnpm check` clean (modulo runtime deprecation warnings about Svelte 3 idioms).
+- Phase 1 ends with `pnpm check` zero-warning.
+- Phase 2 explicitly runs `pnpm build` + `pnpm check` + `pnpm lint` + visual smoke + (optional) Playwright.
+
+**Deferred to other plans**
+
+- Replacing `<div onclick>` with `<button>` (Plan 2/3).
+- Playwright config refresh (Plan 5).
+- Removing legacy components entirely once Plan 3 ships new Header / Footer / Nav / SiteSelect (Plan 3 deletes the files in this plan's tree once equivalents exist).
diff --git a/web/.eslintignore b/web/.eslintignore
deleted file mode 100644
index 3897265..0000000
--- a/web/.eslintignore
+++ /dev/null
@@ -1,13 +0,0 @@
-.DS_Store
-node_modules
-/build
-/.svelte-kit
-/package
-.env
-.env.*
-!.env.example
-
-# Ignore files for PNPM, NPM and YARN
-pnpm-lock.yaml
-package-lock.json
-yarn.lock
diff --git a/web/.eslintrc.cjs b/web/.eslintrc.cjs
deleted file mode 100644
index eaf19f5..0000000
--- a/web/.eslintrc.cjs
+++ /dev/null
@@ -1,20 +0,0 @@
-module.exports = {
-  root: true,
-  parser: '@typescript-eslint/parser',
-  extends: ['eslint:recommended', 'plugin:@typescript-eslint/recommended', 'prettier'],
-  plugins: ['svelte3', '@typescript-eslint'],
-  ignorePatterns: ['*.cjs'],
-  overrides: [{ files: ['*.svelte'], processor: 'svelte3/svelte3' }],
-  settings: {
-    'svelte3/typescript': () => require('typescript')
-  },
-  parserOptions: {
-    sourceType: 'module',
-    ecmaVersion: 2020
-  },
-  env: {
-    browser: true,
-    es2017: true,
-    node: true
-  }
-};
diff --git a/web/.prettierignore b/web/.prettierignore
index 3897265..6358727 100644
--- a/web/.prettierignore
+++ b/web/.prettierignore
@@ -11,3 +11,6 @@ node_modules
 pnpm-lock.yaml
 package-lock.json
 yarn.lock
+
+# TS syntax in .js extension — pending rename in Phase 1
+playwright.config.js
diff --git a/web/.prettierrc b/web/.prettierrc
index d1c4b3e..0580f3e 100644
--- a/web/.prettierrc
+++ b/web/.prettierrc
@@ -3,16 +3,6 @@
   "singleQuote": true,
   "trailingComma": "none",
   "printWidth": 100,
-  "tabWidth": 2,
-  "pluginSearchDirs": [
-    "."
-  ],
-  "overrides": [
-    {
-      "files": "*.svelte",
-      "options": {
-        "parser": "svelte"
-      }
-    }
-  ]
-}
\ No newline at end of file
+  "plugins": ["prettier-plugin-svelte"],
+  "overrides": [{ "files": "*.svelte", "options": { "parser": "svelte" } }]
+}
diff --git a/web/eslint.config.js b/web/eslint.config.js
new file mode 100644
index 0000000..ce9261f
--- /dev/null
+++ b/web/eslint.config.js
@@ -0,0 +1,28 @@
+import js from '@eslint/js';
+import ts from 'typescript-eslint';
+import svelte from 'eslint-plugin-svelte';
+import prettier from 'eslint-config-prettier';
+import globals from 'globals';
+
+/** @type {import('eslint').Linter.Config[]} */
+export default [
+  js.configs.recommended,
+  ...ts.configs.recommended,
+  ...svelte.configs['flat/recommended'],
+  prettier,
+  ...svelte.configs['flat/prettier'],
+  {
+    languageOptions: {
+      globals: { ...globals.browser, ...globals.node }
+    }
+  },
+  {
+    files: ['**/*.svelte'],
+    languageOptions: {
+      parserOptions: { parser: ts.parser }
+    }
+  },
+  {
+    ignores: ['build/', '.svelte-kit/', 'node_modules/', 'static/', 'pnpm-lock.yaml']
+  }
+];
diff --git a/web/package.json b/web/package.json
index c1a08a8..9d51ae9 100644
--- a/web/package.json
+++ b/web/package.json
@@ -2,7 +2,7 @@
   "name": "navigation-website",
   "version": "1.0.0",
   "type": "module",
-  "packageManager": "pnpm@9.15.9",
+  "packageManager": "pnpm@10.0.0",
   "scripts": {
     "dev": "vite dev",
     "build": "vite build",
@@ -10,27 +10,32 @@
     "test": "playwright test",
     "check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
     "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
-    "lint": "prettier --plugin-search-dir . --check . && eslint .",
-    "format": "prettier --plugin-search-dir . --write ."
+    "lint": "prettier --check . && eslint .",
+    "format": "prettier --write ."
   },
   "devDependencies": {
-    "@playwright/test": "^1.33.0",
-    "@sveltejs/adapter-auto": "^2.0.1",
-    "@sveltejs/adapter-static": "^2.0.2",
-    "@sveltejs/kit": "next",
-    "@typescript-eslint/eslint-plugin": "^5.59.1",
-    "@typescript-eslint/parser": "^5.59.1",
-    "eslint": "^8.39.0",
-    "eslint-config-prettier": "^8.8.0",
-    "eslint-plugin-svelte3": "^4.0.0",
-    "prettier": "^2.8.8",
-    "prettier-plugin-svelte": "^2.10.0",
-    "sass": "^1.62.1",
-    "svelte": "^3.58.0",
-    "svelte-check": "^3.2.0",
-    "svelte-preprocess": "^5.0.3",
-    "tslib": "^2.5.0",
-    "typescript": "^5.0.4",
-    "vite": "^4.3.3"
+    "@eslint/js": "^9.14.0",
+    "@playwright/test": "^1.49.0",
+    "@sveltejs/adapter-static": "^3.0.6",
+    "@sveltejs/kit": "^2.8.0",
+    "@sveltejs/vite-plugin-svelte": "^4.0.0",
+    "@typescript-eslint/eslint-plugin": "^8.13.0",
+    "@typescript-eslint/parser": "^8.13.0",
+    "eslint": "^9.14.0",
+    "eslint-config-prettier": "^9.1.0",
+    "eslint-plugin-svelte": "^2.46.0",
+    "globals": "^15.12.0",
+    "prettier": "^3.3.3",
+    "prettier-plugin-svelte": "^3.2.7",
+    "sass": "^1.81.0",
+    "svelte": "^5.1.16",
+    "svelte-check": "^4.0.7",
+    "tslib": "^2.8.1",
+    "typescript": "^5.6.3",
+    "typescript-eslint": "^8.13.0",
+    "vite": "^5.4.10"
+  },
+  "dependencies": {
+    "zod": "^3.23.8"
   }
-}
\ No newline at end of file
+}
diff --git a/web/pnpm-lock.yaml b/web/pnpm-lock.yaml
index 7655bc1..20e3595 100644
--- a/web/pnpm-lock.yaml
+++ b/web/pnpm-lock.yaml
@@ -1,1788 +1,2300 @@
-lockfileVersion: '6.0'
-
-devDependencies:
-  '@playwright/test':
-    specifier: ^1.33.0
-    version: 1.33.0
-  '@sveltejs/adapter-auto':
-    specifier: ^2.0.1
-    version: 2.0.1(@sveltejs/kit@1.0.0-next.589)
-  '@sveltejs/adapter-static':
-    specifier: ^2.0.2
-    version: 2.0.2(@sveltejs/kit@1.0.0-next.589)
-  '@sveltejs/kit':
-    specifier: next
-    version: 1.0.0-next.589(svelte@3.58.0)(vite@4.3.3)
-  '@typescript-eslint/eslint-plugin':
-    specifier: ^5.59.1
-    version: 5.59.1(@typescript-eslint/parser@5.59.1)(eslint@8.39.0)(typescript@5.0.4)
-  '@typescript-eslint/parser':
-    specifier: ^5.59.1
-    version: 5.59.1(eslint@8.39.0)(typescript@5.0.4)
-  eslint:
-    specifier: ^8.39.0
-    version: 8.39.0
-  eslint-config-prettier:
-    specifier: ^8.8.0
-    version: 8.8.0(eslint@8.39.0)
-  eslint-plugin-svelte3:
-    specifier: ^4.0.0
-    version: 4.0.0(eslint@8.39.0)(svelte@3.58.0)
-  prettier:
-    specifier: ^2.8.8
-    version: 2.8.8
-  prettier-plugin-svelte:
-    specifier: ^2.10.0
-    version: 2.10.0(prettier@2.8.8)(svelte@3.58.0)
-  sass:
-    specifier: ^1.62.1
-    version: 1.62.1
-  svelte:
-    specifier: ^3.58.0
-    version: 3.58.0
-  svelte-check:
-    specifier: ^3.2.0
-    version: 3.2.0(sass@1.62.1)(svelte@3.58.0)
-  svelte-preprocess:
-    specifier: ^5.0.3
-    version: 5.0.3(sass@1.62.1)(svelte@3.58.0)(typescript@5.0.4)
-  tslib:
-    specifier: ^2.5.0
-    version: 2.5.0
-  typescript:
-    specifier: ^5.0.4
-    version: 5.0.4
-  vite:
-    specifier: ^4.3.3
-    version: 4.3.3(sass@1.62.1)
+lockfileVersion: '9.0'
+
+settings:
+  autoInstallPeers: true
+  excludeLinksFromLockfile: false
+
+importers:
+
+  .:
+    dependencies:
+      zod:
+        specifier: ^3.23.8
+        version: 3.25.76
+    devDependencies:
+      '@eslint/js':
+        specifier: ^9.14.0
+        version: 9.39.4
+      '@playwright/test':
+        specifier: ^1.49.0
+        version: 1.60.0
+      '@sveltejs/adapter-static':
+        specifier: ^3.0.6
+        version: 3.0.10(@sveltejs/kit@2.60.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@5.9.3)(vite@5.4.21(sass@1.99.0)))
+      '@sveltejs/kit':
+        specifier: ^2.8.0
+        version: 2.60.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@5.9.3)(vite@5.4.21(sass@1.99.0))
+      '@sveltejs/vite-plugin-svelte':
+        specifier: ^4.0.0
+        version: 4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0))
+      '@typescript-eslint/eslint-plugin':
+        specifier: ^8.13.0
+        version: 8.59.4(@typescript-eslint/parser@8.59.4(eslint@9.39.4)(typescript@5.9.3))(eslint@9.39.4)(typescript@5.9.3)
+      '@typescript-eslint/parser':
+        specifier: ^8.13.0
+        version: 8.59.4(eslint@9.39.4)(typescript@5.9.3)
+      eslint:
+        specifier: ^9.14.0
+        version: 9.39.4
+      eslint-config-prettier:
+        specifier: ^9.1.0
+        version: 9.1.2(eslint@9.39.4)
+      eslint-plugin-svelte:
+        specifier: ^2.46.0
+        version: 2.46.1(eslint@9.39.4)(svelte@5.55.8(@typescript-eslint/types@8.59.4))
+      globals:
+        specifier: ^15.12.0
+        version: 15.15.0
+      prettier:
+        specifier: ^3.3.3
+        version: 3.8.3
+      prettier-plugin-svelte:
+        specifier: ^3.2.7
+        version: 3.5.2(prettier@3.8.3)(svelte@5.55.8(@typescript-eslint/types@8.59.4))
+      sass:
+        specifier: ^1.81.0
+        version: 1.99.0
+      svelte:
+        specifier: ^5.1.16
+        version: 5.55.8(@typescript-eslint/types@8.59.4)
+      svelte-check:
+        specifier: ^4.0.7
+        version: 4.4.8(picomatch@4.0.4)(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@5.9.3)
+      tslib:
+        specifier: ^2.8.1
+        version: 2.8.1
+      typescript:
+        specifier: ^5.6.3
+        version: 5.9.3
+      typescript-eslint:
+        specifier: ^8.13.0
+        version: 8.59.4(eslint@9.39.4)(typescript@5.9.3)
+      vite:
+        specifier: ^5.4.10
+        version: 5.4.21(sass@1.99.0)
 
 packages:
 
-  /@esbuild/android-arm64@0.17.18:
-    resolution: {integrity: sha512-/iq0aK0eeHgSC3z55ucMAHO05OIqmQehiGay8eP5l/5l+iEr4EIbh4/MI8xD9qRFjqzgkc0JkX0LculNC9mXBw==}
+  '@esbuild/aix-ppc64@0.21.5':
+    resolution: {integrity: sha512-1SDgH6ZSPTlggy1yI6+Dbkiz8xzpHJEVAlF/AM1tHPLsf5STom9rwtjE4hKAF20FfXXNTFqEYXyJNWh1GiZedQ==}
+    engines: {node: '>=12'}
+    cpu: [ppc64]
+    os: [aix]
+
+  '@esbuild/android-arm64@0.21.5':
+    resolution: {integrity: sha512-c0uX9VAUBQ7dTDCjq+wdyGLowMdtR/GoC2U5IYk/7D1H1JYC0qseD7+11iMP2mRLN9RcCMRcjC4YMclCzGwS/A==}
     engines: {node: '>=12'}
     cpu: [arm64]
     os: [android]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/android-arm@0.17.18:
-    resolution: {integrity: sha512-EmwL+vUBZJ7mhFCs5lA4ZimpUH3WMAoqvOIYhVQwdIgSpHC8ImHdsRyhHAVxpDYUSm0lWvd63z0XH1IlImS2Qw==}
+  '@esbuild/android-arm@0.21.5':
+    resolution: {integrity: sha512-vCPvzSjpPHEi1siZdlvAlsPxXl7WbOVUBBAowWug4rJHb68Ox8KualB+1ocNvT5fjv6wpkX6o/iEpbDrf68zcg==}
     engines: {node: '>=12'}
     cpu: [arm]
     os: [android]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/android-x64@0.17.18:
-    resolution: {integrity: sha512-x+0efYNBF3NPW2Xc5bFOSFW7tTXdAcpfEg2nXmxegm4mJuVeS+i109m/7HMiOQ6M12aVGGFlqJX3RhNdYM2lWg==}
+  '@esbuild/android-x64@0.21.5':
+    resolution: {integrity: sha512-D7aPRUUNHRBwHxzxRvp856rjUHRFW1SdQATKXH2hqA0kAZb1hKmi02OpYRacl0TxIGz/ZmXWlbZgjwWYaCakTA==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [android]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/darwin-arm64@0.17.18:
-    resolution: {integrity: sha512-6tY+djEAdF48M1ONWnQb1C+6LiXrKjmqjzPNPWXhu/GzOHTHX2nh8Mo2ZAmBFg0kIodHhciEgUBtcYCAIjGbjQ==}
+  '@esbuild/darwin-arm64@0.21.5':
+    resolution: {integrity: sha512-DwqXqZyuk5AiWWf3UfLiRDJ5EDd49zg6O9wclZ7kUMv2WRFr4HKjXp/5t8JZ11QbQfUS6/cRCKGwYhtNAY88kQ==}
     engines: {node: '>=12'}
     cpu: [arm64]
     os: [darwin]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/darwin-x64@0.17.18:
-    resolution: {integrity: sha512-Qq84ykvLvya3dO49wVC9FFCNUfSrQJLbxhoQk/TE1r6MjHo3sFF2tlJCwMjhkBVq3/ahUisj7+EpRSz0/+8+9A==}
+  '@esbuild/darwin-x64@0.21.5':
+    resolution: {integrity: sha512-se/JjF8NlmKVG4kNIuyWMV/22ZaerB+qaSi5MdrXtd6R08kvs2qCN4C09miupktDitvh8jRFflwGFBQcxZRjbw==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [darwin]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/freebsd-arm64@0.17.18:
-    resolution: {integrity: sha512-fw/ZfxfAzuHfaQeMDhbzxp9mc+mHn1Y94VDHFHjGvt2Uxl10mT4CDavHm+/L9KG441t1QdABqkVYwakMUeyLRA==}
+  '@esbuild/freebsd-arm64@0.21.5':
+    resolution: {integrity: sha512-5JcRxxRDUJLX8JXp/wcBCy3pENnCgBR9bN6JsY4OmhfUtIHe3ZW0mawA7+RDAcMLrMIZaf03NlQiX9DGyB8h4g==}
     engines: {node: '>=12'}
     cpu: [arm64]
     os: [freebsd]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/freebsd-x64@0.17.18:
-    resolution: {integrity: sha512-FQFbRtTaEi8ZBi/A6kxOC0V0E9B/97vPdYjY9NdawyLd4Qk5VD5g2pbWN2VR1c0xhzcJm74HWpObPszWC+qTew==}
+  '@esbuild/freebsd-x64@0.21.5':
+    resolution: {integrity: sha512-J95kNBj1zkbMXtHVH29bBriQygMXqoVQOQYA+ISs0/2l3T9/kj42ow2mpqerRBxDJnmkUDCaQT/dfNXWX/ZZCQ==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [freebsd]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/linux-arm64@0.17.18:
-    resolution: {integrity: sha512-R7pZvQZFOY2sxUG8P6A21eq6q+eBv7JPQYIybHVf1XkQYC+lT7nDBdC7wWKTrbvMXKRaGudp/dzZCwL/863mZQ==}
+  '@esbuild/linux-arm64@0.21.5':
+    resolution: {integrity: sha512-ibKvmyYzKsBeX8d8I7MH/TMfWDXBF3db4qM6sy+7re0YXya+K1cem3on9XgdT2EQGMu4hQyZhan7TeQ8XkGp4Q==}
     engines: {node: '>=12'}
     cpu: [arm64]
     os: [linux]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/linux-arm@0.17.18:
-    resolution: {integrity: sha512-jW+UCM40LzHcouIaqv3e/oRs0JM76JfhHjCavPxMUti7VAPh8CaGSlS7cmyrdpzSk7A+8f0hiedHqr/LMnfijg==}
+  '@esbuild/linux-arm@0.21.5':
+    resolution: {integrity: sha512-bPb5AHZtbeNGjCKVZ9UGqGwo8EUu4cLq68E95A53KlxAPRmUyYv2D6F0uUI65XisGOL1hBP5mTronbgo+0bFcA==}
     engines: {node: '>=12'}
     cpu: [arm]
     os: [linux]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/linux-ia32@0.17.18:
-    resolution: {integrity: sha512-ygIMc3I7wxgXIxk6j3V00VlABIjq260i967Cp9BNAk5pOOpIXmd1RFQJQX9Io7KRsthDrQYrtcx7QCof4o3ZoQ==}
+  '@esbuild/linux-ia32@0.21.5':
+    resolution: {integrity: sha512-YvjXDqLRqPDl2dvRODYmmhz4rPeVKYvppfGYKSNGdyZkA01046pLWyRKKI3ax8fbJoK5QbxblURkwK/MWY18Tg==}
     engines: {node: '>=12'}
     cpu: [ia32]
     os: [linux]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/linux-loong64@0.17.18:
-    resolution: {integrity: sha512-bvPG+MyFs5ZlwYclCG1D744oHk1Pv7j8psF5TfYx7otCVmcJsEXgFEhQkbhNW8otDHL1a2KDINW20cfCgnzgMQ==}
+  '@esbuild/linux-loong64@0.21.5':
+    resolution: {integrity: sha512-uHf1BmMG8qEvzdrzAqg2SIG/02+4/DHB6a9Kbya0XDvwDEKCoC8ZRWI5JJvNdUjtciBGFQ5PuBlpEOXQj+JQSg==}
     engines: {node: '>=12'}
     cpu: [loong64]
     os: [linux]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/linux-mips64el@0.17.18:
-    resolution: {integrity: sha512-oVqckATOAGuiUOa6wr8TXaVPSa+6IwVJrGidmNZS1cZVx0HqkTMkqFGD2HIx9H1RvOwFeWYdaYbdY6B89KUMxA==}
+  '@esbuild/linux-mips64el@0.21.5':
+    resolution: {integrity: sha512-IajOmO+KJK23bj52dFSNCMsz1QP1DqM6cwLUv3W1QwyxkyIWecfafnI555fvSGqEKwjMXVLokcV5ygHW5b3Jbg==}
     engines: {node: '>=12'}
     cpu: [mips64el]
     os: [linux]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/linux-ppc64@0.17.18:
-    resolution: {integrity: sha512-3dLlQO+b/LnQNxgH4l9rqa2/IwRJVN9u/bK63FhOPB4xqiRqlQAU0qDU3JJuf0BmaH0yytTBdoSBHrb2jqc5qQ==}
+  '@esbuild/linux-ppc64@0.21.5':
+    resolution: {integrity: sha512-1hHV/Z4OEfMwpLO8rp7CvlhBDnjsC3CttJXIhBi+5Aj5r+MBvy4egg7wCbe//hSsT+RvDAG7s81tAvpL2XAE4w==}
     engines: {node: '>=12'}
     cpu: [ppc64]
     os: [linux]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/linux-riscv64@0.17.18:
-    resolution: {integrity: sha512-/x7leOyDPjZV3TcsdfrSI107zItVnsX1q2nho7hbbQoKnmoeUWjs+08rKKt4AUXju7+3aRZSsKrJtaRmsdL1xA==}
+  '@esbuild/linux-riscv64@0.21.5':
+    resolution: {integrity: sha512-2HdXDMd9GMgTGrPWnJzP2ALSokE/0O5HhTUvWIbD3YdjME8JwvSCnNGBnTThKGEB91OZhzrJ4qIIxk/SBmyDDA==}
     engines: {node: '>=12'}
     cpu: [riscv64]
     os: [linux]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/linux-s390x@0.17.18:
-    resolution: {integrity: sha512-cX0I8Q9xQkL/6F5zWdYmVf5JSQt+ZfZD2bJudZrWD+4mnUvoZ3TDDXtDX2mUaq6upMFv9FlfIh4Gfun0tbGzuw==}
+  '@esbuild/linux-s390x@0.21.5':
+    resolution: {integrity: sha512-zus5sxzqBJD3eXxwvjN1yQkRepANgxE9lgOW2qLnmr8ikMTphkjgXu1HR01K4FJg8h1kEEDAqDcZQtbrRnB41A==}
     engines: {node: '>=12'}
     cpu: [s390x]
     os: [linux]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/linux-x64@0.17.18:
-    resolution: {integrity: sha512-66RmRsPlYy4jFl0vG80GcNRdirx4nVWAzJmXkevgphP1qf4dsLQCpSKGM3DUQCojwU1hnepI63gNZdrr02wHUA==}
+  '@esbuild/linux-x64@0.21.5':
+    resolution: {integrity: sha512-1rYdTpyv03iycF1+BhzrzQJCdOuAOtaqHTWJZCWvijKD2N5Xu0TtVC8/+1faWqcP9iBCWOmjmhoH94dH82BxPQ==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [linux]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/netbsd-x64@0.17.18:
-    resolution: {integrity: sha512-95IRY7mI2yrkLlTLb1gpDxdC5WLC5mZDi+kA9dmM5XAGxCME0F8i4bYH4jZreaJ6lIZ0B8hTrweqG1fUyW7jbg==}
+  '@esbuild/netbsd-x64@0.21.5':
+    resolution: {integrity: sha512-Woi2MXzXjMULccIwMnLciyZH4nCIMpWQAs049KEeMvOcNADVxo0UBIQPfSmxB3CWKedngg7sWZdLvLczpe0tLg==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [netbsd]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/openbsd-x64@0.17.18:
-    resolution: {integrity: sha512-WevVOgcng+8hSZ4Q3BKL3n1xTv5H6Nb53cBrtzzEjDbbnOmucEVcZeGCsCOi9bAOcDYEeBZbD2SJNBxlfP3qiA==}
+  '@esbuild/openbsd-x64@0.21.5':
+    resolution: {integrity: sha512-HLNNw99xsvx12lFBUwoT8EVCsSvRNDVxNpjZ7bPn947b8gJPzeHWyNVhFsaerc0n3TsbOINvRP2byTZ5LKezow==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [openbsd]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/sunos-x64@0.17.18:
-    resolution: {integrity: sha512-Rzf4QfQagnwhQXVBS3BYUlxmEbcV7MY+BH5vfDZekU5eYpcffHSyjU8T0xucKVuOcdCsMo+Ur5wmgQJH2GfNrg==}
+  '@esbuild/sunos-x64@0.21.5':
+    resolution: {integrity: sha512-6+gjmFpfy0BHU5Tpptkuh8+uw3mnrvgs+dSPQXQOv3ekbordwnzTVEb4qnIvQcYXq6gzkyTnoZ9dZG+D4garKg==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [sunos]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/win32-arm64@0.17.18:
-    resolution: {integrity: sha512-Kb3Ko/KKaWhjeAm2YoT/cNZaHaD1Yk/pa3FTsmqo9uFh1D1Rfco7BBLIPdDOozrObj2sahslFuAQGvWbgWldAg==}
+  '@esbuild/win32-arm64@0.21.5':
+    resolution: {integrity: sha512-Z0gOTd75VvXqyq7nsl93zwahcTROgqvuAcYDUr+vOv8uHhNSKROyU961kgtCD1e95IqPKSQKH7tBTslnS3tA8A==}
     engines: {node: '>=12'}
     cpu: [arm64]
     os: [win32]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/win32-ia32@0.17.18:
-    resolution: {integrity: sha512-0/xUMIdkVHwkvxfbd5+lfG7mHOf2FRrxNbPiKWg9C4fFrB8H0guClmaM3BFiRUYrznVoyxTIyC/Ou2B7QQSwmw==}
+  '@esbuild/win32-ia32@0.21.5':
+    resolution: {integrity: sha512-SWXFF1CL2RVNMaVs+BBClwtfZSvDgtL//G/smwAc5oVK/UPu2Gu9tIaRgFmYFFKrmg3SyAjSrElf0TiJ1v8fYA==}
     engines: {node: '>=12'}
     cpu: [ia32]
     os: [win32]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@esbuild/win32-x64@0.17.18:
-    resolution: {integrity: sha512-qU25Ma1I3NqTSHJUOKi9sAH1/Mzuvlke0ioMJRthLXKm7JiSKVwFghlGbDLOO2sARECGhja4xYfRAZNPAkooYg==}
+  '@esbuild/win32-x64@0.21.5':
+    resolution: {integrity: sha512-tQd/1efJuzPC6rCFwEvLtci/xNFcTZknmXs98FYDfGE4wP9ClFV98nyKrzJKVPMhdDnjzLhdUyMX4PsQAPjwIw==}
     engines: {node: '>=12'}
     cpu: [x64]
     os: [win32]
-    requiresBuild: true
-    dev: true
-    optional: true
 
-  /@eslint-community/eslint-utils@4.4.0(eslint@8.39.0):
-    resolution: {integrity: sha512-1/sA4dwrzBAyeUoQ6oxahHKmrZvsnLCg4RfxW3ZFGGmQkSNQPFNLV9CUEFQP1x9EYXHTo5p6xdhZM1Ne9p/AfA==}
+  '@eslint-community/eslint-utils@4.9.1':
+    resolution: {integrity: sha512-phrYmNiYppR7znFEdqgfWHXR6NCkZEK7hwWDHZUjit/2/U0r6XvkDl0SYnoM51Hq7FhCGdLDT6zxCCOY1hexsQ==}
     engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
     peerDependencies:
       eslint: ^6.0.0 || ^7.0.0 || >=8.0.0
-    dependencies:
-      eslint: 8.39.0
-      eslint-visitor-keys: 3.4.0
-    dev: true
 
-  /@eslint-community/regexpp@4.5.0:
-    resolution: {integrity: sha512-vITaYzIcNmjn5tF5uxcZ/ft7/RXGrMUIS9HalWckEOF6ESiwXKoMzAQf2UW0aVd6rnOeExTJVd5hmWXucBKGXQ==}
+  '@eslint-community/regexpp@4.12.2':
+    resolution: {integrity: sha512-EriSTlt5OC9/7SXkRSCAhfSxxoSUgBm33OH+IkwbdpgoqsSsUg7y3uh+IICI/Qg4BBWr3U2i39RpmycbxMq4ew==}
     engines: {node: ^12.0.0 || ^14.0.0 || >=16.0.0}
-    dev: true
 
-  /@eslint/eslintrc@2.0.2:
-    resolution: {integrity: sha512-3W4f5tDUra+pA+FzgugqL2pRimUTDJWKr7BINqOpkZrC0uYI0NIc0/JFgBROCU07HR6GieA5m3/rsPIhDmCXTQ==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
-    dependencies:
-      ajv: 6.12.6
-      debug: 4.3.4
-      espree: 9.5.1
-      globals: 13.20.0
-      ignore: 5.2.4
-      import-fresh: 3.3.0
-      js-yaml: 4.1.0
-      minimatch: 3.1.2
-      strip-json-comments: 3.1.1
-    transitivePeerDependencies:
-      - supports-color
-    dev: true
+  '@eslint/config-array@0.21.2':
+    resolution: {integrity: sha512-nJl2KGTlrf9GjLimgIru+V/mzgSK0ABCDQRvxw5BjURL7WfH5uoWmizbH7QB6MmnMBd8cIC9uceWnezL1VZWWw==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
 
-  /@eslint/js@8.39.0:
-    resolution: {integrity: sha512-kf9RB0Fg7NZfap83B3QOqOGg9QmD9yBudqQXzzOtn3i4y7ZUXe5ONeW34Gwi+TxhH4mvj72R1Zc300KUMa9Bng==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
-    dev: true
+  '@eslint/config-helpers@0.4.2':
+    resolution: {integrity: sha512-gBrxN88gOIf3R7ja5K9slwNayVcZgK6SOUORm2uBzTeIEfeVaIhOpCtTox3P6R7o2jLFwLFTLnC7kU/RGcYEgw==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
 
-  /@humanwhocodes/config-array@0.11.8:
-    resolution: {integrity: sha512-UybHIJzJnR5Qc/MsD9Kr+RpO2h+/P1GhOwdiLPXK5TWk5sgTdu88bTD9UP+CKbPPh5Rni1u0GjAdYQLemG8g+g==}
-    engines: {node: '>=10.10.0'}
-    dependencies:
-      '@humanwhocodes/object-schema': 1.2.1
-      debug: 4.3.4
-      minimatch: 3.1.2
-    transitivePeerDependencies:
-      - supports-color
-    dev: true
+  '@eslint/core@0.17.0':
+    resolution: {integrity: sha512-yL/sLrpmtDaFEiUj1osRP4TI2MDz1AddJL+jZ7KSqvBuliN4xqYY54IfdN8qD8Toa6g1iloph1fxQNkjOxrrpQ==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+
+  '@eslint/eslintrc@3.3.5':
+    resolution: {integrity: sha512-4IlJx0X0qftVsN5E+/vGujTRIFtwuLbNsVUe7TO6zYPDR1O6nFwvwhIKEKSrl6dZchmYBITazxKoUYOjdtjlRg==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+
+  '@eslint/js@9.39.4':
+    resolution: {integrity: sha512-nE7DEIchvtiFTwBw4Lfbu59PG+kCofhjsKaCWzxTpt4lfRjRMqG6uMBzKXuEcyXhOHoUp9riAm7/aWYGhXZ9cw==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
 
-  /@humanwhocodes/module-importer@1.0.1:
+  '@eslint/object-schema@2.1.7':
+    resolution: {integrity: sha512-VtAOaymWVfZcmZbp6E2mympDIHvyjXs/12LqWYjVw6qjrfF+VK+fyG33kChz3nnK+SU5/NeHOqrTEHS8sXO3OA==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+
+  '@eslint/plugin-kit@0.4.1':
+    resolution: {integrity: sha512-43/qtrDUokr7LJqoF2c3+RInu/t4zfrpYdoSDfYyhg52rwLV6TnOvdG4fXm7IkSB3wErkcmJS9iEhjVtOSEjjA==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+
+  '@humanfs/core@0.19.2':
+    resolution: {integrity: sha512-UhXNm+CFMWcbChXywFwkmhqjs3PRCmcSa/hfBgLIb7oQ5HNb1wS0icWsGtSAUNgefHeI+eBrA8I1fxmbHsGdvA==}
+    engines: {node: '>=18.18.0'}
+
+  '@humanfs/node@0.16.8':
+    resolution: {integrity: sha512-gE1eQNZ3R++kTzFUpdGlpmy8kDZD/MLyHqDwqjkVQI0JMdI1D51sy1H958PNXYkM2rAac7e5/CnIKZrHtPh3BQ==}
+    engines: {node: '>=18.18.0'}
+
+  '@humanfs/types@0.15.0':
+    resolution: {integrity: sha512-ZZ1w0aoQkwuUuC7Yf+7sdeaNfqQiiLcSRbfI08oAxqLtpXQr9AIVX7Ay7HLDuiLYAaFPu8oBYNq/QIi9URHJ3Q==}
+    engines: {node: '>=18.18.0'}
+
+  '@humanwhocodes/module-importer@1.0.1':
     resolution: {integrity: sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA==}
     engines: {node: '>=12.22'}
-    dev: true
 
-  /@humanwhocodes/object-schema@1.2.1:
-    resolution: {integrity: sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA==}
-    dev: true
+  '@humanwhocodes/retry@0.4.3':
+    resolution: {integrity: sha512-bV0Tgo9K4hfPCek+aMAn81RppFKv2ySDQeMoSZuvTASywNTnVJCArCZE2FWqpvIatKu7VMRLWlR1EazvVhDyhQ==}
+    engines: {node: '>=18.18'}
+
+  '@jridgewell/gen-mapping@0.3.13':
+    resolution: {integrity: sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==}
 
-  /@jridgewell/resolve-uri@3.1.0:
-    resolution: {integrity: sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w==}
+  '@jridgewell/remapping@2.3.5':
+    resolution: {integrity: sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ==}
+
+  '@jridgewell/resolve-uri@3.1.2':
+    resolution: {integrity: sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==}
     engines: {node: '>=6.0.0'}
-    dev: true
 
-  /@jridgewell/sourcemap-codec@1.4.14:
-    resolution: {integrity: sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw==}
-    dev: true
+  '@jridgewell/sourcemap-codec@1.5.5':
+    resolution: {integrity: sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==}
 
-  /@jridgewell/sourcemap-codec@1.4.15:
-    resolution: {integrity: sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==}
-    dev: true
+  '@jridgewell/trace-mapping@0.3.31':
+    resolution: {integrity: sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==}
 
-  /@jridgewell/trace-mapping@0.3.18:
-    resolution: {integrity: sha512-w+niJYzMHdd7USdiH2U6869nqhD2nbfZXND5Yp93qIbEmnDNk7PD48o+YchRVpzMU7M6jVCbenTR7PA1FLQ9pA==}
-    dependencies:
-      '@jridgewell/resolve-uri': 3.1.0
-      '@jridgewell/sourcemap-codec': 1.4.14
-    dev: true
+  '@parcel/watcher-android-arm64@2.5.6':
+    resolution: {integrity: sha512-YQxSS34tPF/6ZG7r/Ih9xy+kP/WwediEUsqmtf0cuCV5TPPKw/PQHRhueUo6JdeFJaqV3pyjm0GdYjZotbRt/A==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [arm64]
+    os: [android]
 
-  /@nodelib/fs.scandir@2.1.5:
-    resolution: {integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==}
-    engines: {node: '>= 8'}
-    dependencies:
-      '@nodelib/fs.stat': 2.0.5
-      run-parallel: 1.2.0
-    dev: true
+  '@parcel/watcher-darwin-arm64@2.5.6':
+    resolution: {integrity: sha512-Z2ZdrnwyXvvvdtRHLmM4knydIdU9adO3D4n/0cVipF3rRiwP+3/sfzpAwA/qKFL6i1ModaabkU7IbpeMBgiVEA==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [arm64]
+    os: [darwin]
 
-  /@nodelib/fs.stat@2.0.5:
-    resolution: {integrity: sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==}
-    engines: {node: '>= 8'}
-    dev: true
+  '@parcel/watcher-darwin-x64@2.5.6':
+    resolution: {integrity: sha512-HgvOf3W9dhithcwOWX9uDZyn1lW9R+7tPZ4sug+NGrGIo4Rk1hAXLEbcH1TQSqxts0NYXXlOWqVpvS1SFS4fRg==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [x64]
+    os: [darwin]
 
-  /@nodelib/fs.walk@1.2.8:
-    resolution: {integrity: sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==}
-    engines: {node: '>= 8'}
-    dependencies:
-      '@nodelib/fs.scandir': 2.1.5
-      fastq: 1.15.0
-    dev: true
+  '@parcel/watcher-freebsd-x64@2.5.6':
+    resolution: {integrity: sha512-vJVi8yd/qzJxEKHkeemh7w3YAn6RJCtYlE4HPMoVnCpIXEzSrxErBW5SJBgKLbXU3WdIpkjBTeUNtyBVn8TRng==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [x64]
+    os: [freebsd]
 
-  /@playwright/test@1.33.0:
-    resolution: {integrity: sha512-YunBa2mE7Hq4CfPkGzQRK916a4tuZoVx/EpLjeWlTVOnD4S2+fdaQZE0LJkbfhN5FTSKNLdcl7MoT5XB37bTkg==}
-    engines: {node: '>=14'}
+  '@parcel/watcher-linux-arm-glibc@2.5.6':
+    resolution: {integrity: sha512-9JiYfB6h6BgV50CCfasfLf/uvOcJskMSwcdH1PHH9rvS1IrNy8zad6IUVPVUfmXr+u+Km9IxcfMLzgdOudz9EQ==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [arm]
+    os: [linux]
+
+  '@parcel/watcher-linux-arm-musl@2.5.6':
+    resolution: {integrity: sha512-Ve3gUCG57nuUUSyjBq/MAM0CzArtuIOxsBdQ+ftz6ho8n7s1i9E1Nmk/xmP323r2YL0SONs1EuwqBp2u1k5fxg==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [arm]
+    os: [linux]
+
+  '@parcel/watcher-linux-arm64-glibc@2.5.6':
+    resolution: {integrity: sha512-f2g/DT3NhGPdBmMWYoxixqYr3v/UXcmLOYy16Bx0TM20Tchduwr4EaCbmxh1321TABqPGDpS8D/ggOTaljijOA==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [arm64]
+    os: [linux]
+
+  '@parcel/watcher-linux-arm64-musl@2.5.6':
+    resolution: {integrity: sha512-qb6naMDGlbCwdhLj6hgoVKJl2odL34z2sqkC7Z6kzir8b5W65WYDpLB6R06KabvZdgoHI/zxke4b3zR0wAbDTA==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [arm64]
+    os: [linux]
+
+  '@parcel/watcher-linux-x64-glibc@2.5.6':
+    resolution: {integrity: sha512-kbT5wvNQlx7NaGjzPFu8nVIW1rWqV780O7ZtkjuWaPUgpv2NMFpjYERVi0UYj1msZNyCzGlaCWEtzc+exjMGbQ==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [x64]
+    os: [linux]
+
+  '@parcel/watcher-linux-x64-musl@2.5.6':
+    resolution: {integrity: sha512-1JRFeC+h7RdXwldHzTsmdtYR/Ku8SylLgTU/reMuqdVD7CtLwf0VR1FqeprZ0eHQkO0vqsbvFLXUmYm/uNKJBg==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [x64]
+    os: [linux]
+
+  '@parcel/watcher-win32-arm64@2.5.6':
+    resolution: {integrity: sha512-3ukyebjc6eGlw9yRt678DxVF7rjXatWiHvTXqphZLvo7aC5NdEgFufVwjFfY51ijYEWpXbqF5jtrK275z52D4Q==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [arm64]
+    os: [win32]
+
+  '@parcel/watcher-win32-ia32@2.5.6':
+    resolution: {integrity: sha512-k35yLp1ZMwwee3Ez/pxBi5cf4AoBKYXj00CZ80jUz5h8prpiaQsiRPKQMxoLstNuqe2vR4RNPEAEcjEFzhEz/g==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [ia32]
+    os: [win32]
+
+  '@parcel/watcher-win32-x64@2.5.6':
+    resolution: {integrity: sha512-hbQlYcCq5dlAX9Qx+kFb0FHue6vbjlf0FrNzSKdYK2APUf7tGfGxQCk2ihEREmbR6ZMc0MVAD5RIX/41gpUzTw==}
+    engines: {node: '>= 10.0.0'}
+    cpu: [x64]
+    os: [win32]
+
+  '@parcel/watcher@2.5.6':
+    resolution: {integrity: sha512-tmmZ3lQxAe/k/+rNnXQRawJ4NjxO2hqiOLTHvWchtGZULp4RyFeh6aU4XdOYBFe2KE1oShQTv4AblOs2iOrNnQ==}
+    engines: {node: '>= 10.0.0'}
+
+  '@playwright/test@1.60.0':
+    resolution: {integrity: sha512-O71yZIbAh/PxDMNGns37GHBIfrVkEVyn+AXyIa5dOTfb4/xNvRWV+Vv/NMbNCtODB/pO7vLlF2OTmMVLhmr7Ag==}
+    engines: {node: '>=18'}
     hasBin: true
-    dependencies:
-      '@types/node': 18.16.2
-      playwright-core: 1.33.0
-    optionalDependencies:
-      fsevents: 2.3.2
-    dev: true
 
-  /@polka/url@1.0.0-next.21:
-    resolution: {integrity: sha512-a5Sab1C4/icpTZVzZc5Ghpz88yQtGOyNqYXcZgOssB2uuAr+wF/MvN6bgtW32q7HHrvBki+BsZ0OuNv6EV3K9g==}
-    dev: true
+  '@polka/url@1.0.0-next.29':
+    resolution: {integrity: sha512-wwQAWhWSuHaag8c4q/KN/vCoeOJYshAIvMQwD4GpSb3OiZklFfvAgmj0VCBBImRpuF/aFgIRzllXlVX93Jevww==}
+
+  '@rollup/rollup-android-arm-eabi@4.60.4':
+    resolution: {integrity: sha512-F5QXMSiFebS9hKZj02XhWLLnRpJ3B3AROP0tWbFBSj+6kCbg5m9j5JoHKd4mmSVy5mS/IMQloYgYxCuJC0fxEQ==}
+    cpu: [arm]
+    os: [android]
+
+  '@rollup/rollup-android-arm64@4.60.4':
+    resolution: {integrity: sha512-GxxTKApUpzRhof7poWvCJHRF51C67u1R7D6DiluBE8wKU1u5GWE8t+v81JvJYtbawoBFX1hLv5Ei4eVjkWokaw==}
+    cpu: [arm64]
+    os: [android]
+
+  '@rollup/rollup-darwin-arm64@4.60.4':
+    resolution: {integrity: sha512-tua0TaJxMOB1R0V0RS1jFZ/RpURFDJIOR2A6jWwQeawuFyS4gBW+rntLRaQd0EQ4bd6Vp44Z2rXW+YYDBsj6IA==}
+    cpu: [arm64]
+    os: [darwin]
+
+  '@rollup/rollup-darwin-x64@4.60.4':
+    resolution: {integrity: sha512-CSKq7MsP+5PFIcydhAiR1K0UhEI1A2jWXVKHPCBZ151yOutENwvnPocgVHkivu2kviURtCEB6zUQw0vs8RrhMg==}
+    cpu: [x64]
+    os: [darwin]
+
+  '@rollup/rollup-freebsd-arm64@4.60.4':
+    resolution: {integrity: sha512-+O8OkVdyvXMtJEciu2wS/pzm1IxntEEQx3z5TAVy4l32G0etZn+RsA48ARRrFm6Ri8fvqPQfgrvNxSjKAbnd3g==}
+    cpu: [arm64]
+    os: [freebsd]
+
+  '@rollup/rollup-freebsd-x64@4.60.4':
+    resolution: {integrity: sha512-Iw3oMskH3AfNuhU0MSN7vNbdi4me/NiYo2azqPz/Le16zHSa+3RRmliCMWWQmh4lcndccU40xcJuTYJZxNo/lw==}
+    cpu: [x64]
+    os: [freebsd]
+
+  '@rollup/rollup-linux-arm-gnueabihf@4.60.4':
+    resolution: {integrity: sha512-EIPRXTVQpHyF8WOo219AD2yEltPehLTcTMz2fn6JsatLYSzQf00hj3rulF+yauOlF9/FtM2WpkT/hJh/KJFGhA==}
+    cpu: [arm]
+    os: [linux]
+
+  '@rollup/rollup-linux-arm-musleabihf@4.60.4':
+    resolution: {integrity: sha512-J3Yh9PzzF1Ovah2At+lHiGQdsYgArxBbXv/zHfSyaiFQEqvNv7DcW98pCrmdjCZBrqBiKrKKe2V+aaSGWuBe/w==}
+    cpu: [arm]
+    os: [linux]
+
+  '@rollup/rollup-linux-arm64-gnu@4.60.4':
+    resolution: {integrity: sha512-BFDEZMYfUvLn37ONE1yMBojPxnMlTFsdyNoqncT0qFq1mAfllL+ATMMJd8TeuVMiX84s1KbcxcZbXInmcO2mRg==}
+    cpu: [arm64]
+    os: [linux]
+
+  '@rollup/rollup-linux-arm64-musl@4.60.4':
+    resolution: {integrity: sha512-pc9EYOSlOgdQ2uPl1o9PF6/kLSgaUosia7gOuS8mB69IxJvlclko1MECXysjs5ryez1/5zjYqx3+xYU0TU6R1A==}
+    cpu: [arm64]
+    os: [linux]
+
+  '@rollup/rollup-linux-loong64-gnu@4.60.4':
+    resolution: {integrity: sha512-NxnomyxYerDh5n4iLrNa+sH+Z+U4BMEE46V2PgQ/hoB909i8gV1M5wPojWg9fk1jWpO3IQnOs20K4wyZuFLEFQ==}
+    cpu: [loong64]
+    os: [linux]
+
+  '@rollup/rollup-linux-loong64-musl@4.60.4':
+    resolution: {integrity: sha512-nbJnQ8a3z1mtmrwImCYhc6BGpThAyYVRQxw9uKSKG4wR6aAYno9sVjJ0zaZcW9BPJX1GbrDPf+SvdWjgTuDmnw==}
+    cpu: [loong64]
+    os: [linux]
+
+  '@rollup/rollup-linux-ppc64-gnu@4.60.4':
+    resolution: {integrity: sha512-2EU6acNrQLd8tYvo/LXW535wupT3m6fo7HKo6lr7ktQoItxTyOL1ZCR/GfGCuXl2vR+zmfI6eRXkSemafv+iVg==}
+    cpu: [ppc64]
+    os: [linux]
+
+  '@rollup/rollup-linux-ppc64-musl@4.60.4':
+    resolution: {integrity: sha512-WeBtoMuaMxiiIrO2IYP3xs6GMWkJP2C0EoT8beTLkUPmzV1i/UcOSVw1d5r9KBODtHKilG5yFxsGRnBbK3wJ4A==}
+    cpu: [ppc64]
+    os: [linux]
+
+  '@rollup/rollup-linux-riscv64-gnu@4.60.4':
+    resolution: {integrity: sha512-FJHFfqpKUI3A10WrWKiFbBZ7yVbGT4q4B5o1qKFFojqpaYoh9LrQgqWCmmcxQzVSXYtyB5bzkXrYzlHTs21MYA==}
+    cpu: [riscv64]
+    os: [linux]
+
+  '@rollup/rollup-linux-riscv64-musl@4.60.4':
+    resolution: {integrity: sha512-mcEl6CUT5IAUmQf1m9FYSmVqCJlpQ8r8eyftFUHG8i9OhY7BkBXSUdnLH5DOf0wCOjcP9v/QO93zpmF1SptCCw==}
+    cpu: [riscv64]
+    os: [linux]
+
+  '@rollup/rollup-linux-s390x-gnu@4.60.4':
+    resolution: {integrity: sha512-ynt3JxVd2w2buzoKDWIyiV1pJW93xlQic1THVLXilz429oijRpSHivZAgp65KBu+cMcgf1eVVjdnTLvPxgCuoQ==}
+    cpu: [s390x]
+    os: [linux]
+
+  '@rollup/rollup-linux-x64-gnu@4.60.4':
+    resolution: {integrity: sha512-Boiz5+MsaROEWDf+GGEwF8VMHGhlUoQMtIPjOgA5fv4osupqTVnJteQNKJwUcnUog2G55jYXH7KZFFiJe0TEzQ==}
+    cpu: [x64]
+    os: [linux]
+
+  '@rollup/rollup-linux-x64-musl@4.60.4':
+    resolution: {integrity: sha512-+qfSY27qIrFfI/Hom04KYFw3GKZSGU4lXus51wsb5EuySfFlWRwjkKWoE9emgRw/ukoT4Udsj4W/+xxG8VbPKg==}
+    cpu: [x64]
+    os: [linux]
+
+  '@rollup/rollup-openbsd-x64@4.60.4':
+    resolution: {integrity: sha512-VpTfOPHgVXEBeeR8hZ2O0F3aSso+JDWqTWmTmzcQKted54IAdUVbxE+j/MVxUsKa8L20HJhv3vUezVPoquqWjA==}
+    cpu: [x64]
+    os: [openbsd]
+
+  '@rollup/rollup-openharmony-arm64@4.60.4':
+    resolution: {integrity: sha512-IPOsh5aRYuLv/nkU51X10Bf75Bsf6+gZdx1X+QP5QM6lIJFHHqbHLG0uJn/hWthzo13UAc2umiUorqZy3axoZg==}
+    cpu: [arm64]
+    os: [openharmony]
+
+  '@rollup/rollup-win32-arm64-msvc@4.60.4':
+    resolution: {integrity: sha512-4QzE9E81OohJ/HKzHhsqU+zcYYojVOXlFMs1DdyMT6qXl/niOH7AVElmmEdUNHHS/oRkc++d5k6Vy85zFs0DEw==}
+    cpu: [arm64]
+    os: [win32]
+
+  '@rollup/rollup-win32-ia32-msvc@4.60.4':
+    resolution: {integrity: sha512-zTPgT1YuHHcd+Tmx7h8aml0FWFVelV5N54oHow9SLj+GfoDy/huQ+UV396N/C7KpMDMiPspRktzM1/0r1usYEA==}
+    cpu: [ia32]
+    os: [win32]
+
+  '@rollup/rollup-win32-x64-gnu@4.60.4':
+    resolution: {integrity: sha512-DRS4G7mi9lJxqEDezIkKCaUIKCrLUUDCUaCsTPCi/rtqaC6D/jjwslMQyiDU50Ka0JKpeXeRBFBAXwArY52vBw==}
+    cpu: [x64]
+    os: [win32]
+
+  '@rollup/rollup-win32-x64-msvc@4.60.4':
+    resolution: {integrity: sha512-QVTUovf40zgTqlFVrKA1uXMVvU2QWEFWfAH8Wdc48IxLvrJMQVMBRjuQyUpzZCDkakImib9eVazbWlC6ksWtJw==}
+    cpu: [x64]
+    os: [win32]
+
+  '@standard-schema/spec@1.1.0':
+    resolution: {integrity: sha512-l2aFy5jALhniG5HgqrD6jXLi/rUWrKvqN/qJx6yoJsgKhblVd+iqqU4RCXavm/jPityDo5TCvKMnpjKnOriy0w==}
 
-  /@sveltejs/adapter-auto@2.0.1(@sveltejs/kit@1.0.0-next.589):
-    resolution: {integrity: sha512-anxxYMcQy7HWSKxN4YNaVcgNzCHtNFwygq72EA1Xv7c+5gSECOJ1ez1PYoLciPiFa7A3XBvMDQXUFJ2eqLDtAA==}
+  '@sveltejs/acorn-typescript@1.0.9':
+    resolution: {integrity: sha512-lVJX6qEgs/4DOcRTpo56tmKzVPtoWAaVbL4hfO7t7NVwl9AAXzQR6cihesW1BmNMPl+bK6dreu2sOKBP2Q9CIA==}
     peerDependencies:
-      '@sveltejs/kit': ^1.0.0
-    dependencies:
-      '@sveltejs/kit': 1.0.0-next.589(svelte@3.58.0)(vite@4.3.3)
-      import-meta-resolve: 3.0.0
-    dev: true
+      acorn: ^8.9.0
 
-  /@sveltejs/adapter-static@2.0.2(@sveltejs/kit@1.0.0-next.589):
-    resolution: {integrity: sha512-9wYtf6s6ew7DHUHMrt55YpD1FgV7oWql2IGsW5BXquLxqcY9vjrqCFo0TzzDpo+ZPZkW/v77k0eOP6tsAb8HmQ==}
+  '@sveltejs/adapter-static@3.0.10':
+    resolution: {integrity: sha512-7D9lYFWJmB7zxZyTE/qxjksvMqzMuYrrsyh1f4AlZqeZeACPRySjbC3aFiY55wb1tWUaKOQG9PVbm74JcN2Iew==}
     peerDependencies:
-      '@sveltejs/kit': ^1.5.0
-    dependencies:
-      '@sveltejs/kit': 1.0.0-next.589(svelte@3.58.0)(vite@4.3.3)
-    dev: true
+      '@sveltejs/kit': ^2.0.0
 
-  /@sveltejs/kit@1.0.0-next.589(svelte@3.58.0)(vite@4.3.3):
-    resolution: {integrity: sha512-5ABRw46z9B+cCe/YWhcx+I/azNZg1NCDEkVJifZn8ToFoJ3a1eP0OexNIrvMEWpllMbNMPcJm2TC9tnz9oPfWQ==}
-    engines: {node: '>=16.14'}
+  '@sveltejs/kit@2.60.1':
+    resolution: {integrity: sha512-mQjlkNo+rJvpln7V2IGY2j99BqhcFbS4UN0AQNKNYfhBAFZTuCDAdW3a1sgf330mvtNvsBXn3HpAhcmvdJTcIQ==}
+    engines: {node: '>=18.13'}
     hasBin: true
-    requiresBuild: true
     peerDependencies:
-      svelte: ^3.54.0
-      vite: ^4.0.0
-    dependencies:
-      '@sveltejs/vite-plugin-svelte': 2.1.1(svelte@3.58.0)(vite@4.3.3)
-      '@types/cookie': 0.5.1
-      cookie: 0.5.0
-      devalue: 4.3.0
-      esm-env: 1.0.0
-      kleur: 4.1.5
-      magic-string: 0.27.0
-      mime: 3.0.0
-      sade: 1.8.1
-      set-cookie-parser: 2.6.0
-      sirv: 2.0.3
-      svelte: 3.58.0
-      tiny-glob: 0.2.9
-      undici: 5.14.0
-      vite: 4.3.3(sass@1.62.1)
-    transitivePeerDependencies:
-      - supports-color
-    dev: true
+      '@opentelemetry/api': ^1.0.0
+      '@sveltejs/vite-plugin-svelte': ^3.0.0 || ^4.0.0-next.1 || ^5.0.0 || ^6.0.0-next.0 || ^7.0.0
+      svelte: ^4.0.0 || ^5.0.0-next.0
+      typescript: ^5.3.3 || ^6.0.0
+      vite: ^5.0.3 || ^6.0.0 || ^7.0.0-beta.0 || ^8.0.0
+    peerDependenciesMeta:
+      '@opentelemetry/api':
+        optional: true
+      typescript:
+        optional: true
 
-  /@sveltejs/vite-plugin-svelte@2.1.1(svelte@3.58.0)(vite@4.3.3):
-    resolution: {integrity: sha512-7YeBDt4us0FiIMNsVXxyaP4Hwyn2/v9x3oqStkHU3ZdIc5O22pGwUwH33wUqYo+7Itdmo8zxJ45Qvfm3H7UUjQ==}
-    engines: {node: ^14.18.0 || >= 16}
+  '@sveltejs/vite-plugin-svelte-inspector@3.0.1':
+    resolution: {integrity: sha512-2CKypmj1sM4GE7HjllT7UKmo4Q6L5xFRd7VMGEWhYnZ+wc6AUVU01IBd7yUi6WnFndEwWoMNOd6e8UjoN0nbvQ==}
+    engines: {node: ^18.0.0 || ^20.0.0 || >=22}
     peerDependencies:
-      svelte: ^3.54.0
-      vite: ^4.0.0
-    dependencies:
-      debug: 4.3.4
-      deepmerge: 4.3.1
-      kleur: 4.1.5
-      magic-string: 0.30.0
-      svelte: 3.58.0
-      svelte-hmr: 0.15.1(svelte@3.58.0)
-      vite: 4.3.3(sass@1.62.1)
-      vitefu: 0.2.4(vite@4.3.3)
-    transitivePeerDependencies:
-      - supports-color
-    dev: true
+      '@sveltejs/vite-plugin-svelte': ^4.0.0-next.0||^4.0.0
+      svelte: ^5.0.0-next.96 || ^5.0.0
+      vite: ^5.0.0
+
+  '@sveltejs/vite-plugin-svelte@4.0.4':
+    resolution: {integrity: sha512-0ba1RQ/PHen5FGpdSrW7Y3fAMQjrXantECALeOiOdBdzR5+5vPP6HVZRLmZaQL+W8m++o+haIAKq5qT+MiZ7VA==}
+    engines: {node: ^18.0.0 || ^20.0.0 || >=22}
+    peerDependencies:
+      svelte: ^5.0.0-next.96 || ^5.0.0
+      vite: ^5.0.0
 
-  /@types/cookie@0.5.1:
-    resolution: {integrity: sha512-COUnqfB2+ckwXXSFInsFdOAWQzCCx+a5hq2ruyj+Vjund94RJQd4LG2u9hnvJrTgunKAaax7ancBYlDrNYxA0g==}
-    dev: true
+  '@types/cookie@0.6.0':
+    resolution: {integrity: sha512-4Kh9a6B2bQciAhf7FSuMRRkUWecJgJu9nPnx3yzpsfXX/c50REIqpHY4C82bXP90qrLtXtkDxTZosYO3UpOwlA==}
 
-  /@types/json-schema@7.0.11:
-    resolution: {integrity: sha512-wOuvG1SN4Us4rez+tylwwwCV1psiNVOkJeM3AUWUNWg/jDQY2+HE/444y5gc+jBmRqASOm2Oeh5c1axHobwRKQ==}
-    dev: true
+  '@types/estree@1.0.8':
+    resolution: {integrity: sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==}
 
-  /@types/node@18.16.2:
-    resolution: {integrity: sha512-GQW/JL/5Fz/0I8RpeBG9lKp0+aNcXEaVL71c0D2Q0QHDTFvlYKT7an0onCUXj85anv7b4/WesqdfchLc0jtsCg==}
-    dev: true
+  '@types/estree@1.0.9':
+    resolution: {integrity: sha512-GhdPgy1el4/ImP05X05Uw4cw2/M93BCUmnEvWZNStlCzEKME4Fkk+YpoA5OiHNQmoS7Cafb8Xa3Pya8m1Qrzeg==}
 
-  /@types/pug@2.0.6:
-    resolution: {integrity: sha512-SnHmG9wN1UVmagJOnyo/qkk0Z7gejYxOYYmaAwr5u2yFYfsupN3sg10kyzN8Hep/2zbHxCnsumxOoRIRMBwKCg==}
-    dev: true
+  '@types/json-schema@7.0.15':
+    resolution: {integrity: sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==}
 
-  /@types/semver@7.3.13:
-    resolution: {integrity: sha512-21cFJr9z3g5dW8B0CVI9g2O9beqaThGQ6ZFBqHfwhzLDKUxaqTIy3vnfah/UPkfOiF2pLq+tGz+W8RyCskuslw==}
-    dev: true
+  '@types/trusted-types@2.0.7':
+    resolution: {integrity: sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==}
 
-  /@typescript-eslint/eslint-plugin@5.59.1(@typescript-eslint/parser@5.59.1)(eslint@8.39.0)(typescript@5.0.4):
-    resolution: {integrity: sha512-AVi0uazY5quFB9hlp2Xv+ogpfpk77xzsgsIEWyVS7uK/c7MZ5tw7ZPbapa0SbfkqE0fsAMkz5UwtgMLVk2BQAg==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+  '@typescript-eslint/eslint-plugin@8.59.4':
+    resolution: {integrity: sha512-PegsU+XfyJJNjd4+u/k6f9yTyp0lEXXiPopUNobZcIAUJFGICFLN+sP0Rb3JehVmiij1Ph0dFGYqODoRo/2+6A==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
     peerDependencies:
-      '@typescript-eslint/parser': ^5.0.0
-      eslint: ^6.0.0 || ^7.0.0 || ^8.0.0
-      typescript: '*'
-    peerDependenciesMeta:
-      typescript:
-        optional: true
-    dependencies:
-      '@eslint-community/regexpp': 4.5.0
-      '@typescript-eslint/parser': 5.59.1(eslint@8.39.0)(typescript@5.0.4)
-      '@typescript-eslint/scope-manager': 5.59.1
-      '@typescript-eslint/type-utils': 5.59.1(eslint@8.39.0)(typescript@5.0.4)
-      '@typescript-eslint/utils': 5.59.1(eslint@8.39.0)(typescript@5.0.4)
-      debug: 4.3.4
-      eslint: 8.39.0
-      grapheme-splitter: 1.0.4
-      ignore: 5.2.4
-      natural-compare-lite: 1.4.0
-      semver: 7.5.0
-      tsutils: 3.21.0(typescript@5.0.4)
-      typescript: 5.0.4
-    transitivePeerDependencies:
-      - supports-color
-    dev: true
+      '@typescript-eslint/parser': ^8.59.4
+      eslint: ^8.57.0 || ^9.0.0 || ^10.0.0
+      typescript: '>=4.8.4 <6.1.0'
 
-  /@typescript-eslint/parser@5.59.1(eslint@8.39.0)(typescript@5.0.4):
-    resolution: {integrity: sha512-nzjFAN8WEu6yPRDizIFyzAfgK7nybPodMNFGNH0M9tei2gYnYszRDqVA0xlnRjkl7Hkx2vYrEdb6fP2a21cG1g==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+  '@typescript-eslint/parser@8.59.4':
+    resolution: {integrity: sha512-zORHqO/tuhxY1zWuTvMUqddRxpiFJ72xVfcNoWpqdLjs6lfPbuQBJuW4pk+49/uBMy7Ssr4bzgjiKmmDB1UbZQ==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
     peerDependencies:
-      eslint: ^6.0.0 || ^7.0.0 || ^8.0.0
-      typescript: '*'
-    peerDependenciesMeta:
-      typescript:
-        optional: true
-    dependencies:
-      '@typescript-eslint/scope-manager': 5.59.1
-      '@typescript-eslint/types': 5.59.1
-      '@typescript-eslint/typescript-estree': 5.59.1(typescript@5.0.4)
-      debug: 4.3.4
-      eslint: 8.39.0
-      typescript: 5.0.4
-    transitivePeerDependencies:
-      - supports-color
-    dev: true
+      eslint: ^8.57.0 || ^9.0.0 || ^10.0.0
+      typescript: '>=4.8.4 <6.1.0'
 
-  /@typescript-eslint/scope-manager@5.59.1:
-    resolution: {integrity: sha512-mau0waO5frJctPuAzcxiNWqJR5Z8V0190FTSqRw1Q4Euop6+zTwHAf8YIXNwDOT29tyUDrQ65jSg9aTU/H0omA==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
-    dependencies:
-      '@typescript-eslint/types': 5.59.1
-      '@typescript-eslint/visitor-keys': 5.59.1
-    dev: true
+  '@typescript-eslint/project-service@8.59.4':
+    resolution: {integrity: sha512-Ly00Vu4oAacfDeHp2Zg85ioNG6l8HG+tN1D7J+xTHSxu9y0awYKJ2zH1rFBn8ZSfuGK+7FxK3Cgl3uAz0aZZLg==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+    peerDependencies:
+      typescript: '>=4.8.4 <6.1.0'
 
-  /@typescript-eslint/type-utils@5.59.1(eslint@8.39.0)(typescript@5.0.4):
-    resolution: {integrity: sha512-ZMWQ+Oh82jWqWzvM3xU+9y5U7MEMVv6GLioM3R5NJk6uvP47kZ7YvlgSHJ7ERD6bOY7Q4uxWm25c76HKEwIjZw==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+  '@typescript-eslint/scope-manager@8.59.4':
+    resolution: {integrity: sha512-mUeR/3H1WrTAddJrwut8OoPjfauaztMQmRwV5fQTUyNVJCLiUXXe4lGEyYIL2oFDpP7UtgbGJXCt72wT0z2S3Q==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+
+  '@typescript-eslint/tsconfig-utils@8.59.4':
+    resolution: {integrity: sha512-DLCpnKgD4alVxTBSKulK+gU1KCqOgUXfDRDXh2mZgzokQKa/70ax93I2uVO3m/LLvIAtWZIFoiifudmIqAxpMA==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
     peerDependencies:
-      eslint: '*'
-      typescript: '*'
-    peerDependenciesMeta:
-      typescript:
-        optional: true
-    dependencies:
-      '@typescript-eslint/typescript-estree': 5.59.1(typescript@5.0.4)
-      '@typescript-eslint/utils': 5.59.1(eslint@8.39.0)(typescript@5.0.4)
-      debug: 4.3.4
-      eslint: 8.39.0
-      tsutils: 3.21.0(typescript@5.0.4)
-      typescript: 5.0.4
-    transitivePeerDependencies:
-      - supports-color
-    dev: true
+      typescript: '>=4.8.4 <6.1.0'
 
-  /@typescript-eslint/types@5.59.1:
-    resolution: {integrity: sha512-dg0ICB+RZwHlysIy/Dh1SP+gnXNzwd/KS0JprD3Lmgmdq+dJAJnUPe1gNG34p0U19HvRlGX733d/KqscrGC1Pg==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
-    dev: true
+  '@typescript-eslint/type-utils@8.59.4':
+    resolution: {integrity: sha512-uonTuPAAKr9XaBGqJ3LjYTh72zy5DyGesljO9gtmk/eFW0W1fRHjnwVYKB35Lm8d5Q5CluEW3gPHjTvZTmgrfA==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+    peerDependencies:
+      eslint: ^8.57.0 || ^9.0.0 || ^10.0.0
+      typescript: '>=4.8.4 <6.1.0'
 
-  /@typescript-eslint/typescript-estree@5.59.1(typescript@5.0.4):
-    resolution: {integrity: sha512-lYLBBOCsFltFy7XVqzX0Ju+Lh3WPIAWxYpmH/Q7ZoqzbscLiCW00LeYCdsUnnfnj29/s1WovXKh2gwCoinHNGA==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+  '@typescript-eslint/types@8.59.4':
+    resolution: {integrity: sha512-F1o7WJcCq+bc8dwcO/YsSEOudAH8RDtaOhM6wcAQhcUsFhnWQl81JKy48q1hoxAU0qrzM89+31GYh1515Zde3Q==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+
+  '@typescript-eslint/typescript-estree@8.59.4':
+    resolution: {integrity: sha512-F+RuOmcDXo4+TPdfd/TCLS3m2nw8gE9XXyZLrA3JBfaA5tz9TtdkyD3YJFmPxulyc2cKbEok/CvFE3MgSLWnag==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
     peerDependencies:
-      typescript: '*'
-    peerDependenciesMeta:
-      typescript:
-        optional: true
-    dependencies:
-      '@typescript-eslint/types': 5.59.1
-      '@typescript-eslint/visitor-keys': 5.59.1
-      debug: 4.3.4
-      globby: 11.1.0
-      is-glob: 4.0.3
-      semver: 7.5.0
-      tsutils: 3.21.0(typescript@5.0.4)
-      typescript: 5.0.4
-    transitivePeerDependencies:
-      - supports-color
-    dev: true
+      typescript: '>=4.8.4 <6.1.0'
 
-  /@typescript-eslint/utils@5.59.1(eslint@8.39.0)(typescript@5.0.4):
-    resolution: {integrity: sha512-MkTe7FE+K1/GxZkP5gRj3rCztg45bEhsd8HYjczBuYm+qFHP5vtZmjx3B0yUCDotceQ4sHgTyz60Ycl225njmA==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+  '@typescript-eslint/utils@8.59.4':
+    resolution: {integrity: sha512-cYXeNAUsG4lJo5dbc1FcKm+JwIWrj1/UpTORsC6tGMjEZ81DYcvIr9/ueikhMa/Y/gDQYGp+YX9/xQrXje5BJw==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
     peerDependencies:
-      eslint: ^6.0.0 || ^7.0.0 || ^8.0.0
-    dependencies:
-      '@eslint-community/eslint-utils': 4.4.0(eslint@8.39.0)
-      '@types/json-schema': 7.0.11
-      '@types/semver': 7.3.13
-      '@typescript-eslint/scope-manager': 5.59.1
-      '@typescript-eslint/types': 5.59.1
-      '@typescript-eslint/typescript-estree': 5.59.1(typescript@5.0.4)
-      eslint: 8.39.0
-      eslint-scope: 5.1.1
-      semver: 7.5.0
-    transitivePeerDependencies:
-      - supports-color
-      - typescript
-    dev: true
+      eslint: ^8.57.0 || ^9.0.0 || ^10.0.0
+      typescript: '>=4.8.4 <6.1.0'
 
-  /@typescript-eslint/visitor-keys@5.59.1:
-    resolution: {integrity: sha512-6waEYwBTCWryx0VJmP7JaM4FpipLsFl9CvYf2foAE8Qh/Y0s+bxWysciwOs0LTBED4JCaNxTZ5rGadB14M6dwA==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
-    dependencies:
-      '@typescript-eslint/types': 5.59.1
-      eslint-visitor-keys: 3.4.0
-    dev: true
+  '@typescript-eslint/visitor-keys@8.59.4':
+    resolution: {integrity: sha512-U3gxVaDVnuZKhSspW/MzMxE1kq7zOdc072FcSNoqA1I9p8HyKbBFfEHoWckBAMgNMph4MamwS5iTVzFmrnt8TQ==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
 
-  /acorn-jsx@5.3.2(acorn@8.8.2):
+  acorn-jsx@5.3.2:
     resolution: {integrity: sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==}
     peerDependencies:
       acorn: ^6.0.0 || ^7.0.0 || ^8.0.0
-    dependencies:
-      acorn: 8.8.2
-    dev: true
 
-  /acorn@8.8.2:
-    resolution: {integrity: sha512-xjIYgE8HBrkpd/sJqOGNspf8uHG+NOHGOw6a/Urj8taM2EXfdNAH2oFcPeIFfsv3+kz/mJrS5VuMqbNLjCa2vw==}
+  acorn@8.16.0:
+    resolution: {integrity: sha512-UVJyE9MttOsBQIDKw1skb9nAwQuR5wuGD3+82K6JgJlm/Y+KI92oNsMNGZCYdDsVtRHSak0pcV5Dno5+4jh9sw==}
     engines: {node: '>=0.4.0'}
     hasBin: true
-    dev: true
-
-  /ajv@6.12.6:
-    resolution: {integrity: sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==}
-    dependencies:
-      fast-deep-equal: 3.1.3
-      fast-json-stable-stringify: 2.1.0
-      json-schema-traverse: 0.4.1
-      uri-js: 4.4.1
-    dev: true
 
-  /ansi-regex@5.0.1:
-    resolution: {integrity: sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==}
-    engines: {node: '>=8'}
-    dev: true
+  ajv@6.15.0:
+    resolution: {integrity: sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==}
 
-  /ansi-styles@4.3.0:
+  ansi-styles@4.3.0:
     resolution: {integrity: sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==}
     engines: {node: '>=8'}
-    dependencies:
-      color-convert: 2.0.1
-    dev: true
 
-  /anymatch@3.1.3:
-    resolution: {integrity: sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==}
-    engines: {node: '>= 8'}
-    dependencies:
-      normalize-path: 3.0.0
-      picomatch: 2.3.1
-    dev: true
-
-  /argparse@2.0.1:
+  argparse@2.0.1:
     resolution: {integrity: sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==}
-    dev: true
-
-  /array-union@2.1.0:
-    resolution: {integrity: sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==}
-    engines: {node: '>=8'}
-    dev: true
 
-  /balanced-match@1.0.2:
-    resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==}
-    dev: true
+  aria-query@5.3.1:
+    resolution: {integrity: sha512-Z/ZeOgVl7bcSYZ/u/rh0fOpvEpq//LZmdbkXyc7syVzjPAhfOa9ebsdTSjEBDU4vs5nC98Kfduj1uFo0qyET3g==}
+    engines: {node: '>= 0.4'}
 
-  /binary-extensions@2.2.0:
-    resolution: {integrity: sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==}
-    engines: {node: '>=8'}
-    dev: true
+  axobject-query@4.1.0:
+    resolution: {integrity: sha512-qIj0G9wZbMGNLjLmg1PT6v2mE9AH2zlnADJD/2tC6E00hgmhUOfEB6greHPAfLRSufHqROIUTkw6E+M3lH0PTQ==}
+    engines: {node: '>= 0.4'}
 
-  /brace-expansion@1.1.11:
-    resolution: {integrity: sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==}
-    dependencies:
-      balanced-match: 1.0.2
-      concat-map: 0.0.1
-    dev: true
+  balanced-match@1.0.2:
+    resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==}
 
-  /braces@3.0.2:
-    resolution: {integrity: sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==}
-    engines: {node: '>=8'}
-    dependencies:
-      fill-range: 7.0.1
-    dev: true
+  balanced-match@4.0.4:
+    resolution: {integrity: sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==}
+    engines: {node: 18 || 20 || >=22}
 
-  /buffer-crc32@0.2.13:
-    resolution: {integrity: sha512-VO9Ht/+p3SN7SKWqcrgEzjGbRSJYTx+Q1pTQC0wrWqHx0vpJraQ6GtHx8tvcg1rlK1byhU5gccxgOgj7B0TDkQ==}
-    dev: true
+  brace-expansion@1.1.14:
+    resolution: {integrity: sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==}
 
-  /busboy@1.6.0:
-    resolution: {integrity: sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA==}
-    engines: {node: '>=10.16.0'}
-    dependencies:
-      streamsearch: 1.1.0
-    dev: true
+  brace-expansion@5.0.6:
+    resolution: {integrity: sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==}
+    engines: {node: 18 || 20 || >=22}
 
-  /callsites@3.1.0:
+  callsites@3.1.0:
     resolution: {integrity: sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==}
     engines: {node: '>=6'}
-    dev: true
 
-  /chalk@4.1.2:
+  chalk@4.1.2:
     resolution: {integrity: sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==}
     engines: {node: '>=10'}
-    dependencies:
-      ansi-styles: 4.3.0
-      supports-color: 7.2.0
-    dev: true
 
-  /chokidar@3.5.3:
-    resolution: {integrity: sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==}
-    engines: {node: '>= 8.10.0'}
-    dependencies:
-      anymatch: 3.1.3
-      braces: 3.0.2
-      glob-parent: 5.1.2
-      is-binary-path: 2.1.0
-      is-glob: 4.0.3
-      normalize-path: 3.0.0
-      readdirp: 3.6.0
-    optionalDependencies:
-      fsevents: 2.3.2
-    dev: true
+  chokidar@4.0.3:
+    resolution: {integrity: sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==}
+    engines: {node: '>= 14.16.0'}
+
+  clsx@2.1.1:
+    resolution: {integrity: sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==}
+    engines: {node: '>=6'}
 
-  /color-convert@2.0.1:
+  color-convert@2.0.1:
     resolution: {integrity: sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==}
     engines: {node: '>=7.0.0'}
-    dependencies:
-      color-name: 1.1.4
-    dev: true
 
-  /color-name@1.1.4:
+  color-name@1.1.4:
     resolution: {integrity: sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==}
-    dev: true
 
-  /concat-map@0.0.1:
-    resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==}
-    dev: true
+  concat-map@0.0.1:
+    resolution: {integrity: sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=}
 
-  /cookie@0.5.0:
-    resolution: {integrity: sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==}
+  cookie@0.6.0:
+    resolution: {integrity: sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==}
     engines: {node: '>= 0.6'}
-    dev: true
 
-  /cross-spawn@7.0.3:
-    resolution: {integrity: sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==}
+  cross-spawn@7.0.6:
+    resolution: {integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==}
     engines: {node: '>= 8'}
-    dependencies:
-      path-key: 3.1.1
-      shebang-command: 2.0.0
-      which: 2.0.2
-    dev: true
 
-  /debug@4.3.4:
-    resolution: {integrity: sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==}
+  cssesc@3.0.0:
+    resolution: {integrity: sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==}
+    engines: {node: '>=4'}
+    hasBin: true
+
+  debug@4.4.3:
+    resolution: {integrity: sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==}
     engines: {node: '>=6.0'}
     peerDependencies:
       supports-color: '*'
     peerDependenciesMeta:
       supports-color:
         optional: true
-    dependencies:
-      ms: 2.1.2
-    dev: true
 
-  /deep-is@0.1.4:
+  deep-is@0.1.4:
     resolution: {integrity: sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==}
-    dev: true
 
-  /deepmerge@4.3.1:
+  deepmerge@4.3.1:
     resolution: {integrity: sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==}
     engines: {node: '>=0.10.0'}
-    dev: true
 
-  /detect-indent@6.1.0:
-    resolution: {integrity: sha512-reYkTUJAZb9gUuZ2RvVCNhVHdg62RHnJ7WJl8ftMi4diZ6NWlciOzQN88pUhSELEwflJht4oQDv0F0BMlwaYtA==}
+  detect-libc@2.1.2:
+    resolution: {integrity: sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==}
     engines: {node: '>=8'}
-    dev: true
 
-  /devalue@4.3.0:
-    resolution: {integrity: sha512-n94yQo4LI3w7erwf84mhRUkUJfhLoCZiLyoOZ/QFsDbcWNZePrLwbQpvZBUG2TNxwV3VjCKPxkiiQA6pe3TrTA==}
-    dev: true
+  devalue@5.8.1:
+    resolution: {integrity: sha512-4CXDYRBGqN+57wVJkuXBYmpAVUSg3L6JAQa/DFqm238G73E1wuyc/JhGQJzN7vUf/CMphYau2zXbfWzDR5aTEw==}
+
+  esbuild@0.21.5:
+    resolution: {integrity: sha512-mg3OPMV4hXywwpoDxu3Qda5xCKQi+vCTZq8S9J/EpkhB2HzKXq4SNFZE3+NK93JYxc8VMSep+lOUSC/RVKaBqw==}
+    engines: {node: '>=12'}
+    hasBin: true
+
+  escape-string-regexp@4.0.0:
+    resolution: {integrity: sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==}
+    engines: {node: '>=10'}
+
+  eslint-compat-utils@0.5.1:
+    resolution: {integrity: sha512-3z3vFexKIEnjHE3zCMRo6fn/e44U7T1khUjg+Hp0ZQMCigh28rALD0nPFBcGZuiLC5rLZa2ubQHDRln09JfU2Q==}
+    engines: {node: '>=12'}
+    peerDependencies:
+      eslint: '>=6.0.0'
+
+  eslint-config-prettier@9.1.2:
+    resolution: {integrity: sha512-iI1f+D2ViGn+uvv5HuHVUamg8ll4tN+JRHGc6IJi4TP9Kl976C57fzPXgseXNs8v0iA8aSJpHsTWjDb9QJamGQ==}
+    hasBin: true
+    peerDependencies:
+      eslint: '>=7.0.0'
+
+  eslint-plugin-svelte@2.46.1:
+    resolution: {integrity: sha512-7xYr2o4NID/f9OEYMqxsEQsCsj4KaMy4q5sANaKkAb6/QeCjYFxRmDm2S3YC3A3pl1kyPZ/syOx/i7LcWYSbIw==}
+    engines: {node: ^14.17.0 || >=16.0.0}
+    peerDependencies:
+      eslint: ^7.0.0 || ^8.0.0-0 || ^9.0.0-0
+      svelte: ^3.37.0 || ^4.0.0 || ^5.0.0
+    peerDependenciesMeta:
+      svelte:
+        optional: true
+
+  eslint-scope@7.2.2:
+    resolution: {integrity: sha512-dOt21O7lTMhDM+X9mB4GX+DZrZtCUJPL/wlcTqxyrx5IvO0IYtILdtrQGQp+8n5S0gwSVmOf9NQrjMOgfQZlIg==}
+    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+
+  eslint-scope@8.4.0:
+    resolution: {integrity: sha512-sNXOfKCn74rt8RICKMvJS7XKV/Xk9kA7DyJr8mJik3S7Cwgy3qlkkmyS2uQB3jiJg6VNdZd/pDBJu0nvG2NlTg==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+
+  eslint-visitor-keys@3.4.3:
+    resolution: {integrity: sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==}
+    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+
+  eslint-visitor-keys@4.2.1:
+    resolution: {integrity: sha512-Uhdk5sfqcee/9H/rCOJikYz67o0a2Tw2hGRPOG2Y1R2dg7brRe1uG0yaNQDHu+TO/uQPF/5eCapvYSmHUjt7JQ==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+
+  eslint-visitor-keys@5.0.1:
+    resolution: {integrity: sha512-tD40eHxA35h0PEIZNeIjkHoDR4YjjJp34biM0mDvplBe//mB+IHCqHDGV7pxF+7MklTvighcCPPZC7ynWyjdTA==}
+    engines: {node: ^20.19.0 || ^22.13.0 || >=24}
+
+  eslint@9.39.4:
+    resolution: {integrity: sha512-XoMjdBOwe/esVgEvLmNsD3IRHkm7fbKIUGvrleloJXUZgDHig2IPWNniv+GwjyJXzuNqVjlr5+4yVUZjycJwfQ==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+    hasBin: true
+    peerDependencies:
+      jiti: '*'
+    peerDependenciesMeta:
+      jiti:
+        optional: true
+
+  esm-env@1.2.2:
+    resolution: {integrity: sha512-Epxrv+Nr/CaL4ZcFGPJIYLWFom+YeV1DqMLHJoEd9SYRxNbaFruBwfEX/kkHUJf55j2+TUbmDcmuilbP1TmXHA==}
+
+  espree@10.4.0:
+    resolution: {integrity: sha512-j6PAQ2uUr79PZhBjP5C5fhl8e39FmRnOjsD5lGnWrFU8i2G776tBK7+nP8KuQUTTyAZUwfQqXAgrVH5MbH9CYQ==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+
+  espree@9.6.1:
+    resolution: {integrity: sha512-oruZaFkjorTpF32kDSI5/75ViwGeZginGGy2NoOSg3Q9bnwlnmDm4HLnkl0RE3n+njDXR037aY1+x58Z/zFdwQ==}
+    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+
+  esquery@1.7.0:
+    resolution: {integrity: sha512-Ap6G0WQwcU/LHsvLwON1fAQX9Zp0A2Y6Y/cJBl9r/JbW90Zyg4/zbG6zzKa2OTALELarYHmKu0GhpM5EO+7T0g==}
+    engines: {node: '>=0.10'}
+
+  esrap@2.2.9:
+    resolution: {integrity: sha512-4KijP+NxCWthMCUC3qHbE6n4vCjqgJS1uAYKhuT/GWfFTf1Qyive2TgOjep+gzbSzRfnNyaN/UU9YmdOt8Eg0A==}
+    peerDependencies:
+      '@typescript-eslint/types': ^8.2.0
+    peerDependenciesMeta:
+      '@typescript-eslint/types':
+        optional: true
+
+  esrecurse@4.3.0:
+    resolution: {integrity: sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==}
+    engines: {node: '>=4.0'}
+
+  estraverse@5.3.0:
+    resolution: {integrity: sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==}
+    engines: {node: '>=4.0'}
+
+  esutils@2.0.3:
+    resolution: {integrity: sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==}
+    engines: {node: '>=0.10.0'}
+
+  fast-deep-equal@3.1.3:
+    resolution: {integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==}
+
+  fast-json-stable-stringify@2.1.0:
+    resolution: {integrity: sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==}
+
+  fast-levenshtein@2.0.6:
+    resolution: {integrity: sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=}
+
+  fdir@6.5.0:
+    resolution: {integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==}
+    engines: {node: '>=12.0.0'}
+    peerDependencies:
+      picomatch: ^3 || ^4
+    peerDependenciesMeta:
+      picomatch:
+        optional: true
+
+  file-entry-cache@8.0.0:
+    resolution: {integrity: sha512-XXTUwCvisa5oacNGRP9SfNtYBNAMi+RPwBFmblZEF7N7swHYQS6/Zfk7SRwx4D5j3CH211YNRco1DEMNVfZCnQ==}
+    engines: {node: '>=16.0.0'}
+
+  find-up@5.0.0:
+    resolution: {integrity: sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==}
+    engines: {node: '>=10'}
+
+  flat-cache@4.0.1:
+    resolution: {integrity: sha512-f7ccFPK3SXFHpx15UIGyRJ/FJQctuKZ0zVuN3frBo4HnK3cay9VEW0R6yPYFHC0AgqhukPzKjq22t5DmAyqGyw==}
+    engines: {node: '>=16'}
+
+  flatted@3.4.2:
+    resolution: {integrity: sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==}
+
+  fsevents@2.3.2:
+    resolution: {integrity: sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==}
+    engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0}
+    os: [darwin]
 
-  /dir-glob@3.0.1:
-    resolution: {integrity: sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==}
+  fsevents@2.3.3:
+    resolution: {integrity: sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==}
+    engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0}
+    os: [darwin]
+
+  glob-parent@6.0.2:
+    resolution: {integrity: sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==}
+    engines: {node: '>=10.13.0'}
+
+  globals@14.0.0:
+    resolution: {integrity: sha512-oahGvuMGQlPw/ivIYBjVSrWAfWLBeku5tpPE2fOPLi+WHffIWbuh2tCjhyQhTBPMf5E9jDEH4FOmTYgYwbKwtQ==}
+    engines: {node: '>=18'}
+
+  globals@15.15.0:
+    resolution: {integrity: sha512-7ACyT3wmyp3I61S4fG682L0VA2RGD9otkqGJIwNUMF1SWUombIIk+af1unuDYgMm082aHYwD+mzJvv9Iu8dsgg==}
+    engines: {node: '>=18'}
+
+  has-flag@4.0.0:
+    resolution: {integrity: sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==}
     engines: {node: '>=8'}
-    dependencies:
-      path-type: 4.0.0
-    dev: true
 
-  /doctrine@3.0.0:
-    resolution: {integrity: sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==}
-    engines: {node: '>=6.0.0'}
-    dependencies:
-      esutils: 2.0.3
-    dev: true
+  ignore@5.3.2:
+    resolution: {integrity: sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==}
+    engines: {node: '>= 4'}
+
+  ignore@7.0.5:
+    resolution: {integrity: sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==}
+    engines: {node: '>= 4'}
+
+  immutable@5.1.5:
+    resolution: {integrity: sha512-t7xcm2siw+hlUM68I+UEOK+z84RzmN59as9DZ7P1l0994DKUWV7UXBMQZVxaoMSRQ+PBZbHCOoBt7a2wxOMt+A==}
+
+  import-fresh@3.3.1:
+    resolution: {integrity: sha512-TR3KfrTZTYLPB6jUjfx6MF9WcWrHL9su5TObK4ZkYgBdWKPOFoSoQIdEuTuR82pmtxH2spWG9h6etwfr1pLBqQ==}
+    engines: {node: '>=6'}
+
+  imurmurhash@0.1.4:
+    resolution: {integrity: sha1-khi5srkoojixPcT7a21XbyMUU+o=}
+    engines: {node: '>=0.8.19'}
+
+  is-extglob@2.1.1:
+    resolution: {integrity: sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=}
+    engines: {node: '>=0.10.0'}
+
+  is-glob@4.0.3:
+    resolution: {integrity: sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==}
+    engines: {node: '>=0.10.0'}
+
+  is-reference@3.0.3:
+    resolution: {integrity: sha512-ixkJoqQvAP88E6wLydLGGqCJsrFUnqoH6HnaczB8XmDH1oaWU+xxdptvikTgaEhtZ53Ky6YXiBuUI2WXLMCwjw==}
+
+  isexe@2.0.0:
+    resolution: {integrity: sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=}
+
+  js-yaml@4.1.1:
+    resolution: {integrity: sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==}
+    hasBin: true
+
+  json-buffer@3.0.1:
+    resolution: {integrity: sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==}
+
+  json-schema-traverse@0.4.1:
+    resolution: {integrity: sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==}
+
+  json-stable-stringify-without-jsonify@1.0.1:
+    resolution: {integrity: sha1-nbe1lJatPzz+8wp1FC0tkwrXJlE=}
+
+  keyv@4.5.4:
+    resolution: {integrity: sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==}
+
+  kleur@4.1.5:
+    resolution: {integrity: sha512-o+NO+8WrRiQEE4/7nwRJhN1HWpVmJm511pBHUxPLtp0BUISzlBplORYSmTclCnJvQq2tKu/sgl3xVpkc7ZWuQQ==}
+    engines: {node: '>=6'}
+
+  known-css-properties@0.35.0:
+    resolution: {integrity: sha512-a/RAk2BfKk+WFGhhOCAYqSiFLc34k8Mt/6NWRI4joER0EYUzXIcFivjjnoD3+XU1DggLn/tZc3DOAgke7l8a4A==}
+
+  levn@0.4.1:
+    resolution: {integrity: sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==}
+    engines: {node: '>= 0.8.0'}
+
+  lilconfig@2.1.0:
+    resolution: {integrity: sha512-utWOt/GHzuUxnLKxB6dk81RoOeoNeHgbrXiuGk4yyF5qlRz+iIVWu56E2fqGHFrXz0QNUhLB/8nKqvRH66JKGQ==}
+    engines: {node: '>=10'}
+
+  locate-character@3.0.0:
+    resolution: {integrity: sha512-SW13ws7BjaeJ6p7Q6CO2nchbYEc3X3J6WrmTTDto7yMPqVSZTUyY5Tjbid+Ab8gLnATtygYtiDIJGQRRn2ZOiA==}
+
+  locate-path@6.0.0:
+    resolution: {integrity: sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==}
+    engines: {node: '>=10'}
 
-  /es6-promise@3.3.1:
-    resolution: {integrity: sha512-SOp9Phqvqn7jtEUxPWdWfWoLmyt2VaJ6MpvP9Comy1MceMXqE6bxvaTu4iaxpYYPzhny28Lc+M87/c2cPK6lDg==}
-    dev: true
+  lodash.merge@4.6.2:
+    resolution: {integrity: sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==}
+
+  magic-string@0.30.21:
+    resolution: {integrity: sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ==}
+
+  minimatch@10.2.5:
+    resolution: {integrity: sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==}
+    engines: {node: 18 || 20 || >=22}
+
+  minimatch@3.1.5:
+    resolution: {integrity: sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==}
+
+  mri@1.2.0:
+    resolution: {integrity: sha512-tzzskb3bG8LvYGFF/mDTpq3jpI6Q9wc3LEmBaghu+DdCssd1FakN7Bc0hVNmEyGq1bq3RgfkCb3cmQLpNPOroA==}
+    engines: {node: '>=4'}
+
+  mrmime@2.0.1:
+    resolution: {integrity: sha512-Y3wQdFg2Va6etvQ5I82yUhGdsKrcYox6p7FfL1LbK2J4V01F9TGlepTIhnK24t7koZibmg82KGglhA1XK5IsLQ==}
+    engines: {node: '>=10'}
+
+  ms@2.1.3:
+    resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==}
+
+  nanoid@3.3.12:
+    resolution: {integrity: sha512-ZB9RH/39qpq5Vu6Y+NmUaFhQR6pp+M2Xt76XBnEwDaGcVAqhlvxrl3B2bKS5D3NH3QR76v3aSrKaF/Kiy7lEtQ==}
+    engines: {node: ^10 || ^12 || ^13.7 || ^14 || >=15.0.1}
+    hasBin: true
+
+  natural-compare@1.4.0:
+    resolution: {integrity: sha1-Sr6/7tdUHywnrPspvbvRXI1bpPc=}
+
+  node-addon-api@7.1.1:
+    resolution: {integrity: sha512-5m3bsyrjFWE1xf7nz7YXdN4udnVtXK6/Yfgn5qnahL6bCkf2yKt4k3nuTKAtT4r3IG8JNR2ncsIMdZuAzJjHQQ==}
+
+  optionator@0.9.4:
+    resolution: {integrity: sha512-6IpQ7mKUxRcZNLIObR0hz7lxsapSSIYNZJwXPGeF0mTVqGKFIXj1DQcMoT22S3ROcLyY/rz0PWaWZ9ayWmad9g==}
+    engines: {node: '>= 0.8.0'}
+
+  p-limit@3.1.0:
+    resolution: {integrity: sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==}
+    engines: {node: '>=10'}
+
+  p-locate@5.0.0:
+    resolution: {integrity: sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==}
+    engines: {node: '>=10'}
+
+  parent-module@1.0.1:
+    resolution: {integrity: sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==}
+    engines: {node: '>=6'}
+
+  path-exists@4.0.0:
+    resolution: {integrity: sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==}
+    engines: {node: '>=8'}
+
+  path-key@3.1.1:
+    resolution: {integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==}
+    engines: {node: '>=8'}
 
-  /esbuild@0.17.18:
-    resolution: {integrity: sha512-z1lix43jBs6UKjcZVKOw2xx69ffE2aG0PygLL5qJ9OS/gy0Ewd1gW/PUQIOIQGXBHWNywSc0floSKoMFF8aK2w==}
+  picocolors@1.1.1:
+    resolution: {integrity: sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==}
+
+  picomatch@4.0.4:
+    resolution: {integrity: sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==}
     engines: {node: '>=12'}
+
+  playwright-core@1.60.0:
+    resolution: {integrity: sha512-9bW6zvX/m0lEbgTKJ6YppOKx8H3VOPBMOCFh2irXFOT4BbHgrx5hPjwJYLT40Lu+4qtD36qKc/Hn56StUW57IA==}
+    engines: {node: '>=18'}
     hasBin: true
-    requiresBuild: true
-    optionalDependencies:
-      '@esbuild/android-arm': 0.17.18
-      '@esbuild/android-arm64': 0.17.18
-      '@esbuild/android-x64': 0.17.18
-      '@esbuild/darwin-arm64': 0.17.18
-      '@esbuild/darwin-x64': 0.17.18
-      '@esbuild/freebsd-arm64': 0.17.18
-      '@esbuild/freebsd-x64': 0.17.18
-      '@esbuild/linux-arm': 0.17.18
-      '@esbuild/linux-arm64': 0.17.18
-      '@esbuild/linux-ia32': 0.17.18
-      '@esbuild/linux-loong64': 0.17.18
-      '@esbuild/linux-mips64el': 0.17.18
-      '@esbuild/linux-ppc64': 0.17.18
-      '@esbuild/linux-riscv64': 0.17.18
-      '@esbuild/linux-s390x': 0.17.18
-      '@esbuild/linux-x64': 0.17.18
-      '@esbuild/netbsd-x64': 0.17.18
-      '@esbuild/openbsd-x64': 0.17.18
-      '@esbuild/sunos-x64': 0.17.18
-      '@esbuild/win32-arm64': 0.17.18
-      '@esbuild/win32-ia32': 0.17.18
-      '@esbuild/win32-x64': 0.17.18
-    dev: true
-
-  /escape-string-regexp@4.0.0:
-    resolution: {integrity: sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==}
+
+  playwright@1.60.0:
+    resolution: {integrity: sha512-hheHdokM8cdqCb0lcE3s+zT4t4W+vvjpGxsZlDnikarzx8tSzMebh3UiFtgqwFwnTnjYQcsyMF8ei2mCO/tpeA==}
+    engines: {node: '>=18'}
+    hasBin: true
+
+  postcss-load-config@3.1.4:
+    resolution: {integrity: sha512-6DiM4E7v4coTE4uzA8U//WhtPwyhiim3eyjEMFCnUpzbrkK9wJHgKDT2mR+HbtSrd/NubVaYTOpSpjUl8NQeRg==}
+    engines: {node: '>= 10'}
+    peerDependencies:
+      postcss: '>=8.0.9'
+      ts-node: '>=9.0.0'
+    peerDependenciesMeta:
+      postcss:
+        optional: true
+      ts-node:
+        optional: true
+
+  postcss-safe-parser@6.0.0:
+    resolution: {integrity: sha512-FARHN8pwH+WiS2OPCxJI8FuRJpTVnn6ZNFiqAM2aeW2LwTHWWmWgIyKC6cUo0L8aeKiF/14MNvnpls6R2PBeMQ==}
+    engines: {node: '>=12.0'}
+    peerDependencies:
+      postcss: ^8.3.3
+
+  postcss-scss@4.0.9:
+    resolution: {integrity: sha512-AjKOeiwAitL/MXxQW2DliT28EKukvvbEWx3LBmJIRN8KfBGZbRTxNYW0kSqi1COiTZ57nZ9NW06S6ux//N1c9A==}
+    engines: {node: '>=12.0'}
+    peerDependencies:
+      postcss: ^8.4.29
+
+  postcss-selector-parser@6.1.2:
+    resolution: {integrity: sha512-Q8qQfPiZ+THO/3ZrOrO0cJJKfpYCagtMUkXbnEfmgUjwXg6z/WBeOyS9APBBPCTSiDV+s4SwQGu8yFsiMRIudg==}
+    engines: {node: '>=4'}
+
+  postcss@8.5.15:
+    resolution: {integrity: sha512-FfR8sjd4em2T6fb3I2MwAJU7HWVMr9zba+enmQeeWFfCbm+UOC/0X4DS8XtpUTMwWMGbjKYP7xjfNekzyGmB3A==}
+    engines: {node: ^10 || ^12 || >=14}
+
+  prelude-ls@1.2.1:
+    resolution: {integrity: sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==}
+    engines: {node: '>= 0.8.0'}
+
+  prettier-plugin-svelte@3.5.2:
+    resolution: {integrity: sha512-ItFouLvzSFE3ulNl4DKoWM3BGcbDCNVpIyy/Y3F2gC3aNiGLxtFUdffVqO5Z5hhYG+DFT5KULWaxmeFFpdbvaQ==}
+    peerDependencies:
+      prettier: ^3.0.0
+      svelte: ^3.2.0 || ^4.0.0-next.0 || ^5.0.0-next.0
+
+  prettier@3.8.3:
+    resolution: {integrity: sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw==}
+    engines: {node: '>=14'}
+    hasBin: true
+
+  punycode@2.3.1:
+    resolution: {integrity: sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==}
+    engines: {node: '>=6'}
+
+  readdirp@4.1.2:
+    resolution: {integrity: sha512-GDhwkLfywWL2s6vEjyhri+eXmfH6j1L7JE27WhqLeYzoh/A3DBaYGEj2H/HFZCn/kMfim73FXxEJTw06WtxQwg==}
+    engines: {node: '>= 14.18.0'}
+
+  resolve-from@4.0.0:
+    resolution: {integrity: sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==}
+    engines: {node: '>=4'}
+
+  rollup@4.60.4:
+    resolution: {integrity: sha512-WHeFSbZYsPu3+bLoNRUuAO+wavNlocOPf3wSHTP7hcFKVnJeWsYlCDbr3mTS14FCizf9ccIxXA8sGL8zKeQN3g==}
+    engines: {node: '>=18.0.0', npm: '>=8.0.0'}
+    hasBin: true
+
+  sade@1.8.1:
+    resolution: {integrity: sha512-xal3CZX1Xlo/k4ApwCFrHVACi9fBqJ7V+mwhBsuf/1IOKbBy098Fex+Wa/5QMubw09pSZ/u8EY8PWgevJsXp1A==}
+    engines: {node: '>=6'}
+
+  sass@1.99.0:
+    resolution: {integrity: sha512-kgW13M54DUB7IsIRM5LvJkNlpH+WhMpooUcaWGFARkF1Tc82v9mIWkCbCYf+MBvpIUBSeSOTilpZjEPr2VYE6Q==}
+    engines: {node: '>=14.0.0'}
+    hasBin: true
+
+  semver@7.8.0:
+    resolution: {integrity: sha512-AcM7dV/5ul4EekoQ29Agm5vri8JNqRyj39o0qpX6vDF2GZrtutZl5RwgD1XnZjiTAfncsJhMI48QQH3sN87YNA==}
     engines: {node: '>=10'}
-    dev: true
+    hasBin: true
+
+  set-cookie-parser@3.1.0:
+    resolution: {integrity: sha512-kjnC1DXBHcxaOaOXBHBeRtltsDG2nUiUni+jP92M9gYdW12rsmx92UsfpH7o5tDRs7I1ZZPSQJQGv3UaRfCiuw==}
+
+  shebang-command@2.0.0:
+    resolution: {integrity: sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==}
+    engines: {node: '>=8'}
+
+  shebang-regex@3.0.0:
+    resolution: {integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==}
+    engines: {node: '>=8'}
+
+  sirv@3.0.2:
+    resolution: {integrity: sha512-2wcC/oGxHis/BoHkkPwldgiPSYcpZK3JU28WoMVv55yHJgcZ8rlXvuG9iZggz+sU1d4bRgIGASwyWqjxu3FM0g==}
+    engines: {node: '>=18'}
+
+  source-map-js@1.2.1:
+    resolution: {integrity: sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==}
+    engines: {node: '>=0.10.0'}
+
+  strip-json-comments@3.1.1:
+    resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==}
+    engines: {node: '>=8'}
+
+  supports-color@7.2.0:
+    resolution: {integrity: sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==}
+    engines: {node: '>=8'}
 
-  /eslint-config-prettier@8.8.0(eslint@8.39.0):
-    resolution: {integrity: sha512-wLbQiFre3tdGgpDv67NQKnJuTlcUVYHas3k+DZCc2U2BadthoEY4B7hLPvAxaqdyOGCzuLfii2fqGph10va7oA==}
+  svelte-check@4.4.8:
+    resolution: {integrity: sha512-67adfgBox5eNSNIvIIwgFizKGdcRrGpiMoNO2obHcYuLz7iTa8Xgm/NGU3ntMFnNm8K1grFOIG6HhMLX/vcN8w==}
+    engines: {node: '>= 18.0.0'}
     hasBin: true
     peerDependencies:
-      eslint: '>=7.0.0'
-    dependencies:
-      eslint: 8.39.0
-    dev: true
+      svelte: ^4.0.0 || ^5.0.0-next.0
+      typescript: '>=5.0.0'
+
+  svelte-eslint-parser@0.43.0:
+    resolution: {integrity: sha512-GpU52uPKKcVnh8tKN5P4UZpJ/fUDndmq7wfsvoVXsyP+aY0anol7Yqo01fyrlaWGMFfm4av5DyrjlaXdLRJvGA==}
+    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+    peerDependencies:
+      svelte: ^3.37.0 || ^4.0.0 || ^5.0.0
+    peerDependenciesMeta:
+      svelte:
+        optional: true
+
+  svelte@5.55.8:
+    resolution: {integrity: sha512-4D6lyrMHmDaZalQOEBMCWCCidyZjSnec14/oPn0k627G6goxcck9xqMwz1tFLlQz+ZFvtTTHfFOlUayuAz0z6Q==}
+    engines: {node: '>=18'}
+
+  tinyglobby@0.2.16:
+    resolution: {integrity: sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==}
+    engines: {node: '>=12.0.0'}
+
+  totalist@3.0.1:
+    resolution: {integrity: sha512-sf4i37nQ2LBx4m3wB74y+ubopq6W/dIzXg0FDGjsYnZHVa1Da8FH853wlL2gtUhg+xJXjfk3kUZS3BRoQeoQBQ==}
+    engines: {node: '>=6'}
 
-  /eslint-plugin-svelte3@4.0.0(eslint@8.39.0)(svelte@3.58.0):
-    resolution: {integrity: sha512-OIx9lgaNzD02+MDFNLw0GEUbuovNcglg+wnd/UY0fbZmlQSz7GlQiQ1f+yX0XvC07XPcDOnFcichqI3xCwp71g==}
+  ts-api-utils@2.5.0:
+    resolution: {integrity: sha512-OJ/ibxhPlqrMM0UiNHJ/0CKQkoKF243/AEmplt3qpRgkW8VG7IfOS41h7V8TjITqdByHzrjcS/2si+y4lIh8NA==}
+    engines: {node: '>=18.12'}
     peerDependencies:
-      eslint: '>=8.0.0'
-      svelte: ^3.2.0
-    dependencies:
-      eslint: 8.39.0
-      svelte: 3.58.0
-    dev: true
+      typescript: '>=4.8.4'
 
-  /eslint-scope@5.1.1:
-    resolution: {integrity: sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==}
-    engines: {node: '>=8.0.0'}
-    dependencies:
-      esrecurse: 4.3.0
-      estraverse: 4.3.0
-    dev: true
+  tslib@2.8.1:
+    resolution: {integrity: sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==}
+
+  type-check@0.4.0:
+    resolution: {integrity: sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==}
+    engines: {node: '>= 0.8.0'}
+
+  typescript-eslint@8.59.4:
+    resolution: {integrity: sha512-Rw6+44QNFaXtgHSjPy+Kw8hrJniMYzR85E9yLmOLcfZ91/rz+JXQbDTCmc6ccxMPY6K6PgAq26f0JCBfR7LIPQ==}
+    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
+    peerDependencies:
+      eslint: ^8.57.0 || ^9.0.0 || ^10.0.0
+      typescript: '>=4.8.4 <6.1.0'
+
+  typescript@5.9.3:
+    resolution: {integrity: sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==}
+    engines: {node: '>=14.17'}
+    hasBin: true
+
+  uri-js@4.4.1:
+    resolution: {integrity: sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==}
+
+  util-deprecate@1.0.2:
+    resolution: {integrity: sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=}
+
+  vite@5.4.21:
+    resolution: {integrity: sha512-o5a9xKjbtuhY6Bi5S3+HvbRERmouabWbyUcpXXUA1u+GNUKoROi9byOJ8M0nHbHYHkYICiMlqxkg1KkYmm25Sw==}
+    engines: {node: ^18.0.0 || >=20.0.0}
+    hasBin: true
+    peerDependencies:
+      '@types/node': ^18.0.0 || >=20.0.0
+      less: '*'
+      lightningcss: ^1.21.0
+      sass: '*'
+      sass-embedded: '*'
+      stylus: '*'
+      sugarss: '*'
+      terser: ^5.4.0
+    peerDependenciesMeta:
+      '@types/node':
+        optional: true
+      less:
+        optional: true
+      lightningcss:
+        optional: true
+      sass:
+        optional: true
+      sass-embedded:
+        optional: true
+      stylus:
+        optional: true
+      sugarss:
+        optional: true
+      terser:
+        optional: true
+
+  vitefu@1.1.3:
+    resolution: {integrity: sha512-ub4okH7Z5KLjb6hDyjqrGXqWtWvoYdU3IGm/NorpgHncKoLTCfRIbvlhBm7r0YstIaQRYlp4yEbFqDcKSzXSSg==}
+    peerDependencies:
+      vite: ^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0
+    peerDependenciesMeta:
+      vite:
+        optional: true
+
+  which@2.0.2:
+    resolution: {integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==}
+    engines: {node: '>= 8'}
+    hasBin: true
+
+  word-wrap@1.2.5:
+    resolution: {integrity: sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==}
+    engines: {node: '>=0.10.0'}
+
+  yaml@1.10.3:
+    resolution: {integrity: sha512-vIYeF1u3CjlhAFekPPAk2h/Kv4T3mAkMox5OymRiJQB0spDP10LHvt+K7G9Ny6NuuMAb25/6n1qyUjAcGNf/AA==}
+    engines: {node: '>= 6'}
+
+  yocto-queue@0.1.0:
+    resolution: {integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==}
+    engines: {node: '>=10'}
+
+  zimmerframe@1.1.4:
+    resolution: {integrity: sha512-B58NGBEoc8Y9MWWCQGl/gq9xBCe4IiKM0a2x7GZdQKOW5Exr8S1W24J6OgM1njK8xCRGvAJIL/MxXHf6SkmQKQ==}
+
+  zod@3.25.76:
+    resolution: {integrity: sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==}
+
+snapshots:
+
+  '@esbuild/aix-ppc64@0.21.5':
+    optional: true
+
+  '@esbuild/android-arm64@0.21.5':
+    optional: true
+
+  '@esbuild/android-arm@0.21.5':
+    optional: true
+
+  '@esbuild/android-x64@0.21.5':
+    optional: true
+
+  '@esbuild/darwin-arm64@0.21.5':
+    optional: true
+
+  '@esbuild/darwin-x64@0.21.5':
+    optional: true
+
+  '@esbuild/freebsd-arm64@0.21.5':
+    optional: true
+
+  '@esbuild/freebsd-x64@0.21.5':
+    optional: true
+
+  '@esbuild/linux-arm64@0.21.5':
+    optional: true
+
+  '@esbuild/linux-arm@0.21.5':
+    optional: true
+
+  '@esbuild/linux-ia32@0.21.5':
+    optional: true
+
+  '@esbuild/linux-loong64@0.21.5':
+    optional: true
+
+  '@esbuild/linux-mips64el@0.21.5':
+    optional: true
+
+  '@esbuild/linux-ppc64@0.21.5':
+    optional: true
+
+  '@esbuild/linux-riscv64@0.21.5':
+    optional: true
+
+  '@esbuild/linux-s390x@0.21.5':
+    optional: true
+
+  '@esbuild/linux-x64@0.21.5':
+    optional: true
+
+  '@esbuild/netbsd-x64@0.21.5':
+    optional: true
+
+  '@esbuild/openbsd-x64@0.21.5':
+    optional: true
+
+  '@esbuild/sunos-x64@0.21.5':
+    optional: true
+
+  '@esbuild/win32-arm64@0.21.5':
+    optional: true
+
+  '@esbuild/win32-ia32@0.21.5':
+    optional: true
+
+  '@esbuild/win32-x64@0.21.5':
+    optional: true
+
+  '@eslint-community/eslint-utils@4.9.1(eslint@9.39.4)':
+    dependencies:
+      eslint: 9.39.4
+      eslint-visitor-keys: 3.4.3
+
+  '@eslint-community/regexpp@4.12.2': {}
+
+  '@eslint/config-array@0.21.2':
+    dependencies:
+      '@eslint/object-schema': 2.1.7
+      debug: 4.4.3
+      minimatch: 3.1.5
+    transitivePeerDependencies:
+      - supports-color
+
+  '@eslint/config-helpers@0.4.2':
+    dependencies:
+      '@eslint/core': 0.17.0
+
+  '@eslint/core@0.17.0':
+    dependencies:
+      '@types/json-schema': 7.0.15
+
+  '@eslint/eslintrc@3.3.5':
+    dependencies:
+      ajv: 6.15.0
+      debug: 4.4.3
+      espree: 10.4.0
+      globals: 14.0.0
+      ignore: 5.3.2
+      import-fresh: 3.3.1
+      js-yaml: 4.1.1
+      minimatch: 3.1.5
+      strip-json-comments: 3.1.1
+    transitivePeerDependencies:
+      - supports-color
+
+  '@eslint/js@9.39.4': {}
+
+  '@eslint/object-schema@2.1.7': {}
+
+  '@eslint/plugin-kit@0.4.1':
+    dependencies:
+      '@eslint/core': 0.17.0
+      levn: 0.4.1
+
+  '@humanfs/core@0.19.2':
+    dependencies:
+      '@humanfs/types': 0.15.0
+
+  '@humanfs/node@0.16.8':
+    dependencies:
+      '@humanfs/core': 0.19.2
+      '@humanfs/types': 0.15.0
+      '@humanwhocodes/retry': 0.4.3
+
+  '@humanfs/types@0.15.0': {}
+
+  '@humanwhocodes/module-importer@1.0.1': {}
+
+  '@humanwhocodes/retry@0.4.3': {}
+
+  '@jridgewell/gen-mapping@0.3.13':
+    dependencies:
+      '@jridgewell/sourcemap-codec': 1.5.5
+      '@jridgewell/trace-mapping': 0.3.31
+
+  '@jridgewell/remapping@2.3.5':
+    dependencies:
+      '@jridgewell/gen-mapping': 0.3.13
+      '@jridgewell/trace-mapping': 0.3.31
+
+  '@jridgewell/resolve-uri@3.1.2': {}
+
+  '@jridgewell/sourcemap-codec@1.5.5': {}
+
+  '@jridgewell/trace-mapping@0.3.31':
+    dependencies:
+      '@jridgewell/resolve-uri': 3.1.2
+      '@jridgewell/sourcemap-codec': 1.5.5
+
+  '@parcel/watcher-android-arm64@2.5.6':
+    optional: true
+
+  '@parcel/watcher-darwin-arm64@2.5.6':
+    optional: true
+
+  '@parcel/watcher-darwin-x64@2.5.6':
+    optional: true
+
+  '@parcel/watcher-freebsd-x64@2.5.6':
+    optional: true
+
+  '@parcel/watcher-linux-arm-glibc@2.5.6':
+    optional: true
+
+  '@parcel/watcher-linux-arm-musl@2.5.6':
+    optional: true
+
+  '@parcel/watcher-linux-arm64-glibc@2.5.6':
+    optional: true
+
+  '@parcel/watcher-linux-arm64-musl@2.5.6':
+    optional: true
+
+  '@parcel/watcher-linux-x64-glibc@2.5.6':
+    optional: true
+
+  '@parcel/watcher-linux-x64-musl@2.5.6':
+    optional: true
+
+  '@parcel/watcher-win32-arm64@2.5.6':
+    optional: true
+
+  '@parcel/watcher-win32-ia32@2.5.6':
+    optional: true
+
+  '@parcel/watcher-win32-x64@2.5.6':
+    optional: true
+
+  '@parcel/watcher@2.5.6':
+    dependencies:
+      detect-libc: 2.1.2
+      is-glob: 4.0.3
+      node-addon-api: 7.1.1
+      picomatch: 4.0.4
+    optionalDependencies:
+      '@parcel/watcher-android-arm64': 2.5.6
+      '@parcel/watcher-darwin-arm64': 2.5.6
+      '@parcel/watcher-darwin-x64': 2.5.6
+      '@parcel/watcher-freebsd-x64': 2.5.6
+      '@parcel/watcher-linux-arm-glibc': 2.5.6
+      '@parcel/watcher-linux-arm-musl': 2.5.6
+      '@parcel/watcher-linux-arm64-glibc': 2.5.6
+      '@parcel/watcher-linux-arm64-musl': 2.5.6
+      '@parcel/watcher-linux-x64-glibc': 2.5.6
+      '@parcel/watcher-linux-x64-musl': 2.5.6
+      '@parcel/watcher-win32-arm64': 2.5.6
+      '@parcel/watcher-win32-ia32': 2.5.6
+      '@parcel/watcher-win32-x64': 2.5.6
+    optional: true
+
+  '@playwright/test@1.60.0':
+    dependencies:
+      playwright: 1.60.0
+
+  '@polka/url@1.0.0-next.29': {}
+
+  '@rollup/rollup-android-arm-eabi@4.60.4':
+    optional: true
+
+  '@rollup/rollup-android-arm64@4.60.4':
+    optional: true
+
+  '@rollup/rollup-darwin-arm64@4.60.4':
+    optional: true
+
+  '@rollup/rollup-darwin-x64@4.60.4':
+    optional: true
+
+  '@rollup/rollup-freebsd-arm64@4.60.4':
+    optional: true
+
+  '@rollup/rollup-freebsd-x64@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-arm-gnueabihf@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-arm-musleabihf@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-arm64-gnu@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-arm64-musl@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-loong64-gnu@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-loong64-musl@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-ppc64-gnu@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-ppc64-musl@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-riscv64-gnu@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-riscv64-musl@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-s390x-gnu@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-x64-gnu@4.60.4':
+    optional: true
+
+  '@rollup/rollup-linux-x64-musl@4.60.4':
+    optional: true
+
+  '@rollup/rollup-openbsd-x64@4.60.4':
+    optional: true
+
+  '@rollup/rollup-openharmony-arm64@4.60.4':
+    optional: true
+
+  '@rollup/rollup-win32-arm64-msvc@4.60.4':
+    optional: true
+
+  '@rollup/rollup-win32-ia32-msvc@4.60.4':
+    optional: true
+
+  '@rollup/rollup-win32-x64-gnu@4.60.4':
+    optional: true
+
+  '@rollup/rollup-win32-x64-msvc@4.60.4':
+    optional: true
+
+  '@standard-schema/spec@1.1.0': {}
+
+  '@sveltejs/acorn-typescript@1.0.9(acorn@8.16.0)':
+    dependencies:
+      acorn: 8.16.0
+
+  '@sveltejs/adapter-static@3.0.10(@sveltejs/kit@2.60.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@5.9.3)(vite@5.4.21(sass@1.99.0)))':
+    dependencies:
+      '@sveltejs/kit': 2.60.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@5.9.3)(vite@5.4.21(sass@1.99.0))
+
+  '@sveltejs/kit@2.60.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@5.9.3)(vite@5.4.21(sass@1.99.0))':
+    dependencies:
+      '@standard-schema/spec': 1.1.0
+      '@sveltejs/acorn-typescript': 1.0.9(acorn@8.16.0)
+      '@sveltejs/vite-plugin-svelte': 4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0))
+      '@types/cookie': 0.6.0
+      acorn: 8.16.0
+      cookie: 0.6.0
+      devalue: 5.8.1
+      esm-env: 1.2.2
+      kleur: 4.1.5
+      magic-string: 0.30.21
+      mrmime: 2.0.1
+      set-cookie-parser: 3.1.0
+      sirv: 3.0.2
+      svelte: 5.55.8(@typescript-eslint/types@8.59.4)
+      vite: 5.4.21(sass@1.99.0)
+    optionalDependencies:
+      typescript: 5.9.3
+
+  '@sveltejs/vite-plugin-svelte-inspector@3.0.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0))':
+    dependencies:
+      '@sveltejs/vite-plugin-svelte': 4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0))
+      debug: 4.4.3
+      svelte: 5.55.8(@typescript-eslint/types@8.59.4)
+      vite: 5.4.21(sass@1.99.0)
+    transitivePeerDependencies:
+      - supports-color
+
+  '@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0))':
+    dependencies:
+      '@sveltejs/vite-plugin-svelte-inspector': 3.0.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0))
+      debug: 4.4.3
+      deepmerge: 4.3.1
+      kleur: 4.1.5
+      magic-string: 0.30.21
+      svelte: 5.55.8(@typescript-eslint/types@8.59.4)
+      vite: 5.4.21(sass@1.99.0)
+      vitefu: 1.1.3(vite@5.4.21(sass@1.99.0))
+    transitivePeerDependencies:
+      - supports-color
+
+  '@types/cookie@0.6.0': {}
+
+  '@types/estree@1.0.8': {}
+
+  '@types/estree@1.0.9': {}
+
+  '@types/json-schema@7.0.15': {}
+
+  '@types/trusted-types@2.0.7': {}
+
+  '@typescript-eslint/eslint-plugin@8.59.4(@typescript-eslint/parser@8.59.4(eslint@9.39.4)(typescript@5.9.3))(eslint@9.39.4)(typescript@5.9.3)':
+    dependencies:
+      '@eslint-community/regexpp': 4.12.2
+      '@typescript-eslint/parser': 8.59.4(eslint@9.39.4)(typescript@5.9.3)
+      '@typescript-eslint/scope-manager': 8.59.4
+      '@typescript-eslint/type-utils': 8.59.4(eslint@9.39.4)(typescript@5.9.3)
+      '@typescript-eslint/utils': 8.59.4(eslint@9.39.4)(typescript@5.9.3)
+      '@typescript-eslint/visitor-keys': 8.59.4
+      eslint: 9.39.4
+      ignore: 7.0.5
+      natural-compare: 1.4.0
+      ts-api-utils: 2.5.0(typescript@5.9.3)
+      typescript: 5.9.3
+    transitivePeerDependencies:
+      - supports-color
+
+  '@typescript-eslint/parser@8.59.4(eslint@9.39.4)(typescript@5.9.3)':
+    dependencies:
+      '@typescript-eslint/scope-manager': 8.59.4
+      '@typescript-eslint/types': 8.59.4
+      '@typescript-eslint/typescript-estree': 8.59.4(typescript@5.9.3)
+      '@typescript-eslint/visitor-keys': 8.59.4
+      debug: 4.4.3
+      eslint: 9.39.4
+      typescript: 5.9.3
+    transitivePeerDependencies:
+      - supports-color
+
+  '@typescript-eslint/project-service@8.59.4(typescript@5.9.3)':
+    dependencies:
+      '@typescript-eslint/tsconfig-utils': 8.59.4(typescript@5.9.3)
+      '@typescript-eslint/types': 8.59.4
+      debug: 4.4.3
+      typescript: 5.9.3
+    transitivePeerDependencies:
+      - supports-color
+
+  '@typescript-eslint/scope-manager@8.59.4':
+    dependencies:
+      '@typescript-eslint/types': 8.59.4
+      '@typescript-eslint/visitor-keys': 8.59.4
+
+  '@typescript-eslint/tsconfig-utils@8.59.4(typescript@5.9.3)':
+    dependencies:
+      typescript: 5.9.3
+
+  '@typescript-eslint/type-utils@8.59.4(eslint@9.39.4)(typescript@5.9.3)':
+    dependencies:
+      '@typescript-eslint/types': 8.59.4
+      '@typescript-eslint/typescript-estree': 8.59.4(typescript@5.9.3)
+      '@typescript-eslint/utils': 8.59.4(eslint@9.39.4)(typescript@5.9.3)
+      debug: 4.4.3
+      eslint: 9.39.4
+      ts-api-utils: 2.5.0(typescript@5.9.3)
+      typescript: 5.9.3
+    transitivePeerDependencies:
+      - supports-color
+
+  '@typescript-eslint/types@8.59.4': {}
+
+  '@typescript-eslint/typescript-estree@8.59.4(typescript@5.9.3)':
+    dependencies:
+      '@typescript-eslint/project-service': 8.59.4(typescript@5.9.3)
+      '@typescript-eslint/tsconfig-utils': 8.59.4(typescript@5.9.3)
+      '@typescript-eslint/types': 8.59.4
+      '@typescript-eslint/visitor-keys': 8.59.4
+      debug: 4.4.3
+      minimatch: 10.2.5
+      semver: 7.8.0
+      tinyglobby: 0.2.16
+      ts-api-utils: 2.5.0(typescript@5.9.3)
+      typescript: 5.9.3
+    transitivePeerDependencies:
+      - supports-color
+
+  '@typescript-eslint/utils@8.59.4(eslint@9.39.4)(typescript@5.9.3)':
+    dependencies:
+      '@eslint-community/eslint-utils': 4.9.1(eslint@9.39.4)
+      '@typescript-eslint/scope-manager': 8.59.4
+      '@typescript-eslint/types': 8.59.4
+      '@typescript-eslint/typescript-estree': 8.59.4(typescript@5.9.3)
+      eslint: 9.39.4
+      typescript: 5.9.3
+    transitivePeerDependencies:
+      - supports-color
+
+  '@typescript-eslint/visitor-keys@8.59.4':
+    dependencies:
+      '@typescript-eslint/types': 8.59.4
+      eslint-visitor-keys: 5.0.1
+
+  acorn-jsx@5.3.2(acorn@8.16.0):
+    dependencies:
+      acorn: 8.16.0
+
+  acorn@8.16.0: {}
+
+  ajv@6.15.0:
+    dependencies:
+      fast-deep-equal: 3.1.3
+      fast-json-stable-stringify: 2.1.0
+      json-schema-traverse: 0.4.1
+      uri-js: 4.4.1
+
+  ansi-styles@4.3.0:
+    dependencies:
+      color-convert: 2.0.1
+
+  argparse@2.0.1: {}
+
+  aria-query@5.3.1: {}
+
+  axobject-query@4.1.0: {}
+
+  balanced-match@1.0.2: {}
+
+  balanced-match@4.0.4: {}
+
+  brace-expansion@1.1.14:
+    dependencies:
+      balanced-match: 1.0.2
+      concat-map: 0.0.1
+
+  brace-expansion@5.0.6:
+    dependencies:
+      balanced-match: 4.0.4
+
+  callsites@3.1.0: {}
+
+  chalk@4.1.2:
+    dependencies:
+      ansi-styles: 4.3.0
+      supports-color: 7.2.0
+
+  chokidar@4.0.3:
+    dependencies:
+      readdirp: 4.1.2
+
+  clsx@2.1.1: {}
+
+  color-convert@2.0.1:
+    dependencies:
+      color-name: 1.1.4
+
+  color-name@1.1.4: {}
+
+  concat-map@0.0.1: {}
+
+  cookie@0.6.0: {}
+
+  cross-spawn@7.0.6:
+    dependencies:
+      path-key: 3.1.1
+      shebang-command: 2.0.0
+      which: 2.0.2
+
+  cssesc@3.0.0: {}
+
+  debug@4.4.3:
+    dependencies:
+      ms: 2.1.3
+
+  deep-is@0.1.4: {}
+
+  deepmerge@4.3.1: {}
+
+  detect-libc@2.1.2:
+    optional: true
+
+  devalue@5.8.1: {}
+
+  esbuild@0.21.5:
+    optionalDependencies:
+      '@esbuild/aix-ppc64': 0.21.5
+      '@esbuild/android-arm': 0.21.5
+      '@esbuild/android-arm64': 0.21.5
+      '@esbuild/android-x64': 0.21.5
+      '@esbuild/darwin-arm64': 0.21.5
+      '@esbuild/darwin-x64': 0.21.5
+      '@esbuild/freebsd-arm64': 0.21.5
+      '@esbuild/freebsd-x64': 0.21.5
+      '@esbuild/linux-arm': 0.21.5
+      '@esbuild/linux-arm64': 0.21.5
+      '@esbuild/linux-ia32': 0.21.5
+      '@esbuild/linux-loong64': 0.21.5
+      '@esbuild/linux-mips64el': 0.21.5
+      '@esbuild/linux-ppc64': 0.21.5
+      '@esbuild/linux-riscv64': 0.21.5
+      '@esbuild/linux-s390x': 0.21.5
+      '@esbuild/linux-x64': 0.21.5
+      '@esbuild/netbsd-x64': 0.21.5
+      '@esbuild/openbsd-x64': 0.21.5
+      '@esbuild/sunos-x64': 0.21.5
+      '@esbuild/win32-arm64': 0.21.5
+      '@esbuild/win32-ia32': 0.21.5
+      '@esbuild/win32-x64': 0.21.5
+
+  escape-string-regexp@4.0.0: {}
+
+  eslint-compat-utils@0.5.1(eslint@9.39.4):
+    dependencies:
+      eslint: 9.39.4
+      semver: 7.8.0
+
+  eslint-config-prettier@9.1.2(eslint@9.39.4):
+    dependencies:
+      eslint: 9.39.4
+
+  eslint-plugin-svelte@2.46.1(eslint@9.39.4)(svelte@5.55.8(@typescript-eslint/types@8.59.4)):
+    dependencies:
+      '@eslint-community/eslint-utils': 4.9.1(eslint@9.39.4)
+      '@jridgewell/sourcemap-codec': 1.5.5
+      eslint: 9.39.4
+      eslint-compat-utils: 0.5.1(eslint@9.39.4)
+      esutils: 2.0.3
+      known-css-properties: 0.35.0
+      postcss: 8.5.15
+      postcss-load-config: 3.1.4(postcss@8.5.15)
+      postcss-safe-parser: 6.0.0(postcss@8.5.15)
+      postcss-selector-parser: 6.1.2
+      semver: 7.8.0
+      svelte-eslint-parser: 0.43.0(svelte@5.55.8(@typescript-eslint/types@8.59.4))
+    optionalDependencies:
+      svelte: 5.55.8(@typescript-eslint/types@8.59.4)
+    transitivePeerDependencies:
+      - ts-node
+
+  eslint-scope@7.2.2:
+    dependencies:
+      esrecurse: 4.3.0
+      estraverse: 5.3.0
 
-  /eslint-scope@7.2.0:
-    resolution: {integrity: sha512-DYj5deGlHBfMt15J7rdtyKNq/Nqlv5KfU4iodrQ019XESsRnwXH9KAE0y3cwtUHDo2ob7CypAnCqefh6vioWRw==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+  eslint-scope@8.4.0:
     dependencies:
       esrecurse: 4.3.0
       estraverse: 5.3.0
-    dev: true
 
-  /eslint-visitor-keys@3.4.0:
-    resolution: {integrity: sha512-HPpKPUBQcAsZOsHAFwTtIKcYlCje62XB7SEAcxjtmW6TD1WVpkS6i6/hOVtTZIl4zGj/mBqpFVGvaDneik+VoQ==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
-    dev: true
+  eslint-visitor-keys@3.4.3: {}
 
-  /eslint@8.39.0:
-    resolution: {integrity: sha512-mwiok6cy7KTW7rBpo05k6+p4YVZByLNjAZ/ACB9DRCu4YDRwjXI01tWHp6KAUWelsBetTxKK/2sHB0vdS8Z2Og==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
-    hasBin: true
+  eslint-visitor-keys@4.2.1: {}
+
+  eslint-visitor-keys@5.0.1: {}
+
+  eslint@9.39.4:
     dependencies:
-      '@eslint-community/eslint-utils': 4.4.0(eslint@8.39.0)
-      '@eslint-community/regexpp': 4.5.0
-      '@eslint/eslintrc': 2.0.2
-      '@eslint/js': 8.39.0
-      '@humanwhocodes/config-array': 0.11.8
+      '@eslint-community/eslint-utils': 4.9.1(eslint@9.39.4)
+      '@eslint-community/regexpp': 4.12.2
+      '@eslint/config-array': 0.21.2
+      '@eslint/config-helpers': 0.4.2
+      '@eslint/core': 0.17.0
+      '@eslint/eslintrc': 3.3.5
+      '@eslint/js': 9.39.4
+      '@eslint/plugin-kit': 0.4.1
+      '@humanfs/node': 0.16.8
       '@humanwhocodes/module-importer': 1.0.1
-      '@nodelib/fs.walk': 1.2.8
-      ajv: 6.12.6
+      '@humanwhocodes/retry': 0.4.3
+      '@types/estree': 1.0.9
+      ajv: 6.15.0
       chalk: 4.1.2
-      cross-spawn: 7.0.3
-      debug: 4.3.4
-      doctrine: 3.0.0
+      cross-spawn: 7.0.6
+      debug: 4.4.3
       escape-string-regexp: 4.0.0
-      eslint-scope: 7.2.0
-      eslint-visitor-keys: 3.4.0
-      espree: 9.5.1
-      esquery: 1.5.0
+      eslint-scope: 8.4.0
+      eslint-visitor-keys: 4.2.1
+      espree: 10.4.0
+      esquery: 1.7.0
       esutils: 2.0.3
       fast-deep-equal: 3.1.3
-      file-entry-cache: 6.0.1
+      file-entry-cache: 8.0.0
       find-up: 5.0.0
       glob-parent: 6.0.2
-      globals: 13.20.0
-      grapheme-splitter: 1.0.4
-      ignore: 5.2.4
-      import-fresh: 3.3.0
+      ignore: 5.3.2
       imurmurhash: 0.1.4
       is-glob: 4.0.3
-      is-path-inside: 3.0.3
-      js-sdsl: 4.4.0
-      js-yaml: 4.1.0
       json-stable-stringify-without-jsonify: 1.0.1
-      levn: 0.4.1
       lodash.merge: 4.6.2
-      minimatch: 3.1.2
+      minimatch: 3.1.5
       natural-compare: 1.4.0
-      optionator: 0.9.1
-      strip-ansi: 6.0.1
-      strip-json-comments: 3.1.1
-      text-table: 0.2.0
+      optionator: 0.9.4
     transitivePeerDependencies:
       - supports-color
-    dev: true
 
-  /esm-env@1.0.0:
-    resolution: {integrity: sha512-Cf6VksWPsTuW01vU9Mk/3vRue91Zevka5SjyNf3nEpokFRuqt/KjUQoGAwq9qMmhpLTHmXzSIrFRw8zxWzmFBA==}
-    dev: true
+  esm-env@1.2.2: {}
 
-  /espree@9.5.1:
-    resolution: {integrity: sha512-5yxtHSZXRSW5pvv3hAlXM5+/Oswi1AUFqBmbibKb5s6bp3rGIDkyXU6xCoyuuLhijr4SFwPrXRoZjz0AZDN9tg==}
-    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
+  espree@10.4.0:
     dependencies:
-      acorn: 8.8.2
-      acorn-jsx: 5.3.2(acorn@8.8.2)
-      eslint-visitor-keys: 3.4.0
-    dev: true
+      acorn: 8.16.0
+      acorn-jsx: 5.3.2(acorn@8.16.0)
+      eslint-visitor-keys: 4.2.1
 
-  /esquery@1.5.0:
-    resolution: {integrity: sha512-YQLXUplAwJgCydQ78IMJywZCceoqk1oH01OERdSAJc/7U2AylwjhSCLDEtqwg811idIS/9fIU5GjG73IgjKMVg==}
-    engines: {node: '>=0.10'}
+  espree@9.6.1:
     dependencies:
-      estraverse: 5.3.0
-    dev: true
+      acorn: 8.16.0
+      acorn-jsx: 5.3.2(acorn@8.16.0)
+      eslint-visitor-keys: 3.4.3
 
-  /esrecurse@4.3.0:
-    resolution: {integrity: sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==}
-    engines: {node: '>=4.0'}
+  esquery@1.7.0:
     dependencies:
       estraverse: 5.3.0
-    dev: true
-
-  /estraverse@4.3.0:
-    resolution: {integrity: sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==}
-    engines: {node: '>=4.0'}
-    dev: true
 
-  /estraverse@5.3.0:
-    resolution: {integrity: sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==}
-    engines: {node: '>=4.0'}
-    dev: true
+  esrap@2.2.9(@typescript-eslint/types@8.59.4):
+    dependencies:
+      '@jridgewell/sourcemap-codec': 1.5.5
+    optionalDependencies:
+      '@typescript-eslint/types': 8.59.4
 
-  /esutils@2.0.3:
-    resolution: {integrity: sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==}
-    engines: {node: '>=0.10.0'}
-    dev: true
+  esrecurse@4.3.0:
+    dependencies:
+      estraverse: 5.3.0
 
-  /fast-deep-equal@3.1.3:
-    resolution: {integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==}
-    dev: true
+  estraverse@5.3.0: {}
 
-  /fast-glob@3.2.12:
-    resolution: {integrity: sha512-DVj4CQIYYow0BlaelwK1pHl5n5cRSJfM60UA0zK891sVInoPri2Ekj7+e1CT3/3qxXenpI+nBBmQAcJPJgaj4w==}
-    engines: {node: '>=8.6.0'}
-    dependencies:
-      '@nodelib/fs.stat': 2.0.5
-      '@nodelib/fs.walk': 1.2.8
-      glob-parent: 5.1.2
-      merge2: 1.4.1
-      micromatch: 4.0.5
-    dev: true
+  esutils@2.0.3: {}
 
-  /fast-json-stable-stringify@2.1.0:
-    resolution: {integrity: sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==}
-    dev: true
+  fast-deep-equal@3.1.3: {}
 
-  /fast-levenshtein@2.0.6:
-    resolution: {integrity: sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==}
-    dev: true
+  fast-json-stable-stringify@2.1.0: {}
 
-  /fastq@1.15.0:
-    resolution: {integrity: sha512-wBrocU2LCXXa+lWBt8RoIRD89Fi8OdABODa/kEnyeyjS5aZO5/GNvI5sEINADqP/h8M29UHTHUb53sUu5Ihqdw==}
-    dependencies:
-      reusify: 1.0.4
-    dev: true
+  fast-levenshtein@2.0.6: {}
 
-  /file-entry-cache@6.0.1:
-    resolution: {integrity: sha512-7Gps/XWymbLk2QLYK4NzpMOrYjMhdIxXuIvy2QBsLE6ljuodKvdkWs/cpyJJ3CVIVpH0Oi1Hvg1ovbMzLdFBBg==}
-    engines: {node: ^10.12.0 || >=12.0.0}
-    dependencies:
-      flat-cache: 3.0.4
-    dev: true
+  fdir@6.5.0(picomatch@4.0.4):
+    optionalDependencies:
+      picomatch: 4.0.4
 
-  /fill-range@7.0.1:
-    resolution: {integrity: sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==}
-    engines: {node: '>=8'}
+  file-entry-cache@8.0.0:
     dependencies:
-      to-regex-range: 5.0.1
-    dev: true
+      flat-cache: 4.0.1
 
-  /find-up@5.0.0:
-    resolution: {integrity: sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==}
-    engines: {node: '>=10'}
+  find-up@5.0.0:
     dependencies:
       locate-path: 6.0.0
       path-exists: 4.0.0
-    dev: true
 
-  /flat-cache@3.0.4:
-    resolution: {integrity: sha512-dm9s5Pw7Jc0GvMYbshN6zchCA9RgQlzzEZX3vylR9IqFfS8XciblUXOKfW6SiuJ0e13eDYZoZV5wdrev7P3Nwg==}
-    engines: {node: ^10.12.0 || >=12.0.0}
+  flat-cache@4.0.1:
     dependencies:
-      flatted: 3.2.7
-      rimraf: 3.0.2
-    dev: true
+      flatted: 3.4.2
+      keyv: 4.5.4
 
-  /flatted@3.2.7:
-    resolution: {integrity: sha512-5nqDSxl8nn5BSNxyR3n4I6eDmbolI6WT+QqR547RwxQapgjQBmtktdP+HTBb/a/zLsbzERTONyUB5pefh5TtjQ==}
-    dev: true
+  flatted@3.4.2: {}
 
-  /fs.realpath@1.0.0:
-    resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==}
-    dev: true
-
-  /fsevents@2.3.2:
-    resolution: {integrity: sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==}
-    engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0}
-    os: [darwin]
-    requiresBuild: true
-    dev: true
+  fsevents@2.3.2:
     optional: true
 
-  /glob-parent@5.1.2:
-    resolution: {integrity: sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==}
-    engines: {node: '>= 6'}
-    dependencies:
-      is-glob: 4.0.3
-    dev: true
+  fsevents@2.3.3:
+    optional: true
 
-  /glob-parent@6.0.2:
-    resolution: {integrity: sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==}
-    engines: {node: '>=10.13.0'}
+  glob-parent@6.0.2:
     dependencies:
       is-glob: 4.0.3
-    dev: true
-
-  /glob@7.2.3:
-    resolution: {integrity: sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==}
-    dependencies:
-      fs.realpath: 1.0.0
-      inflight: 1.0.6
-      inherits: 2.0.4
-      minimatch: 3.1.2
-      once: 1.4.0
-      path-is-absolute: 1.0.1
-    dev: true
-
-  /globals@13.20.0:
-    resolution: {integrity: sha512-Qg5QtVkCy/kv3FUSlu4ukeZDVf9ee0iXLAUYX13gbR17bnejFTzr4iS9bY7kwCf1NztRNm1t91fjOiyx4CSwPQ==}
-    engines: {node: '>=8'}
-    dependencies:
-      type-fest: 0.20.2
-    dev: true
-
-  /globalyzer@0.1.0:
-    resolution: {integrity: sha512-40oNTM9UfG6aBmuKxk/giHn5nQ8RVz/SS4Ir6zgzOv9/qC3kKZ9v4etGTcJbEl/NyVQH7FGU7d+X1egr57Md2Q==}
-    dev: true
 
-  /globby@11.1.0:
-    resolution: {integrity: sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g==}
-    engines: {node: '>=10'}
-    dependencies:
-      array-union: 2.1.0
-      dir-glob: 3.0.1
-      fast-glob: 3.2.12
-      ignore: 5.2.4
-      merge2: 1.4.1
-      slash: 3.0.0
-    dev: true
+  globals@14.0.0: {}
 
-  /globrex@0.1.2:
-    resolution: {integrity: sha512-uHJgbwAMwNFf5mLst7IWLNg14x1CkeqglJb/K3doi4dw6q2IvAAmM/Y81kevy83wP+Sst+nutFTYOGg3d1lsxg==}
-    dev: true
+  globals@15.15.0: {}
 
-  /graceful-fs@4.2.11:
-    resolution: {integrity: sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==}
-    dev: true
+  has-flag@4.0.0: {}
 
-  /grapheme-splitter@1.0.4:
-    resolution: {integrity: sha512-bzh50DW9kTPM00T8y4o8vQg89Di9oLJVLW/KaOGIXJWP/iqCN6WKYkbNOF04vFLJhwcpYUh9ydh/+5vpOqV4YQ==}
-    dev: true
-
-  /has-flag@4.0.0:
-    resolution: {integrity: sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==}
-    engines: {node: '>=8'}
-    dev: true
+  ignore@5.3.2: {}
 
-  /ignore@5.2.4:
-    resolution: {integrity: sha512-MAb38BcSbH0eHNBxn7ql2NH/kX33OkB3lZ1BNdh7ENeRChHTYsTvWrMubiIAMNS2llXEEgZ1MUOBtXChP3kaFQ==}
-    engines: {node: '>= 4'}
-    dev: true
+  ignore@7.0.5: {}
 
-  /immutable@4.3.0:
-    resolution: {integrity: sha512-0AOCmOip+xgJwEVTQj1EfiDDOkPmuyllDuTuEX+DDXUgapLAsBIfkg3sxCYyCEA8mQqZrrxPUGjcOQ2JS3WLkg==}
-    dev: true
+  immutable@5.1.5: {}
 
-  /import-fresh@3.3.0:
-    resolution: {integrity: sha512-veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw==}
-    engines: {node: '>=6'}
+  import-fresh@3.3.1:
     dependencies:
       parent-module: 1.0.1
       resolve-from: 4.0.0
-    dev: true
 
-  /import-meta-resolve@3.0.0:
-    resolution: {integrity: sha512-4IwhLhNNA8yy445rPjD/lWh++7hMDOml2eHtd58eG7h+qK3EryMuuRbsHGPikCoAgIkkDnckKfWSk2iDla/ejg==}
-    dev: true
+  imurmurhash@0.1.4: {}
 
-  /imurmurhash@0.1.4:
-    resolution: {integrity: sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==}
-    engines: {node: '>=0.8.19'}
-    dev: true
+  is-extglob@2.1.1: {}
 
-  /inflight@1.0.6:
-    resolution: {integrity: sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==}
+  is-glob@4.0.3:
     dependencies:
-      once: 1.4.0
-      wrappy: 1.0.2
-    dev: true
-
-  /inherits@2.0.4:
-    resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==}
-    dev: true
+      is-extglob: 2.1.1
 
-  /is-binary-path@2.1.0:
-    resolution: {integrity: sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==}
-    engines: {node: '>=8'}
+  is-reference@3.0.3:
     dependencies:
-      binary-extensions: 2.2.0
-    dev: true
+      '@types/estree': 1.0.9
 
-  /is-extglob@2.1.1:
-    resolution: {integrity: sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==}
-    engines: {node: '>=0.10.0'}
-    dev: true
+  isexe@2.0.0: {}
 
-  /is-glob@4.0.3:
-    resolution: {integrity: sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==}
-    engines: {node: '>=0.10.0'}
+  js-yaml@4.1.1:
     dependencies:
-      is-extglob: 2.1.1
-    dev: true
-
-  /is-number@7.0.0:
-    resolution: {integrity: sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==}
-    engines: {node: '>=0.12.0'}
-    dev: true
+      argparse: 2.0.1
 
-  /is-path-inside@3.0.3:
-    resolution: {integrity: sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==}
-    engines: {node: '>=8'}
-    dev: true
+  json-buffer@3.0.1: {}
 
-  /isexe@2.0.0:
-    resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==}
-    dev: true
+  json-schema-traverse@0.4.1: {}
 
-  /js-sdsl@4.4.0:
-    resolution: {integrity: sha512-FfVSdx6pJ41Oa+CF7RDaFmTnCaFhua+SNYQX74riGOpl96x+2jQCqEfQ2bnXu/5DPCqlRuiqyvTJM0Qjz26IVg==}
-    dev: true
+  json-stable-stringify-without-jsonify@1.0.1: {}
 
-  /js-yaml@4.1.0:
-    resolution: {integrity: sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==}
-    hasBin: true
+  keyv@4.5.4:
     dependencies:
-      argparse: 2.0.1
-    dev: true
+      json-buffer: 3.0.1
 
-  /json-schema-traverse@0.4.1:
-    resolution: {integrity: sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==}
-    dev: true
-
-  /json-stable-stringify-without-jsonify@1.0.1:
-    resolution: {integrity: sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==}
-    dev: true
+  kleur@4.1.5: {}
 
-  /kleur@4.1.5:
-    resolution: {integrity: sha512-o+NO+8WrRiQEE4/7nwRJhN1HWpVmJm511pBHUxPLtp0BUISzlBplORYSmTclCnJvQq2tKu/sgl3xVpkc7ZWuQQ==}
-    engines: {node: '>=6'}
-    dev: true
+  known-css-properties@0.35.0: {}
 
-  /levn@0.4.1:
-    resolution: {integrity: sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==}
-    engines: {node: '>= 0.8.0'}
+  levn@0.4.1:
     dependencies:
       prelude-ls: 1.2.1
       type-check: 0.4.0
-    dev: true
-
-  /locate-path@6.0.0:
-    resolution: {integrity: sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==}
-    engines: {node: '>=10'}
-    dependencies:
-      p-locate: 5.0.0
-    dev: true
-
-  /lodash.merge@4.6.2:
-    resolution: {integrity: sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==}
-    dev: true
 
-  /lru-cache@6.0.0:
-    resolution: {integrity: sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==}
-    engines: {node: '>=10'}
-    dependencies:
-      yallist: 4.0.0
-    dev: true
+  lilconfig@2.1.0: {}
 
-  /magic-string@0.27.0:
-    resolution: {integrity: sha512-8UnnX2PeRAPZuN12svgR9j7M1uWMovg/CEnIwIG0LFkXSJJe4PdfUGiTGl8V9bsBHFUtfVINcSyYxd7q+kx9fA==}
-    engines: {node: '>=12'}
-    dependencies:
-      '@jridgewell/sourcemap-codec': 1.4.15
-    dev: true
+  locate-character@3.0.0: {}
 
-  /magic-string@0.30.0:
-    resolution: {integrity: sha512-LA+31JYDJLs82r2ScLrlz1GjSgu66ZV518eyWT+S8VhyQn/JL0u9MeBOvQMGYiPk1DBiSN9DDMOcXvigJZaViQ==}
-    engines: {node: '>=12'}
+  locate-path@6.0.0:
     dependencies:
-      '@jridgewell/sourcemap-codec': 1.4.15
-    dev: true
+      p-locate: 5.0.0
 
-  /merge2@1.4.1:
-    resolution: {integrity: sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==}
-    engines: {node: '>= 8'}
-    dev: true
+  lodash.merge@4.6.2: {}
 
-  /micromatch@4.0.5:
-    resolution: {integrity: sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==}
-    engines: {node: '>=8.6'}
+  magic-string@0.30.21:
     dependencies:
-      braces: 3.0.2
-      picomatch: 2.3.1
-    dev: true
+      '@jridgewell/sourcemap-codec': 1.5.5
 
-  /mime@3.0.0:
-    resolution: {integrity: sha512-jSCU7/VB1loIWBZe14aEYHU/+1UMEHoaO7qxCOVJOw9GgH72VAWppxNcjU+x9a2k3GSIBXNKxXQFqRvvZ7vr3A==}
-    engines: {node: '>=10.0.0'}
-    hasBin: true
-    dev: true
-
-  /min-indent@1.0.1:
-    resolution: {integrity: sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg==}
-    engines: {node: '>=4'}
-    dev: true
-
-  /minimatch@3.1.2:
-    resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==}
+  minimatch@10.2.5:
     dependencies:
-      brace-expansion: 1.1.11
-    dev: true
+      brace-expansion: 5.0.6
 
-  /minimist@1.2.8:
-    resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==}
-    dev: true
-
-  /mkdirp@0.5.6:
-    resolution: {integrity: sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==}
-    hasBin: true
+  minimatch@3.1.5:
     dependencies:
-      minimist: 1.2.8
-    dev: true
-
-  /mri@1.2.0:
-    resolution: {integrity: sha512-tzzskb3bG8LvYGFF/mDTpq3jpI6Q9wc3LEmBaghu+DdCssd1FakN7Bc0hVNmEyGq1bq3RgfkCb3cmQLpNPOroA==}
-    engines: {node: '>=4'}
-    dev: true
-
-  /mrmime@1.0.1:
-    resolution: {integrity: sha512-hzzEagAgDyoU1Q6yg5uI+AorQgdvMCur3FcKf7NhMKWsaYg+RnbTyHRa/9IlLF9rf455MOCtcqqrQQ83pPP7Uw==}
-    engines: {node: '>=10'}
-    dev: true
+      brace-expansion: 1.1.14
 
-  /ms@2.1.2:
-    resolution: {integrity: sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==}
-    dev: true
+  mri@1.2.0: {}
 
-  /nanoid@3.3.6:
-    resolution: {integrity: sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==}
-    engines: {node: ^10 || ^12 || ^13.7 || ^14 || >=15.0.1}
-    hasBin: true
-    dev: true
+  mrmime@2.0.1: {}
 
-  /natural-compare-lite@1.4.0:
-    resolution: {integrity: sha512-Tj+HTDSJJKaZnfiuw+iaF9skdPpTo2GtEly5JHnWV/hfv2Qj/9RKsGISQtLh2ox3l5EAGw487hnBee0sIJ6v2g==}
-    dev: true
+  ms@2.1.3: {}
 
-  /natural-compare@1.4.0:
-    resolution: {integrity: sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==}
-    dev: true
+  nanoid@3.3.12: {}
 
-  /normalize-path@3.0.0:
-    resolution: {integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==}
-    engines: {node: '>=0.10.0'}
-    dev: true
+  natural-compare@1.4.0: {}
 
-  /once@1.4.0:
-    resolution: {integrity: sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==}
-    dependencies:
-      wrappy: 1.0.2
-    dev: true
+  node-addon-api@7.1.1:
+    optional: true
 
-  /optionator@0.9.1:
-    resolution: {integrity: sha512-74RlY5FCnhq4jRxVUPKDaRwrVNXMqsGsiW6AJw4XK8hmtm10wC0ypZBLw5IIp85NZMr91+qd1RvvENwg7jjRFw==}
-    engines: {node: '>= 0.8.0'}
+  optionator@0.9.4:
     dependencies:
       deep-is: 0.1.4
       fast-levenshtein: 2.0.6
       levn: 0.4.1
       prelude-ls: 1.2.1
       type-check: 0.4.0
-      word-wrap: 1.2.3
-    dev: true
+      word-wrap: 1.2.5
 
-  /p-limit@3.1.0:
-    resolution: {integrity: sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==}
-    engines: {node: '>=10'}
+  p-limit@3.1.0:
     dependencies:
       yocto-queue: 0.1.0
-    dev: true
 
-  /p-locate@5.0.0:
-    resolution: {integrity: sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==}
-    engines: {node: '>=10'}
+  p-locate@5.0.0:
     dependencies:
       p-limit: 3.1.0
-    dev: true
 
-  /parent-module@1.0.1:
-    resolution: {integrity: sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==}
-    engines: {node: '>=6'}
+  parent-module@1.0.1:
     dependencies:
       callsites: 3.1.0
-    dev: true
-
-  /path-exists@4.0.0:
-    resolution: {integrity: sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==}
-    engines: {node: '>=8'}
-    dev: true
 
-  /path-is-absolute@1.0.1:
-    resolution: {integrity: sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==}
-    engines: {node: '>=0.10.0'}
-    dev: true
+  path-exists@4.0.0: {}
 
-  /path-key@3.1.1:
-    resolution: {integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==}
-    engines: {node: '>=8'}
-    dev: true
+  path-key@3.1.1: {}
 
-  /path-type@4.0.0:
-    resolution: {integrity: sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==}
-    engines: {node: '>=8'}
-    dev: true
+  picocolors@1.1.1: {}
 
-  /picocolors@1.0.0:
-    resolution: {integrity: sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==}
-    dev: true
+  picomatch@4.0.4: {}
 
-  /picomatch@2.3.1:
-    resolution: {integrity: sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==}
-    engines: {node: '>=8.6'}
-    dev: true
+  playwright-core@1.60.0: {}
 
-  /playwright-core@1.33.0:
-    resolution: {integrity: sha512-aizyPE1Cj62vAECdph1iaMILpT0WUDCq3E6rW6I+dleSbBoGbktvJtzS6VHkZ4DKNEOG9qJpiom/ZxO+S15LAw==}
-    engines: {node: '>=14'}
-    hasBin: true
-    dev: true
+  playwright@1.60.0:
+    dependencies:
+      playwright-core: 1.60.0
+    optionalDependencies:
+      fsevents: 2.3.2
 
-  /postcss@8.4.23:
-    resolution: {integrity: sha512-bQ3qMcpF6A/YjR55xtoTr0jGOlnPOKAIMdOWiv0EIT6HVPEaJiJB4NLljSbiHoC2RX7DN5Uvjtpbg1NPdwv1oA==}
-    engines: {node: ^10 || ^12 || >=14}
+  postcss-load-config@3.1.4(postcss@8.5.15):
     dependencies:
-      nanoid: 3.3.6
-      picocolors: 1.0.0
-      source-map-js: 1.0.2
-    dev: true
+      lilconfig: 2.1.0
+      yaml: 1.10.3
+    optionalDependencies:
+      postcss: 8.5.15
 
-  /prelude-ls@1.2.1:
-    resolution: {integrity: sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==}
-    engines: {node: '>= 0.8.0'}
-    dev: true
+  postcss-safe-parser@6.0.0(postcss@8.5.15):
+    dependencies:
+      postcss: 8.5.15
 
-  /prettier-plugin-svelte@2.10.0(prettier@2.8.8)(svelte@3.58.0):
-    resolution: {integrity: sha512-GXMY6t86thctyCvQq+jqElO+MKdB09BkL3hexyGP3Oi8XLKRFaJP1ud/xlWCZ9ZIa2BxHka32zhHfcuU+XsRQg==}
-    peerDependencies:
-      prettier: ^1.16.4 || ^2.0.0
-      svelte: ^3.2.0
+  postcss-scss@4.0.9(postcss@8.5.15):
     dependencies:
-      prettier: 2.8.8
-      svelte: 3.58.0
-    dev: true
+      postcss: 8.5.15
 
-  /prettier@2.8.8:
-    resolution: {integrity: sha512-tdN8qQGvNjw4CHbY+XXk0JgCXn9QiF21a55rBe5LJAU+kDyC4WQn4+awm2Xfk2lQMk5fKup9XgzTZtGkjBdP9Q==}
-    engines: {node: '>=10.13.0'}
-    hasBin: true
-    dev: true
+  postcss-selector-parser@6.1.2:
+    dependencies:
+      cssesc: 3.0.0
+      util-deprecate: 1.0.2
 
-  /punycode@2.3.0:
-    resolution: {integrity: sha512-rRV+zQD8tVFys26lAGR9WUuS4iUAngJScM+ZRSKtvl5tKeZ2t5bvdNFdNHBW9FWR4guGHlgmsZ1G7BSm2wTbuA==}
-    engines: {node: '>=6'}
-    dev: true
+  postcss@8.5.15:
+    dependencies:
+      nanoid: 3.3.12
+      picocolors: 1.1.1
+      source-map-js: 1.2.1
 
-  /queue-microtask@1.2.3:
-    resolution: {integrity: sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==}
-    dev: true
+  prelude-ls@1.2.1: {}
 
-  /readdirp@3.6.0:
-    resolution: {integrity: sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==}
-    engines: {node: '>=8.10.0'}
+  prettier-plugin-svelte@3.5.2(prettier@3.8.3)(svelte@5.55.8(@typescript-eslint/types@8.59.4)):
     dependencies:
-      picomatch: 2.3.1
-    dev: true
-
-  /resolve-from@4.0.0:
-    resolution: {integrity: sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==}
-    engines: {node: '>=4'}
-    dev: true
+      prettier: 3.8.3
+      svelte: 5.55.8(@typescript-eslint/types@8.59.4)
 
-  /reusify@1.0.4:
-    resolution: {integrity: sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==}
-    engines: {iojs: '>=1.0.0', node: '>=0.10.0'}
-    dev: true
+  prettier@3.8.3: {}
 
-  /rimraf@2.7.1:
-    resolution: {integrity: sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==}
-    hasBin: true
-    dependencies:
-      glob: 7.2.3
-    dev: true
+  punycode@2.3.1: {}
 
-  /rimraf@3.0.2:
-    resolution: {integrity: sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==}
-    hasBin: true
-    dependencies:
-      glob: 7.2.3
-    dev: true
+  readdirp@4.1.2: {}
 
-  /rollup@3.21.0:
-    resolution: {integrity: sha512-ANPhVcyeHvYdQMUyCbczy33nbLzI7RzrBje4uvNiTDJGIMtlKoOStmympwr9OtS1LZxiDmE2wvxHyVhoLtf1KQ==}
-    engines: {node: '>=14.18.0', npm: '>=8.0.0'}
-    hasBin: true
-    optionalDependencies:
-      fsevents: 2.3.2
-    dev: true
+  resolve-from@4.0.0: {}
 
-  /run-parallel@1.2.0:
-    resolution: {integrity: sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==}
+  rollup@4.60.4:
     dependencies:
-      queue-microtask: 1.2.3
-    dev: true
-
-  /sade@1.8.1:
-    resolution: {integrity: sha512-xal3CZX1Xlo/k4ApwCFrHVACi9fBqJ7V+mwhBsuf/1IOKbBy098Fex+Wa/5QMubw09pSZ/u8EY8PWgevJsXp1A==}
-    engines: {node: '>=6'}
+      '@types/estree': 1.0.8
+    optionalDependencies:
+      '@rollup/rollup-android-arm-eabi': 4.60.4
+      '@rollup/rollup-android-arm64': 4.60.4
+      '@rollup/rollup-darwin-arm64': 4.60.4
+      '@rollup/rollup-darwin-x64': 4.60.4
+      '@rollup/rollup-freebsd-arm64': 4.60.4
+      '@rollup/rollup-freebsd-x64': 4.60.4
+      '@rollup/rollup-linux-arm-gnueabihf': 4.60.4
+      '@rollup/rollup-linux-arm-musleabihf': 4.60.4
+      '@rollup/rollup-linux-arm64-gnu': 4.60.4
+      '@rollup/rollup-linux-arm64-musl': 4.60.4
+      '@rollup/rollup-linux-loong64-gnu': 4.60.4
+      '@rollup/rollup-linux-loong64-musl': 4.60.4
+      '@rollup/rollup-linux-ppc64-gnu': 4.60.4
+      '@rollup/rollup-linux-ppc64-musl': 4.60.4
+      '@rollup/rollup-linux-riscv64-gnu': 4.60.4
+      '@rollup/rollup-linux-riscv64-musl': 4.60.4
+      '@rollup/rollup-linux-s390x-gnu': 4.60.4
+      '@rollup/rollup-linux-x64-gnu': 4.60.4
+      '@rollup/rollup-linux-x64-musl': 4.60.4
+      '@rollup/rollup-openbsd-x64': 4.60.4
+      '@rollup/rollup-openharmony-arm64': 4.60.4
+      '@rollup/rollup-win32-arm64-msvc': 4.60.4
+      '@rollup/rollup-win32-ia32-msvc': 4.60.4
+      '@rollup/rollup-win32-x64-gnu': 4.60.4
+      '@rollup/rollup-win32-x64-msvc': 4.60.4
+      fsevents: 2.3.3
+
+  sade@1.8.1:
     dependencies:
       mri: 1.2.0
-    dev: true
 
-  /sander@0.5.1:
-    resolution: {integrity: sha512-3lVqBir7WuKDHGrKRDn/1Ye3kwpXaDOMsiRP1wd6wpZW56gJhsbp5RqQpA6JG/P+pkXizygnr1dKR8vzWaVsfA==}
-    dependencies:
-      es6-promise: 3.3.1
-      graceful-fs: 4.2.11
-      mkdirp: 0.5.6
-      rimraf: 2.7.1
-    dev: true
-
-  /sass@1.62.1:
-    resolution: {integrity: sha512-NHpxIzN29MXvWiuswfc1W3I0N8SXBd8UR26WntmDlRYf0bSADnwnOjsyMZ3lMezSlArD33Vs3YFhp7dWvL770A==}
-    engines: {node: '>=14.0.0'}
-    hasBin: true
+  sass@1.99.0:
     dependencies:
-      chokidar: 3.5.3
-      immutable: 4.3.0
-      source-map-js: 1.0.2
-    dev: true
+      chokidar: 4.0.3
+      immutable: 5.1.5
+      source-map-js: 1.2.1
+    optionalDependencies:
+      '@parcel/watcher': 2.5.6
 
-  /semver@7.5.0:
-    resolution: {integrity: sha512-+XC0AD/R7Q2mPSRuy2Id0+CGTZ98+8f+KvwirxOKIEyid+XSx6HbC63p+O4IndTHuX5Z+JxQ0TghCkO5Cg/2HA==}
-    engines: {node: '>=10'}
-    hasBin: true
-    dependencies:
-      lru-cache: 6.0.0
-    dev: true
+  semver@7.8.0: {}
 
-  /set-cookie-parser@2.6.0:
-    resolution: {integrity: sha512-RVnVQxTXuerk653XfuliOxBP81Sf0+qfQE73LIYKcyMYHG94AuH0kgrQpRDuTZnSmjpysHmzxJXKNfa6PjFhyQ==}
-    dev: true
+  set-cookie-parser@3.1.0: {}
 
-  /shebang-command@2.0.0:
-    resolution: {integrity: sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==}
-    engines: {node: '>=8'}
+  shebang-command@2.0.0:
     dependencies:
       shebang-regex: 3.0.0
-    dev: true
 
-  /shebang-regex@3.0.0:
-    resolution: {integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==}
-    engines: {node: '>=8'}
-    dev: true
+  shebang-regex@3.0.0: {}
 
-  /sirv@2.0.3:
-    resolution: {integrity: sha512-O9jm9BsID1P+0HOi81VpXPoDxYP374pkOLzACAoyUQ/3OUVndNpsz6wMnY2z+yOxzbllCKZrM+9QrWsv4THnyA==}
-    engines: {node: '>= 10'}
+  sirv@3.0.2:
     dependencies:
-      '@polka/url': 1.0.0-next.21
-      mrmime: 1.0.1
+      '@polka/url': 1.0.0-next.29
+      mrmime: 2.0.1
       totalist: 3.0.1
-    dev: true
-
-  /slash@3.0.0:
-    resolution: {integrity: sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==}
-    engines: {node: '>=8'}
-    dev: true
-
-  /sorcery@0.11.0:
-    resolution: {integrity: sha512-J69LQ22xrQB1cIFJhPfgtLuI6BpWRiWu1Y3vSsIwK/eAScqJxd/+CJlUuHQRdX2C9NGFamq+KqNywGgaThwfHw==}
-    hasBin: true
-    dependencies:
-      '@jridgewell/sourcemap-codec': 1.4.15
-      buffer-crc32: 0.2.13
-      minimist: 1.2.8
-      sander: 0.5.1
-    dev: true
-
-  /source-map-js@1.0.2:
-    resolution: {integrity: sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw==}
-    engines: {node: '>=0.10.0'}
-    dev: true
 
-  /streamsearch@1.1.0:
-    resolution: {integrity: sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==}
-    engines: {node: '>=10.0.0'}
-    dev: true
+  source-map-js@1.2.1: {}
 
-  /strip-ansi@6.0.1:
-    resolution: {integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==}
-    engines: {node: '>=8'}
-    dependencies:
-      ansi-regex: 5.0.1
-    dev: true
-
-  /strip-indent@3.0.0:
-    resolution: {integrity: sha512-laJTa3Jb+VQpaC6DseHhF7dXVqHTfJPCRDaEbid/drOhgitgYku/letMUqOXFoWV0zIIUbjpdH2t+tYj4bQMRQ==}
-    engines: {node: '>=8'}
-    dependencies:
-      min-indent: 1.0.1
-    dev: true
-
-  /strip-json-comments@3.1.1:
-    resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==}
-    engines: {node: '>=8'}
-    dev: true
+  strip-json-comments@3.1.1: {}
 
-  /supports-color@7.2.0:
-    resolution: {integrity: sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==}
-    engines: {node: '>=8'}
+  supports-color@7.2.0:
     dependencies:
       has-flag: 4.0.0
-    dev: true
 
-  /svelte-check@3.2.0(sass@1.62.1)(svelte@3.58.0):
-    resolution: {integrity: sha512-6ZnscN8dHEN5Eq5LgIzjj07W9nc9myyBH+diXsUAuiY/3rt0l65/LCIQYlIuoFEjp2F1NhXqZiJwV9omPj9tMw==}
-    hasBin: true
-    peerDependencies:
-      svelte: ^3.55.0
+  svelte-check@4.4.8(picomatch@4.0.4)(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@5.9.3):
     dependencies:
-      '@jridgewell/trace-mapping': 0.3.18
-      chokidar: 3.5.3
-      fast-glob: 3.2.12
-      import-fresh: 3.3.0
-      picocolors: 1.0.0
+      '@jridgewell/trace-mapping': 0.3.31
+      chokidar: 4.0.3
+      fdir: 6.5.0(picomatch@4.0.4)
+      picocolors: 1.1.1
       sade: 1.8.1
-      svelte: 3.58.0
-      svelte-preprocess: 5.0.3(sass@1.62.1)(svelte@3.58.0)(typescript@5.0.4)
-      typescript: 5.0.4
+      svelte: 5.55.8(@typescript-eslint/types@8.59.4)
+      typescript: 5.9.3
     transitivePeerDependencies:
-      - '@babel/core'
-      - coffeescript
-      - less
-      - postcss
-      - postcss-load-config
-      - pug
-      - sass
-      - stylus
-      - sugarss
-    dev: true
-
-  /svelte-hmr@0.15.1(svelte@3.58.0):
-    resolution: {integrity: sha512-BiKB4RZ8YSwRKCNVdNxK/GfY+r4Kjgp9jCLEy0DuqAKfmQtpL38cQK3afdpjw4sqSs4PLi3jIPJIFp259NkZtA==}
-    engines: {node: ^12.20 || ^14.13.1 || >= 16}
-    peerDependencies:
-      svelte: '>=3.19.0'
-    dependencies:
-      svelte: 3.58.0
-    dev: true
-
-  /svelte-preprocess@5.0.3(sass@1.62.1)(svelte@3.58.0)(typescript@5.0.4):
-    resolution: {integrity: sha512-GrHF1rusdJVbOZOwgPWtpqmaexkydznKzy5qIC2FabgpFyKN57bjMUUUqPRfbBXK5igiEWn1uO/DXsa2vJ5VHA==}
-    engines: {node: '>= 14.10.0'}
-    requiresBuild: true
-    peerDependencies:
-      '@babel/core': ^7.10.2
-      coffeescript: ^2.5.1
-      less: ^3.11.3 || ^4.0.0
-      postcss: ^7 || ^8
-      postcss-load-config: ^2.1.0 || ^3.0.0 || ^4.0.0
-      pug: ^3.0.0
-      sass: ^1.26.8
-      stylus: ^0.55.0
-      sugarss: ^2.0.0 || ^3.0.0 || ^4.0.0
-      svelte: ^3.23.0
-      typescript: '>=3.9.5 || ^4.0.0 || ^5.0.0'
-    peerDependenciesMeta:
-      '@babel/core':
-        optional: true
-      coffeescript:
-        optional: true
-      less:
-        optional: true
-      postcss:
-        optional: true
-      postcss-load-config:
-        optional: true
-      pug:
-        optional: true
-      sass:
-        optional: true
-      stylus:
-        optional: true
-      sugarss:
-        optional: true
-      typescript:
-        optional: true
-    dependencies:
-      '@types/pug': 2.0.6
-      detect-indent: 6.1.0
-      magic-string: 0.27.0
-      sass: 1.62.1
-      sorcery: 0.11.0
-      strip-indent: 3.0.0
-      svelte: 3.58.0
-      typescript: 5.0.4
-    dev: true
-
-  /svelte@3.58.0:
-    resolution: {integrity: sha512-brIBNNB76mXFmU/Kerm4wFnkskBbluBDCjx/8TcpYRb298Yh2dztS2kQ6bhtjMcvUhd5ynClfwpz5h2gnzdQ1A==}
-    engines: {node: '>= 8'}
-    dev: true
-
-  /text-table@0.2.0:
-    resolution: {integrity: sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==}
-    dev: true
+      - picomatch
 
-  /tiny-glob@0.2.9:
-    resolution: {integrity: sha512-g/55ssRPUjShh+xkfx9UPDXqhckHEsHr4Vd9zX55oSdGZc/MD0m3sferOkwWtp98bv+kcVfEHtRJgBVJzelrzg==}
+  svelte-eslint-parser@0.43.0(svelte@5.55.8(@typescript-eslint/types@8.59.4)):
     dependencies:
-      globalyzer: 0.1.0
-      globrex: 0.1.2
-    dev: true
+      eslint-scope: 7.2.2
+      eslint-visitor-keys: 3.4.3
+      espree: 9.6.1
+      postcss: 8.5.15
+      postcss-scss: 4.0.9(postcss@8.5.15)
+    optionalDependencies:
+      svelte: 5.55.8(@typescript-eslint/types@8.59.4)
+
+  svelte@5.55.8(@typescript-eslint/types@8.59.4):
+    dependencies:
+      '@jridgewell/remapping': 2.3.5
+      '@jridgewell/sourcemap-codec': 1.5.5
+      '@sveltejs/acorn-typescript': 1.0.9(acorn@8.16.0)
+      '@types/estree': 1.0.9
+      '@types/trusted-types': 2.0.7
+      acorn: 8.16.0
+      aria-query: 5.3.1
+      axobject-query: 4.1.0
+      clsx: 2.1.1
+      devalue: 5.8.1
+      esm-env: 1.2.2
+      esrap: 2.2.9(@typescript-eslint/types@8.59.4)
+      is-reference: 3.0.3
+      locate-character: 3.0.0
+      magic-string: 0.30.21
+      zimmerframe: 1.1.4
+    transitivePeerDependencies:
+      - '@typescript-eslint/types'
 
-  /to-regex-range@5.0.1:
-    resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==}
-    engines: {node: '>=8.0'}
+  tinyglobby@0.2.16:
     dependencies:
-      is-number: 7.0.0
-    dev: true
-
-  /totalist@3.0.1:
-    resolution: {integrity: sha512-sf4i37nQ2LBx4m3wB74y+ubopq6W/dIzXg0FDGjsYnZHVa1Da8FH853wlL2gtUhg+xJXjfk3kUZS3BRoQeoQBQ==}
-    engines: {node: '>=6'}
-    dev: true
-
-  /tslib@1.14.1:
-    resolution: {integrity: sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==}
-    dev: true
+      fdir: 6.5.0(picomatch@4.0.4)
+      picomatch: 4.0.4
 
-  /tslib@2.5.0:
-    resolution: {integrity: sha512-336iVw3rtn2BUK7ORdIAHTyxHGRIHVReokCR3XjbckJMK7ms8FysBfhLR8IXnAgy7T0PTPNBWKiH514FOW/WSg==}
-    dev: true
+  totalist@3.0.1: {}
 
-  /tsutils@3.21.0(typescript@5.0.4):
-    resolution: {integrity: sha512-mHKK3iUXL+3UF6xL5k0PEhKRUBKPBCv/+RkEOpjRWxxx27KKRBmmA60A9pgOUvMi8GKhRMPEmjBRPzs2W7O1OA==}
-    engines: {node: '>= 6'}
-    peerDependencies:
-      typescript: '>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta'
+  ts-api-utils@2.5.0(typescript@5.9.3):
     dependencies:
-      tslib: 1.14.1
-      typescript: 5.0.4
-    dev: true
+      typescript: 5.9.3
 
-  /type-check@0.4.0:
-    resolution: {integrity: sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==}
-    engines: {node: '>= 0.8.0'}
+  tslib@2.8.1: {}
+
+  type-check@0.4.0:
     dependencies:
       prelude-ls: 1.2.1
-    dev: true
 
-  /type-fest@0.20.2:
-    resolution: {integrity: sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==}
-    engines: {node: '>=10'}
-    dev: true
+  typescript-eslint@8.59.4(eslint@9.39.4)(typescript@5.9.3):
+    dependencies:
+      '@typescript-eslint/eslint-plugin': 8.59.4(@typescript-eslint/parser@8.59.4(eslint@9.39.4)(typescript@5.9.3))(eslint@9.39.4)(typescript@5.9.3)
+      '@typescript-eslint/parser': 8.59.4(eslint@9.39.4)(typescript@5.9.3)
+      '@typescript-eslint/typescript-estree': 8.59.4(typescript@5.9.3)
+      '@typescript-eslint/utils': 8.59.4(eslint@9.39.4)(typescript@5.9.3)
+      eslint: 9.39.4
+      typescript: 5.9.3
+    transitivePeerDependencies:
+      - supports-color
 
-  /typescript@5.0.4:
-    resolution: {integrity: sha512-cW9T5W9xY37cc+jfEnaUvX91foxtHkza3Nw3wkoF4sSlKn0MONdkdEndig/qPBWXNkmplh3NzayQzCiHM4/hqw==}
-    engines: {node: '>=12.20'}
-    hasBin: true
-    dev: true
+  typescript@5.9.3: {}
 
-  /undici@5.14.0:
-    resolution: {integrity: sha512-yJlHYw6yXPPsuOH0x2Ib1Km61vu4hLiRRQoafs+WUgX1vO64vgnxiCEN9dpIrhZyHFsai3F0AEj4P9zy19enEQ==}
-    engines: {node: '>=12.18'}
+  uri-js@4.4.1:
     dependencies:
-      busboy: 1.6.0
-    dev: true
+      punycode: 2.3.1
 
-  /uri-js@4.4.1:
-    resolution: {integrity: sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==}
-    dependencies:
-      punycode: 2.3.0
-    dev: true
+  util-deprecate@1.0.2: {}
 
-  /vite@4.3.3(sass@1.62.1):
-    resolution: {integrity: sha512-MwFlLBO4udZXd+VBcezo3u8mC77YQk+ik+fbc0GZWGgzfbPP+8Kf0fldhARqvSYmtIWoAJ5BXPClUbMTlqFxrA==}
-    engines: {node: ^14.18.0 || >=16.0.0}
-    hasBin: true
-    peerDependencies:
-      '@types/node': '>= 14'
-      less: '*'
-      sass: '*'
-      stylus: '*'
-      sugarss: '*'
-      terser: ^5.4.0
-    peerDependenciesMeta:
-      '@types/node':
-        optional: true
-      less:
-        optional: true
-      sass:
-        optional: true
-      stylus:
-        optional: true
-      sugarss:
-        optional: true
-      terser:
-        optional: true
+  vite@5.4.21(sass@1.99.0):
     dependencies:
-      esbuild: 0.17.18
-      postcss: 8.4.23
-      rollup: 3.21.0
-      sass: 1.62.1
+      esbuild: 0.21.5
+      postcss: 8.5.15
+      rollup: 4.60.4
     optionalDependencies:
-      fsevents: 2.3.2
-    dev: true
+      fsevents: 2.3.3
+      sass: 1.99.0
 
-  /vitefu@0.2.4(vite@4.3.3):
-    resolution: {integrity: sha512-fanAXjSaf9xXtOOeno8wZXIhgia+CZury481LsDaV++lSvcU2R9Ch2bPh3PYFyoHW+w9LqAeYRISVQjUIew14g==}
-    peerDependencies:
-      vite: ^3.0.0 || ^4.0.0
-    peerDependenciesMeta:
-      vite:
-        optional: true
-    dependencies:
-      vite: 4.3.3(sass@1.62.1)
-    dev: true
+  vitefu@1.1.3(vite@5.4.21(sass@1.99.0)):
+    optionalDependencies:
+      vite: 5.4.21(sass@1.99.0)
 
-  /which@2.0.2:
-    resolution: {integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==}
-    engines: {node: '>= 8'}
-    hasBin: true
+  which@2.0.2:
     dependencies:
       isexe: 2.0.0
-    dev: true
 
-  /word-wrap@1.2.3:
-    resolution: {integrity: sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==}
-    engines: {node: '>=0.10.0'}
-    dev: true
+  word-wrap@1.2.5: {}
 
-  /wrappy@1.0.2:
-    resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==}
-    dev: true
+  yaml@1.10.3: {}
 
-  /yallist@4.0.0:
-    resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==}
-    dev: true
+  yocto-queue@0.1.0: {}
 
-  /yocto-queue@0.1.0:
-    resolution: {integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==}
-    engines: {node: '>=10'}
-    dev: true
+  zimmerframe@1.1.4: {}
+
+  zod@3.25.76: {}
diff --git a/web/src/app.html b/web/src/app.html
index b7405cc..3f2f13e 100644
--- a/web/src/app.html
+++ b/web/src/app.html
@@ -1,16 +1,14 @@
-<!DOCTYPE html>
+<!doctype html>
 <html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <link rel="icon" href="%sveltekit.assets%/favicon.png" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <link rel="manifest" crossorigin="use-credentials" href="manifest.json" />
+    %sveltekit.head%
+  </head>
 
-<head>
-  <meta charset="utf-8" />
-  <link rel="icon" href="%sveltekit.assets%/favicon.png" />
-  <meta name="viewport" content="width=device-width, initial-scale=1" />
-  <link rel="manifest" crossorigin="use-credentials" href="manifest.json">
-  %sveltekit.head%
-</head>
-
-<body>
-  <div id="root">%sveltekit.body%</div>
-</body>
-
-</html>
\ No newline at end of file
+  <body>
+    <div id="root">%sveltekit.body%</div>
+  </body>
+</html>
diff --git a/web/src/app.scss b/web/src/app.scss
index fda590b..85ef6fd 100644
--- a/web/src/app.scss
+++ b/web/src/app.scss
@@ -12,7 +12,11 @@ body {
   --text-color: #fff;
   --text-hover-color: rgba(107, 19, 158, 0.4);
   --nav-item-bg-color: #fff;
-  --linear-gradient: linear-gradient(to right bottom,rgba(222,83,71, .6) 0%, rgba(75,138,244, .6) 100%);
+  --linear-gradient: linear-gradient(
+    to right bottom,
+    rgba(222, 83, 71, 0.6) 0%,
+    rgba(75, 138, 244, 0.6) 100%
+  );
 }
 
 #root {
@@ -23,22 +27,22 @@ body {
 }
 
 /******************************* scroll bar start ************************************/
-::-webkit-scrollbar{
+::-webkit-scrollbar {
   width: 6px;
   height: 6px;
   border-radius: 3px;
 }
-::-ms-scrollbar{
+::-ms-scrollbar {
   width: 6px;
   height: 6px;
   border-radius: 3px;
 }
-:-ms-scrollbar{
+:-ms-scrollbar {
   width: 6px;
   height: 6px;
   border-radius: 3px;
 }
-::-o-scrollbar{
+::-o-scrollbar {
   width: 6px;
   height: 6px;
   border-radius: 3px;
@@ -49,45 +53,55 @@ body {
   border-radius: 3px;
 }
 
-::-webkit-scrollbar-thumb{
+::-webkit-scrollbar-thumb {
   background: #a5b2e7;
   border-radius: 3px;
-  box-shadow: inset 2px 2px 2px rgba(255, 255, 255, 0.25), inset -2px -2px 2px rgba(0,0,0,.25);
+  box-shadow:
+    inset 2px 2px 2px rgba(255, 255, 255, 0.25),
+    inset -2px -2px 2px rgba(0, 0, 0, 0.25);
 }
-::-ms-scrollbar-thumb{
+::-ms-scrollbar-thumb {
   background: #a5b2e7;
   border-radius: 3px;
-  box-shadow: inset 2px 2px 2px hsla(0,0%,100%,.25), inset -2px -2px 2px rgba(0,0,0,.25);
+  box-shadow:
+    inset 2px 2px 2px hsla(0, 0%, 100%, 0.25),
+    inset -2px -2px 2px rgba(0, 0, 0, 0.25);
 }
-:-ms-scrollbar-thumb{
+:-ms-scrollbar-thumb {
   background: #a5b2e7;
   border-radius: 3px;
-  box-shadow: inset 2px 2px 2px hsla(0,0%,100%,.25), inset -2px -2px 2px rgba(0,0,0,.25);
+  box-shadow:
+    inset 2px 2px 2px hsla(0, 0%, 100%, 0.25),
+    inset -2px -2px 2px rgba(0, 0, 0, 0.25);
 }
-::-o-scrollbar-thumb{
+::-o-scrollbar-thumb {
   background: #a5b2e7;
   border-radius: 3px;
-  box-shadow: inset 2px 2px 2px hsla(0,0%,100%,.25), inset -2px -2px 2px rgba(0,0,0,.25);
+  box-shadow:
+    inset 2px 2px 2px hsla(0, 0%, 100%, 0.25),
+    inset -2px -2px 2px rgba(0, 0, 0, 0.25);
 }
 ::scrollbar-thumb {
   background: #a5b2e7;
   border-radius: 3px;
-  box-shadow: inset 2px 2px 2px hsla(0,0%,100%,.25), inset -2px -2px 2px rgba(0,0,0,.25);
+  box-shadow:
+    inset 2px 2px 2px hsla(0, 0%, 100%, 0.25),
+    inset -2px -2px 2px rgba(0, 0, 0, 0.25);
 }
 
-::-webkit-scrollbar-track{
+::-webkit-scrollbar-track {
   background: transparent;
 }
-::-ms-scrollbar-track{
+::-ms-scrollbar-track {
   background: transparent;
 }
-:-ms-scrollbar-track{
+:-ms-scrollbar-track {
   background: transparent;
 }
-::-o-scrollbar-track{
+::-o-scrollbar-track {
   background: transparent;
 }
 ::scrollbar-track {
   background: transparent;
 }
-/******************************* scroll bar end ************************************/
\ No newline at end of file
+/******************************* scroll bar end ************************************/
diff --git a/web/src/lib/components/Footer.svelte b/web/src/lib/components/Footer.svelte
index c6e8b2d..c1c8c00 100644
--- a/web/src/lib/components/Footer.svelte
+++ b/web/src/lib/components/Footer.svelte
@@ -14,7 +14,7 @@
     <div class="footer-link">
       <a href={siteICPBeianURL} target="_blank" rel="noopener">{siteICPBeian}</a>
     </div>
-    <div class="divider" />
+    <div class="divider"></div>
     <div class="footer-link">
       <a href={sitePoliceBeianURL} target="_blank" rel="noopener">{sitePoliceBeian}</a>
     </div>
diff --git a/web/src/lib/components/Header.svelte b/web/src/lib/components/Header.svelte
index fcb9ed5..9cbd904 100644
--- a/web/src/lib/components/Header.svelte
+++ b/web/src/lib/components/Header.svelte
@@ -49,7 +49,6 @@
   @media only screen and (max-width: 500px) {
     .header {
       &-logo {
-
         img {
           width: 36px;
           height: 36px;
diff --git a/web/src/lib/components/Nav.svelte b/web/src/lib/components/Nav.svelte
index 0882fc9..5537447 100644
--- a/web/src/lib/components/Nav.svelte
+++ b/web/src/lib/components/Nav.svelte
@@ -1,37 +1,21 @@
 <script lang="ts">
-  import { get } from 'svelte/store';
-  import { onDestroy } from 'svelte';
   import type { INavItem } from '$lib/constants/nav';
   import { isURL } from '$lib/utils/index';
   import { availableNavListStore, siteStore } from '$lib/store/siteStore';
 
-  let navList = get(availableNavListStore);
-  const unsubscribe = availableNavListStore.subscribe(($navList: INavItem[]) => {
-    navList = $navList;
-  });
-
-  onDestroy(() => {
-    unsubscribe();
-  });
-
-
-  const handleClick = (nav: INavItem) => {
-    const site = get(siteStore);
-    const link = nav?.link?.[site?.value || ''];
-    if(link) {
+  function handleClick(nav: INavItem) {
+    const link = nav?.link?.[$siteStore?.value || ''];
+    if (link) {
       window.open(link, '_blank', 'noreferrer,noreferrer');
     }
-  };
+  }
 </script>
 
 <div class="nav">
-  {#each navList as nav}
-    <div
-      class="nav-item"
-      on:click={() => {
-        handleClick(nav);
-      }}
-    >
+  {#each $availableNavListStore as nav}
+    <!-- svelte-ignore a11y_click_events_have_key_events -->
+    <!-- svelte-ignore a11y_no_static_element_interactions -->
+    <div class="nav-item" onclick={() => handleClick(nav)}>
       <div class="nav-item-icon">
         <img src={isURL(nav.source) ? nav.source : `/navIcons/${nav.source}`} alt={nav.name} />
       </div>
diff --git a/web/src/lib/components/SiteSelect.svelte b/web/src/lib/components/SiteSelect.svelte
index 3617b8d..5373c30 100644
--- a/web/src/lib/components/SiteSelect.svelte
+++ b/web/src/lib/components/SiteSelect.svelte
@@ -1,60 +1,51 @@
 <script lang="ts">
-  import { get } from 'svelte/store';
-  import { onDestroy } from 'svelte';
   import { siteList, type ISite } from '$lib/constants/nav';
-  // import { isURL } from '$lib/utils/index';
   import { siteStore } from '$lib/store/siteStore';
 
-  let site = get(siteStore);
+  let visible = $state(false);
 
-  const unsubscribe = siteStore.subscribe((siteInfo: ISite) => {
-    site = siteInfo;
-  });
-
-  let visible = false;
-
-  const handleBtnClick = (evt: Event) => {
+  function handleBtnClick(evt: Event) {
     evt.stopPropagation();
     visible = !visible;
   }
 
-  const handleItemClick = (site: ISite) => {
-    siteStore.set(site);
+  function handleItemClick(s: ISite) {
+    siteStore.set(s);
     visible = false;
-  };
+  }
 
-  const handleWindowClick = () => {
+  function handleWindowClick() {
     visible = false;
   }
-
-  onDestroy(() => {
-    unsubscribe();
-  });
 </script>
 
-<svelte:window on:click={handleWindowClick} />
+<svelte:window onclick={handleWindowClick} />
 
 <div class={`site-select ${visible ? 'site-select-show' : ''}`}>
-  <div class="site-select-btn" on:click={handleBtnClick}>{site?.name || ''}</div>
-  <div class={`site-select-list`}>
+  <!-- svelte-ignore a11y_click_events_have_key_events -->
+  <!-- svelte-ignore a11y_no_static_element_interactions -->
+  <div class="site-select-btn" onclick={handleBtnClick}>{$siteStore?.name ?? ''}</div>
+  <div class="site-select-list">
     {#each siteList as siteItem}
-    <div
-      class={`site-select-list-item ${site.value === siteItem.value ? 'site-select-list-item-active' : ''}`}
-      on:click={(evt) => {
-        evt.stopPropagation();
-        handleItemClick(siteItem);
-      }}
-    >
-      <!-- {#if siteItem.icon }
+      <!-- svelte-ignore a11y_click_events_have_key_events -->
+      <!-- svelte-ignore a11y_no_static_element_interactions -->
+      <div
+        class={`site-select-list-item ${$siteStore.value === siteItem.value ? 'site-select-list-item-active' : ''}`}
+        onclick={(evt) => {
+          evt.stopPropagation();
+          handleItemClick(siteItem);
+        }}
+      >
+        <!-- {#if siteItem.icon }
         <div class="nav-item-icon">
           <img src={isURL(siteItem.icon) ? siteItem.icon : `/navIcons/${siteItem.icon}`} alt={siteItem.name} />
         </div>
       {/if} -->
-      <div class="nav-item-name">
-        {siteItem.name || ''}
+        <div class="nav-item-name">
+          {siteItem.name || ''}
+        </div>
       </div>
-    </div>
-  {/each}
+    {/each}
   </div>
 </div>
 
@@ -63,7 +54,7 @@
     position: relative;
     display: flex;
     flex-direction: column;
-    
+
     &-btn {
       display: flex;
       justify-content: center;
@@ -97,16 +88,16 @@
         width: 100%;
         padding: 5px 12px;
         color: var(--text-color);
-        background-color: rgba(153,182,241,0.5);
+        background-color: rgba(153, 182, 241, 0.5);
         cursor: pointer;
 
         &:hover,
         &-active {
-          background-color: rgba(153,182,241,1.0);
+          background-color: rgba(153, 182, 241, 1);
         }
       }
     }
-    
+
     &-show {
       .site-select-list {
         display: flex;
@@ -115,7 +106,7 @@
   }
 
   @media only screen and (max-width: 500px) {
-    .site-select{
+    .site-select {
       &-list {
         width: 100vw;
         top: 44px;
diff --git a/web/src/lib/constants/avatar.ts b/web/src/lib/constants/avatar.ts
index 024f2c6..138a288 100644
--- a/web/src/lib/constants/avatar.ts
+++ b/web/src/lib/constants/avatar.ts
@@ -1 +1 @@
-export const avatarURL = '/avatar.png'
\ No newline at end of file
+export const avatarURL = '/avatar.png';
diff --git a/web/src/lib/constants/nav.ts b/web/src/lib/constants/nav.ts
index abf0322..b66221f 100644
--- a/web/src/lib/constants/nav.ts
+++ b/web/src/lib/constants/nav.ts
@@ -8,7 +8,7 @@ export const siteList: ISite[] = [
   { name: '上海', value: 'shangHai' },
   { name: '北京', value: 'beiJing' },
   { name: '广州', value: 'guangZhou' },
-  { name: '深圳', value: 'shenZhen' },
+  { name: '深圳', value: 'shenZhen' }
 ];
 
 export const defaultSiteIndex = 0;
@@ -43,7 +43,7 @@ export const navList: INavItem[] = [
     link: {
       shangHai: 'http://10.0.0.3',
       beiJing: 'http://10.1.0.3',
-      guangZhou: 'http://10.2.0.3',
+      guangZhou: 'http://10.2.0.3'
     },
     source: 'esxi.png'
   },
@@ -52,7 +52,7 @@ export const navList: INavItem[] = [
     link: {
       shangHai: 'http://10.0.0.4',
       beiJing: 'http://10.1.0.4',
-      shenZhen: 'http://10.2.0.4',
+      shenZhen: 'http://10.2.0.4'
     },
     source: 'phicomm.png'
   },
@@ -159,5 +159,5 @@ export const navList: INavItem[] = [
       beiJing: 'http://10.1.0.13'
     },
     source: 'jackett.png'
-  },
-]
\ No newline at end of file
+  }
+];
diff --git a/web/src/lib/constants/siteInfo.ts b/web/src/lib/constants/siteInfo.ts
index 25601e0..b13c643 100644
--- a/web/src/lib/constants/siteInfo.ts
+++ b/web/src/lib/constants/siteInfo.ts
@@ -1,6 +1,6 @@
-export const siteName = 'XXXX 的小站导航'
-export const siteCopyright = 'Copyright © 2022. XXXX All rights reserved.'
-export const siteICPBeian = '京ICP备 12345678 号'
-export const siteICPBeianURL = 'https://beian.miit.gov.cn/'
-export const sitePoliceBeian = '京公网安备 12345678912345 号'
-export const sitePoliceBeianURL = 'http://www.beian.gov.cn/portal/index.do'
\ No newline at end of file
+export const siteName = 'XXXX 的小站导航';
+export const siteCopyright = 'Copyright © 2022. XXXX All rights reserved.';
+export const siteICPBeian = '京ICP备 12345678 号';
+export const siteICPBeianURL = 'https://beian.miit.gov.cn/';
+export const sitePoliceBeian = '京公网安备 12345678912345 号';
+export const sitePoliceBeianURL = 'http://www.beian.gov.cn/portal/index.do';
diff --git a/web/src/lib/store/siteStore.ts b/web/src/lib/store/siteStore.ts
index b79e552..c95efd6 100644
--- a/web/src/lib/store/siteStore.ts
+++ b/web/src/lib/store/siteStore.ts
@@ -1,8 +1,8 @@
-import { writable, derived } from 'svelte/store';
-import { siteList, defaultSiteIndex, type INavItem, navList, type ISite } from '$lib/constants/nav'
+import { writable, derived, type Readable } from 'svelte/store';
+import { siteList, defaultSiteIndex, type INavItem, navList, type ISite } from '$lib/constants/nav';
 
 export const siteStore = writable<ISite>(siteList[defaultSiteIndex]);
 
-export const availableNavListStore = derived<INavItem[]>(siteStore, (site: ISite) => {
-  return navList.filter(nav => nav?.link?.[site.value]);
-})
\ No newline at end of file
+export const availableNavListStore: Readable<INavItem[]> = derived(siteStore, ($site: ISite) =>
+  navList.filter((nav) => nav?.link?.[$site.value])
+);
diff --git a/web/src/lib/utils/index.ts b/web/src/lib/utils/index.ts
index e2057f2..d20e043 100644
--- a/web/src/lib/utils/index.ts
+++ b/web/src/lib/utils/index.ts
@@ -1 +1 @@
-export * from './isURL';
\ No newline at end of file
+export * from './isURL';
diff --git a/web/src/lib/utils/isURL.ts b/web/src/lib/utils/isURL.ts
index d3d6495..f3d6578 100644
--- a/web/src/lib/utils/isURL.ts
+++ b/web/src/lib/utils/isURL.ts
@@ -1,3 +1,3 @@
 export const isURL = (url: string): boolean => {
   return /^https?:\/\//i.test(url);
-}
\ No newline at end of file
+};
diff --git a/web/src/routes/+layout.svelte b/web/src/routes/+layout.svelte
index 226ef23..a4d9df9 100644
--- a/web/src/routes/+layout.svelte
+++ b/web/src/routes/+layout.svelte
@@ -2,12 +2,14 @@
   import Header from '$lib/components/Header.svelte';
   import Footer from '$lib/components/Footer.svelte';
   import '../app.scss';
+
+  let { children } = $props();
 </script>
 
 <Header />
 
 <main>
-  <slot />
+  {@render children()}
 </main>
 
 <Footer />
diff --git a/web/src/service-worker.ts b/web/src/service-worker.ts
index c4003bb..077ad7c 100644
--- a/web/src/service-worker.ts
+++ b/web/src/service-worker.ts
@@ -2,7 +2,7 @@
 
 import { build, files, version } from '$service-worker';
 
-const worker = (self as unknown) as ServiceWorkerGlobalScope;
+const worker = self as unknown as ServiceWorkerGlobalScope;
 const FILES = `cache${version}`;
 
 // `build` is an array of all the files generated by the bundler,
@@ -77,4 +77,4 @@ worker.addEventListener('fetch', (event) => {
       })()
     );
   }
-});
\ No newline at end of file
+});
diff --git a/web/static/manifest.json b/web/static/manifest.json
index 0a8258c..35416eb 100644
--- a/web/static/manifest.json
+++ b/web/static/manifest.json
@@ -15,4 +15,4 @@
   "theme_color": "#adafd9",
   "shortcuts": [],
   "description": "XXXX 的小站导航"
-}
\ No newline at end of file
+}
diff --git a/web/svelte.config.js b/web/svelte.config.js
index 68b6f54..cb64985 100644
--- a/web/svelte.config.js
+++ b/web/svelte.config.js
@@ -1,19 +1,18 @@
-// import adapter from '@sveltejs/adapter-auto';
 import adapter from '@sveltejs/adapter-static';
-import preprocess from 'svelte-preprocess';
+import { vitePreprocess } from '@sveltejs/vite-plugin-svelte';
 
 /** @type {import('@sveltejs/kit').Config} */
 const config = {
-  // Consult https://github.com/sveltejs/svelte-preprocess
-  // for more information about preprocessors
-  preprocess: preprocess(),
-  extensions: ['.svelte'],
+  preprocess: vitePreprocess(),
   kit: {
     adapter: adapter({
-      fallback: 'index.html'
-    }),
-  },
-  endpointExtensions: ['.js', '.ts'],
+      pages: 'build',
+      assets: 'build',
+      fallback: 'index.html',
+      precompress: false,
+      strict: true
+    })
+  }
 };
 
 export default config;
diff --git a/web/tsconfig.json b/web/tsconfig.json
index 5c56cee..4344710 100644
--- a/web/tsconfig.json
+++ b/web/tsconfig.json
@@ -8,6 +8,7 @@
     "resolveJsonModule": true,
     "skipLibCheck": true,
     "sourceMap": true,
-    "strict": true
+    "strict": true,
+    "moduleResolution": "bundler"
   }
 }
diff --git a/web/vite.config.ts b/web/vite.config.ts
index 3b1bdc8..e521f72 100644
--- a/web/vite.config.ts
+++ b/web/vite.config.ts
@@ -9,10 +9,10 @@ const config: UserConfig = {
     proxy: {
       '/api': {
         target: 'http://127.0.0.1:8080',
-        changeOrigin: false,
-      },
-    },
-  },
+        changeOrigin: false
+      }
+    }
+  }
 };
 
-export default config;
\ No newline at end of file
+export default config;

From 1936707eb2620cdda937561a62b7a2ea1198adc5 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 20 May 2026 19:44:49 +0800
Subject: [PATCH 04/77] =?UTF-8?q?feat(web):=20foundation=20=E2=80=94=20typ?=
 =?UTF-8?q?es=20+=20i18n=20+=20design=20system=20+=20UI=20primitives=20(Pl?=
 =?UTF-8?q?an=202)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Type-safe foundation, no nav data wired yet.
- zod schemas mirror NavBundle (single source of truth, z.infer types)
- apiClient with zod response validation + ApiError + 4 unit tests
- Self-implemented i18n (~80 lines, no library; zh + en flat keys with
  {{name}} interpolation, 7 unit tests)
- Design tokens (light + dark + reduced-motion) per modern-minimal
  direction (Linear/Raycast inspired)
- Theme store (system/light/dark, prefers-color-scheme + localStorage)
- 10 UI primitives (Button/IconButton/Input/Dialog/Toast/Menu/Chip/
  Switch/Card/Skeleton), all token-driven
- /_demo route exercising every primitive with theme/locale toggles
- vitest 2.1 added; 11 unit tests pass
---
 .../2026-05-20-plan-2-frontend-foundation.md  | 2483 +++++++++++++++++
 web/package.json                              |    6 +-
 web/pnpm-lock.yaml                            |  302 ++
 web/src/app.scss                              |    2 +
 web/src/lib/api/client.test.ts                |   59 +
 web/src/lib/api/client.ts                     |   85 +
 web/src/lib/components/ui/Button.svelte       |  127 +
 web/src/lib/components/ui/Card.svelte         |   46 +
 web/src/lib/components/ui/Chip.svelte         |   83 +
 web/src/lib/components/ui/Dialog.svelte       |  159 ++
 web/src/lib/components/ui/IconButton.svelte   |   88 +
 web/src/lib/components/ui/Input.svelte        |  152 +
 web/src/lib/components/ui/Menu.svelte         |  121 +
 web/src/lib/components/ui/Skeleton.svelte     |   53 +
 web/src/lib/components/ui/Switch.svelte       |   85 +
 web/src/lib/components/ui/Toast.svelte        |   69 +
 .../lib/components/ui/ToastViewport.svelte    |   28 +
 web/src/lib/components/ui/toast.ts            |   34 +
 web/src/lib/design/theme.ts                   |   52 +
 web/src/lib/design/tokens.scss                |  108 +
 web/src/lib/i18n/en.json                      |   30 +
 web/src/lib/i18n/store.test.ts                |   45 +
 web/src/lib/i18n/store.ts                     |   60 +
 web/src/lib/i18n/zh.json                      |   30 +
 web/src/lib/types/nav.ts                      |   91 +
 web/src/routes/+layout.svelte                 |    1 +
 web/src/routes/_demo/+page.svelte             |  200 ++
 27 files changed, 4598 insertions(+), 1 deletion(-)
 create mode 100644 docs/superpowers/plans/2026-05-20-plan-2-frontend-foundation.md
 create mode 100644 web/src/lib/api/client.test.ts
 create mode 100644 web/src/lib/api/client.ts
 create mode 100644 web/src/lib/components/ui/Button.svelte
 create mode 100644 web/src/lib/components/ui/Card.svelte
 create mode 100644 web/src/lib/components/ui/Chip.svelte
 create mode 100644 web/src/lib/components/ui/Dialog.svelte
 create mode 100644 web/src/lib/components/ui/IconButton.svelte
 create mode 100644 web/src/lib/components/ui/Input.svelte
 create mode 100644 web/src/lib/components/ui/Menu.svelte
 create mode 100644 web/src/lib/components/ui/Skeleton.svelte
 create mode 100644 web/src/lib/components/ui/Switch.svelte
 create mode 100644 web/src/lib/components/ui/Toast.svelte
 create mode 100644 web/src/lib/components/ui/ToastViewport.svelte
 create mode 100644 web/src/lib/components/ui/toast.ts
 create mode 100644 web/src/lib/design/theme.ts
 create mode 100644 web/src/lib/design/tokens.scss
 create mode 100644 web/src/lib/i18n/en.json
 create mode 100644 web/src/lib/i18n/store.test.ts
 create mode 100644 web/src/lib/i18n/store.ts
 create mode 100644 web/src/lib/i18n/zh.json
 create mode 100644 web/src/lib/types/nav.ts
 create mode 100644 web/src/routes/_demo/+page.svelte

diff --git a/docs/superpowers/plans/2026-05-20-plan-2-frontend-foundation.md b/docs/superpowers/plans/2026-05-20-plan-2-frontend-foundation.md
new file mode 100644
index 0000000..d87dca4
--- /dev/null
+++ b/docs/superpowers/plans/2026-05-20-plan-2-frontend-foundation.md
@@ -0,0 +1,2483 @@
+# Frontend Foundation Implementation Plan (Plan 2 of 5)
+
+> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
+
+**Goal:** Stand up the frontend foundation in `web/` — type-safe API client (zod-validated against backend NavBundle), self-implemented i18n (~150 lines, no library), modern-minimal design tokens with light/dark themes, and 10 UI primitives (Button / IconButton / Input / Dialog / Toast / Menu / Chip / Switch / Card / Skeleton). After this plan, a `/_demo` route shows every primitive in light/dark mode and verifies the toolchain end-to-end. **No nav data is rendered yet** — Plan 3 wires stores + Header/Footer/NavGrid on top of this foundation.
+
+**Architecture:** Three orthogonal layers stacked under `src/lib/`:
+1. **Types + API**: `types/nav.ts` defines zod schemas (single source of truth, `z.infer` for TS types); `api/client.ts` exports `apiClient<T>(method, path, body, schema)` that always validates responses.
+2. **i18n**: `i18n/{en,zh}.json` flat key map + `i18n/store.ts` (locale `Writable` persisted to localStorage + `t()` derived). Keys follow `domain.module.purpose`.
+3. **Design system**: `design/tokens.scss` (CSS custom properties for color/space/radius/type/shadow/motion in `:root` and `[data-theme="dark"]`); `design/theme.ts` (theme `Writable` + applies `data-theme` to `<html>`); UI primitives consume only tokens, never raw colors.
+
+The 10 primitives live under `src/lib/components/ui/` and follow consistent contract: `<script lang="ts">` with `$props()`, slots/snippets via `{@render children()}`, all interactive elements are `<button>` (a11y-ready), all colors come from CSS variables.
+
+**Tech Stack (already provisioned by Plan 1.5):** Svelte 5.1 · SvelteKit 2.8 · Vite 5.4 · TypeScript 5.6 · ESLint 9 flat · Prettier 3 · pnpm 10 · zod 3.23.
+
+**Spec reference:** `docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md` § 4 (frontend state layout), § 7 (design system), § 8 (i18n + a11y + types + errors).
+
+**Predecessors:**
+- Plan 1 (Rust backend) — provides `/api/nav` etc.
+- Plan 1.5 (Svelte 5 toolchain) — provides modern stack + zod dep.
+
+**Successors:**
+- Plan 3: stores + Header/Footer/NavGrid (consumes this plan's API client + i18n + tokens + primitives).
+- Plan 4: edit mode (LoginDialog uses `Dialog`/`Input`/`Button`; ItemEditDialog same).
+- Plan 5: scripts/dump-bootstrap, Dockerfile, Playwright e2e.
+
+---
+
+## Conventions
+
+- **Working directory:** every `pnpm` command runs in `web/`.
+- **Sub-branch:** `plan-2/frontend-foundation`, branched from `feat/rust-platform`.
+- **Commits:** Conventional Commits, no `Co-Authored-By` trailer. Each task → one commit.
+- **Verification gate:** every task ends with `pnpm check` (svelte-check) green or an explicit cargo-style smoke test.
+- **TDD-lite:** tests exist for non-trivial logic (zod parsing, i18n `t()` interpolation, theme toggle persistence). Pure presentational components don't get unit tests in this plan — the demo route is their integration check.
+- **a11y baseline:** every interactive primitive uses `<button>`, has visible focus ring, supports keyboard activation (Enter/Space).
+- **Style isolation:** all component styles are scoped Svelte (`<style>` blocks, no `:global(...)` except in `tokens.scss`). Components reference CSS variables only.
+
+---
+
+## Color & Typography Tokens (locked in this plan)
+
+These are the locked values used by all UI primitives. Subsequent plans (3/4) consume them as-is; design refinements are version-bumped via a new tokens commit, never inlined.
+
+### Light theme (`:root`)
+
+| Token | Value | Usage |
+|---|---|---|
+| `--c-bg` | `#fafaf9` | Page background |
+| `--c-surface` | `#ffffff` | Cards, dialogs |
+| `--c-surface-2` | `#f4f4f3` | Inset / elevated surface variant |
+| `--c-border` | `#e5e5e3` | Hairlines, dividers |
+| `--c-text` | `#1a1a18` | Primary text |
+| `--c-text-2` | `#5a5a55` | Secondary / labels |
+| `--c-text-3` | `#8a8a85` | Tertiary / placeholders |
+| `--c-accent` | `#4f46e5` | Primary actions, focus ring |
+| `--c-accent-hover` | `#4338ca` | Hover state for accent |
+| `--c-accent-bg` | `#eef2ff` | Subtle accent surface |
+| `--c-success` | `#047857` | Success toasts, confirmation |
+| `--c-warn` | `#b45309` | Warnings |
+| `--c-danger` | `#b91c1c` | Errors, destructive actions |
+| `--c-danger-bg` | `#fef2f2` | Error surface |
+
+### Dark theme (`[data-theme="dark"]`)
+
+| Token | Value |
+|---|---|
+| `--c-bg` | `#0e0e0d` |
+| `--c-surface` | `#18181a` |
+| `--c-surface-2` | `#232326` |
+| `--c-border` | `#2c2c30` |
+| `--c-text` | `#f5f5f3` |
+| `--c-text-2` | `#b5b5b0` |
+| `--c-text-3` | `#767672` |
+| `--c-accent` | `#818cf8` |
+| `--c-accent-hover` | `#a5b4fc` |
+| `--c-accent-bg` | `#1e1b4b` |
+| `--c-success` | `#10b981` |
+| `--c-warn` | `#f59e0b` |
+| `--c-danger` | `#f87171` |
+| `--c-danger-bg` | `#3f1d1d` |
+
+### Spacing / Radius / Type / Shadow / Motion
+
+| Group | Tokens |
+|---|---|
+| Spacing (4px base) | `--sp-1: 4px; --sp-2: 8px; --sp-3: 12px; --sp-4: 16px; --sp-5: 24px; --sp-6: 32px; --sp-7: 48px; --sp-8: 64px;` |
+| Radius | `--rd-sm: 6px; --rd-md: 10px; --rd-lg: 14px; --rd-pill: 999px;` |
+| Font family | `--ft-sans: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", sans-serif;` `--ft-mono: ui-monospace, SFMono-Regular, "SF Mono", Menlo, monospace;` |
+| Font sizes | `--fs-xs: 12px; --fs-sm: 13px; --fs-md: 15px; --fs-lg: 18px; --fs-xl: 24px;` |
+| Weights | `--fw-regular: 400; --fw-medium: 500; --fw-semibold: 600;` |
+| Line heights | `--lh-tight: 1.2; --lh-base: 1.5; --lh-loose: 1.7;` |
+| Shadows light | `--sh-sm: 0 1px 2px rgba(0,0,0,0.04);` `--sh-md: 0 4px 12px rgba(0,0,0,0.06);` `--sh-lg: 0 12px 32px rgba(0,0,0,0.08);` |
+| Shadows dark | overrides with rgba(0,0,0,0.4 / 0.45 / 0.5) |
+| Motion | `--tr-fast: 120ms ease-out; --tr-base: 180ms ease-out; --tr-slow: 260ms ease-out;` |
+| Reduced motion | `@media (prefers-reduced-motion: reduce) { :root { --tr-fast: 0ms; --tr-base: 0ms; --tr-slow: 0ms; } }` |
+
+---
+
+## Phase 0: Types + API Client (Tasks 1–3)
+
+Goal: type-safe contract with the Plan 1 backend. zod schemas mirror NavBundle exactly; apiClient validates every response.
+
+### Task 1: Zod schemas + TS types
+
+**Files:**
+- Create: `web/src/lib/types/nav.ts`
+
+- [ ] **Step 1: Write the schemas**
+
+Create `web/src/lib/types/nav.ts`:
+
+```ts
+import { z } from 'zod';
+
+// Discriminator for icon source
+export const IconKindSchema = z.enum(['asset', 'url', 'auto-favicon']);
+export type IconKind = z.infer<typeof IconKindSchema>;
+
+// Optional i18n map: { en?: string, ... }; preserved as raw JSON since locale set is open.
+const I18nMap = z.record(z.string(), z.string()).nullable().optional();
+
+export const SiteSchema = z.object({
+  id: z.number().int(),
+  value: z.string(),
+  name: z.string(),
+  nameI18n: I18nMap,
+  sortOrder: z.number().int(),
+  isDefault: z.boolean()
+});
+export type Site = z.infer<typeof SiteSchema>;
+
+export const GroupSchema = z.object({
+  id: z.number().int(),
+  slug: z.string(),
+  name: z.string(),
+  nameI18n: I18nMap,
+  sortOrder: z.number().int(),
+  collapsedDefault: z.boolean()
+});
+export type Group = z.infer<typeof GroupSchema>;
+
+export const TagSchema = z.object({
+  id: z.number().int(),
+  slug: z.string(),
+  name: z.string(),
+  nameI18n: I18nMap
+});
+export type Tag = z.infer<typeof TagSchema>;
+
+export const ItemSchema = z.object({
+  id: z.number().int(),
+  groupId: z.number().int().nullable(),
+  name: z.string(),
+  nameI18n: I18nMap,
+  description: z.string().nullable().optional(),
+  descriptionI18n: I18nMap,
+  iconKind: IconKindSchema,
+  iconValue: z.string(),
+  sortOrder: z.number().int(),
+  links: z.record(z.string(), z.string()),
+  tagSlugs: z.array(z.string()),
+  createdAt: z.number().int(),
+  updatedAt: z.number().int()
+});
+export type Item = z.infer<typeof ItemSchema>;
+
+export const LinkSchema = z.object({
+  text: z.string(),
+  url: z.string().url()
+});
+export type Link = z.infer<typeof LinkSchema>;
+
+export const MetaSchema = z.object({
+  siteName: z.string(),
+  siteAvatarPath: z.string().nullable().optional(),
+  siteCopyright: z.string(),
+  siteIcp: LinkSchema.nullable(),
+  sitePolice: LinkSchema.nullable(),
+  defaultTheme: z.enum(['system', 'light', 'dark'])
+});
+export type Meta = z.infer<typeof MetaSchema>;
+
+export const NavBundleSchema = z.object({
+  schemaVersion: z.literal(1),
+  meta: MetaSchema,
+  sites: z.array(SiteSchema),
+  groups: z.array(GroupSchema),
+  items: z.array(ItemSchema),
+  tags: z.array(TagSchema)
+});
+export type NavBundle = z.infer<typeof NavBundleSchema>;
+
+// Auth response
+export const AuthMeSchema = z.object({ authenticated: z.boolean() });
+export type AuthMe = z.infer<typeof AuthMeSchema>;
+
+// Generic error envelope from backend (see server/src/error.rs)
+export const ApiErrorBodySchema = z.object({
+  error: z.string(),
+  message: z.string().optional(),
+  fields: z.record(z.string(), z.string()).optional()
+});
+export type ApiErrorBody = z.infer<typeof ApiErrorBodySchema>;
+```
+
+- [ ] **Step 2: Run svelte-check**
+
+```bash
+cd web
+pnpm check 2>&1 | tail -10
+cd ..
+```
+
+Expected: 0 errors.
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add web/src/lib/types/nav.ts
+git commit -m "feat(web): zod schemas + TS types for NavBundle (camelCase, mirrors backend)"
+```
+
+### Task 2: `apiClient` with zod parse
+
+**Files:**
+- Create: `web/src/lib/api/client.ts`
+
+- [ ] **Step 1: Write the client**
+
+Create `web/src/lib/api/client.ts`:
+
+```ts
+import type { ZodSchema } from 'zod';
+import { ApiErrorBodySchema, type ApiErrorBody } from '$lib/types/nav';
+
+export class ApiError extends Error {
+  readonly status: number;
+  readonly code: string;
+  readonly fields?: Record<string, string>;
+
+  constructor(status: number, body: ApiErrorBody) {
+    super(body.message ?? body.error);
+    this.name = 'ApiError';
+    this.status = status;
+    this.code = body.error;
+    this.fields = body.fields;
+  }
+}
+
+type Method = 'GET' | 'POST' | 'PATCH' | 'DELETE';
+
+export interface ApiCallOptions<TRes> {
+  method: Method;
+  path: string;
+  body?: unknown;
+  responseSchema?: ZodSchema<TRes>;
+  signal?: AbortSignal;
+}
+
+export async function apiClient<TRes = void>(opts: ApiCallOptions<TRes>): Promise<TRes> {
+  const { method, path, body, responseSchema, signal } = opts;
+  const headers: Record<string, string> = {};
+  let serializedBody: BodyInit | undefined;
+
+  if (body !== undefined) {
+    if (body instanceof FormData) {
+      serializedBody = body; // multipart upload
+    } else {
+      headers['Content-Type'] = 'application/json';
+      serializedBody = JSON.stringify(body);
+    }
+  }
+
+  const res = await fetch(path, {
+    method,
+    headers,
+    body: serializedBody,
+    credentials: 'same-origin',
+    signal
+  });
+
+  if (!res.ok) {
+    let errBody: ApiErrorBody = { error: 'unknown', message: res.statusText };
+    try {
+      const json = await res.json();
+      const parsed = ApiErrorBodySchema.safeParse(json);
+      if (parsed.success) errBody = parsed.data;
+    } catch {
+      // body wasn't JSON — keep statusText fallback
+    }
+    throw new ApiError(res.status, errBody);
+  }
+
+  // 204 No Content
+  if (res.status === 204) {
+    return undefined as TRes;
+  }
+
+  const contentType = res.headers.get('content-type') ?? '';
+  if (contentType.includes('application/json')) {
+    const json: unknown = await res.json();
+    if (responseSchema) {
+      const parsed = responseSchema.safeParse(json);
+      if (!parsed.success) {
+        throw new ApiError(res.status, {
+          error: 'schema_mismatch',
+          message: parsed.error.issues.map((i) => `${i.path.join('.')}: ${i.message}`).join('; ')
+        });
+      }
+      return parsed.data;
+    }
+    return json as TRes;
+  }
+
+  // Non-JSON success (e.g. /api/favicon returning image/*) — return raw response is the caller's job
+  return res as unknown as TRes;
+}
+```
+
+- [ ] **Step 2: Verify compilation**
+
+```bash
+cd web
+pnpm check 2>&1 | tail -5
+cd ..
+```
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add web/src/lib/api/client.ts
+git commit -m "feat(web): apiClient with zod response validation + ApiError"
+```
+
+### Task 3: API client smoke test
+
+**Files:**
+- Create: `web/src/lib/api/client.test.ts`
+- Modify: `web/package.json` (add vitest)
+
+- [ ] **Step 1: Add Vitest to dev dependencies**
+
+```bash
+cd web
+pnpm add -D vitest@^2.1.0 @vitest/ui@^2.1.0
+cd ..
+```
+
+- [ ] **Step 2: Update `package.json` scripts**
+
+Read current scripts; add a `test:unit` line:
+
+```json
+"scripts": {
+  "dev": "vite dev",
+  "build": "vite build",
+  "preview": "vite preview",
+  "test": "playwright test",
+  "test:unit": "vitest run",
+  "test:unit:watch": "vitest",
+  "check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
+  "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
+  "lint": "prettier --check . && eslint .",
+  "format": "prettier --write ."
+}
+```
+
+- [ ] **Step 3: Write the test**
+
+Create `web/src/lib/api/client.test.ts`:
+
+```ts
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { z } from 'zod';
+import { apiClient, ApiError } from './client';
+
+const fetchMock = vi.fn();
+beforeEach(() => {
+  fetchMock.mockReset();
+  vi.stubGlobal('fetch', fetchMock);
+});
+
+const SampleSchema = z.object({ ok: z.literal(true), n: z.number() });
+
+describe('apiClient', () => {
+  it('parses JSON success against schema', async () => {
+    fetchMock.mockResolvedValueOnce(
+      new Response(JSON.stringify({ ok: true, n: 42 }), {
+        status: 200,
+        headers: { 'content-type': 'application/json' }
+      })
+    );
+    const out = await apiClient({
+      method: 'GET',
+      path: '/api/sample',
+      responseSchema: SampleSchema
+    });
+    expect(out).toEqual({ ok: true, n: 42 });
+  });
+
+  it('throws ApiError on schema mismatch', async () => {
+    fetchMock.mockResolvedValueOnce(
+      new Response(JSON.stringify({ ok: false }), {
+        status: 200,
+        headers: { 'content-type': 'application/json' }
+      })
+    );
+    await expect(
+      apiClient({ method: 'GET', path: '/api/sample', responseSchema: SampleSchema })
+    ).rejects.toBeInstanceOf(ApiError);
+  });
+
+  it('throws ApiError on non-2xx with backend error envelope', async () => {
+    fetchMock.mockResolvedValueOnce(
+      new Response(JSON.stringify({ error: 'unauthenticated' }), {
+        status: 401,
+        headers: { 'content-type': 'application/json' }
+      })
+    );
+    await expect(
+      apiClient({ method: 'GET', path: '/api/sample' })
+    ).rejects.toMatchObject({ status: 401, code: 'unauthenticated' });
+  });
+
+  it('returns undefined on 204', async () => {
+    fetchMock.mockResolvedValueOnce(new Response(null, { status: 204 }));
+    const out = await apiClient({ method: 'POST', path: '/api/logout' });
+    expect(out).toBeUndefined();
+  });
+});
+```
+
+- [ ] **Step 4: Run**
+
+```bash
+cd web
+pnpm test:unit 2>&1 | tail -20
+cd ..
+```
+
+Expected: 4 PASS.
+
+- [ ] **Step 5: Commit**
+
+```bash
+git add web/package.json web/pnpm-lock.yaml web/src/lib/api/client.test.ts
+git commit -m "test(web): apiClient unit tests (vitest); 4 tests pass"
+```
+
+---
+
+## Phase 1: i18n (Tasks 4–6)
+
+Goal: minimal i18n with no library dep. Locale persisted to localStorage; `t()` interpolates `{{name}}` placeholders.
+
+### Task 4: Locale dictionaries
+
+**Files:**
+- Create: `web/src/lib/i18n/zh.json`
+- Create: `web/src/lib/i18n/en.json`
+
+- [ ] **Step 1: Write the Chinese dictionary**
+
+Create `web/src/lib/i18n/zh.json`:
+
+```json
+{
+  "common.save": "保存",
+  "common.cancel": "取消",
+  "common.delete": "删除",
+  "common.edit": "编辑",
+  "common.close": "关闭",
+  "common.confirm": "确认",
+  "common.loading": "加载中…",
+
+  "header.search.placeholder": "搜索…（按 / 聚焦）",
+  "header.theme.toggle": "切换主题",
+  "header.locale.toggle": "切换语言",
+  "header.login": "登录",
+  "header.logout": "登出",
+  "header.editMode.enter": "编辑",
+  "header.editMode.exit": "退出编辑",
+
+  "auth.login.title": "登录",
+  "auth.login.password": "管理员密码",
+  "auth.login.submit": "登录",
+  "auth.login.error.bad_password": "密码错误",
+  "auth.login.error.rate_limited": "尝试过于频繁，稍后再试",
+
+  "editor.item.deleteConfirm": "确认删除「{{name}}」？",
+  "editor.item.new": "新建导航项",
+
+  "error.network.offline": "无法连接服务",
+  "error.network.retry": "重试",
+  "error.unknown": "发生未知错误"
+}
+```
+
+- [ ] **Step 2: Write the English dictionary**
+
+Create `web/src/lib/i18n/en.json`:
+
+```json
+{
+  "common.save": "Save",
+  "common.cancel": "Cancel",
+  "common.delete": "Delete",
+  "common.edit": "Edit",
+  "common.close": "Close",
+  "common.confirm": "Confirm",
+  "common.loading": "Loading…",
+
+  "header.search.placeholder": "Search… (press / to focus)",
+  "header.theme.toggle": "Toggle theme",
+  "header.locale.toggle": "Toggle language",
+  "header.login": "Log in",
+  "header.logout": "Log out",
+  "header.editMode.enter": "Edit",
+  "header.editMode.exit": "Exit edit",
+
+  "auth.login.title": "Sign in",
+  "auth.login.password": "Admin password",
+  "auth.login.submit": "Sign in",
+  "auth.login.error.bad_password": "Wrong password",
+  "auth.login.error.rate_limited": "Too many attempts, try again later",
+
+  "editor.item.deleteConfirm": "Delete \"{{name}}\"?",
+  "editor.item.new": "New nav item",
+
+  "error.network.offline": "Cannot reach server",
+  "error.network.retry": "Retry",
+  "error.unknown": "Unknown error"
+}
+```
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add web/src/lib/i18n/zh.json web/src/lib/i18n/en.json
+git commit -m "feat(web): i18n dictionaries (zh + en) with flat domain.module.purpose keys"
+```
+
+### Task 5: Locale store + `t()`
+
+**Files:**
+- Create: `web/src/lib/i18n/store.ts`
+
+- [ ] **Step 1: Write the store + `t()` derivation**
+
+Create `web/src/lib/i18n/store.ts`:
+
+```ts
+import { writable, derived, get, type Readable } from 'svelte/store';
+import { browser } from '$app/environment';
+import zh from './zh.json';
+import en from './en.json';
+
+export type Locale = 'zh' | 'en';
+
+const DICTIONARIES: Record<Locale, Record<string, string>> = { zh, en };
+
+const LS_KEY = 'navsite.locale';
+
+function detectInitial(): Locale {
+  if (!browser) return 'zh';
+  const stored = localStorage.getItem(LS_KEY);
+  if (stored === 'zh' || stored === 'en') return stored;
+  const navLang = navigator.language?.toLowerCase() ?? '';
+  return navLang.startsWith('zh') ? 'zh' : 'en';
+}
+
+export const localeStore = writable<Locale>(detectInitial());
+
+if (browser) {
+  localeStore.subscribe((v) => {
+    try { localStorage.setItem(LS_KEY, v); } catch { /* private mode etc. */ }
+  });
+}
+
+/**
+ * Reactive translator.
+ *
+ * Usage in Svelte:
+ *   <script>import { t } from '$lib/i18n/store'; </script>
+ *   <button>{$t('common.save')}</button>
+ *   <p>{$t('editor.item.deleteConfirm', { name: 'RouterOS' })}</p>
+ *
+ * Falls back to the key itself if missing in the active locale.
+ */
+export const t: Readable<(key: string, params?: Record<string, string | number>) => string> =
+  derived(localeStore, ($loc) => {
+    const dict = DICTIONARIES[$loc];
+    return (key: string, params?: Record<string, string | number>) => {
+      const raw = dict[key] ?? key;
+      if (!params) return raw;
+      return raw.replace(/\{\{\s*(\w+)\s*\}\}/g, (_, name: string) =>
+        String(params[name] ?? `{{${name}}}`)
+      );
+    };
+  });
+
+/** Imperative form for non-Svelte contexts. */
+export function tNow(key: string, params?: Record<string, string | number>): string {
+  return get(t)(key, params);
+}
+
+export function setLocale(loc: Locale) {
+  localeStore.set(loc);
+}
+
+export function toggleLocale() {
+  localeStore.update((v) => (v === 'zh' ? 'en' : 'zh'));
+}
+```
+
+- [ ] **Step 2: Verify**
+
+```bash
+cd web
+pnpm check 2>&1 | tail -5
+cd ..
+```
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add web/src/lib/i18n/store.ts
+git commit -m "feat(web): i18n store with t() reactive translator (~80 lines, no library)"
+```
+
+### Task 6: i18n unit tests
+
+**Files:**
+- Create: `web/src/lib/i18n/store.test.ts`
+
+- [ ] **Step 1: Write tests**
+
+```ts
+// web/src/lib/i18n/store.test.ts
+import { describe, it, expect, beforeEach } from 'vitest';
+import { get } from 'svelte/store';
+import { localeStore, t, setLocale, toggleLocale, tNow } from './store';
+
+describe('i18n', () => {
+  beforeEach(() => {
+    setLocale('zh');
+  });
+
+  it('translates a known key', () => {
+    expect(get(t)('common.save')).toBe('保存');
+  });
+
+  it('falls back to the key when missing', () => {
+    expect(get(t)('does.not.exist')).toBe('does.not.exist');
+  });
+
+  it('switches locale', () => {
+    setLocale('en');
+    expect(get(t)('common.save')).toBe('Save');
+  });
+
+  it('toggles between zh and en', () => {
+    expect(get(localeStore)).toBe('zh');
+    toggleLocale();
+    expect(get(localeStore)).toBe('en');
+    toggleLocale();
+    expect(get(localeStore)).toBe('zh');
+  });
+
+  it('interpolates {{name}} placeholders', () => {
+    setLocale('en');
+    expect(get(t)('editor.item.deleteConfirm', { name: 'RouterOS' })).toBe('Delete "RouterOS"?');
+  });
+
+  it('leaves unknown placeholders intact', () => {
+    setLocale('en');
+    const out = get(t)('editor.item.deleteConfirm', {} as Record<string, string>);
+    expect(out).toContain('{{name}}');
+  });
+
+  it('tNow imperative form works', () => {
+    expect(tNow('common.save')).toBe('保存');
+  });
+});
+```
+
+- [ ] **Step 2: Run**
+
+```bash
+cd web
+pnpm test:unit 2>&1 | tail -20
+cd ..
+```
+
+Expected: 4 (apiClient) + 7 (i18n) = 11 PASS.
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add web/src/lib/i18n/store.test.ts
+git commit -m "test(web): i18n store unit tests (7 tests pass)"
+```
+
+---
+
+## Phase 2: Design Tokens + Theme (Tasks 7–9)
+
+### Task 7: `tokens.scss`
+
+**Files:**
+- Create: `web/src/lib/design/tokens.scss`
+- Modify: `web/src/app.scss` (import tokens)
+
+- [ ] **Step 1: Write tokens.scss with full token set from spec § 7.2 (locked values from this plan's "Color & Typography Tokens" section)**
+
+```scss
+// web/src/lib/design/tokens.scss
+
+/* Modern minimal tokens — Linear / Raycast inspired.
+ * Light is :root default; data-theme="dark" overrides.
+ * Dark mode auto-applies via prefers-color-scheme unless user toggle set.
+ */
+
+:root {
+  /* Spacing — 4px base */
+  --sp-1: 4px;
+  --sp-2: 8px;
+  --sp-3: 12px;
+  --sp-4: 16px;
+  --sp-5: 24px;
+  --sp-6: 32px;
+  --sp-7: 48px;
+  --sp-8: 64px;
+
+  /* Radius */
+  --rd-sm: 6px;
+  --rd-md: 10px;
+  --rd-lg: 14px;
+  --rd-pill: 999px;
+
+  /* Type */
+  --ft-sans: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', sans-serif;
+  --ft-mono: ui-monospace, SFMono-Regular, 'SF Mono', Menlo, monospace;
+  --fs-xs: 12px;
+  --fs-sm: 13px;
+  --fs-md: 15px;
+  --fs-lg: 18px;
+  --fs-xl: 24px;
+  --fw-regular: 400;
+  --fw-medium: 500;
+  --fw-semibold: 600;
+  --lh-tight: 1.2;
+  --lh-base: 1.5;
+  --lh-loose: 1.7;
+
+  /* Color (light) */
+  --c-bg: #fafaf9;
+  --c-surface: #ffffff;
+  --c-surface-2: #f4f4f3;
+  --c-border: #e5e5e3;
+  --c-text: #1a1a18;
+  --c-text-2: #5a5a55;
+  --c-text-3: #8a8a85;
+  --c-accent: #4f46e5;
+  --c-accent-hover: #4338ca;
+  --c-accent-bg: #eef2ff;
+  --c-success: #047857;
+  --c-warn: #b45309;
+  --c-danger: #b91c1c;
+  --c-danger-bg: #fef2f2;
+
+  /* Shadow (light) */
+  --sh-sm: 0 1px 2px rgba(0, 0, 0, 0.04);
+  --sh-md: 0 4px 12px rgba(0, 0, 0, 0.06);
+  --sh-lg: 0 12px 32px rgba(0, 0, 0, 0.08);
+
+  /* Motion */
+  --tr-fast: 120ms ease-out;
+  --tr-base: 180ms ease-out;
+  --tr-slow: 260ms ease-out;
+}
+
+[data-theme='dark'] {
+  --c-bg: #0e0e0d;
+  --c-surface: #18181a;
+  --c-surface-2: #232326;
+  --c-border: #2c2c30;
+  --c-text: #f5f5f3;
+  --c-text-2: #b5b5b0;
+  --c-text-3: #767672;
+  --c-accent: #818cf8;
+  --c-accent-hover: #a5b4fc;
+  --c-accent-bg: #1e1b4b;
+  --c-success: #10b981;
+  --c-warn: #f59e0b;
+  --c-danger: #f87171;
+  --c-danger-bg: #3f1d1d;
+
+  --sh-sm: 0 1px 2px rgba(0, 0, 0, 0.4);
+  --sh-md: 0 4px 12px rgba(0, 0, 0, 0.45);
+  --sh-lg: 0 12px 32px rgba(0, 0, 0, 0.5);
+}
+
+@media (prefers-reduced-motion: reduce) {
+  :root {
+    --tr-fast: 0ms;
+    --tr-base: 0ms;
+    --tr-slow: 0ms;
+  }
+}
+
+/* App-level resets that depend on tokens */
+html,
+body {
+  background: var(--c-bg);
+  color: var(--c-text);
+  font-family: var(--ft-sans);
+  font-size: var(--fs-md);
+  line-height: var(--lh-base);
+}
+
+*:focus-visible {
+  outline: 2px solid var(--c-accent);
+  outline-offset: 2px;
+  border-radius: var(--rd-sm);
+}
+```
+
+- [ ] **Step 2: Update `web/src/app.scss` to import tokens at the top**
+
+Read current app.scss first. Then prepend:
+
+```scss
+@use '$lib/design/tokens.scss';
+
+/* (existing app.scss contents preserved below) */
+```
+
+If `app.scss` already imports something like the old gradient-based palette, **leave the old file blocks intact** (they style the legacy components which Plan 3 will replace). The token import goes first so token vars are available globally.
+
+- [ ] **Step 3: svelte-check + dev smoke**
+
+```bash
+cd web
+pnpm check 2>&1 | tail -5
+pnpm dev --host 127.0.0.1 --port 5173 > /tmp/web-tokens.log 2>&1 &
+DEV_PID=$!
+sleep 8
+curl -sf http://127.0.0.1:5173/ -o /dev/null && echo "dev OK"
+kill $DEV_PID 2>/dev/null
+cd ..
+```
+
+Expected: check 0 errors, dev OK.
+
+- [ ] **Step 4: Commit**
+
+```bash
+git add web/src/lib/design/tokens.scss web/src/app.scss
+git commit -m "feat(web): design tokens (light + dark + reduced-motion) imported globally"
+```
+
+### Task 8: Theme store
+
+**Files:**
+- Create: `web/src/lib/design/theme.ts`
+
+- [ ] **Step 1: Write store**
+
+```ts
+// web/src/lib/design/theme.ts
+import { writable, get } from 'svelte/store';
+import { browser } from '$app/environment';
+
+export type ThemeMode = 'system' | 'light' | 'dark';
+
+const LS_KEY = 'navsite.theme';
+
+function detectStored(): ThemeMode {
+  if (!browser) return 'system';
+  const v = localStorage.getItem(LS_KEY);
+  if (v === 'light' || v === 'dark' || v === 'system') return v;
+  return 'system';
+}
+
+function resolveActual(mode: ThemeMode): 'light' | 'dark' {
+  if (mode !== 'system') return mode;
+  if (browser && window.matchMedia('(prefers-color-scheme: dark)').matches) return 'dark';
+  return 'light';
+}
+
+function applyToDOM(actual: 'light' | 'dark') {
+  if (!browser) return;
+  document.documentElement.setAttribute('data-theme', actual);
+}
+
+export const themeStore = writable<ThemeMode>(detectStored());
+
+if (browser) {
+  // Apply on subscribe + persist
+  themeStore.subscribe((mode) => {
+    applyToDOM(resolveActual(mode));
+    try { localStorage.setItem(LS_KEY, mode); } catch { /* private mode */ }
+  });
+
+  // React to system changes when in 'system' mode
+  const mql = window.matchMedia('(prefers-color-scheme: dark)');
+  const onSystemChange = () => {
+    if (get(themeStore) === 'system') applyToDOM(resolveActual('system'));
+  };
+  mql.addEventListener('change', onSystemChange);
+}
+
+export function setTheme(m: ThemeMode) {
+  themeStore.set(m);
+}
+
+/**
+ * Cycle: system → light → dark → system.
+ * Useful for a single ThemeToggle button.
+ */
+export function cycleTheme() {
+  themeStore.update((v) => (v === 'system' ? 'light' : v === 'light' ? 'dark' : 'system'));
+}
+```
+
+- [ ] **Step 2: Verify**
+
+```bash
+cd web
+pnpm check 2>&1 | tail -5
+cd ..
+```
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add web/src/lib/design/theme.ts
+git commit -m "feat(web): theme store (system/light/dark) with localStorage + matchMedia"
+```
+
+### Task 9: Wire theme into +layout.svelte
+
+**Files:**
+- Modify: `web/src/routes/+layout.svelte`
+
+- [ ] **Step 1: Import the theme store so it gets initialized once on app boot**
+
+Read current `+layout.svelte`. Add `import '$lib/design/theme';` to the script imports — this is enough; the module's top-level code subscribes to itself and applies `data-theme` to `<html>`.
+
+The full `<script lang="ts">` should look like:
+
+```svelte
+<script lang="ts">
+  import Header from '$lib/components/Header.svelte';
+  import Footer from '$lib/components/Footer.svelte';
+  import '$lib/design/theme'; // Initializes data-theme on <html>
+  import '../app.scss';
+
+  let { children } = $props();
+</script>
+```
+
+(`<main>{@render children()}</main>` etc. unchanged.)
+
+- [ ] **Step 2: Smoke test theme toggling manually via DevTools console**
+
+```bash
+cd web
+pnpm dev --host 127.0.0.1 --port 5173 > /tmp/web-theme.log 2>&1 &
+DEV_PID=$!
+sleep 8
+curl -sf http://127.0.0.1:5173/ | grep -oE 'data-theme="[^"]*"' | head -1 || echo "(data-theme attr not in initial HTML; that's expected — it's set client-side after JS runs)"
+kill $DEV_PID 2>/dev/null
+cd ..
+```
+
+The smoke test only verifies the page boots. Theme is applied client-side after JS hydration; checking the attr server-side won't show it. Phase 4's demo route exercises the toggle properly.
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add web/src/routes/+layout.svelte
+git commit -m "feat(web): initialize theme store from +layout.svelte (sets data-theme on <html>)"
+```
+
+---
+
+## Phase 3: UI Primitives (Tasks 10–19)
+
+Goal: 10 reusable primitives. Each is one file under `web/src/lib/components/ui/`. All consume tokens; none hardcode colors. All interactive primitives are `<button>`-based or `<input>`-based with proper aria.
+
+### Task 10: Button.svelte
+
+**Files:**
+- Create: `web/src/lib/components/ui/Button.svelte`
+
+- [ ] **Step 1: Write component**
+
+```svelte
+<!-- web/src/lib/components/ui/Button.svelte -->
+<script lang="ts">
+  type Intent = 'primary' | 'secondary' | 'ghost' | 'danger';
+  type Size = 'sm' | 'md' | 'lg';
+
+  interface Props {
+    intent?: Intent;
+    size?: Size;
+    type?: 'button' | 'submit' | 'reset';
+    disabled?: boolean;
+    loading?: boolean;
+    fullWidth?: boolean;
+    onclick?: (e: MouseEvent) => void;
+    children?: import('svelte').Snippet;
+  }
+
+  let {
+    intent = 'primary',
+    size = 'md',
+    type = 'button',
+    disabled = false,
+    loading = false,
+    fullWidth = false,
+    onclick,
+    children
+  }: Props = $props();
+</script>
+
+<button
+  {type}
+  class="btn intent-{intent} size-{size}"
+  class:full-width={fullWidth}
+  class:loading
+  disabled={disabled || loading}
+  {onclick}
+>
+  {#if children}{@render children()}{/if}
+</button>
+
+<style lang="scss">
+  .btn {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    gap: var(--sp-2);
+    padding: 0 var(--sp-4);
+    border: 1px solid transparent;
+    border-radius: var(--rd-md);
+    font-family: var(--ft-sans);
+    font-weight: var(--fw-medium);
+    line-height: 1;
+    cursor: pointer;
+    transition: background var(--tr-fast), border-color var(--tr-fast), color var(--tr-fast),
+      box-shadow var(--tr-fast);
+    user-select: none;
+
+    &:disabled {
+      opacity: 0.55;
+      cursor: not-allowed;
+    }
+
+    &.full-width {
+      width: 100%;
+    }
+
+    &.loading {
+      cursor: progress;
+    }
+  }
+
+  .size-sm {
+    height: 28px;
+    font-size: var(--fs-sm);
+    padding: 0 var(--sp-3);
+  }
+
+  .size-md {
+    height: 36px;
+    font-size: var(--fs-md);
+  }
+
+  .size-lg {
+    height: 44px;
+    font-size: var(--fs-md);
+    padding: 0 var(--sp-5);
+  }
+
+  .intent-primary {
+    background: var(--c-accent);
+    color: white;
+
+    &:hover:not(:disabled) {
+      background: var(--c-accent-hover);
+    }
+  }
+
+  .intent-secondary {
+    background: var(--c-surface);
+    color: var(--c-text);
+    border-color: var(--c-border);
+
+    &:hover:not(:disabled) {
+      background: var(--c-surface-2);
+    }
+  }
+
+  .intent-ghost {
+    background: transparent;
+    color: var(--c-text);
+
+    &:hover:not(:disabled) {
+      background: var(--c-surface-2);
+    }
+  }
+
+  .intent-danger {
+    background: var(--c-danger);
+    color: white;
+
+    &:hover:not(:disabled) {
+      filter: brightness(1.05);
+    }
+  }
+</style>
+```
+
+- [ ] **Step 2: Verify** with svelte-check; no test (visual is demo route).
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add web/src/lib/components/ui/Button.svelte
+git commit -m "feat(web): Button primitive (4 intents x 3 sizes, token-driven)"
+```
+
+### Task 11: IconButton.svelte
+
+**Files:**
+- Create: `web/src/lib/components/ui/IconButton.svelte`
+
+```svelte
+<!-- web/src/lib/components/ui/IconButton.svelte -->
+<script lang="ts">
+  interface Props {
+    label: string; // aria-label, required (icon-only button)
+    type?: 'button' | 'submit' | 'reset';
+    disabled?: boolean;
+    size?: 'sm' | 'md' | 'lg';
+    intent?: 'ghost' | 'subtle';
+    onclick?: (e: MouseEvent) => void;
+    children?: import('svelte').Snippet;
+  }
+
+  let {
+    label,
+    type = 'button',
+    disabled = false,
+    size = 'md',
+    intent = 'ghost',
+    onclick,
+    children
+  }: Props = $props();
+</script>
+
+<button
+  {type}
+  aria-label={label}
+  title={label}
+  class="icon-btn size-{size} intent-{intent}"
+  {disabled}
+  {onclick}
+>
+  {#if children}{@render children()}{/if}
+</button>
+
+<style lang="scss">
+  .icon-btn {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    border: 1px solid transparent;
+    border-radius: var(--rd-md);
+    cursor: pointer;
+    color: var(--c-text-2);
+    transition: background var(--tr-fast), color var(--tr-fast);
+
+    &:disabled {
+      opacity: 0.5;
+      cursor: not-allowed;
+    }
+
+    &:hover:not(:disabled) {
+      color: var(--c-text);
+    }
+  }
+
+  .size-sm {
+    width: 28px;
+    height: 28px;
+  }
+
+  .size-md {
+    width: 36px;
+    height: 36px;
+  }
+
+  .size-lg {
+    width: 44px;
+    height: 44px;
+  }
+
+  .intent-ghost {
+    background: transparent;
+
+    &:hover:not(:disabled) {
+      background: var(--c-surface-2);
+    }
+  }
+
+  .intent-subtle {
+    background: var(--c-surface-2);
+
+    &:hover:not(:disabled) {
+      background: var(--c-border);
+    }
+  }
+</style>
+```
+
+Commit: `feat(web): IconButton primitive (icon-only, aria-label required)`
+
+### Task 12: Input.svelte
+
+**Files:**
+- Create: `web/src/lib/components/ui/Input.svelte`
+
+```svelte
+<!-- web/src/lib/components/ui/Input.svelte -->
+<script lang="ts">
+  interface Props {
+    value?: string;
+    type?: 'text' | 'password' | 'email' | 'search' | 'url';
+    placeholder?: string;
+    disabled?: boolean;
+    invalid?: boolean;
+    helpText?: string;
+    errorText?: string;
+    label?: string;
+    id?: string;
+    name?: string;
+    autocomplete?: string;
+    fullWidth?: boolean;
+    leadingIcon?: import('svelte').Snippet;
+    oninput?: (e: Event) => void;
+    onchange?: (e: Event) => void;
+  }
+
+  let {
+    value = $bindable(''),
+    type = 'text',
+    placeholder,
+    disabled = false,
+    invalid = false,
+    helpText,
+    errorText,
+    label,
+    id,
+    name,
+    autocomplete,
+    fullWidth = true,
+    leadingIcon,
+    oninput,
+    onchange
+  }: Props = $props();
+
+  const inputId = $derived(id ?? `inp-${Math.random().toString(36).slice(2, 9)}`);
+  const showError = $derived(invalid && !!errorText);
+</script>
+
+<div class="field" class:full-width={fullWidth}>
+  {#if label}<label class="label" for={inputId}>{label}</label>{/if}
+  <div class="control" class:invalid={invalid}>
+    {#if leadingIcon}
+      <span class="leading">{@render leadingIcon()}</span>
+    {/if}
+    <input
+      id={inputId}
+      {type}
+      {placeholder}
+      {disabled}
+      {name}
+      {autocomplete}
+      bind:value
+      {oninput}
+      {onchange}
+      aria-invalid={invalid}
+      aria-describedby={showError ? `${inputId}-err` : helpText ? `${inputId}-help` : undefined}
+    />
+  </div>
+  {#if showError}
+    <p id="{inputId}-err" class="error">{errorText}</p>
+  {:else if helpText}
+    <p id="{inputId}-help" class="help">{helpText}</p>
+  {/if}
+</div>
+
+<style lang="scss">
+  .field {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-1);
+
+    &.full-width {
+      width: 100%;
+    }
+  }
+
+  .label {
+    font-size: var(--fs-sm);
+    font-weight: var(--fw-medium);
+    color: var(--c-text-2);
+  }
+
+  .control {
+    display: flex;
+    align-items: center;
+    background: var(--c-surface);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-md);
+    transition: border-color var(--tr-fast), box-shadow var(--tr-fast);
+
+    &:focus-within {
+      border-color: var(--c-accent);
+      box-shadow: 0 0 0 3px var(--c-accent-bg);
+    }
+
+    &.invalid {
+      border-color: var(--c-danger);
+
+      &:focus-within {
+        box-shadow: 0 0 0 3px var(--c-danger-bg);
+      }
+    }
+  }
+
+  .leading {
+    display: inline-flex;
+    align-items: center;
+    padding: 0 var(--sp-2) 0 var(--sp-3);
+    color: var(--c-text-3);
+  }
+
+  input {
+    flex: 1;
+    border: 0;
+    outline: 0;
+    background: transparent;
+    color: var(--c-text);
+    padding: 0 var(--sp-3);
+    height: 36px;
+    font-size: var(--fs-md);
+    font-family: inherit;
+
+    &::placeholder {
+      color: var(--c-text-3);
+    }
+
+    &:disabled {
+      opacity: 0.6;
+      cursor: not-allowed;
+    }
+  }
+
+  .help {
+    font-size: var(--fs-xs);
+    color: var(--c-text-3);
+    margin: 0;
+  }
+
+  .error {
+    font-size: var(--fs-xs);
+    color: var(--c-danger);
+    margin: 0;
+  }
+</style>
+```
+
+Commit: `feat(web): Input primitive ($bindable value, label/help/error/icon)`
+
+### Task 13: Dialog.svelte
+
+**Files:**
+- Create: `web/src/lib/components/ui/Dialog.svelte`
+
+```svelte
+<!-- web/src/lib/components/ui/Dialog.svelte -->
+<script lang="ts">
+  import { onMount } from 'svelte';
+
+  interface Props {
+    open: boolean;
+    title?: string;
+    description?: string;
+    width?: 'sm' | 'md' | 'lg';
+    onClose?: () => void;
+    children?: import('svelte').Snippet;
+    footer?: import('svelte').Snippet;
+  }
+
+  let { open = $bindable(false), title, description, width = 'md', onClose, children, footer }: Props = $props();
+
+  let dialogEl: HTMLDivElement | undefined = $state();
+
+  function close() {
+    open = false;
+    onClose?.();
+  }
+
+  function onBackdropClick(e: MouseEvent) {
+    if (e.target === e.currentTarget) close();
+  }
+
+  function onKey(e: KeyboardEvent) {
+    if (!open) return;
+    if (e.key === 'Escape') {
+      e.stopPropagation();
+      close();
+    }
+  }
+
+  $effect(() => {
+    if (!open) return;
+    const prevOverflow = document.body.style.overflow;
+    document.body.style.overflow = 'hidden';
+    // Initial focus on first focusable child
+    requestAnimationFrame(() => {
+      const target = dialogEl?.querySelector<HTMLElement>(
+        'button, [href], input, textarea, select, [tabindex]:not([tabindex="-1"])'
+      );
+      target?.focus();
+    });
+    return () => {
+      document.body.style.overflow = prevOverflow;
+    };
+  });
+</script>
+
+<svelte:window onkeydown={onKey} />
+
+{#if open}
+  <div
+    class="backdrop"
+    role="presentation"
+    onclick={onBackdropClick}
+    onkeydown={() => {}}
+    aria-hidden="false"
+  >
+    <div
+      bind:this={dialogEl}
+      class="dialog width-{width}"
+      role="dialog"
+      aria-modal="true"
+      aria-labelledby={title ? 'dialog-title' : undefined}
+      aria-describedby={description ? 'dialog-desc' : undefined}
+    >
+      {#if title}
+        <header class="header">
+          <h2 id="dialog-title" class="title">{title}</h2>
+          {#if description}<p id="dialog-desc" class="desc">{description}</p>{/if}
+        </header>
+      {/if}
+      <div class="body">
+        {#if children}{@render children()}{/if}
+      </div>
+      {#if footer}
+        <footer class="footer">{@render footer()}</footer>
+      {/if}
+    </div>
+  </div>
+{/if}
+
+<style lang="scss">
+  .backdrop {
+    position: fixed;
+    inset: 0;
+    background: rgba(0, 0, 0, 0.5);
+    backdrop-filter: blur(2px);
+    z-index: 1000;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    padding: var(--sp-4);
+  }
+
+  .dialog {
+    background: var(--c-surface);
+    color: var(--c-text);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-lg);
+    box-shadow: var(--sh-lg);
+    width: 100%;
+    max-height: calc(100vh - var(--sp-8));
+    overflow: hidden;
+    display: flex;
+    flex-direction: column;
+  }
+
+  .width-sm {
+    max-width: 360px;
+  }
+  .width-md {
+    max-width: 520px;
+  }
+  .width-lg {
+    max-width: 720px;
+  }
+
+  .header {
+    padding: var(--sp-5) var(--sp-5) var(--sp-3);
+    border-bottom: 1px solid var(--c-border);
+  }
+
+  .title {
+    margin: 0;
+    font-size: var(--fs-lg);
+    font-weight: var(--fw-semibold);
+  }
+
+  .desc {
+    margin: var(--sp-1) 0 0;
+    color: var(--c-text-2);
+    font-size: var(--fs-sm);
+  }
+
+  .body {
+    padding: var(--sp-5);
+    overflow-y: auto;
+  }
+
+  .footer {
+    padding: var(--sp-3) var(--sp-5);
+    border-top: 1px solid var(--c-border);
+    display: flex;
+    justify-content: flex-end;
+    gap: var(--sp-2);
+    background: var(--c-surface-2);
+  }
+</style>
+```
+
+Commit: `feat(web): Dialog primitive (modal, focus trap-init, Escape, body scroll-lock)`
+
+### Task 14: Toast.svelte + ToastViewport + toastStore
+
+**Files:**
+- Create: `web/src/lib/components/ui/toast.ts` (store)
+- Create: `web/src/lib/components/ui/Toast.svelte`
+- Create: `web/src/lib/components/ui/ToastViewport.svelte`
+
+- [ ] **Step 1: Toast store**
+
+```ts
+// web/src/lib/components/ui/toast.ts
+import { writable } from 'svelte/store';
+
+export type ToastIntent = 'info' | 'success' | 'warn' | 'error';
+
+export interface ToastEntry {
+  id: number;
+  intent: ToastIntent;
+  message: string;
+  durationMs: number;
+}
+
+let nextId = 1;
+const _toasts = writable<ToastEntry[]>([]);
+
+export const toasts = { subscribe: _toasts.subscribe };
+
+function push(intent: ToastIntent, message: string, durationMs = 4000): number {
+  const id = nextId++;
+  _toasts.update((list) => [...list, { id, intent, message, durationMs }]);
+  if (durationMs > 0) setTimeout(() => dismiss(id), durationMs);
+  return id;
+}
+
+export function dismiss(id: number) {
+  _toasts.update((list) => list.filter((t) => t.id !== id));
+}
+
+export const toast = {
+  info: (msg: string, ms?: number) => push('info', msg, ms),
+  success: (msg: string, ms?: number) => push('success', msg, ms),
+  warn: (msg: string, ms?: number) => push('warn', msg, ms),
+  error: (msg: string, ms?: number) => push('error', msg, ms ?? 6000)
+};
+```
+
+- [ ] **Step 2: Toast.svelte (single toast item)**
+
+```svelte
+<!-- web/src/lib/components/ui/Toast.svelte -->
+<script lang="ts">
+  import { dismiss, type ToastIntent } from './toast';
+
+  interface Props {
+    id: number;
+    intent: ToastIntent;
+    message: string;
+  }
+
+  let { id, intent, message }: Props = $props();
+</script>
+
+<div class="toast intent-{intent}" role="status">
+  <span class="msg">{message}</span>
+  <button class="x" aria-label="Close" onclick={() => dismiss(id)}>×</button>
+</div>
+
+<style lang="scss">
+  .toast {
+    display: flex;
+    align-items: center;
+    gap: var(--sp-3);
+    padding: var(--sp-3) var(--sp-3) var(--sp-3) var(--sp-4);
+    background: var(--c-surface);
+    color: var(--c-text);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-md);
+    box-shadow: var(--sh-md);
+    min-width: 280px;
+    max-width: 420px;
+  }
+
+  .intent-success {
+    border-left: 3px solid var(--c-success);
+  }
+  .intent-info {
+    border-left: 3px solid var(--c-accent);
+  }
+  .intent-warn {
+    border-left: 3px solid var(--c-warn);
+  }
+  .intent-error {
+    border-left: 3px solid var(--c-danger);
+  }
+
+  .msg {
+    flex: 1;
+    font-size: var(--fs-sm);
+    line-height: var(--lh-base);
+  }
+
+  .x {
+    width: 24px;
+    height: 24px;
+    border: 0;
+    background: transparent;
+    color: var(--c-text-3);
+    font-size: var(--fs-lg);
+    line-height: 1;
+    cursor: pointer;
+    border-radius: var(--rd-sm);
+
+    &:hover {
+      background: var(--c-surface-2);
+      color: var(--c-text);
+    }
+  }
+</style>
+```
+
+- [ ] **Step 3: ToastViewport.svelte (mounts at app root)**
+
+```svelte
+<!-- web/src/lib/components/ui/ToastViewport.svelte -->
+<script lang="ts">
+  import { toasts } from './toast';
+  import Toast from './Toast.svelte';
+</script>
+
+<aside class="viewport" aria-live="polite" aria-relevant="additions">
+  {#each $toasts as t (t.id)}
+    <Toast id={t.id} intent={t.intent} message={t.message} />
+  {/each}
+</aside>
+
+<style lang="scss">
+  .viewport {
+    position: fixed;
+    top: var(--sp-4);
+    right: var(--sp-4);
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-2);
+    z-index: 1100;
+    pointer-events: none;
+
+    > :global(*) {
+      pointer-events: auto;
+    }
+  }
+</style>
+```
+
+Commit: `feat(web): Toast primitive (4 intents, aria-live polite, dismissible)`
+
+### Task 15: Menu.svelte (context menu)
+
+**Files:**
+- Create: `web/src/lib/components/ui/Menu.svelte`
+
+```svelte
+<!-- web/src/lib/components/ui/Menu.svelte -->
+<script lang="ts">
+  interface MenuItem {
+    label: string;
+    onSelect: () => void;
+    disabled?: boolean;
+    intent?: 'default' | 'danger';
+  }
+
+  interface Props {
+    open: boolean;
+    x: number; // viewport coords
+    y: number;
+    items: MenuItem[];
+    onClose?: () => void;
+  }
+
+  let { open = $bindable(false), x, y, items, onClose }: Props = $props();
+
+  let menuEl: HTMLDivElement | undefined = $state();
+  let focusedIdx = $state(0);
+
+  function close() {
+    open = false;
+    onClose?.();
+  }
+
+  function onSelect(i: number) {
+    const it = items[i];
+    if (!it || it.disabled) return;
+    it.onSelect();
+    close();
+  }
+
+  function onKey(e: KeyboardEvent) {
+    if (!open) return;
+    if (e.key === 'Escape') {
+      e.preventDefault();
+      close();
+    } else if (e.key === 'ArrowDown') {
+      e.preventDefault();
+      focusedIdx = Math.min(focusedIdx + 1, items.length - 1);
+    } else if (e.key === 'ArrowUp') {
+      e.preventDefault();
+      focusedIdx = Math.max(focusedIdx - 1, 0);
+    } else if (e.key === 'Enter') {
+      e.preventDefault();
+      onSelect(focusedIdx);
+    }
+  }
+
+  $effect(() => {
+    if (!open) return;
+    focusedIdx = 0;
+    requestAnimationFrame(() => menuEl?.focus());
+  });
+
+  function onWindowClick(e: MouseEvent) {
+    if (!open || !menuEl) return;
+    if (!menuEl.contains(e.target as Node)) close();
+  }
+</script>
+
+<svelte:window onkeydown={onKey} onclick={onWindowClick} />
+
+{#if open}
+  <div
+    bind:this={menuEl}
+    class="menu"
+    role="menu"
+    tabindex="-1"
+    style="left: {x}px; top: {y}px"
+  >
+    {#each items as it, i (it.label)}
+      <button
+        class="item intent-{it.intent ?? 'default'}"
+        class:focused={i === focusedIdx}
+        role="menuitem"
+        disabled={it.disabled}
+        onclick={() => onSelect(i)}
+        onmouseenter={() => (focusedIdx = i)}
+      >{it.label}</button>
+    {/each}
+  </div>
+{/if}
+
+<style lang="scss">
+  .menu {
+    position: fixed;
+    background: var(--c-surface);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-md);
+    box-shadow: var(--sh-md);
+    padding: var(--sp-1);
+    min-width: 180px;
+    z-index: 1200;
+    outline: none;
+  }
+
+  .item {
+    display: block;
+    width: 100%;
+    text-align: left;
+    padding: var(--sp-2) var(--sp-3);
+    border: 0;
+    border-radius: var(--rd-sm);
+    background: transparent;
+    color: var(--c-text);
+    font-size: var(--fs-sm);
+    cursor: pointer;
+
+    &:disabled {
+      color: var(--c-text-3);
+      cursor: not-allowed;
+    }
+
+    &.focused:not(:disabled) {
+      background: var(--c-accent-bg);
+      color: var(--c-accent);
+    }
+
+    &.intent-danger:not(:disabled).focused {
+      background: var(--c-danger-bg);
+      color: var(--c-danger);
+    }
+  }
+</style>
+```
+
+Commit: `feat(web): Menu primitive (keyboard nav, click-outside dismiss, danger intent)`
+
+### Task 16: Chip.svelte
+
+**Files:**
+- Create: `web/src/lib/components/ui/Chip.svelte`
+
+```svelte
+<!-- web/src/lib/components/ui/Chip.svelte -->
+<script lang="ts">
+  interface Props {
+    label: string;
+    active?: boolean;
+    removable?: boolean;
+    onSelect?: () => void;
+    onRemove?: () => void;
+  }
+
+  let { label, active = false, removable = false, onSelect, onRemove }: Props = $props();
+</script>
+
+<button
+  type="button"
+  class="chip"
+  class:active
+  aria-pressed={active}
+  onclick={onSelect}
+>
+  <span class="label">{label}</span>
+  {#if removable}
+    <span
+      class="x"
+      role="button"
+      aria-label="Remove"
+      tabindex="0"
+      onclick={(e) => {
+        e.stopPropagation();
+        onRemove?.();
+      }}
+      onkeydown={(e) => {
+        if (e.key === 'Enter' || e.key === ' ') {
+          e.preventDefault();
+          e.stopPropagation();
+          onRemove?.();
+        }
+      }}
+    >×</span>
+  {/if}
+</button>
+
+<style lang="scss">
+  .chip {
+    display: inline-flex;
+    align-items: center;
+    gap: var(--sp-1);
+    height: 26px;
+    padding: 0 var(--sp-3);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-pill);
+    background: var(--c-surface);
+    color: var(--c-text-2);
+    font-size: var(--fs-xs);
+    font-weight: var(--fw-medium);
+    cursor: pointer;
+    transition: background var(--tr-fast), color var(--tr-fast), border-color var(--tr-fast);
+
+    &:hover {
+      color: var(--c-text);
+      border-color: var(--c-text-3);
+    }
+
+    &.active {
+      background: var(--c-accent-bg);
+      color: var(--c-accent);
+      border-color: transparent;
+    }
+  }
+
+  .x {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    width: 16px;
+    height: 16px;
+    margin-left: var(--sp-1);
+    border-radius: var(--rd-pill);
+    color: inherit;
+    cursor: pointer;
+
+    &:hover {
+      background: rgba(0, 0, 0, 0.08);
+    }
+  }
+</style>
+```
+
+Commit: `feat(web): Chip primitive (toggle + removable variants, aria-pressed)`
+
+### Task 17: Switch.svelte
+
+**Files:**
+- Create: `web/src/lib/components/ui/Switch.svelte`
+
+```svelte
+<!-- web/src/lib/components/ui/Switch.svelte -->
+<script lang="ts">
+  interface Props {
+    checked?: boolean;
+    label?: string;
+    disabled?: boolean;
+    onchange?: (checked: boolean) => void;
+  }
+
+  let { checked = $bindable(false), label, disabled = false, onchange }: Props = $props();
+
+  function toggle() {
+    if (disabled) return;
+    checked = !checked;
+    onchange?.(checked);
+  }
+</script>
+
+<label class="row" class:disabled>
+  <button
+    type="button"
+    role="switch"
+    aria-checked={checked}
+    aria-label={label}
+    class="track"
+    class:on={checked}
+    {disabled}
+    onclick={toggle}
+  >
+    <span class="thumb"></span>
+  </button>
+  {#if label}<span class="label">{label}</span>{/if}
+</label>
+
+<style lang="scss">
+  .row {
+    display: inline-flex;
+    align-items: center;
+    gap: var(--sp-2);
+    cursor: pointer;
+    user-select: none;
+
+    &.disabled {
+      cursor: not-allowed;
+      opacity: 0.6;
+    }
+  }
+
+  .track {
+    position: relative;
+    width: 36px;
+    height: 20px;
+    border: 0;
+    border-radius: var(--rd-pill);
+    background: var(--c-border);
+    transition: background var(--tr-fast);
+    cursor: inherit;
+    padding: 0;
+
+    &.on {
+      background: var(--c-accent);
+    }
+  }
+
+  .thumb {
+    position: absolute;
+    top: 2px;
+    left: 2px;
+    width: 16px;
+    height: 16px;
+    background: var(--c-surface);
+    border-radius: 50%;
+    box-shadow: var(--sh-sm);
+    transition: transform var(--tr-fast);
+  }
+
+  .track.on .thumb {
+    transform: translateX(16px);
+  }
+
+  .label {
+    font-size: var(--fs-sm);
+    color: var(--c-text);
+  }
+</style>
+```
+
+Commit: `feat(web): Switch primitive (role=switch, $bindable checked)`
+
+### Task 18: Card.svelte
+
+**Files:**
+- Create: `web/src/lib/components/ui/Card.svelte`
+
+```svelte
+<!-- web/src/lib/components/ui/Card.svelte -->
+<script lang="ts">
+  interface Props {
+    elevation?: 'flat' | 'sm' | 'md';
+    padding?: 'none' | 'sm' | 'md' | 'lg';
+    children?: import('svelte').Snippet;
+  }
+
+  let { elevation = 'sm', padding = 'md', children }: Props = $props();
+</script>
+
+<div class="card elevation-{elevation} padding-{padding}">
+  {#if children}{@render children()}{/if}
+</div>
+
+<style lang="scss">
+  .card {
+    background: var(--c-surface);
+    color: var(--c-text);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-lg);
+  }
+
+  .elevation-flat {
+    box-shadow: none;
+  }
+  .elevation-sm {
+    box-shadow: var(--sh-sm);
+  }
+  .elevation-md {
+    box-shadow: var(--sh-md);
+  }
+
+  .padding-none {
+    padding: 0;
+  }
+  .padding-sm {
+    padding: var(--sp-3);
+  }
+  .padding-md {
+    padding: var(--sp-4);
+  }
+  .padding-lg {
+    padding: var(--sp-5);
+  }
+</style>
+```
+
+Commit: `feat(web): Card primitive (elevation x padding variants)`
+
+### Task 19: Skeleton.svelte
+
+**Files:**
+- Create: `web/src/lib/components/ui/Skeleton.svelte`
+
+```svelte
+<!-- web/src/lib/components/ui/Skeleton.svelte -->
+<script lang="ts">
+  interface Props {
+    width?: string;
+    height?: string;
+    rounded?: 'sm' | 'md' | 'pill';
+  }
+
+  let { width = '100%', height = '14px', rounded = 'sm' }: Props = $props();
+</script>
+
+<span class="skeleton rd-{rounded}" style="width: {width}; height: {height}" aria-hidden="true"></span>
+
+<style lang="scss">
+  @keyframes shimmer {
+    0% {
+      background-position: -200px 0;
+    }
+    100% {
+      background-position: calc(200px + 100%) 0;
+    }
+  }
+
+  .skeleton {
+    display: inline-block;
+    background: linear-gradient(
+      90deg,
+      var(--c-surface-2) 0px,
+      var(--c-border) 80px,
+      var(--c-surface-2) 160px
+    );
+    background-size: 200px 100%;
+    background-repeat: no-repeat;
+    animation: shimmer 1.4s ease-in-out infinite;
+  }
+
+  @media (prefers-reduced-motion: reduce) {
+    .skeleton {
+      animation: none;
+    }
+  }
+
+  .rd-sm {
+    border-radius: var(--rd-sm);
+  }
+  .rd-md {
+    border-radius: var(--rd-md);
+  }
+  .rd-pill {
+    border-radius: var(--rd-pill);
+  }
+</style>
+```
+
+Commit: `feat(web): Skeleton primitive (shimmer placeholder, reduced-motion aware)`
+
+---
+
+## Phase 4: Demo + Verification (Tasks 20–21)
+
+### Task 20: Demo route
+
+**Files:**
+- Create: `web/src/routes/_demo/+page.svelte`
+
+This is a page that uses every primitive in light/dark mode. Run via `pnpm dev` then visit `/_demo`.
+
+```svelte
+<!-- web/src/routes/_demo/+page.svelte -->
+<script lang="ts">
+  import Button from '$lib/components/ui/Button.svelte';
+  import IconButton from '$lib/components/ui/IconButton.svelte';
+  import Input from '$lib/components/ui/Input.svelte';
+  import Dialog from '$lib/components/ui/Dialog.svelte';
+  import Toast from '$lib/components/ui/Toast.svelte';
+  import ToastViewport from '$lib/components/ui/ToastViewport.svelte';
+  import { toast } from '$lib/components/ui/toast';
+  import Menu from '$lib/components/ui/Menu.svelte';
+  import Chip from '$lib/components/ui/Chip.svelte';
+  import Switch from '$lib/components/ui/Switch.svelte';
+  import Card from '$lib/components/ui/Card.svelte';
+  import Skeleton from '$lib/components/ui/Skeleton.svelte';
+  import { localeStore, t, toggleLocale } from '$lib/i18n/store';
+  import { themeStore, cycleTheme } from '$lib/design/theme';
+
+  let inputValue = $state('');
+  let inputInvalid = $state(false);
+  let switchOn = $state(false);
+  let dialogOpen = $state(false);
+  let menuOpen = $state(false);
+  let chips = $state(['fav', 'media', 'tools']);
+  let activeChip = $state('fav');
+</script>
+
+<ToastViewport />
+
+<section class="demo">
+  <header>
+    <h1>UI Primitives Demo</h1>
+    <div class="controls">
+      <Button intent="ghost" size="sm" onclick={cycleTheme}>
+        Theme: {$themeStore}
+      </Button>
+      <Button intent="ghost" size="sm" onclick={toggleLocale}>
+        Locale: {$localeStore}
+      </Button>
+    </div>
+  </header>
+
+  <h2>Buttons</h2>
+  <div class="row">
+    <Button>Primary</Button>
+    <Button intent="secondary">Secondary</Button>
+    <Button intent="ghost">Ghost</Button>
+    <Button intent="danger">Danger</Button>
+    <Button disabled>Disabled</Button>
+    <Button loading>Loading</Button>
+  </div>
+  <div class="row">
+    <Button size="sm">Small</Button>
+    <Button size="md">Medium</Button>
+    <Button size="lg">Large</Button>
+  </div>
+
+  <h2>Icon buttons</h2>
+  <div class="row">
+    <IconButton label="Settings"><span aria-hidden="true">⚙</span></IconButton>
+    <IconButton label="Edit" intent="subtle"><span aria-hidden="true">✎</span></IconButton>
+    <IconButton label="Delete" disabled><span aria-hidden="true">🗑</span></IconButton>
+  </div>
+
+  <h2>Inputs</h2>
+  <div class="col">
+    <Input label="Name" placeholder="enter your name" bind:value={inputValue} />
+    <Input
+      label="Password"
+      type="password"
+      placeholder="••••••••"
+      helpText="At least 8 characters"
+    />
+    <Input
+      label="Email"
+      type="email"
+      invalid={inputInvalid}
+      errorText="Email format invalid"
+      bind:value={inputValue}
+    />
+    <Switch label="Toggle invalid state" bind:checked={inputInvalid} />
+  </div>
+
+  <h2>Cards</h2>
+  <div class="row">
+    <Card elevation="flat">flat</Card>
+    <Card elevation="sm">sm shadow</Card>
+    <Card elevation="md">md shadow</Card>
+  </div>
+
+  <h2>Chips</h2>
+  <div class="row">
+    {#each chips as slug (slug)}
+      <Chip
+        label={slug}
+        active={activeChip === slug}
+        removable
+        onSelect={() => (activeChip = slug)}
+        onRemove={() => (chips = chips.filter((s) => s !== slug))}
+      />
+    {/each}
+  </div>
+
+  <h2>Switch</h2>
+  <Switch label="Enable feature X" bind:checked={switchOn} />
+  <p>State: {switchOn ? 'on' : 'off'}</p>
+
+  <h2>Dialog</h2>
+  <Button onclick={() => (dialogOpen = true)}>Open dialog</Button>
+  <Dialog
+    bind:open={dialogOpen}
+    title="Confirm action"
+    description="This will permanently change the configuration."
+  >
+    <p>Body text. Press Esc or click outside to close.</p>
+    {#snippet footer()}
+      <Button intent="ghost" onclick={() => (dialogOpen = false)}>{$t('common.cancel')}</Button>
+      <Button intent="primary" onclick={() => (dialogOpen = false)}>{$t('common.confirm')}</Button>
+    {/snippet}
+  </Dialog>
+
+  <h2>Toasts</h2>
+  <div class="row">
+    <Button onclick={() => toast.info('Info toast')}>info</Button>
+    <Button intent="secondary" onclick={() => toast.success('Saved!')}>success</Button>
+    <Button intent="ghost" onclick={() => toast.warn('Be careful')}>warn</Button>
+    <Button intent="danger" onclick={() => toast.error('Something broke')}>error</Button>
+  </div>
+
+  <h2>Menu</h2>
+  <Button onclick={() => (menuOpen = true)}>Open context menu</Button>
+  <Menu
+    bind:open={menuOpen}
+    x={120}
+    y={120}
+    items={[
+      { label: 'Edit', onSelect: () => toast.info('Edit') },
+      { label: 'Duplicate', onSelect: () => toast.info('Duplicated') },
+      { label: 'Delete', intent: 'danger', onSelect: () => toast.error('Deleted') }
+    ]}
+  />
+
+  <h2>Skeleton</h2>
+  <div class="col">
+    <Skeleton height="20px" width="240px" />
+    <Skeleton height="14px" width="180px" />
+    <Skeleton height="14px" width="220px" />
+  </div>
+
+  <h2>i18n</h2>
+  <p>{$t('common.save')} / {$t('header.search.placeholder')}</p>
+</section>
+
+<style lang="scss">
+  .demo {
+    max-width: 720px;
+    margin: var(--sp-6) auto;
+    padding: 0 var(--sp-4);
+    color: var(--c-text);
+    font-family: var(--ft-sans);
+
+    h1 {
+      font-size: var(--fs-xl);
+      font-weight: var(--fw-semibold);
+      margin: 0 0 var(--sp-4);
+    }
+
+    h2 {
+      margin: var(--sp-6) 0 var(--sp-3);
+      font-size: var(--fs-lg);
+      font-weight: var(--fw-semibold);
+    }
+
+    header {
+      display: flex;
+      align-items: center;
+      justify-content: space-between;
+      gap: var(--sp-3);
+      flex-wrap: wrap;
+    }
+  }
+
+  .row {
+    display: flex;
+    gap: var(--sp-2);
+    flex-wrap: wrap;
+    align-items: center;
+    margin-bottom: var(--sp-2);
+  }
+
+  .col {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-2);
+    max-width: 360px;
+  }
+
+  .controls {
+    display: flex;
+    gap: var(--sp-2);
+  }
+</style>
+```
+
+- [ ] **Step 1: Smoke test the demo route**
+
+```bash
+cd web
+pnpm dev --host 127.0.0.1 --port 5173 > /tmp/web-demo.log 2>&1 &
+DEV_PID=$!
+sleep 8
+echo "=== / ==="
+curl -sf http://127.0.0.1:5173/ -o /dev/null && echo OK || echo FAIL
+echo "=== /_demo ==="
+curl -sf http://127.0.0.1:5173/_demo -o /tmp/demo.html && grep -oE 'UI Primitives Demo' /tmp/demo.html
+kill $DEV_PID 2>/dev/null
+sleep 1
+cd ..
+```
+
+Expected: both `/` and `/_demo` boot OK; demo page contains `UI Primitives Demo` heading.
+
+- [ ] **Step 2: Commit**
+
+```bash
+git add web/src/routes/_demo
+git commit -m "feat(web): /_demo route showcasing all UI primitives + theme/locale toggle"
+```
+
+### Task 21: Final pipeline green
+
+**Files:**
+- No code changes; verification only
+
+- [ ] **Step 1: Run full pipeline**
+
+```bash
+cd web
+echo "=== build ==="
+pnpm build 2>&1 | tail -5
+echo "=== check ==="
+pnpm check 2>&1 | tail -10
+echo "=== unit tests ==="
+pnpm test:unit 2>&1 | tail -10
+echo "=== lint ==="
+pnpm lint 2>&1 | tail -10
+cd ..
+```
+
+Expected:
+- `build`: succeeds, `web/build/index.html` + `_demo/index.html` produced
+- `check`: 0 errors
+- `test:unit`: 11+ tests pass (4 apiClient + 7 i18n)
+- `lint`: 0 errors
+
+If anything fails with errors, debug + fix in this task. Don't commit failures.
+
+- [ ] **Step 2: If everything green, no commit needed for this task**
+
+If you fixed something (e.g., a stray svelte-check warning from a primitive), commit those fixes:
+
+```bash
+git add -u web/src
+git commit -m "chore(web): clean up Plan 2 primitive lints / type warnings"
+```
+
+Otherwise no commit; this task is verification only.
+
+---
+
+## Self-Review (filled by writer)
+
+**Spec coverage**
+
+| Spec section | Where covered |
+|---|---|
+| § 4.3 type safety (zod single-source) | Task 1 (types/nav.ts) + Task 2 (apiClient) |
+| § 7.2 design tokens | Task 7 (tokens.scss with locked values from this plan §) |
+| § 7.3 component primitives (10 items) | Tasks 10–19 |
+| § 8.1 i18n (no library) | Tasks 4–6 |
+| § 8.2 a11y baseline | Every primitive uses `<button>` + aria + focus-visible (via tokens) |
+| § 8.3 type strictness (zod-driven) | Task 1 |
+| § 8.4 error handling toast | Task 14 (toastStore + ToastViewport) |
+
+**Type / signature consistency**
+
+- All primitives use `$props()` with `interface Props` (Svelte 5 idiom).
+- Bindable props use `$bindable` (Input value, Switch checked, Dialog/Menu open).
+- All snippets passed via `children?: Snippet` typed import.
+- `apiClient<TRes>(opts: ApiCallOptions<TRes>)` signature consistent across the plan.
+- `t()` and `tNow()` accept the same `(key, params?)` signature.
+
+**Placeholder scan**
+
+- No "TBD" / "TODO" markers. Every code block is full and ready to paste.
+- Tasks that produce no commit (e.g., when verification was the only purpose) explicitly say so.
+
+**Scope discipline**
+
+- Plan 2 builds primitives but NOT pages — Header/Footer/NavGrid replacements live in Plan 3.
+- Plan 2 does NOT remove the legacy `web/src/lib/components/{Header,Footer,Nav,SiteSelect,Avatar}.svelte` — Plan 3 deletes them when their replacements ship.
+- Plan 2 does NOT call backend endpoints (apiClient is built but unused) — Plan 3 wires real fetches.
+- No Tailwind / DaisyUI / shadcn introduced (per spec hard constraint).
+
+**Verification gates**
+
+- Phase 0 ends with apiClient unit tests + svelte-check.
+- Phase 1 ends with i18n unit tests.
+- Phase 2 ends with dev smoke (theme applied to `<html>`).
+- Phase 3 has no per-task automated tests (visual primitives) — Task 20's demo page is the integration check.
+- Phase 4 ends with full `pnpm build && check && test:unit && lint` green.
+
+**Deferred to other plans**
+
+- Header / Footer / NavGrid replacements (Plan 3).
+- Login / edit dialogs (Plan 4) — they consume `Dialog`, `Input`, `Button` from this plan.
+- Playwright e2e (Plan 5).
+- Removing legacy `<div onclick>` workarounds in `Nav.svelte` / `SiteSelect.svelte` (Plan 3 replaces these files).
diff --git a/web/package.json b/web/package.json
index 9d51ae9..6582852 100644
--- a/web/package.json
+++ b/web/package.json
@@ -8,6 +8,8 @@
     "build": "vite build",
     "preview": "vite preview",
     "test": "playwright test",
+    "test:unit": "vitest run",
+    "test:unit:watch": "vitest",
     "check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
     "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
     "lint": "prettier --check . && eslint .",
@@ -21,6 +23,7 @@
     "@sveltejs/vite-plugin-svelte": "^4.0.0",
     "@typescript-eslint/eslint-plugin": "^8.13.0",
     "@typescript-eslint/parser": "^8.13.0",
+    "@vitest/ui": "^2.1.0",
     "eslint": "^9.14.0",
     "eslint-config-prettier": "^9.1.0",
     "eslint-plugin-svelte": "^2.46.0",
@@ -33,7 +36,8 @@
     "tslib": "^2.8.1",
     "typescript": "^5.6.3",
     "typescript-eslint": "^8.13.0",
-    "vite": "^5.4.10"
+    "vite": "^5.4.10",
+    "vitest": "^2.1.0"
   },
   "dependencies": {
     "zod": "^3.23.8"
diff --git a/web/pnpm-lock.yaml b/web/pnpm-lock.yaml
index 20e3595..1e229d8 100644
--- a/web/pnpm-lock.yaml
+++ b/web/pnpm-lock.yaml
@@ -33,6 +33,9 @@ importers:
       '@typescript-eslint/parser':
         specifier: ^8.13.0
         version: 8.59.4(eslint@9.39.4)(typescript@5.9.3)
+      '@vitest/ui':
+        specifier: ^2.1.0
+        version: 2.1.9(vitest@2.1.9)
       eslint:
         specifier: ^9.14.0
         version: 9.39.4
@@ -72,6 +75,9 @@ importers:
       vite:
         specifier: ^5.4.10
         version: 5.4.21(sass@1.99.0)
+      vitest:
+        specifier: ^2.1.0
+        version: 2.1.9(@vitest/ui@2.1.9)(sass@1.99.0)
 
 packages:
 
@@ -620,6 +626,40 @@ packages:
     resolution: {integrity: sha512-U3gxVaDVnuZKhSspW/MzMxE1kq7zOdc072FcSNoqA1I9p8HyKbBFfEHoWckBAMgNMph4MamwS5iTVzFmrnt8TQ==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
 
+  '@vitest/expect@2.1.9':
+    resolution: {integrity: sha512-UJCIkTBenHeKT1TTlKMJWy1laZewsRIzYighyYiJKZreqtdxSos/S1t+ktRMQWu2CKqaarrkeszJx1cgC5tGZw==}
+
+  '@vitest/mocker@2.1.9':
+    resolution: {integrity: sha512-tVL6uJgoUdi6icpxmdrn5YNo3g3Dxv+IHJBr0GXHaEdTcw3F+cPKnsXFhli6nO+f/6SDKPHEK1UN+k+TQv0Ehg==}
+    peerDependencies:
+      msw: ^2.4.9
+      vite: ^5.0.0
+    peerDependenciesMeta:
+      msw:
+        optional: true
+      vite:
+        optional: true
+
+  '@vitest/pretty-format@2.1.9':
+    resolution: {integrity: sha512-KhRIdGV2U9HOUzxfiHmY8IFHTdqtOhIzCpd8WRdJiE7D/HUcZVD0EgQCVjm+Q9gkUXWgBvMmTtZgIG48wq7sOQ==}
+
+  '@vitest/runner@2.1.9':
+    resolution: {integrity: sha512-ZXSSqTFIrzduD63btIfEyOmNcBmQvgOVsPNPe0jYtESiXkhd8u2erDLnMxmGrDCwHCCHE7hxwRDCT3pt0esT4g==}
+
+  '@vitest/snapshot@2.1.9':
+    resolution: {integrity: sha512-oBO82rEjsxLNJincVhLhaxxZdEtV0EFHMK5Kmx5sJ6H9L183dHECjiefOAdnqpIgT5eZwT04PoggUnW88vOBNQ==}
+
+  '@vitest/spy@2.1.9':
+    resolution: {integrity: sha512-E1B35FwzXXTs9FHNK6bDszs7mtydNi5MIfUWpceJ8Xbfb1gBMscAnwLbEu+B44ed6W3XjL9/ehLPHR1fkf1KLQ==}
+
+  '@vitest/ui@2.1.9':
+    resolution: {integrity: sha512-izzd2zmnk8Nl5ECYkW27328RbQ1nKvkm6Bb5DAaz1Gk59EbLkiCMa6OLT0NoaAYTjOFS6N+SMYW1nh4/9ljPiw==}
+    peerDependencies:
+      vitest: 2.1.9
+
+  '@vitest/utils@2.1.9':
+    resolution: {integrity: sha512-v0psaMSkNJ3A2NMrUEHFRzJtDPFn+/VWZ5WxImB21T9fjucJRmS7xCS3ppEnARb9y11OAzaD+P2Ps+b+BGX5iQ==}
+
   acorn-jsx@5.3.2:
     resolution: {integrity: sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==}
     peerDependencies:
@@ -644,6 +684,10 @@ packages:
     resolution: {integrity: sha512-Z/ZeOgVl7bcSYZ/u/rh0fOpvEpq//LZmdbkXyc7syVzjPAhfOa9ebsdTSjEBDU4vs5nC98Kfduj1uFo0qyET3g==}
     engines: {node: '>= 0.4'}
 
+  assertion-error@2.0.1:
+    resolution: {integrity: sha512-Izi8RQcffqCeNVgFigKli1ssklIbpHnCYc6AknXGYoB6grJqyeby7jv12JUQgmTAnIDnbck1uxksT4dzN3PWBA==}
+    engines: {node: '>=12'}
+
   axobject-query@4.1.0:
     resolution: {integrity: sha512-qIj0G9wZbMGNLjLmg1PT6v2mE9AH2zlnADJD/2tC6E00hgmhUOfEB6greHPAfLRSufHqROIUTkw6E+M3lH0PTQ==}
     engines: {node: '>= 0.4'}
@@ -662,14 +706,26 @@ packages:
     resolution: {integrity: sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==}
     engines: {node: 18 || 20 || >=22}
 
+  cac@6.7.14:
+    resolution: {integrity: sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==}
+    engines: {node: '>=8'}
+
   callsites@3.1.0:
     resolution: {integrity: sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==}
     engines: {node: '>=6'}
 
+  chai@5.3.3:
+    resolution: {integrity: sha512-4zNhdJD/iOjSH0A05ea+Ke6MU5mmpQcbQsSOkgdaUMJ9zTlDTD/GYlwohmIE2u0gaxHYiVHEn1Fw9mZ/ktJWgw==}
+    engines: {node: '>=18'}
+
   chalk@4.1.2:
     resolution: {integrity: sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==}
     engines: {node: '>=10'}
 
+  check-error@2.1.3:
+    resolution: {integrity: sha512-PAJdDJusoxnwm1VwW07VWwUN1sl7smmC3OKggvndJFadxxDRyFJBX/ggnu/KE4kQAB7a3Dp8f/YXC1FlUprWmA==}
+    engines: {node: '>= 16'}
+
   chokidar@4.0.3:
     resolution: {integrity: sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==}
     engines: {node: '>= 14.16.0'}
@@ -710,6 +766,10 @@ packages:
       supports-color:
         optional: true
 
+  deep-eql@5.0.2:
+    resolution: {integrity: sha512-h5k/5U50IJJFpzfL6nO9jaaumfjO/f2NjK/oYB2Djzm4p9L+3T9qWpZqZ2hAbLPuuYq9wrU08WQyBTL5GbPk5Q==}
+    engines: {node: '>=6'}
+
   deep-is@0.1.4:
     resolution: {integrity: sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==}
 
@@ -724,6 +784,9 @@ packages:
   devalue@5.8.1:
     resolution: {integrity: sha512-4CXDYRBGqN+57wVJkuXBYmpAVUSg3L6JAQa/DFqm238G73E1wuyc/JhGQJzN7vUf/CMphYau2zXbfWzDR5aTEw==}
 
+  es-module-lexer@1.7.0:
+    resolution: {integrity: sha512-jEQoCwk8hyb2AZziIOLhDqpm5+2ww5uIE6lkO/6jcOCusfk6LhMHpXXfBLXTZ7Ydyt0j4VoUQv6uGNYbdW+kBA==}
+
   esbuild@0.21.5:
     resolution: {integrity: sha512-mg3OPMV4hXywwpoDxu3Qda5xCKQi+vCTZq8S9J/EpkhB2HzKXq4SNFZE3+NK93JYxc8VMSep+lOUSC/RVKaBqw==}
     engines: {node: '>=12'}
@@ -816,10 +879,17 @@ packages:
     resolution: {integrity: sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==}
     engines: {node: '>=4.0'}
 
+  estree-walker@3.0.3:
+    resolution: {integrity: sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==}
+
   esutils@2.0.3:
     resolution: {integrity: sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==}
     engines: {node: '>=0.10.0'}
 
+  expect-type@1.3.0:
+    resolution: {integrity: sha512-knvyeauYhqjOYvQ66MznSMs83wmHrCycNEN6Ao+2AeYEfxUIkuiVxdEa1qlGEPK+We3n0THiDciYSsCcgW/DoA==}
+    engines: {node: '>=12.0.0'}
+
   fast-deep-equal@3.1.3:
     resolution: {integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==}
 
@@ -838,6 +908,9 @@ packages:
       picomatch:
         optional: true
 
+  fflate@0.8.3:
+    resolution: {integrity: sha512-tbZNuJrLwGUp3zshBtdy4W+ORxZuIh8a5ilyIEQDC5rY1f3U20JMry0Ll3WBzU58EZKsEuJFXhb5gwv8CsPvgA==}
+
   file-entry-cache@8.0.0:
     resolution: {integrity: sha512-XXTUwCvisa5oacNGRP9SfNtYBNAMi+RPwBFmblZEF7N7swHYQS6/Zfk7SRwx4D5j3CH211YNRco1DEMNVfZCnQ==}
     engines: {node: '>=16.0.0'}
@@ -953,6 +1026,9 @@ packages:
   lodash.merge@4.6.2:
     resolution: {integrity: sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==}
 
+  loupe@3.2.1:
+    resolution: {integrity: sha512-CdzqowRJCeLU72bHvWqwRBBlLcMEtIvGrlvef74kMnV2AolS9Y8xUv1I0U/MNAWMhBlKIoyuEgoJ0t/bbwHbLQ==}
+
   magic-string@0.30.21:
     resolution: {integrity: sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ==}
 
@@ -1009,6 +1085,13 @@ packages:
     resolution: {integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==}
     engines: {node: '>=8'}
 
+  pathe@1.1.2:
+    resolution: {integrity: sha512-whLdWMYL2TwI08hn8/ZqAbrVemu0LNaNNJZX73O6qaIdCTfXutsLhMkjdENX0qhsQ9uIimo4/aQOmXkoon2nDQ==}
+
+  pathval@2.0.1:
+    resolution: {integrity: sha512-//nshmD55c46FuFw26xV/xFAaB5HF9Xdap7HJBBnrKdAd6/GxDBaNA1870O79+9ueg61cZLSVc+OaFlfmObYVQ==}
+    engines: {node: '>= 14.16'}
+
   picocolors@1.1.1:
     resolution: {integrity: sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==}
 
@@ -1115,6 +1198,9 @@ packages:
     resolution: {integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==}
     engines: {node: '>=8'}
 
+  siginfo@2.0.0:
+    resolution: {integrity: sha512-ybx0WO1/8bSBLEWXZvEd7gMW3Sn3JFlW3TvX1nREbDLRNQNaeNN8WK0meBwPdAaOI7TtRRRJn/Es1zhrrCHu7g==}
+
   sirv@3.0.2:
     resolution: {integrity: sha512-2wcC/oGxHis/BoHkkPwldgiPSYcpZK3JU28WoMVv55yHJgcZ8rlXvuG9iZggz+sU1d4bRgIGASwyWqjxu3FM0g==}
     engines: {node: '>=18'}
@@ -1123,6 +1209,12 @@ packages:
     resolution: {integrity: sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==}
     engines: {node: '>=0.10.0'}
 
+  stackback@0.0.2:
+    resolution: {integrity: sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==}
+
+  std-env@3.10.0:
+    resolution: {integrity: sha512-5GS12FdOZNliM5mAOxFRg7Ir0pWz8MdpYm6AY6VPkGpbA7ZzmbzNcBJQ0GPvvyWgcY7QAhCgf9Uy89I03faLkg==}
+
   strip-json-comments@3.1.1:
     resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==}
     engines: {node: '>=8'}
@@ -1152,10 +1244,28 @@ packages:
     resolution: {integrity: sha512-4D6lyrMHmDaZalQOEBMCWCCidyZjSnec14/oPn0k627G6goxcck9xqMwz1tFLlQz+ZFvtTTHfFOlUayuAz0z6Q==}
     engines: {node: '>=18'}
 
+  tinybench@2.9.0:
+    resolution: {integrity: sha512-0+DUvqWMValLmha6lr4kD8iAMK1HzV0/aKnCtWb9v9641TnP/MFb7Pc2bxoxQjTXAErryXVgUOfv2YqNllqGeg==}
+
+  tinyexec@0.3.2:
+    resolution: {integrity: sha512-KQQR9yN7R5+OSwaK0XQoj22pwHoTlgYqmUscPYoknOoWCWfj/5/ABTMRi69FrKU5ffPVh5QcFikpWJI/P1ocHA==}
+
   tinyglobby@0.2.16:
     resolution: {integrity: sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==}
     engines: {node: '>=12.0.0'}
 
+  tinypool@1.1.1:
+    resolution: {integrity: sha512-Zba82s87IFq9A9XmjiX5uZA/ARWDrB03OHlq+Vw1fSdt0I+4/Kutwy8BP4Y/y/aORMo61FQ0vIb5j44vSo5Pkg==}
+    engines: {node: ^18.0.0 || >=20.0.0}
+
+  tinyrainbow@1.2.0:
+    resolution: {integrity: sha512-weEDEq7Z5eTHPDh4xjX789+fHfF+P8boiFB+0vbWzpbnbsEr/GRaohi/uMKxg8RZMXnl1ItAi/IUHWMsjDV7kQ==}
+    engines: {node: '>=14.0.0'}
+
+  tinyspy@3.0.2:
+    resolution: {integrity: sha512-n1cw8k1k0x4pgA2+9XrOkFydTerNcJ1zWCO5Nn9scWHTD+5tp8dghT2x1uduQePZTZgd3Tupf+x9BxJjeJi77Q==}
+    engines: {node: '>=14.0.0'}
+
   totalist@3.0.1:
     resolution: {integrity: sha512-sf4i37nQ2LBx4m3wB74y+ubopq6W/dIzXg0FDGjsYnZHVa1Da8FH853wlL2gtUhg+xJXjfk3kUZS3BRoQeoQBQ==}
     engines: {node: '>=6'}
@@ -1191,6 +1301,11 @@ packages:
   util-deprecate@1.0.2:
     resolution: {integrity: sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=}
 
+  vite-node@2.1.9:
+    resolution: {integrity: sha512-AM9aQ/IPrW/6ENLQg3AGY4K1N2TGZdR5e4gu/MmmR2xR3Ll1+dib+nook92g4TV3PXVyeyxdWwtaCAiUL0hMxA==}
+    engines: {node: ^18.0.0 || >=20.0.0}
+    hasBin: true
+
   vite@5.4.21:
     resolution: {integrity: sha512-o5a9xKjbtuhY6Bi5S3+HvbRERmouabWbyUcpXXUA1u+GNUKoROi9byOJ8M0nHbHYHkYICiMlqxkg1KkYmm25Sw==}
     engines: {node: ^18.0.0 || >=20.0.0}
@@ -1230,11 +1345,41 @@ packages:
       vite:
         optional: true
 
+  vitest@2.1.9:
+    resolution: {integrity: sha512-MSmPM9REYqDGBI8439mA4mWhV5sKmDlBKWIYbA3lRb2PTHACE0mgKwA8yQ2xq9vxDTuk4iPrECBAEW2aoFXY0Q==}
+    engines: {node: ^18.0.0 || >=20.0.0}
+    hasBin: true
+    peerDependencies:
+      '@edge-runtime/vm': '*'
+      '@types/node': ^18.0.0 || >=20.0.0
+      '@vitest/browser': 2.1.9
+      '@vitest/ui': 2.1.9
+      happy-dom: '*'
+      jsdom: '*'
+    peerDependenciesMeta:
+      '@edge-runtime/vm':
+        optional: true
+      '@types/node':
+        optional: true
+      '@vitest/browser':
+        optional: true
+      '@vitest/ui':
+        optional: true
+      happy-dom:
+        optional: true
+      jsdom:
+        optional: true
+
   which@2.0.2:
     resolution: {integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==}
     engines: {node: '>= 8'}
     hasBin: true
 
+  why-is-node-running@2.3.0:
+    resolution: {integrity: sha512-hUrmaWBdVDcxvYqnyh09zunKzROWjbZTiNy8dBEjkS7ehEDQibXJ7XvlmtbwuTclUiIyN+CyXQD4Vmko8fNm8w==}
+    engines: {node: '>=8'}
+    hasBin: true
+
   word-wrap@1.2.5:
     resolution: {integrity: sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==}
     engines: {node: '>=0.10.0'}
@@ -1700,6 +1845,57 @@ snapshots:
       '@typescript-eslint/types': 8.59.4
       eslint-visitor-keys: 5.0.1
 
+  '@vitest/expect@2.1.9':
+    dependencies:
+      '@vitest/spy': 2.1.9
+      '@vitest/utils': 2.1.9
+      chai: 5.3.3
+      tinyrainbow: 1.2.0
+
+  '@vitest/mocker@2.1.9(vite@5.4.21(sass@1.99.0))':
+    dependencies:
+      '@vitest/spy': 2.1.9
+      estree-walker: 3.0.3
+      magic-string: 0.30.21
+    optionalDependencies:
+      vite: 5.4.21(sass@1.99.0)
+
+  '@vitest/pretty-format@2.1.9':
+    dependencies:
+      tinyrainbow: 1.2.0
+
+  '@vitest/runner@2.1.9':
+    dependencies:
+      '@vitest/utils': 2.1.9
+      pathe: 1.1.2
+
+  '@vitest/snapshot@2.1.9':
+    dependencies:
+      '@vitest/pretty-format': 2.1.9
+      magic-string: 0.30.21
+      pathe: 1.1.2
+
+  '@vitest/spy@2.1.9':
+    dependencies:
+      tinyspy: 3.0.2
+
+  '@vitest/ui@2.1.9(vitest@2.1.9)':
+    dependencies:
+      '@vitest/utils': 2.1.9
+      fflate: 0.8.3
+      flatted: 3.4.2
+      pathe: 1.1.2
+      sirv: 3.0.2
+      tinyglobby: 0.2.16
+      tinyrainbow: 1.2.0
+      vitest: 2.1.9(@vitest/ui@2.1.9)(sass@1.99.0)
+
+  '@vitest/utils@2.1.9':
+    dependencies:
+      '@vitest/pretty-format': 2.1.9
+      loupe: 3.2.1
+      tinyrainbow: 1.2.0
+
   acorn-jsx@5.3.2(acorn@8.16.0):
     dependencies:
       acorn: 8.16.0
@@ -1721,6 +1917,8 @@ snapshots:
 
   aria-query@5.3.1: {}
 
+  assertion-error@2.0.1: {}
+
   axobject-query@4.1.0: {}
 
   balanced-match@1.0.2: {}
@@ -1736,13 +1934,25 @@ snapshots:
     dependencies:
       balanced-match: 4.0.4
 
+  cac@6.7.14: {}
+
   callsites@3.1.0: {}
 
+  chai@5.3.3:
+    dependencies:
+      assertion-error: 2.0.1
+      check-error: 2.1.3
+      deep-eql: 5.0.2
+      loupe: 3.2.1
+      pathval: 2.0.1
+
   chalk@4.1.2:
     dependencies:
       ansi-styles: 4.3.0
       supports-color: 7.2.0
 
+  check-error@2.1.3: {}
+
   chokidar@4.0.3:
     dependencies:
       readdirp: 4.1.2
@@ -1771,6 +1981,8 @@ snapshots:
     dependencies:
       ms: 2.1.3
 
+  deep-eql@5.0.2: {}
+
   deep-is@0.1.4: {}
 
   deepmerge@4.3.1: {}
@@ -1780,6 +1992,8 @@ snapshots:
 
   devalue@5.8.1: {}
 
+  es-module-lexer@1.7.0: {}
+
   esbuild@0.21.5:
     optionalDependencies:
       '@esbuild/aix-ppc64': 0.21.5
@@ -1921,8 +2135,14 @@ snapshots:
 
   estraverse@5.3.0: {}
 
+  estree-walker@3.0.3:
+    dependencies:
+      '@types/estree': 1.0.9
+
   esutils@2.0.3: {}
 
+  expect-type@1.3.0: {}
+
   fast-deep-equal@3.1.3: {}
 
   fast-json-stable-stringify@2.1.0: {}
@@ -1933,6 +2153,8 @@ snapshots:
     optionalDependencies:
       picomatch: 4.0.4
 
+  fflate@0.8.3: {}
+
   file-entry-cache@8.0.0:
     dependencies:
       flat-cache: 4.0.1
@@ -2023,6 +2245,8 @@ snapshots:
 
   lodash.merge@4.6.2: {}
 
+  loupe@3.2.1: {}
+
   magic-string@0.30.21:
     dependencies:
       '@jridgewell/sourcemap-codec': 1.5.5
@@ -2073,6 +2297,10 @@ snapshots:
 
   path-key@3.1.1: {}
 
+  pathe@1.1.2: {}
+
+  pathval@2.0.1: {}
+
   picocolors@1.1.1: {}
 
   picomatch@4.0.4: {}
@@ -2179,6 +2407,8 @@ snapshots:
 
   shebang-regex@3.0.0: {}
 
+  siginfo@2.0.0: {}
+
   sirv@3.0.2:
     dependencies:
       '@polka/url': 1.0.0-next.29
@@ -2187,6 +2417,10 @@ snapshots:
 
   source-map-js@1.2.1: {}
 
+  stackback@0.0.2: {}
+
+  std-env@3.10.0: {}
+
   strip-json-comments@3.1.1: {}
 
   supports-color@7.2.0:
@@ -2236,11 +2470,21 @@ snapshots:
     transitivePeerDependencies:
       - '@typescript-eslint/types'
 
+  tinybench@2.9.0: {}
+
+  tinyexec@0.3.2: {}
+
   tinyglobby@0.2.16:
     dependencies:
       fdir: 6.5.0(picomatch@4.0.4)
       picomatch: 4.0.4
 
+  tinypool@1.1.1: {}
+
+  tinyrainbow@1.2.0: {}
+
+  tinyspy@3.0.2: {}
+
   totalist@3.0.1: {}
 
   ts-api-utils@2.5.0(typescript@5.9.3):
@@ -2272,6 +2516,24 @@ snapshots:
 
   util-deprecate@1.0.2: {}
 
+  vite-node@2.1.9(sass@1.99.0):
+    dependencies:
+      cac: 6.7.14
+      debug: 4.4.3
+      es-module-lexer: 1.7.0
+      pathe: 1.1.2
+      vite: 5.4.21(sass@1.99.0)
+    transitivePeerDependencies:
+      - '@types/node'
+      - less
+      - lightningcss
+      - sass
+      - sass-embedded
+      - stylus
+      - sugarss
+      - supports-color
+      - terser
+
   vite@5.4.21(sass@1.99.0):
     dependencies:
       esbuild: 0.21.5
@@ -2285,10 +2547,50 @@ snapshots:
     optionalDependencies:
       vite: 5.4.21(sass@1.99.0)
 
+  vitest@2.1.9(@vitest/ui@2.1.9)(sass@1.99.0):
+    dependencies:
+      '@vitest/expect': 2.1.9
+      '@vitest/mocker': 2.1.9(vite@5.4.21(sass@1.99.0))
+      '@vitest/pretty-format': 2.1.9
+      '@vitest/runner': 2.1.9
+      '@vitest/snapshot': 2.1.9
+      '@vitest/spy': 2.1.9
+      '@vitest/utils': 2.1.9
+      chai: 5.3.3
+      debug: 4.4.3
+      expect-type: 1.3.0
+      magic-string: 0.30.21
+      pathe: 1.1.2
+      std-env: 3.10.0
+      tinybench: 2.9.0
+      tinyexec: 0.3.2
+      tinypool: 1.1.1
+      tinyrainbow: 1.2.0
+      vite: 5.4.21(sass@1.99.0)
+      vite-node: 2.1.9(sass@1.99.0)
+      why-is-node-running: 2.3.0
+    optionalDependencies:
+      '@vitest/ui': 2.1.9(vitest@2.1.9)
+    transitivePeerDependencies:
+      - less
+      - lightningcss
+      - msw
+      - sass
+      - sass-embedded
+      - stylus
+      - sugarss
+      - supports-color
+      - terser
+
   which@2.0.2:
     dependencies:
       isexe: 2.0.0
 
+  why-is-node-running@2.3.0:
+    dependencies:
+      siginfo: 2.0.0
+      stackback: 0.0.2
+
   word-wrap@1.2.5: {}
 
   yaml@1.10.3: {}
diff --git a/web/src/app.scss b/web/src/app.scss
index 85ef6fd..f76ef93 100644
--- a/web/src/app.scss
+++ b/web/src/app.scss
@@ -1,3 +1,5 @@
+@use '$lib/design/tokens.scss';
+
 * {
   box-sizing: border-box;
 }
diff --git a/web/src/lib/api/client.test.ts b/web/src/lib/api/client.test.ts
new file mode 100644
index 0000000..1ce1fb0
--- /dev/null
+++ b/web/src/lib/api/client.test.ts
@@ -0,0 +1,59 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { z } from 'zod';
+import { apiClient, ApiError } from './client';
+
+const fetchMock = vi.fn();
+beforeEach(() => {
+  fetchMock.mockReset();
+  vi.stubGlobal('fetch', fetchMock);
+});
+
+const SampleSchema = z.object({ ok: z.literal(true), n: z.number() });
+
+describe('apiClient', () => {
+  it('parses JSON success against schema', async () => {
+    fetchMock.mockResolvedValueOnce(
+      new Response(JSON.stringify({ ok: true, n: 42 }), {
+        status: 200,
+        headers: { 'content-type': 'application/json' }
+      })
+    );
+    const out = await apiClient({
+      method: 'GET',
+      path: '/api/sample',
+      responseSchema: SampleSchema
+    });
+    expect(out).toEqual({ ok: true, n: 42 });
+  });
+
+  it('throws ApiError on schema mismatch', async () => {
+    fetchMock.mockResolvedValueOnce(
+      new Response(JSON.stringify({ ok: false }), {
+        status: 200,
+        headers: { 'content-type': 'application/json' }
+      })
+    );
+    await expect(
+      apiClient({ method: 'GET', path: '/api/sample', responseSchema: SampleSchema })
+    ).rejects.toBeInstanceOf(ApiError);
+  });
+
+  it('throws ApiError on non-2xx with backend error envelope', async () => {
+    fetchMock.mockResolvedValueOnce(
+      new Response(JSON.stringify({ error: 'unauthenticated' }), {
+        status: 401,
+        headers: { 'content-type': 'application/json' }
+      })
+    );
+    await expect(apiClient({ method: 'GET', path: '/api/sample' })).rejects.toMatchObject({
+      status: 401,
+      code: 'unauthenticated'
+    });
+  });
+
+  it('returns undefined on 204', async () => {
+    fetchMock.mockResolvedValueOnce(new Response(null, { status: 204 }));
+    const out = await apiClient({ method: 'POST', path: '/api/logout' });
+    expect(out).toBeUndefined();
+  });
+});
diff --git a/web/src/lib/api/client.ts b/web/src/lib/api/client.ts
new file mode 100644
index 0000000..ce11fa4
--- /dev/null
+++ b/web/src/lib/api/client.ts
@@ -0,0 +1,85 @@
+import type { ZodSchema } from 'zod';
+import { ApiErrorBodySchema, type ApiErrorBody } from '$lib/types/nav';
+
+export class ApiError extends Error {
+  readonly status: number;
+  readonly code: string;
+  readonly fields?: Record<string, string>;
+
+  constructor(status: number, body: ApiErrorBody) {
+    super(body.message ?? body.error);
+    this.name = 'ApiError';
+    this.status = status;
+    this.code = body.error;
+    this.fields = body.fields;
+  }
+}
+
+type Method = 'GET' | 'POST' | 'PATCH' | 'DELETE';
+
+export interface ApiCallOptions<TRes> {
+  method: Method;
+  path: string;
+  body?: unknown;
+  responseSchema?: ZodSchema<TRes>;
+  signal?: AbortSignal;
+}
+
+export async function apiClient<TRes = void>(opts: ApiCallOptions<TRes>): Promise<TRes> {
+  const { method, path, body, responseSchema, signal } = opts;
+  const headers: Record<string, string> = {};
+  let serializedBody: BodyInit | undefined;
+
+  if (body !== undefined) {
+    if (body instanceof FormData) {
+      serializedBody = body; // multipart upload
+    } else {
+      headers['Content-Type'] = 'application/json';
+      serializedBody = JSON.stringify(body);
+    }
+  }
+
+  const res = await fetch(path, {
+    method,
+    headers,
+    body: serializedBody,
+    credentials: 'same-origin',
+    signal
+  });
+
+  if (!res.ok) {
+    let errBody: ApiErrorBody = { error: 'unknown', message: res.statusText };
+    try {
+      const json = await res.json();
+      const parsed = ApiErrorBodySchema.safeParse(json);
+      if (parsed.success) errBody = parsed.data;
+    } catch {
+      // body wasn't JSON — keep statusText fallback
+    }
+    throw new ApiError(res.status, errBody);
+  }
+
+  // 204 No Content
+  if (res.status === 204) {
+    return undefined as TRes;
+  }
+
+  const contentType = res.headers.get('content-type') ?? '';
+  if (contentType.includes('application/json')) {
+    const json: unknown = await res.json();
+    if (responseSchema) {
+      const parsed = responseSchema.safeParse(json);
+      if (!parsed.success) {
+        throw new ApiError(res.status, {
+          error: 'schema_mismatch',
+          message: parsed.error.issues.map((i) => `${i.path.join('.')}: ${i.message}`).join('; ')
+        });
+      }
+      return parsed.data;
+    }
+    return json as TRes;
+  }
+
+  // Non-JSON success (e.g. /api/favicon returning image/*) — return raw response
+  return res as unknown as TRes;
+}
diff --git a/web/src/lib/components/ui/Button.svelte b/web/src/lib/components/ui/Button.svelte
new file mode 100644
index 0000000..67dd6cf
--- /dev/null
+++ b/web/src/lib/components/ui/Button.svelte
@@ -0,0 +1,127 @@
+<!-- web/src/lib/components/ui/Button.svelte -->
+<script lang="ts">
+  type Intent = 'primary' | 'secondary' | 'ghost' | 'danger';
+  type Size = 'sm' | 'md' | 'lg';
+
+  interface Props {
+    intent?: Intent;
+    size?: Size;
+    type?: 'button' | 'submit' | 'reset';
+    disabled?: boolean;
+    loading?: boolean;
+    fullWidth?: boolean;
+    onclick?: (e: MouseEvent) => void;
+    children?: import('svelte').Snippet;
+  }
+
+  let {
+    intent = 'primary',
+    size = 'md',
+    type = 'button',
+    disabled = false,
+    loading = false,
+    fullWidth = false,
+    onclick,
+    children
+  }: Props = $props();
+</script>
+
+<button
+  {type}
+  class="btn intent-{intent} size-{size}"
+  class:full-width={fullWidth}
+  class:loading
+  disabled={disabled || loading}
+  {onclick}
+>
+  {#if children}{@render children()}{/if}
+</button>
+
+<style lang="scss">
+  .btn {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    gap: var(--sp-2);
+    padding: 0 var(--sp-4);
+    border: 1px solid transparent;
+    border-radius: var(--rd-md);
+    font-family: var(--ft-sans);
+    font-weight: var(--fw-medium);
+    line-height: 1;
+    cursor: pointer;
+    transition:
+      background var(--tr-fast),
+      border-color var(--tr-fast),
+      color var(--tr-fast),
+      box-shadow var(--tr-fast);
+    user-select: none;
+
+    &:disabled {
+      opacity: 0.55;
+      cursor: not-allowed;
+    }
+
+    &.full-width {
+      width: 100%;
+    }
+
+    &.loading {
+      cursor: progress;
+    }
+  }
+
+  .size-sm {
+    height: 28px;
+    font-size: var(--fs-sm);
+    padding: 0 var(--sp-3);
+  }
+
+  .size-md {
+    height: 36px;
+    font-size: var(--fs-md);
+  }
+
+  .size-lg {
+    height: 44px;
+    font-size: var(--fs-md);
+    padding: 0 var(--sp-5);
+  }
+
+  .intent-primary {
+    background: var(--c-accent);
+    color: white;
+
+    &:hover:not(:disabled) {
+      background: var(--c-accent-hover);
+    }
+  }
+
+  .intent-secondary {
+    background: var(--c-surface);
+    color: var(--c-text);
+    border-color: var(--c-border);
+
+    &:hover:not(:disabled) {
+      background: var(--c-surface-2);
+    }
+  }
+
+  .intent-ghost {
+    background: transparent;
+    color: var(--c-text);
+
+    &:hover:not(:disabled) {
+      background: var(--c-surface-2);
+    }
+  }
+
+  .intent-danger {
+    background: var(--c-danger);
+    color: white;
+
+    &:hover:not(:disabled) {
+      filter: brightness(1.05);
+    }
+  }
+</style>
diff --git a/web/src/lib/components/ui/Card.svelte b/web/src/lib/components/ui/Card.svelte
new file mode 100644
index 0000000..20b5f77
--- /dev/null
+++ b/web/src/lib/components/ui/Card.svelte
@@ -0,0 +1,46 @@
+<!-- web/src/lib/components/ui/Card.svelte -->
+<script lang="ts">
+  interface Props {
+    elevation?: 'flat' | 'sm' | 'md';
+    padding?: 'none' | 'sm' | 'md' | 'lg';
+    children?: import('svelte').Snippet;
+  }
+
+  let { elevation = 'sm', padding = 'md', children }: Props = $props();
+</script>
+
+<div class="card elevation-{elevation} padding-{padding}">
+  {#if children}{@render children()}{/if}
+</div>
+
+<style lang="scss">
+  .card {
+    background: var(--c-surface);
+    color: var(--c-text);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-lg);
+  }
+
+  .elevation-flat {
+    box-shadow: none;
+  }
+  .elevation-sm {
+    box-shadow: var(--sh-sm);
+  }
+  .elevation-md {
+    box-shadow: var(--sh-md);
+  }
+
+  .padding-none {
+    padding: 0;
+  }
+  .padding-sm {
+    padding: var(--sp-3);
+  }
+  .padding-md {
+    padding: var(--sp-4);
+  }
+  .padding-lg {
+    padding: var(--sp-5);
+  }
+</style>
diff --git a/web/src/lib/components/ui/Chip.svelte b/web/src/lib/components/ui/Chip.svelte
new file mode 100644
index 0000000..c9fd3a4
--- /dev/null
+++ b/web/src/lib/components/ui/Chip.svelte
@@ -0,0 +1,83 @@
+<!-- web/src/lib/components/ui/Chip.svelte -->
+<script lang="ts">
+  interface Props {
+    label: string;
+    active?: boolean;
+    removable?: boolean;
+    onSelect?: () => void;
+    onRemove?: () => void;
+  }
+
+  let { label, active = false, removable = false, onSelect, onRemove }: Props = $props();
+</script>
+
+<button type="button" class="chip" class:active aria-pressed={active} onclick={onSelect}>
+  <span class="label">{label}</span>
+  {#if removable}
+    <span
+      class="x"
+      role="button"
+      aria-label="Remove"
+      tabindex="0"
+      onclick={(e) => {
+        e.stopPropagation();
+        onRemove?.();
+      }}
+      onkeydown={(e) => {
+        if (e.key === 'Enter' || e.key === ' ') {
+          e.preventDefault();
+          e.stopPropagation();
+          onRemove?.();
+        }
+      }}>×</span
+    >
+  {/if}
+</button>
+
+<style lang="scss">
+  .chip {
+    display: inline-flex;
+    align-items: center;
+    gap: var(--sp-1);
+    height: 26px;
+    padding: 0 var(--sp-3);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-pill);
+    background: var(--c-surface);
+    color: var(--c-text-2);
+    font-size: var(--fs-xs);
+    font-weight: var(--fw-medium);
+    cursor: pointer;
+    transition:
+      background var(--tr-fast),
+      color var(--tr-fast),
+      border-color var(--tr-fast);
+
+    &:hover {
+      color: var(--c-text);
+      border-color: var(--c-text-3);
+    }
+
+    &.active {
+      background: var(--c-accent-bg);
+      color: var(--c-accent);
+      border-color: transparent;
+    }
+  }
+
+  .x {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    width: 16px;
+    height: 16px;
+    margin-left: var(--sp-1);
+    border-radius: var(--rd-pill);
+    color: inherit;
+    cursor: pointer;
+
+    &:hover {
+      background: rgba(0, 0, 0, 0.08);
+    }
+  }
+</style>
diff --git a/web/src/lib/components/ui/Dialog.svelte b/web/src/lib/components/ui/Dialog.svelte
new file mode 100644
index 0000000..018efc9
--- /dev/null
+++ b/web/src/lib/components/ui/Dialog.svelte
@@ -0,0 +1,159 @@
+<!-- web/src/lib/components/ui/Dialog.svelte -->
+<script lang="ts">
+  interface Props {
+    open: boolean;
+    title?: string;
+    description?: string;
+    width?: 'sm' | 'md' | 'lg';
+    onClose?: () => void;
+    children?: import('svelte').Snippet;
+    footer?: import('svelte').Snippet;
+  }
+
+  let {
+    open = $bindable(false),
+    title,
+    description,
+    width = 'md',
+    onClose,
+    children,
+    footer
+  }: Props = $props();
+
+  let dialogEl: HTMLDivElement | undefined = $state();
+
+  function close() {
+    open = false;
+    onClose?.();
+  }
+
+  function onBackdropClick(e: MouseEvent) {
+    if (e.target === e.currentTarget) close();
+  }
+
+  function onKey(e: KeyboardEvent) {
+    if (!open) return;
+    if (e.key === 'Escape') {
+      e.stopPropagation();
+      close();
+    }
+  }
+
+  $effect(() => {
+    if (!open) return;
+    const prevOverflow = document.body.style.overflow;
+    document.body.style.overflow = 'hidden';
+    // Initial focus on first focusable child
+    requestAnimationFrame(() => {
+      const target = dialogEl?.querySelector<HTMLElement>(
+        'button, [href], input, textarea, select, [tabindex]:not([tabindex="-1"])'
+      );
+      target?.focus();
+    });
+    return () => {
+      document.body.style.overflow = prevOverflow;
+    };
+  });
+</script>
+
+<svelte:window onkeydown={onKey} />
+
+{#if open}
+  <div
+    class="backdrop"
+    role="presentation"
+    onclick={onBackdropClick}
+    onkeydown={() => {}}
+    aria-hidden="false"
+  >
+    <div
+      bind:this={dialogEl}
+      class="dialog width-{width}"
+      role="dialog"
+      aria-modal="true"
+      aria-labelledby={title ? 'dialog-title' : undefined}
+      aria-describedby={description ? 'dialog-desc' : undefined}
+    >
+      {#if title}
+        <header class="header">
+          <h2 id="dialog-title" class="title">{title}</h2>
+          {#if description}<p id="dialog-desc" class="desc">{description}</p>{/if}
+        </header>
+      {/if}
+      <div class="body">
+        {#if children}{@render children()}{/if}
+      </div>
+      {#if footer}
+        <footer class="footer">{@render footer()}</footer>
+      {/if}
+    </div>
+  </div>
+{/if}
+
+<style lang="scss">
+  .backdrop {
+    position: fixed;
+    inset: 0;
+    background: rgba(0, 0, 0, 0.5);
+    backdrop-filter: blur(2px);
+    z-index: 1000;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    padding: var(--sp-4);
+  }
+
+  .dialog {
+    background: var(--c-surface);
+    color: var(--c-text);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-lg);
+    box-shadow: var(--sh-lg);
+    width: 100%;
+    max-height: calc(100vh - var(--sp-8));
+    overflow: hidden;
+    display: flex;
+    flex-direction: column;
+  }
+
+  .width-sm {
+    max-width: 360px;
+  }
+  .width-md {
+    max-width: 520px;
+  }
+  .width-lg {
+    max-width: 720px;
+  }
+
+  .header {
+    padding: var(--sp-5) var(--sp-5) var(--sp-3);
+    border-bottom: 1px solid var(--c-border);
+  }
+
+  .title {
+    margin: 0;
+    font-size: var(--fs-lg);
+    font-weight: var(--fw-semibold);
+  }
+
+  .desc {
+    margin: var(--sp-1) 0 0;
+    color: var(--c-text-2);
+    font-size: var(--fs-sm);
+  }
+
+  .body {
+    padding: var(--sp-5);
+    overflow-y: auto;
+  }
+
+  .footer {
+    padding: var(--sp-3) var(--sp-5);
+    border-top: 1px solid var(--c-border);
+    display: flex;
+    justify-content: flex-end;
+    gap: var(--sp-2);
+    background: var(--c-surface-2);
+  }
+</style>
diff --git a/web/src/lib/components/ui/IconButton.svelte b/web/src/lib/components/ui/IconButton.svelte
new file mode 100644
index 0000000..f7da004
--- /dev/null
+++ b/web/src/lib/components/ui/IconButton.svelte
@@ -0,0 +1,88 @@
+<!-- web/src/lib/components/ui/IconButton.svelte -->
+<script lang="ts">
+  interface Props {
+    label: string; // aria-label, required (icon-only button)
+    type?: 'button' | 'submit' | 'reset';
+    disabled?: boolean;
+    size?: 'sm' | 'md' | 'lg';
+    intent?: 'ghost' | 'subtle';
+    onclick?: (e: MouseEvent) => void;
+    children?: import('svelte').Snippet;
+  }
+
+  let {
+    label,
+    type = 'button',
+    disabled = false,
+    size = 'md',
+    intent = 'ghost',
+    onclick,
+    children
+  }: Props = $props();
+</script>
+
+<button
+  {type}
+  aria-label={label}
+  title={label}
+  class="icon-btn size-{size} intent-{intent}"
+  {disabled}
+  {onclick}
+>
+  {#if children}{@render children()}{/if}
+</button>
+
+<style lang="scss">
+  .icon-btn {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    border: 1px solid transparent;
+    border-radius: var(--rd-md);
+    cursor: pointer;
+    color: var(--c-text-2);
+    transition:
+      background var(--tr-fast),
+      color var(--tr-fast);
+
+    &:disabled {
+      opacity: 0.5;
+      cursor: not-allowed;
+    }
+
+    &:hover:not(:disabled) {
+      color: var(--c-text);
+    }
+  }
+
+  .size-sm {
+    width: 28px;
+    height: 28px;
+  }
+
+  .size-md {
+    width: 36px;
+    height: 36px;
+  }
+
+  .size-lg {
+    width: 44px;
+    height: 44px;
+  }
+
+  .intent-ghost {
+    background: transparent;
+
+    &:hover:not(:disabled) {
+      background: var(--c-surface-2);
+    }
+  }
+
+  .intent-subtle {
+    background: var(--c-surface-2);
+
+    &:hover:not(:disabled) {
+      background: var(--c-border);
+    }
+  }
+</style>
diff --git a/web/src/lib/components/ui/Input.svelte b/web/src/lib/components/ui/Input.svelte
new file mode 100644
index 0000000..d70c32c
--- /dev/null
+++ b/web/src/lib/components/ui/Input.svelte
@@ -0,0 +1,152 @@
+<!-- web/src/lib/components/ui/Input.svelte -->
+<script lang="ts">
+  import type { HTMLInputAttributes } from 'svelte/elements';
+
+  interface Props {
+    value?: string;
+    type?: 'text' | 'password' | 'email' | 'search' | 'url';
+    placeholder?: string;
+    disabled?: boolean;
+    invalid?: boolean;
+    helpText?: string;
+    errorText?: string;
+    label?: string;
+    id?: string;
+    name?: string;
+    autocomplete?: HTMLInputAttributes['autocomplete'];
+    fullWidth?: boolean;
+    leadingIcon?: import('svelte').Snippet;
+    oninput?: (e: Event) => void;
+    onchange?: (e: Event) => void;
+  }
+
+  let {
+    value = $bindable(''),
+    type = 'text',
+    placeholder,
+    disabled = false,
+    invalid = false,
+    helpText,
+    errorText,
+    label,
+    id,
+    name,
+    autocomplete,
+    fullWidth = true,
+    leadingIcon,
+    oninput,
+    onchange
+  }: Props = $props();
+
+  const inputId = $derived(id ?? `inp-${Math.random().toString(36).slice(2, 9)}`);
+  const showError = $derived(invalid && !!errorText);
+</script>
+
+<div class="field" class:full-width={fullWidth}>
+  {#if label}<label class="label" for={inputId}>{label}</label>{/if}
+  <div class="control" class:invalid>
+    {#if leadingIcon}
+      <span class="leading">{@render leadingIcon()}</span>
+    {/if}
+    <input
+      id={inputId}
+      {type}
+      {placeholder}
+      {disabled}
+      {name}
+      {autocomplete}
+      bind:value
+      {oninput}
+      {onchange}
+      aria-invalid={invalid}
+      aria-describedby={showError ? `${inputId}-err` : helpText ? `${inputId}-help` : undefined}
+    />
+  </div>
+  {#if showError}
+    <p id="{inputId}-err" class="error">{errorText}</p>
+  {:else if helpText}
+    <p id="{inputId}-help" class="help">{helpText}</p>
+  {/if}
+</div>
+
+<style lang="scss">
+  .field {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-1);
+
+    &.full-width {
+      width: 100%;
+    }
+  }
+
+  .label {
+    font-size: var(--fs-sm);
+    font-weight: var(--fw-medium);
+    color: var(--c-text-2);
+  }
+
+  .control {
+    display: flex;
+    align-items: center;
+    background: var(--c-surface);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-md);
+    transition:
+      border-color var(--tr-fast),
+      box-shadow var(--tr-fast);
+
+    &:focus-within {
+      border-color: var(--c-accent);
+      box-shadow: 0 0 0 3px var(--c-accent-bg);
+    }
+
+    &.invalid {
+      border-color: var(--c-danger);
+
+      &:focus-within {
+        box-shadow: 0 0 0 3px var(--c-danger-bg);
+      }
+    }
+  }
+
+  .leading {
+    display: inline-flex;
+    align-items: center;
+    padding: 0 var(--sp-2) 0 var(--sp-3);
+    color: var(--c-text-3);
+  }
+
+  input {
+    flex: 1;
+    border: 0;
+    outline: 0;
+    background: transparent;
+    color: var(--c-text);
+    padding: 0 var(--sp-3);
+    height: 36px;
+    font-size: var(--fs-md);
+    font-family: inherit;
+
+    &::placeholder {
+      color: var(--c-text-3);
+    }
+
+    &:disabled {
+      opacity: 0.6;
+      cursor: not-allowed;
+    }
+  }
+
+  .help {
+    font-size: var(--fs-xs);
+    color: var(--c-text-3);
+    margin: 0;
+  }
+
+  .error {
+    font-size: var(--fs-xs);
+    color: var(--c-danger);
+    margin: 0;
+  }
+</style>
diff --git a/web/src/lib/components/ui/Menu.svelte b/web/src/lib/components/ui/Menu.svelte
new file mode 100644
index 0000000..6c728ca
--- /dev/null
+++ b/web/src/lib/components/ui/Menu.svelte
@@ -0,0 +1,121 @@
+<!-- web/src/lib/components/ui/Menu.svelte -->
+<script lang="ts">
+  interface MenuItem {
+    label: string;
+    onSelect: () => void;
+    disabled?: boolean;
+    intent?: 'default' | 'danger';
+  }
+
+  interface Props {
+    open: boolean;
+    x: number; // viewport coords
+    y: number;
+    items: MenuItem[];
+    onClose?: () => void;
+  }
+
+  let { open = $bindable(false), x, y, items, onClose }: Props = $props();
+
+  let menuEl: HTMLDivElement | undefined = $state();
+  let focusedIdx = $state(0);
+
+  function close() {
+    open = false;
+    onClose?.();
+  }
+
+  function onSelect(i: number) {
+    const it = items[i];
+    if (!it || it.disabled) return;
+    it.onSelect();
+    close();
+  }
+
+  function onKey(e: KeyboardEvent) {
+    if (!open) return;
+    if (e.key === 'Escape') {
+      e.preventDefault();
+      close();
+    } else if (e.key === 'ArrowDown') {
+      e.preventDefault();
+      focusedIdx = Math.min(focusedIdx + 1, items.length - 1);
+    } else if (e.key === 'ArrowUp') {
+      e.preventDefault();
+      focusedIdx = Math.max(focusedIdx - 1, 0);
+    } else if (e.key === 'Enter') {
+      e.preventDefault();
+      onSelect(focusedIdx);
+    }
+  }
+
+  $effect(() => {
+    if (!open) return;
+    focusedIdx = 0;
+    requestAnimationFrame(() => menuEl?.focus());
+  });
+
+  function onWindowClick(e: MouseEvent) {
+    if (!open || !menuEl) return;
+    if (!menuEl.contains(e.target as Node)) close();
+  }
+</script>
+
+<svelte:window onkeydown={onKey} onclick={onWindowClick} />
+
+{#if open}
+  <div bind:this={menuEl} class="menu" role="menu" tabindex="-1" style="left: {x}px; top: {y}px">
+    {#each items as it, i (it.label)}
+      <button
+        class="item intent-{it.intent ?? 'default'}"
+        class:focused={i === focusedIdx}
+        role="menuitem"
+        disabled={it.disabled}
+        onclick={() => onSelect(i)}
+        onmouseenter={() => (focusedIdx = i)}>{it.label}</button
+      >
+    {/each}
+  </div>
+{/if}
+
+<style lang="scss">
+  .menu {
+    position: fixed;
+    background: var(--c-surface);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-md);
+    box-shadow: var(--sh-md);
+    padding: var(--sp-1);
+    min-width: 180px;
+    z-index: 1200;
+    outline: none;
+  }
+
+  .item {
+    display: block;
+    width: 100%;
+    text-align: left;
+    padding: var(--sp-2) var(--sp-3);
+    border: 0;
+    border-radius: var(--rd-sm);
+    background: transparent;
+    color: var(--c-text);
+    font-size: var(--fs-sm);
+    cursor: pointer;
+
+    &:disabled {
+      color: var(--c-text-3);
+      cursor: not-allowed;
+    }
+
+    &.focused:not(:disabled) {
+      background: var(--c-accent-bg);
+      color: var(--c-accent);
+    }
+
+    &.intent-danger:not(:disabled).focused {
+      background: var(--c-danger-bg);
+      color: var(--c-danger);
+    }
+  }
+</style>
diff --git a/web/src/lib/components/ui/Skeleton.svelte b/web/src/lib/components/ui/Skeleton.svelte
new file mode 100644
index 0000000..59a3f45
--- /dev/null
+++ b/web/src/lib/components/ui/Skeleton.svelte
@@ -0,0 +1,53 @@
+<!-- web/src/lib/components/ui/Skeleton.svelte -->
+<script lang="ts">
+  interface Props {
+    width?: string;
+    height?: string;
+    rounded?: 'sm' | 'md' | 'pill';
+  }
+
+  let { width = '100%', height = '14px', rounded = 'sm' }: Props = $props();
+</script>
+
+<span class="skeleton rd-{rounded}" style="width: {width}; height: {height}" aria-hidden="true"
+></span>
+
+<style lang="scss">
+  @keyframes shimmer {
+    0% {
+      background-position: -200px 0;
+    }
+    100% {
+      background-position: calc(200px + 100%) 0;
+    }
+  }
+
+  .skeleton {
+    display: inline-block;
+    background: linear-gradient(
+      90deg,
+      var(--c-surface-2) 0px,
+      var(--c-border) 80px,
+      var(--c-surface-2) 160px
+    );
+    background-size: 200px 100%;
+    background-repeat: no-repeat;
+    animation: shimmer 1.4s ease-in-out infinite;
+  }
+
+  @media (prefers-reduced-motion: reduce) {
+    .skeleton {
+      animation: none;
+    }
+  }
+
+  .rd-sm {
+    border-radius: var(--rd-sm);
+  }
+  .rd-md {
+    border-radius: var(--rd-md);
+  }
+  .rd-pill {
+    border-radius: var(--rd-pill);
+  }
+</style>
diff --git a/web/src/lib/components/ui/Switch.svelte b/web/src/lib/components/ui/Switch.svelte
new file mode 100644
index 0000000..926137f
--- /dev/null
+++ b/web/src/lib/components/ui/Switch.svelte
@@ -0,0 +1,85 @@
+<!-- web/src/lib/components/ui/Switch.svelte -->
+<script lang="ts">
+  interface Props {
+    checked?: boolean;
+    label?: string;
+    disabled?: boolean;
+    onchange?: (checked: boolean) => void;
+  }
+
+  let { checked = $bindable(false), label, disabled = false, onchange }: Props = $props();
+
+  function toggle() {
+    if (disabled) return;
+    checked = !checked;
+    onchange?.(checked);
+  }
+</script>
+
+<label class="row" class:disabled>
+  <button
+    type="button"
+    role="switch"
+    aria-checked={checked}
+    aria-label={label}
+    class="track"
+    class:on={checked}
+    {disabled}
+    onclick={toggle}
+  >
+    <span class="thumb"></span>
+  </button>
+  {#if label}<span class="label">{label}</span>{/if}
+</label>
+
+<style lang="scss">
+  .row {
+    display: inline-flex;
+    align-items: center;
+    gap: var(--sp-2);
+    cursor: pointer;
+    user-select: none;
+
+    &.disabled {
+      cursor: not-allowed;
+      opacity: 0.6;
+    }
+  }
+
+  .track {
+    position: relative;
+    width: 36px;
+    height: 20px;
+    border: 0;
+    border-radius: var(--rd-pill);
+    background: var(--c-border);
+    transition: background var(--tr-fast);
+    cursor: inherit;
+    padding: 0;
+
+    &.on {
+      background: var(--c-accent);
+    }
+  }
+
+  .thumb {
+    position: absolute;
+    top: 2px;
+    left: 2px;
+    width: 16px;
+    height: 16px;
+    background: var(--c-surface);
+    border-radius: 50%;
+    box-shadow: var(--sh-sm);
+    transition: transform var(--tr-fast);
+  }
+
+  .track.on .thumb {
+    transform: translateX(16px);
+  }
+
+  .label {
+    font-size: var(--fs-sm);
+    color: var(--c-text);
+  }
+</style>
diff --git a/web/src/lib/components/ui/Toast.svelte b/web/src/lib/components/ui/Toast.svelte
new file mode 100644
index 0000000..4f35006
--- /dev/null
+++ b/web/src/lib/components/ui/Toast.svelte
@@ -0,0 +1,69 @@
+<!-- web/src/lib/components/ui/Toast.svelte -->
+<script lang="ts">
+  import { dismiss, type ToastIntent } from './toast';
+
+  interface Props {
+    id: number;
+    intent: ToastIntent;
+    message: string;
+  }
+
+  let { id, intent, message }: Props = $props();
+</script>
+
+<div class="toast intent-{intent}" role="status">
+  <span class="msg">{message}</span>
+  <button class="x" aria-label="Close" onclick={() => dismiss(id)}>×</button>
+</div>
+
+<style lang="scss">
+  .toast {
+    display: flex;
+    align-items: center;
+    gap: var(--sp-3);
+    padding: var(--sp-3) var(--sp-3) var(--sp-3) var(--sp-4);
+    background: var(--c-surface);
+    color: var(--c-text);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-md);
+    box-shadow: var(--sh-md);
+    min-width: 280px;
+    max-width: 420px;
+  }
+
+  .intent-success {
+    border-left: 3px solid var(--c-success);
+  }
+  .intent-info {
+    border-left: 3px solid var(--c-accent);
+  }
+  .intent-warn {
+    border-left: 3px solid var(--c-warn);
+  }
+  .intent-error {
+    border-left: 3px solid var(--c-danger);
+  }
+
+  .msg {
+    flex: 1;
+    font-size: var(--fs-sm);
+    line-height: var(--lh-base);
+  }
+
+  .x {
+    width: 24px;
+    height: 24px;
+    border: 0;
+    background: transparent;
+    color: var(--c-text-3);
+    font-size: var(--fs-lg);
+    line-height: 1;
+    cursor: pointer;
+    border-radius: var(--rd-sm);
+
+    &:hover {
+      background: var(--c-surface-2);
+      color: var(--c-text);
+    }
+  }
+</style>
diff --git a/web/src/lib/components/ui/ToastViewport.svelte b/web/src/lib/components/ui/ToastViewport.svelte
new file mode 100644
index 0000000..7299b15
--- /dev/null
+++ b/web/src/lib/components/ui/ToastViewport.svelte
@@ -0,0 +1,28 @@
+<!-- web/src/lib/components/ui/ToastViewport.svelte -->
+<script lang="ts">
+  import { toasts } from './toast';
+  import Toast from './Toast.svelte';
+</script>
+
+<aside class="viewport" aria-live="polite" aria-relevant="additions">
+  {#each $toasts as t (t.id)}
+    <Toast id={t.id} intent={t.intent} message={t.message} />
+  {/each}
+</aside>
+
+<style lang="scss">
+  .viewport {
+    position: fixed;
+    top: var(--sp-4);
+    right: var(--sp-4);
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-2);
+    z-index: 1100;
+    pointer-events: none;
+
+    > :global(*) {
+      pointer-events: auto;
+    }
+  }
+</style>
diff --git a/web/src/lib/components/ui/toast.ts b/web/src/lib/components/ui/toast.ts
new file mode 100644
index 0000000..a4d2bfe
--- /dev/null
+++ b/web/src/lib/components/ui/toast.ts
@@ -0,0 +1,34 @@
+// web/src/lib/components/ui/toast.ts
+import { writable } from 'svelte/store';
+
+export type ToastIntent = 'info' | 'success' | 'warn' | 'error';
+
+export interface ToastEntry {
+  id: number;
+  intent: ToastIntent;
+  message: string;
+  durationMs: number;
+}
+
+let nextId = 1;
+const _toasts = writable<ToastEntry[]>([]);
+
+export const toasts = { subscribe: _toasts.subscribe };
+
+function push(intent: ToastIntent, message: string, durationMs = 4000): number {
+  const id = nextId++;
+  _toasts.update((list) => [...list, { id, intent, message, durationMs }]);
+  if (durationMs > 0) setTimeout(() => dismiss(id), durationMs);
+  return id;
+}
+
+export function dismiss(id: number) {
+  _toasts.update((list) => list.filter((t) => t.id !== id));
+}
+
+export const toast = {
+  info: (msg: string, ms?: number) => push('info', msg, ms),
+  success: (msg: string, ms?: number) => push('success', msg, ms),
+  warn: (msg: string, ms?: number) => push('warn', msg, ms),
+  error: (msg: string, ms?: number) => push('error', msg, ms ?? 6000)
+};
diff --git a/web/src/lib/design/theme.ts b/web/src/lib/design/theme.ts
new file mode 100644
index 0000000..defcf1e
--- /dev/null
+++ b/web/src/lib/design/theme.ts
@@ -0,0 +1,52 @@
+import { writable, get } from 'svelte/store';
+import { browser } from '$app/environment';
+
+export type ThemeMode = 'system' | 'light' | 'dark';
+
+const LS_KEY = 'navsite.theme';
+
+function detectStored(): ThemeMode {
+  if (!browser) return 'system';
+  const v = localStorage.getItem(LS_KEY);
+  if (v === 'light' || v === 'dark' || v === 'system') return v;
+  return 'system';
+}
+
+function resolveActual(mode: ThemeMode): 'light' | 'dark' {
+  if (mode !== 'system') return mode;
+  if (browser && window.matchMedia('(prefers-color-scheme: dark)').matches) return 'dark';
+  return 'light';
+}
+
+function applyToDOM(actual: 'light' | 'dark') {
+  if (!browser) return;
+  document.documentElement.setAttribute('data-theme', actual);
+}
+
+export const themeStore = writable<ThemeMode>(detectStored());
+
+if (browser) {
+  themeStore.subscribe((mode) => {
+    applyToDOM(resolveActual(mode));
+    try {
+      localStorage.setItem(LS_KEY, mode);
+    } catch {
+      /* private mode */
+    }
+  });
+
+  const mql = window.matchMedia('(prefers-color-scheme: dark)');
+  const onSystemChange = () => {
+    if (get(themeStore) === 'system') applyToDOM(resolveActual('system'));
+  };
+  mql.addEventListener('change', onSystemChange);
+}
+
+export function setTheme(m: ThemeMode) {
+  themeStore.set(m);
+}
+
+/** Cycle: system → light → dark → system. */
+export function cycleTheme() {
+  themeStore.update((v) => (v === 'system' ? 'light' : v === 'light' ? 'dark' : 'system'));
+}
diff --git a/web/src/lib/design/tokens.scss b/web/src/lib/design/tokens.scss
new file mode 100644
index 0000000..d074ee2
--- /dev/null
+++ b/web/src/lib/design/tokens.scss
@@ -0,0 +1,108 @@
+/* Modern minimal tokens — Linear / Raycast inspired.
+ * Light is :root default; data-theme="dark" overrides.
+ * Dark mode auto-applies via prefers-color-scheme unless user toggle set.
+ */
+
+:root {
+  /* Spacing — 4px base */
+  --sp-1: 4px;
+  --sp-2: 8px;
+  --sp-3: 12px;
+  --sp-4: 16px;
+  --sp-5: 24px;
+  --sp-6: 32px;
+  --sp-7: 48px;
+  --sp-8: 64px;
+
+  /* Radius */
+  --rd-sm: 6px;
+  --rd-md: 10px;
+  --rd-lg: 14px;
+  --rd-pill: 999px;
+
+  /* Type */
+  --ft-sans: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', sans-serif;
+  --ft-mono: ui-monospace, SFMono-Regular, 'SF Mono', Menlo, monospace;
+  --fs-xs: 12px;
+  --fs-sm: 13px;
+  --fs-md: 15px;
+  --fs-lg: 18px;
+  --fs-xl: 24px;
+  --fw-regular: 400;
+  --fw-medium: 500;
+  --fw-semibold: 600;
+  --lh-tight: 1.2;
+  --lh-base: 1.5;
+  --lh-loose: 1.7;
+
+  /* Color (light) */
+  --c-bg: #fafaf9;
+  --c-surface: #ffffff;
+  --c-surface-2: #f4f4f3;
+  --c-border: #e5e5e3;
+  --c-text: #1a1a18;
+  --c-text-2: #5a5a55;
+  --c-text-3: #8a8a85;
+  --c-accent: #4f46e5;
+  --c-accent-hover: #4338ca;
+  --c-accent-bg: #eef2ff;
+  --c-success: #047857;
+  --c-warn: #b45309;
+  --c-danger: #b91c1c;
+  --c-danger-bg: #fef2f2;
+
+  /* Shadow (light) */
+  --sh-sm: 0 1px 2px rgba(0, 0, 0, 0.04);
+  --sh-md: 0 4px 12px rgba(0, 0, 0, 0.06);
+  --sh-lg: 0 12px 32px rgba(0, 0, 0, 0.08);
+
+  /* Motion */
+  --tr-fast: 120ms ease-out;
+  --tr-base: 180ms ease-out;
+  --tr-slow: 260ms ease-out;
+}
+
+[data-theme='dark'] {
+  --c-bg: #0e0e0d;
+  --c-surface: #18181a;
+  --c-surface-2: #232326;
+  --c-border: #2c2c30;
+  --c-text: #f5f5f3;
+  --c-text-2: #b5b5b0;
+  --c-text-3: #767672;
+  --c-accent: #818cf8;
+  --c-accent-hover: #a5b4fc;
+  --c-accent-bg: #1e1b4b;
+  --c-success: #10b981;
+  --c-warn: #f59e0b;
+  --c-danger: #f87171;
+  --c-danger-bg: #3f1d1d;
+
+  --sh-sm: 0 1px 2px rgba(0, 0, 0, 0.4);
+  --sh-md: 0 4px 12px rgba(0, 0, 0, 0.45);
+  --sh-lg: 0 12px 32px rgba(0, 0, 0, 0.5);
+}
+
+@media (prefers-reduced-motion: reduce) {
+  :root {
+    --tr-fast: 0ms;
+    --tr-base: 0ms;
+    --tr-slow: 0ms;
+  }
+}
+
+/* App-level resets that depend on tokens */
+html,
+body {
+  background: var(--c-bg);
+  color: var(--c-text);
+  font-family: var(--ft-sans);
+  font-size: var(--fs-md);
+  line-height: var(--lh-base);
+}
+
+*:focus-visible {
+  outline: 2px solid var(--c-accent);
+  outline-offset: 2px;
+  border-radius: var(--rd-sm);
+}
diff --git a/web/src/lib/i18n/en.json b/web/src/lib/i18n/en.json
new file mode 100644
index 0000000..df2ad0b
--- /dev/null
+++ b/web/src/lib/i18n/en.json
@@ -0,0 +1,30 @@
+{
+  "common.save": "Save",
+  "common.cancel": "Cancel",
+  "common.delete": "Delete",
+  "common.edit": "Edit",
+  "common.close": "Close",
+  "common.confirm": "Confirm",
+  "common.loading": "Loading…",
+
+  "header.search.placeholder": "Search… (press / to focus)",
+  "header.theme.toggle": "Toggle theme",
+  "header.locale.toggle": "Toggle language",
+  "header.login": "Log in",
+  "header.logout": "Log out",
+  "header.editMode.enter": "Edit",
+  "header.editMode.exit": "Exit edit",
+
+  "auth.login.title": "Sign in",
+  "auth.login.password": "Admin password",
+  "auth.login.submit": "Sign in",
+  "auth.login.error.bad_password": "Wrong password",
+  "auth.login.error.rate_limited": "Too many attempts, try again later",
+
+  "editor.item.deleteConfirm": "Delete \"{{name}}\"?",
+  "editor.item.new": "New nav item",
+
+  "error.network.offline": "Cannot reach server",
+  "error.network.retry": "Retry",
+  "error.unknown": "Unknown error"
+}
diff --git a/web/src/lib/i18n/store.test.ts b/web/src/lib/i18n/store.test.ts
new file mode 100644
index 0000000..a63f45d
--- /dev/null
+++ b/web/src/lib/i18n/store.test.ts
@@ -0,0 +1,45 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import { get } from 'svelte/store';
+import { localeStore, t, setLocale, toggleLocale, tNow } from './store';
+
+describe('i18n', () => {
+  beforeEach(() => {
+    setLocale('zh');
+  });
+
+  it('translates a known key', () => {
+    expect(get(t)('common.save')).toBe('保存');
+  });
+
+  it('falls back to the key when missing', () => {
+    expect(get(t)('does.not.exist')).toBe('does.not.exist');
+  });
+
+  it('switches locale', () => {
+    setLocale('en');
+    expect(get(t)('common.save')).toBe('Save');
+  });
+
+  it('toggles between zh and en', () => {
+    expect(get(localeStore)).toBe('zh');
+    toggleLocale();
+    expect(get(localeStore)).toBe('en');
+    toggleLocale();
+    expect(get(localeStore)).toBe('zh');
+  });
+
+  it('interpolates {{name}} placeholders', () => {
+    setLocale('en');
+    expect(get(t)('editor.item.deleteConfirm', { name: 'RouterOS' })).toBe('Delete "RouterOS"?');
+  });
+
+  it('leaves unknown placeholders intact', () => {
+    setLocale('en');
+    const out = get(t)('editor.item.deleteConfirm', {} as Record<string, string>);
+    expect(out).toContain('{{name}}');
+  });
+
+  it('tNow imperative form works', () => {
+    expect(tNow('common.save')).toBe('保存');
+  });
+});
diff --git a/web/src/lib/i18n/store.ts b/web/src/lib/i18n/store.ts
new file mode 100644
index 0000000..799cc4f
--- /dev/null
+++ b/web/src/lib/i18n/store.ts
@@ -0,0 +1,60 @@
+import { writable, derived, get, type Readable } from 'svelte/store';
+import { browser } from '$app/environment';
+import zh from './zh.json';
+import en from './en.json';
+
+export type Locale = 'zh' | 'en';
+
+const DICTIONARIES: Record<Locale, Record<string, string>> = { zh, en };
+
+const LS_KEY = 'navsite.locale';
+
+function detectInitial(): Locale {
+  if (!browser) return 'zh';
+  const stored = localStorage.getItem(LS_KEY);
+  if (stored === 'zh' || stored === 'en') return stored;
+  const navLang = navigator.language?.toLowerCase() ?? '';
+  return navLang.startsWith('zh') ? 'zh' : 'en';
+}
+
+export const localeStore = writable<Locale>(detectInitial());
+
+if (browser) {
+  localeStore.subscribe((v) => {
+    try {
+      localStorage.setItem(LS_KEY, v);
+    } catch {
+      /* private mode etc. */
+    }
+  });
+}
+
+/**
+ * Reactive translator.
+ * Usage: <button>{$t('common.save')}</button>
+ *        <p>{$t('editor.item.deleteConfirm', { name: 'RouterOS' })}</p>
+ */
+export const t: Readable<(key: string, params?: Record<string, string | number>) => string> =
+  derived(localeStore, ($loc) => {
+    const dict = DICTIONARIES[$loc];
+    return (key: string, params?: Record<string, string | number>) => {
+      const raw = dict[key] ?? key;
+      if (!params) return raw;
+      return raw.replace(/\{\{\s*(\w+)\s*\}\}/g, (_, name: string) =>
+        String(params[name] ?? `{{${name}}}`)
+      );
+    };
+  });
+
+/** Imperative form for non-Svelte contexts. */
+export function tNow(key: string, params?: Record<string, string | number>): string {
+  return get(t)(key, params);
+}
+
+export function setLocale(loc: Locale) {
+  localeStore.set(loc);
+}
+
+export function toggleLocale() {
+  localeStore.update((v) => (v === 'zh' ? 'en' : 'zh'));
+}
diff --git a/web/src/lib/i18n/zh.json b/web/src/lib/i18n/zh.json
new file mode 100644
index 0000000..58f9135
--- /dev/null
+++ b/web/src/lib/i18n/zh.json
@@ -0,0 +1,30 @@
+{
+  "common.save": "保存",
+  "common.cancel": "取消",
+  "common.delete": "删除",
+  "common.edit": "编辑",
+  "common.close": "关闭",
+  "common.confirm": "确认",
+  "common.loading": "加载中…",
+
+  "header.search.placeholder": "搜索…（按 / 聚焦）",
+  "header.theme.toggle": "切换主题",
+  "header.locale.toggle": "切换语言",
+  "header.login": "登录",
+  "header.logout": "登出",
+  "header.editMode.enter": "编辑",
+  "header.editMode.exit": "退出编辑",
+
+  "auth.login.title": "登录",
+  "auth.login.password": "管理员密码",
+  "auth.login.submit": "登录",
+  "auth.login.error.bad_password": "密码错误",
+  "auth.login.error.rate_limited": "尝试过于频繁，稍后再试",
+
+  "editor.item.deleteConfirm": "确认删除「{{name}}」？",
+  "editor.item.new": "新建导航项",
+
+  "error.network.offline": "无法连接服务",
+  "error.network.retry": "重试",
+  "error.unknown": "发生未知错误"
+}
diff --git a/web/src/lib/types/nav.ts b/web/src/lib/types/nav.ts
new file mode 100644
index 0000000..030a2c3
--- /dev/null
+++ b/web/src/lib/types/nav.ts
@@ -0,0 +1,91 @@
+import { z } from 'zod';
+
+// Discriminator for icon source
+export const IconKindSchema = z.enum(['asset', 'url', 'auto-favicon']);
+export type IconKind = z.infer<typeof IconKindSchema>;
+
+// Optional i18n map: { en?: string, ... }; preserved as raw JSON since locale set is open.
+const I18nMap = z.record(z.string(), z.string()).nullable().optional();
+
+export const SiteSchema = z.object({
+  id: z.number().int(),
+  value: z.string(),
+  name: z.string(),
+  nameI18n: I18nMap,
+  sortOrder: z.number().int(),
+  isDefault: z.boolean()
+});
+export type Site = z.infer<typeof SiteSchema>;
+
+export const GroupSchema = z.object({
+  id: z.number().int(),
+  slug: z.string(),
+  name: z.string(),
+  nameI18n: I18nMap,
+  sortOrder: z.number().int(),
+  collapsedDefault: z.boolean()
+});
+export type Group = z.infer<typeof GroupSchema>;
+
+export const TagSchema = z.object({
+  id: z.number().int(),
+  slug: z.string(),
+  name: z.string(),
+  nameI18n: I18nMap
+});
+export type Tag = z.infer<typeof TagSchema>;
+
+export const ItemSchema = z.object({
+  id: z.number().int(),
+  groupId: z.number().int().nullable(),
+  name: z.string(),
+  nameI18n: I18nMap,
+  description: z.string().nullable().optional(),
+  descriptionI18n: I18nMap,
+  iconKind: IconKindSchema,
+  iconValue: z.string(),
+  sortOrder: z.number().int(),
+  links: z.record(z.string(), z.string()),
+  tagSlugs: z.array(z.string()),
+  createdAt: z.number().int(),
+  updatedAt: z.number().int()
+});
+export type Item = z.infer<typeof ItemSchema>;
+
+export const LinkSchema = z.object({
+  text: z.string(),
+  url: z.string().url()
+});
+export type Link = z.infer<typeof LinkSchema>;
+
+export const MetaSchema = z.object({
+  siteName: z.string(),
+  siteAvatarPath: z.string().nullable().optional(),
+  siteCopyright: z.string(),
+  siteIcp: LinkSchema.nullable(),
+  sitePolice: LinkSchema.nullable(),
+  defaultTheme: z.enum(['system', 'light', 'dark'])
+});
+export type Meta = z.infer<typeof MetaSchema>;
+
+export const NavBundleSchema = z.object({
+  schemaVersion: z.literal(1),
+  meta: MetaSchema,
+  sites: z.array(SiteSchema),
+  groups: z.array(GroupSchema),
+  items: z.array(ItemSchema),
+  tags: z.array(TagSchema)
+});
+export type NavBundle = z.infer<typeof NavBundleSchema>;
+
+// Auth response
+export const AuthMeSchema = z.object({ authenticated: z.boolean() });
+export type AuthMe = z.infer<typeof AuthMeSchema>;
+
+// Generic error envelope from backend (see server/src/error.rs)
+export const ApiErrorBodySchema = z.object({
+  error: z.string(),
+  message: z.string().optional(),
+  fields: z.record(z.string(), z.string()).optional()
+});
+export type ApiErrorBody = z.infer<typeof ApiErrorBodySchema>;
diff --git a/web/src/routes/+layout.svelte b/web/src/routes/+layout.svelte
index a4d9df9..4fab308 100644
--- a/web/src/routes/+layout.svelte
+++ b/web/src/routes/+layout.svelte
@@ -1,6 +1,7 @@
 <script lang="ts">
   import Header from '$lib/components/Header.svelte';
   import Footer from '$lib/components/Footer.svelte';
+  import '$lib/design/theme'; // Initializes data-theme on <html>
   import '../app.scss';
 
   let { children } = $props();
diff --git a/web/src/routes/_demo/+page.svelte b/web/src/routes/_demo/+page.svelte
new file mode 100644
index 0000000..0025410
--- /dev/null
+++ b/web/src/routes/_demo/+page.svelte
@@ -0,0 +1,200 @@
+<!-- web/src/routes/_demo/+page.svelte -->
+<script lang="ts">
+  import Button from '$lib/components/ui/Button.svelte';
+  import IconButton from '$lib/components/ui/IconButton.svelte';
+  import Input from '$lib/components/ui/Input.svelte';
+  import Dialog from '$lib/components/ui/Dialog.svelte';
+  import ToastViewport from '$lib/components/ui/ToastViewport.svelte';
+  import { toast } from '$lib/components/ui/toast';
+  import Menu from '$lib/components/ui/Menu.svelte';
+  import Chip from '$lib/components/ui/Chip.svelte';
+  import Switch from '$lib/components/ui/Switch.svelte';
+  import Card from '$lib/components/ui/Card.svelte';
+  import Skeleton from '$lib/components/ui/Skeleton.svelte';
+  import { localeStore, t, toggleLocale } from '$lib/i18n/store';
+  import { themeStore, cycleTheme } from '$lib/design/theme';
+
+  let inputValue = $state('');
+  let inputInvalid = $state(false);
+  let switchOn = $state(false);
+  let dialogOpen = $state(false);
+  let menuOpen = $state(false);
+  let chips = $state(['fav', 'media', 'tools']);
+  let activeChip = $state('fav');
+</script>
+
+<ToastViewport />
+
+<section class="demo">
+  <header>
+    <h1>UI Primitives Demo</h1>
+    <div class="controls">
+      <Button intent="ghost" size="sm" onclick={cycleTheme}>
+        Theme: {$themeStore}
+      </Button>
+      <Button intent="ghost" size="sm" onclick={toggleLocale}>
+        Locale: {$localeStore}
+      </Button>
+    </div>
+  </header>
+
+  <h2>Buttons</h2>
+  <div class="row">
+    <Button>Primary</Button>
+    <Button intent="secondary">Secondary</Button>
+    <Button intent="ghost">Ghost</Button>
+    <Button intent="danger">Danger</Button>
+    <Button disabled>Disabled</Button>
+    <Button loading>Loading</Button>
+  </div>
+  <div class="row">
+    <Button size="sm">Small</Button>
+    <Button size="md">Medium</Button>
+    <Button size="lg">Large</Button>
+  </div>
+
+  <h2>Icon buttons</h2>
+  <div class="row">
+    <IconButton label="Settings"><span aria-hidden="true">⚙</span></IconButton>
+    <IconButton label="Edit" intent="subtle"><span aria-hidden="true">✎</span></IconButton>
+    <IconButton label="Delete" disabled><span aria-hidden="true">🗑</span></IconButton>
+  </div>
+
+  <h2>Inputs</h2>
+  <div class="col">
+    <Input label="Name" placeholder="enter your name" bind:value={inputValue} />
+    <Input
+      label="Password"
+      type="password"
+      placeholder="••••••••"
+      helpText="At least 8 characters"
+    />
+    <Input
+      label="Email"
+      type="email"
+      invalid={inputInvalid}
+      errorText="Email format invalid"
+      bind:value={inputValue}
+    />
+    <Switch label="Toggle invalid state" bind:checked={inputInvalid} />
+  </div>
+
+  <h2>Cards</h2>
+  <div class="row">
+    <Card elevation="flat">flat</Card>
+    <Card elevation="sm">sm shadow</Card>
+    <Card elevation="md">md shadow</Card>
+  </div>
+
+  <h2>Chips</h2>
+  <div class="row">
+    {#each chips as slug (slug)}
+      <Chip
+        label={slug}
+        active={activeChip === slug}
+        removable
+        onSelect={() => (activeChip = slug)}
+        onRemove={() => (chips = chips.filter((s) => s !== slug))}
+      />
+    {/each}
+  </div>
+
+  <h2>Switch</h2>
+  <Switch label="Enable feature X" bind:checked={switchOn} />
+  <p>State: {switchOn ? 'on' : 'off'}</p>
+
+  <h2>Dialog</h2>
+  <Button onclick={() => (dialogOpen = true)}>Open dialog</Button>
+  <Dialog
+    bind:open={dialogOpen}
+    title="Confirm action"
+    description="This will permanently change the configuration."
+  >
+    <p>Body text. Press Esc or click outside to close.</p>
+    {#snippet footer()}
+      <Button intent="ghost" onclick={() => (dialogOpen = false)}>{$t('common.cancel')}</Button>
+      <Button intent="primary" onclick={() => (dialogOpen = false)}>{$t('common.confirm')}</Button>
+    {/snippet}
+  </Dialog>
+
+  <h2>Toasts</h2>
+  <div class="row">
+    <Button onclick={() => toast.info('Info toast')}>info</Button>
+    <Button intent="secondary" onclick={() => toast.success('Saved!')}>success</Button>
+    <Button intent="ghost" onclick={() => toast.warn('Be careful')}>warn</Button>
+    <Button intent="danger" onclick={() => toast.error('Something broke')}>error</Button>
+  </div>
+
+  <h2>Menu</h2>
+  <Button onclick={() => (menuOpen = true)}>Open context menu</Button>
+  <Menu
+    bind:open={menuOpen}
+    x={120}
+    y={120}
+    items={[
+      { label: 'Edit', onSelect: () => toast.info('Edit') },
+      { label: 'Duplicate', onSelect: () => toast.info('Duplicated') },
+      { label: 'Delete', intent: 'danger', onSelect: () => toast.error('Deleted') }
+    ]}
+  />
+
+  <h2>Skeleton</h2>
+  <div class="col">
+    <Skeleton height="20px" width="240px" />
+    <Skeleton height="14px" width="180px" />
+    <Skeleton height="14px" width="220px" />
+  </div>
+
+  <h2>i18n</h2>
+  <p>{$t('common.save')} / {$t('header.search.placeholder')}</p>
+</section>
+
+<style lang="scss">
+  .demo {
+    max-width: 720px;
+    margin: var(--sp-6) auto;
+    padding: 0 var(--sp-4);
+    color: var(--c-text);
+    font-family: var(--ft-sans);
+
+    h1 {
+      font-size: var(--fs-xl);
+      font-weight: var(--fw-semibold);
+      margin: 0 0 var(--sp-4);
+    }
+
+    h2 {
+      margin: var(--sp-6) 0 var(--sp-3);
+      font-size: var(--fs-lg);
+      font-weight: var(--fw-semibold);
+    }
+
+    header {
+      display: flex;
+      align-items: center;
+      justify-content: space-between;
+      gap: var(--sp-3);
+      flex-wrap: wrap;
+    }
+  }
+
+  .row {
+    display: flex;
+    gap: var(--sp-2);
+    flex-wrap: wrap;
+    align-items: center;
+    margin-bottom: var(--sp-2);
+  }
+
+  .col {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-2);
+    max-width: 360px;
+  }
+
+  .controls {
+    display: flex;
+    gap: var(--sp-2);
+  }
+</style>

From 3ddebe4af28b4e6a6eabf4183cb3db04ee447b35 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 20 May 2026 19:44:49 +0800
Subject: [PATCH 05/77] =?UTF-8?q?feat(web):=20read-only=20browse=20?=
 =?UTF-8?q?=E2=80=94=20stores=20+=20Header=20+=20NavGrid=20+=20Footer=20(P?=
 =?UTF-8?q?lan=203)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Wire Plan 2 foundation to Plan 1 backend. Visitors can browse seeded data
with search / tag chips / region switch / theme / locale toggles.
- 4 stores: navData (fetch /api/nav, zod-validated) + uiPrefs (LS persist)
  + session (auth/me/login/logout) + visibleSections (derived: site×search×tags)
- New Header: Brand + SearchBar (with '/' focus shortcut) + TagFilterChips +
  SiteSelect (Menu-based) + ThemeToggle + LocaleToggle + AuthControls
- New NavGrid: NavItem (button-based, favorite star, icon-kind aware) +
  GroupHeader (collapsible) + GroupSection + FavoritesSection + EmptyState
- Footer rewrite (locale-aware filings; non-zh hides PRC ICP/police)
- +layout mounts ToastViewport + new Header/Footer
- +page renders real navData (loading/error/empty/sections)
- Deletes 11 legacy files (5 .svelte + 3 constants + siteStore + 2 utils)
- 28 unit tests; e2e smoke (cargo + pnpm + curl) verified
---
 .../2026-05-20-plan-3-frontend-readonly.md    | 1852 +++++++++++++++++
 web/src/lib/components/Avatar.svelte          |   23 -
 web/src/lib/components/Footer.svelte          |   83 -
 web/src/lib/components/Footer/index.svelte    |   53 +
 web/src/lib/components/Header.svelte          |   63 -
 .../lib/components/Header/AuthControls.svelte |   21 +
 web/src/lib/components/Header/Brand.svelte    |   37 +
 .../lib/components/Header/LocaleToggle.svelte |    8 +
 .../lib/components/Header/SearchBar.svelte    |   36 +
 .../lib/components/Header/SiteSelect.svelte   |   62 +
 .../components/Header/TagFilterChips.svelte   |   18 +
 .../lib/components/Header/ThemeToggle.svelte  |   11 +
 web/src/lib/components/Header/index.svelte    |   67 +
 web/src/lib/components/Nav.svelte             |  132 --
 web/src/lib/components/Nav/EmptyState.svelte  |   33 +
 .../components/Nav/FavoritesSection.svelte    |   26 +
 web/src/lib/components/Nav/GroupHeader.svelte |   52 +
 .../lib/components/Nav/GroupSection.svelte    |   31 +
 web/src/lib/components/Nav/NavGrid.svelte     |   25 +
 web/src/lib/components/Nav/NavItem.svelte     |  141 ++
 web/src/lib/components/SiteSelect.svelte      |  118 --
 web/src/lib/constants/avatar.ts               |    1 -
 web/src/lib/constants/nav.ts                  |  163 --
 web/src/lib/constants/siteInfo.ts             |    6 -
 web/src/lib/i18n/en.json                      |    6 +
 web/src/lib/i18n/zh.json                      |    6 +
 web/src/lib/store/siteStore.ts                |    8 -
 web/src/lib/stores/navData.test.ts            |   77 +
 web/src/lib/stores/navData.ts                 |   57 +
 web/src/lib/stores/session.test.ts            |   46 +
 web/src/lib/stores/session.ts                 |   62 +
 web/src/lib/stores/uiPrefs.test.ts            |   34 +
 web/src/lib/stores/uiPrefs.ts                 |   92 +
 web/src/lib/stores/visible.test.ts            |  113 +
 web/src/lib/stores/visible.ts                 |  118 ++
 web/src/lib/utils/index.ts                    |    1 -
 web/src/lib/utils/isURL.ts                    |    3 -
 web/src/routes/+layout.svelte                 |   23 +-
 web/src/routes/+page.svelte                   |   69 +-
 39 files changed, 3142 insertions(+), 635 deletions(-)
 create mode 100644 docs/superpowers/plans/2026-05-20-plan-3-frontend-readonly.md
 delete mode 100644 web/src/lib/components/Avatar.svelte
 delete mode 100644 web/src/lib/components/Footer.svelte
 create mode 100644 web/src/lib/components/Footer/index.svelte
 delete mode 100644 web/src/lib/components/Header.svelte
 create mode 100644 web/src/lib/components/Header/AuthControls.svelte
 create mode 100644 web/src/lib/components/Header/Brand.svelte
 create mode 100644 web/src/lib/components/Header/LocaleToggle.svelte
 create mode 100644 web/src/lib/components/Header/SearchBar.svelte
 create mode 100644 web/src/lib/components/Header/SiteSelect.svelte
 create mode 100644 web/src/lib/components/Header/TagFilterChips.svelte
 create mode 100644 web/src/lib/components/Header/ThemeToggle.svelte
 create mode 100644 web/src/lib/components/Header/index.svelte
 delete mode 100644 web/src/lib/components/Nav.svelte
 create mode 100644 web/src/lib/components/Nav/EmptyState.svelte
 create mode 100644 web/src/lib/components/Nav/FavoritesSection.svelte
 create mode 100644 web/src/lib/components/Nav/GroupHeader.svelte
 create mode 100644 web/src/lib/components/Nav/GroupSection.svelte
 create mode 100644 web/src/lib/components/Nav/NavGrid.svelte
 create mode 100644 web/src/lib/components/Nav/NavItem.svelte
 delete mode 100644 web/src/lib/components/SiteSelect.svelte
 delete mode 100644 web/src/lib/constants/avatar.ts
 delete mode 100644 web/src/lib/constants/nav.ts
 delete mode 100644 web/src/lib/constants/siteInfo.ts
 delete mode 100644 web/src/lib/store/siteStore.ts
 create mode 100644 web/src/lib/stores/navData.test.ts
 create mode 100644 web/src/lib/stores/navData.ts
 create mode 100644 web/src/lib/stores/session.test.ts
 create mode 100644 web/src/lib/stores/session.ts
 create mode 100644 web/src/lib/stores/uiPrefs.test.ts
 create mode 100644 web/src/lib/stores/uiPrefs.ts
 create mode 100644 web/src/lib/stores/visible.test.ts
 create mode 100644 web/src/lib/stores/visible.ts
 delete mode 100644 web/src/lib/utils/index.ts
 delete mode 100644 web/src/lib/utils/isURL.ts

diff --git a/docs/superpowers/plans/2026-05-20-plan-3-frontend-readonly.md b/docs/superpowers/plans/2026-05-20-plan-3-frontend-readonly.md
new file mode 100644
index 0000000..4015e6e
--- /dev/null
+++ b/docs/superpowers/plans/2026-05-20-plan-3-frontend-readonly.md
@@ -0,0 +1,1852 @@
+# Frontend Read-Only Browse Implementation Plan (Plan 3 of 5)
+
+> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
+
+**Goal:** Wire the Plan 2 foundation to the Plan 1 backend so visitors can browse a real, navigable site. Implements stores (navData/uiPrefs/session), the new Header (search + tag chips + site/theme/locale/auth toggles + brand), the new NavGrid (groups + favorites + items as accessible `<button>`s), the new Footer (locale-aware), and the home `+page.svelte` integration. Deletes the 5 legacy components and their hard-coded constants. After this plan, `pnpm dev` (with `cargo run` on :8080) shows the seeded `network/media/nas/tools` groups, supports search / tag filter / theme switch / locale switch / region switch / favorites — but no editing yet (Plan 4).
+
+**Architecture:** Three-tier store layout per spec § 4.1.
+
+```
+              ┌──────────────────────┐
+              │ navDataStore         │  async — GET /api/nav, zod-validated
+              │ NavBundle            │  Plan 2 apiClient + types
+              └──────────┬───────────┘
+                         │
+       ┌─────────────────┼─────────────────┐
+       ▼                 ▼                 ▼
+ ┌──────────────┐ ┌──────────────┐  ┌──────────────┐
+ │ uiPrefs (LS) │ │ session      │  │ toast        │
+ │ ─ siteValue  │ │ ─ authed     │  │ (Plan 2)     │
+ │ ─ favorites  │ │ + login/out  │  │              │
+ │ ─ locale     │ │              │  │              │
+ │ ─ theme      │ │              │  │              │
+ │   (Plan 2)   │ │              │  │              │
+ │ ─ groupOpen  │ │              │  │              │
+ └──────────────┘ └──────────────┘  └──────────────┘
+
+       ┌────────── derived (pure) ──────────┐
+       ▼                                    ▼
+   visibleSectionsStore              searchHitsStore
+   (group → items by site×search×tags)   (fuzzy match flag map)
+```
+
+`editModeStore` is intentionally NOT created here — Plan 4 owns it. This plan keeps every interaction read-only (clicking a NavItem opens the URL; nothing else writes).
+
+**Tech Stack (already provisioned):** Svelte 5 + SvelteKit 2 (Plan 1.5) · zod / apiClient / i18n / theme / 10 UI primitives (Plan 2) · Rust backend at `/api/nav` (Plan 1).
+
+**Spec reference:** `docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md` § 4 (state layering), § 5 (only the read-only parts; edit mode → Plan 4), § 7.4 (footer redesign), § 8 (a11y).
+
+**Predecessors:** Plans 1, 1.5, 2 (all merged into `feat/rust-platform`).
+**Successors:** Plan 4 (edit mode), Plan 5 (Docker / e2e).
+
+---
+
+## Conventions
+
+- **Working directory:** every `pnpm` command runs in `web/`.
+- **Sub-branch:** `plan-3/frontend-readonly`, branched from `feat/rust-platform`.
+- **Commits:** Conventional Commits, no `Co-Authored-By` trailer. One commit per task.
+- **Verification gate:** every store-tier task ends with vitest; every component task ends with `pnpm check`. Phase 4 ends with end-to-end smoke (cargo + pnpm + curl).
+- **a11y rule (no exceptions):** every interactive element is `<button>` (or `<a href>` for genuine links). No `<div onclick>` survives this plan.
+- **i18n:** every literal user-visible string passes through `$t('key')`. New keys go in `web/src/lib/i18n/{zh,en}.json` first, store changes second.
+- **Style isolation:** new components consume `tokens.scss` vars only; no raw colors.
+
+---
+
+## Phase 0: Stores (Tasks 1–4)
+
+Goal: load real data from the backend, persist UI prefs to localStorage, expose a clean derived view. All tested with vitest.
+
+### Task 1: `navDataStore` — fetches `/api/nav`
+
+**Files:**
+- Create: `web/src/lib/stores/navData.ts`
+
+- [ ] **Step 1: Write the store**
+
+```ts
+// web/src/lib/stores/navData.ts
+import { writable, get } from 'svelte/store';
+import { browser } from '$app/environment';
+import { apiClient, ApiError } from '$lib/api/client';
+import { NavBundleSchema, type NavBundle } from '$lib/types/nav';
+
+export interface NavDataState {
+  bundle: NavBundle | null;
+  loading: boolean;
+  error: string | null;
+}
+
+const initial: NavDataState = { bundle: null, loading: false, error: null };
+
+const { subscribe, update, set } = writable<NavDataState>(initial);
+
+async function load(): Promise<void> {
+  update((s) => ({ ...s, loading: true, error: null }));
+  try {
+    const bundle = await apiClient<NavBundle>({
+      method: 'GET',
+      path: '/api/nav',
+      responseSchema: NavBundleSchema
+    });
+    set({ bundle, loading: false, error: null });
+  } catch (e) {
+    const msg = e instanceof ApiError ? `${e.code}${e.message ? `: ${e.message}` : ''}` : String(e);
+    update((s) => ({ ...s, loading: false, error: msg }));
+  }
+}
+
+function applyItemPatch(itemId: number, patch: Partial<NavBundle['items'][number]>) {
+  update((s) => {
+    if (!s.bundle) return s;
+    const items = s.bundle.items.map((i) => (i.id === itemId ? { ...i, ...patch } : i));
+    return { ...s, bundle: { ...s.bundle, items } };
+  });
+}
+
+function setBundle(bundle: NavBundle) {
+  set({ bundle, loading: false, error: null });
+}
+
+export const navDataStore = {
+  subscribe,
+  load,
+  refetch: load,
+  applyItemPatch,
+  setBundle,
+  /** Test-only: read sync */
+  _peek: () => get({ subscribe })
+};
+
+// Auto-load on browser boot
+if (browser) {
+  void load();
+}
+```
+
+- [ ] **Step 2: Test**
+
+Create `web/src/lib/stores/navData.test.ts`:
+
+```ts
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { get } from 'svelte/store';
+import { navDataStore } from './navData';
+
+const fetchMock = vi.fn();
+beforeEach(() => {
+  fetchMock.mockReset();
+  vi.stubGlobal('fetch', fetchMock);
+});
+
+const sampleBundle = {
+  schemaVersion: 1 as const,
+  meta: {
+    siteName: 'Nav',
+    siteAvatarPath: null,
+    siteCopyright: '©',
+    siteIcp: null,
+    sitePolice: null,
+    defaultTheme: 'system' as const
+  },
+  sites: [],
+  groups: [],
+  items: [],
+  tags: []
+};
+
+describe('navDataStore', () => {
+  it('load() populates bundle on success', async () => {
+    fetchMock.mockResolvedValueOnce(
+      new Response(JSON.stringify(sampleBundle), {
+        status: 200,
+        headers: { 'content-type': 'application/json' }
+      })
+    );
+    await navDataStore.load();
+    expect(get(navDataStore).bundle).toEqual(sampleBundle);
+    expect(get(navDataStore).error).toBeNull();
+  });
+
+  it('load() captures error on schema mismatch', async () => {
+    fetchMock.mockResolvedValueOnce(
+      new Response(JSON.stringify({ wrong: 'shape' }), {
+        status: 200,
+        headers: { 'content-type': 'application/json' }
+      })
+    );
+    await navDataStore.load();
+    expect(get(navDataStore).bundle).toBeNull();
+    expect(get(navDataStore).error).toContain('schema_mismatch');
+  });
+
+  it('applyItemPatch updates an item locally', () => {
+    navDataStore.setBundle({
+      ...sampleBundle,
+      items: [
+        {
+          id: 1,
+          groupId: null,
+          name: 'old',
+          nameI18n: null,
+          description: null,
+          descriptionI18n: null,
+          iconKind: 'asset',
+          iconValue: 'x.png',
+          sortOrder: 0,
+          links: {},
+          tagSlugs: [],
+          createdAt: 0,
+          updatedAt: 0
+        }
+      ]
+    });
+    navDataStore.applyItemPatch(1, { name: 'new' });
+    const items = get(navDataStore).bundle?.items;
+    expect(items?.[0]?.name).toBe('new');
+  });
+});
+```
+
+- [ ] **Step 3: Run + commit**
+
+```bash
+cd web
+pnpm test:unit 2>&1 | tail -10
+cd ..
+git add web/src/lib/stores/navData.ts web/src/lib/stores/navData.test.ts
+git commit -m "feat(web): navDataStore (fetch + zod-validated bundle + applyItemPatch)"
+```
+
+### Task 2: `uiPrefs` — site / favorites / groupOpen / locale-mirror in LS
+
+**Files:**
+- Create: `web/src/lib/stores/uiPrefs.ts`
+
+- [ ] **Step 1: Write the store**
+
+```ts
+// web/src/lib/stores/uiPrefs.ts
+import { writable, get } from 'svelte/store';
+import { browser } from '$app/environment';
+
+export interface UiPrefs {
+  /** Active site `value` (e.g. "shangHai"). null = use bundle default. */
+  siteValue: string | null;
+  /** Item ids the user has favorited. */
+  favoriteItemIds: number[];
+  /** Group slug -> open/closed; missing keys default to "open". */
+  groupOpen: Record<string, boolean>;
+}
+
+const LS_KEY = 'navsite.uiPrefs';
+const SCHEMA_KEY = 'navsite.uiPrefs.v';
+const SCHEMA_VERSION = '1';
+
+const initial: UiPrefs = {
+  siteValue: null,
+  favoriteItemIds: [],
+  groupOpen: {}
+};
+
+function loadFromLs(): UiPrefs {
+  if (!browser) return initial;
+  try {
+    const v = localStorage.getItem(SCHEMA_KEY);
+    if (v !== SCHEMA_VERSION) return initial; // schema drift → reset
+    const raw = localStorage.getItem(LS_KEY);
+    if (!raw) return initial;
+    const parsed = JSON.parse(raw) as Partial<UiPrefs>;
+    return {
+      siteValue: typeof parsed.siteValue === 'string' ? parsed.siteValue : null,
+      favoriteItemIds: Array.isArray(parsed.favoriteItemIds)
+        ? parsed.favoriteItemIds.filter((n): n is number => Number.isInteger(n))
+        : [],
+      groupOpen:
+        parsed.groupOpen && typeof parsed.groupOpen === 'object'
+          ? Object.fromEntries(
+              Object.entries(parsed.groupOpen).filter(([, v]) => typeof v === 'boolean')
+            )
+          : {}
+    };
+  } catch {
+    return initial;
+  }
+}
+
+const { subscribe, set, update } = writable<UiPrefs>(loadFromLs());
+
+if (browser) {
+  subscribe((v) => {
+    try {
+      localStorage.setItem(SCHEMA_KEY, SCHEMA_VERSION);
+      localStorage.setItem(LS_KEY, JSON.stringify(v));
+    } catch {
+      /* private mode */
+    }
+  });
+}
+
+export const uiPrefs = {
+  subscribe,
+  setSite(value: string | null) {
+    update((s) => ({ ...s, siteValue: value }));
+  },
+  toggleFavorite(itemId: number) {
+    update((s) => {
+      const has = s.favoriteItemIds.includes(itemId);
+      return {
+        ...s,
+        favoriteItemIds: has
+          ? s.favoriteItemIds.filter((i) => i !== itemId)
+          : [...s.favoriteItemIds, itemId]
+      };
+    });
+  },
+  isFavorite(itemId: number): boolean {
+    return get({ subscribe }).favoriteItemIds.includes(itemId);
+  },
+  setGroupOpen(slug: string, open: boolean) {
+    update((s) => ({ ...s, groupOpen: { ...s.groupOpen, [slug]: open } }));
+  },
+  isGroupOpen(slug: string): boolean {
+    const v = get({ subscribe }).groupOpen[slug];
+    return v === undefined ? true : v;
+  },
+  /** Test reset */
+  _reset() {
+    set(initial);
+  }
+};
+```
+
+- [ ] **Step 2: Test**
+
+Create `web/src/lib/stores/uiPrefs.test.ts`:
+
+```ts
+import { describe, it, expect, beforeEach } from 'vitest';
+import { get } from 'svelte/store';
+import { uiPrefs } from './uiPrefs';
+
+beforeEach(() => {
+  uiPrefs._reset();
+});
+
+describe('uiPrefs', () => {
+  it('starts with empty prefs', () => {
+    const v = get(uiPrefs);
+    expect(v.siteValue).toBeNull();
+    expect(v.favoriteItemIds).toEqual([]);
+    expect(v.groupOpen).toEqual({});
+  });
+
+  it('setSite updates siteValue', () => {
+    uiPrefs.setSite('shangHai');
+    expect(get(uiPrefs).siteValue).toBe('shangHai');
+  });
+
+  it('toggleFavorite adds and removes', () => {
+    uiPrefs.toggleFavorite(7);
+    expect(uiPrefs.isFavorite(7)).toBe(true);
+    uiPrefs.toggleFavorite(7);
+    expect(uiPrefs.isFavorite(7)).toBe(false);
+  });
+
+  it('setGroupOpen + isGroupOpen', () => {
+    expect(uiPrefs.isGroupOpen('network')).toBe(true); // default open
+    uiPrefs.setGroupOpen('network', false);
+    expect(uiPrefs.isGroupOpen('network')).toBe(false);
+  });
+});
+```
+
+- [ ] **Step 3: Run + commit**
+
+```bash
+cd web
+pnpm test:unit 2>&1 | tail -5
+cd ..
+git add web/src/lib/stores/uiPrefs.ts web/src/lib/stores/uiPrefs.test.ts
+git commit -m "feat(web): uiPrefs store (site/favorites/groupOpen, LS persist with schema version)"
+```
+
+### Task 3: `sessionStore` — auth/me + login/logout
+
+**Files:**
+- Create: `web/src/lib/stores/session.ts`
+
+- [ ] **Step 1: Write the store**
+
+```ts
+// web/src/lib/stores/session.ts
+import { writable } from 'svelte/store';
+import { browser } from '$app/environment';
+import { apiClient, ApiError } from '$lib/api/client';
+import { AuthMeSchema } from '$lib/types/nav';
+
+export interface SessionState {
+  authed: boolean;
+  loading: boolean;
+}
+
+const initial: SessionState = { authed: false, loading: false };
+const { subscribe, set, update } = writable<SessionState>(initial);
+
+async function refresh() {
+  update((s) => ({ ...s, loading: true }));
+  try {
+    const me = await apiClient({
+      method: 'GET',
+      path: '/api/auth/me',
+      responseSchema: AuthMeSchema
+    });
+    set({ authed: me.authenticated, loading: false });
+  } catch {
+    set({ authed: false, loading: false });
+  }
+}
+
+async function login(password: string): Promise<void> {
+  await apiClient({
+    method: 'POST',
+    path: '/api/auth/login',
+    body: { password }
+  });
+  set({ authed: true, loading: false });
+}
+
+async function logout(): Promise<void> {
+  try {
+    await apiClient({ method: 'POST', path: '/api/auth/logout' });
+  } catch (e) {
+    // 401 is fine — already logged out
+    if (!(e instanceof ApiError) || e.status !== 401) throw e;
+  }
+  set({ authed: false, loading: false });
+}
+
+export const sessionStore = {
+  subscribe,
+  refresh,
+  login,
+  logout
+};
+
+if (browser) {
+  void refresh();
+}
+```
+
+- [ ] **Step 2: Test**
+
+```ts
+// web/src/lib/stores/session.test.ts
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { get } from 'svelte/store';
+import { sessionStore } from './session';
+
+const fetchMock = vi.fn();
+beforeEach(() => {
+  fetchMock.mockReset();
+  vi.stubGlobal('fetch', fetchMock);
+});
+
+describe('sessionStore', () => {
+  it('refresh sets authed=true when /me returns true', async () => {
+    fetchMock.mockResolvedValueOnce(
+      new Response(JSON.stringify({ authenticated: true }), {
+        status: 200,
+        headers: { 'content-type': 'application/json' }
+      })
+    );
+    await sessionStore.refresh();
+    expect(get(sessionStore).authed).toBe(true);
+  });
+
+  it('login on 204 sets authed=true', async () => {
+    fetchMock.mockResolvedValueOnce(new Response(null, { status: 204 }));
+    await sessionStore.login('pw');
+    expect(get(sessionStore).authed).toBe(true);
+  });
+
+  it('login on 401 throws and leaves authed=false', async () => {
+    fetchMock.mockResolvedValueOnce(
+      new Response(JSON.stringify({ error: 'unauthenticated' }), {
+        status: 401,
+        headers: { 'content-type': 'application/json' }
+      })
+    );
+    await expect(sessionStore.login('wrong')).rejects.toMatchObject({ status: 401 });
+    expect(get(sessionStore).authed).toBe(false);
+  });
+
+  it('logout clears authed', async () => {
+    fetchMock.mockResolvedValueOnce(new Response(null, { status: 204 }));
+    await sessionStore.logout();
+    expect(get(sessionStore).authed).toBe(false);
+  });
+});
+```
+
+- [ ] **Step 3: Run + commit**
+
+```bash
+cd web
+pnpm test:unit 2>&1 | tail -5
+cd ..
+git add web/src/lib/stores/session.ts web/src/lib/stores/session.test.ts
+git commit -m "feat(web): sessionStore (refresh/login/logout against /api/auth/*)"
+```
+
+### Task 4: Derived `visibleSections` + `searchHits`
+
+**Files:**
+- Create: `web/src/lib/stores/visible.ts`
+
+- [ ] **Step 1: Write the derivations**
+
+```ts
+// web/src/lib/stores/visible.ts
+import { derived, writable, get, type Readable } from 'svelte/store';
+import { navDataStore } from './navData';
+import { uiPrefs } from './uiPrefs';
+import type { Group, Item, NavBundle, Site } from '$lib/types/nav';
+
+export const searchQuery = writable<string>('');
+export const activeTagSlugs = writable<Set<string>>(new Set());
+
+export interface ResolvedSite {
+  /** The chosen Site object, or null if bundle empty. */
+  site: Site | null;
+}
+
+export const currentSite: Readable<ResolvedSite> = derived(
+  [navDataStore, uiPrefs],
+  ([$nav, $prefs]) => {
+    const sites = $nav.bundle?.sites ?? [];
+    if (sites.length === 0) return { site: null };
+    const explicit = $prefs.siteValue
+      ? sites.find((s) => s.value === $prefs.siteValue)
+      : undefined;
+    if (explicit) return { site: explicit };
+    return { site: sites.find((s) => s.isDefault) ?? sites[0] ?? null };
+  }
+);
+
+export interface VisibleGroup {
+  group: Group | null; // null = "ungrouped"
+  items: Item[];
+}
+
+/**
+ * Items grouped + filtered by current site, search term, and active tag chips.
+ * Empty groups are dropped.
+ */
+export const visibleSections: Readable<VisibleGroup[]> = derived(
+  [navDataStore, currentSite, uiPrefs, searchQuery, activeTagSlugs],
+  ([$nav, $cur, _$prefs, $q, $tags]) => {
+    const bundle = $nav.bundle;
+    if (!bundle || !$cur.site) return [];
+    const siteValue = $cur.site.value;
+    const q = $q.trim().toLowerCase();
+    const wantTags = $tags;
+
+    const filtered = bundle.items
+      .filter((i) => i.links[siteValue] !== undefined)
+      .filter((i) => {
+        if (wantTags.size === 0) return true;
+        return i.tagSlugs.some((s) => wantTags.has(s));
+      })
+      .filter((i) => {
+        if (!q) return true;
+        if (i.name.toLowerCase().includes(q)) return true;
+        if (i.tagSlugs.some((s) => s.toLowerCase().includes(q))) return true;
+        if (i.description && i.description.toLowerCase().includes(q)) return true;
+        return false;
+      });
+
+    const byGroup = new Map<number | null, Item[]>();
+    for (const it of filtered) {
+      const k = it.groupId ?? null;
+      const arr = byGroup.get(k) ?? [];
+      arr.push(it);
+      byGroup.set(k, arr);
+    }
+    for (const arr of byGroup.values()) arr.sort((a, b) => a.sortOrder - b.sortOrder);
+
+    const result: VisibleGroup[] = [];
+    for (const g of [...bundle.groups].sort((a, b) => a.sortOrder - b.sortOrder)) {
+      const arr = byGroup.get(g.id);
+      if (arr && arr.length) result.push({ group: g, items: arr });
+    }
+    const ungrouped = byGroup.get(null);
+    if (ungrouped && ungrouped.length) result.push({ group: null, items: ungrouped });
+    return result;
+  }
+);
+
+/** Items the user has favorited that are visible under current site. */
+export const visibleFavorites: Readable<Item[]> = derived(
+  [navDataStore, currentSite, uiPrefs],
+  ([$nav, $cur, $prefs]) => {
+    if (!$nav.bundle || !$cur.site) return [];
+    const v = $cur.site.value;
+    return $nav.bundle.items
+      .filter((i) => $prefs.favoriteItemIds.includes(i.id) && i.links[v] !== undefined)
+      .sort((a, b) => a.sortOrder - b.sortOrder);
+  }
+);
+
+/** All tag slugs in the bundle, used by chip filter. */
+export const allTagSlugs: Readable<string[]> = derived(navDataStore, ($n) =>
+  $n.bundle ? $n.bundle.tags.map((t) => t.slug).sort() : []
+);
+
+/** True if any filter (search or tag) is active. */
+export const hasActiveFilter: Readable<boolean> = derived(
+  [searchQuery, activeTagSlugs],
+  ([$q, $tags]) => $q.trim().length > 0 || $tags.size > 0
+);
+
+/** Helpers for tag chips */
+export function toggleTag(slug: string) {
+  activeTagSlugs.update((s) => {
+    const next = new Set(s);
+    if (next.has(slug)) next.delete(slug);
+    else next.add(slug);
+    return next;
+  });
+}
+export function clearFilters() {
+  searchQuery.set('');
+  activeTagSlugs.set(new Set());
+}
+
+/** For unit tests / dev console */
+export function _peekVisible(): VisibleGroup[] {
+  return get(visibleSections);
+}
+```
+
+- [ ] **Step 2: Test**
+
+```ts
+// web/src/lib/stores/visible.test.ts
+import { describe, it, expect, beforeEach } from 'vitest';
+import { get } from 'svelte/store';
+import { navDataStore } from './navData';
+import { uiPrefs } from './uiPrefs';
+import {
+  searchQuery,
+  activeTagSlugs,
+  currentSite,
+  visibleSections,
+  visibleFavorites,
+  toggleTag,
+  clearFilters
+} from './visible';
+import type { NavBundle } from '$lib/types/nav';
+
+const bundle: NavBundle = {
+  schemaVersion: 1,
+  meta: {
+    siteName: 'X',
+    siteAvatarPath: null,
+    siteCopyright: '',
+    siteIcp: null,
+    sitePolice: null,
+    defaultTheme: 'system'
+  },
+  sites: [
+    { id: 1, value: 'sh', name: 'SH', nameI18n: null, sortOrder: 0, isDefault: true },
+    { id: 2, value: 'bj', name: 'BJ', nameI18n: null, sortOrder: 1, isDefault: false }
+  ],
+  groups: [
+    {
+      id: 10,
+      slug: 'tools',
+      name: 'Tools',
+      nameI18n: null,
+      sortOrder: 0,
+      collapsedDefault: false
+    }
+  ],
+  tags: [{ id: 100, slug: 'fav', name: 'Favorite', nameI18n: null }],
+  items: [
+    {
+      id: 1,
+      groupId: 10,
+      name: 'Router',
+      nameI18n: null,
+      description: null,
+      descriptionI18n: null,
+      iconKind: 'asset',
+      iconValue: 'r.png',
+      sortOrder: 0,
+      links: { sh: 'http://1', bj: 'http://1b' },
+      tagSlugs: ['fav'],
+      createdAt: 0,
+      updatedAt: 0
+    },
+    {
+      id: 2,
+      groupId: 10,
+      name: 'Switch',
+      nameI18n: null,
+      description: null,
+      descriptionI18n: null,
+      iconKind: 'asset',
+      iconValue: 's.png',
+      sortOrder: 1,
+      links: { sh: 'http://2' }, // no bj
+      tagSlugs: [],
+      createdAt: 0,
+      updatedAt: 0
+    }
+  ]
+};
+
+beforeEach(() => {
+  navDataStore.setBundle(bundle);
+  uiPrefs._reset();
+  clearFilters();
+});
+
+describe('visibleSections', () => {
+  it('default site is the first marked is_default', () => {
+    expect(get(currentSite).site?.value).toBe('sh');
+  });
+
+  it('current site overridden by uiPrefs.siteValue', () => {
+    uiPrefs.setSite('bj');
+    expect(get(currentSite).site?.value).toBe('bj');
+  });
+
+  it('items missing for current site are dropped', () => {
+    uiPrefs.setSite('bj');
+    const sections = get(visibleSections);
+    expect(sections).toHaveLength(1);
+    expect(sections[0].items.map((i) => i.name)).toEqual(['Router']); // Switch has no bj link
+  });
+
+  it('search filters by name', () => {
+    searchQuery.set('rou');
+    expect(get(visibleSections)[0].items.map((i) => i.name)).toEqual(['Router']);
+  });
+
+  it('tag filter applies', () => {
+    toggleTag('fav');
+    const out = get(visibleSections);
+    expect(out[0].items.map((i) => i.name)).toEqual(['Router']);
+  });
+
+  it('visibleFavorites lists user-favorited items only', () => {
+    uiPrefs.toggleFavorite(2);
+    expect(get(visibleFavorites).map((i) => i.id)).toEqual([2]);
+  });
+});
+```
+
+- [ ] **Step 3: Run + commit**
+
+```bash
+cd web
+pnpm test:unit 2>&1 | tail -10
+cd ..
+git add web/src/lib/stores/visible.ts web/src/lib/stores/visible.test.ts
+git commit -m "feat(web): visibleSections derived store (site/search/tags filter, favorites view)"
+```
+
+---
+
+## Phase 1: Header Components (Tasks 5–12)
+
+Goal: build the 8 header pieces, then assemble them into a new `Header` (under `src/lib/components/Header/` to differentiate from the legacy `src/lib/components/Header.svelte`).
+
+### Task 5: SearchBar.svelte
+
+**Files:**
+- Create: `web/src/lib/components/Header/SearchBar.svelte`
+
+```svelte
+<script lang="ts">
+  import { onMount } from 'svelte';
+  import Input from '$lib/components/ui/Input.svelte';
+  import { searchQuery } from '$lib/stores/visible';
+  import { t } from '$lib/i18n/store';
+
+  let inputEl: HTMLInputElement | undefined = $state();
+
+  onMount(() => {
+    const onKey = (e: KeyboardEvent) => {
+      if (e.key === '/' && document.activeElement?.tagName !== 'INPUT') {
+        e.preventDefault();
+        const realInput = inputEl?.querySelector?.('input') ?? inputEl;
+        (realInput as HTMLInputElement | null)?.focus();
+      }
+    };
+    window.addEventListener('keydown', onKey);
+    return () => window.removeEventListener('keydown', onKey);
+  });
+</script>
+
+<div class="search" bind:this={inputEl}>
+  <Input
+    type="search"
+    placeholder={$t('header.search.placeholder')}
+    bind:value={$searchQuery}
+    fullWidth
+  />
+</div>
+
+<style lang="scss">
+  .search {
+    flex: 1;
+    max-width: 480px;
+  }
+</style>
+```
+
+Commit: `feat(web): SearchBar header component (binds searchQuery, "/" focus shortcut)`
+
+### Task 6: TagFilterChips.svelte
+
+**Files:**
+- Create: `web/src/lib/components/Header/TagFilterChips.svelte`
+
+```svelte
+<script lang="ts">
+  import Chip from '$lib/components/ui/Chip.svelte';
+  import { allTagSlugs, activeTagSlugs, toggleTag } from '$lib/stores/visible';
+</script>
+
+<div class="chips">
+  {#each $allTagSlugs as slug (slug)}
+    <Chip
+      label={slug}
+      active={$activeTagSlugs.has(slug)}
+      onSelect={() => toggleTag(slug)}
+    />
+  {/each}
+</div>
+
+<style lang="scss">
+  .chips {
+    display: flex;
+    gap: var(--sp-1);
+    flex-wrap: wrap;
+  }
+</style>
+```
+
+Commit: `feat(web): TagFilterChips header component (Chip per tag, toggles activeTagSlugs)`
+
+### Task 7: SiteSelect.svelte (new, replaces legacy)
+
+**Files:**
+- Create: `web/src/lib/components/Header/SiteSelect.svelte`
+
+```svelte
+<script lang="ts">
+  import Menu from '$lib/components/ui/Menu.svelte';
+  import { navDataStore } from '$lib/stores/navData';
+  import { uiPrefs } from '$lib/stores/uiPrefs';
+  import { currentSite } from '$lib/stores/visible';
+  import { localeStore } from '$lib/i18n/store';
+
+  let open = $state(false);
+  let triggerEl: HTMLButtonElement | undefined = $state();
+  let menuX = $state(0);
+  let menuY = $state(0);
+
+  function nameFor(site: { name: string; nameI18n?: Record<string, string> | null }) {
+    return site.nameI18n?.[$localeStore] ?? site.name;
+  }
+
+  function openMenu() {
+    if (!triggerEl) return;
+    const r = triggerEl.getBoundingClientRect();
+    menuX = r.left;
+    menuY = r.bottom + 4;
+    open = true;
+  }
+
+  const items = $derived(
+    ($navDataStore.bundle?.sites ?? []).map((s) => ({
+      label: nameFor(s),
+      onSelect: () => uiPrefs.setSite(s.value)
+    }))
+  );
+
+  const label = $derived($currentSite.site ? nameFor($currentSite.site) : '—');
+</script>
+
+<button class="trigger" type="button" bind:this={triggerEl} onclick={openMenu}>
+  {label}
+  <span aria-hidden="true">▾</span>
+</button>
+
+<Menu bind:open x={menuX} y={menuY} {items} />
+
+<style lang="scss">
+  .trigger {
+    display: inline-flex;
+    align-items: center;
+    gap: var(--sp-1);
+    height: 32px;
+    padding: 0 var(--sp-3);
+    background: var(--c-accent-bg);
+    color: var(--c-accent);
+    border: 0;
+    border-radius: var(--rd-pill);
+    font-size: var(--fs-sm);
+    font-weight: var(--fw-medium);
+    cursor: pointer;
+    transition: filter var(--tr-fast);
+
+    &:hover {
+      filter: brightness(1.05);
+    }
+  }
+</style>
+```
+
+Commit: `feat(web): SiteSelect header component (Menu-based, locale-aware label)`
+
+### Task 8: ThemeToggle.svelte
+
+**Files:**
+- Create: `web/src/lib/components/Header/ThemeToggle.svelte`
+
+```svelte
+<script lang="ts">
+  import IconButton from '$lib/components/ui/IconButton.svelte';
+  import { themeStore, cycleTheme } from '$lib/design/theme';
+  import { t } from '$lib/i18n/store';
+
+  const glyph = $derived($themeStore === 'dark' ? '☾' : $themeStore === 'light' ? '☀' : '◐');
+</script>
+
+<IconButton label={$t('header.theme.toggle')} onclick={cycleTheme}>
+  <span aria-hidden="true">{glyph}</span>
+</IconButton>
+```
+
+Commit: `feat(web): ThemeToggle (cycles system→light→dark, glyph reflects state)`
+
+### Task 9: LocaleToggle.svelte
+
+```svelte
+<!-- web/src/lib/components/Header/LocaleToggle.svelte -->
+<script lang="ts">
+  import IconButton from '$lib/components/ui/IconButton.svelte';
+  import { localeStore, toggleLocale, t } from '$lib/i18n/store';
+</script>
+
+<IconButton label={$t('header.locale.toggle')} onclick={toggleLocale}>
+  <span aria-hidden="true">{$localeStore === 'zh' ? '语' : 'EN'}</span>
+</IconButton>
+```
+
+Commit: `feat(web): LocaleToggle (zh ↔ en)`
+
+### Task 10: AuthControls.svelte (Plan 4 will mount LoginDialog)
+
+```svelte
+<!-- web/src/lib/components/Header/AuthControls.svelte -->
+<script lang="ts">
+  import Button from '$lib/components/ui/Button.svelte';
+  import { sessionStore } from '$lib/stores/session';
+  import { t } from '$lib/i18n/store';
+
+  function onLoginClick() {
+    // Plan 4 will replace this with a LoginDialog open trigger.
+    // For now, show a placeholder toast or no-op so Plan 3 stays read-only.
+    alert($t('auth.login.title') + ' — coming in Plan 4');
+  }
+
+  async function onLogout() {
+    await sessionStore.logout();
+  }
+</script>
+
+{#if $sessionStore.authed}
+  <Button intent="ghost" size="sm" onclick={onLogout}>{$t('header.logout')}</Button>
+{:else}
+  <Button intent="ghost" size="sm" onclick={onLoginClick}>{$t('header.login')}</Button>
+{/if}
+```
+
+Commit: `feat(web): AuthControls header component (login placeholder for Plan 4, logout works)`
+
+### Task 11: Brand.svelte
+
+```svelte
+<!-- web/src/lib/components/Header/Brand.svelte -->
+<script lang="ts">
+  import { navDataStore } from '$lib/stores/navData';
+
+  const meta = $derived($navDataStore.bundle?.meta);
+  const name = $derived(meta?.siteName ?? '');
+  const avatar = $derived(meta?.siteAvatarPath ?? null);
+</script>
+
+<a class="brand" href="/" aria-label={name}>
+  {#if avatar}<img src={avatar} alt="" class="avatar" />{/if}
+  <span class="name">{name}</span>
+</a>
+
+<style lang="scss">
+  .brand {
+    display: inline-flex;
+    align-items: center;
+    gap: var(--sp-2);
+    text-decoration: none;
+    color: var(--c-text);
+    font-weight: var(--fw-semibold);
+    font-size: var(--fs-md);
+
+    &:hover {
+      color: var(--c-accent);
+    }
+  }
+  .avatar {
+    width: 28px;
+    height: 28px;
+    border-radius: 50%;
+    object-fit: cover;
+  }
+  .name {
+    white-space: nowrap;
+  }
+</style>
+```
+
+Commit: `feat(web): Brand header component (avatar + site name from bundle.meta)`
+
+### Task 12: Header.svelte (assembly)
+
+**Files:**
+- Create: `web/src/lib/components/Header/index.svelte`
+
+```svelte
+<!-- web/src/lib/components/Header/index.svelte -->
+<script lang="ts">
+  import Brand from './Brand.svelte';
+  import SearchBar from './SearchBar.svelte';
+  import TagFilterChips from './TagFilterChips.svelte';
+  import SiteSelect from './SiteSelect.svelte';
+  import ThemeToggle from './ThemeToggle.svelte';
+  import LocaleToggle from './LocaleToggle.svelte';
+  import AuthControls from './AuthControls.svelte';
+</script>
+
+<header class="header">
+  <div class="left">
+    <Brand />
+  </div>
+  <div class="center">
+    <SearchBar />
+    <TagFilterChips />
+  </div>
+  <div class="right">
+    <SiteSelect />
+    <ThemeToggle />
+    <LocaleToggle />
+    <AuthControls />
+  </div>
+</header>
+
+<style lang="scss">
+  .header {
+    position: sticky;
+    top: 0;
+    z-index: 50;
+    display: grid;
+    grid-template-columns: auto 1fr auto;
+    align-items: center;
+    gap: var(--sp-3);
+    padding: var(--sp-3) var(--sp-4);
+    background: var(--c-bg);
+    border-bottom: 1px solid var(--c-border);
+  }
+
+  .left,
+  .right {
+    display: flex;
+    align-items: center;
+    gap: var(--sp-2);
+  }
+
+  .center {
+    display: flex;
+    align-items: center;
+    gap: var(--sp-3);
+    min-width: 0;
+  }
+
+  @media (max-width: 720px) {
+    .header {
+      grid-template-columns: 1fr auto;
+      grid-template-rows: auto auto;
+    }
+    .center {
+      grid-column: 1 / -1;
+    }
+    .right {
+      flex-wrap: wrap;
+    }
+  }
+</style>
+```
+
+Commit: `feat(web): Header assembly (brand + search + chips + site + theme + locale + auth)`
+
+---
+
+## Phase 2: Nav Grid Components (Tasks 13–18)
+
+Goal: button-based, accessible NavItem and group/section composition.
+
+### Task 13: NavItem.svelte
+
+**Files:**
+- Create: `web/src/lib/components/Nav/NavItem.svelte`
+
+```svelte
+<script lang="ts">
+  import type { Item } from '$lib/types/nav';
+  import { uiPrefs } from '$lib/stores/uiPrefs';
+  import { currentSite } from '$lib/stores/visible';
+  import { localeStore } from '$lib/i18n/store';
+
+  interface Props {
+    item: Item;
+  }
+  let { item }: Props = $props();
+
+  const url = $derived($currentSite.site ? item.links[$currentSite.site.value] ?? null : null);
+  const displayName = $derived(item.nameI18n?.[$localeStore] ?? item.name);
+  const isFav = $derived($uiPrefs.favoriteItemIds.includes(item.id));
+
+  function iconSrc(): string {
+    switch (item.iconKind) {
+      case 'asset':
+        return `/navIcons/${item.iconValue}`;
+      case 'url':
+        return item.iconValue;
+      case 'auto-favicon':
+        return `/api/favicon?host=${encodeURIComponent(item.iconValue)}`;
+    }
+  }
+
+  function open() {
+    if (url) window.open(url, '_blank', 'noopener,noreferrer');
+  }
+
+  function onKeydown(e: KeyboardEvent) {
+    if (e.key === 'Enter' || e.key === ' ') {
+      e.preventDefault();
+      open();
+    }
+  }
+
+  function onFavClick(e: MouseEvent) {
+    e.stopPropagation();
+    uiPrefs.toggleFavorite(item.id);
+  }
+</script>
+
+<div class="cell">
+  <button
+    type="button"
+    class="card"
+    onclick={open}
+    onkeydown={onKeydown}
+    aria-label={displayName}
+    disabled={!url}
+  >
+    <img class="icon" src={iconSrc()} alt="" loading="lazy" />
+  </button>
+  <button
+    type="button"
+    class="fav"
+    aria-label={isFav ? 'Unfavorite' : 'Favorite'}
+    aria-pressed={isFav}
+    onclick={onFavClick}
+  >★</button>
+  <span class="label">{displayName}</span>
+</div>
+
+<style lang="scss">
+  .cell {
+    position: relative;
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: var(--sp-2);
+    width: 96px;
+  }
+  .card {
+    width: 96px;
+    height: 96px;
+    padding: var(--sp-3);
+    background: var(--c-surface);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-lg);
+    box-shadow: var(--sh-sm);
+    cursor: pointer;
+    transition: transform var(--tr-base), box-shadow var(--tr-base), border-color var(--tr-fast);
+
+    &:hover:not(:disabled) {
+      transform: translateY(-2px);
+      box-shadow: var(--sh-md);
+      border-color: var(--c-accent);
+    }
+
+    &:disabled {
+      opacity: 0.55;
+      cursor: not-allowed;
+    }
+
+    .icon {
+      width: 100%;
+      height: 100%;
+      object-fit: contain;
+      border-radius: var(--rd-sm);
+    }
+  }
+  .fav {
+    position: absolute;
+    top: 2px;
+    right: 2px;
+    width: 22px;
+    height: 22px;
+    background: transparent;
+    border: 0;
+    color: var(--c-text-3);
+    font-size: 14px;
+    line-height: 1;
+    cursor: pointer;
+    border-radius: var(--rd-pill);
+    opacity: 0;
+    transition: opacity var(--tr-fast), color var(--tr-fast);
+
+    &[aria-pressed='true'] {
+      color: var(--c-warn);
+      opacity: 1;
+    }
+  }
+  .cell:hover .fav,
+  .fav:focus-visible {
+    opacity: 1;
+  }
+
+  .label {
+    font-size: var(--fs-sm);
+    color: var(--c-text);
+    text-align: center;
+    line-height: var(--lh-tight);
+    word-break: break-word;
+  }
+</style>
+```
+
+Commit: `feat(web): NavItem (button-based, favorite toggle, icon-kind aware, a11y compliant)`
+
+### Task 14: NavGrid.svelte
+
+```svelte
+<!-- web/src/lib/components/Nav/NavGrid.svelte -->
+<script lang="ts">
+  import type { Item } from '$lib/types/nav';
+  import NavItem from './NavItem.svelte';
+
+  interface Props {
+    items: Item[];
+  }
+  let { items }: Props = $props();
+</script>
+
+<div class="grid">
+  {#each items as item (item.id)}
+    <NavItem {item} />
+  {/each}
+</div>
+
+<style lang="scss">
+  .grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fill, 96px);
+    gap: var(--sp-5) var(--sp-4);
+    justify-content: center;
+    width: 100%;
+  }
+</style>
+```
+
+Commit: `feat(web): NavGrid (responsive grid of NavItem)`
+
+### Task 15: GroupHeader.svelte
+
+```svelte
+<!-- web/src/lib/components/Nav/GroupHeader.svelte -->
+<script lang="ts">
+  import type { Group } from '$lib/types/nav';
+  import { localeStore } from '$lib/i18n/store';
+  import { uiPrefs } from '$lib/stores/uiPrefs';
+
+  interface Props {
+    group: Group;
+  }
+  let { group }: Props = $props();
+
+  const isOpen = $derived($uiPrefs.groupOpen[group.slug] !== false);
+  const name = $derived(group.nameI18n?.[$localeStore] ?? group.name);
+
+  function toggle() {
+    uiPrefs.setGroupOpen(group.slug, !isOpen);
+  }
+</script>
+
+<button
+  type="button"
+  class="header"
+  aria-expanded={isOpen}
+  onclick={toggle}
+>
+  <span class="chev" class:open={isOpen} aria-hidden="true">▸</span>
+  <span class="name">{name}</span>
+</button>
+
+<style lang="scss">
+  .header {
+    display: inline-flex;
+    align-items: center;
+    gap: var(--sp-2);
+    padding: var(--sp-2) var(--sp-3);
+    margin-left: calc(-1 * var(--sp-3));
+    background: transparent;
+    border: 0;
+    cursor: pointer;
+    color: var(--c-text);
+    font-size: var(--fs-md);
+    font-weight: var(--fw-semibold);
+    border-radius: var(--rd-md);
+
+    &:hover {
+      background: var(--c-surface-2);
+    }
+  }
+  .chev {
+    display: inline-block;
+    transition: transform var(--tr-fast);
+    color: var(--c-text-3);
+
+    &.open {
+      transform: rotate(90deg);
+    }
+  }
+</style>
+```
+
+Commit: `feat(web): GroupHeader (collapsible, persists state to uiPrefs.groupOpen)`
+
+### Task 16: GroupSection.svelte
+
+```svelte
+<!-- web/src/lib/components/Nav/GroupSection.svelte -->
+<script lang="ts">
+  import type { VisibleGroup } from '$lib/stores/visible';
+  import { uiPrefs } from '$lib/stores/uiPrefs';
+  import GroupHeader from './GroupHeader.svelte';
+  import NavGrid from './NavGrid.svelte';
+
+  interface Props {
+    section: VisibleGroup;
+  }
+  let { section }: Props = $props();
+
+  const isOpen = $derived(
+    section.group ? $uiPrefs.groupOpen[section.group.slug] !== false : true
+  );
+</script>
+
+<section class="section">
+  {#if section.group}
+    <GroupHeader group={section.group} />
+  {/if}
+  {#if isOpen}
+    <NavGrid items={section.items} />
+  {/if}
+</section>
+
+<style lang="scss">
+  .section {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-4);
+    margin-bottom: var(--sp-7);
+  }
+</style>
+```
+
+Commit: `feat(web): GroupSection (group header + grid; honors collapsed state)`
+
+### Task 17: FavoritesSection.svelte
+
+```svelte
+<!-- web/src/lib/components/Nav/FavoritesSection.svelte -->
+<script lang="ts">
+  import { visibleFavorites } from '$lib/stores/visible';
+  import NavGrid from './NavGrid.svelte';
+  import { t } from '$lib/i18n/store';
+</script>
+
+{#if $visibleFavorites.length > 0}
+  <section class="favorites">
+    <h2 class="heading">★ {$t('common.edit') /* placeholder until favorites key added */}</h2>
+    <NavGrid items={$visibleFavorites} />
+  </section>
+{/if}
+
+<style lang="scss">
+  .favorites {
+    margin-bottom: var(--sp-7);
+  }
+  .heading {
+    margin: 0 0 var(--sp-4);
+    font-size: var(--fs-md);
+    font-weight: var(--fw-semibold);
+    color: var(--c-text-2);
+    letter-spacing: 0.05em;
+    text-transform: uppercase;
+  }
+</style>
+```
+
+Add a new i18n key `nav.favorites.title` to both `zh.json` and `en.json` and replace the placeholder in this component:
+
+```json
+// add to zh.json
+"nav.favorites.title": "收藏"
+// add to en.json
+"nav.favorites.title": "Favorites"
+```
+
+Then in the component change `{$t('common.edit') /* placeholder ... */}` → `{$t('nav.favorites.title')}`. Commit (single commit covers both files):
+
+`feat(web): FavoritesSection (top-of-page; only shown when user has favorites)`
+
+### Task 18: Empty states
+
+Create `web/src/lib/components/Nav/EmptyState.svelte`:
+
+```svelte
+<script lang="ts">
+  interface Props {
+    title: string;
+    hint?: string;
+  }
+  let { title, hint }: Props = $props();
+</script>
+
+<div class="empty">
+  <p class="title">{title}</p>
+  {#if hint}<p class="hint">{hint}</p>{/if}
+</div>
+
+<style lang="scss">
+  .empty {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: var(--sp-2);
+    padding: var(--sp-7) 0;
+    color: var(--c-text-3);
+    text-align: center;
+  }
+  .title {
+    margin: 0;
+    font-size: var(--fs-lg);
+    color: var(--c-text-2);
+  }
+  .hint {
+    margin: 0;
+    font-size: var(--fs-sm);
+  }
+</style>
+```
+
+Add i18n keys:
+
+```json
+// zh.json
+"nav.empty.search": "没有匹配的导航项",
+"nav.empty.search.hint": "尝试清除筛选或换个关键词",
+"nav.empty.data": "暂无导航数据",
+"nav.empty.data.hint": "登录后添加第一个导航项"
+```
+
+```json
+// en.json
+"nav.empty.search": "No nav items match",
+"nav.empty.search.hint": "Try clearing filters or different keywords",
+"nav.empty.data": "No nav data yet",
+"nav.empty.data.hint": "Sign in to add the first item"
+```
+
+Commit (single, includes the json updates): `feat(web): EmptyState component + i18n keys for search/data empty states`
+
+---
+
+## Phase 3: Footer + Layout + Page Integration (Tasks 19–21)
+
+### Task 19: Footer.svelte (rewrite)
+
+**Files:**
+- Create: `web/src/lib/components/Footer/index.svelte`
+
+```svelte
+<script lang="ts">
+  import { navDataStore } from '$lib/stores/navData';
+  import { localeStore } from '$lib/i18n/store';
+
+  const meta = $derived($navDataStore.bundle?.meta);
+  // Hide ICP / police filings when locale is non-Chinese — they're a PRC legal artifact.
+  const showFilings = $derived($localeStore === 'zh');
+</script>
+
+<footer class="footer">
+  <div class="row">
+    <span class="copyright">{meta?.siteCopyright ?? ''}</span>
+    {#if showFilings && meta?.siteIcp}
+      <span class="sep">·</span>
+      <a href={meta.siteIcp.url} target="_blank" rel="noopener">{meta.siteIcp.text}</a>
+    {/if}
+    {#if showFilings && meta?.sitePolice}
+      <span class="sep">·</span>
+      <a href={meta.sitePolice.url} target="_blank" rel="noopener">{meta.sitePolice.text}</a>
+    {/if}
+  </div>
+</footer>
+
+<style lang="scss">
+  .footer {
+    display: flex;
+    justify-content: center;
+    padding: var(--sp-5) var(--sp-4);
+    margin-top: var(--sp-8);
+    border-top: 1px solid var(--c-border);
+    color: var(--c-text-3);
+    font-size: var(--fs-xs);
+  }
+  .row {
+    display: inline-flex;
+    align-items: center;
+    gap: var(--sp-2);
+    flex-wrap: wrap;
+    justify-content: center;
+  }
+  .sep {
+    opacity: 0.5;
+  }
+  a {
+    color: inherit;
+    text-decoration: underline;
+    text-underline-offset: 3px;
+
+    &:hover {
+      color: var(--c-text-2);
+    }
+  }
+</style>
+```
+
+Commit: `feat(web): Footer rewrite (locale-aware filings, inline row, modern minimal)`
+
+### Task 20: +layout.svelte — wire ToastViewport + new Header/Footer
+
+**Files:**
+- Modify: `web/src/routes/+layout.svelte`
+
+Replace contents with:
+
+```svelte
+<script lang="ts">
+  import Header from '$lib/components/Header/index.svelte';
+  import Footer from '$lib/components/Footer/index.svelte';
+  import ToastViewport from '$lib/components/ui/ToastViewport.svelte';
+  import '$lib/design/theme';
+  import '../app.scss';
+
+  let { children } = $props();
+</script>
+
+<Header />
+
+<main>
+  {@render children()}
+</main>
+
+<Footer />
+
+<ToastViewport />
+
+<style lang="scss">
+  main {
+    flex: 1;
+    width: 100%;
+    max-width: 1024px;
+    margin: var(--sp-6) auto 0;
+    padding: 0 var(--sp-4);
+    box-sizing: border-box;
+  }
+</style>
+```
+
+Commit: `refactor(web): +layout uses new Header/Footer + ToastViewport`
+
+### Task 21: +page.svelte — render real navData
+
+**Files:**
+- Modify: `web/src/routes/+page.svelte`
+
+Replace with:
+
+```svelte
+<script lang="ts">
+  import { navDataStore } from '$lib/stores/navData';
+  import { visibleSections, hasActiveFilter, clearFilters } from '$lib/stores/visible';
+  import GroupSection from '$lib/components/Nav/GroupSection.svelte';
+  import FavoritesSection from '$lib/components/Nav/FavoritesSection.svelte';
+  import EmptyState from '$lib/components/Nav/EmptyState.svelte';
+  import Skeleton from '$lib/components/ui/Skeleton.svelte';
+  import Button from '$lib/components/ui/Button.svelte';
+  import { t } from '$lib/i18n/store';
+
+  const siteTitle = $derived($navDataStore.bundle?.meta.siteName ?? '');
+</script>
+
+<svelte:head>
+  <title>{siteTitle}</title>
+</svelte:head>
+
+{#if $navDataStore.loading && !$navDataStore.bundle}
+  <div class="loading">
+    <Skeleton width="240px" height="24px" />
+    <Skeleton width="180px" height="16px" />
+    <Skeleton width="220px" height="16px" />
+  </div>
+{:else if $navDataStore.error}
+  <EmptyState title={$t('error.network.offline')} hint={$navDataStore.error} />
+  <div class="retry">
+    <Button onclick={() => navDataStore.refetch()}>{$t('error.network.retry')}</Button>
+  </div>
+{:else}
+  <FavoritesSection />
+  {#if $visibleSections.length === 0}
+    {#if $hasActiveFilter}
+      <EmptyState
+        title={$t('nav.empty.search')}
+        hint={$t('nav.empty.search.hint')}
+      />
+      <div class="retry">
+        <Button intent="ghost" onclick={clearFilters}>{$t('common.cancel')}</Button>
+      </div>
+    {:else}
+      <EmptyState title={$t('nav.empty.data')} hint={$t('nav.empty.data.hint')} />
+    {/if}
+  {:else}
+    {#each $visibleSections as section (section.group?.id ?? 'ungrouped')}
+      <GroupSection {section} />
+    {/each}
+  {/if}
+{/if}
+
+<style lang="scss">
+  .loading {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-3);
+    align-items: center;
+    margin-top: var(--sp-6);
+  }
+  .retry {
+    display: flex;
+    justify-content: center;
+    margin-top: var(--sp-3);
+  }
+</style>
+```
+
+Commit: `feat(web): +page renders real navData (loading + error + empty + sections)`
+
+---
+
+## Phase 4: Cleanup + End-to-End Verification (Tasks 22–23)
+
+### Task 22: Delete legacy components and constants
+
+**Files (all DELETED):**
+- `web/src/lib/components/Header.svelte` (legacy)
+- `web/src/lib/components/Footer.svelte`
+- `web/src/lib/components/Nav.svelte`
+- `web/src/lib/components/SiteSelect.svelte`
+- `web/src/lib/components/Avatar.svelte`
+- `web/src/lib/store/siteStore.ts`
+- `web/src/lib/constants/nav.ts`
+- `web/src/lib/constants/siteInfo.ts`
+- `web/src/lib/constants/avatar.ts`
+- `web/src/lib/utils/index.ts` (re-exports `isURL`)
+- `web/src/lib/utils/isURL.ts` (no longer used; URL check happens in NavItem via `iconKind`)
+
+**Pre-flight:** before deleting `web/src/lib/store/`, verify nothing imports from it:
+
+```bash
+cd web
+grep -r '$lib/store/siteStore' src --include='*.svelte' --include='*.ts' || echo "no callers"
+grep -r '$lib/constants' src --include='*.svelte' --include='*.ts' || echo "no callers"
+grep -r '$lib/utils' src --include='*.svelte' --include='*.ts' || echo "no callers"
+cd ..
+```
+
+If any caller is in `src/` outside the legacy components themselves, **stop and report BLOCKED** — Phase 1-3 missed a reference.
+
+If clean, delete:
+
+```bash
+git rm web/src/lib/components/Header.svelte
+git rm web/src/lib/components/Footer.svelte
+git rm web/src/lib/components/Nav.svelte
+git rm web/src/lib/components/SiteSelect.svelte
+git rm web/src/lib/components/Avatar.svelte
+git rm web/src/lib/store/siteStore.ts
+git rm web/src/lib/constants/nav.ts
+git rm web/src/lib/constants/siteInfo.ts
+git rm web/src/lib/constants/avatar.ts
+git rm web/src/lib/utils/index.ts
+git rm web/src/lib/utils/isURL.ts
+# remove now-empty dirs (git ignores empty dirs but we can rmdir if they exist)
+rmdir web/src/lib/store 2>/dev/null || true
+rmdir web/src/lib/constants 2>/dev/null || true
+rmdir web/src/lib/utils 2>/dev/null || true
+```
+
+Run full pipeline:
+
+```bash
+cd web
+pnpm check 2>&1 | tail -10
+pnpm test:unit 2>&1 | tail -10
+pnpm build 2>&1 | tail -5
+pnpm lint 2>&1 | tail -10
+cd ..
+```
+
+All green. Commit:
+
+```bash
+git commit -m "chore(web): delete legacy components/constants/store now that Plan 3 ships replacements"
+```
+
+### Task 23: End-to-end verification
+
+**Files:** none modified.
+
+This task validates the integration with the Plan 1 backend.
+
+- [ ] **Step 1: Boot backend**
+
+```bash
+cd server
+rm -rf dev-data
+SQLX_OFFLINE=true PORT=8080 BOOTSTRAP_ADMIN_PASSWORD=test1234 cargo run --quiet > /tmp/srv.log 2>&1 &
+SRV=$!
+sleep 18
+curl -sf http://127.0.0.1:8080/api/health
+curl -sf http://127.0.0.1:8080/api/nav | head -c 200
+echo
+cd ..
+```
+
+Expected: `{"status":"ok"}` and a JSON bundle with sites/groups arrays.
+
+- [ ] **Step 2: Boot frontend dev (proxies /api to :8080)**
+
+```bash
+cd web
+pnpm dev --host 127.0.0.1 --port 5173 > /tmp/web.log 2>&1 &
+WEB=$!
+sleep 8
+curl -sf http://127.0.0.1:5173/ -o /tmp/page.html
+grep -oE '<title>[^<]+</title>' /tmp/page.html
+cd ..
+```
+
+Expected: page.html includes site title.
+
+- [ ] **Step 3: Verify the SPA actually fetched /api/nav**
+
+```bash
+# After hydration, the SPA should have loaded the bundle and dropped the legacy default theme.
+# We can't easily simulate JS in curl; instead grep the dev log for the proxy hit.
+grep -E '/api/nav' /tmp/web.log | head -3 || echo "(no proxy hit yet — that's OK if hydration hasn't run; manual verification in browser confirms)"
+```
+
+- [ ] **Step 4: Tear down**
+
+```bash
+kill $WEB 2>/dev/null
+kill $SRV 2>/dev/null
+sleep 1
+```
+
+- [ ] **Step 5: No commit unless something needed fixing**
+
+If the smoke test caught an issue (e.g., CORS, 404 on /api/nav from SPA, hydration error), fix it in this task and commit. Otherwise no commit; Plan 3 is complete after Task 22.
+
+## Self-Review (filled by writer)
+
+**Spec coverage**
+
+| Spec section | Where covered |
+|---|---|
+| § 4.1 store layering | Tasks 1–4 |
+| § 4.2 component tree (read-only parts) | Tasks 5–21 |
+| § 5 (read-only operations only; edit deferred) | NavItem opens links; AuthControls placeholder |
+| § 7.4 footer redesign | Task 19 |
+| § 7.5 legacy assets removed | Task 22 |
+| § 8.2 a11y baseline | Every interactive primitive is `<button>` |
+| § 8.4 toast viewport mounted | Task 20 |
+
+**Type / signature consistency**
+
+- All stores expose `subscribe`/`set`/typed methods consistently.
+- `currentSite`/`visibleSections` read from `navDataStore` + `uiPrefs`; no circular deps.
+- NavItem uses `iconKind` discriminator from zod schema (asset/url/auto-favicon) — wired to `/navIcons/*` (asset, served by Plan 1's ServeDir), full URL (url), or `/api/favicon?host=` (auto-favicon).
+
+**Placeholder scan**
+
+- One placeholder addressed inline: Task 17 includes the i18n key add for `nav.favorites.title` (initial draft used `common.edit` placeholder; the task's commit step replaces it).
+
+**Scope discipline**
+
+- No editing UI built. AuthControls deliberately stubs `alert()` for login (Plan 4 replaces with LoginDialog).
+- No drag-and-drop, no context menu, no inline editing — all reserved for Plan 4.
+- Plan 5 still owns dump-bootstrap, Dockerfile, and Playwright.
+
+**Verification gates**
+
+- Phase 0: 4 store tasks each end with vitest.
+- Phase 1-3: each component task ends with `pnpm check`. Phase 3 ends with browser-side smoke (Task 23).
+- Final cleanup (Task 22) re-runs full check + tests + build.
+
+**Deferred to other plans**
+
+- LoginDialog + login flow → Plan 4
+- Drag/drop reorder, double-click rename, context menu, ItemEditDialog → Plan 4
+- Site/group/tag management UI → Plan 4
+- scripts/dump-bootstrap.mjs (real seed data) → Plan 5
+- Playwright e2e covering this plan's smoke → Plan 5
diff --git a/web/src/lib/components/Avatar.svelte b/web/src/lib/components/Avatar.svelte
deleted file mode 100644
index 836783c..0000000
--- a/web/src/lib/components/Avatar.svelte
+++ /dev/null
@@ -1,23 +0,0 @@
-<script lang="ts">
-  import { avatarURL } from '$lib/constants/avatar';
-  import { siteName } from '$lib/constants/siteInfo';
-</script>
-
-<div class="avatar">
-  <img src={avatarURL} alt={siteName} />
-</div>
-
-<style lang="scss">
-  .avatar {
-    display: flex;
-    justify-content: center;
-    align-items: center;
-
-    img {
-      width: 140px;
-      height: 140px;
-      border-radius: 50%;
-      overflow: hidden;
-    }
-  }
-</style>
diff --git a/web/src/lib/components/Footer.svelte b/web/src/lib/components/Footer.svelte
deleted file mode 100644
index c1c8c00..0000000
--- a/web/src/lib/components/Footer.svelte
+++ /dev/null
@@ -1,83 +0,0 @@
-<script lang="ts">
-  import {
-    siteCopyright,
-    siteICPBeian,
-    sitePoliceBeian,
-    siteICPBeianURL,
-    sitePoliceBeianURL
-  } from '$lib/constants/siteInfo';
-</script>
-
-<footer class="footer">
-  <div class="footer-copyright">{siteCopyright}</div>
-  <div class="beian">
-    <div class="footer-link">
-      <a href={siteICPBeianURL} target="_blank" rel="noopener">{siteICPBeian}</a>
-    </div>
-    <div class="divider"></div>
-    <div class="footer-link">
-      <a href={sitePoliceBeianURL} target="_blank" rel="noopener">{sitePoliceBeian}</a>
-    </div>
-  </div>
-</footer>
-
-<style lang="scss">
-  .footer {
-    display: flex;
-    flex-direction: column;
-    justify-content: center;
-    padding: 20px 0;
-    margin-top: 120px;
-    font-size: 13px;
-    line-height: 2;
-    color: var(--text-color);
-
-    &-copyright {
-      display: flex;
-      justify-content: center;
-    }
-
-    .beian {
-      display: grid;
-      grid-template-areas: 'a b c';
-      column-gap: 18px;
-      justify-content: center;
-      align-items: center;
-
-      .footer-link {
-        display: inline-flex;
-        justify-content: center;
-        a {
-          color: var(--text-color);
-          text-decoration: underline;
-          cursor: pointer;
-
-          &:hover {
-            color: var(--text-hover-color);
-          }
-        }
-      }
-
-      .divider {
-        width: 1px;
-        height: 50%;
-        background: var(--text-color);
-      }
-    }
-  }
-  @media only screen and (max-width: 500px) {
-    .footer {
-      margin-top: 48px;
-      .beian {
-        grid-template-areas:
-          'a'
-          'b'
-          'c';
-      }
-
-      .divider {
-        display: none;
-      }
-    }
-  }
-</style>
diff --git a/web/src/lib/components/Footer/index.svelte b/web/src/lib/components/Footer/index.svelte
new file mode 100644
index 0000000..4a2ad07
--- /dev/null
+++ b/web/src/lib/components/Footer/index.svelte
@@ -0,0 +1,53 @@
+<script lang="ts">
+  import { navDataStore } from '$lib/stores/navData';
+  import { localeStore } from '$lib/i18n/store';
+
+  const meta = $derived($navDataStore.bundle?.meta);
+  // Hide ICP / police filings when locale is non-Chinese — they're a PRC legal artifact.
+  const showFilings = $derived($localeStore === 'zh');
+</script>
+
+<footer class="footer">
+  <div class="row">
+    <span class="copyright">{meta?.siteCopyright ?? ''}</span>
+    {#if showFilings && meta?.siteIcp}
+      <span class="sep">·</span>
+      <a href={meta.siteIcp.url} target="_blank" rel="noopener">{meta.siteIcp.text}</a>
+    {/if}
+    {#if showFilings && meta?.sitePolice}
+      <span class="sep">·</span>
+      <a href={meta.sitePolice.url} target="_blank" rel="noopener">{meta.sitePolice.text}</a>
+    {/if}
+  </div>
+</footer>
+
+<style lang="scss">
+  .footer {
+    display: flex;
+    justify-content: center;
+    padding: var(--sp-5) var(--sp-4);
+    margin-top: var(--sp-8);
+    border-top: 1px solid var(--c-border);
+    color: var(--c-text-3);
+    font-size: var(--fs-xs);
+  }
+  .row {
+    display: inline-flex;
+    align-items: center;
+    gap: var(--sp-2);
+    flex-wrap: wrap;
+    justify-content: center;
+  }
+  .sep {
+    opacity: 0.5;
+  }
+  a {
+    color: inherit;
+    text-decoration: underline;
+    text-underline-offset: 3px;
+
+    &:hover {
+      color: var(--c-text-2);
+    }
+  }
+</style>
diff --git a/web/src/lib/components/Header.svelte b/web/src/lib/components/Header.svelte
deleted file mode 100644
index 9cbd904..0000000
--- a/web/src/lib/components/Header.svelte
+++ /dev/null
@@ -1,63 +0,0 @@
-<script lang="ts">
-  import { siteName } from '$lib/constants/siteInfo';
-  import { avatarURL } from '$lib/constants/avatar';
-  import SiteSelect from './SiteSelect.svelte';
-</script>
-
-<header class="header">
-  <a href="/" class="header-logo">
-    <img src={avatarURL} alt={siteName} />
-    <span class="name">{siteName}</span>
-  </a>
-  <SiteSelect />
-</header>
-
-<style lang="scss">
-  .header {
-    position: sticky;
-    top: 0;
-    display: flex;
-    align-items: center;
-    justify-content: space-between;
-
-    &-logo {
-      display: flex;
-      align-items: center;
-      padding: 12px 24px;
-      text-decoration: none;
-      outline: none;
-
-      img {
-        width: 50px;
-        height: 50px;
-        border-radius: 50%;
-      }
-
-      .name {
-        flex-shrink: 0;
-        margin-left: 14px;
-        font-size: 20px;
-        color: var(--text-color);
-
-        &:hover {
-          color: var(--text-hover-color);
-        }
-      }
-    }
-  }
-
-  @media only screen and (max-width: 500px) {
-    .header {
-      &-logo {
-        img {
-          width: 36px;
-          height: 36px;
-        }
-
-        .name {
-          font-size: 18px;
-        }
-      }
-    }
-  }
-</style>
diff --git a/web/src/lib/components/Header/AuthControls.svelte b/web/src/lib/components/Header/AuthControls.svelte
new file mode 100644
index 0000000..d99af5a
--- /dev/null
+++ b/web/src/lib/components/Header/AuthControls.svelte
@@ -0,0 +1,21 @@
+<script lang="ts">
+  import Button from '$lib/components/ui/Button.svelte';
+  import { sessionStore } from '$lib/stores/session';
+  import { t } from '$lib/i18n/store';
+
+  function onLoginClick() {
+    // Plan 4 will replace this with a LoginDialog open trigger.
+    // For now, show a placeholder toast or no-op so Plan 3 stays read-only.
+    alert($t('auth.login.title') + ' — coming in Plan 4');
+  }
+
+  async function onLogout() {
+    await sessionStore.logout();
+  }
+</script>
+
+{#if $sessionStore.authed}
+  <Button intent="ghost" size="sm" onclick={onLogout}>{$t('header.logout')}</Button>
+{:else}
+  <Button intent="ghost" size="sm" onclick={onLoginClick}>{$t('header.login')}</Button>
+{/if}
diff --git a/web/src/lib/components/Header/Brand.svelte b/web/src/lib/components/Header/Brand.svelte
new file mode 100644
index 0000000..dd249fa
--- /dev/null
+++ b/web/src/lib/components/Header/Brand.svelte
@@ -0,0 +1,37 @@
+<script lang="ts">
+  import { navDataStore } from '$lib/stores/navData';
+
+  const meta = $derived($navDataStore.bundle?.meta);
+  const name = $derived(meta?.siteName ?? '');
+  const avatar = $derived(meta?.siteAvatarPath ?? null);
+</script>
+
+<a class="brand" href="/" aria-label={name}>
+  {#if avatar}<img src={avatar} alt="" class="avatar" />{/if}
+  <span class="name">{name}</span>
+</a>
+
+<style lang="scss">
+  .brand {
+    display: inline-flex;
+    align-items: center;
+    gap: var(--sp-2);
+    text-decoration: none;
+    color: var(--c-text);
+    font-weight: var(--fw-semibold);
+    font-size: var(--fs-md);
+
+    &:hover {
+      color: var(--c-accent);
+    }
+  }
+  .avatar {
+    width: 28px;
+    height: 28px;
+    border-radius: 50%;
+    object-fit: cover;
+  }
+  .name {
+    white-space: nowrap;
+  }
+</style>
diff --git a/web/src/lib/components/Header/LocaleToggle.svelte b/web/src/lib/components/Header/LocaleToggle.svelte
new file mode 100644
index 0000000..4f54f3e
--- /dev/null
+++ b/web/src/lib/components/Header/LocaleToggle.svelte
@@ -0,0 +1,8 @@
+<script lang="ts">
+  import IconButton from '$lib/components/ui/IconButton.svelte';
+  import { localeStore, toggleLocale, t } from '$lib/i18n/store';
+</script>
+
+<IconButton label={$t('header.locale.toggle')} onclick={toggleLocale}>
+  <span aria-hidden="true">{$localeStore === 'zh' ? '语' : 'EN'}</span>
+</IconButton>
diff --git a/web/src/lib/components/Header/SearchBar.svelte b/web/src/lib/components/Header/SearchBar.svelte
new file mode 100644
index 0000000..cea3e57
--- /dev/null
+++ b/web/src/lib/components/Header/SearchBar.svelte
@@ -0,0 +1,36 @@
+<script lang="ts">
+  import { onMount } from 'svelte';
+  import Input from '$lib/components/ui/Input.svelte';
+  import { searchQuery } from '$lib/stores/visible';
+  import { t } from '$lib/i18n/store';
+
+  let inputEl: HTMLDivElement | undefined = $state();
+
+  onMount(() => {
+    const onKey = (e: KeyboardEvent) => {
+      if (e.key === '/' && document.activeElement?.tagName !== 'INPUT') {
+        e.preventDefault();
+        const realInput = inputEl?.querySelector?.('input') ?? inputEl;
+        (realInput as HTMLInputElement | null)?.focus();
+      }
+    };
+    window.addEventListener('keydown', onKey);
+    return () => window.removeEventListener('keydown', onKey);
+  });
+</script>
+
+<div class="search" bind:this={inputEl}>
+  <Input
+    type="search"
+    placeholder={$t('header.search.placeholder')}
+    bind:value={$searchQuery}
+    fullWidth
+  />
+</div>
+
+<style lang="scss">
+  .search {
+    flex: 1;
+    max-width: 480px;
+  }
+</style>
diff --git a/web/src/lib/components/Header/SiteSelect.svelte b/web/src/lib/components/Header/SiteSelect.svelte
new file mode 100644
index 0000000..4426bb5
--- /dev/null
+++ b/web/src/lib/components/Header/SiteSelect.svelte
@@ -0,0 +1,62 @@
+<script lang="ts">
+  import Menu from '$lib/components/ui/Menu.svelte';
+  import { navDataStore } from '$lib/stores/navData';
+  import { uiPrefs } from '$lib/stores/uiPrefs';
+  import { currentSite } from '$lib/stores/visible';
+  import { localeStore } from '$lib/i18n/store';
+
+  let open = $state(false);
+  let triggerEl: HTMLButtonElement | undefined = $state();
+  let menuX = $state(0);
+  let menuY = $state(0);
+
+  function nameFor(site: { name: string; nameI18n?: Record<string, string> | null }) {
+    return site.nameI18n?.[$localeStore] ?? site.name;
+  }
+
+  function openMenu() {
+    if (!triggerEl) return;
+    const r = triggerEl.getBoundingClientRect();
+    menuX = r.left;
+    menuY = r.bottom + 4;
+    open = true;
+  }
+
+  const items = $derived(
+    ($navDataStore.bundle?.sites ?? []).map((s) => ({
+      label: nameFor(s),
+      onSelect: () => uiPrefs.setSite(s.value)
+    }))
+  );
+
+  const label = $derived($currentSite.site ? nameFor($currentSite.site) : '—');
+</script>
+
+<button class="trigger" type="button" bind:this={triggerEl} onclick={openMenu}>
+  {label}
+  <span aria-hidden="true">▾</span>
+</button>
+
+<Menu bind:open x={menuX} y={menuY} {items} />
+
+<style lang="scss">
+  .trigger {
+    display: inline-flex;
+    align-items: center;
+    gap: var(--sp-1);
+    height: 32px;
+    padding: 0 var(--sp-3);
+    background: var(--c-accent-bg);
+    color: var(--c-accent);
+    border: 0;
+    border-radius: var(--rd-pill);
+    font-size: var(--fs-sm);
+    font-weight: var(--fw-medium);
+    cursor: pointer;
+    transition: filter var(--tr-fast);
+
+    &:hover {
+      filter: brightness(1.05);
+    }
+  }
+</style>
diff --git a/web/src/lib/components/Header/TagFilterChips.svelte b/web/src/lib/components/Header/TagFilterChips.svelte
new file mode 100644
index 0000000..f031b03
--- /dev/null
+++ b/web/src/lib/components/Header/TagFilterChips.svelte
@@ -0,0 +1,18 @@
+<script lang="ts">
+  import Chip from '$lib/components/ui/Chip.svelte';
+  import { allTagSlugs, activeTagSlugs, toggleTag } from '$lib/stores/visible';
+</script>
+
+<div class="chips">
+  {#each $allTagSlugs as slug (slug)}
+    <Chip label={slug} active={$activeTagSlugs.has(slug)} onSelect={() => toggleTag(slug)} />
+  {/each}
+</div>
+
+<style lang="scss">
+  .chips {
+    display: flex;
+    gap: var(--sp-1);
+    flex-wrap: wrap;
+  }
+</style>
diff --git a/web/src/lib/components/Header/ThemeToggle.svelte b/web/src/lib/components/Header/ThemeToggle.svelte
new file mode 100644
index 0000000..b28b115
--- /dev/null
+++ b/web/src/lib/components/Header/ThemeToggle.svelte
@@ -0,0 +1,11 @@
+<script lang="ts">
+  import IconButton from '$lib/components/ui/IconButton.svelte';
+  import { themeStore, cycleTheme } from '$lib/design/theme';
+  import { t } from '$lib/i18n/store';
+
+  const glyph = $derived($themeStore === 'dark' ? '☾' : $themeStore === 'light' ? '☀' : '◐');
+</script>
+
+<IconButton label={$t('header.theme.toggle')} onclick={cycleTheme}>
+  <span aria-hidden="true">{glyph}</span>
+</IconButton>
diff --git a/web/src/lib/components/Header/index.svelte b/web/src/lib/components/Header/index.svelte
new file mode 100644
index 0000000..488ef6a
--- /dev/null
+++ b/web/src/lib/components/Header/index.svelte
@@ -0,0 +1,67 @@
+<script lang="ts">
+  import Brand from './Brand.svelte';
+  import SearchBar from './SearchBar.svelte';
+  import TagFilterChips from './TagFilterChips.svelte';
+  import SiteSelect from './SiteSelect.svelte';
+  import ThemeToggle from './ThemeToggle.svelte';
+  import LocaleToggle from './LocaleToggle.svelte';
+  import AuthControls from './AuthControls.svelte';
+</script>
+
+<header class="header">
+  <div class="left">
+    <Brand />
+  </div>
+  <div class="center">
+    <SearchBar />
+    <TagFilterChips />
+  </div>
+  <div class="right">
+    <SiteSelect />
+    <ThemeToggle />
+    <LocaleToggle />
+    <AuthControls />
+  </div>
+</header>
+
+<style lang="scss">
+  .header {
+    position: sticky;
+    top: 0;
+    z-index: 50;
+    display: grid;
+    grid-template-columns: auto 1fr auto;
+    align-items: center;
+    gap: var(--sp-3);
+    padding: var(--sp-3) var(--sp-4);
+    background: var(--c-bg);
+    border-bottom: 1px solid var(--c-border);
+  }
+
+  .left,
+  .right {
+    display: flex;
+    align-items: center;
+    gap: var(--sp-2);
+  }
+
+  .center {
+    display: flex;
+    align-items: center;
+    gap: var(--sp-3);
+    min-width: 0;
+  }
+
+  @media (max-width: 720px) {
+    .header {
+      grid-template-columns: 1fr auto;
+      grid-template-rows: auto auto;
+    }
+    .center {
+      grid-column: 1 / -1;
+    }
+    .right {
+      flex-wrap: wrap;
+    }
+  }
+</style>
diff --git a/web/src/lib/components/Nav.svelte b/web/src/lib/components/Nav.svelte
deleted file mode 100644
index 5537447..0000000
--- a/web/src/lib/components/Nav.svelte
+++ /dev/null
@@ -1,132 +0,0 @@
-<script lang="ts">
-  import type { INavItem } from '$lib/constants/nav';
-  import { isURL } from '$lib/utils/index';
-  import { availableNavListStore, siteStore } from '$lib/store/siteStore';
-
-  function handleClick(nav: INavItem) {
-    const link = nav?.link?.[$siteStore?.value || ''];
-    if (link) {
-      window.open(link, '_blank', 'noreferrer,noreferrer');
-    }
-  }
-</script>
-
-<div class="nav">
-  {#each $availableNavListStore as nav}
-    <!-- svelte-ignore a11y_click_events_have_key_events -->
-    <!-- svelte-ignore a11y_no_static_element_interactions -->
-    <div class="nav-item" onclick={() => handleClick(nav)}>
-      <div class="nav-item-icon">
-        <img src={isURL(nav.source) ? nav.source : `/navIcons/${nav.source}`} alt={nav.name} />
-      </div>
-      <div class="nav-item-name">
-        {nav.name || ''}
-      </div>
-    </div>
-  {/each}
-</div>
-
-<style lang="scss">
-  @keyframes shark-bounce {
-    0%,
-    100% {
-      transform: rotate(0);
-    }
-    25% {
-      transform: rotate(15deg);
-    }
-    50% {
-      transform: rotate(-15deg);
-    }
-    75% {
-      transform: rotate(5deg);
-    }
-    85% {
-      transform: rotate(-5deg);
-    }
-  }
-  .nav {
-    --nav-item-width: 128px;
-
-    display: grid;
-    grid-template-columns: repeat(auto-fill, var(--nav-item-width));
-    gap: 50px 40px;
-    justify-content: center;
-    width: 100%;
-    max-width: 1024px;
-
-    &-item {
-      display: flex;
-      flex-direction: column;
-
-      &-icon {
-        display: flex;
-        justify-content: center;
-        align-items: center;
-        width: var(--nav-item-width);
-        height: var(--nav-item-width);
-        padding: 14px;
-        background-color: var(--nav-item-bg-color);
-        border-radius: 24px;
-        box-shadow: 0 0 20px 0px rgba(0, 0, 0, 0.5);
-        overflow: hidden;
-        cursor: pointer;
-
-        img {
-          width: 100%;
-          height: 100%;
-          border-radius: 12px;
-          object-fit: contain;
-          overflow: hidden;
-        }
-
-        :global(.svg-icon) {
-          width: 100%;
-          height: 100%;
-          object-fit: contain;
-        }
-
-        &:hover {
-          animation: shark-bounce 0.5s alternate;
-        }
-      }
-
-      &-name {
-        flex: 1;
-        display: flex;
-        justify-content: center;
-        width: var(--nav-item-width);
-        margin-top: 14px;
-        line-height: 32px;
-        font-size: 14px;
-        font-weight: bold;
-        letter-spacing: 1.5px;
-        color: var(--text-color);
-        text-shadow: 0px 0px 10px #111;
-        white-space: nowrap;
-        cursor: pointer;
-      }
-    }
-  }
-
-  @media only screen and (max-width: 500px) {
-    .nav {
-      --nav-item-width: 56px;
-      gap: 28px 20px;
-
-      &-item {
-        &-icon {
-          padding: 8px;
-          border-radius: 12px;
-        }
-
-        &-name {
-          margin-top: 8px;
-          line-height: 20px;
-          font-size: 14px;
-          transform: scale(0.85);
-        }
-      }
-    }
-  }
-</style>
diff --git a/web/src/lib/components/Nav/EmptyState.svelte b/web/src/lib/components/Nav/EmptyState.svelte
new file mode 100644
index 0000000..8d86982
--- /dev/null
+++ b/web/src/lib/components/Nav/EmptyState.svelte
@@ -0,0 +1,33 @@
+<script lang="ts">
+  interface Props {
+    title: string;
+    hint?: string;
+  }
+  let { title, hint }: Props = $props();
+</script>
+
+<div class="empty">
+  <p class="title">{title}</p>
+  {#if hint}<p class="hint">{hint}</p>{/if}
+</div>
+
+<style lang="scss">
+  .empty {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: var(--sp-2);
+    padding: var(--sp-7) 0;
+    color: var(--c-text-3);
+    text-align: center;
+  }
+  .title {
+    margin: 0;
+    font-size: var(--fs-lg);
+    color: var(--c-text-2);
+  }
+  .hint {
+    margin: 0;
+    font-size: var(--fs-sm);
+  }
+</style>
diff --git a/web/src/lib/components/Nav/FavoritesSection.svelte b/web/src/lib/components/Nav/FavoritesSection.svelte
new file mode 100644
index 0000000..e6e096e
--- /dev/null
+++ b/web/src/lib/components/Nav/FavoritesSection.svelte
@@ -0,0 +1,26 @@
+<script lang="ts">
+  import { visibleFavorites } from '$lib/stores/visible';
+  import NavGrid from './NavGrid.svelte';
+  import { t } from '$lib/i18n/store';
+</script>
+
+{#if $visibleFavorites.length > 0}
+  <section class="favorites">
+    <h2 class="heading">★ {$t('nav.favorites.title')}</h2>
+    <NavGrid items={$visibleFavorites} />
+  </section>
+{/if}
+
+<style lang="scss">
+  .favorites {
+    margin-bottom: var(--sp-7);
+  }
+  .heading {
+    margin: 0 0 var(--sp-4);
+    font-size: var(--fs-md);
+    font-weight: var(--fw-semibold);
+    color: var(--c-text-2);
+    letter-spacing: 0.05em;
+    text-transform: uppercase;
+  }
+</style>
diff --git a/web/src/lib/components/Nav/GroupHeader.svelte b/web/src/lib/components/Nav/GroupHeader.svelte
new file mode 100644
index 0000000..45f1abf
--- /dev/null
+++ b/web/src/lib/components/Nav/GroupHeader.svelte
@@ -0,0 +1,52 @@
+<script lang="ts">
+  import type { Group } from '$lib/types/nav';
+  import { localeStore } from '$lib/i18n/store';
+  import { uiPrefs } from '$lib/stores/uiPrefs';
+
+  interface Props {
+    group: Group;
+  }
+  let { group }: Props = $props();
+
+  const isOpen = $derived($uiPrefs.groupOpen[group.slug] !== false);
+  const name = $derived(group.nameI18n?.[$localeStore] ?? group.name);
+
+  function toggle() {
+    uiPrefs.setGroupOpen(group.slug, !isOpen);
+  }
+</script>
+
+<button type="button" class="header" aria-expanded={isOpen} onclick={toggle}>
+  <span class="chev" class:open={isOpen} aria-hidden="true">▸</span>
+  <span class="name">{name}</span>
+</button>
+
+<style lang="scss">
+  .header {
+    display: inline-flex;
+    align-items: center;
+    gap: var(--sp-2);
+    padding: var(--sp-2) var(--sp-3);
+    margin-left: calc(-1 * var(--sp-3));
+    background: transparent;
+    border: 0;
+    cursor: pointer;
+    color: var(--c-text);
+    font-size: var(--fs-md);
+    font-weight: var(--fw-semibold);
+    border-radius: var(--rd-md);
+
+    &:hover {
+      background: var(--c-surface-2);
+    }
+  }
+  .chev {
+    display: inline-block;
+    transition: transform var(--tr-fast);
+    color: var(--c-text-3);
+
+    &.open {
+      transform: rotate(90deg);
+    }
+  }
+</style>
diff --git a/web/src/lib/components/Nav/GroupSection.svelte b/web/src/lib/components/Nav/GroupSection.svelte
new file mode 100644
index 0000000..7432e0b
--- /dev/null
+++ b/web/src/lib/components/Nav/GroupSection.svelte
@@ -0,0 +1,31 @@
+<script lang="ts">
+  import type { VisibleGroup } from '$lib/stores/visible';
+  import { uiPrefs } from '$lib/stores/uiPrefs';
+  import GroupHeader from './GroupHeader.svelte';
+  import NavGrid from './NavGrid.svelte';
+
+  interface Props {
+    section: VisibleGroup;
+  }
+  let { section }: Props = $props();
+
+  const isOpen = $derived(section.group ? $uiPrefs.groupOpen[section.group.slug] !== false : true);
+</script>
+
+<section class="section">
+  {#if section.group}
+    <GroupHeader group={section.group} />
+  {/if}
+  {#if isOpen}
+    <NavGrid items={section.items} />
+  {/if}
+</section>
+
+<style lang="scss">
+  .section {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-4);
+    margin-bottom: var(--sp-7);
+  }
+</style>
diff --git a/web/src/lib/components/Nav/NavGrid.svelte b/web/src/lib/components/Nav/NavGrid.svelte
new file mode 100644
index 0000000..6e60962
--- /dev/null
+++ b/web/src/lib/components/Nav/NavGrid.svelte
@@ -0,0 +1,25 @@
+<script lang="ts">
+  import type { Item } from '$lib/types/nav';
+  import NavItem from './NavItem.svelte';
+
+  interface Props {
+    items: Item[];
+  }
+  let { items }: Props = $props();
+</script>
+
+<div class="grid">
+  {#each items as item (item.id)}
+    <NavItem {item} />
+  {/each}
+</div>
+
+<style lang="scss">
+  .grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fill, 96px);
+    gap: var(--sp-5) var(--sp-4);
+    justify-content: center;
+    width: 100%;
+  }
+</style>
diff --git a/web/src/lib/components/Nav/NavItem.svelte b/web/src/lib/components/Nav/NavItem.svelte
new file mode 100644
index 0000000..1f667ac
--- /dev/null
+++ b/web/src/lib/components/Nav/NavItem.svelte
@@ -0,0 +1,141 @@
+<script lang="ts">
+  import type { Item } from '$lib/types/nav';
+  import { uiPrefs } from '$lib/stores/uiPrefs';
+  import { currentSite } from '$lib/stores/visible';
+  import { localeStore } from '$lib/i18n/store';
+
+  interface Props {
+    item: Item;
+  }
+  let { item }: Props = $props();
+
+  const url = $derived($currentSite.site ? (item.links[$currentSite.site.value] ?? null) : null);
+  const displayName = $derived(item.nameI18n?.[$localeStore] ?? item.name);
+  const isFav = $derived($uiPrefs.favoriteItemIds.includes(item.id));
+
+  function iconSrc(): string {
+    switch (item.iconKind) {
+      case 'asset':
+        return `/navIcons/${item.iconValue}`;
+      case 'url':
+        return item.iconValue;
+      case 'auto-favicon':
+        return `/api/favicon?host=${encodeURIComponent(item.iconValue)}`;
+    }
+  }
+
+  function open() {
+    if (url) window.open(url, '_blank', 'noopener,noreferrer');
+  }
+
+  function onKeydown(e: KeyboardEvent) {
+    if (e.key === 'Enter' || e.key === ' ') {
+      e.preventDefault();
+      open();
+    }
+  }
+
+  function onFavClick(e: MouseEvent) {
+    e.stopPropagation();
+    uiPrefs.toggleFavorite(item.id);
+  }
+</script>
+
+<div class="cell">
+  <button
+    type="button"
+    class="card"
+    onclick={open}
+    onkeydown={onKeydown}
+    aria-label={displayName}
+    disabled={!url}
+  >
+    <img class="icon" src={iconSrc()} alt="" loading="lazy" />
+  </button>
+  <button
+    type="button"
+    class="fav"
+    aria-label={isFav ? 'Unfavorite' : 'Favorite'}
+    aria-pressed={isFav}
+    onclick={onFavClick}>★</button
+  >
+  <span class="label">{displayName}</span>
+</div>
+
+<style lang="scss">
+  .cell {
+    position: relative;
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: var(--sp-2);
+    width: 96px;
+  }
+  .card {
+    width: 96px;
+    height: 96px;
+    padding: var(--sp-3);
+    background: var(--c-surface);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-lg);
+    box-shadow: var(--sh-sm);
+    cursor: pointer;
+    transition:
+      transform var(--tr-base),
+      box-shadow var(--tr-base),
+      border-color var(--tr-fast);
+
+    &:hover:not(:disabled) {
+      transform: translateY(-2px);
+      box-shadow: var(--sh-md);
+      border-color: var(--c-accent);
+    }
+
+    &:disabled {
+      opacity: 0.55;
+      cursor: not-allowed;
+    }
+
+    .icon {
+      width: 100%;
+      height: 100%;
+      object-fit: contain;
+      border-radius: var(--rd-sm);
+    }
+  }
+  .fav {
+    position: absolute;
+    top: 2px;
+    right: 2px;
+    width: 22px;
+    height: 22px;
+    background: transparent;
+    border: 0;
+    color: var(--c-text-3);
+    font-size: 14px;
+    line-height: 1;
+    cursor: pointer;
+    border-radius: var(--rd-pill);
+    opacity: 0;
+    transition:
+      opacity var(--tr-fast),
+      color var(--tr-fast);
+
+    &[aria-pressed='true'] {
+      color: var(--c-warn);
+      opacity: 1;
+    }
+  }
+  .cell:hover .fav,
+  .fav:focus-visible {
+    opacity: 1;
+  }
+
+  .label {
+    font-size: var(--fs-sm);
+    color: var(--c-text);
+    text-align: center;
+    line-height: var(--lh-tight);
+    word-break: break-word;
+  }
+</style>
diff --git a/web/src/lib/components/SiteSelect.svelte b/web/src/lib/components/SiteSelect.svelte
deleted file mode 100644
index 5373c30..0000000
--- a/web/src/lib/components/SiteSelect.svelte
+++ /dev/null
@@ -1,118 +0,0 @@
-<script lang="ts">
-  import { siteList, type ISite } from '$lib/constants/nav';
-  import { siteStore } from '$lib/store/siteStore';
-
-  let visible = $state(false);
-
-  function handleBtnClick(evt: Event) {
-    evt.stopPropagation();
-    visible = !visible;
-  }
-
-  function handleItemClick(s: ISite) {
-    siteStore.set(s);
-    visible = false;
-  }
-
-  function handleWindowClick() {
-    visible = false;
-  }
-</script>
-
-<svelte:window onclick={handleWindowClick} />
-
-<div class={`site-select ${visible ? 'site-select-show' : ''}`}>
-  <!-- svelte-ignore a11y_click_events_have_key_events -->
-  <!-- svelte-ignore a11y_no_static_element_interactions -->
-  <div class="site-select-btn" onclick={handleBtnClick}>{$siteStore?.name ?? ''}</div>
-  <div class="site-select-list">
-    {#each siteList as siteItem}
-      <!-- svelte-ignore a11y_click_events_have_key_events -->
-      <!-- svelte-ignore a11y_no_static_element_interactions -->
-      <div
-        class={`site-select-list-item ${$siteStore.value === siteItem.value ? 'site-select-list-item-active' : ''}`}
-        onclick={(evt) => {
-          evt.stopPropagation();
-          handleItemClick(siteItem);
-        }}
-      >
-        <!-- {#if siteItem.icon }
-        <div class="nav-item-icon">
-          <img src={isURL(siteItem.icon) ? siteItem.icon : `/navIcons/${siteItem.icon}`} alt={siteItem.name} />
-        </div>
-      {/if} -->
-        <div class="nav-item-name">
-          {siteItem.name || ''}
-        </div>
-      </div>
-    {/each}
-  </div>
-</div>
-
-<style lang="scss">
-  .site-select {
-    position: relative;
-    display: flex;
-    flex-direction: column;
-
-    &-btn {
-      display: flex;
-      justify-content: center;
-      align-items: center;
-      width: fit-content;
-      padding: 5px 12px;
-      margin-right: 24px;
-      color: var(--text-color);
-      background-color: #99b6f1;
-      border-radius: 4px;
-      cursor: pointer;
-      user-select: none;
-    }
-
-    &-list {
-      position: absolute;
-      top: 33px;
-      right: 24px;
-      display: none;
-      flex-direction: column;
-      width: 100px;
-      min-height: 50px;
-      max-height: 300px;
-      border-radius: 4px;
-      overflow-y: auto;
-      overflow-y: overlay;
-
-      &-item {
-        display: flex;
-        align-items: center;
-        width: 100%;
-        padding: 5px 12px;
-        color: var(--text-color);
-        background-color: rgba(153, 182, 241, 0.5);
-        cursor: pointer;
-
-        &:hover,
-        &-active {
-          background-color: rgba(153, 182, 241, 1);
-        }
-      }
-    }
-
-    &-show {
-      .site-select-list {
-        display: flex;
-      }
-    }
-  }
-
-  @media only screen and (max-width: 500px) {
-    .site-select {
-      &-list {
-        width: 100vw;
-        top: 44px;
-        right: 0;
-        border-radius: 0;
-      }
-    }
-  }
-</style>
diff --git a/web/src/lib/constants/avatar.ts b/web/src/lib/constants/avatar.ts
deleted file mode 100644
index 138a288..0000000
--- a/web/src/lib/constants/avatar.ts
+++ /dev/null
@@ -1 +0,0 @@
-export const avatarURL = '/avatar.png';
diff --git a/web/src/lib/constants/nav.ts b/web/src/lib/constants/nav.ts
deleted file mode 100644
index b66221f..0000000
--- a/web/src/lib/constants/nav.ts
+++ /dev/null
@@ -1,163 +0,0 @@
-export interface ISite {
-  name: string;
-  value: string;
-  icon?: string;
-}
-
-export const siteList: ISite[] = [
-  { name: '上海', value: 'shangHai' },
-  { name: '北京', value: 'beiJing' },
-  { name: '广州', value: 'guangZhou' },
-  { name: '深圳', value: 'shenZhen' }
-];
-
-export const defaultSiteIndex = 0;
-
-type IUrl = string;
-
-export interface INavItem {
-  name: string;
-  link: Record<string, IUrl>;
-  source: string;
-}
-
-export const navList: INavItem[] = [
-  {
-    name: 'RouterOS',
-    link: {
-      shangHai: 'http://10.0.0.1',
-      beiJing: 'http://10.1.0.1'
-    },
-    source: 'routerOS.png'
-  },
-  {
-    name: 'OpenWRT',
-    link: {
-      shangHai: 'http://10.0.0.2',
-      beiJing: 'http://10.1.0.2'
-    },
-    source: 'openWRT.png'
-  },
-  {
-    name: 'Esxi',
-    link: {
-      shangHai: 'http://10.0.0.3',
-      beiJing: 'http://10.1.0.3',
-      guangZhou: 'http://10.2.0.3'
-    },
-    source: 'esxi.png'
-  },
-  {
-    name: 'K2P',
-    link: {
-      shangHai: 'http://10.0.0.4',
-      beiJing: 'http://10.1.0.4',
-      shenZhen: 'http://10.2.0.4'
-    },
-    source: 'phicomm.png'
-  },
-  {
-    name: 'Home Assistant',
-    link: {
-      shangHai: 'http://10.0.0.5',
-      beiJing: 'http://10.1.0.5'
-    },
-    source: 'homeAssistant.svg'
-  },
-  {
-    name: '思源笔记',
-    link: {
-      shangHai: 'http://10.0.0.16:6806/',
-      beiJing: 'http://10.1.0.16:6806/'
-    },
-    source: 'siyuanNote.png'
-  },
-  {
-    name: '博客',
-    link: {
-      shangHai: 'http://10.0.0.6',
-      beiJing: 'http://10.1.0.6'
-    },
-    source: 'blog.png'
-  },
-  {
-    name: 'Synology',
-    link: {
-      shangHai: 'http://10.0.0.5:5000',
-      beiJing: 'http://10.1.0.5:5000'
-    },
-    source: 'synology.png'
-  },
-  {
-    name: '相册',
-    link: {
-      shangHai: 'http://10.0.0.5:5080',
-      beiJing: 'http://10.1.0.5:5080'
-    },
-    source: 'album.png'
-  },
-  {
-    name: '文件夹',
-    link: {
-      shangHai: 'http://10.0.0.5:7000',
-      beiJing: 'http://10.1.0.5:7000'
-    },
-    source: 'file.png'
-  },
-  {
-    name: 'Jellyfin',
-    link: {
-      shangHai: 'http://10.0.0.12',
-      beiJing: 'http://10.1.0.12'
-    },
-    source: 'jellyfin.svg'
-  },
-  {
-    name: 'Surveillance',
-    link: {
-      shangHai: 'http://10.0.0.5:9900',
-      beiJing: 'http://10.1.0.5:9900'
-    },
-    source: 'surveillanceStation.png'
-  },
-  {
-    name: 'Nas Tools',
-    link: {
-      shangHai: 'http://10.0.0.14',
-      beiJing: 'http://10.1.0.14'
-    },
-    source: 'nasTools.png'
-  },
-  {
-    name: '青龙',
-    link: {
-      shangHai: 'http://10.0.0.15:5700',
-      beiJing: 'http://10.1.0.15:5700'
-    },
-    source: 'qinglong.png'
-  },
-  {
-    name: 'qBittorrent',
-    link: {
-      shangHai: 'http://10.0.0.11:8085',
-      beiJing: 'http://10.1.0.11:8085'
-    },
-    source: 'qBittorrent.png'
-  },
-  {
-    name: 'Portainer',
-    link: {
-      shangHai: 'http://10.0.0.10:9443',
-      beiJing: 'http://10.1.0.10:9443'
-    },
-    source: 'portainer.svg'
-  },
-  {
-    name: 'Jackett',
-    link: {
-      shangHai: 'http://10.0.0.13',
-      beiJing: 'http://10.1.0.13'
-    },
-    source: 'jackett.png'
-  }
-];
diff --git a/web/src/lib/constants/siteInfo.ts b/web/src/lib/constants/siteInfo.ts
deleted file mode 100644
index b13c643..0000000
--- a/web/src/lib/constants/siteInfo.ts
+++ /dev/null
@@ -1,6 +0,0 @@
-export const siteName = 'XXXX 的小站导航';
-export const siteCopyright = 'Copyright © 2022. XXXX All rights reserved.';
-export const siteICPBeian = '京ICP备 12345678 号';
-export const siteICPBeianURL = 'https://beian.miit.gov.cn/';
-export const sitePoliceBeian = '京公网安备 12345678912345 号';
-export const sitePoliceBeianURL = 'http://www.beian.gov.cn/portal/index.do';
diff --git a/web/src/lib/i18n/en.json b/web/src/lib/i18n/en.json
index df2ad0b..6ca7f66 100644
--- a/web/src/lib/i18n/en.json
+++ b/web/src/lib/i18n/en.json
@@ -21,6 +21,12 @@
   "auth.login.error.bad_password": "Wrong password",
   "auth.login.error.rate_limited": "Too many attempts, try again later",
 
+  "nav.favorites.title": "Favorites",
+  "nav.empty.search": "No nav items match",
+  "nav.empty.search.hint": "Try clearing filters or different keywords",
+  "nav.empty.data": "No nav data yet",
+  "nav.empty.data.hint": "Sign in to add the first item",
+
   "editor.item.deleteConfirm": "Delete \"{{name}}\"?",
   "editor.item.new": "New nav item",
 
diff --git a/web/src/lib/i18n/zh.json b/web/src/lib/i18n/zh.json
index 58f9135..e880721 100644
--- a/web/src/lib/i18n/zh.json
+++ b/web/src/lib/i18n/zh.json
@@ -21,6 +21,12 @@
   "auth.login.error.bad_password": "密码错误",
   "auth.login.error.rate_limited": "尝试过于频繁，稍后再试",
 
+  "nav.favorites.title": "收藏",
+  "nav.empty.search": "没有匹配的导航项",
+  "nav.empty.search.hint": "尝试清除筛选或换个关键词",
+  "nav.empty.data": "暂无导航数据",
+  "nav.empty.data.hint": "登录后添加第一个导航项",
+
   "editor.item.deleteConfirm": "确认删除「{{name}}」？",
   "editor.item.new": "新建导航项",
 
diff --git a/web/src/lib/store/siteStore.ts b/web/src/lib/store/siteStore.ts
deleted file mode 100644
index c95efd6..0000000
--- a/web/src/lib/store/siteStore.ts
+++ /dev/null
@@ -1,8 +0,0 @@
-import { writable, derived, type Readable } from 'svelte/store';
-import { siteList, defaultSiteIndex, type INavItem, navList, type ISite } from '$lib/constants/nav';
-
-export const siteStore = writable<ISite>(siteList[defaultSiteIndex]);
-
-export const availableNavListStore: Readable<INavItem[]> = derived(siteStore, ($site: ISite) =>
-  navList.filter((nav) => nav?.link?.[$site.value])
-);
diff --git a/web/src/lib/stores/navData.test.ts b/web/src/lib/stores/navData.test.ts
new file mode 100644
index 0000000..f89ce96
--- /dev/null
+++ b/web/src/lib/stores/navData.test.ts
@@ -0,0 +1,77 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { get } from 'svelte/store';
+import { navDataStore } from './navData';
+
+const fetchMock = vi.fn();
+beforeEach(() => {
+  fetchMock.mockReset();
+  vi.stubGlobal('fetch', fetchMock);
+});
+
+const sampleBundle = {
+  schemaVersion: 1 as const,
+  meta: {
+    siteName: 'Nav',
+    siteAvatarPath: null,
+    siteCopyright: '©',
+    siteIcp: null,
+    sitePolice: null,
+    defaultTheme: 'system' as const
+  },
+  sites: [],
+  groups: [],
+  items: [],
+  tags: []
+};
+
+describe('navDataStore', () => {
+  it('load() populates bundle on success', async () => {
+    fetchMock.mockResolvedValueOnce(
+      new Response(JSON.stringify(sampleBundle), {
+        status: 200,
+        headers: { 'content-type': 'application/json' }
+      })
+    );
+    await navDataStore.load();
+    expect(get(navDataStore).bundle).toEqual(sampleBundle);
+    expect(get(navDataStore).error).toBeNull();
+  });
+
+  it('load() captures error on schema mismatch', async () => {
+    fetchMock.mockResolvedValueOnce(
+      new Response(JSON.stringify({ wrong: 'shape' }), {
+        status: 200,
+        headers: { 'content-type': 'application/json' }
+      })
+    );
+    await navDataStore.load();
+    expect(get(navDataStore).bundle).toBeNull();
+    expect(get(navDataStore).error).toContain('schema_mismatch');
+  });
+
+  it('applyItemPatch updates an item locally', () => {
+    navDataStore.setBundle({
+      ...sampleBundle,
+      items: [
+        {
+          id: 1,
+          groupId: null,
+          name: 'old',
+          nameI18n: null,
+          description: null,
+          descriptionI18n: null,
+          iconKind: 'asset',
+          iconValue: 'x.png',
+          sortOrder: 0,
+          links: {},
+          tagSlugs: [],
+          createdAt: 0,
+          updatedAt: 0
+        }
+      ]
+    });
+    navDataStore.applyItemPatch(1, { name: 'new' });
+    const items = get(navDataStore).bundle?.items;
+    expect(items?.[0]?.name).toBe('new');
+  });
+});
diff --git a/web/src/lib/stores/navData.ts b/web/src/lib/stores/navData.ts
new file mode 100644
index 0000000..a51d5de
--- /dev/null
+++ b/web/src/lib/stores/navData.ts
@@ -0,0 +1,57 @@
+// web/src/lib/stores/navData.ts
+import { writable, get } from 'svelte/store';
+import { browser } from '$app/environment';
+import { apiClient, ApiError } from '$lib/api/client';
+import { NavBundleSchema, type NavBundle } from '$lib/types/nav';
+
+export interface NavDataState {
+  bundle: NavBundle | null;
+  loading: boolean;
+  error: string | null;
+}
+
+const initial: NavDataState = { bundle: null, loading: false, error: null };
+
+const { subscribe, update, set } = writable<NavDataState>(initial);
+
+async function load(): Promise<void> {
+  update((s) => ({ ...s, loading: true, error: null }));
+  try {
+    const bundle = await apiClient<NavBundle>({
+      method: 'GET',
+      path: '/api/nav',
+      responseSchema: NavBundleSchema
+    });
+    set({ bundle, loading: false, error: null });
+  } catch (e) {
+    const msg = e instanceof ApiError ? `${e.code}${e.message ? `: ${e.message}` : ''}` : String(e);
+    set({ bundle: null, loading: false, error: msg });
+  }
+}
+
+function applyItemPatch(itemId: number, patch: Partial<NavBundle['items'][number]>) {
+  update((s) => {
+    if (!s.bundle) return s;
+    const items = s.bundle.items.map((i) => (i.id === itemId ? { ...i, ...patch } : i));
+    return { ...s, bundle: { ...s.bundle, items } };
+  });
+}
+
+function setBundle(bundle: NavBundle) {
+  set({ bundle, loading: false, error: null });
+}
+
+export const navDataStore = {
+  subscribe,
+  load,
+  refetch: load,
+  applyItemPatch,
+  setBundle,
+  /** Test-only: read sync */
+  _peek: () => get({ subscribe })
+};
+
+// Auto-load on browser boot
+if (browser) {
+  void load();
+}
diff --git a/web/src/lib/stores/session.test.ts b/web/src/lib/stores/session.test.ts
new file mode 100644
index 0000000..5c44e7c
--- /dev/null
+++ b/web/src/lib/stores/session.test.ts
@@ -0,0 +1,46 @@
+// web/src/lib/stores/session.test.ts
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { get } from 'svelte/store';
+import { sessionStore } from './session';
+
+const fetchMock = vi.fn();
+beforeEach(() => {
+  fetchMock.mockReset();
+  vi.stubGlobal('fetch', fetchMock);
+});
+
+describe('sessionStore', () => {
+  it('refresh sets authed=true when /me returns true', async () => {
+    fetchMock.mockResolvedValueOnce(
+      new Response(JSON.stringify({ authenticated: true }), {
+        status: 200,
+        headers: { 'content-type': 'application/json' }
+      })
+    );
+    await sessionStore.refresh();
+    expect(get(sessionStore).authed).toBe(true);
+  });
+
+  it('login on 204 sets authed=true', async () => {
+    fetchMock.mockResolvedValueOnce(new Response(null, { status: 204 }));
+    await sessionStore.login('pw');
+    expect(get(sessionStore).authed).toBe(true);
+  });
+
+  it('login on 401 throws and leaves authed=false', async () => {
+    fetchMock.mockResolvedValueOnce(
+      new Response(JSON.stringify({ error: 'unauthenticated' }), {
+        status: 401,
+        headers: { 'content-type': 'application/json' }
+      })
+    );
+    await expect(sessionStore.login('wrong')).rejects.toMatchObject({ status: 401 });
+    expect(get(sessionStore).authed).toBe(false);
+  });
+
+  it('logout clears authed', async () => {
+    fetchMock.mockResolvedValueOnce(new Response(null, { status: 204 }));
+    await sessionStore.logout();
+    expect(get(sessionStore).authed).toBe(false);
+  });
+});
diff --git a/web/src/lib/stores/session.ts b/web/src/lib/stores/session.ts
new file mode 100644
index 0000000..bac59cf
--- /dev/null
+++ b/web/src/lib/stores/session.ts
@@ -0,0 +1,62 @@
+// web/src/lib/stores/session.ts
+import { writable } from 'svelte/store';
+import { browser } from '$app/environment';
+import { apiClient, ApiError } from '$lib/api/client';
+import { AuthMeSchema } from '$lib/types/nav';
+
+export interface SessionState {
+  authed: boolean;
+  loading: boolean;
+}
+
+const initial: SessionState = { authed: false, loading: false };
+const { subscribe, set, update } = writable<SessionState>(initial);
+
+async function refresh() {
+  update((s) => ({ ...s, loading: true }));
+  try {
+    const me = await apiClient({
+      method: 'GET',
+      path: '/api/auth/me',
+      responseSchema: AuthMeSchema
+    });
+    set({ authed: me.authenticated, loading: false });
+  } catch {
+    set({ authed: false, loading: false });
+  }
+}
+
+async function login(password: string): Promise<void> {
+  try {
+    await apiClient({
+      method: 'POST',
+      path: '/api/auth/login',
+      body: { password }
+    });
+    set({ authed: true, loading: false });
+  } catch (e) {
+    set({ authed: false, loading: false });
+    throw e;
+  }
+}
+
+async function logout(): Promise<void> {
+  try {
+    await apiClient({ method: 'POST', path: '/api/auth/logout' });
+  } catch (e) {
+    // 401 is fine — already logged out
+    if (!(e instanceof ApiError) || e.status !== 401) throw e;
+  }
+  set({ authed: false, loading: false });
+}
+
+export const sessionStore = {
+  subscribe,
+  refresh,
+  login,
+  logout
+};
+
+if (browser) {
+  void refresh();
+}
diff --git a/web/src/lib/stores/uiPrefs.test.ts b/web/src/lib/stores/uiPrefs.test.ts
new file mode 100644
index 0000000..34d67dd
--- /dev/null
+++ b/web/src/lib/stores/uiPrefs.test.ts
@@ -0,0 +1,34 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import { get } from 'svelte/store';
+import { uiPrefs } from './uiPrefs';
+
+beforeEach(() => {
+  uiPrefs._reset();
+});
+
+describe('uiPrefs', () => {
+  it('starts with empty prefs', () => {
+    const v = get(uiPrefs);
+    expect(v.siteValue).toBeNull();
+    expect(v.favoriteItemIds).toEqual([]);
+    expect(v.groupOpen).toEqual({});
+  });
+
+  it('setSite updates siteValue', () => {
+    uiPrefs.setSite('shangHai');
+    expect(get(uiPrefs).siteValue).toBe('shangHai');
+  });
+
+  it('toggleFavorite adds and removes', () => {
+    uiPrefs.toggleFavorite(7);
+    expect(uiPrefs.isFavorite(7)).toBe(true);
+    uiPrefs.toggleFavorite(7);
+    expect(uiPrefs.isFavorite(7)).toBe(false);
+  });
+
+  it('setGroupOpen + isGroupOpen', () => {
+    expect(uiPrefs.isGroupOpen('network')).toBe(true); // default open
+    uiPrefs.setGroupOpen('network', false);
+    expect(uiPrefs.isGroupOpen('network')).toBe(false);
+  });
+});
diff --git a/web/src/lib/stores/uiPrefs.ts b/web/src/lib/stores/uiPrefs.ts
new file mode 100644
index 0000000..0f11210
--- /dev/null
+++ b/web/src/lib/stores/uiPrefs.ts
@@ -0,0 +1,92 @@
+// web/src/lib/stores/uiPrefs.ts
+import { writable, get } from 'svelte/store';
+import { browser } from '$app/environment';
+
+export interface UiPrefs {
+  /** Active site `value` (e.g. "shangHai"). null = use bundle default. */
+  siteValue: string | null;
+  /** Item ids the user has favorited. */
+  favoriteItemIds: number[];
+  /** Group slug -> open/closed; missing keys default to "open". */
+  groupOpen: Record<string, boolean>;
+}
+
+const LS_KEY = 'navsite.uiPrefs';
+const SCHEMA_KEY = 'navsite.uiPrefs.v';
+const SCHEMA_VERSION = '1';
+
+const initial: UiPrefs = {
+  siteValue: null,
+  favoriteItemIds: [],
+  groupOpen: {}
+};
+
+function loadFromLs(): UiPrefs {
+  if (!browser) return initial;
+  try {
+    const v = localStorage.getItem(SCHEMA_KEY);
+    if (v !== SCHEMA_VERSION) return initial; // schema drift → reset
+    const raw = localStorage.getItem(LS_KEY);
+    if (!raw) return initial;
+    const parsed = JSON.parse(raw) as Partial<UiPrefs>;
+    return {
+      siteValue: typeof parsed.siteValue === 'string' ? parsed.siteValue : null,
+      favoriteItemIds: Array.isArray(parsed.favoriteItemIds)
+        ? parsed.favoriteItemIds.filter((n): n is number => Number.isInteger(n))
+        : [],
+      groupOpen:
+        parsed.groupOpen && typeof parsed.groupOpen === 'object'
+          ? Object.fromEntries(
+              Object.entries(parsed.groupOpen).filter(([, v]) => typeof v === 'boolean')
+            )
+          : {}
+    };
+  } catch {
+    return initial;
+  }
+}
+
+const { subscribe, set, update } = writable<UiPrefs>(loadFromLs());
+
+if (browser) {
+  subscribe((v) => {
+    try {
+      localStorage.setItem(SCHEMA_KEY, SCHEMA_VERSION);
+      localStorage.setItem(LS_KEY, JSON.stringify(v));
+    } catch {
+      /* private mode */
+    }
+  });
+}
+
+export const uiPrefs = {
+  subscribe,
+  setSite(value: string | null) {
+    update((s) => ({ ...s, siteValue: value }));
+  },
+  toggleFavorite(itemId: number) {
+    update((s) => {
+      const has = s.favoriteItemIds.includes(itemId);
+      return {
+        ...s,
+        favoriteItemIds: has
+          ? s.favoriteItemIds.filter((i) => i !== itemId)
+          : [...s.favoriteItemIds, itemId]
+      };
+    });
+  },
+  isFavorite(itemId: number): boolean {
+    return get({ subscribe }).favoriteItemIds.includes(itemId);
+  },
+  setGroupOpen(slug: string, open: boolean) {
+    update((s) => ({ ...s, groupOpen: { ...s.groupOpen, [slug]: open } }));
+  },
+  isGroupOpen(slug: string): boolean {
+    const v = get({ subscribe }).groupOpen[slug];
+    return v === undefined ? true : v;
+  },
+  /** Test reset */
+  _reset() {
+    set(initial);
+  }
+};
diff --git a/web/src/lib/stores/visible.test.ts b/web/src/lib/stores/visible.test.ts
new file mode 100644
index 0000000..6cff29b
--- /dev/null
+++ b/web/src/lib/stores/visible.test.ts
@@ -0,0 +1,113 @@
+// web/src/lib/stores/visible.test.ts
+import { describe, it, expect, beforeEach } from 'vitest';
+import { get } from 'svelte/store';
+import { navDataStore } from './navData';
+import { uiPrefs } from './uiPrefs';
+import {
+  searchQuery,
+  currentSite,
+  visibleSections,
+  visibleFavorites,
+  toggleTag,
+  clearFilters
+} from './visible';
+import type { NavBundle } from '$lib/types/nav';
+
+const bundle: NavBundle = {
+  schemaVersion: 1,
+  meta: {
+    siteName: 'X',
+    siteAvatarPath: null,
+    siteCopyright: '',
+    siteIcp: null,
+    sitePolice: null,
+    defaultTheme: 'system'
+  },
+  sites: [
+    { id: 1, value: 'sh', name: 'SH', nameI18n: null, sortOrder: 0, isDefault: true },
+    { id: 2, value: 'bj', name: 'BJ', nameI18n: null, sortOrder: 1, isDefault: false }
+  ],
+  groups: [
+    {
+      id: 10,
+      slug: 'tools',
+      name: 'Tools',
+      nameI18n: null,
+      sortOrder: 0,
+      collapsedDefault: false
+    }
+  ],
+  tags: [{ id: 100, slug: 'fav', name: 'Favorite', nameI18n: null }],
+  items: [
+    {
+      id: 1,
+      groupId: 10,
+      name: 'Router',
+      nameI18n: null,
+      description: null,
+      descriptionI18n: null,
+      iconKind: 'asset',
+      iconValue: 'r.png',
+      sortOrder: 0,
+      links: { sh: 'http://1', bj: 'http://1b' },
+      tagSlugs: ['fav'],
+      createdAt: 0,
+      updatedAt: 0
+    },
+    {
+      id: 2,
+      groupId: 10,
+      name: 'Switch',
+      nameI18n: null,
+      description: null,
+      descriptionI18n: null,
+      iconKind: 'asset',
+      iconValue: 's.png',
+      sortOrder: 1,
+      links: { sh: 'http://2' }, // no bj
+      tagSlugs: [],
+      createdAt: 0,
+      updatedAt: 0
+    }
+  ]
+};
+
+beforeEach(() => {
+  navDataStore.setBundle(bundle);
+  uiPrefs._reset();
+  clearFilters();
+});
+
+describe('visibleSections', () => {
+  it('default site is the first marked is_default', () => {
+    expect(get(currentSite).site?.value).toBe('sh');
+  });
+
+  it('current site overridden by uiPrefs.siteValue', () => {
+    uiPrefs.setSite('bj');
+    expect(get(currentSite).site?.value).toBe('bj');
+  });
+
+  it('items missing for current site are dropped', () => {
+    uiPrefs.setSite('bj');
+    const sections = get(visibleSections);
+    expect(sections).toHaveLength(1);
+    expect(sections[0].items.map((i) => i.name)).toEqual(['Router']); // Switch has no bj link
+  });
+
+  it('search filters by name', () => {
+    searchQuery.set('rou');
+    expect(get(visibleSections)[0].items.map((i) => i.name)).toEqual(['Router']);
+  });
+
+  it('tag filter applies', () => {
+    toggleTag('fav');
+    const out = get(visibleSections);
+    expect(out[0].items.map((i) => i.name)).toEqual(['Router']);
+  });
+
+  it('visibleFavorites lists user-favorited items only', () => {
+    uiPrefs.toggleFavorite(2);
+    expect(get(visibleFavorites).map((i) => i.id)).toEqual([2]);
+  });
+});
diff --git a/web/src/lib/stores/visible.ts b/web/src/lib/stores/visible.ts
new file mode 100644
index 0000000..38233e5
--- /dev/null
+++ b/web/src/lib/stores/visible.ts
@@ -0,0 +1,118 @@
+// web/src/lib/stores/visible.ts
+import { derived, writable, get, type Readable } from 'svelte/store';
+import { navDataStore } from './navData';
+import { uiPrefs } from './uiPrefs';
+import type { Group, Item, Site } from '$lib/types/nav';
+
+export const searchQuery = writable<string>('');
+export const activeTagSlugs = writable<Set<string>>(new Set());
+
+export interface ResolvedSite {
+  /** The chosen Site object, or null if bundle empty. */
+  site: Site | null;
+}
+
+export const currentSite: Readable<ResolvedSite> = derived(
+  [navDataStore, uiPrefs],
+  ([$nav, $prefs]) => {
+    const sites = $nav.bundle?.sites ?? [];
+    if (sites.length === 0) return { site: null };
+    const explicit = $prefs.siteValue ? sites.find((s) => s.value === $prefs.siteValue) : undefined;
+    if (explicit) return { site: explicit };
+    return { site: sites.find((s) => s.isDefault) ?? sites[0] ?? null };
+  }
+);
+
+export interface VisibleGroup {
+  group: Group | null; // null = "ungrouped"
+  items: Item[];
+}
+
+/**
+ * Items grouped + filtered by current site, search term, and active tag chips.
+ * Empty groups are dropped.
+ */
+export const visibleSections: Readable<VisibleGroup[]> = derived(
+  [navDataStore, currentSite, searchQuery, activeTagSlugs],
+  ([$nav, $cur, $q, $tags]) => {
+    const bundle = $nav.bundle;
+    if (!bundle || !$cur.site) return [];
+    const siteValue = $cur.site.value;
+    const q = $q.trim().toLowerCase();
+    const wantTags = $tags;
+
+    const filtered = bundle.items
+      .filter((i) => i.links[siteValue] !== undefined)
+      .filter((i) => {
+        if (wantTags.size === 0) return true;
+        return i.tagSlugs.some((s) => wantTags.has(s));
+      })
+      .filter((i) => {
+        if (!q) return true;
+        if (i.name.toLowerCase().includes(q)) return true;
+        if (i.tagSlugs.some((s) => s.toLowerCase().includes(q))) return true;
+        if (i.description && i.description.toLowerCase().includes(q)) return true;
+        return false;
+      });
+
+    const byGroup = new Map<number | null, Item[]>();
+    for (const it of filtered) {
+      const k = it.groupId ?? null;
+      const arr = byGroup.get(k) ?? [];
+      arr.push(it);
+      byGroup.set(k, arr);
+    }
+    for (const arr of byGroup.values()) arr.sort((a, b) => a.sortOrder - b.sortOrder);
+
+    const result: VisibleGroup[] = [];
+    for (const g of [...bundle.groups].sort((a, b) => a.sortOrder - b.sortOrder)) {
+      const arr = byGroup.get(g.id);
+      if (arr && arr.length) result.push({ group: g, items: arr });
+    }
+    const ungrouped = byGroup.get(null);
+    if (ungrouped && ungrouped.length) result.push({ group: null, items: ungrouped });
+    return result;
+  }
+);
+
+/** Items the user has favorited that are visible under current site. */
+export const visibleFavorites: Readable<Item[]> = derived(
+  [navDataStore, currentSite, uiPrefs],
+  ([$nav, $cur, $prefs]) => {
+    if (!$nav.bundle || !$cur.site) return [];
+    const v = $cur.site.value;
+    return $nav.bundle.items
+      .filter((i) => $prefs.favoriteItemIds.includes(i.id) && i.links[v] !== undefined)
+      .sort((a, b) => a.sortOrder - b.sortOrder);
+  }
+);
+
+/** All tag slugs in the bundle, used by chip filter. */
+export const allTagSlugs: Readable<string[]> = derived(navDataStore, ($n) =>
+  $n.bundle ? $n.bundle.tags.map((t) => t.slug).sort() : []
+);
+
+/** True if any filter (search or tag) is active. */
+export const hasActiveFilter: Readable<boolean> = derived(
+  [searchQuery, activeTagSlugs],
+  ([$q, $tags]) => $q.trim().length > 0 || $tags.size > 0
+);
+
+/** Helpers for tag chips */
+export function toggleTag(slug: string) {
+  activeTagSlugs.update((s) => {
+    const next = new Set(s);
+    if (next.has(slug)) next.delete(slug);
+    else next.add(slug);
+    return next;
+  });
+}
+export function clearFilters() {
+  searchQuery.set('');
+  activeTagSlugs.set(new Set());
+}
+
+/** For unit tests / dev console */
+export function _peekVisible(): VisibleGroup[] {
+  return get(visibleSections);
+}
diff --git a/web/src/lib/utils/index.ts b/web/src/lib/utils/index.ts
deleted file mode 100644
index d20e043..0000000
--- a/web/src/lib/utils/index.ts
+++ /dev/null
@@ -1 +0,0 @@
-export * from './isURL';
diff --git a/web/src/lib/utils/isURL.ts b/web/src/lib/utils/isURL.ts
deleted file mode 100644
index f3d6578..0000000
--- a/web/src/lib/utils/isURL.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-export const isURL = (url: string): boolean => {
-  return /^https?:\/\//i.test(url);
-};
diff --git a/web/src/routes/+layout.svelte b/web/src/routes/+layout.svelte
index 4fab308..03cd138 100644
--- a/web/src/routes/+layout.svelte
+++ b/web/src/routes/+layout.svelte
@@ -1,7 +1,8 @@
 <script lang="ts">
-  import Header from '$lib/components/Header.svelte';
-  import Footer from '$lib/components/Footer.svelte';
-  import '$lib/design/theme'; // Initializes data-theme on <html>
+  import Header from '$lib/components/Header/index.svelte';
+  import Footer from '$lib/components/Footer/index.svelte';
+  import ToastViewport from '$lib/components/ui/ToastViewport.svelte';
+  import '$lib/design/theme';
   import '../app.scss';
 
   let { children } = $props();
@@ -15,21 +16,15 @@
 
 <Footer />
 
+<ToastViewport />
+
 <style lang="scss">
   main {
     flex: 1;
-    display: flex;
-    flex-direction: column;
-    align-items: center;
     width: 100%;
+    max-width: 1024px;
+    margin: var(--sp-6) auto 0;
+    padding: 0 var(--sp-4);
     box-sizing: border-box;
-    padding-left: 48px;
-    padding-right: 48px;
-  }
-  @media only screen and (max-width: 500px) {
-    main {
-      padding-left: 30px;
-      padding-right: 30px;
-    }
   }
 </style>
diff --git a/web/src/routes/+page.svelte b/web/src/routes/+page.svelte
index 27183d6..71b2cfa 100644
--- a/web/src/routes/+page.svelte
+++ b/web/src/routes/+page.svelte
@@ -1,31 +1,60 @@
 <script lang="ts">
-  import { siteName } from '$lib/constants/siteInfo';
-  // import Avatar from '$lib/components/Avatar.svelte';
-  import Nav from '$lib/components/Nav.svelte';
+  import { navDataStore } from '$lib/stores/navData';
+  import { visibleSections, hasActiveFilter, clearFilters } from '$lib/stores/visible';
+  import GroupSection from '$lib/components/Nav/GroupSection.svelte';
+  import FavoritesSection from '$lib/components/Nav/FavoritesSection.svelte';
+  import EmptyState from '$lib/components/Nav/EmptyState.svelte';
+  import Skeleton from '$lib/components/ui/Skeleton.svelte';
+  import Button from '$lib/components/ui/Button.svelte';
+  import { t } from '$lib/i18n/store';
+
+  const siteTitle = $derived($navDataStore.bundle?.meta.siteName ?? '');
 </script>
 
 <svelte:head>
-  <title>{siteName}</title>
+  <title>{siteTitle}</title>
 </svelte:head>
 
-<!-- <Avatar /> -->
-<Nav />
+{#if $navDataStore.loading && !$navDataStore.bundle}
+  <div class="loading">
+    <Skeleton width="240px" height="24px" />
+    <Skeleton width="180px" height="16px" />
+    <Skeleton width="220px" height="16px" />
+  </div>
+{:else if $navDataStore.error}
+  <EmptyState title={$t('error.network.offline')} hint={$navDataStore.error} />
+  <div class="retry">
+    <Button onclick={() => navDataStore.refetch()}>{$t('error.network.retry')}</Button>
+  </div>
+{:else}
+  <FavoritesSection />
+  {#if $visibleSections.length === 0}
+    {#if $hasActiveFilter}
+      <EmptyState title={$t('nav.empty.search')} hint={$t('nav.empty.search.hint')} />
+      <div class="retry">
+        <Button intent="ghost" onclick={clearFilters}>{$t('common.cancel')}</Button>
+      </div>
+    {:else}
+      <EmptyState title={$t('nav.empty.data')} hint={$t('nav.empty.data.hint')} />
+    {/if}
+  {:else}
+    {#each $visibleSections as section (section.group?.id ?? 'ungrouped')}
+      <GroupSection {section} />
+    {/each}
+  {/if}
+{/if}
 
 <style lang="scss">
-  :global(.avatar) {
-    margin-top: 70px;
-  }
-  :global(.nav) {
-    margin-top: 120px;
+  .loading {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-3);
+    align-items: center;
+    margin-top: var(--sp-6);
   }
-
-  @media only screen and (max-width: 500px) {
-    :global(#root .avatar) {
-      display: none;
-    }
-
-    :global(#root .nav) {
-      margin-top: 100px;
-    }
+  .retry {
+    display: flex;
+    justify-content: center;
+    margin-top: var(--sp-3);
   }
 </style>

From 18df6f8db8e378e2294d812badc1271777c0b951 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 20 May 2026 19:44:49 +0800
Subject: [PATCH 06/77] =?UTF-8?q?feat(web):=20edit=20mode=20MVP=20?=
 =?UTF-8?q?=E2=80=94=20login=20+=20item=20CRUD=20+=20change=20password=20(?=
 =?UTF-8?q?Plan=204)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Smallest editor that makes the admin actually administrative.
- API wrappers (createItem/patchItem/deleteItem/changePassword)
- editModeStore (auth-gated; logout flips off)
- LoginDialog (handles 401 bad password / 429 rate limited)
- EditToggle button in Header
- Visual indicator (top accent bar + main outline) when edit mode on
- NavItem right-click ContextMenu in edit mode (edit + delete with
  optimistic update + refetch on error)
- ItemEditDialog (create + edit; links as JSON, tags as CSV — MVP)
- NewItemAffordance ('+' card shown after each group in edit mode)
- ChangePasswordDialog + 🔑 button in AuthControls
- e2e smoke: login → create item → /api/nav shows item
- 31 unit tests pass

Out of scope (deferred): drag-drop reorder, group/site/tag full UI,
SiteSettingsDialog, icon upload UI.
---
 .../plans/2026-05-20-plan-4-edit-mode-mvp.md  | 1269 +++++++++++++++++
 web/src/lib/api/nav.ts                        |   47 +
 .../Editor/ChangePasswordDialog.svelte        |   77 +
 .../components/Editor/ItemEditDialog.svelte   |  185 +++
 .../lib/components/Editor/LoginDialog.svelte  |   60 +
 .../Editor/NavItemContextMenu.svelte          |   21 +
 .../Editor/NewItemAffordance.svelte           |   46 +
 .../lib/components/Header/AuthControls.svelte |   17 +-
 .../lib/components/Header/EditToggle.svelte   |    9 +
 .../components/Nav/FavoritesSection.svelte    |    8 +-
 .../lib/components/Nav/GroupSection.svelte    |    6 +-
 web/src/lib/components/Nav/NavGrid.svelte     |    5 +-
 web/src/lib/components/Nav/NavItem.svelte     |   60 +-
 web/src/lib/stores/editMode.test.ts           |   38 +
 web/src/lib/stores/editMode.ts                |   19 +
 web/src/routes/+layout.svelte                 |   20 +
 web/src/routes/+page.svelte                   |   33 +-
 17 files changed, 1903 insertions(+), 17 deletions(-)
 create mode 100644 docs/superpowers/plans/2026-05-20-plan-4-edit-mode-mvp.md
 create mode 100644 web/src/lib/api/nav.ts
 create mode 100644 web/src/lib/components/Editor/ChangePasswordDialog.svelte
 create mode 100644 web/src/lib/components/Editor/ItemEditDialog.svelte
 create mode 100644 web/src/lib/components/Editor/LoginDialog.svelte
 create mode 100644 web/src/lib/components/Editor/NavItemContextMenu.svelte
 create mode 100644 web/src/lib/components/Editor/NewItemAffordance.svelte
 create mode 100644 web/src/lib/components/Header/EditToggle.svelte
 create mode 100644 web/src/lib/stores/editMode.test.ts
 create mode 100644 web/src/lib/stores/editMode.ts

diff --git a/docs/superpowers/plans/2026-05-20-plan-4-edit-mode-mvp.md b/docs/superpowers/plans/2026-05-20-plan-4-edit-mode-mvp.md
new file mode 100644
index 0000000..d31cb45
--- /dev/null
+++ b/docs/superpowers/plans/2026-05-20-plan-4-edit-mode-mvp.md
@@ -0,0 +1,1269 @@
+# Edit Mode MVP Implementation Plan (Plan 4 of 5)
+
+> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
+
+**Goal:** Ship the smallest editor that lets the admin actually administer the site: log in, toggle edit mode, create / edit / delete nav items, change the admin password. After this plan, a single user can run `cargo run + pnpm dev`, log in, add or remove items, and have changes persist via the Plan 1 backend.
+
+**Scope (intentionally MVP):** Login + item CRUD UI + admin-only context menu + new-item affordance + change-password dialog + 1 end-to-end smoke. **Out of scope (deferred to Plan 4b or absorbed into Plan 5):** drag-and-drop reorder, group/site/tag full management UIs, site settings dialog, icon upload UI, double-click inline rename. The data model already supports all of those (Plan 1 has the endpoints, Plan 2 has the primitives, Plan 3 has the auth wiring); they're skipped here purely to keep this plan small enough to land cleanly.
+
+**Architecture:** Three layers added on top of Plan 3.
+1. **API wrappers** under `src/lib/api/nav.ts` (typed thin functions over `apiClient` for items/auth/config).
+2. **`editModeStore`** — a simple `Writable<boolean>` gated by `sessionStore.authed`. Toggled via the new `EditToggle` button in the Header (already shows after login per Plan 3's `AuthControls`).
+3. **`Editor/` components** — `LoginDialog`, `ItemEditDialog`, `NavItemContextMenu`, `NewItemAffordance`, `ChangePasswordDialog`. They consume the Plan 2 primitives (Dialog/Input/Button/Menu/Toast) and call the API wrappers.
+
+Mutations are **optimistic with rollback**: writes patch `navDataStore` immediately, then the API call confirms or rolls back via `navDataStore.refetch()` on error. Deletes use `ConfirmToast` with a 3-second undo window.
+
+**Tech Stack (already provisioned):** Plans 1/1.5/2/3.
+
+**Spec reference:** `docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md` § 5.1 (entry/exit), § 5.2 (operation matrix — items rows + change password row only), § 5.3 (consistency / failure / offline).
+
+**Predecessors:** Plans 1, 1.5, 2, 3 (all merged into `feat/rust-platform`).
+
+**Successors:** Plan 5 (Docker + dump-bootstrap + Playwright e2e) absorbs the deferred polish (drag-drop, full group/site/tag UI, site settings).
+
+---
+
+## Conventions
+
+- **Working directory:** every `pnpm` command runs in `web/`.
+- **Sub-branch:** `plan-4/edit-mode-mvp`, branched from `feat/rust-platform`.
+- **Commits:** Conventional Commits, no `Co-Authored-By` trailer. One commit per task.
+- **Verification gate:** every task ends with `pnpm check` clean, or vitest if logic added.
+- **a11y:** every new interactive element is `<button>` with aria; ContextMenu reuses Plan 2's `Menu`.
+- **i18n:** every new user-visible string goes through `$t('key')`. New keys added to both `zh.json` and `en.json` in the same commit.
+- **Optimistic update protocol:** every mutation handler:
+  1. Runs the local patch (`navDataStore.applyItemPatch` or equivalent).
+  2. Calls the API.
+  3. On success → toast.success.
+  4. On error → `navDataStore.refetch()` to re-sync, plus toast.error.
+
+---
+
+## Phase 0: API + Store Foundations (Tasks 1–2)
+
+### Task 1: API wrappers for items + auth + config
+
+**Files:**
+- Create: `web/src/lib/api/nav.ts`
+
+- [ ] **Step 1: Write the wrappers**
+
+```ts
+// web/src/lib/api/nav.ts
+import { apiClient } from './client';
+import {
+  ItemSchema,
+  type Item,
+  type IconKind,
+  type NavBundle
+} from '$lib/types/nav';
+
+// ----- Item CRUD -----
+
+export interface ItemPayload {
+  groupId: number | null;
+  name: string;
+  nameI18n?: Record<string, string> | null;
+  description?: string | null;
+  descriptionI18n?: Record<string, string> | null;
+  iconKind: IconKind;
+  iconValue: string;
+  links: Record<string, string>;
+  tagSlugs: string[];
+}
+
+export type ItemPatch = Partial<ItemPayload>;
+
+export function createItem(payload: ItemPayload): Promise<Item> {
+  return apiClient<Item>({
+    method: 'POST',
+    path: '/api/items',
+    body: payload,
+    responseSchema: ItemSchema
+  });
+}
+
+export function patchItem(id: number, patch: ItemPatch): Promise<Item> {
+  return apiClient<Item>({
+    method: 'PATCH',
+    path: `/api/items/${id}`,
+    body: patch,
+    responseSchema: ItemSchema
+  });
+}
+
+export function deleteItem(id: number): Promise<void> {
+  return apiClient<void>({ method: 'DELETE', path: `/api/items/${id}` });
+}
+
+// ----- Auth -----
+
+export function changePassword(current: string, next: string): Promise<void> {
+  return apiClient<void>({
+    method: 'POST',
+    path: '/api/config/password',
+    body: { current, next }
+  });
+}
+
+// ----- Convenience: refetch the bundle from outside the store -----
+
+export function fetchBundle(): Promise<NavBundle> {
+  return apiClient<NavBundle>({
+    method: 'GET',
+    path: '/api/nav',
+    responseSchema: (typeof window !== 'undefined' ? undefined : undefined) ??
+      // schema is wired in navData store; this fallback delegates to the store-side wrapper.
+      undefined as never
+  });
+}
+```
+
+Note: `fetchBundle()` is unused in Plan 4 (navDataStore.refetch handles re-sync); included for completeness so Plan 5 / future plans can call it from non-Svelte contexts. If your linter complains, drop it — it's just a documentation hint.
+
+Practical version (use this — the placeholder above is illustrative):
+
+```ts
+// web/src/lib/api/nav.ts
+import { apiClient } from './client';
+import { ItemSchema, type Item, type IconKind } from '$lib/types/nav';
+
+export interface ItemPayload {
+  groupId: number | null;
+  name: string;
+  nameI18n?: Record<string, string> | null;
+  description?: string | null;
+  descriptionI18n?: Record<string, string> | null;
+  iconKind: IconKind;
+  iconValue: string;
+  links: Record<string, string>;
+  tagSlugs: string[];
+}
+
+export type ItemPatch = Partial<ItemPayload>;
+
+export function createItem(payload: ItemPayload): Promise<Item> {
+  return apiClient<Item>({
+    method: 'POST',
+    path: '/api/items',
+    body: payload,
+    responseSchema: ItemSchema
+  });
+}
+
+export function patchItem(id: number, patch: ItemPatch): Promise<Item> {
+  return apiClient<Item>({
+    method: 'PATCH',
+    path: `/api/items/${id}`,
+    body: patch,
+    responseSchema: ItemSchema
+  });
+}
+
+export function deleteItem(id: number): Promise<void> {
+  return apiClient<void>({ method: 'DELETE', path: `/api/items/${id}` });
+}
+
+export function changePassword(current: string, next: string): Promise<void> {
+  return apiClient<void>({
+    method: 'POST',
+    path: '/api/config/password',
+    body: { current, next }
+  });
+}
+```
+
+(Use this final version. Drop the placeholder.)
+
+- [ ] **Step 2: Verify**
+
+```bash
+cd web
+pnpm check 2>&1 | tail -3
+cd ..
+```
+
+Expected: 0 errors.
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add web/src/lib/api/nav.ts
+git commit -m "feat(web): API wrappers for items + auth/changePassword"
+```
+
+### Task 2: editModeStore
+
+**Files:**
+- Create: `web/src/lib/stores/editMode.ts`
+
+- [ ] **Step 1: Write store**
+
+```ts
+// web/src/lib/stores/editMode.ts
+import { writable, derived, type Readable } from 'svelte/store';
+import { sessionStore } from './session';
+
+const _on = writable<boolean>(false);
+
+/** Edit mode can ONLY be on when the user is authed. Logout flips it off. */
+sessionStore.subscribe((s) => {
+  if (!s.authed) _on.set(false);
+});
+
+export const editModeStore: Readable<boolean> & {
+  toggle(): void;
+  set(v: boolean): void;
+} = {
+  subscribe: derived([_on, sessionStore], ([$on, $s]) => $on && $s.authed).subscribe,
+  toggle: () => _on.update((v) => !v),
+  set: (v: boolean) => _on.set(v)
+};
+```
+
+- [ ] **Step 2: Test**
+
+```ts
+// web/src/lib/stores/editMode.test.ts
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { get } from 'svelte/store';
+import { editModeStore } from './editMode';
+import { sessionStore } from './session';
+
+const fetchMock = vi.fn();
+beforeEach(() => {
+  fetchMock.mockReset();
+  vi.stubGlobal('fetch', fetchMock);
+  editModeStore.set(false);
+  // Force authed=false baseline
+  fetchMock.mockResolvedValueOnce(
+    new Response(null, { status: 204 })
+  );
+});
+
+describe('editModeStore', () => {
+  it('toggle when not authed stays false', () => {
+    editModeStore.toggle();
+    expect(get(editModeStore)).toBe(false);
+  });
+
+  it('toggle when authed flips on', async () => {
+    fetchMock.mockResolvedValueOnce(new Response(null, { status: 204 }));
+    await sessionStore.login('pw');
+    editModeStore.toggle();
+    expect(get(editModeStore)).toBe(true);
+  });
+
+  it('logout flips edit mode off', async () => {
+    fetchMock.mockResolvedValueOnce(new Response(null, { status: 204 }));
+    await sessionStore.login('pw');
+    editModeStore.set(true);
+    expect(get(editModeStore)).toBe(true);
+    fetchMock.mockResolvedValueOnce(new Response(null, { status: 204 }));
+    await sessionStore.logout();
+    expect(get(editModeStore)).toBe(false);
+  });
+});
+```
+
+- [ ] **Step 3: Run + commit**
+
+```bash
+cd web
+pnpm test:unit 2>&1 | tail -10
+cd ..
+git add web/src/lib/stores/editMode.ts web/src/lib/stores/editMode.test.ts
+git commit -m "feat(web): editModeStore (auth-gated; logout flips off)"
+```
+
+---
+
+## Phase 1: Login + EditToggle (Tasks 3–6)
+
+### Task 3: LoginDialog
+
+**Files:**
+- Create: `web/src/lib/components/Editor/LoginDialog.svelte`
+
+```svelte
+<script lang="ts">
+  import Dialog from '$lib/components/ui/Dialog.svelte';
+  import Input from '$lib/components/ui/Input.svelte';
+  import Button from '$lib/components/ui/Button.svelte';
+  import { sessionStore } from '$lib/stores/session';
+  import { ApiError } from '$lib/api/client';
+  import { t } from '$lib/i18n/store';
+  import { toast } from '$lib/components/ui/toast';
+
+  interface Props {
+    open: boolean;
+  }
+  let { open = $bindable(false) }: Props = $props();
+
+  let password = $state('');
+  let submitting = $state(false);
+  let error = $state<string | null>(null);
+
+  async function submit(e?: SubmitEvent) {
+    e?.preventDefault();
+    if (!password || submitting) return;
+    error = null;
+    submitting = true;
+    try {
+      await sessionStore.login(password);
+      toast.success($t('auth.login.title') + ' ✓');
+      password = '';
+      open = false;
+    } catch (e) {
+      if (e instanceof ApiError) {
+        if (e.status === 401) error = $t('auth.login.error.bad_password');
+        else if (e.status === 429) error = $t('auth.login.error.rate_limited');
+        else error = $t('error.unknown');
+      } else {
+        error = $t('error.network.offline');
+      }
+    } finally {
+      submitting = false;
+    }
+  }
+</script>
+
+<Dialog bind:open title={$t('auth.login.title')} width="sm">
+  <form onsubmit={submit}>
+    <Input
+      label={$t('auth.login.password')}
+      type="password"
+      autocomplete="current-password"
+      bind:value={password}
+      invalid={!!error}
+      errorText={error ?? undefined}
+    />
+  </form>
+  {#snippet footer()}
+    <Button intent="ghost" onclick={() => (open = false)}>{$t('common.cancel')}</Button>
+    <Button intent="primary" onclick={() => submit()} disabled={!password} loading={submitting}>
+      {$t('auth.login.submit')}
+    </Button>
+  {/snippet}
+</Dialog>
+```
+
+Run `pnpm check`. Commit:
+```bash
+git add web/src/lib/components/Editor/LoginDialog.svelte
+git commit -m "feat(web): LoginDialog (Dialog + Input + Button; handles 401/429)"
+```
+
+### Task 4: Wire LoginDialog into AuthControls
+
+**Files:**
+- Modify: `web/src/lib/components/Header/AuthControls.svelte`
+
+Replace contents:
+
+```svelte
+<script lang="ts">
+  import Button from '$lib/components/ui/Button.svelte';
+  import LoginDialog from '$lib/components/Editor/LoginDialog.svelte';
+  import EditToggle from './EditToggle.svelte';
+  import { sessionStore } from '$lib/stores/session';
+  import { t } from '$lib/i18n/store';
+
+  let dialogOpen = $state(false);
+
+  async function onLogout() {
+    await sessionStore.logout();
+  }
+</script>
+
+{#if $sessionStore.authed}
+  <EditToggle />
+  <Button intent="ghost" size="sm" onclick={onLogout}>{$t('header.logout')}</Button>
+{:else}
+  <Button intent="ghost" size="sm" onclick={() => (dialogOpen = true)}>
+    {$t('header.login')}
+  </Button>
+{/if}
+
+<LoginDialog bind:open={dialogOpen} />
+```
+
+Note: `EditToggle` is created in Task 5; this commit will fail to compile until Task 5 lands. To avoid that, **temporarily** stub `EditToggle.svelte` first or merge Tasks 4 + 5 in one commit. Recommended: do them as **two separate commits but in the order Task 5 first → Task 4 second**. Adjust the order:
+
+**Re-order:** Implement Task 5 (EditToggle) BEFORE Task 4 (AuthControls integration).
+
+Run `pnpm check`. Commit (after Task 5):
+```bash
+git add web/src/lib/components/Header/AuthControls.svelte
+git commit -m "feat(web): AuthControls opens LoginDialog + shows EditToggle when authed"
+```
+
+### Task 5: EditToggle button
+
+**Files:**
+- Create: `web/src/lib/components/Header/EditToggle.svelte`
+
+```svelte
+<script lang="ts">
+  import Button from '$lib/components/ui/Button.svelte';
+  import { editModeStore } from '$lib/stores/editMode';
+  import { t } from '$lib/i18n/store';
+</script>
+
+<Button
+  intent={$editModeStore ? 'primary' : 'secondary'}
+  size="sm"
+  onclick={editModeStore.toggle}
+>
+  {$editModeStore ? $t('header.editMode.exit') : $t('header.editMode.enter')}
+</Button>
+```
+
+Run `pnpm check`. Commit:
+```bash
+git add web/src/lib/components/Header/EditToggle.svelte
+git commit -m "feat(web): EditToggle button (binds editModeStore)"
+```
+
+### Task 6: Visual indicator when in edit mode
+
+**Files:**
+- Modify: `web/src/routes/+layout.svelte`
+
+Add a `<svelte:body>` directive (or class on `<main>`) that signals edit mode. Read `+layout.svelte`, then update:
+
+```svelte
+<script lang="ts">
+  import Header from '$lib/components/Header/index.svelte';
+  import Footer from '$lib/components/Footer/index.svelte';
+  import ToastViewport from '$lib/components/ui/ToastViewport.svelte';
+  import { editModeStore } from '$lib/stores/editMode';
+  import '$lib/design/theme';
+  import '../app.scss';
+
+  let { children } = $props();
+</script>
+
+<svelte:body class:edit-mode={$editModeStore} />
+
+<Header />
+
+<main>
+  {@render children()}
+</main>
+
+<Footer />
+
+<ToastViewport />
+
+<style lang="scss">
+  main {
+    flex: 1;
+    width: 100%;
+    max-width: 1024px;
+    margin: var(--sp-6) auto 0;
+    padding: 0 var(--sp-4);
+    box-sizing: border-box;
+  }
+
+  :global(body.edit-mode main) {
+    outline: 2px dashed var(--c-accent);
+    outline-offset: var(--sp-2);
+    border-radius: var(--rd-md);
+  }
+
+  :global(body.edit-mode)::before {
+    content: '';
+    position: fixed;
+    top: 0;
+    left: 0;
+    right: 0;
+    height: 3px;
+    background: var(--c-accent);
+    z-index: 200;
+  }
+</style>
+```
+
+Run `pnpm check`. Commit:
+```bash
+git add web/src/routes/+layout.svelte
+git commit -m "feat(web): visual indicator (top bar + main outline) when edit mode is on"
+```
+
+---
+
+## Phase 2: Item CRUD UI (Tasks 7–11)
+
+### Task 7: NavItem context menu in edit mode
+
+**Files:**
+- Create: `web/src/lib/components/Editor/NavItemContextMenu.svelte`
+- Modify: `web/src/lib/components/Nav/NavItem.svelte`
+
+- [ ] **Step 1: Write the menu component**
+
+```svelte
+<!-- web/src/lib/components/Editor/NavItemContextMenu.svelte -->
+<script lang="ts">
+  import Menu from '$lib/components/ui/Menu.svelte';
+  import { t } from '$lib/i18n/store';
+
+  interface Props {
+    open: boolean;
+    x: number;
+    y: number;
+    onEdit: () => void;
+    onDelete: () => void;
+  }
+  let { open = $bindable(false), x, y, onEdit, onDelete }: Props = $props();
+
+  const items = $derived([
+    { label: $t('common.edit'), onSelect: onEdit },
+    { label: $t('common.delete'), onSelect: onDelete, intent: 'danger' as const }
+  ]);
+</script>
+
+<Menu bind:open {x} {y} {items} />
+```
+
+- [ ] **Step 2: Update NavItem to support edit mode interactions**
+
+Modify `web/src/lib/components/Nav/NavItem.svelte`. Read the file first; the goal is:
+
+- Import `editModeStore` and `NavItemContextMenu`.
+- When in edit mode: right-click on the card opens the context menu at the cursor position.
+- Edit mode also passes `onEdit` (opens ItemEditDialog from page level — wired via callback prop).
+- Delete uses optimistic delete + toast undo.
+
+Add new props and event handlers:
+
+```svelte
+<script lang="ts">
+  import type { Item } from '$lib/types/nav';
+  import { uiPrefs } from '$lib/stores/uiPrefs';
+  import { currentSite } from '$lib/stores/visible';
+  import { localeStore, t } from '$lib/i18n/store';
+  import { editModeStore } from '$lib/stores/editMode';
+  import NavItemContextMenu from '$lib/components/Editor/NavItemContextMenu.svelte';
+  import { navDataStore } from '$lib/stores/navData';
+  import { deleteItem } from '$lib/api/nav';
+  import { toast } from '$lib/components/ui/toast';
+
+  interface Props {
+    item: Item;
+    onEdit?: (item: Item) => void;
+  }
+  let { item, onEdit }: Props = $props();
+
+  const url = $derived($currentSite.site ? item.links[$currentSite.site.value] ?? null : null);
+  const displayName = $derived(item.nameI18n?.[$localeStore] ?? item.name);
+  const isFav = $derived($uiPrefs.favoriteItemIds.includes(item.id));
+
+  let menuOpen = $state(false);
+  let menuX = $state(0);
+  let menuY = $state(0);
+
+  function iconSrc(): string {
+    switch (item.iconKind) {
+      case 'asset': return `/navIcons/${item.iconValue}`;
+      case 'url': return item.iconValue;
+      case 'auto-favicon': return `/api/favicon?host=${encodeURIComponent(item.iconValue)}`;
+    }
+  }
+
+  function open() {
+    if ($editModeStore) return; // suppress nav navigation in edit mode
+    if (url) window.open(url, '_blank', 'noopener,noreferrer');
+  }
+
+  function onKeydown(e: KeyboardEvent) {
+    if ($editModeStore) return;
+    if (e.key === 'Enter' || e.key === ' ') {
+      e.preventDefault();
+      open();
+    }
+  }
+
+  function onFavClick(e: MouseEvent) {
+    e.stopPropagation();
+    uiPrefs.toggleFavorite(item.id);
+  }
+
+  function onContextMenu(e: MouseEvent) {
+    if (!$editModeStore) return;
+    e.preventDefault();
+    menuX = e.clientX;
+    menuY = e.clientY;
+    menuOpen = true;
+  }
+
+  async function onConfirmDelete() {
+    // optimistic remove
+    const before = $navDataStore.bundle;
+    if (!before) return;
+    navDataStore.setBundle({
+      ...before,
+      items: before.items.filter((i) => i.id !== item.id)
+    });
+    try {
+      await deleteItem(item.id);
+      toast.success($t('common.delete') + ' ✓');
+    } catch (e) {
+      // rollback
+      navDataStore.refetch();
+      toast.error($t('error.unknown'));
+    }
+  }
+</script>
+
+<div class="cell" oncontextmenu={onContextMenu}>
+  <button
+    type="button"
+    class="card"
+    class:edit={$editModeStore}
+    onclick={open}
+    onkeydown={onKeydown}
+    aria-label={displayName}
+    disabled={!url && !$editModeStore}
+  >
+    <img class="icon" src={iconSrc()} alt="" loading="lazy" />
+  </button>
+  <button
+    type="button"
+    class="fav"
+    aria-label={isFav ? 'Unfavorite' : 'Favorite'}
+    aria-pressed={isFav}
+    onclick={onFavClick}
+  >★</button>
+  <span class="label">{displayName}</span>
+</div>
+
+<NavItemContextMenu
+  bind:open={menuOpen}
+  x={menuX}
+  y={menuY}
+  onEdit={() => onEdit?.(item)}
+  onDelete={onConfirmDelete}
+/>
+
+<style lang="scss">
+  .cell { position: relative; display: flex; flex-direction: column; align-items: center; gap: var(--sp-2); width: 96px; }
+  .card {
+    width: 96px; height: 96px; padding: var(--sp-3);
+    background: var(--c-surface); border: 1px solid var(--c-border);
+    border-radius: var(--rd-lg); box-shadow: var(--sh-sm);
+    cursor: pointer; transition: transform var(--tr-base), box-shadow var(--tr-base), border-color var(--tr-fast);
+    &:hover:not(:disabled) { transform: translateY(-2px); box-shadow: var(--sh-md); border-color: var(--c-accent); }
+    &.edit { cursor: context-menu; }
+    &:disabled { opacity: 0.55; cursor: not-allowed; }
+    .icon { width: 100%; height: 100%; object-fit: contain; border-radius: var(--rd-sm); }
+  }
+  .fav {
+    position: absolute; top: 2px; right: 2px;
+    width: 22px; height: 22px;
+    background: transparent; border: 0; color: var(--c-text-3);
+    font-size: 14px; line-height: 1; cursor: pointer; border-radius: var(--rd-pill);
+    opacity: 0; transition: opacity var(--tr-fast), color var(--tr-fast);
+    &[aria-pressed='true'] { color: var(--c-warn); opacity: 1; }
+  }
+  .cell:hover .fav, .fav:focus-visible { opacity: 1; }
+  .label { font-size: var(--fs-sm); color: var(--c-text); text-align: center; line-height: var(--lh-tight); word-break: break-word; }
+</style>
+```
+
+Run `pnpm check`. Commit:
+```bash
+git add web/src/lib/components/Editor/NavItemContextMenu.svelte web/src/lib/components/Nav/NavItem.svelte
+git commit -m "feat(web): NavItem right-click context menu in edit mode (edit + delete with optimistic update)"
+```
+
+### Task 8: ItemEditDialog
+
+**Files:**
+- Create: `web/src/lib/components/Editor/ItemEditDialog.svelte`
+
+```svelte
+<script lang="ts">
+  import Dialog from '$lib/components/ui/Dialog.svelte';
+  import Input from '$lib/components/ui/Input.svelte';
+  import Button from '$lib/components/ui/Button.svelte';
+  import { t } from '$lib/i18n/store';
+  import { navDataStore } from '$lib/stores/navData';
+  import { createItem, patchItem, type ItemPayload } from '$lib/api/nav';
+  import { toast } from '$lib/components/ui/toast';
+  import { ApiError } from '$lib/api/client';
+  import type { Item } from '$lib/types/nav';
+
+  interface Props {
+    open: boolean;
+    /** When set, dialog is in edit mode for this item; null = create. */
+    target: Item | null;
+    /** Initial group for create mode. */
+    defaultGroupId?: number | null;
+  }
+
+  let { open = $bindable(false), target, defaultGroupId = null }: Props = $props();
+
+  // Form state
+  let name = $state('');
+  let groupId = $state<number | null>(null);
+  let iconKind = $state<'asset' | 'url' | 'auto-favicon'>('asset');
+  let iconValue = $state('');
+  let linksJson = $state('{}'); // simplified MVP: edit links as JSON
+  let tagSlugsCsv = $state(''); // simplified: comma-separated
+  let submitting = $state(false);
+  let error = $state<string | null>(null);
+
+  $effect(() => {
+    // sync form when target / open changes
+    if (!open) return;
+    if (target) {
+      name = target.name;
+      groupId = target.groupId;
+      iconKind = target.iconKind;
+      iconValue = target.iconValue;
+      linksJson = JSON.stringify(target.links, null, 2);
+      tagSlugsCsv = target.tagSlugs.join(', ');
+    } else {
+      name = '';
+      groupId = defaultGroupId;
+      iconKind = 'asset';
+      iconValue = '';
+      linksJson = '{}';
+      tagSlugsCsv = '';
+    }
+    error = null;
+  });
+
+  function parseLinks(): Record<string, string> {
+    try {
+      const parsed = JSON.parse(linksJson) as unknown;
+      if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+        return Object.fromEntries(
+          Object.entries(parsed as Record<string, unknown>).map(([k, v]) => [k, String(v)])
+        );
+      }
+    } catch {
+      /* fallthrough to error */
+    }
+    throw new Error('links must be a JSON object: { "siteValue": "url", ... }');
+  }
+
+  async function submit() {
+    if (submitting) return;
+    error = null;
+    submitting = true;
+    try {
+      const links = parseLinks();
+      const payload: ItemPayload = {
+        groupId,
+        name: name.trim(),
+        iconKind,
+        iconValue: iconValue.trim(),
+        links,
+        tagSlugs: tagSlugsCsv.split(',').map((s) => s.trim()).filter(Boolean)
+      };
+      if (target) {
+        await patchItem(target.id, payload);
+        toast.success($t('common.save') + ' ✓');
+      } else {
+        await createItem(payload);
+        toast.success($t('editor.item.new') + ' ✓');
+      }
+      navDataStore.refetch();
+      open = false;
+    } catch (e) {
+      if (e instanceof ApiError) error = `${e.code}${e.message ? ': ' + e.message : ''}`;
+      else if (e instanceof Error) error = e.message;
+      else error = $t('error.unknown');
+    } finally {
+      submitting = false;
+    }
+  }
+
+  const groupOptions = $derived($navDataStore.bundle?.groups ?? []);
+</script>
+
+<Dialog
+  bind:open
+  title={target ? $t('common.edit') : $t('editor.item.new')}
+  width="md"
+>
+  <div class="form">
+    <Input label={$t('common.edit') + ' — name'} bind:value={name} />
+    <label class="grp">
+      <span class="lbl">Group</span>
+      <select bind:value={groupId}>
+        <option value={null}>—</option>
+        {#each groupOptions as g (g.id)}
+          <option value={g.id}>{g.name}</option>
+        {/each}
+      </select>
+    </label>
+    <label class="grp">
+      <span class="lbl">Icon kind</span>
+      <select bind:value={iconKind}>
+        <option value="asset">asset (file under /navIcons/)</option>
+        <option value="url">url (full URL)</option>
+        <option value="auto-favicon">auto-favicon (host)</option>
+      </select>
+    </label>
+    <Input label="Icon value" bind:value={iconValue} placeholder="example.png / https://… / example.com" />
+    <label class="grp">
+      <span class="lbl">Links (JSON: siteValue → URL)</span>
+      <textarea rows="4" bind:value={linksJson}></textarea>
+    </label>
+    <Input label="Tag slugs (comma-separated)" bind:value={tagSlugsCsv} placeholder="fav, tools" />
+    {#if error}<p class="err">{error}</p>{/if}
+  </div>
+  {#snippet footer()}
+    <Button intent="ghost" onclick={() => (open = false)}>{$t('common.cancel')}</Button>
+    <Button intent="primary" onclick={submit} loading={submitting} disabled={!name || !iconValue}>
+      {$t('common.save')}
+    </Button>
+  {/snippet}
+</Dialog>
+
+<style lang="scss">
+  .form { display: flex; flex-direction: column; gap: var(--sp-3); }
+  .grp { display: flex; flex-direction: column; gap: var(--sp-1); font-size: var(--fs-sm); }
+  .lbl { color: var(--c-text-2); font-weight: var(--fw-medium); }
+  select, textarea {
+    background: var(--c-surface); color: var(--c-text);
+    border: 1px solid var(--c-border); border-radius: var(--rd-md);
+    padding: var(--sp-2) var(--sp-3); font-family: inherit; font-size: var(--fs-md);
+    &:focus { border-color: var(--c-accent); outline: none; box-shadow: 0 0 0 3px var(--c-accent-bg); }
+  }
+  textarea { font-family: var(--ft-mono); font-size: var(--fs-sm); }
+  .err { margin: 0; color: var(--c-danger); font-size: var(--fs-sm); }
+</style>
+```
+
+Run `pnpm check`. Commit:
+```bash
+git add web/src/lib/components/Editor/ItemEditDialog.svelte
+git commit -m "feat(web): ItemEditDialog (create + edit; links as JSON, tags as CSV — MVP)"
+```
+
+### Task 9: Wire ItemEditDialog into +page.svelte
+
+**Files:**
+- Modify: `web/src/routes/+page.svelte`
+- Modify: `web/src/lib/components/Nav/NavGrid.svelte` (pass through onEdit)
+- Modify: `web/src/lib/components/Nav/GroupSection.svelte` (pass through)
+- Modify: `web/src/lib/components/Nav/FavoritesSection.svelte` (pass through)
+
+Read each file. Add an `onEdit?: (item: Item) => void` prop chain from `+page.svelte` → `FavoritesSection`/`GroupSection` → `NavGrid` → `NavItem`. The page owns the dialog state.
+
+Updated `+page.svelte`:
+
+```svelte
+<script lang="ts">
+  import { navDataStore } from '$lib/stores/navData';
+  import { visibleSections, hasActiveFilter, clearFilters } from '$lib/stores/visible';
+  import GroupSection from '$lib/components/Nav/GroupSection.svelte';
+  import FavoritesSection from '$lib/components/Nav/FavoritesSection.svelte';
+  import EmptyState from '$lib/components/Nav/EmptyState.svelte';
+  import Skeleton from '$lib/components/ui/Skeleton.svelte';
+  import Button from '$lib/components/ui/Button.svelte';
+  import ItemEditDialog from '$lib/components/Editor/ItemEditDialog.svelte';
+  import NewItemAffordance from '$lib/components/Editor/NewItemAffordance.svelte';
+  import { editModeStore } from '$lib/stores/editMode';
+  import { t } from '$lib/i18n/store';
+  import type { Item } from '$lib/types/nav';
+
+  const siteTitle = $derived($navDataStore.bundle?.meta.siteName ?? '');
+
+  let editTarget = $state<Item | null>(null);
+  let createForGroupId = $state<number | null>(null);
+  let editDialogOpen = $state(false);
+
+  function openEdit(item: Item) {
+    editTarget = item;
+    createForGroupId = null;
+    editDialogOpen = true;
+  }
+  function openCreate(groupId: number | null) {
+    editTarget = null;
+    createForGroupId = groupId;
+    editDialogOpen = true;
+  }
+</script>
+
+<svelte:head><title>{siteTitle}</title></svelte:head>
+
+{#if $navDataStore.loading && !$navDataStore.bundle}
+  <div class="loading">
+    <Skeleton width="240px" height="24px" />
+    <Skeleton width="180px" height="16px" />
+    <Skeleton width="220px" height="16px" />
+  </div>
+{:else if $navDataStore.error}
+  <EmptyState title={$t('error.network.offline')} hint={$navDataStore.error} />
+  <div class="retry">
+    <Button onclick={() => navDataStore.refetch()}>{$t('error.network.retry')}</Button>
+  </div>
+{:else}
+  <FavoritesSection onEdit={openEdit} />
+  {#if $visibleSections.length === 0}
+    {#if $hasActiveFilter}
+      <EmptyState title={$t('nav.empty.search')} hint={$t('nav.empty.search.hint')} />
+      <div class="retry">
+        <Button intent="ghost" onclick={clearFilters}>{$t('common.cancel')}</Button>
+      </div>
+    {:else}
+      <EmptyState title={$t('nav.empty.data')} hint={$t('nav.empty.data.hint')} />
+      {#if $editModeStore}
+        <div class="retry"><Button onclick={() => openCreate(null)}>{$t('editor.item.new')}</Button></div>
+      {/if}
+    {/if}
+  {:else}
+    {#each $visibleSections as section (section.group?.id ?? 'ungrouped')}
+      <GroupSection {section} onEdit={openEdit} />
+      {#if $editModeStore}
+        <NewItemAffordance onClick={() => openCreate(section.group?.id ?? null)} />
+      {/if}
+    {/each}
+  {/if}
+{/if}
+
+<ItemEditDialog bind:open={editDialogOpen} target={editTarget} defaultGroupId={createForGroupId} />
+
+<style lang="scss">
+  .loading { display: flex; flex-direction: column; gap: var(--sp-3); align-items: center; margin-top: var(--sp-6); }
+  .retry { display: flex; justify-content: center; margin-top: var(--sp-3); }
+</style>
+```
+
+Update `NavGrid.svelte`:
+
+```svelte
+<script lang="ts">
+  import type { Item } from '$lib/types/nav';
+  import NavItem from './NavItem.svelte';
+
+  interface Props {
+    items: Item[];
+    onEdit?: (item: Item) => void;
+  }
+  let { items, onEdit }: Props = $props();
+</script>
+
+<div class="grid">
+  {#each items as item (item.id)}
+    <NavItem {item} {onEdit} />
+  {/each}
+</div>
+
+<style lang="scss">
+  .grid { display: grid; grid-template-columns: repeat(auto-fill, 96px); gap: var(--sp-5) var(--sp-4); justify-content: center; width: 100%; }
+</style>
+```
+
+Update `GroupSection.svelte`:
+
+```svelte
+<script lang="ts">
+  import type { VisibleGroup } from '$lib/stores/visible';
+  import type { Item } from '$lib/types/nav';
+  import { uiPrefs } from '$lib/stores/uiPrefs';
+  import GroupHeader from './GroupHeader.svelte';
+  import NavGrid from './NavGrid.svelte';
+
+  interface Props {
+    section: VisibleGroup;
+    onEdit?: (item: Item) => void;
+  }
+  let { section, onEdit }: Props = $props();
+  const isOpen = $derived(section.group ? $uiPrefs.groupOpen[section.group.slug] !== false : true);
+</script>
+
+<section class="section">
+  {#if section.group}<GroupHeader group={section.group} />{/if}
+  {#if isOpen}<NavGrid items={section.items} {onEdit} />{/if}
+</section>
+
+<style lang="scss">
+  .section { display: flex; flex-direction: column; gap: var(--sp-4); margin-bottom: var(--sp-7); }
+</style>
+```
+
+Update `FavoritesSection.svelte`:
+
+```svelte
+<script lang="ts">
+  import type { Item } from '$lib/types/nav';
+  import { visibleFavorites } from '$lib/stores/visible';
+  import NavGrid from './NavGrid.svelte';
+  import { t } from '$lib/i18n/store';
+
+  interface Props {
+    onEdit?: (item: Item) => void;
+  }
+  let { onEdit }: Props = $props();
+</script>
+
+{#if $visibleFavorites.length > 0}
+  <section class="favorites">
+    <h2 class="heading">★ {$t('nav.favorites.title')}</h2>
+    <NavGrid items={$visibleFavorites} {onEdit} />
+  </section>
+{/if}
+
+<style lang="scss">
+  .favorites { margin-bottom: var(--sp-7); }
+  .heading { margin: 0 0 var(--sp-4); font-size: var(--fs-md); font-weight: var(--fw-semibold); color: var(--c-text-2); letter-spacing: 0.05em; text-transform: uppercase; }
+</style>
+```
+
+Run `pnpm check`. Commit (single commit, all 4 files):
+```bash
+git add web/src/routes/+page.svelte web/src/lib/components/Nav/NavGrid.svelte web/src/lib/components/Nav/GroupSection.svelte web/src/lib/components/Nav/FavoritesSection.svelte
+git commit -m "feat(web): wire ItemEditDialog through +page → FavoritesSection/GroupSection/NavGrid → NavItem"
+```
+
+### Task 10: NewItemAffordance
+
+**Files:**
+- Create: `web/src/lib/components/Editor/NewItemAffordance.svelte`
+
+```svelte
+<script lang="ts">
+  import { t } from '$lib/i18n/store';
+  interface Props {
+    onClick: () => void;
+  }
+  let { onClick }: Props = $props();
+</script>
+
+<button type="button" class="aff" onclick={onClick} aria-label={$t('editor.item.new')}>
+  <span class="plus" aria-hidden="true">＋</span>
+  <span class="lbl">{$t('editor.item.new')}</span>
+</button>
+
+<style lang="scss">
+  .aff {
+    display: inline-flex; flex-direction: column; align-items: center; justify-content: center; gap: var(--sp-2);
+    width: 96px; min-height: 96px; margin: 0 auto var(--sp-7);
+    background: transparent; border: 2px dashed var(--c-border); border-radius: var(--rd-lg);
+    color: var(--c-text-3); cursor: pointer;
+    transition: border-color var(--tr-fast), color var(--tr-fast), background var(--tr-fast);
+    &:hover { border-color: var(--c-accent); color: var(--c-accent); background: var(--c-accent-bg); }
+  }
+  .plus { font-size: 28px; line-height: 1; }
+  .lbl { font-size: var(--fs-xs); }
+</style>
+```
+
+Run `pnpm check`. Commit:
+```bash
+git add web/src/lib/components/Editor/NewItemAffordance.svelte
+git commit -m "feat(web): NewItemAffordance ('+' card shown after each group in edit mode)"
+```
+
+### Task 11: ChangePasswordDialog
+
+**Files:**
+- Create: `web/src/lib/components/Editor/ChangePasswordDialog.svelte`
+- Modify: `web/src/lib/components/Header/AuthControls.svelte` (add menu trigger)
+
+- [ ] **Step 1: Dialog**
+
+```svelte
+<script lang="ts">
+  import Dialog from '$lib/components/ui/Dialog.svelte';
+  import Input from '$lib/components/ui/Input.svelte';
+  import Button from '$lib/components/ui/Button.svelte';
+  import { changePassword } from '$lib/api/nav';
+  import { ApiError } from '$lib/api/client';
+  import { toast } from '$lib/components/ui/toast';
+  import { t } from '$lib/i18n/store';
+
+  interface Props {
+    open: boolean;
+  }
+  let { open = $bindable(false) }: Props = $props();
+
+  let current = $state('');
+  let next = $state('');
+  let confirm = $state('');
+  let submitting = $state(false);
+  let error = $state<string | null>(null);
+
+  async function submit() {
+    error = null;
+    if (next.length < 8) { error = 'New password must be ≥ 8 chars'; return; }
+    if (next !== confirm) { error = 'New passwords do not match'; return; }
+    submitting = true;
+    try {
+      await changePassword(current, next);
+      toast.success($t('common.save') + ' ✓');
+      current = next = confirm = '';
+      open = false;
+    } catch (e) {
+      if (e instanceof ApiError) {
+        if (e.status === 401) error = $t('auth.login.error.bad_password');
+        else error = e.message ?? $t('error.unknown');
+      } else error = $t('error.unknown');
+    } finally {
+      submitting = false;
+    }
+  }
+</script>
+
+<Dialog bind:open title="Change admin password" width="sm">
+  <div class="form">
+    <Input label="Current password" type="password" bind:value={current} />
+    <Input label="New password (≥ 8 chars)" type="password" bind:value={next} />
+    <Input label="Confirm new password" type="password" bind:value={confirm} />
+    {#if error}<p class="err">{error}</p>{/if}
+  </div>
+  {#snippet footer()}
+    <Button intent="ghost" onclick={() => (open = false)}>{$t('common.cancel')}</Button>
+    <Button intent="primary" onclick={submit} loading={submitting}
+      disabled={!current || !next || !confirm}>{$t('common.save')}</Button>
+  {/snippet}
+</Dialog>
+
+<style lang="scss">
+  .form { display: flex; flex-direction: column; gap: var(--sp-3); }
+  .err { margin: 0; color: var(--c-danger); font-size: var(--fs-sm); }
+</style>
+```
+
+- [ ] **Step 2: Add a "Change password" entry to AuthControls (when authed)**
+
+Modify `AuthControls.svelte` to include a small Menu next to logout, OR just add a second button. For MVP, the simplest is a third button:
+
+```svelte
+<script lang="ts">
+  import Button from '$lib/components/ui/Button.svelte';
+  import LoginDialog from '$lib/components/Editor/LoginDialog.svelte';
+  import ChangePasswordDialog from '$lib/components/Editor/ChangePasswordDialog.svelte';
+  import EditToggle from './EditToggle.svelte';
+  import { sessionStore } from '$lib/stores/session';
+  import { t } from '$lib/i18n/store';
+
+  let loginOpen = $state(false);
+  let pwOpen = $state(false);
+
+  async function onLogout() {
+    await sessionStore.logout();
+  }
+</script>
+
+{#if $sessionStore.authed}
+  <EditToggle />
+  <Button intent="ghost" size="sm" onclick={() => (pwOpen = true)}>🔑</Button>
+  <Button intent="ghost" size="sm" onclick={onLogout}>{$t('header.logout')}</Button>
+{:else}
+  <Button intent="ghost" size="sm" onclick={() => (loginOpen = true)}>{$t('header.login')}</Button>
+{/if}
+
+<LoginDialog bind:open={loginOpen} />
+<ChangePasswordDialog bind:open={pwOpen} />
+```
+
+Run `pnpm check`. Commit:
+```bash
+git add web/src/lib/components/Editor/ChangePasswordDialog.svelte web/src/lib/components/Header/AuthControls.svelte
+git commit -m "feat(web): ChangePasswordDialog + 🔑 button in AuthControls"
+```
+
+---
+
+## Phase 3: End-to-End Smoke (Task 12)
+
+### Task 12: Full editor flow smoke
+
+**Files:** none modified.
+
+```bash
+# Backend
+cd server
+rm -rf dev-data
+SQLX_OFFLINE=true PORT=8080 BOOTSTRAP_ADMIN_PASSWORD=test1234 cargo run --quiet > /tmp/srv.log 2>&1 &
+SRV=$!
+sleep 18
+
+# Login + create item via curl (proves API path)
+curl -s -c /tmp/cookies.txt -X POST -H 'Content-Type: application/json' \
+  -d '{"password":"test1234"}' http://127.0.0.1:8080/api/auth/login -w 'login=%{http_code}\n'
+
+curl -s -b /tmp/cookies.txt -X POST -H 'Content-Type: application/json' \
+  -d '{"groupId":null,"name":"SmokeTest","iconKind":"asset","iconValue":"x.png","links":{"shangHai":"http://test"},"tagSlugs":[]}' \
+  http://127.0.0.1:8080/api/items -w '\ncreate=%{http_code}\n' | head -c 200
+echo
+
+# Bundle now has the item
+curl -s http://127.0.0.1:8080/api/nav | python3 -c "
+import sys, json; b = json.load(sys.stdin)
+print('items:', [i['name'] for i in b['items']])
+"
+
+# Frontend dev server
+cd ../web
+pnpm dev --host 127.0.0.1 --port 5173 > /tmp/web.log 2>&1 &
+WEB=$!
+sleep 8
+curl -sf http://127.0.0.1:5173/ -o /dev/null && echo "frontend OK"
+cd ..
+
+# Full pipeline
+cd web
+pnpm check 2>&1 | tail -3
+pnpm test:unit 2>&1 | tail -5
+pnpm build 2>&1 | tail -5
+pnpm lint 2>&1 | tail -5
+cd ..
+
+kill $WEB 2>/dev/null
+kill $SRV 2>/dev/null
+sleep 1
+```
+
+Expected:
+- login=204
+- create=201
+- /api/nav items array contains "SmokeTest"
+- frontend serves OK
+- check / test / build / lint all green
+
+If anything fails, fix in this task and commit. Otherwise no commit.
+
+## Self-Review
+
+**Spec coverage**
+
+| Spec section | Where covered |
+|---|---|
+| §5.1 entry/exit | Tasks 3 (login), 5 (toggle), 6 (visual indicator) |
+| §5.2 row "delete item" | Task 7 (context menu + optimistic delete) |
+| §5.2 row "new item" | Tasks 8 + 10 (dialog + affordance) |
+| §5.2 row "edit item full form" | Task 8 (ItemEditDialog) |
+| §5.2 row "change password" | Task 11 |
+| §5.3 optimistic + rollback | Task 7 (delete), Task 8 (refetch on success/error) |
+
+**Out of scope (deferred to Plan 4b/5)**
+
+- Drag-drop reorder (`svelte-dnd-action`)
+- Group / Site / Tag full management UIs (currently editable only via direct API)
+- SiteSettingsDialog (站名/avatar/备案 via UI)
+- Icon upload (multipart) UI
+- Double-click inline rename (use ItemEditDialog instead)
+
+**Type / signature consistency**
+
+- `onEdit?: (item: Item) => void` chained from +page → FavoritesSection / GroupSection → NavGrid → NavItem.
+- `editModeStore` is auth-gated: cannot turn on without authed=true, auto-flips off on logout.
+
+**Verification gates**
+
+- 5 of 12 tasks add svelte-check / vitest gates inline.
+- Phase 3 (Task 12) is an e2e smoke combining real backend + frontend dev server.
+
+**Deferred plans**
+
+- Plan 4b (optional): drag-drop, full group/site/tag UI, SiteSettingsDialog, icon upload.
+- Plan 5: dump-bootstrap.mjs, Dockerfile, docker-compose, Playwright e2e, README finalization. Plan 5 may absorb the Plan 4b items if user wants.
diff --git a/web/src/lib/api/nav.ts b/web/src/lib/api/nav.ts
new file mode 100644
index 0000000..0a80f26
--- /dev/null
+++ b/web/src/lib/api/nav.ts
@@ -0,0 +1,47 @@
+// web/src/lib/api/nav.ts
+import { apiClient } from './client';
+import { ItemSchema, type Item, type IconKind } from '$lib/types/nav';
+
+export interface ItemPayload {
+  groupId: number | null;
+  name: string;
+  nameI18n?: Record<string, string> | null;
+  description?: string | null;
+  descriptionI18n?: Record<string, string> | null;
+  iconKind: IconKind;
+  iconValue: string;
+  links: Record<string, string>;
+  tagSlugs: string[];
+}
+
+export type ItemPatch = Partial<ItemPayload>;
+
+export function createItem(payload: ItemPayload): Promise<Item> {
+  return apiClient<Item>({
+    method: 'POST',
+    path: '/api/items',
+    body: payload,
+    responseSchema: ItemSchema
+  });
+}
+
+export function patchItem(id: number, patch: ItemPatch): Promise<Item> {
+  return apiClient<Item>({
+    method: 'PATCH',
+    path: `/api/items/${id}`,
+    body: patch,
+    responseSchema: ItemSchema
+  });
+}
+
+export function deleteItem(id: number): Promise<void> {
+  return apiClient<void>({ method: 'DELETE', path: `/api/items/${id}` });
+}
+
+export function changePassword(current: string, next: string): Promise<void> {
+  return apiClient<void>({
+    method: 'POST',
+    path: '/api/config/password',
+    body: { current, next }
+  });
+}
diff --git a/web/src/lib/components/Editor/ChangePasswordDialog.svelte b/web/src/lib/components/Editor/ChangePasswordDialog.svelte
new file mode 100644
index 0000000..8c5e96a
--- /dev/null
+++ b/web/src/lib/components/Editor/ChangePasswordDialog.svelte
@@ -0,0 +1,77 @@
+<script lang="ts">
+  import Dialog from '$lib/components/ui/Dialog.svelte';
+  import Input from '$lib/components/ui/Input.svelte';
+  import Button from '$lib/components/ui/Button.svelte';
+  import { changePassword } from '$lib/api/nav';
+  import { ApiError } from '$lib/api/client';
+  import { toast } from '$lib/components/ui/toast';
+  import { t } from '$lib/i18n/store';
+
+  interface Props {
+    open: boolean;
+  }
+  let { open = $bindable(false) }: Props = $props();
+
+  let current = $state('');
+  let next = $state('');
+  let confirm = $state('');
+  let submitting = $state(false);
+  let error = $state<string | null>(null);
+
+  async function submit() {
+    error = null;
+    if (next.length < 8) {
+      error = 'New password must be ≥ 8 chars';
+      return;
+    }
+    if (next !== confirm) {
+      error = 'New passwords do not match';
+      return;
+    }
+    submitting = true;
+    try {
+      await changePassword(current, next);
+      toast.success($t('common.save') + ' ✓');
+      current = next = confirm = '';
+      open = false;
+    } catch (e) {
+      if (e instanceof ApiError) {
+        if (e.status === 401) error = $t('auth.login.error.bad_password');
+        else error = e.message ?? $t('error.unknown');
+      } else error = $t('error.unknown');
+    } finally {
+      submitting = false;
+    }
+  }
+</script>
+
+<Dialog bind:open title="Change admin password" width="sm">
+  <div class="form">
+    <Input label="Current password" type="password" bind:value={current} />
+    <Input label="New password (≥ 8 chars)" type="password" bind:value={next} />
+    <Input label="Confirm new password" type="password" bind:value={confirm} />
+    {#if error}<p class="err">{error}</p>{/if}
+  </div>
+  {#snippet footer()}
+    <Button intent="ghost" onclick={() => (open = false)}>{$t('common.cancel')}</Button>
+    <Button
+      intent="primary"
+      onclick={submit}
+      loading={submitting}
+      disabled={!current || !next || !confirm}>{$t('common.save')}</Button
+    >
+  {/snippet}
+</Dialog>
+
+<style lang="scss">
+  .form {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-3);
+  }
+  .err {
+    margin: 0;
+    color: var(--c-danger);
+    font-size: var(--fs-sm);
+  }
+</style>
diff --git a/web/src/lib/components/Editor/ItemEditDialog.svelte b/web/src/lib/components/Editor/ItemEditDialog.svelte
new file mode 100644
index 0000000..a4d83fd
--- /dev/null
+++ b/web/src/lib/components/Editor/ItemEditDialog.svelte
@@ -0,0 +1,185 @@
+<script lang="ts">
+  import Dialog from '$lib/components/ui/Dialog.svelte';
+  import Input from '$lib/components/ui/Input.svelte';
+  import Button from '$lib/components/ui/Button.svelte';
+  import { t } from '$lib/i18n/store';
+  import { navDataStore } from '$lib/stores/navData';
+  import { createItem, patchItem, type ItemPayload } from '$lib/api/nav';
+  import { toast } from '$lib/components/ui/toast';
+  import { ApiError } from '$lib/api/client';
+  import type { Item } from '$lib/types/nav';
+
+  interface Props {
+    open: boolean;
+    /** When set, dialog is in edit mode for this item; null = create. */
+    target: Item | null;
+    /** Initial group for create mode. */
+    defaultGroupId?: number | null;
+  }
+
+  let { open = $bindable(false), target, defaultGroupId = null }: Props = $props();
+
+  // Form state
+  let name = $state('');
+  let groupId = $state<number | null>(null);
+  let iconKind = $state<'asset' | 'url' | 'auto-favicon'>('asset');
+  let iconValue = $state('');
+  let linksJson = $state('{}'); // simplified MVP: edit links as JSON
+  let tagSlugsCsv = $state(''); // simplified: comma-separated
+  let submitting = $state(false);
+  let error = $state<string | null>(null);
+
+  $effect(() => {
+    // sync form when target / open changes
+    if (!open) return;
+    if (target) {
+      name = target.name;
+      groupId = target.groupId;
+      iconKind = target.iconKind;
+      iconValue = target.iconValue;
+      linksJson = JSON.stringify(target.links, null, 2);
+      tagSlugsCsv = target.tagSlugs.join(', ');
+    } else {
+      name = '';
+      groupId = defaultGroupId;
+      iconKind = 'asset';
+      iconValue = '';
+      linksJson = '{}';
+      tagSlugsCsv = '';
+    }
+    error = null;
+  });
+
+  function parseLinks(): Record<string, string> {
+    try {
+      const parsed = JSON.parse(linksJson) as unknown;
+      if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+        return Object.fromEntries(
+          Object.entries(parsed as Record<string, unknown>).map(([k, v]) => [k, String(v)])
+        );
+      }
+    } catch {
+      /* fallthrough to error */
+    }
+    throw new Error('links must be a JSON object: { "siteValue": "url", ... }');
+  }
+
+  async function submit() {
+    if (submitting) return;
+    error = null;
+    submitting = true;
+    try {
+      const links = parseLinks();
+      const payload: ItemPayload = {
+        groupId,
+        name: name.trim(),
+        iconKind,
+        iconValue: iconValue.trim(),
+        links,
+        tagSlugs: tagSlugsCsv
+          .split(',')
+          .map((s) => s.trim())
+          .filter(Boolean)
+      };
+      if (target) {
+        await patchItem(target.id, payload);
+        toast.success($t('common.save') + ' ✓');
+      } else {
+        await createItem(payload);
+        toast.success($t('editor.item.new') + ' ✓');
+      }
+      navDataStore.refetch();
+      open = false;
+    } catch (e) {
+      if (e instanceof ApiError) error = `${e.code}${e.message ? ': ' + e.message : ''}`;
+      else if (e instanceof Error) error = e.message;
+      else error = $t('error.unknown');
+    } finally {
+      submitting = false;
+    }
+  }
+
+  const groupOptions = $derived($navDataStore.bundle?.groups ?? []);
+</script>
+
+<Dialog bind:open title={target ? $t('common.edit') : $t('editor.item.new')} width="md">
+  <div class="form">
+    <Input label={$t('common.edit') + ' — name'} bind:value={name} />
+    <label class="grp">
+      <span class="lbl">Group</span>
+      <select bind:value={groupId}>
+        <option value={null}>—</option>
+        {#each groupOptions as g (g.id)}
+          <option value={g.id}>{g.name}</option>
+        {/each}
+      </select>
+    </label>
+    <label class="grp">
+      <span class="lbl">Icon kind</span>
+      <select bind:value={iconKind}>
+        <option value="asset">asset (file under /navIcons/)</option>
+        <option value="url">url (full URL)</option>
+        <option value="auto-favicon">auto-favicon (host)</option>
+      </select>
+    </label>
+    <Input
+      label="Icon value"
+      bind:value={iconValue}
+      placeholder="example.png / https://… / example.com"
+    />
+    <label class="grp">
+      <span class="lbl">Links (JSON: siteValue → URL)</span>
+      <textarea rows="4" bind:value={linksJson}></textarea>
+    </label>
+    <Input label="Tag slugs (comma-separated)" bind:value={tagSlugsCsv} placeholder="fav, tools" />
+    {#if error}<p class="err">{error}</p>{/if}
+  </div>
+  {#snippet footer()}
+    <Button intent="ghost" onclick={() => (open = false)}>{$t('common.cancel')}</Button>
+    <Button intent="primary" onclick={submit} loading={submitting} disabled={!name || !iconValue}>
+      {$t('common.save')}
+    </Button>
+  {/snippet}
+</Dialog>
+
+<style lang="scss">
+  .form {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-3);
+  }
+  .grp {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-1);
+    font-size: var(--fs-sm);
+  }
+  .lbl {
+    color: var(--c-text-2);
+    font-weight: var(--fw-medium);
+  }
+  select,
+  textarea {
+    background: var(--c-surface);
+    color: var(--c-text);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-md);
+    padding: var(--sp-2) var(--sp-3);
+    font-family: inherit;
+    font-size: var(--fs-md);
+    &:focus {
+      border-color: var(--c-accent);
+      outline: none;
+      box-shadow: 0 0 0 3px var(--c-accent-bg);
+    }
+  }
+  textarea {
+    font-family: var(--ft-mono);
+    font-size: var(--fs-sm);
+  }
+  .err {
+    margin: 0;
+    color: var(--c-danger);
+    font-size: var(--fs-sm);
+  }
+</style>
diff --git a/web/src/lib/components/Editor/LoginDialog.svelte b/web/src/lib/components/Editor/LoginDialog.svelte
new file mode 100644
index 0000000..dca7a77
--- /dev/null
+++ b/web/src/lib/components/Editor/LoginDialog.svelte
@@ -0,0 +1,60 @@
+<script lang="ts">
+  import Dialog from '$lib/components/ui/Dialog.svelte';
+  import Input from '$lib/components/ui/Input.svelte';
+  import Button from '$lib/components/ui/Button.svelte';
+  import { sessionStore } from '$lib/stores/session';
+  import { ApiError } from '$lib/api/client';
+  import { t } from '$lib/i18n/store';
+  import { toast } from '$lib/components/ui/toast';
+
+  interface Props {
+    open: boolean;
+  }
+  let { open = $bindable(false) }: Props = $props();
+
+  let password = $state('');
+  let submitting = $state(false);
+  let error = $state<string | null>(null);
+
+  async function submit(e?: SubmitEvent) {
+    e?.preventDefault();
+    if (!password || submitting) return;
+    error = null;
+    submitting = true;
+    try {
+      await sessionStore.login(password);
+      toast.success($t('auth.login.title') + ' ✓');
+      password = '';
+      open = false;
+    } catch (e) {
+      if (e instanceof ApiError) {
+        if (e.status === 401) error = $t('auth.login.error.bad_password');
+        else if (e.status === 429) error = $t('auth.login.error.rate_limited');
+        else error = $t('error.unknown');
+      } else {
+        error = $t('error.network.offline');
+      }
+    } finally {
+      submitting = false;
+    }
+  }
+</script>
+
+<Dialog bind:open title={$t('auth.login.title')} width="sm">
+  <form onsubmit={submit}>
+    <Input
+      label={$t('auth.login.password')}
+      type="password"
+      autocomplete="current-password"
+      bind:value={password}
+      invalid={!!error}
+      errorText={error ?? undefined}
+    />
+  </form>
+  {#snippet footer()}
+    <Button intent="ghost" onclick={() => (open = false)}>{$t('common.cancel')}</Button>
+    <Button intent="primary" onclick={() => submit()} disabled={!password} loading={submitting}>
+      {$t('auth.login.submit')}
+    </Button>
+  {/snippet}
+</Dialog>
diff --git a/web/src/lib/components/Editor/NavItemContextMenu.svelte b/web/src/lib/components/Editor/NavItemContextMenu.svelte
new file mode 100644
index 0000000..6d6f168
--- /dev/null
+++ b/web/src/lib/components/Editor/NavItemContextMenu.svelte
@@ -0,0 +1,21 @@
+<!-- web/src/lib/components/Editor/NavItemContextMenu.svelte -->
+<script lang="ts">
+  import Menu from '$lib/components/ui/Menu.svelte';
+  import { t } from '$lib/i18n/store';
+
+  interface Props {
+    open: boolean;
+    x: number;
+    y: number;
+    onEdit: () => void;
+    onDelete: () => void;
+  }
+  let { open = $bindable(false), x, y, onEdit, onDelete }: Props = $props();
+
+  const items = $derived([
+    { label: $t('common.edit'), onSelect: onEdit },
+    { label: $t('common.delete'), onSelect: onDelete, intent: 'danger' as const }
+  ]);
+</script>
+
+<Menu bind:open {x} {y} {items} />
diff --git a/web/src/lib/components/Editor/NewItemAffordance.svelte b/web/src/lib/components/Editor/NewItemAffordance.svelte
new file mode 100644
index 0000000..bacf6d9
--- /dev/null
+++ b/web/src/lib/components/Editor/NewItemAffordance.svelte
@@ -0,0 +1,46 @@
+<script lang="ts">
+  import { t } from '$lib/i18n/store';
+  interface Props {
+    onClick: () => void;
+  }
+  let { onClick }: Props = $props();
+</script>
+
+<button type="button" class="aff" onclick={onClick} aria-label={$t('editor.item.new')}>
+  <span class="plus" aria-hidden="true">＋</span>
+  <span class="lbl">{$t('editor.item.new')}</span>
+</button>
+
+<style lang="scss">
+  .aff {
+    display: inline-flex;
+    flex-direction: column;
+    align-items: center;
+    justify-content: center;
+    gap: var(--sp-2);
+    width: 96px;
+    min-height: 96px;
+    margin: 0 auto var(--sp-7);
+    background: transparent;
+    border: 2px dashed var(--c-border);
+    border-radius: var(--rd-lg);
+    color: var(--c-text-3);
+    cursor: pointer;
+    transition:
+      border-color var(--tr-fast),
+      color var(--tr-fast),
+      background var(--tr-fast);
+    &:hover {
+      border-color: var(--c-accent);
+      color: var(--c-accent);
+      background: var(--c-accent-bg);
+    }
+  }
+  .plus {
+    font-size: 28px;
+    line-height: 1;
+  }
+  .lbl {
+    font-size: var(--fs-xs);
+  }
+</style>
diff --git a/web/src/lib/components/Header/AuthControls.svelte b/web/src/lib/components/Header/AuthControls.svelte
index d99af5a..03a8424 100644
--- a/web/src/lib/components/Header/AuthControls.svelte
+++ b/web/src/lib/components/Header/AuthControls.svelte
@@ -1,13 +1,13 @@
 <script lang="ts">
   import Button from '$lib/components/ui/Button.svelte';
+  import LoginDialog from '$lib/components/Editor/LoginDialog.svelte';
+  import ChangePasswordDialog from '$lib/components/Editor/ChangePasswordDialog.svelte';
+  import EditToggle from './EditToggle.svelte';
   import { sessionStore } from '$lib/stores/session';
   import { t } from '$lib/i18n/store';
 
-  function onLoginClick() {
-    // Plan 4 will replace this with a LoginDialog open trigger.
-    // For now, show a placeholder toast or no-op so Plan 3 stays read-only.
-    alert($t('auth.login.title') + ' — coming in Plan 4');
-  }
+  let loginOpen = $state(false);
+  let pwOpen = $state(false);
 
   async function onLogout() {
     await sessionStore.logout();
@@ -15,7 +15,12 @@
 </script>
 
 {#if $sessionStore.authed}
+  <EditToggle />
+  <Button intent="ghost" size="sm" onclick={() => (pwOpen = true)}>🔑</Button>
   <Button intent="ghost" size="sm" onclick={onLogout}>{$t('header.logout')}</Button>
 {:else}
-  <Button intent="ghost" size="sm" onclick={onLoginClick}>{$t('header.login')}</Button>
+  <Button intent="ghost" size="sm" onclick={() => (loginOpen = true)}>{$t('header.login')}</Button>
 {/if}
+
+<LoginDialog bind:open={loginOpen} />
+<ChangePasswordDialog bind:open={pwOpen} />
diff --git a/web/src/lib/components/Header/EditToggle.svelte b/web/src/lib/components/Header/EditToggle.svelte
new file mode 100644
index 0000000..b5550d7
--- /dev/null
+++ b/web/src/lib/components/Header/EditToggle.svelte
@@ -0,0 +1,9 @@
+<script lang="ts">
+  import Button from '$lib/components/ui/Button.svelte';
+  import { editModeStore } from '$lib/stores/editMode';
+  import { t } from '$lib/i18n/store';
+</script>
+
+<Button intent={$editModeStore ? 'primary' : 'secondary'} size="sm" onclick={editModeStore.toggle}>
+  {$editModeStore ? $t('header.editMode.exit') : $t('header.editMode.enter')}
+</Button>
diff --git a/web/src/lib/components/Nav/FavoritesSection.svelte b/web/src/lib/components/Nav/FavoritesSection.svelte
index e6e096e..3dca76d 100644
--- a/web/src/lib/components/Nav/FavoritesSection.svelte
+++ b/web/src/lib/components/Nav/FavoritesSection.svelte
@@ -1,13 +1,19 @@
 <script lang="ts">
+  import type { Item } from '$lib/types/nav';
   import { visibleFavorites } from '$lib/stores/visible';
   import NavGrid from './NavGrid.svelte';
   import { t } from '$lib/i18n/store';
+
+  interface Props {
+    onEdit?: (item: Item) => void;
+  }
+  let { onEdit }: Props = $props();
 </script>
 
 {#if $visibleFavorites.length > 0}
   <section class="favorites">
     <h2 class="heading">★ {$t('nav.favorites.title')}</h2>
-    <NavGrid items={$visibleFavorites} />
+    <NavGrid items={$visibleFavorites} {onEdit} />
   </section>
 {/if}
 
diff --git a/web/src/lib/components/Nav/GroupSection.svelte b/web/src/lib/components/Nav/GroupSection.svelte
index 7432e0b..14e9a7a 100644
--- a/web/src/lib/components/Nav/GroupSection.svelte
+++ b/web/src/lib/components/Nav/GroupSection.svelte
@@ -1,13 +1,15 @@
 <script lang="ts">
   import type { VisibleGroup } from '$lib/stores/visible';
+  import type { Item } from '$lib/types/nav';
   import { uiPrefs } from '$lib/stores/uiPrefs';
   import GroupHeader from './GroupHeader.svelte';
   import NavGrid from './NavGrid.svelte';
 
   interface Props {
     section: VisibleGroup;
+    onEdit?: (item: Item) => void;
   }
-  let { section }: Props = $props();
+  let { section, onEdit }: Props = $props();
 
   const isOpen = $derived(section.group ? $uiPrefs.groupOpen[section.group.slug] !== false : true);
 </script>
@@ -17,7 +19,7 @@
     <GroupHeader group={section.group} />
   {/if}
   {#if isOpen}
-    <NavGrid items={section.items} />
+    <NavGrid items={section.items} {onEdit} />
   {/if}
 </section>
 
diff --git a/web/src/lib/components/Nav/NavGrid.svelte b/web/src/lib/components/Nav/NavGrid.svelte
index 6e60962..2b2f792 100644
--- a/web/src/lib/components/Nav/NavGrid.svelte
+++ b/web/src/lib/components/Nav/NavGrid.svelte
@@ -4,13 +4,14 @@
 
   interface Props {
     items: Item[];
+    onEdit?: (item: Item) => void;
   }
-  let { items }: Props = $props();
+  let { items, onEdit }: Props = $props();
 </script>
 
 <div class="grid">
   {#each items as item (item.id)}
-    <NavItem {item} />
+    <NavItem {item} {onEdit} />
   {/each}
 </div>
 
diff --git a/web/src/lib/components/Nav/NavItem.svelte b/web/src/lib/components/Nav/NavItem.svelte
index 1f667ac..44de551 100644
--- a/web/src/lib/components/Nav/NavItem.svelte
+++ b/web/src/lib/components/Nav/NavItem.svelte
@@ -2,17 +2,27 @@
   import type { Item } from '$lib/types/nav';
   import { uiPrefs } from '$lib/stores/uiPrefs';
   import { currentSite } from '$lib/stores/visible';
-  import { localeStore } from '$lib/i18n/store';
+  import { localeStore, t } from '$lib/i18n/store';
+  import { editModeStore } from '$lib/stores/editMode';
+  import NavItemContextMenu from '$lib/components/Editor/NavItemContextMenu.svelte';
+  import { navDataStore } from '$lib/stores/navData';
+  import { deleteItem } from '$lib/api/nav';
+  import { toast } from '$lib/components/ui/toast';
 
   interface Props {
     item: Item;
+    onEdit?: (item: Item) => void;
   }
-  let { item }: Props = $props();
+  let { item, onEdit }: Props = $props();
 
   const url = $derived($currentSite.site ? (item.links[$currentSite.site.value] ?? null) : null);
   const displayName = $derived(item.nameI18n?.[$localeStore] ?? item.name);
   const isFav = $derived($uiPrefs.favoriteItemIds.includes(item.id));
 
+  let menuOpen = $state(false);
+  let menuX = $state(0);
+  let menuY = $state(0);
+
   function iconSrc(): string {
     switch (item.iconKind) {
       case 'asset':
@@ -25,10 +35,12 @@
   }
 
   function open() {
+    if ($editModeStore) return; // suppress nav navigation in edit mode
     if (url) window.open(url, '_blank', 'noopener,noreferrer');
   }
 
   function onKeydown(e: KeyboardEvent) {
+    if ($editModeStore) return;
     if (e.key === 'Enter' || e.key === ' ') {
       e.preventDefault();
       open();
@@ -39,16 +51,44 @@
     e.stopPropagation();
     uiPrefs.toggleFavorite(item.id);
   }
+
+  function onContextMenu(e: MouseEvent) {
+    if (!$editModeStore) return;
+    e.preventDefault();
+    menuX = e.clientX;
+    menuY = e.clientY;
+    menuOpen = true;
+  }
+
+  async function onConfirmDelete() {
+    // optimistic remove
+    const before = $navDataStore.bundle;
+    if (!before) return;
+    navDataStore.setBundle({
+      ...before,
+      items: before.items.filter((i) => i.id !== item.id)
+    });
+    try {
+      await deleteItem(item.id);
+      toast.success($t('common.delete') + ' ✓');
+    } catch {
+      // rollback
+      navDataStore.refetch();
+      toast.error($t('error.unknown'));
+    }
+  }
 </script>
 
-<div class="cell">
+<!-- svelte-ignore a11y_no_static_element_interactions -->
+<div class="cell" oncontextmenu={onContextMenu}>
   <button
     type="button"
     class="card"
+    class:edit={$editModeStore}
     onclick={open}
     onkeydown={onKeydown}
     aria-label={displayName}
-    disabled={!url}
+    disabled={!url && !$editModeStore}
   >
     <img class="icon" src={iconSrc()} alt="" loading="lazy" />
   </button>
@@ -62,6 +102,14 @@
   <span class="label">{displayName}</span>
 </div>
 
+<NavItemContextMenu
+  bind:open={menuOpen}
+  x={menuX}
+  y={menuY}
+  onEdit={() => onEdit?.(item)}
+  onDelete={onConfirmDelete}
+/>
+
 <style lang="scss">
   .cell {
     position: relative;
@@ -91,6 +139,10 @@
       border-color: var(--c-accent);
     }
 
+    &.edit {
+      cursor: context-menu;
+    }
+
     &:disabled {
       opacity: 0.55;
       cursor: not-allowed;
diff --git a/web/src/lib/stores/editMode.test.ts b/web/src/lib/stores/editMode.test.ts
new file mode 100644
index 0000000..9554e6c
--- /dev/null
+++ b/web/src/lib/stores/editMode.test.ts
@@ -0,0 +1,38 @@
+// web/src/lib/stores/editMode.test.ts
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { get } from 'svelte/store';
+import { editModeStore } from './editMode';
+import { sessionStore } from './session';
+
+const fetchMock = vi.fn();
+beforeEach(() => {
+  fetchMock.mockReset();
+  vi.stubGlobal('fetch', fetchMock);
+  editModeStore.set(false);
+  // Force authed=false baseline
+  fetchMock.mockResolvedValueOnce(new Response(null, { status: 204 }));
+});
+
+describe('editModeStore', () => {
+  it('toggle when not authed stays false', () => {
+    editModeStore.toggle();
+    expect(get(editModeStore)).toBe(false);
+  });
+
+  it('toggle when authed flips on', async () => {
+    fetchMock.mockResolvedValueOnce(new Response(null, { status: 204 }));
+    await sessionStore.login('pw');
+    editModeStore.toggle();
+    expect(get(editModeStore)).toBe(true);
+  });
+
+  it('logout flips edit mode off', async () => {
+    fetchMock.mockResolvedValueOnce(new Response(null, { status: 204 }));
+    await sessionStore.login('pw');
+    editModeStore.set(true);
+    expect(get(editModeStore)).toBe(true);
+    fetchMock.mockResolvedValueOnce(new Response(null, { status: 204 }));
+    await sessionStore.logout();
+    expect(get(editModeStore)).toBe(false);
+  });
+});
diff --git a/web/src/lib/stores/editMode.ts b/web/src/lib/stores/editMode.ts
new file mode 100644
index 0000000..8bd2e4e
--- /dev/null
+++ b/web/src/lib/stores/editMode.ts
@@ -0,0 +1,19 @@
+// web/src/lib/stores/editMode.ts
+import { writable, derived, type Readable } from 'svelte/store';
+import { sessionStore } from './session';
+
+const _on = writable<boolean>(false);
+
+/** Edit mode can ONLY be on when the user is authed. Logout flips it off. */
+sessionStore.subscribe((s) => {
+  if (!s.authed) _on.set(false);
+});
+
+export const editModeStore: Readable<boolean> & {
+  toggle(): void;
+  set(v: boolean): void;
+} = {
+  subscribe: derived([_on, sessionStore], ([$on, $s]) => $on && $s.authed).subscribe,
+  toggle: () => _on.update((v) => !v),
+  set: (v: boolean) => _on.set(v)
+};
diff --git a/web/src/routes/+layout.svelte b/web/src/routes/+layout.svelte
index 03cd138..19901db 100644
--- a/web/src/routes/+layout.svelte
+++ b/web/src/routes/+layout.svelte
@@ -2,12 +2,15 @@
   import Header from '$lib/components/Header/index.svelte';
   import Footer from '$lib/components/Footer/index.svelte';
   import ToastViewport from '$lib/components/ui/ToastViewport.svelte';
+  import { editModeStore } from '$lib/stores/editMode';
   import '$lib/design/theme';
   import '../app.scss';
 
   let { children } = $props();
 </script>
 
+<svelte:body class:edit-mode={$editModeStore} />
+
 <Header />
 
 <main>
@@ -27,4 +30,21 @@
     padding: 0 var(--sp-4);
     box-sizing: border-box;
   }
+
+  :global(body.edit-mode main) {
+    outline: 2px dashed var(--c-accent);
+    outline-offset: var(--sp-2);
+    border-radius: var(--rd-md);
+  }
+
+  :global(body.edit-mode)::before {
+    content: '';
+    position: fixed;
+    top: 0;
+    left: 0;
+    right: 0;
+    height: 3px;
+    background: var(--c-accent);
+    z-index: 200;
+  }
 </style>
diff --git a/web/src/routes/+page.svelte b/web/src/routes/+page.svelte
index 71b2cfa..4e737d6 100644
--- a/web/src/routes/+page.svelte
+++ b/web/src/routes/+page.svelte
@@ -6,9 +6,28 @@
   import EmptyState from '$lib/components/Nav/EmptyState.svelte';
   import Skeleton from '$lib/components/ui/Skeleton.svelte';
   import Button from '$lib/components/ui/Button.svelte';
+  import ItemEditDialog from '$lib/components/Editor/ItemEditDialog.svelte';
+  import NewItemAffordance from '$lib/components/Editor/NewItemAffordance.svelte';
+  import { editModeStore } from '$lib/stores/editMode';
   import { t } from '$lib/i18n/store';
+  import type { Item } from '$lib/types/nav';
 
   const siteTitle = $derived($navDataStore.bundle?.meta.siteName ?? '');
+
+  let editTarget = $state<Item | null>(null);
+  let createForGroupId = $state<number | null>(null);
+  let editDialogOpen = $state(false);
+
+  function openEdit(item: Item) {
+    editTarget = item;
+    createForGroupId = null;
+    editDialogOpen = true;
+  }
+  function openCreate(groupId: number | null) {
+    editTarget = null;
+    createForGroupId = groupId;
+    editDialogOpen = true;
+  }
 </script>
 
 <svelte:head>
@@ -27,7 +46,7 @@
     <Button onclick={() => navDataStore.refetch()}>{$t('error.network.retry')}</Button>
   </div>
 {:else}
-  <FavoritesSection />
+  <FavoritesSection onEdit={openEdit} />
   {#if $visibleSections.length === 0}
     {#if $hasActiveFilter}
       <EmptyState title={$t('nav.empty.search')} hint={$t('nav.empty.search.hint')} />
@@ -36,14 +55,24 @@
       </div>
     {:else}
       <EmptyState title={$t('nav.empty.data')} hint={$t('nav.empty.data.hint')} />
+      {#if $editModeStore}
+        <div class="retry">
+          <Button onclick={() => openCreate(null)}>{$t('editor.item.new')}</Button>
+        </div>
+      {/if}
     {/if}
   {:else}
     {#each $visibleSections as section (section.group?.id ?? 'ungrouped')}
-      <GroupSection {section} />
+      <GroupSection {section} onEdit={openEdit} />
+      {#if $editModeStore}
+        <NewItemAffordance onClick={() => openCreate(section.group?.id ?? null)} />
+      {/if}
     {/each}
   {/if}
 {/if}
 
+<ItemEditDialog bind:open={editDialogOpen} target={editTarget} defaultGroupId={createForGroupId} />
+
 <style lang="scss">
   .loading {
     display: flex;

From 3f282c7e247858e9e3fe0bbb04e5aaf44e95c8a3 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 20 May 2026 19:44:49 +0800
Subject: [PATCH 07/77] feat(deploy): Docker + Playwright e2e + README (Plan 5)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Production-ready single-image deploy.
- Real bootstrap.json (17 default items + 4 sites + 4 groups)
- dump-bootstrap.mjs + bootstrap-source.ts (regen script)
- Multi-stage Dockerfile (web + server → gcr.io/distroless/cc-debian12,
  ~70 MB final image)
- docker-compose.yml + Caddyfile (auto-TLS via Let's Encrypt)
- scripts/docker-smoke.sh (build + run + verify health/nav/login/me)
- Root Playwright config (port 18080, chromium-only)
- 3 e2e specs: read flow + edit flow + scripts/e2e.sh harness
- README quickstart-first (Docker run + dev workflow + env +
  architecture + roadmap)
- All cargo + pnpm gates green: 40 backend tests + 31 frontend tests +
  clippy + fmt + lint clean

Note: Docker daemon was offline during the implementation session.
All Docker artifacts written and statically verified. User to run
scripts/docker-smoke.sh + scripts/e2e.sh after starting Docker Desktop.
---
 .gitignore                                    |   3 +
 Caddyfile                                     |   6 +
 Dockerfile                                    | 167 +--
 README.md                                     | 267 ++---
 docker-compose.yml                            |  33 +
 .../plans/2026-05-20-plan-5-docker-e2e.md     | 954 ++++++++++++++++++
 package-lock.json                             |  78 ++
 package.json                                  |  13 +
 scripts/bootstrap-source.ts                   |  71 ++
 scripts/docker-smoke.sh                       |  43 +
 scripts/dump-bootstrap.mjs                    |  17 +
 scripts/e2e.sh                                |  32 +
 server/bootstrap.json                         |  33 +-
 server/tests/seed.rs                          |   2 +-
 tests/edit.spec.ts                            |  38 +
 tests/playwright.config.ts                    |  22 +
 tests/read.spec.ts                            |  24 +
 web/playwright.config.js                      |  10 -
 web/tests/test.ts                             |   6 -
 19 files changed, 1493 insertions(+), 326 deletions(-)
 create mode 100644 Caddyfile
 create mode 100644 docker-compose.yml
 create mode 100644 docs/superpowers/plans/2026-05-20-plan-5-docker-e2e.md
 create mode 100644 package-lock.json
 create mode 100644 package.json
 create mode 100644 scripts/bootstrap-source.ts
 create mode 100755 scripts/docker-smoke.sh
 create mode 100644 scripts/dump-bootstrap.mjs
 create mode 100755 scripts/e2e.sh
 create mode 100644 tests/edit.spec.ts
 create mode 100644 tests/playwright.config.ts
 create mode 100644 tests/read.spec.ts
 delete mode 100644 web/playwright.config.js
 delete mode 100644 web/tests/test.ts

diff --git a/.gitignore b/.gitignore
index f6a93cd..7940c0b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,6 +14,9 @@ web/.env
 web/.env.*
 !web/.env.example
 
+# Root e2e harness
+/node_modules/
+
 # Backend
 server/target/
 server/.env
diff --git a/Caddyfile b/Caddyfile
new file mode 100644
index 0000000..da7ba62
--- /dev/null
+++ b/Caddyfile
@@ -0,0 +1,6 @@
+# Caddyfile — auto-TLS via Let's Encrypt.
+# Set DOMAIN env var (e.g. nav.example.com) before `docker compose up`.
+{$DOMAIN:localhost} {
+    reverse_proxy nav:8080
+    encode gzip
+}
diff --git a/Dockerfile b/Dockerfile
index b2fc625..cfeec50 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,127 +1,40 @@
-# build client assets
-FROM node:18-alpine as assetsBuilder
-
-ENV HOME=/usr/local/webserver/navigation_website
-
-WORKDIR ${HOME}
-
-COPY . .
-
-RUN pnpm install \
-  && NODE_ENV=production pnpm build
-
-
-# build nginx image
-FROM debian:bullseye-slim
-
-LABEL maintainer="NGINX Docker Maintainers <docker-maint@nginx.com>"
-
-ENV NGINX_VERSION=1.23.1 \
-  NJS_VERSION=0.7.6 \
-  PKG_RELEASE=1~bullseye \
-  HOME=/usr/local/webserver/navigation_website
-
-RUN set -x \
-# create nginx user/group first, to be consistent throughout docker variants
-    && addgroup --system --gid 101 nginx \
-    && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx \
-    && apt-get update \
-    && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates \
-    && \
-    NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62; \
-    found=''; \
-    for server in \
-        hkp://keyserver.ubuntu.com:80 \
-        pgp.mit.edu \
-    ; do \
-        echo "Fetching GPG key $NGINX_GPGKEY from $server"; \
-        apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; \
-    done; \
-    test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \
-    apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* \
-    && dpkgArch="$(dpkg --print-architecture)" \
-    && nginxPackages=" \
-        nginx=${NGINX_VERSION}-${PKG_RELEASE} \
-        nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} \
-        nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} \
-        nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} \
-        nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} \
-    " \
-    && case "$dpkgArch" in \
-        amd64|arm64) \
-# arches officialy built by upstream
-            echo "deb https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \
-            && apt-get update \
-            ;; \
-        *) \
-# we're on an architecture upstream doesn't officially build for
-# let's build binaries from the published source packages
-            echo "deb-src https://nginx.org/packages/mainline/debian/ bullseye nginx" >> /etc/apt/sources.list.d/nginx.list \
-            \
-# new directory for storing sources and .deb files
-            && tempDir="$(mktemp -d)" \
-            && chmod 777 "$tempDir" \
-# (777 to ensure APT's "_apt" user can access it too)
-            \
-# save list of currently-installed packages so build dependencies can be cleanly removed later
-            && savedAptMark="$(apt-mark showmanual)" \
-            \
-# build .deb files from upstream's source packages (which are verified by apt-get)
-            && apt-get update \
-            && apt-get build-dep -y $nginxPackages \
-            && ( \
-                cd "$tempDir" \
-                && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
-                    apt-get source --compile $nginxPackages \
-            ) \
-# we don't remove APT lists here because they get re-downloaded and removed later
-            \
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies)
-            && apt-mark showmanual | xargs apt-mark auto > /dev/null \
-            && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } \
-            \
-# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be)
-            && ls -lAFh "$tempDir" \
-            && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) \
-            && grep '^Package: ' "$tempDir/Packages" \
-            && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list \
-# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes")
-#   Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied)
-#   ...
-#   E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages  Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied)
-            && apt-get -o Acquire::GzipIndexes=false update \
-            ;; \
-    esac \
-    \
-    && apt-get install --no-install-recommends --no-install-suggests -y \
-                        $nginxPackages \
-                        gettext-base \
-                        curl \
-    && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list \
-    \
-# if we have leftovers from building, let's purge them (including extra, unnecessary build deps)
-    && if [ -n "$tempDir" ]; then \
-        apt-get purge -y --auto-remove \
-        && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \
-    fi \
-# forward request and error logs to docker log collector
-    # && ln -sf /dev/stdout /var/log/nginx/access.log \
-    # && ln -sf /dev/stderr /var/log/nginx/error.log \
-# create a docker-entrypoint.d directory
-    && mkdir /docker-entrypoint.d \
-# copy custom nginx.conf
-    && mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.BAK \
-    && mkdir -p /etc/nginx/cert/
-
-COPY ./config/docker /
-COPY ./config/nginx /etc/nginx/
-COPY --from=assetsBuilder ${HOME}/build ${HOME}/
-
-ENTRYPOINT ["sh", "/docker-entrypoint.sh"]
-
-EXPOSE 80 443
-
-STOPSIGNAL SIGQUIT
-
-CMD ["nginx", "-g", "daemon off;"]
+# syntax=docker/dockerfile:1.7
+
+# ──── Stage 1: build frontend ────
+FROM node:20-alpine AS web-build
+WORKDIR /web
+RUN corepack enable
+COPY web/pnpm-lock.yaml web/package.json ./
+RUN pnpm install --frozen-lockfile
+COPY web/ ./
+RUN pnpm build
+
+# ──── Stage 2: build server ────
+FROM rust:1.79-slim AS server-build
+WORKDIR /server
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends pkg-config libssl-dev ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
+# Cache deps layer
+COPY server/Cargo.toml server/Cargo.lock ./
+RUN mkdir -p src && echo 'fn main(){}' > src/main.rs && \
+    cargo build --release --bin navsrv && \
+    rm -rf src target/release/deps/navsrv* target/release/navsrv
+# Real build
+COPY server/ ./
+ENV SQLX_OFFLINE=true
+RUN cargo build --release --bin navsrv
+
+# ──── Stage 3: runtime ────
+FROM gcr.io/distroless/cc-debian12 AS runtime
+COPY --from=server-build /server/target/release/navsrv /usr/local/bin/navsrv
+COPY --from=web-build    /web/build                   /app/static
+ENV PORT=8080 \
+    DATA_DIR=/app/data \
+    STATIC_DIR=/app/static \
+    RUST_LOG=info,sqlx=warn,tower_http=info \
+    SECURE_COOKIES=false
+VOLUME /app/data
+EXPOSE 8080
+USER nonroot
+ENTRYPOINT ["/usr/local/bin/navsrv"]
diff --git a/README.md b/README.md
index 8eacc30..10b7f0c 100644
--- a/README.md
+++ b/README.md
@@ -1,206 +1,119 @@
-# Navigation website
+# Navigation Website
 
-A static navigation website written in svelte3.
+A self-hostable navigation/bookmark dashboard with a Rust backend (Axum + SQLite),
+a SvelteKit SPA frontend, and an inline editor for the admin.
 
-> Note: UI Design are referenced from other sites
+## Quickstart (Docker)
 
-## Preview
-
-- Desktop
+```bash
+docker run -d \
+  --name nav \
+  -p 8080:8080 \
+  -v ./data:/app/data \
+  -e BOOTSTRAP_ADMIN_PASSWORD=changeme \
+  navsrv:latest
+```
 
-  ![Desktop website](./snapshot_desktop.png)
+Visit http://localhost:8080. Click **Log in** in the top-right, enter your password,
+then click **Edit** to add/remove nav items inline.
 
-  - Site Switch
+For HTTPS with Let's Encrypt, use `docker compose up -d` with the bundled
+`docker-compose.yml` (set `DOMAIN=nav.example.com`).
 
-    ![Desktop Site Switch](./snapshot_desktop_site_switch.png)
+## Project layout
 
-- H5
+| Path | Purpose |
+|---|---|
+| `web/` | SvelteKit 2 + Svelte 5 SPA. `pnpm dev` for local dev (proxies `/api` to `:8080`). |
+| `server/` | Rust binary (`navsrv`). `cargo run` for local dev (default port 8080). |
+| `tests/` | Playwright e2e specs covering read + login + create. |
+| `scripts/` | `docker-smoke.sh`, `e2e.sh`, `dump-bootstrap.mjs`. |
+| `docs/superpowers/` | Design specs and implementation plans. |
+| `Dockerfile` | Multi-stage build → distroless single image. |
+| `docker-compose.yml` + `Caddyfile` | Optional TLS-fronted deploy. |
 
-  ![H5 Website](./snapshot_h5.png)
+## Local development
 
-  - Site Switch
+Backend (terminal A):
 
-    ![H5 Site Switch](./snapshot_h5_site_switch.png)
+```bash
+cd server
+cargo run            # listens on :8080
+```
 
-## Project layout
+On first boot, an admin password is generated and printed; it's also written to
+`server/dev-data/INITIAL_PASSWORD.txt` (auto-deleted after the first password
+change via the UI).
 
-- `web/` — SvelteKit SPA (`pnpm dev` / `pnpm build`)
-- `server/` — Rust backend (`cargo run`); see `server/README.md`
-- `docs/superpowers/` — design specs and implementation plans
+Frontend (terminal B):
 
-The production deploy is a single Docker image bundling both (Plan 5).
+```bash
+cd web
+pnpm install         # uses pinned pnpm 10 via packageManager
+pnpm dev             # listens on :5173, proxies /api to :8080
+```
 
-## Pre-install
+Run unit tests:
 
-- [Install git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
-  
-- [Install pnpm](https://www.pnpm.cn/installation)
+```bash
+cd web && pnpm test:unit
+cd server && SQLX_OFFLINE=true cargo test
+```
 
-- Clone the project to local
-  
-  ```bash
-  git clone https://github.com/picopock/navigation_website.git
-  ```
+Run e2e (requires Docker):
 
-- Install dependencies
+```bash
+bash scripts/e2e.sh
+```
 
-  ```bash
-  pnpm install
-  ```
+## Configuration (env)
 
-## Developing
+| Var | Default | Notes |
+|---|---|---|
+| `PORT` | `8080` | TCP port |
+| `DATA_DIR` | `/app/data` (Docker) / `./dev-data` (cargo) | SQLite + uploads + INITIAL_PASSWORD |
+| `STATIC_DIR` | `/app/static` (Docker) / `../web/build` (cargo) | SvelteKit build output |
+| `BOOTSTRAP_ADMIN_PASSWORD` | (unset) | First boot only; otherwise random + file |
+| `SECURE_COOKIES` | `false` (dev) / `true` (compose) | `true` requires HTTPS |
+| `RUST_LOG` | `info,sqlx=warn,tower_http=info` | tracing-subscriber filter |
 
-Once you've created a project and installed dependencies with `pnpm`, start a development server:
+## Resetting the admin password
 
 ```bash
-pnpm dev --host
-
-# or start the server and open the app in a new browser tab
-pnpm dev -- --open
+docker exec -it nav navsrv reset-password --password=<new>
+# or interactively (the binary prompts)
 ```
 
-## Customizing
-
-Customize your navigation page
-
-- Customize by modify the build product
-- Customize by modify the source code
-
-  - Customize website information
-
-    The website information is saved in `src/lib/constants/siteInfo.ts` file
-
-    | Name                  | Desc                                             |
-    | :-------------------- | :----------------------------------------------- |
-    | `siteName`            | Site name                                        |
-    | `siteCopyright`       | Site copyright information                       |
-    | `siteICPFiling`       | Site ICP filing information                      |
-    | `siteICPFilingURL`    | The link of ICP filing query website             |
-    | `sitePoliceFiling`    | Public security filing information of website    |
-    | `sitePoliceFilingURL` | The link of Public security filing query website |
-
-  - Customize navigation information
-
-    The navigation information is saved in `src/lib/constants/nav.ts` file
-
-    - Site List Definition
+This invalidates all sessions and removes any leftover `INITIAL_PASSWORD.txt`.
+
+## Architecture
+
+See `docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md` for the
+full design. Briefly:
+
+- **Frontend**: Svelte 5 (runes) + SvelteKit 2, no UI library — design tokens and
+  10 hand-built primitives under `web/src/lib/components/ui/`. `apiClient` validates
+  every response against zod schemas mirroring the backend types. Self-implemented
+  i18n (~80 lines), no library.
+- **Backend**: Axum 0.7 + SQLx (SQLite WAL). 3NF schema. Single-admin auth
+  (bcrypt + signed cookie session via `tower-sessions`). CRUD endpoints behind a
+  `RequireAuth` extractor. Favicon proxy with 7-day disk cache. CLI subcommand
+  for password reset.
+- **Deploy**: Multi-stage Dockerfile produces a distroless image (~70 MB). The
+  Rust binary serves both the SPA (`tower-http::ServeDir` with SPA fallback) and
+  `/api/*`.
 
-      | Site Item Field | Type   | Desc                                                           |
-      | :-------------- | :----- | :------------------------------------------------------------- |
-      | `name`          | string | Site name                                                      |
-      | `value`         | string | Value of site. It will be use as key field to define site link |
+## Roadmap
 
-      - Default Site Definition
+Future enhancements (not in current shipped Plans 1–5):
 
-        - `defaultSiteIndex`
-    
-          The default site index of site list. Start index is `0`, not `1`. Default value is `0`.
+- Drag-and-drop reorder of nav items
+- Full management UI for groups, sites, tags (currently editable via API only)
+- Site settings dialog (site name, avatar upload, ICP filings, default theme)
+- Multi-user / OAuth / audit log
+- Real-time multi-device sync (SSE)
+- PWA / offline
 
-    - Nav List Definition
+## License
 
-      | Nav Item Field | Type   | Desc                                                       |
-      | :------------- | :----- | :--------------------------------------------------------- |
-      | `name`         | string | Navigation item name                                       |
-      | `link`         | object | The link of all site defined here                          |
-      | `source`       | string | Navigation item logo. support http(s)、image or svg format |
-
-      > Note： if the `source` field is not `http(s)` format, such as `jellyfin.svg`, you will need to put `jellyfin.svg` resource into  `static/navIcons/` folder.
-
-      > Note: if the link of current site is not defined under the `link` field, the nav item will not be show.
-
-    - example
-
-      ```ts
-      export const siteList: ISite[] = [
-        { name: '上海', value: 'shangHai' },
-        { name: '北京', value: 'beiJing' },
-        { name: '广州', value: 'guangZhou' },
-        { name: '深圳', value: 'shenZhen' },
-      ];
-
-      export const navList: INavItem[] = [
-        {
-          name: 'RouterOS',
-          link: {
-            shangHai: 'http://10.0.0.1',
-            beiJing: 'http://10.1.0.1'
-          },
-          source: 'routerOS.png'
-        },
-        {
-          name: 'OpenWRT',
-          link: {
-            shangHai: 'http://10.0.0.2',
-            beiJing: 'http://10.1.0.2'
-          },
-          source: 'openWRT.png'
-        },
-        {
-          name: 'Esxi',
-          link: {
-            shangHai: 'http://10.0.0.3',
-            beiJing: 'http://10.1.0.3',
-            guangZhou: 'http://10.2.0.3',
-          },
-          source: 'esxi.png'
-        },
-        {
-          name: 'K2P',
-          link: {
-            shangHai: 'http://10.0.0.4',
-            beiJing: 'http://10.1.0.4',
-            shenZhen: 'http://10.2.0.4',
-          },
-          source: 'phicomm.png'
-        }
-      ];
-      ```
-
-- Customize Avatar
-
-  - put resource into `static/` folder.
-
-  - rename resource with `avatar.png`.
-  
-## Building
-
-- Build locally
-
-  To create a production version of your app:
-
-  ```bash
-  pnpm build
-  ```
-
-  You can preview the production build with `pnpm preview`.
-
-- [Build with github action](https://github.com/picopock/navigation_website/actions)
-
-## Deploying
-
-- Deploy with static resource server
-  
-  when you run command `pnpm build`, the compile result will be put into `build` folder. Copy all files in the `build` folder to the static resource server.
-
-- Deploy with docker
-
-  - The docker image uses nginx as the static resource server. The nginx configuration file is in `config/nginx/` folder.
-
-    By default, this nginx is in https mode, and the http(80) request will be redirect to https. You need put the certificate file into `config/nginx/cert/` folder and update `nginx.conf` as follow:
-
-    ```conf
-    ssl_certificate               /etc/nginx/cert/<cert name>.pem;
-    ssl_certificate_key           /etc/nginx/cert/<cert name>.key;
-    ```
-
-    > Note: `<cert name>` will be replace with your certificate name.
-
-  - Build docker image based on `Dockerfile`.
-  - Pull docker iamge to your machine
-  - Run container whit docker command
-  
-    ```sh
-    // eg.
-    // Need to be update according to individual circumstances
-    docker run -d --restart=always --name navigation_website_<version> -p 8080:80 -p 8443:443 xxxx.com/xxxx/navigation_website:<version>
-    ```
+MIT.
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..9be8bf3
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,33 @@
+# docker-compose.yml — sample. Adjust DOMAIN / image tag for your deploy.
+services:
+  nav:
+    build: .
+    image: navsrv:latest
+    container_name: nav
+    restart: unless-stopped
+    environment:
+      BOOTSTRAP_ADMIN_PASSWORD: ${BOOTSTRAP_ADMIN_PASSWORD:-}
+      RUST_LOG: ${RUST_LOG:-info,sqlx=warn,tower_http=info}
+      SECURE_COOKIES: ${SECURE_COOKIES:-true}
+    volumes:
+      - ./data:/app/data
+    expose:
+      - "8080"
+
+  caddy:
+    image: caddy:2
+    container_name: caddy
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy-data:/data
+      - caddy-config:/config
+    depends_on:
+      - nav
+
+volumes:
+  caddy-data:
+  caddy-config:
diff --git a/docs/superpowers/plans/2026-05-20-plan-5-docker-e2e.md b/docs/superpowers/plans/2026-05-20-plan-5-docker-e2e.md
new file mode 100644
index 0000000..bd973f1
--- /dev/null
+++ b/docs/superpowers/plans/2026-05-20-plan-5-docker-e2e.md
@@ -0,0 +1,954 @@
+# Docker + E2E + README Implementation Plan (Plan 5 of 5 — Final)
+
+> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task.
+
+**Goal:** Ship a production-ready single-image deploy. After this plan: `docker run -d -p 8080:8080 -v ./data:/app/data -e BOOTSTRAP_ADMIN_PASSWORD=… navsrv:latest` boots the full stack (Rust backend + SvelteKit SPA bundled together) on port 8080. Optional `docker compose up` adds Caddy with auto-TLS in front. A small Playwright e2e suite verifies the read + login + create flow against a real container. README has the quickstart at the top.
+
+**Out of scope (intentionally not in any of the 5 plans):** drag-drop reorder, full Group/Site/Tag management UI, SiteSettingsDialog, icon upload UI, full edit-mode polish. These are listed in the project README as future enhancements.
+
+**Architecture:** A single multi-stage Dockerfile produces a small distroless image. Stage 1 builds the SvelteKit SPA. Stage 2 builds the Rust binary, embedding `bootstrap.json` via `include_str!`. Stage 3 copies the binary + the `web/build/` static files into a minimal runtime image. The Rust binary uses `tower-http::ServeDir` to serve the SPA and `axum` to serve `/api/*` (Plan 1 §2.1). Volume `/app/data` persists SQLite + uploads + INITIAL_PASSWORD.txt across container recreates.
+
+The `dump-bootstrap.mjs` script is included to regenerate the seed bootstrap.json from a hand-curated source (a small TS file under `scripts/`), but in this plan we ship a pre-generated `server/bootstrap.json` directly — the regeneration script exists for future maintainers.
+
+**Tech Stack (already provisioned):** Plans 1, 1.5, 2, 3, 4 + Docker (host).
+
+**Spec reference:** `docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md` § 9.2 (Docker), § 9.5 (deployment), § 10 (roadmap closure).
+
+**Predecessors:** All previous plans merged into `feat/rust-platform`.
+**Successors:** none — this is the final plan. After Plan 5 merges into `feat/rust-platform`, the integration branch is ready to PR into `master`.
+
+---
+
+## Conventions
+
+- **Working directory:** root of the worktree for Docker; `web/` for pnpm; `server/` for cargo; root for `playwright`.
+- **Sub-branch:** `plan-5/docker-e2e`, branched from `feat/rust-platform`.
+- **Commits:** Conventional Commits, no `Co-Authored-By` trailer. One commit per task.
+- **Verification gate:** every Docker task ends with a working `docker build` (or `docker run`); every code task ends with `pnpm check` / `cargo check` clean.
+
+---
+
+## Phase 0: Real bootstrap data (Tasks 1–2)
+
+### Task 1: Real bootstrap.json with default 17 nav items
+
+**Files:**
+- Modify: `server/bootstrap.json`
+
+The current `server/bootstrap.json` is a placeholder (Plan 1 Task 32) with empty `items`. Replace with the real default content per spec §10.3 (4 groups × ~17 items, plus the original sites/copyright).
+
+- [ ] **Step 1: Replace `server/bootstrap.json` with the full content**
+
+```json
+{
+  "schemaVersion": 1,
+  "meta": {
+    "siteName": "Pico 的小站导航",
+    "siteAvatarPath": "/avatar.png",
+    "siteCopyright": "Copyright © 2026 Pico. All rights reserved.",
+    "siteIcp": null,
+    "sitePolice": null,
+    "defaultTheme": "system"
+  },
+  "sites": [
+    { "value": "shangHai", "name": "上海", "name_i18n": { "en": "Shanghai" }, "is_default": true,  "sort_order": 0 },
+    { "value": "beiJing",  "name": "北京", "name_i18n": { "en": "Beijing"  }, "is_default": false, "sort_order": 1 },
+    { "value": "guangZhou","name": "广州", "name_i18n": { "en": "Guangzhou"}, "is_default": false, "sort_order": 2 },
+    { "value": "shenZhen", "name": "深圳", "name_i18n": { "en": "Shenzhen" }, "is_default": false, "sort_order": 3 }
+  ],
+  "groups": [
+    { "slug": "network", "name": "网络", "name_i18n": { "en": "Network" }, "sort_order": 0 },
+    { "slug": "media",   "name": "媒体", "name_i18n": { "en": "Media"   }, "sort_order": 1 },
+    { "slug": "nas",     "name": "NAS",  "name_i18n": { "en": "NAS"     }, "sort_order": 2 },
+    { "slug": "tools",   "name": "工具", "name_i18n": { "en": "Tools"   }, "sort_order": 3 }
+  ],
+  "tags": [],
+  "items": [
+    { "name": "RouterOS",     "groupSlug": "network", "iconKind": "asset", "iconValue": "routerOS.png",         "links": { "shangHai": "http://10.0.0.1",  "beiJing": "http://10.1.0.1" }, "tagSlugs": [] },
+    { "name": "OpenWRT",      "groupSlug": "network", "iconKind": "asset", "iconValue": "openWRT.png",          "links": { "shangHai": "http://10.0.0.2",  "beiJing": "http://10.1.0.2" }, "tagSlugs": [] },
+    { "name": "K2P",          "groupSlug": "network", "iconKind": "asset", "iconValue": "phicomm.png",          "links": { "shangHai": "http://10.0.0.4",  "beiJing": "http://10.1.0.4", "shenZhen": "http://10.2.0.4" }, "tagSlugs": [] },
+    { "name": "qBittorrent",  "groupSlug": "network", "iconKind": "asset", "iconValue": "qBittorrent.png",      "links": { "shangHai": "http://10.0.0.11:8085", "beiJing": "http://10.1.0.11:8085" }, "tagSlugs": [] },
+    { "name": "Jackett",      "groupSlug": "network", "iconKind": "asset", "iconValue": "jackett.png",          "links": { "shangHai": "http://10.0.0.13",  "beiJing": "http://10.1.0.13" }, "tagSlugs": [] },
+
+    { "name": "Jellyfin",     "groupSlug": "media",   "iconKind": "asset", "iconValue": "jellyfin.svg",         "links": { "shangHai": "http://10.0.0.12",  "beiJing": "http://10.1.0.12" }, "tagSlugs": [] },
+    { "name": "Surveillance", "groupSlug": "media",   "iconKind": "asset", "iconValue": "surveillanceStation.png","links": { "shangHai": "http://10.0.0.5:9900", "beiJing": "http://10.1.0.5:9900" }, "tagSlugs": [] },
+    { "name": "相册",         "name_i18n": { "en": "Album" }, "groupSlug": "media", "iconKind": "asset", "iconValue": "album.png", "links": { "shangHai": "http://10.0.0.5:5080", "beiJing": "http://10.1.0.5:5080" }, "tagSlugs": [] },
+
+    { "name": "Synology",     "groupSlug": "nas",     "iconKind": "asset", "iconValue": "synology.png",         "links": { "shangHai": "http://10.0.0.5:5000", "beiJing": "http://10.1.0.5:5000" }, "tagSlugs": [] },
+    { "name": "文件夹",       "name_i18n": { "en": "Files" }, "groupSlug": "nas", "iconKind": "asset", "iconValue": "file.png", "links": { "shangHai": "http://10.0.0.5:7000", "beiJing": "http://10.1.0.5:7000" }, "tagSlugs": [] },
+    { "name": "Nas Tools",    "groupSlug": "nas",     "iconKind": "asset", "iconValue": "nasTools.png",         "links": { "shangHai": "http://10.0.0.14",  "beiJing": "http://10.1.0.14" }, "tagSlugs": [] },
+
+    { "name": "Esxi",          "groupSlug": "tools",  "iconKind": "asset", "iconValue": "esxi.png",             "links": { "shangHai": "http://10.0.0.3",  "beiJing": "http://10.1.0.3", "guangZhou": "http://10.2.0.3" }, "tagSlugs": [] },
+    { "name": "Home Assistant","groupSlug": "tools",  "iconKind": "asset", "iconValue": "homeAssistant.svg",    "links": { "shangHai": "http://10.0.0.5",  "beiJing": "http://10.1.0.5" }, "tagSlugs": [] },
+    { "name": "思源笔记",      "name_i18n": { "en": "SiYuan Notes" }, "groupSlug": "tools", "iconKind": "asset", "iconValue": "siyuanNote.png", "links": { "shangHai": "http://10.0.0.16:6806/", "beiJing": "http://10.1.0.16:6806/" }, "tagSlugs": [] },
+    { "name": "博客",          "name_i18n": { "en": "Blog" }, "groupSlug": "tools", "iconKind": "asset", "iconValue": "blog.png", "links": { "shangHai": "http://10.0.0.6",  "beiJing": "http://10.1.0.6" }, "tagSlugs": [] },
+    { "name": "Portainer",     "groupSlug": "tools",  "iconKind": "asset", "iconValue": "portainer.svg",        "links": { "shangHai": "http://10.0.0.10:9443", "beiJing": "http://10.1.0.10:9443" }, "tagSlugs": [] },
+    { "name": "青龙",          "name_i18n": { "en": "QingLong" }, "groupSlug": "tools", "iconKind": "asset", "iconValue": "qinglong.png", "links": { "shangHai": "http://10.0.0.15:5700", "beiJing": "http://10.1.0.15:5700" }, "tagSlugs": [] }
+  ]
+}
+```
+
+(17 items: 5 network + 3 media + 3 nas + 6 tools = 17.)
+
+- [ ] **Step 2: Verify `cargo check` (the build.rs `rerun-if-changed=bootstrap.json` triggers a small recompile)**
+
+```bash
+cd server
+DATABASE_URL=sqlite:./dev-data/data.db?mode=rwc cargo check 2>&1 | tail -3
+cd ..
+```
+
+Expected: clean.
+
+- [ ] **Step 3: Commit**
+
+```bash
+git add server/bootstrap.json
+git commit -m "feat(server): real bootstrap.json with 17 default items + 4 sites + 4 groups"
+```
+
+### Task 2: dump-bootstrap.mjs maintenance script
+
+**Files:**
+- Create: `scripts/dump-bootstrap.mjs`
+- Create: `scripts/bootstrap-source.ts`
+
+This script generates `server/bootstrap.json` from a typed source so future edits stay in TypeScript instead of hand-editing JSON. It's run on demand by maintainers; the Docker build does NOT depend on it (the JSON is committed).
+
+- [ ] **Step 1: Source file**
+
+Create `scripts/bootstrap-source.ts`:
+
+```ts
+// Hand-curated source of truth for server/bootstrap.json.
+// Maintainers edit this file then run `node scripts/dump-bootstrap.mjs`.
+
+export interface BootstrapItem {
+  name: string;
+  name_i18n?: Record<string, string>;
+  groupSlug: string | null;
+  iconKind: 'asset' | 'url' | 'auto-favicon';
+  iconValue: string;
+  links: Record<string, string>;
+  tagSlugs?: string[];
+}
+
+export interface BootstrapSite {
+  value: string;
+  name: string;
+  name_i18n?: Record<string, string>;
+  is_default: boolean;
+  sort_order: number;
+}
+
+export interface BootstrapGroup {
+  slug: string;
+  name: string;
+  name_i18n?: Record<string, string>;
+  sort_order: number;
+}
+
+export interface BootstrapDoc {
+  schemaVersion: 1;
+  meta: {
+    siteName: string;
+    siteAvatarPath: string | null;
+    siteCopyright: string;
+    siteIcp: { text: string; url: string } | null;
+    sitePolice: { text: string; url: string } | null;
+    defaultTheme: 'system' | 'light' | 'dark';
+  };
+  sites: BootstrapSite[];
+  groups: BootstrapGroup[];
+  tags: { slug: string; name: string; name_i18n?: Record<string, string> }[];
+  items: BootstrapItem[];
+}
+
+export const BOOTSTRAP: BootstrapDoc = {
+  schemaVersion: 1,
+  meta: {
+    siteName: 'Pico 的小站导航',
+    siteAvatarPath: '/avatar.png',
+    siteCopyright: 'Copyright © 2026 Pico. All rights reserved.',
+    siteIcp: null,
+    sitePolice: null,
+    defaultTheme: 'system'
+  },
+  sites: [
+    { value: 'shangHai', name: '上海', name_i18n: { en: 'Shanghai' }, is_default: true, sort_order: 0 },
+    { value: 'beiJing', name: '北京', name_i18n: { en: 'Beijing' }, is_default: false, sort_order: 1 },
+    { value: 'guangZhou', name: '广州', name_i18n: { en: 'Guangzhou' }, is_default: false, sort_order: 2 },
+    { value: 'shenZhen', name: '深圳', name_i18n: { en: 'Shenzhen' }, is_default: false, sort_order: 3 }
+  ],
+  groups: [
+    { slug: 'network', name: '网络', name_i18n: { en: 'Network' }, sort_order: 0 },
+    { slug: 'media', name: '媒体', name_i18n: { en: 'Media' }, sort_order: 1 },
+    { slug: 'nas', name: 'NAS', name_i18n: { en: 'NAS' }, sort_order: 2 },
+    { slug: 'tools', name: '工具', name_i18n: { en: 'Tools' }, sort_order: 3 }
+  ],
+  tags: [],
+  items: [
+    // (omitted here; same as bootstrap.json items section from Task 1)
+  ]
+};
+```
+
+The `items` array can be left empty in the source for this plan (the JSON is the canonical reference). Future maintainers will populate it before running the script.
+
+- [ ] **Step 2: dump script**
+
+Create `scripts/dump-bootstrap.mjs`:
+
+```js
+#!/usr/bin/env node
+// Regenerate server/bootstrap.json from scripts/bootstrap-source.ts.
+// Usage: from repo root: node scripts/dump-bootstrap.mjs
+//
+// Requires: pnpm/npx to invoke tsx.
+
+import { writeFile } from 'node:fs/promises';
+import { execSync } from 'node:child_process';
+
+const tsxOut = execSync(
+  `npx -y tsx -e "import { BOOTSTRAP } from './scripts/bootstrap-source.ts'; process.stdout.write(JSON.stringify(BOOTSTRAP, null, 2))"`,
+  { encoding: 'utf8' }
+);
+
+const target = 'server/bootstrap.json';
+await writeFile(target, tsxOut + '\n', 'utf8');
+console.log(`Wrote ${target} (${tsxOut.length} bytes).`);
+```
+
+- [ ] **Step 3: Don't run it now** (it would overwrite Task 1's authoritative JSON with the empty-items source). Just commit the script for future use.
+
+- [ ] **Step 4: Commit**
+
+```bash
+git add scripts/bootstrap-source.ts scripts/dump-bootstrap.mjs
+git commit -m "chore: dump-bootstrap.mjs maintenance script (regenerates server/bootstrap.json from TS source)"
+```
+
+---
+
+## Phase 1: Docker (Tasks 3–5)
+
+### Task 3: Dockerfile (multi-stage)
+
+**Files:**
+- Modify: `Dockerfile` (replaces the existing nginx-based one from the legacy site)
+- Create: `.dockerignore` already updated in Plan 1; verify it covers new dirs.
+
+- [ ] **Step 1: Replace `Dockerfile`**
+
+```dockerfile
+# syntax=docker/dockerfile:1.7
+
+# ──── Stage 1: build frontend ────
+FROM node:20-alpine AS web-build
+WORKDIR /web
+RUN corepack enable
+COPY web/pnpm-lock.yaml web/package.json ./
+RUN pnpm install --frozen-lockfile
+COPY web/ ./
+RUN pnpm build
+
+# ──── Stage 2: build server ────
+FROM rust:1.79-slim AS server-build
+WORKDIR /server
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends pkg-config libssl-dev ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
+# Cache deps layer
+COPY server/Cargo.toml server/Cargo.lock ./
+RUN mkdir -p src && echo 'fn main(){}' > src/main.rs && \
+    cargo build --release --bin navsrv && \
+    rm -rf src target/release/deps/navsrv* target/release/navsrv
+# Real build
+COPY server/ ./
+ENV SQLX_OFFLINE=true
+RUN cargo build --release --bin navsrv
+
+# ──── Stage 3: runtime ────
+FROM gcr.io/distroless/cc-debian12 AS runtime
+COPY --from=server-build /server/target/release/navsrv /usr/local/bin/navsrv
+COPY --from=web-build    /web/build                   /app/static
+ENV PORT=8080 \
+    DATA_DIR=/app/data \
+    STATIC_DIR=/app/static \
+    RUST_LOG=info,sqlx=warn,tower_http=info \
+    SECURE_COOKIES=false
+VOLUME /app/data
+EXPOSE 8080
+USER nonroot
+ENTRYPOINT ["/usr/local/bin/navsrv"]
+```
+
+Notes:
+- Three stages: web (node:20-alpine, ~200MB), server (rust:1.79-slim, ~1GB), runtime (distroless/cc, ~70MB).
+- Server stage uses `SQLX_OFFLINE=true` so cargo doesn't try to connect to a live DB during build — relies on the `.sqlx/` metadata committed in Plan 1.
+- The runtime image is distroless: no shell, no package manager, only the binary + glibc + ca-certificates + nonroot user.
+
+- [ ] **Step 2: Build the image**
+
+```bash
+docker build -t navsrv:plan5-test . 2>&1 | tail -30
+```
+
+Use `timeout: 1800000` (30 min) — cold build is heavy. Subsequent builds use cached layers.
+
+Expected: build succeeds. If a stage fails, inspect the log; common issues:
+- pnpm install fails with peer-dep conflict → check `web/package.json` packageManager field
+- rust deps download timeout → retry
+- `SQLX_OFFLINE=true` but `.sqlx/` missing → re-run `cargo sqlx prepare` in dev (Plan 1 Task 13/14/15 should have left `.sqlx/` committed; verify)
+
+- [ ] **Step 3: Run the image**
+
+```bash
+mkdir -p /tmp/navdata
+docker run -d \
+  --name navsrv-test \
+  -p 18080:8080 \
+  -v /tmp/navdata:/app/data \
+  -e BOOTSTRAP_ADMIN_PASSWORD=test1234 \
+  navsrv:plan5-test
+sleep 5
+docker logs navsrv-test | tail -20
+curl -sf http://127.0.0.1:18080/api/health
+echo
+curl -sf http://127.0.0.1:18080/api/nav | head -c 200
+echo
+curl -sf -o /tmp/spa.html http://127.0.0.1:18080/ && grep -oE '<title>[^<]+</title>' /tmp/spa.html
+docker stop navsrv-test && docker rm navsrv-test
+rm -rf /tmp/navdata
+```
+
+Expected: health JSON, nav bundle JSON, SPA HTML with title.
+
+- [ ] **Step 4: Commit**
+
+```bash
+git add Dockerfile
+git commit -m "feat(deploy): multi-stage Dockerfile (web + server → distroless single image)"
+```
+
+### Task 4: docker-compose.yml with Caddy TLS sample
+
+**Files:**
+- Create: `docker-compose.yml`
+- Create: `Caddyfile`
+
+```yaml
+# docker-compose.yml — sample. Adjust DOMAIN / image tag for your deploy.
+services:
+  nav:
+    build: .
+    image: navsrv:latest
+    container_name: nav
+    restart: unless-stopped
+    environment:
+      BOOTSTRAP_ADMIN_PASSWORD: ${BOOTSTRAP_ADMIN_PASSWORD:-}
+      RUST_LOG: ${RUST_LOG:-info,sqlx=warn,tower_http=info}
+      SECURE_COOKIES: ${SECURE_COOKIES:-true}
+    volumes:
+      - ./data:/app/data
+    expose:
+      - "8080"
+
+  caddy:
+    image: caddy:2
+    container_name: caddy
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy-data:/data
+      - caddy-config:/config
+    depends_on:
+      - nav
+
+volumes:
+  caddy-data:
+  caddy-config:
+```
+
+```caddy
+# Caddyfile — auto-TLS via Let's Encrypt.
+# Set DOMAIN env var (e.g. nav.example.com) before `docker compose up`.
+{$DOMAIN:localhost} {
+    reverse_proxy nav:8080
+    encode gzip
+}
+```
+
+Smoke test (without TLS, on a temporary port):
+
+```bash
+DOMAIN=localhost docker compose up -d 2>&1 | tail -10
+sleep 8
+curl -sf -k http://localhost/api/health || echo "(caddy may take a moment to bind; check logs)"
+docker compose logs caddy 2>&1 | tail -5
+docker compose logs nav 2>&1 | tail -5
+docker compose down
+```
+
+Expected: `nav` container started, `caddy` started, health endpoint reachable through caddy at port 80.
+
+Commit:
+
+```bash
+git add docker-compose.yml Caddyfile
+git commit -m "feat(deploy): docker-compose + Caddyfile (auto-TLS via Let's Encrypt)"
+```
+
+### Task 5: Docker smoke test in script form
+
+**Files:**
+- Create: `scripts/docker-smoke.sh`
+
+```bash
+#!/usr/bin/env bash
+# scripts/docker-smoke.sh
+# Manual smoke test: build, run, hit endpoints, tear down.
+# Usage: bash scripts/docker-smoke.sh
+set -euo pipefail
+
+IMG=navsrv:smoke-$$
+DATA=$(mktemp -d)
+PORT=18080
+PASSWORD=smoke-pw-1234
+
+cleanup() {
+  docker stop nav-smoke 2>/dev/null || true
+  docker rm   nav-smoke 2>/dev/null || true
+  docker image rm "$IMG" 2>/dev/null || true
+  rm -rf "$DATA"
+}
+trap cleanup EXIT
+
+echo "=== build ==="
+docker build -t "$IMG" .
+
+echo "=== run ==="
+docker run -d --name nav-smoke -p "$PORT:8080" -v "$DATA:/app/data" \
+  -e BOOTSTRAP_ADMIN_PASSWORD="$PASSWORD" "$IMG"
+sleep 6
+
+echo "=== health ==="
+curl -sf "http://127.0.0.1:$PORT/api/health"
+echo
+echo "=== nav ==="
+curl -sf "http://127.0.0.1:$PORT/api/nav" | python3 -c 'import sys,json; b=json.load(sys.stdin); print(f"sites={len(b[\"sites\"])} groups={len(b[\"groups\"])} items={len(b[\"items\"])}")'
+echo "=== login ==="
+curl -sf -c /tmp/c.txt -X POST -H 'Content-Type: application/json' \
+  -d "{\"password\":\"$PASSWORD\"}" "http://127.0.0.1:$PORT/api/auth/login" -w 'login=%{http_code}\n'
+echo "=== me with cookie ==="
+curl -sf -b /tmp/c.txt "http://127.0.0.1:$PORT/api/auth/me"
+echo
+
+echo "=== SPA ==="
+curl -sf -o /tmp/spa.html "http://127.0.0.1:$PORT/" && grep -oE '<title>[^<]+</title>' /tmp/spa.html
+
+echo "=== smoke OK ==="
+```
+
+```bash
+chmod +x scripts/docker-smoke.sh
+bash scripts/docker-smoke.sh
+```
+
+Use `timeout: 1800000` for the build step.
+
+Expected: smoke script prints `smoke OK`.
+
+Commit:
+
+```bash
+git add scripts/docker-smoke.sh
+git commit -m "chore(deploy): docker-smoke.sh script (build + run + verify all endpoints)"
+```
+
+---
+
+## Phase 2: Playwright e2e (Tasks 6–8)
+
+### Task 6: Playwright config refresh
+
+**Files:**
+- Delete: `web/playwright.config.js`
+- Create: `tests/playwright.config.ts` (root-level)
+- Modify: root `package.json` to host the e2e test scripts (or use `web/package.json` — root is cleaner).
+- Move: `web/tests/test.ts` → `tests/legacy.spec.ts` (rename or delete; legacy default Kit-generated test).
+
+The Plan 1.5 deferred Playwright fixes; this task does them now.
+
+- [ ] **Step 1: Create root tests dir**
+
+```bash
+mkdir -p tests
+```
+
+- [ ] **Step 2: Move legacy test (or delete)**
+
+```bash
+git mv web/tests/test.ts tests/legacy.spec.ts 2>/dev/null || true
+git rm web/tests/test.ts 2>/dev/null || true
+git rm web/playwright.config.js
+```
+
+If the legacy file just contains `expect(1).toBe(1)`, replace `tests/legacy.spec.ts` with a minimal placeholder or delete entirely. Simpler: delete and start fresh.
+
+- [ ] **Step 3: Root tests/playwright.config.ts**
+
+```ts
+// tests/playwright.config.ts
+import { defineConfig, devices } from '@playwright/test';
+
+const PORT = Number(process.env.PORT ?? 18080);
+const BASE_URL = process.env.E2E_BASE_URL ?? `http://127.0.0.1:${PORT}`;
+
+export default defineConfig({
+  testDir: '.',
+  testMatch: '**/*.spec.ts',
+  timeout: 30_000,
+  fullyParallel: false,
+  forbidOnly: !!process.env.CI,
+  retries: process.env.CI ? 1 : 0,
+  reporter: process.env.CI ? 'github' : 'list',
+  use: {
+    baseURL: BASE_URL,
+    trace: 'on-first-retry',
+    screenshot: 'only-on-failure'
+  },
+  projects: [
+    { name: 'chromium', use: { ...devices['Desktop Chrome'] } }
+  ]
+});
+```
+
+- [ ] **Step 4: Root package.json with e2e scripts**
+
+Create `package.json` at the repo ROOT (no `pnpm-workspace.yaml` — this is just a thin shell for e2e test runner):
+
+```json
+{
+  "name": "navigation_website-e2e",
+  "version": "1.0.0",
+  "private": true,
+  "scripts": {
+    "e2e": "playwright test --config tests/playwright.config.ts",
+    "e2e:headed": "playwright test --config tests/playwright.config.ts --headed",
+    "e2e:ui": "playwright test --config tests/playwright.config.ts --ui"
+  },
+  "devDependencies": {
+    "@playwright/test": "^1.49.0"
+  }
+}
+```
+
+Install:
+
+```bash
+npm install
+npx playwright install chromium --with-deps
+```
+
+(Use `npm` here — root has no pnpm setup. Or `pnpm install` if user prefers.)
+
+Use `timeout: 600000` for the playwright install.
+
+- [ ] **Step 5: Verify config compiles**
+
+```bash
+npx playwright test --config tests/playwright.config.ts --list 2>&1 | tail -10
+```
+
+Should list 0 tests (no spec files yet) without erroring on the config.
+
+- [ ] **Step 6: Commit**
+
+```bash
+git add tests/ package.json package-lock.json 2>/dev/null
+git rm -f web/playwright.config.js 2>/dev/null
+git commit -m "chore(e2e): root Playwright config (port 18080, chromium-only)"
+```
+
+### Task 7: e2e spec — read flow
+
+**Files:**
+- Create: `tests/read.spec.ts`
+
+```ts
+import { test, expect } from '@playwright/test';
+
+test.describe('read flow', () => {
+  test('site loads with title and at least one nav item', async ({ page }) => {
+    await page.goto('/');
+    await expect(page).toHaveTitle(/.+/, { timeout: 10_000 });
+
+    // Wait for some NavItem button to render (nav items are <button>)
+    const items = page.locator('button[aria-label]').filter({
+      hasNot: page.locator('[aria-label="Toggle theme"]')
+    });
+    await expect(items.first()).toBeVisible({ timeout: 10_000 });
+  });
+
+  test('search filters', async ({ page }) => {
+    await page.goto('/');
+    const search = page.getByRole('searchbox');
+    await expect(search).toBeVisible({ timeout: 10_000 });
+    await search.fill('Router');
+
+    // After filtering, items containing "Router" should still be there.
+    await expect(page.locator('button[aria-label*="Router"]').first()).toBeVisible({ timeout: 5_000 });
+  });
+});
+```
+
+Commit:
+
+```bash
+git add tests/read.spec.ts
+git commit -m "test(e2e): read flow (title + nav items + search filter)"
+```
+
+### Task 8: e2e spec — login + create item
+
+**Files:**
+- Create: `tests/edit.spec.ts`
+
+```ts
+import { test, expect } from '@playwright/test';
+
+const PASSWORD = process.env.E2E_ADMIN_PASSWORD ?? 'test1234';
+
+test.describe('edit flow', () => {
+  test('login → toggle edit → create item via dialog', async ({ page }) => {
+    await page.goto('/');
+
+    // Open login dialog
+    await page.getByRole('button', { name: /log in|登录/i }).click();
+    await page.getByLabel(/admin password|管理员密码/i).fill(PASSWORD);
+    await page.getByRole('button', { name: /sign in|登录/i }).click();
+
+    // After login, EditToggle button appears
+    const editBtn = page.getByRole('button', { name: /^edit$|^编辑$/i });
+    await expect(editBtn).toBeVisible({ timeout: 5_000 });
+
+    // Toggle edit mode
+    await editBtn.click();
+    // Visual indicator: body should have edit-mode class
+    await expect(page.locator('body.edit-mode')).toBeVisible();
+
+    // Click the first NewItemAffordance ('+' card)
+    const newItem = page.getByRole('button', { name: /new nav item|新建导航项/i }).first();
+    await newItem.click();
+
+    // Fill ItemEditDialog form
+    await page.getByLabel(/edit — name|name/i).first().fill('E2EItem');
+    await page.getByLabel(/icon value/i).fill('e2e.png');
+    await page.getByLabel(/links/i).fill('{"shangHai":"http://e2e.test"}');
+
+    // Save
+    await page.getByRole('button', { name: /^save$|^保存$/i }).click();
+
+    // Verify the new item appears
+    await expect(page.locator('button[aria-label="E2EItem"]')).toBeVisible({ timeout: 10_000 });
+  });
+});
+```
+
+Commit:
+
+```bash
+git add tests/edit.spec.ts
+git commit -m "test(e2e): edit flow (login → toggle → create item via dialog)"
+```
+
+### Task 9: e2e harness script
+
+**Files:**
+- Create: `scripts/e2e.sh`
+
+```bash
+#!/usr/bin/env bash
+# scripts/e2e.sh — boot a clean Docker container, run Playwright against it, tear down.
+set -euo pipefail
+
+IMG=navsrv:e2e-$$
+DATA=$(mktemp -d)
+PORT=18080
+PASSWORD=test1234
+
+cleanup() {
+  docker stop nav-e2e 2>/dev/null || true
+  docker rm   nav-e2e 2>/dev/null || true
+  docker image rm "$IMG" 2>/dev/null || true
+  rm -rf "$DATA"
+}
+trap cleanup EXIT
+
+echo "=== build ==="
+docker build -t "$IMG" .
+
+echo "=== run ==="
+docker run -d --name nav-e2e -p "$PORT:8080" -v "$DATA:/app/data" \
+  -e BOOTSTRAP_ADMIN_PASSWORD="$PASSWORD" "$IMG"
+sleep 6
+
+echo "=== seeding (server seeds itself on first boot from bootstrap.json) ==="
+curl -sf "http://127.0.0.1:$PORT/api/nav" | python3 -c 'import sys,json; b=json.load(sys.stdin); print(f"sites={len(b[\"sites\"])} items={len(b[\"items\"])}")'
+
+echo "=== running playwright ==="
+PORT="$PORT" E2E_ADMIN_PASSWORD="$PASSWORD" npx playwright test --config tests/playwright.config.ts
+
+echo "=== e2e OK ==="
+```
+
+```bash
+chmod +x scripts/e2e.sh
+```
+
+Run it:
+
+```bash
+bash scripts/e2e.sh
+```
+
+Use `timeout: 1800000` (30 min) — first run includes docker build.
+
+Expected: all 3 e2e tests pass (1 from read.spec, 2 from edit.spec — actually 3 read flow tests planned but conservative).
+
+If any test fails: inspect Playwright HTML report (auto-saved to `playwright-report/`), debug, fix the test or the underlying issue, commit the fix.
+
+Commit:
+
+```bash
+git add scripts/e2e.sh
+git commit -m "chore(e2e): scripts/e2e.sh harness (docker build + run + playwright)"
+```
+
+---
+
+## Phase 3: README finalization (Task 10)
+
+### Task 10: Top-level README rewrite
+
+**Files:**
+- Modify: `README.md`
+
+Replace the legacy README with a quickstart-first version focused on Docker.
+
+```markdown
+# Navigation Website
+
+A self-hostable navigation/bookmark dashboard with a Rust backend (Axum + SQLite),
+a SvelteKit SPA frontend, and an inline editor for the admin.
+
+## Quickstart (Docker)
+
+```bash
+docker run -d \
+  --name nav \
+  -p 8080:8080 \
+  -v ./data:/app/data \
+  -e BOOTSTRAP_ADMIN_PASSWORD=changeme \
+  navsrv:latest
+```
+
+Visit http://localhost:8080. Click **Log in** in the top-right, enter your password,
+then click **Edit** to add/remove nav items inline.
+
+For HTTPS with Let's Encrypt, use `docker compose up -d` with the bundled
+`docker-compose.yml` (set `DOMAIN=nav.example.com`).
+
+## Project layout
+
+| Path | Purpose |
+|---|---|
+| `web/` | SvelteKit 2 + Svelte 5 SPA. `pnpm dev` for local dev (proxies `/api` to `:8080`). |
+| `server/` | Rust binary (`navsrv`). `cargo run` for local dev (default port 8080). |
+| `tests/` | Playwright e2e specs covering read + login + create. |
+| `scripts/` | `docker-smoke.sh`, `e2e.sh`, `dump-bootstrap.mjs`. |
+| `docs/superpowers/` | Design specs and implementation plans. |
+| `Dockerfile` | Multi-stage build → distroless single image. |
+| `docker-compose.yml` + `Caddyfile` | Optional TLS-fronted deploy. |
+
+## Local development
+
+Backend (terminal A):
+
+```bash
+cd server
+cargo run            # listens on :8080
+```
+
+On first boot, an admin password is generated and printed; it's also written to
+`server/dev-data/INITIAL_PASSWORD.txt` (auto-deleted after the first password
+change via the UI).
+
+Frontend (terminal B):
+
+```bash
+cd web
+pnpm install         # uses pinned pnpm 10 via packageManager
+pnpm dev             # listens on :5173, proxies /api to :8080
+```
+
+Run unit tests:
+
+```bash
+cd web && pnpm test:unit
+cd server && SQLX_OFFLINE=true cargo test
+```
+
+Run e2e (requires Docker):
+
+```bash
+bash scripts/e2e.sh
+```
+
+## Configuration (env)
+
+| Var | Default | Notes |
+|---|---|---|
+| `PORT` | `8080` | TCP port |
+| `DATA_DIR` | `/app/data` (Docker) / `./dev-data` (cargo) | SQLite + uploads + INITIAL_PASSWORD |
+| `STATIC_DIR` | `/app/static` (Docker) / `../web/build` (cargo) | SvelteKit build output |
+| `BOOTSTRAP_ADMIN_PASSWORD` | (unset) | First boot only; otherwise random + file |
+| `SECURE_COOKIES` | `false` (dev) / `true` (compose) | `true` requires HTTPS |
+| `RUST_LOG` | `info,sqlx=warn,tower_http=info` | tracing-subscriber filter |
+
+## Resetting the admin password
+
+```bash
+docker exec -it nav navsrv reset-password --password=<new>
+# or interactively (the binary prompts)
+```
+
+This invalidates all sessions and removes any leftover `INITIAL_PASSWORD.txt`.
+
+## Architecture
+
+See `docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md` for the
+full design. Briefly:
+
+- **Frontend**: Svelte 5 (runes) + SvelteKit 2, no UI library — design tokens and
+  10 hand-built primitives under `web/src/lib/components/ui/`. `apiClient` validates
+  every response against zod schemas mirroring the backend types. Self-implemented
+  i18n (~80 lines), no library.
+- **Backend**: Axum 0.7 + SQLx (SQLite WAL). 3NF schema. Single-admin auth
+  (bcrypt + signed cookie session via `tower-sessions`). CRUD endpoints behind a
+  `RequireAuth` extractor. Favicon proxy with 7-day disk cache. CLI subcommand
+  for password reset.
+- **Deploy**: Multi-stage Dockerfile produces a distroless image (~70 MB). The
+  Rust binary serves both the SPA (`tower-http::ServeDir` with SPA fallback) and
+  `/api/*`.
+
+## Roadmap
+
+Future enhancements (not in current shipped Plans 1–5):
+
+- Drag-and-drop reorder of nav items
+- Full management UI for groups, sites, tags (currently editable via API only)
+- Site settings dialog (site name, avatar upload, ICP filings, default theme)
+- Multi-user / OAuth / audit log
+- Real-time multi-device sync (SSE)
+- PWA / offline
+
+## License
+
+MIT.
+```
+
+(Adjust the license line if a different license applies.)
+
+Run a quick markdown check:
+
+```bash
+grep -c '^#' README.md
+```
+
+Should be ≥ 5 (multiple sections).
+
+Commit:
+
+```bash
+git add README.md
+git commit -m "docs: README quickstart-first (Docker run, dev workflow, env, architecture, roadmap)"
+```
+
+---
+
+## Phase 4: Final pipeline verification (Task 11)
+
+### Task 11: Full green check
+
+**Files:** none modified (unless fixes needed).
+
+```bash
+# Cargo
+cd server
+DATABASE_URL=sqlite:./dev-data/data.db?mode=rwc cargo test 2>&1 | tail -5
+DATABASE_URL=sqlite:./dev-data/data.db?mode=rwc cargo clippy --all-targets -- -D warnings 2>&1 | tail -5
+cargo fmt --check
+cd ..
+
+# Web
+cd web
+pnpm check 2>&1 | tail -5
+pnpm test:unit 2>&1 | tail -5
+pnpm build 2>&1 | tail -5
+pnpm lint 2>&1 | tail -5
+cd ..
+
+# Docker
+bash scripts/docker-smoke.sh 2>&1 | tail -10
+```
+
+(Skip the Docker step if `docker` is unavailable on the host; note as concern.)
+
+Expected: every gate green.
+
+If everything green, no commit (Task 11 is verification only).
+
+If fixes were needed, commit:
+
+```bash
+git add -u
+git commit -m "chore: final fixes after Plan 5 full pipeline verification"
+```
+
+---
+
+## Self-Review
+
+**Spec coverage**
+
+| Spec section | Where covered |
+|---|---|
+| § 9.1 seed_if_empty migration | Plan 1 Task 32; bootstrap.json now real (Task 1 of this plan) |
+| § 9.2 Dockerfile multi-stage | Task 3 |
+| § 9.5 deployment | Tasks 3, 4, 10 |
+| § 10 roadmap | Task 10 README |
+
+**Out of scope** (explicit in this plan):
+
+- Drag-drop, full group/site/tag UI, SiteSettingsDialog, icon upload UI — listed in README roadmap.
+- Multi-user, audit log, OAuth — same.
+
+**Type / signature consistency**
+
+- bootstrap.json shape matches `BootstrapDoc` in `server/src/services/migration.rs` (Plan 1 Task 32).
+- Playwright config typed via `defineConfig`.
+
+**Verification gates**
+
+- Task 3: docker build + run + curl
+- Task 4: docker compose up + caddy probe
+- Task 5: scripts/docker-smoke.sh
+- Task 7-9: Playwright (3 tests across 2 specs)
+- Task 11: full pipeline
+
+**Final**: after Task 11, `feat/rust-platform` branch is shippable. Open a PR from `feat/rust-platform` → `master` for human review and merge.
diff --git a/package-lock.json b/package-lock.json
new file mode 100644
index 0000000..2b81719
--- /dev/null
+++ b/package-lock.json
@@ -0,0 +1,78 @@
+{
+  "name": "navigation_website-e2e",
+  "version": "1.0.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "navigation_website-e2e",
+      "version": "1.0.0",
+      "devDependencies": {
+        "@playwright/test": "^1.49.0"
+      }
+    },
+    "node_modules/@playwright/test": {
+      "version": "1.60.0",
+      "resolved": "https://npm-registry.toolsfdg.net/@playwright/test/-/test-1.60.0.tgz",
+      "integrity": "sha512-O71yZIbAh/PxDMNGns37GHBIfrVkEVyn+AXyIa5dOTfb4/xNvRWV+Vv/NMbNCtODB/pO7vLlF2OTmMVLhmr7Ag==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "playwright": "1.60.0"
+      },
+      "bin": {
+        "playwright": "cli.js"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/fsevents": {
+      "version": "2.3.2",
+      "resolved": "https://npm-registry.toolsfdg.net/fsevents/-/fsevents-2.3.2.tgz",
+      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
+    "node_modules/playwright": {
+      "version": "1.60.0",
+      "resolved": "https://npm-registry.toolsfdg.net/playwright/-/playwright-1.60.0.tgz",
+      "integrity": "sha512-hheHdokM8cdqCb0lcE3s+zT4t4W+vvjpGxsZlDnikarzx8tSzMebh3UiFtgqwFwnTnjYQcsyMF8ei2mCO/tpeA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "playwright-core": "1.60.0"
+      },
+      "bin": {
+        "playwright": "cli.js"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "optionalDependencies": {
+        "fsevents": "2.3.2"
+      }
+    },
+    "node_modules/playwright-core": {
+      "version": "1.60.0",
+      "resolved": "https://npm-registry.toolsfdg.net/playwright-core/-/playwright-core-1.60.0.tgz",
+      "integrity": "sha512-9bW6zvX/m0lEbgTKJ6YppOKx8H3VOPBMOCFh2irXFOT4BbHgrx5hPjwJYLT40Lu+4qtD36qKc/Hn56StUW57IA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "playwright-core": "cli.js"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    }
+  }
+}
diff --git a/package.json b/package.json
new file mode 100644
index 0000000..19a2bc5
--- /dev/null
+++ b/package.json
@@ -0,0 +1,13 @@
+{
+  "name": "navigation_website-e2e",
+  "version": "1.0.0",
+  "private": true,
+  "scripts": {
+    "e2e": "playwright test --config tests/playwright.config.ts",
+    "e2e:headed": "playwright test --config tests/playwright.config.ts --headed",
+    "e2e:ui": "playwright test --config tests/playwright.config.ts --ui"
+  },
+  "devDependencies": {
+    "@playwright/test": "^1.49.0"
+  }
+}
diff --git a/scripts/bootstrap-source.ts b/scripts/bootstrap-source.ts
new file mode 100644
index 0000000..e1a0d71
--- /dev/null
+++ b/scripts/bootstrap-source.ts
@@ -0,0 +1,71 @@
+// Hand-curated source of truth for server/bootstrap.json.
+// Maintainers edit this file then run `node scripts/dump-bootstrap.mjs`.
+
+export interface BootstrapItem {
+  name: string;
+  name_i18n?: Record<string, string>;
+  groupSlug: string | null;
+  iconKind: 'asset' | 'url' | 'auto-favicon';
+  iconValue: string;
+  links: Record<string, string>;
+  tagSlugs?: string[];
+}
+
+export interface BootstrapSite {
+  value: string;
+  name: string;
+  name_i18n?: Record<string, string>;
+  is_default: boolean;
+  sort_order: number;
+}
+
+export interface BootstrapGroup {
+  slug: string;
+  name: string;
+  name_i18n?: Record<string, string>;
+  sort_order: number;
+}
+
+export interface BootstrapDoc {
+  schemaVersion: 1;
+  meta: {
+    siteName: string;
+    siteAvatarPath: string | null;
+    siteCopyright: string;
+    siteIcp: { text: string; url: string } | null;
+    sitePolice: { text: string; url: string } | null;
+    defaultTheme: 'system' | 'light' | 'dark';
+  };
+  sites: BootstrapSite[];
+  groups: BootstrapGroup[];
+  tags: { slug: string; name: string; name_i18n?: Record<string, string> }[];
+  items: BootstrapItem[];
+}
+
+export const BOOTSTRAP: BootstrapDoc = {
+  schemaVersion: 1,
+  meta: {
+    siteName: 'Pico 的小站导航',
+    siteAvatarPath: '/avatar.png',
+    siteCopyright: 'Copyright © 2026 Pico. All rights reserved.',
+    siteIcp: null,
+    sitePolice: null,
+    defaultTheme: 'system'
+  },
+  sites: [
+    { value: 'shangHai', name: '上海', name_i18n: { en: 'Shanghai' }, is_default: true, sort_order: 0 },
+    { value: 'beiJing', name: '北京', name_i18n: { en: 'Beijing' }, is_default: false, sort_order: 1 },
+    { value: 'guangZhou', name: '广州', name_i18n: { en: 'Guangzhou' }, is_default: false, sort_order: 2 },
+    { value: 'shenZhen', name: '深圳', name_i18n: { en: 'Shenzhen' }, is_default: false, sort_order: 3 }
+  ],
+  groups: [
+    { slug: 'network', name: '网络', name_i18n: { en: 'Network' }, sort_order: 0 },
+    { slug: 'media', name: '媒体', name_i18n: { en: 'Media' }, sort_order: 1 },
+    { slug: 'nas', name: 'NAS', name_i18n: { en: 'NAS' }, sort_order: 2 },
+    { slug: 'tools', name: '工具', name_i18n: { en: 'Tools' }, sort_order: 3 }
+  ],
+  tags: [],
+  items: [
+    // (omitted here; same as bootstrap.json items section from Task 1)
+  ]
+};
diff --git a/scripts/docker-smoke.sh b/scripts/docker-smoke.sh
new file mode 100755
index 0000000..309b522
--- /dev/null
+++ b/scripts/docker-smoke.sh
@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+# scripts/docker-smoke.sh
+# Manual smoke test: build, run, hit endpoints, tear down.
+# Usage: bash scripts/docker-smoke.sh
+set -euo pipefail
+
+IMG=navsrv:smoke-$$
+DATA=$(mktemp -d)
+PORT=18080
+PASSWORD=smoke-pw-1234
+
+cleanup() {
+  docker stop nav-smoke 2>/dev/null || true
+  docker rm   nav-smoke 2>/dev/null || true
+  docker image rm "$IMG" 2>/dev/null || true
+  rm -rf "$DATA"
+}
+trap cleanup EXIT
+
+echo "=== build ==="
+docker build -t "$IMG" .
+
+echo "=== run ==="
+docker run -d --name nav-smoke -p "$PORT:8080" -v "$DATA:/app/data" \
+  -e BOOTSTRAP_ADMIN_PASSWORD="$PASSWORD" "$IMG"
+sleep 6
+
+echo "=== health ==="
+curl -sf "http://127.0.0.1:$PORT/api/health"
+echo
+echo "=== nav ==="
+curl -sf "http://127.0.0.1:$PORT/api/nav" | python3 -c 'import sys,json; b=json.load(sys.stdin); print(f"sites={len(b[\"sites\"])} groups={len(b[\"groups\"])} items={len(b[\"items\"])}")'
+echo "=== login ==="
+curl -sf -c /tmp/c.txt -X POST -H 'Content-Type: application/json' \
+  -d "{\"password\":\"$PASSWORD\"}" "http://127.0.0.1:$PORT/api/auth/login" -w 'login=%{http_code}\n'
+echo "=== me with cookie ==="
+curl -sf -b /tmp/c.txt "http://127.0.0.1:$PORT/api/auth/me"
+echo
+
+echo "=== SPA ==="
+curl -sf -o /tmp/spa.html "http://127.0.0.1:$PORT/" && grep -oE '<title>[^<]+</title>' /tmp/spa.html
+
+echo "=== smoke OK ==="
diff --git a/scripts/dump-bootstrap.mjs b/scripts/dump-bootstrap.mjs
new file mode 100644
index 0000000..c65b778
--- /dev/null
+++ b/scripts/dump-bootstrap.mjs
@@ -0,0 +1,17 @@
+#!/usr/bin/env node
+// Regenerate server/bootstrap.json from scripts/bootstrap-source.ts.
+// Usage: from repo root: node scripts/dump-bootstrap.mjs
+//
+// Requires: pnpm/npx to invoke tsx.
+
+import { writeFile } from 'node:fs/promises';
+import { execSync } from 'node:child_process';
+
+const tsxOut = execSync(
+  `npx -y tsx -e "import { BOOTSTRAP } from './scripts/bootstrap-source.ts'; process.stdout.write(JSON.stringify(BOOTSTRAP, null, 2))"`,
+  { encoding: 'utf8' }
+);
+
+const target = 'server/bootstrap.json';
+await writeFile(target, tsxOut + '\n', 'utf8');
+console.log(`Wrote ${target} (${tsxOut.length} bytes).`);
diff --git a/scripts/e2e.sh b/scripts/e2e.sh
new file mode 100755
index 0000000..05a17eb
--- /dev/null
+++ b/scripts/e2e.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+# scripts/e2e.sh — boot a clean Docker container, run Playwright against it, tear down.
+set -euo pipefail
+
+IMG=navsrv:e2e-$$
+DATA=$(mktemp -d)
+PORT=18080
+PASSWORD=test1234
+
+cleanup() {
+  docker stop nav-e2e 2>/dev/null || true
+  docker rm   nav-e2e 2>/dev/null || true
+  docker image rm "$IMG" 2>/dev/null || true
+  rm -rf "$DATA"
+}
+trap cleanup EXIT
+
+echo "=== build ==="
+docker build -t "$IMG" .
+
+echo "=== run ==="
+docker run -d --name nav-e2e -p "$PORT:8080" -v "$DATA:/app/data" \
+  -e BOOTSTRAP_ADMIN_PASSWORD="$PASSWORD" "$IMG"
+sleep 6
+
+echo "=== seeding (server seeds itself on first boot from bootstrap.json) ==="
+curl -sf "http://127.0.0.1:$PORT/api/nav" | python3 -c 'import sys,json; b=json.load(sys.stdin); print(f"sites={len(b[\"sites\"])} items={len(b[\"items\"])}")'
+
+echo "=== running playwright ==="
+PORT="$PORT" E2E_ADMIN_PASSWORD="$PASSWORD" npx playwright test --config tests/playwright.config.ts
+
+echo "=== e2e OK ==="
diff --git a/server/bootstrap.json b/server/bootstrap.json
index 2c4543d..3a2a95b 100644
--- a/server/bootstrap.json
+++ b/server/bootstrap.json
@@ -1,16 +1,18 @@
 {
   "schemaVersion": 1,
   "meta": {
-    "siteName": "Navigation",
+    "siteName": "Pico 的小站导航",
     "siteAvatarPath": "/avatar.png",
-    "siteCopyright": "Copyright © 2026 — All rights reserved.",
-    "siteIcp":  null,
+    "siteCopyright": "Copyright © 2026 Pico. All rights reserved.",
+    "siteIcp": null,
     "sitePolice": null,
     "defaultTheme": "system"
   },
   "sites": [
     { "value": "shangHai", "name": "上海", "name_i18n": { "en": "Shanghai" }, "is_default": true,  "sort_order": 0 },
-    { "value": "beiJing",  "name": "北京", "name_i18n": { "en": "Beijing"  }, "is_default": false, "sort_order": 1 }
+    { "value": "beiJing",  "name": "北京", "name_i18n": { "en": "Beijing"  }, "is_default": false, "sort_order": 1 },
+    { "value": "guangZhou","name": "广州", "name_i18n": { "en": "Guangzhou"}, "is_default": false, "sort_order": 2 },
+    { "value": "shenZhen", "name": "深圳", "name_i18n": { "en": "Shenzhen" }, "is_default": false, "sort_order": 3 }
   ],
   "groups": [
     { "slug": "network", "name": "网络", "name_i18n": { "en": "Network" }, "sort_order": 0 },
@@ -19,5 +21,26 @@
     { "slug": "tools",   "name": "工具", "name_i18n": { "en": "Tools"   }, "sort_order": 3 }
   ],
   "tags": [],
-  "items": []
+  "items": [
+    { "name": "RouterOS",     "groupSlug": "network", "iconKind": "asset", "iconValue": "routerOS.png",         "links": { "shangHai": "http://10.0.0.1",  "beiJing": "http://10.1.0.1" }, "tagSlugs": [] },
+    { "name": "OpenWRT",      "groupSlug": "network", "iconKind": "asset", "iconValue": "openWRT.png",          "links": { "shangHai": "http://10.0.0.2",  "beiJing": "http://10.1.0.2" }, "tagSlugs": [] },
+    { "name": "K2P",          "groupSlug": "network", "iconKind": "asset", "iconValue": "phicomm.png",          "links": { "shangHai": "http://10.0.0.4",  "beiJing": "http://10.1.0.4", "shenZhen": "http://10.2.0.4" }, "tagSlugs": [] },
+    { "name": "qBittorrent",  "groupSlug": "network", "iconKind": "asset", "iconValue": "qBittorrent.png",      "links": { "shangHai": "http://10.0.0.11:8085", "beiJing": "http://10.1.0.11:8085" }, "tagSlugs": [] },
+    { "name": "Jackett",      "groupSlug": "network", "iconKind": "asset", "iconValue": "jackett.png",          "links": { "shangHai": "http://10.0.0.13",  "beiJing": "http://10.1.0.13" }, "tagSlugs": [] },
+
+    { "name": "Jellyfin",     "groupSlug": "media",   "iconKind": "asset", "iconValue": "jellyfin.svg",         "links": { "shangHai": "http://10.0.0.12",  "beiJing": "http://10.1.0.12" }, "tagSlugs": [] },
+    { "name": "Surveillance", "groupSlug": "media",   "iconKind": "asset", "iconValue": "surveillanceStation.png","links": { "shangHai": "http://10.0.0.5:9900", "beiJing": "http://10.1.0.5:9900" }, "tagSlugs": [] },
+    { "name": "相册",         "name_i18n": { "en": "Album" }, "groupSlug": "media", "iconKind": "asset", "iconValue": "album.png", "links": { "shangHai": "http://10.0.0.5:5080", "beiJing": "http://10.1.0.5:5080" }, "tagSlugs": [] },
+
+    { "name": "Synology",     "groupSlug": "nas",     "iconKind": "asset", "iconValue": "synology.png",         "links": { "shangHai": "http://10.0.0.5:5000", "beiJing": "http://10.1.0.5:5000" }, "tagSlugs": [] },
+    { "name": "文件夹",       "name_i18n": { "en": "Files" }, "groupSlug": "nas", "iconKind": "asset", "iconValue": "file.png", "links": { "shangHai": "http://10.0.0.5:7000", "beiJing": "http://10.1.0.5:7000" }, "tagSlugs": [] },
+    { "name": "Nas Tools",    "groupSlug": "nas",     "iconKind": "asset", "iconValue": "nasTools.png",         "links": { "shangHai": "http://10.0.0.14",  "beiJing": "http://10.1.0.14" }, "tagSlugs": [] },
+
+    { "name": "Esxi",          "groupSlug": "tools",  "iconKind": "asset", "iconValue": "esxi.png",             "links": { "shangHai": "http://10.0.0.3",  "beiJing": "http://10.1.0.3", "guangZhou": "http://10.2.0.3" }, "tagSlugs": [] },
+    { "name": "Home Assistant","groupSlug": "tools",  "iconKind": "asset", "iconValue": "homeAssistant.svg",    "links": { "shangHai": "http://10.0.0.5",  "beiJing": "http://10.1.0.5" }, "tagSlugs": [] },
+    { "name": "思源笔记",      "name_i18n": { "en": "SiYuan Notes" }, "groupSlug": "tools", "iconKind": "asset", "iconValue": "siyuanNote.png", "links": { "shangHai": "http://10.0.0.16:6806/", "beiJing": "http://10.1.0.16:6806/" }, "tagSlugs": [] },
+    { "name": "博客",          "name_i18n": { "en": "Blog" }, "groupSlug": "tools", "iconKind": "asset", "iconValue": "blog.png", "links": { "shangHai": "http://10.0.0.6",  "beiJing": "http://10.1.0.6" }, "tagSlugs": [] },
+    { "name": "Portainer",     "groupSlug": "tools",  "iconKind": "asset", "iconValue": "portainer.svg",        "links": { "shangHai": "http://10.0.0.10:9443", "beiJing": "http://10.1.0.10:9443" }, "tagSlugs": [] },
+    { "name": "青龙",          "name_i18n": { "en": "QingLong" }, "groupSlug": "tools", "iconKind": "asset", "iconValue": "qinglong.png", "links": { "shangHai": "http://10.0.0.15:5700", "beiJing": "http://10.1.0.15:5700" }, "tagSlugs": [] }
+  ]
 }
diff --git a/server/tests/seed.rs b/server/tests/seed.rs
index 1ebec3b..46ee415 100644
--- a/server/tests/seed.rs
+++ b/server/tests/seed.rs
@@ -14,7 +14,7 @@ async fn seed_populates_sites_and_groups() {
     assert!(groups.iter().any(|g| g.slug == "network"));
     assert_eq!(
         cfg.get("site_name").await.unwrap().as_deref(),
-        Some("Navigation")
+        Some("Pico 的小站导航")
     );
 }
 
diff --git a/tests/edit.spec.ts b/tests/edit.spec.ts
new file mode 100644
index 0000000..e0ae85f
--- /dev/null
+++ b/tests/edit.spec.ts
@@ -0,0 +1,38 @@
+import { test, expect } from '@playwright/test';
+
+const PASSWORD = process.env.E2E_ADMIN_PASSWORD ?? 'test1234';
+
+test.describe('edit flow', () => {
+  test('login → toggle edit → create item via dialog', async ({ page }) => {
+    await page.goto('/');
+
+    // Open login dialog
+    await page.getByRole('button', { name: /log in|登录/i }).click();
+    await page.getByLabel(/admin password|管理员密码/i).fill(PASSWORD);
+    await page.getByRole('button', { name: /sign in|登录/i }).click();
+
+    // After login, EditToggle button appears
+    const editBtn = page.getByRole('button', { name: /^edit$|^编辑$/i });
+    await expect(editBtn).toBeVisible({ timeout: 5_000 });
+
+    // Toggle edit mode
+    await editBtn.click();
+    // Visual indicator: body should have edit-mode class
+    await expect(page.locator('body.edit-mode')).toBeVisible();
+
+    // Click the first NewItemAffordance ('+' card)
+    const newItem = page.getByRole('button', { name: /new nav item|新建导航项/i }).first();
+    await newItem.click();
+
+    // Fill ItemEditDialog form
+    await page.getByLabel(/edit — name|name/i).first().fill('E2EItem');
+    await page.getByLabel(/icon value/i).fill('e2e.png');
+    await page.getByLabel(/links/i).fill('{"shangHai":"http://e2e.test"}');
+
+    // Save
+    await page.getByRole('button', { name: /^save$|^保存$/i }).click();
+
+    // Verify the new item appears
+    await expect(page.locator('button[aria-label="E2EItem"]')).toBeVisible({ timeout: 10_000 });
+  });
+});
diff --git a/tests/playwright.config.ts b/tests/playwright.config.ts
new file mode 100644
index 0000000..21cbe52
--- /dev/null
+++ b/tests/playwright.config.ts
@@ -0,0 +1,22 @@
+import { defineConfig, devices } from '@playwright/test';
+
+const PORT = Number(process.env.PORT ?? 18080);
+const BASE_URL = process.env.E2E_BASE_URL ?? `http://127.0.0.1:${PORT}`;
+
+export default defineConfig({
+  testDir: '.',
+  testMatch: '**/*.spec.ts',
+  timeout: 30_000,
+  fullyParallel: false,
+  forbidOnly: !!process.env.CI,
+  retries: process.env.CI ? 1 : 0,
+  reporter: process.env.CI ? 'github' : 'list',
+  use: {
+    baseURL: BASE_URL,
+    trace: 'on-first-retry',
+    screenshot: 'only-on-failure'
+  },
+  projects: [
+    { name: 'chromium', use: { ...devices['Desktop Chrome'] } }
+  ]
+});
diff --git a/tests/read.spec.ts b/tests/read.spec.ts
new file mode 100644
index 0000000..00de0a5
--- /dev/null
+++ b/tests/read.spec.ts
@@ -0,0 +1,24 @@
+import { test, expect } from '@playwright/test';
+
+test.describe('read flow', () => {
+  test('site loads with title and at least one nav item', async ({ page }) => {
+    await page.goto('/');
+    await expect(page).toHaveTitle(/.+/, { timeout: 10_000 });
+
+    // Wait for some NavItem button to render (nav items are <button>)
+    const items = page.locator('button[aria-label]').filter({
+      hasNot: page.locator('[aria-label="Toggle theme"]')
+    });
+    await expect(items.first()).toBeVisible({ timeout: 10_000 });
+  });
+
+  test('search filters', async ({ page }) => {
+    await page.goto('/');
+    const search = page.getByRole('searchbox');
+    await expect(search).toBeVisible({ timeout: 10_000 });
+    await search.fill('Router');
+
+    // After filtering, items containing "Router" should still be there.
+    await expect(page.locator('button[aria-label*="Router"]').first()).toBeVisible({ timeout: 5_000 });
+  });
+});
diff --git a/web/playwright.config.js b/web/playwright.config.js
deleted file mode 100644
index a965a6d..0000000
--- a/web/playwright.config.js
+++ /dev/null
@@ -1,10 +0,0 @@
-import type { PlaywrightTestConfig } from '@playwright/test';
-
-const config: PlaywrightTestConfig = {
-  webServer: {
-    command: 'npm run build && npm run preview',
-    port: 4173
-  }
-};
-
-export default config;
diff --git a/web/tests/test.ts b/web/tests/test.ts
deleted file mode 100644
index 14cf298..0000000
--- a/web/tests/test.ts
+++ /dev/null
@@ -1,6 +0,0 @@
-import { expect, test } from '@playwright/test';
-
-test('about page has expected h1', async ({ page }) => {
-  await page.goto('/about');
-  expect(await page.textContent('h1')).toBe('About this app');
-});

From 19150539504d3034887b2ff5c92228de1da9fc03 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 20 May 2026 19:59:59 +0800
Subject: [PATCH 08/77] fix(deploy): make image actually build/run + fix theme
 palette clash
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

4 fixes after the first real Docker dry-run on host:

1. Dockerfile: rust:1.79-slim → rust:1.88-slim
   `home v0.5.12` (transitive) requires edition2024 (rustc 1.85+);
   `time v0.3.47` requires rustc 1.88. The 1.79-slim base failed at
   `cargo build`. rust-toolchain.toml already pins channel="stable".

2. Dockerfile: dummy build also creates src/lib.rs
   server/Cargo.toml has both [[bin]] and [lib]; the dummy main.rs
   alone made cargo error out: 'couldn't read src/lib.rs'.

3. scripts/docker-smoke.sh: python f-string backslash bug
   Old form 'f\"{...len(b[\"sites\"])...}\"' fails on python3.12+
   ('f-string expression part cannot include a backslash'). Switched
   to .format().

4. web/src/app.scss: drop legacy purple-blue gradient body bg
   The old #root background-image + --text-color: #fff fought with
   the Plan 2 design tokens (--c-bg, --c-text). Header and Footer
   used tokens; main background still used the gradient → the head/
   body palette clashed visibly. app.scss now just sets box-sizing,
   body margin, and a token-driven scrollbar; tokens.scss + Plan 3
   components own all colors.

Verified end-to-end: docker build OK; container hits health, nav,
login, me; SPA renders with consistent palette in both light and
dark themes.
---
 Dockerfile              |   6 +--
 scripts/docker-smoke.sh |   2 +-
 web/src/app.scss        | 101 ++++++----------------------------------
 3 files changed, 18 insertions(+), 91 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index cfeec50..72f5879 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,16 +10,16 @@ COPY web/ ./
 RUN pnpm build
 
 # ──── Stage 2: build server ────
-FROM rust:1.79-slim AS server-build
+FROM rust:1.88-slim AS server-build
 WORKDIR /server
 RUN apt-get update && \
     apt-get install -y --no-install-recommends pkg-config libssl-dev ca-certificates && \
     rm -rf /var/lib/apt/lists/*
 # Cache deps layer
 COPY server/Cargo.toml server/Cargo.lock ./
-RUN mkdir -p src && echo 'fn main(){}' > src/main.rs && \
+RUN mkdir -p src && echo 'fn main(){}' > src/main.rs && echo '' > src/lib.rs && \
     cargo build --release --bin navsrv && \
-    rm -rf src target/release/deps/navsrv* target/release/navsrv
+    rm -rf src target/release/deps/navsrv* target/release/libnavsrv* target/release/navsrv
 # Real build
 COPY server/ ./
 ENV SQLX_OFFLINE=true
diff --git a/scripts/docker-smoke.sh b/scripts/docker-smoke.sh
index 309b522..6d377b2 100755
--- a/scripts/docker-smoke.sh
+++ b/scripts/docker-smoke.sh
@@ -29,7 +29,7 @@ echo "=== health ==="
 curl -sf "http://127.0.0.1:$PORT/api/health"
 echo
 echo "=== nav ==="
-curl -sf "http://127.0.0.1:$PORT/api/nav" | python3 -c 'import sys,json; b=json.load(sys.stdin); print(f"sites={len(b[\"sites\"])} groups={len(b[\"groups\"])} items={len(b[\"items\"])}")'
+curl -sf "http://127.0.0.1:$PORT/api/nav" | python3 -c 'import sys,json; b=json.load(sys.stdin); print("sites={} groups={} items={}".format(len(b["sites"]), len(b["groups"]), len(b["items"])))'
 echo "=== login ==="
 curl -sf -c /tmp/c.txt -X POST -H 'Content-Type: application/json' \
   -d "{\"password\":\"$PASSWORD\"}" "http://127.0.0.1:$PORT/api/auth/login" -w 'login=%{http_code}\n'
diff --git a/web/src/app.scss b/web/src/app.scss
index f76ef93..a5c851d 100644
--- a/web/src/app.scss
+++ b/web/src/app.scss
@@ -4,106 +4,33 @@
   box-sizing: border-box;
 }
 
+html,
 body {
   margin: 0;
-  overflow-y: auto;
-  overflow-y: overlay;
-}
-
-:root {
-  --text-color: #fff;
-  --text-hover-color: rgba(107, 19, 158, 0.4);
-  --nav-item-bg-color: #fff;
-  --linear-gradient: linear-gradient(
-    to right bottom,
-    rgba(222, 83, 71, 0.6) 0%,
-    rgba(75, 138, 244, 0.6) 100%
-  );
+  padding: 0;
 }
 
 #root {
   display: flex;
   flex-direction: column;
   min-height: 100vh;
-  background-image: var(--linear-gradient);
+  background: var(--c-bg);
+  color: var(--c-text);
 }
 
-/******************************* scroll bar start ************************************/
+/* Scrollbar — token-driven, theme-aware */
 ::-webkit-scrollbar {
-  width: 6px;
-  height: 6px;
-  border-radius: 3px;
-}
-::-ms-scrollbar {
-  width: 6px;
-  height: 6px;
-  border-radius: 3px;
-}
-:-ms-scrollbar {
-  width: 6px;
-  height: 6px;
-  border-radius: 3px;
-}
-::-o-scrollbar {
-  width: 6px;
-  height: 6px;
-  border-radius: 3px;
-}
-::scrollbar {
-  width: 6px;
-  height: 6px;
-  border-radius: 3px;
-}
-
-::-webkit-scrollbar-thumb {
-  background: #a5b2e7;
-  border-radius: 3px;
-  box-shadow:
-    inset 2px 2px 2px rgba(255, 255, 255, 0.25),
-    inset -2px -2px 2px rgba(0, 0, 0, 0.25);
-}
-::-ms-scrollbar-thumb {
-  background: #a5b2e7;
-  border-radius: 3px;
-  box-shadow:
-    inset 2px 2px 2px hsla(0, 0%, 100%, 0.25),
-    inset -2px -2px 2px rgba(0, 0, 0, 0.25);
-}
-:-ms-scrollbar-thumb {
-  background: #a5b2e7;
-  border-radius: 3px;
-  box-shadow:
-    inset 2px 2px 2px hsla(0, 0%, 100%, 0.25),
-    inset -2px -2px 2px rgba(0, 0, 0, 0.25);
-}
-::-o-scrollbar-thumb {
-  background: #a5b2e7;
-  border-radius: 3px;
-  box-shadow:
-    inset 2px 2px 2px hsla(0, 0%, 100%, 0.25),
-    inset -2px -2px 2px rgba(0, 0, 0, 0.25);
+  width: 8px;
+  height: 8px;
 }
-::scrollbar-thumb {
-  background: #a5b2e7;
-  border-radius: 3px;
-  box-shadow:
-    inset 2px 2px 2px hsla(0, 0%, 100%, 0.25),
-    inset -2px -2px 2px rgba(0, 0, 0, 0.25);
-}
-
 ::-webkit-scrollbar-track {
   background: transparent;
 }
-::-ms-scrollbar-track {
-  background: transparent;
-}
-:-ms-scrollbar-track {
-  background: transparent;
-}
-::-o-scrollbar-track {
-  background: transparent;
-}
-::scrollbar-track {
-  background: transparent;
+::-webkit-scrollbar-thumb {
+  background: var(--c-border);
+  border-radius: var(--rd-pill);
+
+  &:hover {
+    background: var(--c-text-3);
+  }
 }
-/******************************* scroll bar end ************************************/

From 16eda608208c95c3ffab4092ae29c5f56c264a78 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 20 May 2026 20:50:19 +0800
Subject: [PATCH 09/77] =?UTF-8?q?fix(web):=20UX=20feedback=20round=201=20?=
 =?UTF-8?q?=E2=80=94=20gradient=20+=20glass=20header=20+=20center=20search?=
 =?UTF-8?q?=20+=20ContextMenu?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

User feedback after first Docker dry-run:

1. Search bar now truly viewport-centered: header grid columns
   1fr/auto/1fr (was auto/1fr/auto), with explicit justify-content
   on .left/.right.
2. Region (SiteSelect) menu fixed: Menu's window-click-outside used
   onclick on the same event flow that opened it, immediately closing.
   Switched to mousedown listener attached inside $effect with a
   one-tick "armed" guard. NavItem ContextMenu also benefits — Edit
   menu item now actually fires the dialog (verified end-to-end).
3. Favorite star button hidden in edit mode (fav UX is read-only mode
   only; editing has its own context menu/dialog).
4. (was: 只能新建不能编辑) — same Menu fix above; right-click NavItem →
   Edit → ItemEditDialog opens with target pre-filled. Verified.
7. Restored the warm-coral × cool-indigo radial gradient as ambient
   #root background, and made Header/Footer frosted glass via
   color-mix surface + backdrop-filter blur, so they sit on top of
   the gradient without clashing. Dark theme uses violet/indigo
   gradient.

Verified via headless Playwright: site switch, fav hidden in edit,
right-click → Edit → dialog with pre-filled name all pass.

Out of scope, deferred to next round (per user list):
- #5 layout mode (flat vs grouped) with backend config UI
- #6 drag-drop reorder
---
 web/src/app.scss                              | 26 ++++++++++++++++++-
 web/src/lib/components/Footer/index.svelte    |  5 +++-
 .../lib/components/Header/SearchBar.svelte    |  3 ++-
 web/src/lib/components/Header/index.svelte    | 20 ++++++++++----
 web/src/lib/components/Nav/NavItem.svelte     | 16 +++++++-----
 web/src/lib/components/ui/Menu.svelte         | 21 ++++++++++-----
 6 files changed, 70 insertions(+), 21 deletions(-)

diff --git a/web/src/app.scss b/web/src/app.scss
index a5c851d..7584593 100644
--- a/web/src/app.scss
+++ b/web/src/app.scss
@@ -10,11 +10,35 @@ body {
   padding: 0;
 }
 
+/* Vibrant ambient gradient — sits behind the SPA so the header/footer's
+ * backdrop-blur picks it up as the modern-minimal "frosted glass" feel.
+ * Light theme: warm coral → cool indigo. Dark theme: deep violets.
+ */
+:root {
+  --gradient-bg: radial-gradient(
+      ellipse at top left,
+      rgba(240, 145, 130, 0.55) 0%,
+      transparent 55%
+    ),
+    radial-gradient(ellipse at bottom right, rgba(99, 132, 240, 0.5) 0%, transparent 55%),
+    linear-gradient(135deg, #fef0eb 0%, #eef0ff 100%);
+}
+
+[data-theme='dark'] {
+  --gradient-bg: radial-gradient(
+      ellipse at top left,
+      rgba(110, 40, 90, 0.6) 0%,
+      transparent 55%
+    ),
+    radial-gradient(ellipse at bottom right, rgba(50, 60, 140, 0.55) 0%, transparent 55%),
+    linear-gradient(135deg, #14101c 0%, #0e0e18 100%);
+}
+
 #root {
   display: flex;
   flex-direction: column;
   min-height: 100vh;
-  background: var(--c-bg);
+  background: var(--gradient-bg) fixed;
   color: var(--c-text);
 }
 
diff --git a/web/src/lib/components/Footer/index.svelte b/web/src/lib/components/Footer/index.svelte
index 4a2ad07..e7ac0cc 100644
--- a/web/src/lib/components/Footer/index.svelte
+++ b/web/src/lib/components/Footer/index.svelte
@@ -27,7 +27,10 @@
     justify-content: center;
     padding: var(--sp-5) var(--sp-4);
     margin-top: var(--sp-8);
-    border-top: 1px solid var(--c-border);
+    background: color-mix(in srgb, var(--c-surface) 75%, transparent);
+    backdrop-filter: blur(12px) saturate(140%);
+    -webkit-backdrop-filter: blur(12px) saturate(140%);
+    border-top: 1px solid color-mix(in srgb, var(--c-border) 60%, transparent);
     color: var(--c-text-3);
     font-size: var(--fs-xs);
   }
diff --git a/web/src/lib/components/Header/SearchBar.svelte b/web/src/lib/components/Header/SearchBar.svelte
index cea3e57..32cbc8a 100644
--- a/web/src/lib/components/Header/SearchBar.svelte
+++ b/web/src/lib/components/Header/SearchBar.svelte
@@ -30,7 +30,8 @@
 
 <style lang="scss">
   .search {
-    flex: 1;
+    width: 100%;
     max-width: 480px;
+    margin: 0 auto;
   }
 </style>
diff --git a/web/src/lib/components/Header/index.svelte b/web/src/lib/components/Header/index.svelte
index 488ef6a..18f559a 100644
--- a/web/src/lib/components/Header/index.svelte
+++ b/web/src/lib/components/Header/index.svelte
@@ -30,26 +30,36 @@
     top: 0;
     z-index: 50;
     display: grid;
-    grid-template-columns: auto 1fr auto;
+    grid-template-columns: 1fr auto 1fr;
     align-items: center;
     gap: var(--sp-3);
     padding: var(--sp-3) var(--sp-4);
-    background: var(--c-bg);
-    border-bottom: 1px solid var(--c-border);
+    background: color-mix(in srgb, var(--c-surface) 75%, transparent);
+    backdrop-filter: blur(12px) saturate(140%);
+    -webkit-backdrop-filter: blur(12px) saturate(140%);
+    border-bottom: 1px solid color-mix(in srgb, var(--c-border) 60%, transparent);
+  }
+
+  .left {
+    display: flex;
+    align-items: center;
+    justify-content: flex-start;
+    gap: var(--sp-2);
   }
 
-  .left,
   .right {
     display: flex;
     align-items: center;
+    justify-content: flex-end;
     gap: var(--sp-2);
   }
 
   .center {
     display: flex;
     align-items: center;
+    justify-content: center;
     gap: var(--sp-3);
-    min-width: 0;
+    min-width: 320px;
   }
 
   @media (max-width: 720px) {
diff --git a/web/src/lib/components/Nav/NavItem.svelte b/web/src/lib/components/Nav/NavItem.svelte
index 44de551..de8fea6 100644
--- a/web/src/lib/components/Nav/NavItem.svelte
+++ b/web/src/lib/components/Nav/NavItem.svelte
@@ -92,13 +92,15 @@
   >
     <img class="icon" src={iconSrc()} alt="" loading="lazy" />
   </button>
-  <button
-    type="button"
-    class="fav"
-    aria-label={isFav ? 'Unfavorite' : 'Favorite'}
-    aria-pressed={isFav}
-    onclick={onFavClick}>★</button
-  >
+  {#if !$editModeStore}
+    <button
+      type="button"
+      class="fav"
+      aria-label={isFav ? 'Unfavorite' : 'Favorite'}
+      aria-pressed={isFav}
+      onclick={onFavClick}>★</button
+    >
+  {/if}
   <span class="label">{displayName}</span>
 </div>
 
diff --git a/web/src/lib/components/ui/Menu.svelte b/web/src/lib/components/ui/Menu.svelte
index 6c728ca..3ebfe72 100644
--- a/web/src/lib/components/ui/Menu.svelte
+++ b/web/src/lib/components/ui/Menu.svelte
@@ -53,15 +53,24 @@
     if (!open) return;
     focusedIdx = 0;
     requestAnimationFrame(() => menuEl?.focus());
-  });
 
-  function onWindowClick(e: MouseEvent) {
-    if (!open || !menuEl) return;
-    if (!menuEl.contains(e.target as Node)) close();
-  }
+    // Click-outside dismiss. Defer attaching so the click that opened the menu
+    // doesn't immediately close it on the same event flow.
+    let armed = false;
+    const armTimer = setTimeout(() => (armed = true), 0);
+    const handler = (e: MouseEvent) => {
+      if (!armed || !menuEl) return;
+      if (!menuEl.contains(e.target as Node)) close();
+    };
+    window.addEventListener('mousedown', handler);
+    return () => {
+      clearTimeout(armTimer);
+      window.removeEventListener('mousedown', handler);
+    };
+  });
 </script>
 
-<svelte:window onkeydown={onKey} onclick={onWindowClick} />
+<svelte:window onkeydown={onKey} />
 
 {#if open}
   <div bind:this={menuEl} class="menu" role="menu" tabindex="-1" style="left: {x}px; top: {y}px">

From ab6aa473e2cead99b30f1ebb210b4ea97b4c16e7 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 20 May 2026 21:11:51 +0800
Subject: [PATCH 10/77] feat: layout mode (flat/grouped) configurable in
 Settings + drag-drop reorder
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Round 2 of UX feedback (#5 + #6):

#5 Layout mode (backend-configurable)
- server/src/dto.rs: Meta gains layout_mode: String (camelCase wire).
- server/src/services/bundle.rs: read config["layout_mode"], default "grouped".
- web/src/lib/types/nav.ts: MetaSchema layoutMode = z.enum(['grouped','flat']).catch('grouped').
- web/src/lib/stores/visible.ts: visibleFlatItems (derived flatten of sections),
  layoutMode (derived from bundle.meta).
- web/src/routes/+page.svelte: branch on $layoutMode → NavGrid (flat) vs
  GroupSection per group (grouped).
- web/src/lib/components/Editor/SettingsDialog.svelte (new): radio group for
  layout, PATCH /api/config + navDataStore.refetch().
- web/src/lib/components/Header/AuthControls.svelte: ⚙ Settings IconButton +
  refactor 🔑 to IconButton (so aria-label is set; previous Button-based 🔑
  had no accessible name).

#6 Drag-and-drop reorder
- web/package.json: + svelte-dnd-action ^0.9.69
- web/src/lib/api/nav.ts: + reorderItems(entries) + patchConfig(pairs).
- web/src/lib/components/Nav/NavGrid.svelte: in edit mode, wrap grid with
  dndzone; on finalize, optimistic update navDataStore + POST /api/items/reorder;
  rollback on error. dragDisabled = !$editModeStore (unauthed/read-only).
- web/src/lib/components/Nav/GroupSection.svelte: pass groupId through to
  NavGrid so reorder payload is correct per-group.

Verified end-to-end via Playwright:
  - default = grouped (4 group headers visible)
  - login → ⚙ Settings → switch flat → save → page now single grid of 17 items
  - switch back to grouped → 4 group headers return
---
 server/src/dto.rs                             |   3 +
 server/src/services/bundle.rs                 |   6 +
 web/package.json                              |   1 +
 web/pnpm-lock.yaml                            |  12 ++
 web/src/lib/api/nav.ts                        |  23 ++++
 .../components/Editor/SettingsDialog.svelte   | 118 ++++++++++++++++++
 .../lib/components/Header/AuthControls.svelte |  11 +-
 .../lib/components/Nav/GroupSection.svelte    |   2 +-
 web/src/lib/components/Nav/NavGrid.svelte     |  77 +++++++++++-
 web/src/lib/stores/visible.ts                 |  10 ++
 web/src/lib/types/nav.ts                      |   4 +-
 web/src/routes/+page.svelte                   |  19 ++-
 12 files changed, 279 insertions(+), 7 deletions(-)
 create mode 100644 web/src/lib/components/Editor/SettingsDialog.svelte

diff --git a/server/src/dto.rs b/server/src/dto.rs
index 93bc25e..5db08b9 100644
--- a/server/src/dto.rs
+++ b/server/src/dto.rs
@@ -72,6 +72,9 @@ pub struct Meta {
     pub site_icp: Option<Link>,
     pub site_police: Option<Link>,
     pub default_theme: String,
+    /// "grouped" (default) renders items inside their group sections;
+    /// "flat" renders all items in a single grid (legacy nav layout).
+    pub layout_mode: String,
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
diff --git a/server/src/services/bundle.rs b/server/src/services/bundle.rs
index 42244c2..531961b 100644
--- a/server/src/services/bundle.rs
+++ b/server/src/services/bundle.rs
@@ -19,6 +19,7 @@ pub async fn assemble_bundle(
             "site_police_text",
             "site_police_url",
             "default_theme",
+            "layout_mode",
         ])
         .await?;
 
@@ -50,6 +51,11 @@ pub async fn assemble_bundle(
             .get("default_theme")
             .cloned()
             .unwrap_or_else(|| "system".into()),
+        layout_mode: cfg
+            .get("layout_mode")
+            .cloned()
+            .filter(|v| v == "flat" || v == "grouped")
+            .unwrap_or_else(|| "grouped".into()),
     };
 
     Ok(NavBundle {
diff --git a/web/package.json b/web/package.json
index 6582852..ed12083 100644
--- a/web/package.json
+++ b/web/package.json
@@ -40,6 +40,7 @@
     "vitest": "^2.1.0"
   },
   "dependencies": {
+    "svelte-dnd-action": "^0.9.69",
     "zod": "^3.23.8"
   }
 }
diff --git a/web/pnpm-lock.yaml b/web/pnpm-lock.yaml
index 1e229d8..f64ce10 100644
--- a/web/pnpm-lock.yaml
+++ b/web/pnpm-lock.yaml
@@ -8,6 +8,9 @@ importers:
 
   .:
     dependencies:
+      svelte-dnd-action:
+        specifier: ^0.9.69
+        version: 0.9.69(svelte@5.55.8(@typescript-eslint/types@8.59.4))
       zod:
         specifier: ^3.23.8
         version: 3.25.76
@@ -1231,6 +1234,11 @@ packages:
       svelte: ^4.0.0 || ^5.0.0-next.0
       typescript: '>=5.0.0'
 
+  svelte-dnd-action@0.9.69:
+    resolution: {integrity: sha512-NAmSOH7htJoYraTQvr+q5whlIuVoq88vEuHr4NcFgscDRUxfWPPxgie2OoxepBCQCikrXZV4pqV86aun60wVyw==}
+    peerDependencies:
+      svelte: '>=3.23.0 || ^5.0.0-next.0'
+
   svelte-eslint-parser@0.43.0:
     resolution: {integrity: sha512-GpU52uPKKcVnh8tKN5P4UZpJ/fUDndmq7wfsvoVXsyP+aY0anol7Yqo01fyrlaWGMFfm4av5DyrjlaXdLRJvGA==}
     engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}
@@ -2439,6 +2447,10 @@ snapshots:
     transitivePeerDependencies:
       - picomatch
 
+  svelte-dnd-action@0.9.69(svelte@5.55.8(@typescript-eslint/types@8.59.4)):
+    dependencies:
+      svelte: 5.55.8(@typescript-eslint/types@8.59.4)
+
   svelte-eslint-parser@0.43.0(svelte@5.55.8(@typescript-eslint/types@8.59.4)):
     dependencies:
       eslint-scope: 7.2.2
diff --git a/web/src/lib/api/nav.ts b/web/src/lib/api/nav.ts
index 0a80f26..551a365 100644
--- a/web/src/lib/api/nav.ts
+++ b/web/src/lib/api/nav.ts
@@ -45,3 +45,26 @@ export function changePassword(current: string, next: string): Promise<void> {
     body: { current, next }
   });
 }
+
+export interface ReorderEntry {
+  id: number;
+  sortOrder: number;
+  groupId?: number | null;
+}
+
+export function reorderItems(entries: ReorderEntry[]): Promise<void> {
+  return apiClient<void>({
+    method: 'POST',
+    path: '/api/items/reorder',
+    body: entries
+  });
+}
+
+/** PATCH /api/config — body is array of { key, value }. Admin auth required. */
+export function patchConfig(pairs: { key: string; value: string }[]): Promise<void> {
+  return apiClient<void>({
+    method: 'PATCH',
+    path: '/api/config',
+    body: pairs
+  });
+}
diff --git a/web/src/lib/components/Editor/SettingsDialog.svelte b/web/src/lib/components/Editor/SettingsDialog.svelte
new file mode 100644
index 0000000..f70d468
--- /dev/null
+++ b/web/src/lib/components/Editor/SettingsDialog.svelte
@@ -0,0 +1,118 @@
+<script lang="ts">
+  import Dialog from '$lib/components/ui/Dialog.svelte';
+  import Button from '$lib/components/ui/Button.svelte';
+  import { navDataStore } from '$lib/stores/navData';
+  import { patchConfig } from '$lib/api/nav';
+  import { ApiError } from '$lib/api/client';
+  import { toast } from '$lib/components/ui/toast';
+  import { t } from '$lib/i18n/store';
+
+  interface Props {
+    open: boolean;
+  }
+  let { open = $bindable(false) }: Props = $props();
+
+  let layoutMode = $state<'grouped' | 'flat'>('grouped');
+  let saving = $state(false);
+  let error = $state<string | null>(null);
+
+  $effect(() => {
+    if (!open) return;
+    layoutMode = ($navDataStore.bundle?.meta.layoutMode ?? 'grouped') as 'grouped' | 'flat';
+    error = null;
+  });
+
+  async function save() {
+    if (saving) return;
+    saving = true;
+    error = null;
+    try {
+      await patchConfig([{ key: 'layout_mode', value: layoutMode }]);
+      await navDataStore.refetch();
+      toast.success($t('common.save') + ' ✓');
+      open = false;
+    } catch (e) {
+      error = e instanceof ApiError ? (e.message ?? e.code) : $t('error.unknown');
+    } finally {
+      saving = false;
+    }
+  }
+</script>
+
+<Dialog bind:open title="Site settings" width="sm">
+  <div class="form">
+    <fieldset>
+      <legend>Layout mode</legend>
+      <label class="radio">
+        <input type="radio" name="layoutMode" value="grouped" bind:group={layoutMode} />
+        <span>
+          <strong>Grouped</strong>
+          <small>Render sections per group (Network / Media / NAS / Tools).</small>
+        </span>
+      </label>
+      <label class="radio">
+        <input type="radio" name="layoutMode" value="flat" bind:group={layoutMode} />
+        <span>
+          <strong>Flat</strong>
+          <small>Render every visible item in one grid (legacy nav-only layout).</small>
+        </span>
+      </label>
+    </fieldset>
+    {#if error}<p class="err">{error}</p>{/if}
+  </div>
+  {#snippet footer()}
+    <Button intent="ghost" onclick={() => (open = false)}>{$t('common.cancel')}</Button>
+    <Button intent="primary" onclick={save} loading={saving}>{$t('common.save')}</Button>
+  {/snippet}
+</Dialog>
+
+<style lang="scss">
+  .form {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-3);
+  }
+  fieldset {
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-md);
+    padding: var(--sp-3) var(--sp-4);
+    margin: 0;
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-3);
+  }
+  legend {
+    padding: 0 var(--sp-2);
+    font-size: var(--fs-sm);
+    font-weight: var(--fw-medium);
+    color: var(--c-text-2);
+  }
+  .radio {
+    display: flex;
+    align-items: flex-start;
+    gap: var(--sp-2);
+    cursor: pointer;
+    input[type='radio'] {
+      margin-top: 4px;
+      accent-color: var(--c-accent);
+    }
+    span {
+      display: flex;
+      flex-direction: column;
+      gap: 2px;
+    }
+    strong {
+      font-size: var(--fs-md);
+      color: var(--c-text);
+    }
+    small {
+      font-size: var(--fs-xs);
+      color: var(--c-text-3);
+    }
+  }
+  .err {
+    margin: 0;
+    color: var(--c-danger);
+    font-size: var(--fs-sm);
+  }
+</style>
diff --git a/web/src/lib/components/Header/AuthControls.svelte b/web/src/lib/components/Header/AuthControls.svelte
index 03a8424..8096b3f 100644
--- a/web/src/lib/components/Header/AuthControls.svelte
+++ b/web/src/lib/components/Header/AuthControls.svelte
@@ -1,13 +1,16 @@
 <script lang="ts">
   import Button from '$lib/components/ui/Button.svelte';
+  import IconButton from '$lib/components/ui/IconButton.svelte';
   import LoginDialog from '$lib/components/Editor/LoginDialog.svelte';
   import ChangePasswordDialog from '$lib/components/Editor/ChangePasswordDialog.svelte';
+  import SettingsDialog from '$lib/components/Editor/SettingsDialog.svelte';
   import EditToggle from './EditToggle.svelte';
   import { sessionStore } from '$lib/stores/session';
   import { t } from '$lib/i18n/store';
 
   let loginOpen = $state(false);
   let pwOpen = $state(false);
+  let settingsOpen = $state(false);
 
   async function onLogout() {
     await sessionStore.logout();
@@ -16,7 +19,12 @@
 
 {#if $sessionStore.authed}
   <EditToggle />
-  <Button intent="ghost" size="sm" onclick={() => (pwOpen = true)}>🔑</Button>
+  <IconButton label="Settings" onclick={() => (settingsOpen = true)}>
+    <span aria-hidden="true">⚙</span>
+  </IconButton>
+  <IconButton label="Change password" onclick={() => (pwOpen = true)}>
+    <span aria-hidden="true">🔑</span>
+  </IconButton>
   <Button intent="ghost" size="sm" onclick={onLogout}>{$t('header.logout')}</Button>
 {:else}
   <Button intent="ghost" size="sm" onclick={() => (loginOpen = true)}>{$t('header.login')}</Button>
@@ -24,3 +32,4 @@
 
 <LoginDialog bind:open={loginOpen} />
 <ChangePasswordDialog bind:open={pwOpen} />
+<SettingsDialog bind:open={settingsOpen} />
diff --git a/web/src/lib/components/Nav/GroupSection.svelte b/web/src/lib/components/Nav/GroupSection.svelte
index 14e9a7a..b96032e 100644
--- a/web/src/lib/components/Nav/GroupSection.svelte
+++ b/web/src/lib/components/Nav/GroupSection.svelte
@@ -19,7 +19,7 @@
     <GroupHeader group={section.group} />
   {/if}
   {#if isOpen}
-    <NavGrid items={section.items} {onEdit} />
+    <NavGrid items={section.items} groupId={section.group?.id ?? null} {onEdit} />
   {/if}
 </section>
 
diff --git a/web/src/lib/components/Nav/NavGrid.svelte b/web/src/lib/components/Nav/NavGrid.svelte
index 2b2f792..6194937 100644
--- a/web/src/lib/components/Nav/NavGrid.svelte
+++ b/web/src/lib/components/Nav/NavGrid.svelte
@@ -1,16 +1,81 @@
 <script lang="ts">
   import type { Item } from '$lib/types/nav';
   import NavItem from './NavItem.svelte';
+  import { editModeStore } from '$lib/stores/editMode';
+  import { dndzone, type DndEvent } from 'svelte-dnd-action';
+  import { navDataStore } from '$lib/stores/navData';
+  import { reorderItems } from '$lib/api/nav';
+  import { toast } from '$lib/components/ui/toast';
+  import { t } from '$lib/i18n/store';
 
   interface Props {
     items: Item[];
     onEdit?: (item: Item) => void;
+    /** Group id this grid belongs to. null = ungrouped / favorites / flat. */
+    groupId?: number | null;
+  }
+  let { items, onEdit, groupId = null }: Props = $props();
+
+  // Local mirror so dndzone can mutate during drag.
+  let working: Item[] = $state(items);
+  $effect(() => {
+    working = items;
+  });
+
+  // Disable dnd outside edit mode (read-only or unauthed).
+  const dragDisabled = $derived(!$editModeStore);
+
+  function onConsider(e: CustomEvent<DndEvent<Item>>) {
+    working = e.detail.items;
+  }
+
+  async function onFinalize(e: CustomEvent<DndEvent<Item>>) {
+    working = e.detail.items;
+    const before = $navDataStore.bundle;
+    if (!before) return;
+
+    // Build payload — every item in this grid gets new sortOrder.
+    const entries = working.map((it, i) => ({
+      id: it.id,
+      sortOrder: i,
+      groupId: groupId
+    }));
+
+    // Optimistic: patch navDataStore items to reflect new order.
+    const movedIds = new Set(entries.map((e) => e.id));
+    const orderById = new Map(entries.map((e, i) => [e.id, i]));
+    const newItems = before.items.map((it) =>
+      movedIds.has(it.id)
+        ? {
+            ...it,
+            sortOrder: orderById.get(it.id) ?? it.sortOrder,
+            groupId
+          }
+        : it
+    );
+    navDataStore.setBundle({ ...before, items: newItems });
+
+    try {
+      await reorderItems(entries);
+    } catch {
+      navDataStore.refetch();
+      toast.error($t('error.unknown'));
+    }
   }
-  let { items, onEdit }: Props = $props();
 </script>
 
-<div class="grid">
-  {#each items as item (item.id)}
+<div
+  class="grid"
+  use:dndzone={{
+    items: working,
+    dragDisabled,
+    flipDurationMs: 180,
+    dropTargetStyle: {}
+  }}
+  onconsider={onConsider}
+  onfinalize={onFinalize}
+>
+  {#each working as item (item.id)}
     <NavItem {item} {onEdit} />
   {/each}
 </div>
@@ -23,4 +88,10 @@
     justify-content: center;
     width: 100%;
   }
+  /* dnd-action ghost & dropping styles */
+  :global(.grid > [data-is-dnd-shadow-item]) {
+    visibility: visible;
+    opacity: 0.5;
+    pointer-events: none;
+  }
 </style>
diff --git a/web/src/lib/stores/visible.ts b/web/src/lib/stores/visible.ts
index 38233e5..547690f 100644
--- a/web/src/lib/stores/visible.ts
+++ b/web/src/lib/stores/visible.ts
@@ -92,6 +92,16 @@ export const allTagSlugs: Readable<string[]> = derived(navDataStore, ($n) =>
   $n.bundle ? $n.bundle.tags.map((t) => t.slug).sort() : []
 );
 
+/** Flat layout: all visible items in one list (no grouping). */
+export const visibleFlatItems: Readable<Item[]> = derived(visibleSections, ($sections) =>
+  $sections.flatMap((s) => s.items)
+);
+
+/** Backend-controlled layout mode (read from bundle.meta). */
+export const layoutMode: Readable<'grouped' | 'flat'> = derived(navDataStore, ($n) =>
+  $n.bundle?.meta.layoutMode === 'flat' ? 'flat' : 'grouped'
+);
+
 /** True if any filter (search or tag) is active. */
 export const hasActiveFilter: Readable<boolean> = derived(
   [searchQuery, activeTagSlugs],
diff --git a/web/src/lib/types/nav.ts b/web/src/lib/types/nav.ts
index 030a2c3..5507c7c 100644
--- a/web/src/lib/types/nav.ts
+++ b/web/src/lib/types/nav.ts
@@ -64,7 +64,9 @@ export const MetaSchema = z.object({
   siteCopyright: z.string(),
   siteIcp: LinkSchema.nullable(),
   sitePolice: LinkSchema.nullable(),
-  defaultTheme: z.enum(['system', 'light', 'dark'])
+  defaultTheme: z.enum(['system', 'light', 'dark']),
+  /** "grouped" = render group sections; "flat" = single grid (legacy) */
+  layoutMode: z.enum(['grouped', 'flat']).catch('grouped')
 });
 export type Meta = z.infer<typeof MetaSchema>;
 
diff --git a/web/src/routes/+page.svelte b/web/src/routes/+page.svelte
index 4e737d6..0f9380c 100644
--- a/web/src/routes/+page.svelte
+++ b/web/src/routes/+page.svelte
@@ -1,7 +1,14 @@
 <script lang="ts">
   import { navDataStore } from '$lib/stores/navData';
-  import { visibleSections, hasActiveFilter, clearFilters } from '$lib/stores/visible';
+  import {
+    visibleSections,
+    visibleFlatItems,
+    layoutMode,
+    hasActiveFilter,
+    clearFilters
+  } from '$lib/stores/visible';
   import GroupSection from '$lib/components/Nav/GroupSection.svelte';
+  import NavGrid from '$lib/components/Nav/NavGrid.svelte';
   import FavoritesSection from '$lib/components/Nav/FavoritesSection.svelte';
   import EmptyState from '$lib/components/Nav/EmptyState.svelte';
   import Skeleton from '$lib/components/ui/Skeleton.svelte';
@@ -61,6 +68,13 @@
         </div>
       {/if}
     {/if}
+  {:else if $layoutMode === 'flat'}
+    <section class="flat">
+      <NavGrid items={$visibleFlatItems} groupId={null} onEdit={openEdit} />
+      {#if $editModeStore}
+        <NewItemAffordance onClick={() => openCreate(null)} />
+      {/if}
+    </section>
   {:else}
     {#each $visibleSections as section (section.group?.id ?? 'ungrouped')}
       <GroupSection {section} onEdit={openEdit} />
@@ -86,4 +100,7 @@
     justify-content: center;
     margin-top: var(--sp-3);
   }
+  .flat {
+    margin-bottom: var(--sp-7);
+  }
 </style>

From ef6287431be1fa6ee2221995117da1274c32285b Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Thu, 21 May 2026 13:37:03 +0800
Subject: [PATCH 11/77] feat(web): redesign UI to master visual + Launchpad
 folder mode
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

UI overhaul to bring the design back to master's vibrant identity while
keeping the new edit-mode / i18n / dark-mode functionality.

Visual language
- Restore master's red→blue diagonal gradient as the page canvas; remove
  per-section frosted bars (header / footer) so the gradient flows top to
  bottom uninterrupted.
- Card primitives: 96→120px, soft 0 0 22px shadow, 22px radius, no border;
  bold white labels with text-shadow; shake-bounce on hover.
- Header & Footer fully transparent (no backdrop-filter, removing the
  stacking context that was clipping child Dialog fixed positioning).
- Header inner full-width: brand pinned left, search pill centered,
  controls pinned right; icons unified to 18px monochrome SVGs (theme,
  globe, gear, key, pencil edit-toggle).
- Search input promoted to a clear glass pill with stronger border.
- Menu / Dialog / Toast all get the same frosted glass treatment so popups
  read as one family with the rest of the page.

Launchpad folder mode
- Grouped layout now renders each group as a folder tile (120x120 glass
  card with 2x2 mini-icon preview + group name); clicking opens a
  full-screen frosted modal with that group's full NavGrid inside.
- New components: Nav/GroupFolder.svelte, Nav/GroupFolderModal.svelte.
- Search bypasses folders and flat-lists matching items.
- Flat mode unchanged.

Layout / spacing
- Main is top-aligned with padding-top 100px so content sits below the
  sticky transparent header with breathing room.
- Favorites section hidden when search/tag filter is active and in flat
  mode (favorites are a grouped-only feature).

Editor improvements
- ItemEditDialog: links go from JSON textarea to a structured row editor
  (site dropdown + URL + remove + Add link); icon picker grid for the
  asset kind, fed by a build-time manifest generated by a small vite
  plugin (web/static/navIcons-manifest.json).
- SettingsDialog: bigger (md) width; expose site_name / site_avatar_path
  / site_copyright as inputs; layout-mode picker becomes two preview
  cards with mini mockups; diff-only patch on save; hydrate-once guard
  so navData refetches don't wipe in-flight edits.

Smaller fixes
- SiteSelect / LocaleToggle dropdowns mark the active item with ✓.
- LocaleToggle is now a real menu (中文 / English) instead of a one-shot toggle.
- Cancel ghost button in dialog footers gets a visible border + soft fill
  so it doesn't melt into the glass.
- Favorite star is hidden by default, appears on cell hover, uses outline
  vs filled SVG to encode state without a chip background.
- NewItemAffordance lives inside NavGrid (display:contents trick) so it
  sits as the trailing cell of the same row, not a separate row.

Build / chore
- vite plugin scans web/static/navIcons/ on configResolved and writes
  navIcons-manifest.json; .gitignore + .prettierignore updated to ignore
  the generated manifest and local-data/ dev sqlite.
---
 .gitignore                                    |   4 +
 web/.prettierignore                           |   3 +
 web/src/app.scss                              |  26 +-
 .../components/Editor/ItemEditDialog.svelte   | 308 +++++++++++++++---
 .../Editor/NewItemAffordance.svelte           |  37 ++-
 .../components/Editor/SettingsDialog.svelte   | 229 +++++++++++--
 web/src/lib/components/Footer/index.svelte    |  42 +--
 .../lib/components/Header/AuthControls.svelte |  34 +-
 .../lib/components/Header/EditToggle.svelte   |  58 +++-
 .../lib/components/Header/LocaleToggle.svelte |  48 ++-
 .../lib/components/Header/SiteSelect.svelte   |   2 +-
 .../lib/components/Header/ThemeToggle.svelte  |  48 ++-
 web/src/lib/components/Header/index.svelte    | 127 +++++++-
 web/src/lib/components/Nav/EmptyState.svelte  |   5 +-
 .../components/Nav/FavoritesSection.svelte    |   2 +-
 web/src/lib/components/Nav/GroupFolder.svelte | 131 ++++++++
 .../components/Nav/GroupFolderModal.svelte    | 123 +++++++
 web/src/lib/components/Nav/GroupHeader.svelte |   6 +-
 .../lib/components/Nav/GroupSection.svelte    |  13 +-
 web/src/lib/components/Nav/NavGrid.svelte     |  54 ++-
 web/src/lib/components/Nav/NavItem.svelte     | 136 ++++++--
 web/src/lib/components/ui/Dialog.svelte       |  61 +++-
 web/src/lib/components/ui/Menu.svelte         |  38 ++-
 web/src/lib/components/ui/Toast.svelte        |  26 +-
 web/src/lib/design/tokens.scss                |  19 ++
 web/src/routes/+layout.svelte                 |   7 +-
 web/src/routes/+page.svelte                   |  87 ++++-
 web/vite.config.ts                            |  29 +-
 28 files changed, 1444 insertions(+), 259 deletions(-)
 create mode 100644 web/src/lib/components/Nav/GroupFolder.svelte
 create mode 100644 web/src/lib/components/Nav/GroupFolderModal.svelte

diff --git a/.gitignore b/.gitignore
index 7940c0b..32999ae 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,9 +26,13 @@ server/dev-data/
 
 # Local volumes / runtime
 data/
+local-data/
 *.log
 *.pid
 
+# Generated at build time by vite plugin (web/vite.config.ts)
+web/static/navIcons-manifest.json
+
 # Worktrees (per ~/.claude/rules/worktree-location.md)
 .worktrees/
 
diff --git a/web/.prettierignore b/web/.prettierignore
index 6358727..534c138 100644
--- a/web/.prettierignore
+++ b/web/.prettierignore
@@ -14,3 +14,6 @@ yarn.lock
 
 # TS syntax in .js extension — pending rename in Phase 1
 playwright.config.js
+
+# Generated at build time by vite plugin
+static/navIcons-manifest.json
diff --git a/web/src/app.scss b/web/src/app.scss
index 7584593..4620094 100644
--- a/web/src/app.scss
+++ b/web/src/app.scss
@@ -10,28 +10,20 @@ body {
   padding: 0;
 }
 
-/* Vibrant ambient gradient — sits behind the SPA so the header/footer's
- * backdrop-blur picks it up as the modern-minimal "frosted glass" feel.
- * Light theme: warm coral → cool indigo. Dark theme: deep violets.
+/* Vibrant diagonal gradient — coral → indigo, à la the original master UI.
+ * Sits behind the SPA so the header/footer's backdrop-blur lifts as
+ * frosted glass over a warm-to-cool wash. Dark theme: deep violet → midnight.
  */
 :root {
-  --gradient-bg: radial-gradient(
-      ellipse at top left,
-      rgba(240, 145, 130, 0.55) 0%,
-      transparent 55%
-    ),
-    radial-gradient(ellipse at bottom right, rgba(99, 132, 240, 0.5) 0%, transparent 55%),
-    linear-gradient(135deg, #fef0eb 0%, #eef0ff 100%);
+  --gradient-bg: linear-gradient(
+    to right bottom,
+    rgba(222, 83, 71, 0.62) 0%,
+    rgba(75, 138, 244, 0.62) 100%
+  );
 }
 
 [data-theme='dark'] {
-  --gradient-bg: radial-gradient(
-      ellipse at top left,
-      rgba(110, 40, 90, 0.6) 0%,
-      transparent 55%
-    ),
-    radial-gradient(ellipse at bottom right, rgba(50, 60, 140, 0.55) 0%, transparent 55%),
-    linear-gradient(135deg, #14101c 0%, #0e0e18 100%);
+  --gradient-bg: linear-gradient(to right bottom, #2a0f25 0%, #0e1430 100%);
 }
 
 #root {
diff --git a/web/src/lib/components/Editor/ItemEditDialog.svelte b/web/src/lib/components/Editor/ItemEditDialog.svelte
index a4d83fd..698d16c 100644
--- a/web/src/lib/components/Editor/ItemEditDialog.svelte
+++ b/web/src/lib/components/Editor/ItemEditDialog.svelte
@@ -1,4 +1,5 @@
 <script lang="ts">
+  import { onMount } from 'svelte';
   import Dialog from '$lib/components/ui/Dialog.svelte';
   import Input from '$lib/components/ui/Input.svelte';
   import Button from '$lib/components/ui/Button.svelte';
@@ -9,6 +10,22 @@
   import { ApiError } from '$lib/api/client';
   import type { Item } from '$lib/types/nav';
 
+  /** List of bundled asset filenames, fetched lazily on first open.
+   * Generated at build/dev time by vite plugin in vite.config.ts. */
+  let assetIcons = $state<string[]>([]);
+  let assetIconsLoaded = false;
+  async function loadAssetIcons() {
+    if (assetIconsLoaded) return;
+    assetIconsLoaded = true;
+    try {
+      const res = await fetch('/navIcons-manifest.json');
+      if (res.ok) assetIcons = (await res.json()) as string[];
+    } catch {
+      /* manifest may be missing in some build flavors; picker just shows empty */
+    }
+  }
+  onMount(loadAssetIcons);
+
   interface Props {
     open: boolean;
     /** When set, dialog is in edit mode for this item; null = create. */
@@ -24,44 +41,62 @@
   let groupId = $state<number | null>(null);
   let iconKind = $state<'asset' | 'url' | 'auto-favicon'>('asset');
   let iconValue = $state('');
-  let linksJson = $state('{}'); // simplified MVP: edit links as JSON
+  /** Each row = (site value, url). Empty rows are dropped on submit. */
+  let linkRows = $state<Array<{ siteValue: string; url: string }>>([]);
   let tagSlugsCsv = $state(''); // simplified: comma-separated
   let submitting = $state(false);
   let error = $state<string | null>(null);
 
+  let hydrated = $state(false);
   $effect(() => {
-    // sync form when target / open changes
-    if (!open) return;
-    if (target) {
-      name = target.name;
-      groupId = target.groupId;
-      iconKind = target.iconKind;
-      iconValue = target.iconValue;
-      linksJson = JSON.stringify(target.links, null, 2);
-      tagSlugsCsv = target.tagSlugs.join(', ');
-    } else {
-      name = '';
-      groupId = defaultGroupId;
-      iconKind = 'asset';
-      iconValue = '';
-      linksJson = '{}';
-      tagSlugsCsv = '';
+    if (open && !hydrated) {
+      if (target) {
+        name = target.name;
+        groupId = target.groupId;
+        iconKind = target.iconKind;
+        iconValue = target.iconValue;
+        linkRows = Object.entries(target.links).map(([siteValue, url]) => ({ siteValue, url }));
+        tagSlugsCsv = target.tagSlugs.join(', ');
+      } else {
+        name = '';
+        groupId = defaultGroupId;
+        iconKind = 'asset';
+        iconValue = '';
+        const firstSite = $navDataStore.bundle?.sites[0]?.value ?? '';
+        linkRows = firstSite ? [{ siteValue: firstSite, url: '' }] : [];
+        tagSlugsCsv = '';
+      }
+      error = null;
+      hydrated = true;
+    } else if (!open) {
+      hydrated = false;
     }
-    error = null;
   });
 
-  function parseLinks(): Record<string, string> {
-    try {
-      const parsed = JSON.parse(linksJson) as unknown;
-      if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
-        return Object.fromEntries(
-          Object.entries(parsed as Record<string, unknown>).map(([k, v]) => [k, String(v)])
-        );
-      }
-    } catch {
-      /* fallthrough to error */
+  const siteOptions = $derived($navDataStore.bundle?.sites ?? []);
+
+  function siteLabelFor(value: string): string {
+    return siteOptions.find((s) => s.value === value)?.name ?? value;
+  }
+
+  function addLinkRow() {
+    const taken = new Set(linkRows.map((r) => r.siteValue));
+    const next = siteOptions.find((s) => !taken.has(s.value))?.value ?? siteOptions[0]?.value ?? '';
+    linkRows = [...linkRows, { siteValue: next, url: '' }];
+  }
+
+  function removeLinkRow(i: number) {
+    linkRows = linkRows.filter((_, idx) => idx !== i);
+  }
+
+  function buildLinks(): Record<string, string> {
+    const out: Record<string, string> = {};
+    for (const row of linkRows) {
+      const url = row.url.trim();
+      if (!url || !row.siteValue) continue;
+      out[row.siteValue] = url;
     }
-    throw new Error('links must be a JSON object: { "siteValue": "url", ... }');
+    return out;
   }
 
   async function submit() {
@@ -69,7 +104,10 @@
     error = null;
     submitting = true;
     try {
-      const links = parseLinks();
+      const links = buildLinks();
+      if (Object.keys(links).length === 0) {
+        throw new Error('At least one link is required.');
+      }
       const payload: ItemPayload = {
         groupId,
         name: name.trim(),
@@ -115,22 +153,76 @@
       </select>
     </label>
     <label class="grp">
-      <span class="lbl">Icon kind</span>
+      <span class="lbl">Icon source</span>
       <select bind:value={iconKind}>
-        <option value="asset">asset (file under /navIcons/)</option>
-        <option value="url">url (full URL)</option>
-        <option value="auto-favicon">auto-favicon (host)</option>
+        <option value="asset">Pick a bundled icon</option>
+        <option value="url">Custom image URL</option>
+        <option value="auto-favicon">Auto from website (host)</option>
       </select>
     </label>
-    <Input
-      label="Icon value"
-      bind:value={iconValue}
-      placeholder="example.png / https://… / example.com"
-    />
-    <label class="grp">
-      <span class="lbl">Links (JSON: siteValue → URL)</span>
-      <textarea rows="4" bind:value={linksJson}></textarea>
-    </label>
+    {#if iconKind === 'asset'}
+      <div class="grp">
+        <span class="lbl">
+          Bundled icons {#if assetIcons.length}({assetIcons.length}){/if}
+        </span>
+        <div class="icon-picker">
+          {#each assetIcons as f (f)}
+            <button
+              type="button"
+              class="icon-cell"
+              class:selected={iconValue === f}
+              title={f}
+              onclick={() => (iconValue = f)}
+            >
+              <img src="/navIcons/{f}" alt={f} loading="lazy" />
+            </button>
+          {/each}
+        </div>
+        {#if iconValue}
+          <span class="picked">Selected: <code>{iconValue}</code></span>
+        {/if}
+      </div>
+    {:else}
+      <Input
+        label={iconKind === 'url' ? 'Image URL' : 'Website host (e.g. example.com)'}
+        bind:value={iconValue}
+        placeholder={iconKind === 'url' ? 'https://example.com/logo.png' : 'example.com'}
+      />
+    {/if}
+    <div class="grp">
+      <span class="lbl">Links per site</span>
+      <div class="links">
+        {#each linkRows as row, i (i)}
+          <div class="link-row">
+            <select bind:value={row.siteValue} aria-label="Site">
+              {#each siteOptions as s (s.value)}
+                <option value={s.value}>{siteLabelFor(s.value)}</option>
+              {/each}
+            </select>
+            <input
+              type="url"
+              placeholder="https://…"
+              bind:value={row.url}
+              aria-label="URL for {siteLabelFor(row.siteValue)}"
+            />
+            <button
+              type="button"
+              class="remove"
+              aria-label="Remove link"
+              onclick={() => removeLinkRow(i)}>×</button
+            >
+          </div>
+        {/each}
+        <button
+          type="button"
+          class="add"
+          onclick={addLinkRow}
+          disabled={linkRows.length >= siteOptions.length}
+        >
+          ＋ Add link
+        </button>
+      </div>
+    </div>
     <Input label="Tag slugs (comma-separated)" bind:value={tagSlugsCsv} placeholder="fav, tools" />
     {#if error}<p class="err">{error}</p>{/if}
   </div>
@@ -158,8 +250,7 @@
     color: var(--c-text-2);
     font-weight: var(--fw-medium);
   }
-  select,
-  textarea {
+  select {
     background: var(--c-surface);
     color: var(--c-text);
     border: 1px solid var(--c-border);
@@ -173,13 +264,132 @@
       box-shadow: 0 0 0 3px var(--c-accent-bg);
     }
   }
-  textarea {
-    font-family: var(--ft-mono);
-    font-size: var(--fs-sm);
-  }
   .err {
     margin: 0;
     color: var(--c-danger);
     font-size: var(--fs-sm);
   }
+
+  /* Bundled-icon grid: small clickable thumbnails. */
+  .icon-picker {
+    display: grid;
+    grid-template-columns: repeat(auto-fill, 56px);
+    gap: var(--sp-2);
+    max-height: 220px;
+    overflow-y: auto;
+    padding: var(--sp-2);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-md);
+    background: rgba(255, 255, 255, 0.4);
+  }
+  :global([data-theme='dark']) .icon-picker {
+    background: rgba(255, 255, 255, 0.04);
+  }
+  .icon-cell {
+    width: 56px;
+    height: 56px;
+    padding: 6px;
+    border: 2px solid transparent;
+    background: rgba(255, 255, 255, 0.65);
+    border-radius: var(--rd-md);
+    cursor: pointer;
+    transition:
+      border-color var(--tr-fast),
+      transform var(--tr-fast);
+
+    img {
+      width: 100%;
+      height: 100%;
+      object-fit: contain;
+    }
+
+    &:hover {
+      transform: translateY(-1px);
+      border-color: var(--c-accent);
+    }
+    &.selected {
+      border-color: var(--c-accent);
+      background: var(--c-accent-bg);
+    }
+  }
+  .picked {
+    font-size: var(--fs-xs);
+    color: var(--c-text-3);
+
+    code {
+      font-family: var(--ft-mono);
+      color: var(--c-text-2);
+    }
+  }
+
+  /* Per-site link rows: site picker | url input | remove */
+  .links {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-2);
+  }
+  .link-row {
+    display: grid;
+    grid-template-columns: minmax(120px, 0.4fr) 1fr auto;
+    gap: var(--sp-2);
+    align-items: stretch;
+  }
+  .link-row select,
+  .link-row input {
+    min-width: 0;
+  }
+  .link-row input[type='url'] {
+    background: var(--c-surface);
+    color: var(--c-text);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-md);
+    padding: var(--sp-2) var(--sp-3);
+    font-family: inherit;
+    font-size: var(--fs-md);
+    &:focus {
+      border-color: var(--c-accent);
+      outline: none;
+      box-shadow: 0 0 0 3px var(--c-accent-bg);
+    }
+  }
+  .remove {
+    width: 36px;
+    height: 36px;
+    border: 1px solid var(--c-border);
+    background: transparent;
+    color: var(--c-text-3);
+    border-radius: var(--rd-md);
+    font-size: var(--fs-lg);
+    line-height: 1;
+    cursor: pointer;
+    transition:
+      color var(--tr-fast),
+      border-color var(--tr-fast),
+      background var(--tr-fast);
+    &:hover {
+      color: var(--c-danger);
+      border-color: var(--c-danger);
+      background: var(--c-danger-bg);
+    }
+  }
+  .add {
+    align-self: flex-start;
+    padding: var(--sp-2) var(--sp-3);
+    background: transparent;
+    color: var(--c-accent);
+    border: 1px dashed var(--c-accent);
+    border-radius: var(--rd-md);
+    font-size: var(--fs-sm);
+    font-weight: var(--fw-medium);
+    cursor: pointer;
+    transition: background var(--tr-fast);
+    &:hover:not(:disabled) {
+      background: var(--c-accent-bg);
+    }
+    &:disabled {
+      color: var(--c-text-3);
+      border-color: var(--c-border);
+      cursor: not-allowed;
+    }
+  }
 </style>
diff --git a/web/src/lib/components/Editor/NewItemAffordance.svelte b/web/src/lib/components/Editor/NewItemAffordance.svelte
index bacf6d9..1904e4e 100644
--- a/web/src/lib/components/Editor/NewItemAffordance.svelte
+++ b/web/src/lib/components/Editor/NewItemAffordance.svelte
@@ -13,31 +13,44 @@
 
 <style lang="scss">
   .aff {
-    display: inline-flex;
+    display: flex;
     flex-direction: column;
     align-items: center;
     justify-content: center;
     gap: var(--sp-2);
-    width: 96px;
-    min-height: 96px;
-    margin: 0 auto var(--sp-7);
-    background: transparent;
-    border: 2px dashed var(--c-border);
-    border-radius: var(--rd-lg);
-    color: var(--c-text-3);
+    width: 120px;
+    height: 120px;
+    background: rgba(255, 255, 255, 0.35);
+    border: 2px dashed rgba(255, 255, 255, 0.7);
+    border-radius: 22px;
+    color: rgba(0, 0, 0, 0.5);
     cursor: pointer;
+    backdrop-filter: blur(8px);
+    -webkit-backdrop-filter: blur(8px);
     transition:
       border-color var(--tr-fast),
       color var(--tr-fast),
       background var(--tr-fast);
     &:hover {
-      border-color: var(--c-accent);
-      color: var(--c-accent);
-      background: var(--c-accent-bg);
+      border-color: #fff;
+      color: rgba(0, 0, 0, 0.85);
+      background: rgba(255, 255, 255, 0.55);
+    }
+  }
+  :global([data-theme='dark']) .aff {
+    background: rgba(20, 16, 28, 0.4);
+    border-color: rgba(255, 255, 255, 0.3);
+    color: rgba(255, 255, 255, 0.65);
+
+    &:hover {
+      border-color: rgba(255, 255, 255, 0.55);
+      color: #fff;
+      background: rgba(20, 16, 28, 0.6);
     }
   }
   .plus {
-    font-size: 28px;
+    font-size: 32px;
+    font-weight: 300;
     line-height: 1;
   }
   .lbl {
diff --git a/web/src/lib/components/Editor/SettingsDialog.svelte b/web/src/lib/components/Editor/SettingsDialog.svelte
index f70d468..9c9a791 100644
--- a/web/src/lib/components/Editor/SettingsDialog.svelte
+++ b/web/src/lib/components/Editor/SettingsDialog.svelte
@@ -1,6 +1,7 @@
 <script lang="ts">
   import Dialog from '$lib/components/ui/Dialog.svelte';
   import Button from '$lib/components/ui/Button.svelte';
+  import Input from '$lib/components/ui/Input.svelte';
   import { navDataStore } from '$lib/stores/navData';
   import { patchConfig } from '$lib/api/nav';
   import { ApiError } from '$lib/api/client';
@@ -13,13 +14,37 @@
   let { open = $bindable(false) }: Props = $props();
 
   let layoutMode = $state<'grouped' | 'flat'>('grouped');
+  let siteName = $state('');
+  let siteAvatarPath = $state('');
+  let siteCopyright = $state('');
   let saving = $state(false);
   let error = $state<string | null>(null);
 
+  // Snapshot of values when the dialog opened, so we only send changed keys.
+  let initial = $state({
+    layoutMode: 'grouped',
+    siteName: '',
+    siteAvatarPath: '',
+    siteCopyright: ''
+  });
+
+  // Hydrate inputs once per open transition. Tracking only `open` (not the
+  // navDataStore meta inside) prevents bundle refetches mid-edit from wiping
+  // the user's typed-but-not-yet-saved values.
+  let hydrated = $state(false);
   $effect(() => {
-    if (!open) return;
-    layoutMode = ($navDataStore.bundle?.meta.layoutMode ?? 'grouped') as 'grouped' | 'flat';
-    error = null;
+    if (open && !hydrated) {
+      const m = $navDataStore.bundle?.meta;
+      layoutMode = (m?.layoutMode ?? 'grouped') as 'grouped' | 'flat';
+      siteName = m?.siteName ?? '';
+      siteAvatarPath = m?.siteAvatarPath ?? '';
+      siteCopyright = m?.siteCopyright ?? '';
+      initial = { layoutMode, siteName, siteAvatarPath, siteCopyright };
+      error = null;
+      hydrated = true;
+    } else if (!open) {
+      hydrated = false;
+    }
   });
 
   async function save() {
@@ -27,8 +52,23 @@
     saving = true;
     error = null;
     try {
-      await patchConfig([{ key: 'layout_mode', value: layoutMode }]);
-      await navDataStore.refetch();
+      const changes: Array<{ key: string; value: string }> = [];
+      if (layoutMode !== initial.layoutMode) {
+        changes.push({ key: 'layout_mode', value: layoutMode });
+      }
+      if (siteName.trim() !== initial.siteName) {
+        changes.push({ key: 'site_name', value: siteName.trim() });
+      }
+      if (siteAvatarPath.trim() !== initial.siteAvatarPath) {
+        changes.push({ key: 'site_avatar_path', value: siteAvatarPath.trim() });
+      }
+      if (siteCopyright !== initial.siteCopyright) {
+        changes.push({ key: 'site_copyright', value: siteCopyright });
+      }
+      if (changes.length > 0) {
+        await patchConfig(changes);
+        await navDataStore.refetch();
+      }
       toast.success($t('common.save') + ' ✓');
       open = false;
     } catch (e) {
@@ -39,24 +79,66 @@
   }
 </script>
 
-<Dialog bind:open title="Site settings" width="sm">
+<Dialog bind:open title="Site settings" width="md">
   <div class="form">
+    <fieldset>
+      <legend>Branding</legend>
+      <Input label="Site title" bind:value={siteName} placeholder="Pico Nav" />
+      <Input
+        label="Site avatar URL or path"
+        bind:value={siteAvatarPath}
+        placeholder="/avatars/me.png or https://…"
+        helpText="Shown next to the site title in the header. Leave blank to hide."
+      />
+      <Input label="Footer copyright" bind:value={siteCopyright} placeholder="© 2026 Your Name" />
+    </fieldset>
     <fieldset>
       <legend>Layout mode</legend>
-      <label class="radio">
-        <input type="radio" name="layoutMode" value="grouped" bind:group={layoutMode} />
-        <span>
+      <div class="layout-grid">
+        <label class="layout-option" class:selected={layoutMode === 'grouped'}>
+          <input
+            type="radio"
+            name="layoutMode"
+            value="grouped"
+            bind:group={layoutMode}
+            class="sr-only"
+          />
+          <div class="mockup" aria-hidden="true">
+            <div class="hdr"></div>
+            <div class="row">
+              <span></span><span></span><span></span><span></span>
+            </div>
+            <div class="hdr"></div>
+            <div class="row">
+              <span></span><span></span><span></span>
+            </div>
+          </div>
           <strong>Grouped</strong>
-          <small>Render sections per group (Network / Media / NAS / Tools).</small>
-        </span>
-      </label>
-      <label class="radio">
-        <input type="radio" name="layoutMode" value="flat" bind:group={layoutMode} />
-        <span>
+          <small>Sections per group</small>
+        </label>
+        <label class="layout-option" class:selected={layoutMode === 'flat'}>
+          <input
+            type="radio"
+            name="layoutMode"
+            value="flat"
+            bind:group={layoutMode}
+            class="sr-only"
+          />
+          <div class="mockup" aria-hidden="true">
+            <div class="row">
+              <span></span><span></span><span></span><span></span>
+            </div>
+            <div class="row">
+              <span></span><span></span><span></span><span></span>
+            </div>
+            <div class="row">
+              <span></span><span></span>
+            </div>
+          </div>
           <strong>Flat</strong>
-          <small>Render every visible item in one grid (legacy nav-only layout).</small>
-        </span>
-      </label>
+          <small>All items in one grid</small>
+        </label>
+      </div>
     </fieldset>
     {#if error}<p class="err">{error}</p>{/if}
   </div>
@@ -73,7 +155,7 @@
     gap: var(--sp-3);
   }
   fieldset {
-    border: 1px solid var(--c-border);
+    border: 1px solid rgba(0, 0, 0, 0.14);
     border-radius: var(--rd-md);
     padding: var(--sp-3) var(--sp-4);
     margin: 0;
@@ -81,26 +163,50 @@
     flex-direction: column;
     gap: var(--sp-3);
   }
+  :global([data-theme='dark']) fieldset {
+    border-color: rgba(255, 255, 255, 0.16);
+  }
   legend {
     padding: 0 var(--sp-2);
     font-size: var(--fs-sm);
-    font-weight: var(--fw-medium);
-    color: var(--c-text-2);
+    font-weight: var(--fw-semibold);
+    color: var(--c-text);
+  }
+  .err {
+    margin: 0;
+    color: var(--c-danger);
+    font-size: var(--fs-sm);
+  }
+
+  /* Layout mode picker — two preview cards instead of small radios.
+   * Each card has a CSS-only mini mockup of the resulting layout. */
+  .layout-grid {
+    display: grid;
+    grid-template-columns: 1fr 1fr;
+    gap: var(--sp-3);
   }
-  .radio {
+  .layout-option {
     display: flex;
-    align-items: flex-start;
+    flex-direction: column;
     gap: var(--sp-2);
+    padding: var(--sp-3);
+    border: 2px solid var(--c-border);
+    border-radius: var(--rd-md);
+    background: rgba(255, 255, 255, 0.45);
     cursor: pointer;
-    input[type='radio'] {
-      margin-top: 4px;
-      accent-color: var(--c-accent);
+    transition:
+      border-color var(--tr-fast),
+      background var(--tr-fast);
+
+    &:hover {
+      border-color: var(--c-accent);
     }
-    span {
-      display: flex;
-      flex-direction: column;
-      gap: 2px;
+
+    &.selected {
+      border-color: var(--c-accent);
+      background: var(--c-accent-bg);
     }
+
     strong {
       font-size: var(--fs-md);
       color: var(--c-text);
@@ -110,9 +216,64 @@
       color: var(--c-text-3);
     }
   }
-  .err {
-    margin: 0;
-    color: var(--c-danger);
-    font-size: var(--fs-sm);
+  :global([data-theme='dark']) .layout-option {
+    background: rgba(255, 255, 255, 0.04);
+  }
+
+  /* Visually-hidden but reachable to screen readers / form submission */
+  .sr-only {
+    position: absolute;
+    width: 1px;
+    height: 1px;
+    padding: 0;
+    margin: -1px;
+    overflow: hidden;
+    clip: rect(0, 0, 0, 0);
+    white-space: nowrap;
+    border: 0;
+  }
+
+  /* Mini mockup of a nav layout. Heights / spacing tuned to fit the card. */
+  .mockup {
+    display: flex;
+    flex-direction: column;
+    gap: 6px;
+    padding: 10px;
+    height: 96px;
+    background: rgba(0, 0, 0, 0.04);
+    border-radius: 6px;
+    overflow: hidden;
+  }
+  :global([data-theme='dark']) .mockup {
+    background: rgba(255, 255, 255, 0.06);
+  }
+  .mockup .hdr {
+    width: 38%;
+    height: 6px;
+    background: rgba(0, 0, 0, 0.3);
+    border-radius: 2px;
+  }
+  :global([data-theme='dark']) .mockup .hdr {
+    background: rgba(255, 255, 255, 0.4);
+  }
+  .mockup .row {
+    display: flex;
+    gap: 4px;
+  }
+  .mockup .row span {
+    flex: 0 0 auto;
+    width: 12px;
+    height: 12px;
+    background: rgba(0, 0, 0, 0.18);
+    border-radius: 3px;
+  }
+  :global([data-theme='dark']) .mockup .row span {
+    background: rgba(255, 255, 255, 0.22);
+  }
+  .layout-option.selected .mockup .hdr {
+    background: var(--c-accent);
+  }
+  .layout-option.selected .mockup .row span {
+    background: color-mix(in srgb, var(--c-accent) 70%, transparent);
   }
 </style>
diff --git a/web/src/lib/components/Footer/index.svelte b/web/src/lib/components/Footer/index.svelte
index e7ac0cc..f6e1658 100644
--- a/web/src/lib/components/Footer/index.svelte
+++ b/web/src/lib/components/Footer/index.svelte
@@ -8,31 +8,35 @@
 </script>
 
 <footer class="footer">
-  <div class="row">
-    <span class="copyright">{meta?.siteCopyright ?? ''}</span>
-    {#if showFilings && meta?.siteIcp}
-      <span class="sep">·</span>
-      <a href={meta.siteIcp.url} target="_blank" rel="noopener">{meta.siteIcp.text}</a>
-    {/if}
-    {#if showFilings && meta?.sitePolice}
-      <span class="sep">·</span>
-      <a href={meta.sitePolice.url} target="_blank" rel="noopener">{meta.sitePolice.text}</a>
-    {/if}
+  <div class="inner">
+    <div class="row">
+      <span class="copyright">{meta?.siteCopyright ?? ''}</span>
+      {#if showFilings && meta?.siteIcp}
+        <span class="sep">·</span>
+        <a href={meta.siteIcp.url} target="_blank" rel="noopener">{meta.siteIcp.text}</a>
+      {/if}
+      {#if showFilings && meta?.sitePolice}
+        <span class="sep">·</span>
+        <a href={meta.sitePolice.url} target="_blank" rel="noopener">{meta.sitePolice.text}</a>
+      {/if}
+    </div>
   </div>
 </footer>
 
 <style lang="scss">
   .footer {
+    /* Transparent — footer copy floats over the page gradient with no
+     * separator bar, so the gradient feels continuous from top to bottom.
+     * No margin-top: main owns the surrounding padding via its own padding-block.
+     */
+    color: rgba(255, 255, 255, 0.88);
+    font-size: var(--fs-xs);
+  }
+  .inner {
+    width: 100%;
+    padding: var(--sp-5) var(--sp-4);
     display: flex;
     justify-content: center;
-    padding: var(--sp-5) var(--sp-4);
-    margin-top: var(--sp-8);
-    background: color-mix(in srgb, var(--c-surface) 75%, transparent);
-    backdrop-filter: blur(12px) saturate(140%);
-    -webkit-backdrop-filter: blur(12px) saturate(140%);
-    border-top: 1px solid color-mix(in srgb, var(--c-border) 60%, transparent);
-    color: var(--c-text-3);
-    font-size: var(--fs-xs);
   }
   .row {
     display: inline-flex;
@@ -50,7 +54,7 @@
     text-underline-offset: 3px;
 
     &:hover {
-      color: var(--c-text-2);
+      color: #fff;
     }
   }
 </style>
diff --git a/web/src/lib/components/Header/AuthControls.svelte b/web/src/lib/components/Header/AuthControls.svelte
index 8096b3f..052ad8f 100644
--- a/web/src/lib/components/Header/AuthControls.svelte
+++ b/web/src/lib/components/Header/AuthControls.svelte
@@ -20,10 +20,40 @@
 {#if $sessionStore.authed}
   <EditToggle />
   <IconButton label="Settings" onclick={() => (settingsOpen = true)}>
-    <span aria-hidden="true">⚙</span>
+    <svg
+      width="18"
+      height="18"
+      viewBox="0 0 24 24"
+      fill="none"
+      stroke="currentColor"
+      stroke-width="1.8"
+      stroke-linecap="round"
+      stroke-linejoin="round"
+      aria-hidden="true"
+    >
+      <circle cx="12" cy="12" r="3" />
+      <path
+        d="M19.4 15a1.65 1.65 0 0 0 .33 1.82l.06.06a2 2 0 1 1-2.83 2.83l-.06-.06a1.65 1.65 0 0 0-1.82-.33 1.65 1.65 0 0 0-1 1.51V21a2 2 0 1 1-4 0v-.09A1.65 1.65 0 0 0 9 19.4a1.65 1.65 0 0 0-1.82.33l-.06.06a2 2 0 1 1-2.83-2.83l.06-.06a1.65 1.65 0 0 0 .33-1.82 1.65 1.65 0 0 0-1.51-1H3a2 2 0 1 1 0-4h.09A1.65 1.65 0 0 0 4.6 9a1.65 1.65 0 0 0-.33-1.82l-.06-.06a2 2 0 1 1 2.83-2.83l.06.06a1.65 1.65 0 0 0 1.82.33H9a1.65 1.65 0 0 0 1-1.51V3a2 2 0 1 1 4 0v.09a1.65 1.65 0 0 0 1 1.51 1.65 1.65 0 0 0 1.82-.33l.06-.06a2 2 0 1 1 2.83 2.83l-.06.06a1.65 1.65 0 0 0-.33 1.82V9a1.65 1.65 0 0 0 1.51 1H21a2 2 0 1 1 0 4h-.09a1.65 1.65 0 0 0-1.51 1z"
+      />
+    </svg>
   </IconButton>
   <IconButton label="Change password" onclick={() => (pwOpen = true)}>
-    <span aria-hidden="true">🔑</span>
+    <svg
+      width="18"
+      height="18"
+      viewBox="0 0 24 24"
+      fill="none"
+      stroke="currentColor"
+      stroke-width="1.8"
+      stroke-linecap="round"
+      stroke-linejoin="round"
+      aria-hidden="true"
+    >
+      <circle cx="8" cy="15" r="4" />
+      <path d="M10.85 12.15 21 2" />
+      <path d="m18 5 3 3" />
+      <path d="m15 8 3 3" />
+    </svg>
   </IconButton>
   <Button intent="ghost" size="sm" onclick={onLogout}>{$t('header.logout')}</Button>
 {:else}
diff --git a/web/src/lib/components/Header/EditToggle.svelte b/web/src/lib/components/Header/EditToggle.svelte
index b5550d7..deb60b2 100644
--- a/web/src/lib/components/Header/EditToggle.svelte
+++ b/web/src/lib/components/Header/EditToggle.svelte
@@ -1,9 +1,59 @@
 <script lang="ts">
-  import Button from '$lib/components/ui/Button.svelte';
+  import IconButton from '$lib/components/ui/IconButton.svelte';
   import { editModeStore } from '$lib/stores/editMode';
   import { t } from '$lib/i18n/store';
 </script>
 
-<Button intent={$editModeStore ? 'primary' : 'secondary'} size="sm" onclick={editModeStore.toggle}>
-  {$editModeStore ? $t('header.editMode.exit') : $t('header.editMode.enter')}
-</Button>
+<div class="edit-toggle" class:active={$editModeStore}>
+  <IconButton
+    label={$editModeStore ? $t('header.editMode.exit') : $t('header.editMode.enter')}
+    onclick={editModeStore.toggle}
+  >
+    {#if $editModeStore}
+      <!-- Check / done icon when in edit mode (click to exit) -->
+      <svg
+        width="18"
+        height="18"
+        viewBox="0 0 24 24"
+        fill="none"
+        stroke="currentColor"
+        stroke-width="2"
+        stroke-linecap="round"
+        stroke-linejoin="round"
+        aria-hidden="true"
+      >
+        <path d="M20 6 9 17l-5-5" />
+      </svg>
+    {:else}
+      <!-- Pencil icon when not in edit mode (click to enter) -->
+      <svg
+        width="18"
+        height="18"
+        viewBox="0 0 24 24"
+        fill="none"
+        stroke="currentColor"
+        stroke-width="1.8"
+        stroke-linecap="round"
+        stroke-linejoin="round"
+        aria-hidden="true"
+      >
+        <path d="M12 20h9" />
+        <path d="M16.5 3.5a2.121 2.121 0 0 1 3 3L7 19l-4 1 1-4Z" />
+      </svg>
+    {/if}
+  </IconButton>
+</div>
+
+<style lang="scss">
+  /* When in edit mode, give the icon button an "active" amber pill so the
+   * user clearly sees the editing state without needing the text label. */
+  .edit-toggle.active :global(.icon-btn) {
+    background: rgba(245, 166, 35, 0.85);
+    color: #fff;
+
+    &:hover {
+      background: #f5a623;
+      color: #fff;
+    }
+  }
+</style>
diff --git a/web/src/lib/components/Header/LocaleToggle.svelte b/web/src/lib/components/Header/LocaleToggle.svelte
index 4f54f3e..65c287c 100644
--- a/web/src/lib/components/Header/LocaleToggle.svelte
+++ b/web/src/lib/components/Header/LocaleToggle.svelte
@@ -1,8 +1,50 @@
 <script lang="ts">
   import IconButton from '$lib/components/ui/IconButton.svelte';
-  import { localeStore, toggleLocale, t } from '$lib/i18n/store';
+  import Menu from '$lib/components/ui/Menu.svelte';
+  import { localeStore, setLocale, t, type Locale } from '$lib/i18n/store';
+
+  let open = $state(false);
+  let triggerEl: HTMLElement | undefined = $state();
+  let menuX = $state(0);
+  let menuY = $state(0);
+
+  const LOCALES: Array<{ value: Locale; label: string }> = [
+    { value: 'zh', label: '中文' },
+    { value: 'en', label: 'English' }
+  ];
+
+  function openMenu(e: MouseEvent) {
+    triggerEl = e.currentTarget as HTMLElement;
+    const r = triggerEl.getBoundingClientRect();
+    menuX = r.right - 160;
+    menuY = r.bottom + 4;
+    open = true;
+  }
+
+  const items = $derived(
+    LOCALES.map((l) => ({
+      label: l.label + ($localeStore === l.value ? '  ✓' : ''),
+      onSelect: () => setLocale(l.value)
+    }))
+  );
 </script>
 
-<IconButton label={$t('header.locale.toggle')} onclick={toggleLocale}>
-  <span aria-hidden="true">{$localeStore === 'zh' ? '语' : 'EN'}</span>
+<IconButton label={$t('header.locale.toggle')} onclick={openMenu}>
+  <svg
+    width="18"
+    height="18"
+    viewBox="0 0 24 24"
+    fill="none"
+    stroke="currentColor"
+    stroke-width="1.8"
+    stroke-linecap="round"
+    stroke-linejoin="round"
+    aria-hidden="true"
+  >
+    <circle cx="12" cy="12" r="9" />
+    <path d="M3 12h18" />
+    <path d="M12 3a13 13 0 0 1 0 18a13 13 0 0 1 0-18z" />
+  </svg>
 </IconButton>
+
+<Menu bind:open x={menuX} y={menuY} {items} />
diff --git a/web/src/lib/components/Header/SiteSelect.svelte b/web/src/lib/components/Header/SiteSelect.svelte
index 4426bb5..fdff059 100644
--- a/web/src/lib/components/Header/SiteSelect.svelte
+++ b/web/src/lib/components/Header/SiteSelect.svelte
@@ -24,7 +24,7 @@
 
   const items = $derived(
     ($navDataStore.bundle?.sites ?? []).map((s) => ({
-      label: nameFor(s),
+      label: nameFor(s) + ($currentSite.site?.value === s.value ? '  ✓' : ''),
       onSelect: () => uiPrefs.setSite(s.value)
     }))
   );
diff --git a/web/src/lib/components/Header/ThemeToggle.svelte b/web/src/lib/components/Header/ThemeToggle.svelte
index b28b115..494756e 100644
--- a/web/src/lib/components/Header/ThemeToggle.svelte
+++ b/web/src/lib/components/Header/ThemeToggle.svelte
@@ -2,10 +2,52 @@
   import IconButton from '$lib/components/ui/IconButton.svelte';
   import { themeStore, cycleTheme } from '$lib/design/theme';
   import { t } from '$lib/i18n/store';
-
-  const glyph = $derived($themeStore === 'dark' ? '☾' : $themeStore === 'light' ? '☀' : '◐');
 </script>
 
 <IconButton label={$t('header.theme.toggle')} onclick={cycleTheme}>
-  <span aria-hidden="true">{glyph}</span>
+  {#if $themeStore === 'light'}
+    <svg
+      width="18"
+      height="18"
+      viewBox="0 0 24 24"
+      fill="none"
+      stroke="currentColor"
+      stroke-width="1.8"
+      stroke-linecap="round"
+      stroke-linejoin="round"
+      aria-hidden="true"
+    >
+      <circle cx="12" cy="12" r="4" />
+      <path
+        d="M12 2v2 M12 20v2 M4.93 4.93l1.41 1.41 M17.66 17.66l1.41 1.41 M2 12h2 M20 12h2 M4.93 19.07l1.41-1.41 M17.66 6.34l1.41-1.41"
+      />
+    </svg>
+  {:else if $themeStore === 'dark'}
+    <svg
+      width="18"
+      height="18"
+      viewBox="0 0 24 24"
+      fill="currentColor"
+      stroke="none"
+      aria-hidden="true"
+    >
+      <path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z" />
+    </svg>
+  {:else}
+    <svg
+      width="18"
+      height="18"
+      viewBox="0 0 24 24"
+      fill="none"
+      stroke="currentColor"
+      stroke-width="1.8"
+      stroke-linecap="round"
+      stroke-linejoin="round"
+      aria-hidden="true"
+    >
+      <circle cx="12" cy="12" r="9" />
+      <path d="M12 3v18" />
+      <path d="M12 3a9 9 0 0 0 0 18z" fill="currentColor" />
+    </svg>
+  {/if}
 </IconButton>
diff --git a/web/src/lib/components/Header/index.svelte b/web/src/lib/components/Header/index.svelte
index 18f559a..e094463 100644
--- a/web/src/lib/components/Header/index.svelte
+++ b/web/src/lib/components/Header/index.svelte
@@ -9,18 +9,20 @@
 </script>
 
 <header class="header">
-  <div class="left">
-    <Brand />
-  </div>
-  <div class="center">
-    <SearchBar />
-    <TagFilterChips />
-  </div>
-  <div class="right">
-    <SiteSelect />
-    <ThemeToggle />
-    <LocaleToggle />
-    <AuthControls />
+  <div class="inner">
+    <div class="left">
+      <Brand />
+    </div>
+    <div class="center">
+      <SearchBar />
+      <TagFilterChips />
+    </div>
+    <div class="right">
+      <SiteSelect />
+      <ThemeToggle />
+      <LocaleToggle />
+      <AuthControls />
+    </div>
   </div>
 </header>
 
@@ -29,15 +31,19 @@
     position: sticky;
     top: 0;
     z-index: 50;
+    /* Fully transparent. We deliberately do NOT use backdrop-filter here —
+     * besides looking cleaner, backdrop-filter on this element would make it
+     * a stacking context, which contains the children's `position: fixed`
+     * (LoginDialog / SettingsDialog / etc.) and makes them clip to the
+     * header's box instead of the viewport. */
+  }
+  .inner {
+    width: 100%;
     display: grid;
     grid-template-columns: 1fr auto 1fr;
     align-items: center;
     gap: var(--sp-3);
-    padding: var(--sp-3) var(--sp-4);
-    background: color-mix(in srgb, var(--c-surface) 75%, transparent);
-    backdrop-filter: blur(12px) saturate(140%);
-    -webkit-backdrop-filter: blur(12px) saturate(140%);
-    border-bottom: 1px solid color-mix(in srgb, var(--c-border) 60%, transparent);
+    padding: var(--sp-3) var(--sp-5);
   }
 
   .left {
@@ -62,8 +68,93 @@
     min-width: 320px;
   }
 
+  /* Header-scoped overrides — make all inner controls "glass over gradient":
+   * white text with shadow, translucent surfaces, subtle borders. We deliberately
+   * do NOT touch the global Input/Button/IconButton primitives so Dialogs (Login,
+   * Editor, Settings) keep their solid surface look.
+   */
+  .header :global(.brand),
+  .header :global(.brand:hover) {
+    color: var(--c-card-label);
+  }
+
+  /* Search: a clear glass pill that reads on the gradient on its own.
+   * Higher contrast than the brand/controls because users need to see
+   * the focus target. Pill (rounded) form, soft drop shadow, white text.
+   */
+  .header :global(.search .control) {
+    background: rgba(255, 255, 255, 0.32);
+    border-color: rgba(255, 255, 255, 0.5);
+    border-radius: var(--rd-pill);
+    box-shadow: 0 4px 14px rgba(35, 25, 60, 0.18);
+    backdrop-filter: blur(10px);
+    -webkit-backdrop-filter: blur(10px);
+
+    &:focus-within {
+      background: rgba(255, 255, 255, 0.5);
+      border-color: rgba(255, 255, 255, 0.85);
+      box-shadow:
+        0 4px 14px rgba(35, 25, 60, 0.22),
+        0 0 0 4px rgba(255, 255, 255, 0.18);
+    }
+  }
+  .header :global(.search .control input) {
+    color: #1a1a18;
+    padding: 0 var(--sp-4);
+    height: 38px;
+    font-weight: var(--fw-medium);
+
+    &::placeholder {
+      color: rgba(26, 26, 24, 0.55);
+      font-weight: var(--fw-regular);
+    }
+  }
+  :global([data-theme='dark']) .header :global(.search .control) {
+    background: rgba(20, 16, 28, 0.55);
+    border-color: rgba(255, 255, 255, 0.22);
+  }
+  :global([data-theme='dark']) .header :global(.search .control input) {
+    color: var(--c-text);
+
+    &::placeholder {
+      color: rgba(245, 245, 243, 0.55);
+    }
+  }
+  .header :global(.search .control .leading) {
+    color: rgba(26, 26, 24, 0.6);
+  }
+
+  /* SiteSelect trigger pill */
+  .header :global(.trigger) {
+    background: rgba(255, 255, 255, 0.2);
+    color: var(--c-card-label);
+    backdrop-filter: blur(6px);
+
+    &:hover {
+      background: rgba(255, 255, 255, 0.3);
+      filter: none;
+    }
+  }
+
+  /* IconButton + ghost Button — theme/locale/auth controls */
+  .header :global(.icon-btn) {
+    color: var(--c-card-label);
+
+    &:hover:not(:disabled) {
+      color: var(--c-card-label);
+      background: rgba(255, 255, 255, 0.18);
+    }
+  }
+  .header :global(.btn.intent-ghost) {
+    color: var(--c-card-label);
+
+    &:hover:not(:disabled) {
+      background: rgba(255, 255, 255, 0.18);
+    }
+  }
+
   @media (max-width: 720px) {
-    .header {
+    .inner {
       grid-template-columns: 1fr auto;
       grid-template-rows: auto auto;
     }
diff --git a/web/src/lib/components/Nav/EmptyState.svelte b/web/src/lib/components/Nav/EmptyState.svelte
index 8d86982..5add21b 100644
--- a/web/src/lib/components/Nav/EmptyState.svelte
+++ b/web/src/lib/components/Nav/EmptyState.svelte
@@ -18,16 +18,17 @@
     align-items: center;
     gap: var(--sp-2);
     padding: var(--sp-7) 0;
-    color: var(--c-text-3);
+    color: var(--c-section-heading);
     text-align: center;
   }
   .title {
     margin: 0;
     font-size: var(--fs-lg);
-    color: var(--c-text-2);
+    color: var(--c-card-label);
   }
   .hint {
     margin: 0;
     font-size: var(--fs-sm);
+    opacity: 0.85;
   }
 </style>
diff --git a/web/src/lib/components/Nav/FavoritesSection.svelte b/web/src/lib/components/Nav/FavoritesSection.svelte
index 3dca76d..03cf511 100644
--- a/web/src/lib/components/Nav/FavoritesSection.svelte
+++ b/web/src/lib/components/Nav/FavoritesSection.svelte
@@ -25,7 +25,7 @@
     margin: 0 0 var(--sp-4);
     font-size: var(--fs-md);
     font-weight: var(--fw-semibold);
-    color: var(--c-text-2);
+    color: var(--c-section-heading);
     letter-spacing: 0.05em;
     text-transform: uppercase;
   }
diff --git a/web/src/lib/components/Nav/GroupFolder.svelte b/web/src/lib/components/Nav/GroupFolder.svelte
new file mode 100644
index 0000000..6ab17ec
--- /dev/null
+++ b/web/src/lib/components/Nav/GroupFolder.svelte
@@ -0,0 +1,131 @@
+<script lang="ts">
+  import type { Group, Item } from '$lib/types/nav';
+  import { localeStore } from '$lib/i18n/store';
+
+  interface Props {
+    group: Group;
+    items: Item[];
+    onOpen: () => void;
+  }
+  let { group, items, onOpen }: Props = $props();
+
+  const previews = $derived(items.slice(0, 4));
+  const SLOTS = [0, 1, 2, 3];
+  const displayName = $derived(group.nameI18n?.[$localeStore] ?? group.name);
+
+  function iconSrc(item: Item): string {
+    switch (item.iconKind) {
+      case 'asset':
+        return `/navIcons/${item.iconValue}`;
+      case 'url':
+        return item.iconValue;
+      case 'auto-favicon':
+        return `/api/favicon?host=${encodeURIComponent(item.iconValue)}`;
+    }
+  }
+</script>
+
+<div class="cell">
+  <button class="folder" type="button" onclick={onOpen} aria-label={displayName}>
+    <div class="thumbs">
+      {#each SLOTS as i (i)}
+        {#if previews[i]}
+          <img class="thumb" src={iconSrc(previews[i])} alt="" loading="lazy" />
+        {:else}
+          <span class="thumb empty" aria-hidden="true"></span>
+        {/if}
+      {/each}
+    </div>
+  </button>
+  <span class="label">{displayName}</span>
+</div>
+
+<style lang="scss">
+  .cell {
+    position: relative;
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: var(--sp-3);
+    width: 120px;
+  }
+  .folder {
+    width: 120px;
+    height: 120px;
+    padding: 12px;
+    background: rgba(255, 255, 255, 0.35);
+    border: 0;
+    border-radius: 22px;
+    box-shadow: var(--sh-card);
+    cursor: pointer;
+    backdrop-filter: blur(10px);
+    -webkit-backdrop-filter: blur(10px);
+    transition:
+      box-shadow var(--tr-base),
+      transform var(--tr-fast);
+
+    &:hover {
+      box-shadow: var(--sh-card-hover);
+      transform: translateY(-2px);
+    }
+  }
+  :global([data-theme='dark']) .folder {
+    background: rgba(255, 255, 255, 0.08);
+  }
+  .thumbs {
+    display: grid;
+    grid-template-columns: 1fr 1fr;
+    grid-template-rows: 1fr 1fr;
+    gap: 6px;
+    width: 100%;
+    height: 100%;
+  }
+  .thumb {
+    width: 100%;
+    height: 100%;
+    object-fit: contain;
+    background: rgba(255, 255, 255, 0.7);
+    border-radius: 8px;
+    padding: 3px;
+    box-sizing: border-box;
+  }
+  :global([data-theme='dark']) .thumb {
+    background: rgba(255, 255, 255, 0.18);
+  }
+  .thumb.empty {
+    background: rgba(255, 255, 255, 0.25);
+  }
+  .label {
+    font-size: 14px;
+    font-weight: 700;
+    letter-spacing: 0.1em;
+    color: var(--c-card-label);
+    text-shadow: var(--sh-card-label);
+    text-align: center;
+    line-height: var(--lh-tight);
+    word-break: break-word;
+  }
+
+  @media (max-width: 500px) {
+    .cell {
+      width: 72px;
+      gap: var(--sp-2);
+    }
+    .folder {
+      width: 72px;
+      height: 72px;
+      padding: 8px;
+      border-radius: 16px;
+    }
+    .thumbs {
+      gap: 3px;
+    }
+    .thumb {
+      border-radius: 5px;
+      padding: 1px;
+    }
+    .label {
+      font-size: var(--fs-xs);
+    }
+  }
+</style>
diff --git a/web/src/lib/components/Nav/GroupFolderModal.svelte b/web/src/lib/components/Nav/GroupFolderModal.svelte
new file mode 100644
index 0000000..4892d45
--- /dev/null
+++ b/web/src/lib/components/Nav/GroupFolderModal.svelte
@@ -0,0 +1,123 @@
+<script lang="ts">
+  import type { Group, Item } from '$lib/types/nav';
+  import { localeStore } from '$lib/i18n/store';
+  import NavGrid from './NavGrid.svelte';
+  import NewItemAffordance from '$lib/components/Editor/NewItemAffordance.svelte';
+  import { editModeStore } from '$lib/stores/editMode';
+
+  interface Props {
+    group: Group;
+    items: Item[];
+    onClose: () => void;
+    onEdit?: (item: Item) => void;
+    onCreate?: () => void;
+  }
+  let { group, items, onClose, onEdit, onCreate }: Props = $props();
+
+  const displayName = $derived(group.nameI18n?.[$localeStore] ?? group.name);
+
+  function onKey(e: KeyboardEvent) {
+    if (e.key === 'Escape') {
+      e.preventDefault();
+      onClose();
+    }
+  }
+
+  function onBackdrop(e: MouseEvent) {
+    if (e.target === e.currentTarget) onClose();
+  }
+</script>
+
+<svelte:window onkeydown={onKey} />
+
+<!-- svelte-ignore a11y_click_events_have_key_events -->
+<div
+  class="folder-backdrop"
+  role="dialog"
+  aria-modal="true"
+  aria-label={displayName}
+  tabindex="-1"
+  onclick={onBackdrop}
+>
+  <div class="panel">
+    <header class="head">
+      <h2 class="title">{displayName}</h2>
+      <button class="close" type="button" aria-label="Close" onclick={onClose}>×</button>
+    </header>
+    <div class="body">
+      <NavGrid {items} groupId={group.id} {onEdit}>
+        {#snippet trailing()}
+          {#if $editModeStore && onCreate}
+            <NewItemAffordance onClick={onCreate} />
+          {/if}
+        {/snippet}
+      </NavGrid>
+    </div>
+  </div>
+</div>
+
+<style lang="scss">
+  .folder-backdrop {
+    position: fixed;
+    inset: 0;
+    z-index: 900;
+    background: rgba(20, 16, 28, 0.4);
+    backdrop-filter: blur(16px) saturate(140%);
+    -webkit-backdrop-filter: blur(16px) saturate(140%);
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    padding: var(--sp-7) var(--sp-5);
+    animation: fade-in 200ms ease-out;
+  }
+  @keyframes fade-in {
+    from {
+      opacity: 0;
+    }
+    to {
+      opacity: 1;
+    }
+  }
+  .panel {
+    width: 100%;
+    max-width: 1024px;
+    max-height: calc(100vh - var(--sp-7) * 2);
+    display: flex;
+    flex-direction: column;
+  }
+  .head {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    margin-bottom: var(--sp-6);
+    padding: 0 var(--sp-3);
+  }
+  .title {
+    margin: 0;
+    font-size: 24px;
+    font-weight: var(--fw-semibold);
+    letter-spacing: 0.05em;
+    color: var(--c-card-label);
+    text-shadow: var(--sh-card-label);
+  }
+  .close {
+    width: 36px;
+    height: 36px;
+    border: 0;
+    background: rgba(255, 255, 255, 0.16);
+    color: var(--c-card-label);
+    border-radius: var(--rd-pill);
+    font-size: 20px;
+    line-height: 1;
+    cursor: pointer;
+    transition: background var(--tr-fast);
+
+    &:hover {
+      background: rgba(255, 255, 255, 0.3);
+    }
+  }
+  .body {
+    overflow-y: auto;
+    padding: var(--sp-3);
+  }
+</style>
diff --git a/web/src/lib/components/Nav/GroupHeader.svelte b/web/src/lib/components/Nav/GroupHeader.svelte
index 45f1abf..1909d3b 100644
--- a/web/src/lib/components/Nav/GroupHeader.svelte
+++ b/web/src/lib/components/Nav/GroupHeader.svelte
@@ -31,19 +31,19 @@
     background: transparent;
     border: 0;
     cursor: pointer;
-    color: var(--c-text);
+    color: var(--c-section-heading);
     font-size: var(--fs-md);
     font-weight: var(--fw-semibold);
     border-radius: var(--rd-md);
 
     &:hover {
-      background: var(--c-surface-2);
+      background: rgba(255, 255, 255, 0.12);
     }
   }
   .chev {
     display: inline-block;
     transition: transform var(--tr-fast);
-    color: var(--c-text-3);
+    color: var(--c-section-heading);
 
     &.open {
       transform: rotate(90deg);
diff --git a/web/src/lib/components/Nav/GroupSection.svelte b/web/src/lib/components/Nav/GroupSection.svelte
index b96032e..d5a1d73 100644
--- a/web/src/lib/components/Nav/GroupSection.svelte
+++ b/web/src/lib/components/Nav/GroupSection.svelte
@@ -2,14 +2,17 @@
   import type { VisibleGroup } from '$lib/stores/visible';
   import type { Item } from '$lib/types/nav';
   import { uiPrefs } from '$lib/stores/uiPrefs';
+  import { editModeStore } from '$lib/stores/editMode';
   import GroupHeader from './GroupHeader.svelte';
   import NavGrid from './NavGrid.svelte';
+  import NewItemAffordance from '$lib/components/Editor/NewItemAffordance.svelte';
 
   interface Props {
     section: VisibleGroup;
     onEdit?: (item: Item) => void;
+    onCreate?: () => void;
   }
-  let { section, onEdit }: Props = $props();
+  let { section, onEdit, onCreate }: Props = $props();
 
   const isOpen = $derived(section.group ? $uiPrefs.groupOpen[section.group.slug] !== false : true);
 </script>
@@ -19,7 +22,13 @@
     <GroupHeader group={section.group} />
   {/if}
   {#if isOpen}
-    <NavGrid items={section.items} groupId={section.group?.id ?? null} {onEdit} />
+    <NavGrid items={section.items} groupId={section.group?.id ?? null} {onEdit}>
+      {#snippet trailing()}
+        {#if $editModeStore && onCreate}
+          <NewItemAffordance onClick={onCreate} />
+        {/if}
+      {/snippet}
+    </NavGrid>
   {/if}
 </section>
 
diff --git a/web/src/lib/components/Nav/NavGrid.svelte b/web/src/lib/components/Nav/NavGrid.svelte
index 6194937..4033147 100644
--- a/web/src/lib/components/Nav/NavGrid.svelte
+++ b/web/src/lib/components/Nav/NavGrid.svelte
@@ -13,8 +13,11 @@
     onEdit?: (item: Item) => void;
     /** Group id this grid belongs to. null = ungrouped / favorites / flat. */
     groupId?: number | null;
+    /** Optional snippet rendered as the last grid cell (e.g. "+ new item"
+     * affordance). Sits outside the dndzone so it isn't draggable. */
+    trailing?: import('svelte').Snippet;
   }
-  let { items, onEdit, groupId = null }: Props = $props();
+  let { items, onEdit, groupId = null, trailing }: Props = $props();
 
   // Local mirror so dndzone can mutate during drag.
   let working: Item[] = $state(items);
@@ -64,32 +67,47 @@
   }
 </script>
 
-<div
-  class="grid"
-  use:dndzone={{
-    items: working,
-    dragDisabled,
-    flipDurationMs: 180,
-    dropTargetStyle: {}
-  }}
-  onconsider={onConsider}
-  onfinalize={onFinalize}
->
-  {#each working as item (item.id)}
-    <NavItem {item} {onEdit} />
-  {/each}
+<div class="grid">
+  <div
+    class="cells"
+    use:dndzone={{
+      items: working,
+      dragDisabled,
+      flipDurationMs: 180,
+      dropTargetStyle: {}
+    }}
+    onconsider={onConsider}
+    onfinalize={onFinalize}
+  >
+    {#each working as item (item.id)}
+      <NavItem {item} {onEdit} />
+    {/each}
+  </div>
+  {#if trailing}{@render trailing()}{/if}
 </div>
 
 <style lang="scss">
   .grid {
     display: grid;
-    grid-template-columns: repeat(auto-fill, 96px);
-    gap: var(--sp-5) var(--sp-4);
+    grid-template-columns: repeat(auto-fill, 120px);
+    gap: 36px 28px;
     justify-content: center;
     width: 100%;
   }
+  /* `display: contents` makes .cells a transparent dndzone wrapper so its
+   * children (NavItem cells) participate directly in the outer .grid layout,
+   * which lets the trailing snippet sit on the same row as the last NavItem. */
+  .cells {
+    display: contents;
+  }
+  @media (max-width: 500px) {
+    .grid {
+      grid-template-columns: repeat(auto-fill, 72px);
+      gap: 24px 16px;
+    }
+  }
   /* dnd-action ghost & dropping styles */
-  :global(.grid > [data-is-dnd-shadow-item]) {
+  :global(.cells > [data-is-dnd-shadow-item]) {
     visibility: visible;
     opacity: 0.5;
     pointer-events: none;
diff --git a/web/src/lib/components/Nav/NavItem.svelte b/web/src/lib/components/Nav/NavItem.svelte
index de8fea6..8616008 100644
--- a/web/src/lib/components/Nav/NavItem.svelte
+++ b/web/src/lib/components/Nav/NavItem.svelte
@@ -1,7 +1,7 @@
 <script lang="ts">
   import type { Item } from '$lib/types/nav';
   import { uiPrefs } from '$lib/stores/uiPrefs';
-  import { currentSite } from '$lib/stores/visible';
+  import { currentSite, layoutMode } from '$lib/stores/visible';
   import { localeStore, t } from '$lib/i18n/store';
   import { editModeStore } from '$lib/stores/editMode';
   import NavItemContextMenu from '$lib/components/Editor/NavItemContextMenu.svelte';
@@ -92,14 +92,39 @@
   >
     <img class="icon" src={iconSrc()} alt="" loading="lazy" />
   </button>
-  {#if !$editModeStore}
+  {#if !$editModeStore && $layoutMode !== 'flat'}
     <button
       type="button"
       class="fav"
       aria-label={isFav ? 'Unfavorite' : 'Favorite'}
       aria-pressed={isFav}
-      onclick={onFavClick}>★</button
+      onclick={onFavClick}
     >
+      {#if isFav}
+        <!-- Filled star -->
+        <svg width="18" height="18" viewBox="0 0 24 24" fill="currentColor" aria-hidden="true">
+          <path
+            d="M12 17.27 18.18 21l-1.64-7.03L22 9.24l-7.19-.61L12 2 9.19 8.63 2 9.24l5.46 4.73L5.82 21z"
+          />
+        </svg>
+      {:else}
+        <!-- Outline star -->
+        <svg
+          width="18"
+          height="18"
+          viewBox="0 0 24 24"
+          fill="none"
+          stroke="currentColor"
+          stroke-width="1.8"
+          stroke-linejoin="round"
+          aria-hidden="true"
+        >
+          <path
+            d="M12 17.27 18.18 21l-1.64-7.03L22 9.24l-7.19-.61L12 2 9.19 8.63 2 9.24l5.46 4.73L5.82 21z"
+          />
+        </svg>
+      {/if}
+    </button>
   {/if}
   <span class="label">{displayName}</span>
 </div>
@@ -113,32 +138,49 @@
 />
 
 <style lang="scss">
+  @keyframes shake-bounce {
+    0%,
+    100% {
+      transform: rotate(0);
+    }
+    25% {
+      transform: rotate(10deg);
+    }
+    50% {
+      transform: rotate(-10deg);
+    }
+    75% {
+      transform: rotate(4deg);
+    }
+    85% {
+      transform: rotate(-4deg);
+    }
+  }
+
   .cell {
     position: relative;
     display: flex;
     flex-direction: column;
     align-items: center;
-    gap: var(--sp-2);
-    width: 96px;
+    gap: var(--sp-3);
+    width: 120px;
   }
   .card {
-    width: 96px;
-    height: 96px;
-    padding: var(--sp-3);
+    width: 120px;
+    height: 120px;
+    padding: 14px;
     background: var(--c-surface);
-    border: 1px solid var(--c-border);
-    border-radius: var(--rd-lg);
-    box-shadow: var(--sh-sm);
+    border: 0;
+    border-radius: 22px;
+    box-shadow: var(--sh-card);
     cursor: pointer;
     transition:
-      transform var(--tr-base),
       box-shadow var(--tr-base),
-      border-color var(--tr-fast);
+      transform var(--tr-base);
 
     &:hover:not(:disabled) {
-      transform: translateY(-2px);
-      box-shadow: var(--sh-md);
-      border-color: var(--c-accent);
+      box-shadow: var(--sh-card-hover);
+      animation: shake-bounce 0.55s ease-in-out;
     }
 
     &.edit {
@@ -154,42 +196,78 @@
       width: 100%;
       height: 100%;
       object-fit: contain;
-      border-radius: var(--rd-sm);
+      border-radius: 12px;
     }
   }
+  /* Favorite star — hidden by default; appears on cell hover OR keyboard focus.
+   * No background chip, no scale: just an outline/filled SVG star whose color
+   * tells the state. Already-favorited stays visible while hovering anywhere
+   * else by virtue of its color (handled by the {#if isFav} branch in markup
+   * picking the filled glyph). */
   .fav {
     position: absolute;
-    top: 2px;
-    right: 2px;
-    width: 22px;
-    height: 22px;
+    top: 4px;
+    right: 4px;
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    width: 24px;
+    height: 24px;
+    padding: 0;
     background: transparent;
     border: 0;
-    color: var(--c-text-3);
-    font-size: 14px;
-    line-height: 1;
     cursor: pointer;
-    border-radius: var(--rd-pill);
+    color: rgba(0, 0, 0, 0.5);
     opacity: 0;
+    pointer-events: none;
     transition:
       opacity var(--tr-fast),
       color var(--tr-fast);
 
     &[aria-pressed='true'] {
-      color: var(--c-warn);
-      opacity: 1;
+      color: #f5a623;
     }
   }
   .cell:hover .fav,
   .fav:focus-visible {
     opacity: 1;
+    pointer-events: auto;
+  }
+  .fav:hover:not([aria-pressed='true']) {
+    color: rgba(0, 0, 0, 0.8);
+  }
+  .fav[aria-pressed='true']:hover {
+    color: #d68410;
   }
 
   .label {
-    font-size: var(--fs-sm);
-    color: var(--c-text);
+    font-size: 14px;
+    font-weight: 700;
+    letter-spacing: 0.1em;
+    color: var(--c-card-label);
+    text-shadow: var(--sh-card-label);
     text-align: center;
     line-height: var(--lh-tight);
     word-break: break-word;
   }
+
+  @media (max-width: 500px) {
+    .cell {
+      width: 72px;
+      gap: var(--sp-2);
+    }
+    .card {
+      width: 72px;
+      height: 72px;
+      padding: 10px;
+      border-radius: 16px;
+
+      .icon {
+        border-radius: 8px;
+      }
+    }
+    .label {
+      font-size: var(--fs-xs);
+    }
+  }
 </style>
diff --git a/web/src/lib/components/ui/Dialog.svelte b/web/src/lib/components/ui/Dialog.svelte
index 018efc9..cacb9b6 100644
--- a/web/src/lib/components/ui/Dialog.svelte
+++ b/web/src/lib/components/ui/Dialog.svelte
@@ -94,8 +94,9 @@
   .backdrop {
     position: fixed;
     inset: 0;
-    background: rgba(0, 0, 0, 0.5);
-    backdrop-filter: blur(2px);
+    background: rgba(20, 16, 28, 0.35);
+    backdrop-filter: blur(8px) saturate(120%);
+    -webkit-backdrop-filter: blur(8px) saturate(120%);
     z-index: 1000;
     display: flex;
     align-items: center;
@@ -103,21 +104,34 @@
     padding: var(--sp-4);
   }
 
+  /* Frosted glass dialog — matches header / search / menu aesthetic so
+   * modals don't slap a hard white card onto the gradient. */
   .dialog {
-    background: var(--c-surface);
+    background: rgba(255, 255, 255, 0.86);
     color: var(--c-text);
-    border: 1px solid var(--c-border);
-    border-radius: var(--rd-lg);
-    box-shadow: var(--sh-lg);
+    border: 1px solid rgba(255, 255, 255, 0.6);
+    border-radius: 18px;
+    box-shadow:
+      0 24px 60px rgba(35, 25, 60, 0.28),
+      0 4px 12px rgba(35, 25, 60, 0.12);
+    backdrop-filter: blur(20px) saturate(150%);
+    -webkit-backdrop-filter: blur(20px) saturate(150%);
     width: 100%;
     max-height: calc(100vh - var(--sp-8));
     overflow: hidden;
     display: flex;
     flex-direction: column;
   }
+  :global([data-theme='dark']) .dialog {
+    background: rgba(20, 16, 28, 0.85);
+    border-color: rgba(255, 255, 255, 0.12);
+    box-shadow:
+      0 24px 60px rgba(0, 0, 0, 0.6),
+      0 4px 12px rgba(0, 0, 0, 0.4);
+  }
 
   .width-sm {
-    max-width: 360px;
+    max-width: 380px;
   }
   .width-md {
     max-width: 520px;
@@ -128,7 +142,10 @@
 
   .header {
     padding: var(--sp-5) var(--sp-5) var(--sp-3);
-    border-bottom: 1px solid var(--c-border);
+    border-bottom: 1px solid rgba(0, 0, 0, 0.08);
+  }
+  :global([data-theme='dark']) .header {
+    border-bottom-color: rgba(255, 255, 255, 0.08);
   }
 
   .title {
@@ -150,10 +167,34 @@
 
   .footer {
     padding: var(--sp-3) var(--sp-5);
-    border-top: 1px solid var(--c-border);
+    border-top: 1px solid rgba(0, 0, 0, 0.08);
     display: flex;
     justify-content: flex-end;
     gap: var(--sp-2);
-    background: var(--c-surface-2);
+    background: rgba(255, 255, 255, 0.4);
+  }
+  :global([data-theme='dark']) .footer {
+    border-top-color: rgba(255, 255, 255, 0.08);
+    background: rgba(255, 255, 255, 0.04);
+  }
+
+  /* Give ghost buttons (typically the Cancel) a visible border + soft fill so
+   * they don't disappear into the footer's glass background. Scoped to the
+   * dialog footer so other usages of ghost buttons stay flat. */
+  .footer :global(.btn.intent-ghost) {
+    background: rgba(0, 0, 0, 0.04);
+    border-color: rgba(0, 0, 0, 0.14);
+
+    &:hover:not(:disabled) {
+      background: rgba(0, 0, 0, 0.08);
+    }
+  }
+  :global([data-theme='dark']) .footer :global(.btn.intent-ghost) {
+    background: rgba(255, 255, 255, 0.06);
+    border-color: rgba(255, 255, 255, 0.18);
+
+    &:hover:not(:disabled) {
+      background: rgba(255, 255, 255, 0.12);
+    }
   }
 </style>
diff --git a/web/src/lib/components/ui/Menu.svelte b/web/src/lib/components/ui/Menu.svelte
index 3ebfe72..3d2da65 100644
--- a/web/src/lib/components/ui/Menu.svelte
+++ b/web/src/lib/components/ui/Menu.svelte
@@ -88,17 +88,30 @@
 {/if}
 
 <style lang="scss">
+  /* Frosted glass dropdown — matches SearchBar / cards aesthetic so the menu
+   * doesn't feel like a hard white panel pasted onto the gradient. */
   .menu {
     position: fixed;
-    background: var(--c-surface);
-    border: 1px solid var(--c-border);
-    border-radius: var(--rd-md);
-    box-shadow: var(--sh-md);
-    padding: var(--sp-1);
+    background: rgba(255, 255, 255, 0.75);
+    border: 1px solid rgba(255, 255, 255, 0.6);
+    border-radius: var(--rd-lg);
+    box-shadow:
+      0 10px 30px rgba(35, 25, 60, 0.18),
+      0 2px 6px rgba(35, 25, 60, 0.1);
+    backdrop-filter: blur(14px) saturate(150%);
+    -webkit-backdrop-filter: blur(14px) saturate(150%);
+    padding: var(--sp-2);
     min-width: 180px;
     z-index: 1200;
     outline: none;
   }
+  :global([data-theme='dark']) .menu {
+    background: rgba(20, 16, 28, 0.78);
+    border-color: rgba(255, 255, 255, 0.12);
+    box-shadow:
+      0 10px 30px rgba(0, 0, 0, 0.55),
+      0 2px 6px rgba(0, 0, 0, 0.4);
+  }
 
   .item {
     display: block;
@@ -106,11 +119,15 @@
     text-align: left;
     padding: var(--sp-2) var(--sp-3);
     border: 0;
-    border-radius: var(--rd-sm);
+    border-radius: var(--rd-md);
     background: transparent;
     color: var(--c-text);
     font-size: var(--fs-sm);
+    font-weight: var(--fw-medium);
     cursor: pointer;
+    transition:
+      background var(--tr-fast),
+      color var(--tr-fast);
 
     &:disabled {
       color: var(--c-text-3);
@@ -118,13 +135,16 @@
     }
 
     &.focused:not(:disabled) {
-      background: var(--c-accent-bg);
-      color: var(--c-accent);
+      background: rgba(0, 0, 0, 0.07);
+      color: var(--c-text);
     }
 
     &.intent-danger:not(:disabled).focused {
-      background: var(--c-danger-bg);
+      background: rgba(185, 28, 28, 0.12);
       color: var(--c-danger);
     }
   }
+  :global([data-theme='dark']) .item.focused:not(:disabled) {
+    background: rgba(255, 255, 255, 0.1);
+  }
 </style>
diff --git a/web/src/lib/components/ui/Toast.svelte b/web/src/lib/components/ui/Toast.svelte
index 4f35006..208e3f5 100644
--- a/web/src/lib/components/ui/Toast.svelte
+++ b/web/src/lib/components/ui/Toast.svelte
@@ -17,19 +17,32 @@
 </div>
 
 <style lang="scss">
+  /* Frosted glass toast — same family as Header / Menu / Dialog so it doesn't
+   * slap a flat white card on top of the gradient. */
   .toast {
     display: flex;
     align-items: center;
     gap: var(--sp-3);
     padding: var(--sp-3) var(--sp-3) var(--sp-3) var(--sp-4);
-    background: var(--c-surface);
+    background: rgba(255, 255, 255, 0.78);
     color: var(--c-text);
-    border: 1px solid var(--c-border);
-    border-radius: var(--rd-md);
-    box-shadow: var(--sh-md);
+    border: 1px solid rgba(255, 255, 255, 0.6);
+    border-radius: var(--rd-lg);
+    box-shadow:
+      0 10px 30px rgba(35, 25, 60, 0.2),
+      0 2px 6px rgba(35, 25, 60, 0.1);
+    backdrop-filter: blur(14px) saturate(150%);
+    -webkit-backdrop-filter: blur(14px) saturate(150%);
     min-width: 280px;
     max-width: 420px;
   }
+  :global([data-theme='dark']) .toast {
+    background: rgba(20, 16, 28, 0.78);
+    border-color: rgba(255, 255, 255, 0.12);
+    box-shadow:
+      0 10px 30px rgba(0, 0, 0, 0.55),
+      0 2px 6px rgba(0, 0, 0, 0.4);
+  }
 
   .intent-success {
     border-left: 3px solid var(--c-success);
@@ -62,8 +75,11 @@
     border-radius: var(--rd-sm);
 
     &:hover {
-      background: var(--c-surface-2);
+      background: rgba(0, 0, 0, 0.07);
       color: var(--c-text);
     }
   }
+  :global([data-theme='dark']) .x:hover {
+    background: rgba(255, 255, 255, 0.1);
+  }
 </style>
diff --git a/web/src/lib/design/tokens.scss b/web/src/lib/design/tokens.scss
index d074ee2..2d28309 100644
--- a/web/src/lib/design/tokens.scss
+++ b/web/src/lib/design/tokens.scss
@@ -56,6 +56,17 @@
   --sh-md: 0 4px 12px rgba(0, 0, 0, 0.06);
   --sh-lg: 0 12px 32px rgba(0, 0, 0, 0.08);
 
+  /* Card — bigger, more dimensional than --sh-* primitives. Used by NavItem. */
+  --sh-card: 0 0 22px rgba(35, 25, 60, 0.35);
+  --sh-card-hover: 0 0 28px rgba(35, 25, 60, 0.45);
+
+  /* Card label color — sits over the vibrant gradient, so white + shadow. */
+  --c-card-label: #ffffff;
+  --sh-card-label: 0 0 10px rgba(17, 17, 17, 0.85);
+
+  /* Section heading color (over gradient) */
+  --c-section-heading: rgba(255, 255, 255, 0.92);
+
   /* Motion */
   --tr-fast: 120ms ease-out;
   --tr-base: 180ms ease-out;
@@ -81,6 +92,14 @@
   --sh-sm: 0 1px 2px rgba(0, 0, 0, 0.4);
   --sh-md: 0 4px 12px rgba(0, 0, 0, 0.45);
   --sh-lg: 0 12px 32px rgba(0, 0, 0, 0.5);
+
+  --sh-card: 0 6px 18px rgba(0, 0, 0, 0.45), 0 2px 6px rgba(0, 0, 0, 0.3);
+  --sh-card-hover: 0 12px 28px rgba(0, 0, 0, 0.55), 0 3px 8px rgba(0, 0, 0, 0.35);
+
+  --c-card-label: #f5f5f3;
+  --sh-card-label: 0 1px 6px rgba(0, 0, 0, 0.6);
+
+  --c-section-heading: rgba(245, 245, 243, 0.85);
 }
 
 @media (prefers-reduced-motion: reduce) {
diff --git a/web/src/routes/+layout.svelte b/web/src/routes/+layout.svelte
index 19901db..87d979d 100644
--- a/web/src/routes/+layout.svelte
+++ b/web/src/routes/+layout.svelte
@@ -26,8 +26,11 @@
     flex: 1;
     width: 100%;
     max-width: 1024px;
-    margin: var(--sp-6) auto 0;
-    padding: 0 var(--sp-4);
+    margin: 0 auto;
+    /* Top-aligned: cards flow from the top-left, left-to-right, top-to-bottom.
+     * padding-top is the gap below the header (intentionally generous so the
+     * grid breathes). padding-bottom is the min gap above footer. */
+    padding: 100px var(--sp-4) var(--sp-7);
     box-sizing: border-box;
   }
 
diff --git a/web/src/routes/+page.svelte b/web/src/routes/+page.svelte
index 0f9380c..c5be82d 100644
--- a/web/src/routes/+page.svelte
+++ b/web/src/routes/+page.svelte
@@ -7,8 +7,10 @@
     hasActiveFilter,
     clearFilters
   } from '$lib/stores/visible';
-  import GroupSection from '$lib/components/Nav/GroupSection.svelte';
   import NavGrid from '$lib/components/Nav/NavGrid.svelte';
+  import GroupFolder from '$lib/components/Nav/GroupFolder.svelte';
+  import GroupFolderModal from '$lib/components/Nav/GroupFolderModal.svelte';
+  import NavItem from '$lib/components/Nav/NavItem.svelte';
   import FavoritesSection from '$lib/components/Nav/FavoritesSection.svelte';
   import EmptyState from '$lib/components/Nav/EmptyState.svelte';
   import Skeleton from '$lib/components/ui/Skeleton.svelte';
@@ -25,6 +27,15 @@
   let createForGroupId = $state<number | null>(null);
   let editDialogOpen = $state(false);
 
+  /** Currently expanded folder (grouped + Launchpad mode). null = none. */
+  let openFolderId = $state<number | null>(null);
+
+  const openFolder = $derived(
+    openFolderId == null
+      ? null
+      : ($visibleSections.find((s) => s.group?.id === openFolderId) ?? null)
+  );
+
   function openEdit(item: Item) {
     editTarget = item;
     createForGroupId = null;
@@ -35,6 +46,9 @@
     createForGroupId = groupId;
     editDialogOpen = true;
   }
+
+  /** When grouped + filtering, flatten matched items so search bypasses folders. */
+  const filteredFlatItems = $derived($visibleSections.flatMap((s) => s.items));
 </script>
 
 <svelte:head>
@@ -53,7 +67,9 @@
     <Button onclick={() => navDataStore.refetch()}>{$t('error.network.retry')}</Button>
   </div>
 {:else}
-  <FavoritesSection onEdit={openEdit} />
+  {#if !$hasActiveFilter && $layoutMode === 'grouped'}
+    <FavoritesSection onEdit={openEdit} />
+  {/if}
   {#if $visibleSections.length === 0}
     {#if $hasActiveFilter}
       <EmptyState title={$t('nav.empty.search')} hint={$t('nav.empty.search.hint')} />
@@ -70,21 +86,52 @@
     {/if}
   {:else if $layoutMode === 'flat'}
     <section class="flat">
-      <NavGrid items={$visibleFlatItems} groupId={null} onEdit={openEdit} />
-      {#if $editModeStore}
-        <NewItemAffordance onClick={() => openCreate(null)} />
-      {/if}
+      <NavGrid items={$visibleFlatItems} groupId={null} onEdit={openEdit}>
+        {#snippet trailing()}
+          {#if $editModeStore}
+            <NewItemAffordance onClick={() => openCreate(null)} />
+          {/if}
+        {/snippet}
+      </NavGrid>
+    </section>
+  {:else if $hasActiveFilter}
+    <!-- Search active: bypass folders, show matching items flat. -->
+    <section class="flat">
+      <NavGrid items={filteredFlatItems} groupId={null} onEdit={openEdit} />
     </section>
   {:else}
-    {#each $visibleSections as section (section.group?.id ?? 'ungrouped')}
-      <GroupSection {section} onEdit={openEdit} />
-      {#if $editModeStore}
-        <NewItemAffordance onClick={() => openCreate(section.group?.id ?? null)} />
-      {/if}
-    {/each}
+    <!-- Launchpad-style folder grid: each group is a tile that expands on click. -->
+    <section class="folders">
+      <div class="folders-grid">
+        {#each $visibleSections as section (section.group?.id ?? 'ungrouped')}
+          {#if section.group}
+            <GroupFolder
+              group={section.group}
+              items={section.items}
+              onOpen={() => (openFolderId = section.group!.id)}
+            />
+          {:else}
+            <!-- Ungrouped items render inline as plain tiles, no folder. -->
+            {#each section.items as item (item.id)}
+              <NavItem {item} onEdit={openEdit} />
+            {/each}
+          {/if}
+        {/each}
+      </div>
+    </section>
   {/if}
 {/if}
 
+{#if openFolder?.group}
+  <GroupFolderModal
+    group={openFolder.group}
+    items={openFolder.items}
+    onClose={() => (openFolderId = null)}
+    onEdit={openEdit}
+    onCreate={() => openCreate(openFolder.group!.id)}
+  />
+{/if}
+
 <ItemEditDialog bind:open={editDialogOpen} target={editTarget} defaultGroupId={createForGroupId} />
 
 <style lang="scss">
@@ -100,7 +147,19 @@
     justify-content: center;
     margin-top: var(--sp-3);
   }
-  .flat {
-    margin-bottom: var(--sp-7);
+  /* Folder grid uses the same column / gap as NavGrid so folders and items
+   * render at consistent sizes regardless of which mode the user is in. */
+  .folders-grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fill, 120px);
+    gap: 36px 28px;
+    justify-content: center;
+    width: 100%;
+  }
+  @media (max-width: 500px) {
+    .folders-grid {
+      grid-template-columns: repeat(auto-fill, 72px);
+      gap: 24px 16px;
+    }
   }
 </style>
diff --git a/web/vite.config.ts b/web/vite.config.ts
index e521f72..933faf1 100644
--- a/web/vite.config.ts
+++ b/web/vite.config.ts
@@ -1,8 +1,33 @@
 import { sveltekit } from '@sveltejs/kit/vite';
-import type { UserConfig } from 'vite';
+import type { Plugin, UserConfig } from 'vite';
+import { readdirSync, writeFileSync } from 'node:fs';
+import { resolve } from 'node:path';
+
+/** Generate static/navIcons-manifest.json from the actual files in
+ * static/navIcons/ so the Item editor can render a picker without hard-coding
+ * a list. Runs once at config resolution (covers dev + build). */
+function navIconsManifestPlugin(): Plugin {
+  return {
+    name: 'nav-icons-manifest',
+    configResolved(cfg) {
+      const dir = resolve(cfg.root, 'static/navIcons');
+      try {
+        const files = readdirSync(dir)
+          .filter((f) => /\.(png|jpg|jpeg|webp|svg|gif)$/i.test(f))
+          .sort();
+        writeFileSync(
+          resolve(cfg.root, 'static/navIcons-manifest.json'),
+          JSON.stringify(files, null, 2)
+        );
+      } catch (e) {
+        cfg.logger.warn(`[nav-icons-manifest] skipped: ${(e as Error).message}`);
+      }
+    }
+  };
+}
 
 const config: UserConfig = {
-  plugins: [sveltekit()],
+  plugins: [navIconsManifestPlugin(), sveltekit()],
   server: {
     port: 5173,
     strictPort: true,

From 43cc4797425ab98c8a935960db2a5082c719b84d Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Thu, 21 May 2026 16:37:01 +0800
Subject: [PATCH 12/77] chore(deploy): drop Caddy front-proxy, make PORT
 configurable end-to-end

Intranet self-host is the primary deployment shape, so simplify the bundle:

- Remove Caddyfile and the caddy service from docker-compose.yml; nav now
  publishes ${PORT:-8080}:${PORT:-8080} directly with SECURE_COOKIES default
  flipped to false.
- Document the single PORT variable (covers both container-internal listen
  port and host mapping) in README, server/README, and .env.example.
- README gains explicit Build (SPA / release binary / Docker image) and
  Deployment (compose / docker run / data persistence / optional reverse
  proxy) sections.

No code change in navsrv: PORT was already wired through Settings (server/
src/config.rs) and consumed in main.rs, this commit just exposes it through
the deploy surface.
---
 Caddyfile           |   6 ---
 README.md           | 101 ++++++++++++++++++++++++++++++++++++++++++--
 docker-compose.yml  |  28 +++---------
 server/.env.example |   2 +
 server/README.md    |  21 +++++++--
 5 files changed, 123 insertions(+), 35 deletions(-)
 delete mode 100644 Caddyfile

diff --git a/Caddyfile b/Caddyfile
deleted file mode 100644
index da7ba62..0000000
--- a/Caddyfile
+++ /dev/null
@@ -1,6 +0,0 @@
-# Caddyfile — auto-TLS via Let's Encrypt.
-# Set DOMAIN env var (e.g. nav.example.com) before `docker compose up`.
-{$DOMAIN:localhost} {
-    reverse_proxy nav:8080
-    encode gzip
-}
diff --git a/README.md b/README.md
index 10b7f0c..c2046cb 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,11 @@
 A self-hostable navigation/bookmark dashboard with a Rust backend (Axum + SQLite),
 a SvelteKit SPA frontend, and an inline editor for the admin.
 
+The Rust binary serves both the JSON API (`/api/*`) and the SvelteKit SPA static
+assets in a single process — no separate web server or reverse proxy required.
+Designed for intranet self-hosting; expose via your network's existing TLS
+terminator if needed.
+
 ## Quickstart (Docker)
 
 ```bash
@@ -17,8 +22,7 @@ docker run -d \
 Visit http://localhost:8080. Click **Log in** in the top-right, enter your password,
 then click **Edit** to add/remove nav items inline.
 
-For HTTPS with Let's Encrypt, use `docker compose up -d` with the bundled
-`docker-compose.yml` (set `DOMAIN=nav.example.com`).
+See [Deployment](#deployment) for compose, custom port, and data persistence options.
 
 ## Project layout
 
@@ -30,7 +34,7 @@ For HTTPS with Let's Encrypt, use `docker compose up -d` with the bundled
 | `scripts/` | `docker-smoke.sh`, `e2e.sh`, `dump-bootstrap.mjs`. |
 | `docs/superpowers/` | Design specs and implementation plans. |
 | `Dockerfile` | Multi-stage build → distroless single image. |
-| `docker-compose.yml` + `Caddyfile` | Optional TLS-fronted deploy. |
+| `docker-compose.yml` | Sample single-service compose for intranet self-host. |
 
 ## Local development
 
@@ -66,6 +70,95 @@ Run e2e (requires Docker):
 bash scripts/e2e.sh
 ```
 
+## Build
+
+### Frontend (SvelteKit SPA)
+
+```bash
+cd web
+pnpm install
+pnpm build           # outputs to web/build (static assets)
+```
+
+### Backend (Rust release binary)
+
+```bash
+cd server
+SQLX_OFFLINE=true cargo build --release --bin navsrv
+# binary at server/target/release/navsrv
+```
+
+Run it with the SPA build directly (no Docker):
+
+```bash
+cd server
+STATIC_DIR=../web/build DATA_DIR=./prod-data \
+  ./target/release/navsrv
+```
+
+### Docker image
+
+```bash
+docker build -t navsrv:latest .
+```
+
+The multi-stage `Dockerfile`:
+1. builds the SPA with `node:20-alpine` + pnpm,
+2. builds the Rust binary with `rust:1.88-slim` (uses `SQLX_OFFLINE=true` against
+   the committed `server/.sqlx/` cache),
+3. assembles a distroless `gcr.io/distroless/cc-debian12` runtime (~70 MB) with
+   the binary at `/usr/local/bin/navsrv` and SPA assets at `/app/static`.
+
+Smoke-test the freshly built image:
+
+```bash
+bash scripts/docker-smoke.sh
+```
+
+## Deployment
+
+Single-process, single-port. Mount one volume for the SQLite DB + uploaded icons.
+
+### docker compose (recommended)
+
+```bash
+PORT=8080 BOOTSTRAP_ADMIN_PASSWORD=changeme docker compose up -d
+```
+
+`docker-compose.yml` publishes `${PORT}:${PORT}` and bind-mounts `./data` to
+`/app/data`. To switch ports later, change `PORT` and `up -d` again — both the
+host mapping and the container's listening port follow the same variable.
+
+### docker run
+
+```bash
+docker run -d --name nav \
+  -e PORT=9090 -p 9090:9090 \
+  -v ./data:/app/data \
+  -e BOOTSTRAP_ADMIN_PASSWORD=changeme \
+  navsrv:latest
+```
+
+If you keep the default `PORT=8080` baked into the image, just publish
+`-p <host>:8080`.
+
+### Data persistence
+
+Everything stateful lives under `DATA_DIR` (defaults to `/app/data` in Docker):
+
+- `data.db` — SQLite (WAL); contains nav items, sites, groups, admin password hash
+- `icons/` — proxied/uploaded favicon cache (7-day TTL refresh)
+- `INITIAL_PASSWORD.txt` — generated on first boot if `BOOTSTRAP_ADMIN_PASSWORD`
+  is unset; auto-deleted after the first password change via the UI
+
+Back up the volume to back up the whole instance.
+
+### Behind a reverse proxy (optional)
+
+For HTTPS or path prefixing, front `navsrv` with any reverse proxy (Caddy,
+nginx, Traefik, Cloudflare Tunnel, Tailscale Funnel...). When TLS is terminated
+upstream, set `SECURE_COOKIES=true` so session cookies are marked `Secure`.
+
 ## Configuration (env)
 
 | Var | Default | Notes |
@@ -74,7 +167,7 @@ bash scripts/e2e.sh
 | `DATA_DIR` | `/app/data` (Docker) / `./dev-data` (cargo) | SQLite + uploads + INITIAL_PASSWORD |
 | `STATIC_DIR` | `/app/static` (Docker) / `../web/build` (cargo) | SvelteKit build output |
 | `BOOTSTRAP_ADMIN_PASSWORD` | (unset) | First boot only; otherwise random + file |
-| `SECURE_COOKIES` | `false` (dev) / `true` (compose) | `true` requires HTTPS |
+| `SECURE_COOKIES` | `false` | Set `true` only when serving over HTTPS |
 | `RUST_LOG` | `info,sqlx=warn,tower_http=info` | tracing-subscriber filter |
 
 ## Resetting the admin password
diff --git a/docker-compose.yml b/docker-compose.yml
index 9be8bf3..38e3857 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,4 +1,5 @@
-# docker-compose.yml — sample. Adjust DOMAIN / image tag for your deploy.
+# docker-compose.yml — single-service self-host (intranet / no TLS).
+# Override the listening port with `PORT=9090 docker compose up -d`.
 services:
   nav:
     build: .
@@ -6,28 +7,11 @@ services:
     container_name: nav
     restart: unless-stopped
     environment:
+      PORT: ${PORT:-8080}
       BOOTSTRAP_ADMIN_PASSWORD: ${BOOTSTRAP_ADMIN_PASSWORD:-}
       RUST_LOG: ${RUST_LOG:-info,sqlx=warn,tower_http=info}
-      SECURE_COOKIES: ${SECURE_COOKIES:-true}
-    volumes:
-      - ./data:/app/data
-    expose:
-      - "8080"
-
-  caddy:
-    image: caddy:2
-    container_name: caddy
-    restart: unless-stopped
+      SECURE_COOKIES: ${SECURE_COOKIES:-false}
     ports:
-      - "80:80"
-      - "443:443"
+      - "${PORT:-8080}:${PORT:-8080}"
     volumes:
-      - ./Caddyfile:/etc/caddy/Caddyfile:ro
-      - caddy-data:/data
-      - caddy-config:/config
-    depends_on:
-      - nav
-
-volumes:
-  caddy-data:
-  caddy-config:
+      - ./data:/app/data
diff --git a/server/.env.example b/server/.env.example
index 13b9d38..633492d 100644
--- a/server/.env.example
+++ b/server/.env.example
@@ -1,4 +1,6 @@
 # Server
+# PORT is the TCP listen port; bind address is always 0.0.0.0.
+# Override at runtime with `PORT=9090 cargo run` or `-e PORT=9090` for Docker.
 PORT=8080
 DATA_DIR=./dev-data
 STATIC_DIR=../web/build
diff --git a/server/README.md b/server/README.md
index 9262ff1..a1b90a3 100644
--- a/server/README.md
+++ b/server/README.md
@@ -1,13 +1,15 @@
 # navsrv
 
-Rust backend for the navigation site (Plan 1 of 5). Serves the SPA + JSON API at `:8080`.
+Rust backend for the navigation site. Single Axum process that serves both the
+SvelteKit SPA static assets and the JSON API. Default port `8080`, override with
+`PORT=<n>`.
 
 ## Quickstart (dev)
 
 ```bash
 cd server
 cp .env.example .env       # edit if needed
-cargo run                  # listens on :8080
+cargo run                  # listens on :8080 (override with PORT=9090 cargo run)
 ```
 
 On first boot, an admin password is generated and printed. It's also written to
@@ -26,13 +28,26 @@ pnpm dev
 
 | Var                       | Default               | Notes                                  |
 |---------------------------|-----------------------|----------------------------------------|
-| `PORT`                    | `8080`                |                                        |
+| `PORT`                    | `8080`                | TCP listen port; bind addr is `0.0.0.0`|
 | `DATA_DIR`                | `./dev-data`          | SQLite DB + uploads + INITIAL_PASSWORD |
 | `STATIC_DIR`              | `../web/build`        | SvelteKit `pnpm build` output          |
 | `BOOTSTRAP_ADMIN_PASSWORD`| (unset)               | First boot only; else random+file      |
 | `SECURE_COOKIES`          | `false`               | Set `true` behind HTTPS                |
 | `RUST_LOG`                | `info,sqlx=warn,...`  | tracing-subscriber filter              |
 
+## Build
+
+```bash
+SQLX_OFFLINE=true cargo build --release --bin navsrv
+# binary at target/release/navsrv; runs against the committed .sqlx/ query cache
+```
+
+To regenerate the query cache after schema/query changes:
+
+```bash
+DATABASE_URL=sqlite://./dev-data/data.db cargo sqlx prepare
+```
+
 ## CLI
 
 ```

From 97f4d6301bec96855a20e23de75d3f5ee12454d9 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Thu, 21 May 2026 18:06:30 +0800
Subject: [PATCH 13/77] fix: persist tag_slugs by upserting tag rows + clearer
 Grouped/Flat mockups
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- repo/sqlx_impl.rs: create_item / patch_item used to do
  `INSERT INTO item_tags ... SELECT ... FROM tags WHERE slug = ?`,
  which silently inserted 0 rows for any unknown slug. The frontend
  passes slugs as free text from a CSV input, so unknown ones (e.g.
  "fav, tools" on a fresh DB) disappeared on save. Now we
  `INSERT OR IGNORE INTO tags (slug, name) VALUES (?, ?)` first and
  then link, so any new slug is persisted with its own tag row
  (name defaults to the slug; can be renamed later via /api/tags).
- tests/repo_items.rs: regression covers create_item and patch_item
  with previously-unregistered slugs.
- SettingsDialog.svelte: replace the CSS Grouped/Flat mockups with
  inline SVG so Grouped clearly shows "section header + tile row"
  per group instead of two thin horizontal bars; Flat is a uniform
  4×3 grid. Selected state colors stay accent-tinted.
---
 ...65afc97105d54a00897d9e5661877c7c9e207.json | 12 +++
 server/src/repo/sqlx_impl.rs                  | 14 +++
 server/tests/repo_items.rs                    | 62 +++++++++++++
 .../components/Editor/SettingsDialog.svelte   | 93 +++++++++----------
 4 files changed, 131 insertions(+), 50 deletions(-)
 create mode 100644 server/.sqlx/query-67fd65bbefe830b9c7554a091f665afc97105d54a00897d9e5661877c7c9e207.json

diff --git a/server/.sqlx/query-67fd65bbefe830b9c7554a091f665afc97105d54a00897d9e5661877c7c9e207.json b/server/.sqlx/query-67fd65bbefe830b9c7554a091f665afc97105d54a00897d9e5661877c7c9e207.json
new file mode 100644
index 0000000..9bbdaf7
--- /dev/null
+++ b/server/.sqlx/query-67fd65bbefe830b9c7554a091f665afc97105d54a00897d9e5661877c7c9e207.json
@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT OR IGNORE INTO tags (slug, name) VALUES (?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": []
+  },
+  "hash": "67fd65bbefe830b9c7554a091f665afc97105d54a00897d9e5661877c7c9e207"
+}
diff --git a/server/src/repo/sqlx_impl.rs b/server/src/repo/sqlx_impl.rs
index c8fedc0..3a8a830 100644
--- a/server/src/repo/sqlx_impl.rs
+++ b/server/src/repo/sqlx_impl.rs
@@ -356,6 +356,13 @@ impl NavRepo for SqlxNavRepo {
         }
 
         for slug in &p.tag_slugs {
+            sqlx::query!(
+                "INSERT OR IGNORE INTO tags (slug, name) VALUES (?, ?)",
+                slug,
+                slug
+            )
+            .execute(&mut *tx)
+            .await?;
             sqlx::query!(
                 r#"INSERT INTO item_tags (item_id, tag_id)
                     SELECT ?, tags.id FROM tags WHERE tags.slug = ?"#,
@@ -469,6 +476,13 @@ impl NavRepo for SqlxNavRepo {
                 .execute(&mut *tx)
                 .await?;
             for slug in tag_slugs {
+                sqlx::query!(
+                    "INSERT OR IGNORE INTO tags (slug, name) VALUES (?, ?)",
+                    slug,
+                    slug
+                )
+                .execute(&mut *tx)
+                .await?;
                 sqlx::query!(
                     r#"INSERT INTO item_tags (item_id, tag_id)
                         SELECT ?, tags.id FROM tags WHERE tags.slug = ?"#,
diff --git a/server/tests/repo_items.rs b/server/tests/repo_items.rs
index e919203..5650d71 100644
--- a/server/tests/repo_items.rs
+++ b/server/tests/repo_items.rs
@@ -182,3 +182,65 @@ async fn reorder_items_writes_sort_order() {
     assert_eq!(items[0].id, b.id);
     assert_eq!(items[1].id, a.id);
 }
+
+/// Regression: previously `create_item` / `patch_item` did
+/// `INSERT INTO item_tags ... SELECT ... FROM tags WHERE slug = ?`,
+/// which silently dropped tags whose slug was not pre-registered.
+/// Now they upsert the tag first, so a fresh slug should round-trip.
+#[tokio::test]
+async fn create_item_auto_creates_unknown_tag_slugs() {
+    let (repo, gid, _sid) = make_repo_with_seed().await;
+    let mut links = std::collections::BTreeMap::new();
+    links.insert("shangHai".into(), "http://example".into());
+    let item = repo
+        .create_item(ItemPayload {
+            group_id: Some(gid),
+            name: "X".into(),
+            name_i18n: None,
+            description: None,
+            description_i18n: None,
+            icon_kind: IconKind::Asset,
+            icon_value: "x.png".into(),
+            links,
+            tag_slugs: vec!["fresh-slug".into(), "tools".into()],
+        })
+        .await
+        .unwrap();
+    assert_eq!(item.tag_slugs.len(), 2);
+    assert!(item.tag_slugs.contains(&"fresh-slug".into()));
+    assert!(item.tag_slugs.contains(&"tools".into()));
+    let (_, _, _, tags) = repo.get_bundle().await.unwrap();
+    assert!(tags.iter().any(|t| t.slug == "fresh-slug"));
+}
+
+#[tokio::test]
+async fn patch_item_auto_creates_unknown_tag_slugs() {
+    let (repo, gid, _sid) = make_repo_with_seed().await;
+    let mut links = std::collections::BTreeMap::new();
+    links.insert("shangHai".into(), "http://example".into());
+    let item = repo
+        .create_item(ItemPayload {
+            group_id: Some(gid),
+            name: "X".into(),
+            name_i18n: None,
+            description: None,
+            description_i18n: None,
+            icon_kind: IconKind::Asset,
+            icon_value: "x.png".into(),
+            links,
+            tag_slugs: vec![],
+        })
+        .await
+        .unwrap();
+    let updated = repo
+        .patch_item(
+            item.id,
+            ItemPatch {
+                tag_slugs: Some(vec!["brand-new".into()]),
+                ..Default::default()
+            },
+        )
+        .await
+        .unwrap();
+    assert_eq!(updated.tag_slugs, vec!["brand-new"]);
+}
diff --git a/web/src/lib/components/Editor/SettingsDialog.svelte b/web/src/lib/components/Editor/SettingsDialog.svelte
index 9c9a791..cad7437 100644
--- a/web/src/lib/components/Editor/SettingsDialog.svelte
+++ b/web/src/lib/components/Editor/SettingsDialog.svelte
@@ -103,16 +103,21 @@
             bind:group={layoutMode}
             class="sr-only"
           />
-          <div class="mockup" aria-hidden="true">
-            <div class="hdr"></div>
-            <div class="row">
-              <span></span><span></span><span></span><span></span>
-            </div>
-            <div class="hdr"></div>
-            <div class="row">
-              <span></span><span></span><span></span>
-            </div>
-          </div>
+          <svg class="mockup" viewBox="0 0 100 60" aria-hidden="true">
+            <!-- Group 1: bullet + title bar + 4 tiles -->
+            <circle class="bullet" cx="6" cy="7" r="2" />
+            <rect class="title" x="12" y="5" width="40" height="4" rx="1" />
+            <rect class="tile" x="4" y="14" width="9" height="9" rx="1.5" />
+            <rect class="tile" x="16" y="14" width="9" height="9" rx="1.5" />
+            <rect class="tile" x="28" y="14" width="9" height="9" rx="1.5" />
+            <rect class="tile" x="40" y="14" width="9" height="9" rx="1.5" />
+            <!-- Group 2: bullet + title bar + 3 tiles -->
+            <circle class="bullet" cx="6" cy="35" r="2" />
+            <rect class="title" x="12" y="33" width="30" height="4" rx="1" />
+            <rect class="tile" x="4" y="42" width="9" height="9" rx="1.5" />
+            <rect class="tile" x="16" y="42" width="9" height="9" rx="1.5" />
+            <rect class="tile" x="28" y="42" width="9" height="9" rx="1.5" />
+          </svg>
           <strong>Grouped</strong>
           <small>Sections per group</small>
         </label>
@@ -124,17 +129,14 @@
             bind:group={layoutMode}
             class="sr-only"
           />
-          <div class="mockup" aria-hidden="true">
-            <div class="row">
-              <span></span><span></span><span></span><span></span>
-            </div>
-            <div class="row">
-              <span></span><span></span><span></span><span></span>
-            </div>
-            <div class="row">
-              <span></span><span></span>
-            </div>
-          </div>
+          <svg class="mockup" viewBox="0 0 100 60" aria-hidden="true">
+            <!-- 4 cols × 3 rows of even tiles -->
+            {#each [4, 16, 28, 40] as x}
+              {#each [6, 22, 38] as y}
+                <rect class="tile" {x} {y} width="9" height="9" rx="1.5" />
+              {/each}
+            {/each}
+          </svg>
           <strong>Flat</strong>
           <small>All items in one grid</small>
         </label>
@@ -233,13 +235,12 @@
     border: 0;
   }
 
-  /* Mini mockup of a nav layout. Heights / spacing tuned to fit the card. */
+  /* Mini SVG mockup of a nav layout. */
   .mockup {
-    display: flex;
-    flex-direction: column;
-    gap: 6px;
-    padding: 10px;
-    height: 96px;
+    display: block;
+    width: 100%;
+    height: auto;
+    aspect-ratio: 100 / 60;
     background: rgba(0, 0, 0, 0.04);
     border-radius: 6px;
     overflow: hidden;
@@ -247,33 +248,25 @@
   :global([data-theme='dark']) .mockup {
     background: rgba(255, 255, 255, 0.06);
   }
-  .mockup .hdr {
-    width: 38%;
-    height: 6px;
-    background: rgba(0, 0, 0, 0.3);
-    border-radius: 2px;
+  .mockup .bullet,
+  .mockup .title {
+    fill: rgba(0, 0, 0, 0.5);
   }
-  :global([data-theme='dark']) .mockup .hdr {
-    background: rgba(255, 255, 255, 0.4);
-  }
-  .mockup .row {
-    display: flex;
-    gap: 4px;
+  .mockup .tile {
+    fill: rgba(0, 0, 0, 0.18);
   }
-  .mockup .row span {
-    flex: 0 0 auto;
-    width: 12px;
-    height: 12px;
-    background: rgba(0, 0, 0, 0.18);
-    border-radius: 3px;
+  :global([data-theme='dark']) .mockup .bullet,
+  :global([data-theme='dark']) .mockup .title {
+    fill: rgba(255, 255, 255, 0.55);
   }
-  :global([data-theme='dark']) .mockup .row span {
-    background: rgba(255, 255, 255, 0.22);
+  :global([data-theme='dark']) .mockup .tile {
+    fill: rgba(255, 255, 255, 0.22);
   }
-  .layout-option.selected .mockup .hdr {
-    background: var(--c-accent);
+  .layout-option.selected .mockup .bullet,
+  .layout-option.selected .mockup .title {
+    fill: var(--c-accent);
   }
-  .layout-option.selected .mockup .row span {
-    background: color-mix(in srgb, var(--c-accent) 70%, transparent);
+  .layout-option.selected .mockup .tile {
+    fill: color-mix(in srgb, var(--c-accent) 70%, transparent);
   }
 </style>

From b24c8618aedfab929e802a701addbb5040c8a081 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Thu, 21 May 2026 18:37:15 +0800
Subject: [PATCH 14/77] fix(web): align Grouped mockup with actual GroupHeader
 (chevron, not bullet)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The previous SVG used a filled circle + long title bar per section, but
GroupHeader.svelte renders a chevron (▸) plus a short group name. Match
that: each row shows a small right-pointing triangle and a short title
bar, then a row of tiles.
---
 .../components/Editor/SettingsDialog.svelte   | 20 ++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/web/src/lib/components/Editor/SettingsDialog.svelte b/web/src/lib/components/Editor/SettingsDialog.svelte
index cad7437..1a606e4 100644
--- a/web/src/lib/components/Editor/SettingsDialog.svelte
+++ b/web/src/lib/components/Editor/SettingsDialog.svelte
@@ -104,19 +104,21 @@
             class="sr-only"
           />
           <svg class="mockup" viewBox="0 0 100 60" aria-hidden="true">
-            <!-- Group 1: bullet + title bar + 4 tiles -->
-            <circle class="bullet" cx="6" cy="7" r="2" />
-            <rect class="title" x="12" y="5" width="40" height="4" rx="1" />
+            <!-- Group 1: chevron + short title + tile row -->
+            <polygon class="chev" points="4,4 4,10 8,7" />
+            <rect class="title" x="11" y="5" width="20" height="4" rx="1" />
             <rect class="tile" x="4" y="14" width="9" height="9" rx="1.5" />
             <rect class="tile" x="16" y="14" width="9" height="9" rx="1.5" />
             <rect class="tile" x="28" y="14" width="9" height="9" rx="1.5" />
             <rect class="tile" x="40" y="14" width="9" height="9" rx="1.5" />
-            <!-- Group 2: bullet + title bar + 3 tiles -->
-            <circle class="bullet" cx="6" cy="35" r="2" />
-            <rect class="title" x="12" y="33" width="30" height="4" rx="1" />
+            <rect class="tile" x="52" y="14" width="9" height="9" rx="1.5" />
+            <!-- Group 2: chevron + short title + tile row -->
+            <polygon class="chev" points="4,32 4,38 8,35" />
+            <rect class="title" x="11" y="33" width="14" height="4" rx="1" />
             <rect class="tile" x="4" y="42" width="9" height="9" rx="1.5" />
             <rect class="tile" x="16" y="42" width="9" height="9" rx="1.5" />
             <rect class="tile" x="28" y="42" width="9" height="9" rx="1.5" />
+            <rect class="tile" x="40" y="42" width="9" height="9" rx="1.5" />
           </svg>
           <strong>Grouped</strong>
           <small>Sections per group</small>
@@ -248,21 +250,21 @@
   :global([data-theme='dark']) .mockup {
     background: rgba(255, 255, 255, 0.06);
   }
-  .mockup .bullet,
+  .mockup .chev,
   .mockup .title {
     fill: rgba(0, 0, 0, 0.5);
   }
   .mockup .tile {
     fill: rgba(0, 0, 0, 0.18);
   }
-  :global([data-theme='dark']) .mockup .bullet,
+  :global([data-theme='dark']) .mockup .chev,
   :global([data-theme='dark']) .mockup .title {
     fill: rgba(255, 255, 255, 0.55);
   }
   :global([data-theme='dark']) .mockup .tile {
     fill: rgba(255, 255, 255, 0.22);
   }
-  .layout-option.selected .mockup .bullet,
+  .layout-option.selected .mockup .chev,
   .layout-option.selected .mockup .title {
     fill: var(--c-accent);
   }

From 673cb0a5dd60a105b6fa338caaefdfa8f5aef90b Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Thu, 21 May 2026 18:42:16 +0800
Subject: [PATCH 15/77] fix(web): redraw Grouped mockup as Launchpad folder
 grid
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Actual Grouped mode in routes/+page.svelte is the Launchpad-style
folder grid (each group renders as a 120×120 rounded folder with a
2×2 thumbnail preview and label below — see GroupFolder.svelte), not
a chevron-headed list. Match that: 4 folder cells in a row, each
with a 2×2 dot grid inside and a small label underneath.
---
 .../components/Editor/SettingsDialog.svelte   | 47 +++++++++++--------
 1 file changed, 27 insertions(+), 20 deletions(-)

diff --git a/web/src/lib/components/Editor/SettingsDialog.svelte b/web/src/lib/components/Editor/SettingsDialog.svelte
index 1a606e4..a35fb23 100644
--- a/web/src/lib/components/Editor/SettingsDialog.svelte
+++ b/web/src/lib/components/Editor/SettingsDialog.svelte
@@ -104,21 +104,15 @@
             class="sr-only"
           />
           <svg class="mockup" viewBox="0 0 100 60" aria-hidden="true">
-            <!-- Group 1: chevron + short title + tile row -->
-            <polygon class="chev" points="4,4 4,10 8,7" />
-            <rect class="title" x="11" y="5" width="20" height="4" rx="1" />
-            <rect class="tile" x="4" y="14" width="9" height="9" rx="1.5" />
-            <rect class="tile" x="16" y="14" width="9" height="9" rx="1.5" />
-            <rect class="tile" x="28" y="14" width="9" height="9" rx="1.5" />
-            <rect class="tile" x="40" y="14" width="9" height="9" rx="1.5" />
-            <rect class="tile" x="52" y="14" width="9" height="9" rx="1.5" />
-            <!-- Group 2: chevron + short title + tile row -->
-            <polygon class="chev" points="4,32 4,38 8,35" />
-            <rect class="title" x="11" y="33" width="14" height="4" rx="1" />
-            <rect class="tile" x="4" y="42" width="9" height="9" rx="1.5" />
-            <rect class="tile" x="16" y="42" width="9" height="9" rx="1.5" />
-            <rect class="tile" x="28" y="42" width="9" height="9" rx="1.5" />
-            <rect class="tile" x="40" y="42" width="9" height="9" rx="1.5" />
+            <!-- Launchpad folder row: 4 rounded squares, each with a 2×2 mini grid + label -->
+            {#each [9, 31, 53, 75] as fx}
+              <rect class="folder" x={fx} y="14" width="16" height="16" rx="3" />
+              <rect class="dot" x={fx + 2.5} y="16.5" width="5" height="5" rx="1" />
+              <rect class="dot" x={fx + 8.5} y="16.5" width="5" height="5" rx="1" />
+              <rect class="dot" x={fx + 2.5} y="22.5" width="5" height="5" rx="1" />
+              <rect class="dot" x={fx + 8.5} y="22.5" width="5" height="5" rx="1" />
+              <rect class="title" x={fx + 3} y="34" width="10" height="3" rx="1" />
+            {/each}
           </svg>
           <strong>Grouped</strong>
           <small>Sections per group</small>
@@ -250,24 +244,37 @@
   :global([data-theme='dark']) .mockup {
     background: rgba(255, 255, 255, 0.06);
   }
-  .mockup .chev,
   .mockup .title {
     fill: rgba(0, 0, 0, 0.5);
   }
+  .mockup .folder {
+    fill: rgba(0, 0, 0, 0.06);
+    stroke: rgba(0, 0, 0, 0.18);
+    stroke-width: 0.5;
+  }
+  .mockup .dot,
   .mockup .tile {
-    fill: rgba(0, 0, 0, 0.18);
+    fill: rgba(0, 0, 0, 0.28);
   }
-  :global([data-theme='dark']) .mockup .chev,
   :global([data-theme='dark']) .mockup .title {
     fill: rgba(255, 255, 255, 0.55);
   }
+  :global([data-theme='dark']) .mockup .folder {
+    fill: rgba(255, 255, 255, 0.04);
+    stroke: rgba(255, 255, 255, 0.22);
+  }
+  :global([data-theme='dark']) .mockup .dot,
   :global([data-theme='dark']) .mockup .tile {
-    fill: rgba(255, 255, 255, 0.22);
+    fill: rgba(255, 255, 255, 0.32);
   }
-  .layout-option.selected .mockup .chev,
   .layout-option.selected .mockup .title {
     fill: var(--c-accent);
   }
+  .layout-option.selected .mockup .folder {
+    fill: color-mix(in srgb, var(--c-accent) 12%, transparent);
+    stroke: var(--c-accent);
+  }
+  .layout-option.selected .mockup .dot,
   .layout-option.selected .mockup .tile {
     fill: color-mix(in srgb, var(--c-accent) 70%, transparent);
   }

From 720fb50212ad58e379bfe1714843319a1a54978e Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Thu, 21 May 2026 20:00:47 +0800
Subject: [PATCH 16/77] feat(admin): consolidate config under /admin route +
 reject deletes that would orphan data
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replaces the old SettingsDialog with a dedicated /admin page that is
the single home for everything except editing individual nav items.

Frontend
--------
- IconSourcePicker (lib/components/Editor): extracted from
  ItemEditDialog so the same picker handles bundled icons, custom
  URLs, auto-favicons, and a new local-file upload (POSTs to
  /api/icons/upload). Callers narrow what's exposed via allowedKinds.
- ItemEditDialog now uses IconSourcePicker; no UX change beyond the
  added "Upload local file" button under Custom URL.
- /admin route (routes/admin/+page.svelte) with four tabs:
    Site    — Branding (incl. avatar via IconSourcePicker; supports
              bundled or URL/upload), Layout mode picker
              (Grouped/Flat with the Launchpad mockup from the
              previous fix).
    Groups  — list + inline rename + delete; flags how many items
              each group still holds.
    Sites   — list + inline rename + delete + isDefault toggle;
              shows reference count and refuses delete client-side
              when references exist.
    Tags    — list + inline rename + delete; auto-created tags from
              the item editor's slug input show up here for renaming.
  Page guards against unauthenticated access by redirecting to /.
- AuthControls: gear icon now navigates to /admin instead of opening
  SettingsDialog. SettingsDialog is removed.
- New API helpers under lib/api/admin.ts (groups/sites/tags CRUD)
  and lib/api/icons.ts (uploadIcon).

Backend
-------
- delete_site now refuses with 409 Conflict when item_links still
  reference the site (previously CASCADE wiped the links silently).
- delete_group now refuses with 409 Conflict when items still belong
  to the group (previously the FK SET NULL silently orphaned them).
- Regression test: delete_site_referenced_by_item_returns_conflict.
---
 ...6803ff07e5e9fe430b0b8008fdabf82c4e350.json |  20 ++
 ...1142dc944b5172f5e02e759754ba0f4869d53.json |  20 ++
 server/src/repo/sqlx_impl.rs                  |  18 ++
 server/tests/repo_sites.rs                    |  43 ++-
 web/src/lib/api/admin.ts                      |  97 ++++++
 web/src/lib/api/icons.ts                      |  21 ++
 .../components/Admin/AdminGroupsTab.svelte    | 225 ++++++++++++++
 .../AdminSiteTab.svelte}                      | 224 +++++++-------
 .../lib/components/Admin/AdminSitesTab.svelte | 275 ++++++++++++++++++
 .../lib/components/Admin/AdminTagsTab.svelte  | 232 +++++++++++++++
 .../components/Editor/IconSourcePicker.svelte | 260 +++++++++++++++++
 .../components/Editor/ItemEditDialog.svelte   | 109 +------
 .../lib/components/Header/AuthControls.svelte |   6 +-
 web/src/routes/admin/+page.svelte             | 155 ++++++++++
 14 files changed, 1494 insertions(+), 211 deletions(-)
 create mode 100644 server/.sqlx/query-54371a593dc8c8ac7684105c86f6803ff07e5e9fe430b0b8008fdabf82c4e350.json
 create mode 100644 server/.sqlx/query-8f57ccc5cbd9fadbe8772d96aa61142dc944b5172f5e02e759754ba0f4869d53.json
 create mode 100644 web/src/lib/api/admin.ts
 create mode 100644 web/src/lib/api/icons.ts
 create mode 100644 web/src/lib/components/Admin/AdminGroupsTab.svelte
 rename web/src/lib/components/{Editor/SettingsDialog.svelte => Admin/AdminSiteTab.svelte} (52%)
 create mode 100644 web/src/lib/components/Admin/AdminSitesTab.svelte
 create mode 100644 web/src/lib/components/Admin/AdminTagsTab.svelte
 create mode 100644 web/src/lib/components/Editor/IconSourcePicker.svelte
 create mode 100644 web/src/routes/admin/+page.svelte

diff --git a/server/.sqlx/query-54371a593dc8c8ac7684105c86f6803ff07e5e9fe430b0b8008fdabf82c4e350.json b/server/.sqlx/query-54371a593dc8c8ac7684105c86f6803ff07e5e9fe430b0b8008fdabf82c4e350.json
new file mode 100644
index 0000000..aa11e61
--- /dev/null
+++ b/server/.sqlx/query-54371a593dc8c8ac7684105c86f6803ff07e5e9fe430b0b8008fdabf82c4e350.json
@@ -0,0 +1,20 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT COUNT(*) FROM item_links WHERE site_id=?",
+  "describe": {
+    "columns": [
+      {
+        "name": "COUNT(*)",
+        "ordinal": 0,
+        "type_info": "Int"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "54371a593dc8c8ac7684105c86f6803ff07e5e9fe430b0b8008fdabf82c4e350"
+}
diff --git a/server/.sqlx/query-8f57ccc5cbd9fadbe8772d96aa61142dc944b5172f5e02e759754ba0f4869d53.json b/server/.sqlx/query-8f57ccc5cbd9fadbe8772d96aa61142dc944b5172f5e02e759754ba0f4869d53.json
new file mode 100644
index 0000000..a7c9c43
--- /dev/null
+++ b/server/.sqlx/query-8f57ccc5cbd9fadbe8772d96aa61142dc944b5172f5e02e759754ba0f4869d53.json
@@ -0,0 +1,20 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT COUNT(*) FROM items WHERE group_id=?",
+  "describe": {
+    "columns": [
+      {
+        "name": "COUNT(*)",
+        "ordinal": 0,
+        "type_info": "Int"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "8f57ccc5cbd9fadbe8772d96aa61142dc944b5172f5e02e759754ba0f4869d53"
+}
diff --git a/server/src/repo/sqlx_impl.rs b/server/src/repo/sqlx_impl.rs
index 3a8a830..1439840 100644
--- a/server/src/repo/sqlx_impl.rs
+++ b/server/src/repo/sqlx_impl.rs
@@ -123,6 +123,15 @@ impl NavRepo for SqlxNavRepo {
     }
 
     async fn delete_site(&self, id: i64) -> Result<()> {
+        let referenced: i32 =
+            sqlx::query_scalar!("SELECT COUNT(*) FROM item_links WHERE site_id=?", id)
+                .fetch_one(&self.pool)
+                .await?;
+        if referenced > 0 {
+            return Err(AppError::Conflict(format!(
+                "site is referenced by {referenced} item link(s); remove them first"
+            )));
+        }
         let res = sqlx::query!("DELETE FROM sites WHERE id=?", id)
             .execute(&self.pool)
             .await?;
@@ -223,6 +232,15 @@ impl NavRepo for SqlxNavRepo {
     }
 
     async fn delete_group(&self, id: i64) -> Result<()> {
+        let referenced: i32 =
+            sqlx::query_scalar!("SELECT COUNT(*) FROM items WHERE group_id=?", id)
+                .fetch_one(&self.pool)
+                .await?;
+        if referenced > 0 {
+            return Err(AppError::Conflict(format!(
+                "group still contains {referenced} item(s); move them first"
+            )));
+        }
         let res = sqlx::query!("DELETE FROM groups WHERE id=?", id)
             .execute(&self.pool)
             .await?;
diff --git a/server/tests/repo_sites.rs b/server/tests/repo_sites.rs
index 43d28e7..d35e881 100644
--- a/server/tests/repo_sites.rs
+++ b/server/tests/repo_sites.rs
@@ -1,5 +1,5 @@
 use navsrv::db::connect_in_memory;
-use navsrv::dto::{SitePatch, SitePayload};
+use navsrv::dto::{GroupPayload, IconKind, ItemPayload, SitePatch, SitePayload};
 use navsrv::error::AppError;
 use navsrv::repo::{NavRepo, SqlxNavRepo};
 
@@ -72,3 +72,44 @@ async fn unique_value_constraint_returns_conflict() {
         .unwrap_err();
     assert!(matches!(err, AppError::Conflict(_)), "got {err:?}");
 }
+
+#[tokio::test]
+async fn delete_site_referenced_by_item_returns_conflict() {
+    let pool = connect_in_memory().await.unwrap();
+    let repo = SqlxNavRepo::new(pool);
+    let g = repo
+        .create_group(GroupPayload {
+            slug: "g".into(),
+            name: "G".into(),
+            name_i18n: None,
+            collapsed_default: false,
+        })
+        .await
+        .unwrap();
+    let s = repo
+        .create_site(SitePayload {
+            value: "siteA".into(),
+            name: "A".into(),
+            name_i18n: None,
+            is_default: true,
+        })
+        .await
+        .unwrap();
+    let mut links = std::collections::BTreeMap::new();
+    links.insert("siteA".into(), "http://x".into());
+    repo.create_item(ItemPayload {
+        group_id: Some(g.id),
+        name: "I".into(),
+        name_i18n: None,
+        description: None,
+        description_i18n: None,
+        icon_kind: IconKind::Asset,
+        icon_value: "x.png".into(),
+        links,
+        tag_slugs: vec![],
+    })
+    .await
+    .unwrap();
+    let err = repo.delete_site(s.id).await.unwrap_err();
+    assert!(matches!(err, AppError::Conflict(_)), "got {err:?}");
+}
diff --git a/web/src/lib/api/admin.ts b/web/src/lib/api/admin.ts
new file mode 100644
index 0000000..510a9f3
--- /dev/null
+++ b/web/src/lib/api/admin.ts
@@ -0,0 +1,97 @@
+import { apiClient } from './client';
+import { GroupSchema, SiteSchema, TagSchema, type Group, type Site, type Tag } from '$lib/types/nav';
+
+// ----- Groups -----
+
+export interface GroupPayload {
+  slug: string;
+  name: string;
+  nameI18n?: Record<string, string> | null;
+  collapsedDefault?: boolean;
+}
+export type GroupPatch = Partial<GroupPayload>;
+
+export function createGroup(payload: GroupPayload): Promise<Group> {
+  return apiClient<Group>({
+    method: 'POST',
+    path: '/api/groups',
+    body: payload,
+    responseSchema: GroupSchema
+  });
+}
+
+export function patchGroup(id: number, patch: GroupPatch): Promise<Group> {
+  return apiClient<Group>({
+    method: 'PATCH',
+    path: `/api/groups/${id}`,
+    body: patch,
+    responseSchema: GroupSchema
+  });
+}
+
+export function deleteGroup(id: number): Promise<void> {
+  return apiClient<void>({ method: 'DELETE', path: `/api/groups/${id}` });
+}
+
+// ----- Sites -----
+
+export interface SitePayload {
+  value: string;
+  name: string;
+  nameI18n?: Record<string, string> | null;
+  isDefault?: boolean;
+}
+export type SitePatch = Partial<SitePayload>;
+
+export function createSite(payload: SitePayload): Promise<Site> {
+  return apiClient<Site>({
+    method: 'POST',
+    path: '/api/sites',
+    body: payload,
+    responseSchema: SiteSchema
+  });
+}
+
+export function patchSite(id: number, patch: SitePatch): Promise<Site> {
+  return apiClient<Site>({
+    method: 'PATCH',
+    path: `/api/sites/${id}`,
+    body: patch,
+    responseSchema: SiteSchema
+  });
+}
+
+export function deleteSite(id: number): Promise<void> {
+  return apiClient<void>({ method: 'DELETE', path: `/api/sites/${id}` });
+}
+
+// ----- Tags -----
+
+export interface TagPayload {
+  slug: string;
+  name: string;
+  nameI18n?: Record<string, string> | null;
+}
+export type TagPatch = Partial<TagPayload>;
+
+export function createTag(payload: TagPayload): Promise<Tag> {
+  return apiClient<Tag>({
+    method: 'POST',
+    path: '/api/tags',
+    body: payload,
+    responseSchema: TagSchema
+  });
+}
+
+export function patchTag(id: number, patch: TagPatch): Promise<Tag> {
+  return apiClient<Tag>({
+    method: 'PATCH',
+    path: `/api/tags/${id}`,
+    body: patch,
+    responseSchema: TagSchema
+  });
+}
+
+export function deleteTag(id: number): Promise<void> {
+  return apiClient<void>({ method: 'DELETE', path: `/api/tags/${id}` });
+}
diff --git a/web/src/lib/api/icons.ts b/web/src/lib/api/icons.ts
new file mode 100644
index 0000000..efd7ddb
--- /dev/null
+++ b/web/src/lib/api/icons.ts
@@ -0,0 +1,21 @@
+import { z } from 'zod';
+import { apiClient } from './client';
+
+const UploadResponseSchema = z.object({
+  path: z.string(),
+  size: z.number(),
+  mime: z.string().nullable().optional()
+});
+export type UploadResponse = z.infer<typeof UploadResponseSchema>;
+
+/** POST /api/icons/upload — admin auth required, multipart `file` field. */
+export async function uploadIcon(file: File): Promise<UploadResponse> {
+  const fd = new FormData();
+  fd.append('file', file);
+  return apiClient<UploadResponse>({
+    method: 'POST',
+    path: '/api/icons/upload',
+    body: fd,
+    responseSchema: UploadResponseSchema
+  });
+}
diff --git a/web/src/lib/components/Admin/AdminGroupsTab.svelte b/web/src/lib/components/Admin/AdminGroupsTab.svelte
new file mode 100644
index 0000000..0d7cbc7
--- /dev/null
+++ b/web/src/lib/components/Admin/AdminGroupsTab.svelte
@@ -0,0 +1,225 @@
+<script lang="ts">
+  import Button from '$lib/components/ui/Button.svelte';
+  import Input from '$lib/components/ui/Input.svelte';
+  import { navDataStore } from '$lib/stores/navData';
+  import { createGroup, patchGroup, deleteGroup } from '$lib/api/admin';
+  import { ApiError } from '$lib/api/client';
+  import { toast } from '$lib/components/ui/toast';
+  import { t } from '$lib/i18n/store';
+  import type { Group } from '$lib/types/nav';
+
+  const groups = $derived($navDataStore.bundle?.groups ?? []);
+  const itemCountByGroup = $derived.by(() => {
+    const map = new Map<number, number>();
+    for (const it of $navDataStore.bundle?.items ?? []) {
+      if (it.groupId == null) continue;
+      map.set(it.groupId, (map.get(it.groupId) ?? 0) + 1);
+    }
+    return map;
+  });
+
+  let editingId = $state<number | null>(null);
+  let editName = $state('');
+  let editSlug = $state('');
+
+  let creating = $state(false);
+  let newName = $state('');
+  let newSlug = $state('');
+  let busy = $state(false);
+
+  function startEdit(g: Group) {
+    editingId = g.id;
+    editName = g.name;
+    editSlug = g.slug;
+  }
+  function cancelEdit() {
+    editingId = null;
+  }
+  async function saveEdit() {
+    if (editingId == null || busy) return;
+    busy = true;
+    try {
+      await patchGroup(editingId, { name: editName.trim(), slug: editSlug.trim() });
+      await navDataStore.refetch();
+      editingId = null;
+      toast.success($t('common.save') + ' ✓');
+    } catch (e) {
+      toast.error(e instanceof ApiError ? e.message : 'Save failed');
+    } finally {
+      busy = false;
+    }
+  }
+
+  async function remove(g: Group) {
+    if (busy) return;
+    const count = itemCountByGroup.get(g.id) ?? 0;
+    const confirmMsg =
+      count > 0
+        ? `Group "${g.name}" still contains ${count} item(s). Delete anyway?`
+        : `Delete group "${g.name}"?`;
+    if (!confirm(confirmMsg)) return;
+    busy = true;
+    try {
+      await deleteGroup(g.id);
+      await navDataStore.refetch();
+      toast.success('Deleted ✓');
+    } catch (e) {
+      toast.error(e instanceof ApiError ? e.message : 'Delete failed');
+    } finally {
+      busy = false;
+    }
+  }
+
+  function startCreate() {
+    creating = true;
+    newName = '';
+    newSlug = '';
+  }
+  function cancelCreate() {
+    creating = false;
+  }
+  async function commitCreate() {
+    if (busy) return;
+    if (!newName.trim() || !newSlug.trim()) {
+      toast.error('Both slug and name are required');
+      return;
+    }
+    busy = true;
+    try {
+      await createGroup({
+        slug: newSlug.trim(),
+        name: newName.trim(),
+        collapsedDefault: false
+      });
+      await navDataStore.refetch();
+      creating = false;
+      toast.success('Created ✓');
+    } catch (e) {
+      toast.error(e instanceof ApiError ? e.message : 'Create failed');
+    } finally {
+      busy = false;
+    }
+  }
+</script>
+
+<div class="tab">
+  <header class="head">
+    <h3>Groups <small>({groups.length})</small></h3>
+    {#if !creating}
+      <Button intent="primary" size="sm" onclick={startCreate}>＋ New group</Button>
+    {/if}
+  </header>
+
+  {#if creating}
+    <div class="row create-row">
+      <Input label="Slug" bind:value={newSlug} placeholder="tools" />
+      <Input label="Name" bind:value={newName} placeholder="Tools" />
+      <div class="row-actions">
+        <Button intent="primary" size="sm" onclick={commitCreate} loading={busy}>Create</Button>
+        <Button intent="ghost" size="sm" onclick={cancelCreate}>Cancel</Button>
+      </div>
+    </div>
+  {/if}
+
+  <ul class="list">
+    {#each groups as g (g.id)}
+      <li class="row">
+        {#if editingId === g.id}
+          <Input label="Slug" bind:value={editSlug} />
+          <Input label="Name" bind:value={editName} />
+          <div class="row-actions">
+            <Button intent="primary" size="sm" onclick={saveEdit} loading={busy}>Save</Button>
+            <Button intent="ghost" size="sm" onclick={cancelEdit}>Cancel</Button>
+          </div>
+        {:else}
+          <div class="info">
+            <strong>{g.name}</strong>
+            <span class="slug">{g.slug}</span>
+            <span class="count">{itemCountByGroup.get(g.id) ?? 0} item(s)</span>
+          </div>
+          <div class="row-actions">
+            <Button intent="ghost" size="sm" onclick={() => startEdit(g)}>Edit</Button>
+            <Button intent="ghost" size="sm" onclick={() => remove(g)}>Delete</Button>
+          </div>
+        {/if}
+      </li>
+    {/each}
+    {#if groups.length === 0}
+      <li class="empty">No groups yet. Create one to start organising items.</li>
+    {/if}
+  </ul>
+</div>
+
+<style lang="scss">
+  .tab {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-3);
+  }
+  .head {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    h3 {
+      margin: 0;
+      font-size: var(--fs-lg);
+      small {
+        color: var(--c-text-3);
+        font-weight: var(--fw-regular);
+      }
+    }
+  }
+  .list {
+    list-style: none;
+    margin: 0;
+    padding: 0;
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-2);
+  }
+  .row {
+    display: grid;
+    grid-template-columns: 1fr auto;
+    align-items: center;
+    gap: var(--sp-3);
+    padding: var(--sp-3);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-md);
+    background: rgba(255, 255, 255, 0.45);
+  }
+  :global([data-theme='dark']) .row {
+    background: rgba(255, 255, 255, 0.04);
+  }
+  .create-row {
+    grid-template-columns: 1fr 1fr auto;
+  }
+  .row .info {
+    display: flex;
+    align-items: baseline;
+    gap: var(--sp-3);
+    flex-wrap: wrap;
+    strong {
+      font-size: var(--fs-md);
+    }
+    .slug {
+      font-family: var(--ft-mono);
+      font-size: var(--fs-sm);
+      color: var(--c-text-3);
+    }
+    .count {
+      font-size: var(--fs-xs);
+      color: var(--c-text-3);
+    }
+  }
+  .row-actions {
+    display: flex;
+    gap: var(--sp-2);
+    align-items: end;
+  }
+  .empty {
+    padding: var(--sp-4);
+    text-align: center;
+    color: var(--c-text-3);
+    font-size: var(--fs-sm);
+  }
+</style>
diff --git a/web/src/lib/components/Editor/SettingsDialog.svelte b/web/src/lib/components/Admin/AdminSiteTab.svelte
similarity index 52%
rename from web/src/lib/components/Editor/SettingsDialog.svelte
rename to web/src/lib/components/Admin/AdminSiteTab.svelte
index a35fb23..f73dff0 100644
--- a/web/src/lib/components/Editor/SettingsDialog.svelte
+++ b/web/src/lib/components/Admin/AdminSiteTab.svelte
@@ -1,26 +1,23 @@
 <script lang="ts">
-  import Dialog from '$lib/components/ui/Dialog.svelte';
   import Button from '$lib/components/ui/Button.svelte';
   import Input from '$lib/components/ui/Input.svelte';
+  import IconSourcePicker from '$lib/components/Editor/IconSourcePicker.svelte';
   import { navDataStore } from '$lib/stores/navData';
   import { patchConfig } from '$lib/api/nav';
   import { ApiError } from '$lib/api/client';
   import { toast } from '$lib/components/ui/toast';
   import { t } from '$lib/i18n/store';
 
-  interface Props {
-    open: boolean;
-  }
-  let { open = $bindable(false) }: Props = $props();
-
   let layoutMode = $state<'grouped' | 'flat'>('grouped');
   let siteName = $state('');
-  let siteAvatarPath = $state('');
   let siteCopyright = $state('');
+  /** IconSourcePicker bindings. `avatarValue` is the picker-relative payload:
+   *   - kind=asset → bundled icon filename ("foo.png")
+   *   - kind=url   → raw URL or absolute path ("/icons/abc.png" or "https://…") */
+  let avatarKind = $state<'asset' | 'url' | 'auto-favicon'>('url');
+  let avatarValue = $state('');
   let saving = $state(false);
   let error = $state<string | null>(null);
-
-  // Snapshot of values when the dialog opened, so we only send changed keys.
   let initial = $state({
     layoutMode: 'grouped',
     siteName: '',
@@ -28,23 +25,38 @@
     siteCopyright: ''
   });
 
-  // Hydrate inputs once per open transition. Tracking only `open` (not the
-  // navDataStore meta inside) prevents bundle refetches mid-edit from wiping
-  // the user's typed-but-not-yet-saved values.
-  let hydrated = $state(false);
-  $effect(() => {
-    if (open && !hydrated) {
-      const m = $navDataStore.bundle?.meta;
-      layoutMode = (m?.layoutMode ?? 'grouped') as 'grouped' | 'flat';
-      siteName = m?.siteName ?? '';
-      siteAvatarPath = m?.siteAvatarPath ?? '';
-      siteCopyright = m?.siteCopyright ?? '';
-      initial = { layoutMode, siteName, siteAvatarPath, siteCopyright };
-      error = null;
-      hydrated = true;
-    } else if (!open) {
-      hydrated = false;
+  /** Map the stored config string to the picker's (kind, value) pair. */
+  function loadAvatar(path: string) {
+    if (path.startsWith('/navIcons/')) {
+      avatarKind = 'asset';
+      avatarValue = path.slice('/navIcons/'.length);
+    } else {
+      avatarKind = 'url';
+      avatarValue = path;
     }
+  }
+  /** Inverse of loadAvatar; produces the string to persist in config. */
+  function currentAvatarPath(): string {
+    const v = avatarValue.trim();
+    if (avatarKind === 'asset' && v) return `/navIcons/${v}`;
+    return v;
+  }
+
+  let hydrated = false;
+  $effect(() => {
+    const m = $navDataStore.bundle?.meta;
+    if (!m || hydrated) return;
+    layoutMode = (m.layoutMode ?? 'grouped') as 'grouped' | 'flat';
+    siteName = m.siteName ?? '';
+    siteCopyright = m.siteCopyright ?? '';
+    loadAvatar(m.siteAvatarPath ?? '');
+    initial = {
+      layoutMode,
+      siteName,
+      siteAvatarPath: m.siteAvatarPath ?? '',
+      siteCopyright
+    };
+    hydrated = true;
   });
 
   async function save() {
@@ -53,14 +65,15 @@
     error = null;
     try {
       const changes: Array<{ key: string; value: string }> = [];
+      const avatarPath = currentAvatarPath();
       if (layoutMode !== initial.layoutMode) {
         changes.push({ key: 'layout_mode', value: layoutMode });
       }
       if (siteName.trim() !== initial.siteName) {
         changes.push({ key: 'site_name', value: siteName.trim() });
       }
-      if (siteAvatarPath.trim() !== initial.siteAvatarPath) {
-        changes.push({ key: 'site_avatar_path', value: siteAvatarPath.trim() });
+      if (avatarPath !== initial.siteAvatarPath) {
+        changes.push({ key: 'site_avatar_path', value: avatarPath });
       }
       if (siteCopyright !== initial.siteCopyright) {
         changes.push({ key: 'site_copyright', value: siteCopyright });
@@ -68,9 +81,9 @@
       if (changes.length > 0) {
         await patchConfig(changes);
         await navDataStore.refetch();
+        initial = { layoutMode, siteName, siteAvatarPath: avatarPath, siteCopyright };
       }
       toast.success($t('common.save') + ' ✓');
-      open = false;
     } catch (e) {
       error = e instanceof ApiError ? (e.message ?? e.code) : $t('error.unknown');
     } finally {
@@ -79,78 +92,79 @@
   }
 </script>
 
-<Dialog bind:open title="Site settings" width="md">
-  <div class="form">
-    <fieldset>
-      <legend>Branding</legend>
-      <Input label="Site title" bind:value={siteName} placeholder="Pico Nav" />
-      <Input
-        label="Site avatar URL or path"
-        bind:value={siteAvatarPath}
-        placeholder="/avatars/me.png or https://…"
-        helpText="Shown next to the site title in the header. Leave blank to hide."
+<div class="form">
+  <fieldset>
+    <legend>Branding</legend>
+    <Input label="Site title" bind:value={siteName} placeholder="Pico Nav" />
+    <div class="grp">
+      <span class="lbl">Site avatar</span>
+      <IconSourcePicker
+        bind:kind={avatarKind}
+        bind:value={avatarValue}
+        allowedKinds={['asset', 'url']}
       />
-      <Input label="Footer copyright" bind:value={siteCopyright} placeholder="© 2026 Your Name" />
-    </fieldset>
-    <fieldset>
-      <legend>Layout mode</legend>
-      <div class="layout-grid">
-        <label class="layout-option" class:selected={layoutMode === 'grouped'}>
-          <input
-            type="radio"
-            name="layoutMode"
-            value="grouped"
-            bind:group={layoutMode}
-            class="sr-only"
-          />
-          <svg class="mockup" viewBox="0 0 100 60" aria-hidden="true">
-            <!-- Launchpad folder row: 4 rounded squares, each with a 2×2 mini grid + label -->
-            {#each [9, 31, 53, 75] as fx}
-              <rect class="folder" x={fx} y="14" width="16" height="16" rx="3" />
-              <rect class="dot" x={fx + 2.5} y="16.5" width="5" height="5" rx="1" />
-              <rect class="dot" x={fx + 8.5} y="16.5" width="5" height="5" rx="1" />
-              <rect class="dot" x={fx + 2.5} y="22.5" width="5" height="5" rx="1" />
-              <rect class="dot" x={fx + 8.5} y="22.5" width="5" height="5" rx="1" />
-              <rect class="title" x={fx + 3} y="34" width="10" height="3" rx="1" />
-            {/each}
-          </svg>
-          <strong>Grouped</strong>
-          <small>Sections per group</small>
-        </label>
-        <label class="layout-option" class:selected={layoutMode === 'flat'}>
-          <input
-            type="radio"
-            name="layoutMode"
-            value="flat"
-            bind:group={layoutMode}
-            class="sr-only"
-          />
-          <svg class="mockup" viewBox="0 0 100 60" aria-hidden="true">
-            <!-- 4 cols × 3 rows of even tiles -->
-            {#each [4, 16, 28, 40] as x}
-              {#each [6, 22, 38] as y}
-                <rect class="tile" {x} {y} width="9" height="9" rx="1.5" />
-              {/each}
+      <small class="help">Shown next to the site title in the header. Leave blank to hide.</small>
+    </div>
+    <Input label="Footer copyright" bind:value={siteCopyright} placeholder="© 2026 Your Name" />
+  </fieldset>
+
+  <fieldset>
+    <legend>Layout mode</legend>
+    <div class="layout-grid">
+      <label class="layout-option" class:selected={layoutMode === 'grouped'}>
+        <input
+          type="radio"
+          name="layoutMode"
+          value="grouped"
+          bind:group={layoutMode}
+          class="sr-only"
+        />
+        <svg class="mockup" viewBox="0 0 100 60" aria-hidden="true">
+          {#each [9, 31, 53, 75] as fx}
+            <rect class="folder" x={fx} y="14" width="16" height="16" rx="3" />
+            <rect class="dot" x={fx + 2.5} y="16.5" width="5" height="5" rx="1" />
+            <rect class="dot" x={fx + 8.5} y="16.5" width="5" height="5" rx="1" />
+            <rect class="dot" x={fx + 2.5} y="22.5" width="5" height="5" rx="1" />
+            <rect class="dot" x={fx + 8.5} y="22.5" width="5" height="5" rx="1" />
+            <rect class="title" x={fx + 3} y="34" width="10" height="3" rx="1" />
+          {/each}
+        </svg>
+        <strong>Grouped</strong>
+        <small>Sections per group</small>
+      </label>
+      <label class="layout-option" class:selected={layoutMode === 'flat'}>
+        <input
+          type="radio"
+          name="layoutMode"
+          value="flat"
+          bind:group={layoutMode}
+          class="sr-only"
+        />
+        <svg class="mockup" viewBox="0 0 100 60" aria-hidden="true">
+          {#each [4, 16, 28, 40] as x}
+            {#each [6, 22, 38] as y}
+              <rect class="tile" {x} {y} width="9" height="9" rx="1.5" />
             {/each}
-          </svg>
-          <strong>Flat</strong>
-          <small>All items in one grid</small>
-        </label>
-      </div>
-    </fieldset>
-    {#if error}<p class="err">{error}</p>{/if}
-  </div>
-  {#snippet footer()}
-    <Button intent="ghost" onclick={() => (open = false)}>{$t('common.cancel')}</Button>
+          {/each}
+        </svg>
+        <strong>Flat</strong>
+        <small>All items in one grid</small>
+      </label>
+    </div>
+  </fieldset>
+
+  {#if error}<p class="err">{error}</p>{/if}
+
+  <div class="actions">
     <Button intent="primary" onclick={save} loading={saving}>{$t('common.save')}</Button>
-  {/snippet}
-</Dialog>
+  </div>
+</div>
 
 <style lang="scss">
   .form {
     display: flex;
     flex-direction: column;
-    gap: var(--sp-3);
+    gap: var(--sp-4);
   }
   fieldset {
     border: 1px solid rgba(0, 0, 0, 0.14);
@@ -170,14 +184,30 @@
     font-weight: var(--fw-semibold);
     color: var(--c-text);
   }
+  .grp {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-1);
+    font-size: var(--fs-sm);
+  }
+  .lbl {
+    color: var(--c-text-2);
+    font-weight: var(--fw-medium);
+  }
+  .help {
+    font-size: var(--fs-xs);
+    color: var(--c-text-3);
+  }
   .err {
     margin: 0;
     color: var(--c-danger);
     font-size: var(--fs-sm);
   }
+  .actions {
+    display: flex;
+    justify-content: flex-end;
+  }
 
-  /* Layout mode picker — two preview cards instead of small radios.
-   * Each card has a CSS-only mini mockup of the resulting layout. */
   .layout-grid {
     display: grid;
     grid-template-columns: 1fr 1fr;
@@ -199,12 +229,10 @@
     &:hover {
       border-color: var(--c-accent);
     }
-
     &.selected {
       border-color: var(--c-accent);
       background: var(--c-accent-bg);
     }
-
     strong {
       font-size: var(--fs-md);
       color: var(--c-text);
@@ -217,8 +245,6 @@
   :global([data-theme='dark']) .layout-option {
     background: rgba(255, 255, 255, 0.04);
   }
-
-  /* Visually-hidden but reachable to screen readers / form submission */
   .sr-only {
     position: absolute;
     width: 1px;
@@ -230,8 +256,6 @@
     white-space: nowrap;
     border: 0;
   }
-
-  /* Mini SVG mockup of a nav layout. */
   .mockup {
     display: block;
     width: 100%;
diff --git a/web/src/lib/components/Admin/AdminSitesTab.svelte b/web/src/lib/components/Admin/AdminSitesTab.svelte
new file mode 100644
index 0000000..e2ec7c8
--- /dev/null
+++ b/web/src/lib/components/Admin/AdminSitesTab.svelte
@@ -0,0 +1,275 @@
+<script lang="ts">
+  import Button from '$lib/components/ui/Button.svelte';
+  import Input from '$lib/components/ui/Input.svelte';
+  import { navDataStore } from '$lib/stores/navData';
+  import { createSite, patchSite, deleteSite } from '$lib/api/admin';
+  import { ApiError } from '$lib/api/client';
+  import { toast } from '$lib/components/ui/toast';
+  import { t } from '$lib/i18n/store';
+  import type { Site } from '$lib/types/nav';
+
+  const sites = $derived($navDataStore.bundle?.sites ?? []);
+  const linkCountBySite = $derived.by(() => {
+    const map = new Map<string, number>();
+    for (const it of $navDataStore.bundle?.items ?? []) {
+      for (const k of Object.keys(it.links)) {
+        map.set(k, (map.get(k) ?? 0) + 1);
+      }
+    }
+    return map;
+  });
+
+  let editingId = $state<number | null>(null);
+  let editValue = $state('');
+  let editName = $state('');
+  let editDefault = $state(false);
+
+  let creating = $state(false);
+  let newValue = $state('');
+  let newName = $state('');
+  let newDefault = $state(false);
+  let busy = $state(false);
+
+  function startEdit(s: Site) {
+    editingId = s.id;
+    editValue = s.value;
+    editName = s.name;
+    editDefault = s.isDefault;
+  }
+  function cancelEdit() {
+    editingId = null;
+  }
+  async function saveEdit() {
+    if (editingId == null || busy) return;
+    busy = true;
+    try {
+      await patchSite(editingId, {
+        value: editValue.trim(),
+        name: editName.trim(),
+        isDefault: editDefault
+      });
+      await navDataStore.refetch();
+      editingId = null;
+      toast.success($t('common.save') + ' ✓');
+    } catch (e) {
+      toast.error(e instanceof ApiError ? e.message : 'Save failed');
+    } finally {
+      busy = false;
+    }
+  }
+
+  async function remove(s: Site) {
+    if (busy) return;
+    const count = linkCountBySite.get(s.value) ?? 0;
+    if (count > 0) {
+      toast.error(
+        `Site "${s.name}" is referenced by ${count} item link(s). Remove those first.`
+      );
+      return;
+    }
+    if (!confirm(`Delete site "${s.name}"?`)) return;
+    busy = true;
+    try {
+      await deleteSite(s.id);
+      await navDataStore.refetch();
+      toast.success('Deleted ✓');
+    } catch (e) {
+      toast.error(e instanceof ApiError ? e.message : 'Delete failed');
+    } finally {
+      busy = false;
+    }
+  }
+
+  function startCreate() {
+    creating = true;
+    newValue = '';
+    newName = '';
+    newDefault = false;
+  }
+  function cancelCreate() {
+    creating = false;
+  }
+  async function commitCreate() {
+    if (busy) return;
+    if (!newValue.trim() || !newName.trim()) {
+      toast.error('Both value and name are required');
+      return;
+    }
+    busy = true;
+    try {
+      await createSite({
+        value: newValue.trim(),
+        name: newName.trim(),
+        isDefault: newDefault
+      });
+      await navDataStore.refetch();
+      creating = false;
+      toast.success('Created ✓');
+    } catch (e) {
+      toast.error(e instanceof ApiError ? e.message : 'Create failed');
+    } finally {
+      busy = false;
+    }
+  }
+</script>
+
+<div class="tab">
+  <header class="head">
+    <h3>Sites <small>({sites.length})</small></h3>
+    {#if !creating}
+      <Button intent="primary" size="sm" onclick={startCreate}>＋ New site</Button>
+    {/if}
+  </header>
+  <p class="hint">
+    A "site" is a per-item link target (e.g. <code>shanghai</code>, <code>beijing</code>). Each
+    nav item can have one URL per site.
+  </p>
+
+  {#if creating}
+    <div class="row create-row">
+      <Input label="Value (key)" bind:value={newValue} placeholder="shanghai" />
+      <Input label="Display name" bind:value={newName} placeholder="上海" />
+      <label class="def">
+        <input type="checkbox" bind:checked={newDefault} />
+        Default
+      </label>
+      <div class="row-actions">
+        <Button intent="primary" size="sm" onclick={commitCreate} loading={busy}>Create</Button>
+        <Button intent="ghost" size="sm" onclick={cancelCreate}>Cancel</Button>
+      </div>
+    </div>
+  {/if}
+
+  <ul class="list">
+    {#each sites as s (s.id)}
+      <li class="row">
+        {#if editingId === s.id}
+          <Input label="Value" bind:value={editValue} />
+          <Input label="Name" bind:value={editName} />
+          <label class="def">
+            <input type="checkbox" bind:checked={editDefault} />
+            Default
+          </label>
+          <div class="row-actions">
+            <Button intent="primary" size="sm" onclick={saveEdit} loading={busy}>Save</Button>
+            <Button intent="ghost" size="sm" onclick={cancelEdit}>Cancel</Button>
+          </div>
+        {:else}
+          <div class="info">
+            <strong>{s.name}</strong>
+            <span class="slug">{s.value}</span>
+            {#if s.isDefault}<span class="badge">default</span>{/if}
+            <span class="count">{linkCountBySite.get(s.value) ?? 0} link(s)</span>
+          </div>
+          <div class="row-actions">
+            <Button intent="ghost" size="sm" onclick={() => startEdit(s)}>Edit</Button>
+            <Button intent="ghost" size="sm" onclick={() => remove(s)}>Delete</Button>
+          </div>
+        {/if}
+      </li>
+    {/each}
+    {#if sites.length === 0}
+      <li class="empty">No sites yet. Create one to start adding per-site links.</li>
+    {/if}
+  </ul>
+</div>
+
+<style lang="scss">
+  .tab {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-3);
+  }
+  .head {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    h3 {
+      margin: 0;
+      font-size: var(--fs-lg);
+      small {
+        color: var(--c-text-3);
+        font-weight: var(--fw-regular);
+      }
+    }
+  }
+  .hint {
+    margin: 0;
+    font-size: var(--fs-sm);
+    color: var(--c-text-3);
+    code {
+      font-family: var(--ft-mono);
+      color: var(--c-text-2);
+    }
+  }
+  .list {
+    list-style: none;
+    margin: 0;
+    padding: 0;
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-2);
+  }
+  .row {
+    display: grid;
+    grid-template-columns: 1fr auto;
+    align-items: center;
+    gap: var(--sp-3);
+    padding: var(--sp-3);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-md);
+    background: rgba(255, 255, 255, 0.45);
+  }
+  :global([data-theme='dark']) .row {
+    background: rgba(255, 255, 255, 0.04);
+  }
+  .create-row {
+    grid-template-columns: 1fr 1fr auto auto;
+  }
+  .row .info {
+    display: flex;
+    align-items: baseline;
+    gap: var(--sp-3);
+    flex-wrap: wrap;
+    strong {
+      font-size: var(--fs-md);
+    }
+    .slug {
+      font-family: var(--ft-mono);
+      font-size: var(--fs-sm);
+      color: var(--c-text-3);
+    }
+    .count {
+      font-size: var(--fs-xs);
+      color: var(--c-text-3);
+    }
+    .badge {
+      font-size: var(--fs-xs);
+      padding: 1px 6px;
+      border-radius: 999px;
+      background: var(--c-accent-bg);
+      color: var(--c-accent);
+      font-weight: var(--fw-medium);
+    }
+  }
+  .row-actions {
+    display: flex;
+    gap: var(--sp-2);
+    align-items: end;
+  }
+  .def {
+    display: inline-flex;
+    align-items: center;
+    gap: var(--sp-2);
+    font-size: var(--fs-sm);
+    color: var(--c-text-2);
+    align-self: end;
+    padding-bottom: var(--sp-2);
+  }
+  .empty {
+    padding: var(--sp-4);
+    text-align: center;
+    color: var(--c-text-3);
+    font-size: var(--fs-sm);
+  }
+</style>
diff --git a/web/src/lib/components/Admin/AdminTagsTab.svelte b/web/src/lib/components/Admin/AdminTagsTab.svelte
new file mode 100644
index 0000000..31060ce
--- /dev/null
+++ b/web/src/lib/components/Admin/AdminTagsTab.svelte
@@ -0,0 +1,232 @@
+<script lang="ts">
+  import Button from '$lib/components/ui/Button.svelte';
+  import Input from '$lib/components/ui/Input.svelte';
+  import { navDataStore } from '$lib/stores/navData';
+  import { createTag, patchTag, deleteTag } from '$lib/api/admin';
+  import { ApiError } from '$lib/api/client';
+  import { toast } from '$lib/components/ui/toast';
+  import { t } from '$lib/i18n/store';
+  import type { Tag } from '$lib/types/nav';
+
+  const tags = $derived($navDataStore.bundle?.tags ?? []);
+  const itemCountByTag = $derived.by(() => {
+    const map = new Map<string, number>();
+    for (const it of $navDataStore.bundle?.items ?? []) {
+      for (const slug of it.tagSlugs) {
+        map.set(slug, (map.get(slug) ?? 0) + 1);
+      }
+    }
+    return map;
+  });
+
+  let editingId = $state<number | null>(null);
+  let editSlug = $state('');
+  let editName = $state('');
+
+  let creating = $state(false);
+  let newSlug = $state('');
+  let newName = $state('');
+  let busy = $state(false);
+
+  function startEdit(t: Tag) {
+    editingId = t.id;
+    editSlug = t.slug;
+    editName = t.name;
+  }
+  function cancelEdit() {
+    editingId = null;
+  }
+  async function saveEdit() {
+    if (editingId == null || busy) return;
+    busy = true;
+    try {
+      await patchTag(editingId, { slug: editSlug.trim(), name: editName.trim() });
+      await navDataStore.refetch();
+      editingId = null;
+      toast.success($t('common.save') + ' ✓');
+    } catch (e) {
+      toast.error(e instanceof ApiError ? e.message : 'Save failed');
+    } finally {
+      busy = false;
+    }
+  }
+
+  async function remove(tag: Tag) {
+    if (busy) return;
+    const count = itemCountByTag.get(tag.slug) ?? 0;
+    const msg =
+      count > 0
+        ? `Tag "${tag.name}" is used by ${count} item(s). Delete it (links will be removed)?`
+        : `Delete tag "${tag.name}"?`;
+    if (!confirm(msg)) return;
+    busy = true;
+    try {
+      await deleteTag(tag.id);
+      await navDataStore.refetch();
+      toast.success('Deleted ✓');
+    } catch (e) {
+      toast.error(e instanceof ApiError ? e.message : 'Delete failed');
+    } finally {
+      busy = false;
+    }
+  }
+
+  function startCreate() {
+    creating = true;
+    newSlug = '';
+    newName = '';
+  }
+  function cancelCreate() {
+    creating = false;
+  }
+  async function commitCreate() {
+    if (busy) return;
+    if (!newSlug.trim() || !newName.trim()) {
+      toast.error('Both slug and name are required');
+      return;
+    }
+    busy = true;
+    try {
+      await createTag({ slug: newSlug.trim(), name: newName.trim() });
+      await navDataStore.refetch();
+      creating = false;
+      toast.success('Created ✓');
+    } catch (e) {
+      toast.error(e instanceof ApiError ? e.message : 'Create failed');
+    } finally {
+      busy = false;
+    }
+  }
+</script>
+
+<div class="tab">
+  <header class="head">
+    <h3>Tags <small>({tags.length})</small></h3>
+    {#if !creating}
+      <Button intent="primary" size="sm" onclick={startCreate}>＋ New tag</Button>
+    {/if}
+  </header>
+  <p class="hint">
+    Tags are free-form labels you can attach to items via the comma-separated input on the item
+    editor. New slugs typed there are auto-created with their name set to the slug — you can
+    rename them here later.
+  </p>
+
+  {#if creating}
+    <div class="row create-row">
+      <Input label="Slug" bind:value={newSlug} placeholder="fav" />
+      <Input label="Name" bind:value={newName} placeholder="Favorite" />
+      <div class="row-actions">
+        <Button intent="primary" size="sm" onclick={commitCreate} loading={busy}>Create</Button>
+        <Button intent="ghost" size="sm" onclick={cancelCreate}>Cancel</Button>
+      </div>
+    </div>
+  {/if}
+
+  <ul class="list">
+    {#each tags as tag (tag.id)}
+      <li class="row">
+        {#if editingId === tag.id}
+          <Input label="Slug" bind:value={editSlug} />
+          <Input label="Name" bind:value={editName} />
+          <div class="row-actions">
+            <Button intent="primary" size="sm" onclick={saveEdit} loading={busy}>Save</Button>
+            <Button intent="ghost" size="sm" onclick={cancelEdit}>Cancel</Button>
+          </div>
+        {:else}
+          <div class="info">
+            <strong>{tag.name}</strong>
+            <span class="slug">{tag.slug}</span>
+            <span class="count">{itemCountByTag.get(tag.slug) ?? 0} item(s)</span>
+          </div>
+          <div class="row-actions">
+            <Button intent="ghost" size="sm" onclick={() => startEdit(tag)}>Edit</Button>
+            <Button intent="ghost" size="sm" onclick={() => remove(tag)}>Delete</Button>
+          </div>
+        {/if}
+      </li>
+    {/each}
+    {#if tags.length === 0}
+      <li class="empty">No tags yet.</li>
+    {/if}
+  </ul>
+</div>
+
+<style lang="scss">
+  .tab {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-3);
+  }
+  .head {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    h3 {
+      margin: 0;
+      font-size: var(--fs-lg);
+      small {
+        color: var(--c-text-3);
+        font-weight: var(--fw-regular);
+      }
+    }
+  }
+  .hint {
+    margin: 0;
+    font-size: var(--fs-sm);
+    color: var(--c-text-3);
+  }
+  .list {
+    list-style: none;
+    margin: 0;
+    padding: 0;
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-2);
+  }
+  .row {
+    display: grid;
+    grid-template-columns: 1fr auto;
+    align-items: center;
+    gap: var(--sp-3);
+    padding: var(--sp-3);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-md);
+    background: rgba(255, 255, 255, 0.45);
+  }
+  :global([data-theme='dark']) .row {
+    background: rgba(255, 255, 255, 0.04);
+  }
+  .create-row {
+    grid-template-columns: 1fr 1fr auto;
+  }
+  .row .info {
+    display: flex;
+    align-items: baseline;
+    gap: var(--sp-3);
+    flex-wrap: wrap;
+    strong {
+      font-size: var(--fs-md);
+    }
+    .slug {
+      font-family: var(--ft-mono);
+      font-size: var(--fs-sm);
+      color: var(--c-text-3);
+    }
+    .count {
+      font-size: var(--fs-xs);
+      color: var(--c-text-3);
+    }
+  }
+  .row-actions {
+    display: flex;
+    gap: var(--sp-2);
+    align-items: end;
+  }
+  .empty {
+    padding: var(--sp-4);
+    text-align: center;
+    color: var(--c-text-3);
+    font-size: var(--fs-sm);
+  }
+</style>
diff --git a/web/src/lib/components/Editor/IconSourcePicker.svelte b/web/src/lib/components/Editor/IconSourcePicker.svelte
new file mode 100644
index 0000000..49281ab
--- /dev/null
+++ b/web/src/lib/components/Editor/IconSourcePicker.svelte
@@ -0,0 +1,260 @@
+<script lang="ts">
+  import { onMount } from 'svelte';
+  import Input from '$lib/components/ui/Input.svelte';
+  import { uploadIcon } from '$lib/api/icons';
+  import { ApiError } from '$lib/api/client';
+  import type { IconKind } from '$lib/types/nav';
+
+  interface Props {
+    kind: IconKind;
+    value: string;
+    /** Which kinds the caller exposes. Defaults to all three. */
+    allowedKinds?: IconKind[];
+    /** Show the "Upload local file" button under the URL mode. Default true. */
+    showUpload?: boolean;
+  }
+
+  let {
+    kind = $bindable('asset'),
+    value = $bindable(''),
+    allowedKinds = ['asset', 'url', 'auto-favicon'],
+    showUpload = true
+  }: Props = $props();
+
+  /** List of bundled asset filenames; loaded lazily on first mount. */
+  let assetIcons = $state<string[]>([]);
+  let assetIconsLoaded = false;
+  async function loadAssetIcons() {
+    if (assetIconsLoaded || !allowedKinds.includes('asset')) return;
+    assetIconsLoaded = true;
+    try {
+      const res = await fetch('/navIcons-manifest.json');
+      if (res.ok) assetIcons = (await res.json()) as string[];
+    } catch {
+      /* manifest may be missing in some build flavors; picker just shows empty */
+    }
+  }
+  onMount(loadAssetIcons);
+
+  let uploading = $state(false);
+  let uploadError = $state<string | null>(null);
+  let fileInput: HTMLInputElement | null = $state(null);
+
+  async function onFilePicked(e: Event) {
+    const target = e.currentTarget as HTMLInputElement;
+    const file = target.files?.[0];
+    target.value = '';
+    if (!file) return;
+    uploadError = null;
+    uploading = true;
+    try {
+      const { path } = await uploadIcon(file);
+      kind = 'url';
+      value = path;
+    } catch (err) {
+      uploadError = err instanceof ApiError ? err.message : 'Upload failed';
+    } finally {
+      uploading = false;
+    }
+  }
+</script>
+
+{#if allowedKinds.length > 1}
+  <label class="grp">
+    <span class="lbl">Icon source</span>
+    <select bind:value={kind}>
+      {#if allowedKinds.includes('asset')}
+        <option value="asset">Pick a bundled icon</option>
+      {/if}
+      {#if allowedKinds.includes('url')}
+        <option value="url">Custom image URL{showUpload ? ' or upload' : ''}</option>
+      {/if}
+      {#if allowedKinds.includes('auto-favicon')}
+        <option value="auto-favicon">Auto from website (host)</option>
+      {/if}
+    </select>
+  </label>
+{/if}
+
+{#if kind === 'asset'}
+  <div class="grp">
+    <span class="lbl">
+      Bundled icons {#if assetIcons.length}({assetIcons.length}){/if}
+    </span>
+    <div class="icon-picker">
+      {#each assetIcons as f (f)}
+        <button
+          type="button"
+          class="icon-cell"
+          class:selected={value === f}
+          title={f}
+          onclick={() => (value = f)}
+        >
+          <img src="/navIcons/{f}" alt={f} loading="lazy" />
+        </button>
+      {/each}
+    </div>
+    {#if value}
+      <span class="picked">Selected: <code>{value}</code></span>
+    {/if}
+  </div>
+{:else if kind === 'url'}
+  <Input
+    label="Image URL or path"
+    bind:value
+    placeholder="/icons/foo.png or https://example.com/logo.png"
+  />
+  {#if showUpload}
+    <div class="upload">
+      <input
+        type="file"
+        accept="image/png,image/jpeg,image/webp,image/svg+xml,image/gif"
+        class="file-input"
+        bind:this={fileInput}
+        onchange={onFilePicked}
+      />
+      <button
+        type="button"
+        class="upload-btn"
+        onclick={() => fileInput?.click()}
+        disabled={uploading}
+      >
+        {#if uploading}Uploading…{:else}＋ Upload local file{/if}
+      </button>
+      {#if uploadError}<span class="err">{uploadError}</span>{/if}
+    </div>
+  {/if}
+  {#if value}
+    <div class="preview" aria-hidden="true">
+      <img
+        src={value}
+        alt=""
+        onerror={(e) => ((e.currentTarget as HTMLImageElement).style.opacity = '0')}
+      />
+    </div>
+  {/if}
+{:else if kind === 'auto-favicon'}
+  <Input label="Website host (e.g. example.com)" bind:value placeholder="example.com" />
+{/if}
+
+<style lang="scss">
+  .grp {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-1);
+    font-size: var(--fs-sm);
+  }
+  .lbl {
+    color: var(--c-text-2);
+    font-weight: var(--fw-medium);
+  }
+  select {
+    background: var(--c-surface);
+    color: var(--c-text);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-md);
+    padding: var(--sp-2) var(--sp-3);
+    font-family: inherit;
+    font-size: var(--fs-md);
+    &:focus {
+      border-color: var(--c-accent);
+      outline: none;
+      box-shadow: 0 0 0 3px var(--c-accent-bg);
+    }
+  }
+  .icon-picker {
+    display: grid;
+    grid-template-columns: repeat(auto-fill, 56px);
+    gap: var(--sp-2);
+    max-height: 220px;
+    overflow-y: auto;
+    padding: var(--sp-2);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-md);
+    background: rgba(255, 255, 255, 0.4);
+  }
+  :global([data-theme='dark']) .icon-picker {
+    background: rgba(255, 255, 255, 0.04);
+  }
+  .icon-cell {
+    width: 56px;
+    height: 56px;
+    padding: 6px;
+    border: 2px solid transparent;
+    background: rgba(255, 255, 255, 0.65);
+    border-radius: var(--rd-md);
+    cursor: pointer;
+    transition:
+      border-color var(--tr-fast),
+      transform var(--tr-fast);
+    img {
+      width: 100%;
+      height: 100%;
+      object-fit: contain;
+    }
+    &:hover {
+      transform: translateY(-1px);
+      border-color: var(--c-accent);
+    }
+    &.selected {
+      border-color: var(--c-accent);
+      background: var(--c-accent-bg);
+    }
+  }
+  .picked {
+    font-size: var(--fs-xs);
+    color: var(--c-text-3);
+    code {
+      font-family: var(--ft-mono);
+      color: var(--c-text-2);
+    }
+  }
+  .upload {
+    display: flex;
+    align-items: center;
+    gap: var(--sp-2);
+  }
+  .file-input {
+    display: none;
+  }
+  .upload-btn {
+    align-self: flex-start;
+    padding: var(--sp-2) var(--sp-3);
+    background: transparent;
+    color: var(--c-accent);
+    border: 1px dashed var(--c-accent);
+    border-radius: var(--rd-md);
+    font-size: var(--fs-sm);
+    font-weight: var(--fw-medium);
+    cursor: pointer;
+    transition: background var(--tr-fast);
+    &:hover:not(:disabled) {
+      background: var(--c-accent-bg);
+    }
+    &:disabled {
+      color: var(--c-text-3);
+      border-color: var(--c-border);
+      cursor: not-allowed;
+    }
+  }
+  .err {
+    color: var(--c-danger);
+    font-size: var(--fs-xs);
+  }
+  .preview {
+    width: 64px;
+    height: 64px;
+    padding: 6px;
+    background: rgba(255, 255, 255, 0.5);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-md);
+    img {
+      width: 100%;
+      height: 100%;
+      object-fit: contain;
+    }
+  }
+  :global([data-theme='dark']) .preview {
+    background: rgba(255, 255, 255, 0.06);
+  }
+</style>
diff --git a/web/src/lib/components/Editor/ItemEditDialog.svelte b/web/src/lib/components/Editor/ItemEditDialog.svelte
index 698d16c..a3211e6 100644
--- a/web/src/lib/components/Editor/ItemEditDialog.svelte
+++ b/web/src/lib/components/Editor/ItemEditDialog.svelte
@@ -1,8 +1,8 @@
 <script lang="ts">
-  import { onMount } from 'svelte';
   import Dialog from '$lib/components/ui/Dialog.svelte';
   import Input from '$lib/components/ui/Input.svelte';
   import Button from '$lib/components/ui/Button.svelte';
+  import IconSourcePicker from './IconSourcePicker.svelte';
   import { t } from '$lib/i18n/store';
   import { navDataStore } from '$lib/stores/navData';
   import { createItem, patchItem, type ItemPayload } from '$lib/api/nav';
@@ -10,22 +10,6 @@
   import { ApiError } from '$lib/api/client';
   import type { Item } from '$lib/types/nav';
 
-  /** List of bundled asset filenames, fetched lazily on first open.
-   * Generated at build/dev time by vite plugin in vite.config.ts. */
-  let assetIcons = $state<string[]>([]);
-  let assetIconsLoaded = false;
-  async function loadAssetIcons() {
-    if (assetIconsLoaded) return;
-    assetIconsLoaded = true;
-    try {
-      const res = await fetch('/navIcons-manifest.json');
-      if (res.ok) assetIcons = (await res.json()) as string[];
-    } catch {
-      /* manifest may be missing in some build flavors; picker just shows empty */
-    }
-  }
-  onMount(loadAssetIcons);
-
   interface Props {
     open: boolean;
     /** When set, dialog is in edit mode for this item; null = create. */
@@ -152,43 +136,8 @@
         {/each}
       </select>
     </label>
-    <label class="grp">
-      <span class="lbl">Icon source</span>
-      <select bind:value={iconKind}>
-        <option value="asset">Pick a bundled icon</option>
-        <option value="url">Custom image URL</option>
-        <option value="auto-favicon">Auto from website (host)</option>
-      </select>
-    </label>
-    {#if iconKind === 'asset'}
-      <div class="grp">
-        <span class="lbl">
-          Bundled icons {#if assetIcons.length}({assetIcons.length}){/if}
-        </span>
-        <div class="icon-picker">
-          {#each assetIcons as f (f)}
-            <button
-              type="button"
-              class="icon-cell"
-              class:selected={iconValue === f}
-              title={f}
-              onclick={() => (iconValue = f)}
-            >
-              <img src="/navIcons/{f}" alt={f} loading="lazy" />
-            </button>
-          {/each}
-        </div>
-        {#if iconValue}
-          <span class="picked">Selected: <code>{iconValue}</code></span>
-        {/if}
-      </div>
-    {:else}
-      <Input
-        label={iconKind === 'url' ? 'Image URL' : 'Website host (e.g. example.com)'}
-        bind:value={iconValue}
-        placeholder={iconKind === 'url' ? 'https://example.com/logo.png' : 'example.com'}
-      />
-    {/if}
+    <IconSourcePicker bind:kind={iconKind} bind:value={iconValue} />
+
     <div class="grp">
       <span class="lbl">Links per site</span>
       <div class="links">
@@ -270,58 +219,6 @@
     font-size: var(--fs-sm);
   }
 
-  /* Bundled-icon grid: small clickable thumbnails. */
-  .icon-picker {
-    display: grid;
-    grid-template-columns: repeat(auto-fill, 56px);
-    gap: var(--sp-2);
-    max-height: 220px;
-    overflow-y: auto;
-    padding: var(--sp-2);
-    border: 1px solid var(--c-border);
-    border-radius: var(--rd-md);
-    background: rgba(255, 255, 255, 0.4);
-  }
-  :global([data-theme='dark']) .icon-picker {
-    background: rgba(255, 255, 255, 0.04);
-  }
-  .icon-cell {
-    width: 56px;
-    height: 56px;
-    padding: 6px;
-    border: 2px solid transparent;
-    background: rgba(255, 255, 255, 0.65);
-    border-radius: var(--rd-md);
-    cursor: pointer;
-    transition:
-      border-color var(--tr-fast),
-      transform var(--tr-fast);
-
-    img {
-      width: 100%;
-      height: 100%;
-      object-fit: contain;
-    }
-
-    &:hover {
-      transform: translateY(-1px);
-      border-color: var(--c-accent);
-    }
-    &.selected {
-      border-color: var(--c-accent);
-      background: var(--c-accent-bg);
-    }
-  }
-  .picked {
-    font-size: var(--fs-xs);
-    color: var(--c-text-3);
-
-    code {
-      font-family: var(--ft-mono);
-      color: var(--c-text-2);
-    }
-  }
-
   /* Per-site link rows: site picker | url input | remove */
   .links {
     display: flex;
diff --git a/web/src/lib/components/Header/AuthControls.svelte b/web/src/lib/components/Header/AuthControls.svelte
index 052ad8f..3045c9a 100644
--- a/web/src/lib/components/Header/AuthControls.svelte
+++ b/web/src/lib/components/Header/AuthControls.svelte
@@ -3,14 +3,13 @@
   import IconButton from '$lib/components/ui/IconButton.svelte';
   import LoginDialog from '$lib/components/Editor/LoginDialog.svelte';
   import ChangePasswordDialog from '$lib/components/Editor/ChangePasswordDialog.svelte';
-  import SettingsDialog from '$lib/components/Editor/SettingsDialog.svelte';
   import EditToggle from './EditToggle.svelte';
+  import { goto } from '$app/navigation';
   import { sessionStore } from '$lib/stores/session';
   import { t } from '$lib/i18n/store';
 
   let loginOpen = $state(false);
   let pwOpen = $state(false);
-  let settingsOpen = $state(false);
 
   async function onLogout() {
     await sessionStore.logout();
@@ -19,7 +18,7 @@
 
 {#if $sessionStore.authed}
   <EditToggle />
-  <IconButton label="Settings" onclick={() => (settingsOpen = true)}>
+  <IconButton label="Admin" onclick={() => goto('/admin')}>
     <svg
       width="18"
       height="18"
@@ -62,4 +61,3 @@
 
 <LoginDialog bind:open={loginOpen} />
 <ChangePasswordDialog bind:open={pwOpen} />
-<SettingsDialog bind:open={settingsOpen} />
diff --git a/web/src/routes/admin/+page.svelte b/web/src/routes/admin/+page.svelte
new file mode 100644
index 0000000..483b2f7
--- /dev/null
+++ b/web/src/routes/admin/+page.svelte
@@ -0,0 +1,155 @@
+<script lang="ts">
+  import { goto } from '$app/navigation';
+  import { sessionStore } from '$lib/stores/session';
+  import { navDataStore } from '$lib/stores/navData';
+  import AdminSiteTab from '$lib/components/Admin/AdminSiteTab.svelte';
+  import AdminGroupsTab from '$lib/components/Admin/AdminGroupsTab.svelte';
+  import AdminSitesTab from '$lib/components/Admin/AdminSitesTab.svelte';
+  import AdminTagsTab from '$lib/components/Admin/AdminTagsTab.svelte';
+
+  type TabId = 'site' | 'groups' | 'sites' | 'tags';
+  const TABS: { id: TabId; label: string }[] = [
+    { id: 'site', label: 'Site' },
+    { id: 'groups', label: 'Groups' },
+    { id: 'sites', label: 'Sites' },
+    { id: 'tags', label: 'Tags' }
+  ];
+
+  let active = $state<TabId>('site');
+
+  /** Redirect home if the user is not authed (not loading). */
+  $effect(() => {
+    if (!$sessionStore.loading && !$sessionStore.authed) {
+      goto('/', { replaceState: true });
+    }
+  });
+
+  /** Make sure we have nav data loaded for tabs that depend on it. */
+  $effect(() => {
+    if ($sessionStore.authed && !$navDataStore.bundle && !$navDataStore.loading) {
+      navDataStore.load();
+    }
+  });
+</script>
+
+<svelte:head>
+  <title>Admin · Settings</title>
+</svelte:head>
+
+{#if $sessionStore.authed}
+  <div class="page">
+    <header class="page-head">
+      <h1>Admin</h1>
+      <a href="/" class="back">← Back to site</a>
+    </header>
+
+    <div class="layout">
+      <nav class="tabs" aria-label="Admin sections">
+        {#each TABS as tab (tab.id)}
+          <button
+            type="button"
+            class="tab-btn"
+            class:active={active === tab.id}
+            onclick={() => (active = tab.id)}
+            aria-current={active === tab.id ? 'page' : undefined}
+          >
+            {tab.label}
+          </button>
+        {/each}
+      </nav>
+
+      <section class="content">
+        {#if active === 'site'}
+          <AdminSiteTab />
+        {:else if active === 'groups'}
+          <AdminGroupsTab />
+        {:else if active === 'sites'}
+          <AdminSitesTab />
+        {:else if active === 'tags'}
+          <AdminTagsTab />
+        {/if}
+      </section>
+    </div>
+  </div>
+{:else}
+  <div class="placeholder">Redirecting…</div>
+{/if}
+
+<style lang="scss">
+  .page {
+    max-width: 960px;
+    margin: 0 auto;
+    padding: var(--sp-6) var(--sp-5);
+  }
+  .page-head {
+    display: flex;
+    align-items: baseline;
+    justify-content: space-between;
+    margin-bottom: var(--sp-5);
+    h1 {
+      margin: 0;
+      font-size: var(--fs-xl);
+    }
+    .back {
+      font-size: var(--fs-sm);
+      color: var(--c-accent);
+      text-decoration: none;
+      &:hover {
+        text-decoration: underline;
+      }
+    }
+  }
+  .layout {
+    display: grid;
+    grid-template-columns: 180px 1fr;
+    gap: var(--sp-5);
+    align-items: start;
+  }
+  .tabs {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-1);
+    position: sticky;
+    top: var(--sp-4);
+  }
+  .tab-btn {
+    text-align: left;
+    padding: var(--sp-2) var(--sp-3);
+    background: transparent;
+    border: 0;
+    border-radius: var(--rd-md);
+    color: var(--c-text-2);
+    font: inherit;
+    font-weight: var(--fw-medium);
+    cursor: pointer;
+    transition:
+      background var(--tr-fast),
+      color var(--tr-fast);
+    &:hover {
+      background: rgba(255, 255, 255, 0.12);
+    }
+    &.active {
+      background: var(--c-accent-bg);
+      color: var(--c-accent);
+    }
+  }
+  .content {
+    min-width: 0;
+  }
+  .placeholder {
+    padding: var(--sp-7);
+    text-align: center;
+    color: var(--c-text-3);
+  }
+
+  @media (max-width: 640px) {
+    .layout {
+      grid-template-columns: 1fr;
+    }
+    .tabs {
+      flex-direction: row;
+      overflow-x: auto;
+      position: static;
+    }
+  }
+</style>

From ddc33da9c0ce4ad3c877fd75447784db6f78615a Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Thu, 21 May 2026 20:30:09 +0800
Subject: [PATCH 17/77] feat: remove the tag system entirely
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The free-form tag chips were never made part of the final UX (the
header chip filter never shipped past dev), and the tags / item_tags
tables, the /api/tags endpoints, and the Tag admin tab were all dead
weight. Wipe them.

Backend
- Drop /api/tags route. Drop NavRepo::{list,create,patch,delete}_tag,
  Tag DTO, Item.tag_slugs, NavBundle.tags, ItemPayload.tag_slugs,
  ItemPatch.tag_slugs.
- create_item / patch_item no longer touch item_tags or upsert tag
  rows; the body schema is correspondingly slimmer.
- New 0002_drop_tags.sql migration drops item_tags and tags. Existing
  databases lose any orphan tag rows on next boot — by design, since
  no UI references them anymore.
- Bootstrap loader: drop BootstrapTag, drop the seeding step, drop
  per-item tagSlugs. bootstrap.json + scripts/bootstrap-source.ts
  cleaned up to match.
- Tests: drop tag_lifecycle, drop create_item_auto_creates_unknown_
  tag_slugs / patch_item_auto_creates_unknown_tag_slugs (those were
  added solely for the bug we just deleted), strip tag_slugs from
  remaining item fixtures.

Frontend
- Drop AdminTagsTab and the Tags admin route entry.
- Drop TagFilterChips, allTagSlugs, activeTagSlugs, toggleTag.
  hasActiveFilter is now searchQuery-only; clearFilters likewise.
- Drop Tag from types/nav.ts (TagSchema, NavBundle.tags,
  Item.tagSlugs). Drop createTag/patchTag/deleteTag from api/admin.ts.
- ItemEditDialog: drop the "Tag slugs (comma-separated)" input and
  the corresponding payload field.
- Tests updated; predictably failing navData.test fixture finally
  green now that the schema is unambiguous.
---
 scripts/bootstrap-source.ts                   |   3 -
 ...7db2ab007dca57ef0edaa604172a8206dd975.json |  12 -
 ...1cf41de8a71bb7fe0a75a3e8d504196f82628.json |  12 -
 ...baa02d6d653c00e94dd7c26cafd6d73eb2c46.json |  12 -
 ...65afc97105d54a00897d9e5661877c7c9e207.json |  12 -
 ...e522c15589cdde0a5c9711bdfb8efd7b79915.json |  12 -
 ...f2747f2d87a96e042abc979dcea23acefff2c.json |  12 -
 ...6a45f3835d7265618cca762389a5811a7f254.json |  12 -
 ...a880a6cf46dba14d98b0a54f0c672600f5db6.json |  26 --
 ...8c8441f11778e4ac5ef328d51fb76f63e464b.json |  38 ---
 ...8351f81a5678389dc8fc1343e5c2fc207f74b.json |  12 -
 ...e7158cbf5737bf8f20c06eadaca32fd356344.json |  12 -
 server/bootstrap.json                         |  37 ++-
 server/migrations/0002_drop_tags.sql          |   5 +
 server/src/dto.rs                             |  35 ---
 server/src/repo/nav.rs                        |   8 +-
 server/src/repo/sqlx_impl.rs                  | 130 +---------
 server/src/routes/mod.rs                      |   2 -
 server/src/routes/tags.rs                     |  41 ----
 server/src/services/bundle.rs                 |   3 +-
 server/src/services/migration.rs              |  23 +-
 ...oups_sites_tags.rs => api_groups_sites.rs} |  22 --
 server/tests/api_items.rs                     |   3 +-
 server/tests/repo_items.rs                    | 104 +-------
 server/tests/repo_sites.rs                    |   1 -
 server/tests/seed.rs                          |   2 +-
 web/src/lib/api/admin.ts                      |  33 +--
 web/src/lib/api/nav.ts                        |   1 -
 .../lib/components/Admin/AdminTagsTab.svelte  | 232 ------------------
 .../components/Editor/ItemEditDialog.svelte   |  10 +-
 .../components/Header/TagFilterChips.svelte   |  18 --
 web/src/lib/components/Header/index.svelte    |   2 -
 web/src/lib/stores/navData.test.ts            |   7 +-
 web/src/lib/stores/visible.test.ts            |  13 +-
 web/src/lib/stores/visible.ts                 |  35 +--
 web/src/lib/types/nav.ts                      |  12 +-
 web/src/routes/admin/+page.svelte             |   8 +-
 37 files changed, 52 insertions(+), 910 deletions(-)
 delete mode 100644 server/.sqlx/query-018c014e9b876efe39ee03b4dac7db2ab007dca57ef0edaa604172a8206dd975.json
 delete mode 100644 server/.sqlx/query-5309baf627ca79102c18538856a1cf41de8a71bb7fe0a75a3e8d504196f82628.json
 delete mode 100644 server/.sqlx/query-5a0667baad5f3321fb5a5f0cd24baa02d6d653c00e94dd7c26cafd6d73eb2c46.json
 delete mode 100644 server/.sqlx/query-67fd65bbefe830b9c7554a091f665afc97105d54a00897d9e5661877c7c9e207.json
 delete mode 100644 server/.sqlx/query-6da968dd1c08041c5bc91d4d807e522c15589cdde0a5c9711bdfb8efd7b79915.json
 delete mode 100644 server/.sqlx/query-d69cd4da9c0ed4e3528c1ee2494f2747f2d87a96e042abc979dcea23acefff2c.json
 delete mode 100644 server/.sqlx/query-d92d9ce82fe2a58d01b99a324bc6a45f3835d7265618cca762389a5811a7f254.json
 delete mode 100644 server/.sqlx/query-ddf98d9fc5694bca2b491fbcc7da880a6cf46dba14d98b0a54f0c672600f5db6.json
 delete mode 100644 server/.sqlx/query-df27ff82e851bb95aef3e576ab68c8441f11778e4ac5ef328d51fb76f63e464b.json
 delete mode 100644 server/.sqlx/query-dfc31268416854e485b22a4706e8351f81a5678389dc8fc1343e5c2fc207f74b.json
 delete mode 100644 server/.sqlx/query-e8a2d24de286cb8df5657c88f39e7158cbf5737bf8f20c06eadaca32fd356344.json
 create mode 100644 server/migrations/0002_drop_tags.sql
 delete mode 100644 server/src/routes/tags.rs
 rename server/tests/{api_groups_sites_tags.rs => api_groups_sites.rs} (78%)
 delete mode 100644 web/src/lib/components/Admin/AdminTagsTab.svelte
 delete mode 100644 web/src/lib/components/Header/TagFilterChips.svelte

diff --git a/scripts/bootstrap-source.ts b/scripts/bootstrap-source.ts
index e1a0d71..23c6380 100644
--- a/scripts/bootstrap-source.ts
+++ b/scripts/bootstrap-source.ts
@@ -8,7 +8,6 @@ export interface BootstrapItem {
   iconKind: 'asset' | 'url' | 'auto-favicon';
   iconValue: string;
   links: Record<string, string>;
-  tagSlugs?: string[];
 }
 
 export interface BootstrapSite {
@@ -38,7 +37,6 @@ export interface BootstrapDoc {
   };
   sites: BootstrapSite[];
   groups: BootstrapGroup[];
-  tags: { slug: string; name: string; name_i18n?: Record<string, string> }[];
   items: BootstrapItem[];
 }
 
@@ -64,7 +62,6 @@ export const BOOTSTRAP: BootstrapDoc = {
     { slug: 'nas', name: 'NAS', name_i18n: { en: 'NAS' }, sort_order: 2 },
     { slug: 'tools', name: '工具', name_i18n: { en: 'Tools' }, sort_order: 3 }
   ],
-  tags: [],
   items: [
     // (omitted here; same as bootstrap.json items section from Task 1)
   ]
diff --git a/server/.sqlx/query-018c014e9b876efe39ee03b4dac7db2ab007dca57ef0edaa604172a8206dd975.json b/server/.sqlx/query-018c014e9b876efe39ee03b4dac7db2ab007dca57ef0edaa604172a8206dd975.json
deleted file mode 100644
index 7910743..0000000
--- a/server/.sqlx/query-018c014e9b876efe39ee03b4dac7db2ab007dca57ef0edaa604172a8206dd975.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  "db_name": "SQLite",
-  "query": "INSERT INTO item_tags (item_id, tag_id)\n                        SELECT ?, tags.id FROM tags WHERE tags.slug = ?",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Right": 2
-    },
-    "nullable": []
-  },
-  "hash": "018c014e9b876efe39ee03b4dac7db2ab007dca57ef0edaa604172a8206dd975"
-}
diff --git a/server/.sqlx/query-5309baf627ca79102c18538856a1cf41de8a71bb7fe0a75a3e8d504196f82628.json b/server/.sqlx/query-5309baf627ca79102c18538856a1cf41de8a71bb7fe0a75a3e8d504196f82628.json
deleted file mode 100644
index bcf15a9..0000000
--- a/server/.sqlx/query-5309baf627ca79102c18538856a1cf41de8a71bb7fe0a75a3e8d504196f82628.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  "db_name": "SQLite",
-  "query": "DELETE FROM tags WHERE id=?",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Right": 1
-    },
-    "nullable": []
-  },
-  "hash": "5309baf627ca79102c18538856a1cf41de8a71bb7fe0a75a3e8d504196f82628"
-}
diff --git a/server/.sqlx/query-5a0667baad5f3321fb5a5f0cd24baa02d6d653c00e94dd7c26cafd6d73eb2c46.json b/server/.sqlx/query-5a0667baad5f3321fb5a5f0cd24baa02d6d653c00e94dd7c26cafd6d73eb2c46.json
deleted file mode 100644
index e2dae30..0000000
--- a/server/.sqlx/query-5a0667baad5f3321fb5a5f0cd24baa02d6d653c00e94dd7c26cafd6d73eb2c46.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  "db_name": "SQLite",
-  "query": "INSERT INTO tags (slug, name, name_i18n) VALUES (?, ?, ?)",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Right": 3
-    },
-    "nullable": []
-  },
-  "hash": "5a0667baad5f3321fb5a5f0cd24baa02d6d653c00e94dd7c26cafd6d73eb2c46"
-}
diff --git a/server/.sqlx/query-67fd65bbefe830b9c7554a091f665afc97105d54a00897d9e5661877c7c9e207.json b/server/.sqlx/query-67fd65bbefe830b9c7554a091f665afc97105d54a00897d9e5661877c7c9e207.json
deleted file mode 100644
index 9bbdaf7..0000000
--- a/server/.sqlx/query-67fd65bbefe830b9c7554a091f665afc97105d54a00897d9e5661877c7c9e207.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  "db_name": "SQLite",
-  "query": "INSERT OR IGNORE INTO tags (slug, name) VALUES (?, ?)",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Right": 2
-    },
-    "nullable": []
-  },
-  "hash": "67fd65bbefe830b9c7554a091f665afc97105d54a00897d9e5661877c7c9e207"
-}
diff --git a/server/.sqlx/query-6da968dd1c08041c5bc91d4d807e522c15589cdde0a5c9711bdfb8efd7b79915.json b/server/.sqlx/query-6da968dd1c08041c5bc91d4d807e522c15589cdde0a5c9711bdfb8efd7b79915.json
deleted file mode 100644
index 3be9abe..0000000
--- a/server/.sqlx/query-6da968dd1c08041c5bc91d4d807e522c15589cdde0a5c9711bdfb8efd7b79915.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  "db_name": "SQLite",
-  "query": "UPDATE tags SET slug=? WHERE id=?",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Right": 2
-    },
-    "nullable": []
-  },
-  "hash": "6da968dd1c08041c5bc91d4d807e522c15589cdde0a5c9711bdfb8efd7b79915"
-}
diff --git a/server/.sqlx/query-d69cd4da9c0ed4e3528c1ee2494f2747f2d87a96e042abc979dcea23acefff2c.json b/server/.sqlx/query-d69cd4da9c0ed4e3528c1ee2494f2747f2d87a96e042abc979dcea23acefff2c.json
deleted file mode 100644
index 3a1ef85..0000000
--- a/server/.sqlx/query-d69cd4da9c0ed4e3528c1ee2494f2747f2d87a96e042abc979dcea23acefff2c.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  "db_name": "SQLite",
-  "query": "UPDATE tags SET name=? WHERE id=?",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Right": 2
-    },
-    "nullable": []
-  },
-  "hash": "d69cd4da9c0ed4e3528c1ee2494f2747f2d87a96e042abc979dcea23acefff2c"
-}
diff --git a/server/.sqlx/query-d92d9ce82fe2a58d01b99a324bc6a45f3835d7265618cca762389a5811a7f254.json b/server/.sqlx/query-d92d9ce82fe2a58d01b99a324bc6a45f3835d7265618cca762389a5811a7f254.json
deleted file mode 100644
index 7a4702e..0000000
--- a/server/.sqlx/query-d92d9ce82fe2a58d01b99a324bc6a45f3835d7265618cca762389a5811a7f254.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  "db_name": "SQLite",
-  "query": "INSERT INTO item_tags (item_id, tag_id)\n                    SELECT ?, tags.id FROM tags WHERE tags.slug = ?",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Right": 2
-    },
-    "nullable": []
-  },
-  "hash": "d92d9ce82fe2a58d01b99a324bc6a45f3835d7265618cca762389a5811a7f254"
-}
diff --git a/server/.sqlx/query-ddf98d9fc5694bca2b491fbcc7da880a6cf46dba14d98b0a54f0c672600f5db6.json b/server/.sqlx/query-ddf98d9fc5694bca2b491fbcc7da880a6cf46dba14d98b0a54f0c672600f5db6.json
deleted file mode 100644
index b150598..0000000
--- a/server/.sqlx/query-ddf98d9fc5694bca2b491fbcc7da880a6cf46dba14d98b0a54f0c672600f5db6.json
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-  "db_name": "SQLite",
-  "query": "SELECT it.item_id as \"item_id!: i64\", t.slug as \"slug!\"\n               FROM item_tags it JOIN tags t ON t.id = it.tag_id",
-  "describe": {
-    "columns": [
-      {
-        "name": "item_id!: i64",
-        "ordinal": 0,
-        "type_info": "Int64"
-      },
-      {
-        "name": "slug!",
-        "ordinal": 1,
-        "type_info": "Text"
-      }
-    ],
-    "parameters": {
-      "Right": 0
-    },
-    "nullable": [
-      false,
-      false
-    ]
-  },
-  "hash": "ddf98d9fc5694bca2b491fbcc7da880a6cf46dba14d98b0a54f0c672600f5db6"
-}
diff --git a/server/.sqlx/query-df27ff82e851bb95aef3e576ab68c8441f11778e4ac5ef328d51fb76f63e464b.json b/server/.sqlx/query-df27ff82e851bb95aef3e576ab68c8441f11778e4ac5ef328d51fb76f63e464b.json
deleted file mode 100644
index 2957267..0000000
--- a/server/.sqlx/query-df27ff82e851bb95aef3e576ab68c8441f11778e4ac5ef328d51fb76f63e464b.json
+++ /dev/null
@@ -1,38 +0,0 @@
-{
-  "db_name": "SQLite",
-  "query": "SELECT id as \"id!: i64\", slug, name,\n                      name_i18n as \"name_i18n: serde_json::Value\"\n               FROM tags ORDER BY id",
-  "describe": {
-    "columns": [
-      {
-        "name": "id!: i64",
-        "ordinal": 0,
-        "type_info": "Int64"
-      },
-      {
-        "name": "slug",
-        "ordinal": 1,
-        "type_info": "Text"
-      },
-      {
-        "name": "name",
-        "ordinal": 2,
-        "type_info": "Text"
-      },
-      {
-        "name": "name_i18n: serde_json::Value",
-        "ordinal": 3,
-        "type_info": "Text"
-      }
-    ],
-    "parameters": {
-      "Right": 0
-    },
-    "nullable": [
-      false,
-      false,
-      false,
-      true
-    ]
-  },
-  "hash": "df27ff82e851bb95aef3e576ab68c8441f11778e4ac5ef328d51fb76f63e464b"
-}
diff --git a/server/.sqlx/query-dfc31268416854e485b22a4706e8351f81a5678389dc8fc1343e5c2fc207f74b.json b/server/.sqlx/query-dfc31268416854e485b22a4706e8351f81a5678389dc8fc1343e5c2fc207f74b.json
deleted file mode 100644
index ea1dc66..0000000
--- a/server/.sqlx/query-dfc31268416854e485b22a4706e8351f81a5678389dc8fc1343e5c2fc207f74b.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  "db_name": "SQLite",
-  "query": "DELETE FROM item_tags WHERE item_id=?",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Right": 1
-    },
-    "nullable": []
-  },
-  "hash": "dfc31268416854e485b22a4706e8351f81a5678389dc8fc1343e5c2fc207f74b"
-}
diff --git a/server/.sqlx/query-e8a2d24de286cb8df5657c88f39e7158cbf5737bf8f20c06eadaca32fd356344.json b/server/.sqlx/query-e8a2d24de286cb8df5657c88f39e7158cbf5737bf8f20c06eadaca32fd356344.json
deleted file mode 100644
index 8ea2b39..0000000
--- a/server/.sqlx/query-e8a2d24de286cb8df5657c88f39e7158cbf5737bf8f20c06eadaca32fd356344.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  "db_name": "SQLite",
-  "query": "UPDATE tags SET name_i18n=? WHERE id=?",
-  "describe": {
-    "columns": [],
-    "parameters": {
-      "Right": 2
-    },
-    "nullable": []
-  },
-  "hash": "e8a2d24de286cb8df5657c88f39e7158cbf5737bf8f20c06eadaca32fd356344"
-}
diff --git a/server/bootstrap.json b/server/bootstrap.json
index 3a2a95b..ed7f912 100644
--- a/server/bootstrap.json
+++ b/server/bootstrap.json
@@ -20,27 +20,26 @@
     { "slug": "nas",     "name": "NAS",  "name_i18n": { "en": "NAS"     }, "sort_order": 2 },
     { "slug": "tools",   "name": "工具", "name_i18n": { "en": "Tools"   }, "sort_order": 3 }
   ],
-  "tags": [],
-  "items": [
-    { "name": "RouterOS",     "groupSlug": "network", "iconKind": "asset", "iconValue": "routerOS.png",         "links": { "shangHai": "http://10.0.0.1",  "beiJing": "http://10.1.0.1" }, "tagSlugs": [] },
-    { "name": "OpenWRT",      "groupSlug": "network", "iconKind": "asset", "iconValue": "openWRT.png",          "links": { "shangHai": "http://10.0.0.2",  "beiJing": "http://10.1.0.2" }, "tagSlugs": [] },
-    { "name": "K2P",          "groupSlug": "network", "iconKind": "asset", "iconValue": "phicomm.png",          "links": { "shangHai": "http://10.0.0.4",  "beiJing": "http://10.1.0.4", "shenZhen": "http://10.2.0.4" }, "tagSlugs": [] },
-    { "name": "qBittorrent",  "groupSlug": "network", "iconKind": "asset", "iconValue": "qBittorrent.png",      "links": { "shangHai": "http://10.0.0.11:8085", "beiJing": "http://10.1.0.11:8085" }, "tagSlugs": [] },
-    { "name": "Jackett",      "groupSlug": "network", "iconKind": "asset", "iconValue": "jackett.png",          "links": { "shangHai": "http://10.0.0.13",  "beiJing": "http://10.1.0.13" }, "tagSlugs": [] },
+    "items": [
+    { "name": "RouterOS",     "groupSlug": "network", "iconKind": "asset", "iconValue": "routerOS.png",         "links": { "shangHai": "http://10.0.0.1",  "beiJing": "http://10.1.0.1" } },
+    { "name": "OpenWRT",      "groupSlug": "network", "iconKind": "asset", "iconValue": "openWRT.png",          "links": { "shangHai": "http://10.0.0.2",  "beiJing": "http://10.1.0.2" } },
+    { "name": "K2P",          "groupSlug": "network", "iconKind": "asset", "iconValue": "phicomm.png",          "links": { "shangHai": "http://10.0.0.4",  "beiJing": "http://10.1.0.4", "shenZhen": "http://10.2.0.4" } },
+    { "name": "qBittorrent",  "groupSlug": "network", "iconKind": "asset", "iconValue": "qBittorrent.png",      "links": { "shangHai": "http://10.0.0.11:8085", "beiJing": "http://10.1.0.11:8085" } },
+    { "name": "Jackett",      "groupSlug": "network", "iconKind": "asset", "iconValue": "jackett.png",          "links": { "shangHai": "http://10.0.0.13",  "beiJing": "http://10.1.0.13" } },
 
-    { "name": "Jellyfin",     "groupSlug": "media",   "iconKind": "asset", "iconValue": "jellyfin.svg",         "links": { "shangHai": "http://10.0.0.12",  "beiJing": "http://10.1.0.12" }, "tagSlugs": [] },
-    { "name": "Surveillance", "groupSlug": "media",   "iconKind": "asset", "iconValue": "surveillanceStation.png","links": { "shangHai": "http://10.0.0.5:9900", "beiJing": "http://10.1.0.5:9900" }, "tagSlugs": [] },
-    { "name": "相册",         "name_i18n": { "en": "Album" }, "groupSlug": "media", "iconKind": "asset", "iconValue": "album.png", "links": { "shangHai": "http://10.0.0.5:5080", "beiJing": "http://10.1.0.5:5080" }, "tagSlugs": [] },
+    { "name": "Jellyfin",     "groupSlug": "media",   "iconKind": "asset", "iconValue": "jellyfin.svg",         "links": { "shangHai": "http://10.0.0.12",  "beiJing": "http://10.1.0.12" } },
+    { "name": "Surveillance", "groupSlug": "media",   "iconKind": "asset", "iconValue": "surveillanceStation.png","links": { "shangHai": "http://10.0.0.5:9900", "beiJing": "http://10.1.0.5:9900" } },
+    { "name": "相册",         "name_i18n": { "en": "Album" }, "groupSlug": "media", "iconKind": "asset", "iconValue": "album.png", "links": { "shangHai": "http://10.0.0.5:5080", "beiJing": "http://10.1.0.5:5080" } },
 
-    { "name": "Synology",     "groupSlug": "nas",     "iconKind": "asset", "iconValue": "synology.png",         "links": { "shangHai": "http://10.0.0.5:5000", "beiJing": "http://10.1.0.5:5000" }, "tagSlugs": [] },
-    { "name": "文件夹",       "name_i18n": { "en": "Files" }, "groupSlug": "nas", "iconKind": "asset", "iconValue": "file.png", "links": { "shangHai": "http://10.0.0.5:7000", "beiJing": "http://10.1.0.5:7000" }, "tagSlugs": [] },
-    { "name": "Nas Tools",    "groupSlug": "nas",     "iconKind": "asset", "iconValue": "nasTools.png",         "links": { "shangHai": "http://10.0.0.14",  "beiJing": "http://10.1.0.14" }, "tagSlugs": [] },
+    { "name": "Synology",     "groupSlug": "nas",     "iconKind": "asset", "iconValue": "synology.png",         "links": { "shangHai": "http://10.0.0.5:5000", "beiJing": "http://10.1.0.5:5000" } },
+    { "name": "文件夹",       "name_i18n": { "en": "Files" }, "groupSlug": "nas", "iconKind": "asset", "iconValue": "file.png", "links": { "shangHai": "http://10.0.0.5:7000", "beiJing": "http://10.1.0.5:7000" } },
+    { "name": "Nas Tools",    "groupSlug": "nas",     "iconKind": "asset", "iconValue": "nasTools.png",         "links": { "shangHai": "http://10.0.0.14",  "beiJing": "http://10.1.0.14" } },
 
-    { "name": "Esxi",          "groupSlug": "tools",  "iconKind": "asset", "iconValue": "esxi.png",             "links": { "shangHai": "http://10.0.0.3",  "beiJing": "http://10.1.0.3", "guangZhou": "http://10.2.0.3" }, "tagSlugs": [] },
-    { "name": "Home Assistant","groupSlug": "tools",  "iconKind": "asset", "iconValue": "homeAssistant.svg",    "links": { "shangHai": "http://10.0.0.5",  "beiJing": "http://10.1.0.5" }, "tagSlugs": [] },
-    { "name": "思源笔记",      "name_i18n": { "en": "SiYuan Notes" }, "groupSlug": "tools", "iconKind": "asset", "iconValue": "siyuanNote.png", "links": { "shangHai": "http://10.0.0.16:6806/", "beiJing": "http://10.1.0.16:6806/" }, "tagSlugs": [] },
-    { "name": "博客",          "name_i18n": { "en": "Blog" }, "groupSlug": "tools", "iconKind": "asset", "iconValue": "blog.png", "links": { "shangHai": "http://10.0.0.6",  "beiJing": "http://10.1.0.6" }, "tagSlugs": [] },
-    { "name": "Portainer",     "groupSlug": "tools",  "iconKind": "asset", "iconValue": "portainer.svg",        "links": { "shangHai": "http://10.0.0.10:9443", "beiJing": "http://10.1.0.10:9443" }, "tagSlugs": [] },
-    { "name": "青龙",          "name_i18n": { "en": "QingLong" }, "groupSlug": "tools", "iconKind": "asset", "iconValue": "qinglong.png", "links": { "shangHai": "http://10.0.0.15:5700", "beiJing": "http://10.1.0.15:5700" }, "tagSlugs": [] }
+    { "name": "Esxi",          "groupSlug": "tools",  "iconKind": "asset", "iconValue": "esxi.png",             "links": { "shangHai": "http://10.0.0.3",  "beiJing": "http://10.1.0.3", "guangZhou": "http://10.2.0.3" } },
+    { "name": "Home Assistant","groupSlug": "tools",  "iconKind": "asset", "iconValue": "homeAssistant.svg",    "links": { "shangHai": "http://10.0.0.5",  "beiJing": "http://10.1.0.5" } },
+    { "name": "思源笔记",      "name_i18n": { "en": "SiYuan Notes" }, "groupSlug": "tools", "iconKind": "asset", "iconValue": "siyuanNote.png", "links": { "shangHai": "http://10.0.0.16:6806/", "beiJing": "http://10.1.0.16:6806/" } },
+    { "name": "博客",          "name_i18n": { "en": "Blog" }, "groupSlug": "tools", "iconKind": "asset", "iconValue": "blog.png", "links": { "shangHai": "http://10.0.0.6",  "beiJing": "http://10.1.0.6" } },
+    { "name": "Portainer",     "groupSlug": "tools",  "iconKind": "asset", "iconValue": "portainer.svg",        "links": { "shangHai": "http://10.0.0.10:9443", "beiJing": "http://10.1.0.10:9443" } },
+    { "name": "青龙",          "name_i18n": { "en": "QingLong" }, "groupSlug": "tools", "iconKind": "asset", "iconValue": "qinglong.png", "links": { "shangHai": "http://10.0.0.15:5700", "beiJing": "http://10.1.0.15:5700" } }
   ]
 }
diff --git a/server/migrations/0002_drop_tags.sql b/server/migrations/0002_drop_tags.sql
new file mode 100644
index 0000000..196b2c6
--- /dev/null
+++ b/server/migrations/0002_drop_tags.sql
@@ -0,0 +1,5 @@
+-- Drop the tag system entirely. Free-form tag chips never made it into the
+-- final UX, and keeping the tables (with their FK CASCADE on items) around
+-- adds confusion to backups and the admin surface.
+DROP TABLE IF EXISTS item_tags;
+DROP TABLE IF EXISTS tags;
diff --git a/server/src/dto.rs b/server/src/dto.rs
index 5db08b9..34af250 100644
--- a/server/src/dto.rs
+++ b/server/src/dto.rs
@@ -26,15 +26,6 @@ pub struct Group {
     pub collapsed_default: bool,
 }
 
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "camelCase")]
-pub struct Tag {
-    pub id: i64,
-    pub slug: String,
-    pub name: String,
-    pub name_i18n: Option<serde_json::Value>,
-}
-
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
 #[serde(rename_all = "kebab-case")]
 pub enum IconKind {
@@ -56,7 +47,6 @@ pub struct Item {
     pub icon_value: String,
     pub sort_order: i64,
     pub links: std::collections::BTreeMap<String, String>, // site.value -> URL
-    pub tag_slugs: Vec<String>,
     #[serde(default = "zero")]
     pub created_at: i64,
     #[serde(default = "zero")]
@@ -92,7 +82,6 @@ pub struct NavBundle {
     pub sites: Vec<Site>,
     pub groups: Vec<Group>,
     pub items: Vec<Item>,
-    pub tags: Vec<Tag>,
 }
 
 // ----- Write payloads -----
@@ -112,8 +101,6 @@ pub struct ItemPayload {
     pub icon_value: String,
     #[serde(default)]
     pub links: std::collections::BTreeMap<String, String>,
-    #[serde(default)]
-    pub tag_slugs: Vec<String>,
 }
 
 #[derive(Debug, Deserialize, Default)]
@@ -135,8 +122,6 @@ pub struct ItemPatch {
     pub icon_value: Option<String>,
     #[serde(default)]
     pub links: Option<std::collections::BTreeMap<String, String>>,
-    #[serde(default)]
-    pub tag_slugs: Option<Vec<String>>,
 }
 
 #[derive(Debug, Deserialize)]
@@ -195,23 +180,3 @@ pub struct SitePatch {
     #[serde(default)]
     pub is_default: Option<bool>,
 }
-
-#[derive(Debug, Deserialize)]
-#[serde(rename_all = "camelCase")]
-pub struct TagPayload {
-    pub slug: String,
-    pub name: String,
-    #[serde(default)]
-    pub name_i18n: Option<serde_json::Value>,
-}
-
-#[derive(Debug, Deserialize, Default)]
-#[serde(rename_all = "camelCase")]
-pub struct TagPatch {
-    #[serde(default)]
-    pub slug: Option<String>,
-    #[serde(default)]
-    pub name: Option<String>,
-    #[serde(default)]
-    pub name_i18n: Option<Option<serde_json::Value>>,
-}
diff --git a/server/src/repo/nav.rs b/server/src/repo/nav.rs
index 5e199ba..6c2ca78 100644
--- a/server/src/repo/nav.rs
+++ b/server/src/repo/nav.rs
@@ -5,7 +5,7 @@ use async_trait::async_trait;
 #[async_trait]
 pub trait NavRepo: Send + Sync {
     // ----- Bundle -----
-    async fn get_bundle(&self) -> Result<(Vec<Site>, Vec<Group>, Vec<Item>, Vec<Tag>)>;
+    async fn get_bundle(&self) -> Result<(Vec<Site>, Vec<Group>, Vec<Item>)>;
 
     // ----- Sites -----
     async fn list_sites(&self) -> Result<Vec<Site>>;
@@ -26,10 +26,4 @@ pub trait NavRepo: Send + Sync {
     async fn patch_item(&self, id: i64, p: ItemPatch) -> Result<Item>;
     async fn delete_item(&self, id: i64) -> Result<()>;
     async fn reorder_items(&self, entries: Vec<ReorderEntry>) -> Result<()>;
-
-    // ----- Tags -----
-    async fn list_tags(&self) -> Result<Vec<Tag>>;
-    async fn create_tag(&self, p: TagPayload) -> Result<Tag>;
-    async fn patch_tag(&self, id: i64, p: TagPatch) -> Result<Tag>;
-    async fn delete_tag(&self, id: i64) -> Result<()>;
 }
diff --git a/server/src/repo/sqlx_impl.rs b/server/src/repo/sqlx_impl.rs
index 1439840..5b7207c 100644
--- a/server/src/repo/sqlx_impl.rs
+++ b/server/src/repo/sqlx_impl.rs
@@ -39,12 +39,11 @@ fn map_unique_violation(err: sqlx::Error) -> AppError {
 
 #[async_trait]
 impl NavRepo for SqlxNavRepo {
-    async fn get_bundle(&self) -> Result<(Vec<Site>, Vec<Group>, Vec<Item>, Vec<Tag>)> {
+    async fn get_bundle(&self) -> Result<(Vec<Site>, Vec<Group>, Vec<Item>)> {
         let sites = self.list_sites().await?;
         let groups = self.list_groups().await?;
-        let tags = self.list_tags().await?;
         let items = self.list_items_full().await?;
-        Ok((sites, groups, items, tags))
+        Ok((sites, groups, items))
     }
 
     // ---- Sites ----
@@ -267,79 +266,6 @@ impl NavRepo for SqlxNavRepo {
 
     // ---- Tags ----
 
-    async fn list_tags(&self) -> Result<Vec<Tag>> {
-        let rows = sqlx::query!(
-            r#"SELECT id as "id!: i64", slug, name,
-                      name_i18n as "name_i18n: serde_json::Value"
-               FROM tags ORDER BY id"#
-        )
-        .fetch_all(&self.pool)
-        .await?;
-        Ok(rows
-            .into_iter()
-            .map(|r| Tag {
-                id: r.id,
-                slug: r.slug,
-                name: r.name,
-                name_i18n: r.name_i18n,
-            })
-            .collect())
-    }
-
-    async fn create_tag(&self, p: TagPayload) -> Result<Tag> {
-        let res = sqlx::query!(
-            "INSERT INTO tags (slug, name, name_i18n) VALUES (?, ?, ?)",
-            p.slug,
-            p.name,
-            p.name_i18n
-        )
-        .execute(&self.pool)
-        .await
-        .map_err(map_unique_violation)?;
-        let id = res.last_insert_rowid();
-        self.list_tags()
-            .await?
-            .into_iter()
-            .find(|t| t.id == id)
-            .ok_or(AppError::NotFound)
-    }
-
-    async fn patch_tag(&self, id: i64, p: TagPatch) -> Result<Tag> {
-        let mut tx = self.pool.begin().await?;
-        if let Some(v) = p.slug {
-            sqlx::query!("UPDATE tags SET slug=? WHERE id=?", v, id)
-                .execute(&mut *tx)
-                .await
-                .map_err(map_unique_violation)?;
-        }
-        if let Some(v) = p.name {
-            sqlx::query!("UPDATE tags SET name=? WHERE id=?", v, id)
-                .execute(&mut *tx)
-                .await?;
-        }
-        if let Some(v) = p.name_i18n {
-            sqlx::query!("UPDATE tags SET name_i18n=? WHERE id=?", v, id)
-                .execute(&mut *tx)
-                .await?;
-        }
-        tx.commit().await?;
-        self.list_tags()
-            .await?
-            .into_iter()
-            .find(|t| t.id == id)
-            .ok_or(AppError::NotFound)
-    }
-
-    async fn delete_tag(&self, id: i64) -> Result<()> {
-        let res = sqlx::query!("DELETE FROM tags WHERE id=?", id)
-            .execute(&self.pool)
-            .await?;
-        if res.rows_affected() == 0 {
-            return Err(AppError::NotFound);
-        }
-        Ok(())
-    }
-
     // ---- Items ----
 
     async fn create_item(&self, p: ItemPayload) -> Result<Item> {
@@ -373,23 +299,6 @@ impl NavRepo for SqlxNavRepo {
             .await?;
         }
 
-        for slug in &p.tag_slugs {
-            sqlx::query!(
-                "INSERT OR IGNORE INTO tags (slug, name) VALUES (?, ?)",
-                slug,
-                slug
-            )
-            .execute(&mut *tx)
-            .await?;
-            sqlx::query!(
-                r#"INSERT INTO item_tags (item_id, tag_id)
-                    SELECT ?, tags.id FROM tags WHERE tags.slug = ?"#,
-                id,
-                slug
-            )
-            .execute(&mut *tx)
-            .await?;
-        }
         tx.commit().await?;
         self.fetch_item(id).await
     }
@@ -489,28 +398,6 @@ impl NavRepo for SqlxNavRepo {
                 .await?;
             }
         }
-        if let Some(tag_slugs) = p.tag_slugs {
-            sqlx::query!("DELETE FROM item_tags WHERE item_id=?", id)
-                .execute(&mut *tx)
-                .await?;
-            for slug in tag_slugs {
-                sqlx::query!(
-                    "INSERT OR IGNORE INTO tags (slug, name) VALUES (?, ?)",
-                    slug,
-                    slug
-                )
-                .execute(&mut *tx)
-                .await?;
-                sqlx::query!(
-                    r#"INSERT INTO item_tags (item_id, tag_id)
-                        SELECT ?, tags.id FROM tags WHERE tags.slug = ?"#,
-                    id,
-                    slug
-                )
-                .execute(&mut *tx)
-                .await?;
-            }
-        }
         tx.commit().await?;
         self.fetch_item(id).await
     }
@@ -589,13 +476,6 @@ impl SqlxNavRepo {
         .fetch_all(&self.pool)
         .await?;
 
-        let tag_rows = sqlx::query!(
-            r#"SELECT it.item_id as "item_id!: i64", t.slug as "slug!"
-               FROM item_tags it JOIN tags t ON t.id = it.tag_id"#
-        )
-        .fetch_all(&self.pool)
-        .await?;
-
         let mut items: Vec<Item> = item_rows
             .into_iter()
             .map(|r| {
@@ -615,7 +495,6 @@ impl SqlxNavRepo {
                     icon_value: r.icon_value,
                     sort_order: r.sort_order,
                     links: Default::default(),
-                    tag_slugs: Vec::new(),
                     created_at: r.created_at,
                     updated_at: r.updated_at,
                 }
@@ -630,11 +509,6 @@ impl SqlxNavRepo {
                 items[idx].links.insert(r.site_value, r.url);
             }
         }
-        for r in tag_rows {
-            if let Some(&idx) = by_id.get(&r.item_id) {
-                items[idx].tag_slugs.push(r.slug);
-            }
-        }
         Ok(items)
     }
 }
diff --git a/server/src/routes/mod.rs b/server/src/routes/mod.rs
index 5947e55..9e3a09d 100644
--- a/server/src/routes/mod.rs
+++ b/server/src/routes/mod.rs
@@ -9,7 +9,6 @@ pub mod icons;
 pub mod items;
 pub mod nav;
 pub mod sites;
-pub mod tags;
 
 use crate::state::AppState;
 
@@ -25,7 +24,6 @@ pub fn api(state: AppState) -> Router {
                 .merge(items::router())
                 .merge(groups::router())
                 .merge(sites::router())
-                .merge(tags::router())
                 .merge(icons::router())
                 .merge(favicon::router()),
         )
diff --git a/server/src/routes/tags.rs b/server/src/routes/tags.rs
deleted file mode 100644
index c51884d..0000000
--- a/server/src/routes/tags.rs
+++ /dev/null
@@ -1,41 +0,0 @@
-use axum::{
-    extract::{Path, State},
-    http::StatusCode,
-    routing::{patch, post},
-    Json, Router,
-};
-
-use crate::auth::RequireAuth;
-use crate::dto::{Tag, TagPatch, TagPayload};
-use crate::error::Result;
-use crate::state::AppState;
-
-pub fn router() -> Router<AppState> {
-    Router::new()
-        .route("/tags", post(create))
-        .route("/tags/:id", patch(update).delete(remove))
-}
-
-async fn create(
-    _a: RequireAuth,
-    State(s): State<AppState>,
-    Json(body): Json<TagPayload>,
-) -> Result<(StatusCode, Json<Tag>)> {
-    Ok((StatusCode::CREATED, Json(s.nav.create_tag(body).await?)))
-}
-async fn update(
-    _a: RequireAuth,
-    State(s): State<AppState>,
-    Path(id): Path<i64>,
-    Json(body): Json<TagPatch>,
-) -> Result<Json<Tag>> {
-    Ok(Json(s.nav.patch_tag(id, body).await?))
-}
-async fn remove(
-    _a: RequireAuth,
-    State(s): State<AppState>,
-    Path(id): Path<i64>,
-) -> Result<StatusCode> {
-    s.nav.delete_tag(id).await?;
-    Ok(StatusCode::NO_CONTENT)
-}
diff --git a/server/src/services/bundle.rs b/server/src/services/bundle.rs
index 531961b..32f863f 100644
--- a/server/src/services/bundle.rs
+++ b/server/src/services/bundle.rs
@@ -7,7 +7,7 @@ pub async fn assemble_bundle(
     nav: Arc<dyn NavRepo>,
     config: Arc<dyn ConfigRepo>,
 ) -> Result<NavBundle> {
-    let (sites, groups, items, tags) = nav.get_bundle().await?;
+    let (sites, groups, items) = nav.get_bundle().await?;
 
     let cfg = config
         .get_many(&[
@@ -64,6 +64,5 @@ pub async fn assemble_bundle(
         sites,
         groups,
         items,
-        tags,
     })
 }
diff --git a/server/src/services/migration.rs b/server/src/services/migration.rs
index b42a8db..b7cbee7 100644
--- a/server/src/services/migration.rs
+++ b/server/src/services/migration.rs
@@ -13,7 +13,6 @@ struct BootstrapDoc {
     meta: BootstrapMeta,
     sites: Vec<BootstrapSite>,
     groups: Vec<BootstrapGroup>,
-    tags: Vec<BootstrapTag>,
     items: Vec<BootstrapItem>,
 }
 
@@ -59,14 +58,6 @@ struct BootstrapGroup {
     collapsed_default: bool,
 }
 
-#[derive(Deserialize)]
-struct BootstrapTag {
-    slug: String,
-    name: String,
-    #[serde(default)]
-    name_i18n: Option<serde_json::Value>,
-}
-
 #[derive(Deserialize)]
 struct BootstrapItem {
     name: String,
@@ -80,12 +71,10 @@ struct BootstrapItem {
     icon_value: String,
     #[serde(default)]
     links: std::collections::BTreeMap<String, String>,
-    #[serde(default, rename = "tagSlugs")]
-    tag_slugs: Vec<String>,
 }
 
 pub async fn seed_if_empty(nav: Arc<dyn NavRepo>, config: Arc<dyn ConfigRepo>) -> Result<()> {
-    let (sites, _, items, _) = nav.get_bundle().await?;
+    let (sites, _, items) = nav.get_bundle().await?;
     if !sites.is_empty() || !items.is_empty() {
         return Ok(());
     }
@@ -137,15 +126,6 @@ pub async fn seed_if_empty(nav: Arc<dyn NavRepo>, config: Arc<dyn ConfigRepo>) -
             .await?;
         group_id_by_slug.insert(g.slug, created.id);
     }
-    // Tags
-    for t in doc.tags {
-        nav.create_tag(TagPayload {
-            slug: t.slug,
-            name: t.name,
-            name_i18n: t.name_i18n,
-        })
-        .await?;
-    }
     // Items
     for it in doc.items {
         let group_id = it
@@ -160,7 +140,6 @@ pub async fn seed_if_empty(nav: Arc<dyn NavRepo>, config: Arc<dyn ConfigRepo>) -
             icon_kind: it.icon_kind,
             icon_value: it.icon_value,
             links: it.links,
-            tag_slugs: it.tag_slugs,
         })
         .await?;
     }
diff --git a/server/tests/api_groups_sites_tags.rs b/server/tests/api_groups_sites.rs
similarity index 78%
rename from server/tests/api_groups_sites_tags.rs
rename to server/tests/api_groups_sites.rs
index 0cb6a29..937b489 100644
--- a/server/tests/api_groups_sites_tags.rs
+++ b/server/tests/api_groups_sites.rs
@@ -69,25 +69,3 @@ async fn site_lifecycle() {
         .await
         .assert_status(axum::http::StatusCode::NO_CONTENT);
 }
-
-#[tokio::test]
-async fn tag_lifecycle() {
-    let server = boot().await;
-    let t: serde_json::Value = server
-        .post("/api/tags")
-        .json(&serde_json::json!({
-            "slug":"fav","name":"Favorite"
-        }))
-        .await
-        .json();
-    let id = t["id"].as_i64().unwrap();
-    server
-        .patch(&format!("/api/tags/{id}"))
-        .json(&serde_json::json!({"name":"⭐"}))
-        .await
-        .assert_status_ok();
-    server
-        .delete(&format!("/api/tags/{id}"))
-        .await
-        .assert_status(axum::http::StatusCode::NO_CONTENT);
-}
diff --git a/server/tests/api_items.rs b/server/tests/api_items.rs
index 2dad010..cdb8566 100644
--- a/server/tests/api_items.rs
+++ b/server/tests/api_items.rs
@@ -53,8 +53,7 @@ async fn create_then_list_via_bundle() {
         "name": "Router",
         "iconKind": "asset",
         "iconValue": "router.png",
-        "links": { "shangHai": "http://10.0.0.1" },
-        "tagSlugs": []
+        "links": { "shangHai": "http://10.0.0.1" }
     });
     let res = server.post("/api/items").json(&body).await;
     res.assert_status(axum::http::StatusCode::CREATED);
diff --git a/server/tests/repo_items.rs b/server/tests/repo_items.rs
index 5650d71..e2e4818 100644
--- a/server/tests/repo_items.rs
+++ b/server/tests/repo_items.rs
@@ -27,16 +27,8 @@ async fn make_repo_with_seed() -> (SqlxNavRepo, i64, i64) {
 }
 
 #[tokio::test]
-async fn create_item_with_links_and_tags() {
+async fn create_item_with_links() {
     let (repo, gid, _sid) = make_repo_with_seed().await;
-    let _t = repo
-        .create_tag(TagPayload {
-            slug: "fav".into(),
-            name: "Favorite".into(),
-            name_i18n: None,
-        })
-        .await
-        .unwrap();
     let mut links = std::collections::BTreeMap::new();
     links.insert("shangHai".into(), "http://10.0.0.1".into());
     let item = repo
@@ -49,7 +41,6 @@ async fn create_item_with_links_and_tags() {
             icon_kind: IconKind::Asset,
             icon_value: "routerOS.png".into(),
             links,
-            tag_slugs: vec!["fav".into()],
         })
         .await
         .unwrap();
@@ -58,26 +49,11 @@ async fn create_item_with_links_and_tags() {
         item.links.get("shangHai").map(String::as_str),
         Some("http://10.0.0.1")
     );
-    assert_eq!(item.tag_slugs, vec!["fav"]);
 }
 
 #[tokio::test]
-async fn patch_item_replaces_links_and_tags() {
+async fn patch_item_replaces_links() {
     let (repo, gid, _sid) = make_repo_with_seed().await;
-    repo.create_tag(TagPayload {
-        slug: "a".into(),
-        name: "A".into(),
-        name_i18n: None,
-    })
-    .await
-    .unwrap();
-    repo.create_tag(TagPayload {
-        slug: "b".into(),
-        name: "B".into(),
-        name_i18n: None,
-    })
-    .await
-    .unwrap();
     let mut links = std::collections::BTreeMap::new();
     links.insert("shangHai".into(), "http://1".into());
     let item = repo
@@ -89,8 +65,7 @@ async fn patch_item_replaces_links_and_tags() {
             description_i18n: None,
             icon_kind: IconKind::Asset,
             icon_value: "x.png".into(),
-            links: links.clone(),
-            tag_slugs: vec!["a".into()],
+            links,
         })
         .await
         .unwrap();
@@ -98,7 +73,6 @@ async fn patch_item_replaces_links_and_tags() {
     new_links.insert("shangHai".into(), "http://2".into());
     let p = ItemPatch {
         links: Some(new_links),
-        tag_slugs: Some(vec!["b".into()]),
         ..Default::default()
     };
     let updated = repo.patch_item(item.id, p).await.unwrap();
@@ -106,11 +80,10 @@ async fn patch_item_replaces_links_and_tags() {
         updated.links.get("shangHai").map(String::as_str),
         Some("http://2")
     );
-    assert_eq!(updated.tag_slugs, vec!["b"]);
 }
 
 #[tokio::test]
-async fn delete_item_cascades_links_and_tags() {
+async fn delete_item_cascades_links() {
     let (repo, gid, _sid) = make_repo_with_seed().await;
     let mut links = std::collections::BTreeMap::new();
     links.insert("shangHai".into(), "http://1".into());
@@ -124,12 +97,11 @@ async fn delete_item_cascades_links_and_tags() {
             icon_kind: IconKind::Asset,
             icon_value: "x.png".into(),
             links,
-            tag_slugs: vec![],
         })
         .await
         .unwrap();
     repo.delete_item(item.id).await.unwrap();
-    let (_, _, items, _) = repo.get_bundle().await.unwrap();
+    let (_, _, items) = repo.get_bundle().await.unwrap();
     assert!(items.is_empty());
 }
 
@@ -146,7 +118,6 @@ async fn reorder_items_writes_sort_order() {
             icon_kind: IconKind::Asset,
             icon_value: "a.png".into(),
             links: Default::default(),
-            tag_slugs: vec![],
         })
         .await
         .unwrap();
@@ -160,7 +131,6 @@ async fn reorder_items_writes_sort_order() {
             icon_kind: IconKind::Asset,
             icon_value: "b.png".into(),
             links: Default::default(),
-            tag_slugs: vec![],
         })
         .await
         .unwrap();
@@ -178,69 +148,7 @@ async fn reorder_items_writes_sort_order() {
     ])
     .await
     .unwrap();
-    let (_, _, items, _) = repo.get_bundle().await.unwrap();
+    let (_, _, items) = repo.get_bundle().await.unwrap();
     assert_eq!(items[0].id, b.id);
     assert_eq!(items[1].id, a.id);
 }
-
-/// Regression: previously `create_item` / `patch_item` did
-/// `INSERT INTO item_tags ... SELECT ... FROM tags WHERE slug = ?`,
-/// which silently dropped tags whose slug was not pre-registered.
-/// Now they upsert the tag first, so a fresh slug should round-trip.
-#[tokio::test]
-async fn create_item_auto_creates_unknown_tag_slugs() {
-    let (repo, gid, _sid) = make_repo_with_seed().await;
-    let mut links = std::collections::BTreeMap::new();
-    links.insert("shangHai".into(), "http://example".into());
-    let item = repo
-        .create_item(ItemPayload {
-            group_id: Some(gid),
-            name: "X".into(),
-            name_i18n: None,
-            description: None,
-            description_i18n: None,
-            icon_kind: IconKind::Asset,
-            icon_value: "x.png".into(),
-            links,
-            tag_slugs: vec!["fresh-slug".into(), "tools".into()],
-        })
-        .await
-        .unwrap();
-    assert_eq!(item.tag_slugs.len(), 2);
-    assert!(item.tag_slugs.contains(&"fresh-slug".into()));
-    assert!(item.tag_slugs.contains(&"tools".into()));
-    let (_, _, _, tags) = repo.get_bundle().await.unwrap();
-    assert!(tags.iter().any(|t| t.slug == "fresh-slug"));
-}
-
-#[tokio::test]
-async fn patch_item_auto_creates_unknown_tag_slugs() {
-    let (repo, gid, _sid) = make_repo_with_seed().await;
-    let mut links = std::collections::BTreeMap::new();
-    links.insert("shangHai".into(), "http://example".into());
-    let item = repo
-        .create_item(ItemPayload {
-            group_id: Some(gid),
-            name: "X".into(),
-            name_i18n: None,
-            description: None,
-            description_i18n: None,
-            icon_kind: IconKind::Asset,
-            icon_value: "x.png".into(),
-            links,
-            tag_slugs: vec![],
-        })
-        .await
-        .unwrap();
-    let updated = repo
-        .patch_item(
-            item.id,
-            ItemPatch {
-                tag_slugs: Some(vec!["brand-new".into()]),
-                ..Default::default()
-            },
-        )
-        .await
-        .unwrap();
-    assert_eq!(updated.tag_slugs, vec!["brand-new"]);
-}
diff --git a/server/tests/repo_sites.rs b/server/tests/repo_sites.rs
index d35e881..cd69d6b 100644
--- a/server/tests/repo_sites.rs
+++ b/server/tests/repo_sites.rs
@@ -106,7 +106,6 @@ async fn delete_site_referenced_by_item_returns_conflict() {
         icon_kind: IconKind::Asset,
         icon_value: "x.png".into(),
         links,
-        tag_slugs: vec![],
     })
     .await
     .unwrap();
diff --git a/server/tests/seed.rs b/server/tests/seed.rs
index 46ee415..b53ff2b 100644
--- a/server/tests/seed.rs
+++ b/server/tests/seed.rs
@@ -9,7 +9,7 @@ async fn seed_populates_sites_and_groups() {
     let nav: Arc<dyn NavRepo> = Arc::new(SqlxNavRepo::new(pool.clone()));
     let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
     seed_if_empty(nav.clone(), cfg.clone()).await.unwrap();
-    let (sites, groups, _items, _tags) = nav.get_bundle().await.unwrap();
+    let (sites, groups, _items) = nav.get_bundle().await.unwrap();
     assert!(sites.iter().any(|s| s.value == "shangHai"));
     assert!(groups.iter().any(|g| g.slug == "network"));
     assert_eq!(
diff --git a/web/src/lib/api/admin.ts b/web/src/lib/api/admin.ts
index 510a9f3..8ed3994 100644
--- a/web/src/lib/api/admin.ts
+++ b/web/src/lib/api/admin.ts
@@ -1,5 +1,5 @@
 import { apiClient } from './client';
-import { GroupSchema, SiteSchema, TagSchema, type Group, type Site, type Tag } from '$lib/types/nav';
+import { GroupSchema, SiteSchema, type Group, type Site } from '$lib/types/nav';
 
 // ----- Groups -----
 
@@ -64,34 +64,3 @@ export function patchSite(id: number, patch: SitePatch): Promise<Site> {
 export function deleteSite(id: number): Promise<void> {
   return apiClient<void>({ method: 'DELETE', path: `/api/sites/${id}` });
 }
-
-// ----- Tags -----
-
-export interface TagPayload {
-  slug: string;
-  name: string;
-  nameI18n?: Record<string, string> | null;
-}
-export type TagPatch = Partial<TagPayload>;
-
-export function createTag(payload: TagPayload): Promise<Tag> {
-  return apiClient<Tag>({
-    method: 'POST',
-    path: '/api/tags',
-    body: payload,
-    responseSchema: TagSchema
-  });
-}
-
-export function patchTag(id: number, patch: TagPatch): Promise<Tag> {
-  return apiClient<Tag>({
-    method: 'PATCH',
-    path: `/api/tags/${id}`,
-    body: patch,
-    responseSchema: TagSchema
-  });
-}
-
-export function deleteTag(id: number): Promise<void> {
-  return apiClient<void>({ method: 'DELETE', path: `/api/tags/${id}` });
-}
diff --git a/web/src/lib/api/nav.ts b/web/src/lib/api/nav.ts
index 551a365..ec72917 100644
--- a/web/src/lib/api/nav.ts
+++ b/web/src/lib/api/nav.ts
@@ -11,7 +11,6 @@ export interface ItemPayload {
   iconKind: IconKind;
   iconValue: string;
   links: Record<string, string>;
-  tagSlugs: string[];
 }
 
 export type ItemPatch = Partial<ItemPayload>;
diff --git a/web/src/lib/components/Admin/AdminTagsTab.svelte b/web/src/lib/components/Admin/AdminTagsTab.svelte
deleted file mode 100644
index 31060ce..0000000
--- a/web/src/lib/components/Admin/AdminTagsTab.svelte
+++ /dev/null
@@ -1,232 +0,0 @@
-<script lang="ts">
-  import Button from '$lib/components/ui/Button.svelte';
-  import Input from '$lib/components/ui/Input.svelte';
-  import { navDataStore } from '$lib/stores/navData';
-  import { createTag, patchTag, deleteTag } from '$lib/api/admin';
-  import { ApiError } from '$lib/api/client';
-  import { toast } from '$lib/components/ui/toast';
-  import { t } from '$lib/i18n/store';
-  import type { Tag } from '$lib/types/nav';
-
-  const tags = $derived($navDataStore.bundle?.tags ?? []);
-  const itemCountByTag = $derived.by(() => {
-    const map = new Map<string, number>();
-    for (const it of $navDataStore.bundle?.items ?? []) {
-      for (const slug of it.tagSlugs) {
-        map.set(slug, (map.get(slug) ?? 0) + 1);
-      }
-    }
-    return map;
-  });
-
-  let editingId = $state<number | null>(null);
-  let editSlug = $state('');
-  let editName = $state('');
-
-  let creating = $state(false);
-  let newSlug = $state('');
-  let newName = $state('');
-  let busy = $state(false);
-
-  function startEdit(t: Tag) {
-    editingId = t.id;
-    editSlug = t.slug;
-    editName = t.name;
-  }
-  function cancelEdit() {
-    editingId = null;
-  }
-  async function saveEdit() {
-    if (editingId == null || busy) return;
-    busy = true;
-    try {
-      await patchTag(editingId, { slug: editSlug.trim(), name: editName.trim() });
-      await navDataStore.refetch();
-      editingId = null;
-      toast.success($t('common.save') + ' ✓');
-    } catch (e) {
-      toast.error(e instanceof ApiError ? e.message : 'Save failed');
-    } finally {
-      busy = false;
-    }
-  }
-
-  async function remove(tag: Tag) {
-    if (busy) return;
-    const count = itemCountByTag.get(tag.slug) ?? 0;
-    const msg =
-      count > 0
-        ? `Tag "${tag.name}" is used by ${count} item(s). Delete it (links will be removed)?`
-        : `Delete tag "${tag.name}"?`;
-    if (!confirm(msg)) return;
-    busy = true;
-    try {
-      await deleteTag(tag.id);
-      await navDataStore.refetch();
-      toast.success('Deleted ✓');
-    } catch (e) {
-      toast.error(e instanceof ApiError ? e.message : 'Delete failed');
-    } finally {
-      busy = false;
-    }
-  }
-
-  function startCreate() {
-    creating = true;
-    newSlug = '';
-    newName = '';
-  }
-  function cancelCreate() {
-    creating = false;
-  }
-  async function commitCreate() {
-    if (busy) return;
-    if (!newSlug.trim() || !newName.trim()) {
-      toast.error('Both slug and name are required');
-      return;
-    }
-    busy = true;
-    try {
-      await createTag({ slug: newSlug.trim(), name: newName.trim() });
-      await navDataStore.refetch();
-      creating = false;
-      toast.success('Created ✓');
-    } catch (e) {
-      toast.error(e instanceof ApiError ? e.message : 'Create failed');
-    } finally {
-      busy = false;
-    }
-  }
-</script>
-
-<div class="tab">
-  <header class="head">
-    <h3>Tags <small>({tags.length})</small></h3>
-    {#if !creating}
-      <Button intent="primary" size="sm" onclick={startCreate}>＋ New tag</Button>
-    {/if}
-  </header>
-  <p class="hint">
-    Tags are free-form labels you can attach to items via the comma-separated input on the item
-    editor. New slugs typed there are auto-created with their name set to the slug — you can
-    rename them here later.
-  </p>
-
-  {#if creating}
-    <div class="row create-row">
-      <Input label="Slug" bind:value={newSlug} placeholder="fav" />
-      <Input label="Name" bind:value={newName} placeholder="Favorite" />
-      <div class="row-actions">
-        <Button intent="primary" size="sm" onclick={commitCreate} loading={busy}>Create</Button>
-        <Button intent="ghost" size="sm" onclick={cancelCreate}>Cancel</Button>
-      </div>
-    </div>
-  {/if}
-
-  <ul class="list">
-    {#each tags as tag (tag.id)}
-      <li class="row">
-        {#if editingId === tag.id}
-          <Input label="Slug" bind:value={editSlug} />
-          <Input label="Name" bind:value={editName} />
-          <div class="row-actions">
-            <Button intent="primary" size="sm" onclick={saveEdit} loading={busy}>Save</Button>
-            <Button intent="ghost" size="sm" onclick={cancelEdit}>Cancel</Button>
-          </div>
-        {:else}
-          <div class="info">
-            <strong>{tag.name}</strong>
-            <span class="slug">{tag.slug}</span>
-            <span class="count">{itemCountByTag.get(tag.slug) ?? 0} item(s)</span>
-          </div>
-          <div class="row-actions">
-            <Button intent="ghost" size="sm" onclick={() => startEdit(tag)}>Edit</Button>
-            <Button intent="ghost" size="sm" onclick={() => remove(tag)}>Delete</Button>
-          </div>
-        {/if}
-      </li>
-    {/each}
-    {#if tags.length === 0}
-      <li class="empty">No tags yet.</li>
-    {/if}
-  </ul>
-</div>
-
-<style lang="scss">
-  .tab {
-    display: flex;
-    flex-direction: column;
-    gap: var(--sp-3);
-  }
-  .head {
-    display: flex;
-    align-items: center;
-    justify-content: space-between;
-    h3 {
-      margin: 0;
-      font-size: var(--fs-lg);
-      small {
-        color: var(--c-text-3);
-        font-weight: var(--fw-regular);
-      }
-    }
-  }
-  .hint {
-    margin: 0;
-    font-size: var(--fs-sm);
-    color: var(--c-text-3);
-  }
-  .list {
-    list-style: none;
-    margin: 0;
-    padding: 0;
-    display: flex;
-    flex-direction: column;
-    gap: var(--sp-2);
-  }
-  .row {
-    display: grid;
-    grid-template-columns: 1fr auto;
-    align-items: center;
-    gap: var(--sp-3);
-    padding: var(--sp-3);
-    border: 1px solid var(--c-border);
-    border-radius: var(--rd-md);
-    background: rgba(255, 255, 255, 0.45);
-  }
-  :global([data-theme='dark']) .row {
-    background: rgba(255, 255, 255, 0.04);
-  }
-  .create-row {
-    grid-template-columns: 1fr 1fr auto;
-  }
-  .row .info {
-    display: flex;
-    align-items: baseline;
-    gap: var(--sp-3);
-    flex-wrap: wrap;
-    strong {
-      font-size: var(--fs-md);
-    }
-    .slug {
-      font-family: var(--ft-mono);
-      font-size: var(--fs-sm);
-      color: var(--c-text-3);
-    }
-    .count {
-      font-size: var(--fs-xs);
-      color: var(--c-text-3);
-    }
-  }
-  .row-actions {
-    display: flex;
-    gap: var(--sp-2);
-    align-items: end;
-  }
-  .empty {
-    padding: var(--sp-4);
-    text-align: center;
-    color: var(--c-text-3);
-    font-size: var(--fs-sm);
-  }
-</style>
diff --git a/web/src/lib/components/Editor/ItemEditDialog.svelte b/web/src/lib/components/Editor/ItemEditDialog.svelte
index a3211e6..bb9e9ce 100644
--- a/web/src/lib/components/Editor/ItemEditDialog.svelte
+++ b/web/src/lib/components/Editor/ItemEditDialog.svelte
@@ -27,7 +27,6 @@
   let iconValue = $state('');
   /** Each row = (site value, url). Empty rows are dropped on submit. */
   let linkRows = $state<Array<{ siteValue: string; url: string }>>([]);
-  let tagSlugsCsv = $state(''); // simplified: comma-separated
   let submitting = $state(false);
   let error = $state<string | null>(null);
 
@@ -40,7 +39,6 @@
         iconKind = target.iconKind;
         iconValue = target.iconValue;
         linkRows = Object.entries(target.links).map(([siteValue, url]) => ({ siteValue, url }));
-        tagSlugsCsv = target.tagSlugs.join(', ');
       } else {
         name = '';
         groupId = defaultGroupId;
@@ -48,7 +46,6 @@
         iconValue = '';
         const firstSite = $navDataStore.bundle?.sites[0]?.value ?? '';
         linkRows = firstSite ? [{ siteValue: firstSite, url: '' }] : [];
-        tagSlugsCsv = '';
       }
       error = null;
       hydrated = true;
@@ -97,11 +94,7 @@
         name: name.trim(),
         iconKind,
         iconValue: iconValue.trim(),
-        links,
-        tagSlugs: tagSlugsCsv
-          .split(',')
-          .map((s) => s.trim())
-          .filter(Boolean)
+        links
       };
       if (target) {
         await patchItem(target.id, payload);
@@ -172,7 +165,6 @@
         </button>
       </div>
     </div>
-    <Input label="Tag slugs (comma-separated)" bind:value={tagSlugsCsv} placeholder="fav, tools" />
     {#if error}<p class="err">{error}</p>{/if}
   </div>
   {#snippet footer()}
diff --git a/web/src/lib/components/Header/TagFilterChips.svelte b/web/src/lib/components/Header/TagFilterChips.svelte
deleted file mode 100644
index f031b03..0000000
--- a/web/src/lib/components/Header/TagFilterChips.svelte
+++ /dev/null
@@ -1,18 +0,0 @@
-<script lang="ts">
-  import Chip from '$lib/components/ui/Chip.svelte';
-  import { allTagSlugs, activeTagSlugs, toggleTag } from '$lib/stores/visible';
-</script>
-
-<div class="chips">
-  {#each $allTagSlugs as slug (slug)}
-    <Chip label={slug} active={$activeTagSlugs.has(slug)} onSelect={() => toggleTag(slug)} />
-  {/each}
-</div>
-
-<style lang="scss">
-  .chips {
-    display: flex;
-    gap: var(--sp-1);
-    flex-wrap: wrap;
-  }
-</style>
diff --git a/web/src/lib/components/Header/index.svelte b/web/src/lib/components/Header/index.svelte
index e094463..182b386 100644
--- a/web/src/lib/components/Header/index.svelte
+++ b/web/src/lib/components/Header/index.svelte
@@ -1,7 +1,6 @@
 <script lang="ts">
   import Brand from './Brand.svelte';
   import SearchBar from './SearchBar.svelte';
-  import TagFilterChips from './TagFilterChips.svelte';
   import SiteSelect from './SiteSelect.svelte';
   import ThemeToggle from './ThemeToggle.svelte';
   import LocaleToggle from './LocaleToggle.svelte';
@@ -15,7 +14,6 @@
     </div>
     <div class="center">
       <SearchBar />
-      <TagFilterChips />
     </div>
     <div class="right">
       <SiteSelect />
diff --git a/web/src/lib/stores/navData.test.ts b/web/src/lib/stores/navData.test.ts
index f89ce96..07c7dcb 100644
--- a/web/src/lib/stores/navData.test.ts
+++ b/web/src/lib/stores/navData.test.ts
@@ -16,12 +16,12 @@ const sampleBundle = {
     siteCopyright: '©',
     siteIcp: null,
     sitePolice: null,
-    defaultTheme: 'system' as const
+    defaultTheme: 'system' as const,
+    layoutMode: 'grouped' as const
   },
   sites: [],
   groups: [],
-  items: [],
-  tags: []
+  items: []
 };
 
 describe('navDataStore', () => {
@@ -64,7 +64,6 @@ describe('navDataStore', () => {
           iconValue: 'x.png',
           sortOrder: 0,
           links: {},
-          tagSlugs: [],
           createdAt: 0,
           updatedAt: 0
         }
diff --git a/web/src/lib/stores/visible.test.ts b/web/src/lib/stores/visible.test.ts
index 6cff29b..169a620 100644
--- a/web/src/lib/stores/visible.test.ts
+++ b/web/src/lib/stores/visible.test.ts
@@ -8,7 +8,6 @@ import {
   currentSite,
   visibleSections,
   visibleFavorites,
-  toggleTag,
   clearFilters
 } from './visible';
 import type { NavBundle } from '$lib/types/nav';
@@ -21,7 +20,8 @@ const bundle: NavBundle = {
     siteCopyright: '',
     siteIcp: null,
     sitePolice: null,
-    defaultTheme: 'system'
+    defaultTheme: 'system',
+    layoutMode: 'grouped'
   },
   sites: [
     { id: 1, value: 'sh', name: 'SH', nameI18n: null, sortOrder: 0, isDefault: true },
@@ -37,7 +37,6 @@ const bundle: NavBundle = {
       collapsedDefault: false
     }
   ],
-  tags: [{ id: 100, slug: 'fav', name: 'Favorite', nameI18n: null }],
   items: [
     {
       id: 1,
@@ -50,7 +49,6 @@ const bundle: NavBundle = {
       iconValue: 'r.png',
       sortOrder: 0,
       links: { sh: 'http://1', bj: 'http://1b' },
-      tagSlugs: ['fav'],
       createdAt: 0,
       updatedAt: 0
     },
@@ -65,7 +63,6 @@ const bundle: NavBundle = {
       iconValue: 's.png',
       sortOrder: 1,
       links: { sh: 'http://2' }, // no bj
-      tagSlugs: [],
       createdAt: 0,
       updatedAt: 0
     }
@@ -100,12 +97,6 @@ describe('visibleSections', () => {
     expect(get(visibleSections)[0].items.map((i) => i.name)).toEqual(['Router']);
   });
 
-  it('tag filter applies', () => {
-    toggleTag('fav');
-    const out = get(visibleSections);
-    expect(out[0].items.map((i) => i.name)).toEqual(['Router']);
-  });
-
   it('visibleFavorites lists user-favorited items only', () => {
     uiPrefs.toggleFavorite(2);
     expect(get(visibleFavorites).map((i) => i.id)).toEqual([2]);
diff --git a/web/src/lib/stores/visible.ts b/web/src/lib/stores/visible.ts
index 547690f..2769d5e 100644
--- a/web/src/lib/stores/visible.ts
+++ b/web/src/lib/stores/visible.ts
@@ -5,7 +5,6 @@ import { uiPrefs } from './uiPrefs';
 import type { Group, Item, Site } from '$lib/types/nav';
 
 export const searchQuery = writable<string>('');
-export const activeTagSlugs = writable<Set<string>>(new Set());
 
 export interface ResolvedSite {
   /** The chosen Site object, or null if bundle empty. */
@@ -29,28 +28,21 @@ export interface VisibleGroup {
 }
 
 /**
- * Items grouped + filtered by current site, search term, and active tag chips.
- * Empty groups are dropped.
+ * Items grouped + filtered by current site and search term. Empty groups are dropped.
  */
 export const visibleSections: Readable<VisibleGroup[]> = derived(
-  [navDataStore, currentSite, searchQuery, activeTagSlugs],
-  ([$nav, $cur, $q, $tags]) => {
+  [navDataStore, currentSite, searchQuery],
+  ([$nav, $cur, $q]) => {
     const bundle = $nav.bundle;
     if (!bundle || !$cur.site) return [];
     const siteValue = $cur.site.value;
     const q = $q.trim().toLowerCase();
-    const wantTags = $tags;
 
     const filtered = bundle.items
       .filter((i) => i.links[siteValue] !== undefined)
-      .filter((i) => {
-        if (wantTags.size === 0) return true;
-        return i.tagSlugs.some((s) => wantTags.has(s));
-      })
       .filter((i) => {
         if (!q) return true;
         if (i.name.toLowerCase().includes(q)) return true;
-        if (i.tagSlugs.some((s) => s.toLowerCase().includes(q))) return true;
         if (i.description && i.description.toLowerCase().includes(q)) return true;
         return false;
       });
@@ -87,11 +79,6 @@ export const visibleFavorites: Readable<Item[]> = derived(
   }
 );
 
-/** All tag slugs in the bundle, used by chip filter. */
-export const allTagSlugs: Readable<string[]> = derived(navDataStore, ($n) =>
-  $n.bundle ? $n.bundle.tags.map((t) => t.slug).sort() : []
-);
-
 /** Flat layout: all visible items in one list (no grouping). */
 export const visibleFlatItems: Readable<Item[]> = derived(visibleSections, ($sections) =>
   $sections.flatMap((s) => s.items)
@@ -102,24 +89,14 @@ export const layoutMode: Readable<'grouped' | 'flat'> = derived(navDataStore, ($
   $n.bundle?.meta.layoutMode === 'flat' ? 'flat' : 'grouped'
 );
 
-/** True if any filter (search or tag) is active. */
+/** True if a search filter is active. */
 export const hasActiveFilter: Readable<boolean> = derived(
-  [searchQuery, activeTagSlugs],
-  ([$q, $tags]) => $q.trim().length > 0 || $tags.size > 0
+  searchQuery,
+  ($q) => $q.trim().length > 0
 );
 
-/** Helpers for tag chips */
-export function toggleTag(slug: string) {
-  activeTagSlugs.update((s) => {
-    const next = new Set(s);
-    if (next.has(slug)) next.delete(slug);
-    else next.add(slug);
-    return next;
-  });
-}
 export function clearFilters() {
   searchQuery.set('');
-  activeTagSlugs.set(new Set());
 }
 
 /** For unit tests / dev console */
diff --git a/web/src/lib/types/nav.ts b/web/src/lib/types/nav.ts
index 5507c7c..f735ceb 100644
--- a/web/src/lib/types/nav.ts
+++ b/web/src/lib/types/nav.ts
@@ -27,14 +27,6 @@ export const GroupSchema = z.object({
 });
 export type Group = z.infer<typeof GroupSchema>;
 
-export const TagSchema = z.object({
-  id: z.number().int(),
-  slug: z.string(),
-  name: z.string(),
-  nameI18n: I18nMap
-});
-export type Tag = z.infer<typeof TagSchema>;
-
 export const ItemSchema = z.object({
   id: z.number().int(),
   groupId: z.number().int().nullable(),
@@ -46,7 +38,6 @@ export const ItemSchema = z.object({
   iconValue: z.string(),
   sortOrder: z.number().int(),
   links: z.record(z.string(), z.string()),
-  tagSlugs: z.array(z.string()),
   createdAt: z.number().int(),
   updatedAt: z.number().int()
 });
@@ -75,8 +66,7 @@ export const NavBundleSchema = z.object({
   meta: MetaSchema,
   sites: z.array(SiteSchema),
   groups: z.array(GroupSchema),
-  items: z.array(ItemSchema),
-  tags: z.array(TagSchema)
+  items: z.array(ItemSchema)
 });
 export type NavBundle = z.infer<typeof NavBundleSchema>;
 
diff --git a/web/src/routes/admin/+page.svelte b/web/src/routes/admin/+page.svelte
index 483b2f7..1bf8a48 100644
--- a/web/src/routes/admin/+page.svelte
+++ b/web/src/routes/admin/+page.svelte
@@ -5,14 +5,12 @@
   import AdminSiteTab from '$lib/components/Admin/AdminSiteTab.svelte';
   import AdminGroupsTab from '$lib/components/Admin/AdminGroupsTab.svelte';
   import AdminSitesTab from '$lib/components/Admin/AdminSitesTab.svelte';
-  import AdminTagsTab from '$lib/components/Admin/AdminTagsTab.svelte';
 
-  type TabId = 'site' | 'groups' | 'sites' | 'tags';
+  type TabId = 'site' | 'groups' | 'sites';
   const TABS: { id: TabId; label: string }[] = [
     { id: 'site', label: 'Site' },
     { id: 'groups', label: 'Groups' },
-    { id: 'sites', label: 'Sites' },
-    { id: 'tags', label: 'Tags' }
+    { id: 'sites', label: 'Sites' }
   ];
 
   let active = $state<TabId>('site');
@@ -65,8 +63,6 @@
           <AdminGroupsTab />
         {:else if active === 'sites'}
           <AdminSitesTab />
-        {:else if active === 'tags'}
-          <AdminTagsTab />
         {/if}
       </section>
     </div>

From 715c95c2e14be0ecb4fce5f07b21ddb5ea3fd3a1 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Thu, 21 May 2026 20:33:10 +0800
Subject: [PATCH 18/77] feat(admin): drag-to-reorder Groups and Sites
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reuses svelte-dnd-action (already a dep, drives NavGrid item reorder).
Each row gets a ⋮⋮ grab handle on the left; dropping a row triggers
POST /api/{groups,sites}/reorder with the new sortOrder for every
row in the list, then refetches navData. Drag is auto-disabled while
a row is being inline-edited or created (so input/drag don't fight)
and while a previous mutation is in flight.

API helpers reorderGroups / reorderSites added to api/admin.ts.
---
 web/src/lib/api/admin.ts                      | 21 +++++++
 .../components/Admin/AdminGroupsTab.svelte    | 59 ++++++++++++++++---
 .../lib/components/Admin/AdminSitesTab.svelte | 57 +++++++++++++++---
 3 files changed, 121 insertions(+), 16 deletions(-)

diff --git a/web/src/lib/api/admin.ts b/web/src/lib/api/admin.ts
index 8ed3994..8b08660 100644
--- a/web/src/lib/api/admin.ts
+++ b/web/src/lib/api/admin.ts
@@ -33,6 +33,19 @@ export function deleteGroup(id: number): Promise<void> {
   return apiClient<void>({ method: 'DELETE', path: `/api/groups/${id}` });
 }
 
+export interface ReorderEntry {
+  id: number;
+  sortOrder: number;
+}
+
+export function reorderGroups(entries: ReorderEntry[]): Promise<void> {
+  return apiClient<void>({
+    method: 'POST',
+    path: '/api/groups/reorder',
+    body: entries
+  });
+}
+
 // ----- Sites -----
 
 export interface SitePayload {
@@ -64,3 +77,11 @@ export function patchSite(id: number, patch: SitePatch): Promise<Site> {
 export function deleteSite(id: number): Promise<void> {
   return apiClient<void>({ method: 'DELETE', path: `/api/sites/${id}` });
 }
+
+export function reorderSites(entries: ReorderEntry[]): Promise<void> {
+  return apiClient<void>({
+    method: 'POST',
+    path: '/api/sites/reorder',
+    body: entries
+  });
+}
diff --git a/web/src/lib/components/Admin/AdminGroupsTab.svelte b/web/src/lib/components/Admin/AdminGroupsTab.svelte
index 0d7cbc7..969c698 100644
--- a/web/src/lib/components/Admin/AdminGroupsTab.svelte
+++ b/web/src/lib/components/Admin/AdminGroupsTab.svelte
@@ -1,14 +1,20 @@
 <script lang="ts">
   import Button from '$lib/components/ui/Button.svelte';
   import Input from '$lib/components/ui/Input.svelte';
+  import { dndzone, type DndEvent } from 'svelte-dnd-action';
   import { navDataStore } from '$lib/stores/navData';
-  import { createGroup, patchGroup, deleteGroup } from '$lib/api/admin';
+  import { createGroup, patchGroup, deleteGroup, reorderGroups } from '$lib/api/admin';
   import { ApiError } from '$lib/api/client';
   import { toast } from '$lib/components/ui/toast';
   import { t } from '$lib/i18n/store';
   import type { Group } from '$lib/types/nav';
 
   const groups = $derived($navDataStore.bundle?.groups ?? []);
+  /** Local mirror so dndzone can mutate during drag. Synced from `groups`. */
+  let working: Group[] = $state([]);
+  $effect(() => {
+    working = [...groups].sort((a, b) => a.sortOrder - b.sortOrder);
+  });
   const itemCountByGroup = $derived.by(() => {
     const map = new Map<number, number>();
     for (const it of $navDataStore.bundle?.items ?? []) {
@@ -27,6 +33,24 @@
   let newSlug = $state('');
   let busy = $state(false);
 
+  /** Disable dnd while inline editing or creating to avoid input/drag fights. */
+  const dragDisabled = $derived(editingId !== null || creating || busy);
+
+  function onConsider(e: CustomEvent<DndEvent<Group>>) {
+    working = e.detail.items;
+  }
+  async function onFinalize(e: CustomEvent<DndEvent<Group>>) {
+    working = e.detail.items;
+    const entries = working.map((g, i) => ({ id: g.id, sortOrder: i }));
+    try {
+      await reorderGroups(entries);
+      await navDataStore.refetch();
+    } catch (err) {
+      await navDataStore.refetch();
+      toast.error(err instanceof ApiError ? err.message : 'Reorder failed');
+    }
+  }
+
   function startEdit(g: Group) {
     editingId = g.id;
     editName = g.name;
@@ -121,9 +145,14 @@
     </div>
   {/if}
 
-  <ul class="list">
-    {#each groups as g (g.id)}
-      <li class="row">
+  <ul
+    class="list"
+    use:dndzone={{ items: working, dragDisabled, flipDurationMs: 180, dropTargetStyle: {} }}
+    onconsider={onConsider}
+    onfinalize={onFinalize}
+  >
+    {#each working as g (g.id)}
+      <li class="row" class:editing={editingId === g.id}>
         {#if editingId === g.id}
           <Input label="Slug" bind:value={editSlug} />
           <Input label="Name" bind:value={editName} />
@@ -132,6 +161,7 @@
             <Button intent="ghost" size="sm" onclick={cancelEdit}>Cancel</Button>
           </div>
         {:else}
+          <span class="handle" class:disabled={dragDisabled} aria-hidden="true">⋮⋮</span>
           <div class="info">
             <strong>{g.name}</strong>
             <span class="slug">{g.slug}</span>
@@ -144,10 +174,10 @@
         {/if}
       </li>
     {/each}
-    {#if groups.length === 0}
-      <li class="empty">No groups yet. Create one to start organising items.</li>
-    {/if}
   </ul>
+  {#if groups.length === 0}
+    <p class="empty">No groups yet. Create one to start organising items.</p>
+  {/if}
 </div>
 
 <style lang="scss">
@@ -179,7 +209,7 @@
   }
   .row {
     display: grid;
-    grid-template-columns: 1fr auto;
+    grid-template-columns: auto 1fr auto;
     align-items: center;
     gap: var(--sp-3);
     padding: var(--sp-3);
@@ -190,9 +220,22 @@
   :global([data-theme='dark']) .row {
     background: rgba(255, 255, 255, 0.04);
   }
+  .row.editing,
   .create-row {
     grid-template-columns: 1fr 1fr auto;
   }
+  .handle {
+    color: var(--c-text-3);
+    cursor: grab;
+    user-select: none;
+    line-height: 1;
+    letter-spacing: -2px;
+    padding: 0 var(--sp-1);
+    &.disabled {
+      cursor: not-allowed;
+      opacity: 0.4;
+    }
+  }
   .row .info {
     display: flex;
     align-items: baseline;
diff --git a/web/src/lib/components/Admin/AdminSitesTab.svelte b/web/src/lib/components/Admin/AdminSitesTab.svelte
index e2ec7c8..3cbfbdc 100644
--- a/web/src/lib/components/Admin/AdminSitesTab.svelte
+++ b/web/src/lib/components/Admin/AdminSitesTab.svelte
@@ -1,14 +1,19 @@
 <script lang="ts">
   import Button from '$lib/components/ui/Button.svelte';
   import Input from '$lib/components/ui/Input.svelte';
+  import { dndzone, type DndEvent } from 'svelte-dnd-action';
   import { navDataStore } from '$lib/stores/navData';
-  import { createSite, patchSite, deleteSite } from '$lib/api/admin';
+  import { createSite, patchSite, deleteSite, reorderSites } from '$lib/api/admin';
   import { ApiError } from '$lib/api/client';
   import { toast } from '$lib/components/ui/toast';
   import { t } from '$lib/i18n/store';
   import type { Site } from '$lib/types/nav';
 
   const sites = $derived($navDataStore.bundle?.sites ?? []);
+  let working: Site[] = $state([]);
+  $effect(() => {
+    working = [...sites].sort((a, b) => a.sortOrder - b.sortOrder);
+  });
   const linkCountBySite = $derived.by(() => {
     const map = new Map<string, number>();
     for (const it of $navDataStore.bundle?.items ?? []) {
@@ -30,6 +35,23 @@
   let newDefault = $state(false);
   let busy = $state(false);
 
+  const dragDisabled = $derived(editingId !== null || creating || busy);
+
+  function onConsider(e: CustomEvent<DndEvent<Site>>) {
+    working = e.detail.items;
+  }
+  async function onFinalize(e: CustomEvent<DndEvent<Site>>) {
+    working = e.detail.items;
+    const entries = working.map((s, i) => ({ id: s.id, sortOrder: i }));
+    try {
+      await reorderSites(entries);
+      await navDataStore.refetch();
+    } catch (err) {
+      await navDataStore.refetch();
+      toast.error(err instanceof ApiError ? err.message : 'Reorder failed');
+    }
+  }
+
   function startEdit(s: Site) {
     editingId = s.id;
     editValue = s.value;
@@ -140,9 +162,14 @@
     </div>
   {/if}
 
-  <ul class="list">
-    {#each sites as s (s.id)}
-      <li class="row">
+  <ul
+    class="list"
+    use:dndzone={{ items: working, dragDisabled, flipDurationMs: 180, dropTargetStyle: {} }}
+    onconsider={onConsider}
+    onfinalize={onFinalize}
+  >
+    {#each working as s (s.id)}
+      <li class="row" class:editing={editingId === s.id}>
         {#if editingId === s.id}
           <Input label="Value" bind:value={editValue} />
           <Input label="Name" bind:value={editName} />
@@ -155,6 +182,7 @@
             <Button intent="ghost" size="sm" onclick={cancelEdit}>Cancel</Button>
           </div>
         {:else}
+          <span class="handle" class:disabled={dragDisabled} aria-hidden="true">⋮⋮</span>
           <div class="info">
             <strong>{s.name}</strong>
             <span class="slug">{s.value}</span>
@@ -168,10 +196,10 @@
         {/if}
       </li>
     {/each}
-    {#if sites.length === 0}
-      <li class="empty">No sites yet. Create one to start adding per-site links.</li>
-    {/if}
   </ul>
+  {#if sites.length === 0}
+    <p class="empty">No sites yet. Create one to start adding per-site links.</p>
+  {/if}
 </div>
 
 <style lang="scss">
@@ -212,7 +240,7 @@
   }
   .row {
     display: grid;
-    grid-template-columns: 1fr auto;
+    grid-template-columns: auto 1fr auto;
     align-items: center;
     gap: var(--sp-3);
     padding: var(--sp-3);
@@ -223,9 +251,22 @@
   :global([data-theme='dark']) .row {
     background: rgba(255, 255, 255, 0.04);
   }
+  .row.editing,
   .create-row {
     grid-template-columns: 1fr 1fr auto auto;
   }
+  .handle {
+    color: var(--c-text-3);
+    cursor: grab;
+    user-select: none;
+    line-height: 1;
+    letter-spacing: -2px;
+    padding: 0 var(--sp-1);
+    &.disabled {
+      cursor: not-allowed;
+      opacity: 0.4;
+    }
+  }
   .row .info {
     display: flex;
     align-items: baseline;

From 4a347cbee53ebdbcb264912dcc4ab2b05ad2f4bb Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Thu, 21 May 2026 21:49:16 +0800
Subject: [PATCH 19/77] docs: add Launchpad unification design spec

Captures the agreed design for replacing the dual grouped/flat layouts
with a single Launchpad canvas: unified `cards` table (folder | item),
long-press jiggle mode, drag-to-reorder/merge/extract folders, drop
all i18n columns from user data, drop the layoutMode toggle.

Implementation plan to follow via writing-plans.
---
 .../2026-05-21-launchpad-unify-design.md      | 412 ++++++++++++++++++
 1 file changed, 412 insertions(+)
 create mode 100644 docs/superpowers/specs/2026-05-21-launchpad-unify-design.md

diff --git a/docs/superpowers/specs/2026-05-21-launchpad-unify-design.md b/docs/superpowers/specs/2026-05-21-launchpad-unify-design.md
new file mode 100644
index 0000000..8f2d6bb
--- /dev/null
+++ b/docs/superpowers/specs/2026-05-21-launchpad-unify-design.md
@@ -0,0 +1,412 @@
+# Launchpad Unification — Design
+
+**Status**: Approved 2026-05-21
+**Author**: brainstorming session
+**Scope**: Replace the dual `grouped` / `flat` home layouts with a single
+macOS Launchpad-style canvas; unify `groups` and `items` into one polymorphic
+`cards` table; introduce long-press jiggle mode with full drag-and-drop
+(reorder, auto-create folder, drop into folder, drag out of folder); drop
+all i18n columns from user-facing data.
+
+This document is the design contract. The implementation plan and tasks
+are produced separately by `writing-plans`.
+
+---
+
+## 1. Goals
+
+1. One home view: every nav target — whether a single link or a folder
+   containing multiple links — is a `card` rendered in one grid.
+2. Long-press any card → enter "jiggle mode": all cards animate, drag to
+   reorder, drag-on-drag to auto-create a folder, drag into / out of a
+   folder, click ✕ to delete, click folder name to rename.
+3. Eliminate the layout-mode toggle (`grouped` vs `flat`) entirely.
+4. Eliminate per-row internationalisation columns; product is single-locale
+   for now (UI strings still go through `$t()`).
+5. Migrate existing data losslessly.
+
+## 2. Non-goals
+
+- Folder-in-folder nesting (matches macOS Launchpad and iOS Home Screen).
+- Drag handle UX (drag is initiated by long-press, not by a visible
+  handle).
+- Multi-locale per-card content (deliberately removed).
+- Mobile-specific gesture rework — long-press on touch devices is
+  identical to long-press on desktop.
+
+## 3. Data model
+
+### 3.1 `cards` table
+
+```sql
+CREATE TABLE cards (
+  id          INTEGER PRIMARY KEY AUTOINCREMENT,
+  kind        TEXT    NOT NULL CHECK (kind IN ('folder', 'item')),
+  parent_id   INTEGER REFERENCES cards(id) ON DELETE CASCADE,
+  sort_order  INTEGER NOT NULL,
+  name        TEXT    NOT NULL,
+  -- folder-only
+  slug        TEXT,
+  -- item-only
+  icon_kind   TEXT,    -- 'asset' | 'url' | 'auto-favicon'
+  icon_value  TEXT,
+  description TEXT,
+  created_at  INTEGER NOT NULL,
+  updated_at  INTEGER NOT NULL,
+  UNIQUE (parent_id, sort_order)
+);
+CREATE INDEX cards_parent_sort ON cards(parent_id, sort_order);
+```
+
+**Rules** (enforced by the application + a CHECK trigger):
+- `parent_id IS NULL` ↔ top-level card on the home grid.
+- `parent_id IS NOT NULL` ↔ inside a folder; the referenced card MUST be
+  `kind='folder'`.
+- `kind='folder'` MUST have `parent_id IS NULL` (no nested folders).
+- `kind='folder'` rows MUST have `slug NOT NULL` and `icon_kind`,
+  `icon_value`, `description` all `NULL`.
+- `kind='item'` rows MUST have `icon_kind NOT NULL`, `icon_value NOT NULL`,
+  and `slug IS NULL`.
+- `(parent_id, sort_order)` is unique — duplicate slot in the same bucket
+  is invalid.
+
+### 3.2 `card_links` table
+
+```sql
+CREATE TABLE card_links (
+  card_id INTEGER NOT NULL REFERENCES cards(id) ON DELETE CASCADE,
+  site_id INTEGER NOT NULL REFERENCES sites(id) ON DELETE CASCADE,
+  url     TEXT    NOT NULL,
+  PRIMARY KEY (card_id, site_id)
+);
+```
+
+Only valid when `cards.kind='item'`. Application enforces this; folders
+have no links.
+
+### 3.3 Columns to drop
+
+- `groups`, `items`, `item_links` — entire tables.
+- `sites.name_i18n` — drop column.
+- All `*_i18n` columns/fields anywhere in DTOs / TS types.
+
+The bundle's `meta` retains its config-table-backed scalars; nothing
+i18n in `meta` is currently populated, so no data loss there.
+
+## 4. Migration
+
+Migration is split because it can't be expressed cleanly as a single
+SQL file (id remapping needs a host-language map). Three steps run in
+order on boot:
+
+1. **`0003_create_cards.sql`** — Create `cards` and `card_links`. No
+   data movement; legacy tables untouched.
+
+2. **`legacy_migrate.rs`** runs only when `groups` table still exists at
+   startup. Inside one transaction:
+   ```
+   for g in SELECT * FROM groups ORDER BY sort_order, id:
+       INSERT INTO cards (kind='folder', parent_id=NULL, sort_order=g.sort_order,
+                          name=g.name, slug=g.slug, ...)
+           returning id  →  remember as new_id_for_group[g.id]
+   for i in SELECT * FROM items ORDER BY group_id, sort_order, id:
+       parent = i.group_id ? new_id_for_group[i.group_id] : NULL
+       INSERT INTO cards (kind='item', parent_id=parent, sort_order=i.sort_order,
+                          name=i.name, icon_kind=i.icon_kind, ...)
+           returning id  →  remember as new_id_for_item[i.id]
+   for il in SELECT * FROM item_links:
+       INSERT INTO card_links (card_id=new_id_for_item[il.item_id],
+                               site_id=il.site_id, url=il.url)
+   DROP TABLE item_links;
+   DROP TABLE items;
+   DROP TABLE groups;
+   commit
+   ```
+   The function is idempotent (no-op when `groups` is gone). Failures
+   roll back the whole transaction; legacy tables stay intact and the
+   app refuses to start until the operator investigates.
+
+3. **`0004_drop_i18n_cols.sql`** — `ALTER TABLE sites DROP COLUMN
+   name_i18n;`. (SQLite supports DROP COLUMN since 3.35 / 2021; minimum
+   version already in our toolchain.)
+
+Rollback strategy: a manual recovery script is out of scope. Operator
+backs up `data.db` before upgrade. Migration is destructive of the
+legacy schema.
+
+## 5. API
+
+### 5.1 New endpoints
+
+| Method | Path | Purpose |
+|---|---|---|
+| `POST` | `/api/cards` | Create folder or item. Body: `{kind, parentId?, name, slug?, iconKind?, iconValue?, description?, links?}`. Returns the created Card. |
+| `PATCH` | `/api/cards/:id` | Update any subset of `name / slug / iconKind / iconValue / description / parentId / links`. Returns the updated Card. |
+| `DELETE` | `/api/cards/:id` | Delete card. If folder with children: children are released to top-level (parent_id=NULL, appended at end of root sort_order) in the same transaction. |
+| `POST` | `/api/cards/reorder` | Body: `[{id, parentId, sortOrder}]`. Atomically updates the affected bucket(s). Validates that all listed cards within one parentId form a contiguous 0..N permutation; rejects partial / overlapping orderings. |
+| `POST` | `/api/cards/auto-folder` | Body: `{sourceItemId, targetItemId, name}`. Atomic: create folder card with `name` at the target item's slot; both items become its children at sort_order 0 and 1; original item slots are renumbered. |
+
+### 5.2 Removed
+
+- `/api/groups` (POST/PATCH/DELETE/reorder)
+- `/api/items` (POST/PATCH/DELETE/reorder)
+
+Frontend code calling these must be removed in the same PR; backend
+returns 404 for them.
+
+### 5.3 Bundle endpoint
+
+`GET /api/nav` payload changes:
+
+- Remove `groups` array, `items` array.
+- Add `cards: Card[]` containing every card (top-level and inside folders).
+- Frontend reconstructs the hierarchy by `parent_id`.
+- `meta`, `sites` unchanged structurally except for the removed
+  `name_i18n` field on Site.
+
+`Card` shape (TS / Rust):
+```
+{
+  id: number
+  kind: 'folder' | 'item'
+  parentId: number | null
+  sortOrder: number
+  name: string
+  slug?: string                 // folder only
+  iconKind?: 'asset' | 'url' | 'auto-favicon'  // item only
+  iconValue?: string                            // item only
+  description?: string | null                   // item only
+  links?: Record<siteValue, url>                // item only
+  createdAt: number
+  updatedAt: number
+}
+```
+
+## 6. Frontend interaction
+
+### 6.1 Long-press → jiggle mode
+
+A new `jiggleMode` store replaces `editModeStore`. The store toggles
+based on:
+- Pointerdown on any card. After 600ms with no pointerup and movement
+  ≤ 5px, the store flips to `true` and the originating card immediately
+  enters drag.
+- ESC key, or click on grid background outside any card → flips to
+  `false`.
+- Programmatic exit after a successful auto-folder rename, item
+  delete, etc. — actions that finish the user's edit intent.
+
+Jiggle mode is gated by auth: unauthenticated users never enter it.
+For unauth users long-press is a no-op (short tap still opens the link
+or expands the folder).
+
+### 6.2 Card visuals in jiggle mode
+
+- CSS keyframe animation: each card rotates between -1° and +1° on a
+  staggered ~250ms loop (each card's loop offset is derived from `id %
+  4` to avoid synchronised motion).
+- Top-left corner: ✕ button (16×16, danger color). Click: confirm
+  (`name`) → `DELETE /api/cards/:id`.
+- For folders: name is rendered as an inline-editable label. Click
+  enters rename; Enter commits via `PATCH /api/cards/:id { name }`,
+  ESC cancels.
+
+### 6.3 Folder open / expand
+
+Folders open inline, **not** in a modal. When a folder is clicked
+(short tap, with or without jiggle):
+
+- The folder's row gets a logical "expansion slot" rendered immediately
+  below as a full-width sub-grid containing its children.
+- Visual: a card-styled panel that pushes subsequent rows down.
+- Closing: click another folder, or click empty space, or Esc.
+- `GroupFolderModal.svelte` is removed.
+
+This is what makes "drag out of folder" natural: in jiggle mode, the
+folder is open and inline, so the child card and the parent grid share
+one DOM scope. Dropping a child outside the folder panel → `PATCH
+parent_id = null`, the child is appended to the home grid root, and
+the folder collapses if it was open.
+
+### 6.4 Drag rules
+
+| Source | Drop target | Effect |
+|---|---|---|
+| any card | between two card slots in same bucket | reorder via `/cards/reorder` |
+| item | item, hover ≥600ms over the same slot | auto-folder via `/cards/auto-folder`; new folder named (default `$t('home.folder.untitled')`, currently rendered as "未命名" in zh, "Untitled" in en); opens inline + focuses rename |
+| item | folder, hover ≥600ms over the same slot | reorder + reparent: client emits a single `/cards/reorder` payload that places the dragged item inside the target folder's bucket at sort_order 0 (or end, depending on hover position) |
+| item inside an open folder | grid area outside that folder's expansion panel | reorder + reparent to root: same `/cards/reorder` payload moves the item into the root bucket and renumbers; folder panel collapses if it was open |
+| folder | another folder or item slot in root | reorder root bucket only — folder-on-folder hover does NOT merge (no nested folders allowed) |
+| folder | inside an open folder | rejected; folder cannot become a child of another folder |
+
+`svelte-dnd-action` drives the dnd. The "hover ≥600ms" auto-merge logic
+is wrapped around `onConsider`/`onFinalize` with a debounced timer
+keyed on (sourceId, targetId). All reparenting flows through
+`/cards/reorder` (whose payload already carries `parentId`); a separate
+PATCH-only path exists in the API for non-drag use (e.g. admin), but
+the home grid never uses it.
+
+### 6.5 New card creation
+
+- The home grid always renders a "+" placeholder at the end of the root
+  bucket when authenticated.
+- Click "+" → opens `ItemEditDialog` (existing component, slightly
+  pruned since `groupId` is now `parentId` and `tagSlugs` is already
+  gone). Submit → `POST /api/cards { kind: 'item', parentId: null, ... }`.
+- A folder is created only via auto-folder drag; there is no
+  "create empty folder" affordance. (If we ever need it, an `Admin →
+  Cards` future tab can offer it.)
+
+### 6.6 Search
+
+Search behaviour is unchanged in spirit:
+- When `searchQuery` non-empty, the home grid is replaced by a flat
+  filtered grid of matching items (regardless of folder), as today.
+- Folders, jiggle mode, dnd are disabled while searching.
+
+### 6.7 Removed UI
+
+- `GroupFolderModal.svelte`
+- `GroupSection.svelte`, `GroupHeader.svelte` (replaced by inline expand)
+- `EditToggle.svelte` (long-press supersedes)
+- `editModeStore` (replaced by `jiggleMode`)
+- Layout-mode picker in `AdminSiteTab.svelte`
+- Admin Groups tab + admin route entry
+- `layoutMode` config key + `bundle.meta.layoutMode` field
+
+## 7. Admin page after the change
+
+- **Site tab** — Branding only (title, avatar, footer). Layout mode
+  block deleted.
+- **Sites tab** — unchanged (drag reorder + CRUD).
+- **No Groups tab** — folder lifecycle lives on the home grid.
+- **No Cards / Items tab** — items are managed on the home grid via
+  long-press jiggle.
+
+## 8. Delete semantics
+
+- `DELETE /api/cards/:id` on an item → simple delete; cascade removes
+  `card_links` rows by FK.
+- `DELETE /api/cards/:id` on a folder → in one transaction:
+  1. Compute `next_root_sort = MAX(sort_order)+1 FROM cards WHERE parent_id IS NULL`.
+  2. For each child in old folder (ordered by current `sort_order`):
+     `UPDATE cards SET parent_id=NULL, sort_order=next_root_sort` and
+     `next_root_sort += 1`.
+  3. `DELETE FROM cards WHERE id=<folder_id>`.
+- `DELETE /api/sites/:id` — keep the existing 409 Conflict if any
+  `card_links` reference it; client must clear references first.
+
+Frontend always shows a confirm prompt before delete. For folders the
+prompt names the count of children that will be released.
+
+## 9. Files (summary)
+
+### Backend new
+
+- `server/migrations/0003_create_cards.sql`
+- `server/migrations/0004_drop_i18n_cols.sql`
+- `server/src/services/legacy_migrate.rs`
+- `server/src/routes/cards.rs`
+- `server/tests/repo_cards.rs`
+- `server/tests/api_cards.rs`
+
+### Backend changed (rewritten in part)
+
+- `server/src/dto.rs` (Card / CardPayload / CardPatch / ReorderEntry refit; drop Group / Item DTOs and i18n fields)
+- `server/src/repo/nav.rs` (NavRepo trait → CardRepo: list_cards / create_card / patch_card / delete_card / reorder_cards / auto_folder)
+- `server/src/repo/sqlx_impl.rs` (rewrite CRUD against `cards` / `card_links`)
+- `server/src/services/bundle.rs` (return `cards`)
+- `server/src/services/migration.rs` (bootstrap seed writes cards directly)
+- `server/src/routes/mod.rs` (drop groups/items, mount cards)
+- `server/src/main.rs` (call `legacy_migrate::migrate_if_needed()` after `migrate(pool)`)
+
+### Backend removed
+
+- `server/src/routes/groups.rs`
+- `server/src/routes/items.rs`
+- `server/tests/repo_items.rs`
+- `server/tests/api_items.rs`
+- `server/tests/api_groups_sites.rs` (group section gone; site section kept inline in api_cards or a new `api_sites.rs`)
+- `server/tests/repo_sites.rs` `delete_site_referenced_by_item_returns_conflict` updated to query `card_links`
+
+### Frontend new
+
+- `web/src/lib/types/card.ts` (replaces Group/Item types)
+- `web/src/lib/api/cards.ts` (replaces nav.ts CRUD; nav.ts keeps only the bundle fetch helper)
+- `web/src/lib/components/Nav/Card.svelte` (polymorphic renderer)
+- `web/src/lib/components/Nav/InlineFolderExpand.svelte`
+- `web/src/lib/components/Nav/JiggleHost.svelte`
+- `web/src/lib/stores/jiggle.ts`
+- `web/src/lib/util/longPress.ts` (Svelte action)
+
+### Frontend changed (significant)
+
+- `web/src/lib/types/nav.ts` (replaces Group/Item with Card; drop tagSlugs; drop layoutMode)
+- `web/src/lib/stores/{navData.ts, visible.ts}` (cards-aware)
+- `web/src/lib/api/nav.ts` (drop item CRUD)
+- `web/src/routes/+page.svelte` (single rendering path)
+- `web/src/lib/components/Editor/ItemEditDialog.svelte` (`groupId` → `parentId`; minor)
+- `web/src/lib/components/Admin/AdminSiteTab.svelte` (drop Layout block)
+- `web/src/routes/admin/+page.svelte` (drop Groups tab)
+
+### Frontend removed
+
+- `web/src/lib/components/Header/EditToggle.svelte`
+- `web/src/lib/stores/editMode.ts`
+- `web/src/lib/components/Admin/AdminGroupsTab.svelte`
+- `web/src/lib/components/Nav/{GroupFolderModal.svelte, GroupSection.svelte, GroupHeader.svelte, GroupFolder.svelte}` (Card.svelte subsumes folder rendering)
+- `web/src/lib/api/admin.ts` group section + reorderGroups (kept: site CRUD + reorder)
+
+### Tests touched
+
+- All existing `repo_items` / `repo_sites` cases that pass `tag_slugs` / `group_id` get refactored to the cards model.
+- New tests for: cards CRUD, reorder permutation validation, folder
+  delete releases children, auto-folder transactionality, legacy
+  migration idempotency.
+
+## 10. Acceptance criteria
+
+1. After deploy, `GET /api/nav` includes a `cards` array, no `groups` /
+   `items` / `tagSlugs` / `layoutMode` keys; existing data appears in
+   the new shape.
+2. Existing 4 groups + 20 items + 4 sites visible on the home grid in
+   the same visual layout (folders for the four group folders).
+3. Long-press 600ms on any card → all cards begin to jiggle within 100ms.
+4. Drag two `kind='item'` cards onto each other → new folder appears
+   with the locale-appropriate default name (`未命名` in zh, `Untitled`
+   in en), both items inside, inline rename input focused.
+5. Drag a card from inside an open folder to the root grid → it
+   becomes a top-level card; the folder collapses.
+6. ✕ on a folder card with children → confirm prompt names the child
+   count; on confirm, the folder is gone, children appear at the end
+   of the root grid in their original order.
+7. ESC or click on root background exits jiggle mode within 1 frame.
+8. Admin → Site has no Layout block; Admin top tabs are exactly Site
+   and Sites; no Groups tab.
+9. `cargo test` passes, `pnpm test:unit` passes, `cargo clippy
+   -- -D warnings` passes, `svelte-check` produces no new errors
+   beyond pre-existing baseline.
+
+## 11. Risks and how we mitigate
+
+- **Migration loses data**: legacy_migrate is wrapped in one
+  transaction; refuses to start the server on error. Operator must
+  back up `data.db` before upgrade — README will say so.
+- **Sortorder collisions during concurrent reorders**: the unique
+  constraint on `(parent_id, sort_order)` will reject the second
+  writer; client retries by fetching current state. Single-admin
+  product, so contention is rare.
+- **Touch long-press vs scroll on mobile**: pointerdown listener
+  cancels the 600ms timer if movement >5px; scrolling does not trip
+  jiggle.
+- **Auto-folder accidental triggers**: the 600ms hover threshold and
+  the visual hover indicator (target item halo) prevent accidental
+  merges.
+
+## 12. Out of scope (parked)
+
+- Folder cover image / custom 4-tile arrangement (current auto-tile
+  preview is fine).
+- Multi-select drag (single drag is sufficient).
+- Per-folder background colour, emoji.
+- Reordering across pages — there are no pages, only one grid.

From f89891e1c3b76f79cf5558007d903d4a64a57abe Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 20:45:09 +0800
Subject: [PATCH 20/77] feat(launchpad): migrate to cards model + jiggle UX +
 link-per-site
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replace the legacy groups/items + item_links data model with a unified
cards(kind in folder|item) + card_links(card_id, site_id, url) bridge
table. The home grid is now a LaunchPad-style canvas: long-press 600ms
enters jiggle mode, in jiggle each card shows an ✕ for delete and is
draggable for reorder / merge into folders / drag out of folders.

Backend:
- migrations 0003 (cards + card_links) and 0004 (drop i18n cols)
- new routes/cards.rs: POST / PATCH / DELETE / reorder / auto-folder
- new services/legacy_migrate.rs: one-shot copy of groups+items into cards
- delete routes/groups.rs, routes/items.rs and their tests
- repo/sqlx_impl.rs and dto.rs rewritten around Card

Frontend:
- new lib/types/card.ts, lib/api/cards.ts
- new Card.svelte (391 LoC, near-complete: long-press, jiggle, ✕ confirm,
  inline folder rename, 2x2 mini-folder thumb, merge halo)
- new JiggleHost.svelte, InlineFolderExpand.svelte (modal-style expand)
- new util/dragGrid.ts (372 LoC hand-rolled Pointer Events action;
  ditches svelte-dnd-action because FLIP shifting breaks dwell detection)
- new stores/jiggle.ts, stores/dragMerge.ts
- delete NavGrid / GroupFolder / GroupFolderModal / GroupHeader /
  GroupSection / FavoritesSection / NavItem / EditToggle /
  AdminGroupsTab / editMode store
- routes/+page.svelte rewritten as the single dragGrid canvas wrapping
  root grid + open folder panel; handleDrop dispatches reorder /
  auto-folder / reparent / drag-out branches
- visible.ts now resolves per-site URL via card.links[siteValue],
  not by filtering whole cards
- ItemEditDialog rewritten with per-site link rows (one URL per site)

Multi-site semantics: a card binds to one or more sites, each site
carries its own URL via card_links. Switching site changes which URL
opens, not which cards exist.

Aligned with docs/superpowers/specs/2026-05-21-launchpad-unify-design.md.
---
 server/migrations/0003_create_cards.sql       |   44 +
 server/migrations/0004_drop_i18n_cols.sql     |    5 +
 server/src/dto.rs                             |  136 +--
 server/src/main.rs                            |    3 +
 server/src/repo/nav.rs                        |   30 +-
 server/src/repo/sqlx_impl.rs                  | 1019 +++++++++++------
 server/src/routes/cards.rs                    |   64 ++
 server/src/routes/groups.rs                   |   50 -
 server/src/routes/items.rs                    |   54 -
 server/src/routes/mod.rs                      |    6 +-
 server/src/routes/sites.rs                    |    4 +-
 server/src/services/bundle.rs                 |   11 +-
 server/src/services/legacy_migrate.rs         |  224 ++++
 server/src/services/migration.rs              |   53 +-
 server/src/services/mod.rs                    |    1 +
 server/tests/api_cards.rs                     |  113 ++
 server/tests/api_groups_sites.rs              |   71 --
 server/tests/api_items.rs                     |  137 ---
 server/tests/api_nav.rs                       |    8 +-
 server/tests/repo_cards.rs                    |  295 +++++
 server/tests/repo_items.rs                    |  154 ---
 server/tests/repo_sites.rs                    |   30 +-
 server/tests/seed.rs                          |   19 +-
 web/src/lib/api/admin.ts                      |   55 +-
 web/src/lib/api/cards.ts                      |   48 +
 web/src/lib/api/nav.ts                        |   52 +-
 .../components/Admin/AdminGroupsTab.svelte    |  268 -----
 .../lib/components/Admin/AdminSiteTab.svelte  |  149 +--
 .../lib/components/Admin/AdminSitesTab.svelte |   13 +-
 .../components/Editor/ItemEditDialog.svelte   |   71 +-
 .../lib/components/Header/AuthControls.svelte |    2 -
 .../lib/components/Header/EditToggle.svelte   |   59 -
 .../lib/components/Header/SiteSelect.svelte   |    5 +-
 web/src/lib/components/Nav/Card.svelte        |  391 +++++++
 .../components/Nav/FavoritesSection.svelte    |   32 -
 web/src/lib/components/Nav/GroupFolder.svelte |  131 ---
 .../components/Nav/GroupFolderModal.svelte    |  123 --
 web/src/lib/components/Nav/GroupHeader.svelte |   52 -
 .../lib/components/Nav/GroupSection.svelte    |   42 -
 .../components/Nav/InlineFolderExpand.svelte  |  162 +++
 web/src/lib/components/Nav/JiggleHost.svelte  |   30 +
 web/src/lib/components/Nav/NavGrid.svelte     |  115 --
 web/src/lib/components/Nav/NavItem.svelte     |  273 -----
 web/src/lib/i18n/en.json                      |    6 +-
 web/src/lib/i18n/zh.json                      |    6 +-
 web/src/lib/stores/dragMerge.ts               |   27 +
 web/src/lib/stores/editMode.test.ts           |   38 -
 web/src/lib/stores/editMode.ts                |   19 -
 web/src/lib/stores/jiggle.ts                  |   41 +
 web/src/lib/stores/navData.test.ts            |   21 +-
 web/src/lib/stores/navData.ts                 |    9 +-
 web/src/lib/stores/uiPrefs.test.ts            |   17 +-
 web/src/lib/stores/uiPrefs.ts                 |   46 +-
 web/src/lib/stores/visible.test.ts            |  182 +--
 web/src/lib/stores/visible.ts                 |  140 +--
 web/src/lib/types/card.ts                     |   51 +
 web/src/lib/types/nav.ts                      |   46 +-
 web/src/lib/util/dragGrid.ts                  |  372 ++++++
 web/src/lib/util/longPress.ts                 |   75 ++
 web/src/routes/+layout.svelte                 |    8 +-
 web/src/routes/+page.svelte                   |  397 +++++--
 web/src/routes/admin/+page.svelte             |    6 +-
 62 files changed, 3381 insertions(+), 2730 deletions(-)
 create mode 100644 server/migrations/0003_create_cards.sql
 create mode 100644 server/migrations/0004_drop_i18n_cols.sql
 create mode 100644 server/src/routes/cards.rs
 delete mode 100644 server/src/routes/groups.rs
 delete mode 100644 server/src/routes/items.rs
 create mode 100644 server/src/services/legacy_migrate.rs
 create mode 100644 server/tests/api_cards.rs
 delete mode 100644 server/tests/api_groups_sites.rs
 delete mode 100644 server/tests/api_items.rs
 create mode 100644 server/tests/repo_cards.rs
 delete mode 100644 server/tests/repo_items.rs
 create mode 100644 web/src/lib/api/cards.ts
 delete mode 100644 web/src/lib/components/Admin/AdminGroupsTab.svelte
 delete mode 100644 web/src/lib/components/Header/EditToggle.svelte
 create mode 100644 web/src/lib/components/Nav/Card.svelte
 delete mode 100644 web/src/lib/components/Nav/FavoritesSection.svelte
 delete mode 100644 web/src/lib/components/Nav/GroupFolder.svelte
 delete mode 100644 web/src/lib/components/Nav/GroupFolderModal.svelte
 delete mode 100644 web/src/lib/components/Nav/GroupHeader.svelte
 delete mode 100644 web/src/lib/components/Nav/GroupSection.svelte
 create mode 100644 web/src/lib/components/Nav/InlineFolderExpand.svelte
 create mode 100644 web/src/lib/components/Nav/JiggleHost.svelte
 delete mode 100644 web/src/lib/components/Nav/NavGrid.svelte
 delete mode 100644 web/src/lib/components/Nav/NavItem.svelte
 create mode 100644 web/src/lib/stores/dragMerge.ts
 delete mode 100644 web/src/lib/stores/editMode.test.ts
 delete mode 100644 web/src/lib/stores/editMode.ts
 create mode 100644 web/src/lib/stores/jiggle.ts
 create mode 100644 web/src/lib/types/card.ts
 create mode 100644 web/src/lib/util/dragGrid.ts
 create mode 100644 web/src/lib/util/longPress.ts

diff --git a/server/migrations/0003_create_cards.sql b/server/migrations/0003_create_cards.sql
new file mode 100644
index 0000000..fe3044a
--- /dev/null
+++ b/server/migrations/0003_create_cards.sql
@@ -0,0 +1,44 @@
+-- Plan 6 / Launchpad unification.
+-- Create the polymorphic `cards` table that subsumes both `groups` and
+-- `items`. Legacy tables stay intact here; data movement happens in the
+-- host-language `legacy_migrate.rs` step that runs immediately after this
+-- file (id remapping needs a hashmap).
+--
+-- Note: the spec calls for `UNIQUE (parent_id, sort_order)`. SQLite
+-- treats NULLs as distinct in UNIQUE constraints, which would let two
+-- root cards share a sort_order. We use an expression-based unique
+-- index with `COALESCE(parent_id, -1)` instead so the rule actually
+-- enforces for top-level cards.
+
+CREATE TABLE cards (
+  id          INTEGER PRIMARY KEY AUTOINCREMENT,
+  kind        TEXT    NOT NULL CHECK (kind IN ('folder', 'item')),
+  parent_id   INTEGER REFERENCES cards(id) ON DELETE CASCADE,
+  sort_order  INTEGER NOT NULL,
+  name        TEXT    NOT NULL,
+  slug        TEXT,
+  icon_kind   TEXT    CHECK (icon_kind IS NULL OR icon_kind IN ('asset','url','auto-favicon')),
+  icon_value  TEXT,
+  description TEXT,
+  created_at  INTEGER NOT NULL,
+  updated_at  INTEGER NOT NULL,
+  CHECK (
+    (kind = 'folder' AND parent_id IS NULL AND slug IS NOT NULL
+        AND icon_kind IS NULL AND icon_value IS NULL AND description IS NULL)
+    OR
+    (kind = 'item' AND slug IS NULL
+        AND icon_kind IS NOT NULL AND icon_value IS NOT NULL)
+  )
+);
+
+CREATE UNIQUE INDEX cards_unique_slot ON cards(COALESCE(parent_id, -1), sort_order);
+CREATE INDEX cards_parent_sort ON cards(parent_id, sort_order);
+
+CREATE TABLE card_links (
+  card_id INTEGER NOT NULL REFERENCES cards(id) ON DELETE CASCADE,
+  site_id INTEGER NOT NULL REFERENCES sites(id) ON DELETE CASCADE,
+  url     TEXT    NOT NULL,
+  PRIMARY KEY (card_id, site_id)
+);
+
+CREATE INDEX idx_card_links_site ON card_links(site_id);
diff --git a/server/migrations/0004_drop_i18n_cols.sql b/server/migrations/0004_drop_i18n_cols.sql
new file mode 100644
index 0000000..e65d8ca
--- /dev/null
+++ b/server/migrations/0004_drop_i18n_cols.sql
@@ -0,0 +1,5 @@
+-- Plan 6 / Launchpad unification.
+-- Drop the only user-facing i18n column that still exists on a live table.
+-- The other *_i18n columns lived on `groups` / `items`, both of which are
+-- already dropped by `legacy_migrate.rs` before this file runs.
+ALTER TABLE sites DROP COLUMN name_i18n;
diff --git a/server/src/dto.rs b/server/src/dto.rs
index 34af250..a37ccc1 100644
--- a/server/src/dto.rs
+++ b/server/src/dto.rs
@@ -1,32 +1,35 @@
-use serde::{Deserialize, Serialize};
+use serde::{Deserialize, Deserializer, Serialize};
 
 fn zero() -> i64 {
     0
 }
 
+/// Deserialize an `Option<Option<T>>` field such that the JSON value `null`
+/// produces `Some(None)` and an absent field produces `None`. The default
+/// serde behaviour collapses both to `None`, which silently swallows
+/// PATCH semantics like `{"parentId": null}` (clear the field).
+fn double_option<'de, T, D>(de: D) -> Result<Option<Option<T>>, D::Error>
+where
+    T: Deserialize<'de>,
+    D: Deserializer<'de>,
+{
+    // If the key is present, this runs and reads either a value or null
+    // into Option<T>; we wrap the result in an outer Some so callers can
+    // tell "field present" from "field absent".
+    Deserialize::deserialize(de).map(Some)
+}
+
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
 #[serde(rename_all = "camelCase")]
 pub struct Site {
     pub id: i64,
     pub value: String,
     pub name: String,
-    pub name_i18n: Option<serde_json::Value>,
     pub sort_order: i64,
     pub is_default: bool,
 }
 
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "camelCase")]
-pub struct Group {
-    pub id: i64,
-    pub slug: String,
-    pub name: String,
-    pub name_i18n: Option<serde_json::Value>,
-    pub sort_order: i64,
-    pub collapsed_default: bool,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
 #[serde(rename_all = "kebab-case")]
 pub enum IconKind {
     Asset,
@@ -34,19 +37,34 @@ pub enum IconKind {
     AutoFavicon,
 }
 
+#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "lowercase")]
+pub enum CardKind {
+    Folder,
+    Item,
+}
+
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
 #[serde(rename_all = "camelCase")]
-pub struct Item {
+pub struct Card {
     pub id: i64,
-    pub group_id: Option<i64>,
+    pub kind: CardKind,
+    pub parent_id: Option<i64>,
+    pub sort_order: i64,
     pub name: String,
-    pub name_i18n: Option<serde_json::Value>,
+    /// Folder-only.
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub slug: Option<String>,
+    /// Item-only.
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub icon_kind: Option<IconKind>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub icon_value: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
     pub description: Option<String>,
-    pub description_i18n: Option<serde_json::Value>,
-    pub icon_kind: IconKind,
-    pub icon_value: String,
-    pub sort_order: i64,
-    pub links: std::collections::BTreeMap<String, String>, // site.value -> URL
+    /// Item-only; site.value -> URL.
+    #[serde(default, skip_serializing_if = "std::collections::BTreeMap::is_empty")]
+    pub links: std::collections::BTreeMap<String, String>,
     #[serde(default = "zero")]
     pub created_at: i64,
     #[serde(default = "zero")]
@@ -62,9 +80,6 @@ pub struct Meta {
     pub site_icp: Option<Link>,
     pub site_police: Option<Link>,
     pub default_theme: String,
-    /// "grouped" (default) renders items inside their group sections;
-    /// "flat" renders all items in a single grid (legacy nav layout).
-    pub layout_mode: String,
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
@@ -80,46 +95,45 @@ pub struct NavBundle {
     pub schema_version: i64,
     pub meta: Meta,
     pub sites: Vec<Site>,
-    pub groups: Vec<Group>,
-    pub items: Vec<Item>,
+    pub cards: Vec<Card>,
 }
 
 // ----- Write payloads -----
 
 #[derive(Debug, Deserialize)]
 #[serde(rename_all = "camelCase")]
-pub struct ItemPayload {
-    pub group_id: Option<i64>,
+pub struct CardPayload {
+    pub kind: CardKind,
+    #[serde(default)]
+    pub parent_id: Option<i64>,
     pub name: String,
     #[serde(default)]
-    pub name_i18n: Option<serde_json::Value>,
+    pub slug: Option<String>,
     #[serde(default)]
-    pub description: Option<String>,
+    pub icon_kind: Option<IconKind>,
     #[serde(default)]
-    pub description_i18n: Option<serde_json::Value>,
-    pub icon_kind: IconKind,
-    pub icon_value: String,
+    pub icon_value: Option<String>,
+    #[serde(default)]
+    pub description: Option<String>,
     #[serde(default)]
     pub links: std::collections::BTreeMap<String, String>,
 }
 
 #[derive(Debug, Deserialize, Default)]
 #[serde(rename_all = "camelCase")]
-pub struct ItemPatch {
-    #[serde(default)]
-    pub group_id: Option<Option<i64>>,
+pub struct CardPatch {
     #[serde(default)]
     pub name: Option<String>,
     #[serde(default)]
-    pub name_i18n: Option<Option<serde_json::Value>>,
-    #[serde(default)]
-    pub description: Option<Option<String>>,
-    #[serde(default)]
-    pub description_i18n: Option<Option<serde_json::Value>>,
+    pub slug: Option<String>,
+    #[serde(default, deserialize_with = "double_option")]
+    pub parent_id: Option<Option<i64>>,
     #[serde(default)]
     pub icon_kind: Option<IconKind>,
     #[serde(default)]
     pub icon_value: Option<String>,
+    #[serde(default, deserialize_with = "double_option")]
+    pub description: Option<Option<String>>,
     #[serde(default)]
     pub links: Option<std::collections::BTreeMap<String, String>>,
 }
@@ -129,42 +143,30 @@ pub struct ItemPatch {
 pub struct ReorderEntry {
     pub id: i64,
     pub sort_order: i64,
+    /// `None` = root bucket (parent_id IS NULL).
     #[serde(default)]
-    pub group_id: Option<Option<i64>>,
+    pub parent_id: Option<i64>,
 }
 
 #[derive(Debug, Deserialize)]
 #[serde(rename_all = "camelCase")]
-pub struct GroupPayload {
-    pub slug: String,
+pub struct AutoFolderPayload {
+    pub source_item_id: i64,
+    pub target_item_id: i64,
     pub name: String,
-    #[serde(default)]
-    pub name_i18n: Option<serde_json::Value>,
-    #[serde(default)]
-    pub collapsed_default: bool,
-}
-
-#[derive(Debug, Deserialize, Default)]
-#[serde(rename_all = "camelCase")]
-pub struct GroupPatch {
+    /// Optional folder slug; auto-generated when omitted.
     #[serde(default)]
     pub slug: Option<String>,
-    #[serde(default)]
-    pub name: Option<String>,
-    #[serde(default)]
-    pub name_i18n: Option<Option<serde_json::Value>>,
-    #[serde(default)]
-    pub collapsed_default: Option<bool>,
 }
 
+// ----- Site write payloads -----
+
 #[derive(Debug, Deserialize)]
 #[serde(rename_all = "camelCase")]
 pub struct SitePayload {
     pub value: String,
     pub name: String,
     #[serde(default)]
-    pub name_i18n: Option<serde_json::Value>,
-    #[serde(default)]
     pub is_default: bool,
 }
 
@@ -176,7 +178,13 @@ pub struct SitePatch {
     #[serde(default)]
     pub name: Option<String>,
     #[serde(default)]
-    pub name_i18n: Option<Option<serde_json::Value>>,
-    #[serde(default)]
     pub is_default: Option<bool>,
 }
+
+/// Reorder entry for sites — sites have no parent, only sort_order.
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct SiteReorderEntry {
+    pub id: i64,
+    pub sort_order: i64,
+}
diff --git a/server/src/main.rs b/server/src/main.rs
index b91dd0c..c738080 100644
--- a/server/src/main.rs
+++ b/server/src/main.rs
@@ -26,6 +26,9 @@ async fn main() -> anyhow::Result<()> {
 
     let pool = connect(&settings.db_url()).await.context("db connect")?;
     migrate(&pool).await.context("migrate")?;
+    navsrv::services::legacy_migrate::migrate_if_needed(&pool)
+        .await
+        .context("legacy_migrate")?;
 
     let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
     let cfg = Arc::new(SqlxConfigRepo::new(pool.clone()));
diff --git a/server/src/repo/nav.rs b/server/src/repo/nav.rs
index 6c2ca78..7dd961e 100644
--- a/server/src/repo/nav.rs
+++ b/server/src/repo/nav.rs
@@ -5,25 +5,27 @@ use async_trait::async_trait;
 #[async_trait]
 pub trait NavRepo: Send + Sync {
     // ----- Bundle -----
-    async fn get_bundle(&self) -> Result<(Vec<Site>, Vec<Group>, Vec<Item>)>;
+    async fn get_bundle(&self) -> Result<(Vec<Site>, Vec<Card>)>;
 
     // ----- Sites -----
     async fn list_sites(&self) -> Result<Vec<Site>>;
     async fn create_site(&self, p: SitePayload) -> Result<Site>;
     async fn patch_site(&self, id: i64, p: SitePatch) -> Result<Site>;
     async fn delete_site(&self, id: i64) -> Result<()>;
-    async fn reorder_sites(&self, entries: Vec<ReorderEntry>) -> Result<()>;
+    async fn reorder_sites(&self, entries: Vec<SiteReorderEntry>) -> Result<()>;
 
-    // ----- Groups -----
-    async fn list_groups(&self) -> Result<Vec<Group>>;
-    async fn create_group(&self, p: GroupPayload) -> Result<Group>;
-    async fn patch_group(&self, id: i64, p: GroupPatch) -> Result<Group>;
-    async fn delete_group(&self, id: i64) -> Result<()>;
-    async fn reorder_groups(&self, entries: Vec<ReorderEntry>) -> Result<()>;
-
-    // ----- Items -----
-    async fn create_item(&self, p: ItemPayload) -> Result<Item>;
-    async fn patch_item(&self, id: i64, p: ItemPatch) -> Result<Item>;
-    async fn delete_item(&self, id: i64) -> Result<()>;
-    async fn reorder_items(&self, entries: Vec<ReorderEntry>) -> Result<()>;
+    // ----- Cards -----
+    async fn list_cards(&self) -> Result<Vec<Card>>;
+    async fn create_card(&self, p: CardPayload) -> Result<Card>;
+    async fn patch_card(&self, id: i64, p: CardPatch) -> Result<Card>;
+    /// Delete a card. Folder children are released to the root bucket
+    /// (parent_id=NULL, appended at end of root sort_order).
+    async fn delete_card(&self, id: i64) -> Result<()>;
+    /// Atomic per-bucket reorder. Validates each parent_id bucket
+    /// listed forms a contiguous 0..N permutation; rejects partial or
+    /// overlapping orderings.
+    async fn reorder_cards(&self, entries: Vec<ReorderEntry>) -> Result<()>;
+    /// Atomic auto-folder: create a folder at the target item's slot,
+    /// move source + target into it as the only children.
+    async fn auto_folder(&self, p: AutoFolderPayload) -> Result<Card>;
 }
diff --git a/server/src/repo/sqlx_impl.rs b/server/src/repo/sqlx_impl.rs
index 5b7207c..708d7cf 100644
--- a/server/src/repo/sqlx_impl.rs
+++ b/server/src/repo/sqlx_impl.rs
@@ -1,13 +1,18 @@
 //! `NavRepo` implementation backed by a SQLite pool.
 //!
-//! Sites/Groups/Tags are fully implemented here. Item methods are stubbed
-//! and filled in by Task 14.
+//! Plan 6 / Launchpad: groups + items collapsed into a single polymorphic
+//! `cards` table. We use untyped sqlx queries throughout to avoid
+//! coupling the offline `.sqlx/` cache to specific column shapes — the
+//! schema has churned three times since this file was first written,
+//! and every churn forced a `cargo sqlx prepare`. Untyped queries cost
+//! us a bit of compile-time safety but stay stable across migrations.
 
 use crate::dto::*;
 use crate::error::{AppError, Result};
 use crate::repo::nav::NavRepo;
 use async_trait::async_trait;
-use sqlx::SqlitePool;
+use sqlx::{Row, SqliteExecutor, SqlitePool};
+use std::collections::{BTreeMap, BTreeSet};
 
 pub struct SqlxNavRepo {
     pool: SqlitePool,
@@ -27,6 +32,22 @@ fn now_ms() -> i64 {
         .unwrap_or(0)
 }
 
+fn icon_kind_str(k: IconKind) -> &'static str {
+    match k {
+        IconKind::Asset => "asset",
+        IconKind::Url => "url",
+        IconKind::AutoFavicon => "auto-favicon",
+    }
+}
+
+fn parse_icon_kind(s: &str) -> IconKind {
+    match s {
+        "url" => IconKind::Url,
+        "auto-favicon" => IconKind::AutoFavicon,
+        _ => IconKind::Asset,
+    }
+}
+
 fn map_unique_violation(err: sqlx::Error) -> AppError {
     if let Some(db_err) = err.as_database_error() {
         let msg = db_err.message();
@@ -39,49 +60,26 @@ fn map_unique_violation(err: sqlx::Error) -> AppError {
 
 #[async_trait]
 impl NavRepo for SqlxNavRepo {
-    async fn get_bundle(&self) -> Result<(Vec<Site>, Vec<Group>, Vec<Item>)> {
+    async fn get_bundle(&self) -> Result<(Vec<Site>, Vec<Card>)> {
         let sites = self.list_sites().await?;
-        let groups = self.list_groups().await?;
-        let items = self.list_items_full().await?;
-        Ok((sites, groups, items))
+        let cards = self.list_cards().await?;
+        Ok((sites, cards))
     }
 
     // ---- Sites ----
 
     async fn list_sites(&self) -> Result<Vec<Site>> {
-        let rows = sqlx::query!(
-            r#"SELECT id as "id!: i64", value, name,
-                      name_i18n as "name_i18n: serde_json::Value",
-                      sort_order as "sort_order!: i64",
-                      is_default
-               FROM sites ORDER BY sort_order, id"#
-        )
-        .fetch_all(&self.pool)
-        .await?;
-        Ok(rows
-            .into_iter()
-            .map(|r| Site {
-                id: r.id,
-                value: r.value,
-                name: r.name,
-                name_i18n: r.name_i18n,
-                sort_order: r.sort_order,
-                is_default: r.is_default != 0,
-            })
-            .collect())
+        list_sites_inner(&self.pool).await
     }
 
     async fn create_site(&self, p: SitePayload) -> Result<Site> {
-        let res = sqlx::query!(
-            "INSERT INTO sites (value, name, name_i18n, is_default) VALUES (?, ?, ?, ?)",
-            p.value,
-            p.name,
-            p.name_i18n,
-            p.is_default
-        )
-        .execute(&self.pool)
-        .await
-        .map_err(map_unique_violation)?;
+        let res = sqlx::query("INSERT INTO sites (value, name, is_default) VALUES (?, ?, ?)")
+            .bind(&p.value)
+            .bind(&p.name)
+            .bind(p.is_default)
+            .execute(&self.pool)
+            .await
+            .map_err(map_unique_violation)?;
         let id = res.last_insert_rowid();
         self.list_sites()
             .await?
@@ -93,23 +91,24 @@ impl NavRepo for SqlxNavRepo {
     async fn patch_site(&self, id: i64, p: SitePatch) -> Result<Site> {
         let mut tx = self.pool.begin().await?;
         if let Some(v) = p.value {
-            sqlx::query!("UPDATE sites SET value=? WHERE id=?", v, id)
+            sqlx::query("UPDATE sites SET value=? WHERE id=?")
+                .bind(v)
+                .bind(id)
                 .execute(&mut *tx)
                 .await
                 .map_err(map_unique_violation)?;
         }
         if let Some(v) = p.name {
-            sqlx::query!("UPDATE sites SET name=? WHERE id=?", v, id)
-                .execute(&mut *tx)
-                .await?;
-        }
-        if let Some(v) = p.name_i18n {
-            sqlx::query!("UPDATE sites SET name_i18n=? WHERE id=?", v, id)
+            sqlx::query("UPDATE sites SET name=? WHERE id=?")
+                .bind(v)
+                .bind(id)
                 .execute(&mut *tx)
                 .await?;
         }
         if let Some(v) = p.is_default {
-            sqlx::query!("UPDATE sites SET is_default=? WHERE id=?", v, id)
+            sqlx::query("UPDATE sites SET is_default=? WHERE id=?")
+                .bind(v)
+                .bind(id)
                 .execute(&mut *tx)
                 .await?;
         }
@@ -122,16 +121,18 @@ impl NavRepo for SqlxNavRepo {
     }
 
     async fn delete_site(&self, id: i64) -> Result<()> {
-        let referenced: i32 =
-            sqlx::query_scalar!("SELECT COUNT(*) FROM item_links WHERE site_id=?", id)
+        let referenced: i64 =
+            sqlx::query_scalar("SELECT COUNT(*) FROM card_links WHERE site_id=?")
+                .bind(id)
                 .fetch_one(&self.pool)
                 .await?;
         if referenced > 0 {
             return Err(AppError::Conflict(format!(
-                "site is referenced by {referenced} item link(s); remove them first"
+                "site is referenced by {referenced} card link(s); remove them first"
             )));
         }
-        let res = sqlx::query!("DELETE FROM sites WHERE id=?", id)
+        let res = sqlx::query("DELETE FROM sites WHERE id=?")
+            .bind(id)
             .execute(&self.pool)
             .await?;
         if res.rows_affected() == 0 {
@@ -140,375 +141,721 @@ impl NavRepo for SqlxNavRepo {
         Ok(())
     }
 
-    async fn reorder_sites(&self, entries: Vec<ReorderEntry>) -> Result<()> {
+    async fn reorder_sites(&self, entries: Vec<SiteReorderEntry>) -> Result<()> {
         let mut tx = self.pool.begin().await?;
         for e in entries {
-            sqlx::query!(
-                "UPDATE sites SET sort_order=? WHERE id=?",
-                e.sort_order,
-                e.id
-            )
-            .execute(&mut *tx)
-            .await?;
+            sqlx::query("UPDATE sites SET sort_order=? WHERE id=?")
+                .bind(e.sort_order)
+                .bind(e.id)
+                .execute(&mut *tx)
+                .await?;
         }
         tx.commit().await?;
         Ok(())
     }
 
-    // ---- Groups ----
+    // ---- Cards ----
 
-    async fn list_groups(&self) -> Result<Vec<Group>> {
-        let rows = sqlx::query!(
-            r#"SELECT id as "id!: i64", slug, name,
-                      name_i18n as "name_i18n: serde_json::Value",
-                      sort_order as "sort_order!: i64",
-                      collapsed_default
-               FROM groups ORDER BY sort_order, id"#
-        )
-        .fetch_all(&self.pool)
-        .await?;
-        Ok(rows
-            .into_iter()
-            .map(|r| Group {
-                id: r.id,
-                slug: r.slug,
-                name: r.name,
-                name_i18n: r.name_i18n,
-                sort_order: r.sort_order,
-                collapsed_default: r.collapsed_default != 0,
-            })
-            .collect())
+    async fn list_cards(&self) -> Result<Vec<Card>> {
+        list_cards_inner(&self.pool).await
     }
 
-    async fn create_group(&self, p: GroupPayload) -> Result<Group> {
-        let res = sqlx::query!(
-            "INSERT INTO groups (slug, name, name_i18n, collapsed_default) VALUES (?, ?, ?, ?)",
-            p.slug,
-            p.name,
-            p.name_i18n,
-            p.collapsed_default
-        )
-        .execute(&self.pool)
-        .await
-        .map_err(map_unique_violation)?;
+    async fn create_card(&self, p: CardPayload) -> Result<Card> {
+        validate_payload(&p)?;
+        let now = now_ms();
+        let mut tx = self.pool.begin().await?;
+
+        // Resolve parent_id semantics: folder must always be root.
+        let parent_id: Option<i64> = match p.kind {
+            CardKind::Folder => None,
+            CardKind::Item => p.parent_id,
+        };
+        // Reject parent that is itself an item.
+        if let Some(pid) = parent_id {
+            ensure_parent_is_folder(&mut *tx, pid).await?;
+        }
+        // Append at end of bucket.
+        let next_slot = next_sort_order(&mut *tx, parent_id).await?;
+
+        let res = match p.kind {
+            CardKind::Folder => {
+                sqlx::query(
+                    "INSERT INTO cards (kind, parent_id, sort_order, name, slug, created_at, updated_at) \
+                     VALUES ('folder', NULL, ?, ?, ?, ?, ?)",
+                )
+                .bind(next_slot)
+                .bind(&p.name)
+                .bind(p.slug.as_deref())
+                .bind(now)
+                .bind(now)
+                .execute(&mut *tx)
+                .await
+                .map_err(map_unique_violation)?
+            }
+            CardKind::Item => {
+                let kind_str = icon_kind_str(p.icon_kind.expect("validated"));
+                sqlx::query(
+                    "INSERT INTO cards (kind, parent_id, sort_order, name, icon_kind, icon_value, description, created_at, updated_at) \
+                     VALUES ('item', ?, ?, ?, ?, ?, ?, ?, ?)",
+                )
+                .bind(parent_id)
+                .bind(next_slot)
+                .bind(&p.name)
+                .bind(kind_str)
+                .bind(p.icon_value.as_deref())
+                .bind(p.description.as_deref())
+                .bind(now)
+                .bind(now)
+                .execute(&mut *tx)
+                .await
+                .map_err(map_unique_violation)?
+            }
+        };
         let id = res.last_insert_rowid();
-        self.list_groups()
-            .await?
-            .into_iter()
-            .find(|g| g.id == id)
-            .ok_or(AppError::NotFound)
+        if matches!(p.kind, CardKind::Item) {
+            insert_links(&mut tx, id, &p.links).await?;
+        }
+        tx.commit().await?;
+        fetch_card(&self.pool, id).await
     }
 
-    async fn patch_group(&self, id: i64, p: GroupPatch) -> Result<Group> {
+    async fn patch_card(&self, id: i64, p: CardPatch) -> Result<Card> {
+        let now = now_ms();
         let mut tx = self.pool.begin().await?;
+
+        // Fetch current row — we need both `kind` (to validate field
+        // applicability) and `parent_id` (so we can dissolve the old
+        // folder later if it ends up with ≤1 children).
+        let row: (String, Option<i64>) =
+            sqlx::query_as("SELECT kind, parent_id FROM cards WHERE id=?")
+                .bind(id)
+                .fetch_optional(&mut *tx)
+                .await?
+                .ok_or(AppError::NotFound)?;
+        let kind_str = row.0;
+        let old_parent = row.1;
+
+        if let Some(v) = p.name {
+            sqlx::query("UPDATE cards SET name=?, updated_at=? WHERE id=?")
+                .bind(v)
+                .bind(now)
+                .bind(id)
+                .execute(&mut *tx)
+                .await?;
+        }
         if let Some(v) = p.slug {
-            sqlx::query!("UPDATE groups SET slug=? WHERE id=?", v, id)
+            if kind_str != "folder" {
+                return Err(AppError::Validation("slug only valid on folders".into()));
+            }
+            sqlx::query("UPDATE cards SET slug=?, updated_at=? WHERE id=?")
+                .bind(v)
+                .bind(now)
+                .bind(id)
                 .execute(&mut *tx)
-                .await
-                .map_err(map_unique_violation)?;
+                .await?;
         }
-        if let Some(v) = p.name {
-            sqlx::query!("UPDATE groups SET name=? WHERE id=?", v, id)
+        if let Some(v) = p.parent_id {
+            if kind_str == "folder" && v.is_some() {
+                return Err(AppError::Validation("folders cannot be nested".into()));
+            }
+            if let Some(target) = v {
+                ensure_parent_is_folder(&mut *tx, target).await?;
+            }
+            // Append to the new bucket's tail.
+            let new_slot = next_sort_order(&mut *tx, v).await?;
+            sqlx::query("UPDATE cards SET parent_id=?, sort_order=?, updated_at=? WHERE id=?")
+                .bind(v)
+                .bind(new_slot)
+                .bind(now)
+                .bind(id)
+                .execute(&mut *tx)
+                .await?;
+        }
+        if let Some(v) = p.icon_kind {
+            if kind_str != "item" {
+                return Err(AppError::Validation("icon_kind only valid on items".into()));
+            }
+            sqlx::query("UPDATE cards SET icon_kind=?, updated_at=? WHERE id=?")
+                .bind(icon_kind_str(v))
+                .bind(now)
+                .bind(id)
                 .execute(&mut *tx)
                 .await?;
         }
-        if let Some(v) = p.name_i18n {
-            sqlx::query!("UPDATE groups SET name_i18n=? WHERE id=?", v, id)
+        if let Some(v) = p.icon_value {
+            if kind_str != "item" {
+                return Err(AppError::Validation("icon_value only valid on items".into()));
+            }
+            sqlx::query("UPDATE cards SET icon_value=?, updated_at=? WHERE id=?")
+                .bind(v)
+                .bind(now)
+                .bind(id)
                 .execute(&mut *tx)
                 .await?;
         }
-        if let Some(v) = p.collapsed_default {
-            sqlx::query!("UPDATE groups SET collapsed_default=? WHERE id=?", v, id)
+        if let Some(v) = p.description {
+            sqlx::query("UPDATE cards SET description=?, updated_at=? WHERE id=?")
+                .bind(v)
+                .bind(now)
+                .bind(id)
                 .execute(&mut *tx)
                 .await?;
         }
-        tx.commit().await?;
-        self.list_groups()
-            .await?
-            .into_iter()
-            .find(|g| g.id == id)
-            .ok_or(AppError::NotFound)
-    }
-
-    async fn delete_group(&self, id: i64) -> Result<()> {
-        let referenced: i32 =
-            sqlx::query_scalar!("SELECT COUNT(*) FROM items WHERE group_id=?", id)
-                .fetch_one(&self.pool)
+        if let Some(links) = p.links {
+            if kind_str != "item" {
+                return Err(AppError::Validation("links only valid on items".into()));
+            }
+            sqlx::query("DELETE FROM card_links WHERE card_id=?")
+                .bind(id)
+                .execute(&mut *tx)
                 .await?;
-        if referenced > 0 {
-            return Err(AppError::Conflict(format!(
-                "group still contains {referenced} item(s); move them first"
-            )));
+            insert_links(&mut tx, id, &links).await?;
         }
-        let res = sqlx::query!("DELETE FROM groups WHERE id=?", id)
-            .execute(&self.pool)
-            .await?;
-        if res.rows_affected() == 0 {
-            return Err(AppError::NotFound);
+
+        // If the patch moved the card out of a folder, the old folder
+        // might be down to 0 or 1 children — dissolve it.
+        let mut to_dissolve: Vec<i64> = Vec::new();
+        if let Some(opt) = p.parent_id {
+            if opt != old_parent {
+                if let Some(fid) = old_parent {
+                    to_dissolve.push(fid);
+                }
+            }
         }
-        Ok(())
+        dissolve_singleton_folders(&mut tx, to_dissolve).await?;
+
+        tx.commit().await?;
+        fetch_card(&self.pool, id).await
     }
 
-    async fn reorder_groups(&self, entries: Vec<ReorderEntry>) -> Result<()> {
+    async fn delete_card(&self, id: i64) -> Result<()> {
         let mut tx = self.pool.begin().await?;
-        for e in entries {
-            sqlx::query!(
-                "UPDATE groups SET sort_order=? WHERE id=?",
-                e.sort_order,
-                e.id
+        let row: Option<(String, Option<i64>)> =
+            sqlx::query_as("SELECT kind, parent_id FROM cards WHERE id=?")
+                .bind(id)
+                .fetch_optional(&mut *tx)
+                .await?;
+        let (kind, old_parent) = row.ok_or(AppError::NotFound)?;
+        if kind == "folder" {
+            // Release children: parent_id = NULL, appended at end of root bucket.
+            let mut next_root: i64 =
+                sqlx::query_scalar("SELECT COALESCE(MAX(sort_order), -1) + 1 FROM cards WHERE parent_id IS NULL")
+                    .fetch_one(&mut *tx)
+                    .await?;
+            let child_ids: Vec<i64> = sqlx::query_scalar(
+                "SELECT id FROM cards WHERE parent_id=? ORDER BY sort_order, id",
             )
+            .bind(id)
+            .fetch_all(&mut *tx)
+            .await?;
+            // Move children OUT of the folder before we delete it. To
+            // sidestep the (parent_id, sort_order) uniqueness during the
+            // window where two cards share a slot, we move each child
+            // through a temporary holding sort value (negative ids) then
+            // settle them into their final root slot.
+            for (offset, cid) in child_ids.iter().enumerate() {
+                let staging = -1_i64 - offset as i64;
+                sqlx::query("UPDATE cards SET parent_id=NULL, sort_order=? WHERE id=?")
+                    .bind(staging)
+                    .bind(cid)
+                    .execute(&mut *tx)
+                    .await?;
+            }
+            for cid in &child_ids {
+                sqlx::query("UPDATE cards SET sort_order=? WHERE id=?")
+                    .bind(next_root)
+                    .bind(cid)
+                    .execute(&mut *tx)
+                    .await?;
+                next_root += 1;
+            }
+        }
+        sqlx::query("DELETE FROM cards WHERE id=?")
+            .bind(id)
             .execute(&mut *tx)
             .await?;
+
+        // If we just removed an item from inside a folder, the folder
+        // may now be down to ≤1 children — dissolve it.
+        if kind == "item" {
+            if let Some(fid) = old_parent {
+                dissolve_singleton_folders(&mut tx, std::iter::once(fid)).await?;
+            }
         }
+
         tx.commit().await?;
         Ok(())
     }
 
-    // ---- Tags ----
+    async fn reorder_cards(&self, entries: Vec<ReorderEntry>) -> Result<()> {
+        if entries.is_empty() {
+            return Ok(());
+        }
+        let entries_dbg: Vec<String> = entries
+            .iter()
+            .map(|e| format!("(id={}, parent={:?}, sort={})", e.id, e.parent_id, e.sort_order))
+            .collect();
+        tracing::info!(entries = ?entries_dbg, "reorder_cards: incoming");
 
-    // ---- Items ----
+        // Group by parent_id.
+        let mut buckets: BTreeMap<Option<i64>, Vec<&ReorderEntry>> = BTreeMap::new();
+        for e in &entries {
+            buckets.entry(e.parent_id).or_default().push(e);
+        }
+        // Validate each bucket forms a contiguous 0..N permutation.
+        for (parent, bucket) in &buckets {
+            let mut orders: Vec<i64> = bucket.iter().map(|e| e.sort_order).collect();
+            orders.sort();
+            for (i, o) in orders.iter().enumerate() {
+                if *o != i as i64 {
+                    return Err(AppError::Validation(format!(
+                        "reorder bucket {parent:?} is not a contiguous 0..N permutation"
+                    )));
+                }
+            }
+        }
 
-    async fn create_item(&self, p: ItemPayload) -> Result<Item> {
         let now = now_ms();
-        let kind_str = match p.icon_kind {
-            IconKind::Asset => "asset",
-            IconKind::Url => "url",
-            IconKind::AutoFavicon => "auto-favicon",
-        };
-
         let mut tx = self.pool.begin().await?;
-        let res = sqlx::query!(
-            r#"INSERT INTO items
-                (group_id, name, name_i18n, description, description_i18n,
-                 icon_kind, icon_value, sort_order, created_at, updated_at)
-               VALUES (?, ?, ?, ?, ?, ?, ?, COALESCE((SELECT MAX(sort_order)+1 FROM items WHERE group_id IS ?), 0), ?, ?)"#,
-            p.group_id, p.name, p.name_i18n, p.description, p.description_i18n,
-            kind_str, p.icon_value, p.group_id, now, now
-        ).execute(&mut *tx).await?;
-        let id = res.last_insert_rowid();
 
-        for (site_value, url) in &p.links {
-            sqlx::query!(
-                r#"INSERT INTO item_links (item_id, site_id, url)
-                    SELECT ?, sites.id, ? FROM sites WHERE sites.value = ?"#,
-                id,
-                url,
-                site_value
-            )
-            .execute(&mut *tx)
-            .await?;
+        // Capture each entry's pre-update parent_id so we can dissolve
+        // any folder that loses its last (or second-to-last) child as a
+        // result of this reorder/reparent.
+        let mut maybe_dissolve: BTreeSet<i64> = BTreeSet::new();
+        for e in &entries {
+            let old_parent: Option<i64> =
+                sqlx::query_scalar("SELECT parent_id FROM cards WHERE id=?")
+                    .bind(e.id)
+                    .fetch_optional(&mut *tx)
+                    .await?
+                    .flatten();
+            if old_parent != e.parent_id {
+                if let Some(fid) = old_parent {
+                    maybe_dissolve.insert(fid);
+                }
+            }
         }
 
+        // The previous in-place "stage to negative slots, then reapply"
+        // trick was racy: when the client's `entries` only covered the
+        // visible subset of a bucket, *unlisted* rows still occupied
+        // some of the target slots, and the apply step blew up with
+        // UNIQUE constraint failures. Instead we now:
+        //   1. Move every listed card into the target parent bucket at
+        //      a unique negative slot (so we never collide with any
+        //      sibling that we don't know about).
+        //   2. Compact every affected bucket: read all rows in that
+        //      bucket from the DB, sort them with the listed entries
+        //      taking the requested order and remaining rows stable
+        //      after them, then rewrite contiguous 0..N sort_orders.
+        // This is idempotent and never raises UNIQUE.
+        let target_parents: BTreeSet<Option<i64>> =
+            entries.iter().map(|e| e.parent_id).collect();
+
+        // Step 1: stage every entry to a unique negative slot under its
+        // TARGET parent. We use very-negative slots (offset by 1<<20) so
+        // they can't collide with any pre-existing data.
+        for (idx, e) in entries.iter().enumerate() {
+            let staging = -(1_i64 << 20) - idx as i64;
+            sqlx::query("UPDATE cards SET parent_id=?, sort_order=?, updated_at=? WHERE id=?")
+                .bind(e.parent_id)
+                .bind(staging)
+                .bind(now)
+                .bind(e.id)
+                .execute(&mut *tx)
+                .await?;
+        }
+
+        // Step 2: for each affected bucket, compact 0..N. Build the
+        // final order: requested entries first (in their requested
+        // sort_order), then any pre-existing siblings we didn't know
+        // about, in their existing sort_order. Then renumber 0..N.
+        for parent in &target_parents {
+            // Listed entries for this bucket, sorted by requested order.
+            let mut listed: Vec<&ReorderEntry> = entries
+                .iter()
+                .filter(|e| e.parent_id == *parent)
+                .collect();
+            listed.sort_by_key(|e| e.sort_order);
+
+            // Other rows in the same bucket that aren't in `listed`.
+            let listed_ids: BTreeSet<i64> = listed.iter().map(|e| e.id).collect();
+            let other_ids: Vec<i64> = match parent {
+                Some(p) => {
+                    sqlx::query_scalar(
+                        "SELECT id FROM cards WHERE parent_id=? ORDER BY sort_order, id",
+                    )
+                    .bind(*p)
+                    .fetch_all(&mut *tx)
+                    .await?
+                }
+                None => {
+                    sqlx::query_scalar(
+                        "SELECT id FROM cards WHERE parent_id IS NULL ORDER BY sort_order, id",
+                    )
+                    .fetch_all(&mut *tx)
+                    .await?
+                }
+            };
+            let others: Vec<i64> = other_ids
+                .into_iter()
+                .filter(|id| !listed_ids.contains(id))
+                .collect();
+
+            // Final order: listed (in requested order) followed by others.
+            // Stage every row to a fresh negative slot first, then write
+            // the contiguous 0..N values, so we never collide.
+            let final_order: Vec<i64> = listed
+                .iter()
+                .map(|e| e.id)
+                .chain(others.into_iter())
+                .collect();
+
+            for (idx, id) in final_order.iter().enumerate() {
+                let staging = -1_i64 - idx as i64;
+                sqlx::query("UPDATE cards SET sort_order=? WHERE id=?")
+                    .bind(staging)
+                    .bind(id)
+                    .execute(&mut *tx)
+                    .await?;
+            }
+            for (idx, id) in final_order.iter().enumerate() {
+                sqlx::query("UPDATE cards SET sort_order=?, updated_at=? WHERE id=?")
+                    .bind(idx as i64)
+                    .bind(now)
+                    .bind(id)
+                    .execute(&mut *tx)
+                    .await
+                    .map_err(map_unique_violation)?;
+            }
+        }
+
+        dissolve_singleton_folders(&mut tx, maybe_dissolve).await?;
+
         tx.commit().await?;
-        self.fetch_item(id).await
+        Ok(())
     }
 
-    async fn patch_item(&self, id: i64, p: ItemPatch) -> Result<Item> {
+    async fn auto_folder(&self, p: AutoFolderPayload) -> Result<Card> {
+        if p.source_item_id == p.target_item_id {
+            return Err(AppError::Validation(
+                "source and target must differ".into(),
+            ));
+        }
         let now = now_ms();
         let mut tx = self.pool.begin().await?;
-        if let Some(v) = p.group_id {
-            sqlx::query!(
-                "UPDATE items SET group_id=?, updated_at=? WHERE id=?",
-                v,
-                now,
-                id
-            )
-            .execute(&mut *tx)
-            .await?;
-        }
-        if let Some(v) = p.name {
-            sqlx::query!(
-                "UPDATE items SET name=?, updated_at=? WHERE id=?",
-                v,
-                now,
-                id
-            )
-            .execute(&mut *tx)
-            .await?;
+
+        // Both must be items at root.
+        let target_row: Option<(String, Option<i64>, i64)> = sqlx::query_as(
+            "SELECT kind, parent_id, sort_order FROM cards WHERE id=?",
+        )
+        .bind(p.target_item_id)
+        .fetch_optional(&mut *tx)
+        .await?;
+        let (target_kind, target_parent, target_sort) =
+            target_row.ok_or(AppError::NotFound)?;
+        if target_kind != "item" {
+            return Err(AppError::Validation("target must be an item".into()));
         }
-        if let Some(v) = p.name_i18n {
-            sqlx::query!(
-                "UPDATE items SET name_i18n=?, updated_at=? WHERE id=?",
-                v,
-                now,
-                id
-            )
-            .execute(&mut *tx)
-            .await?;
+        let source_row: Option<(String, Option<i64>)> =
+            sqlx::query_as("SELECT kind, parent_id FROM cards WHERE id=?")
+                .bind(p.source_item_id)
+                .fetch_optional(&mut *tx)
+                .await?;
+        let (source_kind, source_parent) = source_row.ok_or(AppError::NotFound)?;
+        if source_kind != "item" {
+            return Err(AppError::Validation("source must be an item".into()));
         }
-        if let Some(v) = p.description {
-            sqlx::query!(
-                "UPDATE items SET description=?, updated_at=? WHERE id=?",
-                v,
-                now,
-                id
-            )
-            .execute(&mut *tx)
-            .await?;
+        // Folders must be at root, so the target item's bucket must be root.
+        if target_parent.is_some() {
+            return Err(AppError::Validation(
+                "auto-folder target must be a root card (folders cannot nest)".into(),
+            ));
         }
-        if let Some(v) = p.description_i18n {
-            sqlx::query!(
-                "UPDATE items SET description_i18n=?, updated_at=? WHERE id=?",
-                v,
-                now,
-                id
-            )
+
+        // Stage target away to free its slot.
+        sqlx::query("UPDATE cards SET sort_order=-100000 WHERE id=?")
+            .bind(p.target_item_id)
             .execute(&mut *tx)
             .await?;
-        }
-        if let Some(v) = p.icon_kind {
-            let s = match v {
-                IconKind::Asset => "asset",
-                IconKind::Url => "url",
-                IconKind::AutoFavicon => "auto-favicon",
-            };
-            sqlx::query!(
-                "UPDATE items SET icon_kind=?, updated_at=? WHERE id=?",
-                s,
-                now,
-                id
-            )
+
+        // Create the folder at the target's old slot.
+        let slug = match p.slug {
+            Some(s) => s,
+            None => format!("folder-{now}"),
+        };
+        let folder_res = sqlx::query(
+            "INSERT INTO cards (kind, parent_id, sort_order, name, slug, created_at, updated_at) \
+             VALUES ('folder', NULL, ?, ?, ?, ?, ?)",
+        )
+        .bind(target_sort)
+        .bind(&p.name)
+        .bind(&slug)
+        .bind(now)
+        .bind(now)
+        .execute(&mut *tx)
+        .await
+        .map_err(map_unique_violation)?;
+        let folder_id = folder_res.last_insert_rowid();
+
+        // Move source + target into the folder at slots 0 and 1.
+        sqlx::query("UPDATE cards SET parent_id=?, sort_order=?, updated_at=? WHERE id=?")
+            .bind(folder_id)
+            .bind(0_i64)
+            .bind(now)
+            .bind(p.source_item_id)
             .execute(&mut *tx)
             .await?;
-        }
-        if let Some(v) = p.icon_value {
-            sqlx::query!(
-                "UPDATE items SET icon_value=?, updated_at=? WHERE id=?",
-                v,
-                now,
-                id
-            )
+        sqlx::query("UPDATE cards SET parent_id=?, sort_order=?, updated_at=? WHERE id=?")
+            .bind(folder_id)
+            .bind(1_i64)
+            .bind(now)
+            .bind(p.target_item_id)
             .execute(&mut *tx)
             .await?;
-        }
 
-        if let Some(links) = p.links {
-            sqlx::query!("DELETE FROM item_links WHERE item_id=?", id)
-                .execute(&mut *tx)
-                .await?;
-            for (site_value, url) in links {
-                sqlx::query!(
-                    r#"INSERT INTO item_links (item_id, site_id, url)
-                        SELECT ?, sites.id, ? FROM sites WHERE sites.value = ?"#,
-                    id,
-                    url,
-                    site_value
-                )
-                .execute(&mut *tx)
-                .await?;
-            }
+        // The source's old parent (if it was inside another folder)
+        // might now be down to ≤1 children — dissolve it.
+        if let Some(fid) = source_parent {
+            dissolve_singleton_folders(&mut tx, std::iter::once(fid)).await?;
         }
+
         tx.commit().await?;
-        self.fetch_item(id).await
+        fetch_card(&self.pool, folder_id).await
     }
+}
 
-    async fn delete_item(&self, id: i64) -> Result<()> {
-        let res = sqlx::query!("DELETE FROM items WHERE id=?", id)
-            .execute(&self.pool)
+// --------------- helpers ---------------
+
+/// macOS-Launchpad style auto-dissolve: a folder that's been emptied
+/// down to ≤1 children automatically goes away. The lone child (if any)
+/// is moved to the root grid, appended at the end. Idempotent — safe to
+/// call with ids that no longer exist or aren't actually folders.
+async fn dissolve_singleton_folders(
+    conn: &mut sqlx::SqliteConnection,
+    candidates: impl IntoIterator<Item = i64>,
+) -> Result<()> {
+    let now = now_ms();
+    let mut seen = std::collections::BTreeSet::new();
+    for fid in candidates {
+        if !seen.insert(fid) {
+            continue;
+        }
+        let kind: Option<String> = sqlx::query_scalar("SELECT kind FROM cards WHERE id=?")
+            .bind(fid)
+            .fetch_optional(&mut *conn)
             .await?;
-        if res.rows_affected() == 0 {
-            return Err(AppError::NotFound);
+        if kind.as_deref() != Some("folder") {
+            continue;
         }
-        Ok(())
-    }
-
-    async fn reorder_items(&self, entries: Vec<ReorderEntry>) -> Result<()> {
-        let now = now_ms();
-        let mut tx = self.pool.begin().await?;
-        for e in entries {
-            match e.group_id {
-                Some(gid) => {
-                    sqlx::query!(
-                        "UPDATE items SET sort_order=?, group_id=?, updated_at=? WHERE id=?",
-                        e.sort_order,
-                        gid,
-                        now,
-                        e.id
-                    )
-                    .execute(&mut *tx)
-                    .await?;
-                }
-                None => {
-                    sqlx::query!(
-                        "UPDATE items SET sort_order=?, updated_at=? WHERE id=?",
-                        e.sort_order,
-                        now,
-                        e.id
-                    )
-                    .execute(&mut *tx)
+        let child_count: i64 =
+            sqlx::query_scalar("SELECT COUNT(*) FROM cards WHERE parent_id=?")
+                .bind(fid)
+                .fetch_one(&mut *conn)
+                .await?;
+        if child_count > 1 {
+            continue;
+        }
+        if child_count == 1 {
+            // Move the lone child to the end of the root bucket. Stage
+            // through a far-negative slot so we never collide.
+            let child_id: i64 =
+                sqlx::query_scalar("SELECT id FROM cards WHERE parent_id=? LIMIT 1")
+                    .bind(fid)
+                    .fetch_one(&mut *conn)
                     .await?;
-                }
-            }
+            let next_root: i64 = sqlx::query_scalar(
+                "SELECT COALESCE(MAX(sort_order), -1) + 1 FROM cards WHERE parent_id IS NULL",
+            )
+            .fetch_one(&mut *conn)
+            .await?;
+            sqlx::query(
+                "UPDATE cards SET parent_id=NULL, sort_order=?, updated_at=? WHERE id=?",
+            )
+            .bind(-(1_i64 << 30))
+            .bind(now)
+            .bind(child_id)
+            .execute(&mut *conn)
+            .await?;
+            sqlx::query("UPDATE cards SET sort_order=?, updated_at=? WHERE id=?")
+                .bind(next_root)
+                .bind(now)
+                .bind(child_id)
+                .execute(&mut *conn)
+                .await?;
         }
-        tx.commit().await?;
-        Ok(())
+        sqlx::query("DELETE FROM cards WHERE id=?")
+            .bind(fid)
+            .execute(&mut *conn)
+            .await?;
     }
+    Ok(())
 }
 
-impl SqlxNavRepo {
-    pub(crate) async fn fetch_item(&self, id: i64) -> Result<Item> {
-        self.list_items_full()
-            .await?
-            .into_iter()
-            .find(|i| i.id == id)
-            .ok_or(AppError::NotFound)
+async fn ensure_parent_is_folder<'e, E>(executor: E, parent_id: i64) -> Result<()>
+where
+    E: SqliteExecutor<'e>,
+{
+    let kind: Option<String> = sqlx::query_scalar("SELECT kind FROM cards WHERE id=?")
+        .bind(parent_id)
+        .fetch_optional(executor)
+        .await?;
+    match kind.as_deref() {
+        Some("folder") => Ok(()),
+        Some(_) => Err(AppError::Validation(
+            "parent must be a folder card".into(),
+        )),
+        None => Err(AppError::Validation("parent card does not exist".into())),
     }
+}
 
-    pub(crate) async fn list_items_full(&self) -> Result<Vec<Item>> {
-        let item_rows = sqlx::query!(
-            r#"SELECT id as "id!: i64", group_id,
-                      name, name_i18n as "name_i18n: serde_json::Value",
-                      description, description_i18n as "description_i18n: serde_json::Value",
-                      icon_kind, icon_value,
-                      sort_order as "sort_order!: i64",
-                      created_at as "created_at!: i64",
-                      updated_at as "updated_at!: i64"
-               FROM items
-               ORDER BY group_id, sort_order, id"#
-        )
-        .fetch_all(&self.pool)
-        .await?;
+async fn next_sort_order<'e, E>(executor: E, parent_id: Option<i64>) -> Result<i64>
+where
+    E: SqliteExecutor<'e>,
+{
+    let next: i64 = match parent_id {
+        Some(p) => {
+            sqlx::query_scalar("SELECT COALESCE(MAX(sort_order), -1) + 1 FROM cards WHERE parent_id=?")
+                .bind(p)
+                .fetch_one(executor)
+                .await?
+        }
+        None => {
+            sqlx::query_scalar("SELECT COALESCE(MAX(sort_order), -1) + 1 FROM cards WHERE parent_id IS NULL")
+                .fetch_one(executor)
+                .await?
+        }
+    };
+    Ok(next)
+}
 
-        let link_rows = sqlx::query!(
-            r#"SELECT il.item_id as "item_id!: i64", s.value as "site_value!", il.url as "url!"
-               FROM item_links il JOIN sites s ON s.id = il.site_id"#
+async fn insert_links(
+    conn: &mut sqlx::SqliteConnection,
+    card_id: i64,
+    links: &std::collections::BTreeMap<String, String>,
+) -> Result<()> {
+    for (site_value, url) in links {
+        sqlx::query(
+            "INSERT INTO card_links (card_id, site_id, url) \
+             SELECT ?, sites.id, ? FROM sites WHERE sites.value = ?",
         )
-        .fetch_all(&self.pool)
+        .bind(card_id)
+        .bind(url)
+        .bind(site_value)
+        .execute(&mut *conn)
         .await?;
+    }
+    Ok(())
+}
 
-        let mut items: Vec<Item> = item_rows
-            .into_iter()
-            .map(|r| {
-                let kind = match r.icon_kind.as_str() {
-                    "url" => IconKind::Url,
-                    "auto-favicon" => IconKind::AutoFavicon,
-                    _ => IconKind::Asset,
-                };
-                Item {
-                    id: r.id,
-                    group_id: r.group_id,
-                    name: r.name,
-                    name_i18n: r.name_i18n,
-                    description: r.description,
-                    description_i18n: r.description_i18n,
-                    icon_kind: kind,
-                    icon_value: r.icon_value,
-                    sort_order: r.sort_order,
-                    links: Default::default(),
-                    created_at: r.created_at,
-                    updated_at: r.updated_at,
-                }
-            })
-            .collect();
+fn validate_payload(p: &CardPayload) -> Result<()> {
+    match p.kind {
+        CardKind::Folder => {
+            if p.slug.is_none() {
+                return Err(AppError::Validation("folder requires slug".into()));
+            }
+            if p.icon_kind.is_some() || p.icon_value.is_some() {
+                return Err(AppError::Validation(
+                    "folder must not have icon_kind / icon_value".into(),
+                ));
+            }
+            if !p.links.is_empty() {
+                return Err(AppError::Validation("folder must not have links".into()));
+            }
+            if p.parent_id.is_some() {
+                return Err(AppError::Validation("folders cannot be nested".into()));
+            }
+        }
+        CardKind::Item => {
+            if p.icon_kind.is_none() || p.icon_value.is_none() {
+                return Err(AppError::Validation(
+                    "item requires icon_kind and icon_value".into(),
+                ));
+            }
+            if p.slug.is_some() {
+                return Err(AppError::Validation("item must not have slug".into()));
+            }
+        }
+    }
+    Ok(())
+}
 
-        let by_id: std::collections::HashMap<i64, usize> =
-            items.iter().enumerate().map(|(i, it)| (it.id, i)).collect();
+async fn list_sites_inner(pool: &SqlitePool) -> Result<Vec<Site>> {
+    let rows = sqlx::query("SELECT id, value, name, sort_order, is_default FROM sites ORDER BY sort_order, id")
+        .fetch_all(pool)
+        .await?;
+    Ok(rows
+        .into_iter()
+        .map(|r| Site {
+            id: r.get::<i64, _>("id"),
+            value: r.get::<String, _>("value"),
+            name: r.get::<String, _>("name"),
+            sort_order: r.get::<i64, _>("sort_order"),
+            is_default: r.get::<i64, _>("is_default") != 0,
+        })
+        .collect())
+}
 
-        for r in link_rows {
-            if let Some(&idx) = by_id.get(&r.item_id) {
-                items[idx].links.insert(r.site_value, r.url);
+async fn list_cards_inner(pool: &SqlitePool) -> Result<Vec<Card>> {
+    let card_rows = sqlx::query(
+        "SELECT id, kind, parent_id, sort_order, name, slug, icon_kind, icon_value, description, created_at, updated_at \
+         FROM cards ORDER BY parent_id NULLS FIRST, sort_order, id",
+    )
+    .fetch_all(pool)
+    .await?;
+
+    let mut cards: Vec<Card> = card_rows
+        .into_iter()
+        .map(|r| {
+            let kind_s: String = r.get("kind");
+            let kind = match kind_s.as_str() {
+                "folder" => CardKind::Folder,
+                _ => CardKind::Item,
+            };
+            let icon_kind_s: Option<String> = r.get("icon_kind");
+            Card {
+                id: r.get::<i64, _>("id"),
+                kind,
+                parent_id: r.get::<Option<i64>, _>("parent_id"),
+                sort_order: r.get::<i64, _>("sort_order"),
+                name: r.get::<String, _>("name"),
+                slug: r.get::<Option<String>, _>("slug"),
+                icon_kind: icon_kind_s.as_deref().map(parse_icon_kind),
+                icon_value: r.get::<Option<String>, _>("icon_value"),
+                description: r.get::<Option<String>, _>("description"),
+                links: BTreeMap::new(),
+                created_at: r.get::<i64, _>("created_at"),
+                updated_at: r.get::<i64, _>("updated_at"),
             }
+        })
+        .collect();
+
+    let link_rows = sqlx::query(
+        "SELECT cl.card_id, s.value, cl.url \
+         FROM card_links cl JOIN sites s ON s.id = cl.site_id",
+    )
+    .fetch_all(pool)
+    .await?;
+
+    let mut by_id: std::collections::HashMap<i64, usize> = std::collections::HashMap::new();
+    for (idx, c) in cards.iter().enumerate() {
+        by_id.insert(c.id, idx);
+    }
+    for r in link_rows {
+        let cid: i64 = r.get("card_id");
+        let value: String = r.get("value");
+        let url: String = r.get("url");
+        if let Some(&idx) = by_id.get(&cid) {
+            cards[idx].links.insert(value, url);
         }
-        Ok(items)
     }
+    Ok(cards)
+}
+
+async fn fetch_card(pool: &SqlitePool, id: i64) -> Result<Card> {
+    list_cards_inner(pool)
+        .await?
+        .into_iter()
+        .find(|c| c.id == id)
+        .ok_or(AppError::NotFound)
 }
diff --git a/server/src/routes/cards.rs b/server/src/routes/cards.rs
new file mode 100644
index 0000000..164f128
--- /dev/null
+++ b/server/src/routes/cards.rs
@@ -0,0 +1,64 @@
+use axum::{
+    extract::{Path, State},
+    http::StatusCode,
+    routing::{patch, post},
+    Json, Router,
+};
+
+use crate::auth::RequireAuth;
+use crate::dto::{AutoFolderPayload, Card, CardPatch, CardPayload, ReorderEntry};
+use crate::error::Result;
+use crate::state::AppState;
+
+pub fn router() -> Router<AppState> {
+    Router::new()
+        .route("/cards", post(create))
+        .route("/cards/reorder", post(reorder))
+        .route("/cards/auto-folder", post(auto_folder))
+        .route("/cards/:id", patch(update).delete(remove))
+}
+
+async fn create(
+    _auth: RequireAuth,
+    State(s): State<AppState>,
+    Json(body): Json<CardPayload>,
+) -> Result<(StatusCode, Json<Card>)> {
+    let card = s.nav.create_card(body).await?;
+    Ok((StatusCode::CREATED, Json(card)))
+}
+
+async fn update(
+    _auth: RequireAuth,
+    State(s): State<AppState>,
+    Path(id): Path<i64>,
+    Json(body): Json<CardPatch>,
+) -> Result<Json<Card>> {
+    Ok(Json(s.nav.patch_card(id, body).await?))
+}
+
+async fn remove(
+    _auth: RequireAuth,
+    State(s): State<AppState>,
+    Path(id): Path<i64>,
+) -> Result<StatusCode> {
+    s.nav.delete_card(id).await?;
+    Ok(StatusCode::NO_CONTENT)
+}
+
+async fn reorder(
+    _auth: RequireAuth,
+    State(s): State<AppState>,
+    Json(entries): Json<Vec<ReorderEntry>>,
+) -> Result<StatusCode> {
+    s.nav.reorder_cards(entries).await?;
+    Ok(StatusCode::NO_CONTENT)
+}
+
+async fn auto_folder(
+    _auth: RequireAuth,
+    State(s): State<AppState>,
+    Json(body): Json<AutoFolderPayload>,
+) -> Result<(StatusCode, Json<Card>)> {
+    let folder = s.nav.auto_folder(body).await?;
+    Ok((StatusCode::CREATED, Json(folder)))
+}
diff --git a/server/src/routes/groups.rs b/server/src/routes/groups.rs
deleted file mode 100644
index cfee6d9..0000000
--- a/server/src/routes/groups.rs
+++ /dev/null
@@ -1,50 +0,0 @@
-use axum::{
-    extract::{Path, State},
-    http::StatusCode,
-    routing::{patch, post},
-    Json, Router,
-};
-
-use crate::auth::RequireAuth;
-use crate::dto::{Group, GroupPatch, GroupPayload, ReorderEntry};
-use crate::error::Result;
-use crate::state::AppState;
-
-pub fn router() -> Router<AppState> {
-    Router::new()
-        .route("/groups", post(create))
-        .route("/groups/reorder", post(reorder))
-        .route("/groups/:id", patch(update).delete(remove))
-}
-
-async fn create(
-    _a: RequireAuth,
-    State(s): State<AppState>,
-    Json(body): Json<GroupPayload>,
-) -> Result<(StatusCode, Json<Group>)> {
-    Ok((StatusCode::CREATED, Json(s.nav.create_group(body).await?)))
-}
-async fn update(
-    _a: RequireAuth,
-    State(s): State<AppState>,
-    Path(id): Path<i64>,
-    Json(body): Json<GroupPatch>,
-) -> Result<Json<Group>> {
-    Ok(Json(s.nav.patch_group(id, body).await?))
-}
-async fn remove(
-    _a: RequireAuth,
-    State(s): State<AppState>,
-    Path(id): Path<i64>,
-) -> Result<StatusCode> {
-    s.nav.delete_group(id).await?;
-    Ok(StatusCode::NO_CONTENT)
-}
-async fn reorder(
-    _a: RequireAuth,
-    State(s): State<AppState>,
-    Json(entries): Json<Vec<ReorderEntry>>,
-) -> Result<StatusCode> {
-    s.nav.reorder_groups(entries).await?;
-    Ok(StatusCode::NO_CONTENT)
-}
diff --git a/server/src/routes/items.rs b/server/src/routes/items.rs
deleted file mode 100644
index 949b36c..0000000
--- a/server/src/routes/items.rs
+++ /dev/null
@@ -1,54 +0,0 @@
-use axum::{
-    extract::{Path, State},
-    http::StatusCode,
-    routing::{patch, post},
-    Json, Router,
-};
-
-use crate::auth::RequireAuth;
-use crate::dto::{Item, ItemPatch, ItemPayload, ReorderEntry};
-use crate::error::Result;
-use crate::state::AppState;
-
-pub fn router() -> Router<AppState> {
-    Router::new()
-        .route("/items", post(create))
-        .route("/items/reorder", post(reorder))
-        .route("/items/:id", patch(update).delete(remove))
-}
-
-async fn create(
-    _auth: RequireAuth,
-    State(s): State<AppState>,
-    Json(body): Json<ItemPayload>,
-) -> Result<(StatusCode, Json<Item>)> {
-    let item = s.nav.create_item(body).await?;
-    Ok((StatusCode::CREATED, Json(item)))
-}
-
-async fn update(
-    _auth: RequireAuth,
-    State(s): State<AppState>,
-    Path(id): Path<i64>,
-    Json(body): Json<ItemPatch>,
-) -> Result<Json<Item>> {
-    Ok(Json(s.nav.patch_item(id, body).await?))
-}
-
-async fn remove(
-    _auth: RequireAuth,
-    State(s): State<AppState>,
-    Path(id): Path<i64>,
-) -> Result<StatusCode> {
-    s.nav.delete_item(id).await?;
-    Ok(StatusCode::NO_CONTENT)
-}
-
-async fn reorder(
-    _auth: RequireAuth,
-    State(s): State<AppState>,
-    Json(entries): Json<Vec<ReorderEntry>>,
-) -> Result<StatusCode> {
-    s.nav.reorder_items(entries).await?;
-    Ok(StatusCode::NO_CONTENT)
-}
diff --git a/server/src/routes/mod.rs b/server/src/routes/mod.rs
index 9e3a09d..96bc468 100644
--- a/server/src/routes/mod.rs
+++ b/server/src/routes/mod.rs
@@ -1,12 +1,11 @@
 use axum::Router;
 
 pub mod auth;
+pub mod cards;
 pub mod config;
 pub mod favicon;
-pub mod groups;
 pub mod health;
 pub mod icons;
-pub mod items;
 pub mod nav;
 pub mod sites;
 
@@ -21,8 +20,7 @@ pub fn api(state: AppState) -> Router {
                 .merge(nav::router())
                 .merge(auth::router())
                 .merge(config::router())
-                .merge(items::router())
-                .merge(groups::router())
+                .merge(cards::router())
                 .merge(sites::router())
                 .merge(icons::router())
                 .merge(favicon::router()),
diff --git a/server/src/routes/sites.rs b/server/src/routes/sites.rs
index 9d1638c..3476f68 100644
--- a/server/src/routes/sites.rs
+++ b/server/src/routes/sites.rs
@@ -6,7 +6,7 @@ use axum::{
 };
 
 use crate::auth::RequireAuth;
-use crate::dto::{ReorderEntry, Site, SitePatch, SitePayload};
+use crate::dto::{Site, SitePatch, SitePayload, SiteReorderEntry};
 use crate::error::Result;
 use crate::state::AppState;
 
@@ -43,7 +43,7 @@ async fn remove(
 async fn reorder(
     _a: RequireAuth,
     State(s): State<AppState>,
-    Json(entries): Json<Vec<ReorderEntry>>,
+    Json(entries): Json<Vec<SiteReorderEntry>>,
 ) -> Result<StatusCode> {
     s.nav.reorder_sites(entries).await?;
     Ok(StatusCode::NO_CONTENT)
diff --git a/server/src/services/bundle.rs b/server/src/services/bundle.rs
index 32f863f..aae320a 100644
--- a/server/src/services/bundle.rs
+++ b/server/src/services/bundle.rs
@@ -7,7 +7,7 @@ pub async fn assemble_bundle(
     nav: Arc<dyn NavRepo>,
     config: Arc<dyn ConfigRepo>,
 ) -> Result<NavBundle> {
-    let (sites, groups, items) = nav.get_bundle().await?;
+    let (sites, cards) = nav.get_bundle().await?;
 
     let cfg = config
         .get_many(&[
@@ -19,7 +19,6 @@ pub async fn assemble_bundle(
             "site_police_text",
             "site_police_url",
             "default_theme",
-            "layout_mode",
         ])
         .await?;
 
@@ -51,18 +50,12 @@ pub async fn assemble_bundle(
             .get("default_theme")
             .cloned()
             .unwrap_or_else(|| "system".into()),
-        layout_mode: cfg
-            .get("layout_mode")
-            .cloned()
-            .filter(|v| v == "flat" || v == "grouped")
-            .unwrap_or_else(|| "grouped".into()),
     };
 
     Ok(NavBundle {
         schema_version: 1,
         meta,
         sites,
-        groups,
-        items,
+        cards,
     })
 }
diff --git a/server/src/services/legacy_migrate.rs b/server/src/services/legacy_migrate.rs
new file mode 100644
index 0000000..934d9db
--- /dev/null
+++ b/server/src/services/legacy_migrate.rs
@@ -0,0 +1,224 @@
+//! Plan 6 host-language migration: copy `groups` + `items` + `item_links`
+//! into the new polymorphic `cards` + `card_links` tables, then drop the
+//! legacy tables. Idempotent: a no-op once the legacy tables are gone.
+//!
+//! Runs once on boot, after `migrate(pool)` has finished. The whole copy
+//! lives inside a single transaction, so a failure rolls back and leaves
+//! the legacy tables intact for an operator to investigate. The
+//! application refuses to start if this returns an error.
+
+use crate::error::{AppError, Result};
+use sqlx::{Row, SqlitePool};
+use std::collections::{BTreeMap, HashMap};
+
+fn now_ms() -> i64 {
+    use std::time::{SystemTime, UNIX_EPOCH};
+    SystemTime::now()
+        .duration_since(UNIX_EPOCH)
+        .map(|d| d.as_millis() as i64)
+        .unwrap_or(0)
+}
+
+pub async fn migrate_if_needed(pool: &SqlitePool) -> Result<()> {
+    let legacy_present: i64 =
+        sqlx::query_scalar("SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='groups'")
+            .fetch_one(pool)
+            .await?;
+    if legacy_present == 0 {
+        return Ok(());
+    }
+
+    tracing::info!("legacy_migrate: copying groups/items into cards");
+    let now = now_ms();
+    let mut tx = pool.begin().await?;
+
+    // ----- 1. groups -> cards (kind='folder', root) -----
+    let group_rows = sqlx::query("SELECT id, slug, name, sort_order FROM groups ORDER BY sort_order, id")
+        .fetch_all(&mut *tx)
+        .await?;
+
+    let mut group_id_map: HashMap<i64, i64> = HashMap::new();
+    for (idx, row) in group_rows.iter().enumerate() {
+        let old_id: i64 = row.try_get("id")?;
+        let slug: String = row.try_get("slug")?;
+        let name: String = row.try_get("name")?;
+        let sort_order = idx as i64;
+        let res = sqlx::query(
+            "INSERT INTO cards (kind, parent_id, sort_order, name, slug, created_at, updated_at) \
+             VALUES ('folder', NULL, ?, ?, ?, ?, ?)",
+        )
+        .bind(sort_order)
+        .bind(name)
+        .bind(slug)
+        .bind(now)
+        .bind(now)
+        .execute(&mut *tx)
+        .await?;
+        group_id_map.insert(old_id, res.last_insert_rowid());
+    }
+    let folder_count = group_id_map.len() as i64;
+
+    // ----- 2. items -> cards (kind='item') -----
+    let item_rows = sqlx::query(
+        "SELECT id, group_id, name, description, icon_kind, icon_value, sort_order, created_at, updated_at \
+         FROM items ORDER BY group_id, sort_order, id",
+    )
+    .fetch_all(&mut *tx)
+    .await?;
+
+    // Bucket items by their NEW parent_id (None = root) so we can renumber
+    // contiguously starting at the next free slot in each bucket.
+    type LegacyItem = (i64, Option<i64>, String, Option<String>, String, String, i64, i64);
+    let mut buckets: BTreeMap<Option<i64>, Vec<usize>> = BTreeMap::new();
+    let mut item_records: Vec<LegacyItem> = Vec::with_capacity(item_rows.len());
+    for (idx, row) in item_rows.iter().enumerate() {
+        let old_id: i64 = row.try_get("id")?;
+        let old_group: Option<i64> = row.try_get("group_id")?;
+        let new_parent = old_group.and_then(|g| group_id_map.get(&g).copied());
+        let name: String = row.try_get("name")?;
+        let description: Option<String> = row.try_get("description")?;
+        let icon_kind: String = row.try_get("icon_kind")?;
+        let icon_value: String = row.try_get("icon_value")?;
+        let created_at: i64 = row.try_get("created_at")?;
+        let updated_at: i64 = row.try_get("updated_at")?;
+        item_records.push((
+            old_id,
+            new_parent,
+            name,
+            description,
+            icon_kind,
+            icon_value,
+            created_at,
+            updated_at,
+        ));
+        buckets.entry(new_parent).or_default().push(idx);
+    }
+
+    let mut item_id_map: HashMap<i64, i64> = HashMap::new();
+    for (parent, indices) in buckets {
+        // Root bucket already holds folders at slots 0..folder_count;
+        // start root items after them. Folder buckets start at 0.
+        let base_offset = if parent.is_none() { folder_count } else { 0 };
+        for (offset, idx) in indices.iter().enumerate() {
+            let (old_id, new_parent, name, description, icon_kind, icon_value, created_at, updated_at) =
+                &item_records[*idx];
+            let sort_order = base_offset + offset as i64;
+            let res = sqlx::query(
+                "INSERT INTO cards (kind, parent_id, sort_order, name, icon_kind, icon_value, description, created_at, updated_at) \
+                 VALUES ('item', ?, ?, ?, ?, ?, ?, ?, ?)",
+            )
+            .bind(*new_parent)
+            .bind(sort_order)
+            .bind(name)
+            .bind(icon_kind)
+            .bind(icon_value)
+            .bind(description.as_deref())
+            .bind(*created_at)
+            .bind(*updated_at)
+            .execute(&mut *tx)
+            .await?;
+            item_id_map.insert(*old_id, res.last_insert_rowid());
+        }
+    }
+
+    // ----- 3. item_links -> card_links -----
+    let link_rows = sqlx::query("SELECT item_id, site_id, url FROM item_links")
+        .fetch_all(&mut *tx)
+        .await?;
+    for row in link_rows {
+        let item_id: i64 = row.try_get("item_id")?;
+        let site_id: i64 = row.try_get("site_id")?;
+        let url: String = row.try_get("url")?;
+        let card_id = item_id_map.get(&item_id).copied().ok_or_else(|| {
+            AppError::Other(anyhow::anyhow!("orphan item_link for item {item_id}"))
+        })?;
+        sqlx::query("INSERT INTO card_links (card_id, site_id, url) VALUES (?, ?, ?)")
+            .bind(card_id)
+            .bind(site_id)
+            .bind(url)
+            .execute(&mut *tx)
+            .await?;
+    }
+
+    // ----- 4. drop legacy tables -----
+    sqlx::query("DROP TABLE item_links").execute(&mut *tx).await?;
+    sqlx::query("DROP TABLE items").execute(&mut *tx).await?;
+    sqlx::query("DROP TABLE groups").execute(&mut *tx).await?;
+
+    tx.commit().await?;
+    tracing::info!(
+        "legacy_migrate: complete ({} folder(s), {} item(s))",
+        folder_count,
+        item_id_map.len()
+    );
+    Ok(())
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    /// Bring up a fully-migrated in-memory pool. After all SQL migrations
+    /// run, the legacy tables (`groups` / `items` / `item_links`) are
+    /// still present — only `legacy_migrate::migrate_if_needed` drops
+    /// them. So this matches the exact runtime state on first boot of a
+    /// pre-Plan-6 deployment.
+    async fn legacy_pool() -> SqlitePool {
+        crate::db::connect_in_memory().await.unwrap()
+    }
+
+    #[tokio::test]
+    async fn migrate_copies_groups_items_and_drops_legacy() {
+        let pool = legacy_pool().await;
+        // Seed legacy data
+        sqlx::query("INSERT INTO sites (value, name, sort_order, is_default) VALUES ('a', 'A', 0, 1)")
+            .execute(&pool).await.unwrap();
+        sqlx::query("INSERT INTO groups (slug, name, sort_order, collapsed_default) VALUES ('tools', 'Tools', 0, 0)")
+            .execute(&pool).await.unwrap();
+        sqlx::query("INSERT INTO groups (slug, name, sort_order, collapsed_default) VALUES ('media', 'Media', 1, 0)")
+            .execute(&pool).await.unwrap();
+        sqlx::query("INSERT INTO items (group_id, name, icon_kind, icon_value, sort_order, created_at, updated_at) VALUES (1, 'X', 'asset', 'x.png', 0, 0, 0)")
+            .execute(&pool).await.unwrap();
+        sqlx::query("INSERT INTO items (group_id, name, icon_kind, icon_value, sort_order, created_at, updated_at) VALUES (1, 'Y', 'asset', 'y.png', 1, 0, 0)")
+            .execute(&pool).await.unwrap();
+        sqlx::query("INSERT INTO item_links (item_id, site_id, url) VALUES (1, 1, 'http://x')")
+            .execute(&pool).await.unwrap();
+
+        migrate_if_needed(&pool).await.unwrap();
+
+        // Cards: 2 folders + 2 items
+        let card_count: i64 = sqlx::query_scalar("SELECT COUNT(*) FROM cards")
+            .fetch_one(&pool).await.unwrap();
+        assert_eq!(card_count, 4);
+        let folder_count: i64 = sqlx::query_scalar("SELECT COUNT(*) FROM cards WHERE kind='folder'")
+            .fetch_one(&pool).await.unwrap();
+        assert_eq!(folder_count, 2);
+        // Items live under the first folder
+        let parent: Option<i64> = sqlx::query_scalar("SELECT parent_id FROM cards WHERE name='X'")
+            .fetch_one(&pool).await.unwrap();
+        assert!(parent.is_some());
+
+        // Card link migrated
+        let link_count: i64 = sqlx::query_scalar("SELECT COUNT(*) FROM card_links")
+            .fetch_one(&pool).await.unwrap();
+        assert_eq!(link_count, 1);
+
+        // Legacy tables dropped
+        let groups_left: i64 = sqlx::query_scalar(
+            "SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='groups'",
+        )
+        .fetch_one(&pool).await.unwrap();
+        assert_eq!(groups_left, 0);
+    }
+
+    #[tokio::test]
+    async fn migrate_is_idempotent_when_legacy_already_gone() {
+        let pool = legacy_pool().await;
+        migrate_if_needed(&pool).await.unwrap();
+        // Second call: must be a no-op
+        migrate_if_needed(&pool).await.unwrap();
+        let card_count: i64 = sqlx::query_scalar("SELECT COUNT(*) FROM cards")
+            .fetch_one(&pool).await.unwrap();
+        assert_eq!(card_count, 0);
+    }
+}
diff --git a/server/src/services/migration.rs b/server/src/services/migration.rs
index b7cbee7..8f0c004 100644
--- a/server/src/services/migration.rs
+++ b/server/src/services/migration.rs
@@ -12,7 +12,9 @@ struct BootstrapDoc {
     _schema_version: i64,
     meta: BootstrapMeta,
     sites: Vec<BootstrapSite>,
+    #[serde(default)]
     groups: Vec<BootstrapGroup>,
+    #[serde(default)]
     items: Vec<BootstrapItem>,
 }
 
@@ -37,8 +39,6 @@ struct BootstrapSite {
     value: String,
     name: String,
     #[serde(default)]
-    name_i18n: Option<serde_json::Value>,
-    #[serde(default)]
     is_default: bool,
     #[serde(default)]
     #[allow(dead_code)]
@@ -50,19 +50,13 @@ struct BootstrapGroup {
     slug: String,
     name: String,
     #[serde(default)]
-    name_i18n: Option<serde_json::Value>,
-    #[serde(default)]
     #[allow(dead_code)]
     sort_order: i64,
-    #[serde(default)]
-    collapsed_default: bool,
 }
 
 #[derive(Deserialize)]
 struct BootstrapItem {
     name: String,
-    #[serde(default)]
-    name_i18n: Option<serde_json::Value>,
     #[serde(rename = "groupSlug")]
     group_slug: Option<String>,
     #[serde(rename = "iconKind")]
@@ -74,8 +68,8 @@ struct BootstrapItem {
 }
 
 pub async fn seed_if_empty(nav: Arc<dyn NavRepo>, config: Arc<dyn ConfigRepo>) -> Result<()> {
-    let (sites, _, items) = nav.get_bundle().await?;
-    if !sites.is_empty() || !items.is_empty() {
+    let (sites, cards) = nav.get_bundle().await?;
+    if !sites.is_empty() || !cards.is_empty() {
         return Ok(());
     }
     let doc: BootstrapDoc =
@@ -108,37 +102,42 @@ pub async fn seed_if_empty(nav: Arc<dyn NavRepo>, config: Arc<dyn ConfigRepo>) -
         nav.create_site(SitePayload {
             value: s.value,
             name: s.name,
-            name_i18n: s.name_i18n,
             is_default: s.is_default,
         })
         .await?;
     }
-    // Groups (track id by slug)
-    let mut group_id_by_slug = std::collections::HashMap::new();
+
+    // Folders (track new card id by slug).
+    let mut folder_id_by_slug = std::collections::HashMap::new();
     for g in doc.groups {
-        let created = nav
-            .create_group(GroupPayload {
-                slug: g.slug.clone(),
+        let folder = nav
+            .create_card(CardPayload {
+                kind: CardKind::Folder,
+                parent_id: None,
                 name: g.name,
-                name_i18n: g.name_i18n,
-                collapsed_default: g.collapsed_default,
+                slug: Some(g.slug.clone()),
+                icon_kind: None,
+                icon_value: None,
+                description: None,
+                links: Default::default(),
             })
             .await?;
-        group_id_by_slug.insert(g.slug, created.id);
+        folder_id_by_slug.insert(g.slug, folder.id);
     }
+
     // Items
     for it in doc.items {
-        let group_id = it
+        let parent_id = it
             .group_slug
-            .and_then(|s| group_id_by_slug.get(&s).copied());
-        nav.create_item(ItemPayload {
-            group_id,
+            .and_then(|s| folder_id_by_slug.get(&s).copied());
+        nav.create_card(CardPayload {
+            kind: CardKind::Item,
+            parent_id,
             name: it.name,
-            name_i18n: it.name_i18n,
+            slug: None,
+            icon_kind: Some(it.icon_kind),
+            icon_value: Some(it.icon_value),
             description: None,
-            description_i18n: None,
-            icon_kind: it.icon_kind,
-            icon_value: it.icon_value,
             links: it.links,
         })
         .await?;
diff --git a/server/src/services/mod.rs b/server/src/services/mod.rs
index d1a5730..b8455fe 100644
--- a/server/src/services/mod.rs
+++ b/server/src/services/mod.rs
@@ -1,4 +1,5 @@
 pub mod bootstrap;
 pub mod bundle;
 pub mod favicon;
+pub mod legacy_migrate;
 pub mod migration;
diff --git a/server/tests/api_cards.rs b/server/tests/api_cards.rs
new file mode 100644
index 0000000..b99b7ca
--- /dev/null
+++ b/server/tests/api_cards.rs
@@ -0,0 +1,113 @@
+use axum_test::TestServer;
+use navsrv::app::build_app;
+use navsrv::auth::{password, session::layer as session_layer};
+use navsrv::db::connect_in_memory;
+use navsrv::dto::SitePayload;
+use navsrv::repo::{ConfigRepo, NavRepo, SqlxConfigRepo, SqlxNavRepo};
+use navsrv::state::AppState;
+use std::sync::Arc;
+
+async fn auth_server() -> TestServer {
+    let pool = connect_in_memory().await.unwrap();
+    let nav: Arc<dyn NavRepo> = Arc::new(SqlxNavRepo::new(pool.clone()));
+    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
+    cfg.upsert("admin_password_hash", &password::hash("pw").unwrap())
+        .await
+        .unwrap();
+    nav.create_site(SitePayload {
+        value: "shangHai".into(),
+        name: "上海".into(),
+        is_default: true,
+    })
+    .await
+    .unwrap();
+    let dir = std::env::temp_dir();
+    let state = AppState::new(nav, cfg, dir.clone());
+    let mut server = TestServer::new(build_app(state, session_layer(pool, false), dir)).unwrap();
+    server.do_save_cookies();
+    server
+        .post("/api/auth/login")
+        .json(&serde_json::json!({"password": "pw"}))
+        .await
+        .assert_status_success();
+    server
+}
+
+#[tokio::test]
+async fn create_root_item_via_api() {
+    let server = auth_server().await;
+    let res = server
+        .post("/api/cards")
+        .json(&serde_json::json!({
+            "kind": "item",
+            "name": "X",
+            "iconKind": "asset",
+            "iconValue": "x.png",
+            "links": {"shangHai": "http://x"}
+        }))
+        .await;
+    res.assert_status(axum::http::StatusCode::CREATED);
+    let body: serde_json::Value = res.json();
+    assert_eq!(body["kind"], "item");
+    assert_eq!(body["sortOrder"], 0);
+    assert_eq!(body["links"]["shangHai"], "http://x");
+}
+
+#[tokio::test]
+async fn auto_folder_via_api() {
+    let server = auth_server().await;
+    let a: serde_json::Value = server
+        .post("/api/cards")
+        .json(&serde_json::json!({
+            "kind": "item", "name": "A", "iconKind": "asset", "iconValue": "a.png"
+        }))
+        .await
+        .json();
+    let b: serde_json::Value = server
+        .post("/api/cards")
+        .json(&serde_json::json!({
+            "kind": "item", "name": "B", "iconKind": "asset", "iconValue": "b.png"
+        }))
+        .await
+        .json();
+    let res = server
+        .post("/api/cards/auto-folder")
+        .json(&serde_json::json!({
+            "sourceItemId": a["id"], "targetItemId": b["id"], "name": "Untitled"
+        }))
+        .await;
+    res.assert_status(axum::http::StatusCode::CREATED);
+    let folder: serde_json::Value = res.json();
+    assert_eq!(folder["kind"], "folder");
+}
+
+#[tokio::test]
+async fn nav_bundle_includes_cards_array() {
+    let server = auth_server().await;
+    server
+        .post("/api/cards")
+        .json(&serde_json::json!({
+            "kind": "item", "name": "X", "iconKind": "asset", "iconValue": "x.png"
+        }))
+        .await
+        .assert_status(axum::http::StatusCode::CREATED);
+    let res = server.get("/api/nav").await;
+    res.assert_status_ok();
+    let body: serde_json::Value = res.json();
+    assert!(!body["cards"].as_array().unwrap().is_empty());
+    assert!(body.get("groups").is_none());
+    assert!(body.get("items").is_none());
+}
+
+#[tokio::test]
+async fn legacy_routes_are_unreachable() {
+    // The /api/groups and /api/items families are removed in Plan 6.
+    // Axum may answer with 404 (route gone) or 405 (catch-all method
+    // mismatch on a leftover prefix); either way the route does not
+    // succeed. We assert the absence of a 2xx.
+    let server = auth_server().await;
+    let r1 = server.post("/api/groups").json(&serde_json::json!({})).await;
+    assert!(!r1.status_code().is_success());
+    let r2 = server.post("/api/items").json(&serde_json::json!({})).await;
+    assert!(!r2.status_code().is_success());
+}
diff --git a/server/tests/api_groups_sites.rs b/server/tests/api_groups_sites.rs
deleted file mode 100644
index 937b489..0000000
--- a/server/tests/api_groups_sites.rs
+++ /dev/null
@@ -1,71 +0,0 @@
-use axum_test::TestServer;
-use navsrv::app::build_app;
-use navsrv::auth::{password, session::layer as session_layer};
-use navsrv::db::connect_in_memory;
-use navsrv::repo::{ConfigRepo, NavRepo, SqlxConfigRepo, SqlxNavRepo};
-use navsrv::state::AppState;
-use std::sync::Arc;
-
-async fn boot() -> TestServer {
-    let pool = connect_in_memory().await.unwrap();
-    let nav: Arc<dyn NavRepo> = Arc::new(SqlxNavRepo::new(pool.clone()));
-    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
-    cfg.upsert("admin_password_hash", &password::hash("pw").unwrap())
-        .await
-        .unwrap();
-    let dir = std::env::temp_dir();
-    let state = AppState::new(nav, cfg, dir.clone());
-    let app = build_app(state, session_layer(pool, false), dir);
-    let mut server = TestServer::new(app).unwrap();
-    server.do_save_cookies();
-    server
-        .post("/api/auth/login")
-        .json(&serde_json::json!({"password":"pw"}))
-        .await
-        .assert_status_success();
-    server
-}
-
-#[tokio::test]
-async fn group_lifecycle() {
-    let server = boot().await;
-    let g: serde_json::Value = server
-        .post("/api/groups")
-        .json(&serde_json::json!({
-            "slug":"net","name":"Network"
-        }))
-        .await
-        .json();
-    let id = g["id"].as_i64().unwrap();
-    server
-        .patch(&format!("/api/groups/{id}"))
-        .json(&serde_json::json!({"name":"NET"}))
-        .await
-        .assert_status_ok();
-    server
-        .delete(&format!("/api/groups/{id}"))
-        .await
-        .assert_status(axum::http::StatusCode::NO_CONTENT);
-}
-
-#[tokio::test]
-async fn site_lifecycle() {
-    let server = boot().await;
-    let s: serde_json::Value = server
-        .post("/api/sites")
-        .json(&serde_json::json!({
-            "value":"sh","name":"Shanghai"
-        }))
-        .await
-        .json();
-    let id = s["id"].as_i64().unwrap();
-    server
-        .patch(&format!("/api/sites/{id}"))
-        .json(&serde_json::json!({"name":"SH"}))
-        .await
-        .assert_status_ok();
-    server
-        .delete(&format!("/api/sites/{id}"))
-        .await
-        .assert_status(axum::http::StatusCode::NO_CONTENT);
-}
diff --git a/server/tests/api_items.rs b/server/tests/api_items.rs
deleted file mode 100644
index cdb8566..0000000
--- a/server/tests/api_items.rs
+++ /dev/null
@@ -1,137 +0,0 @@
-use axum_test::TestServer;
-use navsrv::app::build_app;
-use navsrv::auth::{password, session::layer as session_layer};
-use navsrv::db::connect_in_memory;
-use navsrv::dto::{GroupPayload, SitePayload};
-use navsrv::repo::{ConfigRepo, NavRepo, SqlxConfigRepo, SqlxNavRepo};
-use navsrv::state::AppState;
-use std::sync::Arc;
-
-async fn auth_server() -> (TestServer, i64) {
-    let pool = connect_in_memory().await.unwrap();
-    let nav: Arc<dyn NavRepo> = Arc::new(SqlxNavRepo::new(pool.clone()));
-    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
-    cfg.upsert("admin_password_hash", &password::hash("pw").unwrap())
-        .await
-        .unwrap();
-    let g = nav
-        .create_group(GroupPayload {
-            slug: "tools".into(),
-            name: "Tools".into(),
-            name_i18n: None,
-            collapsed_default: false,
-        })
-        .await
-        .unwrap();
-    nav.create_site(SitePayload {
-        value: "shangHai".into(),
-        name: "上海".into(),
-        name_i18n: None,
-        is_default: true,
-    })
-    .await
-    .unwrap();
-
-    let dir = std::env::temp_dir();
-    let state = AppState::new(nav, cfg, dir.clone());
-    let app = build_app(state, session_layer(pool, false), dir);
-    let mut server = TestServer::new(app).unwrap();
-    server.do_save_cookies();
-    server
-        .post("/api/auth/login")
-        .json(&serde_json::json!({"password":"pw"}))
-        .await
-        .assert_status_success();
-    (server, g.id)
-}
-
-#[tokio::test]
-async fn create_then_list_via_bundle() {
-    let (server, gid) = auth_server().await;
-    let body = serde_json::json!({
-        "groupId": gid,
-        "name": "Router",
-        "iconKind": "asset",
-        "iconValue": "router.png",
-        "links": { "shangHai": "http://10.0.0.1" }
-    });
-    let res = server.post("/api/items").json(&body).await;
-    res.assert_status(axum::http::StatusCode::CREATED);
-    let v: serde_json::Value = res.json();
-    let id = v["id"].as_i64().unwrap();
-    assert_eq!(v["name"], "Router");
-
-    let bundle: serde_json::Value = server.get("/api/nav").await.json();
-    let item = bundle["items"]
-        .as_array()
-        .unwrap()
-        .iter()
-        .find(|i| i["id"].as_i64() == Some(id))
-        .unwrap();
-    assert_eq!(item["links"]["shangHai"], "http://10.0.0.1");
-}
-
-#[tokio::test]
-async fn patch_changes_name() {
-    let (server, gid) = auth_server().await;
-    let id = server
-        .post("/api/items")
-        .json(&serde_json::json!({
-            "groupId": gid, "name": "old", "iconKind":"asset", "iconValue":"x.png"
-        }))
-        .await
-        .json::<serde_json::Value>()["id"]
-        .as_i64()
-        .unwrap();
-
-    let res = server
-        .patch(&format!("/api/items/{id}"))
-        .json(&serde_json::json!({ "name": "new" }))
-        .await;
-    res.assert_status_ok();
-    let v: serde_json::Value = res.json();
-    assert_eq!(v["name"], "new");
-}
-
-#[tokio::test]
-async fn delete_removes_item() {
-    let (server, gid) = auth_server().await;
-    let id = server
-        .post("/api/items")
-        .json(&serde_json::json!({
-            "groupId": gid, "name": "x", "iconKind":"asset", "iconValue":"x.png"
-        }))
-        .await
-        .json::<serde_json::Value>()["id"]
-        .as_i64()
-        .unwrap();
-    server
-        .delete(&format!("/api/items/{id}"))
-        .await
-        .assert_status(axum::http::StatusCode::NO_CONTENT);
-
-    let bundle: serde_json::Value = server.get("/api/nav").await.json();
-    assert!(bundle["items"]
-        .as_array()
-        .unwrap()
-        .iter()
-        .all(|i| i["id"].as_i64() != Some(id)));
-}
-
-#[tokio::test]
-async fn unauthed_returns_401() {
-    let pool = connect_in_memory().await.unwrap();
-    let nav: Arc<dyn NavRepo> = Arc::new(SqlxNavRepo::new(pool.clone()));
-    let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
-    let dir = std::env::temp_dir();
-    let state = AppState::new(nav, cfg, dir.clone());
-    let app = build_app(state, session_layer(pool, false), dir);
-    let server = TestServer::new(app).unwrap();
-    server
-        .post("/api/items")
-        .json(&serde_json::json!({
-            "name":"x","iconKind":"asset","iconValue":"x.png"
-        }))
-        .await
-        .assert_status(axum::http::StatusCode::UNAUTHORIZED);
-}
diff --git a/server/tests/api_nav.rs b/server/tests/api_nav.rs
index 7672faf..6d56648 100644
--- a/server/tests/api_nav.rs
+++ b/server/tests/api_nav.rs
@@ -10,6 +10,12 @@ async fn nav_endpoint_returns_empty_bundle_initially() {
     let body: serde_json::Value = res.json();
     assert_eq!(body["schemaVersion"], 1);
     assert!(body["sites"].as_array().unwrap().is_empty());
-    assert!(body["items"].as_array().unwrap().is_empty());
+    assert!(body["cards"].as_array().unwrap().is_empty());
+    assert!(body.get("groups").is_none(), "groups should be removed");
+    assert!(body.get("items").is_none(), "items should be removed");
+    assert!(
+        body["meta"].get("layoutMode").is_none(),
+        "layoutMode should be removed"
+    );
     assert_eq!(body["meta"]["defaultTheme"], "system");
 }
diff --git a/server/tests/repo_cards.rs b/server/tests/repo_cards.rs
new file mode 100644
index 0000000..3b08ab9
--- /dev/null
+++ b/server/tests/repo_cards.rs
@@ -0,0 +1,295 @@
+use navsrv::db::connect_in_memory;
+use navsrv::dto::{
+    AutoFolderPayload, CardKind, CardPatch, CardPayload, IconKind, ReorderEntry, SitePayload,
+};
+use navsrv::error::AppError;
+use navsrv::repo::{NavRepo, SqlxNavRepo};
+
+async fn make_repo() -> (SqlxNavRepo, i64) {
+    let pool = connect_in_memory().await.unwrap();
+    let repo = SqlxNavRepo::new(pool);
+    let s = repo
+        .create_site(SitePayload {
+            value: "shangHai".into(),
+            name: "上海".into(),
+            is_default: true,
+        })
+        .await
+        .unwrap();
+    (repo, s.id)
+}
+
+fn item_payload(name: &str, parent: Option<i64>) -> CardPayload {
+    CardPayload {
+        kind: CardKind::Item,
+        parent_id: parent,
+        name: name.into(),
+        slug: None,
+        icon_kind: Some(IconKind::Asset),
+        icon_value: Some(format!("{name}.png")),
+        description: None,
+        links: Default::default(),
+    }
+}
+
+fn folder_payload(name: &str, slug: &str) -> CardPayload {
+    CardPayload {
+        kind: CardKind::Folder,
+        parent_id: None,
+        name: name.into(),
+        slug: Some(slug.into()),
+        icon_kind: None,
+        icon_value: None,
+        description: None,
+        links: Default::default(),
+    }
+}
+
+#[tokio::test]
+async fn create_root_item_appends_at_end() {
+    let (repo, _) = make_repo().await;
+    let a = repo.create_card(item_payload("A", None)).await.unwrap();
+    let b = repo.create_card(item_payload("B", None)).await.unwrap();
+    assert_eq!(a.sort_order, 0);
+    assert_eq!(b.sort_order, 1);
+    assert!(a.parent_id.is_none());
+    assert!(b.parent_id.is_none());
+}
+
+#[tokio::test]
+async fn create_item_with_links_round_trips() {
+    let (repo, _) = make_repo().await;
+    let mut links = std::collections::BTreeMap::new();
+    links.insert("shangHai".into(), "http://x".into());
+    let mut p = item_payload("X", None);
+    p.links = links.clone();
+    let a = repo.create_card(p).await.unwrap();
+    assert_eq!(a.links.get("shangHai").map(|s| s.as_str()), Some("http://x"));
+}
+
+#[tokio::test]
+async fn create_folder_with_item_inside() {
+    let (repo, _) = make_repo().await;
+    let folder = repo
+        .create_card(folder_payload("Tools", "tools"))
+        .await
+        .unwrap();
+    assert_eq!(folder.kind, CardKind::Folder);
+    assert!(folder.slug.is_some());
+    let inside = repo
+        .create_card(item_payload("X", Some(folder.id)))
+        .await
+        .unwrap();
+    assert_eq!(inside.parent_id, Some(folder.id));
+    assert_eq!(inside.sort_order, 0);
+}
+
+#[tokio::test]
+async fn folder_must_have_slug() {
+    let (repo, _) = make_repo().await;
+    let mut p = folder_payload("Tools", "tools");
+    p.slug = None;
+    let err = repo.create_card(p).await.unwrap_err();
+    assert!(matches!(err, AppError::Validation(_)), "got {err:?}");
+}
+
+#[tokio::test]
+async fn item_must_have_icon() {
+    let (repo, _) = make_repo().await;
+    let mut p = item_payload("X", None);
+    p.icon_kind = None;
+    p.icon_value = None;
+    let err = repo.create_card(p).await.unwrap_err();
+    assert!(matches!(err, AppError::Validation(_)), "got {err:?}");
+}
+
+#[tokio::test]
+async fn folder_cannot_be_created_inside_folder() {
+    let (repo, _) = make_repo().await;
+    let outer = repo
+        .create_card(folder_payload("Outer", "outer"))
+        .await
+        .unwrap();
+    let mut p = folder_payload("Inner", "inner");
+    p.parent_id = Some(outer.id);
+    let err = repo.create_card(p).await.unwrap_err();
+    assert!(matches!(err, AppError::Validation(_)), "got {err:?}");
+}
+
+#[tokio::test]
+async fn delete_folder_releases_children_to_root() {
+    let (repo, _) = make_repo().await;
+    let folder = repo
+        .create_card(folder_payload("F", "f"))
+        .await
+        .unwrap();
+    let a = repo
+        .create_card(item_payload("A", Some(folder.id)))
+        .await
+        .unwrap();
+    let b = repo
+        .create_card(item_payload("B", Some(folder.id)))
+        .await
+        .unwrap();
+
+    repo.delete_card(folder.id).await.unwrap();
+
+    let cards = repo.list_cards().await.unwrap();
+    let a2 = cards.iter().find(|c| c.id == a.id).unwrap();
+    let b2 = cards.iter().find(|c| c.id == b.id).unwrap();
+    assert!(a2.parent_id.is_none());
+    assert!(b2.parent_id.is_none());
+    // Folder slot 0 was vacated, children land at the next free root slots.
+    let folders_left: Vec<_> = cards
+        .iter()
+        .filter(|c| matches!(c.kind, CardKind::Folder))
+        .collect();
+    assert!(folders_left.is_empty());
+}
+
+#[tokio::test]
+async fn reorder_validates_contiguous_permutation() {
+    let (repo, _) = make_repo().await;
+    let a = repo.create_card(item_payload("A", None)).await.unwrap();
+    let b = repo.create_card(item_payload("B", None)).await.unwrap();
+
+    // Bad: missing slot 0
+    let err = repo
+        .reorder_cards(vec![ReorderEntry {
+            id: a.id,
+            sort_order: 1,
+            parent_id: None,
+        }])
+        .await
+        .unwrap_err();
+    assert!(matches!(err, AppError::Validation(_)), "got {err:?}");
+
+    // Good: 0..1 permutation that swaps them
+    repo.reorder_cards(vec![
+        ReorderEntry {
+            id: b.id,
+            sort_order: 0,
+            parent_id: None,
+        },
+        ReorderEntry {
+            id: a.id,
+            sort_order: 1,
+            parent_id: None,
+        },
+    ])
+    .await
+    .unwrap();
+
+    let cards = repo.list_cards().await.unwrap();
+    let a_after = cards.iter().find(|c| c.id == a.id).unwrap();
+    let b_after = cards.iter().find(|c| c.id == b.id).unwrap();
+    assert_eq!(a_after.sort_order, 1);
+    assert_eq!(b_after.sort_order, 0);
+}
+
+#[tokio::test]
+async fn auto_folder_creates_folder_with_two_items() {
+    let (repo, _) = make_repo().await;
+    let a = repo.create_card(item_payload("A", None)).await.unwrap();
+    let b = repo.create_card(item_payload("B", None)).await.unwrap();
+    let folder = repo
+        .auto_folder(AutoFolderPayload {
+            source_item_id: a.id,
+            target_item_id: b.id,
+            name: "Untitled".into(),
+            slug: Some("untitled".into()),
+        })
+        .await
+        .unwrap();
+    assert_eq!(folder.kind, CardKind::Folder);
+    let cards = repo.list_cards().await.unwrap();
+    let a2 = cards.iter().find(|c| c.id == a.id).unwrap();
+    let b2 = cards.iter().find(|c| c.id == b.id).unwrap();
+    assert_eq!(a2.parent_id, Some(folder.id));
+    assert_eq!(b2.parent_id, Some(folder.id));
+    assert_eq!(a2.sort_order, 0);
+    assert_eq!(b2.sort_order, 1);
+}
+
+#[tokio::test]
+async fn folder_dissolves_when_only_one_child_remains() {
+    let (repo, _) = make_repo().await;
+    let folder = repo
+        .create_card(folder_payload("F", "f"))
+        .await
+        .unwrap();
+    let _a = repo
+        .create_card(item_payload("A", Some(folder.id)))
+        .await
+        .unwrap();
+    let b = repo
+        .create_card(item_payload("B", Some(folder.id)))
+        .await
+        .unwrap();
+
+    // Move B back to root → folder F has only A left → dissolves.
+    repo.patch_card(
+        b.id,
+        CardPatch {
+            parent_id: Some(None),
+            ..Default::default()
+        },
+    )
+    .await
+    .unwrap();
+
+    let cards = repo.list_cards().await.unwrap();
+    let folder_left = cards.iter().any(|c| c.id == folder.id);
+    assert!(!folder_left, "single-child folder should auto-dissolve");
+    // A and B should both be at root now.
+    let a_card = cards.iter().find(|c| c.name == "A").unwrap();
+    let b_card = cards.iter().find(|c| c.name == "B").unwrap();
+    assert!(a_card.parent_id.is_none());
+    assert!(b_card.parent_id.is_none());
+}
+
+#[tokio::test]
+async fn folder_dissolves_when_last_child_deleted() {
+    let (repo, _) = make_repo().await;
+    let folder = repo
+        .create_card(folder_payload("F", "f"))
+        .await
+        .unwrap();
+    let a = repo
+        .create_card(item_payload("A", Some(folder.id)))
+        .await
+        .unwrap();
+    let b = repo
+        .create_card(item_payload("B", Some(folder.id)))
+        .await
+        .unwrap();
+
+    // Delete B → folder has 1 child (A) → dissolve, A moves to root.
+    repo.delete_card(b.id).await.unwrap();
+    let cards = repo.list_cards().await.unwrap();
+    assert!(!cards.iter().any(|c| c.id == folder.id));
+    let a_after = cards.iter().find(|c| c.id == a.id).unwrap();
+    assert!(a_after.parent_id.is_none());
+}
+
+#[tokio::test]
+async fn patch_moves_item_into_folder() {
+    let (repo, _) = make_repo().await;
+    let folder = repo
+        .create_card(folder_payload("F", "f"))
+        .await
+        .unwrap();
+    let a = repo.create_card(item_payload("A", None)).await.unwrap();
+    repo.patch_card(
+        a.id,
+        CardPatch {
+            parent_id: Some(Some(folder.id)),
+            ..Default::default()
+        },
+    )
+    .await
+    .unwrap();
+    let cards = repo.list_cards().await.unwrap();
+    let a2 = cards.iter().find(|c| c.id == a.id).unwrap();
+    assert_eq!(a2.parent_id, Some(folder.id));
+}
diff --git a/server/tests/repo_items.rs b/server/tests/repo_items.rs
deleted file mode 100644
index e2e4818..0000000
--- a/server/tests/repo_items.rs
+++ /dev/null
@@ -1,154 +0,0 @@
-use navsrv::db::connect_in_memory;
-use navsrv::dto::*;
-use navsrv::repo::{NavRepo, SqlxNavRepo};
-
-async fn make_repo_with_seed() -> (SqlxNavRepo, i64, i64) {
-    let pool = connect_in_memory().await.unwrap();
-    let repo = SqlxNavRepo::new(pool);
-    let g = repo
-        .create_group(GroupPayload {
-            slug: "tools".into(),
-            name: "Tools".into(),
-            name_i18n: None,
-            collapsed_default: false,
-        })
-        .await
-        .unwrap();
-    let s = repo
-        .create_site(SitePayload {
-            value: "shangHai".into(),
-            name: "上海".into(),
-            name_i18n: None,
-            is_default: true,
-        })
-        .await
-        .unwrap();
-    (repo, g.id, s.id)
-}
-
-#[tokio::test]
-async fn create_item_with_links() {
-    let (repo, gid, _sid) = make_repo_with_seed().await;
-    let mut links = std::collections::BTreeMap::new();
-    links.insert("shangHai".into(), "http://10.0.0.1".into());
-    let item = repo
-        .create_item(ItemPayload {
-            group_id: Some(gid),
-            name: "RouterOS".into(),
-            name_i18n: None,
-            description: None,
-            description_i18n: None,
-            icon_kind: IconKind::Asset,
-            icon_value: "routerOS.png".into(),
-            links,
-        })
-        .await
-        .unwrap();
-    assert_eq!(item.name, "RouterOS");
-    assert_eq!(
-        item.links.get("shangHai").map(String::as_str),
-        Some("http://10.0.0.1")
-    );
-}
-
-#[tokio::test]
-async fn patch_item_replaces_links() {
-    let (repo, gid, _sid) = make_repo_with_seed().await;
-    let mut links = std::collections::BTreeMap::new();
-    links.insert("shangHai".into(), "http://1".into());
-    let item = repo
-        .create_item(ItemPayload {
-            group_id: Some(gid),
-            name: "x".into(),
-            name_i18n: None,
-            description: None,
-            description_i18n: None,
-            icon_kind: IconKind::Asset,
-            icon_value: "x.png".into(),
-            links,
-        })
-        .await
-        .unwrap();
-    let mut new_links = std::collections::BTreeMap::new();
-    new_links.insert("shangHai".into(), "http://2".into());
-    let p = ItemPatch {
-        links: Some(new_links),
-        ..Default::default()
-    };
-    let updated = repo.patch_item(item.id, p).await.unwrap();
-    assert_eq!(
-        updated.links.get("shangHai").map(String::as_str),
-        Some("http://2")
-    );
-}
-
-#[tokio::test]
-async fn delete_item_cascades_links() {
-    let (repo, gid, _sid) = make_repo_with_seed().await;
-    let mut links = std::collections::BTreeMap::new();
-    links.insert("shangHai".into(), "http://1".into());
-    let item = repo
-        .create_item(ItemPayload {
-            group_id: Some(gid),
-            name: "x".into(),
-            name_i18n: None,
-            description: None,
-            description_i18n: None,
-            icon_kind: IconKind::Asset,
-            icon_value: "x.png".into(),
-            links,
-        })
-        .await
-        .unwrap();
-    repo.delete_item(item.id).await.unwrap();
-    let (_, _, items) = repo.get_bundle().await.unwrap();
-    assert!(items.is_empty());
-}
-
-#[tokio::test]
-async fn reorder_items_writes_sort_order() {
-    let (repo, gid, _sid) = make_repo_with_seed().await;
-    let a = repo
-        .create_item(ItemPayload {
-            group_id: Some(gid),
-            name: "a".into(),
-            name_i18n: None,
-            description: None,
-            description_i18n: None,
-            icon_kind: IconKind::Asset,
-            icon_value: "a.png".into(),
-            links: Default::default(),
-        })
-        .await
-        .unwrap();
-    let b = repo
-        .create_item(ItemPayload {
-            group_id: Some(gid),
-            name: "b".into(),
-            name_i18n: None,
-            description: None,
-            description_i18n: None,
-            icon_kind: IconKind::Asset,
-            icon_value: "b.png".into(),
-            links: Default::default(),
-        })
-        .await
-        .unwrap();
-    repo.reorder_items(vec![
-        ReorderEntry {
-            id: b.id,
-            sort_order: 0,
-            group_id: Some(Some(gid)),
-        },
-        ReorderEntry {
-            id: a.id,
-            sort_order: 1,
-            group_id: Some(Some(gid)),
-        },
-    ])
-    .await
-    .unwrap();
-    let (_, _, items) = repo.get_bundle().await.unwrap();
-    assert_eq!(items[0].id, b.id);
-    assert_eq!(items[1].id, a.id);
-}
diff --git a/server/tests/repo_sites.rs b/server/tests/repo_sites.rs
index cd69d6b..7b90150 100644
--- a/server/tests/repo_sites.rs
+++ b/server/tests/repo_sites.rs
@@ -1,5 +1,5 @@
 use navsrv::db::connect_in_memory;
-use navsrv::dto::{GroupPayload, IconKind, ItemPayload, SitePatch, SitePayload};
+use navsrv::dto::{CardKind, CardPayload, IconKind, SitePatch, SitePayload};
 use navsrv::error::AppError;
 use navsrv::repo::{NavRepo, SqlxNavRepo};
 
@@ -12,7 +12,6 @@ async fn create_list_patch_delete_site() {
         .create_site(SitePayload {
             value: "shangHai".into(),
             name: "上海".into(),
-            name_i18n: Some(serde_json::json!({"en": "Shanghai"})),
             is_default: true,
         })
         .await
@@ -24,7 +23,6 @@ async fn create_list_patch_delete_site() {
         .create_site(SitePayload {
             value: "beiJing".into(),
             name: "北京".into(),
-            name_i18n: None,
             is_default: false,
         })
         .await
@@ -56,7 +54,6 @@ async fn unique_value_constraint_returns_conflict() {
     repo.create_site(SitePayload {
         value: "x".into(),
         name: "X".into(),
-        name_i18n: None,
         is_default: false,
     })
     .await
@@ -65,7 +62,6 @@ async fn unique_value_constraint_returns_conflict() {
         .create_site(SitePayload {
             value: "x".into(),
             name: "Y".into(),
-            name_i18n: None,
             is_default: false,
         })
         .await
@@ -74,37 +70,27 @@ async fn unique_value_constraint_returns_conflict() {
 }
 
 #[tokio::test]
-async fn delete_site_referenced_by_item_returns_conflict() {
+async fn delete_site_referenced_by_card_link_returns_conflict() {
     let pool = connect_in_memory().await.unwrap();
     let repo = SqlxNavRepo::new(pool);
-    let g = repo
-        .create_group(GroupPayload {
-            slug: "g".into(),
-            name: "G".into(),
-            name_i18n: None,
-            collapsed_default: false,
-        })
-        .await
-        .unwrap();
     let s = repo
         .create_site(SitePayload {
             value: "siteA".into(),
             name: "A".into(),
-            name_i18n: None,
             is_default: true,
         })
         .await
         .unwrap();
     let mut links = std::collections::BTreeMap::new();
     links.insert("siteA".into(), "http://x".into());
-    repo.create_item(ItemPayload {
-        group_id: Some(g.id),
+    repo.create_card(CardPayload {
+        kind: CardKind::Item,
+        parent_id: None,
         name: "I".into(),
-        name_i18n: None,
+        slug: None,
+        icon_kind: Some(IconKind::Asset),
+        icon_value: Some("x.png".into()),
         description: None,
-        description_i18n: None,
-        icon_kind: IconKind::Asset,
-        icon_value: "x.png".into(),
         links,
     })
     .await
diff --git a/server/tests/seed.rs b/server/tests/seed.rs
index b53ff2b..a10d83d 100644
--- a/server/tests/seed.rs
+++ b/server/tests/seed.rs
@@ -1,17 +1,30 @@
 use navsrv::db::connect_in_memory;
+use navsrv::dto::CardKind;
 use navsrv::repo::{ConfigRepo, NavRepo, SqlxConfigRepo, SqlxNavRepo};
 use navsrv::services::migration::seed_if_empty;
 use std::sync::Arc;
 
 #[tokio::test]
-async fn seed_populates_sites_and_groups() {
+async fn seed_populates_sites_and_folders() {
     let pool = connect_in_memory().await.unwrap();
     let nav: Arc<dyn NavRepo> = Arc::new(SqlxNavRepo::new(pool.clone()));
     let cfg: Arc<dyn ConfigRepo> = Arc::new(SqlxConfigRepo::new(pool.clone()));
     seed_if_empty(nav.clone(), cfg.clone()).await.unwrap();
-    let (sites, groups, _items) = nav.get_bundle().await.unwrap();
+    let (sites, cards) = nav.get_bundle().await.unwrap();
     assert!(sites.iter().any(|s| s.value == "shangHai"));
-    assert!(groups.iter().any(|g| g.slug == "network"));
+    let folders: Vec<_> = cards
+        .iter()
+        .filter(|c| matches!(c.kind, CardKind::Folder))
+        .collect();
+    assert!(
+        folders.iter().any(|f| f.slug.as_deref() == Some("network")),
+        "expected a folder seeded from the 'network' bootstrap group"
+    );
+    let items: Vec<_> = cards
+        .iter()
+        .filter(|c| matches!(c.kind, CardKind::Item))
+        .collect();
+    assert!(!items.is_empty(), "expected items seeded from bootstrap");
     assert_eq!(
         cfg.get("site_name").await.unwrap().as_deref(),
         Some("Pico 的小站导航")
diff --git a/web/src/lib/api/admin.ts b/web/src/lib/api/admin.ts
index 8b08660..1193d2b 100644
--- a/web/src/lib/api/admin.ts
+++ b/web/src/lib/api/admin.ts
@@ -1,57 +1,11 @@
 import { apiClient } from './client';
-import { GroupSchema, SiteSchema, type Group, type Site } from '$lib/types/nav';
-
-// ----- Groups -----
-
-export interface GroupPayload {
-  slug: string;
-  name: string;
-  nameI18n?: Record<string, string> | null;
-  collapsedDefault?: boolean;
-}
-export type GroupPatch = Partial<GroupPayload>;
-
-export function createGroup(payload: GroupPayload): Promise<Group> {
-  return apiClient<Group>({
-    method: 'POST',
-    path: '/api/groups',
-    body: payload,
-    responseSchema: GroupSchema
-  });
-}
-
-export function patchGroup(id: number, patch: GroupPatch): Promise<Group> {
-  return apiClient<Group>({
-    method: 'PATCH',
-    path: `/api/groups/${id}`,
-    body: patch,
-    responseSchema: GroupSchema
-  });
-}
-
-export function deleteGroup(id: number): Promise<void> {
-  return apiClient<void>({ method: 'DELETE', path: `/api/groups/${id}` });
-}
-
-export interface ReorderEntry {
-  id: number;
-  sortOrder: number;
-}
-
-export function reorderGroups(entries: ReorderEntry[]): Promise<void> {
-  return apiClient<void>({
-    method: 'POST',
-    path: '/api/groups/reorder',
-    body: entries
-  });
-}
+import { SiteSchema, type Site } from '$lib/types/nav';
 
 // ----- Sites -----
 
 export interface SitePayload {
   value: string;
   name: string;
-  nameI18n?: Record<string, string> | null;
   isDefault?: boolean;
 }
 export type SitePatch = Partial<SitePayload>;
@@ -78,7 +32,12 @@ export function deleteSite(id: number): Promise<void> {
   return apiClient<void>({ method: 'DELETE', path: `/api/sites/${id}` });
 }
 
-export function reorderSites(entries: ReorderEntry[]): Promise<void> {
+export interface SiteReorderEntry {
+  id: number;
+  sortOrder: number;
+}
+
+export function reorderSites(entries: SiteReorderEntry[]): Promise<void> {
   return apiClient<void>({
     method: 'POST',
     path: '/api/sites/reorder',
diff --git a/web/src/lib/api/cards.ts b/web/src/lib/api/cards.ts
new file mode 100644
index 0000000..1bccaf2
--- /dev/null
+++ b/web/src/lib/api/cards.ts
@@ -0,0 +1,48 @@
+import { apiClient } from './client';
+import {
+  CardSchema,
+  type Card,
+  type CardPayload,
+  type CardPatch,
+  type ReorderEntry,
+  type AutoFolderPayload
+} from '$lib/types/card';
+
+export function createCard(payload: CardPayload): Promise<Card> {
+  return apiClient<Card>({
+    method: 'POST',
+    path: '/api/cards',
+    body: payload,
+    responseSchema: CardSchema
+  });
+}
+
+export function patchCard(id: number, patch: CardPatch): Promise<Card> {
+  return apiClient<Card>({
+    method: 'PATCH',
+    path: `/api/cards/${id}`,
+    body: patch,
+    responseSchema: CardSchema
+  });
+}
+
+export function deleteCard(id: number): Promise<void> {
+  return apiClient<void>({ method: 'DELETE', path: `/api/cards/${id}` });
+}
+
+export function reorderCards(entries: ReorderEntry[]): Promise<void> {
+  return apiClient<void>({
+    method: 'POST',
+    path: '/api/cards/reorder',
+    body: entries
+  });
+}
+
+export function autoFolder(payload: AutoFolderPayload): Promise<Card> {
+  return apiClient<Card>({
+    method: 'POST',
+    path: '/api/cards/auto-folder',
+    body: payload,
+    responseSchema: CardSchema
+  });
+}
diff --git a/web/src/lib/api/nav.ts b/web/src/lib/api/nav.ts
index ec72917..62907b9 100644
--- a/web/src/lib/api/nav.ts
+++ b/web/src/lib/api/nav.ts
@@ -1,41 +1,5 @@
-// web/src/lib/api/nav.ts
+// web/src/lib/api/nav.ts — non-card endpoints. Card CRUD lives in api/cards.ts.
 import { apiClient } from './client';
-import { ItemSchema, type Item, type IconKind } from '$lib/types/nav';
-
-export interface ItemPayload {
-  groupId: number | null;
-  name: string;
-  nameI18n?: Record<string, string> | null;
-  description?: string | null;
-  descriptionI18n?: Record<string, string> | null;
-  iconKind: IconKind;
-  iconValue: string;
-  links: Record<string, string>;
-}
-
-export type ItemPatch = Partial<ItemPayload>;
-
-export function createItem(payload: ItemPayload): Promise<Item> {
-  return apiClient<Item>({
-    method: 'POST',
-    path: '/api/items',
-    body: payload,
-    responseSchema: ItemSchema
-  });
-}
-
-export function patchItem(id: number, patch: ItemPatch): Promise<Item> {
-  return apiClient<Item>({
-    method: 'PATCH',
-    path: `/api/items/${id}`,
-    body: patch,
-    responseSchema: ItemSchema
-  });
-}
-
-export function deleteItem(id: number): Promise<void> {
-  return apiClient<void>({ method: 'DELETE', path: `/api/items/${id}` });
-}
 
 export function changePassword(current: string, next: string): Promise<void> {
   return apiClient<void>({
@@ -45,20 +9,6 @@ export function changePassword(current: string, next: string): Promise<void> {
   });
 }
 
-export interface ReorderEntry {
-  id: number;
-  sortOrder: number;
-  groupId?: number | null;
-}
-
-export function reorderItems(entries: ReorderEntry[]): Promise<void> {
-  return apiClient<void>({
-    method: 'POST',
-    path: '/api/items/reorder',
-    body: entries
-  });
-}
-
 /** PATCH /api/config — body is array of { key, value }. Admin auth required. */
 export function patchConfig(pairs: { key: string; value: string }[]): Promise<void> {
   return apiClient<void>({
diff --git a/web/src/lib/components/Admin/AdminGroupsTab.svelte b/web/src/lib/components/Admin/AdminGroupsTab.svelte
deleted file mode 100644
index 969c698..0000000
--- a/web/src/lib/components/Admin/AdminGroupsTab.svelte
+++ /dev/null
@@ -1,268 +0,0 @@
-<script lang="ts">
-  import Button from '$lib/components/ui/Button.svelte';
-  import Input from '$lib/components/ui/Input.svelte';
-  import { dndzone, type DndEvent } from 'svelte-dnd-action';
-  import { navDataStore } from '$lib/stores/navData';
-  import { createGroup, patchGroup, deleteGroup, reorderGroups } from '$lib/api/admin';
-  import { ApiError } from '$lib/api/client';
-  import { toast } from '$lib/components/ui/toast';
-  import { t } from '$lib/i18n/store';
-  import type { Group } from '$lib/types/nav';
-
-  const groups = $derived($navDataStore.bundle?.groups ?? []);
-  /** Local mirror so dndzone can mutate during drag. Synced from `groups`. */
-  let working: Group[] = $state([]);
-  $effect(() => {
-    working = [...groups].sort((a, b) => a.sortOrder - b.sortOrder);
-  });
-  const itemCountByGroup = $derived.by(() => {
-    const map = new Map<number, number>();
-    for (const it of $navDataStore.bundle?.items ?? []) {
-      if (it.groupId == null) continue;
-      map.set(it.groupId, (map.get(it.groupId) ?? 0) + 1);
-    }
-    return map;
-  });
-
-  let editingId = $state<number | null>(null);
-  let editName = $state('');
-  let editSlug = $state('');
-
-  let creating = $state(false);
-  let newName = $state('');
-  let newSlug = $state('');
-  let busy = $state(false);
-
-  /** Disable dnd while inline editing or creating to avoid input/drag fights. */
-  const dragDisabled = $derived(editingId !== null || creating || busy);
-
-  function onConsider(e: CustomEvent<DndEvent<Group>>) {
-    working = e.detail.items;
-  }
-  async function onFinalize(e: CustomEvent<DndEvent<Group>>) {
-    working = e.detail.items;
-    const entries = working.map((g, i) => ({ id: g.id, sortOrder: i }));
-    try {
-      await reorderGroups(entries);
-      await navDataStore.refetch();
-    } catch (err) {
-      await navDataStore.refetch();
-      toast.error(err instanceof ApiError ? err.message : 'Reorder failed');
-    }
-  }
-
-  function startEdit(g: Group) {
-    editingId = g.id;
-    editName = g.name;
-    editSlug = g.slug;
-  }
-  function cancelEdit() {
-    editingId = null;
-  }
-  async function saveEdit() {
-    if (editingId == null || busy) return;
-    busy = true;
-    try {
-      await patchGroup(editingId, { name: editName.trim(), slug: editSlug.trim() });
-      await navDataStore.refetch();
-      editingId = null;
-      toast.success($t('common.save') + ' ✓');
-    } catch (e) {
-      toast.error(e instanceof ApiError ? e.message : 'Save failed');
-    } finally {
-      busy = false;
-    }
-  }
-
-  async function remove(g: Group) {
-    if (busy) return;
-    const count = itemCountByGroup.get(g.id) ?? 0;
-    const confirmMsg =
-      count > 0
-        ? `Group "${g.name}" still contains ${count} item(s). Delete anyway?`
-        : `Delete group "${g.name}"?`;
-    if (!confirm(confirmMsg)) return;
-    busy = true;
-    try {
-      await deleteGroup(g.id);
-      await navDataStore.refetch();
-      toast.success('Deleted ✓');
-    } catch (e) {
-      toast.error(e instanceof ApiError ? e.message : 'Delete failed');
-    } finally {
-      busy = false;
-    }
-  }
-
-  function startCreate() {
-    creating = true;
-    newName = '';
-    newSlug = '';
-  }
-  function cancelCreate() {
-    creating = false;
-  }
-  async function commitCreate() {
-    if (busy) return;
-    if (!newName.trim() || !newSlug.trim()) {
-      toast.error('Both slug and name are required');
-      return;
-    }
-    busy = true;
-    try {
-      await createGroup({
-        slug: newSlug.trim(),
-        name: newName.trim(),
-        collapsedDefault: false
-      });
-      await navDataStore.refetch();
-      creating = false;
-      toast.success('Created ✓');
-    } catch (e) {
-      toast.error(e instanceof ApiError ? e.message : 'Create failed');
-    } finally {
-      busy = false;
-    }
-  }
-</script>
-
-<div class="tab">
-  <header class="head">
-    <h3>Groups <small>({groups.length})</small></h3>
-    {#if !creating}
-      <Button intent="primary" size="sm" onclick={startCreate}>＋ New group</Button>
-    {/if}
-  </header>
-
-  {#if creating}
-    <div class="row create-row">
-      <Input label="Slug" bind:value={newSlug} placeholder="tools" />
-      <Input label="Name" bind:value={newName} placeholder="Tools" />
-      <div class="row-actions">
-        <Button intent="primary" size="sm" onclick={commitCreate} loading={busy}>Create</Button>
-        <Button intent="ghost" size="sm" onclick={cancelCreate}>Cancel</Button>
-      </div>
-    </div>
-  {/if}
-
-  <ul
-    class="list"
-    use:dndzone={{ items: working, dragDisabled, flipDurationMs: 180, dropTargetStyle: {} }}
-    onconsider={onConsider}
-    onfinalize={onFinalize}
-  >
-    {#each working as g (g.id)}
-      <li class="row" class:editing={editingId === g.id}>
-        {#if editingId === g.id}
-          <Input label="Slug" bind:value={editSlug} />
-          <Input label="Name" bind:value={editName} />
-          <div class="row-actions">
-            <Button intent="primary" size="sm" onclick={saveEdit} loading={busy}>Save</Button>
-            <Button intent="ghost" size="sm" onclick={cancelEdit}>Cancel</Button>
-          </div>
-        {:else}
-          <span class="handle" class:disabled={dragDisabled} aria-hidden="true">⋮⋮</span>
-          <div class="info">
-            <strong>{g.name}</strong>
-            <span class="slug">{g.slug}</span>
-            <span class="count">{itemCountByGroup.get(g.id) ?? 0} item(s)</span>
-          </div>
-          <div class="row-actions">
-            <Button intent="ghost" size="sm" onclick={() => startEdit(g)}>Edit</Button>
-            <Button intent="ghost" size="sm" onclick={() => remove(g)}>Delete</Button>
-          </div>
-        {/if}
-      </li>
-    {/each}
-  </ul>
-  {#if groups.length === 0}
-    <p class="empty">No groups yet. Create one to start organising items.</p>
-  {/if}
-</div>
-
-<style lang="scss">
-  .tab {
-    display: flex;
-    flex-direction: column;
-    gap: var(--sp-3);
-  }
-  .head {
-    display: flex;
-    align-items: center;
-    justify-content: space-between;
-    h3 {
-      margin: 0;
-      font-size: var(--fs-lg);
-      small {
-        color: var(--c-text-3);
-        font-weight: var(--fw-regular);
-      }
-    }
-  }
-  .list {
-    list-style: none;
-    margin: 0;
-    padding: 0;
-    display: flex;
-    flex-direction: column;
-    gap: var(--sp-2);
-  }
-  .row {
-    display: grid;
-    grid-template-columns: auto 1fr auto;
-    align-items: center;
-    gap: var(--sp-3);
-    padding: var(--sp-3);
-    border: 1px solid var(--c-border);
-    border-radius: var(--rd-md);
-    background: rgba(255, 255, 255, 0.45);
-  }
-  :global([data-theme='dark']) .row {
-    background: rgba(255, 255, 255, 0.04);
-  }
-  .row.editing,
-  .create-row {
-    grid-template-columns: 1fr 1fr auto;
-  }
-  .handle {
-    color: var(--c-text-3);
-    cursor: grab;
-    user-select: none;
-    line-height: 1;
-    letter-spacing: -2px;
-    padding: 0 var(--sp-1);
-    &.disabled {
-      cursor: not-allowed;
-      opacity: 0.4;
-    }
-  }
-  .row .info {
-    display: flex;
-    align-items: baseline;
-    gap: var(--sp-3);
-    flex-wrap: wrap;
-    strong {
-      font-size: var(--fs-md);
-    }
-    .slug {
-      font-family: var(--ft-mono);
-      font-size: var(--fs-sm);
-      color: var(--c-text-3);
-    }
-    .count {
-      font-size: var(--fs-xs);
-      color: var(--c-text-3);
-    }
-  }
-  .row-actions {
-    display: flex;
-    gap: var(--sp-2);
-    align-items: end;
-  }
-  .empty {
-    padding: var(--sp-4);
-    text-align: center;
-    color: var(--c-text-3);
-    font-size: var(--fs-sm);
-  }
-</style>
diff --git a/web/src/lib/components/Admin/AdminSiteTab.svelte b/web/src/lib/components/Admin/AdminSiteTab.svelte
index f73dff0..1f24579 100644
--- a/web/src/lib/components/Admin/AdminSiteTab.svelte
+++ b/web/src/lib/components/Admin/AdminSiteTab.svelte
@@ -8,7 +8,6 @@
   import { toast } from '$lib/components/ui/toast';
   import { t } from '$lib/i18n/store';
 
-  let layoutMode = $state<'grouped' | 'flat'>('grouped');
   let siteName = $state('');
   let siteCopyright = $state('');
   /** IconSourcePicker bindings. `avatarValue` is the picker-relative payload:
@@ -19,7 +18,6 @@
   let saving = $state(false);
   let error = $state<string | null>(null);
   let initial = $state({
-    layoutMode: 'grouped',
     siteName: '',
     siteAvatarPath: '',
     siteCopyright: ''
@@ -46,12 +44,10 @@
   $effect(() => {
     const m = $navDataStore.bundle?.meta;
     if (!m || hydrated) return;
-    layoutMode = (m.layoutMode ?? 'grouped') as 'grouped' | 'flat';
     siteName = m.siteName ?? '';
     siteCopyright = m.siteCopyright ?? '';
     loadAvatar(m.siteAvatarPath ?? '');
     initial = {
-      layoutMode,
       siteName,
       siteAvatarPath: m.siteAvatarPath ?? '',
       siteCopyright
@@ -66,9 +62,6 @@
     try {
       const changes: Array<{ key: string; value: string }> = [];
       const avatarPath = currentAvatarPath();
-      if (layoutMode !== initial.layoutMode) {
-        changes.push({ key: 'layout_mode', value: layoutMode });
-      }
       if (siteName.trim() !== initial.siteName) {
         changes.push({ key: 'site_name', value: siteName.trim() });
       }
@@ -81,7 +74,7 @@
       if (changes.length > 0) {
         await patchConfig(changes);
         await navDataStore.refetch();
-        initial = { layoutMode, siteName, siteAvatarPath: avatarPath, siteCopyright };
+        initial = { siteName, siteAvatarPath: avatarPath, siteCopyright };
       }
       toast.success($t('common.save') + ' ✓');
     } catch (e) {
@@ -108,51 +101,6 @@
     <Input label="Footer copyright" bind:value={siteCopyright} placeholder="© 2026 Your Name" />
   </fieldset>
 
-  <fieldset>
-    <legend>Layout mode</legend>
-    <div class="layout-grid">
-      <label class="layout-option" class:selected={layoutMode === 'grouped'}>
-        <input
-          type="radio"
-          name="layoutMode"
-          value="grouped"
-          bind:group={layoutMode}
-          class="sr-only"
-        />
-        <svg class="mockup" viewBox="0 0 100 60" aria-hidden="true">
-          {#each [9, 31, 53, 75] as fx}
-            <rect class="folder" x={fx} y="14" width="16" height="16" rx="3" />
-            <rect class="dot" x={fx + 2.5} y="16.5" width="5" height="5" rx="1" />
-            <rect class="dot" x={fx + 8.5} y="16.5" width="5" height="5" rx="1" />
-            <rect class="dot" x={fx + 2.5} y="22.5" width="5" height="5" rx="1" />
-            <rect class="dot" x={fx + 8.5} y="22.5" width="5" height="5" rx="1" />
-            <rect class="title" x={fx + 3} y="34" width="10" height="3" rx="1" />
-          {/each}
-        </svg>
-        <strong>Grouped</strong>
-        <small>Sections per group</small>
-      </label>
-      <label class="layout-option" class:selected={layoutMode === 'flat'}>
-        <input
-          type="radio"
-          name="layoutMode"
-          value="flat"
-          bind:group={layoutMode}
-          class="sr-only"
-        />
-        <svg class="mockup" viewBox="0 0 100 60" aria-hidden="true">
-          {#each [4, 16, 28, 40] as x}
-            {#each [6, 22, 38] as y}
-              <rect class="tile" {x} {y} width="9" height="9" rx="1.5" />
-            {/each}
-          {/each}
-        </svg>
-        <strong>Flat</strong>
-        <small>All items in one grid</small>
-      </label>
-    </div>
-  </fieldset>
-
   {#if error}<p class="err">{error}</p>{/if}
 
   <div class="actions">
@@ -207,99 +155,4 @@
     display: flex;
     justify-content: flex-end;
   }
-
-  .layout-grid {
-    display: grid;
-    grid-template-columns: 1fr 1fr;
-    gap: var(--sp-3);
-  }
-  .layout-option {
-    display: flex;
-    flex-direction: column;
-    gap: var(--sp-2);
-    padding: var(--sp-3);
-    border: 2px solid var(--c-border);
-    border-radius: var(--rd-md);
-    background: rgba(255, 255, 255, 0.45);
-    cursor: pointer;
-    transition:
-      border-color var(--tr-fast),
-      background var(--tr-fast);
-
-    &:hover {
-      border-color: var(--c-accent);
-    }
-    &.selected {
-      border-color: var(--c-accent);
-      background: var(--c-accent-bg);
-    }
-    strong {
-      font-size: var(--fs-md);
-      color: var(--c-text);
-    }
-    small {
-      font-size: var(--fs-xs);
-      color: var(--c-text-3);
-    }
-  }
-  :global([data-theme='dark']) .layout-option {
-    background: rgba(255, 255, 255, 0.04);
-  }
-  .sr-only {
-    position: absolute;
-    width: 1px;
-    height: 1px;
-    padding: 0;
-    margin: -1px;
-    overflow: hidden;
-    clip: rect(0, 0, 0, 0);
-    white-space: nowrap;
-    border: 0;
-  }
-  .mockup {
-    display: block;
-    width: 100%;
-    height: auto;
-    aspect-ratio: 100 / 60;
-    background: rgba(0, 0, 0, 0.04);
-    border-radius: 6px;
-    overflow: hidden;
-  }
-  :global([data-theme='dark']) .mockup {
-    background: rgba(255, 255, 255, 0.06);
-  }
-  .mockup .title {
-    fill: rgba(0, 0, 0, 0.5);
-  }
-  .mockup .folder {
-    fill: rgba(0, 0, 0, 0.06);
-    stroke: rgba(0, 0, 0, 0.18);
-    stroke-width: 0.5;
-  }
-  .mockup .dot,
-  .mockup .tile {
-    fill: rgba(0, 0, 0, 0.28);
-  }
-  :global([data-theme='dark']) .mockup .title {
-    fill: rgba(255, 255, 255, 0.55);
-  }
-  :global([data-theme='dark']) .mockup .folder {
-    fill: rgba(255, 255, 255, 0.04);
-    stroke: rgba(255, 255, 255, 0.22);
-  }
-  :global([data-theme='dark']) .mockup .dot,
-  :global([data-theme='dark']) .mockup .tile {
-    fill: rgba(255, 255, 255, 0.32);
-  }
-  .layout-option.selected .mockup .title {
-    fill: var(--c-accent);
-  }
-  .layout-option.selected .mockup .folder {
-    fill: color-mix(in srgb, var(--c-accent) 12%, transparent);
-    stroke: var(--c-accent);
-  }
-  .layout-option.selected .mockup .dot,
-  .layout-option.selected .mockup .tile {
-    fill: color-mix(in srgb, var(--c-accent) 70%, transparent);
-  }
 </style>
diff --git a/web/src/lib/components/Admin/AdminSitesTab.svelte b/web/src/lib/components/Admin/AdminSitesTab.svelte
index 3cbfbdc..66ee2b5 100644
--- a/web/src/lib/components/Admin/AdminSitesTab.svelte
+++ b/web/src/lib/components/Admin/AdminSitesTab.svelte
@@ -16,8 +16,9 @@
   });
   const linkCountBySite = $derived.by(() => {
     const map = new Map<string, number>();
-    for (const it of $navDataStore.bundle?.items ?? []) {
-      for (const k of Object.keys(it.links)) {
+    for (const c of $navDataStore.bundle?.cards ?? []) {
+      if (c.kind !== 'item' || !c.links) continue;
+      for (const k of Object.keys(c.links)) {
         map.set(k, (map.get(k) ?? 0) + 1);
       }
     }
@@ -84,9 +85,7 @@
     if (busy) return;
     const count = linkCountBySite.get(s.value) ?? 0;
     if (count > 0) {
-      toast.error(
-        `Site "${s.name}" is referenced by ${count} item link(s). Remove those first.`
-      );
+      toast.error(`Site "${s.name}" is referenced by ${count} item link(s). Remove those first.`);
       return;
     }
     if (!confirm(`Delete site "${s.name}"?`)) return;
@@ -143,8 +142,8 @@
     {/if}
   </header>
   <p class="hint">
-    A "site" is a per-item link target (e.g. <code>shanghai</code>, <code>beijing</code>). Each
-    nav item can have one URL per site.
+    A "site" is a per-item link target (e.g. <code>shanghai</code>, <code>beijing</code>). Each nav
+    item can have one URL per site.
   </p>
 
   {#if creating}
diff --git a/web/src/lib/components/Editor/ItemEditDialog.svelte b/web/src/lib/components/Editor/ItemEditDialog.svelte
index bb9e9ce..1569d44 100644
--- a/web/src/lib/components/Editor/ItemEditDialog.svelte
+++ b/web/src/lib/components/Editor/ItemEditDialog.svelte
@@ -5,24 +5,25 @@
   import IconSourcePicker from './IconSourcePicker.svelte';
   import { t } from '$lib/i18n/store';
   import { navDataStore } from '$lib/stores/navData';
-  import { createItem, patchItem, type ItemPayload } from '$lib/api/nav';
+  import { createCard, patchCard } from '$lib/api/cards';
+  import type { CardPayload, CardPatch } from '$lib/types/card';
   import { toast } from '$lib/components/ui/toast';
   import { ApiError } from '$lib/api/client';
-  import type { Item } from '$lib/types/nav';
+  import type { Card } from '$lib/types/card';
 
   interface Props {
     open: boolean;
     /** When set, dialog is in edit mode for this item; null = create. */
-    target: Item | null;
-    /** Initial group for create mode. */
-    defaultGroupId?: number | null;
+    target: Card | null;
+    /** Initial parent (folder id) for create mode. */
+    defaultParentId?: number | null;
   }
 
-  let { open = $bindable(false), target, defaultGroupId = null }: Props = $props();
+  let { open = $bindable(false), target, defaultParentId = null }: Props = $props();
 
   // Form state
   let name = $state('');
-  let groupId = $state<number | null>(null);
+  let parentId = $state<number | null>(null);
   let iconKind = $state<'asset' | 'url' | 'auto-favicon'>('asset');
   let iconValue = $state('');
   /** Each row = (site value, url). Empty rows are dropped on submit. */
@@ -35,13 +36,16 @@
     if (open && !hydrated) {
       if (target) {
         name = target.name;
-        groupId = target.groupId;
-        iconKind = target.iconKind;
-        iconValue = target.iconValue;
-        linkRows = Object.entries(target.links).map(([siteValue, url]) => ({ siteValue, url }));
+        parentId = target.parentId ?? null;
+        iconKind = target.iconKind ?? 'asset';
+        iconValue = target.iconValue ?? '';
+        linkRows = Object.entries(target.links ?? {}).map(([siteValue, url]) => ({
+          siteValue,
+          url
+        }));
       } else {
         name = '';
-        groupId = defaultGroupId;
+        parentId = defaultParentId;
         iconKind = 'asset';
         iconValue = '';
         const firstSite = $navDataStore.bundle?.sites[0]?.value ?? '';
@@ -89,18 +93,28 @@
       if (Object.keys(links).length === 0) {
         throw new Error('At least one link is required.');
       }
-      const payload: ItemPayload = {
-        groupId,
-        name: name.trim(),
-        iconKind,
-        iconValue: iconValue.trim(),
-        links
-      };
       if (target) {
-        await patchItem(target.id, payload);
+        const patch: CardPatch = {
+          name: name.trim(),
+          iconKind,
+          iconValue: iconValue.trim(),
+          links
+        };
+        if ((target.parentId ?? null) !== parentId) {
+          patch.parentId = parentId;
+        }
+        await patchCard(target.id, patch);
         toast.success($t('common.save') + ' ✓');
       } else {
-        await createItem(payload);
+        const payload: CardPayload = {
+          kind: 'item',
+          parentId,
+          name: name.trim(),
+          iconKind,
+          iconValue: iconValue.trim(),
+          links
+        };
+        await createCard(payload);
         toast.success($t('editor.item.new') + ' ✓');
       }
       navDataStore.refetch();
@@ -114,18 +128,23 @@
     }
   }
 
-  const groupOptions = $derived($navDataStore.bundle?.groups ?? []);
+  /** Folders the user can drop this item into. */
+  const folderOptions = $derived(
+    ($navDataStore.bundle?.cards ?? [])
+      .filter((c) => c.kind === 'folder')
+      .sort((a, b) => a.sortOrder - b.sortOrder)
+  );
 </script>
 
 <Dialog bind:open title={target ? $t('common.edit') : $t('editor.item.new')} width="md">
   <div class="form">
     <Input label={$t('common.edit') + ' — name'} bind:value={name} />
     <label class="grp">
-      <span class="lbl">Group</span>
-      <select bind:value={groupId}>
+      <span class="lbl">Folder</span>
+      <select bind:value={parentId}>
         <option value={null}>—</option>
-        {#each groupOptions as g (g.id)}
-          <option value={g.id}>{g.name}</option>
+        {#each folderOptions as f (f.id)}
+          <option value={f.id}>{f.name}</option>
         {/each}
       </select>
     </label>
diff --git a/web/src/lib/components/Header/AuthControls.svelte b/web/src/lib/components/Header/AuthControls.svelte
index 3045c9a..85aae08 100644
--- a/web/src/lib/components/Header/AuthControls.svelte
+++ b/web/src/lib/components/Header/AuthControls.svelte
@@ -3,7 +3,6 @@
   import IconButton from '$lib/components/ui/IconButton.svelte';
   import LoginDialog from '$lib/components/Editor/LoginDialog.svelte';
   import ChangePasswordDialog from '$lib/components/Editor/ChangePasswordDialog.svelte';
-  import EditToggle from './EditToggle.svelte';
   import { goto } from '$app/navigation';
   import { sessionStore } from '$lib/stores/session';
   import { t } from '$lib/i18n/store';
@@ -17,7 +16,6 @@
 </script>
 
 {#if $sessionStore.authed}
-  <EditToggle />
   <IconButton label="Admin" onclick={() => goto('/admin')}>
     <svg
       width="18"
diff --git a/web/src/lib/components/Header/EditToggle.svelte b/web/src/lib/components/Header/EditToggle.svelte
deleted file mode 100644
index deb60b2..0000000
--- a/web/src/lib/components/Header/EditToggle.svelte
+++ /dev/null
@@ -1,59 +0,0 @@
-<script lang="ts">
-  import IconButton from '$lib/components/ui/IconButton.svelte';
-  import { editModeStore } from '$lib/stores/editMode';
-  import { t } from '$lib/i18n/store';
-</script>
-
-<div class="edit-toggle" class:active={$editModeStore}>
-  <IconButton
-    label={$editModeStore ? $t('header.editMode.exit') : $t('header.editMode.enter')}
-    onclick={editModeStore.toggle}
-  >
-    {#if $editModeStore}
-      <!-- Check / done icon when in edit mode (click to exit) -->
-      <svg
-        width="18"
-        height="18"
-        viewBox="0 0 24 24"
-        fill="none"
-        stroke="currentColor"
-        stroke-width="2"
-        stroke-linecap="round"
-        stroke-linejoin="round"
-        aria-hidden="true"
-      >
-        <path d="M20 6 9 17l-5-5" />
-      </svg>
-    {:else}
-      <!-- Pencil icon when not in edit mode (click to enter) -->
-      <svg
-        width="18"
-        height="18"
-        viewBox="0 0 24 24"
-        fill="none"
-        stroke="currentColor"
-        stroke-width="1.8"
-        stroke-linecap="round"
-        stroke-linejoin="round"
-        aria-hidden="true"
-      >
-        <path d="M12 20h9" />
-        <path d="M16.5 3.5a2.121 2.121 0 0 1 3 3L7 19l-4 1 1-4Z" />
-      </svg>
-    {/if}
-  </IconButton>
-</div>
-
-<style lang="scss">
-  /* When in edit mode, give the icon button an "active" amber pill so the
-   * user clearly sees the editing state without needing the text label. */
-  .edit-toggle.active :global(.icon-btn) {
-    background: rgba(245, 166, 35, 0.85);
-    color: #fff;
-
-    &:hover {
-      background: #f5a623;
-      color: #fff;
-    }
-  }
-</style>
diff --git a/web/src/lib/components/Header/SiteSelect.svelte b/web/src/lib/components/Header/SiteSelect.svelte
index fdff059..0700966 100644
--- a/web/src/lib/components/Header/SiteSelect.svelte
+++ b/web/src/lib/components/Header/SiteSelect.svelte
@@ -3,15 +3,14 @@
   import { navDataStore } from '$lib/stores/navData';
   import { uiPrefs } from '$lib/stores/uiPrefs';
   import { currentSite } from '$lib/stores/visible';
-  import { localeStore } from '$lib/i18n/store';
 
   let open = $state(false);
   let triggerEl: HTMLButtonElement | undefined = $state();
   let menuX = $state(0);
   let menuY = $state(0);
 
-  function nameFor(site: { name: string; nameI18n?: Record<string, string> | null }) {
-    return site.nameI18n?.[$localeStore] ?? site.name;
+  function nameFor(site: { name: string }) {
+    return site.name;
   }
 
   function openMenu() {
diff --git a/web/src/lib/components/Nav/Card.svelte b/web/src/lib/components/Nav/Card.svelte
new file mode 100644
index 0000000..d1d87d2
--- /dev/null
+++ b/web/src/lib/components/Nav/Card.svelte
@@ -0,0 +1,391 @@
+<script lang="ts">
+  import type { Card } from '$lib/types/card';
+  import { currentSite } from '$lib/stores/visible';
+  import { jiggleMode } from '$lib/stores/jiggle';
+  import { t } from '$lib/i18n/store';
+  import { longPress } from '$lib/util/longPress';
+  import { navDataStore } from '$lib/stores/navData';
+  import { deleteCard, patchCard } from '$lib/api/cards';
+  import { toast } from '$lib/components/ui/toast';
+  import { mergeCandidate } from '$lib/stores/dragMerge';
+
+  interface Props {
+    card: Card;
+    /** Folder previews — first 4 children, rendered as the folder tile. */
+    folderChildren?: Card[];
+    onOpenFolder?: (folderId: number) => void;
+    /** Called when user wants to edit this item. */
+    onEdit?: (card: Card) => void;
+  }
+  let { card, folderChildren = [], onOpenFolder, onEdit }: Props = $props();
+
+  const isItem = $derived(card.kind === 'item');
+  const isFolder = $derived(card.kind === 'folder');
+
+  const url = $derived(
+    isItem && $currentSite.site && card.links ? (card.links[$currentSite.site.value] ?? null) : null
+  );
+  // Folder thumbnail: first 4 children.
+  const previews = $derived(folderChildren.slice(0, 4));
+  const SLOTS = [0, 1, 2, 3];
+
+  function iconSrc(c: Card): string {
+    switch (c.iconKind) {
+      case 'asset':
+        return `/navIcons/${c.iconValue}`;
+      case 'url':
+        return c.iconValue ?? '';
+      case 'auto-favicon':
+        return `/api/favicon?host=${encodeURIComponent(c.iconValue ?? '')}`;
+      default:
+        return '';
+    }
+  }
+
+  function open() {
+    if ($jiggleMode) {
+      // In jiggle/edit mode, single-click on an item is a no-op — we
+      // don't want a long-press release to immediately pop the editor
+      // (the user is in editing mode, not launching/editing one item).
+      // Folders still expand on click so the user can rearrange inside.
+      if (isFolder) onOpenFolder?.(card.id);
+      return;
+    }
+    if (isItem && url) {
+      window.open(url, '_blank', 'noopener,noreferrer');
+    } else if (isFolder) {
+      onOpenFolder?.(card.id);
+    }
+  }
+
+  function onEditClick(e: MouseEvent) {
+    // Explicit edit affordance (pencil button) only visible in jiggle.
+    e.stopPropagation();
+    if (isItem) onEdit?.(card);
+  }
+
+  function onKeydown(e: KeyboardEvent) {
+    if ($jiggleMode) return;
+    if (e.key === 'Enter' || e.key === ' ') {
+      e.preventDefault();
+      open();
+    }
+  }
+
+  function onLongPress() {
+    const entered = jiggleMode.enter();
+    if (!entered) {
+      // Auth-gated: surface a hint so the user knows why nothing happened.
+      toast.error($t('home.editMode.signInRequired'));
+    }
+  }
+
+  let renaming = $state(false);
+  let renameValue = $state('');
+
+  function startRename(e: MouseEvent) {
+    e.stopPropagation();
+    if (!isFolder) return;
+    renaming = true;
+    renameValue = card.name;
+  }
+
+  async function commitRename() {
+    const next = renameValue.trim();
+    renaming = false;
+    if (!next || next === card.name) return;
+    try {
+      const updated = await patchCard(card.id, { name: next });
+      navDataStore.applyCardPatch(card.id, { name: updated.name });
+    } catch {
+      toast.error($t('error.unknown'));
+      navDataStore.refetch();
+    }
+  }
+
+  function cancelRename() {
+    renaming = false;
+  }
+
+  async function onDelete(e: MouseEvent) {
+    e.stopPropagation();
+    if (isFolder) {
+      const childCount = folderChildren.length;
+      const msg =
+        childCount > 0
+          ? $t('home.folder.deleteConfirm', { name: card.name, count: childCount })
+          : $t('common.deleteConfirmGeneric', { name: card.name });
+      if (!window.confirm(msg)) return;
+    } else if (!window.confirm($t('common.deleteConfirmGeneric', { name: card.name }))) {
+      return;
+    }
+    try {
+      await deleteCard(card.id);
+      navDataStore.refetch();
+      toast.success($t('common.delete') + ' ✓');
+    } catch {
+      toast.error($t('error.unknown'));
+    }
+  }
+</script>
+
+<div
+  class="cell"
+  class:jiggle={$jiggleMode}
+  class:merge-target={$mergeCandidate?.id === card.id}
+  data-card-id={card.id}
+  data-card-kind={card.kind}
+  use:longPress={{ onTrigger: onLongPress }}
+>
+  {#if $jiggleMode}
+    <button type="button" class="x-btn" aria-label={$t('common.delete')} onclick={onDelete}>
+      ×
+    </button>
+    {#if isItem}
+      <button type="button" class="edit-btn" aria-label={$t('common.edit')} onclick={onEditClick}>
+        <svg
+          width="12"
+          height="12"
+          viewBox="0 0 24 24"
+          fill="none"
+          stroke="currentColor"
+          stroke-width="2.4"
+          stroke-linecap="round"
+          stroke-linejoin="round"
+          aria-hidden="true"
+        >
+          <path d="M12 20h9" />
+          <path d="M16.5 3.5a2.121 2.121 0 1 1 3 3L7 19l-4 1 1-4 12.5-12.5z" />
+        </svg>
+      </button>
+    {/if}
+  {/if}
+
+  {#if isFolder}
+    <button class="folder" type="button" onclick={open} aria-label={card.name}>
+      <div class="thumbs">
+        {#each SLOTS as i (i)}
+          {#if previews[i]}
+            <img class="thumb" src={iconSrc(previews[i])} alt="" loading="lazy" draggable="false" />
+          {:else}
+            <span class="thumb empty" aria-hidden="true"></span>
+          {/if}
+        {/each}
+      </div>
+    </button>
+  {:else}
+    <button
+      type="button"
+      class="card"
+      onclick={open}
+      onkeydown={onKeydown}
+      ondblclick={() => onEdit?.(card)}
+      aria-label={card.name}
+      disabled={!url && !$jiggleMode}
+    >
+      <img class="icon" src={iconSrc(card)} alt="" loading="lazy" draggable="false" />
+    </button>
+  {/if}
+
+  {#if isFolder && $jiggleMode && renaming}
+    <!-- svelte-ignore a11y_autofocus -->
+    <input
+      class="rename-input"
+      bind:value={renameValue}
+      onkeydown={(e) => {
+        if (e.key === 'Enter') commitRename();
+        else if (e.key === 'Escape') cancelRename();
+      }}
+      onblur={commitRename}
+      autofocus
+    />
+  {:else if isFolder && $jiggleMode}
+    <button type="button" class="label rename" onclick={startRename}>{card.name}</button>
+  {:else}
+    <span class="label">{card.name}</span>
+  {/if}
+</div>
+
+<style lang="scss">
+  @keyframes jiggle-shake {
+    0% {
+      transform: rotate(-1deg);
+    }
+    50% {
+      transform: rotate(1deg);
+    }
+    100% {
+      transform: rotate(-1deg);
+    }
+  }
+  .cell {
+    position: relative;
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: var(--sp-3);
+    width: 120px;
+    user-select: none;
+    -webkit-user-drag: none;
+  }
+  /* Wobble lives on .card / .folder (inner element), not .cell. The
+   * outer .cell may receive a transient transform (e.g. translation
+   * during drag); animating an inner element keeps .cell's transform
+   * free for the dnd layer to use. */
+  .cell.jiggle {
+    cursor: grab;
+    /* Suppress browser pan/zoom on touch so the drag gesture isn't
+     * double-interpreted as a scroll. */
+    touch-action: none;
+  }
+  .cell.jiggle:active {
+    cursor: grabbing;
+  }
+  .cell.jiggle .card,
+  .cell.jiggle .folder {
+    animation: jiggle-shake 0.25s ease-in-out infinite;
+    transform-origin: center;
+    cursor: inherit;
+  }
+  /* Visual cue for "release here to merge / reparent". The hover
+   * threshold (500ms) flips this on by setting the cell class. */
+  .cell.merge-target .card,
+  .cell.merge-target .folder {
+    box-shadow:
+      0 0 0 4px var(--c-accent, #4a6cf7),
+      0 0 22px rgba(74, 108, 247, 0.55);
+    transform: scale(1.06);
+    transition:
+      box-shadow 0.15s ease,
+      transform 0.15s ease;
+  }
+  .x-btn {
+    position: absolute;
+    top: -6px;
+    left: -6px;
+    width: 22px;
+    height: 22px;
+    border-radius: 50%;
+    border: 0;
+    background: var(--c-danger, #d33);
+    color: white;
+    font-size: 18px;
+    line-height: 1;
+    cursor: pointer;
+    z-index: 2;
+  }
+  .edit-btn {
+    position: absolute;
+    top: -6px;
+    right: -6px;
+    width: 22px;
+    height: 22px;
+    border-radius: 50%;
+    border: 0;
+    background: var(--c-accent, #4a6cf7);
+    color: white;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    cursor: pointer;
+    z-index: 2;
+  }
+  .card {
+    width: 120px;
+    height: 120px;
+    padding: 14px;
+    background: var(--c-surface);
+    border: 0;
+    border-radius: 22px;
+    box-shadow: var(--sh-card);
+    cursor: pointer;
+    transition: box-shadow var(--tr-base);
+    &:hover:not(:disabled) {
+      box-shadow: var(--sh-card-hover);
+    }
+    &:disabled {
+      opacity: 0.55;
+      cursor: not-allowed;
+    }
+    .icon {
+      width: 100%;
+      height: 100%;
+      object-fit: contain;
+      border-radius: 12px;
+    }
+  }
+  .folder {
+    width: 120px;
+    height: 120px;
+    padding: 12px;
+    background: rgba(255, 255, 255, 0.35);
+    border: 0;
+    border-radius: 22px;
+    box-shadow: var(--sh-card);
+    cursor: pointer;
+    backdrop-filter: blur(10px);
+    -webkit-backdrop-filter: blur(10px);
+  }
+  :global([data-theme='dark']) .folder {
+    background: rgba(255, 255, 255, 0.08);
+  }
+  .thumbs {
+    display: grid;
+    grid-template-columns: 1fr 1fr;
+    grid-template-rows: 1fr 1fr;
+    gap: 6px;
+    width: 100%;
+    height: 100%;
+  }
+  .thumb {
+    width: 100%;
+    height: 100%;
+    object-fit: contain;
+    background: rgba(255, 255, 255, 0.7);
+    border-radius: 8px;
+    padding: 3px;
+    box-sizing: border-box;
+  }
+  .thumb.empty {
+    background: rgba(255, 255, 255, 0.25);
+  }
+  .label {
+    font-size: 14px;
+    font-weight: 700;
+    letter-spacing: 0.1em;
+    color: var(--c-card-label);
+    text-align: center;
+    line-height: var(--lh-tight);
+    word-break: break-word;
+    background: transparent;
+    border: 0;
+    padding: 0;
+  }
+  .label.rename {
+    cursor: text;
+  }
+  .rename-input {
+    font-size: 14px;
+    text-align: center;
+    width: 110px;
+    border: 1px solid var(--c-border, #999);
+    border-radius: 6px;
+    padding: 2px 6px;
+  }
+  @media (max-width: 500px) {
+    .cell {
+      width: 72px;
+      gap: var(--sp-2);
+    }
+    .card,
+    .folder {
+      width: 72px;
+      height: 72px;
+      padding: 10px;
+      border-radius: 16px;
+    }
+    .label {
+      font-size: var(--fs-xs);
+    }
+  }
+</style>
diff --git a/web/src/lib/components/Nav/FavoritesSection.svelte b/web/src/lib/components/Nav/FavoritesSection.svelte
deleted file mode 100644
index 03cf511..0000000
--- a/web/src/lib/components/Nav/FavoritesSection.svelte
+++ /dev/null
@@ -1,32 +0,0 @@
-<script lang="ts">
-  import type { Item } from '$lib/types/nav';
-  import { visibleFavorites } from '$lib/stores/visible';
-  import NavGrid from './NavGrid.svelte';
-  import { t } from '$lib/i18n/store';
-
-  interface Props {
-    onEdit?: (item: Item) => void;
-  }
-  let { onEdit }: Props = $props();
-</script>
-
-{#if $visibleFavorites.length > 0}
-  <section class="favorites">
-    <h2 class="heading">★ {$t('nav.favorites.title')}</h2>
-    <NavGrid items={$visibleFavorites} {onEdit} />
-  </section>
-{/if}
-
-<style lang="scss">
-  .favorites {
-    margin-bottom: var(--sp-7);
-  }
-  .heading {
-    margin: 0 0 var(--sp-4);
-    font-size: var(--fs-md);
-    font-weight: var(--fw-semibold);
-    color: var(--c-section-heading);
-    letter-spacing: 0.05em;
-    text-transform: uppercase;
-  }
-</style>
diff --git a/web/src/lib/components/Nav/GroupFolder.svelte b/web/src/lib/components/Nav/GroupFolder.svelte
deleted file mode 100644
index 6ab17ec..0000000
--- a/web/src/lib/components/Nav/GroupFolder.svelte
+++ /dev/null
@@ -1,131 +0,0 @@
-<script lang="ts">
-  import type { Group, Item } from '$lib/types/nav';
-  import { localeStore } from '$lib/i18n/store';
-
-  interface Props {
-    group: Group;
-    items: Item[];
-    onOpen: () => void;
-  }
-  let { group, items, onOpen }: Props = $props();
-
-  const previews = $derived(items.slice(0, 4));
-  const SLOTS = [0, 1, 2, 3];
-  const displayName = $derived(group.nameI18n?.[$localeStore] ?? group.name);
-
-  function iconSrc(item: Item): string {
-    switch (item.iconKind) {
-      case 'asset':
-        return `/navIcons/${item.iconValue}`;
-      case 'url':
-        return item.iconValue;
-      case 'auto-favicon':
-        return `/api/favicon?host=${encodeURIComponent(item.iconValue)}`;
-    }
-  }
-</script>
-
-<div class="cell">
-  <button class="folder" type="button" onclick={onOpen} aria-label={displayName}>
-    <div class="thumbs">
-      {#each SLOTS as i (i)}
-        {#if previews[i]}
-          <img class="thumb" src={iconSrc(previews[i])} alt="" loading="lazy" />
-        {:else}
-          <span class="thumb empty" aria-hidden="true"></span>
-        {/if}
-      {/each}
-    </div>
-  </button>
-  <span class="label">{displayName}</span>
-</div>
-
-<style lang="scss">
-  .cell {
-    position: relative;
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    gap: var(--sp-3);
-    width: 120px;
-  }
-  .folder {
-    width: 120px;
-    height: 120px;
-    padding: 12px;
-    background: rgba(255, 255, 255, 0.35);
-    border: 0;
-    border-radius: 22px;
-    box-shadow: var(--sh-card);
-    cursor: pointer;
-    backdrop-filter: blur(10px);
-    -webkit-backdrop-filter: blur(10px);
-    transition:
-      box-shadow var(--tr-base),
-      transform var(--tr-fast);
-
-    &:hover {
-      box-shadow: var(--sh-card-hover);
-      transform: translateY(-2px);
-    }
-  }
-  :global([data-theme='dark']) .folder {
-    background: rgba(255, 255, 255, 0.08);
-  }
-  .thumbs {
-    display: grid;
-    grid-template-columns: 1fr 1fr;
-    grid-template-rows: 1fr 1fr;
-    gap: 6px;
-    width: 100%;
-    height: 100%;
-  }
-  .thumb {
-    width: 100%;
-    height: 100%;
-    object-fit: contain;
-    background: rgba(255, 255, 255, 0.7);
-    border-radius: 8px;
-    padding: 3px;
-    box-sizing: border-box;
-  }
-  :global([data-theme='dark']) .thumb {
-    background: rgba(255, 255, 255, 0.18);
-  }
-  .thumb.empty {
-    background: rgba(255, 255, 255, 0.25);
-  }
-  .label {
-    font-size: 14px;
-    font-weight: 700;
-    letter-spacing: 0.1em;
-    color: var(--c-card-label);
-    text-shadow: var(--sh-card-label);
-    text-align: center;
-    line-height: var(--lh-tight);
-    word-break: break-word;
-  }
-
-  @media (max-width: 500px) {
-    .cell {
-      width: 72px;
-      gap: var(--sp-2);
-    }
-    .folder {
-      width: 72px;
-      height: 72px;
-      padding: 8px;
-      border-radius: 16px;
-    }
-    .thumbs {
-      gap: 3px;
-    }
-    .thumb {
-      border-radius: 5px;
-      padding: 1px;
-    }
-    .label {
-      font-size: var(--fs-xs);
-    }
-  }
-</style>
diff --git a/web/src/lib/components/Nav/GroupFolderModal.svelte b/web/src/lib/components/Nav/GroupFolderModal.svelte
deleted file mode 100644
index 4892d45..0000000
--- a/web/src/lib/components/Nav/GroupFolderModal.svelte
+++ /dev/null
@@ -1,123 +0,0 @@
-<script lang="ts">
-  import type { Group, Item } from '$lib/types/nav';
-  import { localeStore } from '$lib/i18n/store';
-  import NavGrid from './NavGrid.svelte';
-  import NewItemAffordance from '$lib/components/Editor/NewItemAffordance.svelte';
-  import { editModeStore } from '$lib/stores/editMode';
-
-  interface Props {
-    group: Group;
-    items: Item[];
-    onClose: () => void;
-    onEdit?: (item: Item) => void;
-    onCreate?: () => void;
-  }
-  let { group, items, onClose, onEdit, onCreate }: Props = $props();
-
-  const displayName = $derived(group.nameI18n?.[$localeStore] ?? group.name);
-
-  function onKey(e: KeyboardEvent) {
-    if (e.key === 'Escape') {
-      e.preventDefault();
-      onClose();
-    }
-  }
-
-  function onBackdrop(e: MouseEvent) {
-    if (e.target === e.currentTarget) onClose();
-  }
-</script>
-
-<svelte:window onkeydown={onKey} />
-
-<!-- svelte-ignore a11y_click_events_have_key_events -->
-<div
-  class="folder-backdrop"
-  role="dialog"
-  aria-modal="true"
-  aria-label={displayName}
-  tabindex="-1"
-  onclick={onBackdrop}
->
-  <div class="panel">
-    <header class="head">
-      <h2 class="title">{displayName}</h2>
-      <button class="close" type="button" aria-label="Close" onclick={onClose}>×</button>
-    </header>
-    <div class="body">
-      <NavGrid {items} groupId={group.id} {onEdit}>
-        {#snippet trailing()}
-          {#if $editModeStore && onCreate}
-            <NewItemAffordance onClick={onCreate} />
-          {/if}
-        {/snippet}
-      </NavGrid>
-    </div>
-  </div>
-</div>
-
-<style lang="scss">
-  .folder-backdrop {
-    position: fixed;
-    inset: 0;
-    z-index: 900;
-    background: rgba(20, 16, 28, 0.4);
-    backdrop-filter: blur(16px) saturate(140%);
-    -webkit-backdrop-filter: blur(16px) saturate(140%);
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    padding: var(--sp-7) var(--sp-5);
-    animation: fade-in 200ms ease-out;
-  }
-  @keyframes fade-in {
-    from {
-      opacity: 0;
-    }
-    to {
-      opacity: 1;
-    }
-  }
-  .panel {
-    width: 100%;
-    max-width: 1024px;
-    max-height: calc(100vh - var(--sp-7) * 2);
-    display: flex;
-    flex-direction: column;
-  }
-  .head {
-    display: flex;
-    align-items: center;
-    justify-content: space-between;
-    margin-bottom: var(--sp-6);
-    padding: 0 var(--sp-3);
-  }
-  .title {
-    margin: 0;
-    font-size: 24px;
-    font-weight: var(--fw-semibold);
-    letter-spacing: 0.05em;
-    color: var(--c-card-label);
-    text-shadow: var(--sh-card-label);
-  }
-  .close {
-    width: 36px;
-    height: 36px;
-    border: 0;
-    background: rgba(255, 255, 255, 0.16);
-    color: var(--c-card-label);
-    border-radius: var(--rd-pill);
-    font-size: 20px;
-    line-height: 1;
-    cursor: pointer;
-    transition: background var(--tr-fast);
-
-    &:hover {
-      background: rgba(255, 255, 255, 0.3);
-    }
-  }
-  .body {
-    overflow-y: auto;
-    padding: var(--sp-3);
-  }
-</style>
diff --git a/web/src/lib/components/Nav/GroupHeader.svelte b/web/src/lib/components/Nav/GroupHeader.svelte
deleted file mode 100644
index 1909d3b..0000000
--- a/web/src/lib/components/Nav/GroupHeader.svelte
+++ /dev/null
@@ -1,52 +0,0 @@
-<script lang="ts">
-  import type { Group } from '$lib/types/nav';
-  import { localeStore } from '$lib/i18n/store';
-  import { uiPrefs } from '$lib/stores/uiPrefs';
-
-  interface Props {
-    group: Group;
-  }
-  let { group }: Props = $props();
-
-  const isOpen = $derived($uiPrefs.groupOpen[group.slug] !== false);
-  const name = $derived(group.nameI18n?.[$localeStore] ?? group.name);
-
-  function toggle() {
-    uiPrefs.setGroupOpen(group.slug, !isOpen);
-  }
-</script>
-
-<button type="button" class="header" aria-expanded={isOpen} onclick={toggle}>
-  <span class="chev" class:open={isOpen} aria-hidden="true">▸</span>
-  <span class="name">{name}</span>
-</button>
-
-<style lang="scss">
-  .header {
-    display: inline-flex;
-    align-items: center;
-    gap: var(--sp-2);
-    padding: var(--sp-2) var(--sp-3);
-    margin-left: calc(-1 * var(--sp-3));
-    background: transparent;
-    border: 0;
-    cursor: pointer;
-    color: var(--c-section-heading);
-    font-size: var(--fs-md);
-    font-weight: var(--fw-semibold);
-    border-radius: var(--rd-md);
-
-    &:hover {
-      background: rgba(255, 255, 255, 0.12);
-    }
-  }
-  .chev {
-    display: inline-block;
-    transition: transform var(--tr-fast);
-    color: var(--c-section-heading);
-
-    &.open {
-      transform: rotate(90deg);
-    }
-  }
-</style>
diff --git a/web/src/lib/components/Nav/GroupSection.svelte b/web/src/lib/components/Nav/GroupSection.svelte
deleted file mode 100644
index d5a1d73..0000000
--- a/web/src/lib/components/Nav/GroupSection.svelte
+++ /dev/null
@@ -1,42 +0,0 @@
-<script lang="ts">
-  import type { VisibleGroup } from '$lib/stores/visible';
-  import type { Item } from '$lib/types/nav';
-  import { uiPrefs } from '$lib/stores/uiPrefs';
-  import { editModeStore } from '$lib/stores/editMode';
-  import GroupHeader from './GroupHeader.svelte';
-  import NavGrid from './NavGrid.svelte';
-  import NewItemAffordance from '$lib/components/Editor/NewItemAffordance.svelte';
-
-  interface Props {
-    section: VisibleGroup;
-    onEdit?: (item: Item) => void;
-    onCreate?: () => void;
-  }
-  let { section, onEdit, onCreate }: Props = $props();
-
-  const isOpen = $derived(section.group ? $uiPrefs.groupOpen[section.group.slug] !== false : true);
-</script>
-
-<section class="section">
-  {#if section.group}
-    <GroupHeader group={section.group} />
-  {/if}
-  {#if isOpen}
-    <NavGrid items={section.items} groupId={section.group?.id ?? null} {onEdit}>
-      {#snippet trailing()}
-        {#if $editModeStore && onCreate}
-          <NewItemAffordance onClick={onCreate} />
-        {/if}
-      {/snippet}
-    </NavGrid>
-  {/if}
-</section>
-
-<style lang="scss">
-  .section {
-    display: flex;
-    flex-direction: column;
-    gap: var(--sp-4);
-    margin-bottom: var(--sp-7);
-  }
-</style>
diff --git a/web/src/lib/components/Nav/InlineFolderExpand.svelte b/web/src/lib/components/Nav/InlineFolderExpand.svelte
new file mode 100644
index 0000000..523d69d
--- /dev/null
+++ b/web/src/lib/components/Nav/InlineFolderExpand.svelte
@@ -0,0 +1,162 @@
+<script lang="ts">
+  import type { Card } from '$lib/types/card';
+  import { onMount } from 'svelte';
+  import { navDataStore } from '$lib/stores/navData';
+  import { currentSite } from '$lib/stores/visible';
+  import { t } from '$lib/i18n/store';
+  import { dragSource } from '$lib/stores/dragMerge';
+  import CardComp from './Card.svelte';
+
+  interface Props {
+    folder: Card;
+    onClose: () => void;
+    onEdit?: (card: Card) => void;
+  }
+  let { folder, onClose, onEdit }: Props = $props();
+
+  // Drag handling lives on the page-level <div use:dragGrid>. This panel
+  // just renders cards inside a [data-zone] container so the action can
+  // identify them as "in this folder" during cross-zone hit tests.
+  const zoneId = $derived(`folder:${folder.id}`);
+
+  const childCards = $derived(
+    ($navDataStore.bundle?.cards ?? [])
+      .filter(
+        (c) =>
+          c.parentId === folder.id &&
+          (c.kind !== 'item' ||
+            (c.links && $currentSite.site && c.links[$currentSite.site.value] !== undefined))
+      )
+      .sort((a, b) => a.sortOrder - b.sortOrder)
+  );
+
+  // Lock body scroll while open so the page doesn't drift behind.
+  onMount(() => {
+    const prev = document.body.style.overflow;
+    document.body.style.overflow = 'hidden';
+    return () => {
+      document.body.style.overflow = prev;
+    };
+  });
+
+  // We can no longer auto-close on "drag clone left the panel rect"
+  // because the drag is owned by the page-level action and pointer
+  // events follow the cursor regardless. Auto-close while a drag is in
+  // progress would tear our own DOM down mid-gesture. Instead: only
+  // close on backdrop click / × button / Esc. After a successful
+  // drag-out-of-folder drop the page handler closes the panel.
+</script>
+
+<svelte:window
+  onkeydown={(e) => {
+    if (e.key === 'Escape' && !$dragSource) onClose();
+  }}
+/>
+
+<!-- svelte-ignore a11y_click_events_have_key_events -->
+<!-- svelte-ignore a11y_no_static_element_interactions -->
+<div
+  class="backdrop"
+  onclick={() => {
+    if (!$dragSource) onClose();
+  }}
+></div>
+<section class="expand" aria-label={folder.name}>
+  <header>
+    <h3>{folder.name}</h3>
+    <button type="button" class="close" aria-label={$t('common.close')} onclick={onClose}>
+      ×
+    </button>
+  </header>
+  <div class="grid" data-zone={zoneId}>
+    {#each childCards as c (c.id)}
+      <CardComp card={c} {onEdit} />
+    {/each}
+  </div>
+</section>
+
+<style lang="scss">
+  .backdrop {
+    position: fixed;
+    inset: 0;
+    background: rgba(20, 16, 28, 0.18);
+    backdrop-filter: blur(28px) saturate(140%);
+    -webkit-backdrop-filter: blur(28px) saturate(140%);
+    z-index: 80;
+    animation: backdrop-in 0.18s ease-out;
+  }
+  .expand {
+    position: fixed;
+    top: 50%;
+    left: 50%;
+    transform: translate(-50%, -50%);
+    width: min(90vw, 720px);
+    max-height: calc(100vh - 96px);
+    overflow: auto;
+    padding: var(--sp-5);
+    background: rgba(255, 255, 255, 0.62);
+    border: 1px solid rgba(255, 255, 255, 0.5);
+    border-radius: 24px;
+    box-shadow:
+      0 30px 80px rgba(0, 0, 0, 0.28),
+      0 6px 22px rgba(0, 0, 0, 0.14);
+    backdrop-filter: blur(30px) saturate(180%);
+    -webkit-backdrop-filter: blur(30px) saturate(180%);
+    z-index: 81;
+    animation: panel-in 0.22s cubic-bezier(0.2, 0.8, 0.2, 1);
+  }
+  :global([data-theme='dark']) .backdrop {
+    background: rgba(8, 6, 14, 0.45);
+  }
+  :global([data-theme='dark']) .expand {
+    background: rgba(28, 22, 40, 0.55);
+    border-color: rgba(255, 255, 255, 0.08);
+  }
+  @keyframes backdrop-in {
+    from {
+      opacity: 0;
+    }
+    to {
+      opacity: 1;
+    }
+  }
+  @keyframes panel-in {
+    from {
+      opacity: 0;
+      transform: translate(-50%, calc(-50% + 8px)) scale(0.96);
+    }
+    to {
+      opacity: 1;
+      transform: translate(-50%, -50%) scale(1);
+    }
+  }
+  header {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    margin-bottom: var(--sp-4);
+  }
+  h3 {
+    margin: 0;
+    font-size: var(--fs-md);
+  }
+  .close {
+    background: transparent;
+    border: 0;
+    font-size: 24px;
+    cursor: pointer;
+    color: var(--c-text);
+  }
+  .grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fill, 120px);
+    gap: 24px 28px;
+    justify-content: center;
+  }
+  @media (max-width: 500px) {
+    .grid {
+      grid-template-columns: repeat(auto-fill, 72px);
+      gap: 16px;
+    }
+  }
+</style>
diff --git a/web/src/lib/components/Nav/JiggleHost.svelte b/web/src/lib/components/Nav/JiggleHost.svelte
new file mode 100644
index 0000000..bacb993
--- /dev/null
+++ b/web/src/lib/components/Nav/JiggleHost.svelte
@@ -0,0 +1,30 @@
+<script lang="ts">
+  import { jiggleMode } from '$lib/stores/jiggle';
+  import type { Snippet } from 'svelte';
+
+  interface Props {
+    children: Snippet;
+  }
+  let { children }: Props = $props();
+
+  function onBackgroundClick(e: MouseEvent) {
+    if (!$jiggleMode) return;
+    // Only exit on click that is on the host itself, not a card.
+    if (e.target === e.currentTarget) {
+      jiggleMode.exit();
+    }
+  }
+</script>
+
+<!-- svelte-ignore a11y_click_events_have_key_events -->
+<!-- svelte-ignore a11y_no_static_element_interactions -->
+<div class="host" onclick={onBackgroundClick}>
+  {@render children()}
+</div>
+
+<style lang="scss">
+  .host {
+    width: 100%;
+    min-height: 60vh;
+  }
+</style>
diff --git a/web/src/lib/components/Nav/NavGrid.svelte b/web/src/lib/components/Nav/NavGrid.svelte
deleted file mode 100644
index 4033147..0000000
--- a/web/src/lib/components/Nav/NavGrid.svelte
+++ /dev/null
@@ -1,115 +0,0 @@
-<script lang="ts">
-  import type { Item } from '$lib/types/nav';
-  import NavItem from './NavItem.svelte';
-  import { editModeStore } from '$lib/stores/editMode';
-  import { dndzone, type DndEvent } from 'svelte-dnd-action';
-  import { navDataStore } from '$lib/stores/navData';
-  import { reorderItems } from '$lib/api/nav';
-  import { toast } from '$lib/components/ui/toast';
-  import { t } from '$lib/i18n/store';
-
-  interface Props {
-    items: Item[];
-    onEdit?: (item: Item) => void;
-    /** Group id this grid belongs to. null = ungrouped / favorites / flat. */
-    groupId?: number | null;
-    /** Optional snippet rendered as the last grid cell (e.g. "+ new item"
-     * affordance). Sits outside the dndzone so it isn't draggable. */
-    trailing?: import('svelte').Snippet;
-  }
-  let { items, onEdit, groupId = null, trailing }: Props = $props();
-
-  // Local mirror so dndzone can mutate during drag.
-  let working: Item[] = $state(items);
-  $effect(() => {
-    working = items;
-  });
-
-  // Disable dnd outside edit mode (read-only or unauthed).
-  const dragDisabled = $derived(!$editModeStore);
-
-  function onConsider(e: CustomEvent<DndEvent<Item>>) {
-    working = e.detail.items;
-  }
-
-  async function onFinalize(e: CustomEvent<DndEvent<Item>>) {
-    working = e.detail.items;
-    const before = $navDataStore.bundle;
-    if (!before) return;
-
-    // Build payload — every item in this grid gets new sortOrder.
-    const entries = working.map((it, i) => ({
-      id: it.id,
-      sortOrder: i,
-      groupId: groupId
-    }));
-
-    // Optimistic: patch navDataStore items to reflect new order.
-    const movedIds = new Set(entries.map((e) => e.id));
-    const orderById = new Map(entries.map((e, i) => [e.id, i]));
-    const newItems = before.items.map((it) =>
-      movedIds.has(it.id)
-        ? {
-            ...it,
-            sortOrder: orderById.get(it.id) ?? it.sortOrder,
-            groupId
-          }
-        : it
-    );
-    navDataStore.setBundle({ ...before, items: newItems });
-
-    try {
-      await reorderItems(entries);
-    } catch {
-      navDataStore.refetch();
-      toast.error($t('error.unknown'));
-    }
-  }
-</script>
-
-<div class="grid">
-  <div
-    class="cells"
-    use:dndzone={{
-      items: working,
-      dragDisabled,
-      flipDurationMs: 180,
-      dropTargetStyle: {}
-    }}
-    onconsider={onConsider}
-    onfinalize={onFinalize}
-  >
-    {#each working as item (item.id)}
-      <NavItem {item} {onEdit} />
-    {/each}
-  </div>
-  {#if trailing}{@render trailing()}{/if}
-</div>
-
-<style lang="scss">
-  .grid {
-    display: grid;
-    grid-template-columns: repeat(auto-fill, 120px);
-    gap: 36px 28px;
-    justify-content: center;
-    width: 100%;
-  }
-  /* `display: contents` makes .cells a transparent dndzone wrapper so its
-   * children (NavItem cells) participate directly in the outer .grid layout,
-   * which lets the trailing snippet sit on the same row as the last NavItem. */
-  .cells {
-    display: contents;
-  }
-  @media (max-width: 500px) {
-    .grid {
-      grid-template-columns: repeat(auto-fill, 72px);
-      gap: 24px 16px;
-    }
-  }
-  /* dnd-action ghost & dropping styles */
-  :global(.cells > [data-is-dnd-shadow-item]) {
-    visibility: visible;
-    opacity: 0.5;
-    pointer-events: none;
-  }
-</style>
diff --git a/web/src/lib/components/Nav/NavItem.svelte b/web/src/lib/components/Nav/NavItem.svelte
deleted file mode 100644
index 8616008..0000000
--- a/web/src/lib/components/Nav/NavItem.svelte
+++ /dev/null
@@ -1,273 +0,0 @@
-<script lang="ts">
-  import type { Item } from '$lib/types/nav';
-  import { uiPrefs } from '$lib/stores/uiPrefs';
-  import { currentSite, layoutMode } from '$lib/stores/visible';
-  import { localeStore, t } from '$lib/i18n/store';
-  import { editModeStore } from '$lib/stores/editMode';
-  import NavItemContextMenu from '$lib/components/Editor/NavItemContextMenu.svelte';
-  import { navDataStore } from '$lib/stores/navData';
-  import { deleteItem } from '$lib/api/nav';
-  import { toast } from '$lib/components/ui/toast';
-
-  interface Props {
-    item: Item;
-    onEdit?: (item: Item) => void;
-  }
-  let { item, onEdit }: Props = $props();
-
-  const url = $derived($currentSite.site ? (item.links[$currentSite.site.value] ?? null) : null);
-  const displayName = $derived(item.nameI18n?.[$localeStore] ?? item.name);
-  const isFav = $derived($uiPrefs.favoriteItemIds.includes(item.id));
-
-  let menuOpen = $state(false);
-  let menuX = $state(0);
-  let menuY = $state(0);
-
-  function iconSrc(): string {
-    switch (item.iconKind) {
-      case 'asset':
-        return `/navIcons/${item.iconValue}`;
-      case 'url':
-        return item.iconValue;
-      case 'auto-favicon':
-        return `/api/favicon?host=${encodeURIComponent(item.iconValue)}`;
-    }
-  }
-
-  function open() {
-    if ($editModeStore) return; // suppress nav navigation in edit mode
-    if (url) window.open(url, '_blank', 'noopener,noreferrer');
-  }
-
-  function onKeydown(e: KeyboardEvent) {
-    if ($editModeStore) return;
-    if (e.key === 'Enter' || e.key === ' ') {
-      e.preventDefault();
-      open();
-    }
-  }
-
-  function onFavClick(e: MouseEvent) {
-    e.stopPropagation();
-    uiPrefs.toggleFavorite(item.id);
-  }
-
-  function onContextMenu(e: MouseEvent) {
-    if (!$editModeStore) return;
-    e.preventDefault();
-    menuX = e.clientX;
-    menuY = e.clientY;
-    menuOpen = true;
-  }
-
-  async function onConfirmDelete() {
-    // optimistic remove
-    const before = $navDataStore.bundle;
-    if (!before) return;
-    navDataStore.setBundle({
-      ...before,
-      items: before.items.filter((i) => i.id !== item.id)
-    });
-    try {
-      await deleteItem(item.id);
-      toast.success($t('common.delete') + ' ✓');
-    } catch {
-      // rollback
-      navDataStore.refetch();
-      toast.error($t('error.unknown'));
-    }
-  }
-</script>
-
-<!-- svelte-ignore a11y_no_static_element_interactions -->
-<div class="cell" oncontextmenu={onContextMenu}>
-  <button
-    type="button"
-    class="card"
-    class:edit={$editModeStore}
-    onclick={open}
-    onkeydown={onKeydown}
-    aria-label={displayName}
-    disabled={!url && !$editModeStore}
-  >
-    <img class="icon" src={iconSrc()} alt="" loading="lazy" />
-  </button>
-  {#if !$editModeStore && $layoutMode !== 'flat'}
-    <button
-      type="button"
-      class="fav"
-      aria-label={isFav ? 'Unfavorite' : 'Favorite'}
-      aria-pressed={isFav}
-      onclick={onFavClick}
-    >
-      {#if isFav}
-        <!-- Filled star -->
-        <svg width="18" height="18" viewBox="0 0 24 24" fill="currentColor" aria-hidden="true">
-          <path
-            d="M12 17.27 18.18 21l-1.64-7.03L22 9.24l-7.19-.61L12 2 9.19 8.63 2 9.24l5.46 4.73L5.82 21z"
-          />
-        </svg>
-      {:else}
-        <!-- Outline star -->
-        <svg
-          width="18"
-          height="18"
-          viewBox="0 0 24 24"
-          fill="none"
-          stroke="currentColor"
-          stroke-width="1.8"
-          stroke-linejoin="round"
-          aria-hidden="true"
-        >
-          <path
-            d="M12 17.27 18.18 21l-1.64-7.03L22 9.24l-7.19-.61L12 2 9.19 8.63 2 9.24l5.46 4.73L5.82 21z"
-          />
-        </svg>
-      {/if}
-    </button>
-  {/if}
-  <span class="label">{displayName}</span>
-</div>
-
-<NavItemContextMenu
-  bind:open={menuOpen}
-  x={menuX}
-  y={menuY}
-  onEdit={() => onEdit?.(item)}
-  onDelete={onConfirmDelete}
-/>
-
-<style lang="scss">
-  @keyframes shake-bounce {
-    0%,
-    100% {
-      transform: rotate(0);
-    }
-    25% {
-      transform: rotate(10deg);
-    }
-    50% {
-      transform: rotate(-10deg);
-    }
-    75% {
-      transform: rotate(4deg);
-    }
-    85% {
-      transform: rotate(-4deg);
-    }
-  }
-
-  .cell {
-    position: relative;
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    gap: var(--sp-3);
-    width: 120px;
-  }
-  .card {
-    width: 120px;
-    height: 120px;
-    padding: 14px;
-    background: var(--c-surface);
-    border: 0;
-    border-radius: 22px;
-    box-shadow: var(--sh-card);
-    cursor: pointer;
-    transition:
-      box-shadow var(--tr-base),
-      transform var(--tr-base);
-
-    &:hover:not(:disabled) {
-      box-shadow: var(--sh-card-hover);
-      animation: shake-bounce 0.55s ease-in-out;
-    }
-
-    &.edit {
-      cursor: context-menu;
-    }
-
-    &:disabled {
-      opacity: 0.55;
-      cursor: not-allowed;
-    }
-
-    .icon {
-      width: 100%;
-      height: 100%;
-      object-fit: contain;
-      border-radius: 12px;
-    }
-  }
-  /* Favorite star — hidden by default; appears on cell hover OR keyboard focus.
-   * No background chip, no scale: just an outline/filled SVG star whose color
-   * tells the state. Already-favorited stays visible while hovering anywhere
-   * else by virtue of its color (handled by the {#if isFav} branch in markup
-   * picking the filled glyph). */
-  .fav {
-    position: absolute;
-    top: 4px;
-    right: 4px;
-    display: inline-flex;
-    align-items: center;
-    justify-content: center;
-    width: 24px;
-    height: 24px;
-    padding: 0;
-    background: transparent;
-    border: 0;
-    cursor: pointer;
-    color: rgba(0, 0, 0, 0.5);
-    opacity: 0;
-    pointer-events: none;
-    transition:
-      opacity var(--tr-fast),
-      color var(--tr-fast);
-
-    &[aria-pressed='true'] {
-      color: #f5a623;
-    }
-  }
-  .cell:hover .fav,
-  .fav:focus-visible {
-    opacity: 1;
-    pointer-events: auto;
-  }
-  .fav:hover:not([aria-pressed='true']) {
-    color: rgba(0, 0, 0, 0.8);
-  }
-  .fav[aria-pressed='true']:hover {
-    color: #d68410;
-  }
-
-  .label {
-    font-size: 14px;
-    font-weight: 700;
-    letter-spacing: 0.1em;
-    color: var(--c-card-label);
-    text-shadow: var(--sh-card-label);
-    text-align: center;
-    line-height: var(--lh-tight);
-    word-break: break-word;
-  }
-
-  @media (max-width: 500px) {
-    .cell {
-      width: 72px;
-      gap: var(--sp-2);
-    }
-    .card {
-      width: 72px;
-      height: 72px;
-      padding: 10px;
-      border-radius: 16px;
-
-      .icon {
-        border-radius: 8px;
-      }
-    }
-    .label {
-      font-size: var(--fs-xs);
-    }
-  }
-</style>
diff --git a/web/src/lib/i18n/en.json b/web/src/lib/i18n/en.json
index 6ca7f66..ecebe18 100644
--- a/web/src/lib/i18n/en.json
+++ b/web/src/lib/i18n/en.json
@@ -21,7 +21,6 @@
   "auth.login.error.bad_password": "Wrong password",
   "auth.login.error.rate_limited": "Too many attempts, try again later",
 
-  "nav.favorites.title": "Favorites",
   "nav.empty.search": "No nav items match",
   "nav.empty.search.hint": "Try clearing filters or different keywords",
   "nav.empty.data": "No nav data yet",
@@ -29,6 +28,11 @@
 
   "editor.item.deleteConfirm": "Delete \"{{name}}\"?",
   "editor.item.new": "New nav item",
+  "common.deleteConfirmGeneric": "Delete \"{{name}}\"?",
+
+  "home.editMode.signInRequired": "Sign in to enter edit mode",
+  "home.folder.untitled": "Untitled",
+  "home.folder.deleteConfirm": "Delete folder \"{{name}}\" and release its {{count}} item(s) to the home grid?",
 
   "error.network.offline": "Cannot reach server",
   "error.network.retry": "Retry",
diff --git a/web/src/lib/i18n/zh.json b/web/src/lib/i18n/zh.json
index e880721..4604481 100644
--- a/web/src/lib/i18n/zh.json
+++ b/web/src/lib/i18n/zh.json
@@ -21,7 +21,6 @@
   "auth.login.error.bad_password": "密码错误",
   "auth.login.error.rate_limited": "尝试过于频繁，稍后再试",
 
-  "nav.favorites.title": "收藏",
   "nav.empty.search": "没有匹配的导航项",
   "nav.empty.search.hint": "尝试清除筛选或换个关键词",
   "nav.empty.data": "暂无导航数据",
@@ -29,6 +28,11 @@
 
   "editor.item.deleteConfirm": "确认删除「{{name}}」？",
   "editor.item.new": "新建导航项",
+  "common.deleteConfirmGeneric": "确认删除「{{name}}」？",
+
+  "home.editMode.signInRequired": "登录后才能进入编辑模式",
+  "home.folder.untitled": "未命名",
+  "home.folder.deleteConfirm": "删除文件夹「{{name}}」并将其中 {{count}} 项放回首页网格？",
 
   "error.network.offline": "无法连接服务",
   "error.network.retry": "重试",
diff --git a/web/src/lib/stores/dragMerge.ts b/web/src/lib/stores/dragMerge.ts
new file mode 100644
index 0000000..6efc6c9
--- /dev/null
+++ b/web/src/lib/stores/dragMerge.ts
@@ -0,0 +1,27 @@
+// Visual stores for the LaunchPad drag interaction.
+//
+// The actual hit-testing / dwell / clone-following logic lives in
+// `$lib/util/dragGrid.ts` (a Svelte action attached to the grid
+// container). This file is now just a pair of stores the action writes
+// to and consumers read from for visual feedback.
+//
+//   - dragSource:     set on lift, cleared on drop. Useful for cursor
+//                     theming (`grabbing`) and disabling stray clicks.
+//   - mergeCandidate: set whenever the cursor's drop intent on a target
+//                     is `merge`; cleared otherwise. Used to apply the
+//                     `.merge-target` halo on the target Card cell.
+
+import { writable } from 'svelte/store';
+
+export interface DragSource {
+  id: number;
+  kind: 'folder' | 'item';
+}
+
+export interface MergeCandidate {
+  id: number;
+  kind: 'folder' | 'item';
+}
+
+export const dragSource = writable<DragSource | null>(null);
+export const mergeCandidate = writable<MergeCandidate | null>(null);
diff --git a/web/src/lib/stores/editMode.test.ts b/web/src/lib/stores/editMode.test.ts
deleted file mode 100644
index 9554e6c..0000000
--- a/web/src/lib/stores/editMode.test.ts
+++ /dev/null
@@ -1,38 +0,0 @@
-// web/src/lib/stores/editMode.test.ts
-import { describe, it, expect, vi, beforeEach } from 'vitest';
-import { get } from 'svelte/store';
-import { editModeStore } from './editMode';
-import { sessionStore } from './session';
-
-const fetchMock = vi.fn();
-beforeEach(() => {
-  fetchMock.mockReset();
-  vi.stubGlobal('fetch', fetchMock);
-  editModeStore.set(false);
-  // Force authed=false baseline
-  fetchMock.mockResolvedValueOnce(new Response(null, { status: 204 }));
-});
-
-describe('editModeStore', () => {
-  it('toggle when not authed stays false', () => {
-    editModeStore.toggle();
-    expect(get(editModeStore)).toBe(false);
-  });
-
-  it('toggle when authed flips on', async () => {
-    fetchMock.mockResolvedValueOnce(new Response(null, { status: 204 }));
-    await sessionStore.login('pw');
-    editModeStore.toggle();
-    expect(get(editModeStore)).toBe(true);
-  });
-
-  it('logout flips edit mode off', async () => {
-    fetchMock.mockResolvedValueOnce(new Response(null, { status: 204 }));
-    await sessionStore.login('pw');
-    editModeStore.set(true);
-    expect(get(editModeStore)).toBe(true);
-    fetchMock.mockResolvedValueOnce(new Response(null, { status: 204 }));
-    await sessionStore.logout();
-    expect(get(editModeStore)).toBe(false);
-  });
-});
diff --git a/web/src/lib/stores/editMode.ts b/web/src/lib/stores/editMode.ts
deleted file mode 100644
index 8bd2e4e..0000000
--- a/web/src/lib/stores/editMode.ts
+++ /dev/null
@@ -1,19 +0,0 @@
-// web/src/lib/stores/editMode.ts
-import { writable, derived, type Readable } from 'svelte/store';
-import { sessionStore } from './session';
-
-const _on = writable<boolean>(false);
-
-/** Edit mode can ONLY be on when the user is authed. Logout flips it off. */
-sessionStore.subscribe((s) => {
-  if (!s.authed) _on.set(false);
-});
-
-export const editModeStore: Readable<boolean> & {
-  toggle(): void;
-  set(v: boolean): void;
-} = {
-  subscribe: derived([_on, sessionStore], ([$on, $s]) => $on && $s.authed).subscribe,
-  toggle: () => _on.update((v) => !v),
-  set: (v: boolean) => _on.set(v)
-};
diff --git a/web/src/lib/stores/jiggle.ts b/web/src/lib/stores/jiggle.ts
new file mode 100644
index 0000000..5c95a5f
--- /dev/null
+++ b/web/src/lib/stores/jiggle.ts
@@ -0,0 +1,41 @@
+// Plan 6: long-press jiggle mode.
+// `editModeStore` is gone — long-press supersedes the explicit toggle.
+import { writable, get } from 'svelte/store';
+import { browser } from '$app/environment';
+import { sessionStore } from './session';
+
+const { subscribe, set } = writable<boolean>(false);
+
+let escAttached = false;
+
+function attachEscOnce() {
+  if (!browser || escAttached) return;
+  escAttached = true;
+  window.addEventListener('keydown', (e) => {
+    if (e.key === 'Escape' && get({ subscribe })) {
+      set(false);
+    }
+  });
+}
+
+attachEscOnce();
+
+export const jiggleMode = {
+  subscribe,
+  /**
+   * Enter jiggle mode. Requires an authenticated session — long-press
+   * by an unauthenticated user is a no-op (returns false so callers can
+   * surface a "sign in to edit" hint).
+   */
+  enter(): boolean {
+    const session = get(sessionStore);
+    if (!session.authed) return false;
+    set(true);
+    return true;
+  },
+  exit() {
+    set(false);
+  },
+  /** Test-only: read sync. */
+  _peek: () => get({ subscribe })
+};
diff --git a/web/src/lib/stores/navData.test.ts b/web/src/lib/stores/navData.test.ts
index 07c7dcb..f56005c 100644
--- a/web/src/lib/stores/navData.test.ts
+++ b/web/src/lib/stores/navData.test.ts
@@ -16,12 +16,10 @@ const sampleBundle = {
     siteCopyright: '©',
     siteIcp: null,
     sitePolice: null,
-    defaultTheme: 'system' as const,
-    layoutMode: 'grouped' as const
+    defaultTheme: 'system' as const
   },
   sites: [],
-  groups: [],
-  items: []
+  cards: []
 };
 
 describe('navDataStore', () => {
@@ -49,17 +47,16 @@ describe('navDataStore', () => {
     expect(get(navDataStore).error).toContain('schema_mismatch');
   });
 
-  it('applyItemPatch updates an item locally', () => {
+  it('applyCardPatch updates a card locally', () => {
     navDataStore.setBundle({
       ...sampleBundle,
-      items: [
+      cards: [
         {
           id: 1,
-          groupId: null,
+          kind: 'item',
+          parentId: null,
           name: 'old',
-          nameI18n: null,
           description: null,
-          descriptionI18n: null,
           iconKind: 'asset',
           iconValue: 'x.png',
           sortOrder: 0,
@@ -69,8 +66,8 @@ describe('navDataStore', () => {
         }
       ]
     });
-    navDataStore.applyItemPatch(1, { name: 'new' });
-    const items = get(navDataStore).bundle?.items;
-    expect(items?.[0]?.name).toBe('new');
+    navDataStore.applyCardPatch(1, { name: 'new' });
+    const cards = get(navDataStore).bundle?.cards;
+    expect(cards?.[0]?.name).toBe('new');
   });
 });
diff --git a/web/src/lib/stores/navData.ts b/web/src/lib/stores/navData.ts
index a51d5de..16b57bc 100644
--- a/web/src/lib/stores/navData.ts
+++ b/web/src/lib/stores/navData.ts
@@ -3,6 +3,7 @@ import { writable, get } from 'svelte/store';
 import { browser } from '$app/environment';
 import { apiClient, ApiError } from '$lib/api/client';
 import { NavBundleSchema, type NavBundle } from '$lib/types/nav';
+import type { Card } from '$lib/types/card';
 
 export interface NavDataState {
   bundle: NavBundle | null;
@@ -29,11 +30,11 @@ async function load(): Promise<void> {
   }
 }
 
-function applyItemPatch(itemId: number, patch: Partial<NavBundle['items'][number]>) {
+function applyCardPatch(cardId: number, patch: Partial<Card>) {
   update((s) => {
     if (!s.bundle) return s;
-    const items = s.bundle.items.map((i) => (i.id === itemId ? { ...i, ...patch } : i));
-    return { ...s, bundle: { ...s.bundle, items } };
+    const cards = s.bundle.cards.map((c) => (c.id === cardId ? { ...c, ...patch } : c));
+    return { ...s, bundle: { ...s.bundle, cards } };
   });
 }
 
@@ -45,7 +46,7 @@ export const navDataStore = {
   subscribe,
   load,
   refetch: load,
-  applyItemPatch,
+  applyCardPatch,
   setBundle,
   /** Test-only: read sync */
   _peek: () => get({ subscribe })
diff --git a/web/src/lib/stores/uiPrefs.test.ts b/web/src/lib/stores/uiPrefs.test.ts
index 34d67dd..b88b15f 100644
--- a/web/src/lib/stores/uiPrefs.test.ts
+++ b/web/src/lib/stores/uiPrefs.test.ts
@@ -10,8 +10,6 @@ describe('uiPrefs', () => {
   it('starts with empty prefs', () => {
     const v = get(uiPrefs);
     expect(v.siteValue).toBeNull();
-    expect(v.favoriteItemIds).toEqual([]);
-    expect(v.groupOpen).toEqual({});
   });
 
   it('setSite updates siteValue', () => {
@@ -19,16 +17,9 @@ describe('uiPrefs', () => {
     expect(get(uiPrefs).siteValue).toBe('shangHai');
   });
 
-  it('toggleFavorite adds and removes', () => {
-    uiPrefs.toggleFavorite(7);
-    expect(uiPrefs.isFavorite(7)).toBe(true);
-    uiPrefs.toggleFavorite(7);
-    expect(uiPrefs.isFavorite(7)).toBe(false);
-  });
-
-  it('setGroupOpen + isGroupOpen', () => {
-    expect(uiPrefs.isGroupOpen('network')).toBe(true); // default open
-    uiPrefs.setGroupOpen('network', false);
-    expect(uiPrefs.isGroupOpen('network')).toBe(false);
+  it('setSite(null) clears siteValue', () => {
+    uiPrefs.setSite('beiJing');
+    uiPrefs.setSite(null);
+    expect(get(uiPrefs).siteValue).toBeNull();
   });
 });
diff --git a/web/src/lib/stores/uiPrefs.ts b/web/src/lib/stores/uiPrefs.ts
index 0f11210..f36b5fc 100644
--- a/web/src/lib/stores/uiPrefs.ts
+++ b/web/src/lib/stores/uiPrefs.ts
@@ -5,41 +5,28 @@ import { browser } from '$app/environment';
 export interface UiPrefs {
   /** Active site `value` (e.g. "shangHai"). null = use bundle default. */
   siteValue: string | null;
-  /** Item ids the user has favorited. */
-  favoriteItemIds: number[];
-  /** Group slug -> open/closed; missing keys default to "open". */
-  groupOpen: Record<string, boolean>;
 }
 
 const LS_KEY = 'navsite.uiPrefs';
 const SCHEMA_KEY = 'navsite.uiPrefs.v';
-const SCHEMA_VERSION = '1';
+// Bumped to 2 when we dropped favorites and group-open state — old
+// payloads are silently discarded on first load.
+const SCHEMA_VERSION = '2';
 
 const initial: UiPrefs = {
-  siteValue: null,
-  favoriteItemIds: [],
-  groupOpen: {}
+  siteValue: null
 };
 
 function loadFromLs(): UiPrefs {
   if (!browser) return initial;
   try {
     const v = localStorage.getItem(SCHEMA_KEY);
-    if (v !== SCHEMA_VERSION) return initial; // schema drift → reset
+    if (v !== SCHEMA_VERSION) return initial;
     const raw = localStorage.getItem(LS_KEY);
     if (!raw) return initial;
     const parsed = JSON.parse(raw) as Partial<UiPrefs>;
     return {
-      siteValue: typeof parsed.siteValue === 'string' ? parsed.siteValue : null,
-      favoriteItemIds: Array.isArray(parsed.favoriteItemIds)
-        ? parsed.favoriteItemIds.filter((n): n is number => Number.isInteger(n))
-        : [],
-      groupOpen:
-        parsed.groupOpen && typeof parsed.groupOpen === 'object'
-          ? Object.fromEntries(
-              Object.entries(parsed.groupOpen).filter(([, v]) => typeof v === 'boolean')
-            )
-          : {}
+      siteValue: typeof parsed.siteValue === 'string' ? parsed.siteValue : null
     };
   } catch {
     return initial;
@@ -64,27 +51,6 @@ export const uiPrefs = {
   setSite(value: string | null) {
     update((s) => ({ ...s, siteValue: value }));
   },
-  toggleFavorite(itemId: number) {
-    update((s) => {
-      const has = s.favoriteItemIds.includes(itemId);
-      return {
-        ...s,
-        favoriteItemIds: has
-          ? s.favoriteItemIds.filter((i) => i !== itemId)
-          : [...s.favoriteItemIds, itemId]
-      };
-    });
-  },
-  isFavorite(itemId: number): boolean {
-    return get({ subscribe }).favoriteItemIds.includes(itemId);
-  },
-  setGroupOpen(slug: string, open: boolean) {
-    update((s) => ({ ...s, groupOpen: { ...s.groupOpen, [slug]: open } }));
-  },
-  isGroupOpen(slug: string): boolean {
-    const v = get({ subscribe }).groupOpen[slug];
-    return v === undefined ? true : v;
-  },
   /** Test reset */
   _reset() {
     set(initial);
diff --git a/web/src/lib/stores/visible.test.ts b/web/src/lib/stores/visible.test.ts
index 169a620..16aaaa6 100644
--- a/web/src/lib/stores/visible.test.ts
+++ b/web/src/lib/stores/visible.test.ts
@@ -6,99 +6,131 @@ import { uiPrefs } from './uiPrefs';
 import {
   searchQuery,
   currentSite,
-  visibleSections,
-  visibleFavorites,
+  rootCards,
+  childrenOf,
+  searchHits,
   clearFilters
 } from './visible';
 import type { NavBundle } from '$lib/types/nav';
 
-const bundle: NavBundle = {
-  schemaVersion: 1,
-  meta: {
-    siteName: 'X',
-    siteAvatarPath: null,
-    siteCopyright: '',
-    siteIcp: null,
-    sitePolice: null,
-    defaultTheme: 'system',
-    layoutMode: 'grouped'
-  },
-  sites: [
-    { id: 1, value: 'sh', name: 'SH', nameI18n: null, sortOrder: 0, isDefault: true },
-    { id: 2, value: 'bj', name: 'BJ', nameI18n: null, sortOrder: 1, isDefault: false }
-  ],
-  groups: [
-    {
-      id: 10,
-      slug: 'tools',
-      name: 'Tools',
-      nameI18n: null,
-      sortOrder: 0,
-      collapsedDefault: false
-    }
-  ],
-  items: [
-    {
-      id: 1,
-      groupId: 10,
-      name: 'Router',
-      nameI18n: null,
-      description: null,
-      descriptionI18n: null,
-      iconKind: 'asset',
-      iconValue: 'r.png',
-      sortOrder: 0,
-      links: { sh: 'http://1', bj: 'http://1b' },
-      createdAt: 0,
-      updatedAt: 0
+function makeBundle(): NavBundle {
+  return {
+    schemaVersion: 1,
+    meta: {
+      siteName: 'X',
+      siteAvatarPath: null,
+      siteCopyright: '',
+      siteIcp: null,
+      sitePolice: null,
+      defaultTheme: 'system'
     },
-    {
-      id: 2,
-      groupId: 10,
-      name: 'Switch',
-      nameI18n: null,
-      description: null,
-      descriptionI18n: null,
-      iconKind: 'asset',
-      iconValue: 's.png',
-      sortOrder: 1,
-      links: { sh: 'http://2' }, // no bj
-      createdAt: 0,
-      updatedAt: 0
-    }
-  ]
-};
+    sites: [
+      { id: 1, value: 'sh', name: 'SH', sortOrder: 0, isDefault: true },
+      { id: 2, value: 'bj', name: 'BJ', sortOrder: 1, isDefault: false }
+    ],
+    cards: [
+      {
+        id: 10,
+        kind: 'folder',
+        parentId: null,
+        sortOrder: 0,
+        name: 'Tools',
+        slug: 'tools',
+        links: {},
+        createdAt: 0,
+        updatedAt: 0
+      },
+      {
+        id: 100,
+        kind: 'item',
+        parentId: 10,
+        sortOrder: 0,
+        name: 'Alpha',
+        iconKind: 'asset',
+        iconValue: 'a.png',
+        links: { sh: 'http://a' },
+        createdAt: 0,
+        updatedAt: 0
+      },
+      {
+        id: 101,
+        kind: 'item',
+        parentId: 10,
+        sortOrder: 1,
+        name: 'Beta',
+        iconKind: 'asset',
+        iconValue: 'b.png',
+        links: { bj: 'http://b' },
+        createdAt: 0,
+        updatedAt: 0
+      },
+      {
+        id: 200,
+        kind: 'item',
+        parentId: null,
+        sortOrder: 1,
+        name: 'Gamma',
+        iconKind: 'asset',
+        iconValue: 'g.png',
+        links: { sh: 'http://g' },
+        createdAt: 0,
+        updatedAt: 0
+      }
+    ]
+  };
+}
 
 beforeEach(() => {
-  navDataStore.setBundle(bundle);
+  navDataStore.setBundle(makeBundle());
+  searchQuery.set('');
   uiPrefs._reset();
-  clearFilters();
+  uiPrefs.setSite('sh');
 });
 
-describe('visibleSections', () => {
-  it('default site is the first marked is_default', () => {
-    expect(get(currentSite).site?.value).toBe('sh');
+describe('rootCards', () => {
+  it('shows the root item plus the folder when folder has any visible child', () => {
+    const r = get(rootCards);
+    expect(r.map((c) => c.id)).toEqual([10, 200]);
   });
 
-  it('current site overridden by uiPrefs.siteValue', () => {
+  it('hides root item with no link for the active site', () => {
     uiPrefs.setSite('bj');
-    expect(get(currentSite).site?.value).toBe('bj');
+    const r = get(rootCards);
+    // Folder has Beta(bj) so it survives. Gamma is sh-only → hidden.
+    expect(r.map((c) => c.id)).toEqual([10]);
   });
+});
 
-  it('items missing for current site are dropped', () => {
-    uiPrefs.setSite('bj');
-    const sections = get(visibleSections);
-    expect(sections).toHaveLength(1);
-    expect(sections[0].items.map((i) => i.name)).toEqual(['Router']); // Switch has no bj link
+describe('childrenOf', () => {
+  it('returns folder children filtered by site', () => {
+    const c = get(childrenOf(10));
+    expect(c.map((x) => x.name)).toEqual(['Alpha']);
+  });
+});
+
+describe('searchHits', () => {
+  it('returns flat matches across all folders', () => {
+    searchQuery.set('alpha');
+    const hits = get(searchHits);
+    expect(hits.map((h) => h.name)).toEqual(['Alpha']);
   });
 
-  it('search filters by name', () => {
-    searchQuery.set('rou');
-    expect(get(visibleSections)[0].items.map((i) => i.name)).toEqual(['Router']);
+  it('is empty when query is empty', () => {
+    expect(get(searchHits)).toEqual([]);
   });
+});
+
+describe('currentSite', () => {
+  it('falls back to default site when prefs has no value', () => {
+    uiPrefs.setSite(null);
+    expect(get(currentSite).site?.value).toBe('sh');
+  });
+});
 
-  it('visibleFavorites lists user-favorited items only', () => {
-    uiPrefs.toggleFavorite(2);
-    expect(get(visibleFavorites).map((i) => i.id)).toEqual([2]);
+describe('clearFilters', () => {
+  it('resets searchQuery', () => {
+    searchQuery.set('beta');
+    clearFilters();
+    expect(get(searchQuery)).toBe('');
   });
 });
diff --git a/web/src/lib/stores/visible.ts b/web/src/lib/stores/visible.ts
index 2769d5e..911a014 100644
--- a/web/src/lib/stores/visible.ts
+++ b/web/src/lib/stores/visible.ts
@@ -2,12 +2,12 @@
 import { derived, writable, get, type Readable } from 'svelte/store';
 import { navDataStore } from './navData';
 import { uiPrefs } from './uiPrefs';
-import type { Group, Item, Site } from '$lib/types/nav';
+import type { Site } from '$lib/types/nav';
+import type { Card } from '$lib/types/card';
 
 export const searchQuery = writable<string>('');
 
 export interface ResolvedSite {
-  /** The chosen Site object, or null if bundle empty. */
   site: Site | null;
 }
 
@@ -22,84 +22,96 @@ export const currentSite: Readable<ResolvedSite> = derived(
   }
 );
 
-export interface VisibleGroup {
-  group: Group | null; // null = "ungrouped"
-  items: Item[];
+/** True if a search filter is active. */
+export const hasActiveFilter: Readable<boolean> = derived(
+  searchQuery,
+  ($q) => $q.trim().length > 0
+);
+
+function cardMatchesSite(c: Card, siteValue: string): boolean {
+  if (c.kind !== 'item') return true;
+  return Boolean(c.links && c.links[siteValue] !== undefined);
 }
 
+function cardMatchesQuery(c: Card, q: string): boolean {
+  if (!q) return true;
+  if (c.name.toLowerCase().includes(q)) return true;
+  if (c.description && c.description.toLowerCase().includes(q)) return true;
+  return false;
+}
+
+/**
+ * Top-level cards visible under the current site, in sort order.
+ * Folders survive even when their inner items don't match the active
+ * site (the folder header is always shown if it has children visible —
+ * the folder itself doesn't carry a per-site link).
+ */
+export const rootCards: Readable<Card[]> = derived([navDataStore, currentSite], ([$nav, $cur]) => {
+  const bundle = $nav.bundle;
+  if (!bundle || !$cur.site) return [];
+  const siteValue = $cur.site.value;
+
+  const all = bundle.cards;
+  // Items inside a folder filtered by site → fold up to "is this folder
+  // visible at all?" check.
+  const folderHasVisibleChild = new Map<number, boolean>();
+  for (const c of all) {
+    if (c.kind === 'item' && c.parentId != null && cardMatchesSite(c, siteValue)) {
+      folderHasVisibleChild.set(c.parentId, true);
+    }
+  }
+
+  return all
+    .filter((c) => c.parentId == null)
+    .filter((c) => {
+      if (c.kind === 'folder') {
+        return folderHasVisibleChild.get(c.id) === true;
+      }
+      return cardMatchesSite(c, siteValue);
+    })
+    .sort((a, b) => a.sortOrder - b.sortOrder);
+});
+
 /**
- * Items grouped + filtered by current site and search term. Empty groups are dropped.
+ * Children of a given folder, filtered by current site, sort order ascending.
  */
-export const visibleSections: Readable<VisibleGroup[]> = derived(
+export function childrenOf(folderId: number): Readable<Card[]> {
+  return derived([navDataStore, currentSite], ([$nav, $cur]) => {
+    const bundle = $nav.bundle;
+    if (!bundle || !$cur.site) return [];
+    const siteValue = $cur.site.value;
+    return bundle.cards
+      .filter((c) => c.parentId === folderId)
+      .filter((c) => cardMatchesSite(c, siteValue))
+      .sort((a, b) => a.sortOrder - b.sortOrder);
+  });
+}
+
+/**
+ * Search-mode flat hits: every card that matches the query AND the site.
+ * Folders are excluded — search should jump straight to items.
+ */
+export const searchHits: Readable<Card[]> = derived(
   [navDataStore, currentSite, searchQuery],
   ([$nav, $cur, $q]) => {
     const bundle = $nav.bundle;
     if (!bundle || !$cur.site) return [];
-    const siteValue = $cur.site.value;
     const q = $q.trim().toLowerCase();
-
-    const filtered = bundle.items
-      .filter((i) => i.links[siteValue] !== undefined)
-      .filter((i) => {
-        if (!q) return true;
-        if (i.name.toLowerCase().includes(q)) return true;
-        if (i.description && i.description.toLowerCase().includes(q)) return true;
-        return false;
-      });
-
-    const byGroup = new Map<number | null, Item[]>();
-    for (const it of filtered) {
-      const k = it.groupId ?? null;
-      const arr = byGroup.get(k) ?? [];
-      arr.push(it);
-      byGroup.set(k, arr);
-    }
-    for (const arr of byGroup.values()) arr.sort((a, b) => a.sortOrder - b.sortOrder);
-
-    const result: VisibleGroup[] = [];
-    for (const g of [...bundle.groups].sort((a, b) => a.sortOrder - b.sortOrder)) {
-      const arr = byGroup.get(g.id);
-      if (arr && arr.length) result.push({ group: g, items: arr });
-    }
-    const ungrouped = byGroup.get(null);
-    if (ungrouped && ungrouped.length) result.push({ group: null, items: ungrouped });
-    return result;
-  }
-);
-
-/** Items the user has favorited that are visible under current site. */
-export const visibleFavorites: Readable<Item[]> = derived(
-  [navDataStore, currentSite, uiPrefs],
-  ([$nav, $cur, $prefs]) => {
-    if (!$nav.bundle || !$cur.site) return [];
-    const v = $cur.site.value;
-    return $nav.bundle.items
-      .filter((i) => $prefs.favoriteItemIds.includes(i.id) && i.links[v] !== undefined)
+    if (!q) return [];
+    const siteValue = $cur.site.value;
+    return bundle.cards
+      .filter((c) => c.kind === 'item')
+      .filter((c) => cardMatchesSite(c, siteValue))
+      .filter((c) => cardMatchesQuery(c, q))
       .sort((a, b) => a.sortOrder - b.sortOrder);
   }
 );
 
-/** Flat layout: all visible items in one list (no grouping). */
-export const visibleFlatItems: Readable<Item[]> = derived(visibleSections, ($sections) =>
-  $sections.flatMap((s) => s.items)
-);
-
-/** Backend-controlled layout mode (read from bundle.meta). */
-export const layoutMode: Readable<'grouped' | 'flat'> = derived(navDataStore, ($n) =>
-  $n.bundle?.meta.layoutMode === 'flat' ? 'flat' : 'grouped'
-);
-
-/** True if a search filter is active. */
-export const hasActiveFilter: Readable<boolean> = derived(
-  searchQuery,
-  ($q) => $q.trim().length > 0
-);
-
 export function clearFilters() {
   searchQuery.set('');
 }
 
 /** For unit tests / dev console */
-export function _peekVisible(): VisibleGroup[] {
-  return get(visibleSections);
+export function _peekRootCards(): Card[] {
+  return get(rootCards);
 }
diff --git a/web/src/lib/types/card.ts b/web/src/lib/types/card.ts
new file mode 100644
index 0000000..081d3eb
--- /dev/null
+++ b/web/src/lib/types/card.ts
@@ -0,0 +1,51 @@
+import { z } from 'zod';
+
+export const IconKindSchema = z.enum(['asset', 'url', 'auto-favicon']);
+export type IconKind = z.infer<typeof IconKindSchema>;
+
+export const CardKindSchema = z.enum(['folder', 'item']);
+export type CardKind = z.infer<typeof CardKindSchema>;
+
+export const CardSchema = z.object({
+  id: z.number().int(),
+  kind: CardKindSchema,
+  parentId: z.number().int().nullable().optional(),
+  sortOrder: z.number().int(),
+  name: z.string(),
+  // folder-only
+  slug: z.string().optional(),
+  // item-only
+  iconKind: IconKindSchema.optional(),
+  iconValue: z.string().optional(),
+  description: z.string().nullable().optional(),
+  links: z.record(z.string(), z.string()).optional(),
+  createdAt: z.number().int(),
+  updatedAt: z.number().int()
+});
+export type Card = z.infer<typeof CardSchema>;
+
+export interface CardPayload {
+  kind: CardKind;
+  parentId?: number | null;
+  name: string;
+  slug?: string;
+  iconKind?: IconKind;
+  iconValue?: string;
+  description?: string | null;
+  links?: Record<string, string>;
+}
+
+export type CardPatch = Partial<CardPayload>;
+
+export interface ReorderEntry {
+  id: number;
+  sortOrder: number;
+  parentId: number | null;
+}
+
+export interface AutoFolderPayload {
+  sourceItemId: number;
+  targetItemId: number;
+  name: string;
+  slug?: string;
+}
diff --git a/web/src/lib/types/nav.ts b/web/src/lib/types/nav.ts
index f735ceb..82a1bd6 100644
--- a/web/src/lib/types/nav.ts
+++ b/web/src/lib/types/nav.ts
@@ -1,48 +1,19 @@
 import { z } from 'zod';
+import { CardSchema, IconKindSchema, type Card, type IconKind } from './card';
 
-// Discriminator for icon source
-export const IconKindSchema = z.enum(['asset', 'url', 'auto-favicon']);
-export type IconKind = z.infer<typeof IconKindSchema>;
-
-// Optional i18n map: { en?: string, ... }; preserved as raw JSON since locale set is open.
-const I18nMap = z.record(z.string(), z.string()).nullable().optional();
+// Re-export icon types for back-compat with consumers that import from $lib/types/nav.
+export { IconKindSchema };
+export type { IconKind };
 
 export const SiteSchema = z.object({
   id: z.number().int(),
   value: z.string(),
   name: z.string(),
-  nameI18n: I18nMap,
   sortOrder: z.number().int(),
   isDefault: z.boolean()
 });
 export type Site = z.infer<typeof SiteSchema>;
 
-export const GroupSchema = z.object({
-  id: z.number().int(),
-  slug: z.string(),
-  name: z.string(),
-  nameI18n: I18nMap,
-  sortOrder: z.number().int(),
-  collapsedDefault: z.boolean()
-});
-export type Group = z.infer<typeof GroupSchema>;
-
-export const ItemSchema = z.object({
-  id: z.number().int(),
-  groupId: z.number().int().nullable(),
-  name: z.string(),
-  nameI18n: I18nMap,
-  description: z.string().nullable().optional(),
-  descriptionI18n: I18nMap,
-  iconKind: IconKindSchema,
-  iconValue: z.string(),
-  sortOrder: z.number().int(),
-  links: z.record(z.string(), z.string()),
-  createdAt: z.number().int(),
-  updatedAt: z.number().int()
-});
-export type Item = z.infer<typeof ItemSchema>;
-
 export const LinkSchema = z.object({
   text: z.string(),
   url: z.string().url()
@@ -55,9 +26,7 @@ export const MetaSchema = z.object({
   siteCopyright: z.string(),
   siteIcp: LinkSchema.nullable(),
   sitePolice: LinkSchema.nullable(),
-  defaultTheme: z.enum(['system', 'light', 'dark']),
-  /** "grouped" = render group sections; "flat" = single grid (legacy) */
-  layoutMode: z.enum(['grouped', 'flat']).catch('grouped')
+  defaultTheme: z.enum(['system', 'light', 'dark'])
 });
 export type Meta = z.infer<typeof MetaSchema>;
 
@@ -65,11 +34,12 @@ export const NavBundleSchema = z.object({
   schemaVersion: z.literal(1),
   meta: MetaSchema,
   sites: z.array(SiteSchema),
-  groups: z.array(GroupSchema),
-  items: z.array(ItemSchema)
+  cards: z.array(CardSchema)
 });
 export type NavBundle = z.infer<typeof NavBundleSchema>;
 
+export type { Card };
+
 // Auth response
 export const AuthMeSchema = z.object({ authenticated: z.boolean() });
 export type AuthMe = z.infer<typeof AuthMeSchema>;
diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
new file mode 100644
index 0000000..f858a8f
--- /dev/null
+++ b/web/src/lib/util/dragGrid.ts
@@ -0,0 +1,372 @@
+// LaunchPad-style drag for a card canvas.
+//
+// Why a hand-rolled action instead of a library:
+//  - svelte-dnd-action / SortableJS / dnd-kit's Sortable layer all use
+//    FLIP shifting: the moment the cursor passes over a target the
+//    target slides out of the way. That mechanic actively defeats the
+//    "dwell on target" detection LaunchPad needs (drop-on-item creates
+//    folder; drop-on-folder spring-loads).
+//  - pragmatic-drag-and-drop is headless but built on HTML5 DnD, so iOS
+//    Safari touch is broken (open issue #204).
+//  - interact.js works but is ~30 KB and the LaunchPad-specific
+//    semantics still need writing in callbacks.
+//
+// So we implement the gesture directly on Pointer Events. Touch comes
+// for free (Pointer Events unify mouse / pen / touch). The action is
+// attached to a wrapper that contains every drop-receiving card (the
+// root grid AND the folder expansion panel when it's open). This lets
+// us handle cross-zone drags — e.g. drag from root, spring-load a
+// folder, drop inside the now-open panel — without separate actions
+// having to coordinate.
+//
+// Zones: each card cell has [data-card-id] and [data-card-kind]. A
+// nearest ancestor [data-zone] disambiguates which container the cell
+// belongs to (`root` for the home grid, `folder:<id>` for the panel
+// grid). Drop classification is inside-the-target-rect: the inner 60%
+// is "merge"; the outer ring is "before" or "after" depending on side.
+//
+// The action does NOT mutate layout during drag — the source stays in
+// its original cell (jiggling) while a position:fixed clone follows
+// the cursor. This is what keeps hit-tests reliable.
+
+import { browser } from '$app/environment';
+import { mergeCandidate, dragSource } from '$lib/stores/dragMerge';
+
+export type CardKind = 'folder' | 'item';
+export type DropIntent = 'merge' | 'before' | 'after';
+
+export interface CardMeta {
+  id: number;
+  kind: CardKind;
+  zone: string; // 'root' | `folder:${number}`
+}
+
+export interface DragHoverInfo {
+  target: CardMeta | null;
+  intent: DropIntent | null;
+  /** Cursor is over a known [data-zone] container but not over any card. */
+  hoverZone: string | null;
+  /** Cursor is outside every [data-zone] (e.g. into the bare backdrop). */
+  outOfZone: boolean;
+}
+
+export interface DragDropInfo extends DragHoverInfo {
+  source: CardMeta;
+}
+
+export interface DragGridOptions {
+  /** Drag is gated on this. When false, pointerdown is a no-op. */
+  enabled: boolean;
+  /**
+   * Spring-load callback. Fires when cursor is hovering with merge intent
+   * over a folder target for ≥ HOVER_DWELL_MS during an active drag.
+   * Consumer typically opens the folder so the user can drop inside it.
+   */
+  onSpringLoad?: (folderId: number) => void;
+  /** Called on pointerup. Consumer commits the drop. */
+  onDrop?: (info: DragDropInfo) => void;
+}
+
+const LIFT_THRESHOLD_PX = 5;
+const MERGE_INNER_FRACTION = 0.6; // inner 60% of card → merge
+const HOVER_DWELL_MS = 500;
+const CLONE_OPACITY = 0.88;
+const CLONE_LIFT_SCALE = 1.05;
+const CLONE_ID = '__draggrid_clone__';
+
+interface DragSession {
+  sourceCell: HTMLElement;
+  source: CardMeta;
+  startX: number;
+  startY: number;
+  cursorX: number;
+  cursorY: number;
+  lifted: boolean;
+  clone: HTMLElement | null;
+  cloneOffsetX: number;
+  cloneOffsetY: number;
+  rafToken: number | null;
+  dwellTimer: ReturnType<typeof setTimeout> | null;
+  dwellTargetId: number | null;
+  hover: DragHoverInfo;
+  pointerId: number;
+}
+
+function readMetaFromCell(cell: HTMLElement): CardMeta | null {
+  const idAttr = cell.dataset.cardId;
+  const kindAttr = cell.dataset.cardKind;
+  if (!idAttr || !kindAttr) return null;
+  const id = Number(idAttr);
+  if (!Number.isFinite(id) || id < 0) return null; // sentinels (add tile) opt out
+  if (kindAttr !== 'folder' && kindAttr !== 'item') return null;
+  const zoneEl = cell.closest('[data-zone]') as HTMLElement | null;
+  const zone = zoneEl?.dataset.zone ?? 'root';
+  return { id, kind: kindAttr, zone };
+}
+
+function classifyIntent(r: DOMRect, x: number, y: number): DropIntent {
+  const cx = (x - r.left) / r.width;
+  const cy = (y - r.top) / r.height;
+  const inner = (1 - MERGE_INNER_FRACTION) / 2; // 0.2 if fraction=0.6
+  if (cx >= inner && cx <= 1 - inner && cy >= inner && cy <= 1 - inner) {
+    return 'merge';
+  }
+  return cx < 0.5 ? 'before' : 'after';
+}
+
+export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
+  let options = opts;
+  let session: DragSession | null = null;
+
+  function cellFromEvent(e: PointerEvent): HTMLElement | null {
+    if (!(e.target instanceof Element)) return null;
+    const cell = e.target.closest('[data-card-id]');
+    if (!(cell instanceof HTMLElement)) return null;
+    if (!node.contains(cell)) return null;
+    return cell;
+  }
+
+  function onDragStart(e: DragEvent) {
+    // HTML5 native drag (e.g. on <img>) preempts PointerEvents and fires
+    // pointercancel on the active gesture, which would silently kill our
+    // drag mid-stream. Suppress it everywhere inside this zone.
+    e.preventDefault();
+  }
+
+  function onPointerDown(e: PointerEvent) {
+    if (!options.enabled) return;
+    if (e.button !== 0 && e.pointerType === 'mouse') return;
+    const cell = cellFromEvent(e);
+    if (!cell) return;
+    const meta = readMetaFromCell(cell);
+    if (!meta) return;
+
+    // Belt-and-braces: also call preventDefault on pointerdown so the
+    // browser doesn't start a native selection / drag interpretation.
+    e.preventDefault();
+
+    session = {
+      sourceCell: cell,
+      source: meta,
+      startX: e.clientX,
+      startY: e.clientY,
+      cursorX: e.clientX,
+      cursorY: e.clientY,
+      lifted: false,
+      clone: null,
+      cloneOffsetX: 0,
+      cloneOffsetY: 0,
+      rafToken: null,
+      dwellTimer: null,
+      dwellTargetId: null,
+      hover: { target: null, intent: null, hoverZone: meta.zone, outOfZone: false },
+      pointerId: e.pointerId
+    };
+
+    window.addEventListener('pointermove', onPointerMove, { passive: true });
+    window.addEventListener('pointerup', onPointerUp, { passive: true });
+    window.addEventListener('pointercancel', onPointerCancel, { passive: true });
+  }
+
+  function onPointerMove(e: PointerEvent) {
+    if (!session) return;
+    if (e.pointerId !== session.pointerId) return;
+    session.cursorX = e.clientX;
+    session.cursorY = e.clientY;
+
+    if (!session.lifted) {
+      const dx = e.clientX - session.startX;
+      const dy = e.clientY - session.startY;
+      if (Math.hypot(dx, dy) >= LIFT_THRESHOLD_PX) {
+        liftSource(e);
+      }
+      return;
+    }
+
+    if (session.rafToken == null) {
+      session.rafToken = requestAnimationFrame(tick);
+    }
+  }
+
+  function tick() {
+    if (!session) return;
+    session.rafToken = null;
+    if (!session.lifted) return;
+    const { cursorX, cursorY, clone } = session;
+    if (clone) {
+      clone.style.transform = `translate(${cursorX - session.cloneOffsetX}px, ${cursorY - session.cloneOffsetY}px) scale(${CLONE_LIFT_SCALE})`;
+    }
+    const next = computeHover(session);
+    applyHover(next);
+  }
+
+  function liftSource(e: PointerEvent) {
+    if (!session) return;
+    const r = session.sourceCell.getBoundingClientRect();
+    session.cloneOffsetX = e.clientX - r.left;
+    session.cloneOffsetY = e.clientY - r.top;
+
+    const clone = session.sourceCell.cloneNode(true) as HTMLElement;
+    clone.removeAttribute('data-card-id');
+    clone.removeAttribute('data-card-kind');
+    clone.id = CLONE_ID;
+    clone.style.position = 'fixed';
+    clone.style.top = '0';
+    clone.style.left = '0';
+    clone.style.width = `${r.width}px`;
+    clone.style.height = `${r.height}px`;
+    clone.style.margin = '0';
+    clone.style.pointerEvents = 'none';
+    clone.style.zIndex = '9999';
+    clone.style.opacity = String(CLONE_OPACITY);
+    clone.style.transition = 'none';
+    clone.style.transformOrigin = 'top left';
+    clone.style.transform = `translate(${r.left}px, ${r.top}px) scale(${CLONE_LIFT_SCALE})`;
+    document.body.appendChild(clone);
+
+    session.sourceCell.dataset.dragging = 'true';
+    session.lifted = true;
+    session.clone = clone;
+
+    try {
+      session.sourceCell.setPointerCapture(session.pointerId);
+    } catch {
+      /* some browsers reject capture after handler returns; window listeners cover us */
+    }
+
+    dragSource.set({ id: session.source.id, kind: session.source.kind });
+  }
+
+  function computeHover(s: DragSession): DragHoverInfo {
+    const { cursorX, cursorY, source } = s;
+    const stack = document.elementsFromPoint(cursorX, cursorY);
+    let hoverZone: string | null = null;
+    for (const el of stack) {
+      if (!(el instanceof HTMLElement)) continue;
+      if (el.id === CLONE_ID) continue;
+      // Track the topmost zone we cross even when no card is hit.
+      if (hoverZone == null) {
+        const zoneEl = el.closest('[data-zone]') as HTMLElement | null;
+        if (zoneEl && node.contains(zoneEl)) {
+          hoverZone = zoneEl.dataset.zone ?? null;
+        }
+      }
+      const cell = el.closest('[data-card-id]');
+      if (!(cell instanceof HTMLElement)) continue;
+      if (!node.contains(cell)) continue;
+      const meta = readMetaFromCell(cell);
+      if (!meta) continue;
+      if (meta.id === source.id) continue;
+      const r = cell.getBoundingClientRect();
+      const intent = classifyIntent(r, cursorX, cursorY);
+      return { target: meta, intent, hoverZone: meta.zone, outOfZone: false };
+    }
+    return {
+      target: null,
+      intent: null,
+      hoverZone,
+      outOfZone: hoverZone == null
+    };
+  }
+
+  function applyHover(next: DragHoverInfo) {
+    if (!session) return;
+    const prev = session.hover;
+    session.hover = next;
+
+    if (next.intent === 'merge' && next.target) {
+      mergeCandidate.set({ id: next.target.id, kind: next.target.kind });
+    } else {
+      mergeCandidate.set(null);
+    }
+
+    const isSpringTarget =
+      next.intent === 'merge' && next.target?.kind === 'folder' && next.target.id != null;
+    const sameTarget = prev.target?.id === next.target?.id && prev.intent === next.intent;
+    if (!sameTarget) cancelDwell();
+    if (isSpringTarget && session.dwellTargetId !== next.target!.id) {
+      cancelDwell();
+      const tid = next.target!.id;
+      session.dwellTargetId = tid;
+      session.dwellTimer = setTimeout(() => {
+        if (!session) return;
+        if (session.dwellTargetId !== tid) return;
+        options.onSpringLoad?.(tid);
+      }, HOVER_DWELL_MS);
+    }
+  }
+
+  function cancelDwell() {
+    if (!session) return;
+    if (session.dwellTimer) {
+      clearTimeout(session.dwellTimer);
+      session.dwellTimer = null;
+    }
+    session.dwellTargetId = null;
+  }
+
+  function onPointerUp(e: PointerEvent) {
+    if (!session) return;
+    if (e.pointerId !== session.pointerId) return;
+    finish(false);
+  }
+
+  function onPointerCancel(e: PointerEvent) {
+    if (!session) return;
+    if (e.pointerId !== session.pointerId) return;
+    finish(true);
+  }
+
+  function finish(canceled: boolean) {
+    if (!session) return;
+    const s = session;
+    session = null;
+
+    window.removeEventListener('pointermove', onPointerMove);
+    window.removeEventListener('pointerup', onPointerUp);
+    window.removeEventListener('pointercancel', onPointerCancel);
+
+    if (s.rafToken != null) cancelAnimationFrame(s.rafToken);
+    if (s.dwellTimer) clearTimeout(s.dwellTimer);
+
+    if (s.clone) {
+      s.clone.remove();
+      s.clone = null;
+    }
+    delete s.sourceCell.dataset.dragging;
+
+    try {
+      s.sourceCell.releasePointerCapture(s.pointerId);
+    } catch {
+      /* ignore */
+    }
+
+    mergeCandidate.set(null);
+    dragSource.set(null);
+
+    if (s.lifted && !canceled) {
+      options.onDrop?.({
+        source: s.source,
+        ...s.hover
+      });
+    }
+  }
+
+  if (browser) {
+    node.addEventListener('pointerdown', onPointerDown);
+    node.addEventListener('dragstart', onDragStart);
+  }
+
+  return {
+    update(next: DragGridOptions) {
+      options = next;
+    },
+    destroy() {
+      if (browser) {
+        node.removeEventListener('pointerdown', onPointerDown);
+        node.removeEventListener('dragstart', onDragStart);
+      }
+      if (session) finish(true);
+    }
+  };
+}
diff --git a/web/src/lib/util/longPress.ts b/web/src/lib/util/longPress.ts
new file mode 100644
index 0000000..8974aff
--- /dev/null
+++ b/web/src/lib/util/longPress.ts
@@ -0,0 +1,75 @@
+// Svelte 5 action: trigger a callback after the user holds pointer down
+// on the node for `delay` ms without moving more than `tolerance` px.
+//
+// Usage in a Svelte 5 component:
+//   <div use:longPress={{ onTrigger: handleLongPress }}>...</div>
+
+export interface LongPressOptions {
+  onTrigger: (e: PointerEvent) => void;
+  delay?: number;
+  tolerance?: number;
+}
+
+export function longPress(node: HTMLElement, options: LongPressOptions) {
+  let opts = options;
+  let timer: ReturnType<typeof setTimeout> | null = null;
+  let startX = 0;
+  let startY = 0;
+  let activeEvent: PointerEvent | null = null;
+
+  function clear() {
+    if (timer) {
+      clearTimeout(timer);
+      timer = null;
+    }
+    activeEvent = null;
+  }
+
+  function onPointerDown(e: PointerEvent) {
+    activeEvent = e;
+    startX = e.clientX;
+    startY = e.clientY;
+    timer = setTimeout(() => {
+      if (activeEvent) {
+        opts.onTrigger(activeEvent);
+      }
+      timer = null;
+    }, opts.delay ?? 600);
+  }
+
+  function onPointerMove(e: PointerEvent) {
+    if (!timer) return;
+    const dx = e.clientX - startX;
+    const dy = e.clientY - startY;
+    const tolerance = opts.tolerance ?? 5;
+    if (Math.hypot(dx, dy) > tolerance) {
+      clear();
+    }
+  }
+
+  function onPointerUp() {
+    clear();
+  }
+
+  function onPointerCancel() {
+    clear();
+  }
+
+  node.addEventListener('pointerdown', onPointerDown);
+  window.addEventListener('pointermove', onPointerMove);
+  window.addEventListener('pointerup', onPointerUp);
+  window.addEventListener('pointercancel', onPointerCancel);
+
+  return {
+    update(next: LongPressOptions) {
+      opts = next;
+    },
+    destroy() {
+      clear();
+      node.removeEventListener('pointerdown', onPointerDown);
+      window.removeEventListener('pointermove', onPointerMove);
+      window.removeEventListener('pointerup', onPointerUp);
+      window.removeEventListener('pointercancel', onPointerCancel);
+    }
+  };
+}
diff --git a/web/src/routes/+layout.svelte b/web/src/routes/+layout.svelte
index 87d979d..00bd03e 100644
--- a/web/src/routes/+layout.svelte
+++ b/web/src/routes/+layout.svelte
@@ -2,14 +2,14 @@
   import Header from '$lib/components/Header/index.svelte';
   import Footer from '$lib/components/Footer/index.svelte';
   import ToastViewport from '$lib/components/ui/ToastViewport.svelte';
-  import { editModeStore } from '$lib/stores/editMode';
+  import { jiggleMode } from '$lib/stores/jiggle';
   import '$lib/design/theme';
   import '../app.scss';
 
   let { children } = $props();
 </script>
 
-<svelte:body class:edit-mode={$editModeStore} />
+<svelte:body class:jiggle-mode={$jiggleMode} />
 
 <Header />
 
@@ -34,13 +34,13 @@
     box-sizing: border-box;
   }
 
-  :global(body.edit-mode main) {
+  :global(body.jiggle-mode main) {
     outline: 2px dashed var(--c-accent);
     outline-offset: var(--sp-2);
     border-radius: var(--rd-md);
   }
 
-  :global(body.edit-mode)::before {
+  :global(body.jiggle-mode)::before {
     content: '';
     position: fixed;
     top: 0;
diff --git a/web/src/routes/+page.svelte b/web/src/routes/+page.svelte
index c5be82d..b6a4982 100644
--- a/web/src/routes/+page.svelte
+++ b/web/src/routes/+page.svelte
@@ -1,54 +1,252 @@
 <script lang="ts">
   import { navDataStore } from '$lib/stores/navData';
-  import {
-    visibleSections,
-    visibleFlatItems,
-    layoutMode,
-    hasActiveFilter,
-    clearFilters
-  } from '$lib/stores/visible';
-  import NavGrid from '$lib/components/Nav/NavGrid.svelte';
-  import GroupFolder from '$lib/components/Nav/GroupFolder.svelte';
-  import GroupFolderModal from '$lib/components/Nav/GroupFolderModal.svelte';
-  import NavItem from '$lib/components/Nav/NavItem.svelte';
-  import FavoritesSection from '$lib/components/Nav/FavoritesSection.svelte';
+  import { rootCards, searchHits, hasActiveFilter, clearFilters } from '$lib/stores/visible';
+  import { jiggleMode } from '$lib/stores/jiggle';
+  import { sessionStore } from '$lib/stores/session';
+  import Card from '$lib/components/Nav/Card.svelte';
+  import InlineFolderExpand from '$lib/components/Nav/InlineFolderExpand.svelte';
+  import JiggleHost from '$lib/components/Nav/JiggleHost.svelte';
   import EmptyState from '$lib/components/Nav/EmptyState.svelte';
   import Skeleton from '$lib/components/ui/Skeleton.svelte';
   import Button from '$lib/components/ui/Button.svelte';
   import ItemEditDialog from '$lib/components/Editor/ItemEditDialog.svelte';
   import NewItemAffordance from '$lib/components/Editor/NewItemAffordance.svelte';
-  import { editModeStore } from '$lib/stores/editMode';
+  import { reorderCards, autoFolder, patchCard } from '$lib/api/cards';
+  import { toast } from '$lib/components/ui/toast';
+  import { ApiError } from '$lib/api/client';
   import { t } from '$lib/i18n/store';
-  import type { Item } from '$lib/types/nav';
+  import type { Card as CardType } from '$lib/types/card';
+  import { dragGrid, type DragDropInfo, type DropIntent } from '$lib/util/dragGrid';
+
+  function describeError(e: unknown): string {
+    if (e instanceof ApiError) return e.message ?? e.code;
+    if (e instanceof Error) return e.message;
+    return $t('error.unknown');
+  }
 
   const siteTitle = $derived($navDataStore.bundle?.meta.siteName ?? '');
 
-  let editTarget = $state<Item | null>(null);
-  let createForGroupId = $state<number | null>(null);
+  let editTarget = $state<CardType | null>(null);
+  let createForParentId = $state<number | null>(null);
   let editDialogOpen = $state(false);
 
-  /** Currently expanded folder (grouped + Launchpad mode). null = none. */
+  /** Currently expanded folder. null = none. */
   let openFolderId = $state<number | null>(null);
 
   const openFolder = $derived(
-    openFolderId == null
-      ? null
-      : ($visibleSections.find((s) => s.group?.id === openFolderId) ?? null)
+    openFolderId == null ? null : ($rootCards.find((c) => c.id === openFolderId) ?? null)
   );
 
-  function openEdit(item: Item) {
-    editTarget = item;
-    createForGroupId = null;
+  function openEdit(card: CardType) {
+    if (card.kind !== 'item') return;
+    editTarget = card;
+    createForParentId = null;
     editDialogOpen = true;
   }
-  function openCreate(groupId: number | null) {
+  function openCreate(parentId: number | null) {
     editTarget = null;
-    createForGroupId = groupId;
+    createForParentId = parentId;
     editDialogOpen = true;
   }
 
-  /** When grouped + filtering, flatten matched items so search bypasses folders. */
-  const filteredFlatItems = $derived($visibleSections.flatMap((s) => s.items));
+  function onOpenFolder(id: number) {
+    openFolderId = id;
+  }
+
+  /** Children of a given folder (filtered to visible items for the current site already). */
+  const folderChildrenById = $derived(
+    new Map<number, CardType[]>(
+      ($navDataStore.bundle?.cards ?? [])
+        .filter((c) => c.kind === 'folder')
+        .map((f) => [
+          f.id,
+          ($navDataStore.bundle?.cards ?? [])
+            .filter((c) => c.parentId === f.id)
+            .sort((a, b) => a.sortOrder - b.sortOrder)
+        ])
+    )
+  );
+
+  function onSpringLoad(folderId: number) {
+    if (openFolderId !== folderId) openFolderId = folderId;
+  }
+
+  /**
+   * Compute the new sort_order list for a bucket after inserting `sourceId`
+   * at slot `insertAt`. Returns ReorderEntry[] for `/api/cards/reorder`.
+   */
+  function reorderEntries(
+    bucket: CardType[],
+    sourceId: number,
+    insertAt: number,
+    parentId: number | null
+  ) {
+    const without = bucket.filter((c) => c.id !== sourceId);
+    const idx = Math.max(0, Math.min(insertAt, without.length));
+    const sourceCard = bucket.find((c) => c.id === sourceId);
+    const ordered = sourceCard
+      ? [...without.slice(0, idx), sourceCard, ...without.slice(idx)]
+      : without;
+    return ordered.map((c, i) => ({ id: c.id, sortOrder: i, parentId }));
+  }
+
+  function bucketFor(zone: string): CardType[] {
+    if (zone === 'root') return $rootCards;
+    if (zone.startsWith('folder:')) {
+      const fid = Number(zone.slice('folder:'.length));
+      return folderChildrenById.get(fid) ?? [];
+    }
+    return [];
+  }
+
+  function parentIdFor(zone: string): number | null {
+    if (zone === 'root') return null;
+    if (zone.startsWith('folder:')) {
+      const fid = Number(zone.slice('folder:'.length));
+      return Number.isFinite(fid) ? fid : null;
+    }
+    return null;
+  }
+
+  async function handleDrop(info: DragDropInfo) {
+    const before = $navDataStore.bundle;
+    if (!before) return;
+
+    // 1) Drop on a card with merge intent.
+    //    Merge gestures (auto-folder, item→folder reparent) only make
+    //    sense at the root level — nested folders are not allowed and
+    //    inside an open folder a merge cursor is just an imprecise
+    //    reorder. So we require the target to be in the root zone for
+    //    these two cases. Anything else falls through to before/after
+    //    reorder using the cursor side.
+    if (info.intent === 'merge' && info.target && info.target.zone === 'root') {
+      if (info.source.kind === 'item' && info.target.kind === 'item') {
+        // item-on-item at root → autoFolder
+        try {
+          await autoFolder({
+            sourceItemId: info.source.id,
+            targetItemId: info.target.id,
+            name: $t('home.folder.untitled')
+          });
+          await navDataStore.refetch();
+          toast.success($t('common.save') + ' ✓');
+        } catch (err) {
+          await navDataStore.refetch();
+          toast.error(describeError(err));
+        }
+        return;
+      }
+      if (info.source.kind === 'item' && info.target.kind === 'folder') {
+        // item-on-folder → reparent to that folder.
+        try {
+          await patchCard(info.source.id, { parentId: info.target.id });
+          await navDataStore.refetch();
+          toast.success($t('common.save') + ' ✓');
+        } catch (err) {
+          await navDataStore.refetch();
+          toast.error(describeError(err));
+        }
+        return;
+      }
+      // Folder-on-anything with merge intent → fall through to reorder.
+    }
+
+    // 2) Drop on a card with before/after/merge intent → reorder.
+    //    Inside a folder, a merge gesture has no nested-folder meaning;
+    //    we coerce it to "insert before target" — the more natural
+    //    LaunchPad fallback. (Root-level merge cases are already handled
+    //    in branch 1 above and returned early.)
+    if (
+      info.target &&
+      (info.intent === 'before' || info.intent === 'after' || info.intent === 'merge')
+    ) {
+      // Folder cannot become a child of another folder.
+      if (info.source.kind === 'folder' && info.target.zone !== 'root') return;
+      const effectiveIntent: DropIntent = info.intent === 'merge' ? 'before' : info.intent;
+      const targetZone = info.target.zone;
+      const targetBucket = bucketFor(targetZone);
+      const targetIdx = targetBucket.findIndex((c) => c.id === info.target!.id);
+      if (targetIdx < 0) return;
+      const insertAt = effectiveIntent === 'before' ? targetIdx : targetIdx + 1;
+      const parentId = parentIdFor(targetZone);
+
+      // If source moves between zones, the source's previous bucket also
+      // needs renumbering. Build entries for both buckets and concat.
+      let entries = reorderEntries(
+        // Synthesise the moving source into the target bucket (for index math).
+        targetBucket.some((c) => c.id === info.source.id)
+          ? targetBucket
+          : [
+              ...targetBucket,
+              {
+                ...(before.cards.find((c) => c.id === info.source.id) as CardType),
+                parentId,
+                sortOrder: 0
+              }
+            ],
+        info.source.id,
+        insertAt,
+        parentId
+      );
+      if (info.source.zone !== targetZone) {
+        const oldBucket = bucketFor(info.source.zone).filter((c) => c.id !== info.source.id);
+        const oldEntries = oldBucket.map((c, i) => ({
+          id: c.id,
+          sortOrder: i,
+          parentId: parentIdFor(info.source.zone)
+        }));
+        entries = [...entries, ...oldEntries];
+      }
+      try {
+        await reorderCards(entries);
+        await navDataStore.refetch();
+      } catch (err) {
+        await navDataStore.refetch();
+        toast.error(describeError(err));
+      }
+      return;
+    }
+
+    // 3) No card target. If hoverZone is a folder zone (cursor in panel
+    //    but not on a card) → reparent to that folder, append at end.
+    if (info.hoverZone && info.hoverZone.startsWith('folder:')) {
+      const fid = Number(info.hoverZone.slice('folder:'.length));
+      if (
+        Number.isFinite(fid) &&
+        info.source.kind === 'item' &&
+        info.source.zone !== info.hoverZone
+      ) {
+        try {
+          await patchCard(info.source.id, { parentId: fid });
+          await navDataStore.refetch();
+          toast.success($t('common.save') + ' ✓');
+        } catch (err) {
+          await navDataStore.refetch();
+          toast.error(describeError(err));
+        }
+        return;
+      }
+    }
+
+    // 4) Source came from a folder, dropped on root (or out of zone).
+    if (info.source.zone.startsWith('folder:') && (info.hoverZone === 'root' || info.outOfZone)) {
+      try {
+        await patchCard(info.source.id, { parentId: null });
+        await navDataStore.refetch();
+        // Closing the panel after the drop completes makes the result visible
+        // (otherwise the just-released card stays hidden behind the panel).
+        if (openFolderId === parentIdFor(info.source.zone)) openFolderId = null;
+        toast.success($t('common.save') + ' ✓');
+      } catch (err) {
+        await navDataStore.refetch();
+        toast.error(describeError(err));
+      }
+      return;
+    }
+
+    // Otherwise: cursor was over the source's own zone with no card hit
+    // (empty space) → silent no-op.
+  }
 </script>
 
 <svelte:head>
@@ -66,75 +264,76 @@
   <div class="retry">
     <Button onclick={() => navDataStore.refetch()}>{$t('error.network.retry')}</Button>
   </div>
-{:else}
-  {#if !$hasActiveFilter && $layoutMode === 'grouped'}
-    <FavoritesSection onEdit={openEdit} />
-  {/if}
-  {#if $visibleSections.length === 0}
-    {#if $hasActiveFilter}
+{:else if $hasActiveFilter}
+  <!-- Search mode: flat hits, no folders, no jiggle, no drag. -->
+  <section class="grid-wrap">
+    {#if $searchHits.length === 0}
       <EmptyState title={$t('nav.empty.search')} hint={$t('nav.empty.search.hint')} />
       <div class="retry">
         <Button intent="ghost" onclick={clearFilters}>{$t('common.cancel')}</Button>
       </div>
     {:else}
-      <EmptyState title={$t('nav.empty.data')} hint={$t('nav.empty.data.hint')} />
-      {#if $editModeStore}
-        <div class="retry">
-          <Button onclick={() => openCreate(null)}>{$t('editor.item.new')}</Button>
-        </div>
-      {/if}
-    {/if}
-  {:else if $layoutMode === 'flat'}
-    <section class="flat">
-      <NavGrid items={$visibleFlatItems} groupId={null} onEdit={openEdit}>
-        {#snippet trailing()}
-          {#if $editModeStore}
-            <NewItemAffordance onClick={() => openCreate(null)} />
-          {/if}
-        {/snippet}
-      </NavGrid>
-    </section>
-  {:else if $hasActiveFilter}
-    <!-- Search active: bypass folders, show matching items flat. -->
-    <section class="flat">
-      <NavGrid items={filteredFlatItems} groupId={null} onEdit={openEdit} />
-    </section>
-  {:else}
-    <!-- Launchpad-style folder grid: each group is a tile that expands on click. -->
-    <section class="folders">
-      <div class="folders-grid">
-        {#each $visibleSections as section (section.group?.id ?? 'ungrouped')}
-          {#if section.group}
-            <GroupFolder
-              group={section.group}
-              items={section.items}
-              onOpen={() => (openFolderId = section.group!.id)}
-            />
-          {:else}
-            <!-- Ungrouped items render inline as plain tiles, no folder. -->
-            {#each section.items as item (item.id)}
-              <NavItem {item} onEdit={openEdit} />
-            {/each}
-          {/if}
+      <div class="grid">
+        {#each $searchHits as card (card.id)}
+          <Card {card} onEdit={openEdit} />
         {/each}
       </div>
-    </section>
-  {/if}
-{/if}
+    {/if}
+  </section>
+{:else if $rootCards.length === 0 && !$sessionStore.authed}
+  <EmptyState title={$t('nav.empty.data')} hint={$t('nav.empty.data.hint')} />
+{:else}
+  <!-- Single dragGrid action wraps both the folder panel and the root grid
+       so cross-zone drags (e.g. drag from root → spring-loaded panel)
+       are owned by one session and dispatched via one handleDrop. -->
+  <div
+    class="canvas"
+    use:dragGrid={{
+      enabled: $jiggleMode && $sessionStore.authed,
+      onSpringLoad,
+      onDrop: handleDrop
+    }}
+  >
+    {#if openFolder?.kind === 'folder'}
+      <InlineFolderExpand
+        folder={openFolder}
+        onClose={() => (openFolderId = null)}
+        onEdit={openEdit}
+      />
+    {/if}
 
-{#if openFolder?.group}
-  <GroupFolderModal
-    group={openFolder.group}
-    items={openFolder.items}
-    onClose={() => (openFolderId = null)}
-    onEdit={openEdit}
-    onCreate={() => openCreate(openFolder.group!.id)}
-  />
+    <JiggleHost>
+      <section class="grid-wrap">
+        <div class="grid" data-zone="root">
+          {#each $rootCards as card (card.id)}
+            <Card
+              {card}
+              folderChildren={card.kind === 'folder' ? (folderChildrenById.get(card.id) ?? []) : []}
+              {onOpenFolder}
+              onEdit={openEdit}
+            />
+          {/each}
+          {#if $jiggleMode && $sessionStore.authed}
+            <div class="add-cell">
+              <NewItemAffordance onClick={() => openCreate(null)} />
+            </div>
+          {/if}
+        </div>
+      </section>
+    </JiggleHost>
+  </div>
 {/if}
 
-<ItemEditDialog bind:open={editDialogOpen} target={editTarget} defaultGroupId={createForGroupId} />
+<ItemEditDialog
+  bind:open={editDialogOpen}
+  target={editTarget}
+  defaultParentId={createForParentId}
+/>
 
 <style lang="scss">
+  .canvas {
+    width: 100%;
+  }
   .loading {
     display: flex;
     flex-direction: column;
@@ -147,19 +346,41 @@
     justify-content: center;
     margin-top: var(--sp-3);
   }
-  /* Folder grid uses the same column / gap as NavGrid so folders and items
-   * render at consistent sizes regardless of which mode the user is in. */
-  .folders-grid {
+  .grid-wrap {
+    width: 100%;
+  }
+  .grid {
     display: grid;
     grid-template-columns: repeat(auto-fill, 120px);
     gap: 36px 28px;
     justify-content: center;
     width: 100%;
   }
+  .add-cell {
+    width: 120px;
+    display: flex;
+    justify-content: center;
+    align-items: flex-start;
+  }
+  @media (max-width: 500px) {
+    .add-cell {
+      width: 72px;
+    }
+  }
   @media (max-width: 500px) {
-    .folders-grid {
+    .grid {
       grid-template-columns: repeat(auto-fill, 72px);
       gap: 24px 16px;
     }
   }
+  /* When a card is being lifted, fade the original cell so the user
+   * sees the clone is the live one. The clone itself follows the cursor. */
+  :global([data-card-id][data-dragging='true']) {
+    opacity: 0.35;
+  }
+  /* Lock touch scroll on the grid while jiggle mode is active so a
+   * drag gesture doesn't double as a page scroll. */
+  :global(.canvas:has([data-card-id][data-dragging='true'])) {
+    touch-action: none;
+  }
 </style>
diff --git a/web/src/routes/admin/+page.svelte b/web/src/routes/admin/+page.svelte
index 1bf8a48..dc2cab6 100644
--- a/web/src/routes/admin/+page.svelte
+++ b/web/src/routes/admin/+page.svelte
@@ -3,13 +3,11 @@
   import { sessionStore } from '$lib/stores/session';
   import { navDataStore } from '$lib/stores/navData';
   import AdminSiteTab from '$lib/components/Admin/AdminSiteTab.svelte';
-  import AdminGroupsTab from '$lib/components/Admin/AdminGroupsTab.svelte';
   import AdminSitesTab from '$lib/components/Admin/AdminSitesTab.svelte';
 
-  type TabId = 'site' | 'groups' | 'sites';
+  type TabId = 'site' | 'sites';
   const TABS: { id: TabId; label: string }[] = [
     { id: 'site', label: 'Site' },
-    { id: 'groups', label: 'Groups' },
     { id: 'sites', label: 'Sites' }
   ];
 
@@ -59,8 +57,6 @@
       <section class="content">
         {#if active === 'site'}
           <AdminSiteTab />
-        {:else if active === 'groups'}
-          <AdminGroupsTab />
         {:else if active === 'sites'}
           <AdminSitesTab />
         {/if}

From fa5ae46fd29b0bdd1eaf22d893b0ff39bca35b33 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 20:46:01 +0800
Subject: [PATCH 21/77] feat(launchpad): horizontal pager with dot indicator
 (P1)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

LaunchPad clue §1: turn the single auto-fill root grid into horizontal
pages with a bottom dot indicator. Page size adapts to viewport
(desktop 7×5, narrow 4×6, mobile 4×5). Translation uses CSS
scroll-snap so trackpad / touch swipe works natively without fighting
the dragGrid pointer-capture session.

Interactions:
- Wheel / trackpad horizontal swipe / touch swipe → snap to neighbor page
- Click any dot → smooth scroll to that page
- ←/→ and PageUp/Down (when no input is focused) → step page
- New card submitted → pager jumps to last page so the result is visible
- Switching site → reset to page 1 (an old index makes no sense in the
  new card set)
- During a card lift, scroll-snap is disabled via `:has()` so the
  drag clone doesn't fight snap-to-page; cross-page dragging is
  intentionally not supported in P1

Files:
- new util/paginate.ts: chunk()
- new stores/pageStore.ts: currentPage writable + setPage/next/prev/reset
- new components/Nav/PageDots.svelte: dot indicator, hidden when 1 page
- routes/+page.svelte: wrap root grid in scroll-snap pager, mount the
  resize listener for pageSize, drive scrollTo from currentPage,
  observe scroll to write currentPage back, keyboard handler on window
- components/Editor/ItemEditDialog.svelte: optional onCreated callback
  fires after the data refetch so the caller can scroll-into-view
- i18n: home.pager.aria

Validation: pnpm check passes for new files (3 pre-existing errors in
vite.config.ts unrelated). pnpm lint: 0 errors in new files
(uiPrefs.ts unused-import is pre-existing). Smoke test via Playwright:
homepage renders, no console errors, pager DOM exists at all
breakpoints, dots correctly absent when only 1 page. Multi-page
turning still needs human verification with ≥36 real cards.
---
 .../components/Editor/ItemEditDialog.svelte   |  11 +-
 web/src/lib/components/Nav/PageDots.svelte    |  62 +++++++
 web/src/lib/i18n/en.json                      |   1 +
 web/src/lib/i18n/zh.json                      |   1 +
 web/src/lib/stores/pageStore.ts               |  25 +++
 web/src/lib/util/paginate.ts                  |  12 ++
 web/src/routes/+page.svelte                   | 167 ++++++++++++++++--
 7 files changed, 262 insertions(+), 17 deletions(-)
 create mode 100644 web/src/lib/components/Nav/PageDots.svelte
 create mode 100644 web/src/lib/stores/pageStore.ts
 create mode 100644 web/src/lib/util/paginate.ts

diff --git a/web/src/lib/components/Editor/ItemEditDialog.svelte b/web/src/lib/components/Editor/ItemEditDialog.svelte
index 1569d44..8534a6f 100644
--- a/web/src/lib/components/Editor/ItemEditDialog.svelte
+++ b/web/src/lib/components/Editor/ItemEditDialog.svelte
@@ -17,9 +17,12 @@
     target: Card | null;
     /** Initial parent (folder id) for create mode. */
     defaultParentId?: number | null;
+    /** Fires after a successful create + data refetch. Lets the caller
+     *  scroll the new card into view (e.g. jump pager to the last page). */
+    onCreated?: (card: Card) => void;
   }
 
-  let { open = $bindable(false), target, defaultParentId = null }: Props = $props();
+  let { open = $bindable(false), target, defaultParentId = null, onCreated }: Props = $props();
 
   // Form state
   let name = $state('');
@@ -93,6 +96,7 @@
       if (Object.keys(links).length === 0) {
         throw new Error('At least one link is required.');
       }
+      let createdCard: Card | null = null;
       if (target) {
         const patch: CardPatch = {
           name: name.trim(),
@@ -114,11 +118,12 @@
           iconValue: iconValue.trim(),
           links
         };
-        await createCard(payload);
+        createdCard = await createCard(payload);
         toast.success($t('editor.item.new') + ' ✓');
       }
-      navDataStore.refetch();
+      await navDataStore.refetch();
       open = false;
+      if (createdCard) onCreated?.(createdCard);
     } catch (e) {
       if (e instanceof ApiError) error = `${e.code}${e.message ? ': ' + e.message : ''}`;
       else if (e instanceof Error) error = e.message;
diff --git a/web/src/lib/components/Nav/PageDots.svelte b/web/src/lib/components/Nav/PageDots.svelte
new file mode 100644
index 0000000..98f347c
--- /dev/null
+++ b/web/src/lib/components/Nav/PageDots.svelte
@@ -0,0 +1,62 @@
+<script lang="ts">
+  import { t } from '$lib/i18n/store';
+
+  interface Props {
+    pageCount: number;
+    currentPage: number;
+    onSelect: (index: number) => void;
+  }
+  let { pageCount, currentPage, onSelect }: Props = $props();
+</script>
+
+{#if pageCount > 1}
+  <nav class="dots" aria-label={$t('home.pager.aria')}>
+    {#each [...Array(pageCount).keys()] as i (i)}
+      <button
+        type="button"
+        class="dot"
+        class:active={i === currentPage}
+        aria-label={`${i + 1} / ${pageCount}`}
+        aria-current={i === currentPage ? 'page' : undefined}
+        onclick={() => onSelect(i)}
+      ></button>
+    {/each}
+  </nav>
+{/if}
+
+<style lang="scss">
+  .dots {
+    display: flex;
+    justify-content: center;
+    gap: var(--sp-2);
+    padding: var(--sp-3) 0 var(--sp-4);
+  }
+  .dot {
+    width: 8px;
+    height: 8px;
+    border: none;
+    border-radius: 50%;
+    background: rgba(0, 0, 0, 0.25);
+    cursor: pointer;
+    padding: 0;
+    transition:
+      background var(--tr-fast),
+      transform var(--tr-fast);
+  }
+  .dot:hover {
+    background: rgba(0, 0, 0, 0.45);
+  }
+  .dot.active {
+    background: rgba(0, 0, 0, 0.7);
+    transform: scale(1.25);
+  }
+  :global([data-theme='dark']) .dot {
+    background: rgba(255, 255, 255, 0.3);
+  }
+  :global([data-theme='dark']) .dot:hover {
+    background: rgba(255, 255, 255, 0.55);
+  }
+  :global([data-theme='dark']) .dot.active {
+    background: rgba(255, 255, 255, 0.85);
+  }
+</style>
diff --git a/web/src/lib/i18n/en.json b/web/src/lib/i18n/en.json
index ecebe18..accb9b7 100644
--- a/web/src/lib/i18n/en.json
+++ b/web/src/lib/i18n/en.json
@@ -33,6 +33,7 @@
   "home.editMode.signInRequired": "Sign in to enter edit mode",
   "home.folder.untitled": "Untitled",
   "home.folder.deleteConfirm": "Delete folder \"{{name}}\" and release its {{count}} item(s) to the home grid?",
+  "home.pager.aria": "Pages",
 
   "error.network.offline": "Cannot reach server",
   "error.network.retry": "Retry",
diff --git a/web/src/lib/i18n/zh.json b/web/src/lib/i18n/zh.json
index 4604481..4762e05 100644
--- a/web/src/lib/i18n/zh.json
+++ b/web/src/lib/i18n/zh.json
@@ -33,6 +33,7 @@
   "home.editMode.signInRequired": "登录后才能进入编辑模式",
   "home.folder.untitled": "未命名",
   "home.folder.deleteConfirm": "删除文件夹「{{name}}」并将其中 {{count}} 项放回首页网格？",
+  "home.pager.aria": "页面",
 
   "error.network.offline": "无法连接服务",
   "error.network.retry": "重试",
diff --git a/web/src/lib/stores/pageStore.ts b/web/src/lib/stores/pageStore.ts
new file mode 100644
index 0000000..b1ae535
--- /dev/null
+++ b/web/src/lib/stores/pageStore.ts
@@ -0,0 +1,25 @@
+// Tracks current page index of the root LaunchPad pager.
+// Page count and pageSize are computed in the consumer (+page.svelte)
+// from rootCards length and viewport breakpoints.
+import { writable, get } from 'svelte/store';
+
+const { subscribe, set, update } = writable<number>(0);
+
+export const currentPage = {
+  subscribe,
+  setPage(n: number) {
+    if (!Number.isFinite(n) || n < 0) return;
+    set(Math.floor(n));
+  },
+  next(maxIndex: number) {
+    update((p) => Math.min(p + 1, Math.max(0, maxIndex)));
+  },
+  prev() {
+    update((p) => Math.max(p - 1, 0));
+  },
+  reset() {
+    set(0);
+  },
+  /** Test-only / dev-console */
+  _peek: () => get({ subscribe })
+};
diff --git a/web/src/lib/util/paginate.ts b/web/src/lib/util/paginate.ts
new file mode 100644
index 0000000..cd124d4
--- /dev/null
+++ b/web/src/lib/util/paginate.ts
@@ -0,0 +1,12 @@
+// Split an array into fixed-size chunks for the LaunchPad pager.
+// Always yields at least one (possibly empty) page so the pager has a
+// stable target to render even with zero cards.
+export function chunk<T>(arr: readonly T[], size: number): T[][] {
+  if (size <= 0) return [arr.slice()];
+  const out: T[][] = [];
+  for (let i = 0; i < arr.length; i += size) {
+    out.push(arr.slice(i, i + size));
+  }
+  if (out.length === 0) out.push([]);
+  return out;
+}
diff --git a/web/src/routes/+page.svelte b/web/src/routes/+page.svelte
index b6a4982..5599400 100644
--- a/web/src/routes/+page.svelte
+++ b/web/src/routes/+page.svelte
@@ -1,11 +1,20 @@
 <script lang="ts">
+  import { onMount } from 'svelte';
   import { navDataStore } from '$lib/stores/navData';
-  import { rootCards, searchHits, hasActiveFilter, clearFilters } from '$lib/stores/visible';
+  import {
+    rootCards,
+    searchHits,
+    hasActiveFilter,
+    clearFilters,
+    currentSite
+  } from '$lib/stores/visible';
   import { jiggleMode } from '$lib/stores/jiggle';
   import { sessionStore } from '$lib/stores/session';
+  import { currentPage } from '$lib/stores/pageStore';
   import Card from '$lib/components/Nav/Card.svelte';
   import InlineFolderExpand from '$lib/components/Nav/InlineFolderExpand.svelte';
   import JiggleHost from '$lib/components/Nav/JiggleHost.svelte';
+  import PageDots from '$lib/components/Nav/PageDots.svelte';
   import EmptyState from '$lib/components/Nav/EmptyState.svelte';
   import Skeleton from '$lib/components/ui/Skeleton.svelte';
   import Button from '$lib/components/ui/Button.svelte';
@@ -17,6 +26,7 @@
   import { t } from '$lib/i18n/store';
   import type { Card as CardType } from '$lib/types/card';
   import { dragGrid, type DragDropInfo, type DropIntent } from '$lib/util/dragGrid';
+  import { chunk } from '$lib/util/paginate';
 
   function describeError(e: unknown): string {
     if (e instanceof ApiError) return e.message ?? e.code;
@@ -33,6 +43,86 @@
   /** Currently expanded folder. null = none. */
   let openFolderId = $state<number | null>(null);
 
+  // ──────── Pager (P1: horizontal pages + dot indicator) ────────
+
+  /** Page size by viewport breakpoint. Mirrors clue §1: desktop 7×5, narrow 4×6, mobile 4×5. */
+  function pageSizeForViewport(w: number): number {
+    if (w <= 500) return 20; // mobile 4×5
+    if (w <= 900) return 24; // narrow 4×6
+    return 35; // desktop 7×5
+  }
+
+  // SSR-safe initial width; updated to real value on mount.
+  let viewportWidth = $state(1280);
+  const pageSize = $derived(pageSizeForViewport(viewportWidth));
+
+  onMount(() => {
+    viewportWidth = window.innerWidth;
+    const onResize = () => {
+      viewportWidth = window.innerWidth;
+    };
+    window.addEventListener('resize', onResize);
+    return () => window.removeEventListener('resize', onResize);
+  });
+
+  /** Pages of root cards, never empty (chunk yields at least one page). */
+  const pages = $derived(chunk($rootCards, pageSize));
+  const pageCount = $derived(pages.length);
+
+  /** Clamp currentPage to valid range whenever pageCount shrinks. */
+  $effect(() => {
+    if ($currentPage > pageCount - 1) currentPage.setPage(Math.max(0, pageCount - 1));
+  });
+
+  /** Reset to page 0 whenever site changes — old page index makes no sense in a new card set. */
+  $effect(() => {
+    void $currentSite.site?.value;
+    currentPage.reset();
+  });
+
+  /** Pager scroll container. Set when the DOM mounts; used for programmatic scrollTo. */
+  let pagerEl = $state<HTMLDivElement | null>(null);
+
+  /** Programmatically scroll to the given page. Honours scroll-snap. */
+  function scrollToPage(idx: number) {
+    if (!pagerEl) return;
+    const w = pagerEl.clientWidth;
+    pagerEl.scrollTo({ left: idx * w, behavior: 'smooth' });
+  }
+
+  /** Sync DOM scroll when currentPage changes via dot click / keyboard / etc. */
+  $effect(() => {
+    const idx = $currentPage;
+    queueMicrotask(() => scrollToPage(idx));
+  });
+
+  /** Sync currentPage when user scrolls naturally (touchpad / wheel / swipe). */
+  function onPagerScroll() {
+    if (!pagerEl) return;
+    const w = pagerEl.clientWidth;
+    if (w <= 0) return;
+    const idx = Math.round(pagerEl.scrollLeft / w);
+    if (idx !== $currentPage) currentPage.setPage(idx);
+  }
+
+  /** Keyboard ←/→ / PageUp / PageDown turn pages, but only when no input is focused. */
+  function onKeydown(e: KeyboardEvent) {
+    const target = e.target as HTMLElement | null;
+    if (
+      target &&
+      (target.tagName === 'INPUT' || target.tagName === 'TEXTAREA' || target.isContentEditable)
+    )
+      return;
+    if (editDialogOpen || $hasActiveFilter) return;
+    if (e.key === 'ArrowLeft' || e.key === 'PageUp') {
+      e.preventDefault();
+      currentPage.prev();
+    } else if (e.key === 'ArrowRight' || e.key === 'PageDown') {
+      e.preventDefault();
+      currentPage.next(pageCount - 1);
+    }
+  }
+
   const openFolder = $derived(
     openFolderId == null ? null : ($rootCards.find((c) => c.id === openFolderId) ?? null)
   );
@@ -304,30 +394,47 @@
 
     <JiggleHost>
       <section class="grid-wrap">
-        <div class="grid" data-zone="root">
-          {#each $rootCards as card (card.id)}
-            <Card
-              {card}
-              folderChildren={card.kind === 'folder' ? (folderChildrenById.get(card.id) ?? []) : []}
-              {onOpenFolder}
-              onEdit={openEdit}
-            />
-          {/each}
-          {#if $jiggleMode && $sessionStore.authed}
-            <div class="add-cell">
-              <NewItemAffordance onClick={() => openCreate(null)} />
+        <div
+          class="pager"
+          bind:this={pagerEl}
+          onscroll={onPagerScroll}
+          aria-roledescription="paginated grid"
+        >
+          {#each pages as pageCards, pageIdx (pageIdx)}
+            <div class="page">
+              <div class="grid" data-zone="root">
+                {#each pageCards as card (card.id)}
+                  <Card
+                    {card}
+                    folderChildren={card.kind === 'folder'
+                      ? (folderChildrenById.get(card.id) ?? [])
+                      : []}
+                    {onOpenFolder}
+                    onEdit={openEdit}
+                  />
+                {/each}
+                {#if pageIdx === pages.length - 1 && $jiggleMode && $sessionStore.authed}
+                  <div class="add-cell">
+                    <NewItemAffordance onClick={() => openCreate(null)} />
+                  </div>
+                {/if}
+              </div>
             </div>
-          {/if}
+          {/each}
         </div>
+        <PageDots {pageCount} currentPage={$currentPage} onSelect={(i) => currentPage.setPage(i)} />
       </section>
     </JiggleHost>
   </div>
 {/if}
 
+<svelte:window onkeydown={onKeydown} />
+
 <ItemEditDialog
   bind:open={editDialogOpen}
   target={editTarget}
   defaultParentId={createForParentId}
+  onCreated={() => currentPage.setPage(pageCount - 1)}
 />
 
 <style lang="scss">
@@ -349,6 +456,38 @@
   .grid-wrap {
     width: 100%;
   }
+  /* Horizontal scroll-snap pager. Each .page is exactly 100% wide so
+   * scroll-snap latches to a whole page at a time. The browser's native
+   * smooth scroll handles the animation; we drive it programmatically
+   * via scrollTo() when dot/keyboard input changes the page index. */
+  .pager {
+    width: 100%;
+    overflow-x: auto;
+    overflow-y: hidden;
+    scroll-snap-type: x mandatory;
+    scrollbar-width: none; /* hide the horizontal scrollbar — dots are the indicator */
+    display: flex;
+    flex-direction: row;
+  }
+  .pager::-webkit-scrollbar {
+    display: none;
+  }
+  .page {
+    flex: 0 0 100%;
+    width: 100%;
+    scroll-snap-align: start;
+    scroll-snap-stop: always;
+    display: flex;
+    justify-content: center;
+    align-items: flex-start;
+    padding: var(--sp-2) 0;
+  }
+  /* While dragGrid is lifting a card, kill scroll-snap so the user's
+   * pointer-driven drag doesn't fight the browser's snap-to-page. */
+  :global(.canvas:has([data-card-id][data-dragging='true'])) .pager {
+    scroll-snap-type: none;
+    overflow-x: hidden;
+  }
   .grid {
     display: grid;
     grid-template-columns: repeat(auto-fill, 120px);

From dc8f2b98584b3beb0cde589017b5db9845d536bd Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 21:12:53 +0800
Subject: [PATCH 22/77] feat(launchpad): cross-page drag via edge-pan dwell
 (P2)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

LaunchPad clue §1: while dragging a card in jiggle mode, holding the
cursor near the viewport left/right edge for ~600 ms now turns the
pager and re-fires every 800 ms, so a card can be dragged across
multiple pages. Drop semantics are unchanged (handleDrop dispatches
reorder / merge / reparent against whichever target ends up under
the cursor on the new page).

dragGrid.ts:
- new EDGE_PAN_THRESHOLD_PX (80), EDGE_PAN_DWELL_MS (600),
  EDGE_PAN_INTERVAL_MS (800)
- DragGridOptions: optional onEdgePan(direction) callback alongside
  onSpringLoad
- DragSession: edgePanTimer + edgePanDirection state
- detectEdgePan() reads cursorX vs window.innerWidth
- applyEdgePan() runs after applyHover() each tick: starts a self-
  rescheduling setTimeout chain on entry, cancelEdgePan() on exit
- finish() clears edgePanTimer alongside the existing dwellTimer

+page.svelte:
- onEdgePan(direction) → currentPage.prev / next(pageCount-1)
- pass onEdgePan to dragGrid options
- CSS: drop the `overflow-x: hidden` from the dragging-state .pager
  rule. scrollTo() (driven by P1's $effect when currentPage changes)
  now turns pages during a drag. The user still can't accidentally
  scroll because dragGrid setPointerCapture owns the gesture.

Validation: pnpm check passes for new code (3 pre-existing vite.config
errors unrelated). pnpm lint: 0 new errors. Playwright smoke verifies
homepage still renders cleanly with no console errors. Full cross-page
drag still needs human verification with ≥36 real cards.
---
 web/src/lib/util/dragGrid.ts | 48 ++++++++++++++++++++++++++++++++++++
 web/src/routes/+page.svelte  | 22 ++++++++++++++---
 2 files changed, 67 insertions(+), 3 deletions(-)

diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index f858a8f..c460df6 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -54,6 +54,8 @@ export interface DragDropInfo extends DragHoverInfo {
   source: CardMeta;
 }
 
+export type EdgePanDirection = 'prev' | 'next';
+
 export interface DragGridOptions {
   /** Drag is gated on this. When false, pointerdown is a no-op. */
   enabled: boolean;
@@ -63,6 +65,14 @@ export interface DragGridOptions {
    * Consumer typically opens the folder so the user can drop inside it.
    */
   onSpringLoad?: (folderId: number) => void;
+  /**
+   * Edge-pan callback. Fires when cursor dwells within EDGE_PAN_THRESHOLD_PX
+   * of the viewport left/right edge for EDGE_PAN_DWELL_MS during an active
+   * drag, then keeps re-firing every EDGE_PAN_INTERVAL_MS until the cursor
+   * leaves the edge zone or the drag ends. Consumer typically advances the
+   * pager so a card can be dragged across pages.
+   */
+  onEdgePan?: (direction: EdgePanDirection) => void;
   /** Called on pointerup. Consumer commits the drop. */
   onDrop?: (info: DragDropInfo) => void;
 }
@@ -70,6 +80,9 @@ export interface DragGridOptions {
 const LIFT_THRESHOLD_PX = 5;
 const MERGE_INNER_FRACTION = 0.6; // inner 60% of card → merge
 const HOVER_DWELL_MS = 500;
+const EDGE_PAN_THRESHOLD_PX = 80;
+const EDGE_PAN_DWELL_MS = 600;
+const EDGE_PAN_INTERVAL_MS = 800;
 const CLONE_OPACITY = 0.88;
 const CLONE_LIFT_SCALE = 1.05;
 const CLONE_ID = '__draggrid_clone__';
@@ -88,6 +101,8 @@ interface DragSession {
   rafToken: number | null;
   dwellTimer: ReturnType<typeof setTimeout> | null;
   dwellTargetId: number | null;
+  edgePanTimer: ReturnType<typeof setTimeout> | null;
+  edgePanDirection: EdgePanDirection | null;
   hover: DragHoverInfo;
   pointerId: number;
 }
@@ -159,6 +174,8 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
       rafToken: null,
       dwellTimer: null,
       dwellTargetId: null,
+      edgePanTimer: null,
+      edgePanDirection: null,
       hover: { target: null, intent: null, hoverZone: meta.zone, outOfZone: false },
       pointerId: e.pointerId
     };
@@ -198,6 +215,36 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
     }
     const next = computeHover(session);
     applyHover(next);
+    applyEdgePan(detectEdgePan(cursorX));
+  }
+
+  function detectEdgePan(cursorX: number): EdgePanDirection | null {
+    if (cursorX <= EDGE_PAN_THRESHOLD_PX) return 'prev';
+    if (cursorX >= window.innerWidth - EDGE_PAN_THRESHOLD_PX) return 'next';
+    return null;
+  }
+
+  function applyEdgePan(direction: EdgePanDirection | null) {
+    if (!session) return;
+    if (direction === session.edgePanDirection) return;
+    cancelEdgePan();
+    if (!direction) return;
+    session.edgePanDirection = direction;
+    const repeat = () => {
+      if (!session || session.edgePanDirection !== direction) return;
+      options.onEdgePan?.(direction);
+      session.edgePanTimer = setTimeout(repeat, EDGE_PAN_INTERVAL_MS);
+    };
+    session.edgePanTimer = setTimeout(repeat, EDGE_PAN_DWELL_MS);
+  }
+
+  function cancelEdgePan() {
+    if (!session) return;
+    if (session.edgePanTimer) {
+      clearTimeout(session.edgePanTimer);
+      session.edgePanTimer = null;
+    }
+    session.edgePanDirection = null;
   }
 
   function liftSource(e: PointerEvent) {
@@ -328,6 +375,7 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
 
     if (s.rafToken != null) cancelAnimationFrame(s.rafToken);
     if (s.dwellTimer) clearTimeout(s.dwellTimer);
+    if (s.edgePanTimer) clearTimeout(s.edgePanTimer);
 
     if (s.clone) {
       s.clone.remove();
diff --git a/web/src/routes/+page.svelte b/web/src/routes/+page.svelte
index 5599400..bef001a 100644
--- a/web/src/routes/+page.svelte
+++ b/web/src/routes/+page.svelte
@@ -25,7 +25,12 @@
   import { ApiError } from '$lib/api/client';
   import { t } from '$lib/i18n/store';
   import type { Card as CardType } from '$lib/types/card';
-  import { dragGrid, type DragDropInfo, type DropIntent } from '$lib/util/dragGrid';
+  import {
+    dragGrid,
+    type DragDropInfo,
+    type DropIntent,
+    type EdgePanDirection
+  } from '$lib/util/dragGrid';
   import { chunk } from '$lib/util/paginate';
 
   function describeError(e: unknown): string {
@@ -161,6 +166,13 @@
     if (openFolderId !== folderId) openFolderId = folderId;
   }
 
+  /** Drag-to-edge auto pager turn (P2). dragGrid fires this while a card
+   *  is held near the viewport edge during an active drag. */
+  function onEdgePan(direction: EdgePanDirection) {
+    if (direction === 'prev') currentPage.prev();
+    else currentPage.next(pageCount - 1);
+  }
+
   /**
    * Compute the new sort_order list for a bucket after inserting `sourceId`
    * at slot `insertAt`. Returns ReorderEntry[] for `/api/cards/reorder`.
@@ -381,6 +393,7 @@
     use:dragGrid={{
       enabled: $jiggleMode && $sessionStore.authed,
       onSpringLoad,
+      onEdgePan,
       onDrop: handleDrop
     }}
   >
@@ -483,10 +496,13 @@
     padding: var(--sp-2) 0;
   }
   /* While dragGrid is lifting a card, kill scroll-snap so the user's
-   * pointer-driven drag doesn't fight the browser's snap-to-page. */
+   * pointer-driven drag doesn't fight the browser's snap-to-page.
+   * overflow-x stays auto so programmatic scrollTo() (driven by the
+   * edge-pan dwell in dragGrid) can still turn pages. The pointer
+   * itself is captured by dragGrid, so the user can't accidentally
+   * scroll the pager with wheel/touch during the drag. */
   :global(.canvas:has([data-card-id][data-dragging='true'])) .pager {
     scroll-snap-type: none;
-    overflow-x: hidden;
   }
   .grid {
     display: grid;

From 70028b36e646d2c8b5bcbdd9865ca3959e947c7a Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 21:26:34 +0800
Subject: [PATCH 23/77] feat(launchpad): site switcher as horizontal pill row
 (P3)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replace the header SiteSelect dropdown on the home route with an
inline horizontal pill row at the top of the page. Two controls
sharing one currentSite store would have been a duplicate, so the
header dropdown is hidden specifically when pathname === '/'; other
pages (admin etc.) keep it.

The pills follow LaunchPad clue §11.1 visuals: glass surface,
squircle shape, theme-color fill + lift on the active pill, white-text
for contrast on the gradient. ←/→ moves selection while focused; the
row scrolls horizontally if there are more sites than fit.

new components/Nav/SitePills.svelte
- pills hide automatically when there is only 1 site (degenerate case)
- backed by uiPrefs.setSite + currentSite store (no new state)
- aria-pressed (not role=tab) so the <nav> stays correct in a11y tree
+page.svelte: render <SitePills /> above all branches so it's visible
in launchpad / search / empty / loading.
Header/index.svelte: hide <SiteSelect /> on home via $page.url.pathname.
i18n: home.site.aria.

Validation: pnpm check + pnpm lint pass for new files (3 + 1
pre-existing errors unrelated). Playwright smoke confirms 4 pills
render with 1 active state, header dropdown is gone on /, no console
errors.
---
 web/src/lib/components/Header/index.svelte  |   7 +-
 web/src/lib/components/Nav/SitePills.svelte | 111 ++++++++++++++++++++
 web/src/lib/i18n/en.json                    |   1 +
 web/src/lib/i18n/zh.json                    |   1 +
 web/src/routes/+page.svelte                 |   3 +
 5 files changed, 122 insertions(+), 1 deletion(-)
 create mode 100644 web/src/lib/components/Nav/SitePills.svelte

diff --git a/web/src/lib/components/Header/index.svelte b/web/src/lib/components/Header/index.svelte
index 182b386..85a2b83 100644
--- a/web/src/lib/components/Header/index.svelte
+++ b/web/src/lib/components/Header/index.svelte
@@ -1,10 +1,15 @@
 <script lang="ts">
+  import { page } from '$app/stores';
   import Brand from './Brand.svelte';
   import SearchBar from './SearchBar.svelte';
   import SiteSelect from './SiteSelect.svelte';
   import ThemeToggle from './ThemeToggle.svelte';
   import LocaleToggle from './LocaleToggle.svelte';
   import AuthControls from './AuthControls.svelte';
+
+  // Home renders its own SitePills inline (LaunchPad clue §11.1), so the
+  // header dropdown would be a duplicate control — hide it on `/`.
+  const onHome = $derived($page.url.pathname === '/');
 </script>
 
 <header class="header">
@@ -16,7 +21,7 @@
       <SearchBar />
     </div>
     <div class="right">
-      <SiteSelect />
+      {#if !onHome}<SiteSelect />{/if}
       <ThemeToggle />
       <LocaleToggle />
       <AuthControls />
diff --git a/web/src/lib/components/Nav/SitePills.svelte b/web/src/lib/components/Nav/SitePills.svelte
new file mode 100644
index 0000000..f664be7
--- /dev/null
+++ b/web/src/lib/components/Nav/SitePills.svelte
@@ -0,0 +1,111 @@
+<script lang="ts">
+  import { navDataStore } from '$lib/stores/navData';
+  import { uiPrefs } from '$lib/stores/uiPrefs';
+  import { currentSite } from '$lib/stores/visible';
+  import { t } from '$lib/i18n/store';
+
+  const sites = $derived($navDataStore.bundle?.sites ?? []);
+  const activeValue = $derived($currentSite.site?.value ?? null);
+
+  function selectSite(value: string) {
+    if (value !== activeValue) uiPrefs.setSite(value);
+  }
+
+  function onPillKeydown(e: KeyboardEvent, idx: number) {
+    if (e.key === 'ArrowLeft' && idx > 0) {
+      e.preventDefault();
+      const target = sites[idx - 1];
+      selectSite(target.value);
+    } else if (e.key === 'ArrowRight' && idx < sites.length - 1) {
+      e.preventDefault();
+      const target = sites[idx + 1];
+      selectSite(target.value);
+    }
+  }
+</script>
+
+{#if sites.length > 1}
+  <nav class="pills" aria-label={$t('home.site.aria')}>
+    {#each sites as site, i (site.value)}
+      <button
+        type="button"
+        class="pill"
+        class:active={site.value === activeValue}
+        aria-pressed={site.value === activeValue}
+        onclick={() => selectSite(site.value)}
+        onkeydown={(e) => onPillKeydown(e, i)}
+      >
+        {site.name}
+      </button>
+    {/each}
+  </nav>
+{/if}
+
+<style lang="scss">
+  .pills {
+    display: flex;
+    flex-direction: row;
+    align-items: center;
+    justify-content: center;
+    flex-wrap: nowrap;
+    gap: var(--sp-2);
+    padding: var(--sp-2) var(--sp-3);
+    overflow-x: auto;
+    scrollbar-width: none;
+    max-width: 100%;
+  }
+  .pills::-webkit-scrollbar {
+    display: none;
+  }
+  .pill {
+    flex: 0 0 auto;
+    height: 36px;
+    padding: 0 var(--sp-4);
+    background: rgba(255, 255, 255, 0.28);
+    color: var(--c-card-label);
+    border: 1px solid rgba(255, 255, 255, 0.5);
+    border-radius: var(--rd-pill);
+    backdrop-filter: blur(10px);
+    -webkit-backdrop-filter: blur(10px);
+    font-family: inherit;
+    font-size: var(--fs-sm);
+    font-weight: var(--fw-medium);
+    cursor: pointer;
+    transition:
+      background var(--tr-fast),
+      border-color var(--tr-fast),
+      color var(--tr-fast),
+      box-shadow var(--tr-fast),
+      transform var(--tr-fast);
+    white-space: nowrap;
+  }
+  .pill:hover:not(.active) {
+    border-color: rgba(255, 255, 255, 0.85);
+    background: rgba(255, 255, 255, 0.45);
+  }
+  .pill.active {
+    background: var(--c-accent);
+    color: #fff;
+    border-color: var(--c-accent);
+    box-shadow: 0 4px 14px rgba(35, 25, 60, 0.22);
+    transform: translateY(-1px);
+  }
+  .pill:focus-visible {
+    outline: none;
+    box-shadow: 0 0 0 3px rgba(255, 255, 255, 0.5);
+  }
+  :global([data-theme='dark']) .pill {
+    background: rgba(20, 16, 28, 0.45);
+    border-color: rgba(255, 255, 255, 0.22);
+    color: var(--c-text);
+  }
+  :global([data-theme='dark']) .pill:hover:not(.active) {
+    background: rgba(20, 16, 28, 0.65);
+    border-color: rgba(255, 255, 255, 0.45);
+  }
+  :global([data-theme='dark']) .pill.active {
+    background: var(--c-accent);
+    border-color: var(--c-accent);
+    color: #fff;
+  }
+</style>
diff --git a/web/src/lib/i18n/en.json b/web/src/lib/i18n/en.json
index accb9b7..4ff681b 100644
--- a/web/src/lib/i18n/en.json
+++ b/web/src/lib/i18n/en.json
@@ -34,6 +34,7 @@
   "home.folder.untitled": "Untitled",
   "home.folder.deleteConfirm": "Delete folder \"{{name}}\" and release its {{count}} item(s) to the home grid?",
   "home.pager.aria": "Pages",
+  "home.site.aria": "Site switcher",
 
   "error.network.offline": "Cannot reach server",
   "error.network.retry": "Retry",
diff --git a/web/src/lib/i18n/zh.json b/web/src/lib/i18n/zh.json
index 4762e05..3db9619 100644
--- a/web/src/lib/i18n/zh.json
+++ b/web/src/lib/i18n/zh.json
@@ -34,6 +34,7 @@
   "home.folder.untitled": "未命名",
   "home.folder.deleteConfirm": "删除文件夹「{{name}}」并将其中 {{count}} 项放回首页网格？",
   "home.pager.aria": "页面",
+  "home.site.aria": "站点切换",
 
   "error.network.offline": "无法连接服务",
   "error.network.retry": "重试",
diff --git a/web/src/routes/+page.svelte b/web/src/routes/+page.svelte
index bef001a..3b607b9 100644
--- a/web/src/routes/+page.svelte
+++ b/web/src/routes/+page.svelte
@@ -15,6 +15,7 @@
   import InlineFolderExpand from '$lib/components/Nav/InlineFolderExpand.svelte';
   import JiggleHost from '$lib/components/Nav/JiggleHost.svelte';
   import PageDots from '$lib/components/Nav/PageDots.svelte';
+  import SitePills from '$lib/components/Nav/SitePills.svelte';
   import EmptyState from '$lib/components/Nav/EmptyState.svelte';
   import Skeleton from '$lib/components/ui/Skeleton.svelte';
   import Button from '$lib/components/ui/Button.svelte';
@@ -355,6 +356,8 @@
   <title>{siteTitle}</title>
 </svelte:head>
 
+<SitePills />
+
 {#if $navDataStore.loading && !$navDataStore.bundle}
   <div class="loading">
     <Skeleton width="240px" height="24px" />

From c628d9c179148e87426a7bbdc88e516387aee177 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 21:29:59 +0800
Subject: [PATCH 24/77] feat(launchpad): jiggle-mode click on item opens edit
 dialog (P4)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

LaunchPad clue §5.3: when the user is already in jiggle mode and
clicks the body of an item card (not the ✕, not the pencil), open
the edit dialog. Previously this was a no-op — the rationale was to
avoid the long-press release immediately popping the editor; now
that's solved by gating on a 350 ms grace window after enter() so
the long-press tail still no-ops as before.

stores/jiggle.ts: new enteredAtStore writable + readable export
jiggleEnteredAt. enter() records Date.now(), exit() resets to 0.

components/Nav/Card.svelte: open() in jiggle mode now reads the
enteredAt timestamp; clicks within 350 ms are treated as the
long-press release (no-op for items, expand for folders, same as
before); clicks after that window route to onEdit for items.

The pencil edit-button is kept as an explicit affordance for
discoverability — body-click is the iOS-style shortcut.

Validation: pnpm check + pnpm lint pass for changed files. Smoke
verifies pills + grid still render with no console errors.
---
 web/src/lib/components/Nav/Card.svelte | 24 ++++++++++++++++++------
 web/src/lib/stores/jiggle.ts           |  9 +++++++++
 2 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/web/src/lib/components/Nav/Card.svelte b/web/src/lib/components/Nav/Card.svelte
index d1d87d2..13e3a69 100644
--- a/web/src/lib/components/Nav/Card.svelte
+++ b/web/src/lib/components/Nav/Card.svelte
@@ -1,7 +1,7 @@
 <script lang="ts">
   import type { Card } from '$lib/types/card';
   import { currentSite } from '$lib/stores/visible';
-  import { jiggleMode } from '$lib/stores/jiggle';
+  import { jiggleMode, jiggleEnteredAt } from '$lib/stores/jiggle';
   import { t } from '$lib/i18n/store';
   import { longPress } from '$lib/util/longPress';
   import { navDataStore } from '$lib/stores/navData';
@@ -42,13 +42,25 @@
     }
   }
 
+  /** ms grace window after entering jiggle, during which a click on the
+   *  same card is treated as the long-press release (no-op) rather than
+   *  a fresh "edit me" click. */
+  const POST_LONGPRESS_GRACE_MS = 350;
+
   function open() {
     if ($jiggleMode) {
-      // In jiggle/edit mode, single-click on an item is a no-op — we
-      // don't want a long-press release to immediately pop the editor
-      // (the user is in editing mode, not launching/editing one item).
-      // Folders still expand on click so the user can rearrange inside.
-      if (isFolder) onOpenFolder?.(card.id);
+      // Distinguish "long-press release that just entered jiggle" from
+      // "a real click while already in jiggle". The former is the
+      // gesture's tail and must not also pop the editor; the latter is
+      // the §5.3 edit affordance.
+      const sinceEnter = Date.now() - $jiggleEnteredAt;
+      const isLongPressRelease = sinceEnter < POST_LONGPRESS_GRACE_MS;
+      if (isLongPressRelease) {
+        if (isFolder) onOpenFolder?.(card.id);
+        return;
+      }
+      if (isItem) onEdit?.(card);
+      else if (isFolder) onOpenFolder?.(card.id);
       return;
     }
     if (isItem && url) {
diff --git a/web/src/lib/stores/jiggle.ts b/web/src/lib/stores/jiggle.ts
index 5c95a5f..c0a2330 100644
--- a/web/src/lib/stores/jiggle.ts
+++ b/web/src/lib/stores/jiggle.ts
@@ -6,6 +6,11 @@ import { sessionStore } from './session';
 
 const { subscribe, set } = writable<boolean>(false);
 
+// Wall-clock timestamp of the most recent enter(). Cards read this to
+// distinguish "long-press release on the same card" (no-op) from a
+// genuine click while already in jiggle (edit dialog) — see Card.svelte.
+const enteredAtStore = writable<number>(0);
+
 let escAttached = false;
 
 function attachEscOnce() {
@@ -20,6 +25,8 @@ function attachEscOnce() {
 
 attachEscOnce();
 
+export const jiggleEnteredAt = { subscribe: enteredAtStore.subscribe };
+
 export const jiggleMode = {
   subscribe,
   /**
@@ -31,10 +38,12 @@ export const jiggleMode = {
     const session = get(sessionStore);
     if (!session.authed) return false;
     set(true);
+    enteredAtStore.set(Date.now());
     return true;
   },
   exit() {
     set(false);
+    enteredAtStore.set(0);
   },
   /** Test-only: read sync. */
   _peek: () => get({ subscribe })

From 9a5e35dccdc626ccb739134636cb7d5df6c8746c Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 21:32:42 +0800
Subject: [PATCH 25/77] feat(launchpad): empty-grid placeholder card for
 first-time add (P5)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

LaunchPad clue §11.2 / §5.1: when an authenticated user lands on a
site with no cards yet, the grid shouldn't render as a blank
canvas — it should surface the same dashed-+ placeholder that jiggle
mode shows, plus a one-line hint, so the first add is one click
away (no need to enter jiggle first, since there's nothing to
long-press).

Visibility rule for the placeholder cell on the last page:
  authed && (jiggleMode || rootCards.length === 0)

When the grid is also empty, an extra hint paragraph spans the full
grid row below the placeholder, "Click + to add your first card"
(localised). Unauthenticated viewers still see the existing
EmptyState branch — they have no permission to add anyway.

i18n: home.empty.hint.

Validation: pnpm check + pnpm lint pass for changed files. Smoke
on the populated site still renders normally with no console errors.

(P5 path-map originally bundled keyboard Tab cycling and long-press
Space preview; both moved to P6 so this commit stays single-purpose.)
---
 web/src/lib/i18n/en.json    |  1 +
 web/src/lib/i18n/zh.json    |  1 +
 web/src/routes/+page.svelte | 15 ++++++++++++++-
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/web/src/lib/i18n/en.json b/web/src/lib/i18n/en.json
index 4ff681b..2a92fd9 100644
--- a/web/src/lib/i18n/en.json
+++ b/web/src/lib/i18n/en.json
@@ -35,6 +35,7 @@
   "home.folder.deleteConfirm": "Delete folder \"{{name}}\" and release its {{count}} item(s) to the home grid?",
   "home.pager.aria": "Pages",
   "home.site.aria": "Site switcher",
+  "home.empty.hint": "Click + to add your first card",
 
   "error.network.offline": "Cannot reach server",
   "error.network.retry": "Retry",
diff --git a/web/src/lib/i18n/zh.json b/web/src/lib/i18n/zh.json
index 3db9619..8d8439f 100644
--- a/web/src/lib/i18n/zh.json
+++ b/web/src/lib/i18n/zh.json
@@ -35,6 +35,7 @@
   "home.folder.deleteConfirm": "删除文件夹「{{name}}」并将其中 {{count}} 项放回首页网格？",
   "home.pager.aria": "页面",
   "home.site.aria": "站点切换",
+  "home.empty.hint": "点击 + 添加第一张卡片",
 
   "error.network.offline": "无法连接服务",
   "error.network.retry": "重试",
diff --git a/web/src/routes/+page.svelte b/web/src/routes/+page.svelte
index 3b607b9..083dd45 100644
--- a/web/src/routes/+page.svelte
+++ b/web/src/routes/+page.svelte
@@ -429,10 +429,13 @@
                     onEdit={openEdit}
                   />
                 {/each}
-                {#if pageIdx === pages.length - 1 && $jiggleMode && $sessionStore.authed}
+                {#if pageIdx === pages.length - 1 && $sessionStore.authed && ($jiggleMode || $rootCards.length === 0)}
                   <div class="add-cell">
                     <NewItemAffordance onClick={() => openCreate(null)} />
                   </div>
+                  {#if $rootCards.length === 0}
+                    <p class="empty-hint">{$t('home.empty.hint')}</p>
+                  {/if}
                 {/if}
               </div>
             </div>
@@ -520,6 +523,16 @@
     justify-content: center;
     align-items: flex-start;
   }
+  /* Hint shown only when the grid is empty; spans the whole grid row so
+   * the placeholder card sits centered above its caption. */
+  .empty-hint {
+    grid-column: 1 / -1;
+    margin: 0;
+    color: var(--c-card-label);
+    opacity: 0.85;
+    font-size: var(--fs-sm);
+    text-align: center;
+  }
   @media (max-width: 500px) {
     .add-cell {
       width: 72px;

From 47869c121b499428388cb8b781e2f6b870466367 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 21:35:13 +0800
Subject: [PATCH 26/77] feat(launchpad): jiggle phase stagger + hover lift (P6)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

LaunchPad clue §4 / §10 visual polish:

- Jiggle phase stagger. Previously every card jiggled in lock-step,
  which reads as a global animation rather than per-cell motion.
  Three CSS phases (0 / -80 / -160 ms) cycle across nth-child(3n),
  spreading the 250 ms shake period evenly without any JS.
- Hover lift on the home cards in non-jiggle mode: translateY(-2px)
  + the existing shadow swap, so a mouse user gets a subtle "this is
  clickable" feedback. The lift is suppressed inside .cell.jiggle
  (the rotate keyframe owns the transform there; an extra translate
  would fight it). The folder tile gains the same transition.

No behavior change. pnpm lint passes for the changed file. Smoke
unchanged.
---
 web/src/lib/components/Nav/Card.svelte | 28 ++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/web/src/lib/components/Nav/Card.svelte b/web/src/lib/components/Nav/Card.svelte
index 13e3a69..0f24cef 100644
--- a/web/src/lib/components/Nav/Card.svelte
+++ b/web/src/lib/components/Nav/Card.svelte
@@ -259,6 +259,17 @@
     transform-origin: center;
     cursor: inherit;
   }
+  /* Phase-stagger: avoid every card jiggling in lock-step (LaunchPad
+   * clue §4 "each card's phase offset"). Three offsets across 0/+80/
+   * +160 ms cover the 250 ms period nicely. */
+  .cell.jiggle:nth-child(3n + 2) .card,
+  .cell.jiggle:nth-child(3n + 2) .folder {
+    animation-delay: -80ms;
+  }
+  .cell.jiggle:nth-child(3n) .card,
+  .cell.jiggle:nth-child(3n) .folder {
+    animation-delay: -160ms;
+  }
   /* Visual cue for "release here to merge / reparent". The hover
    * threshold (500ms) flips this on by setting the cell class. */
   .cell.merge-target .card,
@@ -311,10 +322,9 @@
     border-radius: 22px;
     box-shadow: var(--sh-card);
     cursor: pointer;
-    transition: box-shadow var(--tr-base);
-    &:hover:not(:disabled) {
-      box-shadow: var(--sh-card-hover);
-    }
+    transition:
+      box-shadow var(--tr-base),
+      transform var(--tr-base);
     &:disabled {
       opacity: 0.55;
       cursor: not-allowed;
@@ -326,6 +336,13 @@
       border-radius: 12px;
     }
   }
+  /* Hover lift only outside jiggle (jiggle owns the transform with its
+   * own animation; an extra translate would fight the rotate keyframe). */
+  .cell:not(.jiggle) .card:hover:not(:disabled),
+  .cell:not(.jiggle) .folder:hover {
+    box-shadow: var(--sh-card-hover);
+    transform: translateY(-2px);
+  }
   .folder {
     width: 120px;
     height: 120px;
@@ -337,6 +354,9 @@
     cursor: pointer;
     backdrop-filter: blur(10px);
     -webkit-backdrop-filter: blur(10px);
+    transition:
+      box-shadow var(--tr-base),
+      transform var(--tr-base);
   }
   :global([data-theme='dark']) .folder {
     background: rgba(255, 255, 255, 0.08);

From 250bc7ca804b177769df1365cf2aea36c743211d Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 21:41:21 +0800
Subject: [PATCH 27/77] =?UTF-8?q?chore(launchpad):=20P7=20=E2=80=94=20Tab?=
 =?UTF-8?q?=20cycle=20a11y=20+=20scope=20review?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Wrap-up phase. The home placeholder pager / dragGrid / pills /
jiggle-edit / empty-grid / phase-stagger work (P1-P6) is in. This
commit only does:

1. SitePills tabindex: only the active pill keeps tabindex 0; the
   others are -1. So the chip row is a single Tab stop — once
   focused, ←/→ moves between pills (already wired). This matches
   §11.1 "Tab cycles between chip / search / grid".

The accompanying plan-file §15 (kept outside the repo, in
~/.claude/plans/) records the §12 "intentionally not done" check,
the per-phase scope-discipline self-check, and the human-verification
checklist that still wants real data (≥36 cards, an admin login).

Long-press Space URL preview from plan §8 is explicitly skipped — it
is marked "optional" there and would need a new tooltip component.

Validation: pnpm lint passes for the changed file (uiPrefs.ts unused
import is pre-existing, unrelated). Smoke unchanged.
---
 web/src/lib/components/Nav/SitePills.svelte | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web/src/lib/components/Nav/SitePills.svelte b/web/src/lib/components/Nav/SitePills.svelte
index f664be7..8dd8c4e 100644
--- a/web/src/lib/components/Nav/SitePills.svelte
+++ b/web/src/lib/components/Nav/SitePills.svelte
@@ -32,6 +32,7 @@
         class="pill"
         class:active={site.value === activeValue}
         aria-pressed={site.value === activeValue}
+        tabindex={site.value === activeValue ? 0 : -1}
         onclick={() => selectSite(site.value)}
         onkeydown={(e) => onPillKeydown(e, i)}
       >

From 001b2a9c59194debf2498e9a7b71ee81bf33bcba Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 23:02:42 +0800
Subject: [PATCH 28/77] fix(launchpad): site switch back to dropdown + fix
 folder thumb overflow (P8)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two follow-ups from in-house testing.

1. Site switch back to dropdown.
   P3 introduced SitePills (horizontal pill row) in place of the
   header SiteSelect dropdown. The user prefers the original dropdown
   form, kept in the header right corner, so this commit reverts the
   visual side of P3:
   - Header renders <SiteSelect /> again (no path-based gating)
   - delete SitePills.svelte (dead code)
   - drop the .pills override and home.site.aria i18n key

   The link-per-site data model (P3 was layered on top of) is
   untouched — switching site still resolves card.links[siteValue].

2. Folder thumbnail overflow fix.
   The 2x2 mini-grid inside a folder card (Card.svelte .thumbs/.thumb)
   was letting individual favicon <img> elements push the cell past
   its 1fr share, because grid items default to a min-content auto
   floor and an <img>'s min-content is its natural pixel size. With
   a high-res favicon the thumb blew out the 120x120 folder. Two
   one-line CSS fixes:
   - .thumbs > * { min-width: 0; min-height: 0 } — disable the
     min-content auto-expansion so each cell is exactly 1fr
   - .thumb { display: block; max-width: 100%; max-height: 100% } —
     drop the inline baseline that was pushing rows down, and clamp
     the natural image size as a belt-and-braces

   The visual surround (white-70% bg, 8px radius, 3px padding) is
   kept as before — only the size is now correctly contained.

Validation: pnpm lint passes for changed files. Docker rebuild
verified the home grid still renders with all folder thumbnails fitting
inside the 120x120 squircle.
---
 web/src/lib/components/Header/index.svelte  |   7 +-
 web/src/lib/components/Nav/Card.svelte      |  15 +++
 web/src/lib/components/Nav/SitePills.svelte | 112 --------------------
 web/src/lib/i18n/en.json                    |   1 -
 web/src/lib/i18n/zh.json                    |   1 -
 web/src/routes/+page.svelte                 |   3 -
 6 files changed, 16 insertions(+), 123 deletions(-)
 delete mode 100644 web/src/lib/components/Nav/SitePills.svelte

diff --git a/web/src/lib/components/Header/index.svelte b/web/src/lib/components/Header/index.svelte
index 85a2b83..182b386 100644
--- a/web/src/lib/components/Header/index.svelte
+++ b/web/src/lib/components/Header/index.svelte
@@ -1,15 +1,10 @@
 <script lang="ts">
-  import { page } from '$app/stores';
   import Brand from './Brand.svelte';
   import SearchBar from './SearchBar.svelte';
   import SiteSelect from './SiteSelect.svelte';
   import ThemeToggle from './ThemeToggle.svelte';
   import LocaleToggle from './LocaleToggle.svelte';
   import AuthControls from './AuthControls.svelte';
-
-  // Home renders its own SitePills inline (LaunchPad clue §11.1), so the
-  // header dropdown would be a duplicate control — hide it on `/`.
-  const onHome = $derived($page.url.pathname === '/');
 </script>
 
 <header class="header">
@@ -21,7 +16,7 @@
       <SearchBar />
     </div>
     <div class="right">
-      {#if !onHome}<SiteSelect />{/if}
+      <SiteSelect />
       <ThemeToggle />
       <LocaleToggle />
       <AuthControls />
diff --git a/web/src/lib/components/Nav/Card.svelte b/web/src/lib/components/Nav/Card.svelte
index 0f24cef..449f13a 100644
--- a/web/src/lib/components/Nav/Card.svelte
+++ b/web/src/lib/components/Nav/Card.svelte
@@ -368,10 +368,25 @@
     gap: 6px;
     width: 100%;
     height: 100%;
+    /* Grid items can grow past the container by their intrinsic min
+     * content size — for an <img> that is the natural pixel size of
+     * the favicon, which on a high-res icon will absolutely blow the
+     * 120x120 folder out. Pinning min-width/min-height to 0 disables
+     * that auto-expansion so each cell gets exactly 1fr. */
+    > * {
+      min-width: 0;
+      min-height: 0;
+    }
   }
   .thumb {
+    /* Use display:block so the inline baseline of <img> doesn't push
+     * the grid row down. width/height + max-* clamp the natural size
+     * of the favicon to the cell. */
+    display: block;
     width: 100%;
     height: 100%;
+    max-width: 100%;
+    max-height: 100%;
     object-fit: contain;
     background: rgba(255, 255, 255, 0.7);
     border-radius: 8px;
diff --git a/web/src/lib/components/Nav/SitePills.svelte b/web/src/lib/components/Nav/SitePills.svelte
deleted file mode 100644
index 8dd8c4e..0000000
--- a/web/src/lib/components/Nav/SitePills.svelte
+++ /dev/null
@@ -1,112 +0,0 @@
-<script lang="ts">
-  import { navDataStore } from '$lib/stores/navData';
-  import { uiPrefs } from '$lib/stores/uiPrefs';
-  import { currentSite } from '$lib/stores/visible';
-  import { t } from '$lib/i18n/store';
-
-  const sites = $derived($navDataStore.bundle?.sites ?? []);
-  const activeValue = $derived($currentSite.site?.value ?? null);
-
-  function selectSite(value: string) {
-    if (value !== activeValue) uiPrefs.setSite(value);
-  }
-
-  function onPillKeydown(e: KeyboardEvent, idx: number) {
-    if (e.key === 'ArrowLeft' && idx > 0) {
-      e.preventDefault();
-      const target = sites[idx - 1];
-      selectSite(target.value);
-    } else if (e.key === 'ArrowRight' && idx < sites.length - 1) {
-      e.preventDefault();
-      const target = sites[idx + 1];
-      selectSite(target.value);
-    }
-  }
-</script>
-
-{#if sites.length > 1}
-  <nav class="pills" aria-label={$t('home.site.aria')}>
-    {#each sites as site, i (site.value)}
-      <button
-        type="button"
-        class="pill"
-        class:active={site.value === activeValue}
-        aria-pressed={site.value === activeValue}
-        tabindex={site.value === activeValue ? 0 : -1}
-        onclick={() => selectSite(site.value)}
-        onkeydown={(e) => onPillKeydown(e, i)}
-      >
-        {site.name}
-      </button>
-    {/each}
-  </nav>
-{/if}
-
-<style lang="scss">
-  .pills {
-    display: flex;
-    flex-direction: row;
-    align-items: center;
-    justify-content: center;
-    flex-wrap: nowrap;
-    gap: var(--sp-2);
-    padding: var(--sp-2) var(--sp-3);
-    overflow-x: auto;
-    scrollbar-width: none;
-    max-width: 100%;
-  }
-  .pills::-webkit-scrollbar {
-    display: none;
-  }
-  .pill {
-    flex: 0 0 auto;
-    height: 36px;
-    padding: 0 var(--sp-4);
-    background: rgba(255, 255, 255, 0.28);
-    color: var(--c-card-label);
-    border: 1px solid rgba(255, 255, 255, 0.5);
-    border-radius: var(--rd-pill);
-    backdrop-filter: blur(10px);
-    -webkit-backdrop-filter: blur(10px);
-    font-family: inherit;
-    font-size: var(--fs-sm);
-    font-weight: var(--fw-medium);
-    cursor: pointer;
-    transition:
-      background var(--tr-fast),
-      border-color var(--tr-fast),
-      color var(--tr-fast),
-      box-shadow var(--tr-fast),
-      transform var(--tr-fast);
-    white-space: nowrap;
-  }
-  .pill:hover:not(.active) {
-    border-color: rgba(255, 255, 255, 0.85);
-    background: rgba(255, 255, 255, 0.45);
-  }
-  .pill.active {
-    background: var(--c-accent);
-    color: #fff;
-    border-color: var(--c-accent);
-    box-shadow: 0 4px 14px rgba(35, 25, 60, 0.22);
-    transform: translateY(-1px);
-  }
-  .pill:focus-visible {
-    outline: none;
-    box-shadow: 0 0 0 3px rgba(255, 255, 255, 0.5);
-  }
-  :global([data-theme='dark']) .pill {
-    background: rgba(20, 16, 28, 0.45);
-    border-color: rgba(255, 255, 255, 0.22);
-    color: var(--c-text);
-  }
-  :global([data-theme='dark']) .pill:hover:not(.active) {
-    background: rgba(20, 16, 28, 0.65);
-    border-color: rgba(255, 255, 255, 0.45);
-  }
-  :global([data-theme='dark']) .pill.active {
-    background: var(--c-accent);
-    border-color: var(--c-accent);
-    color: #fff;
-  }
-</style>
diff --git a/web/src/lib/i18n/en.json b/web/src/lib/i18n/en.json
index 2a92fd9..c4eb210 100644
--- a/web/src/lib/i18n/en.json
+++ b/web/src/lib/i18n/en.json
@@ -34,7 +34,6 @@
   "home.folder.untitled": "Untitled",
   "home.folder.deleteConfirm": "Delete folder \"{{name}}\" and release its {{count}} item(s) to the home grid?",
   "home.pager.aria": "Pages",
-  "home.site.aria": "Site switcher",
   "home.empty.hint": "Click + to add your first card",
 
   "error.network.offline": "Cannot reach server",
diff --git a/web/src/lib/i18n/zh.json b/web/src/lib/i18n/zh.json
index 8d8439f..1b96dc4 100644
--- a/web/src/lib/i18n/zh.json
+++ b/web/src/lib/i18n/zh.json
@@ -34,7 +34,6 @@
   "home.folder.untitled": "未命名",
   "home.folder.deleteConfirm": "删除文件夹「{{name}}」并将其中 {{count}} 项放回首页网格？",
   "home.pager.aria": "页面",
-  "home.site.aria": "站点切换",
   "home.empty.hint": "点击 + 添加第一张卡片",
 
   "error.network.offline": "无法连接服务",
diff --git a/web/src/routes/+page.svelte b/web/src/routes/+page.svelte
index 083dd45..5cb0145 100644
--- a/web/src/routes/+page.svelte
+++ b/web/src/routes/+page.svelte
@@ -15,7 +15,6 @@
   import InlineFolderExpand from '$lib/components/Nav/InlineFolderExpand.svelte';
   import JiggleHost from '$lib/components/Nav/JiggleHost.svelte';
   import PageDots from '$lib/components/Nav/PageDots.svelte';
-  import SitePills from '$lib/components/Nav/SitePills.svelte';
   import EmptyState from '$lib/components/Nav/EmptyState.svelte';
   import Skeleton from '$lib/components/ui/Skeleton.svelte';
   import Button from '$lib/components/ui/Button.svelte';
@@ -356,8 +355,6 @@
   <title>{siteTitle}</title>
 </svelte:head>
 
-<SitePills />
-
 {#if $navDataStore.loading && !$navDataStore.bundle}
   <div class="loading">
     <Skeleton width="240px" height="24px" />

From fb5e255cde1838315d12a9c5391e819014a3b9a9 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 23:04:46 +0800
Subject: [PATCH 29/77] fix(launchpad): soften card drop-shadow, drop the dark
 halo (P9)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

User reported a dark ring around every card on the home grid. The
light-theme --sh-card was 0 0 22px rgba(35,25,60,0.35) — a center-
spread shadow with zero offset, large blur, and 35% alpha. On the
warm-toned launchpad gradient that reads as a dim violet halo
hugging each tile rather than a drop shadow.

Switch to a directional drop shadow with low opacity:

  --sh-card:       0 4px 16px rgba(35, 25, 60, 0.18);
  --sh-card-hover: 0 8px 22px rgba(35, 25, 60, 0.26);

Same brand-violet tint, but offset down (so it reads as light coming
from above) and dimmer. Hover state is dimensionally taller, matching
the existing translateY(-2px) lift from P6.

Dark theme tokens unchanged — those are already directional drops
that work on the dark backdrop.

Verified with a docker rebuild + Playwright capture: the halo is
gone, cards keep clear separation from the gradient.
---
 web/src/lib/design/tokens.scss | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/web/src/lib/design/tokens.scss b/web/src/lib/design/tokens.scss
index 2d28309..97d6949 100644
--- a/web/src/lib/design/tokens.scss
+++ b/web/src/lib/design/tokens.scss
@@ -56,9 +56,12 @@
   --sh-md: 0 4px 12px rgba(0, 0, 0, 0.06);
   --sh-lg: 0 12px 32px rgba(0, 0, 0, 0.08);
 
-  /* Card — bigger, more dimensional than --sh-* primitives. Used by NavItem. */
-  --sh-card: 0 0 22px rgba(35, 25, 60, 0.35);
-  --sh-card-hover: 0 0 28px rgba(35, 25, 60, 0.45);
+  /* Card — soft directional drop shadow (sits below the card so the
+   * gradient backdrop doesn't read as a dark halo around it). Light
+   * theme: low opacity violet tint kept consistent with the brand
+   * palette. */
+  --sh-card: 0 4px 16px rgba(35, 25, 60, 0.18);
+  --sh-card-hover: 0 8px 22px rgba(35, 25, 60, 0.26);
 
   /* Card label color — sits over the vibrant gradient, so white + shadow. */
   --c-card-label: #ffffff;

From 325dfb27690fb41b05a997f0c7c4587c6b1e7a4c Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 23:08:33 +0800
Subject: [PATCH 30/77] fix(launchpad): folder title floats above the panel
 (P10)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Match macOS LaunchPad: when a folder opens, its name is rendered as
a floating label centered above the panel rather than as a left-
aligned header inside the card. The close × moves to the inner
top-right corner of the panel itself.

Implementation:
- new .wrap container holds <h3 class="title"> + <section class="expand">
  in a vertical flex column (title on top, panel below, gap sp-3)
- the entry animation moves to .wrap so title + panel scale together
- .expand becomes position:relative so .close can absolute-pin to its
  own inner top-right
- title uses card-label color + sh-card-label text shadow for contrast
  on the gradient backdrop, fs-lg + semibold weight + slight letter-
  spacing to read as a label, not body text
---
 .../components/Nav/InlineFolderExpand.svelte  | 66 ++++++++++++-------
 1 file changed, 41 insertions(+), 25 deletions(-)

diff --git a/web/src/lib/components/Nav/InlineFolderExpand.svelte b/web/src/lib/components/Nav/InlineFolderExpand.svelte
index 523d69d..7ffd881 100644
--- a/web/src/lib/components/Nav/InlineFolderExpand.svelte
+++ b/web/src/lib/components/Nav/InlineFolderExpand.svelte
@@ -61,19 +61,19 @@
     if (!$dragSource) onClose();
   }}
 ></div>
-<section class="expand" aria-label={folder.name}>
-  <header>
-    <h3>{folder.name}</h3>
+<div class="wrap">
+  <h3 class="title">{folder.name}</h3>
+  <section class="expand" aria-label={folder.name}>
     <button type="button" class="close" aria-label={$t('common.close')} onclick={onClose}>
       ×
     </button>
-  </header>
-  <div class="grid" data-zone={zoneId}>
-    {#each childCards as c (c.id)}
-      <CardComp card={c} {onEdit} />
-    {/each}
-  </div>
-</section>
+    <div class="grid" data-zone={zoneId}>
+      {#each childCards as c (c.id)}
+        <CardComp card={c} {onEdit} />
+      {/each}
+    </div>
+  </section>
+</div>
 
 <style lang="scss">
   .backdrop {
@@ -85,13 +85,36 @@
     z-index: 80;
     animation: backdrop-in 0.18s ease-out;
   }
-  .expand {
+  /* The wrapper is the fixed-position container so the entry animation
+   * lives on it; .expand inside is the actual card. .title sits above
+   * .expand as a floating label, matching macOS Launchpad. */
+  .wrap {
     position: fixed;
     top: 50%;
     left: 50%;
     transform: translate(-50%, -50%);
-    width: min(90vw, 720px);
+    z-index: 81;
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: var(--sp-3);
     max-height: calc(100vh - 96px);
+    width: min(90vw, 720px);
+    animation: wrap-in 0.22s cubic-bezier(0.2, 0.8, 0.2, 1);
+  }
+  .title {
+    margin: 0;
+    font-size: var(--fs-lg);
+    font-weight: var(--fw-semibold);
+    color: var(--c-card-label);
+    text-shadow: var(--sh-card-label);
+    letter-spacing: 0.04em;
+  }
+  .expand {
+    position: relative;
+    width: 100%;
+    flex: 1 1 auto;
+    min-height: 0;
     overflow: auto;
     padding: var(--sp-5);
     background: rgba(255, 255, 255, 0.62);
@@ -102,8 +125,6 @@
       0 6px 22px rgba(0, 0, 0, 0.14);
     backdrop-filter: blur(30px) saturate(180%);
     -webkit-backdrop-filter: blur(30px) saturate(180%);
-    z-index: 81;
-    animation: panel-in 0.22s cubic-bezier(0.2, 0.8, 0.2, 1);
   }
   :global([data-theme='dark']) .backdrop {
     background: rgba(8, 6, 14, 0.45);
@@ -120,7 +141,7 @@
       opacity: 1;
     }
   }
-  @keyframes panel-in {
+  @keyframes wrap-in {
     from {
       opacity: 0;
       transform: translate(-50%, calc(-50% + 8px)) scale(0.96);
@@ -130,22 +151,17 @@
       transform: translate(-50%, -50%) scale(1);
     }
   }
-  header {
-    display: flex;
-    align-items: center;
-    justify-content: space-between;
-    margin-bottom: var(--sp-4);
-  }
-  h3 {
-    margin: 0;
-    font-size: var(--fs-md);
-  }
   .close {
+    position: absolute;
+    top: var(--sp-3);
+    right: var(--sp-3);
     background: transparent;
     border: 0;
     font-size: 24px;
+    line-height: 1;
     cursor: pointer;
     color: var(--c-text);
+    z-index: 1;
   }
   .grid {
     display: grid;

From 342656755c338aec5299cc7514e9c263a41f0b26 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 23:10:19 +0800
Subject: [PATCH 31/77] =?UTF-8?q?fix(launchpad):=20drop=20the=20explicit?=
 =?UTF-8?q?=20close=20=C3=97=20from=20folder=20panel?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Backdrop click and Esc already close the folder panel, so the inner
× button was redundant and competed with the floating title for
attention. Remove it for a cleaner macOS-style look. Also drop the
now-unused t import.
---
 .../lib/components/Nav/InlineFolderExpand.svelte | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/web/src/lib/components/Nav/InlineFolderExpand.svelte b/web/src/lib/components/Nav/InlineFolderExpand.svelte
index 7ffd881..bfc1cb3 100644
--- a/web/src/lib/components/Nav/InlineFolderExpand.svelte
+++ b/web/src/lib/components/Nav/InlineFolderExpand.svelte
@@ -3,7 +3,6 @@
   import { onMount } from 'svelte';
   import { navDataStore } from '$lib/stores/navData';
   import { currentSite } from '$lib/stores/visible';
-  import { t } from '$lib/i18n/store';
   import { dragSource } from '$lib/stores/dragMerge';
   import CardComp from './Card.svelte';
 
@@ -64,9 +63,6 @@
 <div class="wrap">
   <h3 class="title">{folder.name}</h3>
   <section class="expand" aria-label={folder.name}>
-    <button type="button" class="close" aria-label={$t('common.close')} onclick={onClose}>
-      ×
-    </button>
     <div class="grid" data-zone={zoneId}>
       {#each childCards as c (c.id)}
         <CardComp card={c} {onEdit} />
@@ -151,18 +147,6 @@
       transform: translate(-50%, -50%) scale(1);
     }
   }
-  .close {
-    position: absolute;
-    top: var(--sp-3);
-    right: var(--sp-3);
-    background: transparent;
-    border: 0;
-    font-size: 24px;
-    line-height: 1;
-    cursor: pointer;
-    color: var(--c-text);
-    z-index: 1;
-  }
   .grid {
     display: grid;
     grid-template-columns: repeat(auto-fill, 120px);

From 1c9c45220b69da36d95f6b431597d891c0f0b557 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 23:12:24 +0800
Subject: [PATCH 32/77] fix(launchpad): more breathing room between folder
 title and panel

Bump .wrap gap from sp-3 (12px) to sp-5 (24px) so the title floats
visibly above the panel instead of crowding it.
---
 web/src/lib/components/Nav/InlineFolderExpand.svelte | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/lib/components/Nav/InlineFolderExpand.svelte b/web/src/lib/components/Nav/InlineFolderExpand.svelte
index bfc1cb3..68f1be2 100644
--- a/web/src/lib/components/Nav/InlineFolderExpand.svelte
+++ b/web/src/lib/components/Nav/InlineFolderExpand.svelte
@@ -93,7 +93,7 @@
     display: flex;
     flex-direction: column;
     align-items: center;
-    gap: var(--sp-3);
+    gap: var(--sp-5);
     max-height: calc(100vh - 96px);
     width: min(90vw, 720px);
     animation: wrap-in 0.22s cubic-bezier(0.2, 0.8, 0.2, 1);

From 83bc9e030ffff7434e5b5529c81c9a27fda72eee Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 23:17:22 +0800
Subject: [PATCH 33/77] fix(launchpad): folder title editable in jiggle, drop
 the pencil affordance
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two related cleanups in folder-name editing:

1. The floating folder title in InlineFolderExpand was a static <h3>
   with no rename path. In jiggle + authed it now renders as a
   button; clicking turns into an inline <input> (Enter saves, Esc
   cancels, blur saves), reusing the patchCard call + applyCardPatch
   optimistic update Card.svelte uses for the home-grid label.

2. The pencil-in-circle "edit" button on the top-right of every item
   card during jiggle is now redundant — P4 already routes a
   jiggle-mode body click to the edit dialog, and the right corner
   was visually busy alongside the × delete on the left. Drop the
   button, its onEditClick handler, and its .edit-btn CSS.

Validation: pnpm lint passes for changed files. Docker rebuild
verified inline rename in the folder panel works (click name -> input
-> Enter -> name updates, panel stays open).
---
 web/src/lib/components/Nav/Card.svelte        | 40 ----------
 .../components/Nav/InlineFolderExpand.svelte  | 77 ++++++++++++++++++-
 2 files changed, 76 insertions(+), 41 deletions(-)

diff --git a/web/src/lib/components/Nav/Card.svelte b/web/src/lib/components/Nav/Card.svelte
index 449f13a..072fe85 100644
--- a/web/src/lib/components/Nav/Card.svelte
+++ b/web/src/lib/components/Nav/Card.svelte
@@ -70,12 +70,6 @@
     }
   }
 
-  function onEditClick(e: MouseEvent) {
-    // Explicit edit affordance (pencil button) only visible in jiggle.
-    e.stopPropagation();
-    if (isItem) onEdit?.(card);
-  }
-
   function onKeydown(e: KeyboardEvent) {
     if ($jiggleMode) return;
     if (e.key === 'Enter' || e.key === ' ') {
@@ -153,24 +147,6 @@
     <button type="button" class="x-btn" aria-label={$t('common.delete')} onclick={onDelete}>
       ×
     </button>
-    {#if isItem}
-      <button type="button" class="edit-btn" aria-label={$t('common.edit')} onclick={onEditClick}>
-        <svg
-          width="12"
-          height="12"
-          viewBox="0 0 24 24"
-          fill="none"
-          stroke="currentColor"
-          stroke-width="2.4"
-          stroke-linecap="round"
-          stroke-linejoin="round"
-          aria-hidden="true"
-        >
-          <path d="M12 20h9" />
-          <path d="M16.5 3.5a2.121 2.121 0 1 1 3 3L7 19l-4 1 1-4 12.5-12.5z" />
-        </svg>
-      </button>
-    {/if}
   {/if}
 
   {#if isFolder}
@@ -297,22 +273,6 @@
     cursor: pointer;
     z-index: 2;
   }
-  .edit-btn {
-    position: absolute;
-    top: -6px;
-    right: -6px;
-    width: 22px;
-    height: 22px;
-    border-radius: 50%;
-    border: 0;
-    background: var(--c-accent, #4a6cf7);
-    color: white;
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    cursor: pointer;
-    z-index: 2;
-  }
   .card {
     width: 120px;
     height: 120px;
diff --git a/web/src/lib/components/Nav/InlineFolderExpand.svelte b/web/src/lib/components/Nav/InlineFolderExpand.svelte
index 68f1be2..d9b059a 100644
--- a/web/src/lib/components/Nav/InlineFolderExpand.svelte
+++ b/web/src/lib/components/Nav/InlineFolderExpand.svelte
@@ -3,7 +3,12 @@
   import { onMount } from 'svelte';
   import { navDataStore } from '$lib/stores/navData';
   import { currentSite } from '$lib/stores/visible';
+  import { jiggleMode } from '$lib/stores/jiggle';
+  import { sessionStore } from '$lib/stores/session';
   import { dragSource } from '$lib/stores/dragMerge';
+  import { patchCard } from '$lib/api/cards';
+  import { toast } from '$lib/components/ui/toast';
+  import { t } from '$lib/i18n/store';
   import CardComp from './Card.svelte';
 
   interface Props {
@@ -13,6 +18,33 @@
   }
   let { folder, onClose, onEdit }: Props = $props();
 
+  // Folder rename — only available in jiggle mode + authed.
+  let renaming = $state(false);
+  let renameValue = $state('');
+
+  function startRename() {
+    if (!$jiggleMode || !$sessionStore.authed) return;
+    renaming = true;
+    renameValue = folder.name;
+  }
+
+  async function commitRename() {
+    const next = renameValue.trim();
+    renaming = false;
+    if (!next || next === folder.name) return;
+    try {
+      const updated = await patchCard(folder.id, { name: next });
+      navDataStore.applyCardPatch(folder.id, { name: updated.name });
+    } catch {
+      toast.error($t('error.unknown'));
+      navDataStore.refetch();
+    }
+  }
+
+  function cancelRename() {
+    renaming = false;
+  }
+
   // Drag handling lives on the page-level <div use:dragGrid>. This panel
   // just renders cards inside a [data-zone] container so the action can
   // identify them as "in this folder" during cross-zone hit tests.
@@ -61,7 +93,23 @@
   }}
 ></div>
 <div class="wrap">
-  <h3 class="title">{folder.name}</h3>
+  {#if renaming}
+    <!-- svelte-ignore a11y_autofocus -->
+    <input
+      class="title-input"
+      bind:value={renameValue}
+      onkeydown={(e) => {
+        if (e.key === 'Enter') commitRename();
+        else if (e.key === 'Escape') cancelRename();
+      }}
+      onblur={commitRename}
+      autofocus
+    />
+  {:else if $jiggleMode && $sessionStore.authed}
+    <button type="button" class="title rename" onclick={startRename}>{folder.name}</button>
+  {:else}
+    <h3 class="title">{folder.name}</h3>
+  {/if}
   <section class="expand" aria-label={folder.name}>
     <div class="grid" data-zone={zoneId}>
       {#each childCards as c (c.id)}
@@ -100,12 +148,39 @@
   }
   .title {
     margin: 0;
+    padding: 0;
+    background: transparent;
+    border: 0;
+    font-family: inherit;
     font-size: var(--fs-lg);
     font-weight: var(--fw-semibold);
     color: var(--c-card-label);
     text-shadow: var(--sh-card-label);
     letter-spacing: 0.04em;
   }
+  .title.rename {
+    cursor: text;
+  }
+  .title-input {
+    margin: 0;
+    padding: 4px 10px;
+    background: rgba(255, 255, 255, 0.7);
+    border: 1px solid rgba(255, 255, 255, 0.85);
+    border-radius: 8px;
+    font-family: inherit;
+    font-size: var(--fs-lg);
+    font-weight: var(--fw-semibold);
+    color: var(--c-text);
+    letter-spacing: 0.04em;
+    text-align: center;
+    min-width: 160px;
+    outline: none;
+  }
+  :global([data-theme='dark']) .title-input {
+    background: rgba(28, 22, 40, 0.75);
+    border-color: rgba(255, 255, 255, 0.18);
+    color: var(--c-text);
+  }
   .expand {
     position: relative;
     width: 100%;

From ecff276c23f46213651ed64562c1243c42a6017a Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 23:21:50 +0800
Subject: [PATCH 34/77] fix(launchpad): rename racing two PATCHes against the
 SQLite lock
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Symptom (server log):
  ERROR ... PATCH /api/cards/4 ... database is locked
  INFO  ... PATCH /api/cards/4 ... 200
A 500 followed instantly by a 200 for the same card.

Root cause: the rename input wires both onkeydown Enter and onblur
to commitRename. Pressing Enter sets renaming=false; Svelte unmounts
the input in the same tick; the unmount fires the input's blur which
re-enters commitRename. Two concurrent patchCard() calls race for the
SQLite write lock — one gets it, the other returns "database is
locked".

Fix in both Card.svelte (home-grid folder label) and InlineFolderExpand
(folder panel title):

1. Add a `committing` flag. commitRename returns early if it's already
   running, so the trailing onblur is a no-op while the first PATCH is
   in flight.

2. cancelRename now resets renameValue back to the original name. So
   if the user pressed Esc but had typed something, the trailing
   onblur sees `next === folder.name` and skips the PATCH, preserving
   the cancel intent.
---
 web/src/lib/components/Nav/Card.svelte         | 17 ++++++++++++++---
 .../components/Nav/InlineFolderExpand.svelte   | 18 +++++++++++++++---
 2 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/web/src/lib/components/Nav/Card.svelte b/web/src/lib/components/Nav/Card.svelte
index 072fe85..e7523df 100644
--- a/web/src/lib/components/Nav/Card.svelte
+++ b/web/src/lib/components/Nav/Card.svelte
@@ -88,6 +88,10 @@
 
   let renaming = $state(false);
   let renameValue = $state('');
+  // Guard against onblur firing a second commit right after Enter — the
+  // input unmounts in the same tick but onblur still arrives. A second
+  // concurrent PATCH races the first for the SQLite write lock and 500s.
+  let committing = $state(false);
 
   function startRename(e: MouseEvent) {
     e.stopPropagation();
@@ -97,19 +101,26 @@
   }
 
   async function commitRename() {
+    if (committing) return;
+    committing = true;
     const next = renameValue.trim();
     renaming = false;
-    if (!next || next === card.name) return;
     try {
-      const updated = await patchCard(card.id, { name: next });
-      navDataStore.applyCardPatch(card.id, { name: updated.name });
+      if (next && next !== card.name) {
+        const updated = await patchCard(card.id, { name: next });
+        navDataStore.applyCardPatch(card.id, { name: updated.name });
+      }
     } catch {
       toast.error($t('error.unknown'));
       navDataStore.refetch();
+    } finally {
+      committing = false;
     }
   }
 
   function cancelRename() {
+    // Reset the buffer so the trailing onblur sees "unchanged" and no-ops.
+    renameValue = card.name;
     renaming = false;
   }
 
diff --git a/web/src/lib/components/Nav/InlineFolderExpand.svelte b/web/src/lib/components/Nav/InlineFolderExpand.svelte
index d9b059a..e2b39db 100644
--- a/web/src/lib/components/Nav/InlineFolderExpand.svelte
+++ b/web/src/lib/components/Nav/InlineFolderExpand.svelte
@@ -21,6 +21,11 @@
   // Folder rename — only available in jiggle mode + authed.
   let renaming = $state(false);
   let renameValue = $state('');
+  // Guard against the trailing onblur firing commitRename a second time
+  // after Enter already submitted (the input unmounts in the same tick;
+  // onblur still arrives). A second concurrent PATCH would race the
+  // first one for the SQLite write lock and 500.
+  let committing = $state(false);
 
   function startRename() {
     if (!$jiggleMode || !$sessionStore.authed) return;
@@ -29,19 +34,26 @@
   }
 
   async function commitRename() {
+    if (committing) return;
+    committing = true;
     const next = renameValue.trim();
     renaming = false;
-    if (!next || next === folder.name) return;
     try {
-      const updated = await patchCard(folder.id, { name: next });
-      navDataStore.applyCardPatch(folder.id, { name: updated.name });
+      if (next && next !== folder.name) {
+        const updated = await patchCard(folder.id, { name: next });
+        navDataStore.applyCardPatch(folder.id, { name: updated.name });
+      }
     } catch {
       toast.error($t('error.unknown'));
       navDataStore.refetch();
+    } finally {
+      committing = false;
     }
   }
 
   function cancelRename() {
+    // Reset the buffer so the trailing onblur sees "unchanged" and no-ops.
+    renameValue = folder.name;
     renaming = false;
   }
 

From f6f3ef378ffa83c35c89ab99164e3cd49d45ad17 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 23:27:56 +0800
Subject: [PATCH 35/77] fix(launchpad): long-press release stays a pure mode
 switch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two related polishes.

1. When the user long-presses a card to enter jiggle, the pointerup
   that ends the long-press is *also* delivered as a click on the
   source card. Within POST_LONGPRESS_GRACE_MS that click was being
   routed to either onOpenFolder or onEdit — so a long-press on a
   folder opened the folder, and a long-press on an item popped the
   editor, on top of switching to jiggle mode. Surprising.

   Inside the grace window, suppress every action: just enter jiggle,
   leave the card untouched. The user must release and click again
   to open / edit.

2. The delete affordance in jiggle is now a − (minus sign, U+2212)
   instead of × — closer to the iOS / macOS Launchpad shorthand and
   visually less aggressive.
---
 web/src/lib/components/Nav/Card.svelte | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/web/src/lib/components/Nav/Card.svelte b/web/src/lib/components/Nav/Card.svelte
index e7523df..6b2c531 100644
--- a/web/src/lib/components/Nav/Card.svelte
+++ b/web/src/lib/components/Nav/Card.svelte
@@ -49,16 +49,14 @@
 
   function open() {
     if ($jiggleMode) {
-      // Distinguish "long-press release that just entered jiggle" from
-      // "a real click while already in jiggle". The former is the
-      // gesture's tail and must not also pop the editor; the latter is
-      // the §5.3 edit affordance.
+      // The long-press that entered jiggle ends with a pointerup that
+      // we also see as a click on the source card. Inside the grace
+      // window suppress *any* effect — neither open the folder nor
+      // pop the editor. The user's intent was "switch to edit mode",
+      // not "edit/open this card too".
       const sinceEnter = Date.now() - $jiggleEnteredAt;
       const isLongPressRelease = sinceEnter < POST_LONGPRESS_GRACE_MS;
-      if (isLongPressRelease) {
-        if (isFolder) onOpenFolder?.(card.id);
-        return;
-      }
+      if (isLongPressRelease) return;
       if (isItem) onEdit?.(card);
       else if (isFolder) onOpenFolder?.(card.id);
       return;
@@ -156,7 +154,7 @@
 >
   {#if $jiggleMode}
     <button type="button" class="x-btn" aria-label={$t('common.delete')} onclick={onDelete}>
-      ×
+      −
     </button>
   {/if}
 

From abd4fd88df7e7c244ada051735824d661801428b Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 23:32:38 +0800
Subject: [PATCH 36/77] fix(launchpad): auto-close folder panel when dragging a
 child out
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The folder expand panel + its backdrop-blur covers the root grid, so
once the user lifted a card out of the panel they had no way to aim
at a specific destination slot in root — the panel just stayed open
and the drop landed at the end of root via patchCard parentId=null.

Add a new dragGrid option onHoverZoneChange(prev, next) that fires
whenever the cursor's hover zone flips during an active drag. The
home page wires it to: if prev was "folder:<openFolderId>" and next
is "root", set openFolderId = null. The panel unmounts mid-drag, the
root grid is now fully visible, and dragGrid's elementsFromPoint
hit-test naturally starts seeing root cards on the very next tick —
so a precise reorder drop (Branch 2 of handleDrop) just works.

The drag clone lives on document.body and keeps following the
cursor; setPointerCapture is on window listeners, so unmounting the
source cell mid-drag is safe (browser auto-releases capture, no
pointercancel).
---
 web/src/lib/util/dragGrid.ts | 11 +++++++++++
 web/src/routes/+page.svelte  | 13 +++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index c460df6..33b8fda 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -73,6 +73,13 @@ export interface DragGridOptions {
    * pager so a card can be dragged across pages.
    */
   onEdgePan?: (direction: EdgePanDirection) => void;
+  /**
+   * Fires whenever the cursor's current hover zone changes during an
+   * active drag (e.g. user drags from a folder panel out onto the
+   * root grid). Use it to react to "leaving" a zone — like closing
+   * the folder panel when the user starts dragging a card out of it.
+   */
+  onHoverZoneChange?: (prev: string | null, next: string | null) => void;
   /** Called on pointerup. Consumer commits the drop. */
   onDrop?: (info: DragDropInfo) => void;
 }
@@ -321,6 +328,10 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
     const prev = session.hover;
     session.hover = next;
 
+    if (prev.hoverZone !== next.hoverZone) {
+      options.onHoverZoneChange?.(prev.hoverZone, next.hoverZone);
+    }
+
     if (next.intent === 'merge' && next.target) {
       mergeCandidate.set({ id: next.target.id, kind: next.target.kind });
     } else {
diff --git a/web/src/routes/+page.svelte b/web/src/routes/+page.svelte
index 5cb0145..fe82165 100644
--- a/web/src/routes/+page.svelte
+++ b/web/src/routes/+page.svelte
@@ -173,6 +173,18 @@
     else currentPage.next(pageCount - 1);
   }
 
+  /** Auto-close the open folder panel as soon as the user drags one of
+   *  its children out onto the root grid. The panel + backdrop blur was
+   *  obscuring the destination, leaving the user no way to aim at a
+   *  specific root slot. */
+  function onHoverZoneChange(prev: string | null, next: string | null) {
+    if (openFolderId == null) return;
+    const myZone = `folder:${openFolderId}`;
+    if (prev === myZone && next === 'root') {
+      openFolderId = null;
+    }
+  }
+
   /**
    * Compute the new sort_order list for a bucket after inserting `sourceId`
    * at slot `insertAt`. Returns ReorderEntry[] for `/api/cards/reorder`.
@@ -394,6 +406,7 @@
       enabled: $jiggleMode && $sessionStore.authed,
       onSpringLoad,
       onEdgePan,
+      onHoverZoneChange,
       onDrop: handleDrop
     }}
   >

From 0222e1d2651bb4af592d9138631f8ce2a7ca031d Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 23:38:00 +0800
Subject: [PATCH 37/77] fix(launchpad): spring-load only when drag started from
 root
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bug found in server logs:
  reorder_cards entries: (id=20, parent=Some(3), sort=0), ...
The user lifted card 20 out of folder 26, the home panel auto-closed
on entering root (previous fix), but as the cursor crossed root on
its way to a target slot it lingered ~500ms over folder 3 — spring-
load fired, folder 3 popped open under the drag, and the release
landed *inside* folder 3 instead of in root.

Constrain spring-load to drags whose source.zone === 'root'. Once
the user has committed to "drag this child out of folder A", another
folder shouldn't be allowed to auto-grab it on the way past. Cross-
folder moves are still expressible: release into root, then drag
from root into folder B (root sources still spring-load normally).

The handleDrop branch for "drop directly on a folder card with merge
intent" (item-on-folder reparent) still works regardless of source —
spring-load was just the dwell-to-open behavior, not the on-release
behavior.
---
 web/src/lib/util/dragGrid.ts | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index 33b8fda..080d395 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -338,8 +338,17 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
       mergeCandidate.set(null);
     }
 
+    // Spring-load opens a folder under the cursor when the user is
+    // hovering it with merge intent. Restrict it to drags that started
+    // from root: once the user has lifted a card out of folder A, them
+    // brushing past folder B on the way to a root slot should NOT
+    // auto-open B and capture the drop. Cross-folder moves can still
+    // be done by releasing into root first, then re-dragging into B.
     const isSpringTarget =
-      next.intent === 'merge' && next.target?.kind === 'folder' && next.target.id != null;
+      next.intent === 'merge' &&
+      next.target?.kind === 'folder' &&
+      next.target.id != null &&
+      session.source.zone === 'root';
     const sameTarget = prev.target?.id === next.target?.id && prev.intent === next.intent;
     if (!sameTarget) cancelDwell();
     if (isSpringTarget && session.dwellTargetId !== next.target!.id) {

From bc52e481b1d022fc786d7d1821c33d7001c11ed3 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 23:44:27 +0800
Subject: [PATCH 38/77] fix(launchpad): dragGrid only attaches to the main
 card/folder button
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two reported regressions had the same root cause. The cell wraps
several buttons (the main .card / .folder, the delete −, and in
jiggle the rename label too). dragGrid was happy to start a drag
session on any pointerdown that landed inside the cell — including
on those inner buttons. The session's onPointerDown calls
preventDefault, which on some browsers suppresses the synthetic
click that follows on a short tap, so:

- Tapping a folder's name label in jiggle did nothing — startRename
  never fired.
- The hover-zone close logic was correctly close-firing for normal
  drags, but a quick tap-and-release on the inner button was
  starting and finishing a tiny "drag session" that confused the
  flow elsewhere.

Restrict cellFromEvent to events whose target is inside the .card
or .folder button (or the <img> within). pointerdown on the delete
button, the rename label, or any future inner control falls through
to its own click handler — no drag session, no preventDefault.

Also drop the temporary console.log added while diagnosing.
---
 web/src/lib/util/dragGrid.ts | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index 080d395..cf5dd06 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -142,7 +142,15 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
 
   function cellFromEvent(e: PointerEvent): HTMLElement | null {
     if (!(e.target instanceof Element)) return null;
-    const cell = e.target.closest('[data-card-id]');
+    // Only the main .card / .folder button (or its <img> child) starts a
+    // drag. Other buttons inside the cell — the delete −, the rename
+    // label, the rename input — want their own click semantics, so we
+    // bail here. Without this guard pointerdown on those controls would
+    // start a drag session and the preventDefault() that follows
+    // suppresses their click.
+    const handle = e.target.closest('button.card, button.folder');
+    if (!handle) return null;
+    const cell = handle.closest('[data-card-id]');
     if (!(cell instanceof HTMLElement)) return null;
     if (!node.contains(cell)) return null;
     return cell;

From 87fad6588cb924516423b1cdf586bb5d27a0195a Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Mon, 25 May 2026 23:55:22 +0800
Subject: [PATCH 39/77] fix(launchpad): folder name in home grid is no longer
 editable

Per user request: rename should only be reachable from inside the
opened folder panel (the floating title above the panel). The
home-grid folder label is now a plain <span> like an item label.

Drop the rename state, the start/commit/cancel handlers, the
patchCard import, and the .label.rename / .rename-input styles.
---
 web/src/lib/components/Nav/Card.svelte | 69 +-------------------------
 1 file changed, 2 insertions(+), 67 deletions(-)

diff --git a/web/src/lib/components/Nav/Card.svelte b/web/src/lib/components/Nav/Card.svelte
index 6b2c531..92006c0 100644
--- a/web/src/lib/components/Nav/Card.svelte
+++ b/web/src/lib/components/Nav/Card.svelte
@@ -5,7 +5,7 @@
   import { t } from '$lib/i18n/store';
   import { longPress } from '$lib/util/longPress';
   import { navDataStore } from '$lib/stores/navData';
-  import { deleteCard, patchCard } from '$lib/api/cards';
+  import { deleteCard } from '$lib/api/cards';
   import { toast } from '$lib/components/ui/toast';
   import { mergeCandidate } from '$lib/stores/dragMerge';
 
@@ -84,44 +84,6 @@
     }
   }
 
-  let renaming = $state(false);
-  let renameValue = $state('');
-  // Guard against onblur firing a second commit right after Enter — the
-  // input unmounts in the same tick but onblur still arrives. A second
-  // concurrent PATCH races the first for the SQLite write lock and 500s.
-  let committing = $state(false);
-
-  function startRename(e: MouseEvent) {
-    e.stopPropagation();
-    if (!isFolder) return;
-    renaming = true;
-    renameValue = card.name;
-  }
-
-  async function commitRename() {
-    if (committing) return;
-    committing = true;
-    const next = renameValue.trim();
-    renaming = false;
-    try {
-      if (next && next !== card.name) {
-        const updated = await patchCard(card.id, { name: next });
-        navDataStore.applyCardPatch(card.id, { name: updated.name });
-      }
-    } catch {
-      toast.error($t('error.unknown'));
-      navDataStore.refetch();
-    } finally {
-      committing = false;
-    }
-  }
-
-  function cancelRename() {
-    // Reset the buffer so the trailing onblur sees "unchanged" and no-ops.
-    renameValue = card.name;
-    renaming = false;
-  }
-
   async function onDelete(e: MouseEvent) {
     e.stopPropagation();
     if (isFolder) {
@@ -184,23 +146,7 @@
     </button>
   {/if}
 
-  {#if isFolder && $jiggleMode && renaming}
-    <!-- svelte-ignore a11y_autofocus -->
-    <input
-      class="rename-input"
-      bind:value={renameValue}
-      onkeydown={(e) => {
-        if (e.key === 'Enter') commitRename();
-        else if (e.key === 'Escape') cancelRename();
-      }}
-      onblur={commitRename}
-      autofocus
-    />
-  {:else if isFolder && $jiggleMode}
-    <button type="button" class="label rename" onclick={startRename}>{card.name}</button>
-  {:else}
-    <span class="label">{card.name}</span>
-  {/if}
+  <span class="label">{card.name}</span>
 </div>
 
 <style lang="scss">
@@ -377,17 +323,6 @@
     border: 0;
     padding: 0;
   }
-  .label.rename {
-    cursor: text;
-  }
-  .rename-input {
-    font-size: 14px;
-    text-align: center;
-    width: 110px;
-    border: 1px solid var(--c-border, #999);
-    border-radius: 6px;
-    padding: 2px 6px;
-  }
   @media (max-width: 500px) {
     .cell {
       width: 72px;

From e447d9dda7c78e1b0b2d18a8c155aeddba40fe52 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 00:22:43 +0800
Subject: [PATCH 40/77] fix(launchpad): auto-close folder panel reliably when
 dragging out
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The previous condition only fired the auto-close when hoverZone
transitioned `folder:N` → `'root'`. That covered the case where the
cursor lands directly on a root card, but missed the much more common
case where the cursor is on the panel's backdrop blur with no root
card under it (panel covers the central area where most root cards
sit). In that state hoverZone goes to null and the close never fires —
panel stays up, blocking the destination.

Fix in two parts:

  - InlineFolderExpand: hoist data-zone="folder:N" from the inner
    grid up to the .wrap (the fixed positioned panel container), so
    the entire visual panel rect — including the .expand padding ring
    and the title row — registers as the open folder zone. Cards
    inside still resolve their own zone via the closer .grid ancestor,
    so cell zone identification is unchanged.

  - +page.svelte onHoverZoneChange: relax the close condition from
    `next === 'root'` to `next !== myZone`. Now any zone change away
    from the open folder closes the panel — covers both the root-card
    landing and the backdrop-blank case.
---
 .../lib/components/Nav/InlineFolderExpand.svelte   |  8 +++++++-
 web/src/routes/+page.svelte                        | 14 +++++++++++---
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/web/src/lib/components/Nav/InlineFolderExpand.svelte b/web/src/lib/components/Nav/InlineFolderExpand.svelte
index e2b39db..994a545 100644
--- a/web/src/lib/components/Nav/InlineFolderExpand.svelte
+++ b/web/src/lib/components/Nav/InlineFolderExpand.svelte
@@ -104,7 +104,13 @@
     if (!$dragSource) onClose();
   }}
 ></div>
-<div class="wrap">
+<!-- data-zone covers the whole visual panel rect so dragGrid's hoverZone
+     stays "folder:<id>" while the cursor is anywhere inside the panel
+     (including .expand padding and the title row), not just over the
+     inner grid. Without this, a cursor in the panel-padding ring would
+     read as null/outOfZone and the +page.svelte onHoverZoneChange
+     handler would tear the panel down mid-gesture. -->
+<div class="wrap" data-zone={zoneId}>
   {#if renaming}
     <!-- svelte-ignore a11y_autofocus -->
     <input
diff --git a/web/src/routes/+page.svelte b/web/src/routes/+page.svelte
index fe82165..cf2c348 100644
--- a/web/src/routes/+page.svelte
+++ b/web/src/routes/+page.svelte
@@ -174,13 +174,21 @@
   }
 
   /** Auto-close the open folder panel as soon as the user drags one of
-   *  its children out onto the root grid. The panel + backdrop blur was
+   *  its children out of the panel rect. The panel + backdrop blur was
    *  obscuring the destination, leaving the user no way to aim at a
-   *  specific root slot. */
+   *  specific root slot.
+   *
+   *  We accept any next zone other than the open folder's own — that
+   *  covers both `next === 'root'` (cursor landed on a root card) and
+   *  `next === null` (cursor on the backdrop blur with no card under).
+   *  The folder panel's .wrap carries data-zone="folder:<id>", so a
+   *  cursor still inside the panel — including its .expand padding ring
+   *  or the title row above — keeps reading as the open folder zone and
+   *  doesn't trip this handler. */
   function onHoverZoneChange(prev: string | null, next: string | null) {
     if (openFolderId == null) return;
     const myZone = `folder:${openFolderId}`;
-    if (prev === myZone && next === 'root') {
+    if (prev === myZone && next !== myZone) {
       openFolderId = null;
     }
   }

From 004b315e8f4f578e5358cd3c9b70c71448f8f194 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 00:22:55 +0800
Subject: [PATCH 41/77] fix(launchpad): don't spring-load when source is a
 folder

Spring-load opens a folder under the cursor on hover-with-merge-intent
during an active drag. The previous gate only required source.zone
=== 'root', which let folder-on-folder hovers also spring-load the
target. That's never useful: handleDrop already coerces every
folder-source merge into a reorder (folders can't be nested inside
other folders) or rejects it, so opening the target folder just hides
the destination slot from view mid-drag.

Add `source.kind === 'item'` to the gate. Item-on-folder still
spring-loads (the legitimate "drop inside" case); folder-on-anything
goes straight to before/after reorder.
---
 web/src/lib/util/dragGrid.ts | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index cf5dd06..734b355 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -347,15 +347,22 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
     }
 
     // Spring-load opens a folder under the cursor when the user is
-    // hovering it with merge intent. Restrict it to drags that started
-    // from root: once the user has lifted a card out of folder A, them
-    // brushing past folder B on the way to a root slot should NOT
-    // auto-open B and capture the drop. Cross-folder moves can still
-    // be done by releasing into root first, then re-dragging into B.
+    // hovering it with merge intent. Restrict it to:
+    //   - source.kind === 'item': folders can't be nested inside other
+    //     folders, so dragging a folder onto another folder is only ever
+    //     a reorder gesture in handleDrop — opening the target folder
+    //     just hides the destination slot from view. Same for
+    //     folder-on-item: there's no merge semantic, only reorder.
+    //   - source.zone === 'root': once the user has lifted a card out
+    //     of folder A, them brushing past folder B on the way to a root
+    //     slot should NOT auto-open B and capture the drop. Cross-folder
+    //     moves can still be done by releasing into root first, then
+    //     re-dragging into B.
     const isSpringTarget =
       next.intent === 'merge' &&
       next.target?.kind === 'folder' &&
       next.target.id != null &&
+      session.source.kind === 'item' &&
       session.source.zone === 'root';
     const sameTarget = prev.target?.id === next.target?.id && prev.intent === next.intent;
     if (!sameTarget) cancelDwell();

From 369afc471ddcc6a81325991293eb980efd008ed6 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 00:23:09 +0800
Subject: [PATCH 42/77] fix(launchpad): swallow trailing click after
 long-press, regardless of hold duration
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

f6f3ef3 used a 350 ms time window after `jiggleEnteredAt` to decide
whether a click was "the long-press release" (no-op) or a fresh
click-while-in-jiggle (open folder / pop edit dialog). That works
when the user releases shortly after entering jiggle, but anything
beyond 950 ms total hold falls outside the window — so a long
hold-then-release would enter jiggle AND immediately open the folder
or the item editor on release. Same bug for both kinds of card.

Replace the time-window heuristic with a flag in the longPress action
itself. When the long-press timer fires, set `consumeNextClick = true`
and install a one-shot capture-phase click listener on the action
node. The listener stopImmediatePropagation()s the next click so the
inner button's bubble-phase onclick never sees it. The flag is reset
on every fresh pointerdown, so a real tap after a drag-canceled
long-press still works.

Also drop the now-unused jiggleEnteredAt store and the time-window
constant in Card.svelte.
---
 web/src/lib/components/Nav/Card.svelte | 19 +++++------------
 web/src/lib/stores/jiggle.ts           |  9 ---------
 web/src/lib/util/longPress.ts          | 28 ++++++++++++++++++++++++++
 3 files changed, 33 insertions(+), 23 deletions(-)

diff --git a/web/src/lib/components/Nav/Card.svelte b/web/src/lib/components/Nav/Card.svelte
index 92006c0..55b38e0 100644
--- a/web/src/lib/components/Nav/Card.svelte
+++ b/web/src/lib/components/Nav/Card.svelte
@@ -1,7 +1,7 @@
 <script lang="ts">
   import type { Card } from '$lib/types/card';
   import { currentSite } from '$lib/stores/visible';
-  import { jiggleMode, jiggleEnteredAt } from '$lib/stores/jiggle';
+  import { jiggleMode } from '$lib/stores/jiggle';
   import { t } from '$lib/i18n/store';
   import { longPress } from '$lib/util/longPress';
   import { navDataStore } from '$lib/stores/navData';
@@ -42,21 +42,12 @@
     }
   }
 
-  /** ms grace window after entering jiggle, during which a click on the
-   *  same card is treated as the long-press release (no-op) rather than
-   *  a fresh "edit me" click. */
-  const POST_LONGPRESS_GRACE_MS = 350;
-
   function open() {
+    // The trailing click after the long-press that entered jiggle is
+    // swallowed in the longPress action itself (capture-phase eater),
+    // so by the time `open` runs we know this is either: a tap from
+    // outside jiggle, or a deliberate click while already in jiggle.
     if ($jiggleMode) {
-      // The long-press that entered jiggle ends with a pointerup that
-      // we also see as a click on the source card. Inside the grace
-      // window suppress *any* effect — neither open the folder nor
-      // pop the editor. The user's intent was "switch to edit mode",
-      // not "edit/open this card too".
-      const sinceEnter = Date.now() - $jiggleEnteredAt;
-      const isLongPressRelease = sinceEnter < POST_LONGPRESS_GRACE_MS;
-      if (isLongPressRelease) return;
       if (isItem) onEdit?.(card);
       else if (isFolder) onOpenFolder?.(card.id);
       return;
diff --git a/web/src/lib/stores/jiggle.ts b/web/src/lib/stores/jiggle.ts
index c0a2330..5c95a5f 100644
--- a/web/src/lib/stores/jiggle.ts
+++ b/web/src/lib/stores/jiggle.ts
@@ -6,11 +6,6 @@ import { sessionStore } from './session';
 
 const { subscribe, set } = writable<boolean>(false);
 
-// Wall-clock timestamp of the most recent enter(). Cards read this to
-// distinguish "long-press release on the same card" (no-op) from a
-// genuine click while already in jiggle (edit dialog) — see Card.svelte.
-const enteredAtStore = writable<number>(0);
-
 let escAttached = false;
 
 function attachEscOnce() {
@@ -25,8 +20,6 @@ function attachEscOnce() {
 
 attachEscOnce();
 
-export const jiggleEnteredAt = { subscribe: enteredAtStore.subscribe };
-
 export const jiggleMode = {
   subscribe,
   /**
@@ -38,12 +31,10 @@ export const jiggleMode = {
     const session = get(sessionStore);
     if (!session.authed) return false;
     set(true);
-    enteredAtStore.set(Date.now());
     return true;
   },
   exit() {
     set(false);
-    enteredAtStore.set(0);
   },
   /** Test-only: read sync. */
   _peek: () => get({ subscribe })
diff --git a/web/src/lib/util/longPress.ts b/web/src/lib/util/longPress.ts
index 8974aff..063e4fb 100644
--- a/web/src/lib/util/longPress.ts
+++ b/web/src/lib/util/longPress.ts
@@ -3,6 +3,17 @@
 //
 // Usage in a Svelte 5 component:
 //   <div use:longPress={{ onTrigger: handleLongPress }}>...</div>
+//
+// Click suppression: once the long-press timer fires, the trailing
+// `click` event that the browser dispatches on the next pointerup is
+// swallowed. Without this, a stationary long-press would both fire
+// `onTrigger` AND, on release, fire a click that the inner button's
+// onclick handler interprets as a normal tap — opening the folder /
+// popping an edit dialog right after the user just entered jiggle.
+// The eater is a one-shot capture-phase listener on `node`, so it
+// runs before the inner button's bubble-phase onclick and stops the
+// event there. It auto-disarms on the next pointerdown so a real tap
+// after a drag-canceled long-press still works.
 
 export interface LongPressOptions {
   onTrigger: (e: PointerEvent) => void;
@@ -16,6 +27,7 @@ export function longPress(node: HTMLElement, options: LongPressOptions) {
   let startX = 0;
   let startY = 0;
   let activeEvent: PointerEvent | null = null;
+  let consumeNextClick = false;
 
   function clear() {
     if (timer) {
@@ -25,12 +37,26 @@ export function longPress(node: HTMLElement, options: LongPressOptions) {
     activeEvent = null;
   }
 
+  function onClick(e: MouseEvent) {
+    if (!consumeNextClick) return;
+    consumeNextClick = false;
+    // stopImmediatePropagation also stops same-target same-phase
+    // listeners — the inner button's bubble-phase onclick won't fire.
+    e.stopImmediatePropagation();
+    e.preventDefault();
+  }
+
   function onPointerDown(e: PointerEvent) {
+    // A new gesture starts. Drop any leftover suppression flag from a
+    // previous long-press whose trailing click never materialised
+    // (e.g. drag took over and the browser canceled the click).
+    consumeNextClick = false;
     activeEvent = e;
     startX = e.clientX;
     startY = e.clientY;
     timer = setTimeout(() => {
       if (activeEvent) {
+        consumeNextClick = true;
         opts.onTrigger(activeEvent);
       }
       timer = null;
@@ -56,6 +82,7 @@ export function longPress(node: HTMLElement, options: LongPressOptions) {
   }
 
   node.addEventListener('pointerdown', onPointerDown);
+  node.addEventListener('click', onClick, { capture: true });
   window.addEventListener('pointermove', onPointerMove);
   window.addEventListener('pointerup', onPointerUp);
   window.addEventListener('pointercancel', onPointerCancel);
@@ -67,6 +94,7 @@ export function longPress(node: HTMLElement, options: LongPressOptions) {
     destroy() {
       clear();
       node.removeEventListener('pointerdown', onPointerDown);
+      node.removeEventListener('click', onClick, { capture: true });
       window.removeEventListener('pointermove', onPointerMove);
       window.removeEventListener('pointerup', onPointerUp);
       window.removeEventListener('pointercancel', onPointerCancel);

From 72e3d6e341924667301427a0c986f33f2446bd00 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 11:39:20 +0800
Subject: [PATCH 43/77] refactor(launchpad): extend MergeCandidate with phase
 and add cellShifts store

Foundation for dwell-gated merge: store now distinguishes 'armed' vs
'ready' phases of merge intent, and a new cellShifts store carries
per-card translation deltas for reorder preview. No behavior change yet.
---
 web/src/lib/stores/dragMerge.ts | 38 +++++++++++++++++++--------------
 web/src/lib/util/dragGrid.ts    | 14 +++++++++---
 2 files changed, 33 insertions(+), 19 deletions(-)

diff --git a/web/src/lib/stores/dragMerge.ts b/web/src/lib/stores/dragMerge.ts
index 6efc6c9..3b232d1 100644
--- a/web/src/lib/stores/dragMerge.ts
+++ b/web/src/lib/stores/dragMerge.ts
@@ -1,27 +1,33 @@
-// Visual stores for the LaunchPad drag interaction.
-//
-// The actual hit-testing / dwell / clone-following logic lives in
-// `$lib/util/dragGrid.ts` (a Svelte action attached to the grid
-// container). This file is now just a pair of stores the action writes
-// to and consumers read from for visual feedback.
+import { writable } from 'svelte/store';
+import type { CardKind } from '$lib/util/dragGrid';
+
+// Visual feedback during a drag session.
 //
-//   - dragSource:     set on lift, cleared on drop. Useful for cursor
-//                     theming (`grabbing`) and disabling stray clicks.
+//   - dragSource: { id, kind } of the card currently being dragged. Set
+//                 the moment the drag is "lifted" (cursor moved past
+//                 LIFT_THRESHOLD_PX); cleared when the gesture ends.
 //   - mergeCandidate: set whenever the cursor's drop intent on a target
-//                     is `merge`; cleared otherwise. Used to apply the
-//                     `.merge-target` halo on the target Card cell.
+//                     would be a merge. Card.svelte uses this to render
+//                     the `.merge-armed` (faint) or `.merge-ready`
+//                     (full) halo on the target Card cell.
+//   - cellShifts: per-card translation in pixels driven by reorder
+//                 preview. Card.svelte applies these as
+//                 `transform: translate(dx px, dy px)` on the cell.
+//                 An entry of {dx:0,dy:0} or no entry means no shift.
 
-import { writable } from 'svelte/store';
+export type MergePhase = 'armed' | 'ready';
 
-export interface DragSource {
+export interface MergeCandidate {
   id: number;
-  kind: 'folder' | 'item';
+  kind: CardKind;
+  phase: MergePhase;
 }
 
-export interface MergeCandidate {
+export interface DragSourceMeta {
   id: number;
-  kind: 'folder' | 'item';
+  kind: CardKind;
 }
 
-export const dragSource = writable<DragSource | null>(null);
+export const dragSource = writable<DragSourceMeta | null>(null);
 export const mergeCandidate = writable<MergeCandidate | null>(null);
+export const cellShifts = writable<Map<number, { dx: number; dy: number }>>(new Map());
diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index 734b355..9be8085 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -85,8 +85,13 @@ export interface DragGridOptions {
 }
 
 const LIFT_THRESHOLD_PX = 5;
-const MERGE_INNER_FRACTION = 0.6; // inner 60% of card → merge
-const HOVER_DWELL_MS = 500;
+const MERGE_INNER_FRACTION = 0.5; // tighter (was 0.6) — dwell-gated, can be smaller
+const MERGE_ARM_MS = 200;          // arm fires (release ≥ here = merge)
+const MERGE_READY_MS = 600;        // ready halo strengthens
+const MERGE_CANCEL_MOVE_PX = 8;    // jitter tolerance during pre-arm
+const SHIFT_DURATION_MS = 220;
+// SHIFT_EASE is exposed via CSS variable on Card.svelte; not needed here
+const HOVER_DWELL_MS = 500;        // existing spring-load (unchanged)
 const EDGE_PAN_THRESHOLD_PX = 80;
 const EDGE_PAN_DWELL_MS = 600;
 const EDGE_PAN_INTERVAL_MS = 800;
@@ -341,7 +346,10 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
     }
 
     if (next.intent === 'merge' && next.target) {
-      mergeCandidate.set({ id: next.target.id, kind: next.target.kind });
+      // Phase is set to 'ready' here to preserve pre-change behavior;
+      // Task 5 (Wire dwell in applyHover) replaces this with the real
+      // armed/ready transition.
+      mergeCandidate.set({ id: next.target.id, kind: next.target.kind, phase: 'ready' });
     } else {
       mergeCandidate.set(null);
     }

From 5f022d2e3b8883ef1f23138bdeb7beba03c5e7fe Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 11:51:55 +0800
Subject: [PATCH 44/77] feat(launchpad): pure computeShifts function with unit
 tests

Per-card translation map for reorder preview. Same-zone shifts cards
between source and drop indexes; cross-zone closes source's gap and
opens a target slot. Returns empty when merge intent is committed.
---
 web/src/lib/util/dragGrid.test.ts | 168 ++++++++++++++++++++++++++++++
 web/src/lib/util/dragGrid.ts      | 110 ++++++++++++++++++-
 2 files changed, 274 insertions(+), 4 deletions(-)
 create mode 100644 web/src/lib/util/dragGrid.test.ts

diff --git a/web/src/lib/util/dragGrid.test.ts b/web/src/lib/util/dragGrid.test.ts
new file mode 100644
index 0000000..453ba8c
--- /dev/null
+++ b/web/src/lib/util/dragGrid.test.ts
@@ -0,0 +1,168 @@
+import { describe, it, expect } from 'vitest';
+import { computeShifts, type SlotRect } from './dragGrid';
+
+// vitest runs in node env (no jsdom/happy-dom installed); the action's
+// type signatures use DOMRect, but computeShifts only reads .left/.top.
+// Provide a minimal polyfill so the test rect literals compile and run.
+if (typeof globalThis.DOMRect === 'undefined') {
+  class DOMRectPolyfill {
+    x: number;
+    y: number;
+    width: number;
+    height: number;
+    constructor(x = 0, y = 0, width = 0, height = 0) {
+      this.x = x;
+      this.y = y;
+      this.width = width;
+      this.height = height;
+    }
+    get left() {
+      return this.x;
+    }
+    get top() {
+      return this.y;
+    }
+    get right() {
+      return this.x + this.width;
+    }
+    get bottom() {
+      return this.y + this.height;
+    }
+    toJSON() {
+      return {
+        x: this.x,
+        y: this.y,
+        width: this.width,
+        height: this.height,
+        left: this.left,
+        top: this.top,
+        right: this.right,
+        bottom: this.bottom
+      };
+    }
+  }
+  // @ts-expect-error - polyfill for node test env
+  globalThis.DOMRect = DOMRectPolyfill;
+}
+
+// Helper: build a fake bucket of N slots laid out in one row.
+//   slot i has rect {left: i*100, top: 0, width: 80, height: 80}
+function row(n: number, zone = 'root', idBase = 1000): SlotRect[] {
+  const out: SlotRect[] = [];
+  for (let i = 0; i < n; i++) {
+    const left = i * 100;
+    out.push({
+      zone,
+      logicalIdx: i,
+      cardId: idBase + i,
+      rect: new DOMRect(left, 0, 80, 80)
+    });
+  }
+  return out;
+}
+
+describe('computeShifts — same zone', () => {
+  it('returns empty map when source and drop are at same index (no-op)', () => {
+    const bucket = row(5);
+    const out = computeShifts({
+      sourceZone: 'root',
+      sourceCardId: 1001, // c1 at idx 1
+      sourceLogicalIdx: 1,
+      targetZone: 'root',
+      dropIdx: 1,
+      buckets: { root: bucket },
+      mergeCollapse: false
+    });
+    expect(out.size).toBe(0);
+  });
+
+  it('shifts cards in (srcIdx, dropIdx] left by 1 when moving forward', () => {
+    // src=c1 at idx 1, drop at idx 3: cards at idx 2, 3 shift left by one cell
+    const bucket = row(5);
+    const out = computeShifts({
+      sourceZone: 'root',
+      sourceCardId: 1001,
+      sourceLogicalIdx: 1,
+      targetZone: 'root',
+      dropIdx: 3,
+      buckets: { root: bucket },
+      mergeCollapse: false
+    });
+    expect(out.get(1002)).toEqual({ dx: -100, dy: 0 }); // c2
+    expect(out.get(1003)).toEqual({ dx: -100, dy: 0 }); // c3
+    expect(out.get(1000)).toBeUndefined(); // c0 unchanged
+    expect(out.get(1004)).toBeUndefined(); // c4 unchanged
+    expect(out.get(1001)).toBeUndefined(); // src never shifted
+  });
+
+  it('shifts cards in [dropIdx, srcIdx) right by 1 when moving backward', () => {
+    // src=c3 at idx 3, drop at idx 1: cards at idx 1, 2 shift right by one cell
+    const bucket = row(5);
+    const out = computeShifts({
+      sourceZone: 'root',
+      sourceCardId: 1003,
+      sourceLogicalIdx: 3,
+      targetZone: 'root',
+      dropIdx: 1,
+      buckets: { root: bucket },
+      mergeCollapse: false
+    });
+    expect(out.get(1001)).toEqual({ dx: 100, dy: 0 });
+    expect(out.get(1002)).toEqual({ dx: 100, dy: 0 });
+    expect(out.get(1000)).toBeUndefined();
+    expect(out.get(1004)).toBeUndefined();
+  });
+
+  it('returns empty map when mergeCollapse is true', () => {
+    const bucket = row(5);
+    const out = computeShifts({
+      sourceZone: 'root',
+      sourceCardId: 1001,
+      sourceLogicalIdx: 1,
+      targetZone: 'root',
+      dropIdx: 3,
+      buckets: { root: bucket },
+      mergeCollapse: true
+    });
+    expect(out.size).toBe(0);
+  });
+});
+
+describe('computeShifts — cross zone', () => {
+  it('closes source zone gap and opens target zone slot', () => {
+    const root = row(4, 'root', 1000); // ids 1000..1003
+    const folder = row(3, 'folder:5', 2000); // ids 2000..2002
+    const out = computeShifts({
+      sourceZone: 'root',
+      sourceCardId: 1002,
+      sourceLogicalIdx: 2,
+      targetZone: 'folder:5',
+      dropIdx: 1,
+      buckets: { root, 'folder:5': folder },
+      mergeCollapse: false
+    });
+    // Source zone close: c3 → -1 slot
+    expect(out.get(1003)).toEqual({ dx: -100, dy: 0 });
+    expect(out.get(1000)).toBeUndefined();
+    expect(out.get(1001)).toBeUndefined();
+    // Target zone open: idx ≥ 1 shifted +1
+    expect(out.get(2001)).toEqual({ dx: 100, dy: 0 });
+    expect(out.get(2002)).toEqual({ dx: 100, dy: 0 });
+    expect(out.get(2000)).toBeUndefined();
+  });
+
+  it('closes source zone gap (no target shifts when target zone empty)', () => {
+    const root = row(4, 'root', 1000);
+    const folder: SlotRect[] = [];
+    const out = computeShifts({
+      sourceZone: 'root',
+      sourceCardId: 1003,
+      sourceLogicalIdx: 3,
+      targetZone: 'folder:5',
+      dropIdx: 0,
+      buckets: { root, 'folder:5': folder },
+      mergeCollapse: false
+    });
+    expect(out.size).toBe(0); // nothing after idx 3 in src; target empty
+  });
+});
diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index 9be8085..c26c87f 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -86,12 +86,12 @@ export interface DragGridOptions {
 
 const LIFT_THRESHOLD_PX = 5;
 const MERGE_INNER_FRACTION = 0.5; // tighter (was 0.6) — dwell-gated, can be smaller
-const MERGE_ARM_MS = 200;          // arm fires (release ≥ here = merge)
-const MERGE_READY_MS = 600;        // ready halo strengthens
-const MERGE_CANCEL_MOVE_PX = 8;    // jitter tolerance during pre-arm
+const MERGE_ARM_MS = 200; // arm fires (release ≥ here = merge)
+const MERGE_READY_MS = 600; // ready halo strengthens
+const MERGE_CANCEL_MOVE_PX = 8; // jitter tolerance during pre-arm
 const SHIFT_DURATION_MS = 220;
 // SHIFT_EASE is exposed via CSS variable on Card.svelte; not needed here
-const HOVER_DWELL_MS = 500;        // existing spring-load (unchanged)
+const HOVER_DWELL_MS = 500; // existing spring-load (unchanged)
 const EDGE_PAN_THRESHOLD_PX = 80;
 const EDGE_PAN_DWELL_MS = 600;
 const EDGE_PAN_INTERVAL_MS = 800;
@@ -99,6 +99,108 @@ const CLONE_OPACITY = 0.88;
 const CLONE_LIFT_SCALE = 1.05;
 const CLONE_ID = '__draggrid_clone__';
 
+export interface SlotRect {
+  zone: string; // 'root' | `folder:${number}`
+  logicalIdx: number;
+  cardId: number;
+  rect: DOMRect;
+}
+
+export interface ComputeShiftsInput {
+  sourceZone: string;
+  sourceCardId: number;
+  sourceLogicalIdx: number;
+  targetZone: string;
+  /** Logical index in targetZone where the source would land. */
+  dropIdx: number;
+  /** Maps zone name to its full snapshot, sorted by logicalIdx. */
+  buckets: Record<string, SlotRect[]>;
+  /** When true (merge armed/ready or folder target), all shifts collapse. */
+  mergeCollapse: boolean;
+}
+
+/**
+ * Per-card translation (dx, dy) needed to render reorder preview.
+ * Pure: returns the same output for the same input. Skips the source
+ * card. Returns an entry only if the card needs a non-zero translation.
+ */
+export function computeShifts(input: ComputeShiftsInput): Map<number, { dx: number; dy: number }> {
+  const result = new Map<number, { dx: number; dy: number }>();
+  if (input.mergeCollapse) return result;
+
+  const { sourceZone, sourceCardId, sourceLogicalIdx, targetZone, dropIdx, buckets } = input;
+
+  if (sourceZone === targetZone) {
+    const bucket = buckets[targetZone] ?? [];
+    if (sourceLogicalIdx === dropIdx) return result;
+    for (const slot of bucket) {
+      if (slot.cardId === sourceCardId) continue;
+      const i = slot.logicalIdx;
+      let newIdx = i;
+      if (sourceLogicalIdx < dropIdx && i > sourceLogicalIdx && i <= dropIdx) {
+        newIdx = i - 1;
+      } else if (sourceLogicalIdx > dropIdx && i >= dropIdx && i < sourceLogicalIdx) {
+        newIdx = i + 1;
+      }
+      if (newIdx === i) continue;
+      const targetSlot = bucket.find((s) => s.logicalIdx === newIdx);
+      if (!targetSlot) continue;
+      result.set(slot.cardId, {
+        dx: targetSlot.rect.left - slot.rect.left,
+        dy: targetSlot.rect.top - slot.rect.top
+      });
+    }
+    return result;
+  }
+
+  // Cross-zone: close source gap; open target slot.
+  const srcBucket = buckets[sourceZone] ?? [];
+  for (const slot of srcBucket) {
+    if (slot.cardId === sourceCardId) continue;
+    const i = slot.logicalIdx;
+    if (i <= sourceLogicalIdx) continue;
+    const newIdx = i - 1;
+    const targetSlot = srcBucket.find((s) => s.logicalIdx === newIdx);
+    if (!targetSlot) continue;
+    result.set(slot.cardId, {
+      dx: targetSlot.rect.left - slot.rect.left,
+      dy: targetSlot.rect.top - slot.rect.top
+    });
+  }
+
+  const tgtBucket = buckets[targetZone] ?? [];
+  for (const slot of tgtBucket) {
+    const i = slot.logicalIdx;
+    if (i < dropIdx) continue;
+    const newIdx = i + 1;
+    // newIdx may be == bucket.length (extrapolated). Use cellAdvance.
+    const targetSlot = tgtBucket.find((s) => s.logicalIdx === newIdx);
+    let dx: number;
+    let dy: number;
+    if (targetSlot) {
+      dx = targetSlot.rect.left - slot.rect.left;
+      dy = targetSlot.rect.top - slot.rect.top;
+    } else {
+      // Extrapolate using the per-step advance from this bucket.
+      const adv = cellAdvance(tgtBucket);
+      if (!adv) continue;
+      dx = adv.dx;
+      dy = adv.dy;
+    }
+    result.set(slot.cardId, { dx, dy });
+  }
+  return result;
+}
+
+/** Per-step displacement vector between consecutive slot rects in a zone. */
+export function cellAdvance(bucket: SlotRect[]): { dx: number; dy: number } | null {
+  if (bucket.length < 2) return null;
+  const a = bucket.find((s) => s.logicalIdx === 0)?.rect;
+  const b = bucket.find((s) => s.logicalIdx === 1)?.rect;
+  if (!a || !b) return null;
+  return { dx: b.left - a.left, dy: b.top - a.top };
+}
+
 interface DragSession {
   sourceCell: HTMLElement;
   source: CardMeta;

From b2590cc78d8ca03cb0dbe891ba041b7cab05fa24 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 11:58:04 +0800
Subject: [PATCH 45/77] test(launchpad): cover computeShifts cellAdvance
 extrapolation and guard negative sourceLogicalIdx

- Add explicit test for the cross-zone extrapolation path (last card
  shifting past tgtBucket.length).
- Add early return when sourceLogicalIdx < 0 (defensive against
  pre-lift session sentinel).
- Add a test for the new guard.
---
 web/src/lib/util/dragGrid.test.ts | 36 +++++++++++++++++++++++++++++++
 web/src/lib/util/dragGrid.ts      |  3 +++
 2 files changed, 39 insertions(+)

diff --git a/web/src/lib/util/dragGrid.test.ts b/web/src/lib/util/dragGrid.test.ts
index 453ba8c..f650013 100644
--- a/web/src/lib/util/dragGrid.test.ts
+++ b/web/src/lib/util/dragGrid.test.ts
@@ -126,6 +126,23 @@ describe('computeShifts — same zone', () => {
     });
     expect(out.size).toBe(0);
   });
+
+  it('returns empty when sourceLogicalIdx is negative (defensive)', () => {
+    // -1 sentinel means the source isn't in any bucket cache yet (e.g.
+    // pointerdown registered before the layout snapshot caught up).
+    // computeShifts must not produce nonsensical shifts in that state.
+    const bucket = row(5);
+    const out = computeShifts({
+      sourceZone: 'root',
+      sourceCardId: 9999,
+      sourceLogicalIdx: -1,
+      targetZone: 'root',
+      dropIdx: 2,
+      buckets: { root: bucket },
+      mergeCollapse: false
+    });
+    expect(out.size).toBe(0);
+  });
 });
 
 describe('computeShifts — cross zone', () => {
@@ -165,4 +182,23 @@ describe('computeShifts — cross zone', () => {
     });
     expect(out.size).toBe(0); // nothing after idx 3 in src; target empty
   });
+
+  it('extrapolates target shift via cellAdvance when last card shifts past end', () => {
+    // target has 3 cards (idx 0, 1, 2); drop at idx 1 → cards at idx 1, 2
+    // shift forward. Card at idx 1 → 2 hits a real slot (direct lookup);
+    // card at idx 2 → 3 has no slot in the bucket → cellAdvance fallback.
+    const folder = row(3, 'folder:5', 2000);
+    const out = computeShifts({
+      sourceZone: 'root',
+      sourceCardId: 9999, // not in any bucket; src zone has no cards
+      sourceLogicalIdx: 0,
+      targetZone: 'folder:5',
+      dropIdx: 1,
+      buckets: { root: [], 'folder:5': folder },
+      mergeCollapse: false
+    });
+    expect(out.get(2001)).toEqual({ dx: 100, dy: 0 }); // direct lookup (idx 1 → 2 exists)
+    expect(out.get(2002)).toEqual({ dx: 100, dy: 0 }); // extrapolated (idx 2 → 3 doesn't exist)
+    expect(out.get(2000)).toBeUndefined();
+  });
 });
diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index c26c87f..f71ccbe 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -127,6 +127,9 @@ export interface ComputeShiftsInput {
 export function computeShifts(input: ComputeShiftsInput): Map<number, { dx: number; dy: number }> {
   const result = new Map<number, { dx: number; dy: number }>();
   if (input.mergeCollapse) return result;
+  // Defensive: sourceLogicalIdx -1 means source isn't in the cache yet
+  // (e.g. between pointerdown and lift). Don't compute shifts.
+  if (input.sourceLogicalIdx < 0) return result;
 
   const { sourceZone, sourceCardId, sourceLogicalIdx, targetZone, dropIdx, buckets } = input;
 

From f9fc456671e37d83ceb0944443fe8db6e373f57a Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 12:02:07 +0800
Subject: [PATCH 46/77] feat(launchpad): layout cache builder and
 cursorOnLeftHalfOf helper

buildLayoutCache snapshots every [data-card-id] cell's logical index
and rect, grouped by [data-zone]. Used at drag lift to keep insertion
math stable independent of mid-drag transform shifts.
---
 web/src/lib/util/dragGrid.test.ts | 19 +++++++-
 web/src/lib/util/dragGrid.ts      | 72 +++++++++++++++++++++++++++++++
 2 files changed, 90 insertions(+), 1 deletion(-)

diff --git a/web/src/lib/util/dragGrid.test.ts b/web/src/lib/util/dragGrid.test.ts
index f650013..d914232 100644
--- a/web/src/lib/util/dragGrid.test.ts
+++ b/web/src/lib/util/dragGrid.test.ts
@@ -1,5 +1,5 @@
 import { describe, it, expect } from 'vitest';
-import { computeShifts, type SlotRect } from './dragGrid';
+import { computeShifts, cursorOnLeftHalfOf, type SlotRect } from './dragGrid';
 
 // vitest runs in node env (no jsdom/happy-dom installed); the action's
 // type signatures use DOMRect, but computeShifts only reads .left/.top.
@@ -202,3 +202,20 @@ describe('computeShifts — cross zone', () => {
     expect(out.get(2000)).toBeUndefined();
   });
 });
+
+describe('cursorOnLeftHalfOf', () => {
+  it('returns true when cursor is left of slot center', () => {
+    const rect = new DOMRect(100, 0, 80, 80); // [100, 180]
+    expect(cursorOnLeftHalfOf(rect, 120)).toBe(true); // 120 < 140 (center)
+  });
+
+  it('returns false when cursor is right of slot center', () => {
+    const rect = new DOMRect(100, 0, 80, 80);
+    expect(cursorOnLeftHalfOf(rect, 160)).toBe(false); // 160 > 140
+  });
+
+  it('returns false when cursor is exactly at center (right-half tie-break)', () => {
+    const rect = new DOMRect(100, 0, 80, 80);
+    expect(cursorOnLeftHalfOf(rect, 140)).toBe(false); // exactly at center
+  });
+});
diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index f71ccbe..e44b0aa 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -204,6 +204,78 @@ export function cellAdvance(bucket: SlotRect[]): { dx: number; dy: number } | nu
   return { dx: b.left - a.left, dy: b.top - a.top };
 }
 
+export interface CardIdEntry {
+  zone: string;
+  logicalIdx: number;
+  rect: DOMRect;
+}
+
+export interface LayoutCache {
+  byZone: Map<string, SlotRect[]>; // sorted by logicalIdx
+  byCardId: Map<number, CardIdEntry>;
+  cellAdvanceByZone: Map<string, { dx: number; dy: number }>;
+}
+
+/**
+ * Snapshot all [data-card-id] cells inside `node`, grouped by their
+ * nearest [data-zone] ancestor. Source's own cell is included so its
+ * logical position is recoverable, but the consumer treats source as
+ * "the gap" and skips shifting it.
+ */
+export function buildLayoutCache(node: HTMLElement): LayoutCache {
+  const byZone = new Map<string, SlotRect[]>();
+  const byCardId = new Map<number, CardIdEntry>();
+  const cells = node.querySelectorAll<HTMLElement>('[data-card-id]');
+  // First pass: collect all cells with rects, grouped by zone.
+  const collected: Array<{ cell: HTMLElement; meta: CardMeta; rect: DOMRect }> = [];
+  cells.forEach((cell) => {
+    const meta = readMetaFromCell(cell);
+    if (!meta) return; // skip add-tile sentinel and malformed
+    collected.push({ cell, meta, rect: cell.getBoundingClientRect() });
+  });
+  // Group by zone, sort by document order (which mirrors logicalIdx
+  // because the grid renders in sortOrder).
+  const byZoneRaw = new Map<string, Array<{ meta: CardMeta; rect: DOMRect }>>();
+  for (const { meta, rect } of collected) {
+    const list = byZoneRaw.get(meta.zone) ?? [];
+    list.push({ meta, rect });
+    byZoneRaw.set(meta.zone, list);
+  }
+  // Second pass: assign logicalIdx in DOM order, build SlotRect arrays.
+  for (const [zone, items] of byZoneRaw) {
+    const slots: SlotRect[] = items.map((item, idx) => ({
+      zone,
+      logicalIdx: idx,
+      cardId: item.meta.id,
+      rect: item.rect
+    }));
+    byZone.set(zone, slots);
+    for (const slot of slots) {
+      byCardId.set(slot.cardId, {
+        zone,
+        logicalIdx: slot.logicalIdx,
+        rect: slot.rect
+      });
+    }
+  }
+  // Per-zone cellAdvance for extrapolation.
+  const cellAdvanceByZone = new Map<string, { dx: number; dy: number }>();
+  for (const [zone, slots] of byZone) {
+    const adv = cellAdvance(slots);
+    if (adv) cellAdvanceByZone.set(zone, adv);
+  }
+  return { byZone, byCardId, cellAdvanceByZone };
+}
+
+/**
+ * Pure: is cursorX on the left half of a slot's rect?
+ * Center exactly is treated as right-half (so before/after split has a
+ * deterministic tie-break).
+ */
+export function cursorOnLeftHalfOf(rect: DOMRect, cursorX: number): boolean {
+  return cursorX < rect.left + rect.width / 2;
+}
+
 interface DragSession {
   sourceCell: HTMLElement;
   source: CardMeta;

From 0a0b5339159ebc7bd9b2a2f5dea6a31782edb6fb Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 12:06:15 +0800
Subject: [PATCH 47/77] docs(launchpad): document cellAdvanceByZone absence
 semantics

Per code review on 2026-05-26: callers (Task 5+) need to know that a
zone with <2 cells produces no entry in the map and they must handle
the missing case.
---
 web/src/lib/util/dragGrid.ts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index e44b0aa..b11575a 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -213,6 +213,9 @@ export interface CardIdEntry {
 export interface LayoutCache {
   byZone: Map<string, SlotRect[]>; // sorted by logicalIdx
   byCardId: Map<number, CardIdEntry>;
+  /** Per-zone displacement vector between consecutive slots. Absent for
+   *  zones with <2 cells (single-slot zones can't infer an advance);
+   *  callers must handle a missing entry gracefully. */
   cellAdvanceByZone: Map<string, { dx: number; dy: number }>;
 }
 

From 03de5fd0f99418b19290f21a633551ee53be67ad Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 12:08:50 +0800
Subject: [PATCH 48/77] feat(launchpad): dwell session state and merge-arm
 helpers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds layoutCache, sourceLogicalIdx, and dwell timers/state to
DragSession. Introduces startMergeArmForItem / setMergeImmediateForFolder
/ cancelMergeArm. Not wired into applyHover yet — Task 5 does that.
---
 web/src/lib/util/dragGrid.ts | 81 +++++++++++++++++++++++++++++++++++-
 1 file changed, 79 insertions(+), 2 deletions(-)

diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index b11575a..b42742a 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -30,7 +30,7 @@
 // the cursor. This is what keeps hit-tests reliable.
 
 import { browser } from '$app/environment';
-import { mergeCandidate, dragSource } from '$lib/stores/dragMerge';
+import { mergeCandidate, dragSource, cellShifts } from '$lib/stores/dragMerge';
 
 export type CardKind = 'folder' | 'item';
 export type DropIntent = 'merge' | 'before' | 'after';
@@ -291,12 +291,25 @@ interface DragSession {
   cloneOffsetX: number;
   cloneOffsetY: number;
   rafToken: number | null;
+  // Existing spring-load timer (folder panel auto-open).
   dwellTimer: ReturnType<typeof setTimeout> | null;
   dwellTargetId: number | null;
   edgePanTimer: ReturnType<typeof setTimeout> | null;
   edgePanDirection: EdgePanDirection | null;
   hover: DragHoverInfo;
   pointerId: number;
+  // New (Task 4): layout snapshot, populated at lift.
+  layoutCache: LayoutCache | null;
+  sourceLogicalIdx: number;
+  // New (Task 4): merge dwell state machine.
+  mergeArmTimer: ReturnType<typeof setTimeout> | null;
+  mergeReadyTimer: ReturnType<typeof setTimeout> | null;
+  mergeArmTargetId: number | null;
+  mergeArmStartX: number;
+  mergeArmStartY: number;
+  /** True once arm timer fires; persists through ready. The drop semantics
+   *  flip from reorder→merge based on this flag. */
+  mergeArmFired: boolean;
 }
 
 function readMetaFromCell(cell: HTMLElement): CardMeta | null {
@@ -377,7 +390,15 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
       edgePanTimer: null,
       edgePanDirection: null,
       hover: { target: null, intent: null, hoverZone: meta.zone, outOfZone: false },
-      pointerId: e.pointerId
+      pointerId: e.pointerId,
+      layoutCache: null,
+      sourceLogicalIdx: -1,
+      mergeArmTimer: null,
+      mergeReadyTimer: null,
+      mergeArmTargetId: null,
+      mergeArmStartX: 0,
+      mergeArmStartY: 0,
+      mergeArmFired: false
     };
 
     window.addEventListener('pointermove', onPointerMove, { passive: true });
@@ -575,6 +596,59 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
     session.dwellTargetId = null;
   }
 
+  function cancelMergeArm() {
+    if (!session) return;
+    if (session.mergeArmTimer) {
+      clearTimeout(session.mergeArmTimer);
+      session.mergeArmTimer = null;
+    }
+    if (session.mergeReadyTimer) {
+      clearTimeout(session.mergeReadyTimer);
+      session.mergeReadyTimer = null;
+    }
+    session.mergeArmTargetId = null;
+    session.mergeArmFired = false;
+    mergeCandidate.set(null);
+  }
+
+  function startMergeArmForItem(targetId: number, kind: CardKind) {
+    if (!session) return;
+    cancelMergeArm();
+    session.mergeArmTargetId = targetId;
+    session.mergeArmFired = false;
+    session.mergeArmStartX = session.cursorX;
+    session.mergeArmStartY = session.cursorY;
+
+    session.mergeArmTimer = setTimeout(() => {
+      if (!session) return;
+      if (session.mergeArmTargetId !== targetId) return;
+      // Defensive: if the cursor wandered past tolerance, do not arm.
+      const dx = session.cursorX - session.mergeArmStartX;
+      const dy = session.cursorY - session.mergeArmStartY;
+      if (Math.hypot(dx, dy) > MERGE_CANCEL_MOVE_PX) {
+        cancelMergeArm();
+        return;
+      }
+      session.mergeArmFired = true;
+      mergeCandidate.set({ id: targetId, kind, phase: 'armed' });
+    }, MERGE_ARM_MS);
+
+    session.mergeReadyTimer = setTimeout(() => {
+      if (!session) return;
+      if (session.mergeArmTargetId !== targetId) return;
+      if (!session.mergeArmFired) return; // arm cancelled before ready
+      mergeCandidate.set({ id: targetId, kind, phase: 'ready' });
+    }, MERGE_READY_MS);
+  }
+
+  function setMergeImmediateForFolder(targetId: number) {
+    if (!session) return;
+    cancelMergeArm();
+    session.mergeArmTargetId = targetId;
+    session.mergeArmFired = true;
+    mergeCandidate.set({ id: targetId, kind: 'folder', phase: 'ready' });
+  }
+
   function onPointerUp(e: PointerEvent) {
     if (!session) return;
     if (e.pointerId !== session.pointerId) return;
@@ -599,6 +673,8 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
     if (s.rafToken != null) cancelAnimationFrame(s.rafToken);
     if (s.dwellTimer) clearTimeout(s.dwellTimer);
     if (s.edgePanTimer) clearTimeout(s.edgePanTimer);
+    if (s.mergeArmTimer) clearTimeout(s.mergeArmTimer);
+    if (s.mergeReadyTimer) clearTimeout(s.mergeReadyTimer);
 
     if (s.clone) {
       s.clone.remove();
@@ -614,6 +690,7 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
 
     mergeCandidate.set(null);
     dragSource.set(null);
+    cellShifts.set(new Map());
 
     if (s.lifted && !canceled) {
       options.onDrop?.({

From fb79d83fe027be21ca47d02f43ccfde756d9b5be Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 12:13:17 +0800
Subject: [PATCH 49/77] refactor(launchpad): split clearMergeArmInternal to
 avoid mergeCandidate null pulse

setMergeImmediateForFolder previously called cancelMergeArm which set
mergeCandidate to null before re-setting it to ready in the next
synchronous statement. Subscribers (especially eager ones) saw a
spurious null transition on every folder hover. Pull the timer-clearing
logic into clearMergeArmInternal and call it from
setMergeImmediateForFolder, leaving mergeCandidate alone so the store
transitions directly from prior state to ready.

Per code review on Task 4 (commit 03de5fd).
---
 web/src/lib/util/dragGrid.ts | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index b42742a..54f4563 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -596,7 +596,10 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
     session.dwellTargetId = null;
   }
 
-  function cancelMergeArm() {
+  // Internal: clear timers + arming state, but leave mergeCandidate alone.
+  // Used when transitioning into a NEW merge candidate (e.g. swapping
+  // targets) so subscribers don't see a transient null pulse.
+  function clearMergeArmInternal() {
     if (!session) return;
     if (session.mergeArmTimer) {
       clearTimeout(session.mergeArmTimer);
@@ -608,14 +611,19 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
     }
     session.mergeArmTargetId = null;
     session.mergeArmFired = false;
+  }
+
+  function cancelMergeArm() {
+    clearMergeArmInternal();
     mergeCandidate.set(null);
   }
 
   function startMergeArmForItem(targetId: number, kind: CardKind) {
     if (!session) return;
+    // Switching targets: clear previous candidate so any subscriber sees
+    // null in between (matches reorder semantics — no card is "merging").
     cancelMergeArm();
     session.mergeArmTargetId = targetId;
-    session.mergeArmFired = false;
     session.mergeArmStartX = session.cursorX;
     session.mergeArmStartY = session.cursorY;
 
@@ -643,7 +651,10 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
 
   function setMergeImmediateForFolder(targetId: number) {
     if (!session) return;
-    cancelMergeArm();
+    // Folders go straight to ready — skip the null-pulse that
+    // cancelMergeArm would emit, since subscribers should transition
+    // directly from prior state to this folder being ready.
+    clearMergeArmInternal();
     session.mergeArmTargetId = targetId;
     session.mergeArmFired = true;
     mergeCandidate.set({ id: targetId, kind: 'folder', phase: 'ready' });

From 83a060ea5146ce310381b4428b3761dc3b01084b Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 12:15:38 +0800
Subject: [PATCH 50/77] feat(launchpad): wire layout cache, dwell, and shift
 preview in dragGrid

liftSource builds the per-session layout cache. applyHover drives the
dwell state machine (item: 200/600 ms two-stage; folder: instant) and
republishes cellShifts each tick. mergeCandidate now includes phase.
---
 web/src/lib/util/dragGrid.ts | 109 +++++++++++++++++++++++++++++------
 1 file changed, 90 insertions(+), 19 deletions(-)

diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index 54f4563..10132e0 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -492,6 +492,10 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
     clone.style.transform = `translate(${r.left}px, ${r.top}px) scale(${CLONE_LIFT_SCALE})`;
     document.body.appendChild(clone);
 
+    session.layoutCache = buildLayoutCache(node);
+    const srcEntry = session.layoutCache.byCardId.get(session.source.id);
+    session.sourceLogicalIdx = srcEntry?.logicalIdx ?? 0;
+
     session.sourceCell.dataset.dragging = 'true';
     session.lifted = true;
     session.clone = clone;
@@ -546,27 +550,37 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
       options.onHoverZoneChange?.(prev.hoverZone, next.hoverZone);
     }
 
-    if (next.intent === 'merge' && next.target) {
-      // Phase is set to 'ready' here to preserve pre-change behavior;
-      // Task 5 (Wire dwell in applyHover) replaces this with the real
-      // armed/ready transition.
-      mergeCandidate.set({ id: next.target.id, kind: next.target.kind, phase: 'ready' });
-    } else {
-      mergeCandidate.set(null);
+    // --- Merge dwell state machine ---
+    // Item targets need a 200ms arm gate. Folder targets are immediate.
+    // Non-merge intent or different target → cancel arming.
+    const isMergeItem =
+      next.intent === 'merge' && next.target?.kind === 'item' && next.target.id != null;
+    const isMergeFolder =
+      next.intent === 'merge' && next.target?.kind === 'folder' && next.target.id != null;
+
+    if (!isMergeItem && !isMergeFolder) {
+      if (session.mergeArmTargetId != null) cancelMergeArm();
+    } else if (isMergeItem) {
+      if (session.mergeArmTargetId !== next.target!.id) {
+        // Switching targets: restart arming.
+        startMergeArmForItem(next.target!.id, 'item');
+      } else if (!session.mergeArmFired) {
+        // Pre-arm jitter check.
+        const dx = session.cursorX - session.mergeArmStartX;
+        const dy = session.cursorY - session.mergeArmStartY;
+        if (Math.hypot(dx, dy) > MERGE_CANCEL_MOVE_PX) {
+          startMergeArmForItem(next.target!.id, 'item'); // restart from current pos
+        }
+      }
+    } else if (isMergeFolder) {
+      if (session.mergeArmTargetId !== next.target!.id) {
+        setMergeImmediateForFolder(next.target!.id);
+      }
     }
 
-    // Spring-load opens a folder under the cursor when the user is
-    // hovering it with merge intent. Restrict it to:
-    //   - source.kind === 'item': folders can't be nested inside other
-    //     folders, so dragging a folder onto another folder is only ever
-    //     a reorder gesture in handleDrop — opening the target folder
-    //     just hides the destination slot from view. Same for
-    //     folder-on-item: there's no merge semantic, only reorder.
-    //   - source.zone === 'root': once the user has lifted a card out
-    //     of folder A, them brushing past folder B on the way to a root
-    //     slot should NOT auto-open B and capture the drop. Cross-folder
-    //     moves can still be done by releasing into root first, then
-    //     re-dragging into B.
+    // --- Spring-load (folder panel auto-open) — unchanged behavior ---
+    // Restrict to: source.kind === 'item' AND source.zone === 'root' AND
+    // target.kind === 'folder'. Same conditions as before.
     const isSpringTarget =
       next.intent === 'merge' &&
       next.target?.kind === 'folder' &&
@@ -585,6 +599,63 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
         options.onSpringLoad?.(tid);
       }, HOVER_DWELL_MS);
     }
+
+    // --- Shift compute and publish ---
+    publishShifts(next);
+  }
+
+  function publishShifts(next: DragHoverInfo) {
+    if (!session || !session.layoutCache) {
+      cellShifts.set(new Map());
+      return;
+    }
+    const lc = session.layoutCache;
+    const target = next.target;
+    // Determine whether merge gate is active (collapse all shifts).
+    const mergeCollapse =
+      target != null &&
+      next.intent === 'merge' &&
+      (target.kind === 'folder' || session.mergeArmFired);
+
+    // Determine target zone + dropIdx.
+    let targetZone: string | null = null;
+    let dropIdx = 0;
+    if (target) {
+      targetZone = target.zone;
+      const tEntry = lc.byCardId.get(target.id);
+      if (!tEntry) {
+        cellShifts.set(new Map());
+        return;
+      }
+      // For pre-arm item merge, fall through to side-based.
+      let effIntent: DropIntent = next.intent ?? 'after';
+      if (effIntent === 'merge' && target.kind === 'item' && !session.mergeArmFired) {
+        effIntent = cursorOnLeftHalfOf(tEntry.rect, session.cursorX) ? 'before' : 'after';
+      }
+      dropIdx = effIntent === 'before' ? tEntry.logicalIdx : tEntry.logicalIdx + 1;
+    } else if (next.hoverZone) {
+      // No target but inside a zone → append at end.
+      targetZone = next.hoverZone;
+      const bucket = lc.byZone.get(targetZone) ?? [];
+      dropIdx = bucket.length;
+    } else {
+      cellShifts.set(new Map());
+      return;
+    }
+
+    const buckets: Record<string, SlotRect[]> = {};
+    for (const [zone, slots] of lc.byZone) buckets[zone] = slots;
+
+    const shifts = computeShifts({
+      sourceZone: session.source.zone,
+      sourceCardId: session.source.id,
+      sourceLogicalIdx: session.sourceLogicalIdx,
+      targetZone,
+      dropIdx,
+      buckets,
+      mergeCollapse
+    });
+    cellShifts.set(shifts);
   }
 
   function cancelDwell() {

From 054fcddd06e2ca9da8a71e4980403e35f7b4a802 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 12:21:25 +0800
Subject: [PATCH 51/77] perf(launchpad): dedupe cellShifts writes and cache
 bucketsRecord

publishShifts runs per rAF tick and previously published a fresh Map
to cellShifts every time, triggering reactivity in every Card
subscriber even when shifts hadn't changed. Add shiftsEqual + setShifts
helpers that skip writes when value-equal to the last published map.

Also pre-build layoutCache.bucketsRecord once at lift instead of
rebuilding the Record from byZone every tick.

Per code review on Task 5 (commit 83a060e).
---
 web/src/lib/util/dragGrid.ts | 51 +++++++++++++++++++++++++++++-------
 1 file changed, 42 insertions(+), 9 deletions(-)

diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index 10132e0..b0f2d6f 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -217,6 +217,10 @@ export interface LayoutCache {
    *  zones with <2 cells (single-slot zones can't infer an advance);
    *  callers must handle a missing entry gracefully. */
   cellAdvanceByZone: Map<string, { dx: number; dy: number }>;
+  /** Pre-computed `byZone` as a Record for direct use by computeShifts.
+   *  Built once at lift / cache rebuild so the per-rAF publishShifts
+   *  doesn't reallocate. */
+  bucketsRecord: Record<string, SlotRect[]>;
 }
 
 /**
@@ -267,7 +271,11 @@ export function buildLayoutCache(node: HTMLElement): LayoutCache {
     const adv = cellAdvance(slots);
     if (adv) cellAdvanceByZone.set(zone, adv);
   }
-  return { byZone, byCardId, cellAdvanceByZone };
+  // Pre-build the Record form for computeShifts. Built once here, reused
+  // every rAF tick by publishShifts.
+  const bucketsRecord: Record<string, SlotRect[]> = {};
+  for (const [zone, slots] of byZone) bucketsRecord[zone] = slots;
+  return { byZone, byCardId, cellAdvanceByZone, bucketsRecord };
 }
 
 /**
@@ -337,6 +345,28 @@ function classifyIntent(r: DOMRect, x: number, y: number): DropIntent {
 export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
   let options = opts;
   let session: DragSession | null = null;
+  // Tracks the last cellShifts Map written to the store. publishShifts
+  // skips writes when the new shifts are value-equal, sparing every Card
+  // subscriber a re-render per rAF tick.
+  let lastPublishedShifts: Map<number, { dx: number; dy: number }> = new Map();
+
+  function shiftsEqual(
+    a: Map<number, { dx: number; dy: number }>,
+    b: Map<number, { dx: number; dy: number }>
+  ): boolean {
+    if (a.size !== b.size) return false;
+    for (const [k, v] of a) {
+      const w = b.get(k);
+      if (!w || w.dx !== v.dx || w.dy !== v.dy) return false;
+    }
+    return true;
+  }
+
+  function setShifts(next: Map<number, { dx: number; dy: number }>) {
+    if (shiftsEqual(next, lastPublishedShifts)) return;
+    lastPublishedShifts = next;
+    cellShifts.set(next);
+  }
 
   function cellFromEvent(e: PointerEvent): HTMLElement | null {
     if (!(e.target instanceof Element)) return null;
@@ -604,9 +634,12 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
     publishShifts(next);
   }
 
+  // Hot path: runs every rAF tick during a drag. Recomputes per-card
+  // shifts; setShifts skips redundant store writes when the result is
+  // value-equal to the previous tick.
   function publishShifts(next: DragHoverInfo) {
     if (!session || !session.layoutCache) {
-      cellShifts.set(new Map());
+      setShifts(new Map());
       return;
     }
     const lc = session.layoutCache;
@@ -624,7 +657,7 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
       targetZone = target.zone;
       const tEntry = lc.byCardId.get(target.id);
       if (!tEntry) {
-        cellShifts.set(new Map());
+        setShifts(new Map());
         return;
       }
       // For pre-arm item merge, fall through to side-based.
@@ -639,23 +672,20 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
       const bucket = lc.byZone.get(targetZone) ?? [];
       dropIdx = bucket.length;
     } else {
-      cellShifts.set(new Map());
+      setShifts(new Map());
       return;
     }
 
-    const buckets: Record<string, SlotRect[]> = {};
-    for (const [zone, slots] of lc.byZone) buckets[zone] = slots;
-
     const shifts = computeShifts({
       sourceZone: session.source.zone,
       sourceCardId: session.source.id,
       sourceLogicalIdx: session.sourceLogicalIdx,
       targetZone,
       dropIdx,
-      buckets,
+      buckets: lc.bucketsRecord,
       mergeCollapse
     });
-    cellShifts.set(shifts);
+    setShifts(shifts);
   }
 
   function cancelDwell() {
@@ -772,7 +802,10 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
 
     mergeCandidate.set(null);
     dragSource.set(null);
+    // Reset both store and dedup tracker so the next drag session
+    // starts from a clean baseline.
     cellShifts.set(new Map());
+    lastPublishedShifts = new Map();
 
     if (s.lifted && !canceled) {
       options.onDrop?.({

From 117c5d3a04c07178431be0e4b12d9dad27ebc491 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 12:22:42 +0800
Subject: [PATCH 52/77] feat(launchpad): resolve drop intent based on merge-arm
 gate

resolveFinalIntent: dropping on an item where the dwell never fired
falls back to before/after by cursor side. Releasing in armed/ready
state commits merge. Folder targets always merge.
---
 web/src/lib/util/dragGrid.ts | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index b0f2d6f..7e2652e 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -773,6 +773,21 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
     finish(true);
   }
 
+  function resolveFinalIntent(s: DragSession): DragHoverInfo {
+    const t = s.hover.target;
+    if (s.mergeArmFired && t) {
+      return { ...s.hover, intent: 'merge' };
+    }
+    if (s.hover.intent === 'merge' && t && t.kind === 'item') {
+      if (!s.layoutCache) return { ...s.hover, intent: 'after' };
+      const entry = s.layoutCache.byCardId.get(t.id);
+      if (!entry) return { ...s.hover, intent: 'after' };
+      const intent: DropIntent = cursorOnLeftHalfOf(entry.rect, s.cursorX) ? 'before' : 'after';
+      return { ...s.hover, intent };
+    }
+    return s.hover;
+  }
+
   function finish(canceled: boolean) {
     if (!session) return;
     const s = session;
@@ -810,7 +825,7 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
     if (s.lifted && !canceled) {
       options.onDrop?.({
         source: s.source,
-        ...s.hover
+        ...resolveFinalIntent(s)
       });
     }
   }

From d9d540accfc8d68280bdc837b84558dbb33b6cd2 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 12:43:25 +0800
Subject: [PATCH 53/77] feat(launchpad): card visual reorder shift and two-tier
 merge halo

Card subscribes to cellShifts and applies translate transform; merge
halo splits into merge-armed (faint, 200ms) and merge-ready (full,
600ms). Source cell goes invisible while dragging so the gap is shown.
---
 web/src/lib/components/Nav/Card.svelte | 49 ++++++++++++++++++++++----
 1 file changed, 43 insertions(+), 6 deletions(-)

diff --git a/web/src/lib/components/Nav/Card.svelte b/web/src/lib/components/Nav/Card.svelte
index 55b38e0..a2ae4f9 100644
--- a/web/src/lib/components/Nav/Card.svelte
+++ b/web/src/lib/components/Nav/Card.svelte
@@ -7,7 +7,7 @@
   import { navDataStore } from '$lib/stores/navData';
   import { deleteCard } from '$lib/api/cards';
   import { toast } from '$lib/components/ui/toast';
-  import { mergeCandidate } from '$lib/stores/dragMerge';
+  import { mergeCandidate, cellShifts } from '$lib/stores/dragMerge';
 
   interface Props {
     card: Card;
@@ -22,6 +22,11 @@
   const isItem = $derived(card.kind === 'item');
   const isFolder = $derived(card.kind === 'folder');
 
+  const shift = $derived($cellShifts.get(card.id) ?? { dx: 0, dy: 0 });
+  const mergePhase = $derived(
+    $mergeCandidate?.id === card.id ? $mergeCandidate.phase : null
+  );
+
   const url = $derived(
     isItem && $currentSite.site && card.links ? (card.links[$currentSite.site.value] ?? null) : null
   );
@@ -100,9 +105,13 @@
 <div
   class="cell"
   class:jiggle={$jiggleMode}
-  class:merge-target={$mergeCandidate?.id === card.id}
+  class:merge-armed={mergePhase === 'armed'}
+  class:merge-ready={mergePhase === 'ready'}
   data-card-id={card.id}
   data-card-kind={card.kind}
+  style:transform={shift.dx === 0 && shift.dy === 0
+    ? null
+    : `translate(${shift.dx}px, ${shift.dy}px)`}
   use:longPress={{ onTrigger: onLongPress }}
 >
   {#if $jiggleMode}
@@ -162,6 +171,20 @@
     user-select: none;
     -webkit-user-drag: none;
   }
+  /* Reorder preview translation. The cell uses `style:transform` set by
+   * cellShifts; this keeps the inner card/folder element free for the
+   * jiggle and merge-state transforms (they don't compose otherwise). */
+  .cell {
+    transition: transform var(--shift-duration, 220ms) cubic-bezier(0.4, 0, 0.2, 1);
+  }
+  /* While this cell is the active drag source, hide it so the empty
+   * slot is visible at the source's logical position. The clone follows
+   * the cursor (managed by dragGrid). pointer-events:none keeps the
+   * hidden cell from intercepting elementsFromPoint hits. */
+  .cell[data-dragging='true'] {
+    opacity: 0;
+    pointer-events: none;
+  }
   /* Wobble lives on .card / .folder (inner element), not .cell. The
    * outer .cell may receive a transient transform (e.g. translation
    * during drag); animating an inner element keeps .cell's transform
@@ -192,10 +215,24 @@
   .cell.jiggle:nth-child(3n) .folder {
     animation-delay: -160ms;
   }
-  /* Visual cue for "release here to merge / reparent". The hover
-   * threshold (500ms) flips this on by setting the cell class. */
-  .cell.merge-target .card,
-  .cell.merge-target .folder {
+  /* Visual cue for "release here to merge / reparent". Two tiers:
+   * - merge-armed: appears at MERGE_ARM_MS (200 ms) into a stationary
+   *   hover. Faint halo + small scale. Releasing here ALSO commits a
+   *   merge (the gate is "armed", not "ready").
+   * - merge-ready: promotes at MERGE_READY_MS (600 ms). Stronger halo,
+   *   larger scale. Functionally identical to armed for drop, but a
+   *   clearer "release now = build folder" signal.
+   * Folder targets are always set to ready immediately. */
+  .cell.merge-armed .card,
+  .cell.merge-armed .folder {
+    box-shadow: 0 0 0 2px rgba(74, 108, 247, 0.5);
+    transform: scale(1.02);
+    transition:
+      box-shadow 0.15s ease,
+      transform 0.15s ease;
+  }
+  .cell.merge-ready .card,
+  .cell.merge-ready .folder {
     box-shadow:
       0 0 0 4px var(--c-accent, #4a6cf7),
       0 0 22px rgba(74, 108, 247, 0.55);

From b69fbbb92766c726dc4cdf8a008968f2f1ea4aae Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 12:50:31 +0800
Subject: [PATCH 54/77] =?UTF-8?q?refactor(launchpad):=20tighten=20Card.sve?=
 =?UTF-8?q?lte=20CSS=20=E2=80=94=20pause=20jiggle=20on=20merge,=20scope=20?=
 =?UTF-8?q?data-dragging=20selector,=20export=20SHIFT=5FDURATION=5FMS?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Three follow-ups to commit d9d540a per code review:

- Jiggle keyframes own `transform: rotate(...)` on the same inner
  element our merge-armed/ready rules target, so during drag the merge
  scale was effectively dead. Pause `animation-play-state` on those
  states so the static scale renders.
- Mark `[data-dragging='true']` :global so Svelte's static analyzer
  doesn't flag the imperatively-set attribute as unused. Keeps `.cell`
  scoped to this component.
- Export SHIFT_DURATION_MS so it's not flagged unused; +page.svelte can
  later wire it into the `--shift-duration` CSS var.
- Reflow mergePhase $derived to a single line per Prettier.
---
 web/src/lib/components/Nav/Card.svelte | 24 ++++++++++++++++++------
 web/src/lib/util/dragGrid.ts           |  6 +++++-
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/web/src/lib/components/Nav/Card.svelte b/web/src/lib/components/Nav/Card.svelte
index a2ae4f9..cf165be 100644
--- a/web/src/lib/components/Nav/Card.svelte
+++ b/web/src/lib/components/Nav/Card.svelte
@@ -23,9 +23,7 @@
   const isFolder = $derived(card.kind === 'folder');
 
   const shift = $derived($cellShifts.get(card.id) ?? { dx: 0, dy: 0 });
-  const mergePhase = $derived(
-    $mergeCandidate?.id === card.id ? $mergeCandidate.phase : null
-  );
+  const mergePhase = $derived($mergeCandidate?.id === card.id ? $mergeCandidate.phase : null);
 
   const url = $derived(
     isItem && $currentSite.site && card.links ? (card.links[$currentSite.site.value] ?? null) : null
@@ -180,8 +178,13 @@
   /* While this cell is the active drag source, hide it so the empty
    * slot is visible at the source's logical position. The clone follows
    * the cursor (managed by dragGrid). pointer-events:none keeps the
-   * hidden cell from intercepting elementsFromPoint hits. */
-  .cell[data-dragging='true'] {
+   * hidden cell from intercepting elementsFromPoint hits.
+   * `data-dragging` is set imperatively in dragGrid.ts (not in this
+   * template), so we mark the attribute selector :global so Svelte's
+   * static analyzer doesn't flag it as unused. The `.cell` class stays
+   * scoped, so this rule still only matches elements rendered by this
+   * component. */
+  .cell:global([data-dragging='true']) {
     opacity: 0;
     pointer-events: none;
   }
@@ -222,7 +225,16 @@
    * - merge-ready: promotes at MERGE_READY_MS (600 ms). Stronger halo,
    *   larger scale. Functionally identical to armed for drop, but a
    *   clearer "release now = build folder" signal.
-   * Folder targets are always set to ready immediately. */
+   * Folder targets are always set to ready immediately.
+   * Note: jiggle keyframes own `transform: rotate(...)` on the same
+   * inner element; pausing the animation lets our static scale apply
+   * so the user actually sees the size cue while merging. */
+  .cell.merge-armed .card,
+  .cell.merge-armed .folder,
+  .cell.merge-ready .card,
+  .cell.merge-ready .folder {
+    animation-play-state: paused;
+  }
   .cell.merge-armed .card,
   .cell.merge-armed .folder {
     box-shadow: 0 0 0 2px rgba(74, 108, 247, 0.5);
diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index 7e2652e..4ee83e3 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -89,7 +89,11 @@ const MERGE_INNER_FRACTION = 0.5; // tighter (was 0.6) — dwell-gated, can be s
 const MERGE_ARM_MS = 200; // arm fires (release ≥ here = merge)
 const MERGE_READY_MS = 600; // ready halo strengthens
 const MERGE_CANCEL_MOVE_PX = 8; // jitter tolerance during pre-arm
-const SHIFT_DURATION_MS = 220;
+/** Reorder shift transition duration. Exported so callers (e.g. the
+ *  page using dragGrid) can set `--shift-duration` on the canvas to
+ *  keep CSS in sync. Card.svelte falls back to this value if the var
+ *  is unset. */
+export const SHIFT_DURATION_MS = 220;
 // SHIFT_EASE is exposed via CSS variable on Card.svelte; not needed here
 const HOVER_DWELL_MS = 500; // existing spring-load (unchanged)
 const EDGE_PAN_THRESHOLD_PX = 80;

From 659f80d96566b8cca16568c519d292308954b344 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 12:52:40 +0800
Subject: [PATCH 55/77] feat(launchpad): rebuild drag layout cache on
 spring-load and edge-pan

Layout-changing events mid-drag invalidate the cache; expose
rebuildLayoutCache() from the dragGrid action and call it from
+page.svelte after tick().
---
 web/src/lib/util/dragGrid.ts | 20 +++++++++++++++++++-
 web/src/routes/+page.svelte  | 30 ++++++++++++++++++++++++++----
 2 files changed, 45 insertions(+), 5 deletions(-)

diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index 4ee83e3..c152746 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -346,7 +346,14 @@ function classifyIntent(r: DOMRect, x: number, y: number): DropIntent {
   return cx < 0.5 ? 'before' : 'after';
 }
 
-export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
+export function dragGrid(
+  node: HTMLElement,
+  opts: DragGridOptions
+): {
+  update(next: DragGridOptions): void;
+  rebuildLayoutCache(): void;
+  destroy(): void;
+} {
   let options = opts;
   let session: DragSession | null = null;
   // Tracks the last cellShifts Map written to the store. publishShifts
@@ -843,6 +850,17 @@ export function dragGrid(node: HTMLElement, opts: DragGridOptions) {
     update(next: DragGridOptions) {
       options = next;
     },
+    /** Rebuilds the layout cache. Callers (page-level callbacks) invoke
+     *  this after layout-changing events (spring-load, edge-pan) so
+     *  subsequent ticks have correct slot rects. No-op when no drag is
+     *  active. */
+    rebuildLayoutCache() {
+      if (session?.lifted) {
+        session.layoutCache = buildLayoutCache(node);
+        const srcEntry = session.layoutCache.byCardId.get(session.source.id);
+        session.sourceLogicalIdx = srcEntry?.logicalIdx ?? session.sourceLogicalIdx;
+      }
+    },
     destroy() {
       if (browser) {
         node.removeEventListener('pointerdown', onPointerDown);
diff --git a/web/src/routes/+page.svelte b/web/src/routes/+page.svelte
index cf2c348..1accd4e 100644
--- a/web/src/routes/+page.svelte
+++ b/web/src/routes/+page.svelte
@@ -1,5 +1,5 @@
 <script lang="ts">
-  import { onMount } from 'svelte';
+  import { onMount, tick } from 'svelte';
   import { navDataStore } from '$lib/stores/navData';
   import {
     rootCards,
@@ -48,6 +48,24 @@
   /** Currently expanded folder. null = none. */
   let openFolderId = $state<number | null>(null);
 
+  /** Handle to the dragGrid action so page-level callbacks can rebuild
+   *  the layout cache after layout-changing events (spring-load, edge-pan). */
+  let dragGridHandle: { rebuildLayoutCache(): void } | null = null;
+
+  function dragGridAction(node: HTMLElement, opts: Parameters<typeof dragGrid>[1]) {
+    const ret = dragGrid(node, opts);
+    dragGridHandle = ret;
+    return {
+      update(next: typeof opts) {
+        ret.update(next);
+      },
+      destroy() {
+        dragGridHandle = null;
+        ret.destroy();
+      }
+    };
+  }
+
   // ──────── Pager (P1: horizontal pages + dot indicator) ────────
 
   /** Page size by viewport breakpoint. Mirrors clue §1: desktop 7×5, narrow 4×6, mobile 4×5. */
@@ -162,15 +180,19 @@
     )
   );
 
-  function onSpringLoad(folderId: number) {
+  async function onSpringLoad(folderId: number) {
     if (openFolderId !== folderId) openFolderId = folderId;
+    await tick();
+    dragGridHandle?.rebuildLayoutCache();
   }
 
   /** Drag-to-edge auto pager turn (P2). dragGrid fires this while a card
    *  is held near the viewport edge during an active drag. */
-  function onEdgePan(direction: EdgePanDirection) {
+  async function onEdgePan(direction: EdgePanDirection) {
     if (direction === 'prev') currentPage.prev();
     else currentPage.next(pageCount - 1);
+    await tick();
+    dragGridHandle?.rebuildLayoutCache();
   }
 
   /** Auto-close the open folder panel as soon as the user drags one of
@@ -410,7 +432,7 @@
        are owned by one session and dispatched via one handleDrop. -->
   <div
     class="canvas"
-    use:dragGrid={{
+    use:dragGridAction={{
       enabled: $jiggleMode && $sessionStore.authed,
       onSpringLoad,
       onEdgePan,

From 944d26aa49ff64f4b8ad3d51f98392529cbab09f Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 14:49:10 +0800
Subject: [PATCH 56/77] fix(launchpad): correct drop index when src is before
 target + handle between-cards drops

Two related bugs surfaced after Task 7 added the visible reorder shift:

1. Same-zone, src-before-target: handleDrop computed
   `insertAt = effectiveIntent === 'before' ? targetIdx : targetIdx + 1`
   directly off the target's idx in the pre-removal bucket. But
   reorderEntries operates on the post-removal list, where target's
   idx shifts up by 1 once source is filtered out. Result: dropping
   "before C" with source A actually placed A after C.
   publishShifts had the same off-by-one in its dropIdx formula.

2. Cursor in the gap between two cards (no DOM cell hit) silently
   no-op'd: handleDrop's branches all required `info.target`, and
   publishShifts fell back to `dropIdx = bucket.length` (append at
   end). Both wrong: the gap IS the natural reorder target.

Fix:
- SlotRect now carries `kind`, populated by buildLayoutCache.
- publishShifts always picks the closest non-source slot from the
  cached layout and computes dropIdx via cursor side + post-removal
  adjustment. No longer relies on elementsFromPoint hitting a cell.
- resolveFinalIntent synthesizes a target+intent from the closest
  slot when none was hit, so handleDrop has something to anchor on.
- handleDrop applies the same post-removal correction to insertAt.

Tests stay 39/39 (computeShifts math was already correct; the bugs
were in the dropIdx callers).
---
 web/src/lib/util/dragGrid.test.ts |   1 +
 web/src/lib/util/dragGrid.ts      | 124 +++++++++++++++++++++++-------
 web/src/routes/+page.svelte       |  10 ++-
 3 files changed, 108 insertions(+), 27 deletions(-)

diff --git a/web/src/lib/util/dragGrid.test.ts b/web/src/lib/util/dragGrid.test.ts
index d914232..45bc628 100644
--- a/web/src/lib/util/dragGrid.test.ts
+++ b/web/src/lib/util/dragGrid.test.ts
@@ -55,6 +55,7 @@ function row(n: number, zone = 'root', idBase = 1000): SlotRect[] {
       zone,
       logicalIdx: i,
       cardId: idBase + i,
+      kind: 'item',
       rect: new DOMRect(left, 0, 80, 80)
     });
   }
diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index c152746..5ac393f 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -107,6 +107,7 @@ export interface SlotRect {
   zone: string; // 'root' | `folder:${number}`
   logicalIdx: number;
   cardId: number;
+  kind: CardKind;
   rect: DOMRect;
 }
 
@@ -258,6 +259,7 @@ export function buildLayoutCache(node: HTMLElement): LayoutCache {
       zone,
       logicalIdx: idx,
       cardId: item.meta.id,
+      kind: item.meta.kind,
       rect: item.rect
     }));
     byZone.set(zone, slots);
@@ -648,6 +650,12 @@ export function dragGrid(
   // Hot path: runs every rAF tick during a drag. Recomputes per-card
   // shifts; setShifts skips redundant store writes when the result is
   // value-equal to the previous tick.
+  //
+  // Anchor selection: instead of relying on elementsFromPoint to hit a
+  // specific cell, we always pick the slot closest to the cursor (in
+  // the current hover zone). This keeps the gap responsive even when
+  // the cursor sits in the empty space between cards — where the DOM
+  // hit-test would return null and shifts would otherwise stop.
   function publishShifts(next: DragHoverInfo) {
     if (!session || !session.layoutCache) {
       setShifts(new Map());
@@ -660,43 +668,78 @@ export function dragGrid(
       target != null &&
       next.intent === 'merge' &&
       (target.kind === 'folder' || session.mergeArmFired);
+    if (mergeCollapse) {
+      setShifts(new Map());
+      return;
+    }
 
-    // Determine target zone + dropIdx.
+    // Resolve which zone we're computing shifts in.
     let targetZone: string | null = null;
-    let dropIdx = 0;
     if (target) {
       targetZone = target.zone;
-      const tEntry = lc.byCardId.get(target.id);
-      if (!tEntry) {
-        setShifts(new Map());
-        return;
-      }
-      // For pre-arm item merge, fall through to side-based.
-      let effIntent: DropIntent = next.intent ?? 'after';
-      if (effIntent === 'merge' && target.kind === 'item' && !session.mergeArmFired) {
-        effIntent = cursorOnLeftHalfOf(tEntry.rect, session.cursorX) ? 'before' : 'after';
-      }
-      dropIdx = effIntent === 'before' ? tEntry.logicalIdx : tEntry.logicalIdx + 1;
     } else if (next.hoverZone) {
-      // No target but inside a zone → append at end.
       targetZone = next.hoverZone;
-      const bucket = lc.byZone.get(targetZone) ?? [];
-      dropIdx = bucket.length;
     } else {
       setShifts(new Map());
       return;
     }
 
-    const shifts = computeShifts({
-      sourceZone: session.source.zone,
-      sourceCardId: session.source.id,
-      sourceLogicalIdx: session.sourceLogicalIdx,
-      targetZone,
-      dropIdx,
-      buckets: lc.bucketsRecord,
-      mergeCollapse
-    });
-    setShifts(shifts);
+    const dropIdx = resolveDropIdx(targetZone, session.cursorX, session.cursorY);
+    if (dropIdx == null) {
+      setShifts(new Map());
+      return;
+    }
+
+    setShifts(
+      computeShifts({
+        sourceZone: session.source.zone,
+        sourceCardId: session.source.id,
+        sourceLogicalIdx: session.sourceLogicalIdx,
+        targetZone,
+        dropIdx,
+        buckets: lc.bucketsRecord,
+        mergeCollapse: false
+      })
+    );
+  }
+
+  // Returns the post-removal drop idx in `zone` for a cursor at
+  // (cursorX, cursorY), or null when the zone is empty / has only the
+  // source itself.
+  //
+  // Algorithm:
+  //   1. Find the non-source slot whose center is nearest the cursor.
+  //   2. Decide before/after by which half of that slot the cursor is on.
+  //   3. Subtract 1 from the anchor's logicalIdx if (sameZone && source
+  //      sits before the anchor), since `dropIdx` is interpreted in the
+  //      post-source-removal coordinate system by computeShifts and the
+  //      `+page.svelte` `handleDrop` reorderEntries math.
+  function resolveDropIdx(zone: string, cursorX: number, cursorY: number): number | null {
+    if (!session || !session.layoutCache) return null;
+    const slots = session.layoutCache.byZone.get(zone) ?? [];
+    let nearest: SlotRect | null = null;
+    let nearestDist = Infinity;
+    for (const slot of slots) {
+      if (slot.cardId === session.source.id) continue;
+      const cx = slot.rect.left + slot.rect.width / 2;
+      const cy = slot.rect.top + slot.rect.height / 2;
+      const d = Math.hypot(cursorX - cx, cursorY - cy);
+      if (d < nearestDist) {
+        nearestDist = d;
+        nearest = slot;
+      }
+    }
+    if (!nearest) {
+      // Empty zone (or only source in it) → drop at index 0.
+      return 0;
+    }
+    const isLeft = cursorOnLeftHalfOf(nearest.rect, cursorX);
+    const sameZone = session.source.zone === zone;
+    const baseIdx =
+      sameZone && session.sourceLogicalIdx >= 0 && session.sourceLogicalIdx < nearest.logicalIdx
+        ? nearest.logicalIdx - 1
+        : nearest.logicalIdx;
+    return isLeft ? baseIdx : baseIdx + 1;
   }
 
   function cancelDwell() {
@@ -796,6 +839,35 @@ export function dragGrid(
       const intent: DropIntent = cursorOnLeftHalfOf(entry.rect, s.cursorX) ? 'before' : 'after';
       return { ...s.hover, intent };
     }
+    // No target was hit by elementsFromPoint, but the cursor is still
+    // inside a known zone (e.g. between two cards). Synthesize the
+    // closest non-source slot so handleDrop has something to anchor on.
+    // Without this, drops in the gaps between cards silently no-op.
+    if (!t && s.hover.hoverZone && s.layoutCache) {
+      const slots = s.layoutCache.byZone.get(s.hover.hoverZone) ?? [];
+      let nearest: SlotRect | null = null;
+      let nearestDist = Infinity;
+      for (const slot of slots) {
+        if (slot.cardId === s.source.id) continue;
+        const cx = slot.rect.left + slot.rect.width / 2;
+        const cy = slot.rect.top + slot.rect.height / 2;
+        const d = Math.hypot(s.cursorX - cx, s.cursorY - cy);
+        if (d < nearestDist) {
+          nearestDist = d;
+          nearest = slot;
+        }
+      }
+      if (nearest) {
+        const intent: DropIntent = cursorOnLeftHalfOf(nearest.rect, s.cursorX)
+          ? 'before'
+          : 'after';
+        return {
+          ...s.hover,
+          target: { id: nearest.cardId, kind: nearest.kind, zone: nearest.zone },
+          intent
+        };
+      }
+    }
     return s.hover;
   }
 
diff --git a/web/src/routes/+page.svelte b/web/src/routes/+page.svelte
index 1accd4e..93d128e 100644
--- a/web/src/routes/+page.svelte
+++ b/web/src/routes/+page.svelte
@@ -311,7 +311,15 @@
       const targetBucket = bucketFor(targetZone);
       const targetIdx = targetBucket.findIndex((c) => c.id === info.target!.id);
       if (targetIdx < 0) return;
-      const insertAt = effectiveIntent === 'before' ? targetIdx : targetIdx + 1;
+      // reorderEntries works in the post-source-removal coordinate
+      // system. When source sits before target in the same zone,
+      // target shifts up by 1 once source is removed; account for that
+      // so "before target" actually lands the source just before it
+      // (instead of one slot too far right).
+      const sourceIdxInTarget = targetBucket.findIndex((c) => c.id === info.source.id);
+      const adjustedTargetIdx =
+        sourceIdxInTarget >= 0 && sourceIdxInTarget < targetIdx ? targetIdx - 1 : targetIdx;
+      const insertAt = effectiveIntent === 'before' ? adjustedTargetIdx : adjustedTargetIdx + 1;
       const parentId = parentIdFor(targetZone);
 
       // If source moves between zones, the source's previous bucket also

From 9deb642f15a413b6e1b744af8c31803f62cf7708 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 15:06:07 +0800
Subject: [PATCH 57/77] =?UTF-8?q?fix(launchpad):=20three=20drop-UX=20issue?=
 =?UTF-8?q?s=20=E2=80=94=20flicker,=20folder-source=20halo,=20merge=20thre?=
 =?UTF-8?q?shold?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

1. Flicker on drop. cellShifts cleared in finish() while reorderCards
   API was still in flight, so cards transitioned from shifted back to
   0 over 220ms while handleDrop's refetch concurrently rerendered
   them in the new sort order — visible snap+wobble. Suppress the
   transform transition for two rAF frames around drop cleanup so the
   snap is instant; refetch + DOM reorder happens during the
   suppression window. Restored on the third frame.

2. Folder source no longer triggers merge halo. Dragging a folder over
   another folder or item is always reorder (folders can't nest). The
   dwell state machine in applyHover now gates both the item-arm and
   the folder-instant paths on `source.kind === 'item'`, so folder
   sources never set mergeCandidate.

3. Merge zone is now overlap-based, not cursor-position-based. The old
   "cursor in inner 50%" rule fired whenever the cursor brushed the
   middle of a card, even when the dragged card barely touched the
   target. Replaced with a real geometric check: the dragged card has
   to overlap the target by ≥ MERGE_OVERLAP_FRACTION (0.85) of the
   smaller card's area before classifyIntent returns 'merge'. Tunable
   constant; user asked for a much stricter threshold than before.

classifyIntent signature change: now takes (target, dragged, cursorX)
instead of (target, cursorX, cursorY). computeHover constructs the
dragged rect from cursor + cloneOffset + cached source dimensions.
---
 web/src/lib/util/dragGrid.ts | 87 +++++++++++++++++++++++++++++++-----
 1 file changed, 76 insertions(+), 11 deletions(-)

diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index 5ac393f..dd19962 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -85,7 +85,12 @@ export interface DragGridOptions {
 }
 
 const LIFT_THRESHOLD_PX = 5;
-const MERGE_INNER_FRACTION = 0.5; // tighter (was 0.6) — dwell-gated, can be smaller
+/** Fraction of the target cell area that the dragged card must overlap
+ *  for a merge intent to register. Replaces the old cursor-inside-inner-N
+ *  rule (which triggered too easily when the cursor merely brushed a
+ *  card's center). With 0.85 the dragged card has to sit almost fully
+ *  on top of the target before halo or folder-arming begins. */
+const MERGE_OVERLAP_FRACTION = 0.85;
 const MERGE_ARM_MS = 200; // arm fires (release ≥ here = merge)
 const MERGE_READY_MS = 600; // ready halo strengthens
 const MERGE_CANCEL_MOVE_PX = 8; // jitter tolerance during pre-arm
@@ -338,14 +343,30 @@ function readMetaFromCell(cell: HTMLElement): CardMeta | null {
   return { id, kind: kindAttr, zone };
 }
 
-function classifyIntent(r: DOMRect, x: number, y: number): DropIntent {
-  const cx = (x - r.left) / r.width;
-  const cy = (y - r.top) / r.height;
-  const inner = (1 - MERGE_INNER_FRACTION) / 2; // 0.2 if fraction=0.6
-  if (cx >= inner && cx <= 1 - inner && cy >= inner && cy <= 1 - inner) {
+/**
+ * Classify the cursor's intent relative to a target slot.
+ *
+ * Merge requires the dragged card itself to overlap the target by
+ * `MERGE_OVERLAP_FRACTION` of the smaller card's area — i.e. the user
+ * has visually placed the cards mostly on top of each other. This is
+ * stricter than "cursor in inner N% of target" (which fires whenever
+ * the cursor brushes the middle, even with the dragged card barely
+ * touching).
+ *
+ * Falls back to before/after by cursor side when overlap is below the
+ * threshold.
+ */
+function classifyIntent(target: DOMRect, dragged: DOMRect, cursorX: number): DropIntent {
+  const overlapW = Math.max(0, Math.min(target.right, dragged.right) - Math.max(target.left, dragged.left));
+  const overlapH = Math.max(0, Math.min(target.bottom, dragged.bottom) - Math.max(target.top, dragged.top));
+  const overlapArea = overlapW * overlapH;
+  const targetArea = target.width * target.height;
+  const draggedArea = dragged.width * dragged.height;
+  const minArea = Math.min(targetArea, draggedArea);
+  if (minArea > 0 && overlapArea / minArea >= MERGE_OVERLAP_FRACTION) {
     return 'merge';
   }
-  return cx < 0.5 ? 'before' : 'after';
+  return cursorX < target.left + target.width / 2 ? 'before' : 'after';
 }
 
 export function dragGrid(
@@ -554,6 +575,18 @@ export function dragGrid(
 
   function computeHover(s: DragSession): DragHoverInfo {
     const { cursorX, cursorY, source } = s;
+    // The dragged card's current screen rect — needed for overlap-based
+    // merge classification. Falls back to the source cell's lifted rect
+    // when the layoutCache snapshot is missing.
+    const sourceRect = s.layoutCache?.byCardId.get(source.id)?.rect;
+    const draggedW = sourceRect?.width ?? 0;
+    const draggedH = sourceRect?.height ?? 0;
+    const draggedRect = new DOMRect(
+      cursorX - s.cloneOffsetX,
+      cursorY - s.cloneOffsetY,
+      draggedW,
+      draggedH
+    );
     const stack = document.elementsFromPoint(cursorX, cursorY);
     let hoverZone: string | null = null;
     for (const el of stack) {
@@ -573,7 +606,7 @@ export function dragGrid(
       if (!meta) continue;
       if (meta.id === source.id) continue;
       const r = cell.getBoundingClientRect();
-      const intent = classifyIntent(r, cursorX, cursorY);
+      const intent = classifyIntent(r, draggedRect, cursorX);
       return { target: meta, intent, hoverZone: meta.zone, outOfZone: false };
     }
     return {
@@ -595,11 +628,20 @@ export function dragGrid(
 
     // --- Merge dwell state machine ---
     // Item targets need a 200ms arm gate. Folder targets are immediate.
-    // Non-merge intent or different target → cancel arming.
+    // Folders can't be nested inside other cards (folder source can
+    // only ever be reordered), so we only arm merge candidates when
+    // the source is an item.
+    const sourceIsItem = session.source.kind === 'item';
     const isMergeItem =
-      next.intent === 'merge' && next.target?.kind === 'item' && next.target.id != null;
+      sourceIsItem &&
+      next.intent === 'merge' &&
+      next.target?.kind === 'item' &&
+      next.target.id != null;
     const isMergeFolder =
-      next.intent === 'merge' && next.target?.kind === 'folder' && next.target.id != null;
+      sourceIsItem &&
+      next.intent === 'merge' &&
+      next.target?.kind === 'folder' &&
+      next.target.id != null;
 
     if (!isMergeItem && !isMergeFolder) {
       if (session.mergeArmTargetId != null) cancelMergeArm();
@@ -898,6 +940,19 @@ export function dragGrid(
       /* ignore */
     }
 
+    // Suppress the cell transform transition while we clear the
+    // shifts. Otherwise the snap-back from "shifted" to "0" animates
+    // for 220ms while handleDrop's reorder API + refetch land in
+    // parallel, producing a visible flicker as cells transition while
+    // their DOM positions also change. After two frames (data has
+    // settled) we restore the inline style so future drags animate
+    // again.
+    const cells =
+      s.lifted && !canceled
+        ? Array.from(node.querySelectorAll<HTMLElement>('[data-card-id]'))
+        : [];
+    for (const cell of cells) cell.style.transition = 'none';
+
     mergeCandidate.set(null);
     dragSource.set(null);
     // Reset both store and dedup tracker so the next drag session
@@ -911,6 +966,16 @@ export function dragGrid(
         ...resolveFinalIntent(s)
       });
     }
+
+    if (cells.length) {
+      // Two rAF frames is empirically enough for refetch + reactive
+      // re-render to land before transitions resume.
+      requestAnimationFrame(() => {
+        requestAnimationFrame(() => {
+          for (const cell of cells) cell.style.transition = '';
+        });
+      });
+    }
   }
 
   if (browser) {

From c719703087cd0e51578fd3f865e111f59f8efaf0 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 15:19:13 +0800
Subject: [PATCH 58/77] fix(launchpad): keep jiggle animation phase stable
 across drag-induced reorder
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Animation delay was assigned via :nth-child(3n+2)/:nth-child(3n) CSS
selectors. When a drag commit reorders the grid, every card's
nth-child position changes — and so does its animation-delay — which
yanks the wobble to a new phase mid-stride. Visually this reads as a
flicker on either the dropped card or a neighbor, regardless of the
transform-transition suppression added in 9deb642.

Move the delay onto a per-card CSS variable (--jiggle-delay) computed
from card.id (a stable identifier) and exposed via style:--jiggle-delay
on the cell. Each card now keeps its own continuous wobble phase
across reorders.
---
 web/src/lib/components/Nav/Card.svelte | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/web/src/lib/components/Nav/Card.svelte b/web/src/lib/components/Nav/Card.svelte
index cf165be..cea4cd6 100644
--- a/web/src/lib/components/Nav/Card.svelte
+++ b/web/src/lib/components/Nav/Card.svelte
@@ -24,6 +24,14 @@
 
   const shift = $derived($cellShifts.get(card.id) ?? { dx: 0, dy: 0 });
   const mergePhase = $derived($mergeCandidate?.id === card.id ? $mergeCandidate.phase : null);
+  // Jiggle animation delay derived from the card's stable id, NOT its
+  // DOM position. Using `:nth-child(3n+2)` style selectors makes
+  // `animation-delay` change whenever the grid is reordered (after a
+  // drag commit), which snaps each affected card's animation to a new
+  // phase — the user sees this as a flicker. Computing the offset
+  // from `card.id` keeps each card's wobble continuous across
+  // reorders.
+  const jiggleDelay = $derived(`${(card.id % 3) * -80}ms`);
 
   const url = $derived(
     isItem && $currentSite.site && card.links ? (card.links[$currentSite.site.value] ?? null) : null
@@ -107,6 +115,7 @@
   class:merge-ready={mergePhase === 'ready'}
   data-card-id={card.id}
   data-card-kind={card.kind}
+  style:--jiggle-delay={jiggleDelay}
   style:transform={shift.dx === 0 && shift.dy === 0
     ? null
     : `translate(${shift.dx}px, ${shift.dy}px)`}
@@ -201,23 +210,18 @@
   .cell.jiggle:active {
     cursor: grabbing;
   }
+  /* Phase-stagger via per-card CSS variable derived from card.id (set
+   * inline by the template). Avoids :nth-child selectors, which would
+   * re-bind the delay whenever the grid is reordered, snapping the
+   * animation into a new phase and producing a visible flicker on
+   * drop. */
   .cell.jiggle .card,
   .cell.jiggle .folder {
     animation: jiggle-shake 0.25s ease-in-out infinite;
+    animation-delay: var(--jiggle-delay, 0ms);
     transform-origin: center;
     cursor: inherit;
   }
-  /* Phase-stagger: avoid every card jiggling in lock-step (LaunchPad
-   * clue §4 "each card's phase offset"). Three offsets across 0/+80/
-   * +160 ms cover the 250 ms period nicely. */
-  .cell.jiggle:nth-child(3n + 2) .card,
-  .cell.jiggle:nth-child(3n + 2) .folder {
-    animation-delay: -80ms;
-  }
-  .cell.jiggle:nth-child(3n) .card,
-  .cell.jiggle:nth-child(3n) .folder {
-    animation-delay: -160ms;
-  }
   /* Visual cue for "release here to merge / reparent". Two tiers:
    * - merge-armed: appears at MERGE_ARM_MS (200 ms) into a stationary
    *   hover. Faint halo + small scale. Releasing here ALSO commits a

From ba54552e371d9259b1212f9ec5619a719b600917 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 15:26:09 +0800
Subject: [PATCH 59/77] fix(launchpad): defer cellShifts/data-dragging cleanup
 until drop API resolves
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The flicker after a successful drop was a coherence problem, not an
animation problem. With the previous code:

  1. finish() fires onDrop and synchronously clears cellShifts +
     data-dragging.
  2. Cards snap to their pre-drag logical positions (no transition,
     transform = 0). Source becomes visible at its old slot.
  3. ~200ms later, reorderCards completes, navDataStore refetches,
     Svelte re-renders the each block with the new sort order.
  4. Cards snap from old positions to new positions.

Steps 2 and 4 are TWO visible state changes in quick succession —
that's the flicker the user reported, and what the screen recording
shows on both the dropped card and a neighbor.

Make the visual cleanup conditional on the onDrop Promise:

  - During the await window, data-dragging stays on (source hidden,
    its slot acts as the visible gap), cellShifts stays in place
    (neighbors stay in their shifted positions). The visual matches
    the pre-drop preview, so the user sees no change yet.
  - When handleDrop's promise resolves, navDataStore has been
    refetched synchronously inside the same microtask. We then clear
    visual state. Svelte's render flush sees both the new data AND
    the cleared shifts in one pass, so the cards land directly at
    their new positions with no intermediate frame.

DragGridOptions.onDrop is now `void | Promise<void>` to declare the
contract. Existing void consumers stay compatible — the cleanup runs
synchronously when no Promise is returned.
---
 web/src/lib/util/dragGrid.ts | 77 +++++++++++++++++++++++-------------
 1 file changed, 50 insertions(+), 27 deletions(-)

diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index dd19962..2aadce0 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -80,8 +80,14 @@ export interface DragGridOptions {
    * the folder panel when the user starts dragging a card out of it.
    */
   onHoverZoneChange?: (prev: string | null, next: string | null) => void;
-  /** Called on pointerup. Consumer commits the drop. */
-  onDrop?: (info: DragDropInfo) => void;
+  /** Called on pointerup. Consumer commits the drop. May be async; if it
+   *  returns a Promise, dragGrid keeps the visual drag state (`cellShifts`,
+   *  `data-dragging`, `mergeCandidate`) in place until the Promise resolves,
+   *  then clears it in the same microtask as the consumer's data refetch.
+   *  This avoids a "snap back to original positions, then snap to new
+   *  positions" flicker when the consumer is committing a server-side
+   *  reorder. */
+  onDrop?: (info: DragDropInfo) => void | Promise<void>;
 }
 
 const LIFT_THRESHOLD_PX = 5;
@@ -932,7 +938,6 @@ export function dragGrid(
       s.clone.remove();
       s.clone = null;
     }
-    delete s.sourceCell.dataset.dragging;
 
     try {
       s.sourceCell.releasePointerCapture(s.pointerId);
@@ -940,42 +945,60 @@ export function dragGrid(
       /* ignore */
     }
 
-    // Suppress the cell transform transition while we clear the
-    // shifts. Otherwise the snap-back from "shifted" to "0" animates
-    // for 220ms while handleDrop's reorder API + refetch land in
-    // parallel, producing a visible flicker as cells transition while
-    // their DOM positions also change. After two frames (data has
-    // settled) we restore the inline style so future drags animate
-    // again.
+    // Visual drag state (cellShifts, data-dragging, mergeCandidate,
+    // dragSource) is the union of "what the user sees mid-drag" and
+    // must stay coherent with the data the cards bind to. If we tear
+    // it down synchronously while the consumer is still committing a
+    // server-side reorder, the cells snap back to their pre-drag
+    // logical positions, then snap forward to the new positions when
+    // the refetch lands — a visible double flicker on the dropped
+    // card and its neighbors.
+    //
+    // Strategy: cleanupVisualState below clears all of it in one
+    // microtask. We run it either (a) immediately for a canceled drag
+    // / synchronous onDrop, or (b) after onDrop's Promise resolves —
+    // which by convention means the consumer has finished both the
+    // server roundtrip and the store refetch, so the next Svelte
+    // render flush will see new data AND cleared shifts in the same
+    // pass. No flicker.
     const cells =
       s.lifted && !canceled
         ? Array.from(node.querySelectorAll<HTMLElement>('[data-card-id]'))
         : [];
+    // While we wait, suppress transitions on the cells so the eventual
+    // shift-clear is an instant snap rather than a 220ms slide. With
+    // Strategy (b) the snap is invisible because data + shifts clear
+    // in lockstep.
     for (const cell of cells) cell.style.transition = 'none';
 
-    mergeCandidate.set(null);
-    dragSource.set(null);
-    // Reset both store and dedup tracker so the next drag session
-    // starts from a clean baseline.
-    cellShifts.set(new Map());
-    lastPublishedShifts = new Map();
+    const cleanupVisualState = () => {
+      delete s.sourceCell.dataset.dragging;
+      mergeCandidate.set(null);
+      dragSource.set(null);
+      cellShifts.set(new Map());
+      lastPublishedShifts = new Map();
+      if (cells.length) {
+        // Two rAF frames is empirically enough for the data render to
+        // flush before we restore transitions.
+        requestAnimationFrame(() => {
+          requestAnimationFrame(() => {
+            for (const cell of cells) cell.style.transition = '';
+          });
+        });
+      }
+    };
 
     if (s.lifted && !canceled) {
-      options.onDrop?.({
+      const result = options.onDrop?.({
         source: s.source,
         ...resolveFinalIntent(s)
       });
+      if (result && typeof (result as Promise<void>).then === 'function') {
+        (result as Promise<void>).then(cleanupVisualState, cleanupVisualState);
+        return;
+      }
     }
-
-    if (cells.length) {
-      // Two rAF frames is empirically enough for refetch + reactive
-      // re-render to land before transitions resume.
-      requestAnimationFrame(() => {
-        requestAnimationFrame(() => {
-          for (const cell of cells) cell.style.transition = '';
-        });
-      });
-    }
+    cleanupVisualState();
   }
 
   if (browser) {

From 7e2238e840b3569291245e53eb5d178c76b034f3 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 15:51:47 +0800
Subject: [PATCH 60/77] fix(launchpad): make the "+" affordance shift along
 with displaced cards
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When a real card was shifted past the last card during a reorder
preview, the "+ new item" affordance stayed put — the displaced card
visually overlapped the affordance instead of pushing it forward.

Fix: include the affordance container as a phantom slot in the
layout cache. It is marked with `data-add-cell`; buildLayoutCache
appends one slot per affordance to its zone with cardId =
ADD_CELL_CARD_ID (-1) and a kind of 'item'. computeShifts treats it
like any other slot, so a card landing at logicalIdx == affordance's
slot causes the affordance to translate to the next CSS-grid slot.

resolveDropIdx and resolveFinalIntent skip phantom slots — the
affordance is not a valid drop target. The page reads
cellShifts.get(ADD_CELL_CARD_ID) and applies the same translate
transform as Card.svelte does for real cards, with a matching 220ms
cubic-bezier transition so the motion is uniform.
---
 web/src/lib/util/dragGrid.ts | 38 +++++++++++++++++++++++++++++++++++-
 web/src/routes/+page.svelte  | 14 ++++++++++++-
 2 files changed, 50 insertions(+), 2 deletions(-)

diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index 2aadce0..1c8eba5 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -105,6 +105,14 @@ const MERGE_CANCEL_MOVE_PX = 8; // jitter tolerance during pre-arm
  *  keep CSS in sync. Card.svelte falls back to this value if the var
  *  is unset. */
 export const SHIFT_DURATION_MS = 220;
+/** Synthetic cardId for the "+ new item" affordance. Page templates
+ *  mark the affordance container with `data-add-cell` so dragGrid can
+ *  treat it as a phantom slot in the layout cache. The page renders
+ *  the affordance's transform from `cellShifts.get(ADD_CELL_CARD_ID)`,
+ *  the same way `Card.svelte` reads its own shift. This way when a
+ *  card is displaced into the affordance's slot, the affordance moves
+ *  along instead of being overlapped. */
+export const ADD_CELL_CARD_ID = -1;
 // SHIFT_EASE is exposed via CSS variable on Card.svelte; not needed here
 const HOVER_DWELL_MS = 500; // existing spring-load (unchanged)
 const EDGE_PAN_THRESHOLD_PX = 80;
@@ -282,6 +290,29 @@ export function buildLayoutCache(node: HTMLElement): LayoutCache {
       });
     }
   }
+  // Append the "+ new item" affordance(s) as phantom slots so cards
+  // displaced past the last real card push the affordance along
+  // instead of overlapping it. Real cards live in [data-card-id];
+  // affordances are marked with [data-add-cell].
+  const addCells = node.querySelectorAll<HTMLElement>('[data-add-cell]');
+  addCells.forEach((addCell) => {
+    const zoneEl = addCell.closest('[data-zone]') as HTMLElement | null;
+    if (!zoneEl || !node.contains(zoneEl)) return;
+    const zone = zoneEl.dataset.zone ?? 'root';
+    const slots = byZone.get(zone) ?? [];
+    const phantom: SlotRect = {
+      zone,
+      logicalIdx: slots.length,
+      cardId: ADD_CELL_CARD_ID,
+      kind: 'item',
+      rect: addCell.getBoundingClientRect()
+    };
+    slots.push(phantom);
+    byZone.set(zone, slots);
+    // Intentionally NOT added to byCardId: the affordance is not a
+    // valid drop target. resolveDropIdx / resolveFinalIntent skip
+    // synthetic slots when picking the cursor's anchor.
+  });
   // Per-zone cellAdvance for extrapolation.
   const cellAdvanceByZone = new Map<string, { dx: number; dy: number }>();
   for (const [zone, slots] of byZone) {
@@ -769,6 +800,9 @@ export function dragGrid(
     let nearestDist = Infinity;
     for (const slot of slots) {
       if (slot.cardId === session.source.id) continue;
+      // Phantom slots (e.g. the "+" affordance) participate in the
+      // shift math but aren't valid drop anchors — pick a real card.
+      if (slot.cardId === ADD_CELL_CARD_ID) continue;
       const cx = slot.rect.left + slot.rect.width / 2;
       const cy = slot.rect.top + slot.rect.height / 2;
       const d = Math.hypot(cursorX - cx, cursorY - cy);
@@ -778,7 +812,7 @@ export function dragGrid(
       }
     }
     if (!nearest) {
-      // Empty zone (or only source in it) → drop at index 0.
+      // Empty zone (or only source/phantom in it) → drop at index 0.
       return 0;
     }
     const isLeft = cursorOnLeftHalfOf(nearest.rect, cursorX);
@@ -897,6 +931,8 @@ export function dragGrid(
       let nearestDist = Infinity;
       for (const slot of slots) {
         if (slot.cardId === s.source.id) continue;
+        // Phantom slots ("+" affordance) aren't drop targets.
+        if (slot.cardId === ADD_CELL_CARD_ID) continue;
         const cx = slot.rect.left + slot.rect.width / 2;
         const cy = slot.rect.top + slot.rect.height / 2;
         const d = Math.hypot(s.cursorX - cx, s.cursorY - cy);
diff --git a/web/src/routes/+page.svelte b/web/src/routes/+page.svelte
index 93d128e..6f06739 100644
--- a/web/src/routes/+page.svelte
+++ b/web/src/routes/+page.svelte
@@ -27,10 +27,12 @@
   import type { Card as CardType } from '$lib/types/card';
   import {
     dragGrid,
+    ADD_CELL_CARD_ID,
     type DragDropInfo,
     type DropIntent,
     type EdgePanDirection
   } from '$lib/util/dragGrid';
+  import { cellShifts } from '$lib/stores/dragMerge';
   import { chunk } from '$lib/util/paginate';
 
   function describeError(e: unknown): string {
@@ -478,7 +480,14 @@
                   />
                 {/each}
                 {#if pageIdx === pages.length - 1 && $sessionStore.authed && ($jiggleMode || $rootCards.length === 0)}
-                  <div class="add-cell">
+                  {@const addShift = $cellShifts.get(ADD_CELL_CARD_ID) ?? { dx: 0, dy: 0 }}
+                  <div
+                    class="add-cell"
+                    data-add-cell
+                    style:transform={addShift.dx === 0 && addShift.dy === 0
+                      ? null
+                      : `translate(${addShift.dx}px, ${addShift.dy}px)`}
+                  >
                     <NewItemAffordance onClick={() => openCreate(null)} />
                   </div>
                   {#if $rootCards.length === 0}
@@ -570,6 +579,9 @@
     display: flex;
     justify-content: center;
     align-items: flex-start;
+    /* Match Card.svelte's reorder shift transition so the affordance
+     * animates in lockstep when a displaced card pushes it. */
+    transition: transform 220ms cubic-bezier(0.4, 0, 0.2, 1);
   }
   /* Hint shown only when the grid is empty; spans the whole grid row so
    * the placeholder card sits centered above its caption. */

From f8dbfc650a60c5a00bf4cf9077d409bc0d6baaa9 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 16:12:37 +0800
Subject: [PATCH 61/77] fix(launchpad): hide "+" affordance during active drag
 instead of shifting it
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previous attempt (commit 7e2238e) treated the affordance as a phantom
slot in the layout cache and let computeShifts translate it. That
worked for in-row shifts but failed at row boundaries: cellAdvance
extrapolates by one column horizontally, which pushes the affordance
past the grid's last track in CSS auto-fill grids. With
`justify-content: center` on .grid the result was an off-grid
position clipped at the viewport's right edge — exactly the
half-visible affordance the user reported.

Drop the phantom-slot approach. The affordance is purely a UI
shortcut (it isn't a drop target and the user can't click it
mid-drag), so the simplest correct behavior is to hide it visually
for the duration of the drag and let the natural CSS-grid auto-flow
handle its position both during (invisible) and after (re-shown at
the end of the new card list).

`visibility: hidden` (not `display: none`) preserves the affordance's
CSS-grid slot so the layout cache rect stays consistent with what
the user lifted on. The CSS rule is gated on
`.canvas:has([data-card-id][data-dragging='true'])` so it only
applies during an active lift. Removes the now-unused
ADD_CELL_CARD_ID export and the phantom-slot logic in
buildLayoutCache, resolveDropIdx, and resolveFinalIntent.
---
 web/src/lib/util/dragGrid.ts | 44 ++++++------------------------------
 web/src/routes/+page.svelte  | 24 +++++++++-----------
 2 files changed, 18 insertions(+), 50 deletions(-)

diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index 1c8eba5..3ceac47 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -105,14 +105,6 @@ const MERGE_CANCEL_MOVE_PX = 8; // jitter tolerance during pre-arm
  *  keep CSS in sync. Card.svelte falls back to this value if the var
  *  is unset. */
 export const SHIFT_DURATION_MS = 220;
-/** Synthetic cardId for the "+ new item" affordance. Page templates
- *  mark the affordance container with `data-add-cell` so dragGrid can
- *  treat it as a phantom slot in the layout cache. The page renders
- *  the affordance's transform from `cellShifts.get(ADD_CELL_CARD_ID)`,
- *  the same way `Card.svelte` reads its own shift. This way when a
- *  card is displaced into the affordance's slot, the affordance moves
- *  along instead of being overlapped. */
-export const ADD_CELL_CARD_ID = -1;
 // SHIFT_EASE is exposed via CSS variable on Card.svelte; not needed here
 const HOVER_DWELL_MS = 500; // existing spring-load (unchanged)
 const EDGE_PAN_THRESHOLD_PX = 80;
@@ -290,29 +282,12 @@ export function buildLayoutCache(node: HTMLElement): LayoutCache {
       });
     }
   }
-  // Append the "+ new item" affordance(s) as phantom slots so cards
-  // displaced past the last real card push the affordance along
-  // instead of overlapping it. Real cards live in [data-card-id];
-  // affordances are marked with [data-add-cell].
-  const addCells = node.querySelectorAll<HTMLElement>('[data-add-cell]');
-  addCells.forEach((addCell) => {
-    const zoneEl = addCell.closest('[data-zone]') as HTMLElement | null;
-    if (!zoneEl || !node.contains(zoneEl)) return;
-    const zone = zoneEl.dataset.zone ?? 'root';
-    const slots = byZone.get(zone) ?? [];
-    const phantom: SlotRect = {
-      zone,
-      logicalIdx: slots.length,
-      cardId: ADD_CELL_CARD_ID,
-      kind: 'item',
-      rect: addCell.getBoundingClientRect()
-    };
-    slots.push(phantom);
-    byZone.set(zone, slots);
-    // Intentionally NOT added to byCardId: the affordance is not a
-    // valid drop target. resolveDropIdx / resolveFinalIntent skip
-    // synthetic slots when picking the cursor's anchor.
-  });
+  // The "+ new item" affordance is hidden visually during an active
+  // drag (via CSS rule on .canvas:has([data-card-id][data-dragging])
+  // .add-cell { visibility: hidden }), so it doesn't need to be in
+  // the layout cache. Keeping it out also avoids the bookkeeping
+  // around phantom-slot extrapolation, which couldn't reliably wrap
+  // to the next row in CSS auto-fill grids.
   // Per-zone cellAdvance for extrapolation.
   const cellAdvanceByZone = new Map<string, { dx: number; dy: number }>();
   for (const [zone, slots] of byZone) {
@@ -800,9 +775,6 @@ export function dragGrid(
     let nearestDist = Infinity;
     for (const slot of slots) {
       if (slot.cardId === session.source.id) continue;
-      // Phantom slots (e.g. the "+" affordance) participate in the
-      // shift math but aren't valid drop anchors — pick a real card.
-      if (slot.cardId === ADD_CELL_CARD_ID) continue;
       const cx = slot.rect.left + slot.rect.width / 2;
       const cy = slot.rect.top + slot.rect.height / 2;
       const d = Math.hypot(cursorX - cx, cursorY - cy);
@@ -812,7 +784,7 @@ export function dragGrid(
       }
     }
     if (!nearest) {
-      // Empty zone (or only source/phantom in it) → drop at index 0.
+      // Empty zone (or only source in it) → drop at index 0.
       return 0;
     }
     const isLeft = cursorOnLeftHalfOf(nearest.rect, cursorX);
@@ -931,8 +903,6 @@ export function dragGrid(
       let nearestDist = Infinity;
       for (const slot of slots) {
         if (slot.cardId === s.source.id) continue;
-        // Phantom slots ("+" affordance) aren't drop targets.
-        if (slot.cardId === ADD_CELL_CARD_ID) continue;
         const cx = slot.rect.left + slot.rect.width / 2;
         const cy = slot.rect.top + slot.rect.height / 2;
         const d = Math.hypot(s.cursorX - cx, s.cursorY - cy);
diff --git a/web/src/routes/+page.svelte b/web/src/routes/+page.svelte
index 6f06739..47293cf 100644
--- a/web/src/routes/+page.svelte
+++ b/web/src/routes/+page.svelte
@@ -27,12 +27,10 @@
   import type { Card as CardType } from '$lib/types/card';
   import {
     dragGrid,
-    ADD_CELL_CARD_ID,
     type DragDropInfo,
     type DropIntent,
     type EdgePanDirection
   } from '$lib/util/dragGrid';
-  import { cellShifts } from '$lib/stores/dragMerge';
   import { chunk } from '$lib/util/paginate';
 
   function describeError(e: unknown): string {
@@ -480,14 +478,7 @@
                   />
                 {/each}
                 {#if pageIdx === pages.length - 1 && $sessionStore.authed && ($jiggleMode || $rootCards.length === 0)}
-                  {@const addShift = $cellShifts.get(ADD_CELL_CARD_ID) ?? { dx: 0, dy: 0 }}
-                  <div
-                    class="add-cell"
-                    data-add-cell
-                    style:transform={addShift.dx === 0 && addShift.dy === 0
-                      ? null
-                      : `translate(${addShift.dx}px, ${addShift.dy}px)`}
-                  >
+                  <div class="add-cell" data-add-cell>
                     <NewItemAffordance onClick={() => openCreate(null)} />
                   </div>
                   {#if $rootCards.length === 0}
@@ -579,9 +570,16 @@
     display: flex;
     justify-content: center;
     align-items: flex-start;
-    /* Match Card.svelte's reorder shift transition so the affordance
-     * animates in lockstep when a displaced card pushes it. */
-    transition: transform 220ms cubic-bezier(0.4, 0, 0.2, 1);
+  }
+  /* Hide the "+ new item" affordance while a drag is in flight. Real
+   * cards may need to shift into the slot the affordance was rendered
+   * in (e.g. when reordering pushes the last card down a row); leaving
+   * the affordance visible would either overlap a shifted card or
+   * leave the affordance half-clipped at the row's edge. visibility
+   * (not display:none) preserves its CSS-grid slot, so layout cache
+   * rects stay consistent across the lift. */
+  :global(.canvas:has([data-card-id][data-dragging='true'])) .add-cell {
+    visibility: hidden;
   }
   /* Hint shown only when the grid is empty; spans the whole grid row so
    * the placeholder card sits centered above its caption. */

From 65ad1aa78d7cc32b88e715e03900a739458de1f4 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 18:34:30 +0800
Subject: [PATCH 62/77] fix(launchpad): switch drag-active gating from :has()
 to store-backed class
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

InlineFolderExpand unmounts when the cursor leaves its zone (handled
by onHoverZoneChange in +page.svelte). The unmount detaches the source
cell carrying [data-dragging='true'] from the DOM, so the
:has([data-card-id][data-dragging='true']) descendant selector loses
its match — silently disengaging the .add-cell visibility-hidden,
.pager scroll-snap-type:none, and .canvas touch-action:none rules
mid-drag.

Bind .canvas's drag-active class to \$dragSource (set on lift, cleared
on drag end by dragGrid) so the gate is anchored on a stable store
signal that outlives any descendant unmount. The four \$global :has(...)
selectors collapse into the equivalent .canvas.drag-active local rules.
---
 web/src/routes/+page.svelte | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/web/src/routes/+page.svelte b/web/src/routes/+page.svelte
index 47293cf..7adff68 100644
--- a/web/src/routes/+page.svelte
+++ b/web/src/routes/+page.svelte
@@ -31,6 +31,7 @@
     type DropIntent,
     type EdgePanDirection
   } from '$lib/util/dragGrid';
+  import { dragSource } from '$lib/stores/dragMerge';
   import { chunk } from '$lib/util/paginate';
 
   function describeError(e: unknown): string {
@@ -440,6 +441,7 @@
        are owned by one session and dispatched via one handleDrop. -->
   <div
     class="canvas"
+    class:drag-active={$dragSource !== null}
     use:dragGridAction={{
       enabled: $jiggleMode && $sessionStore.authed,
       onSpringLoad,
@@ -554,8 +556,16 @@
    * overflow-x stays auto so programmatic scrollTo() (driven by the
    * edge-pan dwell in dragGrid) can still turn pages. The pointer
    * itself is captured by dragGrid, so the user can't accidentally
-   * scroll the pager with wheel/touch during the drag. */
-  :global(.canvas:has([data-card-id][data-dragging='true'])) .pager {
+   * scroll the pager with wheel/touch during the drag.
+   *
+   * Driven by the .drag-active class (bound to $dragSource) instead of
+   * a `:has([data-dragging])` descendant test. When a folder card is
+   * dragged out and the cursor leaves the folder zone,
+   * onHoverZoneChange unmounts InlineFolderExpand — which detaches the
+   * source cell carrying [data-dragging] from the DOM. A descendant
+   * `:has()` would lose its match and these rules would silently
+   * disengage mid-drag. The store-backed class outlives the unmount. */
+  .canvas.drag-active .pager {
     scroll-snap-type: none;
   }
   .grid {
@@ -577,8 +587,10 @@
    * the affordance visible would either overlap a shifted card or
    * leave the affordance half-clipped at the row's edge. visibility
    * (not display:none) preserves its CSS-grid slot, so layout cache
-   * rects stay consistent across the lift. */
-  :global(.canvas:has([data-card-id][data-dragging='true'])) .add-cell {
+   * rects stay consistent across the lift. See the .drag-active note
+   * on the .pager rule above for why this is class-driven, not :has()-
+   * driven. */
+  .canvas.drag-active .add-cell {
     visibility: hidden;
   }
   /* Hint shown only when the grid is empty; spans the whole grid row so
@@ -609,7 +621,7 @@
   }
   /* Lock touch scroll on the grid while jiggle mode is active so a
    * drag gesture doesn't double as a page scroll. */
-  :global(.canvas:has([data-card-id][data-dragging='true'])) {
+  .canvas.drag-active {
     touch-action: none;
   }
 </style>

From e6f5fa5a7a90ced1b362b1a6bb70bf2f8dbd9fc7 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Tue, 26 May 2026 18:35:04 +0800
Subject: [PATCH 63/77] =?UTF-8?q?fix(launchpad):=20unblock=20folder-source?=
 =?UTF-8?q?=20drag=20=E2=80=94=205=20UX=20fixes?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

1. Spring-load drops the source.zone === 'root' restriction. Dragging
   a child card from one open folder to another folder card in root
   now opens the destination on dwell, same as root → folder. The
   pre-existing comment said "spring-load only when src came from
   root"; with the source's panel covering root via fixed-position
   z-index 80+, elementsFromPoint can't accidentally hit a root
   folder card behind it anyway, so the gate was over-restrictive.

2. Merge halo gates on target.zone === 'root' (in addition to the
   pre-existing kind / source.kind checks). Inside an open folder
   panel a "merge" cursor is ambiguous — no nested folders, every
   child already lives in a folder — and +page.svelte's drop
   handler coerces merge → before/after there. Mirroring that here
   stops the blue ring from lying about what release will do.

3. mergeCollapse's setShifts(new Map()) replaced with
   computeSourceGapClose(session). The source cell stays in its
   CSS-grid slot at opacity:0 (so layoutCache rects stay stable),
   and clearing every shift exposed that hidden slot as a 6×-wide
   visible gap between visible siblings. The new helper shifts
   every same-zone slot whose logicalIdx > source's by one position
   back, mirroring the close-gap arm of the cross-zone branch in
   computeShifts but without opening any insertion gap.

4. Source dimensions cached at lift (sourceLiftWidth/Height on the
   session) and used by computeHover instead of
   layoutCache.byCardId.get(source.id)?.rect. After spring-load
   triggers rebuildLayoutCache, the source's folder panel has
   already been unmounted by onHoverZoneChange so the rebuilt
   cache has no entry for source.id; the old fallback gave 0×0
   draggedW/H, classifyIntent's overlap area never reached
   MERGE_OVERLAP_FRACTION, isMergeFolder/isMergeItem never tripped,
   and a release on a folder card silently reordered next to it
   (branch 2 in handleDrop) instead of reparenting (branch 1).

5. Cross-zone target extrapolation in computeShifts now reads CSS-
   grid colCount + rowGap to wrap to row N+1 col 0 when newIdx
   crosses a column boundary. Previously cellAdvance gave a single
   horizontal step, so dropping into a folder whose last visible
   row was already full pushed the trailing card off-grid right and
   the browser scrolled the container horizontally until release.
   buildLayoutCache resolves geometry per zone via
   getComputedStyle(gridEl).gridTemplateColumns (auto-fill resolves
   to an explicit "120px 120px ..." list) and stores it on
   LayoutCache.gridGeometryByZone. ComputeShifts gains an optional
   gridGeometryByZone input so existing single-row unit tests
   continue to exercise the legacy col-step path.
---
 web/src/lib/util/dragGrid.ts | 229 +++++++++++++++++++++++++++++++----
 1 file changed, 206 insertions(+), 23 deletions(-)

diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index 3ceac47..85fc9de 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -122,6 +122,22 @@ export interface SlotRect {
   rect: DOMRect;
 }
 
+/** Resolved CSS-grid geometry for a single zone. Used by computeShifts'
+ *  cross-zone target extrapolation so the last real card wraps to row
+ *  N+1 col 0 instead of being pushed off-grid to the right when its
+ *  newIdx would land on a new row. Without this, a folder with one
+ *  full row at lift time gets a horizontal scrollbar mid-drag — the
+ *  shifted card extrapolates by one column-step horizontally and
+ *  ends up past the grid's last track. */
+export interface GridGeometry {
+  /** Number of columns the grid actually creates at lift time. Read
+   *  from `getComputedStyle(grid).gridTemplateColumns` which resolves
+   *  `repeat(auto-fill, 120px)` to an explicit space-separated list. */
+  colCount: number;
+  /** row-gap in px (parsed from CSS `gap`). */
+  rowGap: number;
+}
+
 export interface ComputeShiftsInput {
   sourceZone: string;
   sourceCardId: number;
@@ -131,6 +147,11 @@ export interface ComputeShiftsInput {
   dropIdx: number;
   /** Maps zone name to its full snapshot, sorted by logicalIdx. */
   buckets: Record<string, SlotRect[]>;
+  /** Optional resolved grid geometry per zone. When present, the
+   *  cross-zone target extrapolation wraps to the next row instead
+   *  of stepping horizontally past the last column. Tests omit this
+   *  and fall back to the legacy single-row col-step behaviour. */
+  gridGeometryByZone?: Record<string, GridGeometry>;
   /** When true (merge armed/ready or folder target), all shifts collapse. */
   mergeCollapse: boolean;
 }
@@ -188,11 +209,13 @@ export function computeShifts(input: ComputeShiftsInput): Map<number, { dx: numb
   }
 
   const tgtBucket = buckets[targetZone] ?? [];
+  const tgtGeo = input.gridGeometryByZone?.[targetZone];
   for (const slot of tgtBucket) {
     const i = slot.logicalIdx;
     if (i < dropIdx) continue;
     const newIdx = i + 1;
-    // newIdx may be == bucket.length (extrapolated). Use cellAdvance.
+    // newIdx may be == bucket.length (extrapolated past the last real
+    // slot). With grid geometry we can wrap correctly to the next row.
     const targetSlot = tgtBucket.find((s) => s.logicalIdx === newIdx);
     let dx: number;
     let dy: number;
@@ -200,17 +223,64 @@ export function computeShifts(input: ComputeShiftsInput): Map<number, { dx: numb
       dx = targetSlot.rect.left - slot.rect.left;
       dy = targetSlot.rect.top - slot.rect.top;
     } else {
-      // Extrapolate using the per-step advance from this bucket.
-      const adv = cellAdvance(tgtBucket);
-      if (!adv) continue;
-      dx = adv.dx;
-      dy = adv.dy;
+      const targetPos = extrapolateSlotPosition(tgtBucket, newIdx, tgtGeo);
+      if (!targetPos) continue;
+      dx = targetPos.left - slot.rect.left;
+      dy = targetPos.top - slot.rect.top;
     }
     result.set(slot.cardId, { dx, dy });
   }
   return result;
 }
 
+/** Predicts the (left, top) of a virtual slot at `newIdx` past the last
+ *  real slot in `bucket`. Geometry-aware when `geo` is provided: wraps
+ *  to row N+1 col 0 when newIdx crosses a column boundary, which is the
+ *  CSS-grid behaviour at drop time. Without geometry, falls back to a
+ *  single per-step advance from the last real slot — correct for one
+ *  step within the current row, off-grid past it. */
+function extrapolateSlotPosition(
+  bucket: SlotRect[],
+  newIdx: number,
+  geo: GridGeometry | undefined
+): { left: number; top: number } | null {
+  if (bucket.length === 0) return null;
+  const slot0 = bucket.find((s) => s.logicalIdx === 0);
+  if (!slot0) return null;
+
+  if (geo && geo.colCount > 0) {
+    const slot1 = bucket.find((s) => s.logicalIdx === 1);
+    const colAdvance = slot1 ? slot1.rect.left - slot0.rect.left : slot0.rect.width;
+    // Prefer measuring the row step from an existing 2nd-row slot;
+    // when the bucket is single-row, fall back to (cardHeight + rowGap).
+    let rowAdvance = 0;
+    for (const s of bucket) {
+      if (Math.floor(s.logicalIdx / geo.colCount) === 1) {
+        rowAdvance = s.rect.top - slot0.rect.top;
+        break;
+      }
+    }
+    if (rowAdvance === 0) rowAdvance = slot0.rect.height + geo.rowGap;
+
+    const col = newIdx % geo.colCount;
+    const row = Math.floor(newIdx / geo.colCount);
+    return {
+      left: slot0.rect.left + col * colAdvance,
+      top: slot0.rect.top + row * rowAdvance
+    };
+  }
+
+  // Legacy single-row extrapolation.
+  const adv = cellAdvance(bucket);
+  if (!adv) return null;
+  const lastReal = bucket.reduce((max, s) => (s.logicalIdx > max.logicalIdx ? s : max), bucket[0]);
+  const steps = newIdx - lastReal.logicalIdx;
+  return {
+    left: lastReal.rect.left + adv.dx * steps,
+    top: lastReal.rect.top + adv.dy * steps
+  };
+}
+
 /** Per-step displacement vector between consecutive slot rects in a zone. */
 export function cellAdvance(bucket: SlotRect[]): { dx: number; dy: number } | null {
   if (bucket.length < 2) return null;
@@ -237,6 +307,10 @@ export interface LayoutCache {
    *  Built once at lift / cache rebuild so the per-rAF publishShifts
    *  doesn't reallocate. */
   bucketsRecord: Record<string, SlotRect[]>;
+  /** Resolved CSS-grid geometry per zone. Drives wrap-aware extrapolation
+   *  in computeShifts. Absent for zones whose grid container can't be
+   *  resolved (defensive — callers fall back to legacy col-step). */
+  gridGeometryByZone: Record<string, GridGeometry>;
 }
 
 /**
@@ -256,6 +330,15 @@ export function buildLayoutCache(node: HTMLElement): LayoutCache {
     if (!meta) return; // skip add-tile sentinel and malformed
     collected.push({ cell, meta, rect: cell.getBoundingClientRect() });
   });
+  // Track one grid-container element per zone (the cell's parent in
+  // both root and folder templates is the [data-zone] grid div) so we
+  // can read CSS-resolved column count and row gap.
+  const gridByZone = new Map<string, HTMLElement>();
+  for (const { cell, meta } of collected) {
+    if (gridByZone.has(meta.zone)) continue;
+    const parent = cell.parentElement;
+    if (parent instanceof HTMLElement) gridByZone.set(meta.zone, parent);
+  }
   // Group by zone, sort by document order (which mirrors logicalIdx
   // because the grid renders in sortOrder).
   const byZoneRaw = new Map<string, Array<{ meta: CardMeta; rect: DOMRect }>>();
@@ -298,7 +381,22 @@ export function buildLayoutCache(node: HTMLElement): LayoutCache {
   // every rAF tick by publishShifts.
   const bucketsRecord: Record<string, SlotRect[]> = {};
   for (const [zone, slots] of byZone) bucketsRecord[zone] = slots;
-  return { byZone, byCardId, cellAdvanceByZone, bucketsRecord };
+  // Read CSS-grid geometry per zone for wrap-aware extrapolation.
+  const gridGeometryByZone: Record<string, GridGeometry> = {};
+  for (const [zone, gridEl] of gridByZone) {
+    const cs = getComputedStyle(gridEl);
+    // gridTemplateColumns resolves repeat(auto-fill, 120px) to an
+    // explicit list like "120px 120px 120px 120px" — count entries.
+    const cols = cs.gridTemplateColumns
+      .split(' ')
+      .map((s) => s.trim())
+      .filter(Boolean);
+    const colCount = cols.length;
+    if (colCount <= 0) continue;
+    const rowGap = parseFloat(cs.rowGap) || 0;
+    gridGeometryByZone[zone] = { colCount, rowGap };
+  }
+  return { byZone, byCardId, cellAdvanceByZone, bucketsRecord, gridGeometryByZone };
 }
 
 /**
@@ -322,6 +420,19 @@ interface DragSession {
   cloneOffsetX: number;
   cloneOffsetY: number;
   rafToken: number | null;
+  /** Source cell's physical dimensions captured at lift. Card width
+   *  and height don't change mid-drag (responsive breakpoints don't
+   *  shift while pointer is held), so we cache once and reuse for
+   *  classifyIntent's overlap math. Reading these from layoutCache is
+   *  unsafe: rebuildLayoutCache after spring-load runs while the
+   *  source's folder panel has been unmounted by onHoverZoneChange,
+   *  so the rebuilt cache has no entry for source.id. With that
+   *  fallback giving 0×0 dims, classifyIntent's overlapArea falls to
+   *  zero and never returns 'merge', so isMergeFolder/isMergeItem
+   *  never trip — meaning a release on a folder card after spring-
+   *  load reorders next to the folder instead of reparenting into it. */
+  sourceLiftWidth: number;
+  sourceLiftHeight: number;
   // Existing spring-load timer (folder panel auto-open).
   dwellTimer: ReturnType<typeof setTimeout> | null;
   dwellTargetId: number | null;
@@ -460,6 +571,8 @@ export function dragGrid(
       clone: null,
       cloneOffsetX: 0,
       cloneOffsetY: 0,
+      sourceLiftWidth: 0,
+      sourceLiftHeight: 0,
       rafToken: null,
       dwellTimer: null,
       dwellTargetId: null,
@@ -549,6 +662,8 @@ export function dragGrid(
     const r = session.sourceCell.getBoundingClientRect();
     session.cloneOffsetX = e.clientX - r.left;
     session.cloneOffsetY = e.clientY - r.top;
+    session.sourceLiftWidth = r.width;
+    session.sourceLiftHeight = r.height;
 
     const clone = session.sourceCell.cloneNode(true) as HTMLElement;
     clone.removeAttribute('data-card-id');
@@ -588,16 +703,19 @@ export function dragGrid(
   function computeHover(s: DragSession): DragHoverInfo {
     const { cursorX, cursorY, source } = s;
     // The dragged card's current screen rect — needed for overlap-based
-    // merge classification. Falls back to the source cell's lifted rect
-    // when the layoutCache snapshot is missing.
-    const sourceRect = s.layoutCache?.byCardId.get(source.id)?.rect;
-    const draggedW = sourceRect?.width ?? 0;
-    const draggedH = sourceRect?.height ?? 0;
+    // merge classification. Width/height come from the lift-time snapshot
+    // (s.sourceLiftWidth/Height), not from layoutCache: after spring-
+    // load rebuilds the cache, the source's folder panel has already
+    // been unmounted by onHoverZoneChange, so byCardId.get(source.id)
+    // returns undefined. Card dimensions don't change mid-drag anyway,
+    // so the lift-time values are the right reference for the entire
+    // session. Position still comes from cursor + cloneOffset because
+    // the dragged clone follows the cursor.
     const draggedRect = new DOMRect(
       cursorX - s.cloneOffsetX,
       cursorY - s.cloneOffsetY,
-      draggedW,
-      draggedH
+      s.sourceLiftWidth,
+      s.sourceLiftHeight
     );
     const stack = document.elementsFromPoint(cursorX, cursorY);
     let hoverZone: string | null = null;
@@ -643,17 +761,28 @@ export function dragGrid(
     // Folders can't be nested inside other cards (folder source can
     // only ever be reordered), so we only arm merge candidates when
     // the source is an item.
+    //
+    // Both also gate on target.zone === 'root'. Inside an open folder
+    // panel a "merge" cursor is ambiguous (you can't nest folders, and
+    // every child is already in a folder), so the drop handler in
+    // +page.svelte coerces merge→before/after there. We mirror that
+    // here so the halo never lights up on a target the drop won't
+    // honour — otherwise the user sees a blue ring promising auto-
+    // folder while a release silently reorders instead.
     const sourceIsItem = session.source.kind === 'item';
+    const targetInRoot = next.target?.zone === 'root';
     const isMergeItem =
       sourceIsItem &&
       next.intent === 'merge' &&
       next.target?.kind === 'item' &&
-      next.target.id != null;
+      next.target.id != null &&
+      targetInRoot;
     const isMergeFolder =
       sourceIsItem &&
       next.intent === 'merge' &&
       next.target?.kind === 'folder' &&
-      next.target.id != null;
+      next.target.id != null &&
+      targetInRoot;
 
     if (!isMergeItem && !isMergeFolder) {
       if (session.mergeArmTargetId != null) cancelMergeArm();
@@ -675,15 +804,23 @@ export function dragGrid(
       }
     }
 
-    // --- Spring-load (folder panel auto-open) — unchanged behavior ---
-    // Restrict to: source.kind === 'item' AND source.zone === 'root' AND
-    // target.kind === 'folder'. Same conditions as before.
+    // --- Spring-load (folder panel auto-open) ---
+    // Fires when an item-card source dwells on a folder-kind target. We
+    // intentionally do NOT restrict by source.zone: dragging a child
+    // card from one folder to another folder in root needs the second
+    // folder to spring open the same way root→folder does. When the
+    // source folder's panel is still mounted, the cursor is physically
+    // inside the panel (fixed-position, z-index 80+) and
+    // elementsFromPoint never resolves to a root folder card behind it,
+    // so spring-load can't accidentally fire on the wrong target. Once
+    // the cursor crosses out, onHoverZoneChange unmounts that panel,
+    // root becomes hit-testable, and dwell on the new folder card
+    // re-opens correctly.
     const isSpringTarget =
       next.intent === 'merge' &&
       next.target?.kind === 'folder' &&
       next.target.id != null &&
-      session.source.kind === 'item' &&
-      session.source.zone === 'root';
+      session.source.kind === 'item';
     const sameTarget = prev.target?.id === next.target?.id && prev.intent === next.intent;
     if (!sameTarget) cancelDwell();
     if (isSpringTarget && session.dwellTargetId !== next.target!.id) {
@@ -718,12 +855,31 @@ export function dragGrid(
     const lc = session.layoutCache;
     const target = next.target;
     // Determine whether merge gate is active (collapse all shifts).
+    // Three cases collapse:
+    //   1. Folder targets — releasing here is always merge-into-folder.
+    //   2. Root item targets after the dwell timer has fired (mergeArmFired
+    //      ⇒ release will auto-folder).
+    //   3. Item targets inside an open folder panel — the drop handler
+    //      coerces merge→before there (no nested folders), so previewing
+    //      a moving stack while the cursor sits in the centre would just
+    //      twitch between left- and right-half snap predictions and end
+    //      with the user seeing a different layout than they aimed at.
+    //      Collapsing matches the OLD pre-halo-gate behaviour minus the
+    //      blue ring (which is suppressed in applyHover for the same
+    //      target.zone reason).
     const mergeCollapse =
       target != null &&
       next.intent === 'merge' &&
-      (target.kind === 'folder' || session.mergeArmFired);
+      (target.kind === 'folder' || session.mergeArmFired || target.zone !== 'root');
     if (mergeCollapse) {
-      setShifts(new Map());
+      // Don't open an insertion gap, but DO close the source's own
+      // gap so its hidden slot doesn't show as a visible empty space
+      // between siblings (the source cell stays opacity:0 in its CSS-
+      // grid slot to keep the layout cache rect stable, so without
+      // this shift you'd see e.g. row-2 PRC and yellow-folder spaced
+      // 6× wider than the column gap because source sits between
+      // them invisibly).
+      setShifts(computeSourceGapClose(session));
       return;
     }
 
@@ -752,11 +908,38 @@ export function dragGrid(
         targetZone,
         dropIdx,
         buckets: lc.bucketsRecord,
+        gridGeometryByZone: lc.gridGeometryByZone,
         mergeCollapse: false
       })
     );
   }
 
+  /** Shifts every non-source slot in the source's own zone whose
+   *  logicalIdx is greater than the source's by one slot earlier, so
+   *  the source's hidden CSS-grid slot doesn't appear as a visible
+   *  gap when shifts are otherwise suppressed (mergeCollapse path).
+   *  Same math as computeShifts' cross-zone source-zone close-gap loop,
+   *  isolated for callers that want close-only without insertion. */
+  function computeSourceGapClose(s: DragSession): Map<number, { dx: number; dy: number }> {
+    const result = new Map<number, { dx: number; dy: number }>();
+    if (!s.layoutCache) return result;
+    if (s.sourceLogicalIdx < 0) return result;
+    const srcBucket = s.layoutCache.byZone.get(s.source.zone) ?? [];
+    for (const slot of srcBucket) {
+      if (slot.cardId === s.source.id) continue;
+      const i = slot.logicalIdx;
+      if (i <= s.sourceLogicalIdx) continue;
+      const newIdx = i - 1;
+      const targetSlot = srcBucket.find((sl) => sl.logicalIdx === newIdx);
+      if (!targetSlot) continue;
+      result.set(slot.cardId, {
+        dx: targetSlot.rect.left - slot.rect.left,
+        dy: targetSlot.rect.top - slot.rect.top
+      });
+    }
+    return result;
+  }
+
   // Returns the post-removal drop idx in `zone` for a cursor at
   // (cursorX, cursorY), or null when the zone is empty / has only the
   // source itself.

From 82cdbefbf7c093f0fcbcdebc588bb4d8b0dc820c Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 27 May 2026 14:28:49 +0800
Subject: [PATCH 64/77] fix(launchpad): anchor folder panel + guard JiggleHost
 click

InlineFolderExpand previously centred .wrap with top:50% +
translate(-50%,-50%); for sparse folders that left a large empty
band above the title and made the panel float low on the viewport.
Switch to top:120px + translateX(-50%) so few-card folders show up
near the top, full folders still fill downward up to the
calc(100vh - 120px - sp-7) max-height clamp.

JiggleHost.host's background-click handler exited jiggle mode when
e.target === e.currentTarget. The browser dispatches click on the
*common ancestor* of mousedown- and mouseup-targets, so drag-
selecting a card label and releasing between cards triggered the
handler with target === currentTarget and exited jiggle mid-
gesture. Track the pointerdown origin and only exit when the press
also began on .host.
---
 .../components/Nav/InlineFolderExpand.svelte  | 19 ++++++++++-----
 web/src/lib/components/Nav/JiggleHost.svelte  | 23 ++++++++++++++++---
 2 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/web/src/lib/components/Nav/InlineFolderExpand.svelte b/web/src/lib/components/Nav/InlineFolderExpand.svelte
index 994a545..0128298 100644
--- a/web/src/lib/components/Nav/InlineFolderExpand.svelte
+++ b/web/src/lib/components/Nav/InlineFolderExpand.svelte
@@ -149,18 +149,25 @@
   }
   /* The wrapper is the fixed-position container so the entry animation
    * lives on it; .expand inside is the actual card. .title sits above
-   * .expand as a floating label, matching macOS Launchpad. */
+   * .expand as a floating label, matching macOS Launchpad.
+   *
+   * Anchored at a fixed top offset (not vertically centered): with few
+   * children the panel previously floated awkwardly at viewport mid-
+   * height, leaving a large empty band above the title. A fixed top
+   * keeps the title at a stable position regardless of how many cards
+   * the folder holds, and the .expand max-height clamp lets long
+   * folders scroll inside the panel. */
   .wrap {
     position: fixed;
-    top: 50%;
+    top: 120px;
     left: 50%;
-    transform: translate(-50%, -50%);
+    transform: translateX(-50%);
     z-index: 81;
     display: flex;
     flex-direction: column;
     align-items: center;
     gap: var(--sp-5);
-    max-height: calc(100vh - 96px);
+    max-height: calc(100vh - 120px - var(--sp-7));
     width: min(90vw, 720px);
     animation: wrap-in 0.22s cubic-bezier(0.2, 0.8, 0.2, 1);
   }
@@ -233,11 +240,11 @@
   @keyframes wrap-in {
     from {
       opacity: 0;
-      transform: translate(-50%, calc(-50% + 8px)) scale(0.96);
+      transform: translateX(-50%) translateY(-8px) scale(0.96);
     }
     to {
       opacity: 1;
-      transform: translate(-50%, -50%) scale(1);
+      transform: translateX(-50%) scale(1);
     }
   }
   .grid {
diff --git a/web/src/lib/components/Nav/JiggleHost.svelte b/web/src/lib/components/Nav/JiggleHost.svelte
index bacb993..0920f9d 100644
--- a/web/src/lib/components/Nav/JiggleHost.svelte
+++ b/web/src/lib/components/Nav/JiggleHost.svelte
@@ -7,10 +7,27 @@
   }
   let { children }: Props = $props();
 
+  /** Whether the most recent mousedown landed directly on .host (not on
+   *  a child card). Browsers synthesise a `click` event on the *common
+   *  ancestor* of mousedown- and mouseup-targets, so a drag-select that
+   *  starts on a card label and releases between cards would fire click
+   *  on .host with `e.target === e.currentTarget`, exiting jiggle mode
+   *  unintentionally. Requiring the press to also be on .host suppresses
+   *  that false dismissal while keeping the intentional "click empty
+   *  space to exit" gesture. */
+  let pressOrigin: EventTarget | null = null;
+
+  function onBackgroundPointerDown(e: PointerEvent) {
+    pressOrigin = e.target;
+  }
+
   function onBackgroundClick(e: MouseEvent) {
+    const pressedOnHost = pressOrigin === e.currentTarget;
+    pressOrigin = null;
     if (!$jiggleMode) return;
-    // Only exit on click that is on the host itself, not a card.
-    if (e.target === e.currentTarget) {
+    // Only exit on click that is on the host itself, not a card, AND
+    // the press also originated on the host (drag-select-out guard).
+    if (e.target === e.currentTarget && pressedOnHost) {
       jiggleMode.exit();
     }
   }
@@ -18,7 +35,7 @@
 
 <!-- svelte-ignore a11y_click_events_have_key_events -->
 <!-- svelte-ignore a11y_no_static_element_interactions -->
-<div class="host" onclick={onBackgroundClick}>
+<div class="host" onpointerdown={onBackgroundPointerDown} onclick={onBackgroundClick}>
   {@render children()}
 </div>
 

From 21aa14e43f22e5f51864578fa236214028cfcc73 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 27 May 2026 14:28:58 +0800
Subject: [PATCH 65/77] fix(ui): drop backdrop dismissal + restore footer
 Cancel contrast
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two fixes in the shared Dialog component:

1. Remove the backdrop pointerdown/click listeners. Clicking the
   dimmed area was dismissing dialogs mid-edit — both via accidental
   pointer slips and via the synthetic-click-on-common-ancestor
   effect when a user drag-selected text inside an input and mouseup
   landed outside the dialog. Forms with multiple fields and
   unsaved input were worst-affected. Esc and the consumer-rendered
   footer Cancel button remain the only close paths.

2. Footer ghost button text was rendering invisible against the
   dialog's glass surface because Header.svelte's
   .header :global(.btn.intent-ghost) { color: var(--c-card-label) }
   (white text for buttons over the public site's gradient) bleeds
   into LoginDialog — the dialog is rendered as a DOM descendant of
   <header> via AuthControls. Raise the Dialog footer ghost rule's
   specificity to (0,5,0) by prefixing with .backdrop and then
   explicitly setting color: var(--c-text). Beats the header
   override regardless of cascade order; dark-mode counterpart
   updated to match.
---
 web/src/lib/components/ui/Dialog.svelte | 36 ++++++++++++++++---------
 1 file changed, 23 insertions(+), 13 deletions(-)

diff --git a/web/src/lib/components/ui/Dialog.svelte b/web/src/lib/components/ui/Dialog.svelte
index cacb9b6..7ad5ea3 100644
--- a/web/src/lib/components/ui/Dialog.svelte
+++ b/web/src/lib/components/ui/Dialog.svelte
@@ -27,9 +27,13 @@
     onClose?.();
   }
 
-  function onBackdropClick(e: MouseEvent) {
-    if (e.target === e.currentTarget) close();
-  }
+  /** Backdrop click intentionally does NOT close the dialog — explicit
+   *  user actions only (Escape key, footer Cancel button, or whatever
+   *  control the consumer renders). This keeps mid-edit forms safe
+   *  from a stray click on the dimmed area dismissing unsaved input,
+   *  and from the synthetic-click-on-common-ancestor bug where
+   *  drag-selecting text in an input and releasing outside the dialog
+   *  would synthesize a click on .backdrop. */
 
   function onKey(e: KeyboardEvent) {
     if (!open) return;
@@ -59,13 +63,7 @@
 <svelte:window onkeydown={onKey} />
 
 {#if open}
-  <div
-    class="backdrop"
-    role="presentation"
-    onclick={onBackdropClick}
-    onkeydown={() => {}}
-    aria-hidden="false"
-  >
+  <div class="backdrop" role="presentation" aria-hidden="false">
     <div
       bind:this={dialogEl}
       class="dialog width-{width}"
@@ -180,21 +178,33 @@
 
   /* Give ghost buttons (typically the Cancel) a visible border + soft fill so
    * they don't disappear into the footer's glass background. Scoped to the
-   * dialog footer so other usages of ghost buttons stay flat. */
-  .footer :global(.btn.intent-ghost) {
+   * dialog footer so other usages of ghost buttons stay flat.
+   *
+   * The `.backdrop .footer` prefix raises specificity to (0,5,0) so
+   * this beats `Header.svelte`'s `.header :global(.btn.intent-ghost) {
+   * color: var(--c-card-label) }` (specificity 0,4,0). Without that
+   * extra qualifier, dialogs that happen to be DOM-descendants of the
+   * public Header — e.g. LoginDialog rendered inside AuthControls —
+   * inherit the header's white-text-over-gradient rule and the Cancel
+   * button text becomes invisible against the dialog's glass surface. */
+  .backdrop .footer :global(.btn.intent-ghost) {
     background: rgba(0, 0, 0, 0.04);
     border-color: rgba(0, 0, 0, 0.14);
+    color: var(--c-text);
 
     &:hover:not(:disabled) {
       background: rgba(0, 0, 0, 0.08);
+      color: var(--c-text);
     }
   }
-  :global([data-theme='dark']) .footer :global(.btn.intent-ghost) {
+  :global([data-theme='dark']) .backdrop .footer :global(.btn.intent-ghost) {
     background: rgba(255, 255, 255, 0.06);
     border-color: rgba(255, 255, 255, 0.18);
+    color: var(--c-text);
 
     &:hover:not(:disabled) {
       background: rgba(255, 255, 255, 0.12);
+      color: var(--c-text);
     }
   }
 </style>

From df6718c571fed994a4c9b49ede8b8f18a0277f13 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 27 May 2026 14:29:11 +0800
Subject: [PATCH 66/77] feat(admin): dedicated dashboard layout, i18n, password
 move
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Admin pages now opt out of the public Launchpad chrome (Header,
Footer, gradient backdrop) and render their own dashboard shell —
a 56px topbar with brand + tab breadcrumb + Locale/Theme toggles +
Logout, a 240px sidebar with Settings tabs, and a content card
body. Only --c-bg / --c-surface / --c-border / --c-accent tokens
used; no admin-specific colour palette introduced.

Layout detachment via routes/+layout.svelte: when the URL starts
with /admin, skip the public Header/main/Footer wrap entirely and
render children directly. body.admin-route flag in app.scss flips
#root's background from gradient to --c-bg.

i18n: 41 admin.* keys added to zh.json and en.json. Every label,
description, placeholder, toast, confirm, badge in the admin
chrome and tab bodies now reads via \$t().

Sites tab cleanup:
- Drop the user-facing Value (key) input. Sites carry an opaque
  identifier (referenced by card.links[siteValue]); exposing it as
  a writable input let users break referential integrity. Now
  generated client-side as s_<base36 ts><rand4> on create and never
  edited again.
- Display row hides the slug; edit row only changes name +
  isDefault; the patch payload omits value to make the
  immutability explicit.
- Save/Cancel align to the input box bottom (grid align-items: end
  + matching .def height) instead of floating at the row top.

Account tab (new) hosts password change, replacing the icon-
button + ChangePasswordDialog popup that lived in the public
header. ChangePasswordDialog deleted; AuthControls trimmed to
just Admin gear + Logout (or Login when unauthed). After a
successful password change the page redirects home — server
invalidates sessions on password update.
---
 web/src/app.scss                              |   9 +
 .../components/Admin/AdminAccountTab.svelte   | 120 ++++++
 .../lib/components/Admin/AdminSiteTab.svelte  |  18 +-
 .../lib/components/Admin/AdminSitesTab.svelte | 142 ++++---
 .../Editor/ChangePasswordDialog.svelte        |  77 ----
 .../lib/components/Header/AuthControls.svelte |  21 --
 web/src/lib/i18n/en.json                      |  58 ++-
 web/src/lib/i18n/zh.json                      |  58 ++-
 web/src/routes/+layout.svelte                 |  23 +-
 web/src/routes/admin/+page.svelte             | 355 ++++++++++++++----
 10 files changed, 652 insertions(+), 229 deletions(-)
 create mode 100644 web/src/lib/components/Admin/AdminAccountTab.svelte
 delete mode 100644 web/src/lib/components/Editor/ChangePasswordDialog.svelte

diff --git a/web/src/app.scss b/web/src/app.scss
index 4620094..f902647 100644
--- a/web/src/app.scss
+++ b/web/src/app.scss
@@ -34,6 +34,15 @@ body {
   color: var(--c-text);
 }
 
+/* Admin routes opt out of the Launchpad gradient — they render a
+ * dashboard chrome (topbar + sidebar + content cards) on a neutral
+ * surface. The +layout.svelte toggles `body.admin-route` based on
+ * pathname; this rule overrides the gradient so admin views stop
+ * leaking the consumer-facing aesthetic into the management UI. */
+body.admin-route #root {
+  background: var(--c-bg);
+}
+
 /* Scrollbar — token-driven, theme-aware */
 ::-webkit-scrollbar {
   width: 8px;
diff --git a/web/src/lib/components/Admin/AdminAccountTab.svelte b/web/src/lib/components/Admin/AdminAccountTab.svelte
new file mode 100644
index 0000000..ed5fa38
--- /dev/null
+++ b/web/src/lib/components/Admin/AdminAccountTab.svelte
@@ -0,0 +1,120 @@
+<script lang="ts">
+  import Button from '$lib/components/ui/Button.svelte';
+  import Input from '$lib/components/ui/Input.svelte';
+  import { changePassword } from '$lib/api/nav';
+  import { ApiError } from '$lib/api/client';
+  import { toast } from '$lib/components/ui/toast';
+  import { t } from '$lib/i18n/store';
+  import { goto } from '$app/navigation';
+
+  let current = $state('');
+  let next = $state('');
+  let confirmPw = $state('');
+  let submitting = $state(false);
+  let error = $state<string | null>(null);
+
+  async function submit() {
+    if (submitting) return;
+    error = null;
+    if (next.length < 8) {
+      error = $t('admin.account.error.minLength');
+      return;
+    }
+    if (next !== confirmPw) {
+      error = $t('admin.account.error.mismatch');
+      return;
+    }
+    submitting = true;
+    try {
+      await changePassword(current, next);
+      toast.success($t('common.save') + ' ✓');
+      current = next = confirmPw = '';
+      // Server invalidates the session on password change. Redirect home
+      // so the user can sign back in with the new password rather than
+      // staring at a now-401-failing admin panel.
+      await goto('/', { replaceState: true });
+    } catch (e) {
+      if (e instanceof ApiError) {
+        if (e.status === 401) error = $t('auth.login.error.bad_password');
+        else error = e.message ?? $t('error.unknown');
+      } else error = $t('error.unknown');
+    } finally {
+      submitting = false;
+    }
+  }
+</script>
+
+<form
+  class="form"
+  onsubmit={(e) => {
+    e.preventDefault();
+    submit();
+  }}
+>
+  <fieldset>
+    <legend>{$t('admin.account.legend.password')}</legend>
+    <Input
+      label={$t('admin.account.field.current')}
+      type="password"
+      bind:value={current}
+      autocomplete="current-password"
+    />
+    <Input
+      label={$t('admin.account.field.new')}
+      type="password"
+      bind:value={next}
+      autocomplete="new-password"
+    />
+    <Input
+      label={$t('admin.account.field.confirm')}
+      type="password"
+      bind:value={confirmPw}
+      autocomplete="new-password"
+    />
+  </fieldset>
+
+  {#if error}<p class="err">{error}</p>{/if}
+
+  <div class="actions">
+    <Button
+      intent="primary"
+      onclick={submit}
+      loading={submitting}
+      disabled={!current || !next || !confirmPw}
+    >
+      {$t('common.save')}
+    </Button>
+  </div>
+</form>
+
+<style lang="scss">
+  .form {
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-4);
+  }
+  fieldset {
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-md);
+    padding: var(--sp-3) var(--sp-4);
+    margin: 0;
+    display: flex;
+    flex-direction: column;
+    gap: var(--sp-3);
+  }
+  legend {
+    padding: 0 var(--sp-2);
+    font-size: var(--fs-sm);
+    font-weight: var(--fw-semibold);
+    color: var(--c-text);
+  }
+  .err {
+    margin: 0;
+    color: var(--c-danger);
+    font-size: var(--fs-sm);
+  }
+  .actions {
+    display: flex;
+    justify-content: flex-end;
+  }
+</style>
diff --git a/web/src/lib/components/Admin/AdminSiteTab.svelte b/web/src/lib/components/Admin/AdminSiteTab.svelte
index 1f24579..14270f5 100644
--- a/web/src/lib/components/Admin/AdminSiteTab.svelte
+++ b/web/src/lib/components/Admin/AdminSiteTab.svelte
@@ -87,18 +87,26 @@
 
 <div class="form">
   <fieldset>
-    <legend>Branding</legend>
-    <Input label="Site title" bind:value={siteName} placeholder="Pico Nav" />
+    <legend>{$t('admin.site.legend.branding')}</legend>
+    <Input
+      label={$t('admin.site.field.title')}
+      bind:value={siteName}
+      placeholder={$t('admin.site.field.title.placeholder')}
+    />
     <div class="grp">
-      <span class="lbl">Site avatar</span>
+      <span class="lbl">{$t('admin.site.field.avatar')}</span>
       <IconSourcePicker
         bind:kind={avatarKind}
         bind:value={avatarValue}
         allowedKinds={['asset', 'url']}
       />
-      <small class="help">Shown next to the site title in the header. Leave blank to hide.</small>
+      <small class="help">{$t('admin.site.field.avatar.help')}</small>
     </div>
-    <Input label="Footer copyright" bind:value={siteCopyright} placeholder="© 2026 Your Name" />
+    <Input
+      label={$t('admin.site.field.copyright')}
+      bind:value={siteCopyright}
+      placeholder={$t('admin.site.field.copyright.placeholder')}
+    />
   </fieldset>
 
   {#if error}<p class="err">{error}</p>{/if}
diff --git a/web/src/lib/components/Admin/AdminSitesTab.svelte b/web/src/lib/components/Admin/AdminSitesTab.svelte
index 66ee2b5..42f6a1b 100644
--- a/web/src/lib/components/Admin/AdminSitesTab.svelte
+++ b/web/src/lib/components/Admin/AdminSitesTab.svelte
@@ -26,18 +26,30 @@
   });
 
   let editingId = $state<number | null>(null);
-  let editValue = $state('');
   let editName = $state('');
   let editDefault = $state(false);
 
   let creating = $state(false);
-  let newValue = $state('');
   let newName = $state('');
   let newDefault = $state(false);
   let busy = $state(false);
 
   const dragDisabled = $derived(editingId !== null || creating || busy);
 
+  /** Sites carry a stable string `value` used as the per-card link key
+   *  (e.g. card.links['s_a3f9k2'] = 'https://…'). The user picks sites
+   *  by display name, so the value is purely an internal identifier;
+   *  exposing it as an input lets users break referential integrity by
+   *  editing a value that's already referenced. We generate it on
+   *  create and never expose it again. base36 of (Date.now + Math.random)
+   *  collides only under simultaneous-millisecond + same-random submits,
+   *  which the API's UNIQUE constraint would catch anyway. */
+  function generateSiteValue(): string {
+    const ts = Date.now().toString(36);
+    const rand = Math.random().toString(36).slice(2, 6);
+    return `s_${ts}${rand}`;
+  }
+
   function onConsider(e: CustomEvent<DndEvent<Site>>) {
     working = e.detail.items;
   }
@@ -49,13 +61,12 @@
       await navDataStore.refetch();
     } catch (err) {
       await navDataStore.refetch();
-      toast.error(err instanceof ApiError ? err.message : 'Reorder failed');
+      toast.error(err instanceof ApiError ? err.message : $t('admin.sites.toast.reorderFailed'));
     }
   }
 
   function startEdit(s: Site) {
     editingId = s.id;
-    editValue = s.value;
     editName = s.name;
     editDefault = s.isDefault;
   }
@@ -64,10 +75,16 @@
   }
   async function saveEdit() {
     if (editingId == null || busy) return;
+    if (!editName.trim()) {
+      toast.error($t('admin.sites.toast.requireName'));
+      return;
+    }
     busy = true;
     try {
+      // value is intentionally omitted — it's an immutable identifier;
+      // editing it would break card.links references that point at the
+      // existing value. Only name + isDefault are user-mutable.
       await patchSite(editingId, {
-        value: editValue.trim(),
         name: editName.trim(),
         isDefault: editDefault
       });
@@ -75,7 +92,7 @@
       editingId = null;
       toast.success($t('common.save') + ' ✓');
     } catch (e) {
-      toast.error(e instanceof ApiError ? e.message : 'Save failed');
+      toast.error(e instanceof ApiError ? e.message : $t('admin.sites.toast.saveFailed'));
     } finally {
       busy = false;
     }
@@ -85,17 +102,19 @@
     if (busy) return;
     const count = linkCountBySite.get(s.value) ?? 0;
     if (count > 0) {
-      toast.error(`Site "${s.name}" is referenced by ${count} item link(s). Remove those first.`);
+      toast.error(
+        $t('admin.sites.toast.referencedBy', { name: s.name, count })
+      );
       return;
     }
-    if (!confirm(`Delete site "${s.name}"?`)) return;
+    if (!confirm($t('admin.sites.confirmDelete', { name: s.name }))) return;
     busy = true;
     try {
       await deleteSite(s.id);
       await navDataStore.refetch();
-      toast.success('Deleted ✓');
+      toast.success($t('admin.sites.toast.deleted'));
     } catch (e) {
-      toast.error(e instanceof ApiError ? e.message : 'Delete failed');
+      toast.error(e instanceof ApiError ? e.message : $t('admin.sites.toast.deleteFailed'));
     } finally {
       busy = false;
     }
@@ -103,7 +122,6 @@
 
   function startCreate() {
     creating = true;
-    newValue = '';
     newName = '';
     newDefault = false;
   }
@@ -112,22 +130,22 @@
   }
   async function commitCreate() {
     if (busy) return;
-    if (!newValue.trim() || !newName.trim()) {
-      toast.error('Both value and name are required');
+    if (!newName.trim()) {
+      toast.error($t('admin.sites.toast.requireName'));
       return;
     }
     busy = true;
     try {
       await createSite({
-        value: newValue.trim(),
+        value: generateSiteValue(),
         name: newName.trim(),
         isDefault: newDefault
       });
       await navDataStore.refetch();
       creating = false;
-      toast.success('Created ✓');
+      toast.success($t('admin.sites.toast.created'));
     } catch (e) {
-      toast.error(e instanceof ApiError ? e.message : 'Create failed');
+      toast.error(e instanceof ApiError ? e.message : $t('admin.sites.toast.createFailed'));
     } finally {
       busy = false;
     }
@@ -136,27 +154,33 @@
 
 <div class="tab">
   <header class="head">
-    <h3>Sites <small>({sites.length})</small></h3>
+    <h3>{$t('admin.sites.head.title')} <small>({sites.length})</small></h3>
     {#if !creating}
-      <Button intent="primary" size="sm" onclick={startCreate}>＋ New site</Button>
+      <Button intent="primary" size="sm" onclick={startCreate}
+        >{$t('admin.sites.action.new')}</Button
+      >
     {/if}
   </header>
-  <p class="hint">
-    A "site" is a per-item link target (e.g. <code>shanghai</code>, <code>beijing</code>). Each nav
-    item can have one URL per site.
-  </p>
+  <p class="hint">{$t('admin.sites.hint')}</p>
 
   {#if creating}
     <div class="row create-row">
-      <Input label="Value (key)" bind:value={newValue} placeholder="shanghai" />
-      <Input label="Display name" bind:value={newName} placeholder="上海" />
+      <Input
+        label={$t('admin.sites.field.name')}
+        bind:value={newName}
+        placeholder={$t('admin.sites.field.name.placeholder')}
+      />
       <label class="def">
         <input type="checkbox" bind:checked={newDefault} />
-        Default
+        {$t('admin.sites.field.default')}
       </label>
       <div class="row-actions">
-        <Button intent="primary" size="sm" onclick={commitCreate} loading={busy}>Create</Button>
-        <Button intent="ghost" size="sm" onclick={cancelCreate}>Cancel</Button>
+        <Button intent="primary" size="sm" onclick={commitCreate} loading={busy}
+          >{$t('admin.sites.action.create')}</Button
+        >
+        <Button intent="ghost" size="sm" onclick={cancelCreate}
+          >{$t('admin.sites.action.cancel')}</Button
+        >
       </div>
     </div>
   {/if}
@@ -170,34 +194,42 @@
     {#each working as s (s.id)}
       <li class="row" class:editing={editingId === s.id}>
         {#if editingId === s.id}
-          <Input label="Value" bind:value={editValue} />
-          <Input label="Name" bind:value={editName} />
+          <Input label={$t('admin.sites.field.name')} bind:value={editName} />
           <label class="def">
             <input type="checkbox" bind:checked={editDefault} />
-            Default
+            {$t('admin.sites.field.default')}
           </label>
           <div class="row-actions">
-            <Button intent="primary" size="sm" onclick={saveEdit} loading={busy}>Save</Button>
-            <Button intent="ghost" size="sm" onclick={cancelEdit}>Cancel</Button>
+            <Button intent="primary" size="sm" onclick={saveEdit} loading={busy}
+              >{$t('admin.sites.action.save')}</Button
+            >
+            <Button intent="ghost" size="sm" onclick={cancelEdit}
+              >{$t('admin.sites.action.cancel')}</Button
+            >
           </div>
         {:else}
           <span class="handle" class:disabled={dragDisabled} aria-hidden="true">⋮⋮</span>
           <div class="info">
             <strong>{s.name}</strong>
-            <span class="slug">{s.value}</span>
-            {#if s.isDefault}<span class="badge">default</span>{/if}
-            <span class="count">{linkCountBySite.get(s.value) ?? 0} link(s)</span>
+            {#if s.isDefault}<span class="badge">{$t('admin.sites.badge.default')}</span>{/if}
+            <span class="count"
+              >{$t('admin.sites.linkCount', { count: linkCountBySite.get(s.value) ?? 0 })}</span
+            >
           </div>
           <div class="row-actions">
-            <Button intent="ghost" size="sm" onclick={() => startEdit(s)}>Edit</Button>
-            <Button intent="ghost" size="sm" onclick={() => remove(s)}>Delete</Button>
+            <Button intent="ghost" size="sm" onclick={() => startEdit(s)}
+              >{$t('admin.sites.action.edit')}</Button
+            >
+            <Button intent="ghost" size="sm" onclick={() => remove(s)}
+              >{$t('admin.sites.action.delete')}</Button
+            >
           </div>
         {/if}
       </li>
     {/each}
   </ul>
   {#if sites.length === 0}
-    <p class="empty">No sites yet. Create one to start adding per-site links.</p>
+    <p class="empty">{$t('admin.sites.empty')}</p>
   {/if}
 </div>
 
@@ -224,10 +256,6 @@
     margin: 0;
     font-size: var(--fs-sm);
     color: var(--c-text-3);
-    code {
-      font-family: var(--ft-mono);
-      color: var(--c-text-2);
-    }
   }
   .list {
     list-style: none;
@@ -252,7 +280,13 @@
   }
   .row.editing,
   .create-row {
-    grid-template-columns: 1fr 1fr auto auto;
+    grid-template-columns: 1fr auto auto;
+    /* Bottom-align so action buttons sit flush with the input box's
+     * baseline. Without this the buttons hover at the top of the row
+     * (because grid items default to `stretch` and an Input cell is
+     * taller than a Button cell — the label adds vertical space above
+     * the actual input control). */
+    align-items: end;
   }
   .handle {
     color: var(--c-text-3);
@@ -274,11 +308,6 @@
     strong {
       font-size: var(--fs-md);
     }
-    .slug {
-      font-family: var(--ft-mono);
-      font-size: var(--fs-sm);
-      color: var(--c-text-3);
-    }
     .count {
       font-size: var(--fs-xs);
       color: var(--c-text-3);
@@ -295,7 +324,15 @@
   .row-actions {
     display: flex;
     gap: var(--sp-2);
-    align-items: end;
+  }
+  /* Match input control's vertical position: the Input has a label
+   * above it, so its actual control box sits ~20px below the cell's
+   * top edge. With grid `align-items: end` on the parent, this cell
+   * is positioned at the row bottom, so the row of buttons lands at
+   * the same baseline as the input boxes themselves. */
+  .row.editing .row-actions,
+  .create-row .row-actions {
+    padding-bottom: 0;
   }
   .def {
     display: inline-flex;
@@ -303,8 +340,11 @@
     gap: var(--sp-2);
     font-size: var(--fs-sm);
     color: var(--c-text-2);
-    align-self: end;
-    padding-bottom: var(--sp-2);
+    /* Sit at the input's baseline (control bottom) by reserving the
+     * same control height the Input uses. The .control inside Input
+     * is 36px tall; matching that here keeps the checkbox vertically
+     * centred against the input box rather than floating above it. */
+    height: 36px;
   }
   .empty {
     padding: var(--sp-4);
diff --git a/web/src/lib/components/Editor/ChangePasswordDialog.svelte b/web/src/lib/components/Editor/ChangePasswordDialog.svelte
deleted file mode 100644
index 8c5e96a..0000000
--- a/web/src/lib/components/Editor/ChangePasswordDialog.svelte
+++ /dev/null
@@ -1,77 +0,0 @@
-<script lang="ts">
-  import Dialog from '$lib/components/ui/Dialog.svelte';
-  import Input from '$lib/components/ui/Input.svelte';
-  import Button from '$lib/components/ui/Button.svelte';
-  import { changePassword } from '$lib/api/nav';
-  import { ApiError } from '$lib/api/client';
-  import { toast } from '$lib/components/ui/toast';
-  import { t } from '$lib/i18n/store';
-
-  interface Props {
-    open: boolean;
-  }
-  let { open = $bindable(false) }: Props = $props();
-
-  let current = $state('');
-  let next = $state('');
-  let confirm = $state('');
-  let submitting = $state(false);
-  let error = $state<string | null>(null);
-
-  async function submit() {
-    error = null;
-    if (next.length < 8) {
-      error = 'New password must be ≥ 8 chars';
-      return;
-    }
-    if (next !== confirm) {
-      error = 'New passwords do not match';
-      return;
-    }
-    submitting = true;
-    try {
-      await changePassword(current, next);
-      toast.success($t('common.save') + ' ✓');
-      current = next = confirm = '';
-      open = false;
-    } catch (e) {
-      if (e instanceof ApiError) {
-        if (e.status === 401) error = $t('auth.login.error.bad_password');
-        else error = e.message ?? $t('error.unknown');
-      } else error = $t('error.unknown');
-    } finally {
-      submitting = false;
-    }
-  }
-</script>
-
-<Dialog bind:open title="Change admin password" width="sm">
-  <div class="form">
-    <Input label="Current password" type="password" bind:value={current} />
-    <Input label="New password (≥ 8 chars)" type="password" bind:value={next} />
-    <Input label="Confirm new password" type="password" bind:value={confirm} />
-    {#if error}<p class="err">{error}</p>{/if}
-  </div>
-  {#snippet footer()}
-    <Button intent="ghost" onclick={() => (open = false)}>{$t('common.cancel')}</Button>
-    <Button
-      intent="primary"
-      onclick={submit}
-      loading={submitting}
-      disabled={!current || !next || !confirm}>{$t('common.save')}</Button
-    >
-  {/snippet}
-</Dialog>
-
-<style lang="scss">
-  .form {
-    display: flex;
-    flex-direction: column;
-    gap: var(--sp-3);
-  }
-  .err {
-    margin: 0;
-    color: var(--c-danger);
-    font-size: var(--fs-sm);
-  }
-</style>
diff --git a/web/src/lib/components/Header/AuthControls.svelte b/web/src/lib/components/Header/AuthControls.svelte
index 85aae08..2b2c511 100644
--- a/web/src/lib/components/Header/AuthControls.svelte
+++ b/web/src/lib/components/Header/AuthControls.svelte
@@ -2,13 +2,11 @@
   import Button from '$lib/components/ui/Button.svelte';
   import IconButton from '$lib/components/ui/IconButton.svelte';
   import LoginDialog from '$lib/components/Editor/LoginDialog.svelte';
-  import ChangePasswordDialog from '$lib/components/Editor/ChangePasswordDialog.svelte';
   import { goto } from '$app/navigation';
   import { sessionStore } from '$lib/stores/session';
   import { t } from '$lib/i18n/store';
 
   let loginOpen = $state(false);
-  let pwOpen = $state(false);
 
   async function onLogout() {
     await sessionStore.logout();
@@ -34,28 +32,9 @@
       />
     </svg>
   </IconButton>
-  <IconButton label="Change password" onclick={() => (pwOpen = true)}>
-    <svg
-      width="18"
-      height="18"
-      viewBox="0 0 24 24"
-      fill="none"
-      stroke="currentColor"
-      stroke-width="1.8"
-      stroke-linecap="round"
-      stroke-linejoin="round"
-      aria-hidden="true"
-    >
-      <circle cx="8" cy="15" r="4" />
-      <path d="M10.85 12.15 21 2" />
-      <path d="m18 5 3 3" />
-      <path d="m15 8 3 3" />
-    </svg>
-  </IconButton>
   <Button intent="ghost" size="sm" onclick={onLogout}>{$t('header.logout')}</Button>
 {:else}
   <Button intent="ghost" size="sm" onclick={() => (loginOpen = true)}>{$t('header.login')}</Button>
 {/if}
 
 <LoginDialog bind:open={loginOpen} />
-<ChangePasswordDialog bind:open={pwOpen} />
diff --git a/web/src/lib/i18n/en.json b/web/src/lib/i18n/en.json
index c4eb210..f038572 100644
--- a/web/src/lib/i18n/en.json
+++ b/web/src/lib/i18n/en.json
@@ -38,5 +38,61 @@
 
   "error.network.offline": "Cannot reach server",
   "error.network.retry": "Retry",
-  "error.unknown": "Unknown error"
+  "error.unknown": "Unknown error",
+
+  "admin.pageTitle": "Admin · Settings",
+  "admin.brand": "Admin",
+  "admin.head.settings": "Settings",
+  "admin.action.backToSite": "← Back to site",
+  "admin.action.logout": "Log out",
+  "admin.placeholder.redirecting": "Redirecting…",
+
+  "admin.tab.site.label": "Site settings",
+  "admin.tab.site.description": "Branding, avatar and footer copyright shown on the public navigation page.",
+  "admin.tab.sites.label": "Sites & links",
+  "admin.tab.sites.description": "Manage the per-site link sets that visitors can switch between.",
+  "admin.tab.account.label": "Account",
+  "admin.tab.account.description": "Change the admin password. Active sessions are invalidated and you'll need to sign in again.",
+
+  "admin.account.legend.password": "Change password",
+  "admin.account.field.current": "Current password",
+  "admin.account.field.new": "New password (≥ 8 chars)",
+  "admin.account.field.confirm": "Confirm new password",
+  "admin.account.error.minLength": "New password must be ≥ 8 chars",
+  "admin.account.error.mismatch": "New passwords do not match",
+
+  "admin.site.legend.branding": "Branding",
+  "admin.site.field.title": "Site title",
+  "admin.site.field.title.placeholder": "Pico Nav",
+  "admin.site.field.avatar": "Site avatar",
+  "admin.site.field.avatar.help": "Shown next to the site title in the header. Leave blank to hide.",
+  "admin.site.field.copyright": "Footer copyright",
+  "admin.site.field.copyright.placeholder": "© 2026 Your Name",
+
+  "admin.sites.head.title": "Sites",
+  "admin.sites.action.new": "＋ New site",
+  "admin.sites.hint": "A \"site\" is a per-item link target (e.g. shanghai, beijing). Each nav item can have one URL per site.",
+  "admin.sites.field.value": "Value (key)",
+  "admin.sites.field.value.placeholder": "shanghai",
+  "admin.sites.field.name": "Display name",
+  "admin.sites.field.name.placeholder": "Shanghai",
+  "admin.sites.field.default": "Default",
+  "admin.sites.action.create": "Create",
+  "admin.sites.action.edit": "Edit",
+  "admin.sites.action.delete": "Delete",
+  "admin.sites.action.save": "Save",
+  "admin.sites.action.cancel": "Cancel",
+  "admin.sites.badge.default": "default",
+  "admin.sites.linkCount": "{{count}} link(s)",
+  "admin.sites.empty": "No sites yet. Create one to start adding per-site links.",
+  "admin.sites.confirmDelete": "Delete site \"{{name}}\"?",
+  "admin.sites.toast.created": "Created ✓",
+  "admin.sites.toast.deleted": "Deleted ✓",
+  "admin.sites.toast.requireBoth": "Both value and name are required",
+  "admin.sites.toast.requireName": "Display name is required",
+  "admin.sites.toast.referencedBy": "Site \"{{name}}\" is referenced by {{count}} item link(s). Remove those first.",
+  "admin.sites.toast.saveFailed": "Save failed",
+  "admin.sites.toast.deleteFailed": "Delete failed",
+  "admin.sites.toast.createFailed": "Create failed",
+  "admin.sites.toast.reorderFailed": "Reorder failed"
 }
diff --git a/web/src/lib/i18n/zh.json b/web/src/lib/i18n/zh.json
index 1b96dc4..8b1bba7 100644
--- a/web/src/lib/i18n/zh.json
+++ b/web/src/lib/i18n/zh.json
@@ -38,5 +38,61 @@
 
   "error.network.offline": "无法连接服务",
   "error.network.retry": "重试",
-  "error.unknown": "发生未知错误"
+  "error.unknown": "发生未知错误",
+
+  "admin.pageTitle": "管理 · 设置",
+  "admin.brand": "管理后台",
+  "admin.head.settings": "设置",
+  "admin.action.backToSite": "← 返回站点",
+  "admin.action.logout": "登出",
+  "admin.placeholder.redirecting": "跳转中…",
+
+  "admin.tab.site.label": "站点设置",
+  "admin.tab.site.description": "公开导航页用到的品牌、头像、页脚版权信息。",
+  "admin.tab.sites.label": "站点与链接",
+  "admin.tab.sites.description": "管理访问者可在头部切换的多套站点链接。",
+  "admin.tab.account.label": "账户",
+  "admin.tab.account.description": "修改管理员密码。改完后已登录的会话会失效，需要重新登录。",
+
+  "admin.account.legend.password": "修改密码",
+  "admin.account.field.current": "当前密码",
+  "admin.account.field.new": "新密码（≥ 8 字符）",
+  "admin.account.field.confirm": "确认新密码",
+  "admin.account.error.minLength": "新密码至少 8 字符",
+  "admin.account.error.mismatch": "两次输入的新密码不一致",
+
+  "admin.site.legend.branding": "品牌",
+  "admin.site.field.title": "站点标题",
+  "admin.site.field.title.placeholder": "Pico 导航",
+  "admin.site.field.avatar": "站点头像",
+  "admin.site.field.avatar.help": "显示在头部的站点标题旁。留空则隐藏。",
+  "admin.site.field.copyright": "页脚版权",
+  "admin.site.field.copyright.placeholder": "© 2026 你的名字",
+
+  "admin.sites.head.title": "站点",
+  "admin.sites.action.new": "＋ 新建站点",
+  "admin.sites.hint": "「站点」表示每个导航项的链接目标（如 shanghai、beijing）。每个导航项可为各站点配置一个 URL。",
+  "admin.sites.field.value": "值（key）",
+  "admin.sites.field.value.placeholder": "shanghai",
+  "admin.sites.field.name": "显示名",
+  "admin.sites.field.name.placeholder": "上海",
+  "admin.sites.field.default": "默认",
+  "admin.sites.action.create": "创建",
+  "admin.sites.action.edit": "编辑",
+  "admin.sites.action.delete": "删除",
+  "admin.sites.action.save": "保存",
+  "admin.sites.action.cancel": "取消",
+  "admin.sites.badge.default": "默认",
+  "admin.sites.linkCount": "{{count}} 个链接",
+  "admin.sites.empty": "尚无站点。先创建一个再开始添加各站点链接。",
+  "admin.sites.confirmDelete": "确认删除站点「{{name}}」？",
+  "admin.sites.toast.created": "创建成功 ✓",
+  "admin.sites.toast.deleted": "删除成功 ✓",
+  "admin.sites.toast.requireBoth": "值和显示名都不能为空",
+  "admin.sites.toast.requireName": "显示名不能为空",
+  "admin.sites.toast.referencedBy": "站点「{{name}}」被 {{count}} 个导航项引用，请先解除引用再删除",
+  "admin.sites.toast.saveFailed": "保存失败",
+  "admin.sites.toast.deleteFailed": "删除失败",
+  "admin.sites.toast.createFailed": "创建失败",
+  "admin.sites.toast.reorderFailed": "重排失败"
 }
diff --git a/web/src/routes/+layout.svelte b/web/src/routes/+layout.svelte
index 00bd03e..b8a22b9 100644
--- a/web/src/routes/+layout.svelte
+++ b/web/src/routes/+layout.svelte
@@ -1,4 +1,5 @@
 <script lang="ts">
+  import { page } from '$app/stores';
   import Header from '$lib/components/Header/index.svelte';
   import Footer from '$lib/components/Footer/index.svelte';
   import ToastViewport from '$lib/components/ui/ToastViewport.svelte';
@@ -7,17 +8,25 @@
   import '../app.scss';
 
   let { children } = $props();
-</script>
 
-<svelte:body class:jiggle-mode={$jiggleMode} />
+  /** Admin pages opt out of the public-facing chrome (Launchpad header,
+   *  copyright footer, gradient backdrop). They render their own
+   *  dashboard layout inside +page.svelte. The body class also flips
+   *  the global gradient over to a neutral surface — see app.scss. */
+  const isAdmin = $derived($page.url.pathname.startsWith('/admin'));
+</script>
 
-<Header />
+<svelte:body class:jiggle-mode={$jiggleMode} class:admin-route={isAdmin} />
 
-<main>
+{#if isAdmin}
   {@render children()}
-</main>
-
-<Footer />
+{:else}
+  <Header />
+  <main>
+    {@render children()}
+  </main>
+  <Footer />
+{/if}
 
 <ToastViewport />
 
diff --git a/web/src/routes/admin/+page.svelte b/web/src/routes/admin/+page.svelte
index dc2cab6..d147451 100644
--- a/web/src/routes/admin/+page.svelte
+++ b/web/src/routes/admin/+page.svelte
@@ -2,16 +2,31 @@
   import { goto } from '$app/navigation';
   import { sessionStore } from '$lib/stores/session';
   import { navDataStore } from '$lib/stores/navData';
+  import { t } from '$lib/i18n/store';
   import AdminSiteTab from '$lib/components/Admin/AdminSiteTab.svelte';
   import AdminSitesTab from '$lib/components/Admin/AdminSitesTab.svelte';
+  import AdminAccountTab from '$lib/components/Admin/AdminAccountTab.svelte';
+  import ThemeToggle from '$lib/components/Header/ThemeToggle.svelte';
+  import LocaleToggle from '$lib/components/Header/LocaleToggle.svelte';
 
-  type TabId = 'site' | 'sites';
-  const TABS: { id: TabId; label: string }[] = [
-    { id: 'site', label: 'Site' },
-    { id: 'sites', label: 'Sites' }
+  type TabId = 'site' | 'sites' | 'account';
+  interface Tab {
+    id: TabId;
+    labelKey: string;
+    descKey: string;
+  }
+  const TABS: Tab[] = [
+    { id: 'site', labelKey: 'admin.tab.site.label', descKey: 'admin.tab.site.description' },
+    { id: 'sites', labelKey: 'admin.tab.sites.label', descKey: 'admin.tab.sites.description' },
+    {
+      id: 'account',
+      labelKey: 'admin.tab.account.label',
+      descKey: 'admin.tab.account.description'
+    }
   ];
 
   let active = $state<TabId>('site');
+  const currentTab = $derived(TABS.find((tab) => tab.id === active) ?? TABS[0]);
 
   /** Redirect home if the user is not authed (not loading). */
   $effect(() => {
@@ -26,122 +41,330 @@
       navDataStore.load();
     }
   });
+
+  async function onLogout() {
+    await sessionStore.logout();
+    await goto('/', { replaceState: true });
+  }
 </script>
 
 <svelte:head>
-  <title>Admin · Settings</title>
+  <title>{$t('admin.pageTitle')}</title>
 </svelte:head>
 
 {#if $sessionStore.authed}
-  <div class="page">
-    <header class="page-head">
-      <h1>Admin</h1>
-      <a href="/" class="back">← Back to site</a>
+  <div class="shell">
+    <header class="topbar">
+      <div class="brand">
+        <span class="dot" aria-hidden="true"></span>
+        <span class="title">{$t('admin.brand')}</span>
+        <span class="sep" aria-hidden="true">/</span>
+        <span class="subtitle">{$t(currentTab.labelKey)}</span>
+      </div>
+      <div class="topbar-actions">
+        <div class="utility">
+          <LocaleToggle />
+          <ThemeToggle />
+        </div>
+        <span class="divider" aria-hidden="true"></span>
+        <a href="/" class="link">{$t('admin.action.backToSite')}</a>
+        <button type="button" class="logout" onclick={onLogout}>
+          {$t('admin.action.logout')}
+        </button>
+      </div>
     </header>
 
-    <div class="layout">
-      <nav class="tabs" aria-label="Admin sections">
-        {#each TABS as tab (tab.id)}
-          <button
-            type="button"
-            class="tab-btn"
-            class:active={active === tab.id}
-            onclick={() => (active = tab.id)}
-            aria-current={active === tab.id ? 'page' : undefined}
-          >
-            {tab.label}
-          </button>
-        {/each}
-      </nav>
-
-      <section class="content">
-        {#if active === 'site'}
-          <AdminSiteTab />
-        {:else if active === 'sites'}
-          <AdminSitesTab />
-        {/if}
-      </section>
+    <div class="body">
+      <aside class="sidebar" aria-label="Admin sections">
+        <div class="side-head">{$t('admin.head.settings')}</div>
+        <nav class="side-nav">
+          {#each TABS as tab (tab.id)}
+            <button
+              type="button"
+              class="side-item"
+              class:active={active === tab.id}
+              onclick={() => (active = tab.id)}
+              aria-current={active === tab.id ? 'page' : undefined}
+            >
+              <span class="side-label">{$t(tab.labelKey)}</span>
+            </button>
+          {/each}
+        </nav>
+      </aside>
+
+      <main class="content">
+        <article class="card">
+          <header class="card-head">
+            <h1 class="card-title">{$t(currentTab.labelKey)}</h1>
+            <p class="card-desc">{$t(currentTab.descKey)}</p>
+          </header>
+          <div class="card-body">
+            {#if active === 'site'}
+              <AdminSiteTab />
+            {:else if active === 'sites'}
+              <AdminSitesTab />
+            {:else if active === 'account'}
+              <AdminAccountTab />
+            {/if}
+          </div>
+        </article>
+      </main>
     </div>
   </div>
 {:else}
-  <div class="placeholder">Redirecting…</div>
+  <div class="placeholder">{$t('admin.placeholder.redirecting')}</div>
 {/if}
 
 <style lang="scss">
-  .page {
-    max-width: 960px;
-    margin: 0 auto;
-    padding: var(--sp-6) var(--sp-5);
+  /* Dashboard shell — opts out of the public layout's gradient bg via
+   * the body.admin-route flag set in routes/+layout.svelte. Topbar +
+   * sidebar use --c-surface (white in light, near-black in dark) over
+   * a --c-bg backdrop, matching the rest of the project's token-driven
+   * design system without inventing admin-only colours. */
+  .shell {
+    min-height: 100vh;
+    display: flex;
+    flex-direction: column;
+    background: var(--c-bg);
+    color: var(--c-text);
   }
-  .page-head {
+
+  .topbar {
+    position: sticky;
+    top: 0;
+    z-index: 5;
+    height: 56px;
     display: flex;
-    align-items: baseline;
+    align-items: center;
     justify-content: space-between;
-    margin-bottom: var(--sp-5);
-    h1 {
-      margin: 0;
-      font-size: var(--fs-xl);
+    gap: var(--sp-4);
+    padding: 0 var(--sp-5);
+    background: var(--c-surface);
+    border-bottom: 1px solid var(--c-border);
+  }
+  .brand {
+    display: flex;
+    align-items: center;
+    gap: var(--sp-2);
+    min-width: 0;
+  }
+  .brand .dot {
+    width: 10px;
+    height: 10px;
+    border-radius: 50%;
+    background: var(--c-accent);
+    flex: 0 0 auto;
+  }
+  .brand .title {
+    font-size: var(--fs-md);
+    font-weight: var(--fw-semibold);
+    color: var(--c-text);
+  }
+  .brand .sep {
+    color: var(--c-text-3);
+  }
+  .brand .subtitle {
+    font-size: var(--fs-sm);
+    color: var(--c-text-2);
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+  }
+
+  .topbar-actions {
+    display: flex;
+    align-items: center;
+    gap: var(--sp-2);
+  }
+  .utility {
+    display: flex;
+    align-items: center;
+    gap: var(--sp-1);
+  }
+  .divider {
+    width: 1px;
+    height: 24px;
+    background: var(--c-border);
+    margin: 0 var(--sp-2);
+  }
+  .link {
+    font-size: var(--fs-sm);
+    color: var(--c-text-2);
+    text-decoration: none;
+    padding: var(--sp-1) var(--sp-2);
+    border-radius: var(--rd-sm);
+    transition:
+      color var(--tr-fast),
+      background var(--tr-fast);
+    &:hover {
+      color: var(--c-text);
+      background: var(--c-surface-2);
     }
-    .back {
-      font-size: var(--fs-sm);
-      color: var(--c-accent);
-      text-decoration: none;
-      &:hover {
-        text-decoration: underline;
-      }
+  }
+  .logout {
+    font-size: var(--fs-sm);
+    font-weight: var(--fw-medium);
+    color: var(--c-text);
+    background: transparent;
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-md);
+    padding: 6px var(--sp-3);
+    cursor: pointer;
+    transition:
+      border-color var(--tr-fast),
+      background var(--tr-fast);
+    &:hover {
+      border-color: var(--c-text-3);
+      background: var(--c-surface-2);
     }
   }
-  .layout {
+
+  .body {
+    flex: 1;
     display: grid;
-    grid-template-columns: 180px 1fr;
-    gap: var(--sp-5);
+    grid-template-columns: 240px 1fr;
     align-items: start;
+    min-height: 0;
   }
-  .tabs {
+
+  .sidebar {
+    position: sticky;
+    top: 56px;
+    align-self: start;
+    height: calc(100vh - 56px);
+    border-right: 1px solid var(--c-border);
+    background: var(--c-surface);
+    padding: var(--sp-5) var(--sp-3);
     display: flex;
     flex-direction: column;
-    gap: var(--sp-1);
-    position: sticky;
-    top: var(--sp-4);
+    gap: var(--sp-3);
+  }
+  .side-head {
+    font-size: var(--fs-xs);
+    font-weight: var(--fw-semibold);
+    text-transform: uppercase;
+    letter-spacing: 0.06em;
+    color: var(--c-text-3);
+    padding: 0 var(--sp-2);
+  }
+  .side-nav {
+    display: flex;
+    flex-direction: column;
+    gap: 2px;
   }
-  .tab-btn {
+  .side-item {
+    appearance: none;
     text-align: left;
     padding: var(--sp-2) var(--sp-3);
     background: transparent;
     border: 0;
     border-radius: var(--rd-md);
-    color: var(--c-text-2);
     font: inherit;
+    font-size: var(--fs-sm);
     font-weight: var(--fw-medium);
+    color: var(--c-text-2);
     cursor: pointer;
     transition:
-      background var(--tr-fast),
-      color var(--tr-fast);
+      color var(--tr-fast),
+      background var(--tr-fast);
     &:hover {
-      background: rgba(255, 255, 255, 0.12);
+      color: var(--c-text);
+      background: var(--c-surface-2);
     }
     &.active {
-      background: var(--c-accent-bg);
       color: var(--c-accent);
+      background: var(--c-accent-bg);
     }
   }
+  .side-label {
+    display: inline-block;
+  }
+
   .content {
+    padding: var(--sp-6) var(--sp-7);
     min-width: 0;
   }
+  .card {
+    background: var(--c-surface);
+    border: 1px solid var(--c-border);
+    border-radius: var(--rd-lg);
+    box-shadow: var(--sh-sm);
+    overflow: hidden;
+    max-width: 720px;
+  }
+  .card-head {
+    padding: var(--sp-5) var(--sp-6) var(--sp-4);
+    border-bottom: 1px solid var(--c-border);
+    background: var(--c-surface);
+  }
+  .card-title {
+    margin: 0;
+    font-size: var(--fs-lg);
+    font-weight: var(--fw-semibold);
+    color: var(--c-text);
+  }
+  .card-desc {
+    margin: var(--sp-1) 0 0;
+    font-size: var(--fs-sm);
+    color: var(--c-text-2);
+    line-height: var(--lh-base);
+  }
+  .card-body {
+    padding: var(--sp-6);
+  }
+
   .placeholder {
     padding: var(--sp-7);
     text-align: center;
     color: var(--c-text-3);
   }
 
-  @media (max-width: 640px) {
-    .layout {
+  @media (max-width: 768px) {
+    .topbar {
+      padding: 0 var(--sp-4);
+      gap: var(--sp-2);
+    }
+    .topbar-actions {
+      gap: var(--sp-1);
+    }
+    .divider {
+      display: none;
+    }
+    .link {
+      display: none;
+    }
+    .body {
       grid-template-columns: 1fr;
     }
-    .tabs {
+    .sidebar {
+      position: static;
+      height: auto;
+      border-right: 0;
+      border-bottom: 1px solid var(--c-border);
       flex-direction: row;
+      align-items: center;
+      gap: var(--sp-3);
+      padding: var(--sp-3) var(--sp-4);
+    }
+    .side-head {
+      display: none;
+    }
+    .side-nav {
+      flex-direction: row;
+      gap: var(--sp-1);
       overflow-x: auto;
-      position: static;
+    }
+    .content {
+      padding: var(--sp-5) var(--sp-4);
+    }
+    .card {
+      max-width: none;
+    }
+    .card-head {
+      padding: var(--sp-4) var(--sp-5) var(--sp-3);
+    }
+    .card-body {
+      padding: var(--sp-5);
     }
   }
 </style>

From 383ea16842574ea8ee65e36bc01f34e7a16cdce1 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 27 May 2026 14:32:27 +0800
Subject: [PATCH 67/77] docs(launchpad): drag merge / reorder disambiguation
 spec + plan
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds the design contract and the task-by-task implementation plan
that drove the recent Launchpad UX rework — dwell-gated merge,
shift-to-make-room reorder preview, cross-zone shifts, and the
follow-up fixes (drag-active class, folder-source spring-load,
mergeCollapse source-gap close, wrap-aware extrapolation).

Spec: behavior contract, hover-state machine, layout cache, drop
intent resolution, manual + unit acceptance.

Plan: 9 tasks with code-level diffs and per-task git-commit
templates. Progress tracking via checkbox syntax.
---
 ...-26-launchpad-drag-merge-disambiguation.md | 1641 +++++++++++++++++
 ...nchpad-drag-merge-disambiguation-design.md |  590 ++++++
 2 files changed, 2231 insertions(+)
 create mode 100644 docs/superpowers/plans/2026-05-26-launchpad-drag-merge-disambiguation.md
 create mode 100644 docs/superpowers/specs/2026-05-26-launchpad-drag-merge-disambiguation-design.md

diff --git a/docs/superpowers/plans/2026-05-26-launchpad-drag-merge-disambiguation.md b/docs/superpowers/plans/2026-05-26-launchpad-drag-merge-disambiguation.md
new file mode 100644
index 0000000..ed9aa82
--- /dev/null
+++ b/docs/superpowers/plans/2026-05-26-launchpad-drag-merge-disambiguation.md
@@ -0,0 +1,1641 @@
+# Launchpad Drag Merge / Reorder Disambiguation Implementation Plan
+
+> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
+
+**Goal:** Make Launchpad drag behavior match macOS — item-on-item folder
+creation requires a deliberate dwell, and surrounding cards visibly shift
+to make a gap during reorder (in root grid, folder panel, and across
+zones).
+
+**Architecture:** Hand-rolled Pointer-Events action in `dragGrid.ts` is
+extended with (1) a per-session layout snapshot of every drop-target's
+slot rect, (2) a dwell state machine that fires `armed` at 200 ms and
+`ready` at 600 ms on item targets, and (3) a per-tick shift computation
+that translates each non-source card by `transform: translate(dx,dy)` to
+open a slot at the cursor's insertion point. A new `cellShifts` store
+delivers the per-card translation to `Card.svelte`.
+
+**Tech Stack:** Svelte 5, TypeScript, Pointer Events, vitest. No new
+runtime dependencies.
+
+**Spec:** [`docs/superpowers/specs/2026-05-26-launchpad-drag-merge-disambiguation-design.md`](../specs/2026-05-26-launchpad-drag-merge-disambiguation-design.md)
+
+---
+
+## File Map
+
+| File | Action | Purpose |
+|------|--------|---------|
+| `web/src/lib/stores/dragMerge.ts` | Modify | Extend `MergeCandidate` with `phase`; add `cellShifts` store |
+| `web/src/lib/util/dragGrid.ts` | Modify | New constants; extract pure helpers (`computeShifts`, `buildLayoutCache`, `cursorOnLeftHalfOf`); rewire `liftSource` / `applyHover` / `finish` |
+| `web/src/lib/util/dragGrid.test.ts` | Create | Unit tests for the pure helpers |
+| `web/src/lib/components/Nav/Card.svelte` | Modify | Subscribe to `cellShifts`; rename `merge-target`→`merge-ready`; add `merge-armed`; CSS for hidden source + transition |
+| `web/src/routes/+page.svelte` | Modify | Pass new `onLayoutChange` callback wired to spring-load + edge-pan |
+
+No changes expected in `InlineFolderExpand.svelte` or `+page.svelte`'s
+`handleDrop` (which already supports `before/after/merge`).
+
+---
+
+## Task 1: Foundation — constants, types, stores
+
+**Files:**
+- Modify: `web/src/lib/stores/dragMerge.ts`
+- Modify: `web/src/lib/util/dragGrid.ts:87-95` (constants block)
+
+**Goal:** Behavior-neutral preparation. Add new constants, extend the
+`MergeCandidate` type with a phase, and add a `cellShifts` store. Nothing
+reads the new fields yet so behavior is unchanged.
+
+- [ ] **Step 1: Read current `dragMerge.ts`** to understand existing types
+
+```bash
+cat web/src/lib/stores/dragMerge.ts
+```
+
+- [ ] **Step 2: Replace `dragMerge.ts` to add `phase` and `cellShifts`**
+
+```ts
+// web/src/lib/stores/dragMerge.ts
+import { writable } from 'svelte/store';
+import type { CardKind } from '$lib/util/dragGrid';
+
+// Visual feedback during a drag session.
+//
+//   - dragSource: { id, kind } of the card currently being dragged. Set
+//                 the moment the drag is "lifted" (cursor moved past
+//                 LIFT_THRESHOLD_PX); cleared when the gesture ends.
+//   - mergeCandidate: set whenever the cursor's drop intent on a target
+//                     would be a merge. Card.svelte uses this to render
+//                     the `.merge-armed` (faint) or `.merge-ready`
+//                     (full) halo on the target Card cell.
+//   - cellShifts: per-card translation in pixels driven by reorder
+//                 preview. Card.svelte applies these as
+//                 `transform: translate(dx px, dy px)` on the cell.
+//                 An entry of {dx:0,dy:0} or no entry means no shift.
+
+export type MergePhase = 'armed' | 'ready';
+
+export interface MergeCandidate {
+  id: number;
+  kind: CardKind;
+  phase: MergePhase;
+}
+
+export interface DragSourceMeta {
+  id: number;
+  kind: CardKind;
+}
+
+export const dragSource = writable<DragSourceMeta | null>(null);
+export const mergeCandidate = writable<MergeCandidate | null>(null);
+export const cellShifts = writable<Map<number, { dx: number; dy: number }>>(new Map());
+```
+
+- [ ] **Step 3: Update `dragGrid.ts` constants block**
+
+Edit `web/src/lib/util/dragGrid.ts` lines 87-95 — replace the entire
+constants block:
+
+```ts
+const LIFT_THRESHOLD_PX = 5;
+const MERGE_INNER_FRACTION = 0.5; // tighter (was 0.6) — dwell-gated, can be smaller
+const MERGE_ARM_MS = 200;          // arm fires (release ≥ here = merge)
+const MERGE_READY_MS = 600;        // ready halo strengthens
+const MERGE_CANCEL_MOVE_PX = 8;    // jitter tolerance during pre-arm
+const SHIFT_DURATION_MS = 220;
+// SHIFT_EASE is exposed via CSS variable on Card.svelte; not needed here
+const HOVER_DWELL_MS = 500;        // existing spring-load (unchanged)
+const EDGE_PAN_THRESHOLD_PX = 80;
+const EDGE_PAN_DWELL_MS = 600;
+const EDGE_PAN_INTERVAL_MS = 800;
+const CLONE_OPACITY = 0.88;
+const CLONE_LIFT_SCALE = 1.05;
+const CLONE_ID = '__draggrid_clone__';
+```
+
+- [ ] **Step 4: Verify type-check passes**
+
+Run: `cd web && pnpm check`
+Expected: 0 errors. (The new `phase` field on `MergeCandidate` is set
+nowhere yet, but the field is additive so existing reads still type.)
+
+Note: `Card.svelte:103` reads `$mergeCandidate?.id === card.id`. That's
+a `number === number` check that doesn't touch `phase`. Still compiles.
+
+- [ ] **Step 5: Commit**
+
+```bash
+git add web/src/lib/stores/dragMerge.ts web/src/lib/util/dragGrid.ts
+git commit -m "$(cat <<'EOF'
+refactor(launchpad): extend MergeCandidate with phase and add cellShifts store
+
+Foundation for dwell-gated merge: store now distinguishes 'armed' vs
+'ready' phases of merge intent, and a new cellShifts store carries
+per-card translation deltas for reorder preview. No behavior change yet.
+EOF
+)"
+```
+
+---
+
+## Task 2: Pure shift math + unit tests (TDD)
+
+**Files:**
+- Modify: `web/src/lib/util/dragGrid.ts` (export new pure helpers)
+- Create: `web/src/lib/util/dragGrid.test.ts`
+
+**Goal:** A pure function `computeShifts(input)` returns the per-card
+translation map for any source/target combination. It has zero DOM
+dependency and is fully unit-tested.
+
+- [ ] **Step 1: Write the failing test file**
+
+Create `web/src/lib/util/dragGrid.test.ts`:
+
+```ts
+import { describe, it, expect } from 'vitest';
+import { computeShifts, type SlotRect } from './dragGrid';
+
+// Helper: build a fake bucket of N slots laid out in one row.
+//   slot i has rect {left: i*100, top: 0, width: 80, height: 80}
+function row(n: number, zone = 'root'): SlotRect[] {
+  const out: SlotRect[] = [];
+  for (let i = 0; i < n; i++) {
+    const left = i * 100;
+    out.push({
+      zone,
+      logicalIdx: i,
+      cardId: 1000 + i,
+      rect: new DOMRect(left, 0, 80, 80)
+    });
+  }
+  return out;
+}
+
+describe('computeShifts — same zone', () => {
+  it('returns empty map when source and drop are at same index (no-op)', () => {
+    const bucket = row(5);
+    const out = computeShifts({
+      sourceZone: 'root',
+      sourceCardId: 1001, // c1 at idx 1
+      sourceLogicalIdx: 1,
+      targetZone: 'root',
+      dropIdx: 1,
+      buckets: { root: bucket },
+      mergeCollapse: false
+    });
+    expect(out.size).toBe(0);
+  });
+
+  it('shifts cards in (srcIdx, dropIdx] left by 1 when moving forward', () => {
+    // src=c1 at idx 1, drop at idx 3: cards at idx 2, 3 shift left by one cell
+    const bucket = row(5);
+    const out = computeShifts({
+      sourceZone: 'root',
+      sourceCardId: 1001,
+      sourceLogicalIdx: 1,
+      targetZone: 'root',
+      dropIdx: 3,
+      buckets: { root: bucket },
+      mergeCollapse: false
+    });
+    expect(out.get(1002)).toEqual({ dx: -100, dy: 0 }); // c2
+    expect(out.get(1003)).toEqual({ dx: -100, dy: 0 }); // c3
+    expect(out.get(1000)).toBeUndefined();              // c0 unchanged
+    expect(out.get(1004)).toBeUndefined();              // c4 unchanged
+    expect(out.get(1001)).toBeUndefined();              // src never shifted
+  });
+
+  it('shifts cards in [dropIdx, srcIdx) right by 1 when moving backward', () => {
+    // src=c3 at idx 3, drop at idx 1: cards at idx 1, 2 shift right by one cell
+    const bucket = row(5);
+    const out = computeShifts({
+      sourceZone: 'root',
+      sourceCardId: 1003,
+      sourceLogicalIdx: 3,
+      targetZone: 'root',
+      dropIdx: 1,
+      buckets: { root: bucket },
+      mergeCollapse: false
+    });
+    expect(out.get(1001)).toEqual({ dx: 100, dy: 0 });
+    expect(out.get(1002)).toEqual({ dx: 100, dy: 0 });
+    expect(out.get(1000)).toBeUndefined();
+    expect(out.get(1004)).toBeUndefined();
+  });
+
+  it('returns empty map when mergeCollapse is true', () => {
+    const bucket = row(5);
+    const out = computeShifts({
+      sourceZone: 'root',
+      sourceCardId: 1001,
+      sourceLogicalIdx: 1,
+      targetZone: 'root',
+      dropIdx: 3,
+      buckets: { root: bucket },
+      mergeCollapse: true
+    });
+    expect(out.size).toBe(0);
+  });
+});
+
+describe('computeShifts — cross zone', () => {
+  it('closes source zone gap and opens target zone slot', () => {
+    // src in root at idx 2; drop into folder panel at idx 1
+    const root = row(4, 'root');
+    const folder = row(3, 'folder:5');
+    const out = computeShifts({
+      sourceZone: 'root',
+      sourceCardId: 1002,        // root c2
+      sourceLogicalIdx: 2,
+      targetZone: 'folder:5',
+      dropIdx: 1,
+      buckets: { root, 'folder:5': folder },
+      mergeCollapse: false
+    });
+    // Source zone: cards at idx > 2 shift left by 1
+    expect(out.get(1003)).toEqual({ dx: -100, dy: 0 }); // root c3 → idx 2
+    expect(out.get(1000)).toBeUndefined();
+    expect(out.get(1001)).toBeUndefined();
+    expect(out.get(1002)).toBeUndefined();              // src not shifted
+
+    // Target zone: cards at idx >= 1 shift right by 1.
+    // Folder cards are 1000..1002 in this synthetic test (row() reuses ids).
+    // Adjust: row() in folder uses ids 1000+i, same as root → for clarity use distinct buckets in this test.
+  });
+
+  it('closes source zone gap (no target shifts when target zone empty)', () => {
+    const root = row(4, 'root');
+    const folder: SlotRect[] = [];
+    const out = computeShifts({
+      sourceZone: 'root',
+      sourceCardId: 1003,        // root c3
+      sourceLogicalIdx: 3,
+      targetZone: 'folder:5',
+      dropIdx: 0,
+      buckets: { root, 'folder:5': folder },
+      mergeCollapse: false
+    });
+    // Source zone: nothing after idx 3
+    expect(out.get(1003)).toBeUndefined();
+    // No target zone shifts since folder is empty
+    expect(out.size).toBe(0);
+  });
+});
+```
+
+(The test file imports `computeShifts` and `SlotRect` from `./dragGrid`
+— they don't exist yet. The id collision in the cross-zone test is a
+real concern; we'll fix in Step 3 by giving `row()` a distinct id base
+per zone.)
+
+- [ ] **Step 2: Fix the test helper to use distinct ids per zone**
+
+Edit `dragGrid.test.ts` — replace `row()` with:
+
+```ts
+function row(n: number, zone = 'root', idBase = 1000): SlotRect[] {
+  const out: SlotRect[] = [];
+  for (let i = 0; i < n; i++) {
+    const left = i * 100;
+    out.push({
+      zone,
+      logicalIdx: i,
+      cardId: idBase + i,
+      rect: new DOMRect(left, 0, 80, 80)
+    });
+  }
+  return out;
+}
+```
+
+And update the cross-zone tests to use distinct id bases:
+
+```ts
+it('closes source zone gap and opens target zone slot', () => {
+  const root = row(4, 'root', 1000);   // ids 1000..1003
+  const folder = row(3, 'folder:5', 2000); // ids 2000..2002
+  const out = computeShifts({
+    sourceZone: 'root',
+    sourceCardId: 1002,
+    sourceLogicalIdx: 2,
+    targetZone: 'folder:5',
+    dropIdx: 1,
+    buckets: { root, 'folder:5': folder },
+    mergeCollapse: false
+  });
+  // Source zone close: c3 → -1 slot
+  expect(out.get(1003)).toEqual({ dx: -100, dy: 0 });
+  expect(out.get(1000)).toBeUndefined();
+  expect(out.get(1001)).toBeUndefined();
+  // Target zone open: idx ≥ 1 shifted +1
+  expect(out.get(2001)).toEqual({ dx: 100, dy: 0 });
+  expect(out.get(2002)).toEqual({ dx: 100, dy: 0 });
+  expect(out.get(2000)).toBeUndefined();
+});
+
+it('closes source zone gap (no target shifts when target zone empty)', () => {
+  const root = row(4, 'root', 1000);
+  const folder: SlotRect[] = [];
+  const out = computeShifts({
+    sourceZone: 'root',
+    sourceCardId: 1003,
+    sourceLogicalIdx: 3,
+    targetZone: 'folder:5',
+    dropIdx: 0,
+    buckets: { root, 'folder:5': folder },
+    mergeCollapse: false
+  });
+  expect(out.size).toBe(0); // nothing after idx 3 in src; target empty
+});
+```
+
+- [ ] **Step 3: Run tests, verify they fail**
+
+Run: `cd web && pnpm test:unit src/lib/util/dragGrid.test.ts`
+Expected: All tests FAIL with `computeShifts is not a function` /
+import error.
+
+- [ ] **Step 4: Add `SlotRect` and `computeShifts` to `dragGrid.ts`**
+
+Insert these at the top of `web/src/lib/util/dragGrid.ts` (after the
+existing exports `CardKind`, `DropIntent`, `CardMeta`, etc., and after
+the constants block):
+
+```ts
+export interface SlotRect {
+  zone: string;          // 'root' | `folder:${number}`
+  logicalIdx: number;
+  cardId: number;
+  rect: DOMRect;
+}
+
+export interface ComputeShiftsInput {
+  sourceZone: string;
+  sourceCardId: number;
+  sourceLogicalIdx: number;
+  targetZone: string;
+  /** Logical index in targetZone where the source would land. */
+  dropIdx: number;
+  /** Maps zone name to its full snapshot, sorted by logicalIdx. */
+  buckets: Record<string, SlotRect[]>;
+  /** When true (merge armed/ready or folder target), all shifts collapse. */
+  mergeCollapse: boolean;
+}
+
+/**
+ * Per-card translation (dx, dy) needed to render reorder preview.
+ * Pure: returns the same output for the same input. Skips the source
+ * card. Returns an entry only if the card needs a non-zero translation.
+ */
+export function computeShifts(
+  input: ComputeShiftsInput
+): Map<number, { dx: number; dy: number }> {
+  const result = new Map<number, { dx: number; dy: number }>();
+  if (input.mergeCollapse) return result;
+
+  const { sourceZone, sourceCardId, sourceLogicalIdx, targetZone, dropIdx, buckets } = input;
+
+  if (sourceZone === targetZone) {
+    const bucket = buckets[targetZone] ?? [];
+    if (sourceLogicalIdx === dropIdx) return result;
+    for (const slot of bucket) {
+      if (slot.cardId === sourceCardId) continue;
+      const i = slot.logicalIdx;
+      let newIdx = i;
+      if (sourceLogicalIdx < dropIdx && i > sourceLogicalIdx && i <= dropIdx) {
+        newIdx = i - 1;
+      } else if (sourceLogicalIdx > dropIdx && i >= dropIdx && i < sourceLogicalIdx) {
+        newIdx = i + 1;
+      }
+      if (newIdx === i) continue;
+      const targetSlot = bucket.find((s) => s.logicalIdx === newIdx);
+      if (!targetSlot) continue;
+      result.set(slot.cardId, {
+        dx: targetSlot.rect.left - slot.rect.left,
+        dy: targetSlot.rect.top - slot.rect.top
+      });
+    }
+    return result;
+  }
+
+  // Cross-zone: close source gap; open target slot.
+  const srcBucket = buckets[sourceZone] ?? [];
+  for (const slot of srcBucket) {
+    if (slot.cardId === sourceCardId) continue;
+    const i = slot.logicalIdx;
+    if (i <= sourceLogicalIdx) continue;
+    const newIdx = i - 1;
+    const targetSlot = srcBucket.find((s) => s.logicalIdx === newIdx);
+    if (!targetSlot) continue;
+    result.set(slot.cardId, {
+      dx: targetSlot.rect.left - slot.rect.left,
+      dy: targetSlot.rect.top - slot.rect.top
+    });
+  }
+
+  const tgtBucket = buckets[targetZone] ?? [];
+  for (const slot of tgtBucket) {
+    const i = slot.logicalIdx;
+    if (i < dropIdx) continue;
+    const newIdx = i + 1;
+    // newIdx may be == bucket.length (extrapolated). Use cellAdvance.
+    const targetSlot = tgtBucket.find((s) => s.logicalIdx === newIdx);
+    let dx: number;
+    let dy: number;
+    if (targetSlot) {
+      dx = targetSlot.rect.left - slot.rect.left;
+      dy = targetSlot.rect.top - slot.rect.top;
+    } else {
+      // Extrapolate using the per-step advance from this bucket.
+      const adv = cellAdvance(tgtBucket);
+      if (!adv) continue;
+      dx = adv.dx;
+      dy = adv.dy;
+    }
+    result.set(slot.cardId, { dx, dy });
+  }
+  return result;
+}
+
+/** Per-step displacement vector between consecutive slot rects in a zone. */
+export function cellAdvance(bucket: SlotRect[]): { dx: number; dy: number } | null {
+  if (bucket.length < 2) return null;
+  const a = bucket.find((s) => s.logicalIdx === 0)?.rect;
+  const b = bucket.find((s) => s.logicalIdx === 1)?.rect;
+  if (!a || !b) return null;
+  return { dx: b.left - a.left, dy: b.top - a.top };
+}
+```
+
+- [ ] **Step 5: Run tests, verify they pass**
+
+Run: `cd web && pnpm test:unit src/lib/util/dragGrid.test.ts`
+Expected: All tests PASS.
+
+- [ ] **Step 6: Commit**
+
+```bash
+git add web/src/lib/util/dragGrid.ts web/src/lib/util/dragGrid.test.ts
+git commit -m "$(cat <<'EOF'
+feat(launchpad): pure computeShifts function with unit tests
+
+Per-card translation map for reorder preview. Same-zone shifts cards
+between source and drop indexes; cross-zone closes source's gap and
+opens a target slot. Returns empty when merge intent is committed.
+EOF
+)"
+```
+
+---
+
+## Task 3: Layout cache builder + helpers
+
+**Files:**
+- Modify: `web/src/lib/util/dragGrid.ts` (add `LayoutCache`, `buildLayoutCache`, `cursorOnLeftHalfOf`)
+- Modify: `web/src/lib/util/dragGrid.test.ts` (add test for `cursorOnLeftHalfOf`)
+
+**Goal:** Functions that snapshot the current grid state at lift time
+into a `LayoutCache`, plus a small helper used by drop intent
+resolution. The DOM-walking part is hard to unit-test without jsdom
+fakery, so we lean on `cursorOnLeftHalfOf` (pure) for tests and verify
+the cache builder via integration (Task 5).
+
+- [ ] **Step 1: Add the failing test for `cursorOnLeftHalfOf`**
+
+Append to `web/src/lib/util/dragGrid.test.ts`:
+
+```ts
+import { cursorOnLeftHalfOf } from './dragGrid';
+
+describe('cursorOnLeftHalfOf', () => {
+  it('returns true when cursor is left of slot center', () => {
+    const rect = new DOMRect(100, 0, 80, 80); // [100, 180]
+    expect(cursorOnLeftHalfOf(rect, 120)).toBe(true);  // 120 < 140 (center)
+  });
+
+  it('returns false when cursor is right of slot center', () => {
+    const rect = new DOMRect(100, 0, 80, 80);
+    expect(cursorOnLeftHalfOf(rect, 160)).toBe(false); // 160 > 140
+  });
+
+  it('returns false when cursor is exactly at center (right-half tie-break)', () => {
+    const rect = new DOMRect(100, 0, 80, 80);
+    expect(cursorOnLeftHalfOf(rect, 140)).toBe(false); // exactly at center
+  });
+});
+```
+
+- [ ] **Step 2: Run tests, verify the new ones fail**
+
+Run: `cd web && pnpm test:unit src/lib/util/dragGrid.test.ts`
+Expected: 3 new tests FAIL with `cursorOnLeftHalfOf is not a function`.
+Existing computeShifts tests still PASS.
+
+- [ ] **Step 3: Add `LayoutCache`, `buildLayoutCache`, `cursorOnLeftHalfOf` to `dragGrid.ts`**
+
+Insert below the `cellAdvance` function added in Task 2:
+
+```ts
+export interface CardIdEntry {
+  zone: string;
+  logicalIdx: number;
+  rect: DOMRect;
+}
+
+export interface LayoutCache {
+  byZone: Map<string, SlotRect[]>;          // sorted by logicalIdx
+  byCardId: Map<number, CardIdEntry>;
+  cellAdvanceByZone: Map<string, { dx: number; dy: number }>;
+}
+
+/**
+ * Snapshot all [data-card-id] cells inside `node`, grouped by their
+ * nearest [data-zone] ancestor. Source's own cell is included so its
+ * logical position is recoverable, but the consumer treats source as
+ * "the gap" and skips shifting it.
+ */
+export function buildLayoutCache(node: HTMLElement): LayoutCache {
+  const byZone = new Map<string, SlotRect[]>();
+  const byCardId = new Map<number, CardIdEntry>();
+  const cells = node.querySelectorAll<HTMLElement>('[data-card-id]');
+  // First pass: collect all cells with rects, grouped by zone.
+  const collected: Array<{ cell: HTMLElement; meta: CardMeta; rect: DOMRect }> = [];
+  cells.forEach((cell) => {
+    const meta = readMetaFromCell(cell);
+    if (!meta) return; // skip add-tile sentinel and malformed
+    collected.push({ cell, meta, rect: cell.getBoundingClientRect() });
+  });
+  // Group by zone, sort by document order (which mirrors logicalIdx
+  // because the grid renders in sortOrder).
+  const byZoneRaw = new Map<string, Array<{ meta: CardMeta; rect: DOMRect }>>();
+  for (const { meta, rect } of collected) {
+    const list = byZoneRaw.get(meta.zone) ?? [];
+    list.push({ meta, rect });
+    byZoneRaw.set(meta.zone, list);
+  }
+  // Second pass: assign logicalIdx in DOM order, build SlotRect arrays.
+  for (const [zone, items] of byZoneRaw) {
+    const slots: SlotRect[] = items.map((item, idx) => ({
+      zone,
+      logicalIdx: idx,
+      cardId: item.meta.id,
+      rect: item.rect
+    }));
+    byZone.set(zone, slots);
+    for (const slot of slots) {
+      byCardId.set(slot.cardId, {
+        zone,
+        logicalIdx: slot.logicalIdx,
+        rect: slot.rect
+      });
+    }
+  }
+  // Per-zone cellAdvance for extrapolation.
+  const cellAdvanceByZone = new Map<string, { dx: number; dy: number }>();
+  for (const [zone, slots] of byZone) {
+    const adv = cellAdvance(slots);
+    if (adv) cellAdvanceByZone.set(zone, adv);
+  }
+  return { byZone, byCardId, cellAdvanceByZone };
+}
+
+/**
+ * Pure: is cursorX on the left half of a slot's rect?
+ * Center exactly is treated as right-half (so before/after split has a
+ * deterministic tie-break).
+ */
+export function cursorOnLeftHalfOf(rect: DOMRect, cursorX: number): boolean {
+  return cursorX < rect.left + rect.width / 2;
+}
+```
+
+- [ ] **Step 4: Run tests, verify all pass**
+
+Run: `cd web && pnpm test:unit src/lib/util/dragGrid.test.ts`
+Expected: All tests PASS (the 4 from Task 2 + 3 new ones).
+
+- [ ] **Step 5: Type-check**
+
+Run: `cd web && pnpm check`
+Expected: 0 errors.
+
+- [ ] **Step 6: Commit**
+
+```bash
+git add web/src/lib/util/dragGrid.ts web/src/lib/util/dragGrid.test.ts
+git commit -m "$(cat <<'EOF'
+feat(launchpad): layout cache builder and cursorOnLeftHalfOf helper
+
+buildLayoutCache snapshots every [data-card-id] cell's logical index
+and rect, grouped by [data-zone]. Used at drag lift to keep insertion
+math stable independent of mid-drag transform shifts.
+EOF
+)"
+```
+
+---
+
+## Task 4: Add dwell session fields and helpers
+
+**Files:**
+- Modify: `web/src/lib/util/dragGrid.ts:97-115` (DragSession interface) plus internal helpers
+
+**Goal:** Extend `DragSession` with the fields the dwell state machine
+needs, and add private helper functions to start/cancel arming. Not yet
+wired into `applyHover` — purely additive.
+
+- [ ] **Step 1: Read the current `DragSession` interface for context**
+
+Run: `grep -n 'interface DragSession' web/src/lib/util/dragGrid.ts`
+Expected: shows the interface around line 97.
+
+- [ ] **Step 2: Replace the `DragSession` interface in `dragGrid.ts`**
+
+Find lines 97-115 (the `interface DragSession { ... }` block) and
+replace with:
+
+```ts
+interface DragSession {
+  sourceCell: HTMLElement;
+  source: CardMeta;
+  startX: number;
+  startY: number;
+  cursorX: number;
+  cursorY: number;
+  lifted: boolean;
+  clone: HTMLElement | null;
+  cloneOffsetX: number;
+  cloneOffsetY: number;
+  rafToken: number | null;
+  // Existing spring-load timer (folder panel auto-open).
+  dwellTimer: ReturnType<typeof setTimeout> | null;
+  dwellTargetId: number | null;
+  edgePanTimer: ReturnType<typeof setTimeout> | null;
+  edgePanDirection: EdgePanDirection | null;
+  hover: DragHoverInfo;
+  pointerId: number;
+  // New (Task 4): layout snapshot, populated at lift.
+  layoutCache: LayoutCache | null;
+  sourceLogicalIdx: number;
+  // New (Task 4): merge dwell state machine.
+  mergeArmTimer: ReturnType<typeof setTimeout> | null;
+  mergeReadyTimer: ReturnType<typeof setTimeout> | null;
+  mergeArmTargetId: number | null;
+  mergeArmStartX: number;
+  mergeArmStartY: number;
+  /** True once arm timer fires; persists through ready. The drop semantics
+   *  flip from reorder→merge based on this flag. */
+  mergeArmFired: boolean;
+}
+```
+
+- [ ] **Step 3: Update the session-init block in `onPointerDown`**
+
+Find the session creation around line 178 (`session = { sourceCell: cell, ... }`)
+and replace with:
+
+```ts
+session = {
+  sourceCell: cell,
+  source: meta,
+  startX: e.clientX,
+  startY: e.clientY,
+  cursorX: e.clientX,
+  cursorY: e.clientY,
+  lifted: false,
+  clone: null,
+  cloneOffsetX: 0,
+  cloneOffsetY: 0,
+  rafToken: null,
+  dwellTimer: null,
+  dwellTargetId: null,
+  edgePanTimer: null,
+  edgePanDirection: null,
+  hover: { target: null, intent: null, hoverZone: meta.zone, outOfZone: false },
+  pointerId: e.pointerId,
+  layoutCache: null,
+  sourceLogicalIdx: -1,
+  mergeArmTimer: null,
+  mergeReadyTimer: null,
+  mergeArmTargetId: null,
+  mergeArmStartX: 0,
+  mergeArmStartY: 0,
+  mergeArmFired: false
+};
+```
+
+- [ ] **Step 4: Add private helpers `cancelMergeArm` and `startMergeArm`**
+
+Insert these inside the `dragGrid` action body, just below the existing
+`cancelDwell` function:
+
+```ts
+function cancelMergeArm() {
+  if (!session) return;
+  if (session.mergeArmTimer) {
+    clearTimeout(session.mergeArmTimer);
+    session.mergeArmTimer = null;
+  }
+  if (session.mergeReadyTimer) {
+    clearTimeout(session.mergeReadyTimer);
+    session.mergeReadyTimer = null;
+  }
+  session.mergeArmTargetId = null;
+  session.mergeArmFired = false;
+  mergeCandidate.set(null);
+}
+
+function startMergeArmForItem(targetId: number, kind: CardKind) {
+  if (!session) return;
+  cancelMergeArm();
+  session.mergeArmTargetId = targetId;
+  session.mergeArmFired = false;
+  session.mergeArmStartX = session.cursorX;
+  session.mergeArmStartY = session.cursorY;
+
+  session.mergeArmTimer = setTimeout(() => {
+    if (!session) return;
+    if (session.mergeArmTargetId !== targetId) return;
+    // Defensive: if the cursor wandered past tolerance, do not arm.
+    const dx = session.cursorX - session.mergeArmStartX;
+    const dy = session.cursorY - session.mergeArmStartY;
+    if (Math.hypot(dx, dy) > MERGE_CANCEL_MOVE_PX) {
+      cancelMergeArm();
+      return;
+    }
+    session.mergeArmFired = true;
+    mergeCandidate.set({ id: targetId, kind, phase: 'armed' });
+  }, MERGE_ARM_MS);
+
+  session.mergeReadyTimer = setTimeout(() => {
+    if (!session) return;
+    if (session.mergeArmTargetId !== targetId) return;
+    if (!session.mergeArmFired) return; // arm cancelled before ready
+    mergeCandidate.set({ id: targetId, kind, phase: 'ready' });
+  }, MERGE_READY_MS);
+}
+
+function setMergeImmediateForFolder(targetId: number) {
+  if (!session) return;
+  cancelMergeArm();
+  session.mergeArmTargetId = targetId;
+  session.mergeArmFired = true;
+  mergeCandidate.set({ id: targetId, kind: 'folder', phase: 'ready' });
+}
+```
+
+- [ ] **Step 5: Add cleanup of these timers to `finish`**
+
+Find `finish(canceled: boolean)` around line 402. Add `cancelMergeArm()`
+to the cleanup section. Replace this section:
+
+```ts
+    if (s.rafToken != null) cancelAnimationFrame(s.rafToken);
+    if (s.dwellTimer) clearTimeout(s.dwellTimer);
+    if (s.edgePanTimer) clearTimeout(s.edgePanTimer);
+```
+
+with:
+
+```ts
+    if (s.rafToken != null) cancelAnimationFrame(s.rafToken);
+    if (s.dwellTimer) clearTimeout(s.dwellTimer);
+    if (s.edgePanTimer) clearTimeout(s.edgePanTimer);
+    if (s.mergeArmTimer) clearTimeout(s.mergeArmTimer);
+    if (s.mergeReadyTimer) clearTimeout(s.mergeReadyTimer);
+```
+
+And just before `mergeCandidate.set(null)` (already in `finish`),
+ensure the cellShifts store is also cleared. Replace:
+
+```ts
+    mergeCandidate.set(null);
+    dragSource.set(null);
+```
+
+with:
+
+```ts
+    mergeCandidate.set(null);
+    dragSource.set(null);
+    cellShifts.set(new Map());
+```
+
+And add the import at the top of the file. Find the existing import:
+
+```ts
+import { mergeCandidate, dragSource } from '$lib/stores/dragMerge';
+```
+
+Replace with:
+
+```ts
+import { mergeCandidate, dragSource, cellShifts } from '$lib/stores/dragMerge';
+```
+
+- [ ] **Step 6: Type-check**
+
+Run: `cd web && pnpm check`
+Expected: 0 errors.
+
+- [ ] **Step 7: Sanity-run all tests (still no integration)**
+
+Run: `cd web && pnpm test:unit`
+Expected: All existing + new tests PASS.
+
+- [ ] **Step 8: Commit**
+
+```bash
+git add web/src/lib/util/dragGrid.ts
+git commit -m "$(cat <<'EOF'
+feat(launchpad): dwell session state and merge-arm helpers
+
+Adds layoutCache, sourceLogicalIdx, and dwell timers/state to
+DragSession. Introduces startMergeArmForItem / setMergeImmediateForFolder
+/ cancelMergeArm. Not wired into applyHover yet — Task 5 does that.
+EOF
+)"
+```
+
+---
+
+## Task 5: Wire layout cache + dwell + shifts into `applyHover`
+
+**Files:**
+- Modify: `web/src/lib/util/dragGrid.ts:265-300` (`liftSource`)
+- Modify: `web/src/lib/util/dragGrid.ts:302-332` (`computeHover`)
+- Modify: `web/src/lib/util/dragGrid.ts:334-379` (`applyHover`)
+
+**Goal:** Build the layout cache when the drag lifts; then on every
+rAF tick, classify intent → drive dwell state machine → compute shifts
+→ publish to `cellShifts`. This is the integration step.
+
+- [ ] **Step 1: Build layout cache at lift**
+
+Find `liftSource` around line 265. After the existing line
+`document.body.appendChild(clone);`, add:
+
+```ts
+    session.layoutCache = buildLayoutCache(node);
+    const srcEntry = session.layoutCache.byCardId.get(session.source.id);
+    session.sourceLogicalIdx = srcEntry?.logicalIdx ?? 0;
+```
+
+- [ ] **Step 2: Replace `computeHover` to use layout cache for hits**
+
+Find `computeHover` (around line 302) and replace it. The new version
+also returns the target's `logicalIdx`:
+
+```ts
+function computeHover(s: DragSession): DragHoverInfo {
+  const { cursorX, cursorY, source } = s;
+  const stack = document.elementsFromPoint(cursorX, cursorY);
+  let hoverZone: string | null = null;
+  for (const el of stack) {
+    if (!(el instanceof HTMLElement)) continue;
+    if (el.id === CLONE_ID) continue;
+    if (hoverZone == null) {
+      const zoneEl = el.closest('[data-zone]') as HTMLElement | null;
+      if (zoneEl && node.contains(zoneEl)) {
+        hoverZone = zoneEl.dataset.zone ?? null;
+      }
+    }
+    const cell = el.closest('[data-card-id]');
+    if (!(cell instanceof HTMLElement)) continue;
+    if (!node.contains(cell)) continue;
+    const meta = readMetaFromCell(cell);
+    if (!meta) continue;
+    if (meta.id === source.id) continue;
+    const r = cell.getBoundingClientRect();
+    const intent = classifyIntent(r, cursorX, cursorY);
+    return { target: meta, intent, hoverZone: meta.zone, outOfZone: false };
+  }
+  return { target: null, intent: null, hoverZone, outOfZone: hoverZone == null };
+}
+```
+
+(Logically unchanged — this is a no-op replacement just to keep the
+signature obvious. We rely on `session.layoutCache` for shift compute,
+not for hit-test.)
+
+- [ ] **Step 3: Replace `applyHover` to drive dwell + shifts**
+
+Find `applyHover` and replace the full function body:
+
+```ts
+function applyHover(next: DragHoverInfo) {
+  if (!session) return;
+  const prev = session.hover;
+  session.hover = next;
+
+  if (prev.hoverZone !== next.hoverZone) {
+    options.onHoverZoneChange?.(prev.hoverZone, next.hoverZone);
+  }
+
+  // --- Merge dwell state machine ---
+  // Item targets need a 200ms arm gate. Folder targets are immediate.
+  // Non-merge intent or different target → cancel arming.
+  const isMergeItem =
+    next.intent === 'merge' && next.target?.kind === 'item' && next.target.id != null;
+  const isMergeFolder =
+    next.intent === 'merge' && next.target?.kind === 'folder' && next.target.id != null;
+
+  if (!isMergeItem && !isMergeFolder) {
+    if (session.mergeArmTargetId != null) cancelMergeArm();
+  } else if (isMergeItem) {
+    if (session.mergeArmTargetId !== next.target!.id) {
+      // Switching targets: restart arming.
+      startMergeArmForItem(next.target!.id, 'item');
+    } else if (!session.mergeArmFired) {
+      // Pre-arm jitter check.
+      const dx = session.cursorX - session.mergeArmStartX;
+      const dy = session.cursorY - session.mergeArmStartY;
+      if (Math.hypot(dx, dy) > MERGE_CANCEL_MOVE_PX) {
+        startMergeArmForItem(next.target!.id, 'item'); // restart from current pos
+      }
+    }
+  } else if (isMergeFolder) {
+    if (session.mergeArmTargetId !== next.target!.id) {
+      setMergeImmediateForFolder(next.target!.id);
+    }
+  }
+
+  // --- Spring-load (folder panel auto-open) — unchanged behavior ---
+  // Restrict to: source.kind === 'item' AND source.zone === 'root' AND
+  // target.kind === 'folder'. Same conditions as before.
+  const isSpringTarget =
+    next.intent === 'merge' &&
+    next.target?.kind === 'folder' &&
+    next.target.id != null &&
+    session.source.kind === 'item' &&
+    session.source.zone === 'root';
+  const sameTarget =
+    prev.target?.id === next.target?.id && prev.intent === next.intent;
+  if (!sameTarget) cancelDwell();
+  if (isSpringTarget && session.dwellTargetId !== next.target!.id) {
+    cancelDwell();
+    const tid = next.target!.id;
+    session.dwellTargetId = tid;
+    session.dwellTimer = setTimeout(() => {
+      if (!session) return;
+      if (session.dwellTargetId !== tid) return;
+      options.onSpringLoad?.(tid);
+    }, HOVER_DWELL_MS);
+  }
+
+  // --- Shift compute and publish ---
+  publishShifts(next);
+}
+```
+
+- [ ] **Step 4: Add the new `publishShifts` function**
+
+Insert just below `applyHover` (and above `cancelDwell`):
+
+```ts
+function publishShifts(next: DragHoverInfo) {
+  if (!session || !session.layoutCache) {
+    cellShifts.set(new Map());
+    return;
+  }
+  const lc = session.layoutCache;
+  const target = next.target;
+  // Determine whether merge gate is active (collapse all shifts).
+  const mergeCollapse =
+    target != null &&
+    next.intent === 'merge' &&
+    (target.kind === 'folder' || session.mergeArmFired);
+
+  // Determine target zone + dropIdx.
+  let targetZone: string | null = null;
+  let dropIdx = 0;
+  if (target) {
+    targetZone = target.zone;
+    const tEntry = lc.byCardId.get(target.id);
+    if (!tEntry) {
+      cellShifts.set(new Map());
+      return;
+    }
+    // For pre-arm item merge, fall through to side-based.
+    let effIntent: DropIntent = next.intent ?? 'after';
+    if (effIntent === 'merge' && target.kind === 'item' && !session.mergeArmFired) {
+      effIntent = cursorOnLeftHalfOf(tEntry.rect, session.cursorX) ? 'before' : 'after';
+    }
+    dropIdx = effIntent === 'before' ? tEntry.logicalIdx : tEntry.logicalIdx + 1;
+  } else if (next.hoverZone) {
+    // No target but inside a zone → append at end.
+    targetZone = next.hoverZone;
+    const bucket = lc.byZone.get(targetZone) ?? [];
+    dropIdx = bucket.length;
+  } else {
+    cellShifts.set(new Map());
+    return;
+  }
+
+  const buckets: Record<string, SlotRect[]> = {};
+  for (const [zone, slots] of lc.byZone) buckets[zone] = slots;
+
+  const shifts = computeShifts({
+    sourceZone: session.source.zone,
+    sourceCardId: session.source.id,
+    sourceLogicalIdx: session.sourceLogicalIdx,
+    targetZone,
+    dropIdx,
+    buckets,
+    mergeCollapse
+  });
+  cellShifts.set(shifts);
+}
+```
+
+- [ ] **Step 5: Type-check**
+
+Run: `cd web && pnpm check`
+Expected: 0 errors.
+
+- [ ] **Step 6: Run unit tests**
+
+Run: `cd web && pnpm test:unit`
+Expected: All tests PASS (still pure function tests, the integration is
+not under test).
+
+- [ ] **Step 7: Commit**
+
+```bash
+git add web/src/lib/util/dragGrid.ts
+git commit -m "$(cat <<'EOF'
+feat(launchpad): wire layout cache, dwell, and shift preview in dragGrid
+
+liftSource builds the per-session layout cache. applyHover drives the
+dwell state machine (item: 200/600 ms two-stage; folder: instant) and
+republishes cellShifts each tick. mergeCandidate now includes phase.
+EOF
+)"
+```
+
+---
+
+## Task 6: Resolve final intent in `finish`
+
+**Files:**
+- Modify: `web/src/lib/util/dragGrid.ts:430-435` (the `onDrop` call)
+
+**Goal:** Drop semantics flip from raw geometric intent to **resolved**
+intent: if `mergeArmFired` true → merge; if item target without arm →
+fall back to before/after by cursor side; otherwise pass through.
+
+- [ ] **Step 1: Add `resolveFinalIntent` helper above `finish`**
+
+Insert right above the `finish` function:
+
+```ts
+function resolveFinalIntent(s: DragSession): DragHoverInfo {
+  const t = s.hover.target;
+  if (s.mergeArmFired && t) {
+    return { ...s.hover, intent: 'merge' };
+  }
+  if (s.hover.intent === 'merge' && t && t.kind === 'item') {
+    if (!s.layoutCache) return { ...s.hover, intent: 'after' };
+    const entry = s.layoutCache.byCardId.get(t.id);
+    if (!entry) return { ...s.hover, intent: 'after' };
+    const intent: DropIntent = cursorOnLeftHalfOf(entry.rect, s.cursorX) ? 'before' : 'after';
+    return { ...s.hover, intent };
+  }
+  return s.hover;
+}
+```
+
+- [ ] **Step 2: Update `finish` to use `resolveFinalIntent`**
+
+Find the `onDrop` call at the end of `finish` (around line 430-435):
+
+```ts
+    if (s.lifted && !canceled) {
+      options.onDrop?.({
+        source: s.source,
+        ...s.hover
+      });
+    }
+```
+
+Replace with:
+
+```ts
+    if (s.lifted && !canceled) {
+      options.onDrop?.({
+        source: s.source,
+        ...resolveFinalIntent(s)
+      });
+    }
+```
+
+- [ ] **Step 3: Type-check**
+
+Run: `cd web && pnpm check`
+Expected: 0 errors.
+
+- [ ] **Step 4: Run all tests**
+
+Run: `cd web && pnpm test:unit`
+Expected: PASS.
+
+- [ ] **Step 5: Commit**
+
+```bash
+git add web/src/lib/util/dragGrid.ts
+git commit -m "$(cat <<'EOF'
+feat(launchpad): resolve drop intent based on merge-arm gate
+
+resolveFinalIntent: dropping on an item where the dwell never fired
+falls back to before/after by cursor side. Releasing in armed/ready
+state commits merge. Folder targets always merge.
+EOF
+)"
+```
+
+---
+
+## Task 7: Card.svelte visual updates
+
+**Files:**
+- Modify: `web/src/lib/components/Nav/Card.svelte`
+
+**Goal:** Cell subscribes to `cellShifts` and applies a `transform:
+translate(...)` style. Halo class becomes two-tier (`merge-armed` /
+`merge-ready`). Source cell goes invisible (opacity 0) while dragging.
+CSS adds the shift transition.
+
+- [ ] **Step 1: Read current Card.svelte head**
+
+Run: `grep -n 'mergeCandidate\|merge-target\|use:longPress' web/src/lib/components/Nav/Card.svelte`
+Expected: lines around 10, 103, 106, 197-198.
+
+- [ ] **Step 2: Update the script imports + per-card shift derivation**
+
+Find this near top of `<script>`:
+
+```ts
+  import { mergeCandidate } from '$lib/stores/dragMerge';
+```
+
+Replace with:
+
+```ts
+  import { mergeCandidate, cellShifts } from '$lib/stores/dragMerge';
+```
+
+Then add this derivation alongside the other reactive declarations
+inside the script (anywhere after `card` is in scope; the existing
+file uses Svelte 5 runes so derivations live in `$derived`):
+
+```ts
+  const shift = $derived($cellShifts.get(card.id) ?? { dx: 0, dy: 0 });
+  const mergePhase = $derived(
+    $mergeCandidate?.id === card.id ? $mergeCandidate.phase : null
+  );
+```
+
+- [ ] **Step 3: Update the `<div class="cell">` element**
+
+Find the cell template (currently around line 100-107):
+
+```svelte
+<div
+  class="cell"
+  class:jiggle={$jiggleMode}
+  class:merge-target={$mergeCandidate?.id === card.id}
+  data-card-id={card.id}
+  data-card-kind={card.kind}
+  use:longPress={{ onTrigger: onLongPress }}
+>
+```
+
+Replace with:
+
+```svelte
+<div
+  class="cell"
+  class:jiggle={$jiggleMode}
+  class:merge-armed={mergePhase === 'armed'}
+  class:merge-ready={mergePhase === 'ready'}
+  data-card-id={card.id}
+  data-card-kind={card.kind}
+  style:transform={shift.dx === 0 && shift.dy === 0
+    ? null
+    : `translate(${shift.dx}px, ${shift.dy}px)`}
+  use:longPress={{ onTrigger: onLongPress }}
+>
+```
+
+- [ ] **Step 4: Update the CSS section**
+
+Find the CSS block starting near line 143 (`<style lang="scss">`).
+Locate the `.cell.merge-target .card, .cell.merge-target .folder` rule
+(line ~197-198). Replace the entire `merge-target` rule with the new
+two-tier:
+
+Old:
+```scss
+  /* Visual cue for "release here to merge / reparent". The hover
+   * threshold (500ms) flips this on by setting the cell class. */
+  .cell.merge-target .card,
+  .cell.merge-target .folder {
+    box-shadow:
+      0 0 0 4px var(--c-accent, #4a6cf7),
+      0 0 22px rgba(74, 108, 247, 0.55);
+    transform: scale(1.06);
+    transition:
+      box-shadow 0.15s ease,
+```
+
+New:
+```scss
+  /* Visual cue for "release here to merge / reparent". Two tiers:
+   * - merge-armed: appears at MERGE_ARM_MS (200 ms) into a stationary
+   *   hover. Faint halo + small scale. Releasing here ALSO commits a
+   *   merge (the gate is "armed", not "ready").
+   * - merge-ready: promotes at MERGE_READY_MS (600 ms). Stronger halo,
+   *   larger scale. Functionally identical to armed for drop, but a
+   *   clearer "release now = build folder" signal.
+   * Folder targets are always set to ready immediately. */
+  .cell.merge-armed .card,
+  .cell.merge-armed .folder {
+    box-shadow: 0 0 0 2px rgba(74, 108, 247, 0.5);
+    transform: scale(1.02);
+    transition:
+      box-shadow 0.15s ease,
+      transform 0.15s ease;
+  }
+  .cell.merge-ready .card,
+  .cell.merge-ready .folder {
+    box-shadow:
+      0 0 0 4px var(--c-accent, #4a6cf7),
+      0 0 22px rgba(74, 108, 247, 0.55);
+    transform: scale(1.06);
+    transition:
+      box-shadow 0.15s ease,
+```
+
+(Keep the trailing `transform 0.15s ease;` and closing brace from the
+old block — they apply to `.merge-ready` now.)
+
+- [ ] **Step 5: Add cell shift transition + hidden source rules**
+
+Inside the same `<style>` block, find the `.cell { ... }` rule at the
+top (around line 155). After it, add:
+
+```scss
+  /* Reorder preview translation. The cell uses `style:transform` set by
+   * cellShifts; this keeps the inner card/folder element free for the
+   * jiggle and merge-state transforms (they don't compose otherwise). */
+  .cell {
+    transition: transform var(--shift-duration, 220ms) cubic-bezier(0.4, 0, 0.2, 1);
+  }
+  /* While this cell is the active drag source, hide it so the empty
+   * slot is visible at the source's logical position. The clone follows
+   * the cursor (managed by dragGrid). pointer-events:none keeps the
+   * hidden cell from intercepting elementsFromPoint hits. */
+  .cell[data-dragging='true'] {
+    opacity: 0;
+    pointer-events: none;
+  }
+```
+
+- [ ] **Step 6: Type-check**
+
+Run: `cd web && pnpm check`
+Expected: 0 errors.
+
+- [ ] **Step 7: Quick visual smoke test (dev server)**
+
+Run in one terminal: `cd web && pnpm dev`
+Open http://127.0.0.1:5173. After login, long-press a card to enter
+jiggle mode. Drag a card across the row.
+
+Expected: surrounding cards visibly shift to make a gap. Halo only
+appears after stopping on another item ≥ 200 ms.
+
+(If the dev server can't start because the Rust backend isn't running,
+either start it via the existing `docker-compose.yml` flow, or skip
+this step and rely on Task 10 for full verification.)
+
+- [ ] **Step 8: Commit**
+
+```bash
+git add web/src/lib/components/Nav/Card.svelte
+git commit -m "$(cat <<'EOF'
+feat(launchpad): card visual reorder shift and two-tier merge halo
+
+Card subscribes to cellShifts and applies translate transform; merge
+halo splits into merge-armed (faint, 200ms) and merge-ready (full,
+600ms). Source cell goes invisible while dragging so the gap is shown.
+EOF
+)"
+```
+
+---
+
+## Task 8: `+page.svelte` — rebuild cache on layout-changing events
+
+**Files:**
+- Modify: `web/src/routes/+page.svelte` (the `dragGrid` use directive and
+  surrounding callbacks)
+
+**Goal:** When the folder panel spring-loads or the page changes
+mid-drag, rebuild the layout cache so subsequent ticks have correct
+slot rects.
+
+- [ ] **Step 1: Read the current dragGrid call site**
+
+Run: `grep -n 'dragGrid\|onSpringLoad\|onEdgePan' web/src/routes/+page.svelte`
+Expected: lines around 411-419 (the `<div class="canvas" use:dragGrid>` block).
+
+- [ ] **Step 2: Expose a layoutCache rebuilder from the dragGrid action**
+
+In `web/src/lib/util/dragGrid.ts`, find the action's `return` block
+near the end:
+
+```ts
+  return {
+    update(next: DragGridOptions) {
+      options = next;
+    },
+    destroy() {
+      ...
+    }
+  };
+```
+
+Replace with:
+
+```ts
+  return {
+    update(next: DragGridOptions) {
+      options = next;
+    },
+    /** Rebuilds the layout cache. Callers (page-level callbacks) invoke
+     *  this after layout-changing events (spring-load, edge-pan) so
+     *  subsequent ticks have correct slot rects. */
+    rebuildLayoutCache() {
+      if (session?.lifted) {
+        session.layoutCache = buildLayoutCache(node);
+        const srcEntry = session.layoutCache.byCardId.get(session.source.id);
+        session.sourceLogicalIdx = srcEntry?.logicalIdx ?? session.sourceLogicalIdx;
+      }
+    },
+    destroy() {
+      ...
+    }
+  };
+```
+
+(Keep the destroy body intact.)
+
+Svelte action types: `dragGrid` returns `ActionReturn<DragGridOptions>`
+implicitly. Adding a method requires explicit typing. Update the
+exported function signature near the top of the file:
+
+```ts
+export function dragGrid(
+  node: HTMLElement,
+  opts: DragGridOptions
+): { update(next: DragGridOptions): void; rebuildLayoutCache(): void; destroy(): void } {
+```
+
+- [ ] **Step 3: Capture the action return in `+page.svelte`**
+
+Find the `<div class="canvas">` block (around line 411). The action is
+currently used via `use:dragGrid`. Svelte actions can't return a
+handle through `use:` directly, so we'll wrap manually:
+
+Old (around line 411-419):
+```svelte
+<div
+  class="canvas"
+  use:dragGrid={{
+    enabled: $jiggleMode && $sessionStore.authed,
+    onSpringLoad: handleSpringLoad,
+    onEdgePan: handleEdgePan,
+    onHoverZoneChange: handleHoverZoneChange,
+    onDrop: handleDrop
+  }}
+>
+```
+
+Replace with the same use directive but capture the return through a
+helper. In the `<script>` section near other state declarations, add:
+
+```ts
+  let dragGridHandle: { rebuildLayoutCache(): void } | null = null;
+
+  function dragGridAction(node: HTMLElement, opts: Parameters<typeof dragGrid>[1]) {
+    const ret = dragGrid(node, opts);
+    dragGridHandle = ret;
+    return {
+      update(next: typeof opts) {
+        ret.update(next);
+      },
+      destroy() {
+        dragGridHandle = null;
+        ret.destroy();
+      }
+    };
+  }
+```
+
+Then change the use directive:
+
+```svelte
+<div
+  class="canvas"
+  use:dragGridAction={{
+    enabled: $jiggleMode && $sessionStore.authed,
+    onSpringLoad: handleSpringLoad,
+    onEdgePan: handleEdgePan,
+    onHoverZoneChange: handleHoverZoneChange,
+    onDrop: handleDrop
+  }}
+>
+```
+
+- [ ] **Step 4: Wire `handleSpringLoad` and `handleEdgePan` to call rebuild**
+
+Find `handleSpringLoad` and `handleEdgePan` (use grep). Each currently
+performs its primary action (open folder / pan page). Update both to
+also schedule a layout cache rebuild after the DOM has settled:
+
+```ts
+  import { tick } from 'svelte';
+
+  async function handleSpringLoad(folderId: number) {
+    openFolderId = folderId;
+    await tick();          // wait for InlineFolderExpand to mount its cells
+    dragGridHandle?.rebuildLayoutCache();
+  }
+
+  async function handleEdgePan(direction: 'prev' | 'next') {
+    // existing pager-advance logic ...
+    await tick();
+    dragGridHandle?.rebuildLayoutCache();
+  }
+```
+
+(If `tick` is already imported elsewhere in the file, don't double-import.)
+
+- [ ] **Step 5: Type-check**
+
+Run: `cd web && pnpm check`
+Expected: 0 errors.
+
+- [ ] **Step 6: Commit**
+
+```bash
+git add web/src/lib/util/dragGrid.ts web/src/routes/+page.svelte
+git commit -m "$(cat <<'EOF'
+feat(launchpad): rebuild drag layout cache on spring-load and edge-pan
+
+Layout-changing events mid-drag invalidate the cache; expose
+rebuildLayoutCache() and call it from +page.svelte after tick().
+EOF
+)"
+```
+
+---
+
+## Task 9: Manual verification via dev server
+
+**Files:** None modified. Pure verification.
+
+**Goal:** Walk through the full acceptance checklist from the spec
+(§9.1 + §9.3) on a real running app.
+
+- [ ] **Step 1: Start backend + frontend**
+
+If the project's standard dev flow uses docker-compose for the Rust
+backend, start it first per the project's existing convention:
+
+```bash
+docker-compose up -d   # if applicable
+cd web && pnpm dev     # foreground; logs in this terminal
+```
+
+Open http://127.0.0.1:5173 in a browser.
+
+- [ ] **Step 2: Seed at least 6 root items + 1 folder + 1 nested item**
+
+Use the existing admin UI (`?admin=1` or whatever the project supports)
+to create test cards. If existing dev data is sufficient, use that.
+
+- [ ] **Step 3: Run the spec §9.1 manual verification checklist**
+
+For each item below, perform the gesture and verify the visible result
+matches the description. Tick off as you go.
+
+- [ ] Drag root card across row. Surrounding cards visibly shift to
+      make a gap following the cursor. **No halo** on any card during
+      quick movement.
+- [ ] Drag root card directly on top of another item card and stop.
+      Within ~200 ms a faint halo appears on target. Within ~600 ms it
+      fully brightens (scale 1.06 + strong shadow). Release: folder
+      created (toast confirmation).
+- [ ] Drag root card on top of another item, stop briefly (< 200 ms),
+      then move away. **No halo flicker** during the brief stop. Move
+      to between two other cards. Release: reorder committed at the
+      visible gap.
+- [ ] Drag root card on top of an existing folder card. Halo appears
+      immediately (no dwell — folders go straight to ready). Release:
+      card becomes child of that folder.
+- [ ] Drag root card on top of a folder card and **hold for 500 ms**.
+      Folder panel opens (existing spring-load). Release inside panel:
+      card is added to that folder at insertion point with shift
+      preview visible inside the panel.
+- [ ] Drag a card from inside a folder panel out to the root grid.
+      Root cards shift to make a gap at insertion point. Source
+      zone (folder panel) shows its cards close ranks. Release: card
+      moves to root.
+- [ ] Drag from inside a folder panel and drop on empty area outside
+      any zone (`outOfZone`). Card moves to root end (existing branch 4
+      of `handleDrop`).
+- [ ] During drag, source's slot stays visibly empty (gap shown) at
+      its original position when in source zone, or "closed" when
+      cursor is in another zone.
+- [ ] After releasing, all cards animate to final positions smoothly
+      (no jump-and-snap) over ~220 ms.
+
+- [ ] **Step 4: Run §9.3 regression checks**
+
+- [ ] Type a search query in the search box. Drag is disabled — no
+      jiggle, no halo, no shifts on attempting drag.
+- [ ] Drag near left/right viewport edge for ≥ 600 ms. Page advances
+      via existing edge-pan; after page change, cards animate to new
+      layout and shift preview restarts.
+- [ ] Log out. Long-press any card. Jiggle mode does not enter
+      (`sessionStore.authed === false`).
+- [ ] Out of jiggle mode: click a card body. Page navigates as before.
+- [ ] In jiggle mode: click the `−` (delete) button on a card. Confirm
+      dialog appears; the click did not start a drag.
+
+- [ ] **Step 5: Touch verification (optional)**
+
+If you have a touch device or use Chrome DevTools touch emulation:
+re-run §9.1 checklist on touch input. Pointer Events should give
+identical behavior; flag any divergence as a bug.
+
+- [ ] **Step 6: Final lint + test sweep**
+
+```bash
+cd web && pnpm lint && pnpm check && pnpm test:unit
+```
+
+Expected: all pass. Fix any warnings before moving on.
+
+- [ ] **Step 7: No commit (verification only)**
+
+This task produces no code changes. If verification surfaces a bug,
+loop back to the relevant earlier task, fix, and re-run §9.1.
+
+---
+
+## Self-Review Notes
+
+**Spec coverage check:**
+
+| Spec section | Implemented in task |
+|--------------|---------------------|
+| 3.1 Reorder shifts | Task 5 (publishShifts), Task 7 (CSS transition) |
+| 3.2 Merge dwell timeline (200 ms armed, 600 ms ready) | Task 4 (helpers), Task 5 (applyHover wiring), Task 7 (two halo classes) |
+| 3.3 Folder targets — instant merge + spring-load | Task 5 (`setMergeImmediateForFolder`, kept spring-load logic) |
+| 3.4 Cross-zone shifts | Task 2 (computeShifts cross-zone branch), Task 8 (rebuild on spring-load) |
+| 3.5 Folder source — reorder only | Inherited from existing `handleDrop` branch 2 + `setMergeImmediate` only fires for kind=folder targets |
+| 4.1 LayoutCache | Task 3 (builder), Task 4 (session field), Task 5 (build at lift) |
+| 4.2 DragSession state additions | Task 4 |
+| 4.3 Hit-test live `elementsFromPoint` | Task 5 (`computeHover` unchanged in approach) |
+| 4.4 Shift computation | Task 2 (pure), Task 5 (integration) |
+| 4.5 Dwell state machine | Task 4 (helpers), Task 5 (state-machine entry conditions) |
+| 4.6 Drop intent resolution | Task 6 |
+| 5 Constants | Task 1 |
+| 6 CSS | Task 7 |
+| 7 File changes | All tasks combined |
+| 8 Risks | Mitigated as listed; rebuild cache covers spring-load/edge-pan |
+| 9.1 Manual verification | Task 9 |
+| 9.3 Regression | Task 9 |
+| 9.4 Unit tests | Task 2, Task 3 |
+
+**Placeholders / TBDs:** none.
+
+**Type consistency check:**
+- `MergeCandidate.phase: 'armed' | 'ready'` — used in Task 1 (define),
+  Task 4 (set in helpers), Task 7 (read in Card.svelte). Consistent.
+- `LayoutCache.byCardId` — defined in Task 3 with `{zone, logicalIdx, rect}`.
+  Used in Task 5 (`lc.byCardId.get(target.id)`) and Task 6
+  (`s.layoutCache.byCardId.get(t.id)`). Consistent.
+- `cellShifts: Writable<Map<number, {dx,dy}>>` — defined in Task 1, set
+  in Task 5 (`publishShifts`), cleared in Task 4 (`finish`), read in
+  Task 7 (`Card.svelte`). Consistent.
+- `computeShifts` signature — defined in Task 2; called in Task 5 with
+  matching keys (`sourceZone`, `sourceCardId`, `sourceLogicalIdx`,
+  `targetZone`, `dropIdx`, `buckets`, `mergeCollapse`). Consistent.
+
+**Out-of-task items:** none. Plan covers spec end-to-end.
diff --git a/docs/superpowers/specs/2026-05-26-launchpad-drag-merge-disambiguation-design.md b/docs/superpowers/specs/2026-05-26-launchpad-drag-merge-disambiguation-design.md
new file mode 100644
index 0000000..3748ed8
--- /dev/null
+++ b/docs/superpowers/specs/2026-05-26-launchpad-drag-merge-disambiguation-design.md
@@ -0,0 +1,590 @@
+# Launchpad Drag Merge / Reorder Disambiguation — Design
+
+**Status**: Approved 2026-05-26
+**Scope**: Make Launchpad jiggle-mode drag behavior match macOS Launchpad on
+two axes:
+1. Item-on-item folder creation requires a deliberate **dwell** (cursor
+   pause), not the current instant geometric trigger.
+2. Surrounding cards **shift to make a visible gap** at the insertion point
+   during reorder, on both root grid and folder panel, including cross-zone
+   drags.
+
+The previous Launchpad foundation is in
+[2026-05-21-launchpad-unify-design.md](2026-05-21-launchpad-unify-design.md).
+This spec is purely a UX refinement of that foundation. No data model, no
+API surface changes.
+
+This document is the design contract. The implementation plan and tasks
+are produced separately by `writing-plans`.
+
+---
+
+## 1. Goals
+
+1. A user dragging a card across the grid **never** accidentally creates a
+   folder. Quick movement is unambiguously reorder.
+2. A user **can** create a folder by dragging a card directly on top of
+   another card and **pausing** for ~600 ms. Two-stage halo gives feedback
+   that the merge is being armed.
+3. During reorder, neighboring cards visibly shift to **open the slot**
+   the dragged card would land in if released. The user has at-a-glance
+   confirmation of the drop position.
+4. The same shift-to-make-room animation applies inside an open folder
+   panel, and across zones (drag from root into folder panel, drag from
+   folder panel out to root).
+5. Folder targets keep their existing behavior: instant merge on drop,
+   plus 500 ms hover dwell to spring-load (open) the panel.
+
+## 2. Non-goals
+
+- Visual rework of jiggle (wobble) animation. Existing `@keyframes
+  jiggle-shake` stays.
+- Edge-pan tuning. Existing `EDGE_PAN_*` constants stay.
+- Touch-specific gesture changes. Pointer Events already unify; the new
+  behavior is identical on mouse and touch.
+- Folder-in-folder nesting. Still forbidden (matches the unify design).
+- Search-mode drag. Search still disables drag entirely.
+
+## 3. User-facing behavior
+
+### 3.1 Reorder (the common case)
+
+While dragging, surrounding cards in the **hover zone** (root grid OR an
+open folder panel) animate to open a slot at the insertion point. The
+slot location follows the cursor's position relative to the target card:
+
+- Cursor on the **left half** of a card → slot opens to its left.
+- Cursor on the **right half** → slot opens to its right.
+- Cursor outside any card but inside a zone → slot opens at the end of
+  that zone.
+
+The dragged card's source slot is rendered as an **empty placeholder**
+(opacity 0) so the gap is visible there too. Cards between the source
+and the cursor's target slot translate by exactly one cell-step toward
+the source, animated with a 220 ms `cubic-bezier(0.4, 0, 0.2, 1)`
+transition on `transform`.
+
+Releasing the cursor commits the visible insertion: drop position equals
+the slot the gap is currently occupying.
+
+### 3.2 Merge (deliberate folder creation)
+
+The merge gate is two-stage and time-based. Letting the cursor enter
+inner 50 % of an item card alone is **not enough** to merge: the cursor
+must stay there.
+
+Timeline from the moment the cursor first enters the inner 50 % of an
+item target T (call this `t=0`):
+
+1. **0 ≤ t < 200 ms**: No visual change. Reorder shifts continue to
+   compute against a "would-be before/after" insertion based on cursor
+   side, so cards keep flowing. Releasing here commits **reorder** by
+   cursor side, not merge.
+2. **t = 200 ms** (`MERGE_ARM_MS`), cursor still inside T's merge zone
+   and total displacement from `t=0` cursor < 8 px (`MERGE_CANCEL_MOVE_PX`):
+   - Reorder shifts in this zone **collapse** back to neutral
+     (cards animate back to their logical slots).
+   - T enters **`merge-armed`** state: 2 px halo at 50 % accent opacity,
+     scale 1.02. From this point onward, releasing **commits merge**.
+3. **t = 600 ms** (`MERGE_READY_MS`): T promotes to **`merge-ready`**:
+   4 px halo at full accent, scale 1.06 (existing visual). Functionally
+   identical to `merge-armed` for drop commit; this state is purely a
+   stronger visual cue.
+4. Cursor exits T's merge zone OR moves > 8 px from arm-start position
+   before t = 200 ms: timers cancel. No visible state was shown, so
+   nothing to clean up. Reorder shifts continue without interruption.
+5. Cursor exits T's merge zone after t ≥ 200 ms (i.e. after armed
+   appeared): timers cancel; merge-armed/ready clears; reorder shifts
+   re-apply for the new cursor position.
+6. Cursor moves to a **different** item's merge zone: prior target's
+   timers cancel, new target's timers start fresh from t = 0.
+
+### 3.3 Folder targets
+
+Behavior unchanged from current implementation:
+- Cursor entering inner 50 % of a `folder` card sets `merge` intent
+  immediately (no dwell required for the merge itself — folders absorb
+  by nature).
+- Cursor remaining there for 500 ms (`HOVER_DWELL_MS`) triggers
+  spring-load: the folder panel opens, allowing drop into its grid.
+- Releasing on the folder body: source becomes a child of that folder.
+
+The single new visual: while `merge` is active on a folder target, that
+target's halo also uses the two-tier `armed → ready` progression
+(consistent visual vocabulary), but both tiers fire near-instantly
+since there is no dwell gate. In practice the user only sees `ready`.
+
+### 3.4 Cross-zone drags
+
+Cross-zone drag (root → folder panel, folder panel → root; folder ↔
+folder is not possible because nesting is forbidden) shows shifts in
+**both** zones simultaneously, matching macOS Launchpad:
+
+- **Source zone**: source's slot visually closes. All cards with
+  `logicalIdx > srcIdx` translate toward srcIdx by one cell-step, so
+  the source zone appears continuous with no gap. (The source cell
+  itself remains in its DOM slot at opacity 0 / pointer-events none —
+  the visible "close" is achieved by translating its successors.)
+- **Target zone**: cards from the cursor's insertion slot onward
+  translate forward by one cell-step, opening a slot at `dropIdx`.
+
+Released into target zone: server commit renumbers both zones; the
+animations smoothly resolve into the new logical positions.
+
+If the cursor returns to the source zone before release, the source
+zone's "close" reverses (cards animate back to their original slots),
+so the gap re-opens at srcIdx and the source zone treats this as a
+same-zone reorder per §3.1.
+
+### 3.5 Folder source
+
+A `folder` source can never become a merge target's child (no nesting).
+On root grid, dragging a folder shows reorder shifts only. On any
+attempt to merge a folder onto another card, the gesture falls through
+to `before/after` reorder (existing handleDrop logic).
+
+## 4. Architecture
+
+### 4.1 Data structures
+
+#### LayoutCache (per drag session)
+
+```ts
+interface SlotRect {
+  zone: string;          // 'root' | `folder:${id}`
+  logicalIdx: number;
+  rect: DOMRect;         // pixel rect of this slot
+}
+interface LayoutCache {
+  byZone: Map<string, SlotRect[]>;     // sorted by logicalIdx
+  byCardId: Map<number, { zone: string; logicalIdx: number; rect: DOMRect }>;
+  cellSize: { w: number; h: number };  // for sanity, debug
+  cellAdvance: Map<string, { dx: number; dy: number }>;  // per-zone next-slot vector
+}
+```
+
+Built at lift time by walking every `[data-card-id]` element inside the
+`dragGrid` node. Source's logical idx is stored separately on the
+`DragSession`.
+
+**Invalidation**: rebuild on any of:
+- `onSpringLoad` callback fires (new folder cells appear)
+- `onEdgePan` callback fires (page changes; root grid swaps content)
+- `window` resize during drag (rare, defensive)
+
+#### cellShifts store
+
+```ts
+// New store, sibling of mergeCandidate / dragSource in $lib/stores/dragMerge.ts
+export const cellShifts = writable<Map<number, { dx: number; dy: number }>>(new Map());
+```
+
+Cleared at session start and at session end. Updated each tick.
+
+#### mergeCandidate phase
+
+```ts
+// Replaces existing MergeCandidate type
+export type MergePhase = 'armed' | 'ready';
+export interface MergeCandidate {
+  id: number;
+  kind: CardKind;
+  phase: MergePhase;
+}
+```
+
+### 4.2 Drag session state machine
+
+State additions on top of current `DragSession`:
+
+```ts
+interface DragSession {
+  // … existing fields (sourceCell, source, cursorX/Y, lifted, clone, …)
+  layoutCache: LayoutCache | null;          // null until lifted
+  sourceLogicalIdx: number;                 // populated at lift
+  mergeArmTimer: ReturnType<typeof setTimeout> | null;
+  mergeReadyTimer: ReturnType<typeof setTimeout> | null;
+  mergeArmTargetId: number | null;          // currently arming this id; null when no merge candidate
+  mergeArmStartX: number;                   // cursor position when arming started (t=0)
+  mergeArmStartY: number;
+  mergeArmFired: boolean;                   // true once t≥200ms reached; persists through ready and is
+                                            // the gate that flips drop semantics from reorder→merge
+  // existing dwellTimer/dwellTargetId for spring-load stays separate
+}
+```
+
+### 4.3 Hit-test
+
+**Continues to use live `elementsFromPoint`** (post-shift). Rationale:
+
+- Cards visibly at position P are the cards the user expects to interact
+  with at position P. Caching pre-shift rects would create a mismatch
+  where the user sees card A at the cursor but the system reports card B.
+- The original code comment on `dragGrid.ts:5-12` argued that FLIP
+  shifting "actively defeats dwell". That argument applies to libraries
+  that **shift the target itself away from the cursor**. Our shift rule
+  (4.4) explicitly does not move the target during merge arming — once
+  arming starts on a target, all shifts in that zone collapse and the
+  target stays put for the full dwell window.
+
+So no change to `computeHover` other than enriching the result with the
+target's `logicalIdx` (looked up in `LayoutCache.byCardId`).
+
+### 4.4 Shift computation
+
+Run every rAF tick after hit-test. Inputs: source's zone + logicalIdx,
+target's zone + logicalIdx (or null), intent (`before` | `after` |
+`merge`), and `mergeArmFired` flag.
+
+#### Step 1: determine `dropIdx` per zone
+
+```
+// Collapse all shifts when the merge gate is active. This covers:
+//   - item target: armed (mergeArmFired=true) or ready
+//   - folder target: instant-merge (treated as immediately ready)
+let mergeActive := (intent == 'merge' AND target != null AND
+                    (target.kind == 'folder' OR session.mergeArmFired))
+if mergeActive:
+   shifts := empty   // cards collapse; halo on target is the only feedback
+   return
+
+let targetZone := target.zone if target else hoverZone
+if !targetZone:
+   shifts := empty
+   return
+
+let bucket := layoutCache.byZone[targetZone]
+
+// Note: when intent == 'merge' on an item target but mergeArmFired is
+// false (cursor is in merge zone but the 200ms gate has not fired),
+// fall through to side-based classification — keep showing reorder
+// preview by cursor side. This avoids flicker when the cursor brushes
+// through card centers without stopping.
+let effectiveIntent := if (intent == 'merge' AND target != null
+                            AND target.kind == 'item'
+                            AND !session.mergeArmFired)
+                       then (cursorOnLeftHalfOf(target) ? 'before' : 'after')
+                       else intent
+
+if target == null:
+   dropIdx := bucket.length  // append at end
+else if effectiveIntent == 'before':
+   dropIdx := target.logicalIdx
+else if effectiveIntent == 'after':
+   dropIdx := target.logicalIdx + 1
+```
+
+#### Step 2: compute each card's display index
+
+For same-zone (sourceZone == targetZone):
+
+```
+let srcIdx := session.sourceLogicalIdx
+
+for each card c in bucket:
+  if c.cardId == source.id:
+     // source is hidden; no shift on it
+     continue
+  let i := c.logicalIdx
+  let newIdx :=
+    if srcIdx < dropIdx and srcIdx < i <= dropIdx - 1: i - 1
+    else if dropIdx <= i < srcIdx: i + 1
+    else: i
+  shifts[c.cardId] := slotPos(newIdx) - slotPos(i)
+```
+
+For cross-zone (sourceZone != targetZone):
+
+```
+// Source zone: visually close the gap at srcIdx by shifting all cards
+// with logicalIdx > srcIdx one slot toward srcIdx. Source cell itself
+// stays in its DOM slot at opacity 0, so the visible result is "no gap".
+let srcBucket := layoutCache.byZone[sourceZone]
+let srcIdx := session.sourceLogicalIdx
+for each card c in srcBucket:
+  if c.cardId == source.id: continue
+  let i := c.logicalIdx
+  let newIdx := if i > srcIdx: i - 1 else: i
+  shifts[c.cardId] := slotPos(sourceZone, newIdx) - slotPos(sourceZone, i)
+
+// Target zone: open a slot at dropIdx by shifting cards with logicalIdx
+// >= dropIdx one slot forward.
+let tgtBucket := layoutCache.byZone[targetZone]
+for each card c in tgtBucket:
+  let i := c.logicalIdx
+  let newIdx := if i >= dropIdx: i + 1 else: i
+  shifts[c.cardId] := slotPos(targetZone, newIdx) - slotPos(targetZone, i)
+```
+
+If the cursor crosses **back** into the source zone (now treated as a
+same-zone drag again), the cross-zone branch isn't taken: same-zone
+math applies and the source zone's "close" naturally reverses (each
+card's `newIdx` returns to its `logicalIdx` since target == source
+zone with cursor not pointing at any same-zone insertion further than
+srcIdx).
+
+`slotPos(idx)` returns the upper-left of slot idx in the zone, looked up
+from `layoutCache.byZone[zone][idx].rect`.
+
+`cellAdvance(zone)` is the per-step displacement vector between two
+consecutive slot rects, derived from the zone's first two cached rects
+(or, if only one slot exists, falls back to `cellSize.w` along the row
+axis). Used when extrapolating beyond the cached array — for example
+when `newIdx === bucket.length` (the dragged source is being appended
+to the end of a non-empty zone): the slot at index `bucket.length`
+doesn't exist in the snapshot, so we compute it as
+`slotPos(bucket.length - 1) + cellAdvance`. For empty zones (target zone
+contains no other cards), the slot rect is the zone container's
+content origin (top-left of the zone's first row).
+
+#### Step 3: write to store
+
+```ts
+cellShifts.set(new Map(allShifts));
+```
+
+CSS transition on Card.svelte handles the smooth animation.
+
+### 4.5 Dwell state machine (item targets only)
+
+Triggered by `applyHover` when `intent === 'merge' && target.kind === 'item'`:
+
+```
+on enter merge zone of an item target T (target.id !== mergeArmTargetId,
+or first entry):
+  cancel existing arm/ready timers and clear mergeCandidate
+  mergeArmTargetId := T.id
+  mergeArmFired := false
+  mergeArmStartX, Y := current cursor X, Y
+  start mergeArmTimer (200 ms) →
+    if cursor still hovering same T's merge zone AND
+       displacement from (startX, startY) ≤ MERGE_CANCEL_MOVE_PX:
+       mergeArmFired := true
+       mergeCandidate := { id: T.id, kind: 'item', phase: 'armed' }
+       (rAF tick will recompute shifts; with mergeArmFired=true they collapse)
+    else: cancel arming (timer fired but cursor moved away — same as cancel)
+  start mergeReadyTimer (600 ms) →
+    if mergeArmFired (still on same target):
+       mergeCandidate := { id: T.id, kind: 'item', phase: 'ready' }
+    else: no-op (arming was cancelled or pre-empted)
+
+on each tick while arming (mergeArmTargetId !== null):
+  if intent != 'merge' OR target?.id != mergeArmTargetId:
+     cancel arming
+  else if NOT mergeArmFired AND
+          Math.hypot(cursorX - mergeArmStartX, cursorY - mergeArmStartY) > MERGE_CANCEL_MOVE_PX:
+     cancel arming  // jittered before arm timer fired; restart on next entry
+  // Note: once mergeArmFired is true, jitter is allowed. Cursor staying in
+  // merge zone is the only requirement to remain armed.
+
+on cancel arming:
+  clear arm/ready timers
+  mergeArmTargetId := null
+  mergeArmFired := false
+  mergeCandidate := null
+```
+
+**Re-entering the same target**: if the cursor leaves T's merge zone,
+arming cancels (above). When the cursor re-enters T (or any item),
+arming restarts from t = 0. This means a user who briefly slides past T
+and comes back must hold for another full 200 ms to see armed.
+
+**Folder targets** (`kind === 'folder'`): skip the dwell entirely. On
+entering merge zone, set:
+```
+mergeArmTargetId := T.id
+mergeArmFired := true
+mergeCandidate := { id: T.id, kind: 'folder', phase: 'ready' }
+```
+(plus the existing `HOVER_DWELL_MS = 500` spring-load timer fires
+independently to open the folder panel.)
+
+### 4.6 Drop commit (`finish` → `onDrop`)
+
+The `DragDropInfo` passed to `onDrop` carries the **resolved** intent,
+not the raw geometric one:
+
+```ts
+function resolveFinalIntent(session: DragSession): DropIntent {
+  const t = session.hover.target;
+  // Merge gate: armed/ready on item, or any folder target with merge intent.
+  if (session.mergeArmFired && t) return 'merge';
+  // Item target inside merge zone but arm never fired: fall back to side.
+  if (session.hover.intent === 'merge' && t && t.kind === 'item') {
+    const r = session.layoutCache?.byCardId.get(t.id);
+    return cursorOnLeftHalfOfSlot(r, session.cursorX) ? 'before' : 'after';
+  }
+  return session.hover.intent ?? 'after';
+}
+```
+
+So an item target where merge arm never fired → falls back to
+before/after by cursor side. This is the central rule.
+
+`+page.svelte` `handleDrop` then operates exactly as today: branch 1
+(merge → autoFolder/patchCard) only fires if `info.intent === 'merge'`.
+No logic change in handleDrop itself.
+
+## 5. Constants
+
+```ts
+// dragGrid.ts (new + modified)
+const MERGE_INNER_FRACTION = 0.5;     // was 0.6 — tighter zone since dwell-gated
+const MERGE_ARM_MS = 200;             // armed halo appears
+const MERGE_READY_MS = 600;           // total dwell to lock merge
+const MERGE_CANCEL_MOVE_PX = 8;       // jitter tolerance during arming
+const SHIFT_DURATION_MS = 220;        // CSS transition
+const SHIFT_EASE = 'cubic-bezier(0.4, 0, 0.2, 1)';
+
+// Unchanged
+const LIFT_THRESHOLD_PX = 5;
+const HOVER_DWELL_MS = 500;           // spring-load (folder panel open)
+const EDGE_PAN_THRESHOLD_PX = 80;
+const EDGE_PAN_DWELL_MS = 600;
+const EDGE_PAN_INTERVAL_MS = 800;
+const CLONE_OPACITY = 0.88;
+const CLONE_LIFT_SCALE = 1.05;
+```
+
+## 6. CSS / visual changes
+
+`web/src/lib/components/Nav/Card.svelte`:
+
+```scss
+/* New: hide source cell during drag */
+.cell[data-dragging='true'] {
+  opacity: 0;
+  pointer-events: none;
+}
+
+/* New: shift transitions */
+.cell {
+  transition: transform var(--shift-duration, 220ms) cubic-bezier(0.4, 0, 0.2, 1);
+}
+
+/* Renamed: existing .merge-target → .merge-ready */
+.cell.merge-armed .card,
+.cell.merge-armed .folder {
+  box-shadow: 0 0 0 2px rgba(74, 108, 247, 0.5);
+  transform: scale(1.02);
+  transition:
+    box-shadow 0.15s ease,
+    transform 0.15s ease;
+}
+.cell.merge-ready .card,
+.cell.merge-ready .folder {
+  box-shadow:
+    0 0 0 4px var(--c-accent, #4a6cf7),
+    0 0 22px rgba(74, 108, 247, 0.55);
+  transform: scale(1.06);
+  transition:
+    box-shadow 0.15s ease,
+    transform 0.15s ease;
+}
+```
+
+The cell has both a transform from `cellShifts` (positional) and a scale
+from merge state (visual). These compose because:
+- `.cell` element receives `transform: translate(dx, dy)` (positional)
+- `.card` / `.folder` inner element receives `transform: scale(...)` (visual)
+
+So they don't fight each other. (Same pattern as existing jiggle: outer
+cell handles position, inner card/folder handles wobble.)
+
+## 7. File changes summary
+
+| File | Change | Lines (approx) |
+|------|--------|----------------|
+| `web/src/lib/util/dragGrid.ts` | Major: layout cache, dwell state machine, shift compute, drop intent override | +180 / -30 |
+| `web/src/lib/stores/dragMerge.ts` | Add `phase` to `MergeCandidate`; add `cellShifts` store | +25 |
+| `web/src/lib/components/Nav/Card.svelte` | Subscribe to `cellShifts`, apply translate transform; rename `.merge-target` to `.merge-ready`; add `.merge-armed`; CSS for `[data-dragging]` invisibility | +20 / -2 |
+| `web/src/routes/+page.svelte` | Pass `onLayoutChange` callback (rebuilds cache after spring-load / edge-pan) | +5 |
+| `web/src/lib/components/Nav/InlineFolderExpand.svelte` | None expected — zone container already has `[data-zone]` and contains Card.svelte cells | 0 |
+
+## 8. Risk and mitigation
+
+| Risk | Mitigation |
+|------|-----------|
+| Shift transitions interrupt mid-flight on rapid cursor movement | CSS `transition: transform` handles interruption gracefully (smooth retarget). No JS animation manager needed. |
+| Layout cache stale after spring-load (folder panel adds cells) | `+page.svelte`'s `onSpringLoad` now also calls `rebuildLayoutCache` exposed by `dragGrid`. |
+| Layout cache stale after edge-pan (root content swaps to next page) | Same — `onEdgePan` rebuilds cache. |
+| `slotPos(idx)` for `idx >= bucket.length` (drop at end of zone) | Extrapolate: `slotPos(N-1) + cellAdvance`, where `cellAdvance` is the per-step displacement derived from the first 2 slot rects. For empty zone, place at zone container's content origin. |
+| Source's hidden cell still steals pointer events | `pointer-events: none` on `[data-dragging='true']` cell. |
+| `merge-armed` halo flickers on cursor jitter inside merge zone | `MERGE_CANCEL_MOVE_PX = 8` absorbs natural mouse tremor. |
+| Existing `merge-target` class consumers break after rename | Grep: only consumer is `Card.svelte:103` and `Card.svelte:197-198`. Rename is local. No external store reads the class name. |
+| Touch / tablet behavior diverges | Pointer Events unify input. Same code path. Existing `touch-action: none` on jiggle cell stays. |
+
+## 9. Testing strategy
+
+### 9.1 Manual verification (golden path)
+
+In browser at `vite dev`, after seeding cards (≥ 6 root items) and entering
+jiggle mode (long-press any card):
+
+- [ ] Drag card across row. Surrounding cards visibly shift to make a gap
+      following the cursor. No halo on any card during quick movement.
+- [ ] Drag card directly on top of another item card and stop. Within
+      ~200 ms a faint halo appears on target. Within ~600 ms it fully
+      brightens. Release: folder created.
+- [ ] Drag card on top of another item, stop briefly (< 600 ms), then move
+      away. Halo disappears. Move to between two cards. Release: reorder
+      committed at the visible gap.
+- [ ] Drag card on top of a folder card. Halo appears immediately (no
+      dwell). Release: card becomes child of that folder.
+- [ ] Drag card on top of a folder card and hold for 500 ms. Folder panel
+      opens (existing spring-load). Release inside panel: card is added
+      to that folder at insertion point.
+- [ ] Drag card from inside a folder panel out to the root grid. Root
+      cards shift to make a gap at insertion point. Release: card moves
+      to root.
+- [ ] Drag card from inside a folder panel and drop on empty area outside
+      any zone (`outOfZone`). Existing behavior: card moves to root end.
+- [ ] During drag, source's slot stays visibly empty (gap shown).
+- [ ] After releasing, all cards animate to final positions smoothly (no
+      jump-and-snap).
+
+### 9.2 Touch verification
+
+Same checklist on a touch device (or Chrome DevTools touch emulation).
+Pointer Events should give identical behavior; no separate touch path.
+
+### 9.3 Regression checks
+
+- [ ] Search mode still disables drag entirely.
+- [ ] Edge-pan (drag near left/right viewport edge) still pages, and
+      after page change cards animate to new layout.
+- [ ] Long-press without authentication still no-ops (`jiggleMode.enter`
+      gates on `sessionStore.authed`).
+- [ ] Click on a card body still navigates (longPress's `consumeNextClick`
+      still fires).
+- [ ] Folder rename / delete buttons inside cells still work (drag
+      cellFromEvent guard `button.card, button.folder` already excludes
+      these).
+
+### 9.4 Unit tests
+
+`web/src/lib/util/dragGrid.ts` does not currently have unit tests. The
+shift math (`displayIndex` for both same-zone and cross-zone) is pure
+and worth testing. New file `dragGrid.test.ts` with cases:
+
+- Same-zone, srcIdx < dropIdx: cards in (srcIdx, dropIdx-1] shift -1.
+- Same-zone, srcIdx > dropIdx: cards in [dropIdx, srcIdx) shift +1.
+- Same-zone, srcIdx == dropIdx: no shifts.
+- Cross-zone: target zone cards in [dropIdx, end) shift +1; source zone
+  unchanged during drag.
+- Drop at end of zone (target = null, hoverZone = root): dropIdx =
+  bucket.length, no shifts in target zone.
+
+`vitest run` in CI (`web/package.json:scripts:test:unit`).
+
+## 10. Rollout
+
+Single PR. No feature flag, no incremental migration. The change is a
+pure UX refinement; if reverted, behavior returns to current. Worktree
+already isolated (`navigation_website/.worktrees/rust-backend`).
+
+PR title: `feat(launchpad): macos-style drag with dwell-gated merge and shift-to-make-room`
+
+## 11. Open questions / parking lot
+
+(None — addressed during brainstorm.)

From 69d2ca8e30a2d21de2e91ef6827cbdb7247f931a Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 27 May 2026 15:23:58 +0800
Subject: [PATCH 68/77] =?UTF-8?q?refactor(server):=20rename=20crate=20navs?=
 =?UTF-8?q?rv=20=E2=86=92=20lens?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Cargo.toml: package.name, default-run, [[bin]].name, [lib].name all
flipped to "lens". 14 test files + 1 src file have their `use
navsrv::` import paths updated. Three string literals also moved:
clap CLI program name (`#[command(name = "lens", version)]`),
tracing log line ("lens listening"), and the favicon HTTP user-
agent ("lens-favicon/0.1").

The seed test's bootstrap assertion now expects the new default
site name "Lens" — that change rides along here so cargo test stays
green within this single commit. Cargo.lock is regenerated by
cargo because the local package name changed.
---
 server/Cargo.lock                   | 68 ++++++++++++++---------------
 server/Cargo.toml                   |  8 ++--
 server/src/cli.rs                   |  2 +-
 server/src/main.rs                  |  8 ++--
 server/src/services/favicon.rs      |  2 +-
 server/tests/api_auth.rs            | 16 +++----
 server/tests/api_cards.rs           | 12 ++---
 server/tests/api_config_password.rs | 10 ++---
 server/tests/api_icons.rs           | 10 ++---
 server/tests/api_nav.rs             |  2 +-
 server/tests/bootstrap.rs           |  6 +--
 server/tests/cli.rs                 |  8 ++--
 server/tests/health.rs              |  2 +-
 server/tests/repo_cards.rs          |  8 ++--
 server/tests/repo_config.rs         |  4 +-
 server/tests/repo_sites.rs          |  8 ++--
 server/tests/seed.rs                | 10 ++---
 server/tests/spa_fallback.rs        | 10 ++---
 18 files changed, 97 insertions(+), 97 deletions(-)

diff --git a/server/Cargo.lock b/server/Cargo.lock
index 25efe52..9cf166a 100644
--- a/server/Cargo.lock
+++ b/server/Cargo.lock
@@ -1325,6 +1325,40 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2"
 
+[[package]]
+name = "lens"
+version = "0.1.0"
+dependencies = [
+ "anyhow",
+ "async-trait",
+ "axum",
+ "axum-test",
+ "bcrypt",
+ "bytes",
+ "chrono",
+ "clap",
+ "dotenvy",
+ "figment",
+ "mime",
+ "multer",
+ "rand 0.8.6",
+ "reqwest",
+ "serde",
+ "serde_json",
+ "sqlx",
+ "tempfile",
+ "thiserror 1.0.69",
+ "tokio",
+ "tower 0.4.13",
+ "tower-http 0.5.2",
+ "tower-sessions",
+ "tower-sessions-sqlx-store",
+ "tower_governor",
+ "tracing",
+ "tracing-subscriber",
+ "validator",
+]
+
 [[package]]
 name = "libc"
 version = "0.2.186"
@@ -1485,40 +1519,6 @@ dependencies = [
  "version_check",
 ]
 
-[[package]]
-name = "navsrv"
-version = "0.1.0"
-dependencies = [
- "anyhow",
- "async-trait",
- "axum",
- "axum-test",
- "bcrypt",
- "bytes",
- "chrono",
- "clap",
- "dotenvy",
- "figment",
- "mime",
- "multer",
- "rand 0.8.6",
- "reqwest",
- "serde",
- "serde_json",
- "sqlx",
- "tempfile",
- "thiserror 1.0.69",
- "tokio",
- "tower 0.4.13",
- "tower-http 0.5.2",
- "tower-sessions",
- "tower-sessions-sqlx-store",
- "tower_governor",
- "tracing",
- "tracing-subscriber",
- "validator",
-]
-
 [[package]]
 name = "no-std-compat"
 version = "0.4.1"
diff --git a/server/Cargo.toml b/server/Cargo.toml
index 3e009f6..b3c1ec7 100644
--- a/server/Cargo.toml
+++ b/server/Cargo.toml
@@ -1,16 +1,16 @@
 [package]
-name = "navsrv"
+name = "lens"
 version = "0.1.0"
 edition = "2021"
 rust-version = "1.79"
-default-run = "navsrv"
+default-run = "lens"
 
 [[bin]]
-name = "navsrv"
+name = "lens"
 path = "src/main.rs"
 
 [lib]
-name = "navsrv"
+name = "lens"
 path = "src/lib.rs"
 
 [dependencies]
diff --git a/server/src/cli.rs b/server/src/cli.rs
index b3a0fc5..ad5b16b 100644
--- a/server/src/cli.rs
+++ b/server/src/cli.rs
@@ -8,7 +8,7 @@ use crate::db::{connect, migrate};
 use crate::repo::{ConfigRepo, SqlxConfigRepo};
 
 #[derive(Parser, Debug)]
-#[command(name = "navsrv", version)]
+#[command(name = "lens", version)]
 pub struct Cli {
     #[command(subcommand)]
     pub command: Option<Command>,
diff --git a/server/src/main.rs b/server/src/main.rs
index c738080..7648d7b 100644
--- a/server/src/main.rs
+++ b/server/src/main.rs
@@ -1,6 +1,6 @@
 use anyhow::Context;
 use clap::Parser;
-use navsrv::{
+use lens::{
     app::build_app,
     auth::session::{layer as session_layer, run_pruner},
     cli::{run_command, Cli},
@@ -26,7 +26,7 @@ async fn main() -> anyhow::Result<()> {
 
     let pool = connect(&settings.db_url()).await.context("db connect")?;
     migrate(&pool).await.context("migrate")?;
-    navsrv::services::legacy_migrate::migrate_if_needed(&pool)
+    lens::services::legacy_migrate::migrate_if_needed(&pool)
         .await
         .context("legacy_migrate")?;
 
@@ -40,7 +40,7 @@ async fn main() -> anyhow::Result<()> {
     )
     .await?;
 
-    navsrv::services::migration::seed_if_empty(nav.clone() as _, cfg.clone() as _).await?;
+    lens::services::migration::seed_if_empty(nav.clone() as _, cfg.clone() as _).await?;
 
     let state = AppState::new(nav, cfg, settings.data_dir.clone());
     let app = build_app(
@@ -52,7 +52,7 @@ async fn main() -> anyhow::Result<()> {
 
     let addr = SocketAddr::from(([0, 0, 0, 0], settings.port));
     let listener = TcpListener::bind(addr).await.context("bind")?;
-    tracing::info!(%addr, "navsrv listening");
+    tracing::info!(%addr, "lens listening");
     axum::serve(listener, app).await.context("serve")?;
     Ok(())
 }
diff --git a/server/src/services/favicon.rs b/server/src/services/favicon.rs
index 048e63f..6264651 100644
--- a/server/src/services/favicon.rs
+++ b/server/src/services/favicon.rs
@@ -16,7 +16,7 @@ impl FaviconService {
         std::fs::create_dir_all(&cache_dir).ok();
         let http = reqwest::Client::builder()
             .timeout(Duration::from_secs(5))
-            .user_agent("navsrv-favicon/0.1")
+            .user_agent("lens-favicon/0.1")
             .build()
             .expect("http client");
         Self { cache_dir, http }
diff --git a/server/tests/api_auth.rs b/server/tests/api_auth.rs
index 4a7f93a..3cb9957 100644
--- a/server/tests/api_auth.rs
+++ b/server/tests/api_auth.rs
@@ -1,14 +1,14 @@
 use axum_test::TestServer;
-use navsrv::app::build_app_for_tests;
-use navsrv::auth::password;
-use navsrv::db::connect_in_memory;
-use navsrv::repo::{ConfigRepo, SqlxConfigRepo};
+use lens::app::build_app_for_tests;
+use lens::auth::password;
+use lens::db::connect_in_memory;
+use lens::repo::{ConfigRepo, SqlxConfigRepo};
 
 async fn server_with_password(pw: &str) -> (TestServer, std::sync::Arc<dyn ConfigRepo>) {
-    use navsrv::app::build_app;
-    use navsrv::auth::session::layer as session_layer;
-    use navsrv::repo::SqlxNavRepo;
-    use navsrv::state::AppState;
+    use lens::app::build_app;
+    use lens::auth::session::layer as session_layer;
+    use lens::repo::SqlxNavRepo;
+    use lens::state::AppState;
     use std::sync::Arc;
     let pool = connect_in_memory().await.unwrap();
     let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
diff --git a/server/tests/api_cards.rs b/server/tests/api_cards.rs
index b99b7ca..6a3d4c7 100644
--- a/server/tests/api_cards.rs
+++ b/server/tests/api_cards.rs
@@ -1,10 +1,10 @@
 use axum_test::TestServer;
-use navsrv::app::build_app;
-use navsrv::auth::{password, session::layer as session_layer};
-use navsrv::db::connect_in_memory;
-use navsrv::dto::SitePayload;
-use navsrv::repo::{ConfigRepo, NavRepo, SqlxConfigRepo, SqlxNavRepo};
-use navsrv::state::AppState;
+use lens::app::build_app;
+use lens::auth::{password, session::layer as session_layer};
+use lens::db::connect_in_memory;
+use lens::dto::SitePayload;
+use lens::repo::{ConfigRepo, NavRepo, SqlxConfigRepo, SqlxNavRepo};
+use lens::state::AppState;
 use std::sync::Arc;
 
 async fn auth_server() -> TestServer {
diff --git a/server/tests/api_config_password.rs b/server/tests/api_config_password.rs
index 4ba0894..d06a5b5 100644
--- a/server/tests/api_config_password.rs
+++ b/server/tests/api_config_password.rs
@@ -1,9 +1,9 @@
 use axum_test::TestServer;
-use navsrv::app::build_app;
-use navsrv::auth::{password, session::layer as session_layer};
-use navsrv::db::connect_in_memory;
-use navsrv::repo::{ConfigRepo, SqlxConfigRepo, SqlxNavRepo};
-use navsrv::state::AppState;
+use lens::app::build_app;
+use lens::auth::{password, session::layer as session_layer};
+use lens::db::connect_in_memory;
+use lens::repo::{ConfigRepo, SqlxConfigRepo, SqlxNavRepo};
+use lens::state::AppState;
 use std::sync::Arc;
 use tempfile::TempDir;
 
diff --git a/server/tests/api_icons.rs b/server/tests/api_icons.rs
index d8ed078..6f09d2d 100644
--- a/server/tests/api_icons.rs
+++ b/server/tests/api_icons.rs
@@ -1,9 +1,9 @@
 use axum_test::TestServer;
-use navsrv::app::build_app;
-use navsrv::auth::{password, session::layer as session_layer};
-use navsrv::db::connect_in_memory;
-use navsrv::repo::{ConfigRepo, SqlxConfigRepo, SqlxNavRepo};
-use navsrv::state::AppState;
+use lens::app::build_app;
+use lens::auth::{password, session::layer as session_layer};
+use lens::db::connect_in_memory;
+use lens::repo::{ConfigRepo, SqlxConfigRepo, SqlxNavRepo};
+use lens::state::AppState;
 use std::sync::Arc;
 
 #[tokio::test]
diff --git a/server/tests/api_nav.rs b/server/tests/api_nav.rs
index 6d56648..fb47f54 100644
--- a/server/tests/api_nav.rs
+++ b/server/tests/api_nav.rs
@@ -1,5 +1,5 @@
 use axum_test::TestServer;
-use navsrv::app::build_app_for_tests;
+use lens::app::build_app_for_tests;
 
 #[tokio::test]
 async fn nav_endpoint_returns_empty_bundle_initially() {
diff --git a/server/tests/bootstrap.rs b/server/tests/bootstrap.rs
index 39b38a4..f52d948 100644
--- a/server/tests/bootstrap.rs
+++ b/server/tests/bootstrap.rs
@@ -1,6 +1,6 @@
-use navsrv::db::connect_in_memory;
-use navsrv::repo::{ConfigRepo, SqlxConfigRepo};
-use navsrv::services::bootstrap::{ensure_admin_password, BootstrapOutcome};
+use lens::db::connect_in_memory;
+use lens::repo::{ConfigRepo, SqlxConfigRepo};
+use lens::services::bootstrap::{ensure_admin_password, BootstrapOutcome};
 use std::sync::Arc;
 use tempfile::TempDir;
 
diff --git a/server/tests/cli.rs b/server/tests/cli.rs
index 5a7c974..62814d6 100644
--- a/server/tests/cli.rs
+++ b/server/tests/cli.rs
@@ -1,6 +1,6 @@
-use navsrv::auth::password;
-use navsrv::cli::{run_command, Command};
-use navsrv::config::Settings;
+use lens::auth::password;
+use lens::cli::{run_command, Command};
+use lens::config::Settings;
 
 #[tokio::test]
 async fn reset_password_flow() {
@@ -18,7 +18,7 @@ async fn reset_password_flow() {
     .unwrap();
 
     let s = Settings::load().unwrap();
-    let pool = navsrv::db::connect(&s.db_url()).await.unwrap();
+    let pool = lens::db::connect(&s.db_url()).await.unwrap();
     let h: (String,) = sqlx::query_as("SELECT value FROM config WHERE key='admin_password_hash'")
         .fetch_one(&pool)
         .await
diff --git a/server/tests/health.rs b/server/tests/health.rs
index 1b96d84..d896447 100644
--- a/server/tests/health.rs
+++ b/server/tests/health.rs
@@ -1,5 +1,5 @@
 use axum_test::TestServer;
-use navsrv::app::build_app_for_tests;
+use lens::app::build_app_for_tests;
 
 #[tokio::test]
 async fn health_returns_ok_json() {
diff --git a/server/tests/repo_cards.rs b/server/tests/repo_cards.rs
index 3b08ab9..4a81fb7 100644
--- a/server/tests/repo_cards.rs
+++ b/server/tests/repo_cards.rs
@@ -1,9 +1,9 @@
-use navsrv::db::connect_in_memory;
-use navsrv::dto::{
+use lens::db::connect_in_memory;
+use lens::dto::{
     AutoFolderPayload, CardKind, CardPatch, CardPayload, IconKind, ReorderEntry, SitePayload,
 };
-use navsrv::error::AppError;
-use navsrv::repo::{NavRepo, SqlxNavRepo};
+use lens::error::AppError;
+use lens::repo::{NavRepo, SqlxNavRepo};
 
 async fn make_repo() -> (SqlxNavRepo, i64) {
     let pool = connect_in_memory().await.unwrap();
diff --git a/server/tests/repo_config.rs b/server/tests/repo_config.rs
index 68a3705..2569e4e 100644
--- a/server/tests/repo_config.rs
+++ b/server/tests/repo_config.rs
@@ -1,5 +1,5 @@
-use navsrv::db::connect_in_memory;
-use navsrv::repo::{ConfigRepo, SqlxConfigRepo};
+use lens::db::connect_in_memory;
+use lens::repo::{ConfigRepo, SqlxConfigRepo};
 
 #[tokio::test]
 async fn upsert_get_delete_config() {
diff --git a/server/tests/repo_sites.rs b/server/tests/repo_sites.rs
index 7b90150..c08c34f 100644
--- a/server/tests/repo_sites.rs
+++ b/server/tests/repo_sites.rs
@@ -1,7 +1,7 @@
-use navsrv::db::connect_in_memory;
-use navsrv::dto::{CardKind, CardPayload, IconKind, SitePatch, SitePayload};
-use navsrv::error::AppError;
-use navsrv::repo::{NavRepo, SqlxNavRepo};
+use lens::db::connect_in_memory;
+use lens::dto::{CardKind, CardPayload, IconKind, SitePatch, SitePayload};
+use lens::error::AppError;
+use lens::repo::{NavRepo, SqlxNavRepo};
 
 #[tokio::test]
 async fn create_list_patch_delete_site() {
diff --git a/server/tests/seed.rs b/server/tests/seed.rs
index a10d83d..c89b7b3 100644
--- a/server/tests/seed.rs
+++ b/server/tests/seed.rs
@@ -1,7 +1,7 @@
-use navsrv::db::connect_in_memory;
-use navsrv::dto::CardKind;
-use navsrv::repo::{ConfigRepo, NavRepo, SqlxConfigRepo, SqlxNavRepo};
-use navsrv::services::migration::seed_if_empty;
+use lens::db::connect_in_memory;
+use lens::dto::CardKind;
+use lens::repo::{ConfigRepo, NavRepo, SqlxConfigRepo, SqlxNavRepo};
+use lens::services::migration::seed_if_empty;
 use std::sync::Arc;
 
 #[tokio::test]
@@ -27,7 +27,7 @@ async fn seed_populates_sites_and_folders() {
     assert!(!items.is_empty(), "expected items seeded from bootstrap");
     assert_eq!(
         cfg.get("site_name").await.unwrap().as_deref(),
-        Some("Pico 的小站导航")
+        Some("Lens")
     );
 }
 
diff --git a/server/tests/spa_fallback.rs b/server/tests/spa_fallback.rs
index 1a27651..686d31d 100644
--- a/server/tests/spa_fallback.rs
+++ b/server/tests/spa_fallback.rs
@@ -1,9 +1,9 @@
 use axum_test::TestServer;
-use navsrv::app::build_app;
-use navsrv::auth::session::layer as session_layer;
-use navsrv::db::connect_in_memory;
-use navsrv::repo::{SqlxConfigRepo, SqlxNavRepo};
-use navsrv::state::AppState;
+use lens::app::build_app;
+use lens::auth::session::layer as session_layer;
+use lens::db::connect_in_memory;
+use lens::repo::{SqlxConfigRepo, SqlxNavRepo};
+use lens::state::AppState;
 use std::sync::Arc;
 use tempfile::TempDir;
 

From 6c4f7204d69f381f8f83b879819a23dfb71a07b7 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 27 May 2026 15:24:13 +0800
Subject: [PATCH 69/77] refactor(deploy): rename Docker image, service,
 container to lens
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Dockerfile: --bin navsrv → --bin lens (×2 across the cargo cache
layer + real build), target/release/navsrv → target/release/lens,
/usr/local/bin/navsrv → /usr/local/bin/lens, ENTRYPOINT updated.

docker-compose.yml: service key `nav:` → `lens:`,
image: navsrv:latest → lens:latest, container_name: nav → lens.

Existing deployments need to drop the old `nav` orphan container
and the old `navsrv:latest` image after pulling — `docker compose
down --remove-orphans && docker rmi navsrv:latest` once.
---
 Dockerfile         | 12 ++++++------
 docker-compose.yml |  6 +++---
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 72f5879..4f230b1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,17 +18,17 @@ RUN apt-get update && \
 # Cache deps layer
 COPY server/Cargo.toml server/Cargo.lock ./
 RUN mkdir -p src && echo 'fn main(){}' > src/main.rs && echo '' > src/lib.rs && \
-    cargo build --release --bin navsrv && \
-    rm -rf src target/release/deps/navsrv* target/release/libnavsrv* target/release/navsrv
+    cargo build --release --bin lens && \
+    rm -rf src target/release/deps/lens* target/release/liblens* target/release/lens
 # Real build
 COPY server/ ./
 ENV SQLX_OFFLINE=true
-RUN cargo build --release --bin navsrv
+RUN cargo build --release --bin lens
 
 # ──── Stage 3: runtime ────
 FROM gcr.io/distroless/cc-debian12 AS runtime
-COPY --from=server-build /server/target/release/navsrv /usr/local/bin/navsrv
-COPY --from=web-build    /web/build                   /app/static
+COPY --from=server-build /server/target/release/lens /usr/local/bin/lens
+COPY --from=web-build    /web/build                  /app/static
 ENV PORT=8080 \
     DATA_DIR=/app/data \
     STATIC_DIR=/app/static \
@@ -37,4 +37,4 @@ ENV PORT=8080 \
 VOLUME /app/data
 EXPOSE 8080
 USER nonroot
-ENTRYPOINT ["/usr/local/bin/navsrv"]
+ENTRYPOINT ["/usr/local/bin/lens"]
diff --git a/docker-compose.yml b/docker-compose.yml
index 38e3857..74a05e9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,10 +1,10 @@
 # docker-compose.yml — single-service self-host (intranet / no TLS).
 # Override the listening port with `PORT=9090 docker compose up -d`.
 services:
-  nav:
+  lens:
     build: .
-    image: navsrv:latest
-    container_name: nav
+    image: lens:latest
+    container_name: lens
     restart: unless-stopped
     environment:
       PORT: ${PORT:-8080}

From 01517f51a1ab132d47c06cfe58abd8c98b2be429 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 27 May 2026 15:24:25 +0800
Subject: [PATCH 70/77] =?UTF-8?q?chore:=20rebrand=20defaults=20=E2=80=94?=
 =?UTF-8?q?=20Lens=20project=20name,=20no=20personal=20info?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Strip personalized strings from defaults that ship to a fresh
install:

- server/bootstrap.json + scripts/bootstrap-source.ts:
  siteName "Pico 的小站导航" → "Lens"; siteCopyright
  "Copyright © 2026 Pico..." → "" (footer renders neutral when
  empty).

- web/src/lib/i18n/{en,zh}.json:
  admin.site.field.title.placeholder "Pico Nav"/"Pico 导航" →
  "Lens".

- package.json + package-lock.json (root e2e):
  "navigation_website-e2e" → "lens-e2e".

These are the seed/default code paths only. Existing instances
keep whatever the user has saved in their SQLite — no automatic
overwrite of user data; admins change site title via the
/admin → Site settings UI as usual.
---
 package-lock.json           | 4 ++--
 package.json                | 2 +-
 scripts/bootstrap-source.ts | 4 ++--
 server/bootstrap.json       | 4 ++--
 web/src/lib/i18n/en.json    | 2 +-
 web/src/lib/i18n/zh.json    | 2 +-
 6 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 2b81719..89489d4 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,11 +1,11 @@
 {
-  "name": "navigation_website-e2e",
+  "name": "lens-e2e",
   "version": "1.0.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
-      "name": "navigation_website-e2e",
+      "name": "lens-e2e",
       "version": "1.0.0",
       "devDependencies": {
         "@playwright/test": "^1.49.0"
diff --git a/package.json b/package.json
index 19a2bc5..c056321 100644
--- a/package.json
+++ b/package.json
@@ -1,5 +1,5 @@
 {
-  "name": "navigation_website-e2e",
+  "name": "lens-e2e",
   "version": "1.0.0",
   "private": true,
   "scripts": {
diff --git a/scripts/bootstrap-source.ts b/scripts/bootstrap-source.ts
index 23c6380..ecc7cc6 100644
--- a/scripts/bootstrap-source.ts
+++ b/scripts/bootstrap-source.ts
@@ -43,9 +43,9 @@ export interface BootstrapDoc {
 export const BOOTSTRAP: BootstrapDoc = {
   schemaVersion: 1,
   meta: {
-    siteName: 'Pico 的小站导航',
+    siteName: 'Lens',
     siteAvatarPath: '/avatar.png',
-    siteCopyright: 'Copyright © 2026 Pico. All rights reserved.',
+    siteCopyright: '',
     siteIcp: null,
     sitePolice: null,
     defaultTheme: 'system'
diff --git a/server/bootstrap.json b/server/bootstrap.json
index ed7f912..0ff4063 100644
--- a/server/bootstrap.json
+++ b/server/bootstrap.json
@@ -1,9 +1,9 @@
 {
   "schemaVersion": 1,
   "meta": {
-    "siteName": "Pico 的小站导航",
+    "siteName": "Lens",
     "siteAvatarPath": "/avatar.png",
-    "siteCopyright": "Copyright © 2026 Pico. All rights reserved.",
+    "siteCopyright": "",
     "siteIcp": null,
     "sitePolice": null,
     "defaultTheme": "system"
diff --git a/web/src/lib/i18n/en.json b/web/src/lib/i18n/en.json
index f038572..cc6ad72 100644
--- a/web/src/lib/i18n/en.json
+++ b/web/src/lib/i18n/en.json
@@ -63,7 +63,7 @@
 
   "admin.site.legend.branding": "Branding",
   "admin.site.field.title": "Site title",
-  "admin.site.field.title.placeholder": "Pico Nav",
+  "admin.site.field.title.placeholder": "Lens",
   "admin.site.field.avatar": "Site avatar",
   "admin.site.field.avatar.help": "Shown next to the site title in the header. Leave blank to hide.",
   "admin.site.field.copyright": "Footer copyright",
diff --git a/web/src/lib/i18n/zh.json b/web/src/lib/i18n/zh.json
index 8b1bba7..9e4c9c5 100644
--- a/web/src/lib/i18n/zh.json
+++ b/web/src/lib/i18n/zh.json
@@ -63,7 +63,7 @@
 
   "admin.site.legend.branding": "品牌",
   "admin.site.field.title": "站点标题",
-  "admin.site.field.title.placeholder": "Pico 导航",
+  "admin.site.field.title.placeholder": "Lens",
   "admin.site.field.avatar": "站点头像",
   "admin.site.field.avatar.help": "显示在头部的站点标题旁。留空则隐藏。",
   "admin.site.field.copyright": "页脚版权",

From 331af33c95096a166067929f05e3fb6f0935c931 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 27 May 2026 15:24:55 +0800
Subject: [PATCH 71/77] docs: rebrand to Lens across READMEs and historical
 specs/plans
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

User-facing docs:
- README.md: title (already Lens) + every navsrv reference in
  build commands, docker run/exec snippets, container_name,
  reverse-proxy notes → lens. Tagline now mentions the multi-site
  link feature explicitly so the unique selling point is in the
  first paragraph.
- server/README.md: # navsrv heading + binary path + CLI usage
  example all → lens.

Historical superpowers/{specs,plans}/*.md:
- 2026-05-19-rust-navigation-platform-design.md: drop the
  "Owner: Pico" metadata line.
- 2026-05-19-plan-1-rust-backend.md: every example Cargo.toml /
  use-import / git commit subject mentioning navsrv → lens.
- 2026-05-20-plan-1.5-svelte5-upgrade.md: example web
  package.json name "navigation-website" → "lens".
- 2026-05-20-plan-5-docker-e2e.md: Pico bootstrap payload swapped
  for the new neutral defaults; navsrv → lens throughout the
  sample Dockerfile / smoke-test commands / sample compose.

web/package.json: name "navigation-website" → "lens" (untouched
in the previous commits — included here with the rest of the
rebrand for grouping).

Repository directory name `navigation_website/` itself is left
unchanged in path references (e.g. spec line about the worktree
location); renaming the on-disk dir + GitHub repo is a separate
manual step.
---
 README.md                                     |  31 ++--
 .../plans/2026-05-19-plan-1-rust-backend.md   | 166 +++++++++---------
 .../2026-05-20-plan-1.5-svelte5-upgrade.md    |   2 +-
 .../plans/2026-05-20-plan-5-docker-e2e.md     |  44 ++---
 ...6-05-19-rust-navigation-platform-design.md |  17 +-
 server/README.md                              |   8 +-
 web/package.json                              |   2 +-
 7 files changed, 136 insertions(+), 134 deletions(-)

diff --git a/README.md b/README.md
index c2046cb..65ccaae 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,10 @@
-# Navigation Website
+# Lens
 
 A self-hostable navigation/bookmark dashboard with a Rust backend (Axum + SQLite),
-a SvelteKit SPA frontend, and an inline editor for the admin.
+a SvelteKit SPA frontend, and an inline editor for the admin. Each nav item can
+expose multiple URLs grouped under user-defined "sites" (think work / home,
+or shanghai / beijing) — switch the active site from the header and every card
+re-points to its matching URL without changing the layout.
 
 The Rust binary serves both the JSON API (`/api/*`) and the SvelteKit SPA static
 assets in a single process — no separate web server or reverse proxy required.
@@ -12,11 +15,11 @@ terminator if needed.
 
 ```bash
 docker run -d \
-  --name nav \
+  --name lens \
   -p 8080:8080 \
   -v ./data:/app/data \
   -e BOOTSTRAP_ADMIN_PASSWORD=changeme \
-  navsrv:latest
+  lens:latest
 ```
 
 Visit http://localhost:8080. Click **Log in** in the top-right, enter your password,
@@ -29,7 +32,7 @@ See [Deployment](#deployment) for compose, custom port, and data persistence opt
 | Path | Purpose |
 |---|---|
 | `web/` | SvelteKit 2 + Svelte 5 SPA. `pnpm dev` for local dev (proxies `/api` to `:8080`). |
-| `server/` | Rust binary (`navsrv`). `cargo run` for local dev (default port 8080). |
+| `server/` | Rust binary (`lens`). `cargo run` for local dev (default port 8080). |
 | `tests/` | Playwright e2e specs covering read + login + create. |
 | `scripts/` | `docker-smoke.sh`, `e2e.sh`, `dump-bootstrap.mjs`. |
 | `docs/superpowers/` | Design specs and implementation plans. |
@@ -84,8 +87,8 @@ pnpm build           # outputs to web/build (static assets)
 
 ```bash
 cd server
-SQLX_OFFLINE=true cargo build --release --bin navsrv
-# binary at server/target/release/navsrv
+SQLX_OFFLINE=true cargo build --release --bin lens
+# binary at server/target/release/lens
 ```
 
 Run it with the SPA build directly (no Docker):
@@ -93,13 +96,13 @@ Run it with the SPA build directly (no Docker):
 ```bash
 cd server
 STATIC_DIR=../web/build DATA_DIR=./prod-data \
-  ./target/release/navsrv
+  ./target/release/lens
 ```
 
 ### Docker image
 
 ```bash
-docker build -t navsrv:latest .
+docker build -t lens:latest .
 ```
 
 The multi-stage `Dockerfile`:
@@ -107,7 +110,7 @@ The multi-stage `Dockerfile`:
 2. builds the Rust binary with `rust:1.88-slim` (uses `SQLX_OFFLINE=true` against
    the committed `server/.sqlx/` cache),
 3. assembles a distroless `gcr.io/distroless/cc-debian12` runtime (~70 MB) with
-   the binary at `/usr/local/bin/navsrv` and SPA assets at `/app/static`.
+   the binary at `/usr/local/bin/lens` and SPA assets at `/app/static`.
 
 Smoke-test the freshly built image:
 
@@ -132,11 +135,11 @@ host mapping and the container's listening port follow the same variable.
 ### docker run
 
 ```bash
-docker run -d --name nav \
+docker run -d --name lens \
   -e PORT=9090 -p 9090:9090 \
   -v ./data:/app/data \
   -e BOOTSTRAP_ADMIN_PASSWORD=changeme \
-  navsrv:latest
+  lens:latest
 ```
 
 If you keep the default `PORT=8080` baked into the image, just publish
@@ -155,7 +158,7 @@ Back up the volume to back up the whole instance.
 
 ### Behind a reverse proxy (optional)
 
-For HTTPS or path prefixing, front `navsrv` with any reverse proxy (Caddy,
+For HTTPS or path prefixing, front `lens` with any reverse proxy (Caddy,
 nginx, Traefik, Cloudflare Tunnel, Tailscale Funnel...). When TLS is terminated
 upstream, set `SECURE_COOKIES=true` so session cookies are marked `Secure`.
 
@@ -173,7 +176,7 @@ upstream, set `SECURE_COOKIES=true` so session cookies are marked `Secure`.
 ## Resetting the admin password
 
 ```bash
-docker exec -it nav navsrv reset-password --password=<new>
+docker exec -it lens lens reset-password --password=<new>
 # or interactively (the binary prompts)
 ```
 
diff --git a/docs/superpowers/plans/2026-05-19-plan-1-rust-backend.md b/docs/superpowers/plans/2026-05-19-plan-1-rust-backend.md
index 77ef5c1..3546a47 100644
--- a/docs/superpowers/plans/2026-05-19-plan-1-rust-backend.md
+++ b/docs/superpowers/plans/2026-05-19-plan-1-rust-backend.md
@@ -4,7 +4,7 @@
 
 **Goal:** Stand up the Rust backend (`server/` crate) end-to-end — from repo restructure through schema, repos, public read API, password-based auth, full CRUD, CLI password reset, and SPA fallback — so that `cargo run` produces a working API at `:8080` that the frontend (built later) can consume.
 
-**Architecture:** Single binary using Axum 0.7 + Tokio + SQLx (SQLite). 3NF schema migrated via `sqlx::migrate!`. Repository trait pattern (`NavRepo`, `ConfigRepo`) decouples handlers from SQL. Sessions stored in SQLite via `tower-sessions-sqlx-store`. Public read endpoint `/api/nav` returns the full bundle in one round-trip; writes are fine-grained behind a `RequireAuth` extractor. Static frontend bundle served by `tower_http::services::ServeDir` with SPA fallback. CLI subcommand for password reset (`navsrv reset-password`). Tests are integration-first using an in-memory SQLite per test.
+**Architecture:** Single binary using Axum 0.7 + Tokio + SQLx (SQLite). 3NF schema migrated via `sqlx::migrate!`. Repository trait pattern (`NavRepo`, `ConfigRepo`) decouples handlers from SQL. Sessions stored in SQLite via `tower-sessions-sqlx-store`. Public read endpoint `/api/nav` returns the full bundle in one round-trip; writes are fine-grained behind a `RequireAuth` extractor. Static frontend bundle served by `tower_http::services::ServeDir` with SPA fallback. CLI subcommand for password reset (`lens reset-password`). Tests are integration-first using an in-memory SQLite per test.
 
 **Tech Stack:** Rust 1.79 · Axum 0.7 · Tokio 1 · SQLx 0.7 (sqlite + chrono + migrate) · tower-sessions 0.10 + sqlx-store · tower-governor 0.3 · tower-http 0.5 (compression + ServeDir + headers) · bcrypt 0.15 · clap 4 (derive) · figment 0.10 + dotenvy · serde 1 / serde_json 1 · validator 0.16 · thiserror 1 · anyhow 1 · tracing + tracing-subscriber · reqwest 0.12 (favicon proxy) · multer 3 (multipart) · rand 0.8 · chrono 0.4
 
@@ -285,14 +285,14 @@ mkdir -p server/src server/tests server/migrations
 
 ```toml
 [package]
-name = "navsrv"
+name = "lens"
 version = "0.1.0"
 edition = "2021"
 rust-version = "1.79"
-default-run = "navsrv"
+default-run = "lens"
 
 [[bin]]
-name = "navsrv"
+name = "lens"
 path = "src/main.rs"
 
 [dependencies]
@@ -383,7 +383,7 @@ Expected: compiles without errors.
 
 ```bash
 git add server/Cargo.toml server/Cargo.lock server/.gitignore server/rust-toolchain.toml server/src/main.rs
-git commit -m "feat(server): scaffold navsrv crate with locked toolchain and deps"
+git commit -m "feat(server): scaffold lens crate with locked toolchain and deps"
 ```
 
 ### Task 6: `AppError` + `IntoResponse`
@@ -527,7 +527,7 @@ mod tests {
 Create `server/src/lib.rs`:
 
 ```rust
-//! navsrv internal library — exposed for integration tests.
+//! lens internal library — exposed for integration tests.
 pub mod error;
 ```
 
@@ -544,7 +544,7 @@ fn main() {}
 
 ```toml
 [lib]
-name = "navsrv"
+name = "lens"
 path = "src/lib.rs"
 ```
 
@@ -721,7 +721,7 @@ Create `server/tests/health.rs`:
 
 ```rust
 use axum_test::TestServer;
-use navsrv::app::build_app_for_tests;
+use lens::app::build_app_for_tests;
 
 #[tokio::test]
 async fn health_returns_ok_json() {
@@ -740,7 +740,7 @@ cd server
 cargo test --test health -- --nocapture
 ```
 
-Expected: error referencing missing `navsrv::app`.
+Expected: error referencing missing `lens::app`.
 
 - [ ] **Step 3: Write `routes/health.rs`**
 
@@ -822,7 +822,7 @@ pub mod routes;
 ```rust
 // server/src/main.rs
 use anyhow::Context;
-use navsrv::{app::build_app, config::Settings};
+use lens::{app::build_app, config::Settings};
 use std::net::SocketAddr;
 use tokio::net::TcpListener;
 
@@ -834,7 +834,7 @@ async fn main() -> anyhow::Result<()> {
     let app = build_app();
     let addr = SocketAddr::from(([0, 0, 0, 0], settings.port));
     let listener = TcpListener::bind(addr).await.context("bind")?;
-    tracing::info!(%addr, "navsrv listening");
+    tracing::info!(%addr, "lens listening");
     axum::serve(listener, app).await.context("serve")?;
     Ok(())
 }
@@ -1418,9 +1418,9 @@ git commit -m "feat(server): NavRepo trait and DTOs (read + write payloads)"
 
 ```rust
 // server/tests/repo_sites.rs
-use navsrv::db::connect_in_memory;
-use navsrv::dto::{SitePatch, SitePayload};
-use navsrv::repo::{NavRepo, SqlxNavRepo};
+use lens::db::connect_in_memory;
+use lens::dto::{SitePatch, SitePayload};
+use lens::repo::{NavRepo, SqlxNavRepo};
 
 #[tokio::test]
 async fn create_list_patch_delete_site() {
@@ -1462,7 +1462,7 @@ async fn unique_value_constraint_returns_conflict() {
     let err = repo.create_site(SitePayload {
         value: "x".into(), name: "Y".into(), name_i18n: None, is_default: false,
     }).await.unwrap_err();
-    use navsrv::error::AppError;
+    use lens::error::AppError;
     assert!(matches!(err, AppError::Conflict(_)), "got {err:?}");
 }
 ```
@@ -1694,7 +1694,7 @@ Expected: 2 PASS.
 ```bash
 cd server
 cargo install sqlx-cli --no-default-features --features sqlite --version ^0.7 || true
-DATABASE_URL=sqlite:./dev-data/data.db cargo sqlx prepare -- --bin navsrv
+DATABASE_URL=sqlite:./dev-data/data.db cargo sqlx prepare -- --bin lens
 ls -la .sqlx | head
 cd ..
 ```
@@ -1718,9 +1718,9 @@ git commit -m "feat(server): NavRepo sqlx impl for sites/groups/tags"
 
 ```rust
 // server/tests/repo_items.rs
-use navsrv::db::connect_in_memory;
-use navsrv::dto::*;
-use navsrv::repo::{NavRepo, SqlxNavRepo};
+use lens::db::connect_in_memory;
+use lens::dto::*;
+use lens::repo::{NavRepo, SqlxNavRepo};
 
 async fn make_repo_with_seed() -> (SqlxNavRepo, i64, i64) {
     let pool = connect_in_memory().await.unwrap();
@@ -1968,7 +1968,7 @@ impl SqlxNavRepo {
 
 ```bash
 cd server
-DATABASE_URL=sqlite:./dev-data/data.db cargo sqlx prepare -- --bin navsrv --tests
+DATABASE_URL=sqlite:./dev-data/data.db cargo sqlx prepare -- --bin lens --tests
 cargo test --test repo_items
 cd ..
 ```
@@ -1993,8 +1993,8 @@ git commit -m "feat(server): NavRepo sqlx impl for items + links + tags"
 
 ```rust
 // server/tests/repo_config.rs
-use navsrv::db::connect_in_memory;
-use navsrv::repo::{ConfigRepo, SqlxConfigRepo};
+use lens::db::connect_in_memory;
+use lens::repo::{ConfigRepo, SqlxConfigRepo};
 
 #[tokio::test]
 async fn upsert_get_delete_config() {
@@ -2107,7 +2107,7 @@ pub use sqlx_impl::SqlxNavRepo;
 
 ```bash
 cd server
-DATABASE_URL=sqlite:./dev-data/data.db cargo sqlx prepare -- --bin navsrv --tests
+DATABASE_URL=sqlite:./dev-data/data.db cargo sqlx prepare -- --bin lens --tests
 cargo test --test repo_config
 cd ..
 ```
@@ -2226,7 +2226,7 @@ pub fn api(state: AppState) -> Router {
 ```rust
 // server/src/main.rs
 use anyhow::Context;
-use navsrv::{
+use lens::{
     app::build_app,
     config::Settings,
     db::{connect, migrate},
@@ -2252,7 +2252,7 @@ async fn main() -> anyhow::Result<()> {
     let app = build_app(state);
     let addr = SocketAddr::from(([0, 0, 0, 0], settings.port));
     let listener = TcpListener::bind(addr).await.context("bind")?;
-    tracing::info!(%addr, "navsrv listening");
+    tracing::info!(%addr, "lens listening");
     axum::serve(listener, app).await.context("serve")?;
     Ok(())
 }
@@ -2408,7 +2408,7 @@ git commit -m "feat(server): assemble_bundle service composing nav + config"
 ```rust
 // server/tests/api_nav.rs
 use axum_test::TestServer;
-use navsrv::app::build_app_for_tests;
+use lens::app::build_app_for_tests;
 
 #[tokio::test]
 async fn nav_endpoint_returns_empty_bundle_initially() {
@@ -2499,7 +2499,7 @@ git commit -m "feat(server): GET /api/nav returns full NavBundle (camelCase)"
 
 ## Phase 4: Authentication and Bootstrap (Tasks 19–28)
 
-Goal: single-admin password auth backed by bcrypt + signed session cookies stored in SQLite. First boot generates a password if env doesn't supply one and writes it to `INITIAL_PASSWORD.txt`. CLI subcommand `navsrv reset-password` for recovery.
+Goal: single-admin password auth backed by bcrypt + signed session cookies stored in SQLite. First boot generates a password if env doesn't supply one and writes it to `INITIAL_PASSWORD.txt`. CLI subcommand `lens reset-password` for recovery.
 
 ### Task 19: Password hashing utility
 
@@ -2600,9 +2600,9 @@ git commit -m "feat(server): bcrypt password hash/verify utility"
 
 ```rust
 // server/tests/bootstrap.rs
-use navsrv::db::connect_in_memory;
-use navsrv::repo::{ConfigRepo, SqlxConfigRepo};
-use navsrv::services::bootstrap::{ensure_admin_password, BootstrapOutcome};
+use lens::db::connect_in_memory;
+use lens::repo::{ConfigRepo, SqlxConfigRepo};
+use lens::services::bootstrap::{ensure_admin_password, BootstrapOutcome};
 use std::sync::Arc;
 use tempfile::TempDir;
 
@@ -2875,7 +2875,7 @@ pub async fn build_app_for_tests() -> anyhow::Result<Router> {
 ```rust
 // server/src/main.rs (extend after `migrate(...)`)
 use anyhow::Context;
-use navsrv::{
+use lens::{
     app::build_app,
     auth::session::{layer as session_layer, run_pruner},
     config::Settings,
@@ -2907,7 +2907,7 @@ async fn main() -> anyhow::Result<()> {
 
     let addr = SocketAddr::from(([0, 0, 0, 0], settings.port));
     let listener = TcpListener::bind(addr).await.context("bind")?;
-    tracing::info!(%addr, "navsrv listening");
+    tracing::info!(%addr, "lens listening");
     axum::serve(listener, app).await.context("serve")?;
     Ok(())
 }
@@ -2923,7 +2923,7 @@ fn init_tracing(filter: &str) {
 
 ```bash
 cd server
-DATABASE_URL=sqlite:./dev-data/data.db cargo sqlx prepare -- --bin navsrv --tests
+DATABASE_URL=sqlite:./dev-data/data.db cargo sqlx prepare -- --bin lens --tests
 cargo test
 cd ..
 ```
@@ -2949,16 +2949,16 @@ git commit -m "feat(server): tower-sessions wired with SQLite store + 30d slidin
 ```rust
 // server/tests/api_auth.rs
 use axum_test::TestServer;
-use navsrv::app::build_app_for_tests;
-use navsrv::auth::password;
-use navsrv::repo::{ConfigRepo, SqlxConfigRepo};
-use navsrv::db::connect_in_memory;
+use lens::app::build_app_for_tests;
+use lens::auth::password;
+use lens::repo::{ConfigRepo, SqlxConfigRepo};
+use lens::db::connect_in_memory;
 
 async fn server_with_password(pw: &str) -> (TestServer, std::sync::Arc<dyn ConfigRepo>) {
-    use navsrv::app::build_app;
-    use navsrv::auth::session::layer as session_layer;
-    use navsrv::repo::SqlxNavRepo;
-    use navsrv::state::AppState;
+    use lens::app::build_app;
+    use lens::auth::session::layer as session_layer;
+    use lens::repo::SqlxNavRepo;
+    use lens::state::AppState;
     use std::sync::Arc;
     let pool = connect_in_memory().await.unwrap();
     let nav = Arc::new(SqlxNavRepo::new(pool.clone()));
@@ -3084,7 +3084,7 @@ pub fn api(state: AppState) -> Router {
 
 ```bash
 cd server
-DATABASE_URL=sqlite:./dev-data/data.db cargo sqlx prepare -- --bin navsrv --tests
+DATABASE_URL=sqlite:./dev-data/data.db cargo sqlx prepare -- --bin lens --tests
 cargo test --test api_auth
 cd ..
 ```
@@ -3258,11 +3258,11 @@ In `server/src/app.rs::build_app_for_tests`, set `data_dir = std::env::temp_dir(
 ```rust
 // server/tests/api_config_password.rs
 use axum_test::TestServer;
-use navsrv::app::build_app;
-use navsrv::auth::{password, session::layer as session_layer};
-use navsrv::db::connect_in_memory;
-use navsrv::repo::{ConfigRepo, SqlxConfigRepo, SqlxNavRepo};
-use navsrv::state::AppState;
+use lens::app::build_app;
+use lens::auth::{password, session::layer as session_layer};
+use lens::db::connect_in_memory;
+use lens::repo::{ConfigRepo, SqlxConfigRepo, SqlxNavRepo};
+use lens::state::AppState;
 use std::sync::Arc;
 use tempfile::TempDir;
 
@@ -3412,7 +3412,7 @@ git add server/src/routes server/src/state.rs server/src/main.rs server/src/app.
 git commit -m "feat(server): change-password endpoint deletes INITIAL_PASSWORD.txt on success"
 ```
 
-### Task 26: CLI `navsrv reset-password` (clap-derive)
+### Task 26: CLI `lens reset-password` (clap-derive)
 
 **Files:**
 - Create: `server/src/cli.rs`
@@ -3433,7 +3433,7 @@ use crate::db::{connect, migrate};
 use crate::repo::{ConfigRepo, SqlxConfigRepo};
 
 #[derive(Parser, Debug)]
-#[command(name = "navsrv", version)]
+#[command(name = "lens", version)]
 pub struct Cli {
     #[command(subcommand)]
     pub command: Option<Command>,
@@ -3513,7 +3513,7 @@ pub mod state;
 // server/src/main.rs (replace)
 use anyhow::Context;
 use clap::Parser;
-use navsrv::{
+use lens::{
     app::build_app,
     auth::session::{layer as session_layer, run_pruner},
     cli::{Cli, Command, run_command},
@@ -3551,7 +3551,7 @@ async fn main() -> anyhow::Result<()> {
 
     let addr = SocketAddr::from(([0, 0, 0, 0], settings.port));
     let listener = TcpListener::bind(addr).await.context("bind")?;
-    tracing::info!(%addr, "navsrv listening");
+    tracing::info!(%addr, "lens listening");
     axum::serve(listener, app).await.context("serve")?;
     Ok(())
 }
@@ -3567,9 +3567,9 @@ fn init_tracing(filter: &str) {
 
 ```rust
 // server/tests/cli.rs
-use navsrv::auth::password;
-use navsrv::cli::{run_command, Command};
-use navsrv::config::Settings;
+use lens::auth::password;
+use lens::cli::{run_command, Command};
+use lens::config::Settings;
 
 #[tokio::test]
 async fn reset_password_flow() {
@@ -3583,7 +3583,7 @@ async fn reset_password_flow() {
     run_command(Command::ResetPassword { password: Some("brand-new-pw".into()) }).await.unwrap();
 
     let s = Settings::load().unwrap();
-    let pool = navsrv::db::connect(&s.db_url()).await.unwrap();
+    let pool = lens::db::connect(&s.db_url()).await.unwrap();
     let h: (String,) = sqlx::query_as("SELECT value FROM config WHERE key='admin_password_hash'")
         .fetch_one(&pool).await.unwrap();
     assert!(password::verify("brand-new-pw", &h.0).unwrap());
@@ -3631,12 +3631,12 @@ Goal: write endpoints for items / groups / sites / tags / icons / favicon, all g
 ```rust
 // server/tests/api_items.rs
 use axum_test::TestServer;
-use navsrv::app::build_app;
-use navsrv::auth::{password, session::layer as session_layer};
-use navsrv::db::connect_in_memory;
-use navsrv::repo::{ConfigRepo, SqlxConfigRepo, SqlxNavRepo, NavRepo};
-use navsrv::state::AppState;
-use navsrv::dto::{GroupPayload, SitePayload};
+use lens::app::build_app;
+use lens::auth::{password, session::layer as session_layer};
+use lens::db::connect_in_memory;
+use lens::repo::{ConfigRepo, SqlxConfigRepo, SqlxNavRepo, NavRepo};
+use lens::state::AppState;
+use lens::dto::{GroupPayload, SitePayload};
 use std::sync::Arc;
 
 async fn auth_server() -> (TestServer, i64) {
@@ -3935,11 +3935,11 @@ pub fn api(state: AppState) -> Router {
 ```rust
 // server/tests/api_groups_sites_tags.rs
 use axum_test::TestServer;
-use navsrv::app::build_app;
-use navsrv::auth::{password, session::layer as session_layer};
-use navsrv::db::connect_in_memory;
-use navsrv::repo::{ConfigRepo, SqlxConfigRepo, SqlxNavRepo};
-use navsrv::state::AppState;
+use lens::app::build_app;
+use lens::auth::{password, session::layer as session_layer};
+use lens::db::connect_in_memory;
+use lens::repo::{ConfigRepo, SqlxConfigRepo, SqlxNavRepo};
+use lens::state::AppState;
 use std::sync::Arc;
 
 async fn boot() -> TestServer {
@@ -4082,11 +4082,11 @@ async fn upload(
 ```rust
 // server/tests/api_icons.rs
 use axum_test::TestServer;
-use navsrv::app::build_app;
-use navsrv::auth::{password, session::layer as session_layer};
-use navsrv::db::connect_in_memory;
-use navsrv::repo::{ConfigRepo, SqlxConfigRepo, SqlxNavRepo};
-use navsrv::state::AppState;
+use lens::app::build_app;
+use lens::auth::{password, session::layer as session_layer};
+use lens::db::connect_in_memory;
+use lens::repo::{ConfigRepo, SqlxConfigRepo, SqlxNavRepo};
+use lens::state::AppState;
 use std::sync::Arc;
 
 #[tokio::test]
@@ -4161,7 +4161,7 @@ impl FaviconService {
         std::fs::create_dir_all(&cache_dir).ok();
         let http = reqwest::Client::builder()
             .timeout(Duration::from_secs(5))
-            .user_agent("navsrv-favicon/0.1")
+            .user_agent("lens-favicon/0.1")
             .build().expect("http client");
         Self { cache_dir, http }
     }
@@ -4401,11 +4401,11 @@ Add `server/tests/spa_fallback.rs`:
 
 ```rust
 use axum_test::TestServer;
-use navsrv::app::build_app;
-use navsrv::auth::session::layer as session_layer;
-use navsrv::db::connect_in_memory;
-use navsrv::repo::{SqlxConfigRepo, SqlxNavRepo};
-use navsrv::state::AppState;
+use lens::app::build_app;
+use lens::auth::session::layer as session_layer;
+use lens::db::connect_in_memory;
+use lens::repo::{SqlxConfigRepo, SqlxNavRepo};
+use lens::state::AppState;
 use std::sync::Arc;
 use tempfile::TempDir;
 
@@ -4616,16 +4616,16 @@ pub mod migration;
 
 ```rust
 // server/src/main.rs (in main fn, after ensure_admin_password call)
-navsrv::services::migration::seed_if_empty(nav.clone() as _, cfg.clone() as _).await?;
+lens::services::migration::seed_if_empty(nav.clone() as _, cfg.clone() as _).await?;
 ```
 
 - [ ] **Step 5: Test**
 
 ```rust
 // server/tests/seed.rs
-use navsrv::db::connect_in_memory;
-use navsrv::repo::{ConfigRepo, NavRepo, SqlxConfigRepo, SqlxNavRepo};
-use navsrv::services::migration::seed_if_empty;
+use lens::db::connect_in_memory;
+use lens::repo::{ConfigRepo, NavRepo, SqlxConfigRepo, SqlxNavRepo};
+use lens::services::migration::seed_if_empty;
 use std::sync::Arc;
 
 #[tokio::test]
@@ -4679,7 +4679,7 @@ git commit -m "feat(server): seed_if_empty migrates bootstrap.json into SQLite"
 - [ ] **Step 1: `server/README.md`**
 
 ````markdown
-# navsrv
+# lens
 
 Rust backend for the navigation site (Plan 1 of 5). Serves the SPA + JSON API at `:8080`.
 
@@ -4717,7 +4717,7 @@ pnpm dev
 ## CLI
 
 ```
-navsrv reset-password [--password <new>]   # invalidates all sessions; deletes INITIAL_PASSWORD.txt
+lens reset-password [--password <new>]   # invalidates all sessions; deletes INITIAL_PASSWORD.txt
 ```
 
 ## Tests
diff --git a/docs/superpowers/plans/2026-05-20-plan-1.5-svelte5-upgrade.md b/docs/superpowers/plans/2026-05-20-plan-1.5-svelte5-upgrade.md
index 29ed802..176ce3a 100644
--- a/docs/superpowers/plans/2026-05-20-plan-1.5-svelte5-upgrade.md
+++ b/docs/superpowers/plans/2026-05-20-plan-1.5-svelte5-upgrade.md
@@ -104,7 +104,7 @@ cat web/package.json
 
 ```json
 {
-  "name": "navigation-website",
+  "name": "lens",
   "version": "1.0.0",
   "type": "module",
   "packageManager": "pnpm@10.0.0",
diff --git a/docs/superpowers/plans/2026-05-20-plan-5-docker-e2e.md b/docs/superpowers/plans/2026-05-20-plan-5-docker-e2e.md
index bd973f1..0e60411 100644
--- a/docs/superpowers/plans/2026-05-20-plan-5-docker-e2e.md
+++ b/docs/superpowers/plans/2026-05-20-plan-5-docker-e2e.md
@@ -2,7 +2,7 @@
 
 > **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task.
 
-**Goal:** Ship a production-ready single-image deploy. After this plan: `docker run -d -p 8080:8080 -v ./data:/app/data -e BOOTSTRAP_ADMIN_PASSWORD=… navsrv:latest` boots the full stack (Rust backend + SvelteKit SPA bundled together) on port 8080. Optional `docker compose up` adds Caddy with auto-TLS in front. A small Playwright e2e suite verifies the read + login + create flow against a real container. README has the quickstart at the top.
+**Goal:** Ship a production-ready single-image deploy. After this plan: `docker run -d -p 8080:8080 -v ./data:/app/data -e BOOTSTRAP_ADMIN_PASSWORD=… lens:latest` boots the full stack (Rust backend + SvelteKit SPA bundled together) on port 8080. Optional `docker compose up` adds Caddy with auto-TLS in front. A small Playwright e2e suite verifies the read + login + create flow against a real container. README has the quickstart at the top.
 
 **Out of scope (intentionally not in any of the 5 plans):** drag-drop reorder, full Group/Site/Tag management UI, SiteSettingsDialog, icon upload UI, full edit-mode polish. These are listed in the project README as future enhancements.
 
@@ -43,9 +43,9 @@ The current `server/bootstrap.json` is a placeholder (Plan 1 Task 32) with empty
 {
   "schemaVersion": 1,
   "meta": {
-    "siteName": "Pico 的小站导航",
+    "siteName": "Lens",
     "siteAvatarPath": "/avatar.png",
-    "siteCopyright": "Copyright © 2026 Pico. All rights reserved.",
+    "siteCopyright": "",
     "siteIcp": null,
     "sitePolice": null,
     "defaultTheme": "system"
@@ -167,9 +167,9 @@ export interface BootstrapDoc {
 export const BOOTSTRAP: BootstrapDoc = {
   schemaVersion: 1,
   meta: {
-    siteName: 'Pico 的小站导航',
+    siteName: 'Lens',
     siteAvatarPath: '/avatar.png',
-    siteCopyright: 'Copyright © 2026 Pico. All rights reserved.',
+    siteCopyright: '',
     siteIcp: null,
     sitePolice: null,
     defaultTheme: 'system'
@@ -261,16 +261,16 @@ RUN apt-get update && \
 # Cache deps layer
 COPY server/Cargo.toml server/Cargo.lock ./
 RUN mkdir -p src && echo 'fn main(){}' > src/main.rs && \
-    cargo build --release --bin navsrv && \
-    rm -rf src target/release/deps/navsrv* target/release/navsrv
+    cargo build --release --bin lens && \
+    rm -rf src target/release/deps/lens* target/release/lens
 # Real build
 COPY server/ ./
 ENV SQLX_OFFLINE=true
-RUN cargo build --release --bin navsrv
+RUN cargo build --release --bin lens
 
 # ──── Stage 3: runtime ────
 FROM gcr.io/distroless/cc-debian12 AS runtime
-COPY --from=server-build /server/target/release/navsrv /usr/local/bin/navsrv
+COPY --from=server-build /server/target/release/lens /usr/local/bin/lens
 COPY --from=web-build    /web/build                   /app/static
 ENV PORT=8080 \
     DATA_DIR=/app/data \
@@ -280,7 +280,7 @@ ENV PORT=8080 \
 VOLUME /app/data
 EXPOSE 8080
 USER nonroot
-ENTRYPOINT ["/usr/local/bin/navsrv"]
+ENTRYPOINT ["/usr/local/bin/lens"]
 ```
 
 Notes:
@@ -291,7 +291,7 @@ Notes:
 - [ ] **Step 2: Build the image**
 
 ```bash
-docker build -t navsrv:plan5-test . 2>&1 | tail -30
+docker build -t lens:plan5-test . 2>&1 | tail -30
 ```
 
 Use `timeout: 1800000` (30 min) — cold build is heavy. Subsequent builds use cached layers.
@@ -306,19 +306,19 @@ Expected: build succeeds. If a stage fails, inspect the log; common issues:
 ```bash
 mkdir -p /tmp/navdata
 docker run -d \
-  --name navsrv-test \
+  --name lens-test \
   -p 18080:8080 \
   -v /tmp/navdata:/app/data \
   -e BOOTSTRAP_ADMIN_PASSWORD=test1234 \
-  navsrv:plan5-test
+  lens:plan5-test
 sleep 5
-docker logs navsrv-test | tail -20
+docker logs lens-test | tail -20
 curl -sf http://127.0.0.1:18080/api/health
 echo
 curl -sf http://127.0.0.1:18080/api/nav | head -c 200
 echo
 curl -sf -o /tmp/spa.html http://127.0.0.1:18080/ && grep -oE '<title>[^<]+</title>' /tmp/spa.html
-docker stop navsrv-test && docker rm navsrv-test
+docker stop lens-test && docker rm lens-test
 rm -rf /tmp/navdata
 ```
 
@@ -342,7 +342,7 @@ git commit -m "feat(deploy): multi-stage Dockerfile (web + server → distroless
 services:
   nav:
     build: .
-    image: navsrv:latest
+    image: lens:latest
     container_name: nav
     restart: unless-stopped
     environment:
@@ -414,7 +414,7 @@ git commit -m "feat(deploy): docker-compose + Caddyfile (auto-TLS via Let's Encr
 # Usage: bash scripts/docker-smoke.sh
 set -euo pipefail
 
-IMG=navsrv:smoke-$$
+IMG=lens:smoke-$$
 DATA=$(mktemp -d)
 PORT=18080
 PASSWORD=smoke-pw-1234
@@ -533,7 +533,7 @@ Create `package.json` at the repo ROOT (no `pnpm-workspace.yaml` — this is jus
 
 ```json
 {
-  "name": "navigation_website-e2e",
+  "name": "lens-e2e",
   "version": "1.0.0",
   "private": true,
   "scripts": {
@@ -676,7 +676,7 @@ git commit -m "test(e2e): edit flow (login → toggle → create item via dialog
 # scripts/e2e.sh — boot a clean Docker container, run Playwright against it, tear down.
 set -euo pipefail
 
-IMG=navsrv:e2e-$$
+IMG=lens:e2e-$$
 DATA=$(mktemp -d)
 PORT=18080
 PASSWORD=test1234
@@ -754,7 +754,7 @@ docker run -d \
   -p 8080:8080 \
   -v ./data:/app/data \
   -e BOOTSTRAP_ADMIN_PASSWORD=changeme \
-  navsrv:latest
+  lens:latest
 ```
 
 Visit http://localhost:8080. Click **Log in** in the top-right, enter your password,
@@ -768,7 +768,7 @@ For HTTPS with Let's Encrypt, use `docker compose up -d` with the bundled
 | Path | Purpose |
 |---|---|
 | `web/` | SvelteKit 2 + Svelte 5 SPA. `pnpm dev` for local dev (proxies `/api` to `:8080`). |
-| `server/` | Rust binary (`navsrv`). `cargo run` for local dev (default port 8080). |
+| `server/` | Rust binary (`lens`). `cargo run` for local dev (default port 8080). |
 | `tests/` | Playwright e2e specs covering read + login + create. |
 | `scripts/` | `docker-smoke.sh`, `e2e.sh`, `dump-bootstrap.mjs`. |
 | `docs/superpowers/` | Design specs and implementation plans. |
@@ -823,7 +823,7 @@ bash scripts/e2e.sh
 ## Resetting the admin password
 
 ```bash
-docker exec -it nav navsrv reset-password --password=<new>
+docker exec -it nav lens reset-password --password=<new>
 # or interactively (the binary prompts)
 ```
 
diff --git a/docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md b/docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md
index 209d2ae..05ee124 100644
--- a/docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md
+++ b/docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md
@@ -2,7 +2,6 @@
 
 **Date:** 2026-05-19
 **Status:** Draft for review
-**Owner:** Pico
 **Supersedes:** existing static-only nav site (SvelteKit + adapter-static, hard-coded `nav.ts`)
 
 ---
@@ -397,9 +396,9 @@ export type NavBundle = z.infer<typeof NavBundleSchema>;
 
 ### 6.3 密码恢复（CLI 重置）
 
-- 二进制提供子命令：`navsrv reset-password [--password=<new>]`（不传交互式 prompt）
+- 二进制提供子命令：`lens reset-password [--password=<new>]`（不传交互式 prompt）
 - 流程：
-  - 用户 `docker exec -it nav-container navsrv reset-password`
+  - 用户 `docker exec -it nav-container lens reset-password`
   - 子命令打开同一 SQLite，写入新 bcrypt hash + 更新 `admin_password_updated_at`
   - 立即吊销所有现有 session（`DELETE FROM sessions`）
 - 文档：README 加"忘记密码"段落
@@ -613,20 +612,20 @@ RUN apt-get update && apt-get install -y pkg-config libssl-dev && rm -rf /var/li
 COPY server/Cargo.toml server/Cargo.lock ./
 RUN mkdir src && echo 'fn main(){}' > src/main.rs && \
     cargo build --release && \
-    rm -rf src target/release/deps/navsrv* target/release/navsrv*
+    rm -rf src target/release/deps/lens* target/release/lens*
 COPY server/ ./
 COPY --from=web-build /web/build/bootstrap.json ./bootstrap.json
 RUN cargo build --release
 
 # ──── Stage 3: runtime ────
 FROM gcr.io/distroless/cc-debian12
-COPY --from=server-build /server/target/release/navsrv /usr/local/bin/navsrv
+COPY --from=server-build /server/target/release/lens /usr/local/bin/lens
 COPY --from=web-build    /web/build                   /app/static
 ENV PORT=8080 DATA_DIR=/app/data STATIC_DIR=/app/static
 VOLUME /app/data
 EXPOSE 8080
 USER nonroot
-CMD ["navsrv"]
+CMD ["lens"]
 ```
 
 提供 `docker-compose.yml` sample：
@@ -715,8 +714,8 @@ pnpm dev                      # listens :5173, vite proxies /api → localhost:8
 
 ### 9.5 部署运维
 
-- `docker run -d --name nav -p 8080:8080 -v ./data:/app/data -e BOOTSTRAP_ADMIN_PASSWORD=changeme navsrv:latest`
-- 改密码：UI 自助 / `docker exec -it nav navsrv reset-password`
+- `docker run -d --name nav -p 8080:8080 -v ./data:/app/data -e BOOTSTRAP_ADMIN_PASSWORD=changeme lens:latest`
+- 改密码：UI 自助 / `docker exec -it nav lens reset-password`
 - 备份：`rsync ./data /backup/nav/$(date +%F)/`
 - 升级：`docker pull` + 重启容器；schema 自动迁移
 
@@ -753,7 +752,7 @@ pnpm dev                      # listens :5173, vite proxies /api → localhost:8
 - [x] 部署：单 Docker 镜像、单进程、Rust 直接 serve 静态前端
 - [x] 编辑形态：同页"编辑模式"（inline 拖拽 + 双击 + 右键菜单 + dialog）
 - [x] 鉴权：单管理员密码 + bcrypt + signed cookie
-- [x] 密码恢复：CLI 子命令 `navsrv reset-password`
+- [x] 密码恢复：CLI 子命令 `lens reset-password`
 - [x] UI：重建 design system 全新风格（不用 Tailwind）
 - [x] Footer 重做
 - [x] 数据范式：3NF（item × site 多对多 link 表，不用 JSON 列）
diff --git a/server/README.md b/server/README.md
index a1b90a3..c49aac4 100644
--- a/server/README.md
+++ b/server/README.md
@@ -1,4 +1,4 @@
-# navsrv
+# lens
 
 Rust backend for the navigation site. Single Axum process that serves both the
 SvelteKit SPA static assets and the JSON API. Default port `8080`, override with
@@ -38,8 +38,8 @@ pnpm dev
 ## Build
 
 ```bash
-SQLX_OFFLINE=true cargo build --release --bin navsrv
-# binary at target/release/navsrv; runs against the committed .sqlx/ query cache
+SQLX_OFFLINE=true cargo build --release --bin lens
+# binary at target/release/lens; runs against the committed .sqlx/ query cache
 ```
 
 To regenerate the query cache after schema/query changes:
@@ -51,7 +51,7 @@ DATABASE_URL=sqlite://./dev-data/data.db cargo sqlx prepare
 ## CLI
 
 ```
-navsrv reset-password [--password <new>]   # invalidates all sessions; deletes INITIAL_PASSWORD.txt
+lens reset-password [--password <new>]   # invalidates all sessions; deletes INITIAL_PASSWORD.txt
 ```
 
 ## Tests
diff --git a/web/package.json b/web/package.json
index ed12083..afb81b2 100644
--- a/web/package.json
+++ b/web/package.json
@@ -1,5 +1,5 @@
 {
-  "name": "navigation-website",
+  "name": "lens",
   "version": "1.0.0",
   "type": "module",
   "packageManager": "pnpm@10.0.0",

From 7266930cc3e144e4211012c98f9bb258a7dfb7b8 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 27 May 2026 15:44:40 +0800
Subject: [PATCH 72/77] =?UTF-8?q?chore:=20complete=20navigation-website=20?=
 =?UTF-8?q?=E2=86=92=20lens=20rebrand=20sweep?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- nginx static root /usr/local/webserver/lens/
- localStorage prefix navsite.* → lens.* (theme, locale, uiPrefs)
- spec doc references to old project name

Existing user prefs reset to defaults on next visit; uiPrefs already
gates on schema version so no breakage.
---
 config/nginx/nginx.conf                                       | 4 ++--
 .../specs/2026-05-19-rust-navigation-platform-design.md       | 2 +-
 .../2026-05-26-launchpad-drag-merge-disambiguation-design.md  | 2 +-
 web/src/lib/design/theme.ts                                   | 2 +-
 web/src/lib/i18n/store.ts                                     | 2 +-
 web/src/lib/stores/uiPrefs.ts                                 | 4 ++--
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/config/nginx/nginx.conf b/config/nginx/nginx.conf
index fc658a6..e108517 100644
--- a/config/nginx/nginx.conf
+++ b/config/nginx/nginx.conf
@@ -40,7 +40,7 @@ http {
   server {
     listen                        80;
 
-    root                          /usr/local/webserver/navigation_website/;
+    root                          /usr/local/webserver/lens/;
     index                         index.html index.htm;
   }
 
@@ -61,7 +61,7 @@ http {
   #   ssl_prefer_server_ciphers     on;
   #   ssl_buffer_size               1400;
 
-  #   root                          /usr/local/webserver/navigation_website/;
+  #   root                          /usr/local/webserver/lens/;
   #   index                         index.html index.htm;
 
   #   location / {
diff --git a/docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md b/docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md
index 05ee124..ac1a872 100644
--- a/docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md
+++ b/docs/superpowers/specs/2026-05-19-rust-navigation-platform-design.md
@@ -637,7 +637,7 @@ CMD ["lens"]
 > 仓库采用 **web/ + server/ 双子项目**：前端、后端各自自包含，根目录只放跨子项目资源（Dockerfile / docker-compose / docs / scripts / e2e tests / README）。**不**引入 pnpm/cargo workspace（YAGNI）。
 
 ```
-navigation_website/
+lens/
 ├─ web/                                # SvelteKit 子项目（自包含）
 │  ├─ package.json
 │  ├─ pnpm-lock.yaml
diff --git a/docs/superpowers/specs/2026-05-26-launchpad-drag-merge-disambiguation-design.md b/docs/superpowers/specs/2026-05-26-launchpad-drag-merge-disambiguation-design.md
index 3748ed8..f25a5e6 100644
--- a/docs/superpowers/specs/2026-05-26-launchpad-drag-merge-disambiguation-design.md
+++ b/docs/superpowers/specs/2026-05-26-launchpad-drag-merge-disambiguation-design.md
@@ -581,7 +581,7 @@ and worth testing. New file `dragGrid.test.ts` with cases:
 
 Single PR. No feature flag, no incremental migration. The change is a
 pure UX refinement; if reverted, behavior returns to current. Worktree
-already isolated (`navigation_website/.worktrees/rust-backend`).
+already isolated (`lens/.worktrees/rust-backend`).
 
 PR title: `feat(launchpad): macos-style drag with dwell-gated merge and shift-to-make-room`
 
diff --git a/web/src/lib/design/theme.ts b/web/src/lib/design/theme.ts
index defcf1e..972aa90 100644
--- a/web/src/lib/design/theme.ts
+++ b/web/src/lib/design/theme.ts
@@ -3,7 +3,7 @@ import { browser } from '$app/environment';
 
 export type ThemeMode = 'system' | 'light' | 'dark';
 
-const LS_KEY = 'navsite.theme';
+const LS_KEY = 'lens.theme';
 
 function detectStored(): ThemeMode {
   if (!browser) return 'system';
diff --git a/web/src/lib/i18n/store.ts b/web/src/lib/i18n/store.ts
index 799cc4f..98f5d9e 100644
--- a/web/src/lib/i18n/store.ts
+++ b/web/src/lib/i18n/store.ts
@@ -7,7 +7,7 @@ export type Locale = 'zh' | 'en';
 
 const DICTIONARIES: Record<Locale, Record<string, string>> = { zh, en };
 
-const LS_KEY = 'navsite.locale';
+const LS_KEY = 'lens.locale';
 
 function detectInitial(): Locale {
   if (!browser) return 'zh';
diff --git a/web/src/lib/stores/uiPrefs.ts b/web/src/lib/stores/uiPrefs.ts
index f36b5fc..4a1157f 100644
--- a/web/src/lib/stores/uiPrefs.ts
+++ b/web/src/lib/stores/uiPrefs.ts
@@ -7,8 +7,8 @@ export interface UiPrefs {
   siteValue: string | null;
 }
 
-const LS_KEY = 'navsite.uiPrefs';
-const SCHEMA_KEY = 'navsite.uiPrefs.v';
+const LS_KEY = 'lens.uiPrefs';
+const SCHEMA_KEY = 'lens.uiPrefs.v';
 // Bumped to 2 when we dropped favorites and group-open state — old
 // payloads are silently discarded on first load.
 const SCHEMA_VERSION = '2';

From e5356e7a841a0cf0e514e71d4e2d33246f734c52 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 27 May 2026 15:44:47 +0800
Subject: [PATCH 73/77] ci: rewrite workflows for web+server architecture

release.yml:
- Build web (pnpm in web/) and server (cargo in server/, SQLX_OFFLINE)
- Package lens-<ver>-linux-x86_64.tar.gz/.zip with binary + static + README
- New docker job pushes multi-tag image to ghcr.io/<owner>/<repo>

ci.yml (new):
- web: pnpm lint + check + test:unit + build, upload build artifact
- server: cargo fmt --check, clippy -D warnings, test
- Concurrency group cancels stale runs

Old release.yml ran pnpm build at repo root, which no longer produces
anything (root package.json is the e2e harness).
---
 .github/workflows/ci.yml      |  86 +++++++++++++++++++++++++
 .github/workflows/release.yml | 117 ++++++++++++++++++++++++++++------
 2 files changed, 184 insertions(+), 19 deletions(-)
 create mode 100644 .github/workflows/ci.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..4c7c5ae
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,86 @@
+name: ci
+
+on:
+  pull_request:
+    branches: [master, main]
+  push:
+    branches: [master, main]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  web:
+    name: Web (lint + typecheck + unit + build)
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: web
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 10
+
+      - name: Setup Node 20
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'pnpm'
+          cache-dependency-path: web/pnpm-lock.yaml
+
+      - name: Install
+        run: pnpm install --frozen-lockfile
+
+      - name: Lint
+        run: pnpm lint
+
+      - name: Typecheck
+        run: pnpm check
+
+      - name: Unit tests
+        run: pnpm test:unit
+
+      - name: Build
+        run: pnpm build
+
+      - name: Upload web build
+        uses: actions/upload-artifact@v4
+        with:
+          name: web-build
+          path: web/build
+          retention-days: 7
+
+  server:
+    name: Server (fmt + clippy + test)
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: server
+    env:
+      SQLX_OFFLINE: 'true'
+      RUSTFLAGS: '-D warnings'
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          components: rustfmt, clippy
+
+      - name: Cache cargo
+        uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: server
+
+      - name: Format
+        run: cargo fmt --all -- --check
+
+      - name: Clippy
+        run: cargo clippy --all-targets --all-features
+
+      - name: Test
+        run: cargo test --all-features
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 03dddc5..fdcd89e 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -9,35 +9,114 @@ permissions:
   contents: write
 
 jobs:
-  release:
+  build:
+    name: Build release tarball (linux-x86_64)
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
-      - name: Setup Node Version 20
-        uses: actions/setup-node@v3
+      - name: Get version
+        id: version
+        run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> "$GITHUB_OUTPUT"
+
+      # ── Frontend ──────────────────────────────────────────
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
         with:
-          node-version: '20.x'
+          version: 10
 
-      - name: Install And Build
-        run: |
-          pnpm install
-          pnpm build
+      - name: Setup Node 20
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'pnpm'
+          cache-dependency-path: web/pnpm-lock.yaml
+
+      - name: Install web deps
+        working-directory: web
+        run: pnpm install --frozen-lockfile
+
+      - name: Build web
+        working-directory: web
+        run: pnpm build
 
-      - name: Get Version
-        id: get_version
-        run: echo "VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT
+      # ── Backend ───────────────────────────────────────────
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@stable
 
-      - name: Package files
+      - name: Cache cargo
+        uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: server
+
+      - name: Build server (release)
+        working-directory: server
+        env:
+          SQLX_OFFLINE: 'true'
+        run: cargo build --release --bin lens
+
+      # ── Package ───────────────────────────────────────────
+      - name: Assemble release tree
         run: |
-          mv ./build ./navigation-website-${{ steps.get_version.outputs.VERSION }}
-          tar -zcvf navigation-website-${{ steps.get_version.outputs.VERSION }}.tar.gz ./navigation-website-${{ steps.get_version.outputs.VERSION }}
-          zip -r navigation-website-${{ steps.get_version.outputs.VERSION }}.zip ./navigation-website-${{ steps.get_version.outputs.VERSION }}
+          set -eux
+          DIST="lens-${{ steps.version.outputs.VERSION }}-linux-x86_64"
+          mkdir -p "dist/$DIST/static"
+          cp server/target/release/lens          "dist/$DIST/lens"
+          cp -r web/build/.                       "dist/$DIST/static/"
+          cp README.md                            "dist/$DIST/README.md"
+          (cd dist && tar -zcvf "$DIST.tar.gz" "$DIST")
+          (cd dist && zip -r    "$DIST.zip"    "$DIST")
 
       - name: Release
-        uses: softprops/action-gh-release@v1
-        if: startsWith(github.ref, 'refs/tags/')
+        uses: softprops/action-gh-release@v2
         with:
-          files: ./navigation-website-*
+          files: |
+            dist/lens-*.tar.gz
+            dist/lens-*.zip
           draft: false
+
+  docker:
+    name: Build & push Docker image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Get version
+        id: version
+        run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> "$GITHUB_OUTPUT"
+
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Image metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=raw,value=latest
+
+      - name: Build & push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

From 56fef4d6847267fce603053078e71d41679ffe74 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 27 May 2026 15:55:39 +0800
Subject: [PATCH 74/77] chore: apply rustfmt and prettier to satisfy CI
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Auto-formatted on the worktree to match what `cargo fmt` and
`prettier --write` produce in CI runners.

No semantic changes — pure whitespace.
---
 server/src/repo/sqlx_impl.rs                  | 109 +++++++++---------
 server/src/services/legacy_migrate.rs         |  82 +++++++++----
 server/tests/api_cards.rs                     |   5 +-
 server/tests/repo_cards.rs                    |  25 ++--
 server/tests/seed.rs                          |   5 +-
 .../lib/components/Admin/AdminSitesTab.svelte |   4 +-
 web/src/lib/util/dragGrid.ts                  |  18 +--
 7 files changed, 140 insertions(+), 108 deletions(-)

diff --git a/server/src/repo/sqlx_impl.rs b/server/src/repo/sqlx_impl.rs
index 708d7cf..1883b74 100644
--- a/server/src/repo/sqlx_impl.rs
+++ b/server/src/repo/sqlx_impl.rs
@@ -121,11 +121,10 @@ impl NavRepo for SqlxNavRepo {
     }
 
     async fn delete_site(&self, id: i64) -> Result<()> {
-        let referenced: i64 =
-            sqlx::query_scalar("SELECT COUNT(*) FROM card_links WHERE site_id=?")
-                .bind(id)
-                .fetch_one(&self.pool)
-                .await?;
+        let referenced: i64 = sqlx::query_scalar("SELECT COUNT(*) FROM card_links WHERE site_id=?")
+            .bind(id)
+            .fetch_one(&self.pool)
+            .await?;
         if referenced > 0 {
             return Err(AppError::Conflict(format!(
                 "site is referenced by {referenced} card link(s); remove them first"
@@ -284,7 +283,9 @@ impl NavRepo for SqlxNavRepo {
         }
         if let Some(v) = p.icon_value {
             if kind_str != "item" {
-                return Err(AppError::Validation("icon_value only valid on items".into()));
+                return Err(AppError::Validation(
+                    "icon_value only valid on items".into(),
+                ));
             }
             sqlx::query("UPDATE cards SET icon_value=?, updated_at=? WHERE id=?")
                 .bind(v)
@@ -338,10 +339,11 @@ impl NavRepo for SqlxNavRepo {
         let (kind, old_parent) = row.ok_or(AppError::NotFound)?;
         if kind == "folder" {
             // Release children: parent_id = NULL, appended at end of root bucket.
-            let mut next_root: i64 =
-                sqlx::query_scalar("SELECT COALESCE(MAX(sort_order), -1) + 1 FROM cards WHERE parent_id IS NULL")
-                    .fetch_one(&mut *tx)
-                    .await?;
+            let mut next_root: i64 = sqlx::query_scalar(
+                "SELECT COALESCE(MAX(sort_order), -1) + 1 FROM cards WHERE parent_id IS NULL",
+            )
+            .fetch_one(&mut *tx)
+            .await?;
             let child_ids: Vec<i64> = sqlx::query_scalar(
                 "SELECT id FROM cards WHERE parent_id=? ORDER BY sort_order, id",
             )
@@ -393,7 +395,12 @@ impl NavRepo for SqlxNavRepo {
         }
         let entries_dbg: Vec<String> = entries
             .iter()
-            .map(|e| format!("(id={}, parent={:?}, sort={})", e.id, e.parent_id, e.sort_order))
+            .map(|e| {
+                format!(
+                    "(id={}, parent={:?}, sort={})",
+                    e.id, e.parent_id, e.sort_order
+                )
+            })
             .collect();
         tracing::info!(entries = ?entries_dbg, "reorder_cards: incoming");
 
@@ -449,8 +456,7 @@ impl NavRepo for SqlxNavRepo {
         //      taking the requested order and remaining rows stable
         //      after them, then rewrite contiguous 0..N sort_orders.
         // This is idempotent and never raises UNIQUE.
-        let target_parents: BTreeSet<Option<i64>> =
-            entries.iter().map(|e| e.parent_id).collect();
+        let target_parents: BTreeSet<Option<i64>> = entries.iter().map(|e| e.parent_id).collect();
 
         // Step 1: stage every entry to a unique negative slot under its
         // TARGET parent. We use very-negative slots (offset by 1<<20) so
@@ -472,10 +478,8 @@ impl NavRepo for SqlxNavRepo {
         // about, in their existing sort_order. Then renumber 0..N.
         for parent in &target_parents {
             // Listed entries for this bucket, sorted by requested order.
-            let mut listed: Vec<&ReorderEntry> = entries
-                .iter()
-                .filter(|e| e.parent_id == *parent)
-                .collect();
+            let mut listed: Vec<&ReorderEntry> =
+                entries.iter().filter(|e| e.parent_id == *parent).collect();
             listed.sort_by_key(|e| e.sort_order);
 
             // Other rows in the same bucket that aren't in `listed`.
@@ -538,22 +542,18 @@ impl NavRepo for SqlxNavRepo {
 
     async fn auto_folder(&self, p: AutoFolderPayload) -> Result<Card> {
         if p.source_item_id == p.target_item_id {
-            return Err(AppError::Validation(
-                "source and target must differ".into(),
-            ));
+            return Err(AppError::Validation("source and target must differ".into()));
         }
         let now = now_ms();
         let mut tx = self.pool.begin().await?;
 
         // Both must be items at root.
-        let target_row: Option<(String, Option<i64>, i64)> = sqlx::query_as(
-            "SELECT kind, parent_id, sort_order FROM cards WHERE id=?",
-        )
-        .bind(p.target_item_id)
-        .fetch_optional(&mut *tx)
-        .await?;
-        let (target_kind, target_parent, target_sort) =
-            target_row.ok_or(AppError::NotFound)?;
+        let target_row: Option<(String, Option<i64>, i64)> =
+            sqlx::query_as("SELECT kind, parent_id, sort_order FROM cards WHERE id=?")
+                .bind(p.target_item_id)
+                .fetch_optional(&mut *tx)
+                .await?;
+        let (target_kind, target_parent, target_sort) = target_row.ok_or(AppError::NotFound)?;
         if target_kind != "item" {
             return Err(AppError::Validation("target must be an item".into()));
         }
@@ -648,11 +648,10 @@ async fn dissolve_singleton_folders(
         if kind.as_deref() != Some("folder") {
             continue;
         }
-        let child_count: i64 =
-            sqlx::query_scalar("SELECT COUNT(*) FROM cards WHERE parent_id=?")
-                .bind(fid)
-                .fetch_one(&mut *conn)
-                .await?;
+        let child_count: i64 = sqlx::query_scalar("SELECT COUNT(*) FROM cards WHERE parent_id=?")
+            .bind(fid)
+            .fetch_one(&mut *conn)
+            .await?;
         if child_count > 1 {
             continue;
         }
@@ -669,14 +668,12 @@ async fn dissolve_singleton_folders(
             )
             .fetch_one(&mut *conn)
             .await?;
-            sqlx::query(
-                "UPDATE cards SET parent_id=NULL, sort_order=?, updated_at=? WHERE id=?",
-            )
-            .bind(-(1_i64 << 30))
-            .bind(now)
-            .bind(child_id)
-            .execute(&mut *conn)
-            .await?;
+            sqlx::query("UPDATE cards SET parent_id=NULL, sort_order=?, updated_at=? WHERE id=?")
+                .bind(-(1_i64 << 30))
+                .bind(now)
+                .bind(child_id)
+                .execute(&mut *conn)
+                .await?;
             sqlx::query("UPDATE cards SET sort_order=?, updated_at=? WHERE id=?")
                 .bind(next_root)
                 .bind(now)
@@ -702,9 +699,7 @@ where
         .await?;
     match kind.as_deref() {
         Some("folder") => Ok(()),
-        Some(_) => Err(AppError::Validation(
-            "parent must be a folder card".into(),
-        )),
+        Some(_) => Err(AppError::Validation("parent must be a folder card".into())),
         None => Err(AppError::Validation("parent card does not exist".into())),
     }
 }
@@ -715,15 +710,19 @@ where
 {
     let next: i64 = match parent_id {
         Some(p) => {
-            sqlx::query_scalar("SELECT COALESCE(MAX(sort_order), -1) + 1 FROM cards WHERE parent_id=?")
-                .bind(p)
-                .fetch_one(executor)
-                .await?
+            sqlx::query_scalar(
+                "SELECT COALESCE(MAX(sort_order), -1) + 1 FROM cards WHERE parent_id=?",
+            )
+            .bind(p)
+            .fetch_one(executor)
+            .await?
         }
         None => {
-            sqlx::query_scalar("SELECT COALESCE(MAX(sort_order), -1) + 1 FROM cards WHERE parent_id IS NULL")
-                .fetch_one(executor)
-                .await?
+            sqlx::query_scalar(
+                "SELECT COALESCE(MAX(sort_order), -1) + 1 FROM cards WHERE parent_id IS NULL",
+            )
+            .fetch_one(executor)
+            .await?
         }
     };
     Ok(next)
@@ -781,9 +780,11 @@ fn validate_payload(p: &CardPayload) -> Result<()> {
 }
 
 async fn list_sites_inner(pool: &SqlitePool) -> Result<Vec<Site>> {
-    let rows = sqlx::query("SELECT id, value, name, sort_order, is_default FROM sites ORDER BY sort_order, id")
-        .fetch_all(pool)
-        .await?;
+    let rows = sqlx::query(
+        "SELECT id, value, name, sort_order, is_default FROM sites ORDER BY sort_order, id",
+    )
+    .fetch_all(pool)
+    .await?;
     Ok(rows
         .into_iter()
         .map(|r| Site {
diff --git a/server/src/services/legacy_migrate.rs b/server/src/services/legacy_migrate.rs
index 934d9db..5808c3f 100644
--- a/server/src/services/legacy_migrate.rs
+++ b/server/src/services/legacy_migrate.rs
@@ -20,10 +20,11 @@ fn now_ms() -> i64 {
 }
 
 pub async fn migrate_if_needed(pool: &SqlitePool) -> Result<()> {
-    let legacy_present: i64 =
-        sqlx::query_scalar("SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='groups'")
-            .fetch_one(pool)
-            .await?;
+    let legacy_present: i64 = sqlx::query_scalar(
+        "SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='groups'",
+    )
+    .fetch_one(pool)
+    .await?;
     if legacy_present == 0 {
         return Ok(());
     }
@@ -33,9 +34,10 @@ pub async fn migrate_if_needed(pool: &SqlitePool) -> Result<()> {
     let mut tx = pool.begin().await?;
 
     // ----- 1. groups -> cards (kind='folder', root) -----
-    let group_rows = sqlx::query("SELECT id, slug, name, sort_order FROM groups ORDER BY sort_order, id")
-        .fetch_all(&mut *tx)
-        .await?;
+    let group_rows =
+        sqlx::query("SELECT id, slug, name, sort_order FROM groups ORDER BY sort_order, id")
+            .fetch_all(&mut *tx)
+            .await?;
 
     let mut group_id_map: HashMap<i64, i64> = HashMap::new();
     for (idx, row) in group_rows.iter().enumerate() {
@@ -68,7 +70,16 @@ pub async fn migrate_if_needed(pool: &SqlitePool) -> Result<()> {
 
     // Bucket items by their NEW parent_id (None = root) so we can renumber
     // contiguously starting at the next free slot in each bucket.
-    type LegacyItem = (i64, Option<i64>, String, Option<String>, String, String, i64, i64);
+    type LegacyItem = (
+        i64,
+        Option<i64>,
+        String,
+        Option<String>,
+        String,
+        String,
+        i64,
+        i64,
+    );
     let mut buckets: BTreeMap<Option<i64>, Vec<usize>> = BTreeMap::new();
     let mut item_records: Vec<LegacyItem> = Vec::with_capacity(item_rows.len());
     for (idx, row) in item_rows.iter().enumerate() {
@@ -100,8 +111,16 @@ pub async fn migrate_if_needed(pool: &SqlitePool) -> Result<()> {
         // start root items after them. Folder buckets start at 0.
         let base_offset = if parent.is_none() { folder_count } else { 0 };
         for (offset, idx) in indices.iter().enumerate() {
-            let (old_id, new_parent, name, description, icon_kind, icon_value, created_at, updated_at) =
-                &item_records[*idx];
+            let (
+                old_id,
+                new_parent,
+                name,
+                description,
+                icon_kind,
+                icon_value,
+                created_at,
+                updated_at,
+            ) = &item_records[*idx];
             let sort_order = base_offset + offset as i64;
             let res = sqlx::query(
                 "INSERT INTO cards (kind, parent_id, sort_order, name, icon_kind, icon_value, description, created_at, updated_at) \
@@ -141,7 +160,9 @@ pub async fn migrate_if_needed(pool: &SqlitePool) -> Result<()> {
     }
 
     // ----- 4. drop legacy tables -----
-    sqlx::query("DROP TABLE item_links").execute(&mut *tx).await?;
+    sqlx::query("DROP TABLE item_links")
+        .execute(&mut *tx)
+        .await?;
     sqlx::query("DROP TABLE items").execute(&mut *tx).await?;
     sqlx::query("DROP TABLE groups").execute(&mut *tx).await?;
 
@@ -171,8 +192,12 @@ mod tests {
     async fn migrate_copies_groups_items_and_drops_legacy() {
         let pool = legacy_pool().await;
         // Seed legacy data
-        sqlx::query("INSERT INTO sites (value, name, sort_order, is_default) VALUES ('a', 'A', 0, 1)")
-            .execute(&pool).await.unwrap();
+        sqlx::query(
+            "INSERT INTO sites (value, name, sort_order, is_default) VALUES ('a', 'A', 0, 1)",
+        )
+        .execute(&pool)
+        .await
+        .unwrap();
         sqlx::query("INSERT INTO groups (slug, name, sort_order, collapsed_default) VALUES ('tools', 'Tools', 0, 0)")
             .execute(&pool).await.unwrap();
         sqlx::query("INSERT INTO groups (slug, name, sort_order, collapsed_default) VALUES ('media', 'Media', 1, 0)")
@@ -182,32 +207,45 @@ mod tests {
         sqlx::query("INSERT INTO items (group_id, name, icon_kind, icon_value, sort_order, created_at, updated_at) VALUES (1, 'Y', 'asset', 'y.png', 1, 0, 0)")
             .execute(&pool).await.unwrap();
         sqlx::query("INSERT INTO item_links (item_id, site_id, url) VALUES (1, 1, 'http://x')")
-            .execute(&pool).await.unwrap();
+            .execute(&pool)
+            .await
+            .unwrap();
 
         migrate_if_needed(&pool).await.unwrap();
 
         // Cards: 2 folders + 2 items
         let card_count: i64 = sqlx::query_scalar("SELECT COUNT(*) FROM cards")
-            .fetch_one(&pool).await.unwrap();
+            .fetch_one(&pool)
+            .await
+            .unwrap();
         assert_eq!(card_count, 4);
-        let folder_count: i64 = sqlx::query_scalar("SELECT COUNT(*) FROM cards WHERE kind='folder'")
-            .fetch_one(&pool).await.unwrap();
+        let folder_count: i64 =
+            sqlx::query_scalar("SELECT COUNT(*) FROM cards WHERE kind='folder'")
+                .fetch_one(&pool)
+                .await
+                .unwrap();
         assert_eq!(folder_count, 2);
         // Items live under the first folder
         let parent: Option<i64> = sqlx::query_scalar("SELECT parent_id FROM cards WHERE name='X'")
-            .fetch_one(&pool).await.unwrap();
+            .fetch_one(&pool)
+            .await
+            .unwrap();
         assert!(parent.is_some());
 
         // Card link migrated
         let link_count: i64 = sqlx::query_scalar("SELECT COUNT(*) FROM card_links")
-            .fetch_one(&pool).await.unwrap();
+            .fetch_one(&pool)
+            .await
+            .unwrap();
         assert_eq!(link_count, 1);
 
         // Legacy tables dropped
         let groups_left: i64 = sqlx::query_scalar(
             "SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='groups'",
         )
-        .fetch_one(&pool).await.unwrap();
+        .fetch_one(&pool)
+        .await
+        .unwrap();
         assert_eq!(groups_left, 0);
     }
 
@@ -218,7 +256,9 @@ mod tests {
         // Second call: must be a no-op
         migrate_if_needed(&pool).await.unwrap();
         let card_count: i64 = sqlx::query_scalar("SELECT COUNT(*) FROM cards")
-            .fetch_one(&pool).await.unwrap();
+            .fetch_one(&pool)
+            .await
+            .unwrap();
         assert_eq!(card_count, 0);
     }
 }
diff --git a/server/tests/api_cards.rs b/server/tests/api_cards.rs
index 6a3d4c7..2e55435 100644
--- a/server/tests/api_cards.rs
+++ b/server/tests/api_cards.rs
@@ -106,7 +106,10 @@ async fn legacy_routes_are_unreachable() {
     // mismatch on a leftover prefix); either way the route does not
     // succeed. We assert the absence of a 2xx.
     let server = auth_server().await;
-    let r1 = server.post("/api/groups").json(&serde_json::json!({})).await;
+    let r1 = server
+        .post("/api/groups")
+        .json(&serde_json::json!({}))
+        .await;
     assert!(!r1.status_code().is_success());
     let r2 = server.post("/api/items").json(&serde_json::json!({})).await;
     assert!(!r2.status_code().is_success());
diff --git a/server/tests/repo_cards.rs b/server/tests/repo_cards.rs
index 4a81fb7..714e721 100644
--- a/server/tests/repo_cards.rs
+++ b/server/tests/repo_cards.rs
@@ -64,7 +64,10 @@ async fn create_item_with_links_round_trips() {
     let mut p = item_payload("X", None);
     p.links = links.clone();
     let a = repo.create_card(p).await.unwrap();
-    assert_eq!(a.links.get("shangHai").map(|s| s.as_str()), Some("http://x"));
+    assert_eq!(
+        a.links.get("shangHai").map(|s| s.as_str()),
+        Some("http://x")
+    );
 }
 
 #[tokio::test]
@@ -119,10 +122,7 @@ async fn folder_cannot_be_created_inside_folder() {
 #[tokio::test]
 async fn delete_folder_releases_children_to_root() {
     let (repo, _) = make_repo().await;
-    let folder = repo
-        .create_card(folder_payload("F", "f"))
-        .await
-        .unwrap();
+    let folder = repo.create_card(folder_payload("F", "f")).await.unwrap();
     let a = repo
         .create_card(item_payload("A", Some(folder.id)))
         .await
@@ -214,10 +214,7 @@ async fn auto_folder_creates_folder_with_two_items() {
 #[tokio::test]
 async fn folder_dissolves_when_only_one_child_remains() {
     let (repo, _) = make_repo().await;
-    let folder = repo
-        .create_card(folder_payload("F", "f"))
-        .await
-        .unwrap();
+    let folder = repo.create_card(folder_payload("F", "f")).await.unwrap();
     let _a = repo
         .create_card(item_payload("A", Some(folder.id)))
         .await
@@ -251,10 +248,7 @@ async fn folder_dissolves_when_only_one_child_remains() {
 #[tokio::test]
 async fn folder_dissolves_when_last_child_deleted() {
     let (repo, _) = make_repo().await;
-    let folder = repo
-        .create_card(folder_payload("F", "f"))
-        .await
-        .unwrap();
+    let folder = repo.create_card(folder_payload("F", "f")).await.unwrap();
     let a = repo
         .create_card(item_payload("A", Some(folder.id)))
         .await
@@ -275,10 +269,7 @@ async fn folder_dissolves_when_last_child_deleted() {
 #[tokio::test]
 async fn patch_moves_item_into_folder() {
     let (repo, _) = make_repo().await;
-    let folder = repo
-        .create_card(folder_payload("F", "f"))
-        .await
-        .unwrap();
+    let folder = repo.create_card(folder_payload("F", "f")).await.unwrap();
     let a = repo.create_card(item_payload("A", None)).await.unwrap();
     repo.patch_card(
         a.id,
diff --git a/server/tests/seed.rs b/server/tests/seed.rs
index c89b7b3..d49fcfb 100644
--- a/server/tests/seed.rs
+++ b/server/tests/seed.rs
@@ -25,10 +25,7 @@ async fn seed_populates_sites_and_folders() {
         .filter(|c| matches!(c.kind, CardKind::Item))
         .collect();
     assert!(!items.is_empty(), "expected items seeded from bootstrap");
-    assert_eq!(
-        cfg.get("site_name").await.unwrap().as_deref(),
-        Some("Lens")
-    );
+    assert_eq!(cfg.get("site_name").await.unwrap().as_deref(), Some("Lens"));
 }
 
 #[tokio::test]
diff --git a/web/src/lib/components/Admin/AdminSitesTab.svelte b/web/src/lib/components/Admin/AdminSitesTab.svelte
index 42f6a1b..d508766 100644
--- a/web/src/lib/components/Admin/AdminSitesTab.svelte
+++ b/web/src/lib/components/Admin/AdminSitesTab.svelte
@@ -102,9 +102,7 @@
     if (busy) return;
     const count = linkCountBySite.get(s.value) ?? 0;
     if (count > 0) {
-      toast.error(
-        $t('admin.sites.toast.referencedBy', { name: s.name, count })
-      );
+      toast.error($t('admin.sites.toast.referencedBy', { name: s.name, count }));
       return;
     }
     if (!confirm($t('admin.sites.confirmDelete', { name: s.name }))) return;
diff --git a/web/src/lib/util/dragGrid.ts b/web/src/lib/util/dragGrid.ts
index 85fc9de..a51e553 100644
--- a/web/src/lib/util/dragGrid.ts
+++ b/web/src/lib/util/dragGrid.ts
@@ -480,8 +480,14 @@ function readMetaFromCell(cell: HTMLElement): CardMeta | null {
  * threshold.
  */
 function classifyIntent(target: DOMRect, dragged: DOMRect, cursorX: number): DropIntent {
-  const overlapW = Math.max(0, Math.min(target.right, dragged.right) - Math.max(target.left, dragged.left));
-  const overlapH = Math.max(0, Math.min(target.bottom, dragged.bottom) - Math.max(target.top, dragged.top));
+  const overlapW = Math.max(
+    0,
+    Math.min(target.right, dragged.right) - Math.max(target.left, dragged.left)
+  );
+  const overlapH = Math.max(
+    0,
+    Math.min(target.bottom, dragged.bottom) - Math.max(target.top, dragged.top)
+  );
   const overlapArea = overlapW * overlapH;
   const targetArea = target.width * target.height;
   const draggedArea = dragged.width * dragged.height;
@@ -1095,9 +1101,7 @@ export function dragGrid(
         }
       }
       if (nearest) {
-        const intent: DropIntent = cursorOnLeftHalfOf(nearest.rect, s.cursorX)
-          ? 'before'
-          : 'after';
+        const intent: DropIntent = cursorOnLeftHalfOf(nearest.rect, s.cursorX) ? 'before' : 'after';
         return {
           ...s.hover,
           target: { id: nearest.cardId, kind: nearest.kind, zone: nearest.zone },
@@ -1151,9 +1155,7 @@ export function dragGrid(
     // render flush will see new data AND cleared shifts in the same
     // pass. No flicker.
     const cells =
-      s.lifted && !canceled
-        ? Array.from(node.querySelectorAll<HTMLElement>('[data-card-id]'))
-        : [];
+      s.lifted && !canceled ? Array.from(node.querySelectorAll<HTMLElement>('[data-card-id]')) : [];
     // While we wait, suppress transitions on the cells so the eventual
     // shift-clear is an instant snap rather than a 220ms slide. With
     // Strategy (b) the snap is invisible because data + shifts clear

From 5002de726d4e343614efe7e3e3eb06c5323eebc6 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 27 May 2026 15:55:45 +0800
Subject: [PATCH 75/77] fix(web): add @types/node and drop unused get import

- vite.config.ts uses node:fs / node:path; svelte-check (now wired
  into ci.yml) needs @types/node resolved
- uiPrefs.ts: remove unused `get` import flagged by eslint
---
 web/package.json              |  1 +
 web/pnpm-lock.yaml            | 75 +++++++++++++++++++++--------------
 web/src/lib/stores/uiPrefs.ts |  2 +-
 3 files changed, 48 insertions(+), 30 deletions(-)

diff --git a/web/package.json b/web/package.json
index afb81b2..37cc444 100644
--- a/web/package.json
+++ b/web/package.json
@@ -21,6 +21,7 @@
     "@sveltejs/adapter-static": "^3.0.6",
     "@sveltejs/kit": "^2.8.0",
     "@sveltejs/vite-plugin-svelte": "^4.0.0",
+    "@types/node": "^25.9.1",
     "@typescript-eslint/eslint-plugin": "^8.13.0",
     "@typescript-eslint/parser": "^8.13.0",
     "@vitest/ui": "^2.1.0",
diff --git a/web/pnpm-lock.yaml b/web/pnpm-lock.yaml
index f64ce10..c7d587d 100644
--- a/web/pnpm-lock.yaml
+++ b/web/pnpm-lock.yaml
@@ -23,13 +23,16 @@ importers:
         version: 1.60.0
       '@sveltejs/adapter-static':
         specifier: ^3.0.6
-        version: 3.0.10(@sveltejs/kit@2.60.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@5.9.3)(vite@5.4.21(sass@1.99.0)))
+        version: 3.0.10(@sveltejs/kit@2.60.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@5.9.3)(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0)))
       '@sveltejs/kit':
         specifier: ^2.8.0
-        version: 2.60.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@5.9.3)(vite@5.4.21(sass@1.99.0))
+        version: 2.60.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@5.9.3)(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0))
       '@sveltejs/vite-plugin-svelte':
         specifier: ^4.0.0
-        version: 4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0))
+        version: 4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0))
+      '@types/node':
+        specifier: ^25.9.1
+        version: 25.9.1
       '@typescript-eslint/eslint-plugin':
         specifier: ^8.13.0
         version: 8.59.4(@typescript-eslint/parser@8.59.4(eslint@9.39.4)(typescript@5.9.3))(eslint@9.39.4)(typescript@5.9.3)
@@ -77,10 +80,10 @@ importers:
         version: 8.59.4(eslint@9.39.4)(typescript@5.9.3)
       vite:
         specifier: ^5.4.10
-        version: 5.4.21(sass@1.99.0)
+        version: 5.4.21(@types/node@25.9.1)(sass@1.99.0)
       vitest:
         specifier: ^2.1.0
-        version: 2.1.9(@vitest/ui@2.1.9)(sass@1.99.0)
+        version: 2.1.9(@types/node@25.9.1)(@vitest/ui@2.1.9)(sass@1.99.0)
 
 packages:
 
@@ -567,6 +570,9 @@ packages:
   '@types/json-schema@7.0.15':
     resolution: {integrity: sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==}
 
+  '@types/node@25.9.1':
+    resolution: {integrity: sha512-xfrlY7UD5rMJk3ZVJP8BNzS28J36YJg+xp+LPXV1TdWxr8uMH5A860QNxYDGQe/ylDSgjxE52Q9VnO7p75tJxg==}
+
   '@types/trusted-types@2.0.7':
     resolution: {integrity: sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==}
 
@@ -1303,6 +1309,9 @@ packages:
     engines: {node: '>=14.17'}
     hasBin: true
 
+  undici-types@7.24.6:
+    resolution: {integrity: sha512-WRNW+sJgj5OBN4/0JpHFqtqzhpbnV0GuB+OozA9gCL7a993SmU+1JBZCzLNxYsbMfIeDL+lTsphD5jN5N+n0zg==}
+
   uri-js@4.4.1:
     resolution: {integrity: sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==}
 
@@ -1706,15 +1715,15 @@ snapshots:
     dependencies:
       acorn: 8.16.0
 
-  '@sveltejs/adapter-static@3.0.10(@sveltejs/kit@2.60.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@5.9.3)(vite@5.4.21(sass@1.99.0)))':
+  '@sveltejs/adapter-static@3.0.10(@sveltejs/kit@2.60.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@5.9.3)(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0)))':
     dependencies:
-      '@sveltejs/kit': 2.60.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@5.9.3)(vite@5.4.21(sass@1.99.0))
+      '@sveltejs/kit': 2.60.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@5.9.3)(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0))
 
-  '@sveltejs/kit@2.60.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@5.9.3)(vite@5.4.21(sass@1.99.0))':
+  '@sveltejs/kit@2.60.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(typescript@5.9.3)(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0))':
     dependencies:
       '@standard-schema/spec': 1.1.0
       '@sveltejs/acorn-typescript': 1.0.9(acorn@8.16.0)
-      '@sveltejs/vite-plugin-svelte': 4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0))
+      '@sveltejs/vite-plugin-svelte': 4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0))
       '@types/cookie': 0.6.0
       acorn: 8.16.0
       cookie: 0.6.0
@@ -1726,29 +1735,29 @@ snapshots:
       set-cookie-parser: 3.1.0
       sirv: 3.0.2
       svelte: 5.55.8(@typescript-eslint/types@8.59.4)
-      vite: 5.4.21(sass@1.99.0)
+      vite: 5.4.21(@types/node@25.9.1)(sass@1.99.0)
     optionalDependencies:
       typescript: 5.9.3
 
-  '@sveltejs/vite-plugin-svelte-inspector@3.0.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0))':
+  '@sveltejs/vite-plugin-svelte-inspector@3.0.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0))':
     dependencies:
-      '@sveltejs/vite-plugin-svelte': 4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0))
+      '@sveltejs/vite-plugin-svelte': 4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0))
       debug: 4.4.3
       svelte: 5.55.8(@typescript-eslint/types@8.59.4)
-      vite: 5.4.21(sass@1.99.0)
+      vite: 5.4.21(@types/node@25.9.1)(sass@1.99.0)
     transitivePeerDependencies:
       - supports-color
 
-  '@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0))':
+  '@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0))':
     dependencies:
-      '@sveltejs/vite-plugin-svelte-inspector': 3.0.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(sass@1.99.0))
+      '@sveltejs/vite-plugin-svelte-inspector': 3.0.1(@sveltejs/vite-plugin-svelte@4.0.4(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0)))(svelte@5.55.8(@typescript-eslint/types@8.59.4))(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0))
       debug: 4.4.3
       deepmerge: 4.3.1
       kleur: 4.1.5
       magic-string: 0.30.21
       svelte: 5.55.8(@typescript-eslint/types@8.59.4)
-      vite: 5.4.21(sass@1.99.0)
-      vitefu: 1.1.3(vite@5.4.21(sass@1.99.0))
+      vite: 5.4.21(@types/node@25.9.1)(sass@1.99.0)
+      vitefu: 1.1.3(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0))
     transitivePeerDependencies:
       - supports-color
 
@@ -1760,6 +1769,10 @@ snapshots:
 
   '@types/json-schema@7.0.15': {}
 
+  '@types/node@25.9.1':
+    dependencies:
+      undici-types: 7.24.6
+
   '@types/trusted-types@2.0.7': {}
 
   '@typescript-eslint/eslint-plugin@8.59.4(@typescript-eslint/parser@8.59.4(eslint@9.39.4)(typescript@5.9.3))(eslint@9.39.4)(typescript@5.9.3)':
@@ -1860,13 +1873,13 @@ snapshots:
       chai: 5.3.3
       tinyrainbow: 1.2.0
 
-  '@vitest/mocker@2.1.9(vite@5.4.21(sass@1.99.0))':
+  '@vitest/mocker@2.1.9(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0))':
     dependencies:
       '@vitest/spy': 2.1.9
       estree-walker: 3.0.3
       magic-string: 0.30.21
     optionalDependencies:
-      vite: 5.4.21(sass@1.99.0)
+      vite: 5.4.21(@types/node@25.9.1)(sass@1.99.0)
 
   '@vitest/pretty-format@2.1.9':
     dependencies:
@@ -1896,7 +1909,7 @@ snapshots:
       sirv: 3.0.2
       tinyglobby: 0.2.16
       tinyrainbow: 1.2.0
-      vitest: 2.1.9(@vitest/ui@2.1.9)(sass@1.99.0)
+      vitest: 2.1.9(@types/node@25.9.1)(@vitest/ui@2.1.9)(sass@1.99.0)
 
   '@vitest/utils@2.1.9':
     dependencies:
@@ -2522,19 +2535,21 @@ snapshots:
 
   typescript@5.9.3: {}
 
+  undici-types@7.24.6: {}
+
   uri-js@4.4.1:
     dependencies:
       punycode: 2.3.1
 
   util-deprecate@1.0.2: {}
 
-  vite-node@2.1.9(sass@1.99.0):
+  vite-node@2.1.9(@types/node@25.9.1)(sass@1.99.0):
     dependencies:
       cac: 6.7.14
       debug: 4.4.3
       es-module-lexer: 1.7.0
       pathe: 1.1.2
-      vite: 5.4.21(sass@1.99.0)
+      vite: 5.4.21(@types/node@25.9.1)(sass@1.99.0)
     transitivePeerDependencies:
       - '@types/node'
       - less
@@ -2546,23 +2561,24 @@ snapshots:
       - supports-color
       - terser
 
-  vite@5.4.21(sass@1.99.0):
+  vite@5.4.21(@types/node@25.9.1)(sass@1.99.0):
     dependencies:
       esbuild: 0.21.5
       postcss: 8.5.15
       rollup: 4.60.4
     optionalDependencies:
+      '@types/node': 25.9.1
       fsevents: 2.3.3
       sass: 1.99.0
 
-  vitefu@1.1.3(vite@5.4.21(sass@1.99.0)):
+  vitefu@1.1.3(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0)):
     optionalDependencies:
-      vite: 5.4.21(sass@1.99.0)
+      vite: 5.4.21(@types/node@25.9.1)(sass@1.99.0)
 
-  vitest@2.1.9(@vitest/ui@2.1.9)(sass@1.99.0):
+  vitest@2.1.9(@types/node@25.9.1)(@vitest/ui@2.1.9)(sass@1.99.0):
     dependencies:
       '@vitest/expect': 2.1.9
-      '@vitest/mocker': 2.1.9(vite@5.4.21(sass@1.99.0))
+      '@vitest/mocker': 2.1.9(vite@5.4.21(@types/node@25.9.1)(sass@1.99.0))
       '@vitest/pretty-format': 2.1.9
       '@vitest/runner': 2.1.9
       '@vitest/snapshot': 2.1.9
@@ -2578,10 +2594,11 @@ snapshots:
       tinyexec: 0.3.2
       tinypool: 1.1.1
       tinyrainbow: 1.2.0
-      vite: 5.4.21(sass@1.99.0)
-      vite-node: 2.1.9(sass@1.99.0)
+      vite: 5.4.21(@types/node@25.9.1)(sass@1.99.0)
+      vite-node: 2.1.9(@types/node@25.9.1)(sass@1.99.0)
       why-is-node-running: 2.3.0
     optionalDependencies:
+      '@types/node': 25.9.1
       '@vitest/ui': 2.1.9(vitest@2.1.9)
     transitivePeerDependencies:
       - less
diff --git a/web/src/lib/stores/uiPrefs.ts b/web/src/lib/stores/uiPrefs.ts
index 4a1157f..3a68113 100644
--- a/web/src/lib/stores/uiPrefs.ts
+++ b/web/src/lib/stores/uiPrefs.ts
@@ -1,5 +1,5 @@
 // web/src/lib/stores/uiPrefs.ts
-import { writable, get } from 'svelte/store';
+import { writable } from 'svelte/store';
 import { browser } from '$app/environment';
 
 export interface UiPrefs {

From 31af5f135b9096ed1b033ddf4f046372a495e85a Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 27 May 2026 16:04:00 +0800
Subject: [PATCH 76/77] fix(server): drop redundant .into_iter() flagged by
 clippy 1.95

clippy::useless-conversion fires on .chain(others.into_iter()) since
chain takes IntoIterator directly. Local rustc 1.91 didn't catch it;
CI runs clippy 1.95.
---
 server/src/repo/sqlx_impl.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/src/repo/sqlx_impl.rs b/server/src/repo/sqlx_impl.rs
index 1883b74..b58232c 100644
--- a/server/src/repo/sqlx_impl.rs
+++ b/server/src/repo/sqlx_impl.rs
@@ -512,7 +512,7 @@ impl NavRepo for SqlxNavRepo {
             let final_order: Vec<i64> = listed
                 .iter()
                 .map(|e| e.id)
-                .chain(others.into_iter())
+                .chain(others)
                 .collect();
 
             for (idx, id) in final_order.iter().enumerate() {

From 4fc5833a7418a6a81f82b31191af43dcad394894 Mon Sep 17 00:00:00 2001
From: messica <bitxwave@163.com>
Date: Wed, 27 May 2026 16:06:42 +0800
Subject: [PATCH 77/77] chore(server): collapse short chain into single line
 per rustfmt

After dropping .into_iter() the chain became short enough that
rustfmt 1.95 prefers one line; rustfmt 1.91 leaves it multi-line.
Match CI.
---
 server/src/repo/sqlx_impl.rs | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/server/src/repo/sqlx_impl.rs b/server/src/repo/sqlx_impl.rs
index b58232c..3145886 100644
--- a/server/src/repo/sqlx_impl.rs
+++ b/server/src/repo/sqlx_impl.rs
@@ -509,11 +509,7 @@ impl NavRepo for SqlxNavRepo {
             // Final order: listed (in requested order) followed by others.
             // Stage every row to a fresh negative slot first, then write
             // the contiguous 0..N values, so we never collide.
-            let final_order: Vec<i64> = listed
-                .iter()
-                .map(|e| e.id)
-                .chain(others)
-                .collect();
+            let final_order: Vec<i64> = listed.iter().map(|e| e.id).chain(others).collect();
 
             for (idx, id) in final_order.iter().enumerate() {
                 let staging = -1_i64 - idx as i64;