docs(desktop): note remote backends update separately + profile-skew symptom

When the desktop connects to a remote backend, the two are separate installs —
the desktop's one-click update only updates the local app, not the remote
backend. A newer desktop on an older backend silently misbehaves (new chats /
resumes routing to the wrong profile, since per-session profile routing is a
backend feature).

- Add a "Remote backends update separately" caution under Updating, with the
  exact `hermes update` + dashboard-restart steps for the remote machine.
- Add a remote-Troubleshooting entry for the visible symptom ("new chats land in
  the wrong profile / 'session not found' after switching profiles") pointing at
  the backend-update fix and the "Backend out of date" skew warning.

.dockerignore

@@ -3,6 +3,21 @@
 .gitignore
 .gitmodules
 
+# Python
+__pycache__
+*.py[cod]
+*$py.class
+*.so
+.Python
+*.egg-info/
+dist/
+build/
+
+# Virtual environments
+venv/
+env/
+ENV/
+
 # Dependencies
 node_modules
 **/node_modules
@@ -24,7 +39,20 @@ ui-tui/packages/hermes-ink/dist/
 
 # Environment files
 .env
+.env.*
 
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/
+
+# Documentation
 *.md
 
 # Runtime data (bind-mounted at /opt/data; must not leak into build context)

.gitattributes

@@ -1,2 +1,10 @@
 # Auto-generated files — collapse diffs and exclude from language stats
 web/package-lock.json linguist-generated=true
+
+# Enforce LF for scripts that run inside Linux containers.
+# Without this, Windows checkout converts to CRLF and breaks `exec` in the
+# container entrypoint with "no such file or directory".
+*.sh        text eol=lf
+Dockerfile  text eol=lf
+*.dockerfile text eol=lf
+docker/entrypoint.sh text eol=lf

.gitignore

@@ -1,5 +1,6 @@
 .DS_Store
 /venv/
+/venv.old/
 /_pycache/
 *.pyc*
 __pycache__/
@@ -107,6 +108,12 @@ docs/superpowers/*
 # logs, and per-session caches are never artifacts of the codebase.
 .hermes/
 
+# Desktop/bootstrap install marker written into the managed checkout root by the
+# bootstrap installer. It is Hermes-managed runtime state, never a code change —
+# ignore it so `hermes update`'s `git stash push --include-untracked` does not
+# treat it as a local edit and autostash it on every run (#38529).
+.hermes-bootstrap-complete
+
 # Tool Search live-test harness output — non-deterministic model transcripts,
 # regenerated by scripts/tool_search_livetest.py. Never an artifact of the repo.
 scripts/out/

README.md

@@ -33,7 +33,7 @@ Use any model you want — [Nous Portal](https://portal.nousresearch.com), [Open
 ### Linux, macOS, WSL2, Termux
 
 ```bash
-curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash
+curl -fsSL https://hermes-agent.nousresearch.com/install.sh | bash
 ```
 
 ### Windows (native, PowerShell)
@@ -43,7 +43,7 @@ curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scri
 Run this in PowerShell:
 
 ```powershell
-iex (irm https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.ps1)
+iex (irm https://hermes-agent.nousresearch.com/install.ps1)
 ```
 
 The installer handles everything: uv, Python 3.11, Node.js, ripgrep, ffmpeg, **and a portable Git Bash** (MinGit, unpacked to `%LOCALAPPDATA%\hermes\git` — no admin required, completely isolated from any system Git install). Hermes uses this bundled Git Bash to run shell commands.
@@ -52,7 +52,7 @@ If you already have Git installed, the installer detects it and uses that instea
 
 > **Android / Termux:** The tested manual path is documented in the [Termux guide](https://hermes-agent.nousresearch.com/docs/getting-started/termux). On Termux, Hermes installs a curated `.[termux]` extra because the full `.[all]` extra currently pulls Android-incompatible voice dependencies.
 >
-> **Windows:** Native Windows is fully supported — the PowerShell one-liner above installs everything. If you'd rather use WSL2, the Linux command works there too. Native Windows install lives under `%LOCALAPPDATA%\hermes`; WSL2 installs under `~/.hermes` as on Linux.  The only Hermes feature that currently needs WSL2 specifically is the browser-based dashboard chat pane (it uses a POSIX PTY — classic CLI and gateway both run natively).
+> **Windows:** Native Windows is fully supported — the PowerShell one-liner above installs everything. If you'd rather use WSL2, the Linux command works there too. Native Windows install lives under `%LOCALAPPDATA%\hermes`; WSL2 installs under `~/.hermes` as on Linux. The only Hermes feature that currently needs WSL2 specifically is the browser-based dashboard chat pane (it uses a POSIX PTY — classic CLI and gateway both run natively).
 
 After installation:
 

README.zh-CN.md

@@ -31,7 +31,7 @@
 ## 快速安装
 
 ```bash
-curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash
+curl -fsSL https://hermes-agent.nousresearch.com/install.sh | bash
 ```
 
 支持 Linux、macOS、WSL2 和 Android (Termux)。安装程序会自动处理平台特定的配置。

acp_adapter/session.py

@@ -457,12 +457,7 @@ class SessionManager:
             else:
                 # Update model_config (contains cwd) if changed.
                 try:
-                    with db._lock:
-                        db._conn.execute(
-                            "UPDATE sessions SET model_config = ?, model = COALESCE(?, model) WHERE id = ?",
-                            (cwd_json, model_str, state.session_id),
-                        )
-                        db._conn.commit()
+                    db.update_session_meta(state.session_id, cwd_json, model_str)
                 except Exception:
                     logger.debug("Failed to update ACP session metadata", exc_info=True)
 

agent/auxiliary_client.py

@@ -265,9 +265,6 @@ _API_KEY_PROVIDER_AUX_MODELS_FALLBACK: Dict[str, str] = {
     "stepfun": "step-3.5-flash",
     "kimi-coding-cn": "kimi-k2-turbo-preview",
     "gmi": "google/gemini-3.1-flash-lite-preview",
-    "minimax": "MiniMax-M2.7",
-    "minimax-oauth": "MiniMax-M2.7-highspeed",
-    "minimax-cn": "MiniMax-M2.7",
     "anthropic": "claude-haiku-4-5-20251001",
     "opencode-zen": "gemini-3-flash",
     "opencode-go": "glm-5",
@@ -4756,10 +4753,14 @@ def _is_anthropic_compat_endpoint(provider: str, base_url: str) -> bool:
 
 
 def _convert_openai_images_to_anthropic(messages: list) -> list:
-    """Convert OpenAI ``image_url`` content blocks to Anthropic ``image`` blocks.
+    """Convert OpenAI ``image_url``/``video_url`` blocks to Anthropic format.
 
-    Only touches messages that have list-type content with ``image_url`` blocks;
-    plain text messages pass through unchanged.
+    Converts:
+    - ``image_url`` blocks to Anthropic ``image`` blocks
+    - ``video_url`` blocks to Anthropic ``video`` blocks (MiniMax M3 compat)
+
+    Only touches messages that have list-type content with ``image_url`` or
+    ``video_url`` blocks; plain text messages pass through unchanged.
     """
     converted = []
     for msg in messages:
@@ -4796,6 +4797,39 @@ def _convert_openai_images_to_anthropic(messages: list) -> list:
                         },
                     })
                 changed = True
+            elif block.get("type") == "video_url":
+                # MiniMax's Anthropic-compatible endpoint expects a "video"
+                # block (not OpenAI's "video_url", and not "input_video").
+                # See https://platform.minimax.io/docs/api-reference/text-anthropic-api
+                # — the Messages-field table lists type="video" (M3 only,
+                # URL/base64/mm_file://). The source shape mirrors the "image"
+                # block: base64 → {type:"base64", media_type, data}, URL →
+                # {type:"url", url}.
+                video_url_val = (block.get("video_url") or {}).get("url", "")
+                if video_url_val.startswith("data:"):
+                    # Parse data URI: data:<media_type>;base64,<data>
+                    header, _, b64data = video_url_val.partition(",")
+                    media_type = "video/mp4"
+                    if ":" in header and ";" in header:
+                        media_type = header.split(":", 1)[1].split(";", 1)[0]
+                    new_content.append({
+                        "type": "video",
+                        "source": {
+                            "type": "base64",
+                            "media_type": media_type,
+                            "data": b64data,
+                        },
+                    })
+                else:
+                    # URL-based video
+                    new_content.append({
+                        "type": "video",
+                        "source": {
+                            "type": "url",
+                            "url": video_url_val,
+                        },
+                    })
+                changed = True
             else:
                 new_content.append(block)
         converted.append({**msg, "content": new_content} if changed else msg)

agent/conversation_compression.py

@@ -646,6 +646,11 @@ def try_shrink_image_parts_in_messages(api_messages: list) -> bool:
     # much larger; shrinking to 4 MB here loses quality but only fires
     # after a confirmed provider rejection, so the alternative is failure.
     target_bytes = 4 * 1024 * 1024
+    # Anthropic enforces an 8000px per-side dimension cap independently of
+    # the 5 MB byte cap.  A tall screenshot can be well under 5 MB yet far
+    # over 8000px (e.g. 1200×12000 at 0.06 MB).  We check pixel dimensions
+    # even when the byte budget is fine.
+    max_dimension = 8000
     changed_count = 0
     # Track parts that are over the target but could NOT be shrunk under it.
     # If any survive, retrying is pointless — the same oversized payload will
@@ -658,9 +663,30 @@ def try_shrink_image_parts_in_messages(api_messages: list) -> bool:
         """Return a smaller data URL, or None if shrink can't help."""
         if not isinstance(url, str) or not url.startswith("data:"):
             return None
-        if len(url) <= target_bytes:
-            # This specific image wasn't the oversized one.
-            return None
+
+        # Check both byte size AND pixel dimensions.
+        needs_shrink = len(url) > target_bytes  # over byte budget
+        if not needs_shrink:
+            # Even if bytes are fine, check pixel dimensions against
+            # Anthropic's 8000px cap.  A tall image can be tiny in bytes
+            # yet huge in pixels.
+            try:
+                import base64 as _b64_dim
+                header_d, _, data_d = url.partition(",")
+                if not data_d:
+                    return None
+                raw_d = _b64_dim.b64decode(data_d)
+                from PIL import Image as _PILImage
+                import io as _io_dim
+                with _PILImage.open(_io_dim.BytesIO(raw_d)) as _img:
+                    if max(_img.size) <= max_dimension:
+                        return None  # both bytes and pixels are fine
+                needs_shrink = True  # pixels exceed limit, force shrink
+            except Exception:
+                # If we can't check dimensions (Pillow unavailable, corrupt
+                # image, etc.), fall back to byte-only check.
+                return None
+
         try:
             header, _, data = url.partition(",")
             mime = "image/jpeg"
@@ -684,6 +710,7 @@ def try_shrink_image_parts_in_messages(api_messages: list) -> bool:
                     Path(tmp.name),
                     mime_type=mime,
                     max_base64_bytes=target_bytes,
+                    max_dimension=max_dimension,
                 )
             finally:
                 try:

agent/conversation_loop.py

@@ -2720,6 +2720,61 @@ def run_conversation(
                 # compress history and retry, not abort immediately.
                 status_code = getattr(api_error, "status_code", None)
 
+                # ── Respect disabled auto-compaction on overflow ──────
+                # Ported from anomalyco/opencode#30749.  When the user has
+                # turned auto-compaction off (``compression.enabled: false``),
+                # NO automatic compaction trigger may fire — including the
+                # provider/request-size overflow recovery paths below
+                # (long-context-tier 429, 413 payload-too-large, and
+                # context-overflow).  Without this guard the proactive
+                # threshold path correctly honours the setting (see the
+                # preflight check and the post-response ``should_compress``
+                # gate) but a provider overflow error would still silently
+                # compress + rotate the session, bypassing the user's
+                # explicit choice.  Surface a terminal error instead so the
+                # user can compact manually (``/compress``), start fresh
+                # (``/new``), switch to a larger-context model, or reduce
+                # attachments.  Forced compaction via ``/compress``
+                # (``force=True``) is unaffected — it never reaches this loop.
+                _overflow_reasons = {
+                    FailoverReason.long_context_tier,
+                    FailoverReason.payload_too_large,
+                    FailoverReason.context_overflow,
+                }
+                if (
+                    classified.reason in _overflow_reasons
+                    and not getattr(agent, "compression_enabled", True)
+                ):
+                    agent._flush_status_buffer()
+                    agent._vprint(
+                        f"{agent.log_prefix}❌ Context overflow, but auto-compaction is disabled "
+                        f"(compression.enabled: false).",
+                        force=True,
+                    )
+                    agent._vprint(
+                        f"{agent.log_prefix}   💡 Run /compress to compact manually, /new to start fresh, "
+                        f"switch to a larger-context model, or reduce attachments.",
+                        force=True,
+                    )
+                    logger.error(
+                        f"{agent.log_prefix}Context overflow ({classified.reason.value}) with "
+                        f"auto-compaction disabled — not compressing."
+                    )
+                    agent._persist_session(messages, conversation_history)
+                    return {
+                        "messages": messages,
+                        "completed": False,
+                        "api_calls": api_call_count,
+                        "error": (
+                            "Context overflow and auto-compaction is disabled "
+                            "(compression.enabled: false). Run /compress to compact manually, "
+                            "/new to start fresh, or switch to a larger-context model."
+                        ),
+                        "partial": True,
+                        "failed": True,
+                        "compaction_disabled": True,
+                    }
+
                 # ── Anthropic Sonnet long-context tier gate ───────────
                 # Anthropic returns HTTP 429 "Extra usage is required for
                 # long context requests" when a Claude Max (or similar)

agent/error_classifier.py

@@ -171,6 +171,9 @@ _IMAGE_TOO_LARGE_PATTERNS = [
     "image too large",      # generic
     "image_too_large",      # error_code variant
     "image size exceeds",   # variant
+    "image dimensions exceed",  # Anthropic: "image dimensions exceed max allowed size: 8000 pixels"
+    "dimensions exceed max allowed size",  # Anthropic dimension-cap (wording variant)
+    "max allowed size: 8000",  # Anthropic dimension-cap (explicit pixel ceiling)
     # "request_too_large" on a request known to contain an image → image is
     # the likely culprit; we still try the shrink path before giving up.
 ]

agent/gemini_native_adapter.py

@@ -33,6 +33,13 @@ logger = logging.getLogger(__name__)
 
 DEFAULT_GEMINI_BASE_URL = "https://generativelanguage.googleapis.com/v1beta"
 
+# Published max output-token ceiling shared by every current Gemini text model
+# (2.5 + 3.x: flash, flash-lite, pro). Used as the default when the caller
+# passes max_tokens=None, because Gemini's native API otherwise applies a low
+# internal default and truncates output (unlike OpenAI-compat endpoints where
+# an omitted limit means full budget).
+GEMINI_DEFAULT_MAX_OUTPUT_TOKENS = 65535
+
 
 def is_native_gemini_base_url(base_url: str) -> bool:
     """Return True when the endpoint speaks Gemini's native REST API."""
@@ -414,6 +421,18 @@ def build_gemini_request(
         generation_config["temperature"] = temperature
     if max_tokens is not None:
         generation_config["maxOutputTokens"] = max_tokens
+    else:
+        # Gemini's native generateContent does NOT treat an omitted
+        # maxOutputTokens as "use the model's full output budget" — it applies
+        # a low internal default and the model stops early with
+        # finishReason=MAX_TOKENS, truncating tool calls mid-stream (Hermes
+        # then retries 3× and refuses the incomplete call). Every current
+        # Gemini text model (2.5 + 3.x, flash / flash-lite / pro) caps at
+        # 65,535 output tokens, so default to that ceiling when the caller
+        # passes None ("unlimited"). See the OpenAI-compat path where omitting
+        # the field genuinely means full budget — that assumption does not
+        # hold on the native API.
+        generation_config["maxOutputTokens"] = GEMINI_DEFAULT_MAX_OUTPUT_TOKENS
     if top_p is not None:
         generation_config["topP"] = top_p
     if stop:

agent/model_metadata.py

@@ -441,6 +441,10 @@ def is_local_endpoint(base_url: str) -> bool:
     # Docker / Podman / Lima internal DNS names (e.g. host.docker.internal)
     if any(host.endswith(suffix) for suffix in _CONTAINER_LOCAL_SUFFIXES):
         return True
+    # Unqualified hostnames (no dots) are local by definition — Docker
+    # Compose service names, /etc/hosts entries, or mDNS names.
+    if host and "." not in host:
+        return True
     # RFC-1918 private ranges, link-local, and Tailscale CGNAT
     try:
         addr = ipaddress.ip_address(host)
@@ -1140,6 +1144,18 @@ def _model_name_suggests_minimax_m3(model: str) -> bool:
     return "minimax-m3" in model.lower()
 
 
+def _model_name_suggests_grok_4_3(model: str) -> bool:
+    """Return True if the model name looks like a Grok 4.3 variant.
+
+    Catches ``grok-4.3``, ``grok-4.3-latest``, and similar slugs.
+    Used as a guard against stale cache entries seeded by pre-catalog builds
+    that resolved grok-4.3 via the generic ``grok-4`` catch-all (256,000)
+    before the ``grok-4.3`` (1M) entry was added to DEFAULT_CONTEXT_LENGTHS
+    on 2026-05-15.
+    """
+    return "grok-4.3" in model.lower()
+
+
 def _query_local_context_length(model: str, base_url: str, api_key: str = "") -> Optional[int]:
     """Query a local server for the model's context length."""
     import httpx
@@ -1564,6 +1580,19 @@ def get_model_context_length(
                     model, base_url, f"{cached:,}",
                 )
                 _invalidate_cached_context_length(model, base_url)
+            # Invalidate stale ≤256,000 cache entries for Grok-4.3.  The
+            # ``grok-4.3`` (1M) entry was added to DEFAULT_CONTEXT_LENGTHS on
+            # 2026-05-15; prior to that, grok-4.3 slugs resolved via the
+            # ``grok-4`` catch-all (256,000) and that value was persisted.
+            # grok-4.3 is 1M, so any sub-262K cached value is a pre-catalog
+            # leftover — drop it and fall through to the hardcoded default.
+            elif cached <= 256_000 and _model_name_suggests_grok_4_3(model):
+                logger.info(
+                    "Dropping stale Grok-4.3 cache entry %s@%s -> %s (pre-catalog value); "
+                    "re-resolving via hardcoded defaults",
+                    model, base_url, f"{cached:,}",
+                )
+                _invalidate_cached_context_length(model, base_url)
             # Nous Portal: the portal /v1/models endpoint is authoritative.
             # Bypass the persistent cache so step 5b can always reconcile
             # against it — this corrects pre-fix entries seeded from the

agent/prompt_builder.py

@@ -22,6 +22,7 @@ from agent.skill_utils import (
     get_disabled_skill_names,
     iter_skill_index_files,
     parse_frontmatter,
+    skill_matches_environment,
     skill_matches_platform,
 )
 from utils import atomic_json_write
@@ -1005,6 +1006,13 @@ def _parse_skill_file(skill_file: Path) -> tuple[bool, dict, str]:
         if not skill_matches_platform(frontmatter):
             return False, frontmatter, ""
 
+        # Environment relevance gate (offer-time only): hide skills tagged for
+        # a runtime environment that isn't active (e.g. kanban-only skills for
+        # non-kanban users, s6-only skills outside the container). Explicit
+        # loads (skill_view / --skills) bypass this — see skill_matches_environment.
+        if not skill_matches_environment(frontmatter):
+            return False, frontmatter, ""
+
         return True, frontmatter, extract_skill_description(frontmatter)
     except Exception as e:
         logger.warning("Failed to parse skill file %s: %s", skill_file, e)

agent/skill_commands.py

@@ -270,7 +270,7 @@ def scan_skill_commands() -> Dict[str, Dict[str, Any]]:
     _skill_commands_platform = _resolve_skill_commands_platform()
     _skill_commands = {}
     try:
-        from tools.skills_tool import SKILLS_DIR, _parse_frontmatter, skill_matches_platform, _get_disabled_skill_names
+        from tools.skills_tool import SKILLS_DIR, _parse_frontmatter, skill_matches_platform, skill_matches_environment, _get_disabled_skill_names
         from agent.skill_utils import get_external_skills_dirs, iter_skill_index_files
         disabled = _get_disabled_skill_names()
         seen_names: set = set()
@@ -291,6 +291,10 @@ def scan_skill_commands() -> Dict[str, Dict[str, Any]]:
                     # Skip skills incompatible with the current OS platform
                     if not skill_matches_platform(frontmatter):
                         continue
+                    # Skip skills not relevant to the current runtime env
+                    # (kanban/docker/s6). Offer-time only; explicit load bypasses.
+                    if not skill_matches_environment(frontmatter):
+                        continue
                     name = frontmatter.get('name', skill_md.parent.name)
                     if name in seen_names:
                         continue

agent/skill_utils.py

@@ -169,6 +169,106 @@ def skill_matches_platform(frontmatter: Dict[str, Any]) -> bool:
     return False
 
 
+# ── Environment matching ──────────────────────────────────────────────────
+
+# Recognized environment tags and how each is detected. An environment tag is
+# a *relevance* gate, not a hard-compatibility gate (that is what ``platforms:``
+# is for). A skill tagged for an environment it isn't relevant to is hidden from
+# the skills index / offer surfaces so it does not add noise for users who will
+# never need it — but it can ALWAYS still be loaded explicitly (``skill_view``,
+# ``--skills``), because an explicit request is explicit consent.
+#
+# Detection is cached for the process lifetime via ``_ENV_DETECT_CACHE``.
+_KNOWN_ENVIRONMENTS = frozenset({"kanban", "docker", "s6"})
+
+_ENV_DETECT_CACHE: Dict[str, bool] = {}
+
+
+def _detect_environment(env: str) -> bool:
+    """Return True when the named runtime environment is currently active.
+
+    Cached per process. Unknown env names return True (fail-open: never hide a
+    skill because of a tag we don't understand).
+    """
+    if env in _ENV_DETECT_CACHE:
+        return _ENV_DETECT_CACHE[env]
+
+    result = True
+    if env == "kanban":
+        # Kanban is "active" either as a dispatcher-spawned worker (the
+        # dispatcher sets ``HERMES_KANBAN_TASK`` / ``HERMES_KANBAN_BOARD`` in the
+        # worker env) or as an orchestrator profile that has opted into the
+        # kanban toolset. Mirror the same signals the kanban tools themselves
+        # gate on (``tools/kanban_tools.py``) so the offer filter agrees with
+        # tool availability.
+        if os.getenv("HERMES_KANBAN_TASK") or os.getenv("HERMES_KANBAN_BOARD"):
+            result = True
+        else:
+            try:
+                from tools.kanban_tools import _profile_has_kanban_toolset
+
+                result = bool(_profile_has_kanban_toolset())
+            except Exception:
+                result = False
+    elif env == "docker":
+        try:
+            from hermes_constants import is_container
+
+            result = is_container()
+        except Exception:
+            result = False
+    elif env == "s6":
+        # The Hermes Docker image runs s6-overlay as PID 1 (/init). s6 plants
+        # its runtime scaffolding under /run/s6 and ships its admin tree under
+        # /package/admin/s6-overlay. Either marker means we're inside an
+        # s6-supervised container.
+        result = os.path.isdir("/run/s6") or os.path.isdir(
+            "/package/admin/s6-overlay"
+        )
+
+    _ENV_DETECT_CACHE[env] = result
+    return result
+
+
+def skill_matches_environment(frontmatter: Dict[str, Any]) -> bool:
+    """Return True when the skill is relevant to the current runtime environment.
+
+    Skills may declare an ``environments`` list in their YAML frontmatter::
+
+        environments: [kanban]        # only relevant when kanban is active
+        environments: [s6]            # only relevant inside the s6 Docker image
+        environments: [docker]        # only relevant inside any container
+
+    If the field is absent or empty the skill is relevant in **all**
+    environments (backward-compatible default).
+
+    This is an OFFER-time filter: it controls whether a skill shows up in the
+    skills index / autocomplete / slash-command list. It is intentionally NOT
+    enforced by ``skill_view`` or ``--skills`` preloading — an explicit load is
+    explicit consent, and load-bearing force-loads (e.g. the kanban dispatcher
+    injecting ``--skills kanban-worker``) must always succeed regardless of how
+    the offer surfaces filter the skill.
+
+    A skill matches when ANY of its declared environments is currently active
+    (OR semantics, mirroring ``platforms``). Unknown env tags fail open.
+    """
+    environments = frontmatter.get("environments")
+    if not environments:
+        return True
+    if not isinstance(environments, list):
+        environments = [environments]
+    for env in environments:
+        normalized = str(env).lower().strip()
+        if not normalized:
+            continue
+        if normalized not in _KNOWN_ENVIRONMENTS:
+            # Tag we don't understand — don't hide the skill over it.
+            return True
+        if _detect_environment(normalized):
+            return True
+    return False
+
+
 # ── Disabled skills ───────────────────────────────────────────────────────
 
 

agent/transports/chat_completions.py

@@ -571,7 +571,28 @@ class ChatCompletionsTransport(ProviderTransport):
                     api_kwargs[k] = v
 
         if extra_body:
-            api_kwargs["extra_body"] = extra_body
+            # Native Gemini (generativelanguage.googleapis.com, non-/openai)
+            # speaks Google's REST schema, not OpenAI's. OpenAI-style extra_body
+            # keys (tags, reasoning, provider, plugins, …) are unknown fields
+            # there and Gemini rejects the whole request with a non-retryable
+            # HTTP 400 ("Invalid JSON payload received. Unknown name 'tags'").
+            # This happens when a profile that emits extra_body (e.g. the Nous
+            # profile's portal `tags`) is active but the resolved endpoint is a
+            # Gemini base_url — typical when only Google credentials are set and
+            # a fallback/aux call lands on Gemini. The native client only reads
+            # thinking_config from extra_body, so drop everything else here.
+            try:
+                from agent.gemini_native_adapter import is_native_gemini_base_url
+                _native_gemini = is_native_gemini_base_url(params.get("base_url"))
+            except Exception:
+                _native_gemini = False
+            if _native_gemini:
+                extra_body = {
+                    k: v for k, v in extra_body.items()
+                    if k in ("thinking_config", "thinkingConfig")
+                }
+            if extra_body:
+                api_kwargs["extra_body"] = extra_body
 
         return api_kwargs
 

apps/bootstrap-installer/src-tauri/src/update.rs

@@ -171,12 +171,19 @@ async fn run_update(app: AppHandle) -> Result<()> {
     let child_env = update_child_env(&install_root);
     let mut update_args: Vec<String> =
         vec!["update".into(), "--yes".into(), "--gateway".into()];
+    // --force skips `hermes update`'s Windows running-exe guard (which would
+    // `sys.exit(2)` and dead-end the handoff). By contract the desktop has
+    // already exited and waited for the venv shim to unlock before launching
+    // us, and wait_for_venv_free below force-kills any straggler — so by the
+    // time `hermes update` runs there is no legitimate hermes.exe to protect,
+    // and the guard would only produce a false "Hermes is still running" stop.
+    update_args.push("--force".into());
     update_args.push("--branch".into());
     update_args.push(update_branch);
 
     emit_stage(&app, "update", StageState::Running, None, None);
     let started = Instant::now();
-    let update = run_streamed(
+    let mut update = run_streamed(
         &app,
         &hermes,
         &update_args,
@@ -185,6 +192,38 @@ async fn run_update(app: AppHandle) -> Result<()> {
         Some("update"),
     )
     .await?;
+
+    // Retry-once for the update-boundary crash. `hermes update` lazily imports
+    // the FRESHLY PULLED modules, but the dependency-install step still runs the
+    // already-in-memory pre-pull code for one invocation. A release that changed
+    // an updater-path contract across that boundary (e.g. #39780's `_UvResult`,
+    // whose `__iter__` injected a bool into the argv and crashed Windows
+    // `list2cmdline` with `TypeError: sequence item 1: expected str instance,
+    // bool found`, fixed in #39820) therefore kills the FIRST update on the
+    // parked population — even though the fix is already on disk by then. A
+    // second `hermes update` runs clean because the now-current module is loaded
+    // from the start. Rather than make the parked user click Update twice (and
+    // stare at a scary crash first), retry once automatically. Skip the retry
+    // for the concurrent-instance guard (exit 2) — that's a "close Hermes" state
+    // a retry can't fix.
+    if !matches!(update.exit_code, Some(0) | Some(UPDATE_EXIT_CONCURRENT)) {
+        emit_log(
+            &app,
+            Some("update"),
+            LogStream::Stdout,
+            "[update] first update attempt failed; retrying once (the fix it just \
+             pulled loads on the second run)…",
+        );
+        update = run_streamed(
+            &app,
+            &hermes,
+            &update_args,
+            &install_root,
+            &child_env,
+            Some("update"),
+        )
+        .await?;
+    }
     let update_ms = started.elapsed().as_millis() as u64;
 
     match update.exit_code {
@@ -366,18 +405,77 @@ async fn wait_for_venv_free(install_root: &Path, app: &AppHandle) {
             return;
         }
         if Instant::now() >= deadline {
+            // Last resort: a backend hermes.exe (or a grandchild it spawned)
+            // is still holding the shim. The desktop should have reaped its
+            // tree before handing off, but SIGTERM races / detached
+            // grandchildren / AV handles can leave a straggler. Rather than
+            // "proceed anyway" straight into uv's "Access is denied", force-kill
+            // every hermes.exe except ourselves, then give the OS a beat to
+            // unload the image.
             emit_log(
                 app,
                 Some("update"),
                 LogStream::Stdout,
-                "[update] timed out waiting for Hermes to exit; proceeding anyway",
+                "[update] Hermes still holding the venv shim; force-killing stragglers…",
             );
+            force_kill_other_hermes();
+            tokio::time::sleep(Duration::from_millis(800)).await;
+            if !is_locked(&shim) {
+                emit_log(
+                    app,
+                    Some("update"),
+                    LogStream::Stdout,
+                    "[update] venv shim freed after force-kill",
+                );
+            } else {
+                emit_log(
+                    app,
+                    Some("update"),
+                    LogStream::Stdout,
+                    "[update] venv shim still locked; proceeding (--force + quarantine will handle it)",
+                );
+            }
             return;
         }
         tokio::time::sleep(DESKTOP_EXIT_POLL).await;
     }
 }
 
+/// Force-kill any `hermes.exe` other than this process. Windows-only; a no-op
+/// elsewhere (POSIX has no mandatory-lock contention). We can't selectively
+/// target "the backend" by PID here — the desktop already exited and we never
+/// knew its children — so we kill the whole `hermes.exe` image tree via
+/// taskkill, excluding our own PID.
+///
+/// Safe w.r.t. our own update child: this runs inside `wait_for_venv_free`,
+/// which completes BEFORE we spawn `venv\Scripts\hermes.exe update`. At this
+/// point no update-driven hermes.exe exists yet, so the only hermes.exe images
+/// are stragglers from the old desktop — exactly what we want gone. (`/FI PID
+/// ne <self>` also spares this Tauri process, though it isn't named
+/// hermes.exe.)
+fn force_kill_other_hermes() {
+    if !cfg!(target_os = "windows") {
+        return;
+    }
+    #[cfg(target_os = "windows")]
+    {
+        let my_pid = std::process::id();
+        // /FI excludes our own PID; /T kills the tree; /F forces.
+        let _ = std::process::Command::new("taskkill")
+            .args([
+                "/F",
+                "/T",
+                "/IM",
+                "hermes.exe",
+                "/FI",
+                &format!("PID ne {my_pid}"),
+            ])
+            .stdout(std::process::Stdio::null())
+            .stderr(std::process::Stdio::null())
+            .status();
+    }
+}
+
 /// Best-effort lock probe: try to open the file for read+write. On Windows an
 /// exclusively-held running .exe refuses the open with a sharing violation.
 /// On Unix this almost always succeeds (no mandatory locking), which is fine —

apps/desktop/README.md

@@ -24,12 +24,6 @@
 
 ### Install with Hermes (recommended)
 
-Add `--include-desktop` to the [one-line installer](../../README.md#quick-install) and it sets up the agent and builds the desktop app in one go:
-
-```bash
-curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash -s -- --include-desktop
-```
-
 Already have the Hermes CLI? Just run:
 
 ```bash
@@ -40,7 +34,7 @@ It builds and launches the GUI against your existing install — same config, ke
 
 ### Prebuilt installers
 
-When a release ships desktop installers they're attached to its [releases page](https://github.com/NousResearch/hermes-agent/releases) — `.dmg` (macOS), `.exe` / `.msi` (Windows), `.AppImage` / `.deb` / `.rpm` (Linux). These are published manually, so the install-with-Hermes path above is the most reliable way to get the latest.
+Prebuilt installers are built and distributed via [the Hermes Desktop website.](https://hermes-agent.nousresearch.com/desktop).
 
 ---
 
@@ -56,10 +50,7 @@ hermes update
 
 ## Requirements
 
-The installer handles everything for you (Python 3.11+, a portable Git, ripgrep). The only thing worth knowing:
-
-- **Windows** — the installer bundles its own Git and Python; no admin rights or system changes required.
-- **macOS / Linux** — uses your system Python 3.11+ (installed automatically if missing).
+The installer handles everything for you (Python 3.11+, a portable Git, ripgrep).
 
 ---
 
@@ -94,7 +85,7 @@ Installers are built and uploaded to GitHub Releases manually. macOS/Windows sig
 
 ### How it works
 
-The packaged app ships only the Electron shell. On first launch it installs the Hermes Agent runtime into `HERMES_HOME` (`~/.hermes`, or `%LOCALAPPDATA%\hermes` on Windows) — the **same layout a CLI install uses**, so the two are interchangeable. The renderer (React, in `src/`) talks to a `hermes dashboard --tui` backend over the standard gateway APIs and reuses the embedded TUI rather than reimplementing chat. The install, backend-resolution, and self-update logic all live in `electron/main.cjs`.
+The packaged app ships only the Electron shell. On first launch it installs the Hermes Agent runtime into `HERMES_HOME` (`~/.hermes`, or `%LOCALAPPDATA%\hermes` on Windows) — the **same layout a CLI install uses**, so the two are interchangeable. The renderer (React, in `src/`) talks to a `hermes dashboard` backend over the standard gateway APIs and reuses the embedded TUI rather than reimplementing chat. The install, backend-resolution, and self-update logic all live in `electron/main.cjs`.
 
 ### Verification
 

apps/desktop/electron/backend-probes.test.cjs

@@ -67,7 +67,9 @@ test('verifyHermesCli returns true when --version exits 0', () => {
   } finally {
     try {
       fs.unlinkSync(scriptPath)
-    } catch {}
+    } catch {
+      void 0
+    }
   }
 })
 

apps/desktop/electron/bootstrap-platform.cjs

@@ -52,7 +52,9 @@ function detectRemoteDisplay(options = {}) {
   const env = options.env ?? process.env
   const platform = options.platform ?? process.platform
 
-  const override = String(env.HERMES_DESKTOP_DISABLE_GPU || '').trim().toLowerCase()
+  const override = String(env.HERMES_DESKTOP_DISABLE_GPU || '')
+    .trim()
+    .toLowerCase()
   if (GPU_OVERRIDE_ON.has(override)) return 'override (HERMES_DESKTOP_DISABLE_GPU)'
   if (GPU_OVERRIDE_OFF.has(override)) return null
 

apps/desktop/electron/bootstrap-platform.test.cjs

@@ -45,11 +45,17 @@ test('detectRemoteDisplay does not treat WSLg as remote', () => {
   // WSLg renders locally via vGPU and doesn't show the flicker, so a WSL
   // session with a local DISPLAY keeps hardware acceleration on.
   assert.equal(detectRemoteDisplay({ env: { WSL_DISTRO_NAME: 'Ubuntu', DISPLAY: ':0' }, platform: 'linux' }), null)
-  assert.equal(detectRemoteDisplay({ env: { WSL_INTEROP: '/run/WSL/1_interop', DISPLAY: ':0' }, platform: 'linux' }), null)
+  assert.equal(
+    detectRemoteDisplay({ env: { WSL_INTEROP: '/run/WSL/1_interop', DISPLAY: ':0' }, platform: 'linux' }),
+    null
+  )
 })
 
 test('detectRemoteDisplay flags SSH sessions on any platform', () => {
-  assert.equal(detectRemoteDisplay({ env: { SSH_CONNECTION: '1.2.3.4 5 6.7.8.9 22' }, platform: 'linux' }), 'ssh-session')
+  assert.equal(
+    detectRemoteDisplay({ env: { SSH_CONNECTION: '1.2.3.4 5 6.7.8.9 22' }, platform: 'linux' }),
+    'ssh-session'
+  )
   assert.equal(detectRemoteDisplay({ env: { SSH_CLIENT: '1.2.3.4 5 22' }, platform: 'darwin' }), 'ssh-session')
   assert.equal(detectRemoteDisplay({ env: { SSH_TTY: '/dev/pts/0' }, platform: 'win32' }), 'ssh-session')
 })

apps/desktop/electron/bootstrap-runner.cjs

@@ -101,7 +101,9 @@ function downloadInstallScript(commit, destPath) {
             .get(res.headers.location, res2 => {
               if (res2.statusCode !== 200) {
                 reject(
-                  new Error(`Failed to download ${scriptName}: HTTP ${res2.statusCode} from redirect ${res.headers.location}`)
+                  new Error(
+                    `Failed to download ${scriptName}: HTTP ${res2.statusCode} from redirect ${res.headers.location}`
+                  )
                 )
                 return
               }
@@ -121,7 +123,9 @@ function downloadInstallScript(commit, destPath) {
           out.close()
           try {
             fs.unlinkSync(tmpPath)
-          } catch {}
+          } catch {
+            void 0
+          }
           reject(new Error(`Failed to download ${scriptName}: HTTP ${res.statusCode} from ${url}`))
           return
         }
@@ -134,14 +138,18 @@ function downloadInstallScript(commit, destPath) {
         out.on('error', err => {
           try {
             fs.unlinkSync(tmpPath)
-          } catch {}
+          } catch {
+            void 0
+          }
           reject(err)
         })
       })
       .on('error', err => {
         try {
           fs.unlinkSync(tmpPath)
-        } catch {}
+        } catch {
+          void 0
+        }
         reject(err)
       })
   })
@@ -168,13 +176,19 @@ async function resolveInstallScript({ installStamp, sourceRepoRoot, hermesHome,
   const cached = cachedScriptPath(hermesHome, installStamp.commit)
   try {
     await fsp.access(cached, fs.constants.R_OK)
-    emit({ type: 'log', line: `[bootstrap] using cached ${installScriptName()} for ${installStamp.commit.slice(0, 12)}` })
+    emit({
+      type: 'log',
+      line: `[bootstrap] using cached ${installScriptName()} for ${installStamp.commit.slice(0, 12)}`
+    })
     return { path: cached, source: 'cache', commit: installStamp.commit, kind: installScriptKind() }
   } catch {
     // not cached; download
   }
 
-  emit({ type: 'log', line: `[bootstrap] fetching ${installScriptName()} for ${installStamp.commit.slice(0, 12)} from GitHub` })
+  emit({
+    type: 'log',
+    line: `[bootstrap] fetching ${installScriptName()} for ${installStamp.commit.slice(0, 12)} from GitHub`
+  })
   await downloadInstallScript(installStamp.commit, cached)
   emit({ type: 'log', line: `[bootstrap] saved to ${cached}` })
   return { path: cached, source: 'download', commit: installStamp.commit, kind: installScriptKind() }
@@ -207,7 +221,9 @@ function spawnPowerShell(scriptPath, args, { emit, stageName, abortSignal, herme
       killed = true
       try {
         child.kill('SIGTERM')
-      } catch {}
+      } catch {
+        void 0
+      }
     }
     if (abortSignal) {
       if (abortSignal.aborted) {
@@ -278,7 +294,9 @@ function spawnBash(scriptPath, args, { emit, stageName, abortSignal, hermesHome
       killed = true
       try {
         child.kill('SIGTERM')
-      } catch {}
+      } catch {
+        void 0
+      }
     }
     if (abortSignal) {
       if (abortSignal.aborted) {
@@ -369,7 +387,9 @@ async function fetchManifest({ scriptPath, installerKind, emit, hermesHome, acti
     hermesHome
   })
   if (result.code !== 0) {
-    throw new Error(`${isPosix ? 'install.sh --manifest' : 'install.ps1 -Manifest'} failed: exit ${result.code}\n${result.stderr || result.stdout}`)
+    throw new Error(
+      `${isPosix ? 'install.sh --manifest' : 'install.ps1 -Manifest'} failed: exit ${result.code}\n${result.stderr || result.stdout}`
+    )
   }
   // The manifest is the LAST JSON line on stdout (install.ps1 may print
   // banner / info lines first depending on Console.OutputEncoding effects).
@@ -381,9 +401,13 @@ async function fetchManifest({ scriptPath, installerKind, emit, hermesHome, acti
       if (parsed && Array.isArray(parsed.stages)) {
         return parsed
       }
-    } catch {}
+    } catch {
+      void 0
+    }
   }
-  throw new Error(`${isPosix ? 'install.sh --manifest' : 'install.ps1 -Manifest'} produced no parseable JSON payload\n${result.stdout}`)
+  throw new Error(
+    `${isPosix ? 'install.sh --manifest' : 'install.ps1 -Manifest'} produced no parseable JSON payload\n${result.stdout}`
+  )
 }
 
 // Parse the JSON result frame from a stage run. The protocol guarantees
@@ -397,7 +421,9 @@ function parseStageResult(stdout) {
       if (parsed && typeof parsed.ok === 'boolean' && typeof parsed.stage === 'string') {
         return parsed
       }
-    } catch {}
+    } catch {
+      void 0
+    }
   }
   return null
 }
@@ -408,13 +434,20 @@ async function runStage({ scriptPath, installerKind, stage, emit, hermesHome, ac
 
   const isPosix = installerKind === 'posix'
   const args = isPosix
-    ? ['--stage', stage.name, '--non-interactive', '--json', ...buildPosixPinArgs({ installStamp, activeRoot, hermesHome })]
+    ? [
+        '--stage',
+        stage.name,
+        '--non-interactive',
+        '--json',
+        ...buildPosixPinArgs({ installStamp, activeRoot, hermesHome })
+      ]
     : ['-Stage', stage.name, '-NonInteractive', '-Json', ...buildPinArgs(installStamp)]
-  const result = await (isPosix ? spawnBash : spawnPowerShell)(
-    scriptPath,
-    args,
-    { emit, stageName: stage.name, abortSignal, hermesHome }
-  )
+  const result = await (isPosix ? spawnBash : spawnPowerShell)(scriptPath, args, {
+    emit,
+    stageName: stage.name,
+    abortSignal,
+    hermesHome
+  })
 
   const durationMs = Date.now() - startedAt
 
@@ -449,7 +482,14 @@ async function runStage({ scriptPath, installerKind, stage, emit, hermesHome, ac
     emit(ev)
     return ev
   }
-  const ev = { type: 'stage', name: stage.name, state: 'failed', durationMs, json, error: json.reason || `exit code ${result.code}` }
+  const ev = {
+    type: 'stage',
+    name: stage.name,
+    state: 'failed',
+    durationMs,
+    json,
+    error: json.reason || `exit code ${result.code}`
+  }
   emit(ev)
   return ev
 }
@@ -489,7 +529,9 @@ async function runBootstrap(opts) {
     if (typeof onEvent === 'function') {
       try {
         onEvent({ type: 'failed', error: 'bootstrap cancelled by user' })
-      } catch {}
+      } catch {
+        void 0
+      }
     }
     return { ok: false, cancelled: true }
   }
@@ -501,7 +543,9 @@ async function runBootstrap(opts) {
   const emit = ev => {
     try {
       runLog.stream.write(JSON.stringify(ev) + '\n')
-    } catch {}
+    } catch {
+      void 0
+    }
     try {
       if (typeof onEvent === 'function') onEvent(ev)
     } catch (err) {
@@ -578,7 +622,9 @@ async function runBootstrap(opts) {
   } finally {
     try {
       runLog.stream.end()
-    } catch {}
+    } catch {
+      void 0
+    }
   }
 }
 

apps/desktop/electron/connection-config.cjs

@@ -0,0 +1,254 @@
+/**
+ * connection-config.cjs
+ *
+ * Pure, electron-free helpers for the desktop's remote-gateway connection
+ * config: URL normalization, WS-URL construction (token vs OAuth ticket),
+ * auth-mode classification, and the auth-mode coercion rules.
+ *
+ * Kept standalone (no `require('electron')`) so it can be unit-tested with
+ * `node --test` — same pattern as backend-probes.cjs / bootstrap-platform.cjs.
+ * main.cjs requires these and wires them into the electron-coupled IPC layer.
+ *
+ * Background on the two auth models a remote gateway can use:
+ *   - 'token': legacy static dashboard session token. REST uses an
+ *     `X-Hermes-Session-Token` header; WS uses `?token=`.
+ *   - 'oauth': hosted gateways gate behind an OAuth provider. REST is authed
+ *     by an HttpOnly session cookie; WS upgrades require a single-use
+ *     `?ticket=` minted at POST /api/auth/ws-ticket. The gateway advertises
+ *     this via the public `/api/status` field `auth_required: true`.
+ */
+
+// Bare + prefixed variants of the session cookies the gateway may set,
+// depending on its deploy shape (HTTPS direct → __Host-, behind a path prefix
+// → __Secure-, loopback HTTP → bare). Mirrors
+// hermes_cli/dashboard_auth/cookies.py.
+//
+// Two cookies are in play (see that module):
+//   - hermes_session_at: the OAuth access token. Short-lived (~15 min); its
+//     Max-Age tracks the access-token TTL, so the cookie jar drops it the
+//     instant the AT expires.
+//   - hermes_session_rt: the OAuth refresh token. Long-lived (24h rotating,
+//     reuse-detected — Portal NAS #293 / hermes #37247). When the AT cookie
+//     has lapsed but the RT cookie is still present, the gateway middleware
+//     transparently rotates a fresh AT on the next authenticated request
+//     (POST /api/auth/ws-ticket), so the session is still LIVE even with no
+//     AT cookie. A liveness check that looked only at the AT cookie would
+//     force a needless full re-login every ~15 min — hence cookiesHaveLiveSession.
+const AT_COOKIE_VARIANTS = ['__Host-hermes_session_at', '__Secure-hermes_session_at', 'hermes_session_at']
+const RT_COOKIE_VARIANTS = ['__Host-hermes_session_rt', '__Secure-hermes_session_rt', 'hermes_session_rt']
+
+function normalizeRemoteBaseUrl(rawUrl) {
+  const value = String(rawUrl || '').trim()
+
+  if (!value) {
+    throw new Error('Remote gateway URL is required.')
+  }
+
+  let parsed
+  try {
+    parsed = new URL(value)
+  } catch (error) {
+    throw new Error(`Remote gateway URL is not valid: ${error.message}`)
+  }
+
+  if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
+    throw new Error(`Remote gateway URL must be http:// or https://, got ${parsed.protocol}`)
+  }
+
+  parsed.hash = ''
+  parsed.search = ''
+  parsed.pathname = parsed.pathname.replace(/\/+$/, '')
+
+  return parsed.toString().replace(/\/+$/, '')
+}
+
+function buildGatewayWsUrl(baseUrl, token) {
+  const parsed = new URL(baseUrl)
+  const wsScheme = parsed.protocol === 'https:' ? 'wss' : 'ws'
+  const prefix = parsed.pathname.replace(/\/+$/, '')
+
+  return `${wsScheme}://${parsed.host}${prefix}/api/ws?token=${encodeURIComponent(token)}`
+}
+
+function buildGatewayWsUrlWithTicket(baseUrl, ticket) {
+  const parsed = new URL(baseUrl)
+  const wsScheme = parsed.protocol === 'https:' ? 'wss' : 'ws'
+  const prefix = parsed.pathname.replace(/\/+$/, '')
+
+  return `${wsScheme}://${parsed.host}${prefix}/api/ws?ticket=${encodeURIComponent(ticket)}`
+}
+
+/**
+ * Build the WS URL the renderer would connect with, so the connection test can
+ * exercise the same transport the app actually uses.
+ *
+ * The OAuth ticket-minter is injected (`mintTicket(baseUrl) -> Promise<ticket>`)
+ * so this stays electron-free and unit-testable; main.cjs passes the real
+ * `mintGatewayWsTicket`.
+ *
+ * Return semantics:
+ *   - token mode + token   → ws(s)://…/api/ws?token=…
+ *   - token mode, no token → null  (genuine skip; nothing to authenticate with)
+ *   - oauth, mint ok       → ws(s)://…/api/ws?ticket=…
+ *   - oauth, mint fails    → THROWS  (NOT a skip)
+ *
+ * The oauth-mint-failure throw is the important case: the real boot path
+ * (resolveRemoteBackend in main.cjs) treats a mint failure as a hard
+ * "session expired" auth error and refuses to connect. Swallowing it here
+ * would re-introduce the exact false-positive this test exists to catch —
+ * HTTP /api/status passes, the test reports "reachable", then the renderer
+ * can't authenticate /api/ws and boot dies with "Could not connect".
+ *
+ * @param {string} baseUrl
+ * @param {'token'|'oauth'} authMode
+ * @param {string|null} token
+ * @param {{ mintTicket: (baseUrl: string) => Promise<string> }} deps
+ * @returns {Promise<string|null>}
+ */
+async function resolveTestWsUrl(baseUrl, authMode, token, deps = {}) {
+  if (authMode === 'oauth') {
+    const mintTicket = deps.mintTicket
+    if (typeof mintTicket !== 'function') {
+      throw new Error('resolveTestWsUrl: a mintTicket function is required in OAuth mode.')
+    }
+    let ticket
+    try {
+      ticket = await mintTicket(baseUrl)
+    } catch (error) {
+      const err = new Error(
+        'Reached the gateway over HTTP, but could not mint a WebSocket ticket for the OAuth session ' +
+          '(it may have expired). Open Settings → Gateway and sign in again.'
+      )
+      err.needsOauthLogin = true
+      err.cause = error
+      throw err
+    }
+    return buildGatewayWsUrlWithTicket(baseUrl, ticket)
+  }
+  if (!token) {
+    return null
+  }
+  return buildGatewayWsUrl(baseUrl, token)
+}
+
+// Normalize a profile name to a connection scope key, or null for the global
+// (default) connection. Shared by the resolver and the IPC layer.
+function connectionScopeKey(profile) {
+  return String(profile ?? '').trim() || null
+}
+
+// Coerce a remote auth mode to one of the two supported values ('token' default).
+function normAuthMode(mode) {
+  return mode === 'oauth' ? 'oauth' : 'token'
+}
+
+/**
+ * Select a profile's explicit remote override from a connection config, or null
+ * when it has none (so the caller falls back to env → global remote → local).
+ *
+ * The config may carry a `profiles` map keyed by name; an entry counts as an
+ * override only with `mode === 'remote'` and a non-empty `url`. Pure: `token`
+ * is the raw stored secret; main.cjs decrypts it. Returns
+ * `{ url, authMode, token } | null`.
+ */
+function profileRemoteOverride(config, profile) {
+  const key = connectionScopeKey(profile)
+  const entry = key ? config?.profiles?.[key] : null
+  if (!entry || typeof entry !== 'object' || entry.mode !== 'remote') {
+    return null
+  }
+
+  const url = String(entry.url || '').trim()
+  if (!url) {
+    return null
+  }
+
+  return { url, authMode: normAuthMode(entry.authMode), token: entry.token }
+}
+
+function tokenPreview(value) {
+  const raw = String(value || '')
+
+  if (!raw) {
+    return null
+  }
+
+  return raw.length <= 8 ? 'set' : `...${raw.slice(-6)}`
+}
+
+/**
+ * Classify a gateway's auth mode from its public /api/status body.
+ * `auth_required: true` → OAuth gate engaged; otherwise legacy token auth.
+ * Returns 'oauth' | 'token'.
+ */
+function authModeFromStatus(statusBody) {
+  return statusBody && statusBody.auth_required ? 'oauth' : 'token'
+}
+
+/**
+ * Resolve the effective auth mode for a coerce/save operation.
+ * Explicit input wins; otherwise inherit the saved value; default 'token'.
+ * Returns 'oauth' | 'token'.
+ */
+function resolveAuthMode(inputAuthMode, existingAuthMode) {
+  if (inputAuthMode === 'oauth') return 'oauth'
+  if (inputAuthMode === 'token') return 'token'
+  if (existingAuthMode === 'oauth') return 'oauth'
+  return 'token'
+}
+
+/**
+ * True if any cookie in `cookies` is a hermes session ACCESS-token cookie
+ * with a non-empty value. `cookies` is an array of {name, value} (the shape
+ * Electron's session.cookies.get returns).
+ *
+ * Note: this is AT-only. A session whose AT cookie has lapsed but whose RT
+ * cookie is still alive is STILL connectable (the gateway refreshes the AT on
+ * the next request) — use `cookiesHaveLiveSession` for a connectivity/display
+ * check. `cookiesHaveSession` remains exported for callers that specifically
+ * need to know whether an unexpired access token is present right now.
+ */
+function cookiesHaveSession(cookies) {
+  if (!Array.isArray(cookies)) return false
+  return cookies.some(c => c && AT_COOKIE_VARIANTS.includes(c.name) && c.value)
+}
+
+/**
+ * True if the cookie jar holds a credential that can yield an authenticated
+ * request — EITHER a live access-token cookie OR a refresh-token cookie. The
+ * RT cookie outlives the AT cookie (24h vs ~15min), and the gateway middleware
+ * transparently rotates a fresh AT from the RT on the next authenticated
+ * request. Gating connectivity on the AT alone would force a full IDP
+ * re-login every ~15 min even though a valid 24h RT is sitting in the jar.
+ *
+ * This answers "should we even attempt to connect / show as signed in?", not
+ * "is the access token unexpired?". The authoritative liveness check is still
+ * the actual ws-ticket mint at connect time (which surfaces a true 401 when
+ * the RT is also dead/revoked).
+ */
+function cookiesHaveLiveSession(cookies) {
+  if (!Array.isArray(cookies)) return false
+  return cookies.some(
+    c =>
+      c &&
+      c.value &&
+      (AT_COOKIE_VARIANTS.includes(c.name) || RT_COOKIE_VARIANTS.includes(c.name))
+  )
+}
+
+module.exports = {
+  AT_COOKIE_VARIANTS,
+  RT_COOKIE_VARIANTS,
+  authModeFromStatus,
+  buildGatewayWsUrl,
+  buildGatewayWsUrlWithTicket,
+  connectionScopeKey,
+  cookiesHaveSession,
+  cookiesHaveLiveSession,
+  normAuthMode,
+  normalizeRemoteBaseUrl,
+  profileRemoteOverride,
+  resolveAuthMode,
+  resolveTestWsUrl,
+  tokenPreview
+}

apps/desktop/electron/connection-config.test.cjs

@@ -0,0 +1,329 @@
+/**
+ * Tests for electron/connection-config.cjs.
+ *
+ * Run with: node --test electron/connection-config.test.cjs
+ * (Wire into npm test:desktop:platforms in package.json.)
+ *
+ * These are the pure helpers behind the remote-gateway connection settings:
+ * URL normalization, WS-URL construction (token vs OAuth ticket), auth-mode
+ * classification from /api/status, the coerce-time auth-mode resolution rules,
+ * and the OAuth session-cookie detector.
+ */
+
+const test = require('node:test')
+const assert = require('node:assert/strict')
+
+const {
+  AT_COOKIE_VARIANTS,
+  RT_COOKIE_VARIANTS,
+  authModeFromStatus,
+  buildGatewayWsUrl,
+  buildGatewayWsUrlWithTicket,
+  connectionScopeKey,
+  cookiesHaveSession,
+  cookiesHaveLiveSession,
+  normAuthMode,
+  normalizeRemoteBaseUrl,
+  profileRemoteOverride,
+  resolveAuthMode,
+  resolveTestWsUrl,
+  tokenPreview
+} = require('./connection-config.cjs')
+
+// --- connectionScopeKey / normAuthMode ---
+
+test('connectionScopeKey trims to a name or null for the global scope', () => {
+  assert.equal(connectionScopeKey('  coder '), 'coder')
+  assert.equal(connectionScopeKey(''), null)
+  assert.equal(connectionScopeKey(null), null)
+  assert.equal(connectionScopeKey(undefined), null)
+})
+
+test('normAuthMode coerces to token unless explicitly oauth', () => {
+  assert.equal(normAuthMode('oauth'), 'oauth')
+  assert.equal(normAuthMode('token'), 'token')
+  assert.equal(normAuthMode(undefined), 'token')
+  assert.equal(normAuthMode('weird'), 'token')
+})
+
+// --- profileRemoteOverride ---
+
+test('profileRemoteOverride returns null when no profile is given', () => {
+  const config = { profiles: { coder: { mode: 'remote', url: 'https://x' } } }
+  assert.equal(profileRemoteOverride(config, ''), null)
+  assert.equal(profileRemoteOverride(config, null), null)
+  assert.equal(profileRemoteOverride(config, undefined), null)
+})
+
+test('profileRemoteOverride returns null when the profile has no entry', () => {
+  const config = { profiles: { coder: { mode: 'remote', url: 'https://x' } } }
+  assert.equal(profileRemoteOverride(config, 'writer'), null)
+})
+
+test('profileRemoteOverride ignores local or url-less profile entries', () => {
+  assert.equal(profileRemoteOverride({ profiles: { p: { mode: 'local', url: 'https://x' } } }, 'p'), null)
+  assert.equal(profileRemoteOverride({ profiles: { p: { mode: 'remote', url: '' } } }, 'p'), null)
+  assert.equal(profileRemoteOverride({ profiles: { p: { mode: 'remote' } } }, 'p'), null)
+})
+
+test('profileRemoteOverride returns the per-profile remote with defaulted auth mode', () => {
+  const config = {
+    profiles: {
+      coder: { mode: 'remote', url: '  https://coder.example.com/hermes  ', token: { value: 'sek' } }
+    }
+  }
+  assert.deepEqual(profileRemoteOverride(config, 'coder'), {
+    url: 'https://coder.example.com/hermes',
+    authMode: 'token',
+    token: { value: 'sek' }
+  })
+})
+
+test('profileRemoteOverride preserves an explicit oauth auth mode', () => {
+  const config = { profiles: { coder: { mode: 'remote', url: 'https://x', authMode: 'oauth' } } }
+  assert.equal(profileRemoteOverride(config, 'coder').authMode, 'oauth')
+})
+
+test('profileRemoteOverride tolerates a missing/!object profiles map', () => {
+  assert.equal(profileRemoteOverride({}, 'coder'), null)
+  assert.equal(profileRemoteOverride({ profiles: null }, 'coder'), null)
+  assert.equal(profileRemoteOverride(null, 'coder'), null)
+})
+
+// --- normalizeRemoteBaseUrl ---
+
+test('normalizeRemoteBaseUrl strips trailing slashes, hash, and query', () => {
+  assert.equal(normalizeRemoteBaseUrl('https://gw.example.com/'), 'https://gw.example.com')
+  assert.equal(normalizeRemoteBaseUrl('https://gw.example.com/hermes/'), 'https://gw.example.com/hermes')
+  assert.equal(normalizeRemoteBaseUrl('https://gw.example.com/hermes?x=1#frag'), 'https://gw.example.com/hermes')
+})
+
+test('normalizeRemoteBaseUrl preserves a path prefix', () => {
+  assert.equal(normalizeRemoteBaseUrl('https://host/hermes'), 'https://host/hermes')
+})
+
+test('normalizeRemoteBaseUrl rejects empty input', () => {
+  assert.throws(() => normalizeRemoteBaseUrl(''), /required/)
+  assert.throws(() => normalizeRemoteBaseUrl('   '), /required/)
+})
+
+test('normalizeRemoteBaseUrl rejects non-http(s) protocols', () => {
+  assert.throws(() => normalizeRemoteBaseUrl('ftp://host'), /http:\/\/ or https:\/\//)
+  assert.throws(() => normalizeRemoteBaseUrl('file:///etc/passwd'), /http:\/\/ or https:\/\//)
+})
+
+test('normalizeRemoteBaseUrl rejects garbage', () => {
+  assert.throws(() => normalizeRemoteBaseUrl('not a url'), /not valid/)
+})
+
+// --- buildGatewayWsUrl (token) ---
+
+test('buildGatewayWsUrl uses wss for https and bakes the token', () => {
+  assert.equal(buildGatewayWsUrl('https://gw.example.com', 'tok123'), 'wss://gw.example.com/api/ws?token=tok123')
+})
+
+test('buildGatewayWsUrl uses ws for http', () => {
+  assert.equal(buildGatewayWsUrl('http://127.0.0.1:9119', 'abc'), 'ws://127.0.0.1:9119/api/ws?token=abc')
+})
+
+test('buildGatewayWsUrl honors a path prefix', () => {
+  assert.equal(buildGatewayWsUrl('https://host/hermes', 't'), 'wss://host/hermes/api/ws?token=t')
+})
+
+test('buildGatewayWsUrl url-encodes the token', () => {
+  assert.equal(buildGatewayWsUrl('https://host', 'a/b c+d'), 'wss://host/api/ws?token=a%2Fb%20c%2Bd')
+})
+
+// --- buildGatewayWsUrlWithTicket (oauth) ---
+
+test('buildGatewayWsUrlWithTicket uses ?ticket= not ?token=', () => {
+  const url = buildGatewayWsUrlWithTicket('https://gw.example.com/hermes', 'tkt-9')
+  assert.equal(url, 'wss://gw.example.com/hermes/api/ws?ticket=tkt-9')
+  assert.ok(!url.includes('token='))
+})
+
+test('buildGatewayWsUrlWithTicket url-encodes the ticket', () => {
+  assert.equal(buildGatewayWsUrlWithTicket('https://host', 'a+b/c'), 'wss://host/api/ws?ticket=a%2Bb%2Fc')
+})
+
+// --- authModeFromStatus ---
+
+test('authModeFromStatus returns oauth when auth_required is true', () => {
+  assert.equal(authModeFromStatus({ auth_required: true, auth_providers: ['nous'] }), 'oauth')
+})
+
+test('authModeFromStatus returns token when auth_required is false/missing', () => {
+  assert.equal(authModeFromStatus({ auth_required: false }), 'token')
+  assert.equal(authModeFromStatus({}), 'token')
+  assert.equal(authModeFromStatus(null), 'token')
+  assert.equal(authModeFromStatus(undefined), 'token')
+})
+
+// --- resolveAuthMode ---
+
+test('resolveAuthMode: explicit input wins over existing', () => {
+  assert.equal(resolveAuthMode('oauth', 'token'), 'oauth')
+  assert.equal(resolveAuthMode('token', 'oauth'), 'token')
+})
+
+test('resolveAuthMode: falls back to existing when input absent', () => {
+  assert.equal(resolveAuthMode(undefined, 'oauth'), 'oauth')
+  assert.equal(resolveAuthMode(undefined, 'token'), 'token')
+  assert.equal(resolveAuthMode('', 'oauth'), 'oauth')
+})
+
+test('resolveAuthMode: defaults to token when nothing is set', () => {
+  assert.equal(resolveAuthMode(undefined, undefined), 'token')
+  assert.equal(resolveAuthMode(null, null), 'token')
+})
+
+test('resolveAuthMode: ignores unknown values, defaults to token', () => {
+  assert.equal(resolveAuthMode('bogus', 'also-bogus'), 'token')
+})
+
+// --- cookiesHaveSession ---
+
+test('cookiesHaveSession detects the bare access-token cookie', () => {
+  assert.equal(cookiesHaveSession([{ name: 'hermes_session_at', value: 'x' }]), true)
+})
+
+test('cookiesHaveSession detects the __Host- and __Secure- prefixed variants', () => {
+  assert.equal(cookiesHaveSession([{ name: '__Host-hermes_session_at', value: 'x' }]), true)
+  assert.equal(cookiesHaveSession([{ name: '__Secure-hermes_session_at', value: 'x' }]), true)
+})
+
+test('cookiesHaveSession is false for an empty value', () => {
+  assert.equal(cookiesHaveSession([{ name: 'hermes_session_at', value: '' }]), false)
+})
+
+test('cookiesHaveSession ignores unrelated cookies (AT-only by design)', () => {
+  // cookiesHaveSession is deliberately access-token-only — a lone RT cookie
+  // is NOT an access token, so this returns false. Connectivity callers must
+  // use cookiesHaveLiveSession instead (see below).
+  assert.equal(cookiesHaveSession([{ name: 'hermes_session_rt', value: 'x' }]), false)
+  assert.equal(cookiesHaveSession([{ name: 'other', value: 'x' }]), false)
+})
+
+test('cookiesHaveSession handles non-arrays', () => {
+  assert.equal(cookiesHaveSession(null), false)
+  assert.equal(cookiesHaveSession(undefined), false)
+  assert.equal(cookiesHaveSession([]), false)
+})
+
+test('AT_COOKIE_VARIANTS covers all three deploy shapes', () => {
+  assert.deepEqual(AT_COOKIE_VARIANTS, ['__Host-hermes_session_at', '__Secure-hermes_session_at', 'hermes_session_at'])
+})
+
+test('RT_COOKIE_VARIANTS covers all three deploy shapes', () => {
+  assert.deepEqual(RT_COOKIE_VARIANTS, ['__Host-hermes_session_rt', '__Secure-hermes_session_rt', 'hermes_session_rt'])
+})
+
+// --- cookiesHaveLiveSession (AT or RT — the connectivity check) ---
+
+test('cookiesHaveLiveSession is true for a live access-token cookie', () => {
+  assert.equal(cookiesHaveLiveSession([{ name: 'hermes_session_at', value: 'x' }]), true)
+  assert.equal(cookiesHaveLiveSession([{ name: '__Host-hermes_session_at', value: 'x' }]), true)
+  assert.equal(cookiesHaveLiveSession([{ name: '__Secure-hermes_session_at', value: 'x' }]), true)
+})
+
+test('cookiesHaveLiveSession is true for an RT cookie even with NO access-token cookie', () => {
+  // This is the bug-fix case: the AT cookie has lapsed (dropped from the jar)
+  // but the 24h RT cookie is still alive. The session is still connectable —
+  // the gateway rotates a fresh AT from the RT on the next request.
+  assert.equal(cookiesHaveLiveSession([{ name: 'hermes_session_rt', value: 'x' }]), true)
+  assert.equal(cookiesHaveLiveSession([{ name: '__Host-hermes_session_rt', value: 'x' }]), true)
+  assert.equal(cookiesHaveLiveSession([{ name: '__Secure-hermes_session_rt', value: 'x' }]), true)
+})
+
+test('cookiesHaveLiveSession is true when both AT and RT are present', () => {
+  assert.equal(
+    cookiesHaveLiveSession([
+      { name: 'hermes_session_at', value: 'a' },
+      { name: 'hermes_session_rt', value: 'r' }
+    ]),
+    true
+  )
+})
+
+test('cookiesHaveLiveSession is false for empty values', () => {
+  assert.equal(cookiesHaveLiveSession([{ name: 'hermes_session_at', value: '' }]), false)
+  assert.equal(cookiesHaveLiveSession([{ name: 'hermes_session_rt', value: '' }]), false)
+  assert.equal(
+    cookiesHaveLiveSession([
+      { name: 'hermes_session_at', value: '' },
+      { name: 'hermes_session_rt', value: '' }
+    ]),
+    false
+  )
+})
+
+test('cookiesHaveLiveSession is false for unrelated cookies and non-arrays', () => {
+  assert.equal(cookiesHaveLiveSession([{ name: 'other', value: 'x' }]), false)
+  assert.equal(cookiesHaveLiveSession(null), false)
+  assert.equal(cookiesHaveLiveSession(undefined), false)
+  assert.equal(cookiesHaveLiveSession([]), false)
+})
+
+// --- tokenPreview ---
+
+test('tokenPreview returns null for empty', () => {
+  assert.equal(tokenPreview(''), null)
+  assert.equal(tokenPreview(null), null)
+})
+
+test('tokenPreview returns set for short tokens', () => {
+  assert.equal(tokenPreview('12345678'), 'set')
+})
+
+test('tokenPreview returns a masked suffix for long tokens', () => {
+  assert.equal(tokenPreview('abcdefghijklmnop'), '...klmnop')
+})
+
+// --- resolveTestWsUrl ---
+//
+// The "Test remote" button must exercise the same WS transport the app uses,
+// and must FAIL (not skip) when an OAuth session can't mint a ws-ticket — that
+// is the exact false-positive PR #39098 set out to eliminate.
+
+test('resolveTestWsUrl (token mode) builds a ?token= URL the WS probe can use', async () => {
+  const url = await resolveTestWsUrl('https://gw.example.com', 'token', 'tok123')
+  assert.equal(url, 'wss://gw.example.com/api/ws?token=tok123')
+})
+
+test('resolveTestWsUrl (token mode, no token) returns null — genuine skip', async () => {
+  assert.equal(await resolveTestWsUrl('https://gw.example.com', 'token', null), null)
+})
+
+test('resolveTestWsUrl (oauth, mint ok) builds a ?ticket= URL', async () => {
+  const url = await resolveTestWsUrl('https://gw.example.com', 'oauth', null, {
+    mintTicket: async () => 'tkt-9'
+  })
+  assert.equal(url, 'wss://gw.example.com/api/ws?ticket=tkt-9')
+})
+
+test('resolveTestWsUrl (oauth, mint FAILS) throws — must NOT skip WS validation', async () => {
+  await assert.rejects(
+    () =>
+      resolveTestWsUrl('https://gw.example.com', 'oauth', null, {
+        mintTicket: async () => {
+          throw new Error('401 ticket mint failed')
+        }
+      }),
+    err => {
+      // Actionable, points the user at re-auth, and preserves the cause + flag
+      // the boot overlay uses to offer a sign-in prompt.
+      assert.match(err.message, /WebSocket ticket/i)
+      assert.match(err.message, /sign in again/i)
+      assert.equal(err.needsOauthLogin, true)
+      assert.ok(err.cause instanceof Error)
+      return true
+    }
+  )
+})
+
+test('resolveTestWsUrl (oauth) requires a mintTicket function', async () => {
+  await assert.rejects(
+    () => resolveTestWsUrl('https://gw.example.com', 'oauth', null),
+    /mintTicket function is required/
+  )
+})

apps/desktop/electron/gateway-ws-probe.cjs

@@ -0,0 +1,188 @@
+/**
+ * Live WebSocket validation for the remote-gateway "Test remote" button.
+ *
+ * Background: the desktop boot does two independent things to a remote gateway:
+ *
+ *   1. The MAIN process hits ``GET /api/status`` over HTTP (token in a header)
+ *      to confirm the backend is up. This is what "Test remote" historically
+ *      checked, and what the boot logs print as "Remote Hermes backend is
+ *      ready".
+ *   2. The RENDERER then opens a live WebSocket to ``/api/ws`` (credential in a
+ *      query param) via ``gateway.connect()``. The chat surface only works once
+ *      THIS succeeds.
+ *
+ * Those two paths use different processes, transports, and credentials, and the
+ * server applies extra guards to the WS upgrade that the HTTP status route never
+ * sees (Host/Origin checks, ws-ticket/token auth, peer-IP checks). So a gateway
+ * can pass the HTTP status check yet reject the WebSocket — which surfaces to
+ * the user as a green "Test remote" followed by an opaque "Could not connect to
+ * Hermes gateway" on the boot overlay.
+ *
+ * This module performs the second half of the check: it actually opens the WS
+ * URL and confirms the upgrade is accepted (and isn't immediately torn down by
+ * a post-upgrade auth rejection). The ``WebSocketImpl`` is injectable so the
+ * unit tests can drive the handshake without a real socket; in production the
+ * caller passes the Node/Electron global ``WebSocket``.
+ */
+
+const DEFAULT_CONNECT_TIMEOUT_MS = 10_000
+// After the upgrade is accepted, a gateway that rejects the credential
+// post-handshake closes the socket almost immediately. Wait a short grace
+// window: a frame (gateway.ready) or a still-open socket means success; an
+// early close means the upgrade was accepted but the session was refused.
+const DEFAULT_READY_GRACE_MS = 750
+
+/**
+ * Attempt a live WebSocket connection and classify the outcome.
+ *
+ * @param {string} wsUrl - Fully-formed ws(s):// URL including the credential.
+ * @param {object} [options]
+ * @param {new (url: string) => any} [options.WebSocketImpl] - WebSocket ctor.
+ * @param {number} [options.connectTimeoutMs]
+ * @param {number} [options.readyGraceMs]
+ * @returns {Promise<{ ok: boolean, reason?: string }>}
+ */
+function probeGatewayWebSocket(wsUrl, options = {}) {
+  const WebSocketImpl = options.WebSocketImpl
+  const connectTimeoutMs = options.connectTimeoutMs ?? DEFAULT_CONNECT_TIMEOUT_MS
+  const readyGraceMs = options.readyGraceMs ?? DEFAULT_READY_GRACE_MS
+
+  if (typeof WebSocketImpl !== 'function') {
+    return Promise.resolve({
+      ok: false,
+      reason: 'WebSocket is not available in this runtime.'
+    })
+  }
+
+  return new Promise(resolve => {
+    let settled = false
+    let opened = false
+    let connectTimer = null
+    let graceTimer = null
+    let socket
+
+    const clearTimers = () => {
+      if (connectTimer !== null) {
+        clearTimeout(connectTimer)
+        connectTimer = null
+      }
+      if (graceTimer !== null) {
+        clearTimeout(graceTimer)
+        graceTimer = null
+      }
+    }
+
+    const finish = result => {
+      if (settled) return
+      settled = true
+      clearTimers()
+      try {
+        socket?.close?.()
+      } catch {
+        // ignore — best effort teardown
+      }
+      resolve(result)
+    }
+
+    try {
+      socket = new WebSocketImpl(wsUrl)
+    } catch (error) {
+      finish({
+        ok: false,
+        reason: error instanceof Error ? error.message : String(error)
+      })
+      return
+    }
+
+    const onOpen = () => {
+      if (settled) return
+      opened = true
+      // Upgrade accepted. Give the server a brief window to reject the
+      // credential post-handshake (early close) before declaring success.
+      graceTimer = setTimeout(() => {
+        finish({ ok: true })
+      }, readyGraceMs)
+    }
+
+    const onMessage = () => {
+      // Any frame means the gateway accepted us and is talking — unambiguous
+      // success, no need to wait out the grace window.
+      finish({ ok: true })
+    }
+
+    const onError = event => {
+      finish({
+        ok: false,
+        reason: extractErrorReason(event) || 'WebSocket connection failed.'
+      })
+    }
+
+    const onClose = event => {
+      if (settled) return
+      if (opened) {
+        // Opened, then closed inside the grace window: the upgrade was accepted
+        // but the session was refused (e.g. ws-ticket/token rejected, or a
+        // server-side Host/Origin guard tripped after accept).
+        finish({
+          ok: false,
+          reason: closeReason(event, 'The gateway accepted the connection then closed it (credential rejected?).')
+        })
+        return
+      }
+      finish({
+        ok: false,
+        reason: closeReason(event, 'The gateway closed the WebSocket before it opened.')
+      })
+    }
+
+    addListener(socket, 'open', onOpen)
+    addListener(socket, 'message', onMessage)
+    addListener(socket, 'error', onError)
+    addListener(socket, 'close', onClose)
+
+    if (connectTimeoutMs > 0) {
+      connectTimer = setTimeout(() => {
+        finish({
+          ok: false,
+          reason: `Timed out after ${connectTimeoutMs}ms waiting for the WebSocket to open.`
+        })
+      }, connectTimeoutMs)
+    }
+  })
+}
+
+function addListener(socket, type, handler) {
+  if (typeof socket.addEventListener === 'function') {
+    socket.addEventListener(type, handler)
+    return
+  }
+  // Node's global WebSocket implements addEventListener; this fallback keeps the
+  // helper usable with the `ws` package's EventEmitter shape too.
+  if (typeof socket.on === 'function') {
+    socket.on(type, handler)
+  }
+}
+
+function extractErrorReason(event) {
+  if (!event) return ''
+  if (event instanceof Error) return event.message
+  const err = event.error || event.message
+  if (err instanceof Error) return err.message
+  if (typeof err === 'string') return err
+  return ''
+}
+
+function closeReason(event, fallback) {
+  const code = event && typeof event.code === 'number' ? event.code : null
+  const reason = event && typeof event.reason === 'string' ? event.reason.trim() : ''
+  if (code && reason) return `${fallback} (code ${code}: ${reason})`
+  if (code) return `${fallback} (code ${code})`
+  if (reason) return `${fallback} (${reason})`
+  return fallback
+}
+
+module.exports = {
+  DEFAULT_CONNECT_TIMEOUT_MS,
+  DEFAULT_READY_GRACE_MS,
+  probeGatewayWebSocket
+}

apps/desktop/electron/gateway-ws-probe.test.cjs

@@ -0,0 +1,122 @@
+/**
+ * Tests for electron/gateway-ws-probe.cjs.
+ *
+ * Run with: node --test electron/gateway-ws-probe.test.cjs
+ * (Wired into npm test:desktop:platforms in package.json.)
+ *
+ * The probe drives a real WebSocket handshake for the "Test remote" button.
+ * Here we inject a fake socket so we can deterministically replay each handshake
+ * outcome (open, frame, error, early close, never-opens) without a network.
+ */
+
+const test = require('node:test')
+const assert = require('node:assert/strict')
+
+const { probeGatewayWebSocket } = require('./gateway-ws-probe.cjs')
+
+// Minimal WebSocket double: records listeners synchronously (the probe attaches
+// them in its executor) and exposes emit() so the test can replay events.
+function makeFakeWs() {
+  const instances = []
+  class FakeWs {
+    constructor(url) {
+      this.url = url
+      this.listeners = {}
+      this.closed = false
+      instances.push(this)
+    }
+    addEventListener(type, fn) {
+      ;(this.listeners[type] ||= []).push(fn)
+    }
+    close() {
+      this.closed = true
+    }
+    emit(type, event) {
+      for (const fn of this.listeners[type] || []) fn(event)
+    }
+  }
+  return { FakeWs, instances }
+}
+
+const FAST = { connectTimeoutMs: 1_000, readyGraceMs: 10 }
+
+test('probe resolves ok when the socket opens and stays open', async () => {
+  const { FakeWs, instances } = makeFakeWs()
+  const promise = probeGatewayWebSocket('ws://host/api/ws?token=t', { WebSocketImpl: FakeWs, ...FAST })
+  instances[0].emit('open')
+  const result = await promise
+  assert.deepEqual(result, { ok: true })
+  assert.equal(instances[0].closed, true)
+})
+
+test('probe resolves ok immediately when a frame arrives', async () => {
+  const { FakeWs, instances } = makeFakeWs()
+  const promise = probeGatewayWebSocket('ws://host/api/ws?token=t', {
+    WebSocketImpl: FakeWs,
+    connectTimeoutMs: 1_000,
+    readyGraceMs: 10_000 // long grace: success must come from the frame, not the timer
+  })
+  instances[0].emit('open')
+  instances[0].emit('message', { data: '{"jsonrpc":"2.0"}' })
+  const result = await promise
+  assert.deepEqual(result, { ok: true })
+})
+
+test('probe fails when the socket errors before opening', async () => {
+  const { FakeWs, instances } = makeFakeWs()
+  const promise = probeGatewayWebSocket('ws://host/api/ws?token=t', { WebSocketImpl: FakeWs, ...FAST })
+  instances[0].emit('error', { message: 'ECONNREFUSED' })
+  const result = await promise
+  assert.equal(result.ok, false)
+  assert.match(result.reason, /ECONNREFUSED/)
+})
+
+test('probe fails when the gateway closes before opening', async () => {
+  const { FakeWs, instances } = makeFakeWs()
+  const promise = probeGatewayWebSocket('ws://host/api/ws?token=t', { WebSocketImpl: FakeWs, ...FAST })
+  instances[0].emit('close', { code: 1006 })
+  const result = await promise
+  assert.equal(result.ok, false)
+  assert.match(result.reason, /before it opened/)
+  assert.match(result.reason, /1006/)
+})
+
+test('probe fails when the gateway accepts then immediately closes (auth rejected)', async () => {
+  const { FakeWs, instances } = makeFakeWs()
+  const promise = probeGatewayWebSocket('ws://host/api/ws?token=t', { WebSocketImpl: FakeWs, ...FAST })
+  instances[0].emit('open')
+  instances[0].emit('close', { code: 4403, reason: 'forbidden' })
+  const result = await promise
+  assert.equal(result.ok, false)
+  assert.match(result.reason, /credential rejected/)
+  assert.match(result.reason, /4403/)
+  assert.match(result.reason, /forbidden/)
+})
+
+test('probe times out when the socket never opens', async () => {
+  const { FakeWs } = makeFakeWs()
+  const result = await probeGatewayWebSocket('ws://host/api/ws?token=t', {
+    WebSocketImpl: FakeWs,
+    connectTimeoutMs: 20,
+    readyGraceMs: 10
+  })
+  assert.equal(result.ok, false)
+  assert.match(result.reason, /Timed out/)
+})
+
+test('probe fails gracefully when the constructor throws', async () => {
+  class ThrowingWs {
+    constructor() {
+      throw new Error('bad url')
+    }
+  }
+  const result = await probeGatewayWebSocket('ws://host/api/ws', { WebSocketImpl: ThrowingWs, ...FAST })
+  assert.equal(result.ok, false)
+  assert.match(result.reason, /bad url/)
+})
+
+test('probe reports unavailable when no WebSocket implementation is provided', async () => {
+  const result = await probeGatewayWebSocket('ws://host/api/ws', { WebSocketImpl: undefined })
+  assert.equal(result.ok, false)
+  assert.match(result.reason, /not available/)
+})

apps/desktop/electron/preload.cjs

@@ -1,12 +1,21 @@
 const { contextBridge, ipcRenderer, webUtils } = require('electron')
 
 contextBridge.exposeInMainWorld('hermesDesktop', {
-  getConnection: () => ipcRenderer.invoke('hermes:connection'),
+  getConnection: profile => ipcRenderer.invoke('hermes:connection', profile),
+  touchBackend: profile => ipcRenderer.invoke('hermes:backend:touch', profile),
+  getGatewayWsUrl: profile => ipcRenderer.invoke('hermes:gateway:ws-url', profile),
   getBootProgress: () => ipcRenderer.invoke('hermes:boot-progress:get'),
-  getConnectionConfig: () => ipcRenderer.invoke('hermes:connection-config:get'),
+  getConnectionConfig: profile => ipcRenderer.invoke('hermes:connection-config:get', profile),
   saveConnectionConfig: payload => ipcRenderer.invoke('hermes:connection-config:save', payload),
   applyConnectionConfig: payload => ipcRenderer.invoke('hermes:connection-config:apply', payload),
   testConnectionConfig: payload => ipcRenderer.invoke('hermes:connection-config:test', payload),
+  probeConnectionConfig: remoteUrl => ipcRenderer.invoke('hermes:connection-config:probe', remoteUrl),
+  oauthLoginConnectionConfig: remoteUrl => ipcRenderer.invoke('hermes:connection-config:oauth-login', remoteUrl),
+  oauthLogoutConnectionConfig: remoteUrl => ipcRenderer.invoke('hermes:connection-config:oauth-logout', remoteUrl),
+  profile: {
+    get: () => ipcRenderer.invoke('hermes:profile:get'),
+    set: name => ipcRenderer.invoke('hermes:profile:set', name)
+  },
   api: request => ipcRenderer.invoke('hermes:api', request),
   notify: payload => ipcRenderer.invoke('hermes:notify', payload),
   requestMicrophoneAccess: () => ipcRenderer.invoke('hermes:requestMicrophoneAccess'),

apps/desktop/package.json

@@ -35,7 +35,7 @@
     "test:desktop:nsis": "node scripts/test-desktop.mjs nsis",
     "test:desktop:existing": "node scripts/test-desktop.mjs existing",
     "test:desktop:fresh": "node scripts/test-desktop.mjs fresh",
-    "test:desktop:platforms": "node --test electron/bootstrap-platform.test.cjs electron/hardening.test.cjs electron/backend-probes.test.cjs electron/bootstrap-runner.test.cjs",
+    "test:desktop:platforms": "node --test electron/bootstrap-platform.test.cjs electron/hardening.test.cjs electron/backend-probes.test.cjs electron/bootstrap-runner.test.cjs electron/connection-config.test.cjs electron/gateway-ws-probe.test.cjs",
     "type-check": "tsc -b",
     "lint": "eslint src/ electron/",
     "lint:fix": "eslint src/ electron/ --fix",
@@ -84,7 +84,7 @@
     "react": "^19.2.5",
     "react-arborist": "^3.5.0",
     "react-dom": "^19.2.5",
-    "react-router-dom": "^7.14.2",
+    "react-router-dom": "^7.17.0",
     "react-shiki": "^0.9.3",
     "remark-math": "^6.0.0",
     "shiki": "^4.0.2",
@@ -146,6 +146,7 @@
       "package.json"
     ],
     "beforeBuild": "scripts/before-build.cjs",
+    "beforePack": "scripts/before-pack.cjs",
     "afterPack": "scripts/after-pack.cjs",
     "extraResources": [
       {

apps/desktop/scripts/before-pack.cjs

@@ -0,0 +1,78 @@
+'use strict'
+
+/**
+ * before-pack.cjs — electron-builder beforePack hook.
+ *
+ * Removes any stale unpacked app directory (`appOutDir`) before
+ * electron-builder stages the Electron binaries into it.
+ *
+ * WHY THIS EXISTS
+ * ---------------
+ * electron-builder's final packaging step copies the stock `electron`
+ * binary into `release/<platform>-unpacked/` and then renames it to the
+ * product name (`Hermes`). If a PREVIOUS `npm run pack` was interrupted
+ * (Ctrl-C, OOM kill, crash, full disk) the unpacked directory is left in a
+ * corrupted partial state: it keeps the already-renamed `LICENSE.electron.txt`
+ * and the Chromium payload (.pak/.so/icudtl.dat/chrome-sandbox) but is MISSING
+ * the `electron` binary itself.
+ *
+ * On the next run, electron-builder sees the destination directory already
+ * populated, skips re-copying the binary it thinks is present, then tries to
+ * rename a `electron` file that no longer exists. The build dies with:
+ *
+ *   ENOENT: no such file or directory, rename
+ *   '.../release/linux-unpacked/electron' -> '.../release/linux-unpacked/Hermes'
+ *
+ * This is a hard failure with no obvious cause for the user — `hermes desktop`
+ * just prints "Desktop GUI build failed" and the only fix is to manually
+ * `rm -rf` the release directory, which a normal user has no way to know.
+ *
+ * The packaging step is not idempotent across an interrupted run, so we make
+ * it idempotent ourselves: wipe the target unpacked directory up front so
+ * electron-builder always stages into a clean tree. This is safe — the
+ * directory is a pure build artifact that electron-builder fully recreates
+ * on every pack; nothing else depends on its prior contents.
+ *
+ * Cross-platform: the same partial-state trap exists on macOS
+ * (the mac-unpacked Hermes.app bundle) and Windows (win-unpacked), so we
+ * clean whatever `appOutDir` electron-builder hands us regardless of platform.
+ *
+ * Best-effort: a cleanup failure must never mask the real build. We log and
+ * resolve rather than throw — worst case electron-builder hits the original
+ * ENOENT, which is no worse than not having this hook at all.
+ *
+ * electron-builder passes a context with:
+ *   - appOutDir:            the unpacked app directory about to be staged
+ *   - electronPlatformName: 'win32' | 'darwin' | 'linux'
+ */
+
+const fs = require('node:fs')
+
+function cleanStaleAppOutDir(appOutDir) {
+  if (!appOutDir || typeof appOutDir !== 'string') {
+    return false
+  }
+  if (!fs.existsSync(appOutDir)) {
+    return false
+  }
+  // Recursive + force so a half-written tree (read-only bits, partial files)
+  // can't block the wipe. retry/maxRetries rides out transient EBUSY on
+  // Windows where an AV/indexer may briefly hold a handle.
+  fs.rmSync(appOutDir, { recursive: true, force: true, maxRetries: 5, retryDelay: 100 })
+  return true
+}
+
+exports.cleanStaleAppOutDir = cleanStaleAppOutDir
+
+exports.default = async function beforePack(context) {
+  const appOutDir = context && context.appOutDir
+  try {
+    if (cleanStaleAppOutDir(appOutDir)) {
+      console.log(`[before-pack] removed stale unpacked dir before staging: ${appOutDir}`)
+    }
+  } catch (err) {
+    // Never fail the build over cleanup; surface why so a genuinely stuck
+    // directory (permissions, mount) is still diagnosable.
+    console.warn(`[before-pack] could not clean ${appOutDir} (${err.message}); continuing`)
+  }
+}

apps/desktop/scripts/before-pack.test.cjs

@@ -0,0 +1,53 @@
+const assert = require('node:assert/strict')
+const fs = require('node:fs')
+const os = require('node:os')
+const path = require('node:path')
+const test = require('node:test')
+
+const { cleanStaleAppOutDir } = require('../scripts/before-pack.cjs')
+
+test('cleanStaleAppOutDir removes a populated unpacked directory', () => {
+  const tempRoot = fs.mkdtempSync(path.join(os.tmpdir(), 'hermes-before-pack-'))
+  try {
+    const appOutDir = path.join(tempRoot, 'linux-unpacked')
+    fs.mkdirSync(appOutDir, { recursive: true })
+    // Reproduce the corrupted partial state: license + payload present,
+    // electron binary missing — exactly what trips the ENOENT rename.
+    fs.writeFileSync(path.join(appOutDir, 'LICENSE.electron.txt'), 'x', 'utf8')
+    fs.writeFileSync(path.join(appOutDir, 'resources.pak'), 'x', 'utf8')
+    fs.mkdirSync(path.join(appOutDir, 'resources'), { recursive: true })
+    fs.writeFileSync(path.join(appOutDir, 'resources', 'app.asar'), 'x', 'utf8')
+
+    const removed = cleanStaleAppOutDir(appOutDir)
+
+    assert.equal(removed, true)
+    assert.equal(fs.existsSync(appOutDir), false)
+  } finally {
+    fs.rmSync(tempRoot, { recursive: true, force: true })
+  }
+})
+
+test('cleanStaleAppOutDir is a no-op when the directory is absent', () => {
+  const tempRoot = fs.mkdtempSync(path.join(os.tmpdir(), 'hermes-before-pack-'))
+  try {
+    const missing = path.join(tempRoot, 'does-not-exist')
+    assert.equal(cleanStaleAppOutDir(missing), false)
+  } finally {
+    fs.rmSync(tempRoot, { recursive: true, force: true })
+  }
+})
+
+test('cleanStaleAppOutDir ignores empty or invalid input', () => {
+  assert.equal(cleanStaleAppOutDir(''), false)
+  assert.equal(cleanStaleAppOutDir(undefined), false)
+  assert.equal(cleanStaleAppOutDir(null), false)
+  assert.equal(cleanStaleAppOutDir(42), false)
+})
+
+test('beforePack default export resolves even when cleanup throws', async () => {
+  const { default: beforePack } = require('../scripts/before-pack.cjs')
+  // A directory path that rmSync can't remove is simulated by passing a
+  // context whose appOutDir is a file the hook will try (and be allowed) to
+  // remove; the contract under test is that the hook never rejects.
+  await assert.doesNotReject(beforePack({ appOutDir: '', electronPlatformName: 'linux' }))
+})

apps/desktop/src/app/agents/index.tsx

@@ -5,6 +5,7 @@ import { useElapsedSeconds } from '@/components/chat/activity-timer'
 import { ActivityTimerText } from '@/components/chat/activity-timer-text'
 import { BrailleSpinner } from '@/components/ui/braille-spinner'
 import { FadeText } from '@/components/ui/fade-text'
+import { type Translations, useI18n } from '@/i18n'
 import { AlertCircle, CheckCircle2, Sparkles } from '@/lib/icons'
 import { useEnterAnimation } from '@/lib/use-enter-animation'
 import { cn } from '@/lib/utils'
@@ -21,11 +22,11 @@ import { OverlayView } from '../overlays/overlay-view'
 
 // Mirrors statusGlyph() in tool-fallback.tsx so subagent rows speak the
 // same visual vocabulary as the chat tool blocks.
-function statusGlyph(status: SubagentStatus): ReactNode {
+function statusGlyph(status: SubagentStatus, a: Translations['agents']): ReactNode {
   if (status === 'running' || status === 'queued') {
     return (
       <BrailleSpinner
-        ariaLabel="Running"
+        ariaLabel={a.running}
         className="size-3.5 shrink-0 text-[0.95rem] text-muted-foreground/80"
         spinner="breathe"
       />
@@ -33,10 +34,10 @@ function statusGlyph(status: SubagentStatus): ReactNode {
   }
 
   if (status === 'failed' || status === 'interrupted') {
-    return <AlertCircle aria-label="Failed" className="size-3.5 shrink-0 text-destructive" />
+    return <AlertCircle aria-label={a.failed} className="size-3.5 shrink-0 text-destructive" />
   }
 
-  return <CheckCircle2 aria-label="Done" className="size-3.5 shrink-0 text-emerald-600/85 dark:text-emerald-400/85" />
+  return <CheckCircle2 aria-label={a.done} className="size-3.5 shrink-0 text-emerald-600/85 dark:text-emerald-400/85" />
 }
 
 const STREAM_TONE: Record<SubagentStreamEntry['kind'], string> = {
@@ -75,6 +76,7 @@ interface AgentsViewProps {
 }
 
 export function AgentsView({ onClose }: AgentsViewProps) {
+  const { t } = useI18n()
   const activeSessionId = useStore($activeSessionId)
   const subagentsBySession = useStore($subagentsBySession)
 
@@ -87,61 +89,61 @@ export function AgentsView({ onClose }: AgentsViewProps) {
 
   return (
     <OverlayView
-      closeLabel="Close agents"
+      closeLabel={t.agents.close}
       contentClassName="px-5 pt-5 pb-4 sm:px-6"
       onClose={onClose}
       rootClassName="mx-auto max-w-3xl"
     >
       <header className="mb-3 shrink-0">
-        <h2 className="text-sm font-semibold text-foreground">Spawn tree</h2>
-        <p className="text-xs text-muted-foreground/80">Live subagent activity for the current turn.</p>
+        <h2 className="text-sm font-semibold text-foreground">{t.agents.title}</h2>
+        <p className="text-xs text-muted-foreground/80">{t.agents.subtitle}</p>
       </header>
       <SubagentTree tree={tree} />
     </OverlayView>
   )
 }
 
-const fmtDuration = (seconds?: number) => {
+const fmtDuration = (seconds: number | undefined, a: Translations['agents']) => {
   if (!seconds || seconds <= 0) {
     return ''
   }
 
   if (seconds < 60) {
-    return `${seconds.toFixed(1)}s`
+    return a.durationSeconds(seconds.toFixed(1))
   }
 
   const m = Math.floor(seconds / 60)
   const s = Math.round(seconds % 60)
 
-  return `${m}m ${s}s`
+  return a.durationMinutes(m, s)
 }
 
-const fmtTokens = (value?: number) => {
+const fmtTokens = (value: number | undefined, a: Translations['agents']) => {
   if (!value) {
     return ''
   }
 
-  return value >= 1000 ? `${(value / 1000).toFixed(1)}k tok` : `${value} tok`
+  return value >= 1000 ? a.tokensK((value / 1000).toFixed(1)) : a.tokens(value)
 }
 
-const fmtAge = (updatedAt: number, nowMs: number) => {
+const fmtAge = (updatedAt: number, nowMs: number, a: Translations['agents']) => {
   const s = Math.max(0, Math.round((nowMs - updatedAt) / 1000))
 
   if (s < 2) {
-    return 'now'
+    return a.ageNow
   }
 
   if (s < 60) {
-    return `${s}s ago`
+    return a.ageSeconds(s)
   }
 
   const m = Math.floor(s / 60)
 
   if (m < 60) {
-    return `${m}m ago`
+    return a.ageMinutes(m)
   }
 
-  return `${Math.floor(m / 60)}h ago`
+  return a.ageHours(Math.floor(m / 60))
 }
 
 const flatten = (nodes: readonly SubagentNode[]): SubagentNode[] =>
@@ -149,7 +151,7 @@ const flatten = (nodes: readonly SubagentNode[]): SubagentNode[] =>
 
 interface RootGroup {
   id: string
-  label: string
+  delegationIndex: number
   nodes: SubagentNode[]
   taskCount: number
 }
@@ -173,18 +175,19 @@ function groupDelegations(roots: readonly SubagentNode[]): RootGroup[] {
 
     if (node.taskCount > 1) {
       n += 1
-      groups.push({ id: `delegation-${n}`, label: `Delegation ${n}`, nodes: [node], taskCount: node.taskCount })
+      groups.push({ id: `delegation-${n}`, delegationIndex: n, nodes: [node], taskCount: node.taskCount })
 
       continue
     }
 
-    groups.push({ id: node.id, label: '', nodes: [node], taskCount: node.taskCount })
+    groups.push({ id: node.id, delegationIndex: 0, nodes: [node], taskCount: node.taskCount })
   }
 
   return groups
 }
 
 function SubagentTree({ tree }: { tree: SubagentNode[] }) {
+  const { t } = useI18n()
   const flat = useMemo(() => flatten(tree), [tree])
   const groups = useMemo(() => groupDelegations(tree), [tree])
   const [nowMs, setNowMs] = useState(() => Date.now())
@@ -210,21 +213,19 @@ function SubagentTree({ tree }: { tree: SubagentNode[] }) {
     return (
       <div className="grid place-items-center gap-3 py-12 text-center">
         <Sparkles className="size-6 text-muted-foreground/60" />
-        <p className="text-sm font-medium text-foreground/90">No live subagents</p>
-        <p className="max-w-md text-xs leading-relaxed text-muted-foreground/75">
-          When a turn delegates work, child agents stream their progress here.
-        </p>
+        <p className="text-sm font-medium text-foreground/90">{t.agents.emptyTitle}</p>
+        <p className="max-w-md text-xs leading-relaxed text-muted-foreground/75">{t.agents.emptyDesc}</p>
       </div>
     )
   }
 
   const summary = [
-    `${flat.length} ${flat.length === 1 ? 'agent' : 'agents'}`,
-    active > 0 ? `${active} active` : '',
-    failed > 0 ? `${failed} failed` : '',
-    tools > 0 ? `${tools} tools` : '',
-    files > 0 ? `${files} files` : '',
-    tokens > 0 ? fmtTokens(tokens) : '',
+    t.agents.agentsCount(flat.length),
+    active > 0 ? t.agents.activeCount(active) : '',
+    failed > 0 ? t.agents.failedCount(failed) : '',
+    tools > 0 ? t.agents.toolsCount(tools) : '',
+    files > 0 ? t.agents.filesCount(files) : '',
+    tokens > 0 ? fmtTokens(tokens, t.agents) : '',
     cost > 0 ? `$${cost.toFixed(2)}` : ''
   ].filter(Boolean)
 
@@ -243,6 +244,8 @@ function SubagentTree({ tree }: { tree: SubagentNode[] }) {
 }
 
 function DelegationGroup({ group, nowMs }: { group: RootGroup; nowMs: number }) {
+  const { t } = useI18n()
+
   if (group.nodes.length === 1 && group.taskCount <= 1) {
     return <SubagentRow node={group.nodes[0]!} nowMs={nowMs} />
   }
@@ -252,8 +255,9 @@ function DelegationGroup({ group, nowMs }: { group: RootGroup; nowMs: number })
   return (
     <section className="grid min-w-0 gap-3">
       <p className="text-[0.66rem] font-medium uppercase tracking-wider text-muted-foreground/70">
-        {group.label} <span className="text-muted-foreground/50">·</span> {group.nodes.length} workers
-        {activeWorkers > 0 ? <span className="text-primary/85"> · {activeWorkers} active</span> : null}
+        {group.delegationIndex > 0 ? t.agents.delegation(group.delegationIndex) : ''}{' '}
+        <span className="text-muted-foreground/50">·</span> {t.agents.workers(group.nodes.length)}
+        {activeWorkers > 0 ? <span className="text-primary/85"> · {t.agents.workersActive(activeWorkers)}</span> : null}
       </p>
       <div className="grid min-w-0 gap-4">
         {group.nodes.map(node => (
@@ -275,6 +279,7 @@ function StreamLine({
   parentRunning: boolean
   rowKey: string
 }) {
+  const { t } = useI18n()
   const enterRef = useEnterAnimation(parentRunning, `subagent-stream:${rowKey}`)
   const isMono = entry.kind === 'tool'
   const tone = entry.isError ? 'text-destructive' : STREAM_TONE[entry.kind]
@@ -286,7 +291,7 @@ function StreamLine({
         {entry.text}
         {active ? (
           <BrailleSpinner
-            ariaLabel="Streaming"
+            ariaLabel={t.agents.streaming}
             className="ml-1 inline-block size-2.5 align-middle text-muted-foreground/70"
             spinner="breathe"
           />
@@ -297,6 +302,7 @@ function StreamLine({
 }
 
 function SubagentRow({ node, depth = 0, nowMs }: { node: SubagentNode; depth?: number; nowMs: number }) {
+  const { t } = useI18n()
   const running = node.status === 'running' || node.status === 'queued'
   const elapsed = useElapsedSeconds(running, `subagent:${node.id}`)
 
@@ -317,10 +323,10 @@ function SubagentRow({ node, depth = 0, nowMs }: { node: SubagentNode; depth?: n
 
   const subtitle = [
     node.model,
-    fmtDuration(durationSeconds),
-    node.toolCount ? `${node.toolCount} tools` : '',
-    fmtTokens((node.inputTokens ?? 0) + (node.outputTokens ?? 0)),
-    `updated ${fmtAge(node.updatedAt, nowMs)}`
+    fmtDuration(durationSeconds, t.agents),
+    node.toolCount ? t.agents.toolsCount(node.toolCount) : '',
+    fmtTokens((node.inputTokens ?? 0) + (node.outputTokens ?? 0), t.agents),
+    t.agents.updatedAgo(fmtAge(node.updatedAt, nowMs, t.agents))
   ].filter(Boolean)
 
   return (
@@ -331,7 +337,7 @@ function SubagentRow({ node, depth = 0, nowMs }: { node: SubagentNode; depth?: n
         onClick={() => setOpen(v => !v)}
         type="button"
       >
-        <span className="mt-0.5 flex h-[1.1rem] shrink-0 items-center">{statusGlyph(node.status)}</span>
+        <span className="mt-0.5 flex h-[1.1rem] shrink-0 items-center">{statusGlyph(node.status, t.agents)}</span>
         <span className="flex min-w-0 flex-1 flex-col gap-0.5">
           <span
             className={cn(
@@ -366,7 +372,7 @@ function SubagentRow({ node, depth = 0, nowMs }: { node: SubagentNode; depth?: n
 
       {open && fileLines.length > 0 ? (
         <div className="grid min-w-0 gap-0.5 pl-6">
-          <p className="text-[0.58rem] font-medium tracking-wider text-muted-foreground/60 uppercase">Files</p>
+          <p className="text-[0.58rem] font-medium tracking-wider text-muted-foreground/60 uppercase">{t.agents.files}</p>
           {fileLines.slice(0, 8).map(line => (
             <p className="wrap-break-word font-mono text-[0.67rem] leading-relaxed text-muted-foreground/80" key={line}>
               {line}
@@ -374,7 +380,7 @@ function SubagentRow({ node, depth = 0, nowMs }: { node: SubagentNode; depth?: n
           ))}
           {fileLines.length > 8 ? (
             <p className="font-mono text-[0.67rem] leading-relaxed text-muted-foreground/65">
-              +{fileLines.length - 8} more files
+              {t.agents.moreFiles(fileLines.length - 8)}
             </p>
           ) : null}
         </div>

apps/desktop/src/app/artifacts/index.tsx

@@ -5,6 +5,7 @@ import { useNavigate } from 'react-router-dom'
 import { ZoomableImage } from '@/components/chat/zoomable-image'
 import { PageLoader } from '@/components/page-loader'
 import { Button } from '@/components/ui/button'
+import { Codicon } from '@/components/ui/codicon'
 import { CopyButton } from '@/components/ui/copy-button'
 import {
   Pagination,
@@ -16,7 +17,9 @@ import {
   PaginationPrevious
 } from '@/components/ui/pagination'
 import { TextTab, TextTabMeta } from '@/components/ui/text-tab'
+import { Tip } from '@/components/ui/tooltip'
 import { getSessionMessages, listSessions } from '@/hermes'
+import { type Translations, useI18n } from '@/i18n'
 import { sessionTitle } from '@/lib/chat-runtime'
 import { ExternalLink, ExternalLinkIcon, hostPathLabel, urlSlugTitleLabel, useLinkTitle } from '@/lib/external-link'
 import { FileImage, FileText, FolderOpen, Link2 } from '@/lib/icons'
@@ -310,15 +313,15 @@ function formatArtifactTime(timestamp: number): string {
   return ARTIFACT_TIME_FMT.format(new Date(timestamp))
 }
 
-function pageRangeLabel(total: number, page: number, pageSize: number): string {
+function pageRangeLabel(total: number, page: number, pageSize: number, a: Translations['artifacts']): string {
   if (total === 0) {
-    return '0'
+    return a.zero
   }
 
   const start = (page - 1) * pageSize + 1
   const end = Math.min(total, page * pageSize)
 
-  return `${start}-${end} of ${total}`
+  return a.rangeOf(start, end, total)
 }
 
 function paginationItems(page: number, pageCount: number): Array<number | 'ellipsis'> {
@@ -355,21 +358,25 @@ type CellCtx = {
 interface ArtifactColumn {
   Cell: (props: { artifact: ArtifactRecord; ctx: CellCtx }) => React.ReactElement
   bodyClassName: string
-  header: (filter: ArtifactFilter) => string
+  header: (filter: ArtifactFilter, a: Translations['artifacts']) => string
   id: 'location' | 'primary' | 'session'
   width: (filter: ArtifactFilter) => string
 }
 
-const itemsLabel = (f: ArtifactFilter) => (f === 'link' ? 'links' : f === 'file' ? 'files' : 'items')
+const itemsLabel = (f: ArtifactFilter, a: Translations['artifacts']) =>
+  f === 'link' ? a.itemsLink : f === 'file' ? a.itemsFile : a.itemsGeneric
 
 interface ArtifactsViewProps extends React.ComponentProps<'section'> {
   setStatusbarItemGroup?: SetStatusbarItemGroup
 }
 
 export function ArtifactsView({ setStatusbarItemGroup: _setStatusbarItemGroup, ...props }: ArtifactsViewProps) {
+  const { t } = useI18n()
+  const a = t.artifacts
   const navigate = useNavigate()
   const [artifacts, setArtifacts] = useState<ArtifactRecord[] | null>(null)
   const [query, setQuery] = useState('')
+  const [refreshing, setRefreshing] = useState(false)
 
   const [kindFilter, setKindFilter] = useRouteEnumParam('tab', ARTIFACT_FILTERS, 'all')
 
@@ -378,6 +385,8 @@ export function ArtifactsView({ setStatusbarItemGroup: _setStatusbarItemGroup, .
   const [filePage, setFilePage] = useState(1)
 
   const refreshArtifacts = useCallback(async () => {
+    setRefreshing(true)
+
     try {
       const sessions = (await listSessions(30, 1)).sessions
       const results = await Promise.allSettled(sessions.map(session => getSessionMessages(session.id)))
@@ -392,12 +401,14 @@ export function ArtifactsView({ setStatusbarItemGroup: _setStatusbarItemGroup, .
         nextArtifacts.push(...collectArtifactsForSession(session, result.value.messages))
       })
 
-      setArtifacts(nextArtifacts.sort((a, b) => b.timestamp - a.timestamp))
+      setArtifacts(nextArtifacts.sort((left, right) => right.timestamp - left.timestamp))
     } catch (err) {
-      notifyError(err, 'Artifacts failed to load')
+      notifyError(err, a.failedLoad)
       setArtifacts([])
+    } finally {
+      setRefreshing(false)
     }
-  }, [])
+  }, [a])
 
   useRefreshHotkey(refreshArtifacts)
 
@@ -478,9 +489,9 @@ export function ArtifactsView({ setStatusbarItemGroup: _setStatusbarItemGroup, .
         window.open(href, '_blank', 'noopener,noreferrer')
       }
     } catch (err) {
-      notifyError(err, 'Open failed')
+      notifyError(err, a.openFailed)
     }
-  }, [])
+  }, [a])
 
   const markImageFailed = useCallback((id: string) => {
     setFailedImageIds(current => {
@@ -502,34 +513,46 @@ export function ArtifactsView({ setStatusbarItemGroup: _setStatusbarItemGroup, .
       {...props}
       onSearchChange={setQuery}
       searchHidden={counts.all === 0}
-      searchPlaceholder="Search artifacts..."
+      searchPlaceholder={a.search}
+      searchTrailingAction={
+        <Button
+          aria-label={refreshing ? a.refreshing : a.refresh}
+          className="text-(--ui-text-tertiary) hover:bg-transparent hover:text-foreground"
+          disabled={refreshing}
+          onClick={() => void refreshArtifacts()}
+          size="icon-xs"
+          title={refreshing ? a.refreshing : a.refresh}
+          type="button"
+          variant="ghost"
+        >
+          <Codicon name="refresh" size="0.875rem" spinning={refreshing} />
+        </Button>
+      }
       searchValue={query}
       tabs={
         <>
           <TextTab active={kindFilter === 'all'} onClick={() => setKindFilter('all')}>
-            All <TextTabMeta>({counts.all})</TextTabMeta>
+            {a.tabAll} <TextTabMeta>({counts.all})</TextTabMeta>
           </TextTab>
           <TextTab active={kindFilter === 'image'} onClick={() => setKindFilter('image')}>
-            Images <TextTabMeta>({counts.image})</TextTabMeta>
+            {a.tabImages} <TextTabMeta>({counts.image})</TextTabMeta>
           </TextTab>
           <TextTab active={kindFilter === 'file'} onClick={() => setKindFilter('file')}>
-            Files <TextTabMeta>({counts.file})</TextTabMeta>
+            {a.tabFiles} <TextTabMeta>({counts.file})</TextTabMeta>
           </TextTab>
           <TextTab active={kindFilter === 'link'} onClick={() => setKindFilter('link')}>
-            Links <TextTabMeta>({counts.link})</TextTabMeta>
+            {a.tabLinks} <TextTabMeta>({counts.link})</TextTabMeta>
           </TextTab>
         </>
       }
     >
       {!artifacts ? (
-        <PageLoader label="Indexing recent session artifacts" />
+        <PageLoader label={a.indexing} />
       ) : visibleArtifacts.length === 0 ? (
         <div className="grid h-full place-items-center px-6 text-center">
           <div>
-            <div className="text-sm font-medium">No artifacts found</div>
-            <div className="mt-1 text-xs text-muted-foreground">
-              Generated images and file outputs will appear here as sessions produce them.
-            </div>
+            <div className="text-sm font-medium">{a.noArtifactsTitle}</div>
+            <div className="mt-1 text-xs text-muted-foreground">{a.noArtifactsDesc}</div>
           </div>
         </div>
       ) : (
@@ -546,7 +569,7 @@ export function ArtifactsView({ setStatusbarItemGroup: _setStatusbarItemGroup, .
                 >
                   <ArtifactsPagination
                     className="ml-auto justify-end px-0"
-                    itemLabel="images"
+                    itemLabel={a.itemsImage}
                     onPageChange={setImagePage}
                     page={currentImagePage}
                     pageSize={24}
@@ -578,7 +601,7 @@ export function ArtifactsView({ setStatusbarItemGroup: _setStatusbarItemGroup, .
                 >
                   <ArtifactsPagination
                     className="ml-auto justify-end px-0"
-                    itemLabel={itemsLabel(kindFilter)}
+                    itemLabel={itemsLabel(kindFilter, a)}
                     onPageChange={setFilePage}
                     page={currentFilePage}
                     pageSize={100}
@@ -607,12 +630,14 @@ interface ArtifactsPaginationProps {
 }
 
 function ArtifactsPagination({ className, itemLabel, onPageChange, page, pageSize, total }: ArtifactsPaginationProps) {
+  const { t } = useI18n()
+  const a = t.artifacts
   const pageCount = Math.max(1, Math.ceil(total / pageSize))
 
   return (
     <div className={cn('flex h-6 items-center justify-between gap-2 px-1', className)}>
       <div className="shrink-0 text-[0.62rem] text-muted-foreground">
-        {pageRangeLabel(total, page, pageSize)} {itemLabel}
+        {pageRangeLabel(total, page, pageSize, a)} {itemLabel}
       </div>
       {pageCount > 1 && (
         <Pagination className="mx-0 w-auto min-w-0 justify-end">
@@ -626,7 +651,7 @@ function ArtifactsPagination({ className, itemLabel, onPageChange, page, pageSiz
                   <PaginationEllipsis />
                 ) : (
                   <PaginationButton
-                    aria-label={`Go to ${itemLabel} page ${item}`}
+                    aria-label={a.goToPage(itemLabel, item)}
                     isActive={page === item}
                     onClick={() => onPageChange(item)}
                   >
@@ -656,6 +681,10 @@ interface ArtifactImageCardProps {
 }
 
 function ArtifactImageCard({ artifact, failedImage, onImageError, onOpenChat }: ArtifactImageCardProps) {
+  const { t } = useI18n()
+  const a = t.artifacts
+  const kindLabel = artifact.kind === 'image' ? a.kindImage : artifact.kind === 'file' ? a.kindFile : a.kindLink
+
   return (
     <article className="group/artifact overflow-hidden rounded-lg border border-(--ui-stroke-tertiary) bg-(--ui-chat-bubble-background)">
       <div
@@ -682,7 +711,7 @@ function ArtifactImageCard({ artifact, failedImage, onImageError, onOpenChat }:
         <div className="min-w-0">
           <div className="mb-0.5 flex items-center gap-1 text-[0.625rem] uppercase tracking-[0.08em] text-(--ui-text-tertiary)">
             <FileImage className="size-3" />
-            {artifact.kind}
+            {kindLabel}
           </div>
           <div className="truncate text-[length:var(--conversation-caption-font-size)] font-medium">
             {artifact.label}
@@ -697,7 +726,7 @@ function ArtifactImageCard({ artifact, failedImage, onImageError, onOpenChat }:
         <div className="flex flex-wrap gap-1.5">
           <Button onClick={() => onOpenChat(artifact.sessionId)} size="xs" type="button" variant="textStrong">
             <FolderOpen className="size-3" />
-            Chat
+            {a.chat}
           </Button>
         </div>
       </div>
@@ -736,7 +765,6 @@ function ArtifactCellAction({
     <button
       className="flex h-full w-full min-w-0 items-center gap-2 px-2.5 py-1.5 text-left text-[length:var(--conversation-caption-font-size)] leading-(--conversation-caption-line-height) font-normal text-(--ui-text-secondary) no-underline underline-offset-4 decoration-current/20 transition-colors hover:text-foreground hover:underline"
       onClick={onClick}
-      title={title}
       type="button"
     >
       {children}
@@ -768,21 +796,23 @@ function PrimaryCell({ artifact, ctx }: { artifact: ArtifactRecord; ctx: CellCtx
 }
 
 function LocationCell({ artifact }: { artifact: ArtifactRecord; ctx: CellCtx }) {
+  const { t } = useI18n()
   const isLink = artifact.kind === 'link'
   const value = isLink ? hostPathLabel(artifact.value) : artifact.value
-  const copyLabel = isLink ? 'Copy URL' : 'Copy path'
+  const copyLabel = isLink ? t.artifacts.copyUrl : t.artifacts.copyPath
 
   return (
     <div className="group/location flex min-w-0 items-center gap-1.5">
-      <div
-        className={cn(
-          'min-w-0 flex-1 truncate text-[length:var(--conversation-caption-font-size)] text-(--ui-text-tertiary)',
-          isLink ? 'font-normal' : 'font-mono'
-        )}
-        title={artifact.value}
-      >
-        {value}
-      </div>
+      <Tip label={artifact.value}>
+        <div
+          className={cn(
+            'min-w-0 flex-1 truncate text-[length:var(--conversation-caption-font-size)] text-(--ui-text-tertiary)',
+            isLink ? 'font-normal' : 'font-mono'
+          )}
+        >
+          {value}
+        </div>
+      </Tip>
       <CopyButton
         appearance="icon"
         buttonSize="icon-xs"
@@ -813,21 +843,22 @@ const ARTIFACT_COLUMNS: readonly ArtifactColumn[] = [
   {
     Cell: PrimaryCell,
     bodyClassName: 'p-0',
-    header: filter => (filter === 'link' ? 'Link title' : filter === 'file' ? 'Name' : 'Title / name'),
+    header: (filter, a) => (filter === 'link' ? a.colTitleLink : filter === 'file' ? a.colTitleFile : a.colTitleDefault),
     id: 'primary',
     width: filter => (filter === 'link' ? 'w-[50%]' : 'w-[35%]')
   },
   {
     Cell: LocationCell,
     bodyClassName: 'px-2.5 py-1.5',
-    header: filter => (filter === 'link' ? 'URL' : filter === 'file' ? 'Path' : 'Location'),
+    header: (filter, a) =>
+      filter === 'link' ? a.colLocationLink : filter === 'file' ? a.colLocationFile : a.colLocationDefault,
     id: 'location',
     width: filter => (filter === 'link' ? 'w-[30%]' : 'w-[41%]')
   },
   {
     Cell: SessionCell,
     bodyClassName: 'p-0',
-    header: () => 'Session',
+    header: (_filter, a) => a.colSession,
     id: 'session',
     width: filter => (filter === 'link' ? 'w-[20%]' : 'w-[24%]')
   }
@@ -842,13 +873,15 @@ function ArtifactTable({
   ctx: CellCtx
   filter: ArtifactFilter
 }) {
+  const { t } = useI18n()
+
   return (
     <table className="w-full min-w-176 table-fixed text-left text-[length:var(--conversation-caption-font-size)]">
       <thead className="border-b border-(--ui-stroke-tertiary) bg-(--ui-bg-quinary) text-[0.625rem] uppercase tracking-[0.08em] text-(--ui-text-tertiary)">
         <tr>
           {ARTIFACT_COLUMNS.map(col => (
             <th className={cn(col.width(filter), 'px-2.5 py-1.5 font-medium')} key={col.id}>
-              {col.header(filter)}
+              {col.header(filter, t.artifacts)}
             </th>
           ))}
         </tr>

apps/desktop/src/app/chat/chat-drop-overlay.tsx

@@ -1,26 +1,43 @@
+import { useRef } from 'react'
+
+import type { DragKind } from '@/app/chat/hooks/use-file-drop-zone'
 import { Codicon } from '@/components/ui/codicon'
 import { cn } from '@/lib/utils'
 
+const COPY: Record<'files' | 'session', { icon: string; label: string }> = {
+  files: { icon: 'cloud-upload', label: 'Drop files to attach' },
+  session: { icon: 'comment-discussion', label: 'Drop to link this chat' }
+}
+
 /**
- * Full-bleed affordance shown while files are dragged over the chat area. Always
- * `pointer-events-none` so the drop lands on the real element underneath and the
- * drop-zone handler claims it — the overlay is purely visual. Mirrors the
- * composer surface so the two read as one family.
+ * Full-bleed affordance shown while files or a session are dragged over the chat
+ * area. Always `pointer-events-none` so the drop lands on the real element
+ * underneath and the drop-zone handler claims it — the overlay is purely visual.
+ * Copy adapts to whatever is being dragged; the last kind is held through the
+ * fade-out so the label doesn't blank.
  */
-export function ChatDropOverlay({ active }: { active: boolean }) {
+export function ChatDropOverlay({ kind }: { kind: DragKind }) {
+  const lastKind = useRef<'files' | 'session'>('files')
+
+  if (kind) {
+    lastKind.current = kind
+  }
+
+  const { icon, label } = COPY[kind ?? lastKind.current]
+
   return (
     <div
       aria-hidden
       className={cn(
         'pointer-events-none absolute inset-0 z-40 flex items-center justify-center p-4 transition-opacity duration-150 ease-out',
-        active ? 'opacity-100' : 'opacity-0'
+        kind ? 'opacity-100' : 'opacity-0'
       )}
       data-slot="chat-drop-overlay"
     >
       <div className="absolute inset-2 rounded-2xl border-2 border-dashed border-[color-mix(in_srgb,var(--dt-composer-ring)_55%,transparent)] bg-[color-mix(in_srgb,var(--dt-card)_55%,transparent)] backdrop-blur-[2px] [-webkit-backdrop-filter:blur(2px)]" />
       <div className="relative flex items-center gap-2 rounded-full border border-[color-mix(in_srgb,var(--dt-composer-ring)_45%,transparent)] bg-[color-mix(in_srgb,var(--dt-card)_92%,transparent)] px-4 py-2 text-[0.8125rem] font-medium text-foreground shadow-composer">
-        <Codicon className="text-(--ui-accent)" name="cloud-upload" size="1rem" />
-        Drop files to attach
+        <Codicon className="text-(--ui-accent)" name={icon} size="1rem" />
+        {label}
       </div>
     </div>
   )

apps/desktop/src/app/chat/chat-swap-overlay.tsx

@@ -0,0 +1,45 @@
+import { useEffect, useState } from 'react'
+
+import { cn } from '@/lib/utils'
+
+// Braille spinner frames — reads as a tiny ASCII loader in monospace.
+const FRAMES = ['⠋', '⠙', '⠹', '⠸', '⠼', '⠴', '⠦', '⠧', '⠇', '⠏']
+
+// Shown over the conversation while the live gateway swaps to another profile's
+// backend (lazily spawned). Keeps the last profile name through the fade-out so
+// the label doesn't blank. Purely visual — pointer-events-none.
+export function ChatSwapOverlay({ profile }: { profile: string | null }) {
+  const [frame, setFrame] = useState(0)
+  const [label, setLabel] = useState<null | string>(profile)
+
+  useEffect(() => {
+    if (profile) {
+      setLabel(profile)
+    }
+  }, [profile])
+
+  useEffect(() => {
+    if (!profile) {
+      return
+    }
+
+    const id = window.setInterval(() => setFrame(value => (value + 1) % FRAMES.length), 80)
+
+    return () => window.clearInterval(id)
+  }, [profile])
+
+  return (
+    <div
+      aria-hidden
+      className={cn(
+        'pointer-events-none absolute inset-0 z-50 flex items-center justify-center transition-opacity duration-150 ease-out',
+        profile ? 'opacity-100' : 'opacity-0'
+      )}
+    >
+      <div className="flex items-center gap-2 bg-[color-mix(in_srgb,var(--dt-card)_92%,transparent)] px-4 py-2 font-mono text-[0.8125rem] text-foreground shadow-composer">
+        <span className="w-3 text-(--ui-accent)">{FRAMES[frame]}</span>
+        Waking up {label}…
+      </div>
+    </div>
+  )
+}

apps/desktop/src/app/chat/composer/attachments.tsx

@@ -1,6 +1,8 @@
 import { useStore } from '@nanostores/react'
 
 import { Codicon } from '@/components/ui/codicon'
+import { Tip } from '@/components/ui/tooltip'
+import { useI18n } from '@/i18n'
 import { FileText, FolderOpen, ImageIcon, Link, Terminal } from '@/lib/icons'
 import { normalizeOrLocalPreviewTarget } from '@/lib/local-preview'
 import type { ComposerAttachment } from '@/store/composer'
@@ -25,6 +27,8 @@ export function AttachmentList({
 }
 
 function AttachmentPill({ attachment, onRemove }: { attachment: ComposerAttachment; onRemove?: (id: string) => void }) {
+  const { t } = useI18n()
+  const c = t.composer
   const Icon = { folder: FolderOpen, url: Link, image: ImageIcon, file: FileText, terminal: Terminal }[attachment.kind]
   const cwd = useStore($currentCwd)
   const canPreview = attachment.kind !== 'folder' && attachment.kind !== 'terminal'
@@ -52,59 +56,59 @@ function AttachmentPill({ attachment, onRemove }: { attachment: ComposerAttachme
       const preview = await normalizeOrLocalPreviewTarget(target, cwd || undefined)
 
       if (!preview) {
-        throw new Error(`Could not preview ${attachment.label}`)
+        throw new Error(c.couldNotPreview(attachment.label))
       }
 
       setCurrentSessionPreviewTarget(preview, 'manual', target)
     } catch (error) {
-      notifyError(error, 'Preview unavailable')
+      notifyError(error, c.previewUnavailable)
     }
   }
 
   return (
-    <div
-      className="group/attachment relative min-w-0 shrink-0"
-      title={attachment.path || attachment.detail || attachment.label}
-    >
-      <button
-        aria-label={canPreview ? `Preview ${attachment.label}` : attachment.label}
-        className="flex max-w-56 items-center gap-2 border border-border/60 bg-background/50 px-2 py-1.5 text-left shadow-[inset_0_1px_0_rgba(255,255,255,0.25)] transition-colors hover:border-primary/35 hover:bg-accent/45 disabled:cursor-default"
-        disabled={!canPreview}
-        onClick={() => void openPreview()}
-        title={canPreview ? `Preview ${attachment.label}` : attachment.label}
-        type="button"
-      >
-        {attachment.previewUrl && attachment.kind === 'image' ? (
-          <img
-            alt={attachment.label}
-            className="size-8 shrink-0 border border-border/70 object-cover"
-            draggable={false}
-            src={attachment.previewUrl}
-          />
-        ) : (
-          <span className="grid size-8 shrink-0 place-items-center border border-border/55 bg-muted/35 text-muted-foreground">
-            <Icon className="size-3.5" />
-          </span>
-        )}
-        <span className="min-w-0">
-          <span className="block truncate text-[0.72rem] font-medium leading-4 text-foreground/90">
-            {attachment.label}
-          </span>
-          {detail && (
-            <span className="block truncate font-mono text-[0.6rem] leading-3 text-muted-foreground/65">{detail}</span>
-          )}
-        </span>
-      </button>
-      {onRemove && (
+    <Tip label={attachment.path || attachment.detail || attachment.label}>
+      <div className="group/attachment relative min-w-0 shrink-0">
         <button
-          aria-label={`Remove ${attachment.label}`}
-          className="absolute -right-1 -top-1 grid size-3.5 place-items-center rounded-full border border-border/70 bg-background text-muted-foreground opacity-0 shadow-xs transition hover:bg-accent hover:text-foreground group-hover/attachment:opacity-100 focus-visible:opacity-100"
-          onClick={() => onRemove(attachment.id)}
+          aria-label={canPreview ? c.previewLabel(attachment.label) : attachment.label}
+          className="flex max-w-56 items-center gap-2 border border-border/60 bg-background/50 px-2 py-1.5 text-left shadow-[inset_0_1px_0_rgba(255,255,255,0.25)] transition-colors hover:border-primary/35 hover:bg-accent/45 disabled:cursor-default"
+          disabled={!canPreview}
+          onClick={() => void openPreview()}
           type="button"
         >
-          <Codicon name="close" size="0.625rem" />
+          {attachment.previewUrl && attachment.kind === 'image' ? (
+            <img
+              alt={attachment.label}
+              className="size-8 shrink-0 border border-border/70 object-cover"
+              draggable={false}
+              src={attachment.previewUrl}
+            />
+          ) : (
+            <span className="grid size-8 shrink-0 place-items-center border border-border/55 bg-muted/35 text-muted-foreground">
+              <Icon className="size-3.5" />
+            </span>
+          )}
+          <span className="min-w-0">
+            <span className="block truncate text-[0.72rem] font-medium leading-4 text-foreground/90">
+              {attachment.label}
+            </span>
+            {detail && (
+              <span className="block truncate font-mono text-[0.6rem] leading-3 text-muted-foreground/65">
+                {detail}
+              </span>
+            )}
+          </span>
         </button>
-      )}
-    </div>
+        {onRemove && (
+          <button
+            aria-label={c.removeAttachment(attachment.label)}
+            className="absolute -right-1 -top-1 grid size-3.5 place-items-center rounded-full border border-border/70 bg-background text-muted-foreground opacity-0 shadow-xs transition hover:bg-accent hover:text-foreground group-hover/attachment:opacity-100 focus-visible:opacity-100"
+            onClick={() => onRemove(attachment.id)}
+            type="button"
+          >
+            <Codicon name="close" size="0.625rem" />
+          </button>
+        )}
+      </div>
+    </Tip>
   )
 }

apps/desktop/src/app/chat/composer/context-menu.tsx

@@ -2,13 +2,7 @@ import { useState } from 'react'
 
 import { Button } from '@/components/ui/button'
 import { Codicon } from '@/components/ui/codicon'
-import {
-  Dialog,
-  DialogContent,
-  DialogDescription,
-  DialogHeader,
-  DialogTitle
-} from '@/components/ui/dialog'
+import { Dialog, DialogContent, DialogDescription, DialogHeader, DialogTitle } from '@/components/ui/dialog'
 import {
   DropdownMenu,
   DropdownMenuContent,
@@ -17,29 +11,14 @@ import {
   DropdownMenuSeparator,
   DropdownMenuTrigger
 } from '@/components/ui/dropdown-menu'
+import { useI18n } from '@/i18n'
 import { Clipboard, FileText, FolderOpen, type IconComponent, ImageIcon, Link, MessageSquareText } from '@/lib/icons'
 import { cn } from '@/lib/utils'
 
 import { GHOST_ICON_BTN } from './controls'
 import type { ChatBarState } from './types'
 
-const PROMPT_SNIPPETS: readonly PromptSnippet[] = [
-  {
-    description: 'Audit the current change for regressions, dropped edge cases, and missing tests.',
-    label: 'Code review',
-    text: 'Please review this for bugs, regressions, and missing tests.'
-  },
-  {
-    description: 'Outline an approach before touching code so the diff stays focused.',
-    label: 'Implementation plan',
-    text: 'Please make a concise implementation plan before changing code.'
-  },
-  {
-    description: 'Walk through how the selected code works and link to the key files.',
-    label: 'Explain this',
-    text: 'Please explain how this works and point me to the key files.'
-  }
-]
+const SNIPPET_KEYS = ['codeReview', 'implementationPlan', 'explainThis']
 
 export function ContextMenu({
   state,
@@ -50,6 +29,8 @@ export function ContextMenu({
   onPickFolders,
   onPickImages
 }: ContextMenuProps) {
+  const { t } = useI18n()
+  const c = t.composer
   // Prompt snippets used to be a Radix submenu. That submenu didn't open
   // reliably when the parent menu was positioned at the bottom of the
   // window (composer "+" anchor), so we promoted it to a real Dialog —
@@ -77,95 +58,88 @@ export function ContextMenu({
         </DropdownMenuTrigger>
         <DropdownMenuContent align="start" className="w-60" side="top" sideOffset={10}>
           <DropdownMenuLabel className="text-[0.7rem] font-medium uppercase tracking-wide text-muted-foreground/85">
-            Attach
+            {c.attachLabel}
           </DropdownMenuLabel>
           <ContextMenuItem disabled={!onPickFiles} icon={FileText} onSelect={onPickFiles}>
-            Files…
+            {c.files}
           </ContextMenuItem>
           <ContextMenuItem disabled={!onPickFolders} icon={FolderOpen} onSelect={onPickFolders}>
-            Folder…
+            {c.folder}
           </ContextMenuItem>
           <ContextMenuItem disabled={!onPickImages} icon={ImageIcon} onSelect={onPickImages}>
-            Images…
+            {c.images}
           </ContextMenuItem>
           <ContextMenuItem disabled={!onPasteClipboardImage} icon={Clipboard} onSelect={onPasteClipboardImage}>
-            Paste image
+            {c.pasteImage}
           </ContextMenuItem>
           <ContextMenuItem icon={Link} onSelect={onOpenUrlDialog}>
-            URL…
+            {c.url}
           </ContextMenuItem>
 
           <DropdownMenuSeparator />
 
           <ContextMenuItem icon={MessageSquareText} onSelect={() => setSnippetsOpen(true)}>
-            Prompt snippets…
+            {c.promptSnippets}
           </ContextMenuItem>
 
           <DropdownMenuSeparator />
 
           <div className="px-2 py-1 text-[0.7rem] text-muted-foreground/80">
-            Tip: type <kbd className="rounded bg-muted/70 px-1 py-px font-mono text-[0.65rem]">@</kbd> to reference files
-            inline.
+            {c.tipPre}
+            <kbd className="rounded bg-muted/70 px-1 py-px font-mono text-[0.65rem]">@</kbd>
+            {c.tipPost}
           </div>
         </DropdownMenuContent>
       </DropdownMenu>
 
-      <PromptSnippetsDialog
-        onInsertText={onInsertText}
-        onOpenChange={setSnippetsOpen}
-        open={snippetsOpen}
-        snippets={PROMPT_SNIPPETS}
-      />
+      <PromptSnippetsDialog onInsertText={onInsertText} onOpenChange={setSnippetsOpen} open={snippetsOpen} />
     </>
   )
 }
 
-function PromptSnippetsDialog({
-  onInsertText,
-  onOpenChange,
-  open,
-  snippets
-}: PromptSnippetsDialogProps) {
+function PromptSnippetsDialog({ onInsertText, onOpenChange, open }: PromptSnippetsDialogProps) {
+  const { t } = useI18n()
+  const c = t.composer
+
   return (
     <Dialog onOpenChange={onOpenChange} open={open}>
       <DialogContent className="max-w-md gap-3">
         <DialogHeader>
-          <DialogTitle>Prompt snippets</DialogTitle>
-          <DialogDescription>Pick a starter prompt to drop into the composer.</DialogDescription>
+          <DialogTitle>{c.snippetsTitle}</DialogTitle>
+          <DialogDescription>{c.snippetsDesc}</DialogDescription>
         </DialogHeader>
         <ul className="grid gap-1">
-          {snippets.map(snippet => (
-            <li key={snippet.label}>
-              <button
-                className="group/snippet flex w-full items-start gap-2.5 rounded-md border border-transparent px-2.5 py-2 text-left transition-colors hover:border-(--ui-stroke-tertiary) hover:bg-(--ui-control-hover-background) focus-visible:border-(--ui-stroke-tertiary) focus-visible:bg-(--ui-control-hover-background) focus-visible:outline-none"
-                onClick={() => {
-                  onInsertText(snippet.text)
-                  onOpenChange(false)
-                }}
-                type="button"
-              >
-                <MessageSquareText className="mt-0.5 size-3.5 shrink-0 text-(--ui-text-tertiary) group-hover/snippet:text-foreground" />
-                <span className="grid min-w-0 gap-0.5">
-                  <span className="text-sm font-medium text-foreground">{snippet.label}</span>
-                  <span className="text-[length:var(--conversation-caption-font-size)] text-(--ui-text-tertiary)">
-                    {snippet.description}
+          {SNIPPET_KEYS.map(key => {
+            const snippet = c.snippets[key]
+
+            return (
+              <li key={key}>
+                <button
+                  className="group/snippet flex w-full cursor-pointer items-start gap-2.5 rounded-md border border-transparent px-2.5 py-2 text-left transition-colors hover:border-(--ui-stroke-tertiary) hover:bg-(--ui-control-hover-background) focus-visible:border-(--ui-stroke-tertiary) focus-visible:bg-(--ui-control-hover-background) focus-visible:outline-none"
+                  onClick={() => {
+                    onInsertText(snippet.text)
+                    onOpenChange(false)
+                  }}
+                  type="button"
+                >
+                  <MessageSquareText className="mt-0.5 size-3.5 shrink-0 text-(--ui-text-tertiary) group-hover/snippet:text-foreground" />
+                  <span className="grid min-w-0 gap-0.5">
+                    <span className="text-sm font-medium text-foreground">{snippet.label}</span>
+                    <span className="text-[length:var(--conversation-caption-font-size)] text-(--ui-text-tertiary)">
+                      {snippet.description}
+                    </span>
                   </span>
-                </span>
-              </button>
-            </li>
-          ))}
+                </button>
+              </li>
+            )
+          })}
         </ul>
       </DialogContent>
     </Dialog>
   )
 }
 
-export function ContextMenuItem({
-  children,
-  disabled,
-  icon: Icon,
-  onSelect
-}: ContextMenuItemProps) {
+export function ContextMenuItem({ children, disabled, icon: Icon, onSelect }: ContextMenuItemProps) {
   return (
     <DropdownMenuItem disabled={disabled} onSelect={onSelect}>
       <Icon />
@@ -191,15 +165,8 @@ interface ContextMenuProps {
   state: ChatBarState
 }
 
-interface PromptSnippet {
-  description: string
-  label: string
-  text: string
-}
-
 interface PromptSnippetsDialogProps {
   onInsertText: (text: string) => void
   onOpenChange: (open: boolean) => void
   open: boolean
-  snippets: readonly PromptSnippet[]
 }

apps/desktop/src/app/chat/composer/controls.tsx

@@ -1,5 +1,7 @@
 import { Button } from '@/components/ui/button'
 import { Codicon } from '@/components/ui/codicon'
+import { Tip } from '@/components/ui/tooltip'
+import { useI18n } from '@/i18n'
 import { triggerHaptic } from '@/lib/haptics'
 import { AudioLines, Layers3, Loader2, Square } from '@/lib/icons'
 import { cn } from '@/lib/utils'
@@ -54,6 +56,9 @@ export function ComposerControls({
   voiceStatus: VoiceStatus
   onDictate: () => void
 }) {
+  const { t } = useI18n()
+  const c = t.composer
+
   if (conversation.active) {
     return <ConversationPill {...conversation} disabled={disabled} />
   }
@@ -64,38 +69,40 @@ export function ComposerControls({
     <div className="ml-auto flex shrink-0 items-center gap-(--composer-control-gap)">
       <DictationButton disabled={disabled} onToggle={onDictate} state={state.voice} status={voiceStatus} />
       {showVoicePrimary ? (
-        <Button
-          aria-label="Start voice conversation"
-          className={PRIMARY_ICON_BTN}
-          disabled={disabled}
-          onClick={() => {
-            triggerHaptic('open')
-            conversation.onStart()
-          }}
-          size="icon"
-          title="Start voice conversation"
-          type="button"
-        >
-          <AudioLines size={17} />
-        </Button>
+        <Tip label={c.startVoice}>
+          <Button
+            aria-label={c.startVoice}
+            className={PRIMARY_ICON_BTN}
+            disabled={disabled}
+            onClick={() => {
+              triggerHaptic('open')
+              conversation.onStart()
+            }}
+            size="icon"
+            type="button"
+          >
+            <AudioLines size={17} />
+          </Button>
+        </Tip>
       ) : (
-        <Button
-          aria-label={busy ? (busyAction === 'queue' ? 'Queue message' : 'Stop') : 'Send'}
-          className={PRIMARY_ICON_BTN}
-          disabled={disabled || !canSubmit}
-          title={busy ? (busyAction === 'queue' ? 'Queue message' : 'Stop') : 'Send'}
-          type="submit"
-        >
-          {busy ? (
-            busyAction === 'queue' ? (
-              <Layers3 size={16} />
+        <Tip label={busy ? (busyAction === 'queue' ? c.queueMessage : c.stop) : c.send}>
+          <Button
+            aria-label={busy ? (busyAction === 'queue' ? c.queueMessage : c.stop) : c.send}
+            className={PRIMARY_ICON_BTN}
+            disabled={disabled || !canSubmit}
+            type="submit"
+          >
+            {busy ? (
+              busyAction === 'queue' ? (
+                <Layers3 size={16} />
+              ) : (
+                <span className="block size-3 rounded-[0.1875rem] bg-current" />
+              )
             ) : (
-              <span className="block size-3 rounded-[0.1875rem] bg-current" />
-            )
-          ) : (
-            <Codicon name="arrow-up" size="1rem" />
-          )}
-        </Button>
+              <Codicon name="arrow-up" size="1rem" />
+            )}
+          </Button>
+        </Tip>
       )}
     </div>
   )
@@ -110,68 +117,71 @@ function ConversationPill({
   onToggleMute,
   status
 }: ConversationProps & { disabled: boolean }) {
+  const { t } = useI18n()
+  const c = t.composer
   const speaking = status === 'speaking'
   const listening = status === 'listening' && !muted
 
   const label =
     status === 'speaking'
-      ? 'Speaking'
+      ? c.speaking
       : status === 'transcribing'
-        ? 'Transcribing'
+        ? c.transcribing
         : status === 'thinking'
-          ? 'Thinking'
+          ? c.thinking
           : muted
-            ? 'Muted'
-            : 'Listening'
+            ? c.muted
+            : c.listening
 
   return (
     <div className="ml-auto flex shrink-0 items-center gap-(--composer-control-gap)">
-      <Button
-        aria-label={muted ? 'Unmute microphone' : 'Mute microphone'}
-        aria-pressed={muted}
-        className={cn(GHOST_ICON_BTN, 'p-0', muted && 'bg-muted text-muted-foreground')}
-        disabled={disabled}
-        onClick={() => {
-          triggerHaptic('selection')
-          onToggleMute()
-        }}
-        size="icon"
-        title={muted ? 'Unmute microphone' : 'Mute microphone'}
-        type="button"
-        variant="ghost"
-      >
-        <Codicon name={muted ? 'mic-off' : 'mic'} size="1rem" />
-      </Button>
+      <Tip label={muted ? c.unmuteMic : c.muteMic}>
+        <Button
+          aria-label={muted ? c.unmuteMic : c.muteMic}
+          aria-pressed={muted}
+          className={cn(GHOST_ICON_BTN, 'p-0', muted && 'bg-muted text-muted-foreground')}
+          disabled={disabled}
+          onClick={() => {
+            triggerHaptic('selection')
+            onToggleMute()
+          }}
+          size="icon"
+          type="button"
+          variant="ghost"
+        >
+          <Codicon name={muted ? 'mic-off' : 'mic'} size="1rem" />
+        </Button>
+      </Tip>
       {listening && (
         <Button
-          aria-label="Stop listening and send"
+          aria-label={c.stopListening}
           className="h-(--composer-control-size) shrink-0 gap-1.5 rounded-full px-2.5 text-xs text-muted-foreground hover:bg-accent hover:text-foreground"
           disabled={disabled}
           onClick={() => {
             triggerHaptic('submit')
             onStopTurn()
           }}
-          title="Stop listening and send"
+          title={c.stopListening}
           type="button"
           variant="ghost"
         >
           <Square className="fill-current" size={11} />
-          <span>Stop</span>
+          <span>{c.stopShort}</span>
         </Button>
       )}
       <Button
-        aria-label="End voice conversation"
+        aria-label={c.endConversation}
         className="h-(--composer-control-size) gap-1.5 rounded-full bg-primary px-3 text-xs font-medium text-primary-foreground hover:bg-primary/90"
         disabled={disabled}
         onClick={() => {
           triggerHaptic('close')
           onEnd()
         }}
-        title="End voice conversation"
+        title={c.endConversation}
         type="button"
       >
         <ConversationIndicator level={level} listening={listening} speaking={speaking} />
-        <span>End</span>
+        <span>{c.endShort}</span>
       </Button>
       <span className="sr-only" role="status">
         {label}
@@ -218,40 +228,43 @@ function DictationButton({
   status: VoiceStatus
   onToggle: () => void
 }) {
+  const { t } = useI18n()
+  const c = t.composer
   const active = state.active || status !== 'idle'
 
   const aria =
-    status === 'recording' ? 'Stop dictation' : status === 'transcribing' ? 'Transcribing dictation' : 'Voice dictation'
+    status === 'recording' ? c.stopDictation : status === 'transcribing' ? c.transcribingDictation : c.voiceDictation
 
   return (
-    <Button
-      aria-label={aria}
-      aria-pressed={active}
-      className={cn(
-        GHOST_ICON_BTN,
-        'p-0',
-        'data-[active=true]:bg-accent data-[active=true]:text-foreground',
-        status === 'recording' && 'bg-primary/10 text-primary hover:bg-primary/15 hover:text-primary',
-        status === 'transcribing' && 'bg-primary/10 text-primary'
-      )}
-      data-active={active}
-      disabled={disabled || !state.enabled || status === 'transcribing'}
-      onClick={() => {
-        triggerHaptic(active ? 'close' : 'open')
-        onToggle()
-      }}
-      size="icon"
-      title={aria}
-      type="button"
-      variant="ghost"
-    >
-      {status === 'recording' ? (
-        <Square className="fill-current" size={12} />
-      ) : status === 'transcribing' ? (
-        <Loader2 className="animate-spin" size={16} />
-      ) : (
-        <Codicon name="mic" size="1rem" />
-      )}
-    </Button>
+    <Tip label={aria}>
+      <Button
+        aria-label={aria}
+        aria-pressed={active}
+        className={cn(
+          GHOST_ICON_BTN,
+          'p-0',
+          'data-[active=true]:bg-accent data-[active=true]:text-foreground',
+          status === 'recording' && 'bg-primary/10 text-primary hover:bg-primary/15 hover:text-primary',
+          status === 'transcribing' && 'bg-primary/10 text-primary'
+        )}
+        data-active={active}
+        disabled={disabled || !state.enabled || status === 'transcribing'}
+        onClick={() => {
+          triggerHaptic(active ? 'close' : 'open')
+          onToggle()
+        }}
+        size="icon"
+        type="button"
+        variant="ghost"
+      >
+        {status === 'recording' ? (
+          <Square className="fill-current" size={12} />
+        ) : status === 'transcribing' ? (
+          <Loader2 className="animate-spin" size={16} />
+        ) : (
+          <Codicon name="mic" size="1rem" />
+        )}
+      </Button>
+    </Tip>
   )
 }

apps/desktop/src/app/chat/composer/focus.ts

@@ -10,6 +10,8 @@
  * steal focus from the composer effect.
  */
 
+import type { InlineRefInput } from './inline-refs'
+
 export type ComposerTarget = 'edit' | 'main'
 export type ComposerInsertMode = 'block' | 'inline'
 
@@ -23,8 +25,14 @@ interface InsertDetail {
   text: string
 }
 
+interface InsertRefsDetail {
+  refs: InlineRefInput[]
+  target: ComposerTarget
+}
+
 const FOCUS_EVENT = 'hermes:composer-focus'
 const INSERT_EVENT = 'hermes:composer-insert'
+const INSERT_REFS_EVENT = 'hermes:composer-insert-refs'
 
 let activeTarget: ComposerTarget = 'main'
 
@@ -82,6 +90,20 @@ export const onComposerFocusRequest = (handler: (target: ComposerTarget) => void
 export const onComposerInsertRequest = (handler: (detail: InsertDetail) => void) =>
   subscribe<InsertDetail>(INSERT_EVENT, handler)
 
+/** Insert typed ref chips (carrying a display label) into a composer — the
+ * structured cousin of {@link requestComposerInsert}, used for session links. */
+export const requestComposerInsertRefs = (
+  refs: InlineRefInput[],
+  { target = 'active' }: { target?: ComposerTarget | 'active' } = {}
+) => {
+  if (refs.length) {
+    dispatch<InsertRefsDetail>(INSERT_REFS_EVENT, { refs, target: resolve(target) })
+  }
+}
+
+export const onComposerInsertRefsRequest = (handler: (detail: InsertRefsDetail) => void) =>
+  subscribe<InsertRefsDetail>(INSERT_REFS_EVENT, handler)
+
 /**
  * Focus a composer input across React commit + browser focus restore.
  *

apps/desktop/src/app/chat/composer/help-hint.tsx

@@ -1,44 +1,32 @@
 import type { ReactNode } from 'react'
 
+import { useI18n } from '@/i18n'
+
 import { COMPLETION_DRAWER_CLASS } from './completion-drawer'
 
-const COMMON_COMMANDS: [string, string][] = [
-  ['/help', 'full list of commands + hotkeys'],
-  ['/clear', 'start a new session'],
-  ['/resume', 'resume a prior session'],
-  ['/details', 'control transcript detail level'],
-  ['/copy', 'copy selection or last assistant message'],
-  ['/quit', 'exit hermes']
-]
-
-const HOTKEYS: [string, string][] = [
-  ['@', 'reference files, folders, urls, git'],
-  ['/', 'slash command palette'],
-  ['?', 'this quick help (delete to dismiss)'],
-  ['Enter', 'send · Shift+Enter for newline'],
-  ['Cmd/Ctrl+K', 'send next queued turn'],
-  ['Cmd/Ctrl+L', 'redraw'],
-  ['Esc', 'close popover · cancel run'],
-  ['↑ / ↓', 'cycle popover / history']
-]
+const COMMON_COMMAND_KEYS = ['/help', '/clear', '/resume', '/details', '/copy', '/quit']
+const HOTKEY_KEYS = ['@', '/', '?', 'Enter', 'Cmd/Ctrl+K', 'Cmd/Ctrl+L', 'Esc', '↑ / ↓']
 
 export function HelpHint() {
+  const { t } = useI18n()
+  const c = t.composer
+
   return (
     <div className={COMPLETION_DRAWER_CLASS} data-slot="composer-completion-drawer" data-state="open" role="dialog">
-      <Section title="Common commands">
-        {COMMON_COMMANDS.map(([key, desc]) => (
-          <Row description={desc} key={key} keyLabel={key} mono />
+      <Section title={c.commonCommands}>
+        {COMMON_COMMAND_KEYS.map(key => (
+          <Row description={c.commandDescs[key] ?? ''} key={key} keyLabel={key} mono />
         ))}
       </Section>
 
-      <Section title="Hotkeys">
-        {HOTKEYS.map(([key, desc]) => (
-          <Row description={desc} key={key} keyLabel={key} />
+      <Section title={c.hotkeys}>
+        {HOTKEY_KEYS.map(key => (
+          <Row description={c.hotkeyDescs[key] ?? ''} key={key} keyLabel={key} />
         ))}
       </Section>
 
       <p className="px-2.5 py-1 text-xs text-muted-foreground/80">
-        <span className="font-mono text-foreground/80">/help</span> opens the full panel · backspace dismisses
+        <span className="font-mono text-foreground/80">/help</span> {c.helpFooter}
       </p>
     </div>
   )

apps/desktop/src/app/chat/composer/hooks/use-slash-completions.ts

@@ -16,6 +16,7 @@ interface SlashItemMetadata extends Record<string, string> {
   command: string
   display: string
   meta: string
+  rawText: string
 }
 
 function textValue(value: unknown, fallback = ''): string {
@@ -91,7 +92,13 @@ export function useSlashCompletions(options: { gateway: HermesGateway | null }):
     const metadata: SlashItemMetadata = {
       command,
       display,
-      meta
+      meta,
+      // Provide rawText so hermesDirectiveFormatter.serialize uses the
+      // direct-insertion path instead of the legacy @type:id fallback.
+      // Without this, the item.id (which includes a "|index" suffix for
+      // trigger-adapter uniqueness) leaks into the serialized chip text
+      // and the submitted command.
+      rawText: command
     }
 
     return {

apps/desktop/src/app/chat/composer/index.tsx

@@ -17,15 +17,13 @@ import { hermesDirectiveFormatter } from '@/components/assistant-ui/directive-te
 import { Button } from '@/components/ui/button'
 import { useMediaQuery } from '@/hooks/use-media-query'
 import { useResizeObserver } from '@/hooks/use-resize-observer'
+import { useI18n } from '@/i18n'
 import { chatMessageText } from '@/lib/chat-messages'
+import { SLASH_COMMAND_RE } from '@/lib/chat-runtime'
 import { DATA_IMAGE_URL_RE } from '@/lib/embedded-images'
 import { triggerHaptic } from '@/lib/haptics'
 import { cn } from '@/lib/utils'
-import {
-  $composerAttachments,
-  clearComposerAttachments,
-  type ComposerAttachment
-} from '@/store/composer'
+import { $composerAttachments, clearComposerAttachments, type ComposerAttachment } from '@/store/composer'
 import {
   $queuedPromptsBySession,
   enqueueQueuedPrompt,
@@ -48,6 +46,7 @@ import {
   focusComposerInput,
   markActiveComposer,
   onComposerFocusRequest,
+  onComposerInsertRefsRequest,
   onComposerInsertRequest
 } from './focus'
 import { HelpHint } from './help-hint'
@@ -55,7 +54,12 @@ import { useAtCompletions } from './hooks/use-at-completions'
 import { useSlashCompletions } from './hooks/use-slash-completions'
 import { useVoiceConversation } from './hooks/use-voice-conversation'
 import { useVoiceRecorder } from './hooks/use-voice-recorder'
-import { dragHasAttachments, droppedFileInlineRef, insertInlineRefsIntoEditor } from './inline-refs'
+import {
+  dragHasAttachments,
+  droppedFileInlineRef,
+  type InlineRefInput,
+  insertInlineRefsIntoEditor
+} from './inline-refs'
 import { QueuePanel } from './queue-panel'
 import {
   composerPlainText,
@@ -81,29 +85,6 @@ const COMPOSER_SINGLE_LINE_MAX_PX = 36
 const COMPOSER_FADE_BACKGROUND =
   'linear-gradient(to bottom, transparent, color-mix(in srgb, var(--dt-background) 10%, transparent))'
 
-// Resting composer placeholders. New sessions get open-ended starters; an
-// existing chat gets phrasings that read as a continuation of the thread.
-// One is picked at random per session (stable until the session changes).
-const NEW_SESSION_PLACEHOLDERS = [
-  'What are we building?',
-  'Give Hermes a task',
-  "What's on your mind?",
-  'Describe what you need',
-  'What should we tackle?',
-  'Ask anything',
-  'Start with a goal'
-]
-
-const FOLLOW_UP_PLACEHOLDERS = [
-  'Send a follow-up',
-  'Add more context',
-  'Refine the request',
-  "What's next?",
-  'Keep it going',
-  'Push it further',
-  'Adjust or continue'
-]
-
 const pickPlaceholder = (pool: readonly string[]) => pool[Math.floor(Math.random() * pool.length)]
 
 interface QueueEditState {
@@ -172,7 +153,7 @@ export function ChatBar({
   const [queueEdit, setQueueEdit] = useState<QueueEditState | null>(null)
   const [focusRequestId, setFocusRequestId] = useState(0)
   const dragDepthRef = useRef(0)
-  const composingRef = useRef(false)  // true during IME composition (CJK input)
+  const composingRef = useRef(false) // true during IME composition (CJK input)
   const lastSpokenIdRef = useRef<string | null>(null)
 
   const narrow = useMediaQuery('(max-width: 30rem)')
@@ -187,7 +168,10 @@ export function ChatBar({
   const busyAction = busy && hasComposerPayload ? 'queue' : 'stop'
   const showHelpHint = draft === '?'
 
+  const { t } = useI18n()
   const gatewayState = useStore($gatewayState)
+  const newSessionPlaceholders = t.composer.newSessionPlaceholders
+  const followUpPlaceholders = t.composer.followUpPlaceholders
 
   // Resting placeholder: a starter for brand-new sessions, a continuation for
   // existing ones. Picked once and only re-rolled when we genuinely move to a
@@ -195,7 +179,7 @@ export function ChatBar({
   // started session (null → id, on the first send) is treated as the same
   // conversation so the placeholder doesn't visibly flip mid-stream.
   const [restingPlaceholder, setRestingPlaceholder] = useState(() =>
-    pickPlaceholder(sessionId ? FOLLOW_UP_PLACEHOLDERS : NEW_SESSION_PLACEHOLDERS)
+    pickPlaceholder(sessionId ? followUpPlaceholders : newSessionPlaceholders)
   )
 
   const prevSessionIdRef = useRef(sessionId)
@@ -214,16 +198,16 @@ export function ChatBar({
       return
     }
 
-    setRestingPlaceholder(pickPlaceholder(sessionId ? FOLLOW_UP_PLACEHOLDERS : NEW_SESSION_PLACEHOLDERS))
-  }, [sessionId])
+    setRestingPlaceholder(pickPlaceholder(sessionId ? followUpPlaceholders : newSessionPlaceholders))
+  }, [followUpPlaceholders, newSessionPlaceholders, sessionId])
 
   // When the bar is disabled it's because the gateway isn't open. Distinguish a
   // cold start ("Starting Hermes...") from a dropped connection we're trying to
   // restore (e.g. after the Mac slept) so the stuck state reads as recoverable.
   const placeholder = disabled
     ? gatewayState === 'closed' || gatewayState === 'error'
-      ? 'Reconnecting to Hermes…'
-      : 'Starting Hermes...'
+      ? t.composer.placeholderReconnecting
+      : t.composer.placeholderStarting
     : restingPlaceholder
 
   const focusInput = useCallback(() => {
@@ -435,7 +419,7 @@ export function ChatBar({
     requestMainFocus()
   }
 
-  const insertInlineRefs = (refs: string[]) => {
+  const insertInlineRefs = (refs: InlineRefInput[]) => {
     const editor = editorRef.current
 
     if (!editor) {
@@ -455,6 +439,19 @@ export function ChatBar({
     return true
   }
 
+  // Latest-closure ref so the (once-only) subscription always calls the current
+  // insertInlineRefs without re-subscribing every render.
+  const insertInlineRefsRef = useRef(insertInlineRefs)
+  insertInlineRefsRef.current = insertInlineRefs
+
+  useEffect(() => {
+    return onComposerInsertRefsRequest(({ refs, target }) => {
+      if (target === 'main') {
+        insertInlineRefsRef.current(refs)
+      }
+    })
+  }, [])
+
   const selectSkinSlashCommand = (command: string) => {
     draftRef.current = command
     aui.composer().setText(command)
@@ -1041,7 +1038,19 @@ export function ChatBar({
     if (queueEdit) {
       exitQueuedEdit('save')
     } else if (busy) {
-      if (hasComposerPayload) {
+      // Slash commands should execute immediately even while the agent is
+      // busy — they're client-side operations (/yolo, /skin, /new, /help,
+      // etc.) or self-contained gateway RPCs (/status, /compress).  onSubmit
+      // routes them to executeSlashCommand, which has its own per-command
+      // busy guard for commands that genuinely need an idle session (skill
+      // /send directives).  Queuing them would make every slash command wait
+      // for the current turn to finish, which is how the TUI never behaves.
+      if (!attachments.length && SLASH_COMMAND_RE.test(draft.trim())) {
+        const submitted = draft
+        triggerHaptic('submit')
+        clearDraft()
+        void onSubmit(submitted)
+      } else if (hasComposerPayload) {
         queueCurrentDraft()
       } else {
         // Stop button: an explicit interrupt must actually halt the running
@@ -1185,7 +1194,7 @@ export function ChatBar({
   const input = (
     <div className={cn('relative', stacked ? 'w-full' : 'min-w-(--composer-input-inline-min-width) flex-1')}>
       <div
-        aria-label="Message"
+        aria-label={t.composer.message}
         autoCapitalize="off"
         autoCorrect="off"
         className={cn(
@@ -1253,9 +1262,11 @@ export function ChatBar({
           onDrop={handleDrop}
           onSubmit={e => {
             e.preventDefault()
+
             if (composingRef.current) {
               return
             }
+
             submitDraft()
           }}
           ref={composerRef}

apps/desktop/src/app/chat/composer/inline-refs.ts

@@ -5,6 +5,49 @@ import type { DroppedFile } from '../hooks/use-composer-actions'
 
 import { composerPlainText, escapeHtml, placeCaretEnd, refChipHtml } from './rich-editor'
 
+/** A chip to insert: a raw `@kind:value` string, or a typed value + display label. */
+export type InlineRefInput = string | { kind: string; label?: string; value: string }
+
+/** MIME for an in-app session drag (sidebar row → composer). */
+export const HERMES_SESSION_MIME = 'application/x-hermes-session'
+
+export interface SessionDragPayload {
+  id: string
+  profile: string
+  title: string
+}
+
+export function writeSessionDrag(transfer: DataTransfer, payload: SessionDragPayload) {
+  transfer.setData(HERMES_SESSION_MIME, JSON.stringify(payload))
+  transfer.effectAllowed = 'copy'
+}
+
+export function dragHasSession(transfer: DataTransfer | null) {
+  return Boolean(transfer) && Array.from(transfer!.types || []).includes(HERMES_SESSION_MIME)
+}
+
+export function readSessionDrag(transfer: DataTransfer | null): null | SessionDragPayload {
+  const raw = transfer?.getData(HERMES_SESSION_MIME)
+
+  if (!raw) {
+    return null
+  }
+
+  try {
+    const parsed = JSON.parse(raw) as Partial<SessionDragPayload>
+
+    return parsed.id ? { id: parsed.id, profile: parsed.profile || 'default', title: parsed.title || '' } : null
+  } catch {
+    return null
+  }
+}
+
+/** Build a `@session:<profile>/<id>` chip. Value carries the metadata the agent
+ * needs to resolve the link (session_search); label shows the friendly title. */
+export function sessionInlineRef({ id, profile, title }: SessionDragPayload): InlineRefInput {
+  return { kind: 'session', label: title || `chat ${id.slice(0, 8)}`, value: `${profile || 'default'}/${id}` }
+}
+
 export function dragHasAttachments(transfer: DataTransfer | null, pathsMime: string) {
   if (!transfer) {
     return false
@@ -40,13 +83,17 @@ export function droppedFileInlineRef(candidate: DroppedFile, cwd: string | null
   return `@${kind}:${formatRefValue(rel)}`
 }
 
-export function insertInlineRefsIntoEditor(editor: HTMLDivElement, refs: readonly string[]) {
+export function insertInlineRefsIntoEditor(editor: HTMLDivElement, refs: readonly InlineRefInput[]) {
   if (!refs.length) {
     return null
   }
 
   const refsHtml = refs
     .map(ref => {
+      if (typeof ref !== 'string') {
+        return refChipHtml(ref.kind, ref.value, ref.label)
+      }
+
       const match = ref.match(/^@([^:]+):(.+)$/)
 
       return match ? refChipHtml(match[1], match[2]) : escapeHtml(ref)

apps/desktop/src/app/chat/composer/queue-panel.tsx

@@ -2,6 +2,8 @@ import { useState } from 'react'
 
 import { Button } from '@/components/ui/button'
 import { DisclosureCaret } from '@/components/ui/disclosure-caret'
+import { Tip } from '@/components/ui/tooltip'
+import { type Translations, useI18n } from '@/i18n'
 import { ArrowUp, Pencil, Trash2 } from '@/lib/icons'
 import { cn } from '@/lib/utils'
 import type { QueuedPromptEntry } from '@/store/composer-queue'
@@ -15,10 +17,12 @@ interface QueuePanelProps {
   onSendNow: (id: string) => void
 }
 
-const entryPreview = (entry: QueuedPromptEntry) =>
-  entry.text.trim() || (entry.attachments.length > 0 ? 'Attachment-only turn' : 'Empty turn')
+const entryPreview = (entry: QueuedPromptEntry, c: Translations['composer']) =>
+  entry.text.trim() || (entry.attachments.length > 0 ? c.attachmentOnly : c.emptyTurn)
 
 export function QueuePanel({ busy, editingId, entries, onDelete, onEdit, onSendNow }: QueuePanelProps) {
+  const { t } = useI18n()
+  const c = t.composer
   const [collapsed, setCollapsed] = useState(false)
 
   if (entries.length === 0) {
@@ -33,7 +37,7 @@ export function QueuePanel({ busy, editingId, entries, onDelete, onEdit, onSendN
         type="button"
       >
         <DisclosureCaret className="shrink-0" open={!collapsed} size="0.875rem" />
-        <span className="truncate">{entries.length} Queued</span>
+        <span className="truncate">{c.queued(entries.length)}</span>
       </button>
 
       {!collapsed && (
@@ -56,17 +60,17 @@ export function QueuePanel({ busy, editingId, entries, onDelete, onEdit, onSendN
                   className="h-3.5 w-3.5 shrink-0 rounded-full border border-foreground/35 bg-transparent"
                 />
                 <div className="min-w-0 flex-1">
-                  <p className="truncate text-[0.73rem] leading-4 text-foreground/92">{entryPreview(entry)}</p>
+                  <p className="truncate text-[0.73rem] leading-4 text-foreground/92">{entryPreview(entry, c)}</p>
                   {(attachmentsCount > 0 || isEditing) && (
                     <div className="mt-0.5 flex items-center gap-1.5 text-[0.64rem] text-muted-foreground/75">
                       {attachmentsCount > 0 && (
                         <span>
-                          {attachmentsCount} attachment{attachmentsCount === 1 ? '' : 's'}
+                          {c.attachments(attachmentsCount)}
                         </span>
                       )}
                       {isEditing && (
                         <span className="text-[color-mix(in_srgb,var(--dt-composer-ring)_78%,var(--muted-foreground))]">
-                          Editing in composer
+                          {c.editingInComposer}
                         </span>
                       )}
                     </div>
@@ -80,41 +84,44 @@ export function QueuePanel({ busy, editingId, entries, onDelete, onEdit, onSendN
                       : 'opacity-0 group-hover/queue-row:opacity-100 group-focus-within/queue-row:opacity-100'
                   )}
                 >
-                  <Button
-                    aria-label="Edit queued turn"
-                    className="h-5 w-5 rounded-md"
-                    disabled={Boolean(editingId) && !isEditing}
-                    onClick={() => onEdit(entry)}
-                    size="icon-xs"
-                    title="Edit queued turn"
-                    type="button"
-                    variant="ghost"
-                  >
-                    <Pencil size={11} />
-                  </Button>
-                  <Button
-                    aria-label="Send queued turn now"
-                    className="h-5 w-5 rounded-md"
-                    disabled={busy || isEditing}
-                    onClick={() => onSendNow(entry.id)}
-                    size="icon-xs"
-                    title="Send queued turn now"
-                    type="button"
-                    variant="ghost"
-                  >
-                    <ArrowUp size={11} />
-                  </Button>
-                  <Button
-                    aria-label="Delete queued turn"
-                    className="h-5 w-5 rounded-md"
-                    onClick={() => onDelete(entry.id)}
-                    size="icon-xs"
-                    title="Delete queued turn"
-                    type="button"
-                    variant="ghost"
-                  >
-                    <Trash2 size={11} />
-                  </Button>
+                  <Tip label={c.editQueued}>
+                    <Button
+                      aria-label={c.editQueued}
+                      className="h-5 w-5 rounded-md"
+                      disabled={Boolean(editingId) && !isEditing}
+                      onClick={() => onEdit(entry)}
+                      size="icon-xs"
+                      type="button"
+                      variant="ghost"
+                    >
+                      <Pencil size={11} />
+                    </Button>
+                  </Tip>
+                  <Tip label={c.sendQueuedNow}>
+                    <Button
+                      aria-label={c.sendQueuedNow}
+                      className="h-5 w-5 rounded-md"
+                      disabled={busy || isEditing}
+                      onClick={() => onSendNow(entry.id)}
+                      size="icon-xs"
+                      type="button"
+                      variant="ghost"
+                    >
+                      <ArrowUp size={11} />
+                    </Button>
+                  </Tip>
+                  <Tip label={c.deleteQueued}>
+                    <Button
+                      aria-label={c.deleteQueued}
+                      className="h-5 w-5 rounded-md"
+                      onClick={() => onDelete(entry.id)}
+                      size="icon-xs"
+                      type="button"
+                      variant="ghost"
+                    >
+                      <Trash2 size={11} />
+                    </Button>
+                  </Tip>
                 </div>
               </div>
             )

apps/desktop/src/app/chat/composer/rich-editor.ts

@@ -15,7 +15,7 @@ import {
 
 export const RICH_INPUT_SLOT = 'composer-rich-input'
 
-export const REF_RE = /@(file|folder|url|image|tool|line|terminal):(`[^`\n]+`|"[^"\n]+"|'[^'\n]+'|\S+)/g
+export const REF_RE = /@(file|folder|url|image|tool|line|terminal|session):(`[^`\n]+`|"[^"\n]+"|'[^'\n]+'|\S+)/g
 
 const ESC: Record<string, string> = { '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#039;' }
 
@@ -52,14 +52,14 @@ export function quoteRefValue(value: string) {
   return formatRefValue(value)
 }
 
-export function refChipHtml(kind: string, rawValue: string) {
+export function refChipHtml(kind: string, rawValue: string, displayLabel?: string) {
   const id = unquoteRef(rawValue)
   const text = `@${kind}:${quoteRefValue(id)}`
 
-  return `<span contenteditable="false" data-ref-text="${escapeHtml(text)}" data-ref-id="${escapeHtml(id)}" data-ref-kind="${escapeHtml(kind)}" class="${DIRECTIVE_CHIP_CLASS}">${directiveIconSvg(kind)}<span class="truncate">${escapeHtml(refLabel(id))}</span></span>`
+  return `<span contenteditable="false" data-ref-text="${escapeHtml(text)}" data-ref-id="${escapeHtml(id)}" data-ref-kind="${escapeHtml(kind)}" class="${DIRECTIVE_CHIP_CLASS}">${directiveIconSvg(kind)}<span class="truncate">${escapeHtml(displayLabel || refLabel(id))}</span></span>`
 }
 
-export function refChipElement(kind: string, rawValue: string) {
+export function refChipElement(kind: string, rawValue: string, displayLabel?: string) {
   const id = unquoteRef(rawValue)
   const text = `@${kind}:${quoteRefValue(id)}`
   const chip = document.createElement('span')
@@ -71,7 +71,7 @@ export function refChipElement(kind: string, rawValue: string) {
   chip.dataset.refKind = kind
   chip.className = DIRECTIVE_CHIP_CLASS
   label.className = 'truncate'
-  label.textContent = refLabel(id)
+  label.textContent = displayLabel || refLabel(id)
   chip.append(directiveIconElement(kind), label)
 
   return chip

apps/desktop/src/app/chat/composer/skin-slash-popover.tsx

@@ -1,3 +1,4 @@
+import { useI18n } from '@/i18n'
 import { desktopSkinSlashCompletions } from '@/lib/desktop-slash-commands'
 import { triggerHaptic } from '@/lib/haptics'
 import { useTheme } from '@/themes/context'
@@ -10,6 +11,8 @@ interface SkinSlashPopoverProps {
 }
 
 export function SkinSlashPopover({ draft, onSelect }: SkinSlashPopoverProps) {
+  const { t } = useI18n()
+  const c = t.composer
   const { availableThemes, themeName } = useTheme()
   const match = draft.match(/^\/skin\s+(\S*)$/i)
 
@@ -21,7 +24,7 @@ export function SkinSlashPopover({ draft, onSelect }: SkinSlashPopoverProps) {
 
   return (
     <div
-      aria-label="Desktop theme suggestions"
+      aria-label={c.themeSuggestions}
       className={COMPLETION_DRAWER_CLASS}
       data-slot="composer-skin-completion-drawer"
       data-state="open"
@@ -29,8 +32,10 @@ export function SkinSlashPopover({ draft, onSelect }: SkinSlashPopoverProps) {
     >
       <div className="grid gap-0.5 pt-0.5">
         {items.length === 0 ? (
-          <CompletionDrawerEmpty title="No matching themes.">
-            Try <span className="font-mono text-foreground/80">/skin list</span>.
+          <CompletionDrawerEmpty title={c.noMatchingThemes}>
+            {c.themeTryPre}
+            <span className="font-mono text-foreground/80">/skin list</span>
+            {c.themeTryPost}
           </CompletionDrawerEmpty>
         ) : (
           items.map(item => (

apps/desktop/src/app/chat/composer/slash-nav-dom-repro.test.tsx

@@ -37,7 +37,10 @@ function Harness({
   const refreshTrigger = useCallback(() => {
     const editor = editorRef.current
 
-    if (!editor) {return}
+    if (!editor) {
+      return
+    }
+
     const raw = editor.textContent ?? ''
 
     if (!raw.includes('@') && !raw.includes('/')) {

apps/desktop/src/app/chat/composer/url-dialog.tsx

@@ -10,6 +10,7 @@ import {
   DialogTitle
 } from '@/components/ui/dialog'
 import { Input } from '@/components/ui/input'
+import { useI18n } from '@/i18n'
 import { Globe } from '@/lib/icons'
 
 const URL_HINT = /^https?:\/\//i
@@ -29,6 +30,8 @@ export function UrlDialog({
   open: boolean
   value: string
 }) {
+  const { t } = useI18n()
+  const c = t.composer
   const trimmed = value.trim()
   const looksLikeUrl = trimmed.length > 0 && URL_HINT.test(trimmed)
 
@@ -43,8 +46,8 @@ export function UrlDialog({
             <Globe className="size-4" />
           </span>
           <div className="grid gap-0.5 text-left">
-            <DialogTitle>Attach a URL</DialogTitle>
-            <DialogDescription>Hermes will fetch the page and include it as context for this turn.</DialogDescription>
+            <DialogTitle>{c.attachUrlTitle}</DialogTitle>
+            <DialogDescription>{c.attachUrlDesc}</DialogDescription>
           </div>
         </DialogHeader>
         <form
@@ -60,23 +63,24 @@ export function UrlDialog({
               autoCorrect="off"
               inputMode="url"
               onChange={e => onChange(e.target.value)}
-              placeholder="https://example.com/post"
+              placeholder={c.urlPlaceholder}
               ref={inputRef}
               spellCheck={false}
               value={value}
             />
             {trimmed.length > 0 && !looksLikeUrl && (
               <p className="text-xs text-muted-foreground/85">
-                Include the full URL, e.g. <span className="font-mono">https://…</span>
+                {c.urlHintPre}
+                <span className="font-mono">https://…</span>
               </p>
             )}
           </div>
           <DialogFooter>
             <Button onClick={() => onOpenChange(false)} type="button" variant="ghost">
-              Cancel
+              {t.common.cancel}
             </Button>
             <Button disabled={!looksLikeUrl} type="submit">
-              Attach
+              {c.attach}
             </Button>
           </DialogFooter>
         </form>

apps/desktop/src/app/chat/composer/voice-activity.tsx

@@ -2,6 +2,7 @@ import { useStore } from '@nanostores/react'
 import { useEffect, useRef } from 'react'
 
 import { Button } from '@/components/ui/button'
+import { useI18n } from '@/i18n'
 import { Loader2, Mic, Volume2, VolumeX } from '@/lib/icons'
 import { cn } from '@/lib/utils'
 import { stopVoicePlayback } from '@/lib/voice-playback'
@@ -163,12 +164,14 @@ function PlaybackWaveform({ audioElement }: { audioElement: HTMLAudioElement | n
 }
 
 export function VoiceActivity({ state }: { state: VoiceActivityState }) {
+  const { t } = useI18n()
+
   if (state.status === 'idle') {
     return null
   }
 
   const recording = state.status === 'recording'
-  const title = recording ? 'Dictating' : 'Transcribing'
+  const title = recording ? t.composer.dictating : t.composer.transcribing
 
   return (
     <div
@@ -201,6 +204,7 @@ export function VoiceActivity({ state }: { state: VoiceActivityState }) {
 }
 
 export function VoicePlaybackActivity() {
+  const { t } = useI18n()
   const playback = useStore($voicePlayback)
 
   if (playback.status === 'idle') {
@@ -210,10 +214,10 @@ export function VoicePlaybackActivity() {
   const preparing = playback.status === 'preparing'
 
   const title = preparing
-    ? 'Preparing audio'
+    ? t.composer.preparingAudio
     : playback.source === 'voice-conversation'
-      ? 'Speaking response'
-      : 'Reading aloud'
+      ? t.composer.speakingResponse
+      : t.composer.readingAloud
 
   return (
     <div

apps/desktop/src/app/chat/hooks/use-file-drop-zone.ts

@@ -1,50 +1,71 @@
 import { type DragEvent as ReactDragEvent, useCallback, useRef, useState } from 'react'
 
-import { dragHasAttachments } from '@/app/chat/composer/inline-refs'
+import {
+  dragHasAttachments,
+  dragHasSession,
+  readSessionDrag,
+  type SessionDragPayload
+} from '@/app/chat/composer/inline-refs'
 
 import { type DroppedFile, extractDroppedFiles, HERMES_PATHS_MIME } from './use-composer-actions'
 
-const hasFiles = (event: ReactDragEvent) => dragHasAttachments(event.dataTransfer, HERMES_PATHS_MIME)
+export type DragKind = 'files' | 'session' | null
+
+const dragKindOf = (event: ReactDragEvent): DragKind => {
+  if (dragHasSession(event.dataTransfer)) {
+    return 'session'
+  }
+
+  if (dragHasAttachments(event.dataTransfer, HERMES_PATHS_MIME)) {
+    return 'files'
+  }
+
+  return null
+}
 
 interface FileDropZoneOptions {
   /** When false the zone ignores drags entirely. */
   enabled?: boolean
   onDropFiles: (files: DroppedFile[]) => void
+  onDropSession?: (session: SessionDragPayload) => void
 }
 
 /**
- * "Drop files anywhere in this region" affordance. An enter/leave depth counter
- * keeps nested children from flickering the active state; `onDropCapture` clears
- * it even when a nested target (the composer) handles the drop and stops
- * propagation before our bubble-phase `onDrop` would fire.
+ * "Drop anywhere in this region" affordance for files *and* in-app session
+ * links. An enter/leave depth counter keeps nested children from flickering the
+ * active state; `onDropCapture` clears it even when a nested target (the
+ * composer) handles the drop and stops propagation before our bubble-phase
+ * `onDrop` would fire.
  *
- * Spread `dropHandlers` onto the container; render an overlay off `dragActive`.
+ * Spread `dropHandlers` onto the container; render an overlay off `dragKind`.
  */
-export function useFileDropZone({ enabled = true, onDropFiles }: FileDropZoneOptions) {
-  const [dragActive, setDragActive] = useState(false)
+export function useFileDropZone({ enabled = true, onDropFiles, onDropSession }: FileDropZoneOptions) {
+  const [dragKind, setDragKind] = useState<DragKind>(null)
   const depth = useRef(0)
 
   const reset = useCallback(() => {
     depth.current = 0
-    setDragActive(false)
+    setDragKind(null)
   }, [])
 
   const onDragEnter = useCallback(
     (event: ReactDragEvent) => {
-      if (!enabled || !hasFiles(event)) {
+      const kind = enabled ? dragKindOf(event) : null
+
+      if (!kind) {
         return
       }
 
       event.preventDefault()
       depth.current += 1
-      setDragActive(true)
+      setDragKind(kind)
     },
     [enabled]
   )
 
   const onDragOver = useCallback(
     (event: ReactDragEvent) => {
-      if (!enabled || !hasFiles(event)) {
+      if (!enabled || !dragKindOf(event)) {
         return
       }
 
@@ -62,21 +83,36 @@ export function useFileDropZone({ enabled = true, onDropFiles }: FileDropZoneOpt
 
   const onDrop = useCallback(
     (event: ReactDragEvent) => {
-      if (!enabled || !hasFiles(event)) {
+      const kind = enabled ? dragKindOf(event) : null
+
+      if (!kind) {
         return
       }
 
       event.preventDefault()
       reset()
 
+      if (kind === 'session') {
+        const session = readSessionDrag(event.dataTransfer)
+
+        if (session) {
+          onDropSession?.(session)
+        }
+
+        return
+      }
+
       const files = extractDroppedFiles(event.dataTransfer)
 
       if (files.length) {
         onDropFiles(files)
       }
     },
-    [enabled, onDropFiles, reset]
+    [enabled, onDropFiles, onDropSession, reset]
   )
 
-  return { dragActive, dropHandlers: { onDragEnter, onDragLeave, onDragOver, onDrop, onDropCapture: reset } }
+  return {
+    dragKind,
+    dropHandlers: { onDragEnter, onDragLeave, onDragOver, onDrop, onDropCapture: reset }
+  }
 }

apps/desktop/src/app/chat/index.tsx

@@ -12,7 +12,6 @@ import { useLocation } from 'react-router-dom'
 
 import { Thread } from '@/components/assistant-ui/thread'
 import { Backdrop } from '@/components/Backdrop'
-import { NotificationStack } from '@/components/notifications'
 import { PromptOverlays } from '@/components/prompt-overlays'
 import { Button } from '@/components/ui/button'
 import { Codicon } from '@/components/ui/codicon'
@@ -23,6 +22,7 @@ import { useIncrementalExternalStoreRuntime } from '@/lib/incremental-external-s
 import { cn } from '@/lib/utils'
 import type { ComposerAttachment } from '@/store/composer'
 import { $pinnedSessionIds } from '@/store/layout'
+import { $gatewaySwapTarget } from '@/store/profile'
 import {
   $activeSessionId,
   $awaitingResponse,
@@ -46,9 +46,10 @@ import { routeSessionId } from '../routes'
 import { titlebarHeaderBaseClass, titlebarHeaderShadowClass } from '../shell/titlebar'
 
 import { ChatDropOverlay } from './chat-drop-overlay'
+import { ChatSwapOverlay } from './chat-swap-overlay'
 import { ChatBar, ChatBarFallback } from './composer'
-import { requestComposerInsert } from './composer/focus'
-import { droppedFileInlineRef } from './composer/inline-refs'
+import { requestComposerInsert, requestComposerInsertRefs } from './composer/focus'
+import { droppedFileInlineRef, type SessionDragPayload, sessionInlineRef } from './composer/inline-refs'
 import type { ChatBarState } from './composer/types'
 import type { DroppedFile } from './hooks/use-composer-actions'
 import { useFileDropZone } from './hooks/use-file-drop-zone'
@@ -179,6 +180,7 @@ export function ChatView({
   const currentProvider = useStore($currentProvider)
   const freshDraftReady = useStore($freshDraftReady)
   const gatewayState = useStore($gatewayState)
+  const gatewaySwapTarget = useStore($gatewaySwapTarget)
   const gatewayOpen = gatewayState === 'open'
   const introPersonality = useStore($introPersonality)
   const introSeed = useStore($introSeed)
@@ -307,7 +309,13 @@ export function ChatView({
     [currentCwd]
   )
 
-  const { dragActive, dropHandlers } = useFileDropZone({ enabled: showChatBar, onDropFiles })
+  // Dropping a sidebar session inserts an @session link the agent can resolve
+  // via session_search (carries the source profile, so cross-profile works).
+  const onDropSession = useCallback((session: SessionDragPayload) => {
+    requestComposerInsertRefs([sessionInlineRef(session)], { target: 'main' })
+  }, [])
+
+  const { dragKind, dropHandlers } = useFileDropZone({ enabled: showChatBar, onDropFiles, onDropSession })
 
   return (
     <div
@@ -325,7 +333,6 @@ export function ChatView({
         selectedSessionId={selectedSessionId}
       />
 
-      <NotificationStack />
       <PromptOverlays />
 
       <div
@@ -372,7 +379,8 @@ export function ChatView({
             </Suspense>
           )}
         </AssistantRuntimeProvider>
-        <ChatDropOverlay active={dragActive} />
+        <ChatDropOverlay kind={dragKind} />
+        <ChatSwapOverlay profile={gatewaySwapTarget} />
       </div>
     </div>
   )

apps/desktop/src/app/chat/perf-probe.tsx

@@ -1,6 +1,6 @@
 import { Profiler, type ProfilerOnRenderCallback, type ReactNode } from 'react'
 
-import { $messages, setMessages, setBusy } from '@/store/session'
+import { $messages, setBusy, setMessages } from '@/store/session'
 
 type Sample = {
   id: string
@@ -40,13 +40,16 @@ if (typeof window !== 'undefined' && !window.__PERF_PROBE__) {
     },
     summary: () => {
       const byId = new Map<string, number[]>()
+
       for (const s of samples) {
         const k = `${s.id}:${s.phase}`
         const arr = byId.get(k) ?? []
         arr.push(s.actualDuration)
         byId.set(k, arr)
       }
+
       const out: Record<string, { count: number; total: number; max: number; p50: number; p95: number }> = {}
+
       for (const [k, arr] of byId) {
         arr.sort((a, b) => a - b)
         const total = arr.reduce((a, b) => a + b, 0)
@@ -55,19 +58,27 @@ if (typeof window !== 'undefined' && !window.__PERF_PROBE__) {
           total: Math.round(total * 100) / 100,
           max: Math.round(arr[arr.length - 1] * 100) / 100,
           p50: Math.round(arr[Math.floor(arr.length * 0.5)] * 100) / 100,
-          p95: Math.round(arr[Math.floor(arr.length * 0.95)] * 100) / 100,
+          p95: Math.round(arr[Math.floor(arr.length * 0.95)] * 100) / 100
         }
       }
+
       return out
-    },
+    }
   }
 }
 
 const onRender: ProfilerOnRenderCallback = (id, phase, actualDuration, baseDuration, startTime, commitTime) => {
   const probe = typeof window !== 'undefined' ? window.__PERF_PROBE__ : undefined
-  if (!probe || !probe.enabled) return
+
+  if (!probe || !probe.enabled) {
+    return
+  }
+
   probe.samples.push({ id, phase, actualDuration, baseDuration, startTime, commitTime })
-  if (probe.samples.length > 5000) probe.samples.splice(0, probe.samples.length - 5000)
+
+  if (probe.samples.length > 5000) {
+    probe.samples.splice(0, probe.samples.length - 5000)
+  }
 }
 
 if (typeof window !== 'undefined' && !window.__PERF_DRIVE__) {
@@ -86,7 +97,11 @@ if (typeof window !== 'undefined' && !window.__PERF_DRIVE__) {
     snapshotMsgs: () => $messages.get().length,
     reset: () => {
       activeHandle?.stop()
-      if (baseline) setMessages(baseline)
+
+      if (baseline) {
+        setMessages(baseline)
+      }
+
       baseline = null
       setBusy(false)
     },
@@ -104,7 +119,11 @@ if (typeof window !== 'undefined' && !window.__PERF_DRIVE__) {
     }: { chunk?: string; intervalMs?: number; totalTokens?: number; flushMinMs?: number } = {}) => {
       activeHandle?.stop()
       const current = $messages.get()
-      if (!baseline) baseline = current
+
+      if (!baseline) {
+        baseline = current
+      }
+
       const msgId = `synthetic-${Date.now()}`
       // Seed an empty assistant message — assistant-ui will see it grow.
       setMessages([
@@ -126,13 +145,20 @@ if (typeof window !== 'undefined' && !window.__PERF_DRIVE__) {
       let flushHandle: number | null = null
 
       const applyDelta = (delta: string) => {
-        if (!delta) return
+        if (!delta) {
+          return
+        }
+
         setMessages(prev =>
           prev.map(m => {
-            if (m.id !== msgId) return m
+            if (m.id !== msgId) {
+              return m
+            }
+
             const head = m.parts.slice(0, -1)
             const last = m.parts.at(-1)
             const lastText = last && last.type === 'text' ? last.text : ''
+
             return {
               ...m,
               parts: [...head, { type: 'text', text: lastText + delta }]
@@ -150,8 +176,16 @@ if (typeof window !== 'undefined' && !window.__PERF_DRIVE__) {
       }
 
       const scheduleFlush = () => {
-        if (flushHandle !== null) return
-        if (flushMinMs <= 0) { flushNow(); return }
+        if (flushHandle !== null) {
+          return
+        }
+
+        if (flushMinMs <= 0) {
+          flushNow()
+
+          return
+        }
+
         const since = performance.now() - lastFlushAt
         const wait = Math.max(0, flushMinMs - since)
         flushHandle =
@@ -162,48 +196,62 @@ if (typeof window !== 'undefined' && !window.__PERF_DRIVE__) {
 
       const handle: SyntheticDriverHandle = {
         stop: () => {
-          if (timer) clearTimeout(timer)
+          if (timer) {
+            clearTimeout(timer)
+          }
+
           timer = null
+
           if (flushHandle !== null) {
             clearTimeout(flushHandle)
             cancelAnimationFrame?.(flushHandle)
           }
+
           flushHandle = null
+
           if (pendingDelta) {
             applyDelta(pendingDelta)
             pendingDelta = ''
           }
+
           activeHandle = null
           // Mark message finalized.
-          setMessages(prev =>
-            prev.map(m =>
-              m.id === msgId
-                ? { ...m, pending: false }
-                : m
-            )
-          )
+          setMessages(prev => prev.map(m => (m.id === msgId ? { ...m, pending: false } : m)))
           setBusy(false)
         }
       }
+
       activeHandle = handle
 
       const tick = () => {
-        if (activeHandle !== handle) return
-        if (pushed >= totalTokens) {
-          if (pendingDelta) flushNow()
-          handle.stop()
+        if (activeHandle !== handle) {
           return
         }
+
+        if (pushed >= totalTokens) {
+          if (pendingDelta) {
+            flushNow()
+          }
+
+          handle.stop()
+
+          return
+        }
+
         pushed += 1
+
         if (flushMinMs > 0) {
           pendingDelta += chunk
           scheduleFlush()
         } else {
           applyDelta(chunk)
         }
+
         timer = setTimeout(tick, intervalMs)
       }
+
       timer = setTimeout(tick, intervalMs)
+
       return handle
     }
   }

apps/desktop/src/app/chat/right-rail/preview-console.tsx

@@ -4,6 +4,7 @@ import { useEffect, useMemo, useRef } from 'react'
 
 import { requestComposerInsert } from '@/app/chat/composer/focus'
 import { CopyButton } from '@/components/ui/copy-button'
+import { Tip } from '@/components/ui/tooltip'
 import { PanelBottom, Send, Trash2 } from '@/lib/icons'
 import { cn } from '@/lib/utils'
 import { notify } from '@/store/notifications'
@@ -80,17 +81,18 @@ function ConsoleRow({ copyText, log, onSend, onToggleSelect, selected }: Console
         selected && 'border-border/60 bg-accent/40'
       )}
     >
-      <button
-        className={cn(
-          'mt-0.5 text-left uppercase opacity-70 transition-colors hover:opacity-100',
-          consoleLevelClass[log.level] ?? consoleLevelClass[0]
-        )}
-        onClick={onToggleSelect}
-        title={selected ? 'Deselect entry' : 'Select entry'}
-        type="button"
-      >
-        {consoleLevelLabel[log.level] || 'log'}
-      </button>
+      <Tip label={selected ? 'Deselect entry' : 'Select entry'}>
+        <button
+          className={cn(
+            'mt-0.5 text-left uppercase opacity-70 transition-colors hover:opacity-100',
+            consoleLevelClass[log.level] ?? consoleLevelClass[0]
+          )}
+          onClick={onToggleSelect}
+          type="button"
+        >
+          {consoleLevelLabel[log.level] || 'log'}
+        </button>
+      </Tip>
       <div className="min-w-0" data-selectable-text="true">
         <span className={cn('block wrap-break-word', consoleLevelClass[log.level] ?? consoleLevelClass[0])}>
           {log.message}
@@ -112,14 +114,15 @@ function ConsoleRow({ copyText, log, onSend, onToggleSelect, selected }: Console
           showLabel={false}
           text={copyText}
         />
-        <button
-          className="rounded-md p-1 text-muted-foreground transition-colors hover:bg-accent hover:text-foreground"
-          onClick={onSend}
-          title="Send this entry to chat"
-          type="button"
-        >
-          <Send className="size-3" />
-        </button>
+        <Tip label="Send this entry to chat">
+          <button
+            className="rounded-md p-1 text-muted-foreground transition-colors hover:bg-accent hover:text-foreground"
+            onClick={onSend}
+            type="button"
+          >
+            <Send className="size-3" />
+          </button>
+        </Tip>
       </span>
     </div>
   )
@@ -225,11 +228,6 @@ export function PreviewConsolePanel({
             className="inline-flex items-center gap-1 rounded-md px-1.5 py-0.5 text-[0.625rem] text-muted-foreground transition-colors hover:bg-accent hover:text-foreground disabled:opacity-40"
             disabled={sendableLogs.length === 0}
             onClick={() => sendLogsToComposer(sendableLogs)}
-            title={
-              visibleSelection.length > 0
-                ? `Send ${visibleSelection.length} selected to chat`
-                : 'Send all log entries to chat'
-            }
             type="button"
           >
             <Send className="size-3" />
@@ -250,7 +248,6 @@ export function PreviewConsolePanel({
             className="inline-flex items-center gap-1 rounded-md px-1.5 py-0.5 text-[0.625rem] text-muted-foreground transition-colors hover:bg-accent hover:text-foreground disabled:opacity-40"
             disabled={logs.length === 0}
             onClick={consoleState.clear}
-            title="Clear console"
             type="button"
           >
             <Trash2 className="size-3" />

apps/desktop/src/app/chat/right-rail/preview-pane.tsx

@@ -3,6 +3,7 @@ import type { PointerEvent as ReactPointerEvent } from 'react'
 import { useCallback, useEffect, useRef, useState } from 'react'
 
 import type { SetTitlebarToolGroup, TitlebarTool } from '@/app/shell/titlebar-controls'
+import { Tip } from '@/components/ui/tooltip'
 import { Bug } from '@/lib/icons'
 import { cn } from '@/lib/utils'
 import { notify, notifyError } from '@/store/notifications'
@@ -607,15 +608,16 @@ export function PreviewPane({
         {!embedded && (
           <div className="pointer-events-none flex min-h-(--titlebar-height) items-center gap-1.5 border-b border-border/60 bg-background px-2 py-1">
             <div className="min-w-0 flex-1">
-              <a
-                className="pointer-events-auto inline max-w-full truncate text-left text-xs font-medium text-foreground underline-offset-4 decoration-current/20 transition-colors hover:text-primary hover:underline"
-                href={currentUrl}
-                rel="noreferrer"
-                target="_blank"
-                title={`Open ${currentUrl}`}
-              >
-                {previewLabel || 'Preview'}
-              </a>
+              <Tip label={`Open ${currentUrl}`}>
+                <a
+                  className="pointer-events-auto inline max-w-full truncate text-left text-xs font-medium text-foreground underline-offset-4 decoration-current/20 transition-colors hover:text-primary hover:underline"
+                  href={currentUrl}
+                  rel="noreferrer"
+                  target="_blank"
+                >
+                  {previewLabel || 'Preview'}
+                </a>
+              </Tip>
             </div>
           </div>
         )}

apps/desktop/src/app/chat/right-rail/preview.tsx

@@ -3,6 +3,7 @@ import { useEffect, useMemo } from 'react'
 
 import type { SetTitlebarToolGroup } from '@/app/shell/titlebar-controls'
 import { Codicon } from '@/components/ui/codicon'
+import { Tip } from '@/components/ui/tooltip'
 import { cn } from '@/lib/utils'
 import {
   $rightRailActiveTabId,
@@ -101,27 +102,33 @@ export function ChatPreviewRail({ onRestartServer, setTitlebarToolGroup }: ChatP
                 // memory. `onMouseDown` swallows the middle-button press so
                 // Chromium doesn't switch into autoscroll mode.
                 onAuxClick={event => {
-                  if (event.button !== 1) return
+                  if (event.button !== 1) {
+                    return
+                  }
+
                   event.preventDefault()
                   closeRightRailTab(tab.id)
                 }}
                 onMouseDown={event => {
-                  if (event.button === 1) event.preventDefault()
+                  if (event.button === 1) {
+                    event.preventDefault()
+                  }
                 }}
               >
                 {active && (
                   <span aria-hidden="true" className="absolute inset-x-0 top-0 h-px bg-(--ui-stroke-primary)" />
                 )}
-                <button
-                  aria-selected={active}
-                  className="flex h-full min-w-0 max-w-full items-center overflow-hidden pl-3 pr-2 text-left outline-none"
-                  onClick={() => selectRightRailTab(tab.id)}
-                  role="tab"
-                  title={tab.label}
-                  type="button"
-                >
-                  <span className="block min-w-0 truncate">{tab.label}</span>
-                </button>
+                <Tip label={tab.label}>
+                  <button
+                    aria-selected={active}
+                    className="flex h-full min-w-0 max-w-full items-center overflow-hidden pl-3 pr-2 text-left outline-none"
+                    onClick={() => selectRightRailTab(tab.id)}
+                    role="tab"
+                    type="button"
+                  >
+                    <span className="block min-w-0 truncate">{tab.label}</span>
+                  </button>
+                </Tip>
                 <span
                   aria-hidden="true"
                   className="pointer-events-none absolute inset-y-0 right-0 w-9 bg-[linear-gradient(to_right,transparent,var(--tab-bg)_55%)] opacity-0 transition-opacity group-hover/tab:opacity-100 group-focus-within/tab:opacity-100"
@@ -130,7 +137,6 @@ export function ChatPreviewRail({ onRestartServer, setTitlebarToolGroup }: ChatP
                   aria-label={`Close ${tab.label}`}
                   className="pointer-events-none absolute right-1.5 top-1/2 grid size-4 -translate-y-1/2 place-items-center rounded-sm text-(--ui-text-tertiary) opacity-0 transition-[background-color,color,opacity] hover:bg-(--ui-bg-secondary) hover:text-foreground focus-visible:pointer-events-auto focus-visible:opacity-100 group-hover/tab:pointer-events-auto group-hover/tab:opacity-100 group-focus-within/tab:pointer-events-auto group-focus-within/tab:opacity-100"
                   onClick={() => closeRightRailTab(tab.id)}
-                  title={`Close ${tab.label}`}
                   type="button"
                 >
                   <Codicon name="close" size="0.75rem" />
@@ -143,7 +149,6 @@ export function ChatPreviewRail({ onRestartServer, setTitlebarToolGroup }: ChatP
           aria-label="Close preview pane"
           className="mr-1.5 grid size-6 shrink-0 self-center place-items-center rounded-md text-(--ui-text-tertiary) opacity-0 transition-opacity hover:bg-(--ui-control-hover-background) hover:text-foreground focus-visible:opacity-100 focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-sidebar-ring group-hover/rail-tabs:opacity-100 [-webkit-app-region:no-drag]"
           onClick={closeRightRail}
-          title="Close preview pane"
           type="button"
         >
           <Codicon name="close" size="0.75rem" />

apps/desktop/src/app/chat/sidebar/index.tsx

@@ -17,7 +17,7 @@ import {
 import { CSS } from '@dnd-kit/utilities'
 import { useStore } from '@nanostores/react'
 import type * as React from 'react'
-import { useEffect, useMemo, useState } from 'react'
+import { useCallback, useEffect, useMemo, useState } from 'react'
 
 import { Button } from '@/components/ui/button'
 import { Codicon } from '@/components/ui/codicon'
@@ -34,7 +34,11 @@ import {
   SidebarMenuItem
 } from '@/components/ui/sidebar'
 import { Skeleton } from '@/components/ui/skeleton'
+import { Tip } from '@/components/ui/tooltip'
 import { searchSessions, type SessionInfo, type SessionSearchResult } from '@/hermes'
+import { useI18n } from '@/i18n'
+import { profileColor } from '@/lib/profile-color'
+import { sessionMatchesSearch } from '@/lib/session-search'
 import { cn } from '@/lib/utils'
 import {
   $panesFlipped,
@@ -51,8 +55,17 @@ import {
   SIDEBAR_SESSIONS_PAGE_SIZE,
   unpinSession
 } from '@/store/layout'
+import {
+  $newChatProfile,
+  $profiles,
+  $profileScope,
+  ALL_PROFILES,
+  newSessionInProfile,
+  normalizeProfileKey
+} from '@/store/profile'
 import {
   $selectedStoredSessionId,
+  $sessionProfileTotals,
   $sessions,
   $sessionsLoading,
   $sessionsTotal,
@@ -64,6 +77,7 @@ import { type AppView, ARTIFACTS_ROUTE, MESSAGING_ROUTE, SKILLS_ROUTE } from '..
 import { SidebarPanelLabel } from '../../shell/sidebar-label'
 import type { SidebarNavItem } from '../../types'
 
+import { ProfileRail } from './profile-switcher'
 import { SidebarSessionRow } from './session-row'
 import { VirtualSessionList } from './virtual-session-list'
 
@@ -93,6 +107,9 @@ const SIDEBAR_NAV: SidebarNavItem[] = [
 ]
 
 const WORKSPACE_PAGE = 5
+// ALL-profiles view: show only the latest N per profile up front to keep the
+// unified list scannable, then reveal/fetch more in N-sized steps on demand.
+const PROFILE_INITIAL_PAGE = 5
 const WS_ID_PREFIX = 'workspace:'
 
 const wsId = (id: string) => `${WS_ID_PREFIX}${id}`
@@ -160,13 +177,13 @@ function searchResultToSession(result: SessionSearchResult): SessionInfo {
   }
 }
 
-function workspaceGroupsFor(sessions: SessionInfo[]): SidebarSessionGroup[] {
+function workspaceGroupsFor(sessions: SessionInfo[], noWorkspaceLabel: string): SidebarSessionGroup[] {
   const groups = new Map<string, SidebarSessionGroup>()
 
   for (const session of sessions) {
     const path = session.cwd?.trim() || ''
     const id = path || '__no_workspace__'
-    const label = baseName(path) || path || 'No workspace'
+    const label = baseName(path) || path || noWorkspaceLabel
 
     const group = groups.get(id) ?? { id, label, path: path || null, sessions: [] }
     group.sessions.push(session)
@@ -200,6 +217,7 @@ interface ChatSidebarProps extends React.ComponentProps<typeof Sidebar> {
   currentView: AppView
   onNavigate: (item: SidebarNavItem) => void
   onLoadMoreSessions: () => void
+  onLoadMoreProfileSessions?: (profile: string) => Promise<void> | void
   onResumeSession: (sessionId: string) => void
   onDeleteSession: (sessionId: string) => void
   onArchiveSession: (sessionId: string) => void
@@ -210,11 +228,14 @@ export function ChatSidebar({
   currentView,
   onNavigate,
   onLoadMoreSessions,
+  onLoadMoreProfileSessions,
   onResumeSession,
   onDeleteSession,
   onArchiveSession,
   onNewSessionInWorkspace
 }: ChatSidebarProps) {
+  const { t } = useI18n()
+  const s = t.sidebar
   const sidebarOpen = useStore($sidebarOpen)
   const panesFlipped = useStore($panesFlipped)
   const agentsGrouped = useStore($sidebarAgentsGrouped)
@@ -225,12 +246,23 @@ export function ChatSidebar({
   const sessions = useStore($sessions)
   const sessionsLoading = useStore($sessionsLoading)
   const sessionsTotal = useStore($sessionsTotal)
+  const sessionProfileTotals = useStore($sessionProfileTotals)
   const workingSessionIds = useStore($workingSessionIds)
+  const profiles = useStore($profiles)
+  const profileScope = useStore($profileScope)
+  // Only surface the profile switcher when more than one profile exists, so
+  // single-profile users see the unchanged sidebar.
+  const multiProfile = profiles.length > 1
+  // Gate ALL-profiles grouping on multiProfile too: if a user drops back to one
+  // profile while scope is still ALL (persisted), the rail is hidden and they'd
+  // otherwise be stuck in the grouped view with no way out.
+  const showAllProfiles = multiProfile && profileScope === ALL_PROFILES
   const [agentOrderIds, setAgentOrderIds] = useState<string[]>([])
   const [workspaceOrderIds, setWorkspaceOrderIds] = useState<string[]>([])
   const [searchQuery, setSearchQuery] = useState('')
   const [serverMatches, setServerMatches] = useState<SessionSearchResult[]>([])
   const [newSessionKbdFlash, setNewSessionKbdFlash] = useState(false)
+  const [profileLoadMorePending, setProfileLoadMorePending] = useState<Record<string, boolean>>({})
   const trimmedQuery = searchQuery.trim()
 
   // Flash the ⌘N hint full-opacity (no transition) for the press, so hitting
@@ -259,7 +291,19 @@ export function ChatSidebar({
     useSensor(KeyboardSensor, { coordinateGetter: sortableKeyboardCoordinates })
   )
 
-  const sortedSessions = useMemo(() => [...sessions].sort((a, b) => sessionTime(b) - sessionTime(a)), [sessions])
+  // Profile scope = the "workspace switcher" context. Concrete scope shows only
+  // that profile's sessions (clean rows, no per-row tags); ALL fans every
+  // profile in, grouped by profile below. Single-profile users land here with
+  // scope === their only profile, so nothing is filtered out.
+  const visibleSessions = useMemo(
+    () => (showAllProfiles ? sessions : sessions.filter(s => normalizeProfileKey(s.profile) === profileScope)),
+    [sessions, showAllProfiles, profileScope]
+  )
+
+  const sortedSessions = useMemo(
+    () => [...visibleSessions].sort((a, b) => sessionTime(b) - sessionTime(a)),
+    [visibleSessions]
+  )
 
   const workingSessionIdSet = useMemo(() => new Set(workingSessionIds), [workingSessionIds])
 
@@ -268,7 +312,7 @@ export function ChatSidebar({
   const sessionByAnyId = useMemo(() => {
     const map = new Map<string, SessionInfo>()
 
-    for (const s of sessions) {
+    for (const s of visibleSessions) {
       map.set(s.id, s)
 
       if (s._lineage_root_id && !map.has(s._lineage_root_id)) {
@@ -277,7 +321,7 @@ export function ChatSidebar({
     }
 
     return map
-  }, [sessions])
+  }, [visibleSessions])
 
   const pinnedSessions = useMemo(() => {
     const seen = new Set<string>()
@@ -330,11 +374,10 @@ export function ChatSidebar({
       return []
     }
 
-    const needle = trimmedQuery.toLowerCase()
     const out = new Map<string, SessionInfo>()
 
     for (const s of sortedSessions) {
-      if (`${s.title ?? ''} ${s.preview ?? ''} ${s.cwd ?? ''}`.toLowerCase().includes(needle)) {
+      if (sessionMatchesSearch(s, trimmedQuery)) {
         out.set(s.id, s)
       }
     }
@@ -362,15 +405,91 @@ export function ChatSidebar({
   )
 
   const agentGroups = useMemo(
-    () => orderByIds(workspaceGroupsFor(agentSessions), g => g.id, workspaceOrderIds),
-    [agentSessions, workspaceOrderIds]
+    () => orderByIds(workspaceGroupsFor(agentSessions, s.noWorkspace), g => g.id, workspaceOrderIds),
+    [agentSessions, s.noWorkspace, workspaceOrderIds]
   )
 
+  const loadMoreForProfileGroup = useCallback(
+    (profile: string) => {
+      if (!onLoadMoreProfileSessions) {
+        return
+      }
+
+      setProfileLoadMorePending(prev => ({ ...prev, [profile]: true }))
+
+      void Promise.resolve(onLoadMoreProfileSessions(profile))
+        .catch(() => undefined)
+        .finally(() =>
+          setProfileLoadMorePending(({ [profile]: _done, ...rest }) => rest)
+        )
+    },
+    [onLoadMoreProfileSessions]
+  )
+
+  // ALL-profiles view: one collapsible group per profile, color on the header
+  // (not on every row). Default profile floats to the top, the rest alpha.
+  const profileGroups = useMemo<SidebarSessionGroup[] | undefined>(() => {
+    if (!showAllProfiles) {
+      return undefined
+    }
+
+    const groups = new Map<string, SidebarSessionGroup>()
+
+    for (const session of agentSessions) {
+      const key = normalizeProfileKey(session.profile)
+
+      const group = groups.get(key) ?? {
+        color: profileColor(key),
+        id: key,
+        label: key,
+        mode: 'profile',
+        path: null,
+        sessions: []
+      }
+
+      group.sessions.push(session)
+
+      groups.set(key, group)
+    }
+
+    return [...groups.values()]
+      .map(group => ({
+        ...group,
+        loadingMore: Boolean(profileLoadMorePending[group.id]),
+        onLoadMore: onLoadMoreProfileSessions ? () => loadMoreForProfileGroup(group.id) : undefined,
+        totalCount: Math.max(group.sessions.length, sessionProfileTotals[group.id] ?? 0)
+      }))
+      // default (root) first, then the rest alphabetically.
+      .sort((a, b) => (a.id === 'default' ? -1 : b.id === 'default' ? 1 : a.label.localeCompare(b.label)))
+  }, [
+    showAllProfiles,
+    agentSessions,
+    loadMoreForProfileGroup,
+    onLoadMoreProfileSessions,
+    profileLoadMorePending,
+    sessionProfileTotals
+  ])
+
   const showSessionSkeletons = sessionsLoading && sortedSessions.length === 0
   const showSessionSections = showSessionSkeletons || sortedSessions.length > 0
-  const knownSessionTotal = Math.max(sessionsTotal, sortedSessions.length)
-  const hasMoreSessions = knownSessionTotal > sortedSessions.length
-  const remainingSessionCount = Math.max(0, knownSessionTotal - sortedSessions.length)
+  // Pagination is scope-aware. In "All profiles" mode it tracks the global
+  // unified set. When scoped to one profile it must compare that profile's own
+  // loaded rows against that profile's total — otherwise a huge default profile
+  // keeps "Load more" stuck on while you browse a small one (the aggregator's
+  // total sums every profile). Per-profile totals come from the aggregator
+  // (children excluded); fall back to the global total / loaded count.
+  const loadedSessionCount = showAllProfiles ? sessions.length : visibleSessions.length
+  const scopedProfileTotal = showAllProfiles ? undefined : sessionProfileTotals[profileScope]
+
+  const knownSessionTotal = Math.max(
+    showAllProfiles ? sessionsTotal : (scopedProfileTotal ?? loadedSessionCount),
+    loadedSessionCount
+  )
+
+  const hasMoreSessions = knownSessionTotal > loadedSessionCount
+  const remainingSessionCount = Math.max(0, knownSessionTotal - loadedSessionCount)
+
+  const recentsMeta = countLabel(agentSessions.length, knownSessionTotal)
 
   const handlePinnedDragEnd = ({ active, over }: DragEndEvent) => {
     if (!over || active.id === over.id) {
@@ -449,6 +568,8 @@ export function ChatSidebar({
                   (item.id === 'messaging' && currentView === 'messaging') ||
                   (item.id === 'artifacts' && currentView === 'artifacts')
 
+                const isNewSession = item.id === 'new-session'
+
                 return (
                   <SidebarMenuItem key={item.id}>
                     <SidebarMenuButton
@@ -460,15 +581,27 @@ export function ChatSidebar({
                         !isInteractive &&
                           'cursor-default hover:border-transparent hover:bg-transparent hover:text-inherit'
                       )}
-                      onClick={() => onNavigate(item)}
-                      tooltip={item.label}
+                      onClick={() => {
+                        // A plain new session lands in whatever profile the live
+                        // gateway is on (= the active switcher context). null →
+                        // no swap. The switcher header is the single place to
+                        // change which profile that is.
+                        if (isNewSession) {
+                          $newChatProfile.set(null)
+                        }
+
+                        onNavigate(item)
+                      }}
+                      tooltip={s.nav[item.id] ?? item.label}
                       type="button"
                     >
                       <item.icon className="size-4 shrink-0 text-[color-mix(in_srgb,currentColor_72%,transparent)]" />
                       {sidebarOpen && (
                         <>
-                          <span className="min-w-0 flex-1 truncate max-[46.25rem]:hidden">{item.label}</span>
-                          {item.id === 'new-session' && (
+                          <span className="min-w-0 flex-1 truncate max-[46.25rem]:hidden">
+                            {s.nav[item.id] ?? item.label}
+                          </span>
+                          {isNewSession && (
                             <KbdGroup
                               className={cn('ml-auto max-[46.25rem]:hidden', newSessionKbdFlash && 'opacity-100!')}
                               keys={[...NEW_SESSION_KBD]}
@@ -487,9 +620,9 @@ export function ChatSidebar({
         {sidebarOpen && showSessionSections && (
           <div className="shrink-0 px-2 pb-1 pt-1">
             <SearchField
-              aria-label="Search sessions"
+              aria-label={s.searchAria}
               onChange={setSearchQuery}
-              placeholder="Search sessions…"
+              placeholder={s.searchPlaceholder}
               value={searchQuery}
             />
           </div>
@@ -501,10 +634,10 @@ export function ChatSidebar({
             contentClassName="flex min-h-0 flex-1 flex-col gap-px overflow-y-auto overscroll-contain pb-1.75"
             emptyState={
               <div className="grid min-h-24 place-items-center rounded-lg px-2 text-center text-xs text-(--ui-text-tertiary)">
-                No sessions match “{trimmedQuery}”.
+                {s.noMatch(trimmedQuery)}
               </div>
             }
-            label="Results"
+            label={s.results}
             labelMeta={String(searchResults.length)}
             onArchiveSession={onArchiveSession}
             onDeleteSession={onDeleteSession}
@@ -525,7 +658,7 @@ export function ChatSidebar({
             contentClassName="flex min-h-10 shrink-0 flex-col gap-px rounded-lg pb-2 pt-1"
             dndSensors={dndSensors}
             emptyState={<SidebarPinnedEmptyState />}
-            label="Pinned"
+            label={s.pinned}
             onArchiveSession={onArchiveSession}
             onDeleteSession={onDeleteSession}
             onReorder={handlePinnedDragEnd}
@@ -544,11 +677,19 @@ export function ChatSidebar({
         {sidebarOpen && showSessionSections && !trimmedQuery && (
           <SidebarSessionsSection
             activeSessionId={activeSidebarSessionId}
-            contentClassName="flex min-h-0 flex-1 flex-col gap-px overflow-y-auto overscroll-contain pb-1.75"
+            contentClassName={cn(
+              'flex min-h-0 flex-1 flex-col overflow-y-auto overscroll-contain pb-1.75',
+              // Separate profile sections clearly in the ALL view; rows inside
+              // each group keep their own tight gap-px rhythm.
+              showAllProfiles ? 'gap-3' : 'gap-px'
+            )}
             dndSensors={dndSensors}
             emptyState={showSessionSkeletons ? <SidebarSessionSkeletons /> : <SidebarAllPinnedState />}
             footer={
-              !agentsGrouped && !showSessionSkeletons && hasMoreSessions ? (
+              // Hide "load more" only when workspace-grouped (those groups page
+              // themselves). ALL-profiles now pages per-profile from each profile
+              // header; the global footer only applies to non-ALL views.
+              !showAllProfiles && !agentsGrouped && !showSessionSkeletons && hasMoreSessions ? (
                 <SidebarLoadMoreRow
                   loading={sessionsLoading}
                   onClick={onLoadMoreSessions}
@@ -557,37 +698,43 @@ export function ChatSidebar({
               ) : null
             }
             forceEmptyState={showSessionSkeletons}
-            groups={agentsGrouped ? agentGroups : undefined}
+            groups={showAllProfiles ? profileGroups : agentsGrouped ? agentGroups : undefined}
             headerAction={
-              // Grouping operates on unpinned recents; if everything is
-              // pinned the toggle does nothing visible, so hide it to avoid
-              // a phantom click target.
-              agentSessions.length > 0 ? (
-                <Button
-                  aria-label={agentsGrouped ? 'Show sessions as a single list' : 'Group sessions by workspace'}
-                  className={cn(
-                    'text-(--ui-text-tertiary) opacity-70 hover:bg-(--ui-control-hover-background) hover:text-foreground hover:opacity-100 focus-visible:opacity-100',
-                    agentsGrouped && 'bg-(--ui-control-active-background) text-foreground opacity-100'
-                  )}
-                  onClick={event => {
-                    event.stopPropagation()
-                    setSidebarRecentsOpen(true)
-                    setSidebarAgentsGrouped(!agentsGrouped)
-                  }}
-                  size="icon-xs"
-                  title={agentsGrouped ? 'Ungroup sessions' : 'Group by workspace'}
-                  variant="ghost"
-                >
-                  <Codicon name={agentsGrouped ? 'list-unordered' : 'root-folder'} size="0.75rem" />
-                </Button>
-              ) : null
+              // Always reserve the icon-xs (size-6) slot so the header keeps the
+              // same height whether or not the toggle renders — otherwise the
+              // "Sessions" label jumps when switching to the ALL-profiles view.
+              // Grouping operates on unpinned recents; if everything is pinned
+              // the toggle does nothing, and it's irrelevant in the ALL-profiles
+              // view (always grouped by profile), so hide the button (not the slot).
+              <div className="grid size-6 shrink-0 place-items-center">
+                {!showAllProfiles && agentSessions.length > 0 ? (
+                  <Tip label={agentsGrouped ? s.groupTitleGrouped : s.groupTitleUngrouped}>
+                    <Button
+                      aria-label={agentsGrouped ? s.groupAriaGrouped : s.groupAriaUngrouped}
+                      className={cn(
+                        'text-(--ui-text-tertiary) opacity-70 hover:bg-(--ui-control-hover-background) hover:text-foreground hover:opacity-100 focus-visible:opacity-100',
+                        agentsGrouped && 'bg-(--ui-control-active-background) text-foreground opacity-100'
+                      )}
+                      onClick={event => {
+                        event.stopPropagation()
+                        setSidebarRecentsOpen(true)
+                        setSidebarAgentsGrouped(!agentsGrouped)
+                      }}
+                      size="icon-xs"
+                      variant="ghost"
+                    >
+                      <Codicon name={agentsGrouped ? 'list-unordered' : 'root-folder'} size="0.75rem" />
+                    </Button>
+                  </Tip>
+                ) : null}
+              </div>
             }
-            label="Sessions"
-            labelMeta={countLabel(agentSessions.length, knownSessionTotal)}
+            label={s.sessions}
+            labelMeta={recentsMeta}
             onArchiveSession={onArchiveSession}
             onDeleteSession={onDeleteSession}
-            onNewSessionInWorkspace={onNewSessionInWorkspace}
-            onReorder={handleAgentDragEnd}
+            onNewSessionInWorkspace={showAllProfiles ? undefined : onNewSessionInWorkspace}
+            onReorder={showAllProfiles ? undefined : handleAgentDragEnd}
             onResumeSession={onResumeSession}
             onToggle={() => setSidebarRecentsOpen(!agentsOpen)}
             onTogglePin={pinSession}
@@ -595,10 +742,18 @@ export function ChatSidebar({
             pinned={false}
             rootClassName="min-h-0 flex-1 p-0"
             sessions={agentSessions}
-            sortable={agentSessions.length > 1}
+            sortable={!showAllProfiles && agentSessions.length > 1}
             workingSessionIdSet={workingSessionIdSet}
           />
         )}
+
+        {sidebarOpen && !showSessionSections && <div className="min-h-0 flex-1" />}
+
+        {sidebarOpen && (
+          <div className="shrink-0 px-0.5 pb-1 pt-0.5">
+            <ProfileRail />
+          </div>
+        )}
       </SidebarContent>
     </Sidebar>
   )
@@ -645,19 +800,25 @@ function SidebarSessionSkeletons() {
   )
 }
 
-const SidebarAllPinnedState = () => (
-  <div className="grid min-h-24 place-items-center rounded-lg text-center text-xs text-(--ui-text-tertiary)">
-    Everything here is pinned. Unpin a chat to show it in recents.
-  </div>
-)
+function SidebarAllPinnedState() {
+  const { t } = useI18n()
+
+  return (
+    <div className="grid min-h-24 place-items-center rounded-lg text-center text-xs text-(--ui-text-tertiary)">
+      {t.sidebar.allPinned}
+    </div>
+  )
+}
 
 function SidebarPinnedEmptyState() {
+  const { t } = useI18n()
+
   return (
     <div className="flex min-h-7 items-center gap-1.5 rounded-lg pl-2 text-[0.75rem] text-(--ui-text-tertiary)">
       <span className="grid w-3.5 shrink-0 place-items-center text-(--ui-text-quaternary)">
         <Codicon name="pin" size="0.75rem" />
       </span>
-      <span>Shift-click a chat to pin</span>
+      <span>{t.sidebar.shiftClickHint}</span>
     </div>
   )
 }
@@ -667,6 +828,12 @@ interface SidebarSessionGroup {
   label: string
   path: null | string
   sessions: SessionInfo[]
+  // Profile color for the ALL-profiles view; absent for workspace groups.
+  color?: null | string
+  loadingMore?: boolean
+  mode?: 'profile' | 'workspace'
+  onLoadMore?: () => void
+  totalCount?: number
 }
 
 interface SidebarSessionsSectionProps {
@@ -850,43 +1017,72 @@ function SidebarWorkspaceGroup({
   ref,
   ...rest
 }: SidebarWorkspaceGroupProps) {
+  const { t } = useI18n()
+  const s = t.sidebar
+  const isProfileGroup = group.mode === 'profile'
+  const pageStep = isProfileGroup ? PROFILE_INITIAL_PAGE : WORKSPACE_PAGE
   const [open, setOpen] = useState(true)
-  const [visibleCount, setVisibleCount] = useState(WORKSPACE_PAGE)
+  const [visibleCount, setVisibleCount] = useState(pageStep)
+
+  const loadedCount = group.sessions.length
+  // Profile groups know their on-disk total (children excluded); workspace
+  // groups only ever page within what's already loaded.
+  const totalCount = isProfileGroup ? Math.max(group.totalCount ?? loadedCount, loadedCount) : loadedCount
   const visibleSessions = group.sessions.slice(0, visibleCount)
-  const hiddenCount = Math.max(0, group.sessions.length - visibleSessions.length)
-  const nextCount = Math.min(WORKSPACE_PAGE, hiddenCount)
+  const hiddenCount = Math.max(0, totalCount - visibleSessions.length)
+  const nextCount = Math.min(pageStep, hiddenCount)
+
+  // Reveal already-loaded rows first; only hit the backend when the next page
+  // crosses what's been fetched for this profile.
+  const handleProfileLoadMore = () => {
+    const target = visibleCount + pageStep
+
+    setVisibleCount(target)
+
+    if (target > loadedCount && loadedCount < totalCount) {
+      group.onLoadMore?.()
+    }
+  }
 
   return (
     <div className={cn('grid gap-px', dragging && 'z-10 opacity-60', className)} ref={ref} style={style} {...rest}>
       <div className="group/workspace flex min-h-6 items-center gap-1 px-2 pt-1 text-[0.6875rem] font-medium text-(--ui-text-tertiary)">
         <button
-          className="flex min-w-0 items-center gap-1 bg-transparent text-left hover:text-(--ui-text-secondary)"
+          className="flex min-w-0 items-center gap-1.5 bg-transparent text-left hover:text-(--ui-text-secondary)"
           onClick={() => setOpen(value => !value)}
-          title={group.path ?? undefined}
           type="button"
         >
+          {group.color ? (
+            <span aria-hidden="true" className="size-2 shrink-0 rounded-full" style={{ backgroundColor: group.color }} />
+          ) : null}
           <span className="truncate">{group.label}</span>
-          <SidebarCount>{group.sessions.length}</SidebarCount>
+          <SidebarCount>
+            {isProfileGroup ? countLabel(visibleSessions.length, totalCount) : group.sessions.length}
+          </SidebarCount>
           <DisclosureCaret
             className="text-(--ui-text-tertiary) opacity-0 transition group-hover/workspace:opacity-100"
             open={open}
           />
         </button>
-        {onNewSession && (
-          <button
-            aria-label={`New session in ${group.label}`}
-            className="grid size-4 shrink-0 place-items-center rounded-sm bg-transparent text-(--ui-text-quaternary) opacity-0 transition-opacity hover:bg-(--ui-control-hover-background) hover:text-foreground group-hover/workspace:opacity-100"
-            onClick={() => onNewSession(group.path)}
-            title={`New session in ${group.label}`}
-            type="button"
-          >
-            <Codicon name="add" size="0.75rem" />
-          </button>
+        {(onNewSession || isProfileGroup) && (
+          <Tip label={s.newSessionIn(group.label)}>
+            <button
+              aria-label={s.newSessionIn(group.label)}
+              className="grid size-4 shrink-0 place-items-center rounded-sm bg-transparent text-(--ui-text-quaternary) opacity-0 transition-opacity hover:bg-(--ui-control-hover-background) hover:text-foreground group-hover/workspace:opacity-100"
+              // Profile groups start a fresh session in that profile but keep the
+              // all-profiles browse view (newSessionInProfile leaves the scope
+              // alone); workspace groups seed the new session's cwd from the path.
+              onClick={() => (isProfileGroup ? newSessionInProfile(group.id) : onNewSession?.(group.path))}
+              type="button"
+            >
+              <Codicon name="add" size="0.75rem" />
+            </button>
+          </Tip>
         )}
         {reorderable && (
           <span
             {...dragHandleProps}
-            aria-label={`Reorder workspace ${group.label}`}
+            aria-label={s.reorderWorkspace(group.label)}
             className="ml-auto -my-0.5 grid w-4 shrink-0 cursor-grab touch-none place-items-center self-stretch overflow-hidden active:cursor-grabbing"
             onClick={event => event.stopPropagation()}
           >
@@ -904,17 +1100,21 @@ function SidebarWorkspaceGroup({
       {open && (
         <>
           {renderRows(visibleSessions)}
-          {hiddenCount > 0 && (
-            <button
-              aria-label={`Show ${nextCount} more in ${group.label}`}
-              className="ml-auto grid size-5 place-items-center rounded-sm bg-transparent text-(--ui-text-tertiary) transition-colors hover:bg-(--ui-control-hover-background) hover:text-foreground"
-              onClick={() => setVisibleCount(count => count + WORKSPACE_PAGE)}
-              title={`Show ${nextCount} more in ${group.label}`}
-              type="button"
-            >
-              <Codicon name="ellipsis" size="0.75rem" />
-            </button>
-          )}
+          {hiddenCount > 0 &&
+            (isProfileGroup ? (
+              <SidebarLoadMoreRow loading={Boolean(group.loadingMore)} onClick={handleProfileLoadMore} step={nextCount} />
+            ) : (
+              <Tip label={s.showMoreIn(nextCount, group.label)}>
+                <button
+                  aria-label={s.showMoreIn(nextCount, group.label)}
+                  className="ml-auto grid size-5 place-items-center rounded-sm bg-transparent text-(--ui-text-tertiary) transition-colors hover:bg-(--ui-control-hover-background) hover:text-foreground"
+                  onClick={() => setVisibleCount(count => count + WORKSPACE_PAGE)}
+                  type="button"
+                >
+                  <Codicon name="ellipsis" size="0.75rem" />
+                </button>
+              </Tip>
+            ))}
         </>
       )}
     </div>
@@ -957,16 +1157,21 @@ interface SidebarLoadMoreRowProps {
 }
 
 function SidebarLoadMoreRow({ loading, onClick, step }: SidebarLoadMoreRowProps) {
-  const label = loading ? 'Loading…' : step > 0 ? `Load ${step} more` : 'Load more'
+  const { t } = useI18n()
+  const label = loading ? t.sidebar.loading : step > 0 ? t.sidebar.loadCount(step) : t.sidebar.loadMore
 
   return (
     <button
-      className="flex min-h-5 items-center gap-1 self-start bg-transparent pl-2 text-left text-[0.6875rem] text-(--ui-text-tertiary) transition-colors duration-100 ease-out hover:text-foreground hover:transition-none disabled:cursor-default disabled:opacity-60 disabled:hover:text-(--ui-text-tertiary)"
+      className="flex min-h-5 items-center gap-1.5 self-start bg-transparent pl-2 text-left text-[0.6875rem] text-(--ui-text-tertiary) transition-colors duration-100 ease-out hover:text-foreground hover:transition-none disabled:cursor-default disabled:opacity-60 disabled:hover:text-(--ui-text-tertiary)"
       disabled={loading}
       onClick={onClick}
       type="button"
     >
-      <Codicon className="opacity-70" name={loading ? 'loading' : 'chevron-down'} size="0.75rem" spinning={loading} />
+      {/* Seat the icon in the same w-3.5 column session rows use for their dot
+          so the chevron + label line up with the rows above. */}
+      <span className="grid w-3.5 shrink-0 place-items-center">
+        <Codicon className="opacity-70" name={loading ? 'loading' : 'chevron-down'} size="0.75rem" spinning={loading} />
+      </span>
       <span>{label}</span>
     </button>
   )

apps/desktop/src/app/chat/sidebar/profile-switcher.tsx

@@ -0,0 +1,491 @@
+import {
+  closestCenter,
+  DndContext,
+  type DragEndEvent,
+  type DragOverEvent,
+  type DragStartEvent,
+  KeyboardSensor,
+  type Modifier,
+  PointerSensor,
+  useSensor,
+  useSensors
+} from '@dnd-kit/core'
+import {
+  arrayMove,
+  horizontalListSortingStrategy,
+  SortableContext,
+  sortableKeyboardCoordinates,
+  useSortable
+} from '@dnd-kit/sortable'
+import { CSS } from '@dnd-kit/utilities'
+import { useStore } from '@nanostores/react'
+import { useEffect, useRef, useState } from 'react'
+import { useNavigate } from 'react-router-dom'
+
+import { Button } from '@/components/ui/button'
+import { Codicon } from '@/components/ui/codicon'
+import { ContextMenu, ContextMenuContent, ContextMenuItem, ContextMenuTrigger } from '@/components/ui/context-menu'
+import { Popover, PopoverAnchor, PopoverContent } from '@/components/ui/popover'
+import { Tip, Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from '@/components/ui/tooltip'
+import { triggerHaptic } from '@/lib/haptics'
+import { PROFILE_SWATCHES, profileColorSoft, resolveProfileColor } from '@/lib/profile-color'
+import { cn } from '@/lib/utils'
+import {
+  $activeGatewayProfile,
+  $profileColors,
+  $profileOrder,
+  $profiles,
+  $profileScope,
+  ALL_PROFILES,
+  normalizeProfileKey,
+  refreshActiveProfile,
+  selectProfile,
+  setProfileColor,
+  setProfileOrder,
+  setShowAllProfiles,
+  sortByProfileOrder
+} from '@/store/profile'
+import type { ProfileInfo } from '@/types/hermes'
+
+import { CreateProfileDialog } from '../../profiles/create-profile-dialog'
+import { DeleteProfileDialog } from '../../profiles/delete-profile-dialog'
+import { RenameProfileDialog } from '../../profiles/rename-profile-dialog'
+import { PROFILES_ROUTE } from '../../routes'
+
+const RAIL_GAP = 4 // px — matches gap-1 between squares.
+
+// easeOutBack — a little overshoot so squares spring into their new slot rather
+// than sliding in flat. Neighbors reflow on RAIL_TRANSITION; the dragged square
+// glides between snapped cells on the snappier DRAG_TRANSITION.
+const SPRING = 'cubic-bezier(0.34, 1.56, 0.64, 1)'
+const RAIL_TRANSITION = { duration: 300, easing: SPRING }
+const DRAG_TRANSITION = `transform 200ms ${SPRING}`
+
+// The rail is a single horizontal strip of fixed cells. Pin drags to the x-axis
+// (no cross-axis scrollbar), snap to whole cells so a square steps slot-to-slot
+// instead of gliding, and clamp to the occupied strip so it can't float past the
+// last profile onto the "+".
+const stepThroughCells: Modifier = ({ containerNodeRect, draggingNodeRect, transform }) => {
+  if (!draggingNodeRect || !containerNodeRect) {
+    return { ...transform, y: 0 }
+  }
+
+  const pitch = draggingNodeRect.width + RAIL_GAP
+  const minX = containerNodeRect.left - draggingNodeRect.left
+  const maxX = containerNodeRect.right - draggingNodeRect.right
+  const snapped = Math.round(transform.x / pitch) * pitch
+
+  return { ...transform, x: Math.min(maxX, Math.max(minX, snapped)), y: 0 }
+}
+
+// Arc-Spaces-style profile rail at the sidebar foot: a default↔all toggle pinned
+// left, the colored named profiles scrolling between, and Manage pinned right.
+// The active profile pops in its own color — the "where am I" cue. Single-
+// profile users see only the "+" (create their first profile); everything else
+// appears once a second profile exists.
+export function ProfileRail() {
+  const profiles = useStore($profiles)
+  const scope = useStore($profileScope)
+  const gatewayProfile = useStore($activeGatewayProfile)
+  const order = useStore($profileOrder)
+  const colors = useStore($profileColors)
+  const navigate = useNavigate()
+
+  const [createOpen, setCreateOpen] = useState(false)
+  const [pendingRename, setPendingRename] = useState<null | ProfileInfo>(null)
+  const [pendingDelete, setPendingDelete] = useState<null | ProfileInfo>(null)
+  const scrollRef = useRef<HTMLDivElement>(null)
+
+  // A plain mouse wheel only emits deltaY; map it to horizontal scroll so the
+  // rail is navigable without a trackpad. Trackpad x-scroll (deltaX) passes
+  // through. Native + non-passive so we can preventDefault and not bleed the
+  // gesture into the sessions list above.
+  useEffect(() => {
+    const el = scrollRef.current
+
+    if (!el) {
+      return
+    }
+
+    const onWheel = (event: WheelEvent) => {
+      if (el.scrollWidth <= el.clientWidth || Math.abs(event.deltaY) <= Math.abs(event.deltaX)) {
+        return
+      }
+
+      el.scrollLeft += event.deltaY
+      event.preventDefault()
+    }
+
+    el.addEventListener('wheel', onWheel, { passive: false })
+
+    return () => el.removeEventListener('wheel', onWheel)
+  }, [])
+
+  const isAll = scope === ALL_PROFILES
+  const activeKey = normalizeProfileKey(gatewayProfile)
+  const defaultProfile = profiles.find(profile => profile.is_default)
+  const onDefault = !isAll && activeKey === 'default'
+
+  const named = sortByProfileOrder(profiles.filter(profile => !profile.is_default), order)
+  const multiProfile = profiles.length > 1
+
+  // distance constraint: a small drag reorders, a tap still selects the profile.
+  const sensors = useSensors(
+    useSensor(PointerSensor, { activationConstraint: { distance: 4 } }),
+    useSensor(KeyboardSensor, { coordinateGetter: sortableKeyboardCoordinates })
+  )
+
+  // Tick a haptic each time the drag crosses into a new cell, and a satisfying
+  // confirm on a committed reorder.
+  const lastOverRef = useRef<string | null>(null)
+
+  const handleDragStart = ({ active }: DragStartEvent) => {
+    lastOverRef.current = String(active.id)
+  }
+
+  const handleDragOver = ({ over }: DragOverEvent) => {
+    const id = over ? String(over.id) : null
+
+    if (id && id !== lastOverRef.current) {
+      lastOverRef.current = id
+      triggerHaptic('selection')
+    }
+  }
+
+  const handleDragEnd = ({ active, over }: DragEndEvent) => {
+    lastOverRef.current = null
+
+    if (!over || active.id === over.id) {
+      return
+    }
+
+    const ids = named.map(profile => profile.name)
+    const from = ids.indexOf(String(active.id))
+    const to = ids.indexOf(String(over.id))
+
+    if (from >= 0 && to >= 0) {
+      setProfileOrder(arrayMove(ids, from, to))
+      triggerHaptic('success')
+    }
+  }
+
+  // Re-pull the running profile + list on mount so a profile created elsewhere
+  // shows up; cheap and best-effort.
+  useEffect(() => {
+    void refreshActiveProfile()
+  }, [])
+
+  return (
+    <div aria-label="Profiles" className="flex items-center gap-0.5" role="tablist">
+      {/* One button toggles default ↔ all: home face when scoped to a profile,
+          layers face when showing everything. Pinned left like Manage is right.
+          Hidden until a second profile exists. */}
+      {multiProfile &&
+        (defaultProfile ? (
+          // On default → toggle to all. Anywhere else (all view or a named
+          // profile) → return to default. So leaving a profile never lands on all.
+          <ProfilePill
+            active={isAll || onDefault}
+            glyph={isAll ? 'layers' : 'home'}
+            label={onDefault ? 'Show all profiles' : `Switch to ${defaultProfile.name}`}
+            onSelect={() => (onDefault ? setShowAllProfiles(true) : selectProfile(defaultProfile.name))}
+          />
+        ) : (
+          <ProfilePill active={isAll} glyph="layers" label="All profiles" onSelect={() => setShowAllProfiles(true)} />
+        ))}
+
+      {/* Single-profile: the active default's home icon next to the create +. */}
+      {!multiProfile && defaultProfile && (
+        <ProfilePill active glyph="home" label={defaultProfile.name} onSelect={() => selectProfile(defaultProfile.name)} />
+      )}
+
+      <div
+        className="flex min-w-0 flex-1 items-center gap-1 overflow-x-auto [scrollbar-width:none] [&::-webkit-scrollbar]:hidden"
+        ref={scrollRef}
+      >
+        {multiProfile && (
+          <DndContext
+            collisionDetection={closestCenter}
+            modifiers={[stepThroughCells]}
+            onDragEnd={handleDragEnd}
+            onDragOver={handleDragOver}
+            onDragStart={handleDragStart}
+            sensors={sensors}
+          >
+            <SortableContext items={named.map(profile => profile.name)} strategy={horizontalListSortingStrategy}>
+              {/* relative → the strip is the dragged square's offsetParent, so the
+                  clamp modifier bounds drags to the occupied cells (not the +). */}
+              <div className="relative flex items-center gap-1">
+                {named.map(profile => (
+                  <ProfileSquare
+                    active={!isAll && normalizeProfileKey(profile.name) === activeKey}
+                    color={resolveProfileColor(profile.name, colors)}
+                    key={profile.name}
+                    label={profile.name}
+                    onDelete={() => setPendingDelete(profile)}
+                    onRecolor={color => setProfileColor(profile.name, color)}
+                    onRename={() => setPendingRename(profile)}
+                    onSelect={() => selectProfile(profile.name)}
+                  />
+                ))}
+              </div>
+            </SortableContext>
+          </DndContext>
+        )}
+
+        <Tip label="New profile">
+          <button
+            aria-label="New profile"
+            className="grid size-5 shrink-0 place-items-center rounded-[3px] text-(--ui-text-tertiary) opacity-55 transition hover:bg-(--ui-control-hover-background) hover:text-foreground hover:opacity-100"
+            onClick={() => setCreateOpen(true)}
+            type="button"
+          >
+            <Codicon name="add" size="0.75rem" />
+          </button>
+        </Tip>
+      </div>
+
+      {multiProfile && (
+        <ProfilePill active={false} glyph="ellipsis" label="Manage profiles…" onSelect={() => navigate(PROFILES_ROUTE)} />
+      )}
+
+      {/* Land in the new profile on a fresh chat (selectProfile triggers the
+          new-session reset), not stuck on the session you were just in. */}
+      <CreateProfileDialog
+        onClose={() => setCreateOpen(false)}
+        onCreated={async name => {
+          await refreshActiveProfile()
+          selectProfile(name)
+        }}
+        open={createOpen}
+      />
+
+      <RenameProfileDialog
+        currentName={pendingRename?.name ?? ''}
+        onClose={() => setPendingRename(null)}
+        onRenamed={refreshActiveProfile}
+        open={pendingRename !== null}
+      />
+
+      <DeleteProfileDialog
+        onClose={() => setPendingDelete(null)}
+        onDeleted={refreshActiveProfile}
+        open={pendingDelete !== null}
+        profile={pendingDelete}
+      />
+    </div>
+  )
+}
+
+interface ProfilePillProps {
+  active: boolean
+  // home / All / Manage are glyph action buttons (navigation, not identity).
+  glyph: string
+  label: string
+  onSelect: () => void
+}
+
+function ProfilePill({ active, glyph, label, onSelect }: ProfilePillProps) {
+  return (
+    <Tip label={label}>
+      <Button
+        aria-label={label}
+        aria-pressed={active}
+        className={cn(
+          'bg-transparent text-(--ui-text-tertiary) hover:bg-(--ui-control-hover-background) hover:text-foreground',
+          active && 'bg-(--ui-control-active-background) text-foreground'
+        )}
+        onClick={onSelect}
+        size="icon-xs"
+        type="button"
+        variant="ghost"
+      >
+        <Codicon name={glyph} size="0.875rem" />
+      </Button>
+    </Tip>
+  )
+}
+
+interface ProfileSquareProps {
+  active: boolean
+  color: null | string
+  label: string
+  onSelect: () => void
+  onRecolor: (color: null | string) => void
+  onRename: () => void
+  onDelete: () => void
+}
+
+// Hold this long without moving (a drag would have started first) to open the
+// color picker — the "hard press" gesture, distinct from tap-to-select.
+const LONG_PRESS_MS = 450
+
+// A profile *is* its colored square — no icon-button chrome. Soft profile-tint
+// fill + the initial in the full color; the active one pops to full opacity with
+// a color ring. These pack tightly so the rail reads as a strip of profiles,
+// drag-sort to reorder (a tap below the drag threshold still selects), and
+// right-click to rename/delete. The button carries both the tooltip and
+// context-menu triggers via nested asChild Slots, so a single element keeps the
+// dnd listeners, hover tip, and right-click menu.
+function ProfileSquare({ active, color, label, onDelete, onRecolor, onRename, onSelect }: ProfileSquareProps) {
+  const hue = color ?? 'var(--ui-text-quaternary)'
+  const [pickerOpen, setPickerOpen] = useState(false)
+  const pressTimer = useRef<null | number>(null)
+  const suppressClick = useRef(false)
+
+  const { attributes, isDragging, listeners, setNodeRef, transform, transition } = useSortable({
+    id: label,
+    transition: RAIL_TRANSITION
+  })
+
+  const clearPress = () => {
+    if (pressTimer.current != null) {
+      clearTimeout(pressTimer.current)
+      pressTimer.current = null
+    }
+  }
+
+  // A real drag (movement past the dnd threshold) cancels the pending hold, so a
+  // reorder never doubles as a color pick. Also tidy up on unmount.
+  useEffect(() => {
+    if (isDragging) {
+      clearPress()
+    }
+  }, [isDragging])
+  useEffect(() => clearPress, [])
+
+  const base = CSS.Transform.toString(transform)
+  const ring = active ? `inset 0 0 0 1.5px ${hue}` : ''
+  const lift = isDragging ? '0 6px 16px -4px rgb(0 0 0 / 0.4)' : ''
+
+  const pickColor = (next: null | string) => {
+    onRecolor(next)
+    setPickerOpen(false)
+    triggerHaptic('selection')
+  }
+
+  return (
+    <Popover onOpenChange={setPickerOpen} open={pickerOpen}>
+      <ContextMenu>
+        <TooltipProvider delayDuration={0}>
+          <Tooltip>
+            <PopoverAnchor asChild>
+              <ContextMenuTrigger asChild>
+                <TooltipTrigger asChild>
+                  <button
+                    className={cn(
+                      'grid size-5 shrink-0 cursor-grab touch-none select-none place-items-center rounded-[3px] text-[0.5625rem] font-semibold uppercase leading-none transition-opacity hover:opacity-100',
+                      active ? 'opacity-100' : 'opacity-55',
+                      isDragging && 'z-10 cursor-grabbing opacity-100'
+                    )}
+                    ref={setNodeRef}
+                    style={{
+                      backgroundColor: profileColorSoft(hue, active ? 30 : 22),
+                      boxShadow: [ring, lift].filter(Boolean).join(', ') || undefined,
+                      color: color ?? undefined,
+                      // Glide the dragged square between snapped cells with a little
+                      // overshoot (no scale — the overflow-x strip would clip it).
+                      transform: base,
+                      transition: isDragging ? DRAG_TRANSITION : transition
+                    }}
+                    type="button"
+                    {...attributes}
+                    {...listeners}
+                    aria-label={label}
+                    aria-pressed={active}
+                    // Hold-to-recolor rides alongside the dnd pointer listener (call
+                    // it first so drag tracking still arms), then a timer opens the
+                    // picker and flags the trailing click so it doesn't also select.
+                    onClick={() => {
+                      if (suppressClick.current) {
+                        suppressClick.current = false
+
+                        return
+                      }
+
+                      onSelect()
+                    }}
+                    onPointerCancel={clearPress}
+                    onPointerDown={event => {
+                      listeners?.onPointerDown?.(event)
+
+                      if (event.button !== 0) {
+                        return
+                      }
+
+                      suppressClick.current = false
+                      clearPress()
+                      pressTimer.current = window.setTimeout(() => {
+                        suppressClick.current = true
+                        triggerHaptic('success')
+                        setPickerOpen(true)
+                      }, LONG_PRESS_MS)
+                    }}
+                    onPointerLeave={clearPress}
+                    onPointerUp={clearPress}
+                  >
+                    {label.replace(/[^a-z0-9]/gi, '').charAt(0) || '?'}
+                  </button>
+                </TooltipTrigger>
+              </ContextMenuTrigger>
+            </PopoverAnchor>
+            <TooltipContent>{label}</TooltipContent>
+          </Tooltip>
+        </TooltipProvider>
+
+        {/* The rail sits at the very bottom, so pad off the chrome (esp. the
+            statusbar) — Radix then flips the menu up instead of squishing it. */}
+        <ContextMenuContent
+          aria-label={`Actions for ${label}`}
+          className="w-40"
+          collisionPadding={{ bottom: 44, left: 8, right: 8, top: 8 }}
+        >
+          <ContextMenuItem onSelect={() => setPickerOpen(true)}>
+            <Codicon name="symbol-color" size="0.875rem" />
+            <span>Color…</span>
+          </ContextMenuItem>
+          <ContextMenuItem onSelect={onRename}>
+            <Codicon name="edit" size="0.875rem" />
+            <span>Rename</span>
+          </ContextMenuItem>
+          <ContextMenuItem className="text-destructive focus:text-destructive" onSelect={onDelete} variant="destructive">
+            <Codicon name="trash" size="0.875rem" />
+            <span>Delete</span>
+          </ContextMenuItem>
+        </ContextMenuContent>
+      </ContextMenu>
+
+      <PopoverContent
+        aria-label={`Color for ${label}`}
+        className="w-auto p-2"
+        collisionPadding={{ bottom: 44, left: 8, right: 8, top: 8 }}
+        side="top"
+      >
+        <div className="grid grid-cols-6 gap-1.5">
+          {PROFILE_SWATCHES.map(swatch => (
+            <button
+              aria-label={`Set color ${swatch}`}
+              className="size-5 rounded-full transition-transform hover:scale-110"
+              key={swatch}
+              onClick={() => pickColor(swatch)}
+              style={{
+                backgroundColor: swatch,
+                boxShadow: swatch === color ? '0 0 0 2px var(--ui-bg-elevated), 0 0 0 3.5px currentColor' : undefined,
+                color: swatch
+              }}
+              type="button"
+            />
+          ))}
+        </div>
+        <button
+          className="mt-2 flex w-full items-center justify-center gap-1.5 rounded-md py-1 text-xs text-(--ui-text-tertiary) transition hover:bg-(--ui-control-hover-background) hover:text-foreground"
+          onClick={() => pickColor(null)}
+          type="button"
+        >
+          <Codicon name="sync" size="0.75rem" />
+          Auto
+        </button>
+      </PopoverContent>
+    </Popover>
+  )
+}

apps/desktop/src/app/chat/sidebar/session-actions-menu.tsx

@@ -16,6 +16,7 @@ import {
 import { DropdownMenu, DropdownMenuContent, DropdownMenuItem, DropdownMenuTrigger } from '@/components/ui/dropdown-menu'
 import { Input } from '@/components/ui/input'
 import { renameSession } from '@/hermes'
+import { useI18n } from '@/i18n'
 import { triggerHaptic } from '@/lib/haptics'
 import { exportSession } from '@/lib/session-export'
 import { notify, notifyError } from '@/store/notifications'
@@ -25,6 +26,7 @@ interface SessionActions {
   sessionId: string
   title: string
   pinned?: boolean
+  profile?: string
   onPin?: () => void
   onArchive?: () => void
   onDelete?: () => void
@@ -41,14 +43,16 @@ interface ItemSpec {
   variant?: 'destructive'
 }
 
-function useSessionActions({ sessionId, title, pinned = false, onPin, onArchive, onDelete }: SessionActions) {
+function useSessionActions({ sessionId, title, pinned = false, profile, onPin, onArchive, onDelete }: SessionActions) {
+  const { t } = useI18n()
+  const r = t.sidebar.row
   const [renameOpen, setRenameOpen] = useState(false)
 
   const items: ItemSpec[] = [
     {
       disabled: !onPin,
       icon: 'pin',
-      label: pinned ? 'Unpin' : 'Pin',
+      label: pinned ? r.unpin : r.pin,
       onSelect: () => {
         triggerHaptic('selection')
         onPin?.()
@@ -57,17 +61,17 @@ function useSessionActions({ sessionId, title, pinned = false, onPin, onArchive,
     {
       disabled: !sessionId,
       icon: 'copy',
-      label: 'Copy ID',
+      label: r.copyId,
       onSelect: event => {
         event.preventDefault()
         triggerHaptic('selection')
-        void writeClipboardText(sessionId).catch(err => notifyError(err, 'Could not copy session ID'))
+        void writeClipboardText(sessionId).catch(err => notifyError(err, r.copyIdFailed))
       }
     },
     {
       disabled: !sessionId,
       icon: 'cloud-download',
-      label: 'Export',
+      label: r.export,
       onSelect: () => {
         triggerHaptic('selection')
         void exportSession(sessionId, { title })
@@ -76,7 +80,7 @@ function useSessionActions({ sessionId, title, pinned = false, onPin, onArchive,
     {
       disabled: !sessionId,
       icon: 'edit',
-      label: 'Rename',
+      label: r.rename,
       onSelect: () => {
         triggerHaptic('selection')
         setRenameOpen(true)
@@ -85,7 +89,7 @@ function useSessionActions({ sessionId, title, pinned = false, onPin, onArchive,
     {
       disabled: !onArchive,
       icon: 'archive',
-      label: 'Archive',
+      label: r.archive,
       onSelect: () => {
         triggerHaptic('selection')
         onArchive?.()
@@ -95,7 +99,7 @@ function useSessionActions({ sessionId, title, pinned = false, onPin, onArchive,
       className: 'text-destructive focus:text-destructive',
       disabled: !onDelete,
       icon: 'trash',
-      label: 'Delete',
+      label: t.common.delete,
       onSelect: () => {
         triggerHaptic('warning')
         onDelete?.()
@@ -113,7 +117,13 @@ function useSessionActions({ sessionId, title, pinned = false, onPin, onArchive,
     ))
 
   const renameDialog = (
-    <RenameSessionDialog currentTitle={title} onOpenChange={setRenameOpen} open={renameOpen} sessionId={sessionId} />
+    <RenameSessionDialog
+      currentTitle={title}
+      onOpenChange={setRenameOpen}
+      open={renameOpen}
+      profile={profile}
+      sessionId={sessionId}
+    />
   )
 
   return { renameDialog, renderItems }
@@ -125,6 +135,7 @@ interface SessionActionsMenuProps
 }
 
 export function SessionActionsMenu({ children, align = 'end', sideOffset = 6, ...actions }: SessionActionsMenuProps) {
+  const { t } = useI18n()
   const { renameDialog, renderItems } = useSessionActions(actions)
 
   return (
@@ -133,7 +144,7 @@ export function SessionActionsMenu({ children, align = 'end', sideOffset = 6, ..
         <DropdownMenuTrigger asChild>{children}</DropdownMenuTrigger>
         <DropdownMenuContent
           align={align}
-          aria-label={`Actions for ${actions.title}`}
+          aria-label={t.sidebar.row.actionsFor(actions.title)}
           className="w-40"
           sideOffset={sideOffset}
         >
@@ -150,13 +161,14 @@ interface SessionContextMenuProps extends SessionActions {
 }
 
 export function SessionContextMenu({ children, ...actions }: SessionContextMenuProps) {
+  const { t } = useI18n()
   const { renameDialog, renderItems } = useSessionActions(actions)
 
   return (
     <>
       <ContextMenu>
         <ContextMenuTrigger asChild>{children}</ContextMenuTrigger>
-        <ContextMenuContent aria-label={`Actions for ${actions.title}`} className="w-40">
+        <ContextMenuContent aria-label={t.sidebar.row.actionsFor(actions.title)} className="w-40">
           {renderItems(ContextMenuItem)}
         </ContextMenuContent>
       </ContextMenu>
@@ -170,9 +182,12 @@ interface RenameSessionDialogProps {
   onOpenChange: (open: boolean) => void
   sessionId: string
   currentTitle: string
+  profile?: string
 }
 
-function RenameSessionDialog({ open, onOpenChange, sessionId, currentTitle }: RenameSessionDialogProps) {
+function RenameSessionDialog({ open, onOpenChange, sessionId, currentTitle, profile }: RenameSessionDialogProps) {
+  const { t } = useI18n()
+  const r = t.sidebar.row
   const [value, setValue] = useState(currentTitle)
   const [submitting, setSubmitting] = useState(false)
   const inputRef = useRef<HTMLInputElement>(null)
@@ -200,13 +215,13 @@ function RenameSessionDialog({ open, onOpenChange, sessionId, currentTitle }: Re
     setSubmitting(true)
 
     try {
-      const result = await renameSession(sessionId, next)
+      const result = await renameSession(sessionId, next, profile)
       const finalTitle = result.title || next || ''
       setSessions(prev => prev.map(s => (s.id === sessionId ? { ...s, title: finalTitle || null } : s)))
-      notify({ durationMs: 2_000, kind: 'success', message: 'Renamed' })
+      notify({ durationMs: 2_000, kind: 'success', message: r.renamed })
       onOpenChange(false)
     } catch (err) {
-      notifyError(err, 'Rename failed')
+      notifyError(err, r.renameFailed)
     } finally {
       setSubmitting(false)
     }
@@ -216,8 +231,8 @@ function RenameSessionDialog({ open, onOpenChange, sessionId, currentTitle }: Re
     <Dialog onOpenChange={onOpenChange} open={open}>
       <DialogContent className="max-w-md">
         <DialogHeader>
-          <DialogTitle>Rename session</DialogTitle>
-          <DialogDescription>Give this chat a memorable title. Leave empty to clear.</DialogDescription>
+          <DialogTitle>{r.renameTitle}</DialogTitle>
+          <DialogDescription>{r.renameDesc}</DialogDescription>
         </DialogHeader>
         <Input
           autoFocus
@@ -231,16 +246,16 @@ function RenameSessionDialog({ open, onOpenChange, sessionId, currentTitle }: Re
               onOpenChange(false)
             }
           }}
-          placeholder="Untitled session"
+          placeholder={r.untitledPlaceholder}
           ref={inputRef}
           value={value}
         />
         <DialogFooter>
           <Button disabled={submitting} onClick={() => onOpenChange(false)} type="button" variant="ghost">
-            Cancel
+            {t.common.cancel}
           </Button>
           <Button disabled={submitting} onClick={() => void submit()} type="button">
-            Save
+            {t.common.save}
           </Button>
         </DialogFooter>
       </DialogContent>

apps/desktop/src/app/chat/sidebar/session-row.tsx

@@ -1,9 +1,11 @@
 import { useStore } from '@nanostores/react'
 import type * as React from 'react'
 
+import { writeSessionDrag } from '@/app/chat/composer/inline-refs'
 import { Button } from '@/components/ui/button'
 import { Codicon } from '@/components/ui/codicon'
 import type { SessionInfo } from '@/hermes'
+import { type Translations, useI18n } from '@/i18n'
 import { sessionTitle } from '@/lib/chat-runtime'
 import { triggerHaptic } from '@/lib/haptics'
 import { cn } from '@/lib/utils'
@@ -25,22 +27,22 @@ interface SidebarSessionRowProps extends React.ComponentProps<'div'> {
   dragHandleProps?: React.HTMLAttributes<HTMLElement>
 }
 
-const AGE_TICKS: ReadonlyArray<[number, string]> = [
-  [86_400_000, 'd'],
-  [3_600_000, 'h'],
-  [60_000, 'm']
+const AGE_TICKS: ReadonlyArray<[number, 'ageDay' | 'ageHour' | 'ageMin']> = [
+  [86_400_000, 'ageDay'],
+  [3_600_000, 'ageHour'],
+  [60_000, 'ageMin']
 ]
 
-function formatAge(seconds: number): string {
+function formatAge(seconds: number, r: Translations['sidebar']['row']): string {
   const delta = Math.max(0, Date.now() - seconds * 1000)
 
-  for (const [ms, suffix] of AGE_TICKS) {
+  for (const [ms, key] of AGE_TICKS) {
     if (delta >= ms) {
-      return `${Math.floor(delta / ms)}${suffix}`
+      return `${Math.floor(delta / ms)}${r[key]}`
     }
   }
 
-  return 'now'
+  return r.ageNow
 }
 
 export function SidebarSessionRow({
@@ -60,8 +62,10 @@ export function SidebarSessionRow({
   ref,
   ...rest
 }: SidebarSessionRowProps) {
+  const { t } = useI18n()
+  const r = t.sidebar.row
   const title = sessionTitle(session)
-  const age = formatAge(session.last_active || session.started_at)
+  const age = formatAge(session.last_active || session.started_at, r)
   const handleLabel = `Reorder ${title}`
   // Subscribe per-row (the leaf) instead of drilling a set through the list —
   // the atom is tiny and rarely non-empty. True when a clarify prompt in this
@@ -74,6 +78,7 @@ export function SidebarSessionRow({
       onDelete={onDelete}
       onPin={onPin}
       pinned={isPinned}
+      profile={session.profile}
       sessionId={session.id}
       title={title}
     >
@@ -86,6 +91,22 @@ export function SidebarSessionRow({
           className
         )}
         data-working={isWorking ? 'true' : undefined}
+        draggable
+        onDragStart={event => {
+          // Reorder drags belong to dnd-kit (the grab handle) — cancel the
+          // native drag so the two DnD systems don't fight.
+          if ((event.target as HTMLElement).closest('[data-reorder-handle]')) {
+            event.preventDefault()
+
+            return
+          }
+
+          writeSessionDrag(event.dataTransfer, {
+            id: session.id,
+            profile: session.profile || 'default',
+            title
+          })
+        }}
         ref={ref}
         style={style}
         {...rest}
@@ -123,12 +144,15 @@ export function SidebarSessionRow({
               className={cn(
                 // Scope the dot↔grabber swap to a local group so the grabber
                 // only reveals when hovering/focusing the handle itself, not
-                // anywhere on the row.
-                'group/handle relative -my-0.5 grid w-4 shrink-0 cursor-grab touch-none place-items-center self-stretch overflow-hidden active:cursor-grabbing',
+                // anywhere on the row. Width MUST match the non-reorderable dot
+                // column (w-3.5) so rows don't shift horizontally when reorder is
+                // toggled (e.g. scoped → ALL-profiles view).
+                'group/handle relative -my-0.5 grid w-3.5 shrink-0 cursor-grab touch-none place-items-center self-stretch overflow-hidden active:cursor-grabbing',
                 // The quest-glow box-shadow extends past the dot; let it bleed
                 // out instead of being clipped by this handle's overflow-hidden.
                 needsInput && 'overflow-visible'
               )}
+              data-reorder-handle
               onClick={event => event.stopPropagation()}
             >
               <SidebarRowDot
@@ -146,11 +170,16 @@ export function SidebarSessionRow({
               />
             </span>
           ) : (
-            <span className={cn('grid w-3.5 shrink-0 place-items-center', needsInput ? 'overflow-visible' : 'overflow-hidden')}>
-              <SidebarRowDot isWorking={isWorking} needsInput={needsInput} />
-            </span>
+            <span
+              className={cn(
+                'grid w-3.5 shrink-0 place-items-center',
+                needsInput ? 'overflow-visible' : 'overflow-hidden'
+              )}
+            >
+            <SidebarRowDot isWorking={isWorking} needsInput={needsInput} />
+          </span>
           )}
-          <span className="truncate text-[0.8125rem] font-normal text-(--ui-text-secondary) group-hover:text-foreground group-data-[working=true]:text-foreground/90">
+          <span className="min-w-0 flex-1 truncate text-[0.8125rem] font-normal text-(--ui-text-secondary) group-hover:text-foreground group-data-[working=true]:text-foreground/90">
             {title}
           </span>
         </button>
@@ -165,14 +194,15 @@ export function SidebarSessionRow({
             onDelete={onDelete}
             onPin={onPin}
             pinned={isPinned}
+            profile={session.profile}
             sessionId={session.id}
             title={title}
           >
             <Button
-              aria-label={`Actions for ${title}`}
+              aria-label={r.actionsFor(title)}
               className="size-5 rounded-[4px] bg-transparent text-transparent transition-colors duration-100 hover:bg-(--ui-control-active-background) hover:text-foreground focus-visible:bg-(--ui-control-active-background) focus-visible:text-foreground focus-visible:ring-0 data-[state=open]:bg-(--ui-control-active-background) data-[state=open]:text-foreground group-hover:text-(--ui-text-tertiary) [&_svg]:size-3.5!"
               size="icon"
-              title="Session actions"
+              title={r.sessionActions}
               variant="ghost"
             >
               <Codicon name="ellipsis" size="0.875rem" />
@@ -193,6 +223,9 @@ function SidebarRowDot({
   needsInput?: boolean
   className?: string
 }) {
+  const { t } = useI18n()
+  const r = t.sidebar.row
+
   // "Needs input" wins over "working": a clarify-blocked session is technically
   // still running, but the actionable state is that it's waiting on the user.
   // Amber + steady (no ping) reads as "your turn", distinct from the accent
@@ -200,17 +233,17 @@ function SidebarRowDot({
   if (needsInput) {
     return (
       <span
-        aria-label="Needs your input"
+        aria-label={r.needsInput}
         className={cn('quest-glow relative size-1.5 rounded-full bg-amber-500', className)}
         role="status"
-        title="Waiting for your answer"
+        title={r.waitingForAnswer}
       />
     )
   }
 
   return (
     <span
-      aria-label={isWorking ? 'Session running' : undefined}
+      aria-label={isWorking ? r.sessionRunning : undefined}
       className={cn(
         'rounded-full',
         isWorking

apps/desktop/src/app/command-palette/index.tsx

@@ -4,14 +4,7 @@ import { Dialog as DialogPrimitive } from 'radix-ui'
 import { useCallback, useEffect, useMemo, useState } from 'react'
 import { useNavigate } from 'react-router-dom'
 
-import {
-  Command,
-  CommandEmpty,
-  CommandGroup,
-  CommandInput,
-  CommandItem,
-  CommandList
-} from '@/components/ui/command'
+import { Command, CommandEmpty, CommandGroup, CommandInput, CommandItem, CommandList } from '@/components/ui/command'
 import { getHermesConfigRecord, listSessions } from '@/hermes'
 import { sessionTitle } from '@/lib/chat-runtime'
 import {
@@ -34,9 +27,11 @@ import {
   Palette,
   Plus,
   Settings,
+  Settings2,
   Sun,
   Users,
-  Wrench
+  Wrench,
+  Zap
 } from '@/lib/icons'
 import { cn } from '@/lib/utils'
 import { $commandPaletteOpen, closeCommandPalette, setCommandPaletteOpen } from '@/store/command-palette'
@@ -98,8 +93,31 @@ const toSessionEntry = (session: SessionRow): SessionEntry => ({
 })
 
 const NON_CONFIG_SETTINGS: ReadonlyArray<{ icon: IconComponent; keywords?: string[]; label: string; tab: string }> = [
+  {
+    icon: Zap,
+    keywords: ['accounts', 'sign in', 'oauth', 'login', 'subscription', 'models', 'anthropic', 'openai'],
+    label: 'Providers',
+    tab: 'providers&pview=accounts'
+  },
+  {
+    icon: KeyRound,
+    keywords: ['providers', 'api key', 'keys', 'secrets', 'tokens'],
+    label: 'Provider API keys',
+    tab: 'providers&pview=keys'
+  },
   { icon: Globe, keywords: ['connection', 'messaging'], label: 'Gateway', tab: 'gateway' },
-  { icon: KeyRound, keywords: ['api', 'secrets', 'tokens', 'credentials'], label: 'API Keys', tab: 'keys' },
+  {
+    icon: KeyRound,
+    keywords: ['api', 'secrets', 'tokens', 'credentials', 'browser', 'search'],
+    label: 'Tools & Keys',
+    tab: 'keys&kview=tools'
+  },
+  {
+    icon: Settings2,
+    keywords: ['gateway', 'proxy', 'server', 'webhook', 'env'],
+    label: 'Tools & Keys settings',
+    tab: 'keys&kview=settings'
+  },
   { icon: Wrench, keywords: ['servers', 'tools'], label: 'MCP', tab: 'mcp' },
   { icon: Archive, keywords: ['history', 'archived'], label: 'Archived Chats', tab: 'sessions' },
   { icon: Info, keywords: ['version', 'about'], label: 'About', tab: 'about' }
@@ -124,7 +142,11 @@ export function CommandPalette() {
 
   // Server-backed sources for the type-to-search groups, fetched lazily while
   // the palette is open. react-query handles caching/dedup/staleness.
-  const configQuery = useQuery({ queryKey: ['command-palette', 'config'], queryFn: getHermesConfigRecord, enabled: open })
+  const configQuery = useQuery({
+    queryKey: ['command-palette', 'config'],
+    queryFn: getHermesConfigRecord,
+    enabled: open
+  })
 
   const sessionsQuery = useQuery({
     queryKey: ['command-palette', 'sessions'],
@@ -141,7 +163,9 @@ export function CommandPalette() {
   const mcpServers = useMemo(() => {
     const raw = configQuery.data?.mcp_servers
 
-    return raw && typeof raw === 'object' && !Array.isArray(raw) ? Object.keys(raw as Record<string, unknown>).sort() : []
+    return raw && typeof raw === 'object' && !Array.isArray(raw)
+      ? Object.keys(raw as Record<string, unknown>).sort()
+      : []
   }, [configQuery.data])
 
   const sessions = useMemo(() => (sessionsQuery.data?.sessions ?? []).map(toSessionEntry), [sessionsQuery.data])
@@ -169,7 +193,7 @@ export function CommandPalette() {
           {
             icon: Wrench,
             id: 'nav-skills',
-            keywords: ['tools', 'toolsets', 'providers'],
+            keywords: ['tools', 'toolsets'],
             label: 'Skills & Tools',
             run: go(SKILLS_ROUTE)
           },
@@ -207,25 +231,9 @@ export function CommandPalette() {
         ]
       },
       {
-        heading: 'Settings',
-        items: [
-          ...SECTIONS.map(section => ({
-            icon: section.icon,
-            id: `set-config-${section.id}`,
-            keywords: ['settings', section.label],
-            label: section.label,
-            run: go(settingsTab(`config:${section.id}`))
-          })),
-          ...NON_CONFIG_SETTINGS.map(entry => ({
-            icon: entry.icon,
-            id: `set-${entry.tab}`,
-            keywords: ['settings', ...(entry.keywords ?? [])],
-            label: entry.label,
-            run: go(settingsTab(entry.tab))
-          }))
-        ]
-      },
-      {
+        // Declared before Settings: cmdk keeps group order, so this keeps the
+        // theme/mode pickers on top for "theme"/"color" queries instead of
+        // buried under a fuzzy Settings match.
         heading: 'Appearance',
         items: [
           {
@@ -243,6 +251,25 @@ export function CommandPalette() {
             to: 'color-mode'
           }
         ]
+      },
+      {
+        heading: 'Settings',
+        items: [
+          ...SECTIONS.map(section => ({
+            icon: section.icon,
+            id: `set-config-${section.id}`,
+            keywords: ['settings', section.label],
+            label: section.label,
+            run: go(settingsTab(`config:${section.id}`))
+          })),
+          ...NON_CONFIG_SETTINGS.map(entry => ({
+            icon: entry.icon,
+            id: `set-${entry.tab}`,
+            keywords: ['settings', ...(entry.keywords ?? [])],
+            label: entry.label,
+            run: go(settingsTab(entry.tab))
+          }))
+        ]
       }
     ]
   }, [go])

apps/desktop/src/app/cron/cron-job-actions-menu.tsx

@@ -0,0 +1,114 @@
+import type * as React from 'react'
+
+import { Button } from '@/components/ui/button'
+import { Codicon } from '@/components/ui/codicon'
+import { DropdownMenu, DropdownMenuContent, DropdownMenuItem, DropdownMenuTrigger } from '@/components/ui/dropdown-menu'
+import { useI18n } from '@/i18n'
+import { triggerHaptic } from '@/lib/haptics'
+
+interface CronJobActions {
+  busy?: boolean
+  isPaused: boolean
+  title: string
+  onDelete: () => void
+  onEdit: () => void
+  onPauseResume: () => void
+  onTrigger: () => void
+}
+
+interface CronJobActionsMenuProps
+  extends CronJobActions, Pick<React.ComponentProps<typeof DropdownMenuContent>, 'align' | 'sideOffset'> {
+  children: React.ReactNode
+}
+
+export function CronJobActionsMenu({
+  align = 'end',
+  busy = false,
+  children,
+  isPaused,
+  onDelete,
+  onEdit,
+  onPauseResume,
+  onTrigger,
+  sideOffset = 6,
+  title
+}: CronJobActionsMenuProps) {
+  const { t } = useI18n()
+  const c = t.cron
+
+  return (
+    <DropdownMenu>
+      <DropdownMenuTrigger asChild>{children}</DropdownMenuTrigger>
+      <DropdownMenuContent
+        align={align}
+        aria-label={c.actionsFor(title)}
+        className="w-44"
+        sideOffset={sideOffset}
+      >
+        <DropdownMenuItem
+          disabled={busy}
+          onSelect={() => {
+            triggerHaptic('selection')
+            onPauseResume()
+          }}
+        >
+          <Codicon name={isPaused ? 'play' : 'debug-pause'} size="0.875rem" />
+          <span>{isPaused ? c.resumeTitle : c.pauseTitle}</span>
+        </DropdownMenuItem>
+
+        <DropdownMenuItem
+          disabled={busy}
+          onSelect={() => {
+            triggerHaptic('selection')
+            onTrigger()
+          }}
+        >
+          <Codicon name="zap" size="0.875rem" />
+          <span>{c.triggerNow}</span>
+        </DropdownMenuItem>
+
+        <DropdownMenuItem
+          onSelect={() => {
+            triggerHaptic('selection')
+            onEdit()
+          }}
+        >
+          <Codicon name="edit" size="0.875rem" />
+          <span>{c.edit}</span>
+        </DropdownMenuItem>
+
+        <DropdownMenuItem
+          onSelect={() => {
+            triggerHaptic('warning')
+            onDelete()
+          }}
+          variant="destructive"
+        >
+          <Codicon name="trash" size="0.875rem" />
+          <span>{t.common.delete}</span>
+        </DropdownMenuItem>
+      </DropdownMenuContent>
+    </DropdownMenu>
+  )
+}
+
+interface CronJobActionsTriggerProps extends Omit<React.ComponentProps<typeof Button>, 'size' | 'variant'> {
+  title: string
+}
+
+export function CronJobActionsTrigger({ className, title, ...props }: CronJobActionsTriggerProps) {
+  const { t } = useI18n()
+
+  return (
+    <Button
+      aria-label={t.cron.actionsFor(title)}
+      className={className}
+      size="icon-sm"
+      title={t.cron.actionsTitle}
+      variant="ghost"
+      {...props}
+    >
+      <Codicon className="text-muted-foreground" name="ellipsis" size="0.875rem" />
+    </Button>
+  )
+}

apps/desktop/src/app/cron/index.tsx

@@ -1,7 +1,7 @@
+import type * as React from 'react'
 import { useCallback, useEffect, useMemo, useState } from 'react'
 
 import { PageLoader } from '@/components/page-loader'
-import { Badge, type BadgeProps } from '@/components/ui/badge'
 import { Button } from '@/components/ui/button'
 import { Codicon } from '@/components/ui/codicon'
 import {
@@ -13,7 +13,6 @@ import {
   DialogTitle
 } from '@/components/ui/dialog'
 import { Input } from '@/components/ui/input'
-import { SearchField } from '@/components/ui/search-field'
 import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from '@/components/ui/select'
 import { Textarea } from '@/components/ui/textarea'
 import {
@@ -26,77 +25,49 @@ import {
   triggerCronJob,
   updateCronJob
 } from '@/hermes'
+import { type Translations, useI18n } from '@/i18n'
 import { AlertTriangle, Clock } from '@/lib/icons'
 import { cn } from '@/lib/utils'
 import { notify, notifyError } from '@/store/notifications'
 
 import { useRefreshHotkey } from '../hooks/use-refresh-hotkey'
 import { OverlayView } from '../overlays/overlay-view'
+import { PageSearchShell } from '../page-search-shell'
+import type { SetStatusbarItemGroup } from '../shell/statusbar-controls'
+
+import { CronJobActionsMenu, CronJobActionsTrigger } from './cron-job-actions-menu'
 
 const DEFAULT_DELIVER = 'local'
 
-const DELIVERY_OPTIONS: ReadonlyArray<{ label: string; value: string }> = [
-  { label: 'This desktop', value: 'local' },
-  { label: 'Telegram', value: 'telegram' },
-  { label: 'Discord', value: 'discord' },
-  { label: 'Slack', value: 'slack' },
-  { label: 'Email', value: 'email' }
-]
+const DELIVERY_VALUES: readonly string[] = ['local', 'telegram', 'discord', 'slack', 'email']
 
 const SCHEDULE_OPTIONS: ReadonlyArray<ScheduleOption> = [
-  {
-    expr: '0 9 * * *',
-    hint: 'Every day at 9:00 AM',
-    label: 'Daily',
-    value: 'daily'
-  },
-  {
-    expr: '0 9 * * 1-5',
-    hint: 'Monday through Friday at 9:00 AM',
-    label: 'Weekdays',
-    value: 'weekdays'
-  },
-  {
-    expr: '0 9 * * 1',
-    hint: 'Every Monday at 9:00 AM',
-    label: 'Weekly',
-    value: 'weekly'
-  },
-  {
-    expr: '0 9 1 * *',
-    hint: 'The first day of each month at 9:00 AM',
-    label: 'Monthly',
-    value: 'monthly'
-  },
-  {
-    expr: '0 * * * *',
-    hint: 'At the top of every hour',
-    label: 'Hourly',
-    value: 'hourly'
-  },
-  {
-    expr: '*/15 * * * *',
-    hint: 'Every 15 minutes',
-    label: 'Every 15 minutes',
-    value: 'every-15-minutes'
-  },
-  {
-    hint: 'Cron syntax or natural language',
-    label: 'Custom',
-    value: 'custom'
-  }
+  { expr: '0 9 * * *', value: 'daily' },
+  { expr: '0 9 * * 1-5', value: 'weekdays' },
+  { expr: '0 9 * * 1', value: 'weekly' },
+  { expr: '0 9 1 * *', value: 'monthly' },
+  { expr: '0 * * * *', value: 'hourly' },
+  { expr: '*/15 * * * *', value: 'every-15-minutes' },
+  { value: 'custom' }
 ]
 
-const STATE_VARIANT: Record<string, BadgeProps['variant']> = {
-  enabled: 'default',
-  scheduled: 'default',
-  running: 'default',
+const STATE_TONE: Record<string, 'good' | 'muted' | 'warn' | 'bad'> = {
+  enabled: 'good',
+  scheduled: 'good',
+  running: 'good',
   paused: 'warn',
   disabled: 'muted',
-  error: 'destructive',
+  error: 'bad',
   completed: 'muted'
 }
 
+const PILL_TONE: Record<'good' | 'muted' | 'warn' | 'bad', string> = {
+  good: 'bg-primary/10 text-primary',
+  muted: 'bg-muted text-muted-foreground',
+  warn: 'bg-amber-500/10 text-amber-600 dark:text-amber-300',
+  bad: 'bg-destructive/10 text-destructive'
+}
+
 const asText = (value: unknown): string => (typeof value === 'string' ? value : '')
 
 const truncate = (value: string, max = 80): string => (value.length > max ? `${value.slice(0, max)}…` : value)
@@ -153,19 +124,8 @@ function cronParts(expr: string): null | string[] {
   return parts.length === 5 ? parts : null
 }
 
-function dayName(value: string): string {
-  const names: Record<string, string> = {
-    '0': 'Sunday',
-    '1': 'Monday',
-    '2': 'Tuesday',
-    '3': 'Wednesday',
-    '4': 'Thursday',
-    '5': 'Friday',
-    '6': 'Saturday',
-    '7': 'Sunday'
-  }
-
-  return names[value] ?? `day ${value}`
+function dayName(value: string, c: Translations['cron']): string {
+  return c.days[value] ?? c.dayFallback(value)
 }
 
 function formatCronTime(minute: string, hour: string): string {
@@ -241,36 +201,36 @@ function scheduleOptionForExpr(expr: string): ScheduleOption {
   return SCHEDULE_OPTIONS[SCHEDULE_OPTIONS.length - 1]
 }
 
-function scheduleSummary(option: ScheduleOption, expr: string): string {
+function scheduleSummary(option: ScheduleOption, expr: string, c: Translations['cron']): string {
   const parts = cronParts(expr)
 
   if (!parts) {
-    return option.hint
+    return c.scheduleHints[option.value] ?? ''
   }
 
   const [minute, hour, dayOfMonth, , dayOfWeek] = parts
 
   if (option.value === 'daily') {
-    return `Every day at ${formatCronTime(minute, hour)}`
+    return c.everyDayAt(formatCronTime(minute, hour))
   }
 
   if (option.value === 'weekdays') {
-    return `Weekdays at ${formatCronTime(minute, hour)}`
+    return c.weekdaysAt(formatCronTime(minute, hour))
   }
 
   if (option.value === 'weekly') {
-    return `Every ${dayName(dayOfWeek)} at ${formatCronTime(minute, hour)}`
+    return c.everyDayOfWeekAt(dayName(dayOfWeek, c), formatCronTime(minute, hour))
   }
 
   if (option.value === 'monthly') {
-    return `Monthly on day ${dayOfMonth} at ${formatCronTime(minute, hour)}`
+    return c.monthlyOnDayAt(dayOfMonth, formatCronTime(minute, hour))
   }
 
   if (option.value === 'hourly') {
-    return minute === '0' ? 'At the top of every hour' : `Every hour at :${minute.padStart(2, '0')}`
+    return minute === '0' ? c.topOfHour : c.everyHourAt(minute.padStart(2, '0'))
   }
 
-  return option.hint
+  return c.scheduleHints[option.value] ?? ''
 }
 
 function formatTime(iso?: null | string): string {
@@ -299,13 +259,17 @@ function matchesQuery(job: CronJob, q: string): boolean {
   )
 }
 
-interface CronViewProps {
+interface CronViewProps extends React.ComponentProps<'section'> {
   onClose: () => void
+  setStatusbarItemGroup?: SetStatusbarItemGroup
 }
 
-export function CronView({ onClose }: CronViewProps) {
+export function CronView({ onClose, setStatusbarItemGroup: _setStatusbarItemGroup, ...props }: CronViewProps) {
+  const { t } = useI18n()
+  const c = t.cron
   const [jobs, setJobs] = useState<CronJob[] | null>(null)
   const [query, setQuery] = useState('')
+  const [refreshing, setRefreshing] = useState(false)
   const [busyJobId, setBusyJobId] = useState<null | string>(null)
 
   const [editor, setEditor] = useState<EditorState>({ mode: 'closed' })
@@ -313,13 +277,17 @@ export function CronView({ onClose }: CronViewProps) {
   const [deleting, setDeleting] = useState(false)
 
   const refresh = useCallback(async () => {
+    setRefreshing(true)
+
     try {
       const result = await getCronJobs()
       setJobs(result)
     } catch (err) {
-      notifyError(err, 'Failed to load cron jobs')
+      notifyError(err, c.failedLoad)
+    } finally {
+      setRefreshing(false)
     }
-  }, [])
+  }, [c])
 
   useRefreshHotkey(refresh)
 
@@ -347,11 +315,11 @@ export function CronView({ onClose }: CronViewProps) {
       setJobs(current => (current ? current.map(row => (row.id === job.id ? updated : row)) : current))
       notify({
         kind: 'success',
-        title: isPaused ? 'Cron resumed' : 'Cron paused',
+        title: isPaused ? c.resumed : c.paused,
         message: truncate(jobTitle(job), 60)
       })
     } catch (err) {
-      notifyError(err, 'Failed to update cron job')
+      notifyError(err, c.failedUpdate)
     } finally {
       setBusyJobId(null)
     }
@@ -363,9 +331,9 @@ export function CronView({ onClose }: CronViewProps) {
     try {
       const updated = await triggerCronJob(job.id)
       setJobs(current => (current ? current.map(row => (row.id === job.id ? updated : row)) : current))
-      notify({ kind: 'success', title: 'Cron triggered', message: truncate(jobTitle(job), 60) })
+      notify({ kind: 'success', title: c.triggered, message: truncate(jobTitle(job), 60) })
     } catch (err) {
-      notifyError(err, 'Failed to trigger cron job')
+      notifyError(err, c.failedTrigger)
     } finally {
       setBusyJobId(null)
     }
@@ -381,10 +349,10 @@ export function CronView({ onClose }: CronViewProps) {
     try {
       await deleteCronJob(pendingDelete.id)
       setJobs(current => (current ? current.filter(row => row.id !== pendingDelete.id) : current))
-      notify({ kind: 'success', title: 'Cron deleted', message: truncate(jobTitle(pendingDelete), 60) })
+      notify({ kind: 'success', title: c.deleted, message: truncate(jobTitle(pendingDelete), 60) })
       setPendingDelete(null)
     } catch (err) {
-      notifyError(err, 'Failed to delete cron job')
+      notifyError(err, c.failedDelete)
     } finally {
       setDeleting(false)
     }
@@ -400,7 +368,7 @@ export function CronView({ onClose }: CronViewProps) {
       })
 
       setJobs(current => (current ? [...current, created] : [created]))
-      notify({ kind: 'success', title: 'Cron created', message: truncate(jobTitle(created), 60) })
+      notify({ kind: 'success', title: c.created, message: truncate(jobTitle(created), 60) })
     } else if (editor.mode === 'edit') {
       const updated = await updateCronJob(editor.job.id, {
         prompt: values.prompt,
@@ -410,61 +378,67 @@ export function CronView({ onClose }: CronViewProps) {
       })
 
       setJobs(current => (current ? current.map(row => (row.id === updated.id ? updated : row)) : current))
-      notify({ kind: 'success', title: 'Cron updated', message: truncate(jobTitle(updated), 60) })
+      notify({ kind: 'success', title: c.updated, message: truncate(jobTitle(updated), 60) })
     }
 
     setEditor({ mode: 'closed' })
   }
 
   return (
-    <OverlayView closeLabel="Close cron" onClose={onClose}>
-      <div className="flex min-h-0 flex-1 flex-col pt-[calc(var(--titlebar-height)+0.5rem)]">
-        {totalCount > 0 && (
-          <div className="mx-auto flex w-full max-w-4xl items-center gap-2 px-4 pb-2">
-            <SearchField
-              containerClassName="max-w-[60vw]"
-              onChange={setQuery}
-              placeholder="Search cron jobs…"
-              value={query}
-            />
-          </div>
-        )}
+    <OverlayView closeLabel={c.close} onClose={onClose}>
+      <PageSearchShell
+        {...props}
+        onSearchChange={setQuery}
+        searchPlaceholder={c.search}
+        searchTrailingAction={
+          <Button
+            aria-label={refreshing ? c.refreshing : c.refresh}
+            className="text-(--ui-text-tertiary) hover:bg-(--chrome-action-hover) hover:text-foreground"
+            disabled={refreshing}
+            onClick={() => void refresh()}
+            size="icon-xs"
+            title={refreshing ? c.refreshing : c.refresh}
+            type="button"
+            variant="ghost"
+          >
+            <Codicon name="refresh" size="0.875rem" spinning={refreshing} />
+          </Button>
+        }
+        searchValue={query}
+      >
         {!jobs ? (
-          <PageLoader label="Loading cron jobs..." />
+          <PageLoader label={c.loading} />
         ) : visibleJobs.length === 0 ? (
-        // Empty state owns the primary "create" CTA — we used to also have
-        // one in the filters bar but it was redundant. Only show the button
-        // when there are zero jobs total; the search-empty case ("No
-        // matches") just asks the user to broaden their query.
-        <EmptyState
-          actionLabel={totalCount === 0 ? 'Create first cron' : undefined}
-          description={
-            totalCount === 0
-              ? 'Schedule a prompt to run on a cron expression. Hermes will run it and deliver results to the destination you pick.'
-              : 'Try a broader search query.'
-          }
-          onAction={totalCount === 0 ? () => setEditor({ mode: 'create' }) : undefined}
-          title={totalCount === 0 ? 'No scheduled jobs yet' : 'No matches'}
-        />
+          // Empty state owns the primary "create" CTA — we used to also have
+          // one in the filters bar but it was redundant. Only show the button
+          // when there are zero jobs total; the search-empty case ("No
+          // matches") just asks the user to broaden their query.
+          <EmptyState
+            actionLabel={totalCount === 0 ? c.createFirst : undefined}
+            description={totalCount === 0 ? c.emptyDescNew : c.emptyDescSearch}
+            onAction={totalCount === 0 ? () => setEditor({ mode: 'create' }) : undefined}
+            title={totalCount === 0 ? c.emptyTitleNew : c.emptyTitleSearch}
+          />
         ) : (
-          <div className="mx-auto w-full max-w-4xl min-h-0 flex-1 overflow-y-auto px-4 py-3">
+          <div className="h-full overflow-y-auto px-4 py-3">
             {/* Inline header replaces the old top-bar "New cron" button. We
                 still need a single, always-visible affordance to add a job
                 when the list is non-empty (rows themselves only expose
                 edit/pause/trigger/delete). */}
             <div className="mb-2 flex items-center justify-between">
               <span className="text-[0.7rem] uppercase tracking-wide text-muted-foreground">
-                {enabledCount}/{totalCount} active
+                {c.active(enabledCount, totalCount)}
               </span>
               <Button onClick={() => setEditor({ mode: 'create' })} size="sm">
                 <Codicon name="add" />
-                New cron
+                {c.newCron}
               </Button>
             </div>
-            <div>
+            <div className="divide-y divide-border/40 rounded-lg border border-border/40 bg-background/70">
               {visibleJobs.map(job => (
                 <CronJobRow
                   busy={busyJobId === job.id}
+                  c={c}
                   job={job}
                   key={job.id}
                   onDelete={() => setPendingDelete(job)}
@@ -476,39 +450,40 @@ export function CronView({ onClose }: CronViewProps) {
             </div>
           </div>
         )}
-      </div>
-      <CronEditorDialog editor={editor} onClose={() => setEditor({ mode: 'closed' })} onSave={handleEditorSave} />
+        <CronEditorDialog editor={editor} onClose={() => setEditor({ mode: 'closed' })} onSave={handleEditorSave} />
 
-      <Dialog onOpenChange={open => !open && !deleting && setPendingDelete(null)} open={pendingDelete !== null}>
-        <DialogContent className="max-w-md">
-          <DialogHeader>
-            <DialogTitle>Delete cron job?</DialogTitle>
-            <DialogDescription>
-              {pendingDelete ? (
-                <>
-                  This will remove{' '}
-                  <span className="font-medium text-foreground">{truncate(jobTitle(pendingDelete), 60)}</span>{' '}
-                  permanently. It will stop firing immediately.
-                </>
-              ) : null}
-            </DialogDescription>
-          </DialogHeader>
-          <DialogFooter>
-            <Button disabled={deleting} onClick={() => setPendingDelete(null)} variant="outline">
-              Cancel
-            </Button>
-            <Button disabled={deleting} onClick={() => void handleConfirmDelete()} variant="destructive">
-              {deleting ? 'Deleting...' : 'Delete'}
-            </Button>
-          </DialogFooter>
-        </DialogContent>
-      </Dialog>
+        <Dialog onOpenChange={open => !open && !deleting && setPendingDelete(null)} open={pendingDelete !== null}>
+          <DialogContent className="max-w-md">
+            <DialogHeader>
+              <DialogTitle>{c.deleteTitle}</DialogTitle>
+              <DialogDescription>
+                {pendingDelete ? (
+                  <>
+                    {c.deleteDescPrefix}
+                    <span className="font-medium text-foreground">{truncate(jobTitle(pendingDelete), 60)}</span>
+                    {c.deleteDescSuffix}
+                  </>
+                ) : null}
+              </DialogDescription>
+            </DialogHeader>
+            <DialogFooter>
+              <Button disabled={deleting} onClick={() => setPendingDelete(null)} variant="outline">
+                {t.common.cancel}
+              </Button>
+              <Button disabled={deleting} onClick={() => void handleConfirmDelete()} variant="destructive">
+                {deleting ? c.deleting : t.common.delete}
+              </Button>
+            </DialogFooter>
+          </DialogContent>
+        </Dialog>
+      </PageSearchShell>
     </OverlayView>
   )
 }
 
 function CronJobRow({
   busy,
+  c,
   job,
   onDelete,
   onEdit,
@@ -516,6 +491,7 @@ function CronJobRow({
   onTrigger
 }: {
   busy: boolean
+  c: Translations['cron']
   job: CronJob
   onDelete: () => void
   onEdit: () => void
@@ -531,19 +507,15 @@ function CronJobRow({
   return (
     <div className="grid gap-3 px-3 py-2.5 sm:grid-cols-[minmax(0,1fr)_auto] sm:items-start">
       <button
-        className="min-w-0 rounded-md text-left transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring/40"
+        className="min-w-0 cursor-pointer rounded-md text-left transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring/40"
         onClick={onEdit}
         type="button"
       >
         <div className="flex flex-wrap items-center gap-2">
           <span className="truncate text-sm font-medium">{jobTitle(job)}</span>
-          <Badge className="capitalize" variant={STATE_VARIANT[state] ?? 'muted'}>
-            {state}
-          </Badge>
+          <StatePill tone={STATE_TONE[state] ?? 'muted'}>{c.states[state] ?? state}</StatePill>
           {deliver && deliver !== DEFAULT_DELIVER && (
-            <Badge className="capitalize" variant="muted">
-              {deliver}
-            </Badge>
+            <StatePill tone="muted">{c.deliveryLabels[deliver] ?? deliver}</StatePill>
           )}
         </div>
         {hasName && prompt && <p className="mt-1 truncate text-xs text-muted-foreground">{truncate(prompt, 120)}</p>}
@@ -552,8 +524,12 @@ function CronJobRow({
             <Clock className="size-3" />
             {jobScheduleDisplay(job)}
           </span>
-          <span>Last: {formatTime(job.last_run_at)}</span>
-          <span>Next: {formatTime(job.next_run_at)}</span>
+          <span>
+            {c.last} {formatTime(job.last_run_at)}
+          </span>
+          <span>
+            {c.next} {formatTime(job.next_run_at)}
+          </span>
         </div>
         {job.last_error && (
           <p className="mt-1 inline-flex items-start gap-1 text-[0.68rem] text-destructive">
@@ -563,44 +539,34 @@ function CronJobRow({
         )}
       </button>
 
-      <div className="flex shrink-0 items-center gap-0.5">
-        <IconAction
-          aria-label={isPaused ? 'Resume cron' : 'Pause cron'}
-          disabled={busy}
-          onClick={onPauseResume}
-          title={isPaused ? 'Resume' : 'Pause'}
+      <div className="flex shrink-0 items-center">
+        <CronJobActionsMenu
+          busy={busy}
+          isPaused={isPaused}
+          onDelete={onDelete}
+          onEdit={onEdit}
+          onPauseResume={onPauseResume}
+          onTrigger={onTrigger}
+          title={jobTitle(job)}
         >
-          <Codicon name={isPaused ? 'play' : 'debug-pause'} size="0.875rem" />
-        </IconAction>
-        <IconAction aria-label="Trigger now" disabled={busy} onClick={onTrigger} title="Trigger now">
-          <Codicon name="zap" size="0.875rem" />
-        </IconAction>
-        <IconAction aria-label="Edit cron" onClick={onEdit} title="Edit">
-          <Codicon name="edit" size="0.875rem" />
-        </IconAction>
-        <IconAction
-          aria-label="Delete cron"
-          className="text-muted-foreground hover:bg-destructive/10 hover:text-destructive"
-          onClick={onDelete}
-          title="Delete"
-        >
-          <Codicon name="trash" size="0.875rem" />
-        </IconAction>
+          <CronJobActionsTrigger
+            className="text-muted-foreground hover:text-foreground"
+            onClick={event => event.stopPropagation()}
+            title={jobTitle(job)}
+          />
+        </CronJobActionsMenu>
       </div>
     </div>
   )
 }
 
-function IconAction({ children, className, ...props }: Omit<React.ComponentProps<typeof Button>, 'size' | 'variant'>) {
+function StatePill({ children, tone }: { children: string; tone: keyof typeof PILL_TONE }) {
   return (
-    <Button
-      className={cn('text-muted-foreground hover:text-foreground', className)}
-      size="icon-sm"
-      variant="ghost"
-      {...props}
+    <span
+      className={cn('inline-flex items-center rounded-full px-1.5 py-0.5 text-[0.64rem] capitalize', PILL_TONE[tone])}
     >
       {children}
-    </Button>
+    </span>
   )
 }
 
@@ -640,6 +606,8 @@ function CronEditorDialog({
   onClose: () => void
   onSave: (values: EditorValues) => Promise<void>
 }) {
+  const { t } = useI18n()
+  const c = t.cron
   const open = editor.mode !== 'closed'
   const isEdit = editor.mode === 'edit'
   const initial = isEdit ? editor.job : null
@@ -682,7 +650,7 @@ function CronEditorDialog({
     }
   }
 
-  const scheduleHint = scheduleSummary(selectedScheduleOption, schedule)
+  const scheduleHint = scheduleSummary(selectedScheduleOption, schedule, c)
 
   async function handleSubmit(event: React.FormEvent) {
     event.preventDefault()
@@ -690,7 +658,7 @@ function CronEditorDialog({
     const trimmedSchedule = schedule.trim()
 
     if (!trimmedPrompt || !trimmedSchedule) {
-      setError('Prompt and schedule are required.')
+      setError(c.promptScheduleRequired)
 
       return
     }
@@ -706,7 +674,7 @@ function CronEditorDialog({
         schedule: trimmedSchedule
       })
     } catch (err) {
-      setError(err instanceof Error ? err.message : 'Failed to save cron job')
+      setError(err instanceof Error ? err.message : c.failedSave)
     } finally {
       setSaving(false)
     }
@@ -716,60 +684,56 @@ function CronEditorDialog({
     <Dialog onOpenChange={value => !value && !saving && onClose()} open={open}>
       <DialogContent className="max-w-lg">
         <DialogHeader>
-          <DialogTitle>{isEdit ? 'Edit cron job' : 'New cron job'}</DialogTitle>
-          <DialogDescription>
-            {isEdit
-              ? 'Update the schedule, prompt, or delivery target. Changes apply on next run.'
-              : 'Schedule a prompt to run automatically. Use cron syntax or a natural phrase like "every 15 minutes".'}
-          </DialogDescription>
+          <DialogTitle>{isEdit ? c.editTitle : c.createTitle}</DialogTitle>
+          <DialogDescription>{isEdit ? c.editDesc : c.createDesc}</DialogDescription>
         </DialogHeader>
 
         <form className="grid gap-4" onSubmit={handleSubmit}>
-          <Field htmlFor="cron-name" label="Name" optional>
+          <Field htmlFor="cron-name" label={c.nameLabel} optional optionalLabel={c.optional}>
             <Input
               autoFocus
               id="cron-name"
               onChange={event => setName(event.target.value)}
-              placeholder="Morning briefing"
+              placeholder={c.namePlaceholder}
               value={name}
             />
           </Field>
 
-          <Field htmlFor="cron-prompt" label="Prompt">
+          <Field htmlFor="cron-prompt" label={c.promptLabel}>
             <Textarea
               className="min-h-24 font-mono"
               id="cron-prompt"
               onChange={event => setPrompt(event.target.value)}
-              placeholder="Summarize my unread Slack threads and email me the top 5..."
+              placeholder={c.promptPlaceholder}
               value={prompt}
             />
           </Field>
 
           <div className="grid items-start gap-4 sm:grid-cols-2">
-            <Field htmlFor="cron-frequency" label="Frequency">
+            <Field htmlFor="cron-frequency" label={c.frequencyLabel}>
               <Select onValueChange={handleSchedulePresetChange} value={schedulePreset}>
-                <SelectTrigger id="cron-frequency">
+                <SelectTrigger className="h-9 rounded-md" id="cron-frequency">
                   <SelectValue />
                 </SelectTrigger>
                 <SelectContent>
                   {SCHEDULE_OPTIONS.map(option => (
                     <SelectItem key={option.value} value={option.value}>
-                      {option.label}
+                      {c.scheduleLabels[option.value]}
                     </SelectItem>
                   ))}
                 </SelectContent>
               </Select>
             </Field>
 
-            <Field htmlFor="cron-deliver" label="Deliver to">
+            <Field htmlFor="cron-deliver" label={c.deliverLabel}>
               <Select onValueChange={setDeliver} value={deliver}>
-                <SelectTrigger id="cron-deliver">
+                <SelectTrigger className="h-9 rounded-md" id="cron-deliver">
                   <SelectValue />
                 </SelectTrigger>
                 <SelectContent>
-                  {DELIVERY_OPTIONS.map(option => (
-                    <SelectItem key={option.value} value={option.value}>
-                      {option.label}
+                  {DELIVERY_VALUES.map(value => (
+                    <SelectItem key={value} value={value}>
+                      {c.deliveryLabels[value]}
                     </SelectItem>
                   ))}
                 </SelectContent>
@@ -778,15 +742,15 @@ function CronEditorDialog({
           </div>
 
           {schedulePreset === 'custom' ? (
-            <Field htmlFor="cron-schedule" label="Custom schedule">
+            <Field htmlFor="cron-schedule" label={c.customScheduleLabel}>
               <Input
                 className="font-mono"
                 id="cron-schedule"
                 onChange={event => setSchedule(event.target.value)}
-                placeholder="0 9 * * * or weekdays at 9am"
+                placeholder={c.customPlaceholder}
                 value={schedule}
               />
-              <FieldHint>Cron expression, or phrases like "every hour" or "weekdays at 9am".</FieldHint>
+              <FieldHint>{c.customHint}</FieldHint>
             </Field>
           ) : (
             <div className="rounded-md border border-border/60 bg-muted/30 px-3 py-2">
@@ -806,10 +770,10 @@ function CronEditorDialog({
 
           <DialogFooter>
             <Button disabled={saving} onClick={onClose} type="button" variant="outline">
-              Cancel
+              {t.common.cancel}
             </Button>
             <Button disabled={saving} type="submit">
-              {saving ? 'Saving...' : isEdit ? 'Save changes' : 'Create cron'}
+              {saving ? t.common.saving : isEdit ? c.saveChanges : c.createAction}
             </Button>
           </DialogFooter>
         </form>
@@ -822,18 +786,20 @@ function Field({
   children,
   htmlFor,
   label,
-  optional
+  optional,
+  optionalLabel
 }: {
   children: React.ReactNode
   htmlFor: string
   label: string
   optional?: boolean
+  optionalLabel?: string
 }) {
   return (
     <div className="grid gap-1.5">
       <label className="flex items-baseline gap-2 text-xs font-medium text-foreground" htmlFor={htmlFor}>
         {label}
-        {optional && <span className="text-[0.65rem] font-normal text-muted-foreground">Optional</span>}
+        {optional && <span className="text-[0.65rem] font-normal text-muted-foreground">{optionalLabel}</span>}
       </label>
       {children}
     </div>
@@ -855,7 +821,5 @@ interface EditorValues {
 
 interface ScheduleOption {
   expr?: string
-  hint: string
-  label: string
   value: string
 }

apps/desktop/src/app/desktop-controller.tsx

@@ -11,7 +11,7 @@ import { Pane, PaneMain } from '@/components/pane-shell'
 import { useSkinCommand } from '@/themes/use-skin-command'
 
 import { formatRefValue } from '../components/assistant-ui/directive-text'
-import { getSessionMessages, listSessions } from '../hermes'
+import { getSessionMessages, listAllProfileSessions, type SessionInfo } from '../hermes'
 import { preserveLocalAssistantErrors, toChatMessages } from '../lib/chat-messages'
 import { toggleCommandPalette } from '../store/command-palette'
 import {
@@ -25,9 +25,11 @@ import {
   pinSession,
   SIDEBAR_DEFAULT_WIDTH,
   SIDEBAR_MAX_WIDTH,
+  SIDEBAR_SESSIONS_PAGE_SIZE,
   unpinSession
 } from '../store/layout'
 import { $filePreviewTarget, $previewTarget, closeActiveRightRailTab } from '../store/preview'
+import { $activeGatewayProfile, $freshSessionRequest, normalizeProfileKey, refreshActiveProfile } from '../store/profile'
 import {
   $activeSessionId,
   $currentCwd,
@@ -45,6 +47,7 @@ import {
   setCurrentModel,
   setCurrentProvider,
   setMessages,
+  setSessionProfileTotals,
   setSessions,
   setSessionsLoading,
   setSessionsTotal
@@ -98,6 +101,26 @@ const ProfilesView = lazy(async () => ({ default: (await import('./profiles')).P
 const SettingsView = lazy(async () => ({ default: (await import('./settings')).SettingsView }))
 const SkillsView = lazy(async () => ({ default: (await import('./skills')).SkillsView }))
 
+// Rows a session refresh must preserve even if the aggregator omits them:
+// in-flight first turns (message_count 0), pinned rows aged off the page, and
+// the actively-viewed chat (its "working" flag clears a beat before the
+// aggregator sees the persisted row). Pass `scope` to only keep the active row
+// when it belongs to the profile being paged.
+function sessionsToKeep(scope?: string): Set<string> {
+  const keep = new Set<string>([...$workingSessionIds.get(), ...$pinnedSessionIds.get()])
+  const active = $selectedStoredSessionId.get()
+
+  if (active) {
+    const session = scope ? $sessions.get().find(s => s.id === active) : null
+
+    if (!scope || !session || normalizeProfileKey(session.profile) === scope) {
+      keep.add(active)
+    }
+  }
+
+  return keep
+}
+
 export function DesktopController() {
   const queryClient = useQueryClient()
   const location = useLocation()
@@ -201,9 +224,9 @@ export function DesktopController() {
     }
   }, [])
 
-  // Global chrome shortcuts (plain Cmd/Ctrl, no alt/shift): Cmd+K → command
-  // palette (the composer's "drain next queued" moved to Cmd+Shift+K), Cmd+. →
-  // command center (sessions / system / usage).
+  // Global chrome shortcuts (plain Cmd/Ctrl, no alt/shift): Cmd+K / Cmd+P →
+  // command palette (the composer's "drain next queued" moved to Cmd+Shift+K),
+  // Cmd+. → command center (sessions / system / usage).
   useEffect(() => {
     const onKeyDown = (event: KeyboardEvent) => {
       if (!(event.metaKey || event.ctrlKey) || event.altKey || event.shiftKey) {
@@ -212,7 +235,7 @@ export function DesktopController() {
 
       const key = event.key.toLowerCase()
 
-      if (key === 'k') {
+      if (key === 'k' || key === 'p') {
         event.preventDefault()
         toggleCommandPalette()
       } else if (key === '.') {
@@ -236,17 +259,15 @@ export function DesktopController() {
       // Require at least one message so abandoned/empty "Untitled" drafts (one
       // was created per TUI/desktop launch before the lazy-create fix) don't
       // clutter the sidebar.
-      const result = await listSessions(limit, 1)
+      // Unified cross-profile list (served read-only off each profile's
+      // state.db; no per-profile backend is spawned). Single-profile users get
+      // the same rows tagged profile="default".
+      const result = await listAllProfileSessions(limit, 1)
 
       if (refreshSessionsRequestRef.current === requestId) {
-        // Don't hard-replace. Two kinds of rows must survive a refresh the
-        // server didn't return: (1) sessions whose first turn is still in
-        // flight (message_count 0, so min_messages=1 omits them) and (2)
-        // pinned sessions that have aged off the most-recent page — otherwise
-        // the pin "disappears until you refresh". mergeSessionPage keeps both.
-        const keepIds = new Set<string>([...$workingSessionIds.get(), ...$pinnedSessionIds.get()])
-        setSessions(prev => mergeSessionPage(prev, result.sessions, keepIds))
+        setSessions(prev => mergeSessionPage(prev, result.sessions, sessionsToKeep()))
         setSessionsTotal(typeof result.total === 'number' ? result.total : result.sessions.length)
+        setSessionProfileTotals(result.profile_totals ?? {})
       }
     } finally {
       if (refreshSessionsRequestRef.current === requestId) {
@@ -260,6 +281,21 @@ export function DesktopController() {
     void refreshSessions()
   }, [refreshSessions])
 
+  // ALL-profiles view pages one profile at a time: fetch that profile's next
+  // page and merge it in place, leaving every other profile's rows untouched.
+  const loadMoreSessionsForProfile = useCallback(async (profile: string) => {
+    const key = normalizeProfileKey(profile)
+    const inKey = (s: SessionInfo) => normalizeProfileKey(s.profile) === key
+    const loaded = $sessions.get().filter(inKey).length
+    const result = await listAllProfileSessions(loaded + SIDEBAR_SESSIONS_PAGE_SIZE, 1, 'exclude', 'recent', key)
+    const keep = sessionsToKeep(key)
+
+    setSessions(prev => [...prev.filter(s => !inKey(s)), ...mergeSessionPage(prev.filter(inKey), result.sessions, keep)])
+
+    const total = result.profile_totals?.[key] ?? result.total ?? result.sessions.length
+    setSessionProfileTotals(prev => ({ ...prev, [key]: Math.max(total, result.sessions.length) }))
+  }, [])
+
   const toggleSelectedPin = useCallback(() => {
     const sessionId = $selectedStoredSessionId.get()
 
@@ -316,7 +352,7 @@ export function DesktopController() {
   })
 
   const openProviderSettings = useCallback(() => {
-    navigate(`${SETTINGS_ROUTE}?tab=keys`)
+    navigate(`${SETTINGS_ROUTE}?tab=providers`)
   }, [navigate])
 
   const modelMenuContent = useMemo(
@@ -349,9 +385,11 @@ export function DesktopController() {
         return
       }
 
+      const storedProfile = $sessions.get().find(session => session.id === storedSessionId)?.profile
+
       for (let index = 0; index < Math.max(1, attempts); index += 1) {
         try {
-          const latest = await getSessionMessages(storedSessionId)
+          const latest = await getSessionMessages(storedSessionId, storedProfile)
           updateSessionState(
             runtimeSessionId,
             state => ({
@@ -454,6 +492,39 @@ export function DesktopController() {
     return () => window.removeEventListener('keydown', onKeyDown)
   }, [startFreshSessionDraft])
 
+  // A profile switch/create drops to a fresh new-session draft so the previously
+  // open session doesn't bleed across contexts. Skip the initial value.
+  const freshSessionRequest = useStore($freshSessionRequest)
+  const lastFreshRef = useRef(freshSessionRequest)
+
+  useEffect(() => {
+    if (freshSessionRequest === lastFreshRef.current) {
+      return
+    }
+
+    lastFreshRef.current = freshSessionRequest
+    startFreshSessionDraft()
+  }, [freshSessionRequest, startFreshSessionDraft])
+
+  // Swapping the live gateway to another profile must re-pull that profile's
+  // global model + active-profile pill. Both are nanostores, so the blanket
+  // invalidateQueries() the profile store fires on swap doesn't touch them —
+  // without this the statusbar keeps showing the previous profile's model
+  // (the "forgets the LLM setting" report). gatewayState stays 'open' across a
+  // swap (background sockets persist), so the open→open effect won't re-run.
+  const activeGatewayProfile = useStore($activeGatewayProfile)
+  const lastGatewayProfileRef = useRef(activeGatewayProfile)
+
+  useEffect(() => {
+    if (activeGatewayProfile === lastGatewayProfileRef.current) {
+      return
+    }
+
+    lastGatewayProfileRef.current = activeGatewayProfile
+    void refreshCurrentModel()
+    void refreshActiveProfile()
+  }, [activeGatewayProfile, refreshCurrentModel])
+
   const composer = useComposerActions({
     activeSessionId,
     currentCwd,
@@ -506,6 +577,7 @@ export function DesktopController() {
       busyRef,
       createBackendSessionForSend,
       handleSkinCommand,
+      refreshSessions,
       requestGateway,
       selectedStoredSessionIdRef,
       startFreshSessionDraft,
@@ -528,6 +600,7 @@ export function DesktopController() {
   useEffect(() => {
     if (gatewayState === 'open') {
       void refreshCurrentModel()
+      void refreshActiveProfile()
       void refreshSessions().catch(() => undefined)
     }
   }, [gatewayState, refreshCurrentModel, refreshSessions])
@@ -570,6 +643,7 @@ export function DesktopController() {
       currentView={currentView}
       onArchiveSession={sessionId => void archiveSession(sessionId)}
       onDeleteSession={sessionId => void removeSession(sessionId)}
+      onLoadMoreProfileSessions={loadMoreSessionsForProfile}
       onLoadMoreSessions={loadMoreSessions}
       onNavigate={selectSidebarItem}
       onNewSessionInWorkspace={startSessionInWorkspace}
@@ -626,6 +700,7 @@ export function DesktopController() {
             initialSection={commandCenterInitialSection}
             onClose={closeOverlayToPreviousRoute}
             onDeleteSession={removeSession}
+            onNavigateRoute={path => navigate(path)}
             onOpenSession={sessionId => navigate(sessionRoute(sessionId))}
           />
         </Suspense>

apps/desktop/src/app/gateway/hooks/use-gateway-boot.ts

@@ -2,6 +2,8 @@ import { useEffect, useRef } from 'react'
 
 import type { HermesConnection } from '@/global'
 import { HermesGateway } from '@/hermes'
+import { translateNow } from '@/i18n'
+import { isGatewayReauthRequired, resolveGatewayWsUrl } from '@/lib/gateway-ws-url'
 import {
   $desktopBoot,
   applyDesktopBootProgress,
@@ -9,9 +11,27 @@ import {
   failDesktopBoot,
   setDesktopBootStep
 } from '@/store/boot'
-import { setGateway } from '@/store/gateway'
+import {
+  $gateway,
+  closeSecondaryGateways,
+  configureGatewayRegistry,
+  ensureGatewayForProfile,
+  pruneSecondaryGateways,
+  reconnectSecondaryGateways,
+  reportPrimaryGatewayState,
+  setPrimaryGateway,
+  touchSecondaryGateways
+} from '@/store/gateway'
 import { notify, notifyError } from '@/store/notifications'
-import { $connection, setConnection, setGatewayState, setSessionsLoading } from '@/store/session'
+import { $activeGatewayProfile, normalizeProfileKey, touchActiveGatewayBackend } from '@/store/profile'
+import {
+  $attentionSessionIds,
+  $connection,
+  $sessions,
+  $workingSessionIds,
+  setConnection,
+  setSessionsLoading
+} from '@/store/session'
 import type { RpcEvent } from '@/types/hermes'
 
 interface GatewayBootOptions {
@@ -75,6 +95,10 @@ export function useGatewayBoot({
     let reconnecting = false
     let reconnectTimer: ReturnType<typeof setTimeout> | null = null
     let reconnectAttempt = 0
+    // Surface "sign in again" once per disconnect episode, not on every backoff
+    // tick — a stale OAuth ticket fails every attempt and would otherwise stack
+    // identical error toasts (and their haptics). Reset on the next clean open.
+    let reauthNotified = false
 
     // Wrap the live getter in a call so TS control-flow analysis doesn't narrow
     // `connectionState` to a constant across the early-return guards (the state
@@ -96,14 +120,22 @@ export function useGatewayBoot({
       reconnecting = true
 
       try {
-        const conn = await desktop.getConnection()
+        const conn = await desktop.getConnection($activeGatewayProfile.get())
 
         if (cancelled) {
           return
         }
 
         publish(conn)
-        await gateway.connect(conn.wsUrl)
+        // Re-mint the WS URL before reconnecting. OAuth tickets are single-use
+        // with a short TTL, so the ticket baked into the cached conn.wsUrl is
+        // dead on every reconnect after the initial boot — reusing it surfaces
+        // as an opaque "Could not connect to Hermes gateway". resolveGatewayWsUrl
+        // mints a fresh ticket (or throws a reauth error in OAuth mode rather
+        // than connecting with a stale one). For local/token gateways the URL
+        // carries a long-lived token and the re-mint is a cheap no-op.
+        const wsUrl = await resolveGatewayWsUrl(desktop, conn)
+        await gateway.connect(wsUrl)
 
         if (cancelled) {
           return
@@ -113,8 +145,15 @@ export function useGatewayBoot({
         // Resync state that may have moved on the backend while we were asleep.
         await callbacksRef.current.refreshHermesConfig().catch(() => undefined)
         await callbacksRef.current.refreshSessions().catch(() => undefined)
-      } catch {
-        // Fall through to scheduleReconnect's backoff below.
+      } catch (err) {
+        // OAuth session expired mid-reconnect: surface the actionable "sign in
+        // again" message once instead of silently looping the backoff against a
+        // ticket that can never succeed. Transport failures fall through to the
+        // backoff in the finally block below.
+        if (!cancelled && isGatewayReauthRequired(err) && !reauthNotified) {
+          reauthNotified = true
+          notifyError(err, translateNow('boot.errors.gatewaySignInRequired'))
+        }
       } finally {
         reconnecting = false
 
@@ -145,6 +184,7 @@ export function useGatewayBoot({
 
       clearReconnectTimer()
       reconnectAttempt = 0
+      reconnectSecondaryGateways()
 
       if (!gatewayOpen()) {
         void attemptReconnect()
@@ -165,13 +205,18 @@ export function useGatewayBoot({
 
     const gateway = new HermesGateway()
     callbacksRef.current.onGatewayReady(gateway)
-    setGateway(gateway)
+    setPrimaryGateway(gateway, normalizeProfileKey($activeGatewayProfile.get()))
+    // Secondary (background-profile) sockets funnel into the same handler.
+    configureGatewayRegistry({ onEvent: event => callbacksRef.current.handleGatewayEvent(event) })
 
     const offState = gateway.onState(st => {
-      setGatewayState(st)
+      // Mirror to the composer only while the primary is the active profile —
+      // a background secondary reconnect mustn't flip the foreground state.
+      reportPrimaryGatewayState(st)
 
       if (st === 'open') {
         reconnectAttempt = 0
+        reauthNotified = false
         clearReconnectTimer()
       } else if (bootCompleted && (st === 'closed' || st === 'error')) {
         // The socket dropped after a healthy boot (typically sleep/wake). Try
@@ -179,6 +224,7 @@ export function useGatewayBoot({
         scheduleReconnect()
       }
     })
+
     const offEvent = gateway.onEvent(event => callbacksRef.current.handleGatewayEvent(event))
 
     // Wake signals: power resume (macOS/Windows), network coming back, and the
@@ -186,6 +232,7 @@ export function useGatewayBoot({
     const offPowerResume = desktop.onPowerResume?.(() => reconnectNow())
 
     const onOnline = () => reconnectNow()
+
     const onVisible = () => {
       if (document.visibilityState === 'visible') {
         reconnectNow()
@@ -195,6 +242,34 @@ export function useGatewayBoot({
     window.addEventListener('online', onOnline)
     document.addEventListener('visibilitychange', onVisible)
 
+    // Keep live pool backends alive while this window is open (the main process
+    // can't observe the direct renderer↔backend WS). No-op for the primary.
+    const keepaliveTimer = setInterval(() => {
+      touchActiveGatewayBackend()
+      touchSecondaryGateways()
+    }, 60_000)
+
+    // Bound concurrency cost to live work: keep a background socket only while
+    // its profile has a running (working) or blocked (needs-input) session.
+    // Once that profile goes idle its socket is dropped and its backend is free
+    // to idle-reap. The active profile is always spared.
+    const recomputeKeptGateways = () => {
+      const live = new Set([...$workingSessionIds.get(), ...$attentionSessionIds.get()])
+      const keep = new Set<string>()
+
+      for (const session of $sessions.get()) {
+        if (live.has(session.id)) {
+          keep.add(normalizeProfileKey(session.profile))
+        }
+      }
+
+      pruneSecondaryGateways(keep)
+    }
+
+    const offWorking = $workingSessionIds.subscribe(() => recomputeKeptGateways())
+    const offAttention = $attentionSessionIds.subscribe(() => recomputeKeptGateways())
+    const offActiveProfile = $activeGatewayProfile.subscribe(() => recomputeKeptGateways())
+
     const offWindowState = desktop.onWindowStateChanged?.(payload => {
       const current = $connection.get()
 
@@ -230,12 +305,31 @@ export function useGatewayBoot({
           progress: 95
         })
         publish(conn)
-        await gateway.connect(conn.wsUrl)
+        // Mint a fresh WS URL right before connecting. For OAuth gateways the
+        // ticket is single-use with a short TTL, so the ticket baked into
+        // conn.wsUrl is stale; resolveGatewayWsUrl() re-mints it and, on
+        // failure, throws a reauth error rather than connecting with a dead
+        // ticket (which would surface as an opaque "connection closed").
+        const wsUrl = await resolveGatewayWsUrl(desktop, conn)
+        await gateway.connect(wsUrl)
 
         if (cancelled) {
           return
         }
 
+        // Record which profile the primary (window) backend booted as, so
+        // same-profile resumes are no-op swaps and any reconnect targets the
+        // right backend. Best-effort: a missing preference means "default".
+        try {
+          const pref = await desktop.profile?.get?.()
+          const profileKey = (pref?.profile ?? '').trim() || 'default'
+          $activeGatewayProfile.set(profileKey)
+          setPrimaryGateway(gateway, profileKey)
+          void ensureGatewayForProfile(profileKey)
+        } catch {
+          $activeGatewayProfile.set('default')
+        }
+
         setDesktopBootStep({
           phase: 'renderer.config',
           message: 'Loading Hermes settings',
@@ -270,6 +364,10 @@ export function useGatewayBoot({
     return () => {
       cancelled = true
       clearReconnectTimer()
+      clearInterval(keepaliveTimer)
+      offWorking()
+      offAttention()
+      offActiveProfile()
       window.removeEventListener('online', onOnline)
       document.removeEventListener('visibilitychange', onVisible)
       offPowerResume?.()
@@ -278,10 +376,12 @@ export function useGatewayBoot({
       offExit()
       offWindowState?.()
       offBootProgress()
+      closeSecondaryGateways()
       gateway.close()
       publish(null)
       callbacksRef.current.onGatewayReady(null)
-      setGateway(null)
+      setPrimaryGateway(null)
+      $gateway.set(null)
     }
   }, [])
 }

apps/desktop/src/app/gateway/hooks/use-gateway-request.ts

@@ -2,6 +2,9 @@ import { useStore } from '@nanostores/react'
 import { useCallback, useEffect, useRef } from 'react'
 
 import type { HermesGateway } from '@/hermes'
+import { isGatewayReauthRequired, resolveGatewayWsUrl } from '@/lib/gateway-ws-url'
+import { $gateway, ensureActiveGatewayOpen, isActivePrimary } from '@/store/gateway'
+import { $activeGatewayProfile } from '@/store/profile'
 import { $gatewayState, setConnection } from '@/store/session'
 
 export function useGatewayRequest() {
@@ -14,11 +17,25 @@ export function useGatewayRequest() {
 
   const gatewayStateRef = useRef(gatewayState)
   const reconnectingRef = useRef<Promise<HermesGateway | null> | null>(null)
+  // Holds the reauth error from the most recent failed reconnect so
+  // requestGateway can surface the gateway's "session expired, sign in again"
+  // message instead of the opaque "connection closed" that triggered the retry.
+  const reauthErrorRef = useRef<unknown>(null)
 
   useEffect(() => {
     gatewayStateRef.current = gatewayState
   }, [gatewayState])
 
+  // Track the active gateway (primary or a background profile's socket) so
+  // outbound requests and overlay props always target the focused profile.
+  useEffect(
+    () =>
+      $gateway.subscribe(gateway => {
+        gatewayRef.current = gateway as HermesGateway | null
+      }),
+    []
+  )
+
   const ensureGatewayOpen = useCallback(async () => {
     const existing = gatewayRef.current
 
@@ -41,14 +58,29 @@ export function useGatewayRequest() {
         return null
       }
 
+      reauthErrorRef.current = null
+
       try {
-        const conn = await desktop.getConnection()
+        // Reconnect to whichever profile the gateway is currently routed to (not
+        // always the primary), so a sleep/wake reconnect keeps the user on the
+        // profile they were chatting in.
+        const conn = await desktop.getConnection($activeGatewayProfile.get())
         connectionRef.current = conn
         setConnection(conn)
-        await existing.connect(conn.wsUrl)
+        // Re-mint the WS URL before reconnecting. OAuth tickets are single-use
+        // and short-lived, so the cached conn.wsUrl ticket is dead here;
+        // resolveGatewayWsUrl() throws a reauth error in OAuth mode rather than
+        // connecting with a stale ticket. Stash it so requestGateway can show
+        // the actionable "sign in again" message.
+        const wsUrl = await resolveGatewayWsUrl(desktop, conn)
+        await existing.connect(wsUrl)
 
         return existing
-      } catch {
+      } catch (error) {
+        if (isGatewayReauthRequired(error)) {
+          reauthErrorRef.current = error
+        }
+
         connectionRef.current = null
         setConnection(null)
 
@@ -78,9 +110,21 @@ export function useGatewayRequest() {
           throw error
         }
 
-        const recovered = await ensureGatewayOpen()
+        // Primary keeps the OAuth-aware reconnect (remote gateways re-mint a
+        // single-use ticket); background profiles are always local pool
+        // backends, so the registry handles their reconnect with no reauth.
+        const recovered = isActivePrimary() ? await ensureGatewayOpen() : await ensureActiveGatewayOpen()
 
         if (!recovered) {
+          // Prefer the reauth error from the failed reconnect (OAuth session
+          // expired) over the generic transport error that triggered the retry.
+          const reauthError = reauthErrorRef.current
+          reauthErrorRef.current = null
+
+          if (reauthError) {
+            throw reauthError
+          }
+
           throw error
         }
 

apps/desktop/src/app/messaging/index.tsx

@@ -3,7 +3,6 @@ import { useCallback, useEffect, useMemo, useState } from 'react'
 
 import { PageLoader } from '@/components/page-loader'
 import { StatusDot, type StatusTone } from '@/components/status-dot'
-import { Badge, type BadgeProps } from '@/components/ui/badge'
 import { Button } from '@/components/ui/button'
 import { DisclosureCaret } from '@/components/ui/disclosure-caret'
 import { Input } from '@/components/ui/input'
@@ -14,6 +13,7 @@ import {
   type MessagingPlatformInfo,
   updateMessagingPlatform
 } from '@/hermes'
+import { type Translations, useI18n } from '@/i18n'
 import { AlertTriangle, ExternalLink, Save, Trash2 } from '@/lib/icons'
 import { cn } from '@/lib/utils'
 import { notify, notifyError } from '@/store/notifications'
@@ -21,6 +21,8 @@ import { notify, notifyError } from '@/store/notifications'
 import { useRefreshHotkey } from '../hooks/use-refresh-hotkey'
 import { useRouteEnumParam } from '../hooks/use-route-enum-param'
 import { PageSearchShell } from '../page-search-shell'
+import { CREDENTIAL_CONTROL_CLASS } from '../settings/credential-key-ui'
+import { ListRow } from '../settings/primitives'
 import type { SetStatusbarItemGroup } from '../shell/statusbar-controls'
 
 import { PlatformAvatar } from './platform-icon'
@@ -31,31 +33,15 @@ interface MessagingViewProps extends React.ComponentProps<'section'> {
 
 type EditMap = Record<string, Record<string, string>>
 
-const STATE_LABELS: Record<string, string> = {
-  connected: 'Connected',
-  connecting: 'Connecting',
-  disabled: 'Disabled',
-  fatal: 'Error',
-  gateway_stopped: 'Messaging gateway stopped',
-  not_configured: 'Needs setup',
-  pending_restart: 'Restart needed',
-  retrying: 'Retrying',
-  startup_failed: 'Startup failed'
+const PILL_TONE: Record<StatusTone, string> = {
+  good: 'bg-primary/10 text-primary',
+  muted: 'bg-muted text-muted-foreground',
+  warn: 'bg-amber-500/10 text-amber-600 dark:text-amber-300',
+  bad: 'bg-destructive/10 text-destructive'
 }
 
-const TONE_VARIANT: Record<StatusTone, BadgeProps['variant']> = {
-  good: 'default',
-  muted: 'muted',
-  warn: 'warn',
-  bad: 'destructive'
-}
-
-const HINT_BY_STATE: Record<string, string> = {
-  pending_restart: 'Restart the gateway from the status bar to apply this change.',
-  gateway_stopped: 'Start the gateway from the status bar to connect.'
-}
-
-const stateLabel = (state?: null | string) => (state ? STATE_LABELS[state] || state.replace(/_/g, ' ') : 'Unknown')
+const stateLabel = (state: null | string | undefined, m: Translations['messaging']) =>
+  state ? m.states[state] || state.replace(/_/g, ' ') : m.unknown
 
 function stateTone({ enabled, state }: MessagingPlatformInfo): StatusTone {
   if (!enabled) {
@@ -84,7 +70,7 @@ const FIELD_COPY: Record<string, { advanced?: boolean; help?: string; label: str
   TELEGRAM_BOT_TOKEN: {
     label: 'Bot token',
     help: 'Create a bot with @BotFather, then paste the token it gives you.',
-    placeholder: '123456:ABC...'
+    placeholder: 'Paste Telegram bot token'
   },
   TELEGRAM_ALLOWED_USERS: {
     label: 'Allowed Telegram user IDs',
@@ -108,15 +94,56 @@ const FIELD_COPY: Record<string, { advanced?: boolean; help?: string; label: str
     help: 'first, all, or off.',
     advanced: true
   },
+  DISCORD_ALLOW_ALL_USERS: {
+    label: 'Allow all Discord users',
+    help: 'Development only. When true, anyone can DM the bot without an allowlist.',
+    advanced: true
+  },
+  DISCORD_HOME_CHANNEL: {
+    label: 'Home channel ID',
+    help: 'Channel where the bot sends proactive messages (cron output, reminders).',
+    advanced: true
+  },
+  DISCORD_HOME_CHANNEL_NAME: {
+    label: 'Home channel name',
+    help: 'Display name for the home channel in logs and status output.',
+    advanced: true
+  },
+  BLUEBUBBLES_ALLOW_ALL_USERS: {
+    label: 'Allow all iMessage users',
+    help: 'When true, skip the BlueBubbles allowlist.',
+    advanced: true
+  },
+  MATTERMOST_ALLOW_ALL_USERS: {
+    label: 'Allow all Mattermost users',
+    advanced: true
+  },
+  MATTERMOST_HOME_CHANNEL: {
+    label: 'Home channel',
+    advanced: true
+  },
+  QQ_ALLOW_ALL_USERS: {
+    label: 'Allow all QQ users',
+    advanced: true
+  },
+  QQBOT_HOME_CHANNEL: {
+    label: 'QQ home channel',
+    help: 'Default channel or group for cron delivery.',
+    advanced: true
+  },
+  QQBOT_HOME_CHANNEL_NAME: {
+    label: 'QQ home channel name',
+    advanced: true
+  },
   SLACK_BOT_TOKEN: {
     label: 'Slack bot token',
-    help: 'Starts with xoxb-. Found under OAuth & Permissions after installing your Slack app.',
-    placeholder: 'xoxb-...'
+    help: 'Use the bot token from OAuth & Permissions after installing your Slack app.',
+    placeholder: 'Paste Slack bot token'
   },
   SLACK_APP_TOKEN: {
     label: 'Slack app token',
-    help: 'Starts with xapp-. Required for Socket Mode.',
-    placeholder: 'xapp-...'
+    help: 'Use the app-level token required for Socket Mode.',
+    placeholder: 'Paste Slack app token'
   },
   SLACK_ALLOWED_USERS: {
     label: 'Allowed Slack user IDs',
@@ -176,18 +203,21 @@ const FIELD_COPY: Record<string, { advanced?: boolean; help?: string; label: str
   }
 }
 
-function fieldCopy(field: MessagingEnvVarInfo) {
+function fieldCopy(field: MessagingEnvVarInfo, m: Translations['messaging']) {
   const copy = FIELD_COPY[field.key] || {}
+  const localized = m.fieldCopy[field.key] || {}
 
   return {
-    label: copy.label || field.prompt || field.key,
-    help: copy.help || field.description,
-    placeholder: copy.placeholder || field.prompt,
+    label: localized.label || copy.label || field.prompt || field.key,
+    help: localized.help || copy.help || field.description,
+    placeholder: localized.placeholder || copy.placeholder || field.prompt,
     advanced: Boolean(copy.advanced || field.advanced)
   }
 }
 
 export function MessagingView({ setStatusbarItemGroup: _setStatusbarItemGroup, ...props }: MessagingViewProps) {
+  const { t } = useI18n()
+  const m = t.messaging
   const [platforms, setPlatforms] = useState<MessagingPlatformInfo[] | null>(null)
   const [edits, setEdits] = useState<EditMap>({})
   const [query, setQuery] = useState('')
@@ -206,14 +236,14 @@ export function MessagingView({ setStatusbarItemGroup: _setStatusbarItemGroup, .
       setPlatforms(result.platforms)
     } catch (err) {
       if (!silent) {
-        notifyError(err, 'Messaging platforms failed to load')
+        notifyError(err, m.loadFailed)
       }
     } finally {
       if (!silent) {
         setRefreshing(false)
       }
     }
-  }, [])
+  }, [m])
 
   useRefreshHotkey(() => void refreshPlatforms())
 
@@ -287,11 +317,11 @@ export function MessagingView({ setStatusbarItemGroup: _setStatusbarItemGroup, .
       )
       notify({
         kind: 'success',
-        title: enabled ? `${platform.name} enabled` : `${platform.name} disabled`,
-        message: 'Restart the gateway for this change to take effect.'
+        title: enabled ? m.platformEnabled(platform.name) : m.platformDisabled(platform.name),
+        message: m.restartToApply
       })
     } catch (err) {
-      notifyError(err, `Failed to update ${platform.name}`)
+      notifyError(err, m.failedUpdate(platform.name))
     } finally {
       setSaving(null)
     }
@@ -312,11 +342,11 @@ export function MessagingView({ setStatusbarItemGroup: _setStatusbarItemGroup, .
       await refreshPlatforms()
       notify({
         kind: 'success',
-        title: `${platform.name} setup saved`,
-        message: 'Restart the gateway to reconnect with the new credentials.'
+        title: m.setupSaved(platform.name),
+        message: m.restartToReconnect
       })
     } catch (err) {
-      notifyError(err, `Failed to save ${platform.name}`)
+      notifyError(err, m.failedSave(platform.name))
     } finally {
       setSaving(null)
     }
@@ -335,9 +365,9 @@ export function MessagingView({ setStatusbarItemGroup: _setStatusbarItemGroup, .
         }
       }))
       await refreshPlatforms()
-      notify({ kind: 'success', title: `${key} cleared`, message: `${platform.name} setup was updated.` })
+      notify({ kind: 'success', title: m.keyCleared(key), message: m.setupUpdated(platform.name) })
     } catch (err) {
-      notifyError(err, `Failed to clear ${key}`)
+      notifyError(err, m.failedClear(key))
     } finally {
       setSaving(null)
     }
@@ -348,11 +378,11 @@ export function MessagingView({ setStatusbarItemGroup: _setStatusbarItemGroup, .
       {...props}
       onSearchChange={setQuery}
       searchHidden={(platforms?.length ?? 0) === 0}
-      searchPlaceholder="Search messaging..."
+      searchPlaceholder={m.search}
       searchValue={query}
     >
       {!platforms ? (
-        <PageLoader label="Loading messaging platforms..." />
+        <PageLoader label={m.loading} />
       ) : (
         <div className="grid h-full min-h-0 grid-cols-1 lg:grid-cols-[14rem_minmax(0,1fr)]">
           <aside className="min-h-0 overflow-y-auto p-2">
@@ -442,12 +472,14 @@ function PlatformDetail({
   platform: MessagingPlatformInfo
   saving: string | null
 }) {
+  const { t } = useI18n()
+  const m = t.messaging
   const [showAdvanced, setShowAdvanced] = useState(false)
 
   const hasEdits = Object.keys(trimEdits(edits)).length > 0
   const requiredFields = platform.env_vars.filter(field => field.required)
-  const optionalFields = platform.env_vars.filter(field => !field.required && !fieldCopy(field).advanced)
-  const advancedFields = platform.env_vars.filter(field => !field.required && fieldCopy(field).advanced)
+  const optionalFields = platform.env_vars.filter(field => !field.required && !fieldCopy(field, m).advanced)
+  const advancedFields = platform.env_vars.filter(field => !field.required && fieldCopy(field, m).advanced)
   const hiddenCount = advancedFields.length
   const isSavingEnv = saving === `env:${platform.id}`
 
@@ -463,11 +495,11 @@ function PlatformDetail({
                 {platform.description}
               </p>
               <div className="mt-3 flex flex-wrap items-center gap-2">
-                <StatePill tone={stateTone(platform)}>{stateLabel(platform.state)}</StatePill>
+                <StatePill tone={stateTone(platform)}>{stateLabel(platform.state, m)}</StatePill>
                 <SetupPill active={platform.configured}>
-                  {platform.configured ? 'Credentials set' : 'Needs setup'}
+                  {platform.configured ? m.credentialsSet : m.needsSetup}
                 </SetupPill>
-                {!platform.gateway_running && <SetupPill active={false}>Messaging gateway stopped</SetupPill>}
+                {!platform.gateway_running && <SetupPill active={false}>{m.gatewayStopped}</SetupPill>}
               </div>
               <PlatformHint platform={platform} />
             </div>
@@ -481,14 +513,14 @@ function PlatformDetail({
           )}
 
           <section>
-            <SectionTitle>Get your credentials</SectionTitle>
+            <SectionTitle>{m.getCredentials}</SectionTitle>
             <p className="mt-1 text-[length:var(--conversation-caption-font-size)] leading-(--conversation-caption-line-height) text-(--ui-text-tertiary)">
-              {introCopy(platform)}
+              {introCopy(platform, m)}
             </p>
             <div className="mt-3">
               <Button asChild size="sm" variant="textStrong">
                 <a href={platform.docs_url} rel="noreferrer" target="_blank">
-                  Open setup guide
+                  {m.openSetupGuide}
                   <ExternalLink className="size-3.5" />
                 </a>
               </Button>
@@ -496,8 +528,8 @@ function PlatformDetail({
           </section>
 
           <section>
-            <SectionTitle>Required</SectionTitle>
-            <div className="mt-3 space-y-4">
+            <SectionTitle>{m.required}</SectionTitle>
+            <div className="mt-3 grid gap-1">
               {requiredFields.length > 0 ? (
                 requiredFields.map(field => (
                   <MessagingField
@@ -511,7 +543,7 @@ function PlatformDetail({
                 ))
               ) : (
                 <p className="text-[length:var(--conversation-caption-font-size)] leading-(--conversation-caption-line-height) text-(--ui-text-tertiary)">
-                  This platform does not need a token here. Use the setup guide above, then enable it below.
+                  {m.noTokenNeeded}
                 </p>
               )}
             </div>
@@ -519,8 +551,8 @@ function PlatformDetail({
 
           {optionalFields.length > 0 && (
             <section>
-              <SectionTitle>Recommended</SectionTitle>
-              <div className="mt-3 space-y-4">
+              <SectionTitle>{m.recommended}</SectionTitle>
+              <div className="mt-3 grid gap-1">
                 {optionalFields.map(field => (
                   <MessagingField
                     edits={edits}
@@ -542,11 +574,11 @@ function PlatformDetail({
                 onClick={() => setShowAdvanced(value => !value)}
                 type="button"
               >
-                <span>Advanced ({hiddenCount})</span>
+                <span>{m.advanced(hiddenCount)}</span>
                 <DisclosureCaret open={showAdvanced} size="0.875rem" />
               </button>
               {showAdvanced && (
-                <div className="mt-3 space-y-4">
+                <div className="mt-3 grid gap-1">
                   {advancedFields.map(field => (
                     <MessagingField
                       edits={edits}
@@ -566,19 +598,23 @@ function PlatformDetail({
 
       <footer className="bg-(--ui-chat-surface-background) px-5 py-2.5">
         <div className="mx-auto flex max-w-2xl flex-wrap items-center gap-2">
-          <Switch
-            aria-label={platform.enabled ? `Disable ${platform.name}` : `Enable ${platform.name}`}
-            checked={platform.enabled}
-            disabled={saving === `enabled:${platform.id}`}
-            onCheckedChange={onToggle}
-            size="xs"
-          />
+          <label className="flex shrink-0 items-center gap-2 rounded-md border border-(--ui-stroke-tertiary) bg-(--ui-bg-quinary) px-2.5 py-1.5 text-[length:var(--conversation-text-font-size)]">
+            <Switch
+              aria-label={platform.enabled ? m.disableAria(platform.name) : m.enableAria(platform.name)}
+              checked={platform.enabled}
+              disabled={saving === `enabled:${platform.id}`}
+              onCheckedChange={onToggle}
+            />
+            <span className="text-xs font-medium text-muted-foreground">
+              {platform.enabled ? m.enabled : m.disabled}
+            </span>
+          </label>
 
           <div className="ml-auto flex items-center gap-2">
-            {hasEdits && <span className="text-xs text-muted-foreground">Unsaved changes</span>}
+            {hasEdits && <span className="text-xs text-muted-foreground">{m.unsavedChanges}</span>}
             <Button disabled={!hasEdits || isSavingEnv} onClick={onSave} size="sm">
               <Save />
-              {isSavingEnv ? 'Saving...' : 'Save changes'}
+              {isSavingEnv ? m.saving : m.saveChanges}
             </Button>
           </div>
         </div>
@@ -593,7 +629,7 @@ const PLATFORM_INTRO: Record<string, string> = {
   discord:
     'Open the Discord Developer Portal, create an application, add a Bot, then copy its token. Invite the bot to your server with the right scopes.',
   slack:
-    'Create a Slack app, enable Socket Mode, install it to your workspace, then copy the Bot token (xoxb-) and App-level token (xapp-).',
+    'Create a Slack app, enable Socket Mode, install it to your workspace, then copy the bot token and app-level token.',
   mattermost:
     'On your Mattermost server, create a bot account or personal access token, then paste the server URL and token here.',
   matrix: 'Sign in to your homeserver with the bot account, then copy the access token, user ID, and homeserver URL.',
@@ -624,7 +660,8 @@ const PLATFORM_INTRO: Record<string, string> = {
     'Run an HTTP server that other tools (GitHub, GitLab, custom apps) can POST to. Use the secret to verify signatures.'
 }
 
-const introCopy = (platform: MessagingPlatformInfo) => PLATFORM_INTRO[platform.id] || platform.description
+const introCopy = (platform: MessagingPlatformInfo, m: Translations['messaging']) =>
+  m.platformIntro[platform.id] || PLATFORM_INTRO[platform.id] || platform.description
 
 function MessagingField({
   edits,
@@ -639,46 +676,51 @@ function MessagingField({
   onEdit: (key: string, value: string) => void
   saving: string | null
 }) {
-  const copy = fieldCopy(field)
+  const { t } = useI18n()
+  const m = t.messaging
+  const copy = fieldCopy(field, m)
+  const fieldId = `messaging-field-${field.key}`
 
   return (
-    <div className="space-y-1.5">
-      <div className="flex flex-wrap items-baseline gap-2">
-        <label className="text-sm font-medium text-foreground" htmlFor={`messaging-field-${field.key}`}>
-          {copy.label}
-        </label>
-        {field.is_set && <span className="text-[0.66rem] font-medium text-primary">Saved</span>}
-      </div>
-      <div className="flex items-center gap-2">
-        <Input
-          className="font-mono"
-          id={`messaging-field-${field.key}`}
-          onChange={event => onEdit(field.key, event.target.value)}
-          placeholder={field.is_set ? field.redacted_value || 'Replace current value' : copy.placeholder}
-          type={field.is_password ? 'password' : 'text'}
-          value={edits[field.key] || ''}
-        />
-        {field.url && (
-          <Button asChild size="icon-sm" title="Open docs" variant="ghost">
-            <a href={field.url} rel="noreferrer" target="_blank">
-              <ExternalLink className="size-3.5" />
-            </a>
-          </Button>
-        )}
-        {field.is_set && (
-          <Button
-            disabled={saving === `clear:${field.key}`}
-            onClick={() => onClear(field.key)}
-            size="icon-sm"
-            title={`Clear ${field.key}`}
-            variant="ghost"
-          >
-            <Trash2 className="size-3.5" />
-          </Button>
-        )}
-      </div>
-      {copy.help && <p className="text-xs leading-5 text-muted-foreground">{copy.help}</p>}
-    </div>
+    <ListRow
+      action={
+        <div className="flex items-center gap-2">
+          <Input
+            className={CREDENTIAL_CONTROL_CLASS}
+            id={fieldId}
+            onChange={event => onEdit(field.key, event.target.value)}
+            placeholder={field.is_set ? field.redacted_value || m.replaceValue : copy.placeholder}
+            type={field.is_password ? 'password' : 'text'}
+            value={edits[field.key] || ''}
+          />
+          {field.url && (
+            <Button asChild className="size-8 shrink-0" title={m.openDocs} variant="ghost">
+              <a href={field.url} rel="noreferrer" target="_blank">
+                <ExternalLink className="size-3.5" />
+              </a>
+            </Button>
+          )}
+          {field.is_set && (
+            <Button
+              className="size-8 shrink-0"
+              disabled={saving === `clear:${field.key}`}
+              onClick={() => onClear(field.key)}
+              title={m.clearField(field.key)}
+              variant="ghost"
+            >
+              <Trash2 className="size-3.5" />
+            </Button>
+          )}
+        </div>
+      }
+      description={copy.help}
+      title={
+        <span className="flex flex-wrap items-center gap-2">
+          <label htmlFor={fieldId}>{copy.label}</label>
+          {field.is_set && <span className="text-[0.66rem] font-medium text-primary">{m.saved}</span>}
+        </span>
+      }
+    />
   )
 }
 
@@ -687,24 +729,45 @@ function SectionTitle({ children }: { children: React.ReactNode }) {
 }
 
 function PlatformHint({ platform }: { platform: MessagingPlatformInfo }) {
+  const { t } = useI18n()
+
   if (!platform.enabled || platform.state === 'connected') {
     return null
   }
 
-  const hint = HINT_BY_STATE[platform.state || ''] || (platform.gateway_running ? null : HINT_BY_STATE.gateway_stopped)
+  const hint =
+    platform.state === 'pending_restart'
+      ? t.messaging.hintPendingRestart
+      : platform.gateway_running
+        ? null
+        : t.messaging.hintGatewayStopped
 
   return hint ? <p className="mt-2 text-xs leading-5 text-muted-foreground">{hint}</p> : null
 }
 
 function StatePill({ children, tone }: { children: string; tone: StatusTone }) {
   return (
-    <Badge variant={TONE_VARIANT[tone]}>
+    <span
+      className={cn(
+        'inline-flex shrink-0 items-center gap-1.5 rounded-full px-2 py-0.5 text-[0.66rem] font-medium',
+        PILL_TONE[tone]
+      )}
+    >
       <StatusDot tone={tone} />
       {children}
-    </Badge>
+    </span>
   )
 }
 
 function SetupPill({ active, children }: { active: boolean; children: string }) {
-  return <Badge variant={active ? 'default' : 'muted'}>{children}</Badge>
+  return (
+    <span
+      className={cn(
+        'inline-flex items-center rounded-full px-2 py-0.5 text-[0.66rem] font-medium',
+        PILL_TONE[active ? 'good' : 'muted']
+      )}
+    >
+      {children}
+    </span>
+  )
 }

apps/desktop/src/app/messaging/platform-icon.tsx

@@ -1,5 +1,3 @@
-import type { ComponentType, SVGProps } from 'react'
-
 import {
   SiApple,
   SiBilibili,
@@ -14,6 +12,7 @@ import {
   SiWechat,
   SiWhatsapp
 } from '@icons-pack/react-simple-icons'
+import type { ComponentType, SVGProps } from 'react'
 
 import { Globe, Link as LinkIcon, MessageSquareText } from '@/lib/icons'
 import { cn } from '@/lib/utils'
@@ -69,10 +68,7 @@ export function PlatformAvatar({ className, platformId, platformName }: Platform
 
   if (!spec) {
     return (
-      <span
-        aria-hidden="true"
-        className={cn(baseClass, 'bg-(--ui-bg-tertiary) text-(--ui-text-tertiary)')}
-      >
+      <span aria-hidden="true" className={cn(baseClass, 'bg-(--ui-bg-tertiary) text-(--ui-text-tertiary)')}>
         {platformName.charAt(0).toUpperCase()}
       </span>
     )

apps/desktop/src/app/overlays/overlay-search-input.tsx

@@ -0,0 +1,37 @@
+import type { RefObject } from 'react'
+
+import { SearchField } from '@/components/ui/search-field'
+import { cn } from '@/lib/utils'
+
+interface OverlaySearchInputProps {
+  containerClassName?: string
+  inputRef?: RefObject<HTMLInputElement | null>
+  loading?: boolean
+  onChange: (value: string) => void
+  placeholder: string
+  value: string
+}
+
+export function OverlaySearchInput({
+  containerClassName,
+  inputRef,
+  loading = false,
+  onChange,
+  placeholder,
+  value
+}: OverlaySearchInputProps) {
+  return (
+    <SearchField
+      containerClassName={cn(
+        'rounded-md border border-(--ui-stroke-tertiary) bg-(--ui-bg-quinary) px-2 shadow-sm focus-within:border-(--ui-stroke-secondary)',
+        containerClassName
+      )}
+      inputClassName="h-8 text-[0.8125rem]"
+      inputRef={inputRef}
+      loading={loading}
+      onChange={onChange}
+      placeholder={placeholder}
+      value={value}
+    />
+  )
+}

apps/desktop/src/app/overlays/overlay-split-layout.tsx

@@ -24,6 +24,9 @@ interface OverlayNavItemProps {
   active: boolean
   icon: IconComponent
   label: string
+  // Renders as an indented child of another nav item: smaller icon and a
+  // lighter active state so it never competes with the boxed parent item.
+  nested?: boolean
   onClick: () => void
   trailing?: ReactNode
 }
@@ -70,19 +73,29 @@ export function OverlayMain({ children, className }: OverlayMainProps) {
   )
 }
 
-export function OverlayNavItem({ active, icon: Icon, label, onClick, trailing }: OverlayNavItemProps) {
+export function OverlayNavItem({ active, icon: Icon, label, nested, onClick, trailing }: OverlayNavItemProps) {
   return (
     <button
       className={cn(
         'flex h-7 w-full items-center justify-start gap-2 rounded-md border px-2 text-left text-[length:var(--conversation-text-font-size)] font-normal transition-colors',
-        active
-          ? 'border-(--ui-stroke-tertiary) bg-(--ui-bg-tertiary) text-foreground'
-          : 'border-transparent bg-transparent text-(--ui-text-secondary) hover:bg-(--chrome-action-hover) hover:text-foreground'
+        nested
+          ? active
+            ? 'border-transparent bg-(--chrome-action-hover) font-medium text-foreground'
+            : 'border-transparent bg-transparent text-(--ui-text-tertiary) hover:bg-(--chrome-action-hover) hover:text-foreground'
+          : active
+            ? 'border-(--ui-stroke-tertiary) bg-(--ui-bg-tertiary) text-foreground'
+            : 'border-transparent bg-transparent text-(--ui-text-secondary) hover:bg-(--chrome-action-hover) hover:text-foreground'
       )}
       onClick={onClick}
       type="button"
     >
-      <Icon className={cn('size-4 shrink-0', active ? 'text-foreground/80' : 'text-muted-foreground/80')} />
+      <Icon
+        className={cn(
+          'shrink-0',
+          nested ? 'size-3.5' : 'size-4',
+          active ? 'text-foreground/80' : 'text-muted-foreground/80'
+        )}
+      />
       <span className="min-w-0 flex-1 truncate">{label}</span>
       {trailing}
     </button>

apps/desktop/src/app/page-search-shell.tsx

@@ -11,6 +11,7 @@ interface PageSearchShellProps extends React.ComponentProps<'section'> {
   filters?: ReactNode
   onSearchChange: (value: string) => void
   searchPlaceholder: string
+  searchTrailingAction?: ReactNode
   searchValue: string
   /** Hide the search field when there's nothing to search (empty dataset). */
   searchHidden?: boolean
@@ -23,6 +24,7 @@ export function PageSearchShell({
   filters,
   onSearchChange,
   searchPlaceholder,
+  searchTrailingAction,
   searchValue,
   searchHidden = false,
   ...props
@@ -51,24 +53,21 @@ export function PageSearchShell({
       <div className="shrink-0">
         {(tabs || !searchHidden) && (
           <div className="flex items-center gap-3 px-3 pb-2 pt-[calc(var(--titlebar-height)+0.5rem)]">
-            {tabs ? (
-              <div className="flex min-w-0 flex-1 flex-wrap items-center gap-x-2 gap-y-1">{tabs}</div>
-            ) : null}
+            {tabs ? <div className="flex min-w-0 flex-1 flex-wrap items-center gap-x-2 gap-y-1">{tabs}</div> : null}
             {!searchHidden && (
               <div className={cn('flex shrink-0 items-center', !tabs && 'flex-1')}>
                 <SearchField
                   containerClassName="max-w-[45vw]"
                   onChange={onSearchChange}
                   placeholder={searchPlaceholder}
+                  trailingAction={searchTrailingAction}
                   value={searchValue}
                 />
               </div>
             )}
           </div>
         )}
-        {filters ? (
-          <div className="flex flex-wrap items-center gap-x-2 gap-y-1 px-3 pb-2">{filters}</div>
-        ) : null}
+        {filters ? <div className="flex flex-wrap items-center gap-x-2 gap-y-1 px-3 pb-2">{filters}</div> : null}
       </div>
       <div className="min-h-0 flex-1 overflow-hidden bg-(--ui-chat-surface-background)">{children}</div>
     </section>

apps/desktop/src/app/profiles/create-profile-dialog.tsx

@@ -0,0 +1,158 @@
+import { useEffect, useState } from 'react'
+
+import { ActionStatus } from '@/components/ui/action-status'
+import { Button } from '@/components/ui/button'
+import { Checkbox } from '@/components/ui/checkbox'
+import { Dialog, DialogContent, DialogDescription, DialogFooter, DialogHeader, DialogTitle } from '@/components/ui/dialog'
+import { Input } from '@/components/ui/input'
+import { Textarea } from '@/components/ui/textarea'
+import { createProfile, updateProfileSoul } from '@/hermes'
+import { AlertTriangle } from '@/lib/icons'
+import { cn } from '@/lib/utils'
+
+const PROFILE_NAME_RE = /^[a-z0-9][a-z0-9_-]{0,63}$/
+
+export const PROFILE_NAME_HINT =
+  'Lowercase letters, digits, hyphens, and underscores. Must start with a letter or digit.'
+
+export function isValidProfileName(name: string): boolean {
+  return PROFILE_NAME_RE.test(name.trim())
+}
+
+// Self-contained create flow (name + clone toggle + optional SOUL.md). Owns the
+// createProfile/updateProfileSoul calls so every caller just refreshes/selects
+// via onCreated. SOUL left blank keeps the cloned/blank persona untouched.
+export function CreateProfileDialog({
+  onClose,
+  onCreated,
+  open
+}: {
+  onClose: () => void
+  onCreated?: (name: string) => Promise<void> | void
+  open: boolean
+}) {
+  const [name, setName] = useState('')
+  const [cloneFromDefault, setCloneFromDefault] = useState(true)
+  const [soul, setSoul] = useState('')
+  const [status, setStatus] = useState<'done' | 'idle' | 'saving'>('idle')
+  const [error, setError] = useState<null | string>(null)
+
+  useEffect(() => {
+    if (!open) {
+      return
+    }
+
+    setName('')
+    setCloneFromDefault(true)
+    setSoul('')
+    setError(null)
+    setStatus('idle')
+  }, [open])
+
+  const trimmed = name.trim()
+  const invalid = trimmed !== '' && !isValidProfileName(trimmed)
+  const busy = status === 'saving' || status === 'done'
+
+  async function handleSubmit(event: React.FormEvent) {
+    event.preventDefault()
+
+    if (!trimmed || invalid) {
+      setError(invalid ? `Invalid name. ${PROFILE_NAME_HINT}` : 'Name is required.')
+
+      return
+    }
+
+    setStatus('saving')
+    setError(null)
+
+    try {
+      await createProfile({ name: trimmed, clone_from_default: cloneFromDefault })
+
+      if (soul.trim()) {
+        await updateProfileSoul(trimmed, soul)
+      }
+
+      await onCreated?.(trimmed)
+      setStatus('done')
+      window.setTimeout(onClose, 800)
+    } catch (err) {
+      setStatus('idle')
+      setError(err instanceof Error ? err.message : 'Failed to create profile')
+    }
+  }
+
+  return (
+    <Dialog onOpenChange={value => !value && !busy && onClose()} open={open}>
+      <DialogContent className="max-w-md">
+        <DialogHeader>
+          <DialogTitle>New profile</DialogTitle>
+          <DialogDescription>
+            Profiles are independent Hermes environments: separate config, skills, and SOUL.md.
+          </DialogDescription>
+        </DialogHeader>
+
+        <form className="grid gap-4" onSubmit={handleSubmit}>
+          <div className="grid gap-1.5">
+            <label className="text-xs font-medium" htmlFor="new-profile-name">
+              Name
+            </label>
+            <Input
+              aria-invalid={invalid}
+              autoFocus
+              id="new-profile-name"
+              onChange={event => setName(event.target.value)}
+              placeholder="my-profile"
+              value={name}
+            />
+            <p className={cn('text-[0.66rem] leading-4', invalid ? 'text-destructive' : 'text-muted-foreground')}>
+              {PROFILE_NAME_HINT}
+            </p>
+          </div>
+
+          <label className="flex cursor-pointer select-none items-start gap-2.5 px-0.5 py-1">
+            <Checkbox
+              checked={cloneFromDefault}
+              className="mt-0.5 shrink-0"
+              onCheckedChange={checked => setCloneFromDefault(checked === true)}
+            />
+            <span className="grid gap-0.5 leading-snug">
+              <span className="text-sm font-medium">Clone from default</span>
+              <span className="text-xs text-muted-foreground">
+                Copy config, skills, and SOUL.md from your default profile.
+              </span>
+            </span>
+          </label>
+
+          <div className="grid gap-1.5">
+            <label className="text-xs font-medium" htmlFor="new-profile-soul">
+              SOUL.md <span className="font-normal text-muted-foreground">— optional</span>
+            </label>
+            <Textarea
+              className="min-h-28 font-mono text-xs leading-5"
+              id="new-profile-soul"
+              onChange={event => setSoul(event.target.value)}
+              placeholder={`The system prompt / persona for this profile.\nLeave blank to keep the ${cloneFromDefault ? 'cloned' : 'empty'} default.`}
+              value={soul}
+            />
+          </div>
+
+          {error && (
+            <div className="flex items-start gap-2 rounded-md border border-destructive/30 bg-destructive/10 px-3 py-2 text-xs text-destructive">
+              <AlertTriangle className="mt-0.5 size-3.5 shrink-0" />
+              <span>{error}</span>
+            </div>
+          )}
+
+          <DialogFooter>
+            <Button disabled={busy} onClick={onClose} type="button" variant="ghost">
+              Cancel
+            </Button>
+            <Button disabled={busy || !trimmed || invalid} type="submit">
+              <ActionStatus busy="Creating…" done="Created" idle="Create profile" state={status} />
+            </Button>
+          </DialogFooter>
+        </form>
+      </DialogContent>
+    </Dialog>
+  )
+}

apps/desktop/src/app/profiles/delete-profile-dialog.tsx

@@ -0,0 +1,58 @@
+import { ConfirmDialog } from '@/components/ui/confirm-dialog'
+import { deleteProfile } from '@/hermes'
+import { $activeGatewayProfile, normalizeProfileKey, selectProfile, setActiveProfile } from '@/store/profile'
+
+// Thin wrapper over ConfirmDialog: owns the deleteProfile call, inherits
+// Enter-to-confirm + busy/done/error from the shared dialog. The single choke
+// point for every delete entry point (rail + Profiles view).
+export function DeleteProfileDialog({
+  profile,
+  onClose,
+  onDeleted,
+  open
+}: {
+  profile: { name: string; path: string } | null
+  onClose: () => void
+  onDeleted?: () => Promise<void> | void
+  open: boolean
+}) {
+  return (
+    <ConfirmDialog
+      busyLabel="Deleting…"
+      confirmLabel="Delete"
+      description={
+        profile ? (
+          <>
+            This will delete <span className="font-medium text-foreground">{profile.name}</span> and remove its{' '}
+            <span className="font-mono text-xs">{profile.path}</span> directory. This cannot be undone.
+          </>
+        ) : null
+      }
+      destructive
+      doneLabel="Deleted"
+      onClose={onClose}
+      onConfirm={async () => {
+        if (!profile) {
+          return
+        }
+
+        // Deleting the profile the live gateway is on strands it on a dead
+        // backend. Capture that before the delete; reset *after* the host's
+        // onDeleted refresh so our reset is the last write — a refreshActiveProfile
+        // racing the (still-dying) backend can't clobber the pill back to it.
+        const wasActive = normalizeProfileKey(profile.name) === normalizeProfileKey($activeGatewayProfile.get())
+        await deleteProfile(profile.name)
+        await onDeleted?.()
+
+        if (wasActive) {
+          // Swap gateway/sidebar to default and set the pill now — the primary
+          // backend is always default, so this is correct, not just optimistic.
+          selectProfile('default')
+          setActiveProfile('default')
+        }
+      }}
+      open={open}
+      title="Delete profile?"
+    />
+  )
+}

apps/desktop/src/app/profiles/index.tsx

@@ -1,7 +1,7 @@
+import type * as React from 'react'
 import { useCallback, useEffect, useMemo, useRef, useState } from 'react'
 
 import { PageLoader } from '@/components/page-loader'
-import { Badge } from '@/components/ui/badge'
 import { Button } from '@/components/ui/button'
 import { Codicon } from '@/components/ui/codicon'
 import {
@@ -24,34 +24,47 @@ import {
   renameProfile,
   updateProfileSoul
 } from '@/hermes'
+import { useI18n } from '@/i18n'
 import { AlertTriangle, Pencil, Save, Terminal, Trash2, Users } from '@/lib/icons'
 import { cn } from '@/lib/utils'
 import { notify, notifyError } from '@/store/notifications'
 
 import { useRefreshHotkey } from '../hooks/use-refresh-hotkey'
-import { OverlayMain, OverlaySidebar, OverlaySplitLayout } from '../overlays/overlay-split-layout'
 import { OverlayView } from '../overlays/overlay-view'
+import type { SetStatusbarItemGroup } from '../shell/statusbar-controls'
+import { titlebarHeaderBaseClass } from '../shell/titlebar'
+import type { SetTitlebarToolGroup } from '../shell/titlebar-controls'
 
 const PROFILE_NAME_RE = /^[a-z0-9][a-z0-9_-]{0,63}$/
 
-const PROFILE_NAME_HINT = 'Lowercase letters, digits, hyphens, and underscores. Must start with a letter or digit.'
-
 function isValidProfileName(name: string): boolean {
   return PROFILE_NAME_RE.test(name.trim())
 }
 
-interface ProfilesViewProps {
+interface ProfilesViewProps extends React.ComponentProps<'section'> {
   onClose: () => void
+  setStatusbarItemGroup?: SetStatusbarItemGroup
+  setTitlebarToolGroup?: SetTitlebarToolGroup
 }
 
-export function ProfilesView({ onClose }: ProfilesViewProps) {
+export function ProfilesView({
+  onClose,
+  setStatusbarItemGroup: _setStatusbarItemGroup,
+  setTitlebarToolGroup,
+  ...props
+}: ProfilesViewProps) {
+  const { t } = useI18n()
+  const p = t.profiles
   const [profiles, setProfiles] = useState<null | ProfileInfo[]>(null)
+  const [refreshing, setRefreshing] = useState(false)
   const [selectedName, setSelectedName] = useState<null | string>(null)
   const [createOpen, setCreateOpen] = useState(false)
   const [pendingDelete, setPendingDelete] = useState<null | ProfileInfo>(null)
   const [deleting, setDeleting] = useState(false)
 
   const refresh = useCallback(async () => {
+    setRefreshing(true)
+
     try {
       const { profiles: list } = await getProfiles()
       setProfiles(list)
@@ -63,9 +76,11 @@ export function ProfilesView({ onClose }: ProfilesViewProps) {
         return list.find(p => p.is_default)?.name ?? list[0]?.name ?? null
       })
     } catch (err) {
-      notifyError(err, 'Failed to load profiles')
+      notifyError(err, p.failedLoad)
+    } finally {
+      setRefreshing(false)
     }
-  }, [])
+  }, [p])
 
   useRefreshHotkey(refresh)
 
@@ -73,6 +88,24 @@ export function ProfilesView({ onClose }: ProfilesViewProps) {
     void refresh()
   }, [refresh])
 
+  useEffect(() => {
+    if (!setTitlebarToolGroup) {
+      return
+    }
+
+    setTitlebarToolGroup('profiles', [
+      {
+        disabled: refreshing,
+        icon: <Codicon name="refresh" spinning={refreshing} />,
+        id: 'refresh-profiles',
+        label: refreshing ? p.refreshing : p.refresh,
+        onSelect: () => void refresh()
+      }
+    ])
+
+    return () => setTitlebarToolGroup('profiles', [])
+  }, [p, refresh, refreshing, setTitlebarToolGroup])
+
   const selected = useMemo(() => {
     if (!profiles) {
       return null
@@ -86,15 +119,15 @@ export function ProfilesView({ onClose }: ProfilesViewProps) {
       const trimmed = name.trim()
 
       if (!isValidProfileName(trimmed)) {
-        throw new Error(PROFILE_NAME_HINT)
+        throw new Error(p.nameHint)
       }
 
       await createProfile({ name: trimmed, clone_from_default: cloneFromDefault })
-      notify({ kind: 'success', title: 'Profile created', message: trimmed })
+      notify({ kind: 'success', title: p.created, message: trimmed })
       setSelectedName(trimmed)
       await refresh()
     },
-    [refresh]
+    [p, refresh]
   )
 
   const handleRename = useCallback(
@@ -106,15 +139,15 @@ export function ProfilesView({ onClose }: ProfilesViewProps) {
       }
 
       if (!isValidProfileName(target)) {
-        throw new Error(PROFILE_NAME_HINT)
+        throw new Error(p.nameHint)
       }
 
       await renameProfile(from, target)
-      notify({ kind: 'success', title: 'Profile renamed', message: `${from} → ${target}` })
+      notify({ kind: 'success', title: p.renamed, message: `${from} → ${target}` })
       setSelectedName(target)
       await refresh()
     },
-    [refresh]
+    [p, refresh]
   )
 
   const handleConfirmDelete = useCallback(async () => {
@@ -126,123 +159,133 @@ export function ProfilesView({ onClose }: ProfilesViewProps) {
 
     try {
       await deleteProfile(pendingDelete.name)
-      notify({ kind: 'success', title: 'Profile deleted', message: pendingDelete.name })
+      notify({ kind: 'success', title: p.deleted, message: pendingDelete.name })
       setPendingDelete(null)
       setSelectedName(null)
       await refresh()
     } catch (err) {
-      notifyError(err, 'Failed to delete profile')
+      notifyError(err, p.failedDelete)
     } finally {
       setDeleting(false)
     }
-  }, [pendingDelete, refresh])
+  }, [p, pendingDelete, refresh])
 
   return (
-    <OverlayView closeLabel="Close profiles" onClose={onClose}>
-      {!profiles ? (
-        <PageLoader label="Loading profiles..." />
-      ) : (
-        <OverlaySplitLayout>
-          <OverlaySidebar>
-            <div className="mb-1 flex items-center justify-between gap-2 pl-1.5 pr-0.5">
-              <span className="text-[0.7rem] font-semibold uppercase tracking-wider text-(--ui-text-tertiary)">
-                Profiles
-              </span>
-              <Button
-                aria-label="New profile"
-                className="text-(--ui-text-tertiary) hover:bg-(--ui-control-hover-background) hover:text-foreground"
-                onClick={() => setCreateOpen(true)}
-                size="icon-xs"
-                variant="ghost"
-              >
-                <Codicon name="add" size="0.875rem" />
-              </Button>
-            </div>
-            {profiles.map(profile => (
-              <ProfileRow
-                active={selected?.name === profile.name}
-                key={profile.name}
-                onSelect={() => setSelectedName(profile.name)}
-                profile={profile}
-              />
-            ))}
-            {profiles.length === 0 && (
-              <p className="px-1.5 py-3 text-xs text-muted-foreground">No profiles yet.</p>
-            )}
-          </OverlaySidebar>
+    <OverlayView closeLabel={p.close} onClose={onClose}>
+      <section {...props} className="flex h-full min-w-0 flex-col overflow-hidden rounded-b-[0.9375rem] bg-background">
+        <header className={titlebarHeaderBaseClass}>
+          <h2 className="pointer-events-auto text-base font-semibold leading-none tracking-tight">{p.title}</h2>
+          <span className="pointer-events-auto text-xs text-muted-foreground">
+            {profiles ? p.count(profiles.length) : ''}
+          </span>
+        </header>
 
-          <OverlayMain className="px-0">
-            {selected ? (
-              <ProfileDetail
-                key={selected.name}
-                onDelete={() => setPendingDelete(selected)}
-                onRename={newName => handleRename(selected.name, newName)}
-                profile={selected}
-              />
-            ) : (
-              <div className="grid h-full place-items-center px-6 py-12 text-center text-sm text-muted-foreground">
-                <div>
-                  <Users className="mx-auto size-6 text-muted-foreground/60" />
-                  <p className="mt-3">Select a profile to view its details.</p>
+        <div className="min-h-0 flex-1 overflow-hidden rounded-b-[1.0625rem] border border-border/50 bg-background/85">
+          {!profiles ? (
+            <PageLoader label={p.loading} />
+          ) : (
+            <div className="grid h-full min-h-0 grid-cols-1 lg:grid-cols-[16rem_minmax(0,1fr)]">
+              <aside className="flex min-h-0 flex-col overflow-hidden border-b border-border/50 lg:border-b-0 lg:border-r">
+                <div className="border-b border-border/40 p-2">
+                  <Button className="w-full" onClick={() => setCreateOpen(true)} size="sm">
+                    <Codicon name="add" />
+                    {p.newProfile}
+                  </Button>
                 </div>
-              </div>
-            )}
-          </OverlayMain>
-        </OverlaySplitLayout>
-      )}
+                <ul className="min-h-0 flex-1 space-y-1 overflow-y-auto p-2">
+                  {profiles.map(profile => (
+                    <li key={profile.name}>
+                      <ProfileRow
+                        active={selected?.name === profile.name}
+                        onSelect={() => setSelectedName(profile.name)}
+                        profile={profile}
+                      />
+                    </li>
+                  ))}
+                  {profiles.length === 0 && (
+                    <li className="px-2 py-4 text-center text-xs text-muted-foreground">{p.noProfiles}</li>
+                  )}
+                </ul>
+              </aside>
 
-      <CreateProfileDialog
-        onClose={() => setCreateOpen(false)}
-        onCreate={async (name, cloneFromDefault) => handleCreate(name, cloneFromDefault)}
-        open={createOpen}
-      />
+              <main className="min-h-0 overflow-hidden">
+                {selected ? (
+                  <ProfileDetail
+                    key={selected.name}
+                    onDelete={() => setPendingDelete(selected)}
+                    onRename={newName => handleRename(selected.name, newName)}
+                    profile={selected}
+                  />
+                ) : (
+                  <div className="grid h-full place-items-center px-6 py-12 text-center text-sm text-muted-foreground">
+                    <div>
+                      <Users className="mx-auto size-6 text-muted-foreground/60" />
+                      <p className="mt-3">{p.selectPrompt}</p>
+                    </div>
+                  </div>
+                )}
+              </main>
+            </div>
+          )}
+        </div>
 
-      <Dialog onOpenChange={open => !open && !deleting && setPendingDelete(null)} open={pendingDelete !== null}>
-        <DialogContent className="max-w-md">
-          <DialogHeader>
-            <DialogTitle>Delete profile?</DialogTitle>
-            <DialogDescription>
-              {pendingDelete ? (
-                <>
-                  This will delete <span className="font-medium text-foreground">{pendingDelete.name}</span> and remove
-                  its <span className="font-mono text-xs">{pendingDelete.path}</span> directory. This cannot be undone.
-                </>
-              ) : null}
-            </DialogDescription>
-          </DialogHeader>
-          <DialogFooter>
-            <Button disabled={deleting} onClick={() => setPendingDelete(null)} variant="outline">
-              Cancel
-            </Button>
-            <Button disabled={deleting} onClick={() => void handleConfirmDelete()} variant="destructive">
-              {deleting ? 'Deleting...' : 'Delete'}
-            </Button>
-          </DialogFooter>
-        </DialogContent>
-      </Dialog>
+        <CreateProfileDialog
+          onClose={() => setCreateOpen(false)}
+          onCreate={async (name, cloneFromDefault) => handleCreate(name, cloneFromDefault)}
+          open={createOpen}
+        />
+
+        <Dialog onOpenChange={open => !open && !deleting && setPendingDelete(null)} open={pendingDelete !== null}>
+          <DialogContent className="max-w-md">
+            <DialogHeader>
+              <DialogTitle>{p.deleteTitle}</DialogTitle>
+              <DialogDescription>
+                {pendingDelete ? (
+                  <>
+                    {p.deleteDescPrefix}
+                    <span className="font-medium text-foreground">{pendingDelete.name}</span>
+                    {p.deleteDescMid}
+                    <span className="font-mono text-xs">{pendingDelete.path}</span>
+                    {p.deleteDescSuffix}
+                  </>
+                ) : null}
+              </DialogDescription>
+            </DialogHeader>
+            <DialogFooter>
+              <Button disabled={deleting} onClick={() => setPendingDelete(null)} variant="outline">
+                {t.common.cancel}
+              </Button>
+              <Button disabled={deleting} onClick={() => void handleConfirmDelete()} variant="destructive">
+                {deleting ? p.deleting : t.common.delete}
+              </Button>
+            </DialogFooter>
+          </DialogContent>
+        </Dialog>
+      </section>
     </OverlayView>
   )
 }
 
 function ProfileRow({ active, onSelect, profile }: { active: boolean; onSelect: () => void; profile: ProfileInfo }) {
+  const { t } = useI18n()
+  const p = t.profiles
+
   return (
     <button
       className={cn(
-        'flex w-full flex-col items-start gap-0.5 rounded-md px-2 py-1.5 text-left transition-colors',
-        active
-          ? 'bg-(--ui-row-active-background) text-foreground'
-          : 'text-(--ui-text-secondary) hover:bg-(--ui-row-hover-background) hover:text-foreground'
+        'flex w-full flex-col items-start gap-1 rounded-lg px-2.5 py-2 text-left transition-colors',
+        active ? 'bg-accent text-foreground' : 'text-foreground/85 hover:bg-accent/60'
       )}
       onClick={onSelect}
       type="button"
     >
       <span className="flex w-full items-center justify-between gap-2">
         <span className="truncate text-sm font-medium">{profile.name}</span>
-        {profile.is_default && <span className="text-[0.6rem] text-primary">default</span>}
+        {profile.is_default && <span className="text-[0.6rem] text-primary">{p.default}</span>}
       </span>
       <span className="text-[0.66rem] text-muted-foreground">
-        {profile.skill_count} {profile.skill_count === 1 ? 'skill' : 'skills'}
-        {profile.has_env ? ' · env' : ''}
+        {p.skills(profile.skill_count)}
+        {profile.has_env ? ` · ${p.env}` : ''}
       </span>
     </button>
   )
@@ -257,6 +300,8 @@ function ProfileDetail({
   onRename: (newName: string) => Promise<void>
   profile: ProfileInfo
 }) {
+  const { t } = useI18n()
+  const p = t.profiles
   const [renameOpen, setRenameOpen] = useState(false)
   const [copying, setCopying] = useState(false)
 
@@ -266,13 +311,13 @@ function ProfileDetail({
     try {
       const { command } = await getProfileSetupCommand(profile.name)
       await navigator.clipboard.writeText(command)
-      notify({ kind: 'success', title: 'Setup command copied', message: command })
+      notify({ kind: 'success', title: p.setupCopied, message: command })
     } catch (err) {
-      notifyError(err, 'Failed to copy setup command')
+      notifyError(err, p.failedCopy)
     } finally {
       setCopying(false)
     }
-  }, [profile.name])
+  }, [p, profile.name])
 
   return (
     <div className="flex h-full min-h-0 flex-col">
@@ -283,50 +328,58 @@ function ProfileDetail({
               <div className="min-w-0">
                 <div className="flex flex-wrap items-center gap-2">
                   <h3 className="text-xl font-semibold tracking-tight">{profile.name}</h3>
-                  {profile.is_default && <Badge>Default</Badge>}
-                  {profile.has_env && <Badge variant="muted">.env</Badge>}
+                  {profile.is_default && (
+                    <span className="rounded-full bg-primary/10 px-2 py-0.5 text-[0.65rem] font-medium text-primary">
+                      {p.defaultBadge}
+                    </span>
+                  )}
+                  {profile.has_env && (
+                    <span className="rounded-full bg-muted px-2 py-0.5 text-[0.65rem] font-medium text-muted-foreground">
+                      .env
+                    </span>
+                  )}
                 </div>
                 <p className="mt-1 font-mono text-[0.7rem] text-muted-foreground" title={profile.path}>
                   {profile.path}
                 </p>
               </div>
-              <div className="flex shrink-0 items-center gap-3">
+              <div className="flex shrink-0 items-center gap-1">
                 {!profile.is_default && (
-                  <Button onClick={() => setRenameOpen(true)} size="sm" variant="text">
+                  <Button onClick={() => setRenameOpen(true)} size="sm" variant="outline">
                     <Pencil />
-                    Rename
+                    {p.rename}
                   </Button>
                 )}
-                <Button disabled={copying} onClick={() => void handleCopySetup()} size="sm" variant="text">
+                <Button disabled={copying} onClick={() => void handleCopySetup()} size="sm" variant="outline">
                   <Terminal />
-                  {copying ? 'Copying...' : 'Copy setup'}
+                  {copying ? p.copying : p.copySetup}
                 </Button>
                 {!profile.is_default && (
                   <Button
-                    className="hover:text-destructive hover:no-underline"
+                    className="text-muted-foreground hover:bg-destructive/10 hover:text-destructive"
                     onClick={onDelete}
                     size="sm"
-                    variant="text"
+                    variant="ghost"
                   >
                     <Trash2 />
-                    Delete
+                    {t.common.delete}
                   </Button>
                 )}
               </div>
             </div>
 
-            <dl className="grid gap-2 text-xs sm:grid-cols-2">
-              <DetailRow label="Model">
+            <dl className="grid gap-2 rounded-lg border border-border/40 bg-background/70 px-3 py-3 text-xs sm:grid-cols-2">
+              <DetailRow label={p.modelLabel}>
                 {profile.model ? (
                   <>
                     <span className="font-mono">{profile.model}</span>
                     {profile.provider && <span className="text-muted-foreground"> · {profile.provider}</span>}
                   </>
                 ) : (
-                  <span className="text-muted-foreground">Not set</span>
+                  <span className="text-muted-foreground">{p.notSet}</span>
                 )}
               </DetailRow>
-              <DetailRow label="Skills">{profile.skill_count}</DetailRow>
+              <DetailRow label={p.skillsLabel}>{profile.skill_count}</DetailRow>
             </dl>
           </header>
 
@@ -351,12 +404,14 @@ function DetailRow({ children, label }: { children: React.ReactNode; label: stri
   return (
     <div className="flex flex-wrap items-baseline gap-2">
       <dt className="text-[0.65rem] font-semibold uppercase tracking-[0.12em] text-muted-foreground">{label}</dt>
-      <dd className="text-xs text-foreground">{children}</dd>
+      <dd className="text-sm text-foreground">{children}</dd>
     </div>
   )
 }
 
 function SoulEditor({ profileName }: { profileName: string }) {
+  const { t } = useI18n()
+  const p = t.profiles
   const [content, setContent] = useState('')
   const [original, setOriginal] = useState('')
   const [loading, setLoading] = useState(true)
@@ -381,7 +436,7 @@ function SoulEditor({ profileName }: { profileName: string }) {
         }
       } catch (err) {
         if (requestRef.current === profileName) {
-          setError(err instanceof Error ? err.message : 'Failed to load SOUL.md')
+          setError(err instanceof Error ? err.message : p.failedLoadSoul)
         }
       } finally {
         if (requestRef.current === profileName) {
@@ -389,7 +444,7 @@ function SoulEditor({ profileName }: { profileName: string }) {
         }
       }
     })()
-  }, [profileName])
+  }, [p, profileName])
 
   const dirty = content !== original
   const isEmpty = !content.trim()
@@ -401,9 +456,9 @@ function SoulEditor({ profileName }: { profileName: string }) {
     try {
       await updateProfileSoul(profileName, content)
       setOriginal(content)
-      notify({ kind: 'success', title: 'SOUL.md saved', message: profileName })
+      notify({ kind: 'success', title: p.soulSaved, message: profileName })
     } catch (err) {
-      setError(err instanceof Error ? err.message : 'Failed to save SOUL.md')
+      setError(err instanceof Error ? err.message : p.failedSaveSoul)
     } finally {
       setSaving(false)
     }
@@ -414,20 +469,20 @@ function SoulEditor({ profileName }: { profileName: string }) {
       <div className="flex flex-wrap items-baseline justify-between gap-2">
         <div>
           <h4 className="text-[0.7rem] font-semibold uppercase tracking-[0.14em] text-muted-foreground">SOUL.md</h4>
-          <p className="text-xs text-muted-foreground">
-            The system prompt and persona instructions baked into this profile.
-          </p>
+          <p className="text-xs text-muted-foreground">{p.soulDesc}</p>
         </div>
-        {dirty && <span className="text-[0.65rem] text-muted-foreground">Unsaved changes</span>}
+        {dirty && <span className="text-[0.65rem] text-muted-foreground">{p.unsavedChanges}</span>}
       </div>
 
       {loading ? (
-        <PageLoader className="min-h-44" label="Loading SOUL.md" />
+        <div className="grid h-44 place-items-center rounded-md border border-border/40 bg-background/60 text-xs text-muted-foreground">
+          {p.loadingSoul}
+        </div>
       ) : (
         <Textarea
           className="min-h-72 font-mono text-xs leading-5"
           onChange={event => setContent(event.target.value)}
-          placeholder={isEmpty ? 'Empty SOUL.md — start writing the persona...' : undefined}
+          placeholder={isEmpty ? p.emptySoul : undefined}
           value={content}
         />
       )}
@@ -442,7 +497,7 @@ function SoulEditor({ profileName }: { profileName: string }) {
       <div className="flex justify-end">
         <Button disabled={!dirty || saving || loading} onClick={() => void handleSave()} size="sm">
           <Save />
-          {saving ? 'Saving...' : 'Save SOUL.md'}
+          {saving ? p.saving : p.saveSoul}
         </Button>
       </div>
     </section>
@@ -458,6 +513,8 @@ function CreateProfileDialog({
   onCreate: (name: string, cloneFromDefault: boolean) => Promise<void>
   open: boolean
 }) {
+  const { t } = useI18n()
+  const p = t.profiles
   const [name, setName] = useState('')
   const [cloneFromDefault, setCloneFromDefault] = useState(true)
   const [saving, setSaving] = useState(false)
@@ -481,7 +538,7 @@ function CreateProfileDialog({
     event.preventDefault()
 
     if (!trimmed || invalid) {
-      setError(invalid ? `Invalid name. ${PROFILE_NAME_HINT}` : 'Name is required.')
+      setError(invalid ? p.invalidName(p.nameHint) : p.nameRequired)
 
       return
     }
@@ -493,7 +550,7 @@ function CreateProfileDialog({
       await onCreate(trimmed, cloneFromDefault)
       onClose()
     } catch (err) {
-      setError(err instanceof Error ? err.message : 'Failed to create profile')
+      setError(err instanceof Error ? err.message : p.failedCreate)
     } finally {
       setSaving(false)
     }
@@ -503,16 +560,14 @@ function CreateProfileDialog({
     <Dialog onOpenChange={value => !value && !saving && onClose()} open={open}>
       <DialogContent className="max-w-md">
         <DialogHeader>
-          <DialogTitle>New profile</DialogTitle>
-          <DialogDescription>
-            Profiles are independent Hermes environments: separate config, skills, and SOUL.md.
-          </DialogDescription>
+          <DialogTitle>{p.newProfile}</DialogTitle>
+          <DialogDescription>{p.createDesc}</DialogDescription>
         </DialogHeader>
 
         <form className="grid gap-4" onSubmit={handleSubmit}>
           <div className="grid gap-1.5">
             <label className="text-xs font-medium" htmlFor="new-profile-name">
-              Name
+              {p.nameLabel}
             </label>
             <Input
               aria-invalid={invalid}
@@ -523,7 +578,7 @@ function CreateProfileDialog({
               value={name}
             />
             <p className={cn('text-[0.66rem] leading-4', invalid ? 'text-destructive' : 'text-muted-foreground')}>
-              {PROFILE_NAME_HINT}
+              {p.nameHint}
             </p>
           </div>
 
@@ -535,10 +590,8 @@ function CreateProfileDialog({
               type="checkbox"
             />
             <span>
-              <span className="font-medium">Clone from default</span>
-              <span className="ml-2 text-xs text-muted-foreground">
-                Copy config, skills, and SOUL.md from your default profile.
-              </span>
+              <span className="font-medium">{p.cloneFromDefault}</span>
+              <span className="ml-2 text-xs text-muted-foreground">{p.cloneFromDefaultDesc}</span>
             </span>
           </label>
 
@@ -551,10 +604,10 @@ function CreateProfileDialog({
 
           <DialogFooter>
             <Button disabled={saving} onClick={onClose} type="button" variant="outline">
-              Cancel
+              {t.common.cancel}
             </Button>
             <Button disabled={saving || !trimmed || invalid} type="submit">
-              {saving ? 'Creating...' : 'Create profile'}
+              {saving ? p.creating : p.createAction}
             </Button>
           </DialogFooter>
         </form>
@@ -574,6 +627,8 @@ function RenameProfileDialog({
   onRename: (newName: string) => Promise<void>
   open: boolean
 }) {
+  const { t } = useI18n()
+  const p = t.profiles
   const [name, setName] = useState(currentName)
   const [saving, setSaving] = useState(false)
   const [error, setError] = useState<null | string>(null)
@@ -602,7 +657,7 @@ function RenameProfileDialog({
     }
 
     if (!trimmed || invalid) {
-      setError(invalid ? `Invalid name. ${PROFILE_NAME_HINT}` : 'Name is required.')
+      setError(invalid ? p.invalidName(p.nameHint) : p.nameRequired)
 
       return
     }
@@ -613,7 +668,7 @@ function RenameProfileDialog({
     try {
       await onRename(trimmed)
     } catch (err) {
-      setError(err instanceof Error ? err.message : 'Failed to rename profile')
+      setError(err instanceof Error ? err.message : p.failedRename)
     } finally {
       setSaving(false)
     }
@@ -623,17 +678,18 @@ function RenameProfileDialog({
     <Dialog onOpenChange={value => !value && !saving && onClose()} open={open}>
       <DialogContent className="max-w-md">
         <DialogHeader>
-          <DialogTitle>Rename profile</DialogTitle>
+          <DialogTitle>{p.renameTitle}</DialogTitle>
           <DialogDescription>
-            Renaming updates the profile directory and any wrapper scripts in{' '}
-            <span className="font-mono">~/.local/bin</span>.
+            {p.renameDescPrefix}
+            <span className="font-mono">~/.local/bin</span>
+            {p.renameDescSuffix}
           </DialogDescription>
         </DialogHeader>
 
         <form className="grid gap-3" onSubmit={handleSubmit}>
           <div className="grid gap-1.5">
             <label className="text-xs font-medium" htmlFor="rename-profile-name">
-              New name
+              {p.newNameLabel}
             </label>
             <Input
               aria-invalid={invalid}
@@ -643,7 +699,7 @@ function RenameProfileDialog({
               value={name}
             />
             <p className={cn('text-[0.66rem] leading-4', invalid ? 'text-destructive' : 'text-muted-foreground')}>
-              {PROFILE_NAME_HINT}
+              {p.nameHint}
             </p>
           </div>
 
@@ -656,10 +712,10 @@ function RenameProfileDialog({
 
           <DialogFooter>
             <Button disabled={saving} onClick={onClose} type="button" variant="outline">
-              Cancel
+              {t.common.cancel}
             </Button>
             <Button disabled={saving || invalid || unchanged} type="submit">
-              {saving ? 'Renaming...' : 'Rename'}
+              {saving ? p.renaming : p.rename}
             </Button>
           </DialogFooter>
         </form>

apps/desktop/src/app/profiles/rename-profile-dialog.tsx

@@ -0,0 +1,121 @@
+import { useEffect, useState } from 'react'
+
+import { ActionStatus } from '@/components/ui/action-status'
+import { Button } from '@/components/ui/button'
+import { Dialog, DialogContent, DialogDescription, DialogFooter, DialogHeader, DialogTitle } from '@/components/ui/dialog'
+import { Input } from '@/components/ui/input'
+import { renameProfile } from '@/hermes'
+import { AlertTriangle } from '@/lib/icons'
+import { cn } from '@/lib/utils'
+
+import { isValidProfileName, PROFILE_NAME_HINT } from './create-profile-dialog'
+
+// Self-contained rename (owns the renameProfile call) so every caller just
+// reacts via onRenamed. Unchanged name is a no-op close.
+export function RenameProfileDialog({
+  currentName,
+  onClose,
+  onRenamed,
+  open
+}: {
+  currentName: string
+  onClose: () => void
+  onRenamed?: (name: string) => Promise<void> | void
+  open: boolean
+}) {
+  const [name, setName] = useState(currentName)
+  const [status, setStatus] = useState<'done' | 'idle' | 'saving'>('idle')
+  const [error, setError] = useState<null | string>(null)
+
+  useEffect(() => {
+    if (!open) {
+      return
+    }
+
+    setName(currentName)
+    setError(null)
+    setStatus('idle')
+  }, [currentName, open])
+
+  const trimmed = name.trim()
+  const unchanged = trimmed === currentName
+  const invalid = trimmed !== '' && !unchanged && !isValidProfileName(trimmed)
+  const busy = status === 'saving' || status === 'done'
+
+  async function handleSubmit(event: React.FormEvent) {
+    event.preventDefault()
+
+    if (unchanged) {
+      onClose()
+
+      return
+    }
+
+    if (!trimmed || invalid) {
+      setError(invalid ? `Invalid name. ${PROFILE_NAME_HINT}` : 'Name is required.')
+
+      return
+    }
+
+    setStatus('saving')
+    setError(null)
+
+    try {
+      await renameProfile(currentName, trimmed)
+      await onRenamed?.(trimmed)
+      setStatus('done')
+      window.setTimeout(onClose, 800)
+    } catch (err) {
+      setStatus('idle')
+      setError(err instanceof Error ? err.message : 'Failed to rename profile')
+    }
+  }
+
+  return (
+    <Dialog onOpenChange={value => !value && !busy && onClose()} open={open}>
+      <DialogContent className="max-w-md">
+        <DialogHeader>
+          <DialogTitle>Rename profile</DialogTitle>
+          <DialogDescription>
+            Renaming updates the profile directory and any wrapper scripts in{' '}
+            <span className="font-mono">~/.local/bin</span>.
+          </DialogDescription>
+        </DialogHeader>
+
+        <form className="grid gap-3" onSubmit={handleSubmit}>
+          <div className="grid gap-1.5">
+            <label className="text-xs font-medium" htmlFor="rename-profile-name">
+              New name
+            </label>
+            <Input
+              aria-invalid={invalid}
+              autoFocus
+              id="rename-profile-name"
+              onChange={event => setName(event.target.value)}
+              value={name}
+            />
+            <p className={cn('text-[0.66rem] leading-4', invalid ? 'text-destructive' : 'text-muted-foreground')}>
+              {PROFILE_NAME_HINT}
+            </p>
+          </div>
+
+          {error && (
+            <div className="flex items-start gap-2 rounded-md border border-destructive/30 bg-destructive/10 px-3 py-2 text-xs text-destructive">
+              <AlertTriangle className="mt-0.5 size-3.5 shrink-0" />
+              <span>{error}</span>
+            </div>
+          )}
+
+          <DialogFooter>
+            <Button disabled={busy} onClick={onClose} type="button" variant="ghost">
+              Cancel
+            </Button>
+            <Button disabled={busy || invalid || unchanged} type="submit">
+              <ActionStatus busy="Renaming…" done="Renamed" idle="Rename" state={status} />
+            </Button>
+          </DialogFooter>
+        </form>
+      </DialogContent>
+    </Dialog>
+  )
+}

apps/desktop/src/app/right-sidebar/index.tsx

@@ -5,6 +5,7 @@ import { ErrorBoundary } from '@/components/error-boundary'
 import { Button } from '@/components/ui/button'
 import { Codicon } from '@/components/ui/codicon'
 import { Loader } from '@/components/ui/loader'
+import { Tip } from '@/components/ui/tooltip'
 import { normalizeOrLocalPreviewTarget } from '@/lib/local-preview'
 import { cn } from '@/lib/utils'
 import { $panesFlipped } from '@/store/layout'
@@ -148,21 +149,21 @@ function RightSidebarChrome({
       <div className="flex items-center gap-2 px-2.5 py-1">
         <nav aria-label="Right sidebar panels" className="flex min-w-0 items-center gap-1">
           {tabs.map(tab => (
-            <Button
-              aria-label={tab.label}
-              aria-pressed={tab.id === activeTab}
-              className={cn(
-                'text-(--ui-text-tertiary) hover:bg-(--ui-control-hover-background) hover:text-foreground',
-                tab.id === activeTab && 'bg-(--ui-control-active-background) text-foreground'
-              )}
-              key={tab.id}
-              onClick={() => setRightSidebarTab(tab.id)}
-              size="icon-xs"
-              title={tab.label}
-              variant="ghost"
-            >
-              <Codicon name={tab.icon} size="0.875rem" />
-            </Button>
+            <Tip key={tab.id} label={tab.label}>
+              <Button
+                aria-label={tab.label}
+                aria-pressed={tab.id === activeTab}
+                className={cn(
+                  'text-(--ui-text-tertiary) hover:bg-(--ui-control-hover-background) hover:text-foreground',
+                  tab.id === activeTab && 'bg-(--ui-control-active-background) text-foreground'
+                )}
+                onClick={() => setRightSidebarTab(tab.id)}
+                size="icon-xs"
+                variant="ghost"
+              >
+                <Codicon name={tab.icon} size="0.875rem" />
+              </Button>
+            </Tip>
           ))}
         </nav>
 
@@ -216,21 +217,21 @@ function FilesystemTab({
   return (
     <div className="group/project-header flex min-h-0 flex-1 flex-col">
       <RightSidebarSectionHeader>
-        <button
-          className="flex min-w-0 flex-1 items-center rounded-md text-left hover:text-(--ui-text-secondary)"
-          onClick={() => void onChangeFolder()}
-          title={hasCwd ? `${cwd} — click to change folder` : 'Open a folder'}
-          type="button"
-        >
-          <SidebarPanelLabel>{cwdName}</SidebarPanelLabel>
-        </button>
+        <Tip label={hasCwd ? `${cwd} — click to change folder` : 'Open a folder'}>
+          <button
+            className="flex min-w-0 flex-1 items-center rounded-md text-left hover:text-(--ui-text-secondary)"
+            onClick={() => void onChangeFolder()}
+            type="button"
+          >
+            <SidebarPanelLabel>{cwdName}</SidebarPanelLabel>
+          </button>
+        </Tip>
         <Button
           aria-label="Refresh tree"
           className={HEADER_ACTION_CLASS}
           disabled={!hasCwd || loading}
           onClick={onRefresh}
           size="icon-xs"
-          title="Refresh tree"
           variant="ghost"
         >
           <Codicon name="refresh" size="0.8125rem" spinning={loading} />
@@ -240,7 +241,6 @@ function FilesystemTab({
           className={HEADER_ACTION_CLASS}
           onClick={() => void onChangeFolder()}
           size="icon-xs"
-          title={hasCwd ? 'Open a different folder' : 'Open a folder'}
           variant="ghost"
         >
           <Codicon name="folder-opened" size="0.8125rem" />
@@ -251,7 +251,6 @@ function FilesystemTab({
           disabled={!hasCwd || !canCollapse}
           onClick={onCollapseAll}
           size="icon-xs"
-          title="Collapse all folders"
           variant="ghost"
         >
           <Codicon name="collapse-all" size="0.8125rem" />

apps/desktop/src/app/right-sidebar/terminal/index.tsx

@@ -5,6 +5,7 @@ import { useStore } from '@nanostores/react'
 import { Button } from '@/components/ui/button'
 import { Codicon } from '@/components/ui/codicon'
 import { Loader } from '@/components/ui/loader'
+import { Tip } from '@/components/ui/tooltip'
 
 import { SidebarPanelLabel } from '../../shell/sidebar-label'
 import { $terminalTakeover, setRightSidebarTab, setTerminalTakeover } from '../store'
@@ -31,6 +32,7 @@ export function TerminalTab({ cwd, onAddSelectionToChat }: TerminalTabProps) {
     if (takeover) {
       setRightSidebarTab('terminal')
     }
+
     setTerminalTakeover(!takeover)
   }
 
@@ -38,17 +40,18 @@ export function TerminalTab({ cwd, onAddSelectionToChat }: TerminalTabProps) {
     <div className="relative flex min-h-0 min-w-0 flex-1 flex-col">
       <div className="flex h-8 shrink-0 items-center gap-2 px-2.5">
         <SidebarPanelLabel className="text-white!">{shellName}</SidebarPanelLabel>
-        <Button
-          aria-label={label}
-          className="ml-auto size-6 rounded-md text-white!"
-          onClick={toggleTakeover}
-          size="icon"
-          title={label}
-          type="button"
-          variant="ghost"
-        >
-          <Codicon name={takeover ? 'screen-normal' : 'screen-full'} size="0.875rem" />
-        </Button>
+        <Tip label={label}>
+          <Button
+            aria-label={label}
+            className="ml-auto size-6 rounded-md text-white!"
+            onClick={toggleTakeover}
+            size="icon"
+            type="button"
+            variant="ghost"
+          >
+            <Codicon name={takeover ? 'screen-normal' : 'screen-full'} size="0.875rem" />
+          </Button>
+        </Tip>
       </div>
       <div className="relative min-h-0 flex-1 bg-[#002b36] p-2">
         {status === 'starting' && (

apps/desktop/src/app/right-sidebar/terminal/persistent.tsx

@@ -1,9 +1,10 @@
 import { useStore } from '@nanostores/react'
 import { atom } from 'nanostores'
-import { useEffect, useLayoutEffect, useRef, useState, type CSSProperties } from 'react'
+import { type CSSProperties, useEffect, useLayoutEffect, useRef, useState } from 'react'
+
+import { TERMINAL_BG } from './selection'
 
 import { TerminalTab } from './index'
-import { TERMINAL_BG } from './selection'
 
 /**
  * One xterm Terminal mounted at the layout root and CSS-overlayed onto
@@ -21,11 +22,17 @@ export function TerminalSlot({ className = SLOT_CLASS }: { className?: string })
 
   useEffect(() => {
     const el = ref.current
-    if (!el) return
+
+    if (!el) {
+      return
+    }
 
     $slot.set(el)
+
     return () => {
-      if ($slot.get() === el) $slot.set(null)
+      if ($slot.get() === el) {
+        $slot.set(null)
+      }
     }
   }, [])
 
@@ -55,6 +62,7 @@ export function PersistentTerminal({ cwd, onAddSelectionToChat }: PersistentTerm
   useLayoutEffect(() => {
     if (!slot) {
       setRect(null)
+
       return
     }
 
@@ -72,13 +80,17 @@ export function PersistentTerminal({ cwd, onAddSelectionToChat }: PersistentTerm
       if (!sameRect(prev, next)) {
         prev = next
         setRect(next)
-        if (next.width > 0 && next.height > 0) setReady(true)
+
+        if (next.width > 0 && next.height > 0) {
+          setReady(true)
+        }
       }
 
       frame = requestAnimationFrame(tick)
     }
 
     tick()
+
     return () => cancelAnimationFrame(frame)
   }, [slot])
 

apps/desktop/src/app/right-sidebar/terminal/use-terminal-session.ts

@@ -96,11 +96,18 @@ interface UseTerminalSessionOptions {
 }
 
 function transferHasDropCandidates(t: DataTransfer): boolean {
-  if (t.types?.includes(HERMES_PATHS_MIME)) return true
-  if ((t.files?.length ?? 0) > 0) return true
+  if (t.types?.includes(HERMES_PATHS_MIME)) {
+    return true
+  }
+
+  if ((t.files?.length ?? 0) > 0) {
+    return true
+  }
 
   for (let i = 0; i < (t.items?.length ?? 0); i += 1) {
-    if (t.items[i]?.kind === 'file') return true
+    if (t.items[i]?.kind === 'file') {
+      return true
+    }
   }
 
   return false
@@ -108,22 +115,38 @@ function transferHasDropCandidates(t: DataTransfer): boolean {
 
 function collectDroppedPaths(t: DataTransfer): string[] {
   const seen = new Set<string>()
+
   const push = (value: unknown) => {
-    if (typeof value !== 'string') return
+    if (typeof value !== 'string') {
+      return
+    }
+
     const path = value.trim()
-    if (path) seen.add(path)
+
+    if (path) {
+      seen.add(path)
+    }
   }
 
   try {
     const raw = t.getData(HERMES_PATHS_MIME)
-    if (raw) for (const entry of JSON.parse(raw) as { path?: unknown }[]) push(entry?.path)
+
+    if (raw) {
+      for (const entry of JSON.parse(raw) as { path?: unknown }[]) {
+        push(entry?.path)
+      }
+    }
   } catch {
     // Malformed in-app drag payload — fall through to OS files.
   }
 
   const getPath = window.hermesDesktop?.getPathForFile
+
   const addFile = (file: File | null) => {
-    if (!file || !getPath) return
+    if (!file || !getPath) {
+      return
+    }
+
     try {
       push(getPath(file))
     } catch {
@@ -131,10 +154,16 @@ function collectDroppedPaths(t: DataTransfer): string[] {
     }
   }
 
-  for (let i = 0; i < (t.files?.length ?? 0); i += 1) addFile(t.files.item(i))
+  for (let i = 0; i < (t.files?.length ?? 0); i += 1) {
+    addFile(t.files.item(i))
+  }
+
   for (let i = 0; i < (t.items?.length ?? 0); i += 1) {
     const item = t.items[i]
-    if (item?.kind === 'file') addFile(item.getAsFile())
+
+    if (item?.kind === 'file') {
+      addFile(item.getAsFile())
+    }
   }
 
   return [...seen]
@@ -142,8 +171,15 @@ function collectDroppedPaths(t: DataTransfer): string[] {
 
 function quotePathForShell(path: string, shellName: string): string {
   const shell = shellName.toLowerCase()
-  if (shell.includes('powershell') || shell.includes('pwsh')) return `'${path.replace(/'/g, "''")}'`
-  if (shell.includes('cmd')) return `"${path.replace(/"/g, '""')}"`
+
+  if (shell.includes('powershell') || shell.includes('pwsh')) {
+    return `'${path.replace(/'/g, "''")}'`
+  }
+
+  if (shell.includes('cmd')) {
+    return `"${path.replace(/"/g, '""')}"`
+  }
+
   return `'${path.replace(/'/g, "'\\''")}'`
 }
 
@@ -250,12 +286,14 @@ export function useTerminalSession({ cwd, onAddSelectionToChat }: UseTerminalSes
       webgl.onContextLoss(() => webgl.dispose())
       term.loadAddon(webgl)
     } catch (err) {
-      // eslint-disable-next-line no-console
       console.warn('[hermes-terminal] WebGL unavailable; falling back to DOM', err)
     }
 
     const onDragOver = (e: DragEvent) => {
-      if (!e.dataTransfer || !transferHasDropCandidates(e.dataTransfer)) return
+      if (!e.dataTransfer || !transferHasDropCandidates(e.dataTransfer)) {
+        return
+      }
+
       e.preventDefault()
       e.stopPropagation()
       e.dataTransfer.dropEffect = 'copy'
@@ -263,11 +301,19 @@ export function useTerminalSession({ cwd, onAddSelectionToChat }: UseTerminalSes
 
     const onDrop = (e: DragEvent) => {
       const id = sessionIdRef.current
-      if (!id || !e.dataTransfer || !transferHasDropCandidates(e.dataTransfer)) return
+
+      if (!id || !e.dataTransfer || !transferHasDropCandidates(e.dataTransfer)) {
+        return
+      }
+
       e.preventDefault()
       e.stopPropagation()
       const paths = collectDroppedPaths(e.dataTransfer)
-      if (!paths.length) return
+
+      if (!paths.length) {
+        return
+      }
+
       void terminalApi.write(id, `${paths.map(p => quotePathForShell(p, shellNameRef.current)).join(' ')} `)
       term.focus()
       triggerHaptic('selection')
@@ -305,11 +351,18 @@ export function useTerminalSession({ cwd, onAddSelectionToChat }: UseTerminalSes
     // synchronously while sibling panes are mid-transition (e.g. file browser
     // collapsing to 0px) crashes the WebGL renderer mid texture-atlas rebuild.
     let pendingFrame = 0
+
     const scheduleResize = () => {
-      if (pendingFrame) return
+      if (pendingFrame) {
+        return
+      }
+
       pendingFrame = window.requestAnimationFrame(() => {
         pendingFrame = 0
-        if (!disposed) fitAndResize()
+
+        if (!disposed) {
+          fitAndResize()
+        }
       })
     }
 
@@ -317,7 +370,10 @@ export function useTerminalSession({ cwd, onAddSelectionToChat }: UseTerminalSes
     resizeObserver.observe(host)
     cleanup.push(() => {
       resizeObserver.disconnect()
-      if (pendingFrame) window.cancelAnimationFrame(pendingFrame)
+
+      if (pendingFrame) {
+        window.cancelAnimationFrame(pendingFrame)
+      }
     })
 
     const dataDisposable = term.onData(data => {

apps/desktop/src/app/routes.ts

@@ -55,13 +55,7 @@ const RESERVED_PATHS: ReadonlySet<string> = new Set(APP_ROUTES.map(route => rout
 // Views that render as a full-screen modal card (OverlayView) over the shell.
 // While one is open the app's titlebar control clusters must hide so they don't
 // bleed over the overlay (they sit at a higher z-index than the overlay card).
-export const OVERLAY_VIEWS: ReadonlySet<AppView> = new Set([
-  'agents',
-  'command-center',
-  'cron',
-  'profiles',
-  'settings'
-])
+export const OVERLAY_VIEWS: ReadonlySet<AppView> = new Set(['agents', 'command-center', 'cron', 'profiles', 'settings'])
 
 export function isOverlayView(view: AppView): boolean {
   return OVERLAY_VIEWS.has(view)

apps/desktop/src/app/session/hooks/use-message-stream.ts

@@ -326,10 +326,7 @@ export function useMessageStream({
       return
     }
 
-    flushHandleRef.current = window.setTimeout(
-      runFlush,
-      Math.max(0, STREAM_DELTA_FLUSH_MS - sinceLast)
-    )
+    flushHandleRef.current = window.setTimeout(runFlush, Math.max(0, STREAM_DELTA_FLUSH_MS - sinceLast))
   }, [flushQueuedDeltas])
 
   const queueDelta = useCallback(
@@ -755,12 +752,11 @@ export function useMessageStream({
           return
         }
 
-        // Turn ended — drop any blocking prompt that's still open (e.g. the
-        // agent was interrupted, or the approval already resolved). Prevents a
-        // stale overlay from outliving the turn that raised it.
-        if (isActiveEvent) {
-          clearAllPrompts()
-        }
+        // Turn ended — drop any blocking prompt still open for THIS session
+        // (e.g. interrupted, or the approval already resolved). Scoped to the
+        // session so a background turn finishing can't wipe the active chat's
+        // prompt, and vice versa.
+        clearAllPrompts(sessionId)
 
         flushQueuedDeltas(sessionId)
 
@@ -845,37 +841,34 @@ export function useMessageStream({
           }
         }
       } else if (event.type === 'approval.request') {
-        if (!isActiveEvent) {
-          return
-        }
-
-        // Dangerous-command / execute_code approval. The Python side is
-        // blocked in _await_gateway_decision() until approval.respond lands;
-        // without this the agent stalls until its 5-min timeout and the tool
-        // is BLOCKED. Approval is session-keyed (no request_id) — the overlay
-        // sends back {choice, session_id}.
+        // Dangerous-command / execute_code approval. The Python side is blocked
+        // in _await_gateway_decision() until approval.respond lands; without
+        // this the agent stalls until its 5-min timeout and the tool is BLOCKED.
+        // Park it per-session (like clarify) so a *background* profile's turn can
+        // raise it and wait — the sidebar flags "needs input" and the inline bar
+        // surfaces once the user focuses that chat.
         setApprovalRequest({
           command: typeof payload?.command === 'string' ? payload.command : '',
           description: typeof payload?.description === 'string' ? payload.description : 'dangerous command',
           sessionId: sessionId ?? null
         })
-      } else if (event.type === 'sudo.request') {
-        if (!isActiveEvent) {
-          return
-        }
 
+        if (sessionId) {
+          updateSessionState(sessionId, state => ({ ...state, needsInput: true }))
+        }
+      } else if (event.type === 'sudo.request') {
         // Sudo password capture (tools/terminal_tool.py). Blocked on
         // sudo.respond {request_id, password}.
         const requestId = typeof payload?.request_id === 'string' ? payload.request_id : ''
 
         if (requestId) {
-          setSudoRequest({ requestId })
+          setSudoRequest({ requestId, sessionId: sessionId ?? null })
+
+          if (sessionId) {
+            updateSessionState(sessionId, state => ({ ...state, needsInput: true }))
+          }
         }
       } else if (event.type === 'secret.request') {
-        if (!isActiveEvent) {
-          return
-        }
-
         // Skill credential capture (tools/skills_tool.py). Blocked on
         // secret.respond {request_id, value}.
         const requestId = typeof payload?.request_id === 'string' ? payload.request_id : ''
@@ -884,18 +877,23 @@ export function useMessageStream({
           setSecretRequest({
             requestId,
             envVar: typeof payload?.env_var === 'string' ? payload.env_var : '',
-            prompt: typeof payload?.prompt === 'string' ? payload.prompt : ''
+            prompt: typeof payload?.prompt === 'string' ? payload.prompt : '',
+            sessionId: sessionId ?? null
           })
+
+          if (sessionId) {
+            updateSessionState(sessionId, state => ({ ...state, needsInput: true }))
+          }
         }
       } else if (event.type === 'error') {
         const errorMessage = payload?.message || 'Hermes reported an error'
         const looksLikeProviderSetup = isProviderSetupErrorMessage(errorMessage)
 
-        // A turn that errors out has also ended — drop any open blocking
-        // prompt so an approval/sudo/secret overlay can't linger past the
-        // failed turn (same intent as the message.complete clear).
-        if (isActiveEvent) {
-          clearAllPrompts()
+        // A turn that errors out has also ended — drop any open blocking prompt
+        // for this session so an approval/sudo/secret overlay can't linger past
+        // the failed turn (same intent as the message.complete clear).
+        if (sessionId) {
+          clearAllPrompts(sessionId)
         }
 
         if (looksLikeProviderSetup) {

apps/desktop/src/app/session/hooks/use-prompt-actions.test.tsx

@@ -0,0 +1,166 @@
+import { cleanup, render } from '@testing-library/react'
+import type { MutableRefObject } from 'react'
+import { useEffect } from 'react'
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+
+import { $sessions, setSessions } from '@/store/session'
+import type { SessionInfo } from '@/types/hermes'
+
+import { usePromptActions } from './use-prompt-actions'
+
+vi.mock('@/hermes', () => ({
+  transcribeAudio: vi.fn()
+}))
+
+// The active id the desktop holds is the *runtime* session id from
+// session.create — deliberately distinct from the stored DB id here, because
+// that mismatch is the bug: the REST renameSession endpoint resolves against
+// the stored sessions table and 404s on a runtime id. session.title accepts
+// the runtime id directly.
+const RUNTIME_SESSION_ID = 'rt-abc123'
+
+function sessionInfo(overrides: Partial<SessionInfo> = {}): SessionInfo {
+  return {
+    ended_at: null,
+    id: RUNTIME_SESSION_ID,
+    input_tokens: 0,
+    is_active: true,
+    last_active: 0,
+    message_count: 3,
+    model: null,
+    output_tokens: 0,
+    preview: null,
+    source: null,
+    started_at: 0,
+    title: 'Old title',
+    tool_call_count: 0,
+    ...overrides
+  }
+}
+
+interface HarnessHandle {
+  submitText: (text: string) => Promise<boolean>
+}
+
+function Harness({
+  onReady,
+  refreshSessions,
+  requestGateway
+}: {
+  onReady: (handle: HarnessHandle) => void
+  refreshSessions: () => Promise<void>
+  requestGateway: <T>(method: string, params?: Record<string, unknown>) => Promise<T>
+}) {
+  const activeSessionIdRef: MutableRefObject<string | null> = { current: RUNTIME_SESSION_ID }
+  const selectedStoredSessionIdRef: MutableRefObject<string | null> = { current: RUNTIME_SESSION_ID }
+  const busyRef = { current: false }
+
+  const actions = usePromptActions({
+    activeSessionId: RUNTIME_SESSION_ID,
+    activeSessionIdRef,
+    branchCurrentSession: async () => true,
+    busyRef,
+    createBackendSessionForSend: async () => RUNTIME_SESSION_ID,
+    handleSkinCommand: () => '',
+    refreshSessions,
+    requestGateway,
+    selectedStoredSessionIdRef,
+    startFreshSessionDraft: () => undefined,
+    sttEnabled: false,
+    updateSessionState: (_sessionId, updater) =>
+      updater({ messages: [], busy: false, awaitingResponse: false } as never)
+  })
+
+  useEffect(() => {
+    onReady({ submitText: actions.submitText })
+  }, [actions.submitText, onReady])
+
+  return null
+}
+
+describe('usePromptActions /title', () => {
+  beforeEach(() => {
+    setSessions(() => [sessionInfo()])
+  })
+
+  afterEach(() => {
+    cleanup()
+    vi.restoreAllMocks()
+  })
+
+  it('renames via the session.title RPC (with the runtime id), updates the sidebar store, and refreshes', async () => {
+    const refreshSessions = vi.fn(async () => undefined)
+    const requestGateway = vi.fn(async (method: string) =>
+      (method === 'session.title' ? { pending: false, title: 'New title' } : {}) as never
+    )
+
+    let handle: HarnessHandle | null = null
+    render(<Harness onReady={h => (handle = h)} refreshSessions={refreshSessions} requestGateway={requestGateway} />)
+
+    await handle!.submitText('/title New title')
+
+    // Routes through session.title with the runtime session id — NOT the slash
+    // worker (slash.exec) and NOT the REST endpoint. This is the path that
+    // resolves the runtime id and persists reliably across platforms.
+    expect(requestGateway).toHaveBeenCalledWith('session.title', {
+      session_id: RUNTIME_SESSION_ID,
+      title: 'New title'
+    })
+    expect(requestGateway).not.toHaveBeenCalledWith('slash.exec', expect.anything())
+    expect(refreshSessions).toHaveBeenCalledTimes(1)
+    expect($sessions.get()[0]?.title).toBe('New title')
+  })
+
+  it('reports the queued state when the session row is not persisted yet', async () => {
+    const refreshSessions = vi.fn(async () => undefined)
+    const requestGateway = vi.fn(async (method: string) =>
+      (method === 'session.title' ? { pending: true, title: 'Fresh chat' } : {}) as never
+    )
+
+    let handle: HarnessHandle | null = null
+    render(<Harness onReady={h => (handle = h)} refreshSessions={refreshSessions} requestGateway={requestGateway} />)
+
+    await handle!.submitText('/title Fresh chat')
+
+    expect(requestGateway).toHaveBeenCalledWith('session.title', {
+      session_id: RUNTIME_SESSION_ID,
+      title: 'Fresh chat'
+    })
+    // Even when queued, the sidebar reflects the chosen title optimistically.
+    expect(refreshSessions).toHaveBeenCalledTimes(1)
+    expect($sessions.get()[0]?.title).toBe('Fresh chat')
+  })
+
+  it('falls through to the slash worker for a bare /title (show current title)', async () => {
+    const refreshSessions = vi.fn(async () => undefined)
+    const requestGateway = vi.fn(async () => ({ output: 'Title: Old title' }) as never)
+
+    let handle: HarnessHandle | null = null
+    render(<Harness onReady={h => (handle = h)} refreshSessions={refreshSessions} requestGateway={requestGateway} />)
+
+    await handle!.submitText('/title')
+
+    expect(requestGateway).not.toHaveBeenCalledWith('session.title', expect.anything())
+    expect(requestGateway).toHaveBeenCalledWith('slash.exec', expect.objectContaining({ command: 'title' }))
+  })
+
+  it('surfaces a rename error without touching the sidebar store', async () => {
+    const refreshSessions = vi.fn(async () => undefined)
+    const requestGateway = vi.fn(async (method: string) => {
+      if (method === 'session.title') {
+        throw new Error('Title too long')
+      }
+
+      return {} as never
+    })
+
+    let handle: HarnessHandle | null = null
+    render(<Harness onReady={h => (handle = h)} refreshSessions={refreshSessions} requestGateway={requestGateway} />)
+
+    await handle!.submitText('/title way too long title')
+
+    expect(requestGateway).toHaveBeenCalledWith('session.title', expect.objectContaining({ title: 'way too long title' }))
+    expect(refreshSessions).not.toHaveBeenCalled()
+    expect($sessions.get()[0]?.title).toBe('Old title')
+  })
+})

apps/desktop/src/app/session/hooks/use-prompt-actions.ts

@@ -1,7 +1,7 @@
 import type { AppendMessage, ThreadMessage } from '@assistant-ui/react'
 import { type MutableRefObject, useCallback } from 'react'
 
-import { transcribeAudio } from '@/hermes'
+import { getProfiles, transcribeAudio } from '@/hermes'
 import { appendTextPart, branchGroupForUser, type ChatMessage, chatMessageText, textPart } from '@/lib/chat-messages'
 import {
   attachmentDisplayText,
@@ -18,6 +18,7 @@ import {
   isDesktopSlashCommand
 } from '@/lib/desktop-slash-commands'
 import { triggerHaptic } from '@/lib/haptics'
+import { setMutableRef } from '@/lib/mutable-ref'
 import { isProviderSetupErrorMessage } from '@/lib/provider-setup-errors'
 import { setSessionYolo } from '@/lib/yolo-session'
 import {
@@ -29,6 +30,7 @@ import {
 } from '@/store/composer'
 import { clearNotifications, notify, notifyError } from '@/store/notifications'
 import { requestDesktopOnboarding } from '@/store/onboarding'
+import { $activeGatewayProfile, $newChatProfile, ensureGatewayProfile, normalizeProfileKey } from '@/store/profile'
 import {
   $busy,
   $messages,
@@ -36,10 +38,11 @@ import {
   setAwaitingResponse,
   setBusy,
   setMessages,
+  setSessions,
   setYoloActive
 } from '@/store/session'
 
-import type { ClientSessionState, ImageAttachResponse, SlashExecResponse } from '../../types'
+import type { ClientSessionState, ImageAttachResponse, SessionTitleResponse, SlashExecResponse } from '../../types'
 
 function blobToDataUrl(blob: Blob): Promise<string> {
   return new Promise((resolve, reject) => {
@@ -76,6 +79,7 @@ interface PromptActionsOptions {
   branchCurrentSession: () => Promise<boolean>
   createBackendSessionForSend: (preview?: string | null) => Promise<string | null>
   handleSkinCommand: (arg: string) => string
+  refreshSessions: () => Promise<void>
   requestGateway: <T>(method: string, params?: Record<string, unknown>) => Promise<T>
   selectedStoredSessionIdRef: MutableRefObject<string | null>
   startFreshSessionDraft: () => void
@@ -140,6 +144,7 @@ export function usePromptActions({
   branchCurrentSession,
   createBackendSessionForSend,
   handleSkinCommand,
+  refreshSessions,
   requestGateway,
   selectedStoredSessionIdRef,
   startFreshSessionDraft,
@@ -246,7 +251,7 @@ export function usePromptActions({
       }
 
       const releaseBusy = () => {
-        busyRef.current = false
+        setMutableRef(busyRef, false)
         setBusy(false)
         setAwaitingResponse(false)
       }
@@ -290,7 +295,7 @@ export function usePromptActions({
         )
       }
 
-      busyRef.current = true
+      setMutableRef(busyRef, true)
       setBusy(true)
       setAwaitingResponse(true)
       clearNotifications()
@@ -439,6 +444,51 @@ export function usePromptActions({
           return
         }
 
+        // /profile selects which profile new chats open in — no app relaunch.
+        // A profile is per-session now, so an existing thread can't change its
+        // profile mid-stream; `/profile <name>` instead points the next new chat
+        // (and the current empty draft) at that profile's backend.
+        if (normalizedName === 'profile') {
+          const target = arg.trim()
+          const current = normalizeProfileKey($activeGatewayProfile.get())
+
+          if (!target) {
+            notify({
+              kind: 'success',
+              message: `Profile: ${current}. Use /profile <name> or the "New session" picker to start a chat in another profile.`
+            })
+
+            return
+          }
+
+          try {
+            const { profiles } = await getProfiles()
+            const match = profiles.find(profile => profile.name === target)
+
+            if (!match) {
+              notify({
+                kind: 'error',
+                title: 'Unknown profile',
+                message: `No profile named "${target}". Available: ${profiles.map(profile => profile.name).join(', ')}`
+              })
+
+              return
+            }
+
+            const key = normalizeProfileKey(match.name)
+
+            $newChatProfile.set(key)
+            // Swap the live gateway now so an empty draft sends into this
+            // profile immediately; an existing thread keeps its own profile.
+            await ensureGatewayProfile(key)
+            notify({ kind: 'success', message: `New chats will use profile ${match.name}.` })
+          } catch (err) {
+            notifyError(err, 'Failed to set profile')
+          }
+
+          return
+        }
+
         const sessionId = sessionHint || activeSessionIdRef.current || (await createBackendSessionForSend())
 
         if (!sessionId) {
@@ -454,6 +504,50 @@ export function usePromptActions({
         const renderSlashOutput = (text: string) =>
           appendSessionTextMessage(sessionId, 'system', recordInput ? slashStatusText(command, text) : text)
 
+        // /title <name> renames the session. Route through the gateway's
+        // `session.title` RPC — the same path the TUI uses — NOT the REST
+        // renameSession endpoint and NOT the slash worker.
+        //
+        // Why not the slash worker: it's a separate HermesCLI subprocess whose
+        // SQLite write to the shared state.db can silently fail (notably on
+        // Windows), and it never refreshes the sidebar.
+        //
+        // Why not REST renameSession: `sessionId` here is the *runtime* session
+        // id returned by session.create — it is NOT the stored DB `sessions.id`,
+        // and session.create deliberately does not persist a DB row until the
+        // first turn. The REST PATCH endpoint resolves against the sessions
+        // table, so a runtime id (or a brand-new, not-yet-persisted session)
+        // 404s with "Session not found" on every platform. See #38508 / #38576.
+        //
+        // session.title maps the runtime id to the in-memory session, writes
+        // through the gateway's own DB connection, and QUEUES the title
+        // (`pending: true`) when the row isn't persisted yet — so it works for a
+        // fresh chat too. refreshSessions() then pulls the authoritative title
+        // back into the sidebar. A bare `/title` (no arg) still falls through to
+        // the worker to display the current title.
+        if (normalizedName === 'title' && arg) {
+          try {
+            const result = await requestGateway<SessionTitleResponse>('session.title', {
+              session_id: sessionId,
+              title: arg
+            })
+            const finalTitle = (result?.title || arg).trim()
+            const queued = result?.pending === true
+
+            setSessions(prev => prev.map(s => (s.id === sessionId ? { ...s, title: finalTitle || null } : s)))
+            await refreshSessions().catch(() => undefined)
+            renderSlashOutput(
+              finalTitle
+                ? `Session title set: ${finalTitle}${queued ? ' (queued while session initializes)' : ''}`
+                : 'Session title cleared.'
+            )
+          } catch (err) {
+            renderSlashOutput(`error: ${err instanceof Error ? err.message : String(err)}`)
+          }
+
+          return
+        }
+
         if (normalizedName === 'skin') {
           renderSlashOutput(handleSkinCommand(arg))
 
@@ -554,6 +648,7 @@ export function usePromptActions({
       busyRef,
       createBackendSessionForSend,
       handleSkinCommand,
+      refreshSessions,
       requestGateway,
       startFreshSessionDraft,
       submitPromptText
@@ -594,7 +689,7 @@ export function usePromptActions({
   const cancelRun = useCallback(async () => {
     const sessionId = activeSessionId || activeSessionIdRef.current
 
-    busyRef.current = false
+    setMutableRef(busyRef, false)
     setBusy(false)
     setAwaitingResponse(false)
 
@@ -753,7 +848,7 @@ export function usePromptActions({
       const editedMessage: ChatMessage = { ...source, parts: [textPart(text)] }
 
       clearNotifications()
-      busyRef.current = true
+      setMutableRef(busyRef, true)
       setBusy(true)
       setAwaitingResponse(true)
       updateSessionState(sessionId, state => ({
@@ -791,7 +886,7 @@ export function usePromptActions({
           }
         }
 
-        busyRef.current = false
+        setMutableRef(busyRef, false)
         setBusy(false)
         setAwaitingResponse(false)
         updateSessionState(sessionId, state => ({ ...state, busy: false, awaitingResponse: false }))

apps/desktop/src/app/session/hooks/use-session-actions.ts

@@ -12,6 +12,7 @@ import { clearQueuedPrompts } from '@/store/composer-queue'
 import { $pinnedSessionIds } from '@/store/layout'
 import { clearNotifications, notify, notifyError } from '@/store/notifications'
 import { requestDesktopOnboarding } from '@/store/onboarding'
+import { $activeGatewayProfile, $newChatProfile, ensureGatewayProfile, normalizeProfileKey } from '@/store/profile'
 import {
   $currentCwd,
   $messages,
@@ -36,8 +37,8 @@ import {
   setMessages,
   setSelectedStoredSessionId,
   setSessions,
-  setSessionsTotal,
   setSessionStartedAt,
+  setSessionsTotal,
   setTurnStartedAt,
   setYoloActive
 } from '@/store/session'
@@ -173,6 +174,10 @@ function upsertOptimisticSession(
   preview: string | null = null
 ) {
   const now = Date.now() / 1000
+  // Stamp the profile the session was just created on (= the live gateway's
+  // profile) so the scoped sidebar shows the new row immediately instead of
+  // filtering it out as "default" until the aggregator re-fetches.
+  const profileKey = normalizeProfileKey($activeGatewayProfile.get())
 
   const session: SessionInfo = {
     cwd: created.info?.cwd ?? null,
@@ -180,11 +185,13 @@ function upsertOptimisticSession(
     id,
     input_tokens: 0,
     is_active: true,
+    is_default_profile: profileKey === 'default',
     last_active: now,
     message_count: created.message_count ?? created.messages?.length ?? 0,
     model: created.info?.model ?? null,
     output_tokens: 0,
     preview,
+    profile: profileKey,
     source: 'tui',
     started_at: now,
     title,
@@ -311,74 +318,87 @@ export function useSessionActions({
     [activeSessionIdRef, busyRef, navigate, selectedStoredSessionIdRef]
   )
 
-  const createBackendSessionForSend = useCallback(async (preview: string | null = null): Promise<string | null> => {
-    const startingActiveSessionId = activeSessionIdRef.current
-    const startingStoredSessionId = selectedStoredSessionIdRef.current
-    const startingRouteToken = getRouteToken()
+  const createBackendSessionForSend = useCallback(
+    async (preview: string | null = null): Promise<string | null> => {
+      const startingActiveSessionId = activeSessionIdRef.current
+      const startingStoredSessionId = selectedStoredSessionIdRef.current
+      const startingRouteToken = getRouteToken()
 
-    creatingSessionRef.current = true
+      creatingSessionRef.current = true
 
-    try {
-      const cwd = $currentCwd.get().trim() || getRememberedWorkspaceCwd()
-      const created = await requestGateway<SessionCreateResponse>('session.create', { cols: 96, ...(cwd && { cwd }) })
-      const stored = created.stored_session_id ?? null
+      try {
+        // Route the new chat to the chosen profile's backend (null = primary,
+        // so single-profile users are unaffected).
+        await ensureGatewayProfile($newChatProfile.get())
+        const cwd = $currentCwd.get().trim() || getRememberedWorkspaceCwd()
+        // Pass the owning profile so a new chat under a non-launch profile (global
+        // remote mode) builds its agent + persists against THAT profile's home/db.
+        const newChatProfile = $newChatProfile.get()
+        const created = await requestGateway<SessionCreateResponse>('session.create', {
+          cols: 96,
+          ...(cwd && { cwd }),
+          ...(newChatProfile ? { profile: newChatProfile } : {})
+        })
+        const stored = created.stored_session_id ?? null
 
-      if (
-        activeSessionIdRef.current !== startingActiveSessionId ||
-        selectedStoredSessionIdRef.current !== startingStoredSessionId ||
-        getRouteToken() !== startingRouteToken
-      ) {
-        await requestGateway('session.close', { session_id: created.session_id }).catch(() => undefined)
+        if (
+          activeSessionIdRef.current !== startingActiveSessionId ||
+          selectedStoredSessionIdRef.current !== startingStoredSessionId ||
+          getRouteToken() !== startingRouteToken
+        ) {
+          await requestGateway('session.close', { session_id: created.session_id }).catch(() => undefined)
 
-        return null
+          return null
+        }
+
+        activeSessionIdRef.current = created.session_id
+        selectedStoredSessionIdRef.current = stored
+        ensureSessionState(created.session_id, stored)
+
+        if (stored) {
+          // Seed the sidebar preview with the user's first message so the row
+          // reads meaningfully while the turn is in flight, instead of flashing
+          // "Untitled session" until the turn persists and auto-title runs. The
+          // server later returns its own preview/title and supersedes this.
+          upsertOptimisticSession(created, stored, null, preview?.trim() || null)
+          navigate(sessionRoute(stored), { replace: true })
+        }
+
+        setFreshDraftReady(false)
+        setActiveSessionId(created.session_id)
+        setSelectedStoredSessionId(stored)
+        setSessionStartedAt(Date.now())
+        const yoloArmed = $yoloActive.get()
+        const runtimeInfo = applyRuntimeInfo(created.info)
+
+        if (runtimeInfo) {
+          updateSessionState(created.session_id, state => ({ ...state, ...runtimeInfo }), stored)
+        }
+
+        // User may have armed YOLO on the new-chat draft before the runtime
+        // session existed — apply it to the freshly created session.
+        if (yoloArmed) {
+          await setSessionYolo(requestGateway, created.session_id, true).catch(() => undefined)
+        }
+
+        return created.session_id
+      } finally {
+        window.setTimeout(() => {
+          creatingSessionRef.current = false
+        }, 0)
       }
-
-      activeSessionIdRef.current = created.session_id
-      selectedStoredSessionIdRef.current = stored
-      ensureSessionState(created.session_id, stored)
-
-      if (stored) {
-        // Seed the sidebar preview with the user's first message so the row
-        // reads meaningfully while the turn is in flight, instead of flashing
-        // "Untitled session" until the turn persists and auto-title runs. The
-        // server later returns its own preview/title and supersedes this.
-        upsertOptimisticSession(created, stored, null, preview?.trim() || null)
-        navigate(sessionRoute(stored), { replace: true })
-      }
-
-      setFreshDraftReady(false)
-      setActiveSessionId(created.session_id)
-      setSelectedStoredSessionId(stored)
-      setSessionStartedAt(Date.now())
-      const yoloArmed = $yoloActive.get()
-      const runtimeInfo = applyRuntimeInfo(created.info)
-
-      if (runtimeInfo) {
-        updateSessionState(created.session_id, state => ({ ...state, ...runtimeInfo }), stored)
-      }
-
-      // User may have armed YOLO on the new-chat draft before the runtime
-      // session existed — apply it to the freshly created session.
-      if (yoloArmed) {
-        await setSessionYolo(requestGateway, created.session_id, true).catch(() => undefined)
-      }
-
-      return created.session_id
-    } finally {
-      window.setTimeout(() => {
-        creatingSessionRef.current = false
-      }, 0)
-    }
-  }, [
-    activeSessionIdRef,
-    creatingSessionRef,
-    ensureSessionState,
-    getRouteToken,
-    navigate,
-    requestGateway,
-    selectedStoredSessionIdRef,
-    updateSessionState
-  ])
+    },
+    [
+      activeSessionIdRef,
+      creatingSessionRef,
+      ensureSessionState,
+      getRouteToken,
+      navigate,
+      requestGateway,
+      selectedStoredSessionIdRef,
+      updateSessionState
+    ]
+  )
 
   const selectSidebarItem = useCallback(
     (item: SidebarNavItem) => {
@@ -417,6 +437,12 @@ export function useSessionActions({
       const isCurrentResume = () =>
         resumeRequestRef.current === requestId && selectedStoredSessionIdRef.current === storedSessionId
 
+      // Swap the single live gateway to this session's profile before any
+      // gateway call (no-op when it's already on that profile / single-profile).
+      const storedForProfile = $sessions.get().find(session => session.id === storedSessionId)
+      const sessionProfile = storedForProfile?.profile
+      await ensureGatewayProfile(sessionProfile)
+
       const cachedRuntimeId = runtimeIdByStoredSessionIdRef.current.get(storedSessionId)
       const cachedState = cachedRuntimeId && sessionStateByRuntimeIdRef.current.get(cachedRuntimeId)
 
@@ -434,15 +460,31 @@ export function useSessionActions({
         clearComposerDraft()
         clearComposerAttachments()
 
-        void requestGateway<UsageStats>('session.usage', { session_id: cachedRuntimeId })
-          .then(usage => {
-            if (isCurrentResume() && usage) {
-              setCurrentUsage(current => ({ ...current, ...usage }))
-            }
-          })
-          .catch(() => undefined)
+        try {
+          const usage = await requestGateway<UsageStats>('session.usage', { session_id: cachedRuntimeId })
 
-        return
+          if (!isCurrentResume()) {
+            return
+          }
+
+          if (usage) {
+            setCurrentUsage(current => ({ ...current, ...usage }))
+          }
+
+          return
+        } catch {
+          // The cached runtime id was minted by a prior backend instance. A
+          // pooled profile backend that gets idle-reaped (pruneSecondaryGateways)
+          // and respawned across a profile swap mints fresh ids, so this mapping
+          // now 404s ("session not found"). Drop it and fall through to a full
+          // resume that rebinds a live runtime id.
+          if (!isCurrentResume()) {
+            return
+          }
+
+          runtimeIdByStoredSessionIdRef.current.delete(storedSessionId)
+          sessionStateByRuntimeIdRef.current.delete(cachedRuntimeId)
+        }
       }
 
       setFreshDraftReady(false)
@@ -479,7 +521,7 @@ export function useSessionActions({
         let localSnapshot = $messages.get()
 
         try {
-          const storedMessages = await getSessionMessages(storedSessionId)
+          const storedMessages = await getSessionMessages(storedSessionId, sessionProfile)
 
           if (isCurrentResume()) {
             localSnapshot = preserveLocalAssistantErrors(toChatMessages(storedMessages.messages), $messages.get())
@@ -494,7 +536,11 @@ export function useSessionActions({
 
         const resumed = await requestGateway<SessionResumeResponse>('session.resume', {
           session_id: storedSessionId,
-          cols: 96
+          cols: 96,
+          // Owning profile: in app-global remote mode one backend serves every
+          // profile, so the gateway opens this profile's state.db + home to
+          // resume + persist the right session (no-op for single/launch profile).
+          ...(sessionProfile ? { profile: sessionProfile } : {})
         })
 
         if (!isCurrentResume()) {
@@ -549,7 +595,7 @@ export function useSessionActions({
           return
         }
 
-        const fallback = await getSessionMessages(storedSessionId)
+        const fallback = await getSessionMessages(storedSessionId, sessionProfile)
 
         if (!isCurrentResume()) {
           return
@@ -728,7 +774,7 @@ export function useSessionActions({
           await requestGateway('session.close', { session_id: closingRuntimeId }).catch(() => undefined)
         }
 
-        await deleteSession(storedSessionId)
+        await deleteSession(storedSessionId, removed?.profile)
         clearQueuedPrompts(storedSessionId)
 
         if (closingRuntimeId) {
@@ -804,7 +850,7 @@ export function useSessionActions({
       }
 
       try {
-        await setSessionArchived(storedSessionId, true)
+        await setSessionArchived(storedSessionId, true, archived?.profile)
         notify({ durationMs: 2_000, kind: 'success', message: 'Archived' })
       } catch (err) {
         if (archived) {

apps/desktop/src/app/session/hooks/use-session-state-cache.ts

@@ -4,6 +4,7 @@ import { type MutableRefObject, useCallback, useEffect, useRef } from 'react'
 import type { ChatMessage } from '@/lib/chat-messages'
 import { preserveLocalAssistantErrors } from '@/lib/chat-messages'
 import { createClientSessionState } from '@/lib/chat-runtime'
+import { setMutableRef } from '@/lib/mutable-ref'
 import { $busy, $messages, noteSessionActivity, setSessionAttention, setSessionWorking } from '@/store/session'
 
 import type { ClientSessionState } from '../../types'
@@ -38,7 +39,7 @@ export function useSessionStateCache({
   }, [activeSessionId])
 
   useEffect(() => {
-    busyRef.current = busy
+    setMutableRef(busyRef, busy)
   }, [busy, busyRef])
 
   useEffect(() => {
@@ -89,7 +90,7 @@ export function useSessionStateCache({
 
     setMessages(preserveLocalAssistantErrors(pending.state.messages, $messages.get()))
     setBusy(pending.state.busy)
-    busyRef.current = pending.state.busy
+    setMutableRef(busyRef, pending.state.busy)
     setAwaitingResponse(pending.state.awaitingResponse)
   }, [busyRef, setAwaitingResponse, setBusy, setMessages])
 

apps/desktop/src/app/settings/about-settings.tsx

@@ -2,7 +2,8 @@ import { useStore } from '@nanostores/react'
 import { useEffect, useState } from 'react'
 
 import { Button } from '@/components/ui/button'
-import { Loader2, RefreshCw, Sparkles } from '@/lib/icons'
+import { type Translations, useI18n } from '@/i18n'
+import { CheckCircle2, ExternalLink, Loader2, RefreshCw, Sparkles } from '@/lib/icons'
 import { cn } from '@/lib/utils'
 import {
   $desktopVersion,
@@ -18,29 +19,31 @@ import { ListRow, SectionHeading, SettingsContent } from './primitives'
 
 const RELEASE_NOTES_URL = 'https://github.com/NousResearch/hermes-agent/releases'
 
-function relativeTime(ms: number | undefined) {
+function relativeTime(ms: number | undefined, a: Translations['settings']['about']) {
   if (!ms) {
-    return 'never'
+    return a.never
   }
 
   const diff = Date.now() - ms
 
   if (diff < 60_000) {
-    return 'just now'
+    return a.justNow
   }
 
   if (diff < 3_600_000) {
-    return `${Math.round(diff / 60_000)} min ago`
+    return a.minAgo(Math.round(diff / 60_000))
   }
 
   if (diff < 86_400_000) {
-    return `${Math.round(diff / 3_600_000)} hours ago`
+    return a.hoursAgo(Math.round(diff / 3_600_000))
   }
 
-  return `${Math.round(diff / 86_400_000)} days ago`
+  return a.daysAgo(Math.round(diff / 86_400_000))
 }
 
 export function AboutSettings() {
+  const { t } = useI18n()
+  const a = t.settings.about
   const version = useStore($desktopVersion)
   const status = useStore($updateStatus)
   const apply = useStore($updateApply)
@@ -69,21 +72,21 @@ export function AboutSettings() {
   let statusTone: 'idle' | 'available' | 'error' = 'idle'
 
   if (!supported) {
-    statusLine = status?.message ?? "This build can't update itself from inside the app."
+    statusLine = status?.message ?? a.cantUpdate
     statusTone = 'error'
   } else if (status?.error) {
-    statusLine = "We couldn't reach the update server."
+    statusLine = a.cantReach
     statusTone = 'error'
   } else if (applying) {
-    statusLine = 'An update is currently installing.'
+    statusLine = a.installing
     statusTone = 'available'
   } else if (behind > 0) {
-    statusLine = `A new update is ready (${behind} change${behind === 1 ? '' : 's'} included).`
+    statusLine = a.updateReady(behind)
     statusTone = 'available'
   } else if (status) {
-    statusLine = "You're on the latest version."
+    statusLine = a.onLatest
   } else {
-    statusLine = 'Tap "Check now" to look for updates.'
+    statusLine = a.tapCheck
   }
 
   return (
@@ -93,15 +96,15 @@ export function AboutSettings() {
           <Sparkles className="size-8" />
         </span>
         <div>
-          <h2 className="text-lg font-semibold tracking-tight">Hermes Desktop</h2>
+          <h2 className="text-lg font-semibold tracking-tight">{a.heading}</h2>
           <p className="mt-1 text-xs text-muted-foreground">
-            {version?.appVersion ? `Version ${version.appVersion}` : 'Version unavailable'}
+            {version?.appVersion ? a.version(version.appVersion) : a.versionUnavailable}
           </p>
         </div>
       </div>
 
       <div className="mx-auto mt-4 w-full max-w-2xl">
-        <SectionHeading icon={RefreshCw} title="Updates" />
+        <SectionHeading icon={RefreshCw} title={a.updates} />
 
         <div
           className={cn(
@@ -111,12 +114,19 @@ export function AboutSettings() {
             statusTone === 'idle' && 'border-border/70 bg-muted/20 text-foreground'
           )}
         >
-          <div className="min-w-0">
-            <p className="font-medium">{statusLine}</p>
-            <p className="mt-1 text-xs text-muted-foreground">
-              Last checked {relativeTime(status?.fetchedAt)}
-              {justChecked && !checking ? ' · just now' : ''}
-            </p>
+          <div className="flex items-start gap-2">
+            {statusTone === 'available' ? (
+              <Sparkles className="mt-0.5 size-4 shrink-0 text-primary" />
+            ) : statusTone === 'error' ? null : (
+              <CheckCircle2 className="mt-0.5 size-4 shrink-0 text-emerald-600 dark:text-emerald-400" />
+            )}
+            <div className="min-w-0">
+              <p className="font-medium">{statusLine}</p>
+              <p className="mt-1 text-xs text-muted-foreground">
+                {a.lastChecked(relativeTime(status?.fetchedAt, a))}
+                {justChecked && !checking ? a.justNowSuffix : ''}
+              </p>
+            </div>
           </div>
 
           <div className="mt-3 flex flex-wrap items-center gap-4">
@@ -126,13 +136,13 @@ export function AboutSettings() {
               size="sm"
               variant="textStrong"
             >
-              {checking && <Loader2 className="size-3 animate-spin" />}
-              {checking ? 'Checking…' : 'Check now'}
+              {checking ? <Loader2 className="size-3 animate-spin" /> : <RefreshCw className="size-3" />}
+              {checking ? a.checking : a.checkNow}
             </Button>
 
             {behind > 0 && supported && !applying && (
               <Button onClick={() => openUpdatesWindow()} size="sm">
-                See what&apos;s new
+                {a.seeWhatsNew}
               </Button>
             )}
 
@@ -146,16 +156,17 @@ export function AboutSettings() {
                 rel="noreferrer"
                 target="_blank"
               >
-                Release notes
+                <ExternalLink className="size-3" />
+                {a.releaseNotes}
               </a>
             </Button>
           </div>
         </div>
 
         <ListRow
-          description="Hermes checks for updates automatically in the background and lets you know when one is ready."
-          hint={`Branch ${status?.branch ?? 'unknown'} · Commit ${status?.currentSha?.slice(0, 7) ?? 'unknown'}`}
-          title="Automatic updates"
+          description={a.automaticUpdatesDesc}
+          hint={a.branchCommit(status?.branch ?? 'unknown', status?.currentSha?.slice(0, 7) ?? 'unknown')}
+          title={a.automaticUpdates}
         />
       </div>
     </SettingsContent>

apps/desktop/src/app/settings/appearance-settings.tsx

@@ -1,16 +1,16 @@
 import { useStore } from '@nanostores/react'
-import type { ReactNode } from 'react'
 
-import { SegmentedControl } from '@/components/ui/segmented-control'
+import { type Locale, LOCALE_META, useI18n } from '@/i18n'
 import { triggerHaptic } from '@/lib/haptics'
-import { Check } from '@/lib/icons'
+import { Check, Palette } from '@/lib/icons'
 import { cn } from '@/lib/utils'
+import { notifyError } from '@/store/notifications'
 import { $toolViewMode, setToolViewMode } from '@/store/tool-view'
 import { useTheme } from '@/themes/context'
 import { BUILTIN_THEMES } from '@/themes/presets'
 
 import { MODE_OPTIONS } from './constants'
-import { SettingsContent } from './primitives'
+import { Pill, SectionHeading, SettingsContent } from './primitives'
 
 function ThemePreview({ name }: { name: string }) {
   const t = BUILTIN_THEMES[name]
@@ -52,80 +52,193 @@ function ThemePreview({ name }: { name: string }) {
   )
 }
 
-function SectionHead({ title, description, control }: { title: string; description: string; control?: ReactNode }) {
-  return (
-    <div className="flex flex-col gap-2 sm:flex-row sm:items-center sm:justify-between sm:gap-4">
-      <div className="min-w-0">
-        <div className="text-[length:var(--conversation-text-font-size)] font-medium">{title}</div>
-        <div className="mt-1 text-[length:var(--conversation-caption-font-size)] leading-(--conversation-caption-line-height) text-(--ui-text-tertiary)">
-          {description}
-        </div>
-      </div>
-      {control && <div className="shrink-0">{control}</div>}
-    </div>
-  )
-}
-
 export function AppearanceSettings() {
+  const { t, isSavingLocale, locale, setLocale } = useI18n()
   const { themeName, mode, availableThemes, setTheme, setMode } = useTheme()
   const toolViewMode = useStore($toolViewMode)
+  const activeTheme = availableThemes.find(theme => theme.name === themeName)
+  const a = t.settings.appearance
+  const locales = Object.keys(LOCALE_META) as Locale[]
+
+  const selectLocale = async (code: Locale) => {
+    if (code === locale || isSavingLocale) {
+      return
+    }
+
+    triggerHaptic('selection')
+
+    try {
+      await setLocale(code)
+      triggerHaptic('success')
+    } catch (error) {
+      notifyError(error, t.language.saveError)
+    }
+  }
 
   return (
     <SettingsContent>
-      <div className="grid gap-8">
-        <p className="max-w-2xl text-[length:var(--conversation-caption-font-size)] leading-(--conversation-caption-line-height) text-(--ui-text-tertiary)">
-          These are desktop-only display preferences. Mode controls brightness; theme controls the accent palette and
-          chat surface styling.
-        </p>
+      <div className="space-y-5">
+        <div>
+          <SectionHeading icon={Palette} title={a.title} />
+          <p className="max-w-2xl text-[length:var(--conversation-caption-font-size)] leading-(--conversation-caption-line-height) text-(--ui-text-tertiary)">
+            {a.intro}
+          </p>
+        </div>
 
-        <section>
-          <SectionHead
-            control={
-              <SegmentedControl
-                onChange={id => {
-                  triggerHaptic('crisp')
-                  setMode(id)
-                }}
-                options={MODE_OPTIONS}
-                value={mode}
-              />
-            }
-            description="Pick a fixed mode or let Hermes follow your system setting."
-            title="Color Mode"
-          />
+        <section className="rounded-xl border border-(--ui-stroke-tertiary) bg-(--ui-chat-bubble-background) p-3 shadow-sm">
+          <div className="mb-3 flex items-center justify-between gap-3">
+            <div>
+              <div className="text-sm font-medium">{t.language.label}</div>
+              <div className="mt-1 text-xs text-muted-foreground">{t.language.description}</div>
+              {isSavingLocale && <div className="mt-1 text-xs text-muted-foreground">{t.language.saving}</div>}
+            </div>
+            <Pill>{LOCALE_META[locale].name}</Pill>
+          </div>
+          <div className="grid gap-2 sm:grid-cols-3">
+            {locales.map(code => {
+              const active = locale === code
+
+              return (
+                <button
+                  className={cn(
+                    'group rounded-lg border border-(--ui-stroke-tertiary) bg-(--ui-bg-quinary) p-2.5 text-left transition hover:bg-(--chrome-action-hover)',
+                    active && 'border-(--ui-stroke-secondary) bg-(--ui-bg-tertiary)'
+                  )}
+                  disabled={isSavingLocale}
+                  key={code}
+                  onClick={() => void selectLocale(code)}
+                  type="button"
+                >
+                  <div className="flex items-start justify-between gap-3">
+                    <div className="text-[length:var(--conversation-text-font-size)] font-medium">
+                      {LOCALE_META[code].name}
+                    </div>
+                    {active && (
+                      <span className="grid size-5 place-items-center rounded-full bg-primary text-primary-foreground">
+                        <Check className="size-3.5" />
+                      </span>
+                    )}
+                  </div>
+                  <div className="mt-1 text-[length:var(--conversation-caption-font-size)] uppercase tracking-wide text-(--ui-text-tertiary)">
+                    {code}
+                  </div>
+                </button>
+              )
+            })}
+          </div>
         </section>
 
-        <section>
-          <SectionHead
-            control={
-              <SegmentedControl
-                onChange={id => {
-                  triggerHaptic('selection')
-                  setToolViewMode(id)
-                }}
-                options={
-                  [
-                    { id: 'product', label: 'Product' },
-                    { id: 'technical', label: 'Technical' }
-                  ] as const
-                }
-                value={toolViewMode}
-              />
-            }
-            description="Product hides raw tool payloads; Technical shows full input/output."
-            title="Tool Call Display"
-          />
+        <section className="rounded-xl border border-(--ui-stroke-tertiary) bg-(--ui-chat-bubble-background) p-3 shadow-sm">
+          <div className="mb-3 flex items-center justify-between gap-3">
+            <div>
+              <div className="text-sm font-medium">{a.colorMode}</div>
+              <div className="mt-1 text-xs text-muted-foreground">{a.colorModeDesc}</div>
+            </div>
+            <Pill>{t.settings.modeOptions[mode].label}</Pill>
+          </div>
+          <div className="grid gap-2 sm:grid-cols-3">
+            {MODE_OPTIONS.map(({ id, icon: Icon }) => {
+              const active = mode === id
+              const copy = t.settings.modeOptions[id]
+
+              return (
+                <button
+                  className={cn(
+                    'group rounded-lg border border-(--ui-stroke-tertiary) bg-(--ui-bg-quinary) p-2.5 text-left transition hover:bg-(--chrome-action-hover)',
+                    active && 'border-(--ui-stroke-secondary) bg-(--ui-bg-tertiary)'
+                  )}
+                  key={id}
+                  onClick={() => {
+                    triggerHaptic('crisp')
+                    setMode(id)
+                  }}
+                  type="button"
+                >
+                  <div className="flex items-start justify-between gap-3">
+                    <span className="flex size-9 items-center justify-center rounded-lg bg-muted text-foreground transition group-hover:bg-background">
+                      <Icon className="size-4" />
+                    </span>
+                    {active && (
+                      <span className="grid size-5 place-items-center rounded-full bg-primary text-primary-foreground">
+                        <Check className="size-3.5" />
+                      </span>
+                    )}
+                  </div>
+                  <div className="mt-2 text-[length:var(--conversation-text-font-size)] font-medium">{copy.label}</div>
+                  <div className="mt-1 text-[length:var(--conversation-caption-font-size)] leading-(--conversation-caption-line-height) text-(--ui-text-tertiary)">
+                    {copy.description}
+                  </div>
+                </button>
+              )
+            })}
+          </div>
         </section>
 
-        <section className="grid gap-3">
-          <SectionHead description="Desktop palettes only. The selected mode is applied on top." title="Theme" />
-          <div className="grid gap-x-4 gap-y-5 sm:grid-cols-2 xl:grid-cols-3">
+        <section className="rounded-xl border border-(--ui-stroke-tertiary) bg-(--ui-chat-bubble-background) p-3 shadow-sm">
+          <div className="mb-3 flex items-center justify-between gap-3">
+            <div>
+              <div className="text-sm font-medium">{a.toolViewTitle}</div>
+              <div className="mt-1 text-xs text-muted-foreground">{a.toolViewDesc}</div>
+            </div>
+            <Pill>{toolViewMode === 'technical' ? a.technical : a.product}</Pill>
+          </div>
+          <div className="grid gap-2 sm:grid-cols-2">
+            {(
+              [
+                { id: 'product', label: a.product, description: a.productDesc },
+                { id: 'technical', label: a.technical, description: a.technicalDesc }
+              ] as const
+            ).map(option => {
+              const active = toolViewMode === option.id
+
+              return (
+                <button
+                  className={cn(
+                    'group rounded-lg border border-(--ui-stroke-tertiary) bg-(--ui-bg-quinary) p-2.5 text-left transition hover:bg-(--chrome-action-hover)',
+                    active && 'border-(--ui-stroke-secondary) bg-(--ui-bg-tertiary)'
+                  )}
+                  key={option.id}
+                  onClick={() => {
+                    triggerHaptic('selection')
+                    setToolViewMode(option.id)
+                  }}
+                  type="button"
+                >
+                  <div className="flex items-start justify-between gap-3">
+                    <div className="text-[length:var(--conversation-text-font-size)] font-medium">{option.label}</div>
+                    {active && (
+                      <span className="grid size-5 place-items-center rounded-full bg-primary text-primary-foreground">
+                        <Check className="size-3.5" />
+                      </span>
+                    )}
+                  </div>
+                  <div className="mt-1 text-[length:var(--conversation-caption-font-size)] leading-(--conversation-caption-line-height) text-(--ui-text-tertiary)">
+                    {option.description}
+                  </div>
+                </button>
+              )
+            })}
+          </div>
+        </section>
+
+        <section className="rounded-xl border border-(--ui-stroke-tertiary) bg-(--ui-chat-bubble-background) p-3 shadow-sm">
+          <div className="mb-3 flex items-center justify-between gap-3">
+            <div>
+              <div className="text-sm font-medium">{a.themeTitle}</div>
+              <div className="mt-1 text-xs text-muted-foreground">{a.themeDesc}</div>
+            </div>
+            {activeTheme && <Pill>{activeTheme.label}</Pill>}
+          </div>
+          <div className="grid gap-3 sm:grid-cols-2 xl:grid-cols-3">
             {availableThemes.map(theme => {
               const active = themeName === theme.name
 
               return (
                 <button
-                  className="group text-left"
+                  className={cn(
+                    'rounded-lg border border-(--ui-stroke-tertiary) bg-(--ui-bg-quinary) p-2 text-left transition hover:bg-(--chrome-action-hover)',
+                    active && 'border-(--ui-stroke-secondary) bg-(--ui-bg-tertiary)'
+                  )}
                   key={theme.name}
                   onClick={() => {
                     triggerHaptic('crisp')
@@ -133,17 +246,8 @@ export function AppearanceSettings() {
                   }}
                   type="button"
                 >
-                  <div
-                    className={cn(
-                      'rounded-xl transition',
-                      active
-                        ? 'ring-2 ring-primary ring-offset-2 ring-offset-background'
-                        : 'opacity-90 group-hover:opacity-100'
-                    )}
-                  >
-                    <ThemePreview name={theme.name} />
-                  </div>
-                  <div className="mt-2.5 flex items-start justify-between gap-2 px-0.5">
+                  <ThemePreview name={theme.name} />
+                  <div className="mt-3 flex items-start justify-between gap-3 px-1">
                     <div className="min-w-0">
                       <div className="truncate text-[length:var(--conversation-text-font-size)] font-medium">
                         {theme.label}
@@ -152,7 +256,11 @@ export function AppearanceSettings() {
                         {theme.description}
                       </div>
                     </div>
-                    {active && <Check className="mt-0.5 size-4 shrink-0 text-primary" />}
+                    {active && (
+                      <span className="mt-0.5 grid size-5 shrink-0 place-items-center rounded-full bg-primary text-primary-foreground">
+                        <Check className="size-3.5" />
+                      </span>
+                    )}
                   </div>
                 </button>
               )

apps/desktop/src/app/settings/config-settings.tsx

@@ -13,6 +13,7 @@ import {
   getHermesConfigSchema,
   saveHermesConfig
 } from '@/hermes'
+import { useI18n } from '@/i18n'
 import { cn } from '@/lib/utils'
 import { notify, notifyError } from '@/store/notifications'
 import type { ConfigFieldSchema, HermesConfigRecord } from '@/types/hermes'
@@ -37,9 +38,20 @@ function ConfigField({
   optionLabels?: Record<string, string>
   onChange: (value: unknown) => void
 }) {
-  const label = FIELD_LABELS[schemaKey] ?? prettyName(schemaKey.split('.').pop() ?? schemaKey)
+  const { t } = useI18n()
+
+  const label =
+    t.settings.fieldLabels[schemaKey] ?? FIELD_LABELS[schemaKey] ?? prettyName(schemaKey.split('.').pop() ?? schemaKey)
+
   const normalize = (v: string) => v.toLowerCase().replace(/[^a-z0-9]+/g, '')
-  const rawDescription = (FIELD_DESCRIPTIONS[schemaKey] ?? schema.description ?? '').trim()
+
+  const rawDescription = (
+    t.settings.fieldDescriptions[schemaKey] ??
+    FIELD_DESCRIPTIONS[schemaKey] ??
+    schema.description ??
+    ''
+  ).trim()
+
   const normalizedDesc = normalize(rawDescription)
 
   const description =

apps/desktop/src/app/settings/constants.ts

@@ -15,9 +15,21 @@ import type { ThemeMode } from '@/themes/context'
 
 import type { DesktopConfigSection } from './types'
 
+// Provider group definitions used to fold raw env-var names like
+// ``XAI_API_KEY`` into a single "xAI" card with a friendly label, short
+// description, and signup URL. Membership is determined by longest
+// prefix match (see ``providerGroup`` in helpers.ts) so more specific
+// prefixes (``MINIMAX_CN_``) correctly beat their general parents
+// (``MINIMAX_``). New providers should be added here so they get their
+// own card in Settings → Keys instead of being lumped into "Other".
 interface ProviderPrefix {
   prefix: string
   name: string
+  /** Optional one-line tagline shown beneath the group name. */
+  description?: string
+  /** Optional canonical signup/console URL surfaced from the card header. */
+  docsUrl?: string
+  /** Lower numbers float to the top of the providers list. */
   priority: number
 }
 
@@ -25,24 +37,180 @@ export const EMPTY_SELECT_VALUE = '__hermes_empty__'
 export const CONTROL_TEXT = 'text-xs'
 
 export const PROVIDER_GROUPS: ProviderPrefix[] = [
-  { prefix: 'NOUS_', name: 'Nous Portal', priority: 0 },
-  { prefix: 'ANTHROPIC_', name: 'Anthropic', priority: 1 },
-  { prefix: 'DASHSCOPE_', name: 'DashScope (Qwen)', priority: 2 },
-  { prefix: 'HERMES_QWEN_', name: 'DashScope (Qwen)', priority: 2 },
-  { prefix: 'DEEPSEEK_', name: 'DeepSeek', priority: 3 },
-  { prefix: 'GOOGLE_', name: 'Gemini', priority: 4 },
+  {
+    prefix: 'NOUS_',
+    name: 'Nous Portal',
+    description: 'Hosted Hermes & Nous-trained models',
+    docsUrl: 'https://portal.nousresearch.com',
+    priority: 0
+  },
+  {
+    prefix: 'OPENROUTER_',
+    name: 'OpenRouter',
+    description: 'Aggregator for hundreds of frontier models',
+    docsUrl: 'https://openrouter.ai/keys',
+    priority: 1
+  },
+  {
+    prefix: 'ANTHROPIC_',
+    name: 'Anthropic',
+    description: 'Claude API access (Sonnet, Opus, Haiku)',
+    docsUrl: 'https://console.anthropic.com/settings/keys',
+    priority: 2
+  },
+  {
+    prefix: 'XAI_',
+    name: 'xAI',
+    description: 'Grok models (use OAuth for SuperGrok / Premium+)',
+    docsUrl: 'https://console.x.ai/',
+    priority: 3
+  },
+  {
+    prefix: 'GOOGLE_',
+    name: 'Gemini',
+    description: 'Google AI Studio (Gemini 1.5 / 2.0 / 2.5)',
+    docsUrl: 'https://aistudio.google.com/app/apikey',
+    priority: 4
+  },
   { prefix: 'GEMINI_', name: 'Gemini', priority: 4 },
-  { prefix: 'GLM_', name: 'GLM / Z.AI', priority: 5 },
-  { prefix: 'ZAI_', name: 'GLM / Z.AI', priority: 5 },
-  { prefix: 'Z_AI_', name: 'GLM / Z.AI', priority: 5 },
-  { prefix: 'HF_', name: 'Hugging Face', priority: 6 },
-  { prefix: 'KIMI_', name: 'Kimi / Moonshot', priority: 7 },
-  { prefix: 'MINIMAX_', name: 'MiniMax', priority: 8 },
-  { prefix: 'MINIMAX_CN_', name: 'MiniMax (China)', priority: 9 },
-  { prefix: 'OPENCODE_GO_', name: 'OpenCode Go', priority: 10 },
-  { prefix: 'OPENCODE_ZEN_', name: 'OpenCode Zen', priority: 11 },
-  { prefix: 'OPENROUTER_', name: 'OpenRouter', priority: 12 },
-  { prefix: 'XIAOMI_', name: 'Xiaomi MiMo', priority: 13 }
+  { prefix: 'HERMES_GEMINI_', name: 'Gemini', priority: 4 },
+  {
+    prefix: 'DEEPSEEK_',
+    name: 'DeepSeek',
+    description: 'Direct DeepSeek API (V3.x, R1)',
+    docsUrl: 'https://platform.deepseek.com/api_keys',
+    priority: 5
+  },
+  {
+    prefix: 'DASHSCOPE_',
+    name: 'DashScope (Qwen)',
+    description: 'Alibaba Cloud DashScope — Qwen and multi-vendor models',
+    docsUrl: 'https://modelstudio.console.alibabacloud.com/',
+    priority: 6
+  },
+  { prefix: 'HERMES_QWEN_', name: 'DashScope (Qwen)', priority: 6 },
+  {
+    prefix: 'GLM_',
+    name: 'GLM / Z.AI',
+    description: 'Zhipu GLM-4.6 and Z.AI hosted endpoints',
+    docsUrl: 'https://z.ai/',
+    priority: 7
+  },
+  { prefix: 'ZAI_', name: 'GLM / Z.AI', priority: 7 },
+  { prefix: 'Z_AI_', name: 'GLM / Z.AI', priority: 7 },
+  {
+    prefix: 'KIMI_',
+    name: 'Kimi / Moonshot',
+    description: 'Moonshot Kimi K2 / coding endpoints',
+    docsUrl: 'https://platform.moonshot.cn/',
+    priority: 8
+  },
+  {
+    prefix: 'KIMI_CN_',
+    name: 'Kimi (China)',
+    description: 'Moonshot China endpoint',
+    docsUrl: 'https://platform.moonshot.cn/',
+    priority: 9
+  },
+  {
+    prefix: 'MINIMAX_',
+    name: 'MiniMax',
+    description: 'MiniMax-M2 and Hailuo international endpoints',
+    docsUrl: 'https://www.minimax.io/',
+    priority: 10
+  },
+  {
+    prefix: 'MINIMAX_CN_',
+    name: 'MiniMax (China)',
+    description: 'MiniMax mainland China endpoint',
+    docsUrl: 'https://www.minimaxi.com/',
+    priority: 11
+  },
+  {
+    prefix: 'HF_',
+    name: 'Hugging Face',
+    description: 'Inference Providers — 20+ open models via router.huggingface.co',
+    docsUrl: 'https://huggingface.co/settings/tokens',
+    priority: 12
+  },
+  {
+    prefix: 'OPENCODE_ZEN_',
+    name: 'OpenCode Zen',
+    description: 'Pay-as-you-go access to curated coding models',
+    docsUrl: 'https://opencode.ai/auth',
+    priority: 13
+  },
+  {
+    prefix: 'OPENCODE_GO_',
+    name: 'OpenCode Go',
+    description: '$10/month subscription for open coding models',
+    docsUrl: 'https://opencode.ai/auth',
+    priority: 14
+  },
+  {
+    prefix: 'NVIDIA_',
+    name: 'NVIDIA NIM',
+    description: 'build.nvidia.com or your own local NIM endpoint',
+    docsUrl: 'https://build.nvidia.com/',
+    priority: 15
+  },
+  {
+    prefix: 'OLLAMA_',
+    name: 'Ollama Cloud',
+    description: 'Cloud-hosted open models from ollama.com',
+    docsUrl: 'https://ollama.com/settings',
+    priority: 16
+  },
+  {
+    prefix: 'LM_',
+    name: 'LM Studio',
+    description: 'Local LM Studio server (OpenAI-compatible)',
+    docsUrl: 'https://lmstudio.ai/docs/local-server',
+    priority: 17
+  },
+  {
+    prefix: 'STEPFUN_',
+    name: 'StepFun',
+    description: 'StepFun Step Plan coding models',
+    docsUrl: 'https://platform.stepfun.com/',
+    priority: 18
+  },
+  {
+    prefix: 'XIAOMI_',
+    name: 'Xiaomi MiMo',
+    description: 'MiMo-V2.5 and Xiaomi proprietary models',
+    docsUrl: 'https://platform.xiaomimimo.com',
+    priority: 19
+  },
+  {
+    prefix: 'ARCEEAI_',
+    name: 'Arcee AI',
+    description: 'Arcee-hosted small + medium models',
+    docsUrl: 'https://chat.arcee.ai/',
+    priority: 20
+  },
+  { prefix: 'ARCEE_', name: 'Arcee AI', priority: 20 },
+  {
+    prefix: 'GMI_',
+    name: 'GMI Cloud',
+    description: 'GMI Cloud GPU + model serving',
+    docsUrl: 'https://www.gmicloud.ai/',
+    priority: 21
+  },
+  {
+    prefix: 'AZURE_FOUNDRY_',
+    name: 'Azure Foundry',
+    description: 'Azure AI Foundry custom endpoints (OpenAI / Anthropic-compatible)',
+    docsUrl: 'https://ai.azure.com/',
+    priority: 22
+  },
+  {
+    prefix: 'AWS_',
+    name: 'AWS Bedrock',
+    description: 'Authenticate via AWS profile + region',
+    docsUrl: 'https://docs.aws.amazon.com/bedrock/latest/userguide/bedrock-regions.html',
+    priority: 23
+  }
 ]
 
 export const BUILTIN_PERSONALITIES = [
@@ -73,7 +241,8 @@ export const ENUM_OPTIONS: Record<string, string[]> = {
   'memory.provider': ['', 'builtin', 'honcho'],
   'stt.elevenlabs.model_id': ['scribe_v2', 'scribe_v1'],
   'stt.local.model': ['tiny', 'base', 'small', 'medium', 'large-v3'],
-  'tts.openai.voice': ['alloy', 'echo', 'fable', 'onyx', 'nova', 'shimmer']
+  'tts.openai.voice': ['alloy', 'echo', 'fable', 'onyx', 'nova', 'shimmer'],
+  'updates.non_interactive_local_changes': ['stash', 'discard']
 }
 
 export const FIELD_LABELS: Record<string, string> = {
@@ -141,7 +310,8 @@ export const FIELD_LABELS: Record<string, string> = {
   'delegation.max_iterations': 'Subagent Turn Limit',
   'delegation.max_concurrent_children': 'Parallel Subagents',
   'delegation.child_timeout_seconds': 'Subagent Timeout',
-  'delegation.reasoning_effort': 'Subagent Reasoning Effort'
+  'delegation.reasoning_effort': 'Subagent Reasoning Effort',
+  'updates.non_interactive_local_changes': 'In-App Update Local Changes'
 }
 
 export const FIELD_DESCRIPTIONS: Record<string, string> = {
@@ -168,7 +338,9 @@ export const FIELD_DESCRIPTIONS: Record<string, string> = {
   'voice.auto_tts': 'Automatically speak assistant responses.',
   'stt.enabled': 'Enable local or provider-backed speech transcription.',
   'stt.elevenlabs.language_code': 'Optional ISO-639-3 language code. Blank lets ElevenLabs auto-detect.',
-  'agent.max_turns': 'Upper bound for tool-calling turns before Hermes stops a run.'
+  'agent.max_turns': 'Upper bound for tool-calling turns before Hermes stops a run.',
+  'updates.non_interactive_local_changes':
+    'When Hermes updates itself from the app (no terminal prompt), keep local source edits (stash) or throw them away (discard). Terminal updates always ask.'
 }
 
 // Curated desktop config surface: only fields a user might tune from the app.
@@ -281,7 +453,8 @@ export const SECTIONS: DesktopConfigSection[] = [
       'delegation.max_iterations',
       'delegation.max_concurrent_children',
       'delegation.child_timeout_seconds',
-      'delegation.reasoning_effort'
+      'delegation.reasoning_effort',
+      'updates.non_interactive_local_changes'
     ]
   }
 ]

apps/desktop/src/app/settings/credential-key-ui.tsx

@@ -0,0 +1,363 @@
+import { type ChangeEvent, type KeyboardEvent } from 'react'
+
+import { Button } from '@/components/ui/button'
+import { Input } from '@/components/ui/input'
+import { ChevronDown, ExternalLink, Loader2, Save } from '@/lib/icons'
+import { cn } from '@/lib/utils'
+import type { EnvVarInfo } from '@/types/hermes'
+
+import { CONTROL_TEXT } from './constants'
+import { prettyName, withoutKey } from './helpers'
+import { ListRow } from './primitives'
+import type { EnvRowProps } from './types'
+
+export type KeyRowProps = Omit<EnvRowProps, 'info' | 'varKey'>
+
+/** Matches Advanced / config field controls (ListRow + Input). */
+export const CREDENTIAL_CONTROL_CLASS = cn('h-8', CONTROL_TEXT)
+
+export const isKeyVar = (key: string, info: EnvVarInfo) =>
+  info.is_password || /(?:_API_KEY|_TOKEN|_KEY)$/.test(key)
+
+export const friendlyFieldLabel = (key: string, info: EnvVarInfo) =>
+  info.description?.trim() ||
+  key
+    .replace(/_/g, ' ')
+    .toLowerCase()
+    .replace(/\b\w/g, c => c.toUpperCase())
+
+export const credentialPlaceholder = (key: string, info: EnvVarInfo, label: string): string =>
+  isKeyVar(key, info) ? `Paste ${label} key` : /URL$/i.test(key) ? 'https://…' : 'Optional'
+
+// A single credential field: a set key shows as a filled read-only input
+// (redacted value) that edits in place on click. Save appears once typed; a set
+// key also offers Remove, and Esc cancels without closing the overlay.
+export function KeyField({
+  info,
+  placeholder,
+  rowProps,
+  varKey
+}: {
+  info: EnvVarInfo
+  placeholder?: string
+  rowProps: KeyRowProps
+  varKey: string
+}) {
+  const { edits, onClear, onSave, saving, setEdits } = rowProps
+  const editing = edits[varKey] !== undefined
+  const draft = edits[varKey] ?? ''
+  const dirty = draft.trim().length > 0
+  const busy = saving === varKey
+  const masked = info.redacted_value ?? '••••••••'
+  const startEdit = () => setEdits(c => ({ ...c, [varKey]: '' }))
+  const cancel = () => setEdits(c => withoutKey(c, varKey))
+  const update = (e: ChangeEvent<HTMLInputElement>) => setEdits(c => ({ ...c, [varKey]: e.target.value }))
+
+  const keydown = (e: KeyboardEvent<HTMLInputElement>) => {
+    if (e.key === 'Enter' && dirty) {
+      void onSave(varKey)
+    } else if (e.key === 'Escape' && editing) {
+      e.preventDefault()
+      e.stopPropagation()
+      cancel()
+    }
+  }
+
+  const editType = info.is_password ? 'password' : 'text'
+
+  if (info.is_set && !editing) {
+    return (
+      <Input
+        className={cn(CREDENTIAL_CONTROL_CLASS, 'cursor-pointer text-muted-foreground')}
+        onFocus={startEdit}
+        readOnly
+        value={masked}
+      />
+    )
+  }
+
+  return (
+    <div className="grid gap-1">
+      <div className="flex items-center gap-2">
+        <Input
+          autoFocus={editing}
+          className={cn(CREDENTIAL_CONTROL_CLASS, 'min-w-0 flex-1')}
+          onChange={update}
+          onKeyDown={keydown}
+          placeholder={placeholder ?? 'Paste key'}
+          type={editType}
+          value={draft}
+        />
+        {dirty && (
+          <Button className="h-8 shrink-0" disabled={busy} onClick={() => void onSave(varKey)} size="sm">
+            {busy ? <Loader2 className="size-4 animate-spin" /> : <Save />}
+            {busy ? 'Saving' : 'Save'}
+          </Button>
+        )}
+      </div>
+      {editing && (
+        <div className="flex items-center gap-1 text-[0.6875rem]">
+          {info.is_set && (
+            <>
+              <Button
+                className="h-auto px-0 py-0 text-[0.6875rem] text-destructive hover:text-destructive"
+                disabled={busy}
+                onClick={() => void onClear(varKey)}
+                type="button"
+                variant="text"
+              >
+                Remove
+              </Button>
+              <span className="text-muted-foreground">or</span>
+            </>
+          )}
+          <span className="text-muted-foreground">esc to cancel</span>
+        </div>
+      )}
+    </div>
+  )
+}
+
+function CredentialDocsLink({ href }: { href: string }) {
+  return (
+    <a
+      className="inline-flex w-fit items-center gap-1 text-[length:var(--conversation-caption-font-size)] text-(--ui-text-tertiary) underline-offset-4 transition-colors hover:text-foreground hover:underline"
+      href={href}
+      onClick={e => e.stopPropagation()}
+      rel="noreferrer"
+      target="_blank"
+    >
+      Get a key
+      <ExternalLink className="size-3" />
+    </a>
+  )
+}
+
+/** One credential row — collapsible; description and docs link expand on click. */
+export function CredentialKeyCard({
+  expanded,
+  info,
+  label,
+  onExpand,
+  onToggle,
+  placeholder,
+  rowProps,
+  varKey
+}: CredentialKeyCardProps) {
+  const docsUrl = info.url?.trim()
+  const description = info.description?.trim()
+  const expandable = Boolean(description || docsUrl)
+
+  return (
+    <div
+      className={cn(
+        'group/card rounded-[6px] px-2 py-1 transition-colors',
+        expandable && 'cursor-pointer',
+        expandable && !expanded && 'hover:bg-(--ui-row-hover-background)',
+        expanded && 'bg-(--ui-bg-quaternary) ring-1 ring-(--ui-stroke-secondary)'
+      )}
+      onClick={expandable ? onToggle : undefined}
+      onKeyDown={
+        expandable
+          ? e => {
+              if (e.key === 'Enter' || e.key === ' ') {
+                e.preventDefault()
+                onToggle()
+              }
+            }
+          : undefined
+      }
+      role={expandable ? 'button' : undefined}
+      tabIndex={expandable ? 0 : undefined}
+    >
+      <div className="grid gap-3 py-2 sm:grid-cols-[minmax(0,1fr)_minmax(15rem,22rem)] sm:items-center">
+        <div className="flex min-w-0 items-center gap-2">
+          <span
+            className={cn(
+              'size-2 shrink-0 rounded-full',
+              info.is_set ? 'bg-primary' : 'bg-(--ui-stroke-secondary)'
+            )}
+          />
+
+          <span className="min-w-0 truncate text-[length:var(--conversation-text-font-size)] font-medium text-foreground">
+            {label}
+          </span>
+
+          {expandable && (
+            <ChevronDown
+              className={cn(
+                'size-3.5 shrink-0 text-muted-foreground transition',
+                expanded ? 'rotate-180 opacity-100' : 'opacity-0 group-hover/card:opacity-100'
+              )}
+            />
+          )}
+        </div>
+
+        <div
+          className="min-w-0 sm:justify-self-end"
+          onClick={e => e.stopPropagation()}
+          onFocus={() => {
+            if (expandable && !expanded) {
+              onExpand()
+            }
+          }}
+        >
+          <KeyField info={info} placeholder={placeholder} rowProps={rowProps} varKey={varKey} />
+        </div>
+      </div>
+
+      {expandable && expanded && (
+        <div className="grid gap-2.5 pb-2 pl-4" onClick={e => e.stopPropagation()}>
+          {description && (
+            <p className="text-[length:var(--conversation-caption-font-size)] leading-(--conversation-caption-line-height) text-(--ui-text-tertiary)">
+              {description}
+            </p>
+          )}
+
+          {docsUrl && <CredentialDocsLink href={docsUrl} />}
+        </div>
+      )}
+    </div>
+  )
+}
+
+/** Provider API key group — collapsible card; description, docs link, and advanced fields expand on click. */
+export function ProviderKeyRows({ expanded, group, onExpand, onToggle, rowProps }: ProviderKeyRowsProps) {
+  const docsUrl = group.docsUrl?.trim()
+  const description = group.description?.trim()
+  const expandable = Boolean(description || docsUrl || group.advanced.length > 0)
+
+  return (
+    <div
+      className={cn(
+        'group/card rounded-[6px] px-2 py-1 transition-colors',
+        expandable && 'cursor-pointer',
+        expandable && !expanded && 'hover:bg-(--ui-row-hover-background)',
+        expanded && 'bg-(--ui-bg-quaternary) ring-1 ring-(--ui-stroke-secondary)'
+      )}
+      onClick={expandable ? onToggle : undefined}
+      onKeyDown={
+        expandable
+          ? e => {
+              if (e.key === 'Enter' || e.key === ' ') {
+                e.preventDefault()
+                onToggle()
+              }
+            }
+          : undefined
+      }
+      role={expandable ? 'button' : undefined}
+      tabIndex={expandable ? 0 : undefined}
+    >
+      <div className="grid gap-3 py-2 sm:grid-cols-[minmax(0,1fr)_minmax(15rem,22rem)] sm:items-center">
+        <div className="flex min-w-0 items-center gap-2">
+          <span
+            className={cn(
+              'size-2 shrink-0 rounded-full',
+              group.hasAnySet ? 'bg-primary' : 'bg-(--ui-stroke-secondary)'
+            )}
+          />
+
+          <span className="min-w-0 truncate text-[length:var(--conversation-text-font-size)] font-medium text-foreground">
+            {group.name}
+          </span>
+
+          {expandable && (
+            <ChevronDown
+              className={cn(
+                'size-3.5 shrink-0 text-muted-foreground transition',
+                expanded ? 'rotate-180 opacity-100' : 'opacity-0 group-hover/card:opacity-100'
+              )}
+            />
+          )}
+        </div>
+
+        <div
+          className="min-w-0 sm:justify-self-end"
+          onClick={e => e.stopPropagation()}
+          onFocus={() => {
+            if (expandable && !expanded) {
+              onExpand()
+            }
+          }}
+        >
+          <KeyField
+            info={group.primary[1]}
+            placeholder={`Paste ${group.name} key`}
+            rowProps={rowProps}
+            varKey={group.primary[0]}
+          />
+        </div>
+      </div>
+
+      {expandable && expanded && (
+        <div className="grid gap-2.5 pb-2 pl-4" onClick={e => e.stopPropagation()}>
+          {description && (
+            <p className="text-[length:var(--conversation-caption-font-size)] leading-(--conversation-caption-line-height) text-(--ui-text-tertiary)">
+              {description}
+            </p>
+          )}
+
+          {group.advanced.map(([key, info]) => {
+            const fieldLabel = isKeyVar(key, info)
+              ? prettyName(key.replace(/(?:_API_KEY|_TOKEN|_KEY)$/i, ''))
+              : friendlyFieldLabel(key, info)
+
+            return (
+              <ListRow
+                action={
+                  <KeyField
+                    info={info}
+                    placeholder={credentialPlaceholder(key, info, fieldLabel)}
+                    rowProps={rowProps}
+                    varKey={key}
+                  />
+                }
+                key={key}
+                title={fieldLabel}
+              />
+            )
+          })}
+
+          {docsUrl && <CredentialDocsLink href={docsUrl} />}
+        </div>
+      )}
+    </div>
+  )
+}
+
+export function credentialRowLabel(varKey: string, info: EnvVarInfo): string {
+  if (isKeyVar(varKey, info)) {
+    return prettyName(varKey.replace(/(?:_API_KEY|_TOKEN|_KEY)$/i, ''))
+  }
+
+  return prettyName(varKey)
+}
+
+interface CredentialKeyCardProps {
+  expanded: boolean
+  info: EnvVarInfo
+  label: string
+  onExpand: () => void
+  onToggle: () => void
+  placeholder: string
+  rowProps: KeyRowProps
+  varKey: string
+}
+
+interface ProviderKeyRowsProps {
+  expanded: boolean
+  group: ProviderKeyRowGroup
+  onExpand: () => void
+  onToggle: () => void
+  rowProps: KeyRowProps
+}
+
+export interface ProviderKeyRowGroup {
+  advanced: [string, EnvVarInfo][]
+  description?: string
+  docsUrl?: string
+  hasAnySet: boolean
+  name: string
+  primary: [string, EnvVarInfo]
+}

apps/desktop/src/app/settings/env-credentials.tsx

@@ -0,0 +1,194 @@
+import { useEffect, useState } from 'react'
+
+import { deleteEnvVar, getEnvVars, revealEnvVar, setEnvVar } from '@/hermes'
+import { type IconComponent } from '@/lib/icons'
+import { notify, notifyError } from '@/store/notifications'
+import type { EnvVarInfo } from '@/types/hermes'
+
+import { asText, includesQuery, redactedValue, withoutKey } from './helpers'
+import { Pill } from './primitives'
+import type { EnvRowProps } from './types'
+
+// Shared filter used by every credential surface (Providers + Keys pages):
+// category gate first, then a free-text match across key name + description.
+export function filterEnv(info: EnvVarInfo, key: string, q: string, cat: string, extra?: string): boolean {
+  if (asText(info.category) !== cat) {
+    return false
+  }
+
+  if (!q) {
+    return true
+  }
+
+  return (
+    key.toLowerCase().includes(q) ||
+    includesQuery(info.description, q) ||
+    Boolean(extra && extra.toLowerCase().includes(q))
+  )
+}
+
+export function SettingsCategoryHeading({ count, icon: Icon, title }: CategoryHeadingProps) {
+  return (
+    <div className="mb-3 flex items-center gap-2 text-[length:var(--conversation-text-font-size)] font-medium">
+      <Icon className="size-4 text-muted-foreground" />
+      <span>{title}</span>
+      {count && <Pill>{count}</Pill>}
+    </div>
+  )
+}
+
+// Owns the env-var fetch + the edit/reveal/save/delete lifecycle so multiple
+// credential pages (Providers, Keys) share one source of truth and one set of
+// mutation handlers instead of duplicating the plumbing.
+export function useEnvCredentials(): UseEnvCredentials {
+  const [vars, setVars] = useState<Record<string, EnvVarInfo> | null>(null)
+  const [edits, setEdits] = useState<Record<string, string>>({})
+  const [revealed, setRevealed] = useState<Record<string, string>>({})
+  const [saving, setSaving] = useState<string | null>(null)
+
+  // Best-effort cleanup of a retired localStorage flag (global "Show
+  // advanced" toggle) — everything in these views is configuration-level.
+  useEffect(() => {
+    try {
+      window.localStorage.removeItem('desktop.settings.keys.show_advanced')
+    } catch {
+      // Ignore — old key cleanup is best-effort.
+    }
+  }, [])
+
+  useEffect(() => {
+    let cancelled = false
+
+    void (async () => {
+      try {
+        const next = await getEnvVars()
+
+        if (!cancelled) {
+          setVars(next)
+        }
+      } catch (err) {
+        notifyError(err, 'API keys failed to load')
+      }
+    })()
+
+    return () => void (cancelled = true)
+  }, [])
+
+  function patchVar(key: string, patch: Partial<Pick<EnvVarInfo, 'is_set' | 'redacted_value'>>) {
+    setVars(c => (c ? { ...c, [key]: { ...c[key], ...patch } } : c))
+  }
+
+  function clearLocalState(key: string) {
+    setEdits(c => withoutKey(c, key))
+    setRevealed(c => withoutKey(c, key))
+  }
+
+  async function handleSave(key: string) {
+    const value = edits[key]
+
+    if (!value) {
+      return
+    }
+
+    setSaving(key)
+
+    try {
+      await setEnvVar(key, value)
+      patchVar(key, { is_set: true, redacted_value: redactedValue(value) })
+      clearLocalState(key)
+      notify({ kind: 'success', title: 'Credential saved', message: `${key} updated.` })
+    } catch (err) {
+      notifyError(err, `Failed to save ${key}`)
+    } finally {
+      setSaving(null)
+    }
+  }
+
+  // Direct save for a known value (no edit-state round-trip) — used by the
+  // onboarding-style key form, which owns its own input. Returns a result so
+  // the form can surface inline errors instead of only toasting.
+  async function saveValue(key: string, value: string): Promise<{ message?: string; ok: boolean }> {
+    const trimmed = value.trim()
+
+    if (!trimmed) {
+      return { message: 'Enter a value first.', ok: false }
+    }
+
+    setSaving(key)
+
+    try {
+      await setEnvVar(key, trimmed)
+      patchVar(key, { is_set: true, redacted_value: redactedValue(trimmed) })
+      clearLocalState(key)
+      notify({ kind: 'success', message: `${key} updated.`, title: 'Credential saved' })
+
+      return { ok: true }
+    } catch (err) {
+      notifyError(err, `Failed to save ${key}`)
+
+      return { message: err instanceof Error ? err.message : 'Could not save credential.', ok: false }
+    } finally {
+      setSaving(null)
+    }
+  }
+
+  async function handleClear(key: string) {
+    if (!window.confirm(`Remove ${key} from .env?`)) {
+      return
+    }
+
+    setSaving(key)
+
+    try {
+      await deleteEnvVar(key)
+      patchVar(key, { is_set: false, redacted_value: null })
+      clearLocalState(key)
+      notify({ kind: 'success', title: 'Credential removed', message: `${key} removed.` })
+    } catch (err) {
+      notifyError(err, `Failed to remove ${key}`)
+    } finally {
+      setSaving(null)
+    }
+  }
+
+  async function handleReveal(key: string) {
+    if (revealed[key]) {
+      setRevealed(c => withoutKey(c, key))
+
+      return
+    }
+
+    try {
+      const result = await revealEnvVar(key)
+      setRevealed(c => ({ ...c, [key]: result.value }))
+    } catch (err) {
+      notifyError(err, `Failed to reveal ${key}`)
+    }
+  }
+
+  return {
+    saveValue,
+    vars,
+    rowProps: {
+      edits,
+      revealed,
+      saving,
+      setEdits,
+      onSave: handleSave,
+      onClear: handleClear,
+      onReveal: handleReveal
+    }
+  }
+}
+
+interface CategoryHeadingProps {
+  count?: string
+  icon: IconComponent
+  title: string
+}
+
+interface UseEnvCredentials {
+  rowProps: Omit<EnvRowProps, 'varKey' | 'info'>
+  saveValue: (key: string, value: string) => Promise<{ message?: string; ok: boolean }>
+  vars: Record<string, EnvVarInfo> | null
+}

apps/desktop/src/app/settings/env-var-actions-menu.tsx

@@ -0,0 +1,130 @@
+import type * as React from 'react'
+
+import { Button } from '@/components/ui/button'
+import { Codicon } from '@/components/ui/codicon'
+import {
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuItem,
+  DropdownMenuSeparator,
+  DropdownMenuTrigger
+} from '@/components/ui/dropdown-menu'
+import { Eye, EyeOff, ExternalLink, Trash2 } from '@/lib/icons'
+import { triggerHaptic } from '@/lib/haptics'
+import { cn } from '@/lib/utils'
+
+interface EnvVarActionsMenuProps
+  extends Pick<React.ComponentProps<typeof DropdownMenuContent>, 'align' | 'sideOffset'> {
+  children: React.ReactNode
+  clearDisabled?: boolean
+  docsUrl?: string | null
+  isRevealed?: boolean
+  isSet: boolean
+  label: string
+  onClear?: () => void
+  onEdit: () => void
+  onReveal?: () => void
+  showReveal?: boolean
+}
+
+export function EnvVarActionsMenu({
+  align = 'end',
+  children,
+  clearDisabled = false,
+  docsUrl,
+  isRevealed = false,
+  isSet,
+  label,
+  onClear,
+  onEdit,
+  onReveal,
+  showReveal = true,
+  sideOffset = 6
+}: EnvVarActionsMenuProps) {
+  const hasClear = isSet && onClear
+  const hasReveal = isSet && showReveal && onReveal
+  const hasDocs = Boolean(docsUrl?.trim())
+
+  return (
+    <DropdownMenu>
+      <DropdownMenuTrigger asChild>{children}</DropdownMenuTrigger>
+      <DropdownMenuContent
+        align={align}
+        aria-label={`Actions for ${label}`}
+        className="w-44"
+        sideOffset={sideOffset}
+      >
+        {hasDocs && (
+          <DropdownMenuItem
+            onSelect={event => {
+              event.preventDefault()
+              triggerHaptic('selection')
+              window.open(docsUrl!, '_blank', 'noopener,noreferrer')
+            }}
+          >
+            <ExternalLink className="size-3.5" />
+            <span>Docs</span>
+          </DropdownMenuItem>
+        )}
+
+        {hasReveal && (
+          <DropdownMenuItem
+            onSelect={() => {
+              triggerHaptic('selection')
+              onReveal()
+            }}
+          >
+            {isRevealed ? <EyeOff className="size-3.5" /> : <Eye className="size-3.5" />}
+            <span>{isRevealed ? 'Hide value' : 'Reveal value'}</span>
+          </DropdownMenuItem>
+        )}
+
+        <DropdownMenuItem
+          onSelect={() => {
+            triggerHaptic('selection')
+            onEdit()
+          }}
+        >
+          <Codicon name="edit" size="0.875rem" />
+          <span>{isSet ? 'Replace' : 'Set'}</span>
+        </DropdownMenuItem>
+
+        {hasClear && (
+          <>
+            <DropdownMenuSeparator />
+            <DropdownMenuItem
+              disabled={clearDisabled}
+              onSelect={() => {
+                triggerHaptic('warning')
+                onClear()
+              }}
+              variant="destructive"
+            >
+              <Trash2 className="size-3.5" />
+              <span>Clear</span>
+            </DropdownMenuItem>
+          </>
+        )}
+      </DropdownMenuContent>
+    </DropdownMenu>
+  )
+}
+
+interface EnvVarActionsTriggerProps extends Omit<React.ComponentProps<typeof Button>, 'size' | 'variant'> {
+  label: string
+}
+
+export function EnvVarActionsTrigger({ className, label, ...props }: EnvVarActionsTriggerProps) {
+  return (
+    <Button
+      aria-label={`Actions for ${label}`}
+      className={cn('text-muted-foreground hover:text-foreground', className)}
+      size="icon-sm"
+      title="Credential actions"
+      variant="ghost"
+      {...props}
+    >
+      <Codicon name="ellipsis" size="0.875rem" />
+    </Button>
+  )
+}

apps/desktop/src/app/settings/gateway-settings.tsx

@@ -1,19 +1,26 @@
-import { useEffect, useMemo, useState } from 'react'
+import { useStore } from '@nanostores/react'
+import { useEffect, useMemo, useRef, useState } from 'react'
 
 import { Button } from '@/components/ui/button'
 import { Input } from '@/components/ui/input'
-import { AlertCircle, Check, FileText, Globe, Loader2, Monitor } from '@/lib/icons'
+import type { DesktopAuthProvider, DesktopConnectionProbeResult } from '@/global'
+import { AlertCircle, Check, FileText, Globe, Loader2, LogIn, Monitor } from '@/lib/icons'
 import { cn } from '@/lib/utils'
 import { notify, notifyError } from '@/store/notifications'
+import { $profiles, refreshActiveProfile } from '@/store/profile'
 
 import { CONTROL_TEXT } from './constants'
 import { EmptyState, ListRow, LoadingState, Pill, SettingsContent } from './primitives'
 
 type Mode = 'local' | 'remote'
+type AuthMode = 'oauth' | 'token'
+type ProbeStatus = 'idle' | 'probing' | 'done' | 'error'
 
 interface GatewaySettingsState {
   envOverride: boolean
   mode: Mode
+  remoteAuthMode: AuthMode
+  remoteOauthConnected: boolean
   remoteTokenPreview: string | null
   remoteTokenSet: boolean
   remoteUrl: string
@@ -22,6 +29,8 @@ interface GatewaySettingsState {
 const EMPTY_STATE: GatewaySettingsState = {
   envOverride: false,
   mode: 'local',
+  remoteAuthMode: 'token',
+  remoteOauthConnected: false,
   remoteTokenPreview: null,
   remoteTokenSet: false,
   remoteUrl: ''
@@ -67,14 +76,49 @@ function ModeCard({
   )
 }
 
+function ScopeChip({ active, label, onSelect }: { active: boolean; label: string; onSelect: () => void }) {
+  return (
+    <button
+      className={cn(
+        'rounded-full border px-3 py-1 text-[length:var(--conversation-caption-font-size)] transition',
+        active
+          ? 'border-(--ui-stroke-secondary) bg-(--ui-bg-tertiary) text-(--ui-text-primary)'
+          : 'border-(--ui-stroke-tertiary) bg-(--ui-bg-quinary) text-(--ui-text-tertiary) hover:bg-(--chrome-action-hover)'
+      )}
+      onClick={onSelect}
+      type="button"
+    >
+      {label}
+    </button>
+  )
+}
+
 export function GatewaySettings() {
   const [loading, setLoading] = useState(true)
   const [saving, setSaving] = useState(false)
   const [testing, setTesting] = useState(false)
+  const [signingIn, setSigningIn] = useState(false)
   const [state, setState] = useState<GatewaySettingsState>(EMPTY_STATE)
   const [remoteToken, setRemoteToken] = useState('')
   const [lastTest, setLastTest] = useState<null | string>(null)
 
+  // Connection scope: null = the global/default connection (the original
+  // behavior); a profile name = that profile's per-profile remote override, so
+  // each profile can point at its own backend.
+  const [scope, setScope] = useState<null | string>(null)
+  const profiles = useStore($profiles)
+
+  useEffect(() => {
+    void refreshActiveProfile()
+  }, [])
+
+  // Auth-mode probe: as the user types a remote URL we ask the gateway (via
+  // its public /api/status) whether it gates with OAuth or a static session
+  // token, so we can show the right control (login button vs token box).
+  const [probeStatus, setProbeStatus] = useState<ProbeStatus>('idle')
+  const [probe, setProbe] = useState<DesktopConnectionProbeResult | null>(null)
+  const probeSeq = useRef(0)
+
   useEffect(() => {
     let cancelled = false
     const desktop = window.hermesDesktop
@@ -85,8 +129,14 @@ export function GatewaySettings() {
       return () => void (cancelled = true)
     }
 
+    setLoading(true)
+    // Clear scope-local entry state so a token from one scope can't leak into
+    // the next when switching profiles.
+    setRemoteToken('')
+    setLastTest(null)
+
     desktop
-      .getConnectionConfig()
+      .getConnectionConfig(scope)
       .then(config => {
         if (cancelled) {
           return
@@ -102,17 +152,136 @@ export function GatewaySettings() {
       })
 
     return () => void (cancelled = true)
-  }, [])
+  }, [scope])
 
-  const canUseRemote = useMemo(
-    () => Boolean(state.remoteUrl.trim()) && (Boolean(remoteToken.trim()) || state.remoteTokenSet),
-    [remoteToken, state.remoteTokenSet, state.remoteUrl]
-  )
+  // Debounced probe of the entered remote URL. Only runs in remote mode with a
+  // syntactically plausible URL. The probe result drives whether we render the
+  // OAuth login button or the session-token entry box. The effective auth mode
+  // prefers a fresh probe result over the saved value.
+  const trimmedUrl = state.remoteUrl.trim()
+  useEffect(() => {
+    if (state.mode !== 'remote' || !trimmedUrl || !/^https?:\/\//i.test(trimmedUrl)) {
+      setProbeStatus('idle')
+      setProbe(null)
+
+      return
+    }
+
+    const desktop = window.hermesDesktop
+
+    if (!desktop?.probeConnectionConfig) {
+      return
+    }
+
+    const seq = ++probeSeq.current
+    setProbeStatus('probing')
+
+    const timer = setTimeout(() => {
+      desktop
+        .probeConnectionConfig(trimmedUrl)
+        .then(result => {
+          if (seq !== probeSeq.current) {
+            return
+          }
+
+          setProbe(result)
+          setProbeStatus(result.reachable ? 'done' : 'error')
+        })
+        .catch(() => {
+          if (seq !== probeSeq.current) {
+            return
+          }
+
+          setProbe(null)
+          setProbeStatus('error')
+        })
+    }, 500)
+
+    return () => clearTimeout(timer)
+  }, [state.mode, trimmedUrl])
+
+  // Effective auth mode: a reachable probe wins; otherwise fall back to the
+  // saved config's mode so a re-open of settings doesn't flicker.
+  const authMode: AuthMode = useMemo(() => {
+    if (probeStatus === 'done' && probe && probe.authMode !== 'unknown') {
+      return probe.authMode
+    }
+
+    return state.remoteAuthMode
+  }, [probe, probeStatus, state.remoteAuthMode])
+
+  // Whether we actually KNOW how this gateway authenticates yet. Until we do,
+  // neither the OAuth button nor the session-token box should render —
+  // `authMode` defaults to 'token', so without this gate the token box flashes
+  // for every gateway (including OAuth ones) during the idle/probing window
+  // before the first probe lands. The scheme is known when either:
+  //   * the live probe finished (probeStatus 'done'), or
+  //   * we're idle but showing a previously-saved remote config (re-opening
+  //     settings for a gateway already signed-in or with a saved token), so
+  //     its control appears immediately with no flicker.
+  // While probing (or after a probe error), the scheme is unknown and we show
+  // the probe status row instead of a control.
+  const hasSavedRemote = state.remoteTokenSet || state.remoteOauthConnected
+
+  const authResolved = useMemo(() => {
+    if (probeStatus === 'done') {
+      return true
+    }
+
+    return probeStatus === 'idle' && hasSavedRemote
+  }, [probeStatus, hasSavedRemote])
+
+  const providerLabel = useMemo(() => {
+    const providers: DesktopAuthProvider[] = probe?.providers ?? []
+
+    if (providers.length === 1) {
+      return providers[0].displayName || providers[0].name
+    }
+
+    if (providers.length > 1) {
+      return providers.map(p => p.displayName || p.name).join(' / ')
+    }
+
+    return 'your identity provider'
+  }, [probe])
+
+  // A username/password gateway authenticates through a credential form on the
+  // gateway's /login page (POST /auth/password-login) rather than an OAuth
+  // redirect. Everything downstream — the session cookie, the ws-ticket mint,
+  // the persistent partition — is identical, so the desktop drives it through
+  // the same sign-in window; only the button copy changes. We treat the
+  // gateway as password-style only when EVERY advertised provider supports
+  // password, so a mixed deployment keeps the generic OAuth copy.
+  const isPasswordProvider = useMemo(() => {
+    const providers: DesktopAuthProvider[] = probe?.providers ?? []
+
+    return providers.length > 0 && providers.every(p => p.supportsPassword)
+  }, [probe])
+
+  // The 'default' profile uses the global ("All profiles") connection, so the
+  // per-profile scopes are the named, non-default profiles.
+  const namedProfiles = useMemo(() => profiles.filter(profile => profile.name !== 'default'), [profiles])
+
+  const oauthConnected = state.remoteOauthConnected
+
+  const canUseRemote = useMemo(() => {
+    if (!trimmedUrl) {
+      return false
+    }
+
+    if (authMode === 'oauth') {
+      return oauthConnected
+    }
+
+    return Boolean(remoteToken.trim()) || state.remoteTokenSet
+  }, [authMode, oauthConnected, remoteToken, state.remoteTokenSet, trimmedUrl])
 
   const payload = () => ({
     mode: state.mode,
-    remoteToken: remoteToken.trim() || undefined,
-    remoteUrl: state.remoteUrl.trim()
+    profile: scope ?? undefined,
+    remoteAuthMode: authMode,
+    remoteToken: authMode === 'token' ? remoteToken.trim() || undefined : undefined,
+    remoteUrl: trimmedUrl
   })
 
   const save = async (apply: boolean) => {
@@ -120,7 +289,10 @@ export function GatewaySettings() {
       notify({
         kind: 'warning',
         title: 'Remote gateway incomplete',
-        message: 'Enter a remote URL and session token before switching to remote.'
+        message:
+          authMode === 'oauth'
+            ? 'Enter a remote URL and sign in before switching to remote.'
+            : 'Enter a remote URL and session token before switching to remote.'
       })
 
       return
@@ -147,12 +319,74 @@ export function GatewaySettings() {
     }
   }
 
+  // OAuth sign-in: persist the URL + oauth mode first (so the saved config has
+  // the URL the login window needs), then open the gateway login window and
+  // refresh the connection status from the saved config once it completes.
+  const signIn = async () => {
+    if (!trimmedUrl) {
+      notify({ kind: 'warning', title: 'Remote gateway incomplete', message: 'Enter a remote URL first.' })
+
+      return
+    }
+
+    setSigningIn(true)
+
+    try {
+      // Save (don't apply/restart) so the login window has a URL to use and the
+      // oauth mode is persisted, without yet flipping the live connection.
+      const saved = await window.hermesDesktop.saveConnectionConfig({
+        mode: state.mode,
+        profile: scope ?? undefined,
+        remoteAuthMode: 'oauth',
+        remoteUrl: trimmedUrl
+      })
+
+      setState(saved)
+
+      const result = await window.hermesDesktop.oauthLoginConnectionConfig(trimmedUrl)
+
+      if (result.connected) {
+        const refreshed = await window.hermesDesktop.getConnectionConfig(scope)
+        setState(refreshed)
+        notify({ kind: 'success', title: 'Signed in', message: `Connected to ${providerLabel}.` })
+      } else {
+        notify({
+          kind: 'warning',
+          title: 'Sign-in incomplete',
+          message: 'The login window closed before authentication finished.'
+        })
+      }
+    } catch (err) {
+      notifyError(err, 'Sign-in failed')
+    } finally {
+      setSigningIn(false)
+    }
+  }
+
+  const signOut = async () => {
+    setSigningIn(true)
+
+    try {
+      await window.hermesDesktop.oauthLogoutConnectionConfig(trimmedUrl || undefined)
+      const refreshed = await window.hermesDesktop.getConnectionConfig(scope)
+      setState(refreshed)
+      notify({ kind: 'success', title: 'Signed out', message: 'Cleared the remote gateway session.' })
+    } catch (err) {
+      notifyError(err, 'Sign-out failed')
+    } finally {
+      setSigningIn(false)
+    }
+  }
+
   const testRemote = async () => {
     if (!canUseRemote) {
       notify({
         kind: 'warning',
         title: 'Remote gateway incomplete',
-        message: 'Enter a remote URL and session token before testing.'
+        message:
+          authMode === 'oauth'
+            ? 'Enter a remote URL and sign in before testing.'
+            : 'Enter a remote URL and session token before testing.'
       })
 
       return
@@ -164,8 +398,10 @@ export function GatewaySettings() {
     try {
       const result = await window.hermesDesktop.testConnectionConfig({
         mode: 'remote',
-        remoteToken: remoteToken.trim() || undefined,
-        remoteUrl: state.remoteUrl.trim()
+        profile: scope ?? undefined,
+        remoteAuthMode: authMode,
+        remoteToken: authMode === 'token' ? remoteToken.trim() || undefined : undefined,
+        remoteUrl: trimmedUrl
       })
 
       const message = `Connected to ${result.baseUrl}${result.version ? ` · Hermes ${result.version}` : ''}`
@@ -201,10 +437,35 @@ export function GatewaySettings() {
         </div>
         <p className="mt-2 max-w-2xl text-[length:var(--conversation-caption-font-size)] leading-(--conversation-caption-line-height) text-(--ui-text-tertiary)">
           Hermes Desktop starts its own local gateway by default. Use a remote gateway when you want this app to control
-          an already-running Hermes backend on another machine or behind a trusted proxy.
+          an already-running Hermes backend on another machine or behind a trusted proxy. Pick a profile below to give it
+          its own remote host.
         </p>
       </div>
 
+      {namedProfiles.length > 0 ? (
+        <div className="mb-5 grid gap-2">
+          <div className="text-[length:var(--conversation-caption-font-size)] font-medium text-(--ui-text-secondary)">
+            Applies to
+          </div>
+          <div className="flex flex-wrap gap-1.5">
+            <ScopeChip active={scope === null} label="All profiles" onSelect={() => setScope(null)} />
+            {namedProfiles.map(profile => (
+              <ScopeChip
+                active={scope === profile.name}
+                key={profile.name}
+                label={profile.name}
+                onSelect={() => setScope(profile.name)}
+              />
+            ))}
+          </div>
+          <p className="text-[length:var(--conversation-caption-font-size)] leading-(--conversation-caption-line-height) text-(--ui-text-tertiary)">
+            {scope === null
+              ? 'Default connection for every profile that has no override of its own.'
+              : `Connection used only when “${scope}” is the active profile. Set it to Local to inherit the default.`}
+          </p>
+        </div>
+      ) : null}
+
       {state.envOverride ? (
         <div className="mb-5 flex items-start gap-2 rounded-xl border border-destructive/30 bg-destructive/10 px-3 py-2.5 text-[length:var(--conversation-caption-font-size)] text-destructive">
           <AlertCircle className="mt-0.5 size-4 shrink-0" />
@@ -229,7 +490,7 @@ export function GatewaySettings() {
         />
         <ModeCard
           active={state.mode === 'remote'}
-          description="Connect this desktop shell to a remote Hermes backend using its session token."
+          description="Connect this desktop shell to a remote Hermes backend. Hosted gateways use OAuth or a username and password; self-hosted ones may use a session token."
           disabled={state.envOverride}
           icon={Globe}
           onSelect={() => setState(current => ({ ...current, mode: 'remote' }))}
@@ -251,23 +512,75 @@ export function GatewaySettings() {
           description="Base URL for the remote dashboard backend. Path prefixes are supported, for example /hermes."
           title="Remote URL"
         />
-        <ListRow
-          action={
-            <Input
-              autoComplete="off"
-              className={cn('h-8 font-mono', CONTROL_TEXT)}
-              disabled={state.envOverride}
-              onChange={event => setRemoteToken(event.target.value)}
-              placeholder={
-                state.remoteTokenSet ? `Existing token ${state.remoteTokenPreview ?? 'saved'}` : 'Paste session token'
-              }
-              type="password"
-              value={remoteToken}
-            />
-          }
-          description="The dashboard session token used for REST and WebSocket access. Leave blank to keep the saved token."
-          title="Session token"
-        />
+
+        {state.mode === 'remote' && probeStatus === 'probing' ? (
+          <div className="flex items-center gap-2 py-3 text-[length:var(--conversation-caption-font-size)] text-(--ui-text-tertiary)">
+            <Loader2 className="size-4 animate-spin" />
+            Checking how this gateway authenticates…
+          </div>
+        ) : null}
+
+        {state.mode === 'remote' && probeStatus === 'error' ? (
+          <div className="flex items-start gap-2 py-3 text-[length:var(--conversation-caption-font-size)] text-(--ui-text-tertiary)">
+            <AlertCircle className="mt-0.5 size-4 shrink-0" />
+            Could not reach this gateway yet. Check the URL — the auth method will appear once it responds.
+          </div>
+        ) : null}
+
+        {/* OAuth / password gateways: present a sign-in button + connection status. */}
+        {state.mode === 'remote' && authResolved && authMode === 'oauth' ? (
+          <ListRow
+            action={
+              oauthConnected ? (
+                <div className="flex items-center gap-2">
+                  <Pill tone="primary">
+                    <Check className="size-3" /> Signed in
+                  </Pill>
+                  <Button disabled={signingIn || state.envOverride} onClick={() => void signOut()} variant="outline">
+                    {signingIn ? <Loader2 className="size-4 animate-spin" /> : null}
+                    Sign out
+                  </Button>
+                </div>
+              ) : (
+                <Button disabled={signingIn || state.envOverride || !trimmedUrl} onClick={() => void signIn()}>
+                  {signingIn ? <Loader2 className="size-4 animate-spin" /> : <LogIn className="size-4" />}
+                  {isPasswordProvider ? 'Sign in' : `Sign in with ${providerLabel}`}
+                </Button>
+              )
+            }
+            description={
+              oauthConnected
+                ? isPasswordProvider
+                  ? 'This gateway uses a username and password. You are signed in; the session refreshes automatically.'
+                  : 'This gateway uses OAuth. You are signed in; the session refreshes automatically.'
+                : isPasswordProvider
+                  ? 'This gateway uses a username and password. Sign in to authorize this desktop app.'
+                  : `This gateway uses OAuth. Sign in with ${providerLabel} to authorize this desktop app.`
+            }
+            title="Authentication"
+          />
+        ) : null}
+
+        {/* Session-token gateways: keep the existing token entry box. */}
+        {state.mode === 'remote' && authResolved && authMode === 'token' ? (
+          <ListRow
+            action={
+              <Input
+                autoComplete="off"
+                className={cn('h-8 font-mono', CONTROL_TEXT)}
+                disabled={state.envOverride}
+                onChange={event => setRemoteToken(event.target.value)}
+                placeholder={
+                  state.remoteTokenSet ? `Existing token ${state.remoteTokenPreview ?? 'saved'}` : 'Paste session token'
+                }
+                type="password"
+                value={remoteToken}
+              />
+            }
+            description="The dashboard session token used for REST and WebSocket access. Leave blank to keep the saved token."
+            title="Session token"
+          />
+        ) : null}
       </div>
 
       {lastTest ? <div className="mt-4 text-xs text-primary">{lastTest}</div> : null}

apps/desktop/src/app/settings/helpers.test.ts

@@ -2,7 +2,7 @@ import { describe, expect, it } from 'vitest'
 
 import type { HermesConfigRecord } from '@/types/hermes'
 
-import { getNested, setNested } from './helpers'
+import { getNested, providerGroup, setNested, stripToolsetLabel, toolsetDisplayLabel } from './helpers'
 
 describe('settings helpers', () => {
   it('reads and writes nested config paths', () => {
@@ -20,4 +20,48 @@ describe('settings helpers', () => {
     expect(() => setNested(config, 'constructor.prototype.polluted', true)).toThrow('Unsafe config path')
     expect(({} as Record<string, unknown>).polluted).toBeUndefined()
   })
+
+  describe('stripToolsetLabel', () => {
+    it('removes leading emoji prefixes from registry labels', () => {
+      expect(stripToolsetLabel('⏰ Cron Jobs')).toBe('Cron Jobs')
+      expect(stripToolsetLabel('⚡ Code Execution')).toBe('Code Execution')
+      expect(stripToolsetLabel('❓ Clarifying Questions')).toBe('Clarifying Questions')
+      expect(stripToolsetLabel('🌐 Browser Automation')).toBe('Browser Automation')
+      expect(stripToolsetLabel('🎨 Image Generation')).toBe('Image Generation')
+    })
+
+    it('leaves plain titles unchanged', () => {
+      expect(stripToolsetLabel('Terminal & Processes')).toBe('Terminal & Processes')
+    })
+  })
+
+  describe('toolsetDisplayLabel', () => {
+    it('strips emoji from toolset rows', () => {
+      expect(toolsetDisplayLabel({ name: 'cronjob', label: '⏰ Cron Jobs' })).toBe('Cron Jobs')
+    })
+  })
+
+  describe('providerGroup', () => {
+    it('maps a provider env var to its labeled group', () => {
+      expect(providerGroup('XAI_API_KEY')).toBe('xAI')
+      expect(providerGroup('NOUS_API_KEY')).toBe('Nous Portal')
+      expect(providerGroup('OPENROUTER_API_KEY')).toBe('OpenRouter')
+    })
+
+    it('prefers the longest matching prefix so CN/regional buckets win', () => {
+      // MINIMAX_CN_ must beat the generic MINIMAX_ prefix.
+      expect(providerGroup('MINIMAX_CN_API_KEY')).toBe('MiniMax (China)')
+      expect(providerGroup('MINIMAX_API_KEY')).toBe('MiniMax')
+      // KIMI_CN_ likewise must beat KIMI_.
+      expect(providerGroup('KIMI_CN_API_KEY')).toBe('Kimi (China)')
+      expect(providerGroup('KIMI_API_KEY')).toBe('Kimi / Moonshot')
+      // HERMES_QWEN_ and HERMES_GEMINI_ both share the HERMES_ stem.
+      expect(providerGroup('HERMES_QWEN_BASE_URL')).toBe('DashScope (Qwen)')
+      expect(providerGroup('HERMES_GEMINI_CLIENT_ID')).toBe('Gemini')
+    })
+
+    it('falls back to "Other" for un-grouped env vars', () => {
+      expect(providerGroup('SOMETHING_RANDOM')).toBe('Other')
+    })
+  })
 })

apps/desktop/src/app/settings/helpers.ts

@@ -8,6 +8,13 @@ export const includesQuery = (v: unknown, q: string) => asText(v).toLowerCase().
 
 export const prettyName = (v: string) => v.replace(/_/g, ' ').replace(/\b\w/g, c => c.toUpperCase())
 
+/** Strip leading emoji from toolset titles (CLI registry prefixes labels with icons). */
+export const stripToolsetLabel = (label: string): string =>
+  label.replace(/^[\p{Emoji}\p{Extended_Pictographic}\s]+/u, '').trim() || label
+
+export const toolsetDisplayLabel = (toolset: Pick<ToolsetInfo, 'label' | 'name'>): string =>
+  stripToolsetLabel(asText(toolset.label || toolset.name))
+
 export const toolNames = (t: ToolsetInfo) => (Array.isArray(t.tools) ? t.tools.map(asText).filter(Boolean) : [])
 
 export const withoutKey = <T>(record: Record<string, T>, key: string) => {
@@ -19,9 +26,30 @@ export const withoutKey = <T>(record: Record<string, T>, key: string) => {
 
 export const redactedValue = (v: string) => (v.length <= 8 ? '••••' : `${v.slice(0, 4)}...${v.slice(-4)}`)
 
-export const providerGroup = (key: string) => PROVIDER_GROUPS.find(g => key.startsWith(g.prefix))?.name ?? 'Other'
+// Longest-prefix match so a more specific group like ``MINIMAX_CN_`` is
+// chosen over its shorter parent ``MINIMAX_``. Falls back to the bucket
+// "Other" used by the Keys settings view for un-grouped env vars.
+export const providerGroup = (key: string) => {
+  let best: (typeof PROVIDER_GROUPS)[number] | undefined
 
-export const providerPriority = (name: string) => PROVIDER_GROUPS.find(g => g.name === name)?.priority ?? 99
+  for (const candidate of PROVIDER_GROUPS) {
+    if (!key.startsWith(candidate.prefix)) {
+      continue
+    }
+
+    if (!best || candidate.prefix.length > best.prefix.length) {
+      best = candidate
+    }
+  }
+
+  return best?.name ?? 'Other'
+}
+
+export const providerMeta = (name: string) =>
+  PROVIDER_GROUPS.find(g => g.name === name && (g.description || g.docsUrl)) ??
+  PROVIDER_GROUPS.find(g => g.name === name)
+
+export const providerPriority = (name: string) => providerMeta(name)?.priority ?? 99
 
 const POLLUTING_PATH_PARTS = new Set(['__proto__', 'constructor', 'prototype'])
 

apps/desktop/src/app/settings/index.tsx

@@ -1,9 +1,11 @@
 import { IconDownload, IconRefresh, IconUpload } from '@tabler/icons-react'
 import { useRef } from 'react'
 
+import { Tip } from '@/components/ui/tooltip'
 import { getHermesConfigDefaults, getHermesConfigRecord, saveHermesConfig } from '@/hermes'
+import { useI18n } from '@/i18n'
 import { triggerHaptic } from '@/lib/haptics'
-import { Archive, Globe, Info, KeyRound, Wrench } from '@/lib/icons'
+import { Archive, Globe, Info, KeyRound, Settings2, Sparkles, Wrench, Zap } from '@/lib/icons'
 import { notifyError } from '@/store/notifications'
 
 import { useRouteEnumParam } from '../hooks/use-route-enum-param'
@@ -16,13 +18,15 @@ import { AppearanceSettings } from './appearance-settings'
 import { ConfigSettings } from './config-settings'
 import { SECTIONS } from './constants'
 import { GatewaySettings } from './gateway-settings'
-import { KeysSettings } from './keys-settings'
+import { KEYS_VIEWS, KeysSettings, type KeysView } from './keys-settings'
 import { McpSettings } from './mcp-settings'
+import { PROVIDER_VIEWS, ProvidersSettings, type ProviderView } from './providers-settings'
 import { SessionsSettings } from './sessions-settings'
 import type { SettingsPageProps, SettingsView as SettingsViewId } from './types'
 
 const SETTINGS_VIEWS: readonly SettingsViewId[] = [
   ...SECTIONS.map(s => `config:${s.id}` as SettingsViewId),
+  'providers',
   'gateway',
   'keys',
   'mcp',
@@ -31,7 +35,22 @@ const SETTINGS_VIEWS: readonly SettingsViewId[] = [
 ]
 
 export function SettingsView({ gateway, onClose, onConfigSaved, onMainModelChanged }: SettingsPageProps) {
+  const { t } = useI18n()
   const [activeView, setActiveView] = useRouteEnumParam('tab', SETTINGS_VIEWS, 'config:model' as SettingsViewId)
+  // Providers subnav (Accounts vs API keys) lives in its own param so each
+  // sub-view is deep-linkable and survives a refresh.
+  const [providerView, setProviderView] = useRouteEnumParam<ProviderView>('pview', PROVIDER_VIEWS, 'accounts')
+  const [keysView, setKeysView] = useRouteEnumParam<KeysView>('kview', KEYS_VIEWS, 'tools')
+
+  const openProviderView = (view: ProviderView) => {
+    setActiveView('providers')
+    setProviderView(view)
+  }
+
+  const openKeysView = (view: KeysView) => {
+    setActiveView('keys')
+    setKeysView(view)
+  }
 
   const importInputRef = useRef<HTMLInputElement | null>(null)
 
@@ -47,12 +66,12 @@ export function SettingsView({ gateway, onClose, onConfigSaved, onMainModelChang
       URL.revokeObjectURL(url)
       triggerHaptic('success')
     } catch (err) {
-      notifyError(err, 'Export failed')
+      notifyError(err, t.settings.exportFailed)
     }
   }
 
   const resetConfig = async () => {
-    if (!window.confirm('Reset all settings to Hermes defaults?')) {
+    if (!window.confirm(t.settings.resetConfirm)) {
       return
     }
 
@@ -61,12 +80,12 @@ export function SettingsView({ gateway, onClose, onConfigSaved, onMainModelChang
       triggerHaptic('success')
       onConfigSaved?.()
     } catch (err) {
-      notifyError(err, 'Reset failed')
+      notifyError(err, t.settings.resetFailed)
     }
   }
 
   return (
-    <OverlayView closeLabel="Close settings" onClose={onClose}>
+    <OverlayView closeLabel={t.settings.closeSettings} onClose={onClose}>
       <OverlaySplitLayout>
         <OverlaySidebar>
           {SECTIONS.map(s => {
@@ -77,66 +96,112 @@ export function SettingsView({ gateway, onClose, onConfigSaved, onMainModelChang
                 active={activeView === view}
                 icon={s.icon}
                 key={s.id}
-                label={s.label}
+                label={t.settings.sections[s.id] ?? s.label}
                 onClick={() => setActiveView(view)}
               />
             )
           })}
           <div className="my-2 h-px bg-border/30" />
+          <OverlayNavItem
+            active={activeView === 'providers'}
+            icon={Zap}
+            label="Providers"
+            onClick={() => setActiveView('providers')}
+          />
+          {activeView === 'providers' && (
+            <div className="ml-3.5 flex flex-col gap-0.5 pl-1.5">
+              <OverlayNavItem
+                active={providerView === 'accounts'}
+                icon={Sparkles}
+                label="Accounts"
+                nested
+                onClick={() => openProviderView('accounts')}
+              />
+              <OverlayNavItem
+                active={providerView === 'keys'}
+                icon={KeyRound}
+                label="API keys"
+                nested
+                onClick={() => openProviderView('keys')}
+              />
+            </div>
+          )}
           <OverlayNavItem
             active={activeView === 'gateway'}
             icon={Globe}
-            label="Gateway"
+            label={t.settings.nav.gateway}
             onClick={() => setActiveView('gateway')}
           />
           <OverlayNavItem
             active={activeView === 'keys'}
             icon={KeyRound}
-            label="API Keys"
+            label={t.settings.nav.apiKeys}
             onClick={() => setActiveView('keys')}
           />
+          {activeView === 'keys' && (
+            <div className="ml-3.5 flex flex-col gap-0.5 pl-1.5">
+              <OverlayNavItem
+                active={keysView === 'tools'}
+                icon={Wrench}
+                label="Tools"
+                nested
+                onClick={() => openKeysView('tools')}
+              />
+              <OverlayNavItem
+                active={keysView === 'settings'}
+                icon={Settings2}
+                label="Settings"
+                nested
+                onClick={() => openKeysView('settings')}
+              />
+            </div>
+          )}
           <OverlayNavItem
             active={activeView === 'mcp'}
             icon={Wrench}
-            label="MCP"
+            label={t.settings.nav.mcp}
             onClick={() => setActiveView('mcp')}
           />
           <OverlayNavItem
             active={activeView === 'sessions'}
             icon={Archive}
-            label="Archived Chats"
+            label={t.settings.nav.archivedChats}
             onClick={() => setActiveView('sessions')}
           />
           <div className="my-2 h-px bg-border/30" />
           <OverlayNavItem
             active={activeView === 'about'}
             icon={Info}
-            label="About"
+            label={t.settings.nav.about}
             onClick={() => setActiveView('about')}
           />
           <div className="mt-auto flex items-center gap-1 pt-2">
-            <OverlayIconButton onClick={() => void exportConfig()} title="Export config">
-              <IconDownload className="size-3.5" />
-            </OverlayIconButton>
-            <OverlayIconButton
-              onClick={() => {
-                triggerHaptic('open')
-                importInputRef.current?.click()
-              }}
-              title="Import config"
-            >
-              <IconUpload className="size-3.5" />
-            </OverlayIconButton>
-            <OverlayIconButton
-              className="hover:text-destructive"
-              onClick={() => {
-                triggerHaptic('warning')
-                void resetConfig()
-              }}
-              title="Reset to defaults"
-            >
-              <IconRefresh className="size-3.5" />
-            </OverlayIconButton>
+            <Tip label={t.settings.exportConfig}>
+              <OverlayIconButton onClick={() => void exportConfig()}>
+                <IconDownload className="size-3.5" />
+              </OverlayIconButton>
+            </Tip>
+            <Tip label={t.settings.importConfig}>
+              <OverlayIconButton
+                onClick={() => {
+                  triggerHaptic('open')
+                  importInputRef.current?.click()
+                }}
+              >
+                <IconUpload className="size-3.5" />
+              </OverlayIconButton>
+            </Tip>
+            <Tip label={t.settings.resetToDefaults}>
+              <OverlayIconButton
+                className="hover:text-destructive"
+                onClick={() => {
+                  triggerHaptic('warning')
+                  void resetConfig()
+                }}
+              >
+                <IconRefresh className="size-3.5" />
+              </OverlayIconButton>
+            </Tip>
           </div>
         </OverlaySidebar>
 
@@ -154,8 +219,10 @@ export function SettingsView({ gateway, onClose, onConfigSaved, onMainModelChang
               onConfigSaved={onConfigSaved}
               onMainModelChanged={onMainModelChanged}
             />
+          ) : activeView === 'providers' ? (
+            <ProvidersSettings onViewChange={setProviderView} view={providerView} />
           ) : activeView === 'keys' ? (
-            <KeysSettings />
+            <KeysSettings view={keysView} />
           ) : activeView === 'mcp' ? (
             <McpSettings gateway={gateway} onConfigSaved={onConfigSaved} />
           ) : (