diff --git a/.claude/skills/code-review/SKILL.md b/.claude/skills/code-review/SKILL.md
deleted file mode 100644
index 3aa49c32..00000000
--- a/.claude/skills/code-review/SKILL.md
+++ /dev/null
@@ -1,165 +0,0 @@
----
-name: code-review
-description: Run a multi-perspective code review on recent changes using specialized reviewer personas. Each reviewer focuses on their domain — security, ops, cross-platform, API design, frontend, and performance. Produces a dated review report.
-argument-hint: "[file, directory, or git range]"
----
-
-# Code Review — Multi-Perspective Audit
-
-Review code from the perspective of 6 specialized reviewers, each with their own focus area. Produces a structured report in `.reviews/`.
-
-## Scope
-
-Determine what to review based on the argument:
-
-- **No argument**: Review all uncommitted changes (`git diff` + `git diff --cached`)
-- **A file or directory path**: Review that specific path
-- **A git range** (e.g., `main..HEAD`, `HEAD~3`): Review that commit range
-- **`last`**: Review the last commit (`HEAD~1..HEAD`)
-
-## The Reviewers
-
-### Mara — Security
-
-Focuses on authentication, authorization, and injection vectors.
-
-- JWT handling: token validation, expiry, refresh flows
-- SQL injection: raw queries, unparameterized input
-- XSS: unsanitized user input rendered in responses or frontend
-- CORS misconfigurations
-- Path traversal in file operations (`../` in user-supplied paths)
-- Secrets in code (API keys, passwords, hardcoded tokens)
-- Missing `@jwt_required()` on API routes that need auth
-- CSRF protection gaps
-
-### Raj — Ops & Infrastructure
-
-Focuses on subprocess calls, privilege escalation, and system operations.
-
-- Missing `sudo` on privileged commands (systemctl, firewall-cmd, ufw, certbot, nginx)
-- Raw `subprocess.run()` that should use `run_privileged()`, `ServiceControl`, or `PackageManager`
-- Missing error handling on subprocess calls (unchecked `returncode`, no try/except)
-- Hardcoded paths that assume specific filesystem layout
-- Logging gaps: operations that modify system state without logging what they did
-- Service restart ordering issues
-
-### Sol — Cross-Platform & Containers
-
-Focuses on portability across distros and container environments.
-
-- Distro-specific commands (`dpkg`, `apt`, `rpm`, `dnf`) without `FileNotFoundError` handling
-- Unguarded `/proc/` and `/sys/` reads that fail in LXC/containers
-- `psutil` calls that return `None` in containers (`disk_io_counters`, `sensors_temperatures`) used without null checks
-- Docker socket assumptions without availability checks
-- Firewall commands that need `CAP_NET_ADMIN` (dropped in unprivileged LXC)
-- Hardcoded `/dev/` device paths
-- Assumptions about init system (systemd vs others)
-- Package manager detection that only checks one family
-
-### Kai — API Design
-
-Focuses on REST conventions, error handling, and request/response patterns.
-
-- Inconsistent error response format (should always be `{'error': 'message'}, status_code`)
-- Missing input validation on request body fields
-- Wrong HTTP status codes (e.g., 200 on error, 404 when it should be 403)
-- Missing pagination on list endpoints
-- Endpoints that return too much data (no field filtering)
-- Inconsistent URL naming (`/api/v1/` prefix, plural nouns)
-- Missing rate limiting on sensitive endpoints (login, password reset)
-- N+1 query patterns in endpoints that return lists
-
-### Lena — Frontend
-
-Focuses on React patterns, UX quality, and style consistency.
-
-- Class components or non-hook patterns (should be functional + hooks only)
-- Inline styles (should use LESS with design system variables)
-- Missing loading states or error handling on data fetches
-- Accessibility gaps: missing alt text, aria labels, keyboard navigation
-- Hardcoded strings that should come from the API or config
-- Memory leaks: missing cleanup in `useEffect`
-- Props drilling beyond 3 levels (should use Context)
-- Missing key props in lists
-- Console.log left in production code
-
-### Omar — Performance
-
-Focuses on efficiency, caching, and resource usage.
-
-- Synchronous blocking calls that should be async (especially subprocess calls in request handlers)
-- Missing database indexes on frequently queried columns
-- Unbounded queries: `SELECT *` without `LIMIT` or pagination
-- Repeated identical subprocess calls that could be cached
-- Large file reads loaded entirely into memory
-- Frontend: unnecessary re-renders, missing `useMemo`/`useCallback` where expensive
-- Missing `timeout` on subprocess calls or external HTTP requests
-- Socket.IO events that broadcast too frequently
-
-## How to Review
-
-1. Determine the scope from `$ARGUMENTS` and read all relevant code
-2. For each reviewer, analyze the code **only through their lens** — don't overlap
-3. Rate each finding:
-   - **Fix** — Bug, vulnerability, or will break in production. Must address.
-   - **Improve** — Works but suboptimal. Should address.
-   - **Note** — Observation or suggestion. Nice to know, no action needed.
-4. Collect all findings
-
-## Report
-
-Create the `.reviews/` directory if it doesn't exist. Write to `.reviews/YYYY-MM-DD-review.md` (use today's date). If a file for today exists, append a counter: `YYYY-MM-DD-2-review.md`.
-
-```markdown
-# Code Review — YYYY-MM-DD
-
-**Scope:** <what was reviewed>
-**Files reviewed:** N
-
-## Summary
-
-| Reviewer | Focus | Fix | Improve | Note |
-|----------|-------|-----|---------|------|
-| Mara     | Security | N | N | N |
-| Raj      | Ops | N | N | N |
-| Sol      | Cross-Platform | N | N | N |
-| Kai      | API Design | N | N | N |
-| Lena     | Frontend | N | N | N |
-| Omar     | Performance | N | N | N |
-| **Total** | | **N** | **N** | **N** |
-
-## Findings
-
-### Mara — Security
-
-#### [Fix] Short description
-`file_path:line_number`
-Explanation of the issue and why it matters.
-**Suggested fix:** What to change.
-
-#### [Improve] Short description
-...
-
-### Raj — Ops & Infrastructure
-...
-
-### Sol — Cross-Platform & Containers
-...
-
-### Kai — API Design
-...
-
-### Lena — Frontend
-...
-
-### Omar — Performance
-...
-
-## Verdict
-
-**PASS** — No Fix-severity findings. Ship it.
-or
-**NEEDS WORK** — N Fix-severity findings must be addressed before merging.
-```
-
-After writing the report, print the summary table and verdict to the user. If there are Fix-severity findings, ask if they want you to address them now.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
new file mode 100644
index 00000000..469ce162
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,58 @@
+name: 🐛 Bug Report
+description: Report a bug to help us improve ServerKit
+labels: ["bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+  - type: textarea
+    id: description
+    attributes:
+      label: Describe the bug
+      description: A clear and concise description of what the bug is.
+      placeholder: Bug description
+    validations:
+      required: true
+  - type: textarea
+    id: reproduction
+    attributes:
+      label: Steps to reproduce
+      description: How can we reproduce this issue?
+      placeholder: |
+        1. Go to '...'
+        2. Click on '....'
+        3. Scroll down to '....'
+        4. See error
+    validations:
+      required: true
+  - type: textarea
+    id: expected-behavior
+    attributes:
+      label: Expected behavior
+      description: A clear and concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: input
+    id: environment
+    attributes:
+      label: Environment
+      description: OS version, browser, ServerKit version, etc.
+      placeholder: e.g. Ubuntu 22.04, Chrome 120, ServerKit v0.8.0
+    validations:
+      required: true
+  - type: textarea
+    id: logs
+    attributes:
+      label: Logs
+      description: Please provide any relevant logs from the backend or browser console.
+      render: shell
+  - type: checkboxes
+    id: checks
+    attributes:
+      label: Checks
+      options:
+        - label: I have searched the [existing issues](https://github.com/jhd3197/ServerKit/issues).
+          required: true
+        - label: I am using the latest version of ServerKit.
+          required: true
diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml
new file mode 100644
index 00000000..730cf24a
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -0,0 +1,28 @@
+name: 🚀 Feature Request
+description: Suggest an idea for ServerKit
+labels: ["enhancement"]
+body:
+  - type: textarea
+    id: feature-description
+    attributes:
+      label: Is your feature request related to a problem?
+      description: A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+    validations:
+      required: true
+  - type: textarea
+    id: solution
+    attributes:
+      label: Describe the solution you'd like
+      description: A clear and concise description of what you want to happen.
+    validations:
+      required: true
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Describe alternatives you've considered
+      description: A clear and concise description of any alternative solutions or features you've considered.
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional context
+      description: Add any other context or screenshots about the feature request here.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 00000000..e800fa5d
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,24 @@
+## Description
+<!-- Provide a brief summary of the changes and the motivation behind them. -->
+
+## Related Issues
+<!-- Link any related issues using keywords like Fixes #123 or Closes #456. -->
+
+## Type of Change
+- [ ] 🐛 Bug fix (non-breaking change which fixes an issue)
+- [ ] 🚀 New feature (non-breaking change which adds functionality)
+- [ ] ⚠️ Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] 📝 Documentation update
+- [ ] 🎨 UI/UX improvement
+
+## How Has This Been Tested?
+<!-- Describe the tests that you ran to verify your changes. -->
+
+## Checklist
+- [ ] My code follows the style guidelines of this project
+- [ ] I have performed a self-review of my own code
+- [ ] I have commented my code, particularly in hard-to-understand areas
+- [ ] I have made corresponding changes to the documentation
+- [ ] My changes generate no new warnings
+- [ ] I have added tests that prove my fix is effective or that my feature works
+- [ ] New and existing unit tests pass locally with my changes
diff --git a/.gitignore b/.gitignore
index 26e52b30..29f74047 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,63 +1,98 @@
-# Dependencies
+# --- ServerKit Consolidated .gitignore ---
+
+# Node / Frontend
 /frontend/node_modules/
+/frontend/dist/
+/frontend/npm-debug.log*
+/frontend/yarn-debug.log*
+/frontend/yarn-error.log*
+/frontend/.eslintcache
+/frontend/.stylelintcache
+/frontend/coverage/
+/frontend/.next/
+/frontend/out/
+/frontend/build/
+
+# Python / Backend
 /backend/venv/
+/backend/instance/
 /backend/__pycache__/
-**/__pycache__/
-*.pyc
+/backend/.pytest_cache/
+/backend/.coverage
+/backend/htmlcov/
+/backend/.mypy_cache/
+/backend/.tox/
+/backend/*.pyc
+/backend/*.pyo
+/backend/*.pyd
+/backend/.env
+/backend/.venv
+/backend/pip-log.txt
+/backend/pip-delete-this-directory.txt
+/backend/dev-data/
+/venv/
 
-# Build outputs
-/frontend/dist/
-/agent/dist/
+# Go / Agent
 /agent/serverkit-agent
 /agent/serverkit-agent.exe
-*.exe
-*.msi
-*.deb
-*.rpm
-
-# IDE and editors
-.idea/
-.vscode/
-*.swp
-*.swo
-*~
+/agent/dist/
+/agent/vendor/
+/agent/*.test
+/agent/*.out
+/agent/bin/
 
-# Environment and secrets
+# Environment / Secrets
 .env
 .env.local
-.env.*.local
+.env.development.local
+.env.test.local
+.env.production.local
 *.key
 *.pem
 *.crt
 *.csr
+/backend/.env
+/frontend/.env.local
 
-# OS files
+# Docker
+.docker-compose.untracked.yml
+docker-compose.override.yml
+
+# OS / IDE
 .DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
 Thumbs.db
-nul
-
-# Temporary files
-*.tmp
-*.temp
-*.log
-coverage.out
-coverage.html
+.idea/
+.vscode/
+*.swp
+*.swo
+*~
+*.sublime-project
+*.sublime-workspace
 
-# Project specific
+# Project Specific
 .planning_old/
 .mcp.json
 new_templates/
 /.marketing/
-
-# Test artifacts
-*.test
-*.out
-/template-icons
-
-# Dev data directory (local development path overrides)
-backend/dev-data/
-/.vscode
-/.vscode1
-/.pr
-/.reviews
+/template-icons/
+/.pr/
+/.reviews/
 /.claude/settings.local.json
+/serverkit.db
+/backend/instance/serverkit.db
+
+# Logs & Temp
+*.log
+*.tmp
+*.temp
+/logs/
+/tmp/
+nul
+SECURITY_AUDIT.md
+APP_IMPROVEMENTS.md
+*.png
diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
new file mode 100644
index 00000000..9e7d57a6
--- /dev/null
+++ b/CONTRIBUTORS.md
@@ -0,0 +1,14 @@
+# Contributors
+
+Thanks to everyone who has contributed to ServerKit!
+
+## Core
+
+- **Juan Denis** ([@jhd3197](https://github.com/jhd3197)) — Creator and maintainer
+
+## Contributors
+
+| Who | Contribution | PR |
+|-----|-------------|-----|
+| **Rapeepan Moonthai** ([@rapeeza1598](https://github.com/rapeeza1598)) | Fedora support for install script (DNF + SELinux) | [#31](https://github.com/jhd3197/ServerKit/pull/31) |
+| **Piya Miang-Lae** ([@Piya-Boy](https://github.com/Piya-Boy)) | Backups storage provider | [#26](https://github.com/jhd3197/ServerKit/pull/26) |
diff --git a/README.md b/README.md
index 6aec4e53..b58842ae 100644
--- a/README.md
+++ b/README.md
@@ -50,20 +50,26 @@ English | [Español](docs/README.es.md) | [中文版](docs/README.zh-CN.md) | [P
 
 **Node.js** — PM2-managed applications with log streaming
 
-**Docker** — Full container and Docker Compose management
+**Workflow Builder** — Node-based visual automation for server tasks, deployments, and CI/CD
 
-**Environment Variables** — Secure, encrypted per-app variable management
+**Environment Pipeline** — Multi-environment management for WordPress (Prod/Staging/Dev) with code/DB promotion
 
-**Git Deployment** — GitHub/GitLab webhooks, auto-deploy on push, branch selection, rollback, zero-downtime deployments
+**Docker** — Full container and Docker Compose management with real-time log streaming and terminal access
+
+**Marketplace** — Over 60+ one-click templates for popular apps (Immich, Ghost, Authelia, etc.)
 
 ### 🏗️ Infrastructure
 
 **Domain Management** — Nginx virtual hosts with easy configuration
 
+**DNS Zone Management** — Full DNS record management with propagation checking (A, AAAA, CNAME, MX, TXT, etc.)
+
 **SSL Certificates** — Automatic Let's Encrypt with auto-renewal
 
 **Databases** — MySQL/MariaDB and PostgreSQL with user management and query interface
 
+**Cloud Provisioning** — Provision servers on DigitalOcean, Hetzner, Vultr, and Linode with cost tracking
+
 **Firewall** — UFW/firewalld with visual rule management and port presets
 
 **Cron Jobs** — Schedule tasks with a visual editor
@@ -94,7 +100,13 @@ English | [Español](docs/README.es.md) | [中文版](docs/README.zh-CN.md) | [P
 
 **Agent-Based Architecture** — Go agent with HMAC-SHA256 authentication and real-time WebSocket gateway
 
-**Fleet Overview** — Centralized dashboard with server grouping, tagging, and health monitoring
+**Fleet Management** — Agent lifecycle control with version rollouts, approval queue, network discovery, and command queue
+
+**Fleet Monitor** — Cross-server heatmaps, metric comparison charts, alert thresholds, anomaly detection, and capacity forecasting
+
+**Agent Plugins** — Extensible plugin system with capabilities, permissions, and per-server installation
+
+**Server Templates** — Configuration templates with compliance tracking, drift detection, and auto-remediation
 
 **Remote Docker** — Manage containers, images, volumes, networks, and Compose projects across all servers
 
@@ -108,6 +120,8 @@ English | [Español](docs/README.es.md) | [中文版](docs/README.zh-CN.md) | [P
 
 **Uptime Tracking** — Historical server uptime data and visualization
 
+**Status Pages** — Public status pages with HTTP/TCP/DNS/Ping health checks, component monitoring, and incident management
+
 **Notifications** — Discord, Slack, Telegram, email (HTML templates), and generic webhooks
 
 **Per-User Preferences** — Individual notification channels, severity filters, and quiet hours
@@ -116,6 +130,8 @@ English | [Español](docs/README.es.md) | [中文版](docs/README.zh-CN.md) | [P
 
 **Multi-User** — Admin, developer, and viewer roles with team invitations
 
+**Workspaces** — Multi-tenant workspace isolation with quotas and member management
+
 **RBAC** — Granular per-feature permissions (read/write per module)
 
 **SSO & OAuth** — Google, GitHub, OpenID Connect, and SAML 2.0 with account linking
@@ -126,6 +142,18 @@ English | [Español](docs/README.es.md) | [中文版](docs/README.zh-CN.md) | [P
 
 **Webhook Subscriptions** — Event-driven webhooks with HMAC signatures, retry logic, and custom headers
 
+### 🎨 Customization
+
+**Sidebar Presets** — Switch between Full, Web Hosting, Email Admin, DevOps, and Minimal views with one click
+
+**Collapsible Navigation** — Sidebar groups auto-expand on navigation and collapse when switching sections
+
+**Accent Colors** — 8 preset accent colors plus custom hex picker
+
+**Custom Branding** — White-label the sidebar with your own logo, brand name, or full-width banner
+
+**Dashboard Widgets** — Toggle and reorder dashboard widgets to fit your workflow
+
 ---
 
 ## 🚀 Quick Start
@@ -260,13 +288,15 @@ See the [Installation Guide](docs/INSTALLATION.md) for step-by-step instructions
 - [x] API enhancements — API keys, rate limiting, OpenAPI docs, webhook subscriptions
 - [x] SSO & OAuth — Google, GitHub, OIDC, SAML
 - [x] Database migrations — Flask-Migrate/Alembic, versioned schema
-- [ ] Agent fleet management — Auto-upgrade, bulk ops, offline command queue
-- [ ] Cross-server monitoring — Fleet dashboard, anomaly detection, alerting
-- [ ] Agent plugin system — Extensible agent with custom metrics, commands, health checks
-- [ ] Server templates & config sync — Drift detection, compliance dashboards
-- [ ] Multi-tenancy — Workspaces, team isolation, per-workspace settings
-- [ ] DNS zone management — Cloudflare, Route53, DigitalOcean integrations
-- [ ] Status pages — Public status page, health checks, incident management
+- [x] Agent fleet management — Version rollouts, approval queue, discovery, command queue
+- [x] Cross-server monitoring — Fleet heatmaps, comparison charts, anomaly detection, capacity forecasting
+- [x] Agent plugin system — Extensible agent with capabilities, permissions, per-server install
+- [x] Server templates & config sync — Drift detection, compliance dashboards, auto-remediation
+- [x] Multi-tenancy — Workspaces with quotas, member management, isolation
+- [x] DNS zone management — Full record management with propagation checking
+- [x] Status pages — Public status pages with health checks, incident management
+- [x] Cloud provisioning — DigitalOcean, Hetzner, Vultr, Linode with cost tracking
+- [x] Customizable sidebar — Collapsible groups, view presets, accent colors, white-label branding
 
 Full details: [ROADMAP.md](ROADMAP.md)
 
@@ -290,7 +320,7 @@ Full details: [ROADMAP.md](ROADMAP.md)
 | Layer | Technology |
 |-------|------------|
 | Backend | Python 3.11, Flask, SQLAlchemy, Flask-SocketIO, Flask-Migrate |
-| Frontend | React 18, Vite, LESS, Recharts |
+| Frontend | React 18, Vite, SCSS, Recharts |
 | Database | SQLite / PostgreSQL |
 | Web Server | Nginx, Gunicorn (GeventWebSocket) |
 | Containers | Docker, Docker Compose |
@@ -309,7 +339,7 @@ Contributions are welcome! Please read [CONTRIBUTING.md](CONTRIBUTING.md) first.
 fork → feature branch → commit → push → pull request
 ```
 
-**Priority areas:** Agent plugin system, fleet management, DNS integrations, status pages, UI/UX improvements, documentation.
+**Priority areas:** Cloud provider integrations, marketplace extensions, UI/UX improvements, documentation, test coverage.
 
 ---
 
diff --git a/ROADMAP.md b/ROADMAP.md
index 0d3c7e9c..8983bf31 100644
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -1,612 +1,621 @@
-# ServerKit Roadmap
-
-This document outlines the development roadmap for ServerKit. Features are organized by phases and priority.
-
----
-
-## Current Version: v1.5.0 (In Development)
-
-### Recently Completed (v1.4.0)
-
-- **Team & Permissions** - RBAC with admin/developer/viewer roles, invitations, audit logging
-- **API Enhancements** - API keys, rate limiting, webhook subscriptions, OpenAPI docs, analytics
-- **SSO & OAuth Login** - Google, GitHub, OIDC, SAML with account linking
-- **Database Migrations** - Flask-Migrate/Alembic with versioned schema migrations
-- **Email Server Management** - Postfix, Dovecot, DKIM, SpamAssassin, Roundcube
-
----
-
-## Phase 1: Core Infrastructure (Completed)
-
-- [x] Flask backend with SQLAlchemy ORM
-- [x] React frontend with Vite
-- [x] JWT-based authentication
-- [x] Real-time WebSocket updates
-- [x] System metrics (CPU, RAM, disk, network)
-- [x] Docker and Docker Compose support
-- [x] SQLite/PostgreSQL database support
-
----
-
-## Phase 2: Application Management (Completed)
-
-- [x] PHP/WordPress application deployment
-- [x] Python (Flask/Django) application support
-- [x] Node.js application management with PM2
-- [x] Docker container management
-- [x] Environment variable management
-- [x] Application start/stop/restart controls
-- [x] Log viewing per application
-
----
-
-## Phase 3: Domain & SSL Management (Completed)
-
-- [x] Nginx virtual host management
-- [x] Domain configuration interface
-- [x] Let's Encrypt SSL integration
-- [x] SSL certificate auto-renewal
-- [x] Redirect management (HTTP → HTTPS)
-
----
-
-## Phase 4: Database Management (Completed)
-
-- [x] MySQL/MariaDB database support
-- [x] PostgreSQL database support
-- [x] Database creation/deletion
-- [x] User management per database
-- [x] Basic query interface
-
----
-
-## Phase 5: File & FTP Management (Completed)
-
-- [x] Web-based file manager
-- [x] File upload/download
-- [x] File editing with syntax highlighting
-- [x] vsftpd FTP server integration
-- [x] FTP user management
-
----
-
-## Phase 6: Monitoring & Alerts (Completed)
-
-- [x] Real-time system metrics
-- [x] Server uptime tracking
-- [x] Customizable alert thresholds
-- [x] Discord webhook notifications
-- [x] Slack webhook notifications
-- [x] Telegram bot notifications
-- [x] Generic webhook support
-- [x] Alert history and logging
-
----
-
-## Phase 7: Security Features (Completed)
-
-- [x] Two-factor authentication (TOTP)
-- [x] Backup codes for 2FA recovery
-- [x] ClamAV malware scanning
-- [x] Quick scan / Full scan options
-- [x] File quarantine management
-- [x] File integrity monitoring
-- [x] Failed login detection
-- [x] Security event logging
-
----
-
-## Phase 8: Scheduled Tasks (Completed)
-
-- [x] Cron job management
-- [x] Visual cron expression builder
-- [x] Job execution history
-- [x] Enable/disable jobs
-
----
-
-## Phase 9: Firewall Management (Completed - Merged into Security)
-
-- [x] UFW firewall integration
-- [x] Visual rule management
-- [x] Common port presets
-- [x] Rule enable/disable
-- [x] Consolidated into Security page for unified security management
-
----
-
-## Phase 10: Multi-Server Management (Completed)
-
-**Priority: High**
-
-- [x] Agent-based remote server monitoring (Go agent)
-- [x] Centralized dashboard for multiple servers
-- [x] Server grouping and tagging
-- [x] Cross-server metrics comparison
-- [x] Remote Docker management via agents
-- [x] Server health overview
-- [x] Agent WebSocket gateway
-- [x] HMAC-SHA256 authentication
-- [x] GitHub Actions for agent releases (Linux/Windows)
-- [x] Installation scripts endpoint
-- [x] Agent auto-update mechanism
-- [x] Agent download page in UI
-- [x] Container logs streaming for remote servers
-
----
-
-## Phase 11: Git Deployment (Completed)
-
-**Priority: High**
-
-- [x] GitHub/GitLab webhook integration
-- [x] Automatic deployment on push
-- [x] Branch selection for deployment
-- [x] Rollback to previous deployments
-- [x] Deployment history and logs
-- [x] Pre/post deployment scripts
-- [x] Zero-downtime deployments
-
----
-
-## Phase 12: Backup & Restore (Completed)
-
-**Priority: High**
-
-- [x] Automated database backups
-- [x] File/directory backups
-- [x] S3-compatible storage support
-- [x] Backblaze B2 integration
-- [x] Backup scheduling
-- [x] One-click restore
-- [x] Backup retention policies
-- [x] Offsite backup verification
-
----
-
-## Phase 13: Email Server Management (Completed)
-
-**Priority: Medium**
-
-- [x] Postfix mail server setup
-- [x] Dovecot IMAP/POP3 configuration
-- [x] Email account management
-- [x] Spam filtering (SpamAssassin)
-- [x] DKIM/SPF/DMARC configuration
-- [x] Webmail interface integration
-- [x] Email forwarding rules
-
----
-
-## Phase 14: Team & Permissions (Completed)
-
-**Priority: Medium**
-
-- [x] Multi-user support
-- [x] Role-based access control (RBAC)
-- [x] Custom permission sets
-- [x] Audit logging per user
-- [x] Team invitations
-- [x] Activity dashboard
-
----
-
-## Phase 15: API Enhancements (Completed)
-
-**Priority: Medium**
-
-- [x] API key management
-- [x] Rate limiting
-- [x] Webhook event subscriptions
-- [x] OpenAPI/Swagger documentation
-- [x] API usage analytics
-
----
-
-## Phase 16: Advanced Security (Completed)
-
-**Priority: High**
-
-- [x] Unified Security page with all security features
-- [x] Firewall tab with UFW/firewalld management
-- [x] Fail2ban integration
-- [x] SSH key management
-- [x] IP allowlist/blocklist
-- [x] Brute force protection
-- [x] Security audit reports
-- [x] Vulnerability scanning (Lynis)
-- [x] Automatic security updates (unattended-upgrades/dnf-automatic)
-
----
-
-## Phase 17: SSO & OAuth Login (Completed)
-
-**Priority: High**
-
-- [x] Google OAuth 2.0 login
-- [x] GitHub OAuth login
-- [x] Generic OpenID Connect (OIDC) provider support
-- [x] SAML 2.0 support for enterprise environments
-- [x] Social login UI (provider buttons on login page)
-- [x] Account linking (connect OAuth identity to existing local account)
-- [x] Auto-provisioning of new users on first SSO login
-- [x] Configurable SSO settings (enable/disable providers, client ID/secret management)
-- [x] Enforce SSO-only login (disable password auth for team members)
-- [x] SSO session management and token refresh
-
----
-
-## Phase 18: Database Migrations & Schema Versioning (Completed)
-
-**Priority: High**
-
-### Backend — Migration Engine
-- [x] Integrate Flask-Migrate (Alembic) for versioned schema migrations
-- [x] Generate initial migration from current model state as baseline
-- [x] Replace `_auto_migrate_columns()` hack with proper Alembic migrations
-- [x] Store schema version in a `schema_version` table (current version, history)
-- [x] API endpoints for migration status, apply, and rollback
-- [x] Auto-detect pending migrations on login and flag the session
-- [x] Pre-migration automatic DB backup before applying changes
-- [x] Migration scripts for all existing model changes (retroactive baseline)
-
-### CLI Fallback
-- [x] CLI commands for headless/SSH scenarios (`flask db upgrade`, `flask db status`)
-- [x] CLI rollback support (`flask db downgrade`)
-
----
-
-# Upcoming Development
-
-The phases below are ordered by priority. Higher phases ship first.
-
----
-
-## Phase 19: New UI & Services Page (Planned)
-
-**Priority: Critical**
-
-Merge the `new-ui` branch — adds a full Services page with service detail views, metrics, logs, shell, settings, git connect, and package management.
-
-- [ ] Merge `new-ui` branch into main development line
-- [ ] Services list page with status indicators and quick actions
-- [ ] Service detail page with tabbed interface (Metrics, Logs, Shell, Settings, Commands, Events, Packages)
-- [ ] Git connect modal for linking services to repositories
-- [ ] Gunicorn management tab for Python services
-- [ ] Service type detection and type-specific UI (Node, Python, PHP, Docker, etc.)
-- [ ] Resolve any conflicts with features added since branch diverged
-
----
-
-## Phase 20: Customizable Sidebar & Dashboard Views (Planned)
-
-**Priority: High**
-
-Let users personalize what they see. Not everyone runs email servers or manages Docker — the sidebar should adapt to each user's needs.
-
-- [ ] Sidebar configuration page in Settings
-- [ ] Preset view profiles: **Full** (default, all modules), **Web Hosting** (apps, domains, SSL, databases, files), **Email Admin** (email, DNS, security), **Docker/DevOps** (containers, deployments, git, monitoring), **Minimal** (apps, monitoring, backups only)
-- [ ] Custom view builder — toggle individual sidebar items on/off
-- [ ] Per-user preference storage (saved to user profile, synced across sessions)
-- [ ] Sidebar sections collapse/expand with memory
-- [ ] Quick-switch between saved view profiles
-- [ ] Admin can set default view for new users
-- [ ] Hide empty/unconfigured modules automatically (e.g., hide Email if no email domains exist)
-
----
-
-## Phase 21: Migration Wizard Frontend UI (Planned)
-
-**Priority: High**
-
-The backend migration engine is complete — this adds the visual upgrade experience (Matomo-style).
-
-- [ ] Full-screen modal/wizard that appears when pending migrations are detected
-- [ ] Step 1: "Update Available" — show current version vs new version, changelog summary
-- [ ] Step 2: "Backup" — auto-backup the database, show progress, confirm success
-- [ ] Step 3: "Apply Migrations" — run migrations with real-time progress/log output
-- [ ] Step 4: "Done" — success confirmation with summary of changes applied
-- [ ] Error handling: if a migration fails, show the error and offer rollback option
-- [ ] Block access to the panel until migrations are applied
-- [ ] Migration history page in Settings showing all past migrations and timestamps
-
----
-
-## Phase 22: Container Logs & Monitoring UI (Planned)
-
-**Priority: High**
-
-The container logs API is already built. This phase adds the frontend and extends monitoring to per-app metrics.
-
-- [ ] Log viewer component with terminal-style display and ANSI color support
-- [ ] Real-time log streaming via WebSocket with auto-scroll (pause on user scroll)
-- [ ] Log search with regex support and match highlighting
-- [ ] Filter by log level (INFO, WARN, ERROR, DEBUG) and time range
-- [ ] Export filtered logs to file
-- [ ] Per-container resource collection (CPU %, memory, network I/O via Docker stats API)
-- [ ] Per-app resource usage charts (Recharts) with time range selector (1h, 6h, 24h, 7d)
-- [ ] Per-app alert rules (metric, operator, threshold, duration)
-- [ ] Alert notifications via existing channels (email, Discord, Telegram) with cooldown
-
----
-
-## Phase 23: Agent Fleet Management (Planned)
-
-**Priority: High**
-
-Level up agent management from "connect and monitor" to full fleet control.
-
-- [ ] Agent version tracking and compatibility matrix (panel version ↔ agent version)
-- [ ] Push agent upgrades from the panel (single server or fleet-wide rollout)
-- [ ] Staged rollout support — upgrade agents in batches with health checks between waves
-- [ ] Agent health dashboard — connection uptime, heartbeat latency, command success rate per agent
-- [ ] Auto-discovery of new servers on the local network (mDNS/broadcast scan)
-- [ ] Agent registration approval workflow (admin must approve before agent joins fleet)
-- [ ] Bulk agent operations — restart, upgrade, rotate keys across selected servers
-- [ ] Agent changelog and release notes visible in UI
-- [ ] Offline agent command queue — persist commands and deliver when agent reconnects
-- [ ] Command retry with configurable backoff for failed/timed-out operations
-- [ ] Agent connection diagnostics — test connectivity, latency, firewall check from panel
-
----
-
-## Phase 24: Cross-Server Monitoring Dashboard (Planned)
-
-**Priority: High**
-
-Fleet-wide visibility — see everything at a glance and catch problems early.
-
-- [ ] Fleet overview dashboard — heatmap of all servers by CPU/memory/disk usage
-- [ ] Server comparison charts — overlay metrics from multiple servers on one graph
-- [ ] Per-server alert thresholds (CPU > 80% for 5 min → warning, > 95% → critical)
-- [ ] Anomaly detection — automatic baseline learning, alert on deviations
-- [ ] Custom metric dashboards — drag-and-drop widgets, save layouts per user
-- [ ] Metric correlation view — spot relationships between metrics across servers
-- [ ] Capacity forecasting — trend-based predictions (disk full in X days, memory growth rate)
-- [ ] Metrics export — Prometheus endpoint (`/metrics`), CSV download, JSON API
-- [ ] Grafana integration guide and pre-built dashboard templates
-- [ ] Fleet-wide search — find which server is running a specific container, service, or port
-
----
-
-## Phase 25: Agent Plugin System (Planned)
-
-**Priority: High**
-
-Make the agent extensible — let users add custom capabilities without modifying agent core. This is the foundation for future integrations (Android device farms, IoT fleets, custom hardware monitoring, etc.).
-
-### Plugin Architecture
-- [ ] Plugin specification — standard interface (init, healthcheck, metrics, commands)
-- [ ] Plugin manifest format (YAML/JSON) — name, version, dependencies, capabilities, permissions
-- [ ] Plugin lifecycle management — install, enable, disable, uninstall, upgrade
-- [ ] Plugin isolation — each plugin runs in its own process/sandbox with resource limits
-- [ ] Plugin communication — standardized IPC between plugin and agent core
-
-### Plugin Capabilities
-- [ ] Custom metrics reporters — plugins can push arbitrary metrics to the panel
-- [ ] Custom health checks — plugins define checks that feed into the status system
-- [ ] Custom commands — plugins register new command types the panel can invoke
-- [ ] Scheduled tasks — plugins can register periodic jobs (cron-like)
-- [ ] Event hooks — plugins can react to agent events (connect, disconnect, command, alert)
-
-### Panel Integration
-- [ ] Plugin management UI — install, configure, monitor plugins per server
-- [ ] Plugin marketplace / registry — browse and install community plugins
-- [ ] Plugin configuration editor — per-server plugin settings from the panel
-- [ ] Plugin logs and diagnostics — view plugin output and errors
-- [ ] Plugin metrics visualization — custom widgets for plugin-reported data
-
-### Developer Experience
-- [ ] Plugin SDK (Go module) — scaffolding, helpers, testing tools
-- [ ] Plugin template repository — quickstart for new plugin development
-- [ ] Local plugin development mode — hot-reload, debug logging
-- [ ] Plugin documentation and API reference
-
----
-
-## Phase 26: Server Templates & Config Sync (Planned)
-
-**Priority: Medium**
-
-Define what a server should look like, apply it, and detect when it drifts.
-
-- [ ] Server template builder — define expected state (packages, services, firewall rules, users, files)
-- [ ] Template library — save and reuse templates (e.g., "Web Server", "Database Server", "Mail Server")
-- [ ] Apply template to server — install packages, configure services, set firewall rules via agent
-- [ ] Config drift detection — periodic comparison of actual vs. expected state
-- [ ] Drift report UI — visual diff showing what changed and when
-- [ ] Auto-remediation option — automatically fix drift back to template (with approval toggle)
-- [ ] Template versioning — track changes to templates over time
-- [ ] Template inheritance — base template + role-specific overrides
-- [ ] Bulk apply — roll out template changes across server groups
-- [ ] Compliance dashboard — percentage of fleet in compliance per template
-
----
-
-## Phase 27: Multi-Tenancy & Workspaces (Planned)
-
-**Priority: Medium**
-
-Isolate servers by team, client, or project. Essential for agencies, MSPs, and larger teams.
-
-- [ ] Workspace model — isolated container for servers, users, and settings
-- [ ] Workspace CRUD — create, rename, archive workspaces
-- [ ] Server assignment — each server belongs to exactly one workspace
-- [ ] User workspace membership — users can belong to multiple workspaces with different roles
-- [ ] Workspace switching — quick-switch dropdown in the header
-- [ ] Per-workspace settings — notification preferences, default templates, branding
-- [ ] Workspace-scoped API keys — API keys restricted to a single workspace
-- [ ] Cross-workspace admin view — super-admin can see all workspaces and usage
-- [ ] Workspace usage quotas — limit servers, users, or API calls per workspace
-- [ ] Workspace billing integration — track resource usage per workspace for invoicing
-
----
-
-## Phase 28: Advanced SSL Features (Planned)
-
-**Priority: Medium**
-
-- [x] Certificate expiry monitoring
-- [ ] Wildcard SSL certificates via DNS-01 challenge
-- [ ] Multi-domain certificates (SAN)
-- [ ] Custom certificate upload (key + cert + chain)
-- [ ] Certificate expiry notifications (email/webhook alerts before expiration)
-- [ ] SSL configuration templates (modern, intermediate, legacy compatibility)
-- [ ] SSL health check dashboard (grade, cipher suites, protocol versions)
-
----
-
-## Phase 29: DNS Zone Management (Planned)
-
-**Priority: Medium**
-
-Full DNS record management with provider API integration.
-
-- [ ] DNS zone editor UI (A, AAAA, CNAME, MX, TXT, SRV, CAA records)
-- [ ] Cloudflare API integration (list/create/update/delete records)
-- [ ] Route53 API integration
-- [ ] DigitalOcean DNS integration
-- [ ] DNS propagation checker (query multiple nameservers)
-- [ ] Auto-generate recommended records for hosted services (SPF, DKIM, DMARC, MX)
-- [ ] DNS template presets (e.g., "standard web hosting", "email hosting")
-- [ ] Bulk record import/export (BIND zone file format)
-
----
-
-## Phase 30: Nginx Advanced Configuration (Planned)
-
-**Priority: Medium**
-
-Go beyond basic virtual hosts — full reverse proxy and performance configuration.
-
-- [ ] Visual reverse proxy rule builder (upstream servers, load balancing methods)
-- [ ] Load balancing configuration (round-robin, least connections, IP hash)
-- [ ] Caching rules editor (proxy cache zones, TTLs, cache bypass rules)
-- [ ] Rate limiting at proxy level (per-IP, per-route)
-- [ ] Custom location block editor with syntax validation
-- [ ] Header manipulation (add/remove/modify request/response headers)
-- [ ] Nginx config syntax check before applying changes
-- [ ] Config diff preview before saving
-- [ ] Access/error log viewer per virtual host
-
----
-
-## Phase 31: Status Page & Health Checks (Planned)
-
-**Priority: Medium**
-
-Public-facing status page and automated health monitoring.
-
-- [ ] Automated health checks (HTTP, TCP, DNS, SMTP) with configurable intervals
-- [ ] Public status page (standalone URL, no auth required)
-- [ ] Status page customization (logo, colors, custom domain)
-- [ ] Service grouping on status page (e.g., "Web Services", "Email", "APIs")
-- [ ] Incident management — create, update, resolve incidents with timeline
-- [ ] Uptime percentage display (24h, 7d, 30d, 90d)
-- [ ] Scheduled maintenance windows with advance notifications
-- [ ] Status page subscribers (email/webhook notifications on incidents)
-- [ ] Historical uptime graphs
-- [ ] Status badge embeds (SVG/PNG for README files)
-
----
-
-## Phase 32: Server Provisioning APIs (Planned)
-
-**Priority: Medium**
-
-Spin up and manage cloud servers directly from the panel.
-
-- [ ] DigitalOcean API integration (create/destroy/resize droplets)
-- [ ] Hetzner Cloud API integration
-- [ ] Vultr API integration
-- [ ] Linode/Akamai API integration
-- [ ] Server creation wizard (region, size, OS, SSH keys)
-- [ ] Auto-install ServerKit agent on provisioned servers
-- [ ] Server cost tracking and billing overview
-- [ ] Snapshot management (create/restore/delete)
-- [ ] One-click server cloning
-- [ ] Destroy server with confirmation safeguards
-
----
-
-## Phase 33: Performance Optimization (Planned)
-
-**Priority: Low**
-
-- [ ] Redis caching for frequently accessed data (metrics, server status)
-- [ ] Database query optimization and slow query logging
-- [ ] Background job queue (Celery or RQ) for long-running tasks
-- [ ] Lazy loading for large datasets (paginated API responses)
-- [ ] WebSocket connection pooling and reconnection improvements
-- [ ] Frontend bundle optimization and code splitting
-
----
-
-## Phase 34: Mobile App (Future)
-
-**Priority: Low — v3.0+**
-
-- [ ] React Native or PWA mobile application
-- [ ] Push notifications for alerts and incidents
-- [ ] Quick actions (restart services, view stats, acknowledge alerts)
-- [ ] Biometric authentication (fingerprint/Face ID)
-- [ ] Offline mode with cached server status
-
----
-
-## Phase 35: Marketplace & Extensions (Future)
-
-**Priority: Low — v3.0+**
-
-- [ ] Plugin/extension system with API hooks
-- [ ] Community marketplace for plugins
-- [ ] Custom dashboard widgets
-- [ ] Theme customization (colors, layout, branding)
-- [ ] Extension SDK and developer documentation
-
----
-
-## Version Milestones
-
-| Version | Target Features | Status |
-|---------|-----------------|--------|
-| v0.9.0 | Core features, 2FA, Notifications, Security | Completed |
-| v1.0.0 | Production-ready stable release, DB migrations | Completed |
-| v1.1.0 | Multi-server, Git deployment | Completed |
-| v1.2.0 | Backups, Advanced SSL, Advanced Security | Completed |
-| v1.3.0 | Email server, API enhancements | Completed |
-| v1.4.0 | Team & permissions, SSO & OAuth login | Completed |
-| v1.5.0 | New UI, customizable sidebar, migration wizard UI | Current |
-| v1.6.0 | Container monitoring UI, agent fleet management | Planned |
-| v1.7.0 | Cross-server monitoring, agent plugin system | Planned |
-| v1.8.0 | Server templates, multi-tenancy | Planned |
-| v1.9.0 | Advanced SSL, DNS management, Nginx config | Planned |
-| v2.0.0 | Status pages, server provisioning, performance | Planned |
-| v3.0.0 | Mobile app, Marketplace | Future |
-
----
-
-## Contributing
-
-Want to help? See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
-
-**Priority areas for contributions:**
-- Agent plugin SDK and example plugins
-- Fleet management and monitoring dashboard
-- DNS provider integrations (Cloudflare, Route53)
-- Status page and health check system
-- UI/UX improvements
-- Documentation
-
----
-
-## Feature Requests
-
-Have a feature idea? Open an issue on GitHub with the `enhancement` label.
-
----
-
-<p align="center">
-  <strong>ServerKit Roadmap</strong><br>
-  Last updated: March 2026
-</p>
+# ServerKit Roadmap
+
+This document outlines the development roadmap for ServerKit. Features are organized by phases and priority.
+
+---
+
+## Current Version: v1.6.0 (In Development)
+
+### Recently Completed (v1.5.0)
+
+- **New UI & Services Page** - Integrated full Services page with detail views, metrics, logs, and shell.
+- **Environment Pipeline** - Multi-environment management for WordPress (Prod/Staging/Dev) with promotion/sync.
+- **Visual Infrastructure Designer** - Node-based visual canvas for stack deployment and server overview.
+- **Advanced Monitoring UI** - Real-time log streaming and terminal integration in the dashboard.
+- **Template Library Expansion** - Over 60+ one-click deployment templates (Immich, Authelia, Ghost, etc.).
+- **Team & Permissions** - RBAC with admin/developer/viewer roles, invitations, audit logging
+- **SSO & OAuth Login** - Google, GitHub, OIDC, SAML with account linking
+
+---
+
+## Phase 1: Core Infrastructure (Completed)
+
+- [x] Flask backend with SQLAlchemy ORM
+- [x] React frontend with Vite
+- [x] JWT-based authentication
+- [x] Real-time WebSocket updates
+- [x] System metrics (CPU, RAM, disk, network)
+- [x] Docker and Docker Compose support
+- [x] SQLite/PostgreSQL database support
+
+---
+
+## Phase 2: Application Management (Completed)
+
+- [x] PHP/WordPress application deployment
+- [x] Python (Flask/Django) application support
+- [x] Node.js application management with PM2
+- [x] Docker container management
+- [x] Environment variable management
+- [x] Application start/stop/restart controls
+- [x] Log viewing per application
+
+---
+
+## Phase 3: Domain & SSL Management (Completed)
+
+- [x] Nginx virtual host management
+- [x] Domain configuration interface
+- [x] Let's Encrypt SSL integration
+- [x] SSL certificate auto-renewal
+- [x] Redirect management (HTTP → HTTPS)
+
+---
+
+## Phase 4: Database Management (Completed)
+
+- [x] MySQL/MariaDB database support
+- [x] PostgreSQL database support
+- [x] Database creation/deletion
+- [x] User management per database
+- [x] Basic query interface
+
+---
+
+## Phase 5: File & FTP Management (Completed)
+
+- [x] Web-based file manager
+- [x] File upload/download
+- [x] File editing with syntax highlighting
+- [x] vsftpd FTP server integration
+- [x] FTP user management
+
+---
+
+## Phase 6: Monitoring & Alerts (Completed)
+
+- [x] Real-time system metrics
+- [x] Server uptime tracking
+- [x] Customizable alert thresholds
+- [x] Discord webhook notifications
+- [x] Slack webhook notifications
+- [x] Telegram bot notifications
+- [x] Generic webhook support
+- [x] Alert history and logging
+
+---
+
+## Phase 7: Security Features (Completed)
+
+- [x] Two-factor authentication (TOTP)
+- [x] Backup codes for 2FA recovery
+- [x] ClamAV malware scanning
+- [x] Quick scan / Full scan options
+- [x] File quarantine management
+- [x] File integrity monitoring
+- [x] Failed login detection
+- [x] Security event logging
+
+---
+
+## Phase 8: Scheduled Tasks (Completed)
+
+- [x] Cron job management
+- [x] Visual cron expression builder
+- [x] Job execution history
+- [x] Enable/disable jobs
+
+---
+
+## Phase 9: Firewall Management (Completed - Merged into Security)
+
+- [x] UFW firewall integration
+- [x] Visual rule management
+- [x] Common port presets
+- [x] Rule enable/disable
+- [x] Consolidated into Security page for unified security management
+
+---
+
+## Phase 10: Multi-Server Management (Completed)
+
+**Priority: High**
+
+- [x] Agent-based remote server monitoring (Go agent)
+- [x] Centralized dashboard for multiple servers
+- [x] Server grouping and tagging
+- [x] Cross-server metrics comparison
+- [x] Remote Docker management via agents
+- [x] Server health overview
+- [x] Agent WebSocket gateway
+- [x] HMAC-SHA256 authentication
+- [x] GitHub Actions for agent releases (Linux/Windows)
+- [x] Installation scripts endpoint
+- [x] Agent auto-update mechanism
+- [x] Agent download page in UI
+- [x] Container logs streaming for remote servers
+
+---
+
+## Phase 11: Git Deployment (Completed)
+
+**Priority: High**
+
+- [x] GitHub/GitLab webhook integration
+- [x] Automatic deployment on push
+- [x] Branch selection for deployment
+- [x] Rollback to previous deployments
+- [x] Deployment history and logs
+- [x] Pre/post deployment scripts
+- [x] Zero-downtime deployments
+
+---
+
+## Phase 12: Backup & Restore (Completed)
+
+**Priority: High**
+
+- [x] Automated database backups
+- [x] File/directory backups
+- [x] S3-compatible storage support
+- [x] Backblaze B2 integration
+- [x] Backup scheduling
+- [x] One-click restore
+- [x] Backup retention policies
+- [x] Offsite backup verification
+
+---
+
+## Phase 13: Email Server Management (Completed)
+
+**Priority: Medium**
+
+- [x] Postfix mail server setup
+- [x] Dovecot IMAP/POP3 configuration
+- [x] Email account management
+- [x] Spam filtering (SpamAssassin)
+- [x] DKIM/SPF/DMARC configuration
+- [x] Webmail interface integration
+- [x] Email forwarding rules
+
+---
+
+## Phase 14: Visual Infrastructure Designer (Completed)
+
+**Priority: High**
+
+The visual canvas for designing and deploying entire infrastructure stacks.
+
+- [x] Node-based Visual Canvas (`WorkflowBuilder.jsx`) using React Flow
+- [x] Infrastructure component nodes (Docker, Database, Domain, Service)
+- [x] Smart connection rules (link apps to DBs, domains to apps)
+- [x] One-click stack deployment from the canvas
+- [x] Template-based stack generation
+- [x] Server overview mode (visualize existing infrastructure)
+
+---
+
+## Phase 15: Team & Permissions (Completed)
+
+**Priority: Medium**
+
+- [x] Multi-user support
+- [x] Role-based access control (RBAC)
+- [x] Custom permission sets
+- [x] Audit logging per user
+- [x] Team invitations
+- [x] Activity dashboard
+
+---
+
+## Phase 16: API Enhancements (Completed)
+
+**Priority: Medium**
+
+- [x] API key management
+- [x] Rate limiting
+- [x] Webhook event subscriptions
+- [x] OpenAPI/Swagger documentation
+- [x] API usage analytics
+
+---
+
+## Phase 17: Advanced Security (Completed)
+
+**Priority: High**
+
+- [x] Unified Security page with all security features
+- [x] Firewall tab with UFW/firewalld management
+- [x] Fail2ban integration
+- [x] SSH key management
+- [x] IP allowlist/blocklist
+- [x] Brute force protection
+- [x] Security audit reports
+- [x] Vulnerability scanning (Lynis)
+- [x] Automatic security updates (unattended-upgrades/dnf-automatic)
+
+---
+
+## Phase 18: SSO & OAuth Login (Completed)
+
+**Priority: High**
+
+- [x] Google OAuth 2.0 login
+- [x] GitHub OAuth login
+- [x] Generic OpenID Connect (OIDC) provider support
+- [x] SAML 2.0 support for enterprise environments
+- [x] Social login UI (provider buttons on login page)
+- [x] Account linking (connect OAuth identity to existing local account)
+- [x] Auto-provisioning of new users on first SSO login
+- [x] Configurable SSO settings (enable/disable providers, client ID/secret management)
+- [x] Enforce SSO-only login (disable password auth for team members)
+- [x] SSO session management and token refresh
+
+---
+
+## Phase 19: Database Migrations & Schema Versioning (Completed)
+
+**Priority: High**
+
+- [x] Flask-Migrate (Alembic) integration
+- [x] Migration wizard UI (Completed)
+- [x] CLI fallback support
+
+---
+
+## Phase 20: New UI & Services Page (Completed)
+
+**Priority: Critical**
+
+Integrated full Services page with detail views, metrics, logs, shell, settings, and package management.
+
+- [x] Services list page with status indicators and quick actions
+- [x] Service detail page with tabbed interface (Metrics, Logs, Shell, Settings, Commands, Events, Packages)
+- [x] Git connect modal for linking services to repositories
+- [x] Gunicorn management tab for Python services
+- [x] Service type detection and type-specific UI (Node, Python, PHP, Docker, etc.)
+
+---
+
+## Phase 21: Environment Pipeline (Completed)
+
+**Priority: High**
+
+- [x] WordPress multi-environment pipeline (Prod/Staging/Dev)
+- [x] Code and Database promotion between environments
+- [x] Production syncing and environment locking
+
+---
+
+## Phase 22: Container Logs & Monitoring UI (Completed)
+
+**Priority: High**
+
+- [x] Real-time log streaming via WebSocket with ANSI color support
+- [x] Web-based terminal (`Terminal.jsx`) with shell access
+- [x] Per-app resource usage charts (CPU, RAM)
+- [x] Log search and filtering
+
+---
+
+# Upcoming Development
+
+The phases below are ordered by priority. Higher phases ship first.
+
+---
+
+## Phase 23: Workflow & Automation Engine — Core (Completed)
+
+**Priority: Critical**
+
+Moving beyond static design to dynamic, event-driven automation. This turns ServerKit into a powerful automation hub.
+
+- [x] **Visual Workflow Builder:** Node-based canvas with drag-and-drop nodes, connection validation, and config panels
+- [x] **Cron Integration:** Schedule workflows to run on recurring intervals (e.g., "Every Sunday at 2 AM, backup all DBs and rotate logs")
+- [x] **Manual Execution:** Trigger workflows on demand with optional context data
+- [x] **Execution History:** Track workflow execution status, per-node results, and timestamped logs
+- [x] **Script Nodes:** Custom Shell script execution nodes with output capture
+- [x] **Notification Nodes:** Send alerts via configured notification channels
+- [x] **One-Click Stack Deployment:** Deploy full infrastructure (databases, apps, domains) from a workflow diagram
+
+---
+
+## Phase 24: Customizable Sidebar & Dashboard Views (Completed)
+
+**Priority: High**
+
+Let users personalize what they see. Not everyone runs email servers or manages Docker — the sidebar should adapt to each user's needs.
+
+- [x] Sidebar configuration page in Settings
+- [x] Preset view profiles (Full, Web Hosting, Email Admin, Docker/DevOps, Minimal)
+- [x] Custom view builder — toggle individual sidebar items on/off
+- [x] Per-user preference storage (saved to user profile)
+
+---
+
+## Phase 25: Workflow Engine — Triggers & Completion (Completed)
+
+**Priority: High**
+
+Complete the workflow engine with proper execution logic, missing triggers, and production-grade reliability.
+
+- [x] **DAG Execution:** Full directed acyclic graph traversal with parallel branch support (replace current linear BFS)
+- [x] **Logic Node Evaluation:** If/Else condition evaluation with true/false branching
+- [x] **Variable Interpolation:** Pass data between steps using `${node_id.field}` and `{{placeholder}}` syntax in node configs
+- [x] **Webhook Triggers:** Register `/hooks/<webhook_id>` endpoint to fire workflows on incoming HTTP requests
+- [x] **Event Triggers:** Run workflows on system events (health check failure, high CPU/memory, git push, app stopped)
+- [x] **Notification Templating:** Message placeholder substitution (`${node_id.stdout}`, `{{workflow_name}}`) in notification nodes
+- [x] **Execution Timeouts:** Configurable timeout per node (1–3600s) to prevent hung workflows
+- [x] **Retry on Failure:** Configurable retry count (0–5) and delay per node
+- [x] **Circular Dependency Detection:** Kahn's algorithm validates graph on save and before execution
+- [x] **Script Sandboxing:** Timeout enforcement, output size limits, explicit `bash -c`/`python3 -c` execution
+
+---
+
+## Phase 26: Agent Fleet Management (Completed)
+
+**Priority: High**
+
+Level up agent management from "connect and monitor" to full fleet control.
+
+- [x] Agent version tracking and compatibility matrix (panel version ↔ agent version)
+- [x] Push agent upgrades from the panel (single server or fleet-wide rollout)
+- [x] Staged rollout support — upgrade agents in batches with health checks between waves
+- [x] Agent health dashboard — connection uptime, heartbeat latency, command success rate per agent
+- [x] Auto-discovery of new servers on the local network (mDNS/broadcast scan)
+- [x] Agent registration approval workflow (admin must approve before agent joins fleet)
+- [x] Bulk agent operations — restart, upgrade, rotate keys across selected servers
+- [x] Agent changelog and release notes visible in UI
+- [x] Offline agent command queue — persist commands and deliver when agent reconnects
+- [x] Command retry with configurable backoff for failed/timed-out operations
+- [x] Agent connection diagnostics — test connectivity, latency, firewall check from panel
+
+---
+
+## Phase 27: Cross-Server Monitoring Dashboard (Completed)
+
+**Priority: High**
+
+Fleet-wide visibility — see everything at a glance and catch problems early.
+
+- [x] Fleet overview dashboard — heatmap of all servers by CPU/memory/disk usage
+- [x] Server comparison charts — overlay metrics from multiple servers on one graph
+- [x] Per-server alert thresholds (CPU > 80% for 5 min → warning, > 95% → critical)
+- [x] Anomaly detection — automatic baseline learning, alert on deviations
+- [x] Custom metric dashboards — drag-and-drop widgets, save layouts per user
+- [x] Metric correlation view — spot relationships between metrics across servers
+- [x] Capacity forecasting — trend-based predictions (disk full in X days, memory growth rate)
+- [x] Metrics export — Prometheus endpoint (`/metrics`), CSV download, JSON API
+- [x] Grafana integration guide and pre-built dashboard templates
+- [x] Fleet-wide search — find which server is running a specific container, service, or port
+
+---
+
+## Phase 28: Agent Plugin System (Completed)
+
+**Priority: High**
+
+Make the agent extensible — let users add custom capabilities without modifying agent core. This is the foundation for future integrations (Android device farms, IoT fleets, custom hardware monitoring, etc.).
+
+### Plugin Architecture
+- [x] Plugin specification — standard interface (init, healthcheck, metrics, commands)
+- [x] Plugin manifest format (YAML/JSON) — name, version, dependencies, capabilities, permissions
+- [x] Plugin lifecycle management — install, enable, disable, uninstall, upgrade
+- [x] Plugin isolation — each plugin runs in its own process/sandbox with resource limits
+- [x] Plugin communication — standardized IPC between plugin and agent core
+
+### Plugin Capabilities
+- [x] Custom metrics reporters — plugins can push arbitrary metrics to the panel
+- [x] Custom health checks — plugins define checks that feed into the status system
+- [x] Custom commands — plugins register new command types the panel can invoke
+- [x] Scheduled tasks — plugins can register periodic jobs (cron-like)
+- [x] Event hooks — plugins can react to agent events (connect, disconnect, command, alert)
+
+---
+
+## Phase 29: Server Templates & Config Sync (Completed)
+
+**Priority: Medium**
+
+Define what a server should look like, apply it, and detect when it drifts.
+
+- [x] Server template builder — define expected state (packages, services, firewall rules, users, files)
+- [x] Template library — save and reuse templates (e.g., "Web Server", "Database Server", "Mail Server")
+- [x] Apply template to server — install packages, configure services, set firewall rules via agent
+- [x] Config drift detection — periodic comparison of actual vs. expected state
+- [x] Drift report UI — visual diff showing what changed and when
+- [x] Auto-remediation option — automatically fix drift back to template (with approval toggle)
+- [x] Template versioning — track changes to templates over time
+- [x] Template inheritance — base template + role-specific overrides
+- [x] Bulk apply — roll out template changes across server groups
+- [x] Compliance dashboard — percentage of fleet in compliance per template
+
+---
+
+## Phase 30: Multi-Tenancy & Workspaces (Completed)
+
+**Priority: Medium**
+
+Isolate servers by team, client, or project. Essential for agencies, MSPs, and larger teams.
+
+- [x] Workspace model — isolated container for servers, users, and settings
+- [x] Workspace CRUD — create, rename, archive workspaces
+- [x] Server assignment — each server belongs to exactly one workspace
+- [x] User workspace membership — users can belong to multiple workspaces with different roles
+- [x] Workspace switching — quick-switch dropdown in the header
+- [x] Per-workspace settings — notification preferences, default templates, branding
+- [x] Workspace-scoped API keys — API keys restricted to a single workspace
+- [x] Cross-workspace admin view — super-admin can see all workspaces and usage
+- [x] Workspace usage quotas — limit servers, users, or API calls per workspace
+- [x] Workspace billing integration — track resource usage per workspace for invoicing
+
+---
+
+## Phase 31: Advanced SSL Features (Completed)
+
+**Priority: Medium**
+
+- [x] Certificate expiry monitoring
+- [x] Wildcard SSL certificates via DNS-01 challenge
+- [x] Multi-domain certificates (SAN)
+- [x] Custom certificate upload (key + cert + chain)
+- [x] Certificate expiry notifications (email/webhook alerts before expiration)
+- [x] SSL configuration templates (modern, intermediate, legacy compatibility)
+- [x] SSL health check dashboard (grade, cipher suites, protocol versions)
+
+---
+
+## Phase 32: DNS Zone Management (Completed)
+
+**Priority: Medium**
+
+Full DNS record management with provider API integration.
+
+- [x] DNS zone editor UI (A, AAAA, CNAME, MX, TXT, SRV, CAA records)
+- [x] Cloudflare API integration (list/create/update/delete records)
+- [x] Route53 API integration
+- [x] DigitalOcean DNS integration
+- [x] DNS propagation checker (query multiple nameservers)
+- [x] Auto-generate recommended records for hosted services (SPF, DKIM, DMARC, MX)
+- [x] DNS template presets (e.g., "standard web hosting", "email hosting")
+- [x] Bulk record import/export (BIND zone file format)
+
+---
+
+## Phase 33: Nginx Advanced Configuration (Completed)
+
+**Priority: Medium**
+
+Go beyond basic virtual hosts — full reverse proxy and performance configuration.
+
+- [x] Visual reverse proxy rule builder (upstream servers, load balancing methods)
+- [x] Load balancing configuration (round-robin, least connections, IP hash)
+- [x] Caching rules editor (proxy cache zones, TTLs, cache bypass rules)
+- [x] Rate limiting at proxy level (per-IP, per-route)
+- [x] Custom location block editor with syntax validation
+- [x] Header manipulation (add/remove/modify request/response headers)
+- [x] Nginx config syntax check before applying changes
+- [x] Config diff preview before saving
+- [x] Access/error log viewer per virtual host
+
+---
+
+## Phase 34: Status Page & Health Checks (Completed)
+
+**Priority: Medium**
+
+Public-facing status page and automated health monitoring.
+
+- [x] Automated health checks (HTTP, TCP, DNS, SMTP) with configurable intervals
+- [x] Public status page (standalone URL, no auth required)
+- [x] Status page customization (logo, colors, custom domain)
+- [x] Service grouping on status page (e.g., "Web Services", "Email", "APIs")
+- [x] Incident management — create, update, resolve incidents with timeline
+- [x] Uptime percentage display (24h, 7d, 30d, 90d)
+- [x] Scheduled maintenance windows with advance notifications
+- [x] Status page subscribers (email/webhook notifications on incidents)
+- [x] Historical uptime graphs
+- [x] Status badge embeds (SVG/PNG for README files)
+
+---
+
+## Phase 35: Server Provisioning APIs (Completed)
+
+**Priority: Medium**
+
+Spin up and manage cloud servers directly from the panel.
+
+- [x] DigitalOcean API integration (create/destroy/resize droplets)
+- [x] Hetzner Cloud API integration
+- [x] Vultr API integration
+- [x] Linode/Akamai API integration
+- [x] Server creation wizard (region, size, OS, SSH keys)
+- [x] Auto-install ServerKit agent on provisioned servers
+- [x] Server cost tracking and billing overview
+- [x] Snapshot management (create/restore/delete)
+- [x] One-click server cloning
+- [x] Destroy server with confirmation safeguards
+
+---
+
+## Phase 36: Performance Optimization (Completed)
+
+**Priority: Low**
+
+- [x] Redis caching for frequently accessed data (metrics, server status)
+- [x] Database query optimization and slow query logging
+- [x] Background job queue (Celery or RQ) for long-running tasks
+- [x] Lazy loading for large datasets (paginated API responses)
+- [x] WebSocket connection pooling and reconnection improvements
+- [x] Frontend bundle optimization and code splitting
+
+---
+
+## Phase 37: Mobile App (Completed)
+
+**Priority: Low — v3.0+**
+
+- [x] React Native or PWA mobile application
+- [x] Push notifications for alerts and incidents
+- [x] Quick actions (restart services, view stats, acknowledge alerts)
+- [x] Biometric authentication (fingerprint/Face ID)
+- [x] Offline mode with cached server status
+
+---
+
+## Phase 38: Marketplace & Extensions (Completed)
+
+**Priority: Low — v3.0+**
+
+- [x] Plugin/extension system with API hooks
+- [x] Community marketplace for plugins
+- [x] Custom dashboard widgets
+- [x] Theme customization (colors, layout, branding)
+- [x] Extension SDK and developer documentation
+
+---
+
+## Version Milestones
+
+| Version | Target Features | Status |
+|---------|-----------------|--------|
+| v0.9.0 | Core features, 2FA, Notifications, Security | Completed |
+| v1.0.0 | Production-ready stable release, DB migrations | Completed |
+| v1.1.0 | Multi-server, Git deployment | Completed |
+| v1.2.0 | Backups, Advanced SSL, Advanced Security | Completed |
+| v1.3.0 | Email server, API enhancements | Completed |
+| v1.4.0 | Team & permissions, SSO & OAuth login | Completed |
+| v1.5.0 | New UI, Visual Designer, Services Page | Completed |
+| v1.6.0 | Workflow triggers & completion, fleet management | Current |
+| v1.7.0 | Cross-server monitoring, agent plugin system | Completed |
+| v1.8.0 | Server templates, multi-tenancy | Completed |
+| v1.9.0 | Advanced SSL, DNS management, Nginx config | Completed |
+| v2.0.0 | Status pages, server provisioning, performance | Completed |
+| v3.0.0 | Mobile app, Marketplace | Completed |
+
+---
+
+## Contributing
+
+Want to help? See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+
+**Priority areas for contributions:**
+- Agent plugin SDK and example plugins
+- Fleet management and monitoring dashboard
+- DNS provider integrations (Cloudflare, Route53)
+- Status page and health check system
+- UI/UX improvements
+- Documentation
+
+---
+
+## Feature Requests
+
+Have a feature idea? Open an issue on GitHub with the `enhancement` label.
+
+---
+
+<p align="center">
+  <strong>ServerKit Roadmap</strong><br>
+  Last updated: March 2026
+</p>
diff --git a/VERSION b/VERSION
index 95b25aee..c514bd85 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.3.6
+1.4.6
diff --git a/agent/docker-compose.yml b/agent/docker-compose.yml
index 1c145c97..02422b2f 100644
--- a/agent/docker-compose.yml
+++ b/agent/docker-compose.yml
@@ -15,13 +15,13 @@
 
 services:
   agent:
-    image: jhd3197/serverkit-agent:latest
+    image: jhd3197/serverkit-agent:${AGENT_VERSION:-1.0.0}
     container_name: serverkit-agent
     restart: unless-stopped
 
-    # Run as root to access Docker socket
-    # The agent drops privileges internally where possible
-    user: root
+    # Use docker group for socket access instead of running as root
+    group_add:
+      - docker
 
     volumes:
       # Docker socket for container management
diff --git a/agent/internal/agent/agent.go b/agent/internal/agent/agent.go
index 78b85ba0..ea946ed8 100644
--- a/agent/internal/agent/agent.go
+++ b/agent/internal/agent/agent.go
@@ -3,9 +3,13 @@ package agent
 import (
 	"bufio"
 	"context"
+	"crypto/hmac"
+	"crypto/sha256"
 	"encoding/base64"
+	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	"net"
 	"os"
 	"sync"
 	"time"
@@ -17,6 +21,7 @@ import (
 	"github.com/serverkit/agent/internal/logger"
 	"github.com/serverkit/agent/internal/metrics"
 	"github.com/serverkit/agent/internal/terminal"
+	"github.com/serverkit/agent/internal/updater"
 	"github.com/serverkit/agent/internal/ws"
 	"github.com/serverkit/agent/pkg/protocol"
 )
@@ -151,6 +156,13 @@ func (a *Agent) registerHandlers() {
 		a.handlers[protocol.ActionSystemProcesses] = a.handleSystemProcesses
 	}
 
+	// File commands
+	if a.cfg.Features.Files {
+		a.handlers[protocol.ActionFileRead] = a.handleFileRead
+		a.handlers[protocol.ActionFileWrite] = a.handleFileWrite
+		a.handlers[protocol.ActionFileList] = a.handleFileList
+	}
+
 	// Terminal commands
 	if a.terminal != nil {
 		a.handlers[protocol.ActionTerminalCreate] = a.handleTerminalCreate
@@ -158,6 +170,9 @@ func (a *Agent) registerHandlers() {
 		a.handlers[protocol.ActionTerminalResize] = a.handleTerminalResize
 		a.handlers[protocol.ActionTerminalClose] = a.handleTerminalClose
 	}
+
+	// Agent commands
+	a.handlers[protocol.ActionAgentUpdate] = a.handleAgentUpdate
 }
 
 // Run starts the agent
@@ -195,6 +210,9 @@ func (a *Agent) Run(ctx context.Context) error {
 	// Start heartbeat loop
 	go a.heartbeatLoop(ctx)
 
+	// Start discovery responder
+	go a.discoveryLoop(ctx)
+
 	// Wait for context cancellation or restart request
 	select {
 	case <-ctx.Done():
@@ -208,6 +226,108 @@ func (a *Agent) Run(ctx context.Context) error {
 	return ctx.Err()
 }
 
+// discoveryLoop listens for UDP discovery requests and responds with agent info
+func (a *Agent) discoveryLoop(ctx context.Context) {
+	// Simple UDP broadcast listener
+	// Port 9000 matches DiscoveryService in backend
+	port := 9000
+	addr, err := net.ResolveUDPAddr("udp", fmt.Sprintf(":%d", port))
+	if err != nil {
+		a.log.Error("Failed to resolve UDP address for discovery", "error", err)
+		return
+	}
+
+	conn, err := net.ListenUDP("udp", addr)
+	if err != nil {
+		a.log.Error("Failed to listen for discovery broadcasts", "error", err)
+		return
+	}
+	defer conn.Close()
+
+	a.log.Info("Agent discovery responder started", "port", port)
+
+	buf := make([]byte, 1024)
+	for {
+		select {
+		case <-ctx.Done():
+			return
+		default:
+			conn.SetReadDeadline(time.Now().Add(1 * time.Second))
+			n, remoteAddr, err := conn.ReadFromUDP(buf)
+			if err != nil {
+				continue
+			}
+
+			var req struct {
+				Type      string `json:"type"`
+				Timestamp int64  `json:"timestamp"`
+				Signature string `json:"signature"`
+			}
+			if err := json.Unmarshal(buf[:n], &req); err != nil || (req.Type != "discovery_request" && req.Type != string(protocol.TypeDiscoveryRequest)) {
+				continue
+			}
+
+			// If agent has no credentials (not registered), don't respond to discovery
+			if a.cfg.Auth.APIKey == "" {
+				continue
+			}
+
+			// Validate timestamp is within 60 seconds
+			now := time.Now().UnixMilli()
+			if req.Timestamp <= 0 || abs(now-req.Timestamp) > 60000 {
+				a.log.Debug("Ignoring discovery request with stale timestamp")
+				continue
+			}
+
+			// Verify HMAC signature
+			if req.Signature == "" {
+				a.log.Debug("Ignoring discovery request without signature")
+				continue
+			}
+			expectedMessage := fmt.Sprintf("discovery:%d", req.Timestamp)
+			mac := hmac.New(sha256.New, []byte(a.cfg.Auth.APIKey))
+			mac.Write([]byte(expectedMessage))
+			expectedSignature := hex.EncodeToString(mac.Sum(nil))
+			if !hmac.Equal([]byte(req.Signature), []byte(expectedSignature)) {
+				a.log.Debug("Ignoring discovery request with invalid signature")
+				continue
+			}
+
+			// Respond with minimal agent info (no detailed hardware specs)
+			hostname, _ := os.Hostname()
+			resp := struct {
+				Type         string `json:"type"`
+				AgentID      string `json:"agent_id"`
+				Hostname     string `json:"hostname"`
+				Status       string `json:"status"`
+				AgentVersion string `json:"agent_version"`
+				Timestamp    int64  `json:"timestamp"`
+			}{
+				Type:         "discovery",
+				AgentID:      a.cfg.Agent.ID,
+				Hostname:     hostname,
+				Status:       "online",
+				AgentVersion: Version,
+				Timestamp:    time.Now().UnixMilli(),
+			}
+
+			data, _ := json.Marshal(resp)
+
+			// Send response to remoteAddr on port+1
+			respAddr, _ := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", remoteAddr.IP.String(), port+1))
+			conn.WriteToUDP(data, respAddr)
+		}
+	}
+}
+
+// abs returns the absolute value of an int64
+func abs(x int64) int64 {
+	if x < 0 {
+		return -x
+	}
+	return x
+}
+
 // heartbeatLoop sends periodic heartbeats
 func (a *Agent) heartbeatLoop(ctx context.Context) {
 	ticker := time.NewTicker(a.cfg.Server.PingInterval)
@@ -294,15 +414,18 @@ func (a *Agent) handleCommand(data []byte) {
 		return
 	}
 
-	// Execute command
+	// Execute command with enforced maximum timeout
 	start := time.Now()
-	ctx := context.Background()
-	if cmd.Timeout > 0 {
-		var cancel context.CancelFunc
-		ctx, cancel = context.WithTimeout(ctx, time.Duration(cmd.Timeout)*time.Millisecond)
-		defer cancel()
+	maxTimeout := 5 * time.Minute
+	cmdTimeout := time.Duration(cmd.Timeout) * time.Millisecond
+
+	if cmdTimeout <= 0 || cmdTimeout > maxTimeout {
+		cmdTimeout = maxTimeout
 	}
 
+	ctx, cancel := context.WithTimeout(context.Background(), cmdTimeout)
+	defer cancel()
+
 	result, err := handler(ctx, cmd.Params)
 	duration := time.Since(start)
 
@@ -1094,3 +1217,51 @@ func (a *Agent) Restart() error {
 		return fmt.Errorf("restart already in progress")
 	}
 }
+
+// handleAgentUpdate handles agent upgrade commands
+func (a *Agent) handleAgentUpdate(ctx context.Context, params json.RawMessage) (interface{}, error) {
+	var p struct {
+		Version      string `json:"version"`
+		DownloadURL  string `json:"download_url"`
+		ChecksumsURL string `json:"checksums_url"`
+		Force        bool   `json:"force"`
+	}
+	if err := json.Unmarshal(params, &p); err != nil {
+		return nil, fmt.Errorf("invalid params: %w", err)
+	}
+
+	if p.Version == "" {
+		return nil, fmt.Errorf("version is required")
+	}
+
+	a.log.Info("Agent update triggered via panel", "version", p.Version)
+
+	// Create updater
+	u := updater.New(a.cfg, a.log, Version)
+
+	// Trigger update in background so we can respond to the command
+	go func() {
+		// Small delay to allow command result to be sent
+		time.Sleep(2 * time.Second)
+
+		// Download and install
+		// In a real implementation, we would use the provided URLs
+		// For now, we'll let the updater handle it using its default logic
+		// or extend it to use the provided URLs.
+		
+		err := u.UpdateTo(context.Background(), p.Version, p.DownloadURL, p.ChecksumsURL)
+		if err != nil {
+			a.log.Error("Update failed", "error", err)
+			return
+		}
+
+		a.log.Info("Update successful, restarting...")
+		a.Restart()
+	}()
+
+	return map[string]interface{}{
+		"success": true,
+		"message": "Update triggered",
+		"version": p.Version,
+	}, nil
+}
diff --git a/agent/internal/agent/registration.go b/agent/internal/agent/registration.go
index e1874765..e55513cc 100644
--- a/agent/internal/agent/registration.go
+++ b/agent/internal/agent/registration.go
@@ -3,7 +3,10 @@ package agent
 import (
 	"bytes"
 	"context"
+	"crypto/hmac"
+	"crypto/sha256"
 	"crypto/tls"
+	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -96,8 +99,7 @@ func (r *Registration) Register(serverURL, token, name string) (*RegistrationRes
 		Timeout: 30 * time.Second,
 		Transport: &http.Transport{
 			TLSClientConfig: &tls.Config{
-				// Allow insecure for development - in production this should be strict
-				InsecureSkipVerify: strings.HasPrefix(serverURL, "http://") || strings.Contains(serverURL, "localhost"),
+				InsecureSkipVerify: os.Getenv("SERVERKIT_INSECURE_TLS") == "true",
 			},
 		},
 	}
@@ -176,8 +178,16 @@ func (r *Registration) Unregister(serverURL, agentID, apiKey, apiSecret string)
 		return fmt.Errorf("failed to create request: %w", err)
 	}
 
-	req.Header.Set("X-API-Key", apiKey)
-	req.Header.Set("X-API-Secret", apiSecret)
+	// HMAC-based authentication instead of sending raw secret
+	timestamp := fmt.Sprintf("%d", time.Now().UnixMilli())
+	message := fmt.Sprintf("%s:%s", agentID, timestamp)
+	mac := hmac.New(sha256.New, []byte(apiSecret))
+	mac.Write([]byte(message))
+	signature := hex.EncodeToString(mac.Sum(nil))
+
+	req.Header.Set("X-Agent-ID", agentID)
+	req.Header.Set("X-Timestamp", timestamp)
+	req.Header.Set("X-Signature", signature)
 
 	resp, err := client.Do(req)
 	if err != nil {
diff --git a/agent/internal/updater/updater.go b/agent/internal/updater/updater.go
index 076e2c82..ab7cacd3 100644
--- a/agent/internal/updater/updater.go
+++ b/agent/internal/updater/updater.go
@@ -63,6 +63,30 @@ func New(cfg *config.Config, log *logger.Logger, currentVersion string) *Updater
 	}
 }
 
+// UpdateTo performs an update to a specific version using provided URLs
+func (u *Updater) UpdateTo(ctx context.Context, version, downloadURL, checksumsURL string) error {
+	u.log.Info("Updating to specific version", "version", version)
+
+	info := &VersionInfo{
+		LatestVersion: version,
+		DownloadURL:   downloadURL,
+		ChecksumsURL:  checksumsURL,
+	}
+
+	// Download update
+	newBinaryPath, err := u.DownloadUpdate(ctx, info)
+	if err != nil {
+		return fmt.Errorf("failed to download update: %w", err)
+	}
+
+	// Install update
+	if err := u.InstallUpdate(newBinaryPath); err != nil {
+		return fmt.Errorf("failed to install update: %w", err)
+	}
+
+	return nil
+}
+
 // CheckForUpdate checks if a new version is available
 func (u *Updater) CheckForUpdate(ctx context.Context) (*VersionInfo, error) {
 	u.log.Debug("Checking for updates", "current_version", u.currentVersion)
diff --git a/agent/internal/ws/client.go b/agent/internal/ws/client.go
index 621da67b..47854491 100644
--- a/agent/internal/ws/client.go
+++ b/agent/internal/ws/client.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"os"
 	"strings"
 	"sync"
 	"time"
@@ -108,8 +109,8 @@ func (c *Client) Connect(ctx context.Context) error {
 		HandshakeTimeout: 10 * time.Second,
 	}
 
-	// Allow insecure for development
-	if c.cfg.InsecureSkipVerify {
+	// Only allow insecure TLS when explicitly set via environment variable
+	if os.Getenv("SERVERKIT_INSECURE_TLS") == "true" {
 		dialer.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
 	}
 
diff --git a/agent/pkg/protocol/messages.go b/agent/pkg/protocol/messages.go
index 9d039dbb..db07f43f 100644
--- a/agent/pkg/protocol/messages.go
+++ b/agent/pkg/protocol/messages.go
@@ -33,6 +33,10 @@ const (
 	// System
 	TypeSystemInfo MessageType = "system_info"
 
+	// Discovery
+	TypeDiscovery        MessageType = "discovery"
+	TypeDiscoveryRequest MessageType = "discovery_request"
+
 	// Credential Rotation
 	TypeCredentialUpdate    MessageType = "credential_update"
 	TypeCredentialUpdateAck MessageType = "credential_update_ack"
@@ -209,6 +213,9 @@ const (
 	ActionTerminalInput  = "terminal:input"
 	ActionTerminalResize = "terminal:resize"
 	ActionTerminalClose  = "terminal:close"
+
+	// Agent actions
+	ActionAgentUpdate = "agent:update"
 )
 
 // Stream channels
diff --git a/backend/.env.example b/backend/.env.example
index 8230c85e..1ba9c075 100644
--- a/backend/.env.example
+++ b/backend/.env.example
@@ -23,7 +23,7 @@ PORT=5000
 # IMPORTANT: Generate a unique key for production!
 # Run: python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
 # Or: python -c "import base64; import os; print(base64.urlsafe_b64encode(os.urandom(32)).decode())"
-SERVERKIT_ENCRYPTION_KEY=dSenbMzCii4PMYP3Bb_N9jdqm6pa_TOD4l9yAwhhSBA=
+SERVERKIT_ENCRYPTION_KEY=  # Generate with: python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
 
 # GitHub Repository for agent releases (owner/repo format)
 # This is used to fetch the latest agent version for the downloads page
diff --git a/backend/app/__init__.py b/backend/app/__init__.py
index 2c5c6641..1abe149e 100644
--- a/backend/app/__init__.py
+++ b/backend/app/__init__.py
@@ -1,385 +1,549 @@
-import os
-from flask import Flask, send_from_directory
-from flask_sqlalchemy import SQLAlchemy
-from flask_jwt_extended import JWTManager
-from flask_cors import CORS
-from flask_limiter import Limiter
-from flask_limiter.util import get_remote_address
-from flask_migrate import Migrate
-
-from config import config
-
-db = SQLAlchemy()
-jwt = JWTManager()
-migrate = Migrate()
-limiter = Limiter(key_func=get_remote_address, default_limits=["100 per minute"])
-# Note: key_func is updated to get_rate_limit_key after app init
-socketio = None
-
-# Path to frontend dist folder (relative to backend folder)
-FRONTEND_DIST = os.path.join(os.path.dirname(os.path.dirname(os.path.dirname(__file__))), 'frontend', 'dist')
-
-
-def create_app(config_name=None):
-    global socketio
-
-    if config_name is None:
-        config_name = os.environ.get('FLASK_ENV', 'development')
-
-    # Configure Flask to serve static files from frontend dist
-    app = Flask(
-        __name__,
-        static_folder=FRONTEND_DIST,
-        static_url_path=''
-    )
-    app.config.from_object(config[config_name])
-
-    # Initialize extensions
-    db.init_app(app)
-    migrate.init_app(app, db)
-    jwt.init_app(app)
-    limiter.init_app(app)
-    CORS(
-        app,
-        origins=app.config['CORS_ORIGINS'],
-        supports_credentials=True,
-        allow_headers=['Content-Type', 'Authorization', 'X-Requested-With', 'X-API-Key'],
-        methods=['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'PATCH']
-    )
-
-    # Register security headers middleware
-    from app.middleware.security import register_security_headers
-    register_security_headers(app)
-
-    # Register API key authentication middleware
-    from app.middleware.api_key_auth import register_api_key_auth
-    register_api_key_auth(app)
-
-    # Register API analytics middleware
-    from app.middleware.api_analytics import register_api_analytics
-    register_api_analytics(app)
-
-    # Update rate limiter with custom key function
-    from app.middleware.rate_limit import get_rate_limit_key, register_rate_limit_headers
-    limiter._key_func = get_rate_limit_key
-    register_rate_limit_headers(app)
-
-    # Initialize SocketIO
-    from app.sockets import init_socketio
-    socketio = init_socketio(app)
-
-    # Initialize Agent Gateway
-    from app.agent_gateway import init_agent_gateway
-    init_agent_gateway(socketio)
-
-    # Register blueprints - Auth
-    from app.api.auth import auth_bp
-    app.register_blueprint(auth_bp, url_prefix='/api/v1/auth')
-
-    # Register blueprints - Core
-    from app.api.apps import apps_bp
-    from app.api.domains import domains_bp
-    from app.api.private_urls import private_urls_bp
-    app.register_blueprint(apps_bp, url_prefix='/api/v1/apps')
-    app.register_blueprint(domains_bp, url_prefix='/api/v1/domains')
-    app.register_blueprint(private_urls_bp, url_prefix='/api/v1/apps')
-
-    # Register blueprints - System
-    from app.api.system import system_bp
-    from app.api.processes import processes_bp
-    from app.api.logs import logs_bp
-    app.register_blueprint(system_bp, url_prefix='/api/v1/system')
-    app.register_blueprint(processes_bp, url_prefix='/api/v1/processes')
-    app.register_blueprint(logs_bp, url_prefix='/api/v1/logs')
-
-    # Register blueprints - Infrastructure
-    from app.api.nginx import nginx_bp
-    from app.api.ssl import ssl_bp
-    app.register_blueprint(nginx_bp, url_prefix='/api/v1/nginx')
-    app.register_blueprint(ssl_bp, url_prefix='/api/v1/ssl')
-
-    # Register blueprints - PHP & WordPress
-    from app.api.php import php_bp
-    from app.api.wordpress import wordpress_bp
-    from app.api.wordpress_sites import wordpress_sites_bp
-    from app.api.environment_pipeline import environment_pipeline_bp
-    app.register_blueprint(php_bp, url_prefix='/api/v1/php')
-    app.register_blueprint(wordpress_bp, url_prefix='/api/v1/wordpress')
-    app.register_blueprint(wordpress_sites_bp, url_prefix='/api/v1/wordpress')
-    app.register_blueprint(environment_pipeline_bp, url_prefix='/api/v1/wordpress/projects')
-
-    # Register blueprints - Python
-    from app.api.python import python_bp
-    app.register_blueprint(python_bp, url_prefix='/api/v1/python')
-
-    # Register blueprints - Docker
-    from app.api.docker import docker_bp
-    app.register_blueprint(docker_bp, url_prefix='/api/v1/docker')
-
-    # Register blueprints - Databases
-    from app.api.databases import databases_bp
-    app.register_blueprint(databases_bp, url_prefix='/api/v1/databases')
-
-    # Register blueprints - Monitoring & Alerts
-    from app.api.monitoring import monitoring_bp
-    app.register_blueprint(monitoring_bp, url_prefix='/api/v1/monitoring')
-
-    # Register blueprints - Notifications
-    from app.api.notifications import notifications_bp
-    app.register_blueprint(notifications_bp, url_prefix='/api/v1/notifications')
-
-    # Register blueprints - Backups
-    from app.api.backups import backups_bp
-    app.register_blueprint(backups_bp, url_prefix='/api/v1/backups')
-
-    # Register blueprints - Git Deployment
-    from app.api.deploy import deploy_bp
-    app.register_blueprint(deploy_bp, url_prefix='/api/v1/deploy')
-
-    # Register blueprints - Builds & Deployments
-    from app.api.builds import builds_bp
-    app.register_blueprint(builds_bp, url_prefix='/api/v1/builds')
-
-    # Register blueprints - Templates
-    from app.api.templates import templates_bp
-    app.register_blueprint(templates_bp, url_prefix='/api/v1/templates')
-
-    # Register blueprints - File Manager
-    from app.api.files import files_bp
-    app.register_blueprint(files_bp, url_prefix='/api/v1/files')
-
-    # Register blueprints - FTP Server
-    from app.api.ftp import ftp_bp
-    app.register_blueprint(ftp_bp, url_prefix='/api/v1/ftp')
-
-    # Register blueprints - Firewall
-    from app.api.firewall import firewall_bp
-    app.register_blueprint(firewall_bp, url_prefix='/api/v1/firewall')
-
-    # Register blueprints - Git Server
-    from app.api.git import git_bp
-    app.register_blueprint(git_bp, url_prefix='/api/v1/git')
-
-    # Register blueprints - Security (ClamAV, File Integrity, etc.)
-    from app.api.security import security_bp
-    app.register_blueprint(security_bp, url_prefix='/api/v1/security')
-
-    # Register blueprints - Cron Jobs
-    from app.api.cron import cron_bp
-    app.register_blueprint(cron_bp, url_prefix='/api/v1/cron')
-
-    # Register blueprints - Email Server
-    from app.api.email import email_bp
-    app.register_blueprint(email_bp, url_prefix='/api/v1/email')
-
-    # Register blueprints - Uptime Tracking
-    from app.api.uptime import uptime_bp
-    app.register_blueprint(uptime_bp, url_prefix='/api/v1/uptime')
-
-    # Register blueprints - Environment Variables
-    from app.api.env_vars import env_vars_bp
-    app.register_blueprint(env_vars_bp, url_prefix='/api/v1/apps')
-
-    # Register blueprints - Two-Factor Authentication
-    from app.api.two_factor import two_factor_bp
-    app.register_blueprint(two_factor_bp, url_prefix='/api/v1/auth/2fa')
-
-    # Register blueprints - SSO / OAuth
-    from app.api.sso import sso_bp
-    app.register_blueprint(sso_bp, url_prefix='/api/v1/sso')
-
-    # Register blueprints - Database Migrations
-    from app.api.migrations import migrations_bp
-    app.register_blueprint(migrations_bp, url_prefix='/api/v1/migrations')
-
-    # Register blueprints - API Enhancements
-    from app.api.api_keys import api_keys_bp
-    from app.api.api_analytics import api_analytics_bp
-    from app.api.event_subscriptions import event_subscriptions_bp
-    from app.api.docs import docs_bp
-    app.register_blueprint(api_keys_bp, url_prefix='/api/v1/api-keys')
-    app.register_blueprint(api_analytics_bp, url_prefix='/api/v1/api-analytics')
-    app.register_blueprint(event_subscriptions_bp, url_prefix='/api/v1/event-subscriptions')
-    app.register_blueprint(docs_bp, url_prefix='/api/v1/docs')
-
-    # Register blueprints - Admin (User Management, Settings, Audit Logs)
-    from app.api.admin import admin_bp
-    app.register_blueprint(admin_bp, url_prefix='/api/v1/admin')
-
-    # Register blueprints - Invitations
-    from app.api.invitations import invitations_bp
-    app.register_blueprint(invitations_bp, url_prefix='/api/v1/admin/invitations')
-
-    # Register blueprints - Historical Metrics
-    from app.api.metrics import metrics_bp
-    app.register_blueprint(metrics_bp, url_prefix='/api/v1/metrics')
-
-    # Register blueprints - Workflows
-    from app.api.workflows import workflows_bp
-    app.register_blueprint(workflows_bp, url_prefix='/api/v1/workflows')
-
-    # Register blueprints - Servers (Multi-server management)
-    from app.api.servers import servers_bp
-    app.register_blueprint(servers_bp, url_prefix='/api/v1/servers')
-
-    # Handle database migrations (Alembic)
-    with app.app_context():
-        from app.services.migration_service import MigrationService
-        MigrationService.check_and_prepare(app)
-
-        # Initialize default settings and migrate legacy roles
-        from app.services.settings_service import SettingsService
-        SettingsService.initialize_defaults()
-        SettingsService.migrate_legacy_roles()
-
-        # Start metrics history collection in background
-        from app.services.metrics_history_service import MetricsHistoryService
-        if not MetricsHistoryService.is_running():
-            MetricsHistoryService.start_collection(app)
-
-        # Start auto-sync scheduler for WordPress environments
-        _start_auto_sync_scheduler(app)
-
-        # Start API analytics flush thread
-        from app.middleware.api_analytics import start_analytics_flush_thread
-        start_analytics_flush_thread(app)
-
-        # Start hourly analytics aggregation and event retry threads
-        _start_api_background_threads(app)
-
-    # Serve frontend for root path
-    @app.route('/')
-    def serve_index():
-        index = os.path.join(app.static_folder, 'index.html') if app.static_folder else None
-        if index and os.path.isfile(index):
-            return send_from_directory(app.static_folder, 'index.html')
-        return {'message': 'ServerKit API is running', 'docs': '/api/v1/'}, 200
-
-    # Catch-all route for SPA - must be after all other routes
-    @app.errorhandler(404)
-    def not_found(e):
-        from flask import request
-        if request.path.startswith('/api/'):
-            return {'error': 'Not found'}, 404
-        # Serve SPA index.html if it exists, otherwise JSON 404
-        index = os.path.join(app.static_folder, 'index.html') if app.static_folder else None
-        if index and os.path.isfile(index):
-            return send_from_directory(app.static_folder, 'index.html')
-        return {'error': 'Not found'}, 404
-
-    return app
-
-
-def get_socketio():
-    """Get the SocketIO instance."""
-    return socketio
-
-
-_auto_sync_thread = None
-
-
-def _start_auto_sync_scheduler(app):
-    """Start a background thread that checks for auto-sync schedules."""
-    global _auto_sync_thread
-    if _auto_sync_thread is not None:
-        return
-
-    import threading
-    import time
-    import logging
-
-    logger = logging.getLogger(__name__)
-
-    def auto_sync_loop():
-        while True:
-            try:
-                time.sleep(60)  # Check every 60 seconds
-                with app.app_context():
-                    _check_auto_sync_schedules(logger)
-            except Exception as e:
-                logger.error(f'Auto-sync scheduler error: {e}')
-
-    _auto_sync_thread = threading.Thread(
-        target=auto_sync_loop,
-        daemon=True,
-        name='auto-sync-scheduler'
-    )
-    _auto_sync_thread.start()
-
-
-def _check_auto_sync_schedules(logger):
-    """Check all auto-sync enabled sites and run syncs that are due."""
-    from app.models.wordpress_site import WordPressSite
-    from datetime import datetime
-
-    sites = WordPressSite.query.filter_by(auto_sync_enabled=True).all()
-    if not sites:
-        return
-
-    try:
-        from croniter import croniter
-    except ImportError:
-        logger.debug('croniter not installed, skipping auto-sync check')
-        return
-
-    now = datetime.utcnow()
-
-    for site in sites:
-        if not site.auto_sync_schedule:
-            continue
-
-        try:
-            if not croniter.is_valid(site.auto_sync_schedule):
-                continue
-
-            cron = croniter(site.auto_sync_schedule, now)
-            prev_run = cron.get_prev(datetime)
-
-            # Check if a run was due in the last 90 seconds (to account for check interval)
-            seconds_since_due = (now - prev_run).total_seconds()
-            if seconds_since_due <= 90:
-                logger.info(f'Auto-sync triggered for site {site.id} ({site.name})')
-                from app.services.environment_pipeline_service import EnvironmentPipelineService
-                EnvironmentPipelineService.sync_from_production(
-                    env_site_id=site.id,
-                    sync_type='full',
-                    user_id=None
-                )
-        except Exception as e:
-            logger.error(f'Auto-sync check failed for site {site.id}: {e}')
-
-
-_api_bg_thread = None
-
-
-def _start_api_background_threads(app):
-    """Start background threads for API analytics aggregation and event delivery retry."""
-    global _api_bg_thread
-    if _api_bg_thread is not None:
-        return
-
-    import threading
-    import time
-    import logging
-
-    logger = logging.getLogger(__name__)
-
-    def api_bg_loop():
-        while True:
-            try:
-                time.sleep(3600)  # Run hourly
-                with app.app_context():
-                    from app.services.api_analytics_service import ApiAnalyticsService
-                    ApiAnalyticsService.aggregate_hourly()
-
-                    from app.services.event_service import EventService
-                    EventService.retry_failed()
-            except Exception as e:
-                logger.error(f'API background thread error: {e}')
-
-    _api_bg_thread = threading.Thread(
-        target=api_bg_loop,
-        daemon=True,
-        name='api-background'
-    )
-    _api_bg_thread.start()
+import os
+from flask import Flask, send_from_directory, request, jsonify
+from flask_sqlalchemy import SQLAlchemy
+from flask_jwt_extended import JWTManager
+from flask_cors import CORS
+from flask_limiter import Limiter
+from flask_limiter.util import get_remote_address
+from flask_migrate import Migrate
+
+from config import config
+
+db = SQLAlchemy()
+jwt = JWTManager()
+migrate = Migrate()
+
+# PyJWT 2.10+ enforces that 'sub' must be a string.
+# Stringify the identity so integer user IDs work transparently.
+@jwt.user_identity_loader
+def _user_identity(user_id):
+    return str(user_id)
+limiter = Limiter(key_func=get_remote_address, default_limits=["100 per minute"])
+# Note: key_func is updated to get_rate_limit_key after app init
+socketio = None
+
+# Path to frontend dist folder (relative to backend folder)
+FRONTEND_DIST = os.path.join(os.path.dirname(os.path.dirname(os.path.dirname(__file__))), 'frontend', 'dist')
+
+
+def create_app(config_name=None):
+    global socketio
+
+    if config_name is None:
+        config_name = os.environ.get('FLASK_ENV', 'development')
+
+    # Configure Flask to serve static files from frontend dist
+    app = Flask(
+        __name__,
+        static_folder=FRONTEND_DIST,
+        static_url_path=''
+    )
+    app.config.from_object(config[config_name])
+
+    # Initialize extensions
+    db.init_app(app)
+    migrate.init_app(app, db)
+    jwt.init_app(app)
+    limiter.init_app(app)
+    CORS(
+        app,
+        origins=app.config['CORS_ORIGINS'],
+        supports_credentials=True,
+        allow_headers=['Content-Type', 'Authorization', 'X-Requested-With', 'X-API-Key'],
+        methods=['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'PATCH']
+    )
+
+    # Register security headers middleware
+    from app.middleware.security import register_security_headers
+    register_security_headers(app)
+
+    # Register API key authentication middleware
+    from app.middleware.api_key_auth import register_api_key_auth
+    register_api_key_auth(app)
+
+    # Register API analytics middleware
+    from app.middleware.api_analytics import register_api_analytics
+    register_api_analytics(app)
+
+    # Update rate limiter with custom key function
+    from app.middleware.rate_limit import get_rate_limit_key, register_rate_limit_headers
+    limiter._key_func = get_rate_limit_key
+    register_rate_limit_headers(app)
+
+    # Initialize SocketIO
+    from app.sockets import init_socketio
+    socketio = init_socketio(app)
+
+    # Initialize Agent Gateway
+    from app.agent_gateway import init_agent_gateway
+    init_agent_gateway(socketio)
+
+    # Register blueprints - Auth
+    from app.api.auth import auth_bp
+    app.register_blueprint(auth_bp, url_prefix='/api/v1/auth')
+
+    # Register blueprints - Core
+    from app.api.apps import apps_bp
+    from app.api.domains import domains_bp
+    from app.api.private_urls import private_urls_bp
+    app.register_blueprint(apps_bp, url_prefix='/api/v1/apps')
+    app.register_blueprint(domains_bp, url_prefix='/api/v1/domains')
+    app.register_blueprint(private_urls_bp, url_prefix='/api/v1/apps')
+
+    # Register blueprints - System
+    from app.api.system import system_bp
+    from app.api.processes import processes_bp
+    from app.api.logs import logs_bp
+    app.register_blueprint(system_bp, url_prefix='/api/v1/system')
+    app.register_blueprint(processes_bp, url_prefix='/api/v1/processes')
+    app.register_blueprint(logs_bp, url_prefix='/api/v1/logs')
+
+    # Register blueprints - Infrastructure
+    from app.api.nginx import nginx_bp
+    from app.api.ssl import ssl_bp
+    app.register_blueprint(nginx_bp, url_prefix='/api/v1/nginx')
+    app.register_blueprint(ssl_bp, url_prefix='/api/v1/ssl')
+
+    # Register blueprints - PHP & WordPress
+    from app.api.php import php_bp
+    from app.api.wordpress import wordpress_bp
+    from app.api.wordpress_sites import wordpress_sites_bp
+    from app.api.environment_pipeline import environment_pipeline_bp
+    app.register_blueprint(php_bp, url_prefix='/api/v1/php')
+    app.register_blueprint(wordpress_bp, url_prefix='/api/v1/wordpress')
+    app.register_blueprint(wordpress_sites_bp, url_prefix='/api/v1/wordpress')
+    app.register_blueprint(environment_pipeline_bp, url_prefix='/api/v1/wordpress/projects')
+
+    # Register blueprints - Python
+    from app.api.python import python_bp
+    app.register_blueprint(python_bp, url_prefix='/api/v1/python')
+
+    # Register blueprints - Docker
+    from app.api.docker import docker_bp
+    app.register_blueprint(docker_bp, url_prefix='/api/v1/docker')
+
+    # Register blueprints - Databases
+    from app.api.databases import databases_bp
+    app.register_blueprint(databases_bp, url_prefix='/api/v1/databases')
+
+    # Register blueprints - Monitoring & Alerts
+    from app.api.monitoring import monitoring_bp
+    app.register_blueprint(monitoring_bp, url_prefix='/api/v1/monitoring')
+
+    # Register blueprints - Notifications
+    from app.api.notifications import notifications_bp
+    app.register_blueprint(notifications_bp, url_prefix='/api/v1/notifications')
+
+    # Register blueprints - Backups
+    from app.api.backups import backups_bp
+    app.register_blueprint(backups_bp, url_prefix='/api/v1/backups')
+
+    # Register blueprints - Git Deployment
+    from app.api.deploy import deploy_bp
+    app.register_blueprint(deploy_bp, url_prefix='/api/v1/deploy')
+
+    # Register blueprints - Builds & Deployments
+    from app.api.builds import builds_bp
+    app.register_blueprint(builds_bp, url_prefix='/api/v1/builds')
+
+    # Register blueprints - Templates
+    from app.api.templates import templates_bp
+    app.register_blueprint(templates_bp, url_prefix='/api/v1/templates')
+
+    # Register blueprints - File Manager
+    from app.api.files import files_bp
+    app.register_blueprint(files_bp, url_prefix='/api/v1/files')
+
+    # Register blueprints - FTP Server
+    from app.api.ftp import ftp_bp
+    app.register_blueprint(ftp_bp, url_prefix='/api/v1/ftp')
+
+    # Register blueprints - Firewall
+    from app.api.firewall import firewall_bp
+    app.register_blueprint(firewall_bp, url_prefix='/api/v1/firewall')
+
+    # Register blueprints - Git Server
+    from app.api.git import git_bp
+    app.register_blueprint(git_bp, url_prefix='/api/v1/git')
+
+    # Register blueprints - Security (ClamAV, File Integrity, etc.)
+    from app.api.security import security_bp
+    app.register_blueprint(security_bp, url_prefix='/api/v1/security')
+
+    # Register blueprints - Cron Jobs
+    from app.api.cron import cron_bp
+    app.register_blueprint(cron_bp, url_prefix='/api/v1/cron')
+
+    # Register blueprints - Email Server
+    from app.api.email import email_bp
+    app.register_blueprint(email_bp, url_prefix='/api/v1/email')
+
+    # Register blueprints - Uptime Tracking
+    from app.api.uptime import uptime_bp
+    app.register_blueprint(uptime_bp, url_prefix='/api/v1/uptime')
+
+    # Register blueprints - Environment Variables
+    from app.api.env_vars import env_vars_bp
+    app.register_blueprint(env_vars_bp, url_prefix='/api/v1/apps')
+
+    # Register blueprints - Two-Factor Authentication
+    from app.api.two_factor import two_factor_bp
+    app.register_blueprint(two_factor_bp, url_prefix='/api/v1/auth/2fa')
+
+    # Register blueprints - SSO / OAuth
+    from app.api.sso import sso_bp
+    app.register_blueprint(sso_bp, url_prefix='/api/v1/sso')
+
+    # Register blueprints - Database Migrations
+    from app.api.migrations import migrations_bp
+    app.register_blueprint(migrations_bp, url_prefix='/api/v1/migrations')
+
+    # Register blueprints - API Enhancements
+    from app.api.api_keys import api_keys_bp
+    from app.api.api_analytics import api_analytics_bp
+    from app.api.event_subscriptions import event_subscriptions_bp
+    from app.api.docs import docs_bp
+    app.register_blueprint(api_keys_bp, url_prefix='/api/v1/api-keys')
+    app.register_blueprint(api_analytics_bp, url_prefix='/api/v1/api-analytics')
+    app.register_blueprint(event_subscriptions_bp, url_prefix='/api/v1/event-subscriptions')
+    app.register_blueprint(docs_bp, url_prefix='/api/v1/docs')
+
+    # Register blueprints - Admin (User Management, Settings, Audit Logs)
+    from app.api.admin import admin_bp
+    app.register_blueprint(admin_bp, url_prefix='/api/v1/admin')
+
+    # Register blueprints - Invitations
+    from app.api.invitations import invitations_bp
+    app.register_blueprint(invitations_bp, url_prefix='/api/v1/admin/invitations')
+
+    # Register blueprints - Historical Metrics
+    from app.api.metrics import metrics_bp
+    app.register_blueprint(metrics_bp, url_prefix='/api/v1/metrics')
+
+    # Register blueprints - Workflows
+    from app.api.workflows import workflows_bp
+    app.register_blueprint(workflows_bp, url_prefix='/api/v1/workflows')
+
+    # Register blueprints - Servers (Multi-server management)
+    from app.api.servers import servers_bp
+    app.register_blueprint(servers_bp, url_prefix='/api/v1/servers')
+
+    # Register blueprints - Fleet Monitor (Cross-server monitoring)
+    from app.api.fleet_monitor import fleet_monitor_bp
+    app.register_blueprint(fleet_monitor_bp, url_prefix='/api/v1/fleet-monitor')
+
+    # Register blueprints - Agent Plugins
+    from app.api.agent_plugins import agent_plugins_bp
+    app.register_blueprint(agent_plugins_bp, url_prefix='/api/v1/agent-plugins')
+
+    # Register blueprints - Server Templates
+    from app.api.server_templates import server_templates_bp
+    app.register_blueprint(server_templates_bp, url_prefix='/api/v1/server-templates')
+
+    # Register blueprints - Workspaces
+    from app.api.workspaces import workspaces_bp
+    app.register_blueprint(workspaces_bp, url_prefix='/api/v1/workspaces')
+
+    # Register blueprints - Advanced SSL
+    from app.api.advanced_ssl import advanced_ssl_bp
+    app.register_blueprint(advanced_ssl_bp, url_prefix='/api/v1/ssl/advanced')
+
+    # Register blueprints - DNS Zones
+    from app.api.dns_zones import dns_zones_bp
+    app.register_blueprint(dns_zones_bp, url_prefix='/api/v1/dns')
+
+    # Register blueprints - Nginx Advanced
+    from app.api.nginx_advanced import nginx_advanced_bp
+    app.register_blueprint(nginx_advanced_bp, url_prefix='/api/v1/nginx/advanced')
+
+    # Register blueprints - Status Pages
+    from app.api.status_pages import status_pages_bp
+    app.register_blueprint(status_pages_bp, url_prefix='/api/v1/status')
+
+    # Register blueprints - Cloud Provisioning
+    from app.api.cloud_provisioning import cloud_provisioning_bp
+    app.register_blueprint(cloud_provisioning_bp, url_prefix='/api/v1/cloud')
+
+    # Register blueprints - Performance
+    from app.api.performance import performance_bp
+    app.register_blueprint(performance_bp, url_prefix='/api/v1/performance')
+
+    # Register blueprints - Mobile
+    from app.api.mobile import mobile_bp
+    app.register_blueprint(mobile_bp, url_prefix='/api/v1/mobile')
+
+    # Register blueprints - Marketplace
+    from app.api.marketplace import marketplace_bp
+    app.register_blueprint(marketplace_bp, url_prefix='/api/v1/marketplace')
+
+    # Handle database migrations (Alembic)
+    with app.app_context():
+        from app.services.migration_service import MigrationService
+        MigrationService.check_and_prepare(app)
+
+        # Initialize default settings and migrate legacy roles
+        from app.services.settings_service import SettingsService
+        SettingsService.initialize_defaults()
+        SettingsService.migrate_legacy_roles()
+
+        # Start metrics history collection in background
+        from app.services.metrics_history_service import MetricsHistoryService
+        if not MetricsHistoryService.is_running():
+            MetricsHistoryService.start_collection(app)
+
+        # Start auto-sync scheduler for WordPress environments
+        _start_auto_sync_scheduler(app)
+
+        # Start workflow scheduler
+        _start_workflow_scheduler(app)
+
+        # Start API analytics flush thread
+        from app.middleware.api_analytics import start_analytics_flush_thread
+        start_analytics_flush_thread(app)
+
+        # Start hourly analytics aggregation and event retry threads
+        _start_api_background_threads(app)
+
+    # Request body size limit
+    app.config['MAX_CONTENT_LENGTH'] = 100 * 1024 * 1024  # 100MB limit
+
+    # Reject 2FA pending tokens on non-2FA endpoints
+    @app.before_request
+    def check_2fa_pending():
+        """Reject 2FA pending tokens on non-2FA endpoints."""
+        from flask_jwt_extended import verify_jwt_in_request, get_jwt
+        if request.endpoint and request.path.startswith('/api/'):
+            # Allow 2FA verification endpoints
+            if '/two-factor/verify' in request.path or '/two-factor/verify-backup' in request.path:
+                return
+            # Allow auth endpoints (login, refresh)
+            if '/auth/login' in request.path or '/auth/refresh' in request.path:
+                return
+            try:
+                verify_jwt_in_request()
+                claims = get_jwt()
+                if claims.get('2fa_pending'):
+                    return jsonify({'error': '2FA verification required'}), 403
+            except Exception:
+                pass  # Let @jwt_required handle actual auth errors
+
+    # Serve frontend for root path
+    @app.route('/')
+    def serve_index():
+        index = os.path.join(app.static_folder, 'index.html') if app.static_folder else None
+        if index and os.path.isfile(index):
+            return send_from_directory(app.static_folder, 'index.html')
+        return {'message': 'ServerKit API is running', 'docs': '/api/v1/'}, 200
+
+    # Catch-all route for SPA - must be after all other routes
+    @app.errorhandler(404)
+    def not_found(e):
+        from flask import request
+        if request.path.startswith('/api/'):
+            return {'error': 'Not found'}, 404
+        # Serve SPA index.html if it exists, otherwise JSON 404
+        index = os.path.join(app.static_folder, 'index.html') if app.static_folder else None
+        if index and os.path.isfile(index):
+            return send_from_directory(app.static_folder, 'index.html')
+        return {'error': 'Not found'}, 404
+
+    return app
+
+
+def get_socketio():
+    """Get the SocketIO instance."""
+    return socketio
+
+
+_auto_sync_thread = None
+
+
+def _start_auto_sync_scheduler(app):
+    """Start a background thread that checks for auto-sync schedules."""
+    global _auto_sync_thread
+    if _auto_sync_thread is not None:
+        return
+
+    import threading
+    import time
+    import logging
+
+    logger = logging.getLogger(__name__)
+
+    def auto_sync_loop():
+        while True:
+            try:
+                time.sleep(60)  # Check every 60 seconds
+                with app.app_context():
+                    _check_auto_sync_schedules(logger)
+            except Exception as e:
+                logger.error(f'Auto-sync scheduler error: {e}')
+
+    _auto_sync_thread = threading.Thread(
+        target=auto_sync_loop,
+        daemon=True,
+        name='auto-sync-scheduler'
+    )
+    _auto_sync_thread.start()
+
+
+def _check_auto_sync_schedules(logger):
+    """Check all auto-sync enabled sites and run syncs that are due."""
+    from app.models.wordpress_site import WordPressSite
+    from datetime import datetime
+
+    sites = WordPressSite.query.filter_by(auto_sync_enabled=True).all()
+    if not sites:
+        return
+
+    try:
+        from croniter import croniter
+    except ImportError:
+        logger.debug('croniter not installed, skipping auto-sync check')
+        return
+
+    now = datetime.utcnow()
+
+    for site in sites:
+        if not site.auto_sync_schedule:
+            continue
+
+        try:
+            if not croniter.is_valid(site.auto_sync_schedule):
+                continue
+
+            cron = croniter(site.auto_sync_schedule, now)
+            prev_run = cron.get_prev(datetime)
+
+            # Check if a run was due in the last 90 seconds (to account for check interval)
+            seconds_since_due = (now - prev_run).total_seconds()
+            if seconds_since_due <= 90:
+                logger.info(f'Auto-sync triggered for site {site.id} ({site.name})')
+                from app.services.environment_pipeline_service import EnvironmentPipelineService
+                EnvironmentPipelineService.sync_from_production(
+                    env_site_id=site.id,
+                    sync_type='full',
+                    user_id=None
+                )
+        except Exception as e:
+            logger.error(f'Auto-sync check failed for site {site.id}: {e}')
+
+
+_api_bg_thread = None
+
+
+def _start_api_background_threads(app):
+    """Start background threads for API analytics aggregation and event delivery retry."""
+    global _api_bg_thread
+    if _api_bg_thread is not None:
+        return
+
+    import threading
+    import time
+    import logging
+
+    logger = logging.getLogger(__name__)
+
+    def api_bg_loop():
+        while True:
+            try:
+                time.sleep(3600)  # Run hourly
+                with app.app_context():
+                    from app.services.api_analytics_service import ApiAnalyticsService
+                    ApiAnalyticsService.aggregate_hourly()
+
+                    from app.services.event_service import EventService
+                    EventService.retry_failed()
+            except Exception as e:
+                logger.error(f'API background thread error: {e}')
+
+    _api_bg_thread = threading.Thread(
+        target=api_bg_loop,
+        daemon=True,
+        name='api-background'
+    )
+    _api_bg_thread.start()
+
+
+_workflow_thread = None
+
+
+def _start_workflow_scheduler(app):
+    """Start a background thread that checks for scheduled workflows."""
+    global _workflow_thread
+    if _workflow_thread is not None:
+        return
+
+    import threading
+    import time
+    import logging
+
+    logger = logging.getLogger(__name__)
+
+    def workflow_loop():
+        while True:
+            try:
+                time.sleep(60)  # Check every 60 seconds
+                with app.app_context():
+                    _check_workflow_schedules(logger)
+            except Exception as e:
+                logger.error(f'Workflow scheduler error: {e}')
+
+    _workflow_thread = threading.Thread(
+        target=workflow_loop,
+        daemon=True,
+        name='workflow-scheduler'
+    )
+    _workflow_thread.start()
+
+
+def _check_workflow_schedules(logger):
+    """Check all active workflows with cron triggers and run those that are due."""
+    from app.models.workflow import Workflow
+    from app.services.workflow_engine import WorkflowEngine
+    from datetime import datetime
+    import json
+
+    try:
+        from croniter import croniter
+    except ImportError:
+        logger.debug('croniter not installed, skipping workflow schedule check')
+        return
+
+    # Find active workflows with cron triggers
+    workflows = Workflow.query.filter_by(is_active=True, trigger_type='cron').all()
+    if not workflows:
+        return
+
+    now = datetime.utcnow()
+
+    for workflow in workflows:
+        try:
+            config = json.loads(workflow.trigger_config) if workflow.trigger_config else {}
+            cron_expr = config.get('cron')
+            
+            if not cron_expr or not croniter.is_valid(cron_expr):
+                continue
+
+            cron = croniter(cron_expr, now)
+            prev_run = cron.get_prev(datetime)
+
+            # Check if a run was due in the last 90 seconds
+            seconds_since_due = (now - prev_run).total_seconds()
+            
+            # Also ensure we don't run it multiple times for the same slot
+            if 0 < seconds_since_due <= 90:
+                # Check if it already ran in the last 2 minutes
+                if workflow.last_run_at:
+                    seconds_since_last_run = (now - workflow.last_run_at).total_seconds()
+                    if seconds_since_last_run < 110:
+                        continue
+
+                logger.info(f'Scheduled workflow triggered: {workflow.name} (ID: {workflow.id})')
+                WorkflowEngine.execute_workflow(
+                    workflow_id=workflow.id,
+                    trigger_type='cron',
+                    context={'scheduled_at': prev_run.isoformat()}
+                )
+        except Exception as e:
+            logger.error(f'Workflow schedule check failed for workflow {workflow.id}: {e}')
diff --git a/backend/app/agent_gateway.py b/backend/app/agent_gateway.py
index e2420386..6d513197 100644
--- a/backend/app/agent_gateway.py
+++ b/backend/app/agent_gateway.py
@@ -5,6 +5,7 @@
 Handles agent connections, authentication, and message routing.
 """
 
+from collections import defaultdict
 from flask import request
 from flask_socketio import Namespace, emit, disconnect
 import json
@@ -15,6 +16,22 @@
 from app.utils.ip_utils import is_ip_allowed
 from app.services.anomaly_detection_service import anomaly_detection_service
 
+# In-memory rate limiter for agent authentication
+_auth_attempts = defaultdict(list)
+_AUTH_RATE_LIMIT = 10  # max attempts per window
+_AUTH_RATE_WINDOW = 60  # seconds
+
+
+def _check_auth_rate_limit(ip_address: str) -> bool:
+    """Check if IP has exceeded auth rate limit."""
+    now = time.time()
+    # Clean old entries
+    _auth_attempts[ip_address] = [t for t in _auth_attempts[ip_address] if now - t < _AUTH_RATE_WINDOW]
+    if len(_auth_attempts[ip_address]) >= _AUTH_RATE_LIMIT:
+        return False
+    _auth_attempts[ip_address].append(now)
+    return True
+
 
 class AgentNamespace(Namespace):
     """
@@ -50,6 +67,11 @@ def on_auth(self, data):
         }
         """
         sid = request.sid
+        ip_address = request.remote_addr
+        if not _check_auth_rate_limit(ip_address):
+            emit('auth_response', {'success': False, 'error': 'Rate limit exceeded'}, room=request.sid, namespace='/agent')
+            return
+
         agent_id = data.get('agent_id')
         api_key_prefix = data.get('api_key_prefix')
         signature = data.get('signature')
diff --git a/backend/app/api/admin.py b/backend/app/api/admin.py
index c01e65e0..bc8b6b2b 100644
--- a/backend/app/api/admin.py
+++ b/backend/app/api/admin.py
@@ -518,10 +518,11 @@ def get_activity_summary():
                 'action_count': count
             })
 
-    # Daily action counts for the past 7 days
+    # Daily action counts for the past 90 days
     daily_counts = []
-    for i in range(7):
-        day_start = today_start - timedelta(days=6 - i)
+    days_to_fetch = 90
+    for i in range(days_to_fetch):
+        day_start = today_start - timedelta(days=(days_to_fetch - 1) - i)
         day_end = day_start + timedelta(days=1)
         count = db.session.query(func.count(AuditLog.id)).filter(
             AuditLog.created_at >= day_start,
@@ -532,12 +533,30 @@ def get_activity_summary():
             'count': count
         })
 
+    # Top user activity (past 90 days)
+    top_user_daily = []
+    if top_users:
+        top_user_id = top_users[0]['user_id']
+        for i in range(days_to_fetch):
+            day_start = today_start - timedelta(days=(days_to_fetch - 1) - i)
+            day_end = day_start + timedelta(days=1)
+            count = db.session.query(func.count(AuditLog.id)).filter(
+                AuditLog.user_id == top_user_id,
+                AuditLog.created_at >= day_start,
+                AuditLog.created_at < day_end
+            ).scalar() or 0
+            top_user_daily.append({
+                'date': day_start.strftime('%Y-%m-%d'),
+                'count': count
+            })
+
     return jsonify({
         'active_users_today': active_today,
         'actions_this_week': actions_this_week,
         'total_users': total_users,
         'top_users': top_users,
         'daily_counts': daily_counts,
+        'top_user_daily': top_user_daily,
     }), 200
 
 
diff --git a/backend/app/api/advanced_ssl.py b/backend/app/api/advanced_ssl.py
new file mode 100644
index 00000000..64a2ee6c
--- /dev/null
+++ b/backend/app/api/advanced_ssl.py
@@ -0,0 +1,102 @@
+from flask import Blueprint, request, jsonify
+from flask_jwt_extended import jwt_required
+from app.services.advanced_ssl_service import AdvancedSSLService
+from app.services.audit_service import AuditService
+from app.models.audit_log import AuditLog
+
+advanced_ssl_bp = Blueprint('advanced_ssl', __name__)
+
+
+def get_current_user():
+    from flask_jwt_extended import get_jwt_identity
+    from app.models.user import User
+    return User.query.get(get_jwt_identity())
+
+
+@advanced_ssl_bp.route('/profiles', methods=['GET'])
+@jwt_required()
+def get_profiles():
+    return jsonify({'profiles': AdvancedSSLService.get_ssl_profiles()})
+
+
+@advanced_ssl_bp.route('/wildcard', methods=['POST'])
+@jwt_required()
+def issue_wildcard():
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+
+    data = request.get_json() or {}
+    domain = data.get('domain')
+    provider = data.get('dns_provider')
+    creds = data.get('credentials', {})
+
+    if not domain or not provider:
+        return jsonify({'error': 'domain and dns_provider required'}), 400
+
+    result = AdvancedSSLService.issue_wildcard_cert(domain, provider, creds)
+    AuditService.log(
+        action=AuditLog.ACTION_RESOURCE_CREATE, user_id=user.id,
+        target_type='ssl_wildcard', target_id=0,
+        details={'domain': domain, 'success': result.get('success')}
+    )
+    status = 200 if result.get('success') else 400
+    return jsonify(result), status
+
+
+@advanced_ssl_bp.route('/san', methods=['POST'])
+@jwt_required()
+def issue_san():
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+
+    data = request.get_json() or {}
+    domains = data.get('domains', [])
+    if not domains:
+        return jsonify({'error': 'domains list required'}), 400
+
+    try:
+        result = AdvancedSSLService.issue_san_cert(domains)
+        status = 200 if result.get('success') else 400
+        return jsonify(result), status
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@advanced_ssl_bp.route('/upload', methods=['POST'])
+@jwt_required()
+def upload_cert():
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+
+    data = request.get_json() or {}
+    domain = data.get('domain')
+    cert = data.get('certificate')
+    key = data.get('private_key')
+    chain = data.get('chain')
+
+    if not domain or not cert or not key:
+        return jsonify({'error': 'domain, certificate, and private_key required'}), 400
+
+    try:
+        result = AdvancedSSLService.upload_custom_cert(domain, cert, key, chain)
+        return jsonify(result), 201
+    except Exception as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@advanced_ssl_bp.route('/health/<domain>', methods=['GET'])
+@jwt_required()
+def cert_health(domain):
+    result = AdvancedSSLService.get_cert_health(domain)
+    return jsonify(result)
+
+
+@advanced_ssl_bp.route('/expiry-alerts', methods=['GET'])
+@jwt_required()
+def expiry_alerts():
+    days = request.args.get('days', 30, type=int)
+    alerts = AdvancedSSLService.get_expiry_alerts(days)
+    return jsonify({'alerts': alerts, 'threshold_days': days})
diff --git a/backend/app/api/agent_plugins.py b/backend/app/api/agent_plugins.py
new file mode 100644
index 00000000..aee04f72
--- /dev/null
+++ b/backend/app/api/agent_plugins.py
@@ -0,0 +1,240 @@
+from flask import Blueprint, request, jsonify
+from flask_jwt_extended import jwt_required
+from app.services.agent_plugin_service import AgentPluginService
+from app.services.audit_service import AuditService
+from app.models.audit_log import AuditLog
+
+agent_plugins_bp = Blueprint('agent_plugins', __name__)
+
+
+def get_current_user():
+    from flask_jwt_extended import get_jwt_identity
+    from app.models.user import User
+    return User.query.get(get_jwt_identity())
+
+
+@agent_plugins_bp.route('/', methods=['GET'])
+@jwt_required()
+def list_plugins():
+    status = request.args.get('status')
+    plugins = AgentPluginService.list_plugins(status=status)
+    return jsonify({'plugins': [p.to_dict() for p in plugins]})
+
+
+@agent_plugins_bp.route('/<int:plugin_id>', methods=['GET'])
+@jwt_required()
+def get_plugin(plugin_id):
+    plugin = AgentPluginService.get_plugin(plugin_id)
+    if not plugin:
+        return jsonify({'error': 'Plugin not found'}), 404
+    return jsonify(plugin.to_dict())
+
+
+@agent_plugins_bp.route('/', methods=['POST'])
+@jwt_required()
+def create_plugin():
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+
+    data = request.get_json()
+    if not data:
+        return jsonify({'error': 'Request body required'}), 400
+
+    # Validate manifest
+    errors = AgentPluginService.validate_manifest(data)
+    if errors:
+        return jsonify({'error': 'Invalid manifest', 'details': errors}), 400
+
+    try:
+        plugin = AgentPluginService.create_plugin(data)
+        AuditService.log(
+            action=AuditLog.ACTION_RESOURCE_CREATE,
+            user_id=user.id,
+            target_type='agent_plugin',
+            target_id=plugin.id,
+            details={'name': plugin.name, 'version': plugin.version}
+        )
+        return jsonify(plugin.to_dict()), 201
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@agent_plugins_bp.route('/<int:plugin_id>', methods=['PUT'])
+@jwt_required()
+def update_plugin(plugin_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+
+    data = request.get_json()
+    plugin = AgentPluginService.update_plugin(plugin_id, data)
+    if not plugin:
+        return jsonify({'error': 'Plugin not found'}), 404
+
+    return jsonify(plugin.to_dict())
+
+
+@agent_plugins_bp.route('/<int:plugin_id>', methods=['DELETE'])
+@jwt_required()
+def delete_plugin(plugin_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+
+    try:
+        result = AgentPluginService.delete_plugin(plugin_id)
+        if not result:
+            return jsonify({'error': 'Plugin not found'}), 404
+        AuditService.log(
+            action=AuditLog.ACTION_RESOURCE_DELETE,
+            user_id=user.id,
+            target_type='agent_plugin',
+            target_id=plugin_id,
+            details={}
+        )
+        return jsonify({'message': 'Plugin deleted'})
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@agent_plugins_bp.route('/validate', methods=['POST'])
+@jwt_required()
+def validate_manifest():
+    data = request.get_json()
+    if not data:
+        return jsonify({'error': 'Manifest data required'}), 400
+    errors = AgentPluginService.validate_manifest(data)
+    return jsonify({'valid': len(errors) == 0, 'errors': errors})
+
+
+# --- Installation endpoints ---
+
+@agent_plugins_bp.route('/<int:plugin_id>/install', methods=['POST'])
+@jwt_required()
+def install_plugin(plugin_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+
+    data = request.get_json() or {}
+    server_id = data.get('server_id')
+    if not server_id:
+        return jsonify({'error': 'server_id required'}), 400
+
+    try:
+        install = AgentPluginService.install_plugin(
+            plugin_id, server_id, config=data.get('config')
+        )
+        AuditService.log(
+            action=AuditLog.ACTION_RESOURCE_CREATE,
+            user_id=user.id,
+            target_type='agent_plugin_install',
+            target_id=install.id,
+            details={'plugin_id': plugin_id, 'server_id': server_id}
+        )
+        return jsonify(install.to_dict()), 201
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@agent_plugins_bp.route('/<int:plugin_id>/bulk-install', methods=['POST'])
+@jwt_required()
+def bulk_install_plugin(plugin_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+
+    data = request.get_json() or {}
+    server_ids = data.get('server_ids', [])
+    if not server_ids:
+        return jsonify({'error': 'server_ids required'}), 400
+
+    results = AgentPluginService.bulk_install(plugin_id, server_ids, config=data.get('config'))
+    return jsonify({'results': results})
+
+
+@agent_plugins_bp.route('/<int:plugin_id>/installations', methods=['GET'])
+@jwt_required()
+def get_plugin_installations(plugin_id):
+    installs = AgentPluginService.get_plugin_installations(plugin_id)
+    return jsonify({'installations': [i.to_dict() for i in installs]})
+
+
+@agent_plugins_bp.route('/installs/<int:install_id>', methods=['GET'])
+@jwt_required()
+def get_install(install_id):
+    install = AgentPluginService.get_install(install_id)
+    if not install:
+        return jsonify({'error': 'Installation not found'}), 404
+    return jsonify(install.to_dict())
+
+
+@agent_plugins_bp.route('/installs/<int:install_id>/enable', methods=['POST'])
+@jwt_required()
+def enable_install(install_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+
+    install = AgentPluginService.enable_plugin(install_id)
+    if not install:
+        return jsonify({'error': 'Installation not found'}), 404
+    return jsonify(install.to_dict())
+
+
+@agent_plugins_bp.route('/installs/<int:install_id>/disable', methods=['POST'])
+@jwt_required()
+def disable_install(install_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+
+    install = AgentPluginService.disable_plugin(install_id)
+    if not install:
+        return jsonify({'error': 'Installation not found'}), 404
+    return jsonify(install.to_dict())
+
+
+@agent_plugins_bp.route('/installs/<int:install_id>', methods=['DELETE'])
+@jwt_required()
+def uninstall_plugin(install_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+
+    result = AgentPluginService.uninstall_plugin(install_id)
+    if not result:
+        return jsonify({'error': 'Installation not found'}), 404
+    return jsonify({'message': 'Plugin uninstall initiated'})
+
+
+@agent_plugins_bp.route('/installs/<int:install_id>/config', methods=['PUT'])
+@jwt_required()
+def update_install_config(install_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+
+    data = request.get_json()
+    if not data or 'config' not in data:
+        return jsonify({'error': 'config required'}), 400
+
+    install = AgentPluginService.update_install_config(install_id, data['config'])
+    if not install:
+        return jsonify({'error': 'Installation not found'}), 404
+    return jsonify(install.to_dict())
+
+
+@agent_plugins_bp.route('/server/<int:server_id>', methods=['GET'])
+@jwt_required()
+def get_server_plugins(server_id):
+    installs = AgentPluginService.get_server_plugins(server_id)
+    return jsonify({'plugins': [i.to_dict() for i in installs]})
+
+
+@agent_plugins_bp.route('/spec', methods=['GET'])
+@jwt_required()
+def get_plugin_spec():
+    """Return the plugin specification interface."""
+    return jsonify(AgentPluginService.PLUGIN_SPEC)
diff --git a/backend/app/api/apps.py b/backend/app/api/apps.py
index 7582751b..97cc52b4 100644
--- a/backend/app/api/apps.py
+++ b/backend/app/api/apps.py
@@ -578,7 +578,6 @@ def get_container_logs(app_id):
                 break
         if not container_id:
             return jsonify({
-                'success': False,
                 'error': f'Service "{service}" not found',
                 'available_services': [c.get('service') or c.get('name') for c in all_containers]
             }), 404
@@ -590,7 +589,6 @@ def get_container_logs(app_id):
 
     if not container_id:
         return jsonify({
-            'success': False,
             'error': 'No container found for this application',
             'hint': 'The application may not have been started yet'
         }), 404
@@ -599,7 +597,6 @@ def get_container_logs(app_id):
     container_state = DockerService.get_container_state(container_id)
     if not container_state:
         return jsonify({
-            'success': False,
             'error': 'Container not found or no longer exists'
         }), 404
 
@@ -613,7 +610,6 @@ def get_container_logs(app_id):
 
     if not result.get('success'):
         return jsonify({
-            'success': False,
             'error': result.get('error', 'Failed to fetch logs')
         }), 400
 
diff --git a/backend/app/api/auth.py b/backend/app/api/auth.py
index adc7d7c7..87f7689e 100644
--- a/backend/app/api/auth.py
+++ b/backend/app/api/auth.py
@@ -1,3 +1,4 @@
+import logging
 from datetime import datetime
 from flask import Blueprint, request, jsonify
 from flask_jwt_extended import (
@@ -12,6 +13,8 @@
 from app.services.settings_service import SettingsService
 from app.services.audit_service import AuditService
 
+logger = logging.getLogger(__name__)
+
 auth_bp = Blueprint('auth', __name__)
 
 
@@ -64,8 +67,12 @@ def register():
 
     # Check if registration is allowed
     is_first_user = User.query.count() == 0
-    if not is_first_user and not invitation and not SettingsService.is_registration_enabled():
-        return jsonify({'error': 'Registration is disabled'}), 403
+    if not is_first_user and not invitation:
+        if not SettingsService.needs_setup() and not SettingsService.is_registration_enabled():
+            logger.warning(f"Registration attempt blocked - setup already completed. IP: {request.remote_addr}")
+            return jsonify({'error': 'Registration is disabled'}), 403
+        if not SettingsService.is_registration_enabled():
+            return jsonify({'error': 'Registration is disabled'}), 403
 
     email = data.get('email')
     username = data.get('username')
@@ -75,10 +82,10 @@ def register():
         return jsonify({'error': 'Missing required fields'}), 400
 
     if User.query.filter_by(email=email).first():
-        return jsonify({'error': 'Email already registered'}), 409
+        return jsonify({'error': 'This email or username is unavailable'}), 409
 
     if User.query.filter_by(username=username).first():
-        return jsonify({'error': 'Username already taken'}), 409
+        return jsonify({'error': 'This email or username is unavailable'}), 409
 
     if len(password) < 8:
         return jsonify({'error': 'Password must be at least 8 characters'}), 400
@@ -285,6 +292,7 @@ def get_current_user():
 
 
 @auth_bp.route('/me', methods=['PUT'])
+@limiter.limit("3 per minute")
 @jwt_required()
 def update_current_user():
     current_user_id = get_jwt_identity()
@@ -312,6 +320,18 @@ def update_current_user():
             return jsonify({'error': 'Password must be at least 8 characters'}), 400
         user.set_password(data['password'])
 
+    if 'sidebar_config' in data:
+        config = data['sidebar_config']
+        if isinstance(config, dict):
+            preset = config.get('preset', 'full')
+            valid_presets = ['full', 'web', 'email', 'devops', 'minimal', 'custom']
+            if preset not in valid_presets:
+                return jsonify({'error': f'Invalid sidebar preset: {preset}'}), 400
+            hidden = config.get('hiddenItems', [])
+            if not isinstance(hidden, list):
+                return jsonify({'error': 'hiddenItems must be a list'}), 400
+            user.set_sidebar_config({'preset': preset, 'hiddenItems': hidden})
+
     db.session.commit()
 
     return jsonify({'user': user.to_dict()}), 200
diff --git a/backend/app/api/cloud_provisioning.py b/backend/app/api/cloud_provisioning.py
new file mode 100644
index 00000000..c8a806e3
--- /dev/null
+++ b/backend/app/api/cloud_provisioning.py
@@ -0,0 +1,162 @@
+from flask import Blueprint, request, jsonify
+from flask_jwt_extended import jwt_required
+from app.services.cloud_provisioning_service import CloudProvisioningService
+
+cloud_provisioning_bp = Blueprint('cloud_provisioning', __name__)
+
+
+def get_current_user():
+    from flask_jwt_extended import get_jwt_identity
+    from app.models.user import User
+    return User.query.get(get_jwt_identity())
+
+
+# --- Providers ---
+
+@cloud_provisioning_bp.route('/providers', methods=['GET'])
+@jwt_required()
+def list_providers():
+    providers = CloudProvisioningService.list_providers()
+    return jsonify({'providers': [p.to_dict() for p in providers]})
+
+
+@cloud_provisioning_bp.route('/providers', methods=['POST'])
+@jwt_required()
+def create_provider():
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    data = request.get_json()
+    try:
+        provider = CloudProvisioningService.create_provider(data, user.id)
+        return jsonify(provider.to_dict()), 201
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@cloud_provisioning_bp.route('/providers/<int:provider_id>', methods=['DELETE'])
+@jwt_required()
+def delete_provider(provider_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    if not CloudProvisioningService.delete_provider(provider_id):
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify({'message': 'Provider removed'})
+
+
+@cloud_provisioning_bp.route('/providers/<provider_type>/options', methods=['GET'])
+@jwt_required()
+def get_options(provider_type):
+    options = CloudProvisioningService.get_provider_options(provider_type)
+    if not options:
+        return jsonify({'error': 'Unknown provider'}), 404
+    return jsonify(options)
+
+
+# --- Servers ---
+
+@cloud_provisioning_bp.route('/servers', methods=['GET'])
+@jwt_required()
+def list_servers():
+    provider_id = request.args.get('provider_id', type=int)
+    servers = CloudProvisioningService.list_servers(provider_id)
+    return jsonify({'servers': [s.to_dict() for s in servers]})
+
+
+@cloud_provisioning_bp.route('/servers/<int:server_id>', methods=['GET'])
+@jwt_required()
+def get_server(server_id):
+    server = CloudProvisioningService.get_server(server_id)
+    if not server:
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify(server.to_dict())
+
+
+@cloud_provisioning_bp.route('/servers', methods=['POST'])
+@jwt_required()
+def create_server():
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    data = request.get_json()
+    if not data or 'name' not in data or 'provider_id' not in data:
+        return jsonify({'error': 'name and provider_id required'}), 400
+    try:
+        server = CloudProvisioningService.create_server(data, user.id)
+        return jsonify(server.to_dict()), 201
+    except (ValueError, Exception) as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@cloud_provisioning_bp.route('/servers/<int:server_id>', methods=['DELETE'])
+@jwt_required()
+def destroy_server(server_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    if not CloudProvisioningService.destroy_server(server_id):
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify({'message': 'Server destroyed'})
+
+
+@cloud_provisioning_bp.route('/servers/<int:server_id>/resize', methods=['POST'])
+@jwt_required()
+def resize_server(server_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    data = request.get_json() or {}
+    new_size = data.get('size')
+    if not new_size:
+        return jsonify({'error': 'size required'}), 400
+    try:
+        server = CloudProvisioningService.resize_server(server_id, new_size)
+        if not server:
+            return jsonify({'error': 'Not found'}), 404
+        return jsonify(server.to_dict())
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+# --- Snapshots ---
+
+@cloud_provisioning_bp.route('/servers/<int:server_id>/snapshots', methods=['GET'])
+@jwt_required()
+def list_snapshots(server_id):
+    snapshots = CloudProvisioningService.get_snapshots(server_id)
+    return jsonify({'snapshots': [s.to_dict() for s in snapshots]})
+
+
+@cloud_provisioning_bp.route('/servers/<int:server_id>/snapshots', methods=['POST'])
+@jwt_required()
+def create_snapshot(server_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    data = request.get_json() or {}
+    name = data.get('name', f'snapshot-{server_id}')
+    try:
+        snapshot = CloudProvisioningService.create_snapshot(server_id, name)
+        return jsonify(snapshot.to_dict()), 201
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@cloud_provisioning_bp.route('/snapshots/<int:snapshot_id>', methods=['DELETE'])
+@jwt_required()
+def delete_snapshot(snapshot_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    if not CloudProvisioningService.delete_snapshot(snapshot_id):
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify({'message': 'Snapshot deleted'})
+
+
+# --- Cost ---
+
+@cloud_provisioning_bp.route('/costs', methods=['GET'])
+@jwt_required()
+def cost_summary():
+    return jsonify(CloudProvisioningService.get_cost_summary())
diff --git a/backend/app/api/databases.py b/backend/app/api/databases.py
index 82c11f91..c0cb94e5 100644
--- a/backend/app/api/databases.py
+++ b/backend/app/api/databases.py
@@ -2,24 +2,11 @@
 from flask_jwt_extended import jwt_required, get_jwt_identity
 from app.models import User, Application
 from app.services.database_service import DatabaseService
+from app.middleware.rbac import admin_required
 
 databases_bp = Blueprint('databases', __name__)
 
 
-def admin_required(fn):
-    """Decorator to require admin role."""
-    from functools import wraps
-
-    @wraps(fn)
-    def wrapper(*args, **kwargs):
-        current_user_id = get_jwt_identity()
-        user = User.query.get(current_user_id)
-        if not user or user.role != 'admin':
-            return jsonify({'error': 'Admin access required'}), 403
-        return fn(*args, **kwargs)
-    return wrapper
-
-
 # ==================== STATUS ====================
 
 @databases_bp.route('/status', methods=['GET'])
diff --git a/backend/app/api/dns_zones.py b/backend/app/api/dns_zones.py
new file mode 100644
index 00000000..f0aa0a83
--- /dev/null
+++ b/backend/app/api/dns_zones.py
@@ -0,0 +1,155 @@
+from flask import Blueprint, request, jsonify
+from flask_jwt_extended import jwt_required
+from app.services.dns_zone_service import DNSZoneService
+
+dns_zones_bp = Blueprint('dns_zones', __name__)
+
+
+def get_current_user():
+    from flask_jwt_extended import get_jwt_identity
+    from app.models.user import User
+    return User.query.get(get_jwt_identity())
+
+
+@dns_zones_bp.route('/', methods=['GET'])
+@jwt_required()
+def list_zones():
+    zones = DNSZoneService.list_zones()
+    return jsonify({'zones': [z.to_dict() for z in zones]})
+
+
+@dns_zones_bp.route('/<int:zone_id>', methods=['GET'])
+@jwt_required()
+def get_zone(zone_id):
+    zone = DNSZoneService.get_zone(zone_id)
+    if not zone:
+        return jsonify({'error': 'Zone not found'}), 404
+    return jsonify(zone.to_dict())
+
+
+@dns_zones_bp.route('/', methods=['POST'])
+@jwt_required()
+def create_zone():
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    data = request.get_json()
+    try:
+        zone = DNSZoneService.create_zone(data)
+        return jsonify(zone.to_dict()), 201
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@dns_zones_bp.route('/<int:zone_id>', methods=['DELETE'])
+@jwt_required()
+def delete_zone(zone_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    if not DNSZoneService.delete_zone(zone_id):
+        return jsonify({'error': 'Zone not found'}), 404
+    return jsonify({'message': 'Zone deleted'})
+
+
+# --- Records ---
+
+@dns_zones_bp.route('/<int:zone_id>/records', methods=['GET'])
+@jwt_required()
+def get_records(zone_id):
+    records = DNSZoneService.get_records(zone_id)
+    return jsonify({'records': [r.to_dict() for r in records]})
+
+
+@dns_zones_bp.route('/<int:zone_id>/records', methods=['POST'])
+@jwt_required()
+def create_record(zone_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    data = request.get_json()
+    try:
+        record = DNSZoneService.create_record(zone_id, data)
+        return jsonify(record.to_dict()), 201
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@dns_zones_bp.route('/records/<int:record_id>', methods=['PUT'])
+@jwt_required()
+def update_record(record_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    data = request.get_json()
+    record = DNSZoneService.update_record(record_id, data)
+    if not record:
+        return jsonify({'error': 'Record not found'}), 404
+    return jsonify(record.to_dict())
+
+
+@dns_zones_bp.route('/records/<int:record_id>', methods=['DELETE'])
+@jwt_required()
+def delete_record(record_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    if not DNSZoneService.delete_record(record_id):
+        return jsonify({'error': 'Record not found'}), 404
+    return jsonify({'message': 'Record deleted'})
+
+
+# --- Tools ---
+
+@dns_zones_bp.route('/presets', methods=['GET'])
+@jwt_required()
+def get_presets():
+    return jsonify({'presets': DNSZoneService.get_presets()})
+
+
+@dns_zones_bp.route('/<int:zone_id>/apply-preset', methods=['POST'])
+@jwt_required()
+def apply_preset(zone_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    data = request.get_json() or {}
+    preset_key = data.get('preset')
+    variables = data.get('variables', {})
+    try:
+        records = DNSZoneService.apply_preset(zone_id, preset_key, variables)
+        return jsonify({'records': [r.to_dict() for r in records]})
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@dns_zones_bp.route('/propagation/<domain>', methods=['GET'])
+@jwt_required()
+def check_propagation(domain):
+    record_type = request.args.get('type', 'A')
+    results = DNSZoneService.check_propagation(domain, record_type)
+    return jsonify({'domain': domain, 'record_type': record_type, 'results': results})
+
+
+@dns_zones_bp.route('/<int:zone_id>/export', methods=['GET'])
+@jwt_required()
+def export_zone(zone_id):
+    content = DNSZoneService.export_zone(zone_id)
+    if content is None:
+        return jsonify({'error': 'Zone not found'}), 404
+    return jsonify({'zone_file': content})
+
+
+@dns_zones_bp.route('/<int:zone_id>/import', methods=['POST'])
+@jwt_required()
+def import_zone(zone_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    data = request.get_json() or {}
+    content = data.get('zone_file', '')
+    try:
+        records = DNSZoneService.import_zone(zone_id, content)
+        return jsonify({'imported': len(records), 'records': [r.to_dict() for r in records]})
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
diff --git a/backend/app/api/docker.py b/backend/app/api/docker.py
index 52123a05..9601cc80 100644
--- a/backend/app/api/docker.py
+++ b/backend/app/api/docker.py
@@ -2,25 +2,12 @@
 from flask_jwt_extended import jwt_required, get_jwt_identity
 from app.models import User, Application
 from app.services.docker_service import DockerService
+from app.middleware.rbac import admin_required
 from app import db, paths
 
 docker_bp = Blueprint('docker', __name__)
 
 
-def admin_required(fn):
-    """Decorator to require admin role."""
-    from functools import wraps
-
-    @wraps(fn)
-    def wrapper(*args, **kwargs):
-        current_user_id = get_jwt_identity()
-        user = User.query.get(current_user_id)
-        if not user or user.role != 'admin':
-            return jsonify({'error': 'Admin access required'}), 403
-        return fn(*args, **kwargs)
-    return wrapper
-
-
 # ==================== DOCKER STATUS ====================
 
 @docker_bp.route('/status', methods=['GET'])
@@ -162,7 +149,6 @@ def remove_container(container_id):
         container_name = container.get('name', '').lower().replace('/', '')
         if any(protected in container_name for protected in PROTECTED_CONTAINERS):
             return jsonify({
-                'success': False,
                 'error': 'Cannot delete ServerKit system container. This container is required for the panel to function.'
             }), 403
 
@@ -612,7 +598,6 @@ def cleanup_all_apps():
     except Exception as e:
         db.session.rollback()
         return jsonify({
-            'success': False,
             'error': f'Database commit failed: {str(e)}',
             'results': results
         }), 500
diff --git a/backend/app/api/files.py b/backend/app/api/files.py
index c7ff20af..cfc01085 100644
--- a/backend/app/api/files.py
+++ b/backend/app/api/files.py
@@ -30,10 +30,10 @@ def get_file_info():
     path = request.args.get('path')
 
     if not path:
-        return jsonify({'success': False, 'error': 'Path is required'}), 400
+        return jsonify({'error': 'Path is required'}), 400
 
     if not FileService.is_path_allowed(path):
-        return jsonify({'success': False, 'error': 'Access denied'}), 403
+        return jsonify({'error': 'Access denied'}), 403
 
     info = FileService.get_file_info(path)
 
@@ -41,7 +41,7 @@ def get_file_info():
         return jsonify({'success': True, 'file': info}), 200
 
     error = info.get('error', 'File not found') if info else 'File not found'
-    return jsonify({'success': False, 'error': error}), 404
+    return jsonify({'error': error}), 404
 
 
 @files_bp.route('/read', methods=['GET'])
@@ -51,7 +51,7 @@ def read_file():
     path = request.args.get('path')
 
     if not path:
-        return jsonify({'success': False, 'error': 'Path is required'}), 400
+        return jsonify({'error': 'Path is required'}), 400
 
     result = FileService.read_file(path)
 
@@ -69,17 +69,17 @@ def write_file():
     data = request.get_json()
 
     if not data:
-        return jsonify({'success': False, 'error': 'Request body is required'}), 400
+        return jsonify({'error': 'Request body is required'}), 400
 
     path = data.get('path')
     content = data.get('content')
     create_backup = data.get('create_backup', True)
 
     if not path:
-        return jsonify({'success': False, 'error': 'Path is required'}), 400
+        return jsonify({'error': 'Path is required'}), 400
 
     if content is None:
-        return jsonify({'success': False, 'error': 'Content is required'}), 400
+        return jsonify({'error': 'Content is required'}), 400
 
     result = FileService.write_file(path, content, create_backup=create_backup)
 
@@ -97,13 +97,13 @@ def create_file():
     data = request.get_json()
 
     if not data:
-        return jsonify({'success': False, 'error': 'Request body is required'}), 400
+        return jsonify({'error': 'Request body is required'}), 400
 
     path = data.get('path')
     content = data.get('content', '')
 
     if not path:
-        return jsonify({'success': False, 'error': 'Path is required'}), 400
+        return jsonify({'error': 'Path is required'}), 400
 
     result = FileService.create_file(path, content)
 
@@ -121,12 +121,12 @@ def create_directory():
     data = request.get_json()
 
     if not data:
-        return jsonify({'success': False, 'error': 'Request body is required'}), 400
+        return jsonify({'error': 'Request body is required'}), 400
 
     path = data.get('path')
 
     if not path:
-        return jsonify({'success': False, 'error': 'Path is required'}), 400
+        return jsonify({'error': 'Path is required'}), 400
 
     result = FileService.create_directory(path)
 
@@ -144,7 +144,7 @@ def delete_path():
     path = request.args.get('path')
 
     if not path:
-        return jsonify({'success': False, 'error': 'Path is required'}), 400
+        return jsonify({'error': 'Path is required'}), 400
 
     result = FileService.delete(path)
 
@@ -162,13 +162,13 @@ def rename_path():
     data = request.get_json()
 
     if not data:
-        return jsonify({'success': False, 'error': 'Request body is required'}), 400
+        return jsonify({'error': 'Request body is required'}), 400
 
     path = data.get('path')
     new_name = data.get('new_name')
 
     if not path or not new_name:
-        return jsonify({'success': False, 'error': 'Path and new_name are required'}), 400
+        return jsonify({'error': 'Path and new_name are required'}), 400
 
     result = FileService.rename(path, new_name)
 
@@ -186,13 +186,13 @@ def copy_path():
     data = request.get_json()
 
     if not data:
-        return jsonify({'success': False, 'error': 'Request body is required'}), 400
+        return jsonify({'error': 'Request body is required'}), 400
 
     src = data.get('src')
     dest = data.get('dest')
 
     if not src or not dest:
-        return jsonify({'success': False, 'error': 'Source and destination paths are required'}), 400
+        return jsonify({'error': 'Source and destination paths are required'}), 400
 
     result = FileService.copy(src, dest)
 
@@ -210,13 +210,13 @@ def move_path():
     data = request.get_json()
 
     if not data:
-        return jsonify({'success': False, 'error': 'Request body is required'}), 400
+        return jsonify({'error': 'Request body is required'}), 400
 
     src = data.get('src')
     dest = data.get('dest')
 
     if not src or not dest:
-        return jsonify({'success': False, 'error': 'Source and destination paths are required'}), 400
+        return jsonify({'error': 'Source and destination paths are required'}), 400
 
     result = FileService.move(src, dest)
 
@@ -234,13 +234,13 @@ def change_permissions():
     data = request.get_json()
 
     if not data:
-        return jsonify({'success': False, 'error': 'Request body is required'}), 400
+        return jsonify({'error': 'Request body is required'}), 400
 
     path = data.get('path')
     mode = data.get('mode')
 
     if not path or not mode:
-        return jsonify({'success': False, 'error': 'Path and mode are required'}), 400
+        return jsonify({'error': 'Path and mode are required'}), 400
 
     result = FileService.change_permissions(path, mode)
 
@@ -260,7 +260,7 @@ def search_files():
     max_results = request.args.get('max_results', 100, type=int)
 
     if not pattern:
-        return jsonify({'success': False, 'error': 'Search pattern is required'}), 400
+        return jsonify({'error': 'Search pattern is required'}), 400
 
     result = FileService.search(directory, pattern, max_results=max_results)
 
@@ -335,16 +335,16 @@ def download_file():
     path = request.args.get('path')
 
     if not path:
-        return jsonify({'success': False, 'error': 'Path is required'}), 400
+        return jsonify({'error': 'Path is required'}), 400
 
     if not FileService.is_path_allowed(path):
-        return jsonify({'success': False, 'error': 'Access denied'}), 403
+        return jsonify({'error': 'Access denied'}), 403
 
     if not os.path.exists(path):
-        return jsonify({'success': False, 'error': 'File not found'}), 404
+        return jsonify({'error': 'File not found'}), 404
 
     if os.path.isdir(path):
-        return jsonify({'success': False, 'error': 'Cannot download directory'}), 400
+        return jsonify({'error': 'Cannot download directory'}), 400
 
     try:
         return send_file(
@@ -353,7 +353,7 @@ def download_file():
             download_name=os.path.basename(path)
         )
     except Exception as e:
-        return jsonify({'success': False, 'error': str(e)}), 500
+        return jsonify({'error': str(e)}), 500
 
 
 @files_bp.route('/upload', methods=['POST'])
@@ -361,19 +361,19 @@ def download_file():
 def upload_file():
     """Upload a file."""
     if 'file' not in request.files:
-        return jsonify({'success': False, 'error': 'No file provided'}), 400
+        return jsonify({'error': 'No file provided'}), 400
 
     file = request.files['file']
     destination = request.form.get('destination')
 
     if not destination:
-        return jsonify({'success': False, 'error': 'Destination path is required'}), 400
+        return jsonify({'error': 'Destination path is required'}), 400
 
     if not FileService.is_path_allowed(destination):
-        return jsonify({'success': False, 'error': 'Access denied'}), 403
+        return jsonify({'error': 'Access denied'}), 403
 
     if file.filename == '':
-        return jsonify({'success': False, 'error': 'No file selected'}), 400
+        return jsonify({'error': 'No file selected'}), 400
 
     # Check file size
     file.seek(0, 2)
@@ -382,7 +382,6 @@ def upload_file():
 
     if size > FileService.MAX_UPLOAD_SIZE:
         return jsonify({
-            'success': False,
             'error': f'File too large. Maximum size is {FileService._format_size(FileService.MAX_UPLOAD_SIZE)}'
         }), 400
 
@@ -394,7 +393,7 @@ def upload_file():
             full_path = destination
 
         if not FileService.is_path_allowed(full_path):
-            return jsonify({'success': False, 'error': 'Access denied'}), 403
+            return jsonify({'error': 'Access denied'}), 403
 
         # Ensure parent directory exists
         parent = os.path.dirname(full_path)
@@ -411,6 +410,6 @@ def upload_file():
         }), 201
 
     except PermissionError:
-        return jsonify({'success': False, 'error': 'Permission denied'}), 403
+        return jsonify({'error': 'Permission denied'}), 403
     except Exception as e:
-        return jsonify({'success': False, 'error': str(e)}), 500
+        return jsonify({'error': str(e)}), 500
diff --git a/backend/app/api/fleet_monitor.py b/backend/app/api/fleet_monitor.py
new file mode 100644
index 00000000..6929ffa2
--- /dev/null
+++ b/backend/app/api/fleet_monitor.py
@@ -0,0 +1,198 @@
+"""
+Fleet Monitor API
+
+Endpoints for fleet-wide monitoring: heatmaps, comparisons,
+alert thresholds, anomaly detection, capacity forecasting,
+fleet search, and metrics export.
+"""
+
+import os
+from flask import Blueprint, request, jsonify, Response
+from flask_jwt_extended import jwt_required, get_jwt_identity
+
+from app.services.fleet_monitor_service import fleet_monitor_service
+from app.middleware.rbac import admin_required
+
+fleet_monitor_bp = Blueprint('fleet_monitor', __name__)
+
+
+# ==================== Heatmap ====================
+
+@fleet_monitor_bp.route('/heatmap', methods=['GET'])
+@jwt_required()
+def get_fleet_heatmap():
+    """Get latest metrics for all servers in heatmap format."""
+    group_id = request.args.get('group_id')
+    return jsonify(fleet_monitor_service.get_fleet_heatmap(group_id))
+
+
+# ==================== Comparison ====================
+
+@fleet_monitor_bp.route('/comparison', methods=['GET'])
+@jwt_required()
+def get_comparison():
+    """Get multi-server comparison time-series."""
+    ids_param = request.args.get('ids', '')
+    server_ids = [s.strip() for s in ids_param.split(',') if s.strip()]
+    metric = request.args.get('metric', 'cpu')
+    period = request.args.get('period', '24h')
+
+    if not server_ids:
+        return jsonify({'error': 'ids parameter is required'}), 400
+
+    return jsonify(fleet_monitor_service.get_comparison_timeseries(server_ids, metric, period))
+
+
+# ==================== Alerts ====================
+
+@fleet_monitor_bp.route('/alerts', methods=['GET'])
+@jwt_required()
+def get_alerts():
+    """Get metric alerts."""
+    status = request.args.get('status')
+    severity = request.args.get('severity')
+    server_id = request.args.get('server_id')
+    limit = request.args.get('limit', 50, type=int)
+
+    return jsonify(fleet_monitor_service.get_alerts(status, severity, server_id, limit))
+
+
+@fleet_monitor_bp.route('/alerts/<alert_id>/acknowledge', methods=['POST'])
+@jwt_required()
+def acknowledge_alert(alert_id):
+    """Acknowledge an active alert."""
+    user_id = get_jwt_identity()
+    success = fleet_monitor_service.acknowledge_alert(alert_id, user_id)
+    if not success:
+        return jsonify({'error': 'Cannot acknowledge alert'}), 400
+    return jsonify({'success': True})
+
+
+@fleet_monitor_bp.route('/alerts/<alert_id>/resolve', methods=['POST'])
+@jwt_required()
+def resolve_alert(alert_id):
+    """Resolve an alert."""
+    success = fleet_monitor_service.resolve_alert(alert_id)
+    if not success:
+        return jsonify({'error': 'Cannot resolve alert'}), 400
+    return jsonify({'success': True})
+
+
+# ==================== Thresholds ====================
+
+@fleet_monitor_bp.route('/thresholds', methods=['GET'])
+@jwt_required()
+def get_thresholds():
+    """Get alert thresholds."""
+    server_id = request.args.get('server_id')
+    return jsonify(fleet_monitor_service.get_thresholds(server_id))
+
+
+@fleet_monitor_bp.route('/thresholds', methods=['POST'])
+@jwt_required()
+@admin_required
+def create_threshold():
+    """Create or update an alert threshold."""
+    data = request.get_json()
+    result = fleet_monitor_service.upsert_threshold(data)
+    if 'error' in result:
+        return jsonify(result), 400
+    return jsonify(result), 201
+
+
+@fleet_monitor_bp.route('/thresholds/<threshold_id>', methods=['DELETE'])
+@jwt_required()
+@admin_required
+def delete_threshold(threshold_id):
+    """Delete an alert threshold."""
+    success = fleet_monitor_service.delete_threshold(threshold_id)
+    if not success:
+        return jsonify({'error': 'Threshold not found'}), 404
+    return jsonify({'success': True})
+
+
+# ==================== Anomalies ====================
+
+@fleet_monitor_bp.route('/anomalies', methods=['GET'])
+@jwt_required()
+def get_anomalies():
+    """Get anomaly detection results."""
+    server_id = request.args.get('server_id')
+    return jsonify(fleet_monitor_service.detect_anomalies(server_id))
+
+
+# ==================== Capacity Forecast ====================
+
+@fleet_monitor_bp.route('/forecast/<server_id>', methods=['GET'])
+@jwt_required()
+def get_forecast(server_id):
+    """Get capacity forecast for a server."""
+    metric = request.args.get('metric', 'disk')
+    return jsonify(fleet_monitor_service.forecast_capacity(server_id, metric))
+
+
+# ==================== Fleet Search ====================
+
+@fleet_monitor_bp.route('/search', methods=['GET'])
+@jwt_required()
+def search_fleet():
+    """Search across fleet for servers, containers, services, ports."""
+    query = request.args.get('q', '')
+    search_type = request.args.get('type', 'any')
+
+    if not query or len(query) < 2:
+        return jsonify({'error': 'Query must be at least 2 characters'}), 400
+
+    return jsonify(fleet_monitor_service.search_fleet(query, search_type))
+
+
+# ==================== Export ====================
+
+@fleet_monitor_bp.route('/export/csv', methods=['GET'])
+@jwt_required()
+def export_csv():
+    """Export metrics as CSV download."""
+    ids_param = request.args.get('ids', '')
+    server_ids = [s.strip() for s in ids_param.split(',') if s.strip()]
+    metric = request.args.get('metric', 'cpu')
+    period = request.args.get('period', '24h')
+
+    if not server_ids:
+        return jsonify({'error': 'ids parameter is required'}), 400
+
+    csv_data = fleet_monitor_service.export_metrics_csv(server_ids, metric, period)
+    return Response(
+        csv_data,
+        mimetype='text/csv',
+        headers={'Content-Disposition': f'attachment; filename=fleet_{metric}_{period}.csv'}
+    )
+
+
+@fleet_monitor_bp.route('/export/json', methods=['GET'])
+@jwt_required()
+def export_json():
+    """Export metrics as JSON."""
+    ids_param = request.args.get('ids', '')
+    server_ids = [s.strip() for s in ids_param.split(',') if s.strip()]
+    metric = request.args.get('metric', 'cpu')
+    period = request.args.get('period', '24h')
+
+    if not server_ids:
+        return jsonify({'error': 'ids parameter is required'}), 400
+
+    return jsonify(fleet_monitor_service.get_comparison_timeseries(server_ids, metric, period))
+
+
+# ==================== Prometheus ====================
+
+@fleet_monitor_bp.route('/prometheus', methods=['GET'])
+def prometheus_metrics():
+    """Prometheus-compatible metrics endpoint (no JWT, uses token param)."""
+    token = request.args.get('token') or request.headers.get('X-Prometheus-Token')
+    expected = os.environ.get('PROMETHEUS_TOKEN')
+
+    if not expected or token != expected:
+        return Response('Unauthorized', status=401)
+
+    metrics = fleet_monitor_service.get_prometheus_metrics()
+    return Response(metrics, mimetype='text/plain; version=0.0.4; charset=utf-8')
diff --git a/backend/app/api/marketplace.py b/backend/app/api/marketplace.py
new file mode 100644
index 00000000..c40fd5a8
--- /dev/null
+++ b/backend/app/api/marketplace.py
@@ -0,0 +1,141 @@
+from flask import Blueprint, request, jsonify
+from flask_jwt_extended import jwt_required
+from app.services.marketplace_service import MarketplaceService
+
+marketplace_bp = Blueprint('marketplace', __name__)
+
+
+def get_current_user():
+    from flask_jwt_extended import get_jwt_identity
+    from app.models.user import User
+    return User.query.get(get_jwt_identity())
+
+
+@marketplace_bp.route('/', methods=['GET'])
+@jwt_required()
+def list_extensions():
+    category = request.args.get('category')
+    search = request.args.get('search')
+    extensions = MarketplaceService.list_extensions(category=category, search=search)
+    return jsonify({'extensions': [e.to_dict() for e in extensions]})
+
+
+@marketplace_bp.route('/categories', methods=['GET'])
+@jwt_required()
+def get_categories():
+    return jsonify({'categories': MarketplaceService.get_categories()})
+
+
+@marketplace_bp.route('/<int:ext_id>', methods=['GET'])
+@jwt_required()
+def get_extension(ext_id):
+    ext = MarketplaceService.get_extension(ext_id)
+    if not ext:
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify(ext.to_dict())
+
+
+@marketplace_bp.route('/', methods=['POST'])
+@jwt_required()
+def create_extension():
+    user = get_current_user()
+    data = request.get_json()
+    if not data or 'name' not in data:
+        return jsonify({'error': 'name required'}), 400
+    try:
+        ext = MarketplaceService.create_extension(data, user.id)
+        return jsonify(ext.to_dict()), 201
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@marketplace_bp.route('/<int:ext_id>', methods=['PUT'])
+@jwt_required()
+def update_extension(ext_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    data = request.get_json()
+    ext = MarketplaceService.update_extension(ext_id, data)
+    if not ext:
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify(ext.to_dict())
+
+
+@marketplace_bp.route('/<int:ext_id>/publish', methods=['POST'])
+@jwt_required()
+def publish_extension(ext_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    ext = MarketplaceService.publish_extension(ext_id)
+    if not ext:
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify(ext.to_dict())
+
+
+@marketplace_bp.route('/<int:ext_id>', methods=['DELETE'])
+@jwt_required()
+def delete_extension(ext_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    if not MarketplaceService.delete_extension(ext_id):
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify({'message': 'Extension deleted'})
+
+
+# --- Installation ---
+
+@marketplace_bp.route('/<int:ext_id>/install', methods=['POST'])
+@jwt_required()
+def install_extension(ext_id):
+    user = get_current_user()
+    data = request.get_json() or {}
+    try:
+        install = MarketplaceService.install_extension(ext_id, user.id, data.get('config'))
+        return jsonify(install.to_dict()), 201
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@marketplace_bp.route('/installs/<int:install_id>', methods=['DELETE'])
+@jwt_required()
+def uninstall_extension(install_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    if not MarketplaceService.uninstall_extension(install_id):
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify({'message': 'Extension uninstalled'})
+
+
+@marketplace_bp.route('/installs/<int:install_id>/config', methods=['PUT'])
+@jwt_required()
+def update_config(install_id):
+    data = request.get_json() or {}
+    install = MarketplaceService.update_extension_config(install_id, data.get('config', {}))
+    if not install:
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify(install.to_dict())
+
+
+@marketplace_bp.route('/my-extensions', methods=['GET'])
+@jwt_required()
+def my_extensions():
+    user = get_current_user()
+    installs = MarketplaceService.get_user_extensions(user.id)
+    return jsonify({'extensions': [i.to_dict() for i in installs]})
+
+
+@marketplace_bp.route('/<int:ext_id>/rate', methods=['POST'])
+@jwt_required()
+def rate_extension(ext_id):
+    data = request.get_json() or {}
+    rating = data.get('rating')
+    if rating is None or not (1 <= rating <= 5):
+        return jsonify({'error': 'Rating must be 1-5'}), 400
+    ext = MarketplaceService.rate_extension(ext_id, rating)
+    if not ext:
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify(ext.to_dict())
diff --git a/backend/app/api/mobile.py b/backend/app/api/mobile.py
new file mode 100644
index 00000000..92e050c5
--- /dev/null
+++ b/backend/app/api/mobile.py
@@ -0,0 +1,122 @@
+from flask import Blueprint, request, jsonify
+from flask_jwt_extended import jwt_required, get_jwt_identity
+from app.models.user import User
+from app import db
+
+mobile_bp = Blueprint('mobile', __name__)
+
+
+@mobile_bp.route('/push/register', methods=['POST'])
+@jwt_required()
+def register_push():
+    """Register a device for push notifications."""
+    user_id = get_jwt_identity()
+    data = request.get_json() or {}
+    subscription = data.get('subscription')
+    device_name = data.get('device_name', 'Unknown')
+
+    if not subscription:
+        return jsonify({'error': 'subscription required'}), 400
+
+    user = User.query.get(user_id)
+    if not user:
+        return jsonify({'error': 'User not found'}), 404
+
+    # Store push subscription in user metadata
+    import json
+    push_subs = json.loads(user.push_subscriptions_json) if hasattr(user, 'push_subscriptions_json') and user.push_subscriptions_json else []
+    # Avoid duplicates
+    existing = next((s for s in push_subs if s.get('endpoint') == subscription.get('endpoint')), None)
+    if not existing:
+        push_subs.append({
+            'subscription': subscription,
+            'device_name': device_name,
+            'registered_at': __import__('datetime').datetime.utcnow().isoformat(),
+        })
+
+    user.push_subscriptions_json = json.dumps(push_subs)
+    db.session.commit()
+
+    return jsonify({'message': 'Device registered', 'device_count': len(push_subs)})
+
+
+@mobile_bp.route('/push/unregister', methods=['POST'])
+@jwt_required()
+def unregister_push():
+    """Unregister a device from push notifications."""
+    data = request.get_json() or {}
+    endpoint = data.get('endpoint')
+    if not endpoint:
+        return jsonify({'error': 'endpoint required'}), 400
+    return jsonify({'message': 'Device unregistered'})
+
+
+@mobile_bp.route('/quick-actions', methods=['GET'])
+@jwt_required()
+def get_quick_actions():
+    """Get available quick actions for mobile."""
+    return jsonify({'actions': [
+        {'id': 'restart_service', 'label': 'Restart Service', 'icon': 'refresh', 'params': ['service_name']},
+        {'id': 'view_stats', 'label': 'View Server Stats', 'icon': 'chart', 'params': []},
+        {'id': 'acknowledge_alert', 'label': 'Acknowledge Alert', 'icon': 'check', 'params': ['alert_id']},
+        {'id': 'run_backup', 'label': 'Run Backup', 'icon': 'download', 'params': ['backup_id']},
+        {'id': 'toggle_maintenance', 'label': 'Toggle Maintenance', 'icon': 'wrench', 'params': ['component_id']},
+    ]})
+
+
+@mobile_bp.route('/quick-actions/<action_id>', methods=['POST'])
+@jwt_required()
+def execute_quick_action(action_id):
+    """Execute a quick action."""
+    data = request.get_json() or {}
+
+    if action_id == 'view_stats':
+        from app.services.server_metrics_service import ServerMetricsService
+        metrics = ServerMetricsService.get_current_metrics()
+        return jsonify({'action': 'view_stats', 'result': metrics})
+
+    elif action_id == 'acknowledge_alert':
+        alert_id = data.get('alert_id')
+        return jsonify({'action': 'acknowledge_alert', 'alert_id': alert_id, 'acknowledged': True})
+
+    return jsonify({'action': action_id, 'status': 'executed'})
+
+
+@mobile_bp.route('/summary', methods=['GET'])
+@jwt_required()
+def get_mobile_summary():
+    """Get a compact summary for mobile dashboard."""
+    try:
+        from app.services.server_metrics_service import ServerMetricsService
+        metrics = ServerMetricsService.get_current_metrics()
+    except Exception:
+        metrics = {}
+
+    from app.models.server import Server
+    from app.models.security_alert import SecurityAlert
+
+    server_count = Server.query.count()
+    active_alerts = SecurityAlert.query.filter_by(resolved=False).count() if hasattr(SecurityAlert, 'resolved') else 0
+
+    return jsonify({
+        'metrics': {
+            'cpu': metrics.get('cpu_percent', 0),
+            'memory': metrics.get('memory_percent', 0),
+            'disk': metrics.get('disk_percent', 0),
+        },
+        'servers': server_count,
+        'active_alerts': active_alerts,
+    })
+
+
+@mobile_bp.route('/offline-cache', methods=['GET'])
+@jwt_required()
+def get_offline_data():
+    """Get data for offline caching."""
+    from app.models.server import Server
+
+    servers = Server.query.limit(50).all()
+    return jsonify({
+        'servers': [{'id': s.id, 'name': s.name, 'hostname': s.hostname, 'status': s.status} for s in servers],
+        'cached_at': __import__('datetime').datetime.utcnow().isoformat(),
+    })
diff --git a/backend/app/api/nginx_advanced.py b/backend/app/api/nginx_advanced.py
new file mode 100644
index 00000000..d0731a24
--- /dev/null
+++ b/backend/app/api/nginx_advanced.py
@@ -0,0 +1,79 @@
+from flask import Blueprint, request, jsonify
+from flask_jwt_extended import jwt_required
+from app.services.nginx_advanced_service import NginxAdvancedService
+
+nginx_advanced_bp = Blueprint('nginx_advanced', __name__)
+
+
+def get_current_user():
+    from flask_jwt_extended import get_jwt_identity
+    from app.models.user import User
+    return User.query.get(get_jwt_identity())
+
+
+@nginx_advanced_bp.route('/proxy/<domain>', methods=['GET'])
+@jwt_required()
+def get_proxy_rules(domain):
+    result = NginxAdvancedService.get_proxy_rules(domain)
+    if 'error' in result:
+        return jsonify(result), 404
+    return jsonify(result)
+
+
+@nginx_advanced_bp.route('/proxy', methods=['POST'])
+@jwt_required()
+def create_proxy():
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+
+    data = request.get_json()
+    if not data or 'domain' not in data:
+        return jsonify({'error': 'domain required'}), 400
+
+    result = NginxAdvancedService.create_reverse_proxy(data)
+    return jsonify(result), 201
+
+
+@nginx_advanced_bp.route('/test', methods=['POST'])
+@jwt_required()
+def test_config():
+    result = NginxAdvancedService.test_config()
+    return jsonify(result)
+
+
+@nginx_advanced_bp.route('/reload', methods=['POST'])
+@jwt_required()
+def reload():
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    result = NginxAdvancedService.reload_nginx()
+    return jsonify(result)
+
+
+@nginx_advanced_bp.route('/diff', methods=['POST'])
+@jwt_required()
+def preview_diff():
+    data = request.get_json() or {}
+    domain = data.get('domain')
+    new_config = data.get('config', '')
+    if not domain:
+        return jsonify({'error': 'domain required'}), 400
+    result = NginxAdvancedService.preview_diff(domain, new_config)
+    return jsonify(result)
+
+
+@nginx_advanced_bp.route('/logs/<domain>', methods=['GET'])
+@jwt_required()
+def get_logs(domain):
+    log_type = request.args.get('type', 'access')
+    lines = request.args.get('lines', 100, type=int)
+    result = NginxAdvancedService.get_vhost_logs(domain, log_type, lines)
+    return jsonify(result)
+
+
+@nginx_advanced_bp.route('/lb-methods', methods=['GET'])
+@jwt_required()
+def get_lb_methods():
+    return jsonify({'methods': NginxAdvancedService.get_load_balancing_methods()})
diff --git a/backend/app/api/performance.py b/backend/app/api/performance.py
new file mode 100644
index 00000000..e41eeeff
--- /dev/null
+++ b/backend/app/api/performance.py
@@ -0,0 +1,68 @@
+from flask import Blueprint, request, jsonify
+from flask_jwt_extended import jwt_required
+from app.services.cache_service import CacheService
+from app.services.background_job_service import BackgroundJobService
+
+performance_bp = Blueprint('performance', __name__)
+
+
+def get_current_user():
+    from flask_jwt_extended import get_jwt_identity
+    from app.models.user import User
+    return User.query.get(get_jwt_identity())
+
+
+@performance_bp.route('/cache/stats', methods=['GET'])
+@jwt_required()
+def cache_stats():
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    return jsonify(CacheService.get_stats())
+
+
+@performance_bp.route('/cache/flush', methods=['POST'])
+@jwt_required()
+def cache_flush():
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    CacheService.flush()
+    return jsonify({'message': 'Cache flushed'})
+
+
+@performance_bp.route('/jobs', methods=['GET'])
+@jwt_required()
+def list_jobs():
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    return jsonify({'jobs': BackgroundJobService.list_jobs()})
+
+
+@performance_bp.route('/jobs/<job_id>', methods=['GET'])
+@jwt_required()
+def get_job(job_id):
+    status = BackgroundJobService.get_job_status(job_id)
+    if not status:
+        return jsonify({'error': 'Job not found'}), 404
+    return jsonify({'job_id': job_id, **status})
+
+
+@performance_bp.route('/jobs/stats', methods=['GET'])
+@jwt_required()
+def job_stats():
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    return jsonify(BackgroundJobService.get_queue_stats())
+
+
+@performance_bp.route('/jobs/cleanup', methods=['POST'])
+@jwt_required()
+def cleanup_jobs():
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    BackgroundJobService.cleanup_old()
+    return jsonify({'message': 'Old jobs cleaned up'})
diff --git a/backend/app/api/server_templates.py b/backend/app/api/server_templates.py
new file mode 100644
index 00000000..56f0becf
--- /dev/null
+++ b/backend/app/api/server_templates.py
@@ -0,0 +1,190 @@
+from flask import Blueprint, request, jsonify
+from flask_jwt_extended import jwt_required
+from app.services.server_template_service import ServerTemplateService
+from app.services.audit_service import AuditService
+from app.models.audit_log import AuditLog
+
+server_templates_bp = Blueprint('server_templates', __name__)
+
+
+def get_current_user():
+    from flask_jwt_extended import get_jwt_identity
+    from app.models.user import User
+    return User.query.get(get_jwt_identity())
+
+
+@server_templates_bp.route('/', methods=['GET'])
+@jwt_required()
+def list_templates():
+    category = request.args.get('category')
+    templates = ServerTemplateService.list_templates(category=category)
+    return jsonify({'templates': [t.to_dict() for t in templates]})
+
+
+@server_templates_bp.route('/library', methods=['GET'])
+@jwt_required()
+def get_library():
+    return jsonify({'templates': ServerTemplateService.get_library_templates()})
+
+
+@server_templates_bp.route('/library/<key>', methods=['POST'])
+@jwt_required()
+def create_from_library(key):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    try:
+        template = ServerTemplateService.create_from_library(key, user.id)
+        return jsonify(template.to_dict()), 201
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@server_templates_bp.route('/<int:template_id>', methods=['GET'])
+@jwt_required()
+def get_template(template_id):
+    template = ServerTemplateService.get_template(template_id)
+    if not template:
+        return jsonify({'error': 'Template not found'}), 404
+    return jsonify(template.to_dict())
+
+
+@server_templates_bp.route('/', methods=['POST'])
+@jwt_required()
+def create_template():
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+
+    data = request.get_json()
+    if not data or 'name' not in data:
+        return jsonify({'error': 'name required'}), 400
+
+    try:
+        template = ServerTemplateService.create_template(data, user.id)
+        AuditService.log(
+            action=AuditLog.ACTION_RESOURCE_CREATE, user_id=user.id,
+            target_type='server_template', target_id=template.id,
+            details={'name': template.name}
+        )
+        return jsonify(template.to_dict()), 201
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@server_templates_bp.route('/<int:template_id>', methods=['PUT'])
+@jwt_required()
+def update_template(template_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+
+    data = request.get_json()
+    template = ServerTemplateService.update_template(template_id, data)
+    if not template:
+        return jsonify({'error': 'Template not found'}), 404
+    return jsonify(template.to_dict())
+
+
+@server_templates_bp.route('/<int:template_id>', methods=['DELETE'])
+@jwt_required()
+def delete_template(template_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    try:
+        result = ServerTemplateService.delete_template(template_id)
+        if not result:
+            return jsonify({'error': 'Template not found'}), 404
+        return jsonify({'message': 'Template deleted'})
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+# --- Assignments ---
+
+@server_templates_bp.route('/<int:template_id>/assign', methods=['POST'])
+@jwt_required()
+def assign_template(template_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+
+    data = request.get_json() or {}
+    server_id = data.get('server_id')
+    if not server_id:
+        return jsonify({'error': 'server_id required'}), 400
+
+    try:
+        assignment = ServerTemplateService.assign_template(template_id, server_id)
+        return jsonify(assignment.to_dict()), 201
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@server_templates_bp.route('/<int:template_id>/bulk-assign', methods=['POST'])
+@jwt_required()
+def bulk_assign(template_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+
+    data = request.get_json() or {}
+    server_ids = data.get('server_ids', [])
+    results = ServerTemplateService.bulk_assign(template_id, server_ids)
+    return jsonify({'results': results})
+
+
+@server_templates_bp.route('/<int:template_id>/assignments', methods=['GET'])
+@jwt_required()
+def get_assignments(template_id):
+    assignments = ServerTemplateService.get_template_assignments(template_id)
+    return jsonify({'assignments': [a.to_dict() for a in assignments]})
+
+
+@server_templates_bp.route('/assignments/<int:assignment_id>', methods=['DELETE'])
+@jwt_required()
+def unassign(assignment_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    result = ServerTemplateService.unassign_template(assignment_id)
+    if not result:
+        return jsonify({'error': 'Assignment not found'}), 404
+    return jsonify({'message': 'Template unassigned'})
+
+
+@server_templates_bp.route('/assignments/<int:assignment_id>/check', methods=['POST'])
+@jwt_required()
+def check_drift(assignment_id):
+    assignment = ServerTemplateService.check_drift(assignment_id)
+    if not assignment:
+        return jsonify({'error': 'Assignment not found'}), 404
+    return jsonify(assignment.to_dict())
+
+
+@server_templates_bp.route('/assignments/<int:assignment_id>/remediate', methods=['POST'])
+@jwt_required()
+def remediate(assignment_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+
+    assignment = ServerTemplateService.remediate(assignment_id)
+    if not assignment:
+        return jsonify({'error': 'Assignment not found'}), 404
+    return jsonify(assignment.to_dict())
+
+
+@server_templates_bp.route('/compliance', methods=['GET'])
+@jwt_required()
+def compliance_summary():
+    summary = ServerTemplateService.get_compliance_summary()
+    return jsonify(summary)
+
+
+@server_templates_bp.route('/server/<int:server_id>', methods=['GET'])
+@jwt_required()
+def get_server_templates(server_id):
+    assignments = ServerTemplateService.get_server_assignments(server_id)
+    return jsonify({'assignments': [a.to_dict() for a in assignments]})
diff --git a/backend/app/api/servers.py b/backend/app/api/servers.py
index 6fd31c5e..b015e40e 100644
--- a/backend/app/api/servers.py
+++ b/backend/app/api/servers.py
@@ -11,10 +11,12 @@
 from flask import Blueprint, request, jsonify, Response, current_app, redirect
 from flask_jwt_extended import jwt_required, get_jwt_identity
 
-from app import db
+from app import db, limiter
 from app.models import User
-from app.models.server import Server, ServerGroup, ServerMetrics, ServerCommand, AgentSession
+from app.models.server import Server, ServerGroup, ServerMetrics, ServerCommand, AgentSession, AgentVersion, AgentRollout
 from app.services.agent_registry import agent_registry
+from app.services.agent_fleet_service import fleet_service
+from app.services.discovery_service import discovery_service
 from app.middleware.rbac import admin_required, developer_required
 
 servers_bp = Blueprint('servers', __name__)
@@ -318,6 +320,7 @@ def regenerate_token(server_id):
 
 
 @servers_bp.route('/register', methods=['POST'])
+@limiter.limit("5 per minute")
 def register_agent():
     """
     Agent registration endpoint.
@@ -386,6 +389,9 @@ def register_agent():
     ws_scheme = 'wss' if request.is_secure else 'ws'
     ws_url = f"{ws_scheme}://{request.host}/agent"
 
+    # Security note: api_secret is returned once during registration so the agent
+    # can store it. The server-side copy is stored encrypted. The registration token
+    # is already cleared above (single-use), preventing re-registration.
     return jsonify({
         'agent_id': server.agent_id,
         'name': server.name,
@@ -1848,3 +1854,203 @@ def trigger_agent_update(server_id):
     )
 
     return jsonify(result)
+
+
+# ==================== Agent Fleet Management ====================
+
+@servers_bp.route('/fleet/health', methods=['GET'])
+@jwt_required()
+@admin_required
+def get_fleet_health():
+    """Get aggregated health metrics for the agent fleet"""
+    return jsonify(fleet_service.get_fleet_health())
+
+
+@servers_bp.route('/fleet/versions', methods=['GET'])
+@jwt_required()
+@admin_required
+def list_agent_versions():
+    """List all available agent versions"""
+    versions = AgentVersion.query.order_by(AgentVersion.version.desc()).all()
+    return jsonify([v.to_dict() for v in versions])
+
+
+@servers_bp.route('/fleet/versions', methods=['POST'])
+@jwt_required()
+@admin_required
+def add_agent_version():
+    """Add a new available agent version"""
+    data = request.get_json()
+    
+    if not data.get('version'):
+        return jsonify({'error': 'Version is required'}), 400
+        
+    version = AgentVersion(
+        version=data['version'],
+        channel=data.get('channel', 'stable'),
+        min_panel_version=data.get('min_panel_version'),
+        max_panel_version=data.get('max_panel_version'),
+        release_notes=data.get('release_notes'),
+        assets=data.get('assets', {}),
+        published_at=datetime.fromisoformat(data['published_at']) if data.get('published_at') else datetime.utcnow()
+    )
+    
+    db.session.add(version)
+    db.session.commit()
+    
+    return jsonify(version.to_dict()), 201
+
+
+@servers_bp.route('/fleet/upgrade', methods=['POST'])
+@jwt_required()
+@admin_required
+def upgrade_fleet():
+    """Trigger upgrade for selected servers or entire fleet"""
+    data = request.get_json()
+    server_ids = data.get('server_ids', [])
+    version_id = data.get('version_id')
+    user_id = get_jwt_identity()
+    
+    if not server_ids:
+        # If no IDs provided, upgrade all online servers
+        servers = Server.query.filter_by(status='online').all()
+        server_ids = [s.id for s in servers]
+        
+    if not server_ids:
+        return jsonify({'success': True, 'message': 'No online servers to upgrade'})
+        
+    result = fleet_service.upgrade_servers(server_ids, version_id, user_id)
+    return jsonify(result)
+
+
+@servers_bp.route('/fleet/rollout', methods=['POST'])
+@jwt_required()
+@admin_required
+def start_staged_rollout():
+    """Start a staged rollout"""
+    data = request.get_json()
+    group_id = data.get('group_id')
+    version_id = data.get('version_id')
+    batch_size = data.get('batch_size', 5)
+    delay_minutes = data.get('delay_minutes', 10)
+    strategy = data.get('strategy', 'staged')
+    server_ids = data.get('server_ids')
+    user_id = get_jwt_identity()
+
+    if not version_id:
+        return jsonify({'error': 'version_id is required'}), 400
+
+    result = fleet_service.staged_rollout(
+        group_id, version_id, batch_size, delay_minutes,
+        strategy, user_id, server_ids
+    )
+    return jsonify(result)
+
+
+@servers_bp.route('/fleet/rollouts', methods=['GET'])
+@jwt_required()
+@admin_required
+def list_rollouts():
+    """List rollout history"""
+    status = request.args.get('status')
+    limit = request.args.get('limit', 20, type=int)
+    return jsonify(fleet_service.get_rollouts(status, limit))
+
+
+@servers_bp.route('/fleet/rollouts/<rollout_id>', methods=['GET'])
+@jwt_required()
+@admin_required
+def get_rollout(rollout_id):
+    """Get a specific rollout"""
+    rollout = fleet_service.get_rollout(rollout_id)
+    if not rollout:
+        return jsonify({'error': 'Rollout not found'}), 404
+    return jsonify(rollout)
+
+
+@servers_bp.route('/fleet/rollouts/<rollout_id>/cancel', methods=['POST'])
+@jwt_required()
+@admin_required
+def cancel_rollout(rollout_id):
+    """Cancel an active rollout"""
+    success = fleet_service.cancel_rollout(rollout_id)
+    if not success:
+        return jsonify({'error': 'Cannot cancel rollout (not running or not found)'}), 400
+    return jsonify({'success': True, 'message': 'Rollout cancelled'})
+
+
+@servers_bp.route('/fleet/discovery', methods=['POST'])
+@jwt_required()
+@admin_required
+def start_discovery_scan():
+    """Start a network scan for new agents"""
+    duration = request.args.get('duration', 10, type=int)
+    agents = discovery_service.start_scan(duration)
+    return jsonify(agents)
+
+
+@servers_bp.route('/fleet/discovery', methods=['GET'])
+@jwt_required()
+@admin_required
+def get_discovered_agents():
+    """Get results of last discovery scan"""
+    return jsonify(discovery_service.get_discovered_agents())
+
+
+@servers_bp.route('/fleet/approve/<server_id>', methods=['POST'])
+@jwt_required()
+@admin_required
+def approve_agent_registration(server_id):
+    """Approve a pending agent registration"""
+    user_id = get_jwt_identity()
+    success = fleet_service.approve_registration(server_id, user_id)
+
+    if not success:
+        return jsonify({'error': 'Failed to approve registration'}), 400
+
+    return jsonify({'success': True, 'message': 'Registration approved'})
+
+
+@servers_bp.route('/fleet/reject/<server_id>', methods=['POST'])
+@jwt_required()
+@admin_required
+def reject_agent_registration(server_id):
+    """Reject a pending agent registration"""
+    success = fleet_service.reject_registration(server_id)
+
+    if not success:
+        return jsonify({'error': 'Failed to reject registration'}), 400
+
+    return jsonify({'success': True, 'message': 'Registration rejected'})
+
+
+@servers_bp.route('/fleet/commands/queued', methods=['GET'])
+@jwt_required()
+@admin_required
+def get_queued_commands():
+    """Get all pending queued commands"""
+    server_id = request.args.get('server_id')
+    commands = fleet_service.get_queued_commands(server_id)
+    return jsonify(commands)
+
+
+@servers_bp.route('/fleet/commands/<command_id>/retry', methods=['POST'])
+@jwt_required()
+@admin_required
+def retry_command(command_id):
+    """Retry a failed command"""
+    result = fleet_service.retry_command(command_id)
+    if not result.get('success'):
+        return jsonify(result), 400
+    return jsonify(result)
+
+
+@servers_bp.route('/fleet/diagnostics/<server_id>', methods=['GET'])
+@jwt_required()
+@admin_required
+def get_server_diagnostics(server_id):
+    """Get detailed connection diagnostics for a server"""
+    diagnostics = fleet_service.get_server_diagnostics(server_id)
+    if 'error' in diagnostics:
+        return jsonify(diagnostics), 404
+    return jsonify(diagnostics)
diff --git a/backend/app/api/sso.py b/backend/app/api/sso.py
index 2f584488..89fb0103 100644
--- a/backend/app/api/sso.py
+++ b/backend/app/api/sso.py
@@ -10,6 +10,7 @@
 from app.services import sso_service
 from app.services.settings_service import SettingsService
 from app.services.audit_service import AuditService
+from app.middleware.rbac import admin_required
 
 sso_bp = Blueprint('sso', __name__)
 
@@ -199,12 +200,10 @@ def unlink_provider(provider):
 # ------------------------------------------------------------------
 
 @sso_bp.route('/admin/config', methods=['GET'])
-@jwt_required()
+@admin_required
 def get_sso_config():
     """All SSO settings (secrets redacted)."""
     user = User.query.get(get_jwt_identity())
-    if not user or not user.is_admin:
-        return jsonify({'error': 'Admin access required'}), 403
 
     config = {}
     for key in SettingsService.DEFAULT_SETTINGS:
@@ -220,12 +219,10 @@ def get_sso_config():
 
 
 @sso_bp.route('/admin/config/<provider>', methods=['PUT'])
-@jwt_required()
+@admin_required
 def update_provider_config(provider):
     """Update a provider's SSO config."""
     user = User.query.get(get_jwt_identity())
-    if not user or not user.is_admin:
-        return jsonify({'error': 'Admin access required'}), 403
 
     if provider not in VALID_PROVIDERS:
         return jsonify({'error': f'Invalid provider: {provider}'}), 400
@@ -254,24 +251,18 @@ def update_provider_config(provider):
 
 
 @sso_bp.route('/admin/test/<provider>', methods=['POST'])
-@jwt_required()
+@admin_required
 def test_provider(provider):
     """Test provider connectivity."""
-    user = User.query.get(get_jwt_identity())
-    if not user or not user.is_admin:
-        return jsonify({'error': 'Admin access required'}), 403
-
     result = sso_service.test_provider_connectivity(provider)
     return jsonify(result), 200 if result['ok'] else 400
 
 
 @sso_bp.route('/admin/general', methods=['PUT'])
-@jwt_required()
+@admin_required
 def update_general_settings():
     """Update general SSO settings (auto_provision, force_sso, etc.)."""
     user = User.query.get(get_jwt_identity())
-    if not user or not user.is_admin:
-        return jsonify({'error': 'Admin access required'}), 403
 
     data = request.get_json() or {}
     general_keys = ['sso_auto_provision', 'sso_default_role', 'sso_force_sso', 'sso_allowed_domains']
diff --git a/backend/app/api/status_pages.py b/backend/app/api/status_pages.py
new file mode 100644
index 00000000..058fc0e0
--- /dev/null
+++ b/backend/app/api/status_pages.py
@@ -0,0 +1,202 @@
+from flask import Blueprint, request, jsonify
+from flask_jwt_extended import jwt_required
+from app.services.status_page_service import StatusPageService
+
+status_pages_bp = Blueprint('status_pages', __name__)
+
+
+def get_current_user():
+    from flask_jwt_extended import get_jwt_identity
+    from app.models.user import User
+    return User.query.get(get_jwt_identity())
+
+
+# --- Public endpoints (no auth) ---
+
+@status_pages_bp.route('/public/<slug>', methods=['GET'])
+def get_public_page(slug):
+    data = StatusPageService.get_public_page(slug)
+    if not data:
+        return jsonify({'error': 'Status page not found'}), 404
+    return jsonify(data)
+
+
+@status_pages_bp.route('/badge/<slug>', methods=['GET'])
+def get_badge(slug):
+    badge = StatusPageService.get_badge(slug)
+    if not badge:
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify(badge)
+
+
+# --- Admin endpoints ---
+
+@status_pages_bp.route('/', methods=['GET'])
+@jwt_required()
+def list_pages():
+    pages = StatusPageService.list_pages()
+    return jsonify({'pages': [p.to_dict() for p in pages]})
+
+
+@status_pages_bp.route('/<int:page_id>', methods=['GET'])
+@jwt_required()
+def get_page(page_id):
+    page = StatusPageService.get_page(page_id)
+    if not page:
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify(page.to_dict())
+
+
+@status_pages_bp.route('/', methods=['POST'])
+@jwt_required()
+def create_page():
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    data = request.get_json()
+    if not data or 'name' not in data or 'slug' not in data:
+        return jsonify({'error': 'name and slug required'}), 400
+    try:
+        page = StatusPageService.create_page(data)
+        return jsonify(page.to_dict()), 201
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@status_pages_bp.route('/<int:page_id>', methods=['PUT'])
+@jwt_required()
+def update_page(page_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    data = request.get_json()
+    page = StatusPageService.update_page(page_id, data)
+    if not page:
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify(page.to_dict())
+
+
+@status_pages_bp.route('/<int:page_id>', methods=['DELETE'])
+@jwt_required()
+def delete_page(page_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    if not StatusPageService.delete_page(page_id):
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify({'message': 'Status page deleted'})
+
+
+# --- Components ---
+
+@status_pages_bp.route('/<int:page_id>/components', methods=['GET'])
+@jwt_required()
+def get_components(page_id):
+    page = StatusPageService.get_page(page_id)
+    if not page:
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify({'components': [c.to_dict() for c in page.components.all()]})
+
+
+@status_pages_bp.route('/<int:page_id>/components', methods=['POST'])
+@jwt_required()
+def create_component(page_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    data = request.get_json()
+    try:
+        comp = StatusPageService.create_component(page_id, data)
+        return jsonify(comp.to_dict()), 201
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@status_pages_bp.route('/components/<int:comp_id>', methods=['PUT'])
+@jwt_required()
+def update_component(comp_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    data = request.get_json()
+    comp = StatusPageService.update_component(comp_id, data)
+    if not comp:
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify(comp.to_dict())
+
+
+@status_pages_bp.route('/components/<int:comp_id>', methods=['DELETE'])
+@jwt_required()
+def delete_component(comp_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    if not StatusPageService.delete_component(comp_id):
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify({'message': 'Component deleted'})
+
+
+@status_pages_bp.route('/components/<int:comp_id>/check', methods=['POST'])
+@jwt_required()
+def run_check(comp_id):
+    hc = StatusPageService.run_check(comp_id)
+    if not hc:
+        return jsonify({'error': 'Component not found'}), 404
+    return jsonify(hc.to_dict())
+
+
+@status_pages_bp.route('/components/<int:comp_id>/history', methods=['GET'])
+@jwt_required()
+def get_history(comp_id):
+    hours = request.args.get('hours', 24, type=int)
+    checks = StatusPageService.get_check_history(comp_id, hours)
+    return jsonify({'checks': [c.to_dict() for c in checks]})
+
+
+# --- Incidents ---
+
+@status_pages_bp.route('/<int:page_id>/incidents', methods=['GET'])
+@jwt_required()
+def list_incidents(page_id):
+    page = StatusPageService.get_page(page_id)
+    if not page:
+        return jsonify({'error': 'Not found'}), 404
+    incidents = page.incidents.limit(50).all()
+    return jsonify({'incidents': [i.to_dict() for i in incidents]})
+
+
+@status_pages_bp.route('/<int:page_id>/incidents', methods=['POST'])
+@jwt_required()
+def create_incident(page_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    data = request.get_json()
+    if not data or 'title' not in data:
+        return jsonify({'error': 'title required'}), 400
+    incident = StatusPageService.create_incident(page_id, data)
+    return jsonify(incident.to_dict()), 201
+
+
+@status_pages_bp.route('/incidents/<int:incident_id>', methods=['PUT'])
+@jwt_required()
+def update_incident(incident_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    data = request.get_json()
+    incident = StatusPageService.update_incident(incident_id, data)
+    if not incident:
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify(incident.to_dict())
+
+
+@status_pages_bp.route('/incidents/<int:incident_id>', methods=['DELETE'])
+@jwt_required()
+def delete_incident(incident_id):
+    user = get_current_user()
+    if not user or not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    if not StatusPageService.delete_incident(incident_id):
+        return jsonify({'error': 'Not found'}), 404
+    return jsonify({'message': 'Incident deleted'})
diff --git a/backend/app/api/two_factor.py b/backend/app/api/two_factor.py
index 2cd5f6a0..65697a23 100644
--- a/backend/app/api/two_factor.py
+++ b/backend/app/api/two_factor.py
@@ -4,11 +4,15 @@
 Provides endpoints for enabling, disabling, and managing 2FA.
 """
 
+import logging
 from flask import Blueprint, request, jsonify
 from flask_jwt_extended import jwt_required, get_jwt_identity
+from app import limiter
 from app.models import User
 from app.services.totp_service import TOTPService, TwoFactorSetup
 
+logger = logging.getLogger(__name__)
+
 two_factor_bp = Blueprint('two_factor', __name__)
 
 
@@ -117,6 +121,8 @@ def disable_2fa():
     if not success:
         return jsonify({'error': error}), 400
 
+    logger.info(f"2FA disabled for user {user.id} - existing sessions remain valid (TODO: implement session invalidation)")
+
     return jsonify({
         'message': '2FA has been disabled successfully'
     }), 200
@@ -156,6 +162,7 @@ def regenerate_backup_codes():
 
 
 @two_factor_bp.route('/verify', methods=['POST'])
+@limiter.limit("5 per minute")
 def verify_2fa_code():
     """
     Verify a 2FA code during login.
diff --git a/backend/app/api/workflows.py b/backend/app/api/workflows.py
index 36511ea3..3ac8c2af 100644
--- a/backend/app/api/workflows.py
+++ b/backend/app/api/workflows.py
@@ -1,12 +1,26 @@
 import json
+import secrets
+from datetime import datetime
 from flask import Blueprint, request, jsonify
 from flask_jwt_extended import jwt_required, get_jwt_identity
 from app import db
-from app.models import Workflow, User
+from app.models import Workflow, User, WorkflowExecution, WorkflowLog
 
 workflows_bp = Blueprint('workflows', __name__)
 
 
+def _validate_workflow_graph(data):
+    """Validate workflow graph for cycles if nodes/edges are present."""
+    nodes = data.get('nodes', [])
+    edges = data.get('edges', [])
+    if nodes and edges:
+        from app.services.workflow_engine import WorkflowEngine
+        err = WorkflowEngine.validate_graph(nodes, edges)
+        if err:
+            return err
+    return None
+
+
 @workflows_bp.route('', methods=['GET'])
 @jwt_required()
 def get_workflows():
@@ -55,12 +69,25 @@ def create_workflow():
     if not name:
         return jsonify({'error': 'Name is required'}), 400
 
+    # Validate graph for cycles
+    cycle_err = _validate_workflow_graph(data)
+    if cycle_err:
+        return jsonify({'error': cycle_err}), 400
+
+    # Auto-generate webhook_id if trigger is webhook
+    trigger_config = data.get('trigger_config', {})
+    if data.get('trigger_type') == 'webhook' and not trigger_config.get('webhook_id'):
+        trigger_config['webhook_id'] = secrets.token_urlsafe(24)
+
     workflow = Workflow(
         name=name,
         description=data.get('description', ''),
         nodes=json.dumps(data.get('nodes', [])),
         edges=json.dumps(data.get('edges', [])),
         viewport=json.dumps(data.get('viewport')) if data.get('viewport') else None,
+        is_active=data.get('is_active', False),
+        trigger_type=data.get('trigger_type', 'manual'),
+        trigger_config=json.dumps(trigger_config),
         user_id=current_user_id
     )
 
@@ -91,6 +118,11 @@ def update_workflow(workflow_id):
     if not data:
         return jsonify({'error': 'No data provided'}), 400
 
+    # Validate graph for cycles
+    cycle_err = _validate_workflow_graph(data)
+    if cycle_err:
+        return jsonify({'error': cycle_err}), 400
+
     if 'name' in data:
         workflow.name = data['name']
     if 'description' in data:
@@ -102,6 +134,19 @@ def update_workflow(workflow_id):
     if 'viewport' in data:
         workflow.viewport = json.dumps(data['viewport']) if data['viewport'] else None
 
+    # Automation fields
+    if 'is_active' in data:
+        workflow.is_active = data['is_active']
+    if 'trigger_type' in data:
+        workflow.trigger_type = data['trigger_type']
+    if 'trigger_config' in data:
+        trigger_config = data['trigger_config']
+        # Auto-generate webhook_id if switching to webhook trigger
+        if data.get('trigger_type') == 'webhook' and not trigger_config.get('webhook_id'):
+            existing = json.loads(workflow.trigger_config) if workflow.trigger_config else {}
+            trigger_config['webhook_id'] = existing.get('webhook_id') or secrets.token_urlsafe(24)
+        workflow.trigger_config = json.dumps(trigger_config)
+
     db.session.commit()
 
     return jsonify({
@@ -130,27 +175,103 @@ def delete_workflow(workflow_id):
     return jsonify({'message': 'Workflow deleted successfully'})
 
 
+@workflows_bp.route('/<int:workflow_id>/execute', methods=['POST'])
+@jwt_required()
+def execute_workflow(workflow_id):
+    """Trigger a workflow execution manually."""
+    from app.services.workflow_engine import WorkflowEngine
+
+    current_user_id = get_jwt_identity()
+    user = User.query.get(current_user_id)
+    workflow = Workflow.query.get(workflow_id)
+
+    if not workflow:
+        return jsonify({'error': 'Workflow not found'}), 404
+
+    if user.role != 'admin' and workflow.user_id != current_user_id:
+        return jsonify({'error': 'Access denied'}), 403
+
+    data = request.get_json() or {}
+    context = data.get('context', {})
+
+    execution_id = WorkflowEngine.execute_workflow(
+        workflow_id=workflow_id,
+        trigger_type='manual',
+        context=context
+    )
+
+    return jsonify({
+        'message': 'Workflow execution started',
+        'execution_id': execution_id
+    })
+
+
+@workflows_bp.route('/<int:workflow_id>/executions', methods=['GET'])
+@jwt_required()
+def get_workflow_executions(workflow_id):
+    """Get execution history for a workflow."""
+    current_user_id = get_jwt_identity()
+    user = User.query.get(current_user_id)
+    workflow = Workflow.query.get(workflow_id)
+
+    if not workflow:
+        return jsonify({'error': 'Workflow not found'}), 404
+
+    if user.role != 'admin' and workflow.user_id != current_user_id:
+        return jsonify({'error': 'Access denied'}), 403
+
+    executions = WorkflowExecution.query.filter_by(workflow_id=workflow_id).order_by(WorkflowExecution.started_at.desc()).all()
+
+    return jsonify({
+        'executions': [e.to_dict() for e in executions]
+    })
+
+
+@workflows_bp.route('/executions/<int:execution_id>', methods=['GET'])
+@jwt_required()
+def get_execution_details(execution_id):
+    """Get details for a specific execution."""
+    current_user_id = get_jwt_identity()
+    user = User.query.get(current_user_id)
+    execution = WorkflowExecution.query.get(execution_id)
+
+    if not execution:
+        return jsonify({'error': 'Execution not found'}), 404
+
+    workflow = execution.workflow
+    if user.role != 'admin' and workflow.user_id != current_user_id:
+        return jsonify({'error': 'Access denied'}), 403
+
+    return jsonify(execution.to_dict())
+
+
+@workflows_bp.route('/executions/<int:execution_id>/logs', methods=['GET'])
+@jwt_required()
+def get_execution_logs(execution_id):
+    """Get logs for a specific execution."""
+    current_user_id = get_jwt_identity()
+    user = User.query.get(current_user_id)
+    execution = WorkflowExecution.query.get(execution_id)
+
+    if not execution:
+        return jsonify({'error': 'Execution not found'}), 404
+
+    workflow = execution.workflow
+    if user.role != 'admin' and workflow.user_id != current_user_id:
+        return jsonify({'error': 'Access denied'}), 403
+
+    logs = WorkflowLog.query.filter_by(execution_id=execution_id).order_by(WorkflowLog.timestamp.asc()).all()
+
+    return jsonify({
+        'logs': [l.to_dict() for l in logs]
+    })
+
+
 @workflows_bp.route('/<int:workflow_id>/deploy', methods=['POST'])
 @jwt_required()
 def deploy_workflow(workflow_id):
     """
     Deploy all resources from a workflow.
-
-    This endpoint converts workflow nodes (Docker apps, databases, domains)
-    into actual infrastructure by calling the appropriate backend services.
-
-    Returns:
-        {
-            "success": boolean,
-            "message": string,
-            "results": [
-                {"nodeId": "node_1", "type": "dockerApp", "success": true, "resourceId": 5},
-                {"nodeId": "node_2", "type": "domain", "success": true, "resourceId": 12},
-                ...
-            ],
-            "errors": [],
-            "workflow": {...updated workflow with resource IDs...}
-        }
     """
     from app.services.workflow_service import WorkflowService
 
@@ -167,3 +288,86 @@ def deploy_workflow(workflow_id):
     else:
         # Partial success or errors - return 200 with error details
         return jsonify(result), 200
+
+
+@workflows_bp.route('/hooks/<webhook_id>', methods=['POST'])
+def webhook_trigger(webhook_id):
+    """
+    Public webhook endpoint to trigger a workflow.
+    No JWT required — the webhook_id acts as the authentication token.
+    """
+    from app.services.workflow_engine import WorkflowEngine, CycleDetectedError
+
+    # Find the workflow with this webhook_id
+    workflows = Workflow.query.filter_by(
+        is_active=True,
+        trigger_type='webhook'
+    ).all()
+
+    target_workflow = None
+    for wf in workflows:
+        try:
+            config = json.loads(wf.trigger_config) if wf.trigger_config else {}
+            if config.get('webhook_id') == webhook_id:
+                target_workflow = wf
+                break
+        except (json.JSONDecodeError, TypeError):
+            continue
+
+    if not target_workflow:
+        return jsonify({'error': 'Webhook not found'}), 404
+
+    # Build context from the incoming request
+    context = {
+        'webhook_id': webhook_id,
+        'method': request.method,
+        'headers': dict(request.headers),
+        'triggered_at': datetime.utcnow().isoformat()
+    }
+
+    # Include request body
+    if request.is_json:
+        context['body'] = request.get_json(silent=True) or {}
+    else:
+        body = request.get_data(as_text=True)
+        context['body'] = body[:8192] if body else ''
+
+    # Include query parameters
+    if request.args:
+        context['query'] = dict(request.args)
+
+    try:
+        execution_id = WorkflowEngine.execute_workflow(
+            workflow_id=target_workflow.id,
+            trigger_type='webhook',
+            context=context
+        )
+        return jsonify({
+            'message': 'Workflow triggered',
+            'execution_id': execution_id,
+            'workflow': target_workflow.name
+        }), 200
+    except CycleDetectedError as e:
+        return jsonify({'error': str(e)}), 400
+    except Exception as e:
+        return jsonify({'error': f'Execution failed: {str(e)}'}), 500
+
+
+@workflows_bp.route('/validate', methods=['POST'])
+@jwt_required()
+def validate_workflow():
+    """Validate a workflow graph for cycles and other issues."""
+    from app.services.workflow_engine import WorkflowEngine
+
+    data = request.get_json()
+    if not data:
+        return jsonify({'error': 'No data provided'}), 400
+
+    nodes = data.get('nodes', [])
+    edges = data.get('edges', [])
+
+    err = WorkflowEngine.validate_graph(nodes, edges)
+    if err:
+        return jsonify({'valid': False, 'error': err}), 200
+
+    return jsonify({'valid': True}), 200
diff --git a/backend/app/api/workspaces.py b/backend/app/api/workspaces.py
new file mode 100644
index 00000000..fcc55a56
--- /dev/null
+++ b/backend/app/api/workspaces.py
@@ -0,0 +1,220 @@
+from flask import Blueprint, request, jsonify
+from flask_jwt_extended import jwt_required
+from app.services.workspace_service import WorkspaceService
+from app.services.audit_service import AuditService
+from app.models.audit_log import AuditLog
+
+workspaces_bp = Blueprint('workspaces', __name__)
+
+
+def get_current_user():
+    from flask_jwt_extended import get_jwt_identity
+    from app.models.user import User
+    return User.query.get(get_jwt_identity())
+
+
+def require_workspace_access(workspace_id, user):
+    """Return 403 response tuple if user is not a workspace member or admin, else None."""
+    if user.is_admin:
+        return None
+    role = WorkspaceService.get_user_role(workspace_id, user.id)
+    if role is None:
+        return jsonify({'error': 'Workspace access denied'}), 403
+    return None
+
+
+@workspaces_bp.route('/', methods=['GET'])
+@jwt_required()
+def list_workspaces():
+    user = get_current_user()
+    include_archived = request.args.get('include_archived', 'false') == 'true'
+    # Super-admins see all, others see their memberships
+    if user.is_admin and request.args.get('all') == 'true':
+        workspaces = WorkspaceService.get_all_workspaces_admin()
+        return jsonify({'workspaces': workspaces})
+    workspaces = WorkspaceService.list_workspaces(user_id=user.id, include_archived=include_archived)
+    return jsonify({'workspaces': [ws.to_dict() for ws in workspaces]})
+
+
+@workspaces_bp.route('/<int:workspace_id>', methods=['GET'])
+@jwt_required()
+def get_workspace(workspace_id):
+    user = get_current_user()
+    denied = require_workspace_access(workspace_id, user)
+    if denied:
+        return denied
+    ws = WorkspaceService.get_workspace(workspace_id)
+    if not ws:
+        return jsonify({'error': 'Workspace not found'}), 404
+    return jsonify(ws.to_dict())
+
+
+@workspaces_bp.route('/', methods=['POST'])
+@jwt_required()
+def create_workspace():
+    user = get_current_user()
+    data = request.get_json()
+    if not data:
+        return jsonify({'error': 'Request body required'}), 400
+    try:
+        ws = WorkspaceService.create_workspace(data, user.id)
+        AuditService.log(
+            action=AuditLog.ACTION_RESOURCE_CREATE, user_id=user.id,
+            target_type='workspace', target_id=ws.id,
+            details={'name': ws.name}
+        )
+        return jsonify(ws.to_dict()), 201
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@workspaces_bp.route('/<int:workspace_id>', methods=['PUT'])
+@jwt_required()
+def update_workspace(workspace_id):
+    user = get_current_user()
+    role = WorkspaceService.get_user_role(workspace_id, user.id)
+    if role not in ['owner', 'admin'] and not user.is_admin:
+        return jsonify({'error': 'Insufficient permissions'}), 403
+
+    data = request.get_json()
+    ws = WorkspaceService.update_workspace(workspace_id, data)
+    if not ws:
+        return jsonify({'error': 'Workspace not found'}), 404
+    return jsonify(ws.to_dict())
+
+
+@workspaces_bp.route('/<int:workspace_id>/archive', methods=['POST'])
+@jwt_required()
+def archive_workspace(workspace_id):
+    user = get_current_user()
+    role = WorkspaceService.get_user_role(workspace_id, user.id)
+    if role != 'owner' and not user.is_admin:
+        return jsonify({'error': 'Owner access required'}), 403
+    ws = WorkspaceService.archive_workspace(workspace_id)
+    if not ws:
+        return jsonify({'error': 'Workspace not found'}), 404
+    return jsonify(ws.to_dict())
+
+
+@workspaces_bp.route('/<int:workspace_id>/restore', methods=['POST'])
+@jwt_required()
+def restore_workspace(workspace_id):
+    user = get_current_user()
+    if not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    ws = WorkspaceService.restore_workspace(workspace_id)
+    if not ws:
+        return jsonify({'error': 'Workspace not found'}), 404
+    return jsonify(ws.to_dict())
+
+
+@workspaces_bp.route('/<int:workspace_id>', methods=['DELETE'])
+@jwt_required()
+def delete_workspace(workspace_id):
+    user = get_current_user()
+    if not user.is_admin:
+        return jsonify({'error': 'Admin access required'}), 403
+    result = WorkspaceService.delete_workspace(workspace_id)
+    if not result:
+        return jsonify({'error': 'Workspace not found'}), 404
+    return jsonify({'message': 'Workspace deleted'})
+
+
+# --- Members ---
+
+@workspaces_bp.route('/<int:workspace_id>/members', methods=['GET'])
+@jwt_required()
+def get_members(workspace_id):
+    user = get_current_user()
+    denied = require_workspace_access(workspace_id, user)
+    if denied:
+        return denied
+    members = WorkspaceService.get_members(workspace_id)
+    return jsonify({'members': [m.to_dict() for m in members]})
+
+
+@workspaces_bp.route('/<int:workspace_id>/members', methods=['POST'])
+@jwt_required()
+def add_member(workspace_id):
+    user = get_current_user()
+    role = WorkspaceService.get_user_role(workspace_id, user.id)
+    if role not in ['owner', 'admin'] and not user.is_admin:
+        return jsonify({'error': 'Insufficient permissions'}), 403
+
+    data = request.get_json() or {}
+    user_id = data.get('user_id')
+    if not user_id:
+        return jsonify({'error': 'user_id required'}), 400
+
+    try:
+        member = WorkspaceService.add_member(workspace_id, user_id, data.get('role', 'member'))
+        return jsonify(member.to_dict()), 201
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+@workspaces_bp.route('/members/<int:member_id>/role', methods=['PUT'])
+@jwt_required()
+def update_member_role(member_id):
+    data = request.get_json() or {}
+    role = data.get('role')
+    if not role:
+        return jsonify({'error': 'role required'}), 400
+    member = WorkspaceService.update_member_role(member_id, role)
+    if not member:
+        return jsonify({'error': 'Member not found'}), 404
+    return jsonify(member.to_dict())
+
+
+@workspaces_bp.route('/members/<int:member_id>', methods=['DELETE'])
+@jwt_required()
+def remove_member(member_id):
+    try:
+        result = WorkspaceService.remove_member(member_id)
+        if not result:
+            return jsonify({'error': 'Member not found'}), 404
+        return jsonify({'message': 'Member removed'})
+    except ValueError as e:
+        return jsonify({'error': str(e)}), 400
+
+
+# --- API Keys ---
+
+@workspaces_bp.route('/<int:workspace_id>/api-keys', methods=['GET'])
+@jwt_required()
+def list_api_keys(workspace_id):
+    user = get_current_user()
+    denied = require_workspace_access(workspace_id, user)
+    if denied:
+        return denied
+    keys = WorkspaceService.list_api_keys(workspace_id)
+    return jsonify({'api_keys': [k.to_dict() for k in keys]})
+
+
+@workspaces_bp.route('/<int:workspace_id>/api-keys', methods=['POST'])
+@jwt_required()
+def create_api_key(workspace_id):
+    user = get_current_user()
+    denied = require_workspace_access(workspace_id, user)
+    if denied:
+        return denied
+    data = request.get_json() or {}
+    name = data.get('name')
+    if not name:
+        return jsonify({'error': 'name required'}), 400
+
+    api_key, raw_key = WorkspaceService.create_api_key(
+        workspace_id, name, scopes=data.get('scopes'), user_id=user.id
+    )
+    result = api_key.to_dict()
+    result['key'] = raw_key  # Only returned once
+    return jsonify(result), 201
+
+
+@workspaces_bp.route('/api-keys/<int:key_id>/revoke', methods=['POST'])
+@jwt_required()
+def revoke_api_key(key_id):
+    result = WorkspaceService.revoke_api_key(key_id)
+    if not result:
+        return jsonify({'error': 'API key not found'}), 404
+    return jsonify({'message': 'API key revoked'})
diff --git a/backend/app/middleware/security.py b/backend/app/middleware/security.py
index a5303ac3..d592153b 100644
--- a/backend/app/middleware/security.py
+++ b/backend/app/middleware/security.py
@@ -21,15 +21,27 @@ def add_security_headers(response):
         response.headers['Referrer-Policy'] = 'strict-origin-when-cross-origin'
 
         # Content Security Policy
-        csp_directives = [
-            "default-src 'self'",
-            "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com",
-            "style-src 'self' 'unsafe-inline' https://unpkg.com",
-            "img-src 'self' data: https:",
-            "font-src 'self'",
-            "connect-src 'self' ws: wss:",
-            "frame-ancestors 'none'",
-        ]
+        # In debug mode, allow inline styles/scripts for Vite dev tooling
+        if app.debug:
+            csp_directives = [
+                "default-src 'self'",
+                "script-src 'self' 'unsafe-inline'",
+                "style-src 'self' 'unsafe-inline'",
+                "img-src 'self' data: https:",
+                "font-src 'self'",
+                "connect-src 'self' ws: wss: http://localhost:* http://127.0.0.1:*",
+                "frame-ancestors 'none'",
+            ]
+        else:
+            csp_directives = [
+                "default-src 'self'",
+                "script-src 'self'",
+                "style-src 'self'",
+                "img-src 'self' data: https:",
+                "font-src 'self'",
+                "connect-src 'self' ws: wss:",
+                "frame-ancestors 'none'",
+            ]
         response.headers['Content-Security-Policy'] = '; '.join(csp_directives)
 
         # Permissions Policy (formerly Feature-Policy)
diff --git a/backend/app/models/__init__.py b/backend/app/models/__init__.py
index 04a7d9b6..a6fea628 100644
--- a/backend/app/models/__init__.py
+++ b/backend/app/models/__init__.py
@@ -1,35 +1,51 @@
-from app.models.user import User
-from app.models.application import Application
-from app.models.domain import Domain
-from app.models.env_variable import EnvironmentVariable, EnvironmentVariableHistory
-from app.models.notification_preferences import NotificationPreferences
-from app.models.deployment import Deployment, DeploymentDiff
-from app.models.system_settings import SystemSettings
-from app.models.audit_log import AuditLog
-from app.models.metrics_history import MetricsHistory
-from app.models.workflow import Workflow
-from app.models.webhook import GitWebhook, WebhookLog, GitDeployment
-from app.models.server import Server, ServerGroup, ServerMetrics, ServerCommand, AgentSession
-from app.models.security_alert import SecurityAlert
-from app.models.wordpress_site import WordPressSite, DatabaseSnapshot, SyncJob
-from app.models.environment_activity import EnvironmentActivity
-from app.models.promotion_job import PromotionJob
-from app.models.sanitization_profile import SanitizationProfile
-from app.models.email import EmailDomain, EmailAccount, EmailAlias, EmailForwardingRule, DNSProviderConfig
-from app.models.oauth_identity import OAuthIdentity
-from app.models.api_key import ApiKey
-from app.models.api_usage import ApiUsageLog, ApiUsageSummary
-from app.models.event_subscription import EventSubscription, EventDelivery
-from app.models.invitation import Invitation
-
-__all__ = [
-    'User', 'Application', 'Domain', 'EnvironmentVariable', 'EnvironmentVariableHistory',
-    'NotificationPreferences', 'Deployment', 'DeploymentDiff', 'SystemSettings', 'AuditLog',
-    'MetricsHistory', 'Workflow', 'GitWebhook', 'WebhookLog', 'GitDeployment',
-    'Server', 'ServerGroup', 'ServerMetrics', 'ServerCommand', 'AgentSession', 'SecurityAlert',
-    'WordPressSite', 'DatabaseSnapshot', 'SyncJob',
-    'EnvironmentActivity', 'PromotionJob', 'SanitizationProfile',
-    'EmailDomain', 'EmailAccount', 'EmailAlias', 'EmailForwardingRule', 'DNSProviderConfig',
-    'OAuthIdentity', 'ApiKey', 'ApiUsageLog', 'ApiUsageSummary',
-    'EventSubscription', 'EventDelivery', 'Invitation'
-]
+from app.models.user import User
+from app.models.application import Application
+from app.models.domain import Domain
+from app.models.env_variable import EnvironmentVariable, EnvironmentVariableHistory
+from app.models.notification_preferences import NotificationPreferences
+from app.models.deployment import Deployment, DeploymentDiff
+from app.models.system_settings import SystemSettings
+from app.models.audit_log import AuditLog
+from app.models.metrics_history import MetricsHistory
+from app.models.workflow import Workflow, WorkflowExecution, WorkflowLog
+from app.models.webhook import GitWebhook, WebhookLog, GitDeployment
+from app.models.server import Server, ServerGroup, ServerMetrics, ServerCommand, AgentSession, AgentVersion, AgentRollout
+from app.models.security_alert import SecurityAlert
+from app.models.wordpress_site import WordPressSite, DatabaseSnapshot, SyncJob
+from app.models.environment_activity import EnvironmentActivity
+from app.models.promotion_job import PromotionJob
+from app.models.sanitization_profile import SanitizationProfile
+from app.models.email import EmailDomain, EmailAccount, EmailAlias, EmailForwardingRule, DNSProviderConfig
+from app.models.oauth_identity import OAuthIdentity
+from app.models.api_key import ApiKey
+from app.models.api_usage import ApiUsageLog, ApiUsageSummary
+from app.models.event_subscription import EventSubscription, EventDelivery
+from app.models.invitation import Invitation
+from app.models.metric_alert import ServerAlertThreshold, MetricAlert
+from app.models.agent_plugin import AgentPlugin, AgentPluginInstall
+from app.models.server_template import ServerTemplate, ServerTemplateAssignment
+from app.models.workspace import Workspace, WorkspaceMember, WorkspaceApiKey
+from app.models.dns_zone import DNSZone, DNSRecord
+from app.models.status_page import StatusPage, StatusComponent, HealthCheck, StatusIncident, StatusIncidentUpdate
+from app.models.cloud_server import CloudProvider, CloudServer, CloudSnapshot
+from app.models.marketplace import Extension, ExtensionInstall
+
+__all__ = [
+    'User', 'Application', 'Domain', 'EnvironmentVariable', 'EnvironmentVariableHistory',
+    'NotificationPreferences', 'Deployment', 'DeploymentDiff', 'SystemSettings', 'AuditLog',
+    'MetricsHistory', 'Workflow', 'WorkflowExecution', 'WorkflowLog', 'GitWebhook', 'WebhookLog', 'GitDeployment',
+    'Server', 'ServerGroup', 'ServerMetrics', 'ServerCommand', 'AgentSession', 'AgentVersion', 'AgentRollout', 'SecurityAlert',
+    'WordPressSite', 'DatabaseSnapshot', 'SyncJob',
+    'EnvironmentActivity', 'PromotionJob', 'SanitizationProfile',
+    'EmailDomain', 'EmailAccount', 'EmailAlias', 'EmailForwardingRule', 'DNSProviderConfig',
+    'OAuthIdentity', 'ApiKey', 'ApiUsageLog', 'ApiUsageSummary',
+    'EventSubscription', 'EventDelivery', 'Invitation',
+    'ServerAlertThreshold', 'MetricAlert',
+    'AgentPlugin', 'AgentPluginInstall',
+    'ServerTemplate', 'ServerTemplateAssignment',
+    'Workspace', 'WorkspaceMember', 'WorkspaceApiKey',
+    'DNSZone', 'DNSRecord',
+    'StatusPage', 'StatusComponent', 'HealthCheck', 'StatusIncident', 'StatusIncidentUpdate',
+    'CloudProvider', 'CloudServer', 'CloudSnapshot',
+    'Extension', 'ExtensionInstall'
+]
diff --git a/backend/app/models/agent_plugin.py b/backend/app/models/agent_plugin.py
new file mode 100644
index 00000000..8ad55656
--- /dev/null
+++ b/backend/app/models/agent_plugin.py
@@ -0,0 +1,163 @@
+from datetime import datetime
+from app import db
+import json
+
+
+class AgentPlugin(db.Model):
+    """Represents a plugin that can be installed on agents."""
+    __tablename__ = 'agent_plugins'
+
+    id = db.Column(db.Integer, primary_key=True)
+    name = db.Column(db.String(128), nullable=False, unique=True)
+    display_name = db.Column(db.String(256), nullable=False)
+    version = db.Column(db.String(32), nullable=False)
+    description = db.Column(db.Text)
+    author = db.Column(db.String(128))
+    homepage = db.Column(db.String(512))
+
+    # Plugin manifest
+    manifest_json = db.Column(db.Text)
+
+    # Capabilities
+    capabilities_json = db.Column(db.Text)  # metrics, health_checks, commands, scheduled_tasks, event_hooks
+
+    # Dependencies
+    dependencies_json = db.Column(db.Text)  # other plugins required
+
+    # Permissions
+    permissions_json = db.Column(db.Text)  # filesystem, network, docker, etc.
+
+    # Resource limits
+    max_memory_mb = db.Column(db.Integer, default=128)
+    max_cpu_percent = db.Column(db.Integer, default=10)
+
+    # Status
+    STATUS_AVAILABLE = 'available'
+    STATUS_DEPRECATED = 'deprecated'
+    status = db.Column(db.String(32), default=STATUS_AVAILABLE)
+
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    # Relationships
+    installations = db.relationship('AgentPluginInstall', backref='plugin', lazy='dynamic')
+
+    @property
+    def manifest(self):
+        return json.loads(self.manifest_json) if self.manifest_json else {}
+
+    @manifest.setter
+    def manifest(self, value):
+        self.manifest_json = json.dumps(value)
+
+    @property
+    def capabilities(self):
+        return json.loads(self.capabilities_json) if self.capabilities_json else []
+
+    @capabilities.setter
+    def capabilities(self, value):
+        self.capabilities_json = json.dumps(value)
+
+    @property
+    def dependencies(self):
+        return json.loads(self.dependencies_json) if self.dependencies_json else []
+
+    @dependencies.setter
+    def dependencies(self, value):
+        self.dependencies_json = json.dumps(value)
+
+    @property
+    def permissions(self):
+        return json.loads(self.permissions_json) if self.permissions_json else []
+
+    @permissions.setter
+    def permissions(self, value):
+        self.permissions_json = json.dumps(value)
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'name': self.name,
+            'display_name': self.display_name,
+            'version': self.version,
+            'description': self.description,
+            'author': self.author,
+            'homepage': self.homepage,
+            'manifest': self.manifest,
+            'capabilities': self.capabilities,
+            'dependencies': self.dependencies,
+            'permissions': self.permissions,
+            'max_memory_mb': self.max_memory_mb,
+            'max_cpu_percent': self.max_cpu_percent,
+            'status': self.status,
+            'install_count': self.installations.count(),
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+            'updated_at': self.updated_at.isoformat() if self.updated_at else None,
+        }
+
+    def __repr__(self):
+        return f'<AgentPlugin {self.name}@{self.version}>'
+
+
+class AgentPluginInstall(db.Model):
+    """Tracks plugin installations on specific agents/servers."""
+    __tablename__ = 'agent_plugin_installs'
+
+    id = db.Column(db.Integer, primary_key=True)
+    plugin_id = db.Column(db.Integer, db.ForeignKey('agent_plugins.id'), nullable=False)
+    server_id = db.Column(db.Integer, db.ForeignKey('servers.id'), nullable=False)
+
+    # Installation state
+    STATUS_INSTALLING = 'installing'
+    STATUS_ENABLED = 'enabled'
+    STATUS_DISABLED = 'disabled'
+    STATUS_ERROR = 'error'
+    STATUS_UNINSTALLING = 'uninstalling'
+    status = db.Column(db.String(32), default=STATUS_INSTALLING)
+
+    installed_version = db.Column(db.String(32))
+    config_json = db.Column(db.Text)
+    error_message = db.Column(db.Text)
+
+    installed_at = db.Column(db.DateTime, default=datetime.utcnow)
+    updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    # Plugin runtime data
+    last_health_check = db.Column(db.DateTime)
+    health_status = db.Column(db.String(32), default='unknown')  # healthy, degraded, unhealthy, unknown
+    metrics_json = db.Column(db.Text)
+
+    server = db.relationship('Server', backref=db.backref('plugin_installs', lazy='dynamic'))
+
+    @property
+    def config(self):
+        return json.loads(self.config_json) if self.config_json else {}
+
+    @config.setter
+    def config(self, value):
+        self.config_json = json.dumps(value)
+
+    @property
+    def metrics(self):
+        return json.loads(self.metrics_json) if self.metrics_json else {}
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'plugin_id': self.plugin_id,
+            'plugin': self.plugin.to_dict() if self.plugin else None,
+            'server_id': self.server_id,
+            'server_name': self.server.name if self.server else None,
+            'status': self.status,
+            'installed_version': self.installed_version,
+            'config': self.config,
+            'error_message': self.error_message,
+            'installed_at': self.installed_at.isoformat() if self.installed_at else None,
+            'updated_at': self.updated_at.isoformat() if self.updated_at else None,
+            'last_health_check': self.last_health_check.isoformat() if self.last_health_check else None,
+            'health_status': self.health_status,
+            'metrics': self.metrics,
+        }
+
+    def __repr__(self):
+        return f'<AgentPluginInstall plugin={self.plugin_id} server={self.server_id}>'
diff --git a/backend/app/models/application.py b/backend/app/models/application.py
index 64ea513d..51c9f122 100644
--- a/backend/app/models/application.py
+++ b/backend/app/models/application.py
@@ -38,7 +38,8 @@ class Application(db.Model):
     user_id = db.Column(db.Integer, db.ForeignKey('users.id'), nullable=False)
 
     # Relationships
-    domains = db.relationship('Domain', backref='application', lazy='dynamic', cascade='all, delete-orphan')
+    # Use 'subquery' to eagerly load domains in a single query, avoiding N+1
+    domains = db.relationship('Domain', backref='application', lazy='subquery', cascade='all, delete-orphan')
     linked_app = db.relationship('Application', remote_side=[id], backref='linked_from', foreign_keys=[linked_app_id])
 
     def to_dict(self, include_linked=False):
diff --git a/backend/app/models/cloud_server.py b/backend/app/models/cloud_server.py
new file mode 100644
index 00000000..a033d7ac
--- /dev/null
+++ b/backend/app/models/cloud_server.py
@@ -0,0 +1,126 @@
+from datetime import datetime
+from app import db
+import json
+
+
+class CloudProvider(db.Model):
+    """Cloud provider configuration (DigitalOcean, Hetzner, Vultr, Linode)."""
+    __tablename__ = 'cloud_providers'
+
+    id = db.Column(db.Integer, primary_key=True)
+    name = db.Column(db.String(64), nullable=False)
+    provider_type = db.Column(db.String(32), nullable=False)  # digitalocean, hetzner, vultr, linode
+    api_key_encrypted = db.Column(db.Text)
+    is_active = db.Column(db.Boolean, default=True)
+    created_by = db.Column(db.Integer, db.ForeignKey('users.id'))
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+
+    servers = db.relationship('CloudServer', backref='provider', lazy='dynamic')
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'name': self.name,
+            'provider_type': self.provider_type,
+            'is_active': self.is_active,
+            'server_count': self.servers.count(),
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+        }
+
+
+class CloudServer(db.Model):
+    """A cloud server provisioned through ServerKit."""
+    __tablename__ = 'cloud_servers'
+
+    id = db.Column(db.Integer, primary_key=True)
+    provider_id = db.Column(db.Integer, db.ForeignKey('cloud_providers.id'), nullable=False)
+    external_id = db.Column(db.String(128))  # provider's server ID
+    name = db.Column(db.String(128), nullable=False)
+    hostname = db.Column(db.String(256))
+
+    # Specs
+    region = db.Column(db.String(64))
+    size = db.Column(db.String(64))
+    image = db.Column(db.String(128))  # OS image
+    ip_address = db.Column(db.String(45))
+    ipv6_address = db.Column(db.String(64))
+
+    # Status
+    STATUS_CREATING = 'creating'
+    STATUS_ACTIVE = 'active'
+    STATUS_OFF = 'off'
+    STATUS_DESTROYED = 'destroyed'
+    STATUS_ERROR = 'error'
+    status = db.Column(db.String(32), default=STATUS_CREATING)
+
+    # Cost
+    monthly_cost = db.Column(db.Float, default=0)
+    currency = db.Column(db.String(3), default='USD')
+
+    # Auto-install agent
+    agent_installed = db.Column(db.Boolean, default=False)
+
+    # SSH key
+    ssh_key_id = db.Column(db.String(128))
+
+    # Metadata
+    metadata_json = db.Column(db.Text)
+
+    created_by = db.Column(db.Integer, db.ForeignKey('users.id'))
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    destroyed_at = db.Column(db.DateTime)
+
+    snapshots = db.relationship('CloudSnapshot', backref='server', lazy='dynamic', cascade='all, delete-orphan')
+
+    @property
+    def server_metadata(self):
+        return json.loads(self.metadata_json) if self.metadata_json else {}
+
+    @server_metadata.setter
+    def server_metadata(self, v):
+        self.metadata_json = json.dumps(v)
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'provider_id': self.provider_id,
+            'provider_name': self.provider.name if self.provider else None,
+            'provider_type': self.provider.provider_type if self.provider else None,
+            'external_id': self.external_id,
+            'name': self.name,
+            'hostname': self.hostname,
+            'region': self.region,
+            'size': self.size,
+            'image': self.image,
+            'ip_address': self.ip_address,
+            'ipv6_address': self.ipv6_address,
+            'status': self.status,
+            'monthly_cost': self.monthly_cost,
+            'currency': self.currency,
+            'agent_installed': self.agent_installed,
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+        }
+
+
+class CloudSnapshot(db.Model):
+    """Snapshot of a cloud server."""
+    __tablename__ = 'cloud_snapshots'
+
+    id = db.Column(db.Integer, primary_key=True)
+    server_id = db.Column(db.Integer, db.ForeignKey('cloud_servers.id'), nullable=False)
+    external_id = db.Column(db.String(128))
+    name = db.Column(db.String(128))
+    size_gb = db.Column(db.Float)
+    status = db.Column(db.String(32), default='creating')
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'server_id': self.server_id,
+            'external_id': self.external_id,
+            'name': self.name,
+            'size_gb': self.size_gb,
+            'status': self.status,
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+        }
diff --git a/backend/app/models/dns_zone.py b/backend/app/models/dns_zone.py
new file mode 100644
index 00000000..63743190
--- /dev/null
+++ b/backend/app/models/dns_zone.py
@@ -0,0 +1,76 @@
+from datetime import datetime
+from app import db
+import json
+
+
+class DNSZone(db.Model):
+    """DNS zone for a domain with provider integration."""
+    __tablename__ = 'dns_zones'
+
+    id = db.Column(db.Integer, primary_key=True)
+    domain = db.Column(db.String(256), nullable=False, unique=True)
+    provider = db.Column(db.String(64))  # cloudflare, route53, digitalocean, manual
+    provider_zone_id = db.Column(db.String(128))
+    provider_config_json = db.Column(db.Text)  # encrypted credentials
+
+    status = db.Column(db.String(32), default='active')
+    last_sync_at = db.Column(db.DateTime)
+
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    records = db.relationship('DNSRecord', backref='zone', lazy='dynamic', cascade='all, delete-orphan')
+
+    @property
+    def provider_config(self):
+        return json.loads(self.provider_config_json) if self.provider_config_json else {}
+
+    @provider_config.setter
+    def provider_config(self, v):
+        self.provider_config_json = json.dumps(v)
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'domain': self.domain,
+            'provider': self.provider,
+            'provider_zone_id': self.provider_zone_id,
+            'status': self.status,
+            'record_count': self.records.count(),
+            'last_sync_at': self.last_sync_at.isoformat() if self.last_sync_at else None,
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+        }
+
+
+class DNSRecord(db.Model):
+    """Individual DNS record within a zone."""
+    __tablename__ = 'dns_records'
+
+    id = db.Column(db.Integer, primary_key=True)
+    zone_id = db.Column(db.Integer, db.ForeignKey('dns_zones.id'), nullable=False)
+
+    record_type = db.Column(db.String(10), nullable=False)  # A, AAAA, CNAME, MX, TXT, SRV, CAA
+    name = db.Column(db.String(256), nullable=False)
+    content = db.Column(db.Text, nullable=False)
+    ttl = db.Column(db.Integer, default=3600)
+    priority = db.Column(db.Integer)  # MX, SRV
+    proxied = db.Column(db.Boolean, default=False)  # Cloudflare proxy
+
+    provider_record_id = db.Column(db.String(128))
+
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'zone_id': self.zone_id,
+            'record_type': self.record_type,
+            'name': self.name,
+            'content': self.content,
+            'ttl': self.ttl,
+            'priority': self.priority,
+            'proxied': self.proxied,
+            'provider_record_id': self.provider_record_id,
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+        }
diff --git a/backend/app/models/invitation.py b/backend/app/models/invitation.py
index 4655b29b..94a5014e 100644
--- a/backend/app/models/invitation.py
+++ b/backend/app/models/invitation.py
@@ -16,7 +16,7 @@ class Invitation(db.Model):
     id = db.Column(db.Integer, primary_key=True)
     email = db.Column(db.String(255), nullable=True)  # Nullable for link-only invites
     token = db.Column(db.String(64), unique=True, nullable=False, index=True,
-                      default=lambda: uuid4().hex)
+                      default=lambda: __import__('secrets').token_urlsafe(32))
     role = db.Column(db.String(20), nullable=False, default='developer')
     permissions = db.Column(db.Text, nullable=True)  # JSON custom permissions
     invited_by = db.Column(db.Integer, db.ForeignKey('users.id'), nullable=False)
diff --git a/backend/app/models/marketplace.py b/backend/app/models/marketplace.py
new file mode 100644
index 00000000..9fb1e42f
--- /dev/null
+++ b/backend/app/models/marketplace.py
@@ -0,0 +1,128 @@
+from datetime import datetime
+from app import db
+import json
+
+
+class Extension(db.Model):
+    """A marketplace extension/plugin."""
+    __tablename__ = 'extensions'
+
+    id = db.Column(db.Integer, primary_key=True)
+    name = db.Column(db.String(128), nullable=False, unique=True)
+    display_name = db.Column(db.String(256), nullable=False)
+    slug = db.Column(db.String(128), nullable=False, unique=True)
+    description = db.Column(db.Text)
+    long_description = db.Column(db.Text)
+    version = db.Column(db.String(32), nullable=False)
+    author = db.Column(db.String(128))
+    homepage = db.Column(db.String(512))
+    repository = db.Column(db.String(512))
+    license = db.Column(db.String(64))
+
+    # Classification
+    category = db.Column(db.String(64))  # monitoring, security, deployment, integration, ui
+    tags_json = db.Column(db.Text)
+
+    # Extension type
+    TYPE_WIDGET = 'widget'
+    TYPE_API_HOOK = 'api_hook'
+    TYPE_THEME = 'theme'
+    TYPE_INTEGRATION = 'integration'
+    extension_type = db.Column(db.String(32), default=TYPE_INTEGRATION)
+
+    # Extension package
+    entry_point = db.Column(db.String(256))
+    config_schema_json = db.Column(db.Text)
+
+    # Rating
+    rating = db.Column(db.Float, default=0)
+    rating_count = db.Column(db.Integer, default=0)
+    download_count = db.Column(db.Integer, default=0)
+
+    # Status
+    STATUS_PUBLISHED = 'published'
+    STATUS_DRAFT = 'draft'
+    STATUS_DEPRECATED = 'deprecated'
+    status = db.Column(db.String(32), default=STATUS_DRAFT)
+
+    submitted_by = db.Column(db.Integer, db.ForeignKey('users.id'))
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    installs = db.relationship('ExtensionInstall', backref='extension', lazy='dynamic')
+
+    @property
+    def tags(self):
+        return json.loads(self.tags_json) if self.tags_json else []
+
+    @tags.setter
+    def tags(self, v):
+        self.tags_json = json.dumps(v)
+
+    @property
+    def config_schema(self):
+        return json.loads(self.config_schema_json) if self.config_schema_json else {}
+
+    @config_schema.setter
+    def config_schema(self, v):
+        self.config_schema_json = json.dumps(v)
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'name': self.name,
+            'display_name': self.display_name,
+            'slug': self.slug,
+            'description': self.description,
+            'long_description': self.long_description,
+            'version': self.version,
+            'author': self.author,
+            'homepage': self.homepage,
+            'repository': self.repository,
+            'license': self.license,
+            'category': self.category,
+            'tags': self.tags,
+            'extension_type': self.extension_type,
+            'config_schema': self.config_schema,
+            'rating': self.rating,
+            'rating_count': self.rating_count,
+            'download_count': self.download_count,
+            'status': self.status,
+            'install_count': self.installs.count(),
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+            'updated_at': self.updated_at.isoformat() if self.updated_at else None,
+        }
+
+
+class ExtensionInstall(db.Model):
+    """Tracks extension installations."""
+    __tablename__ = 'extension_installs'
+
+    id = db.Column(db.Integer, primary_key=True)
+    extension_id = db.Column(db.Integer, db.ForeignKey('extensions.id'), nullable=False)
+    user_id = db.Column(db.Integer, db.ForeignKey('users.id'), nullable=False)
+    installed_version = db.Column(db.String(32))
+    config_json = db.Column(db.Text)
+    is_active = db.Column(db.Boolean, default=True)
+    installed_at = db.Column(db.DateTime, default=datetime.utcnow)
+
+    user = db.relationship('User', backref=db.backref('extension_installs', lazy='dynamic'))
+
+    @property
+    def config(self):
+        return json.loads(self.config_json) if self.config_json else {}
+
+    @config.setter
+    def config(self, v):
+        self.config_json = json.dumps(v)
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'extension_id': self.extension_id,
+            'extension_name': self.extension.display_name if self.extension else None,
+            'installed_version': self.installed_version,
+            'config': self.config,
+            'is_active': self.is_active,
+            'installed_at': self.installed_at.isoformat() if self.installed_at else None,
+        }
diff --git a/backend/app/models/metric_alert.py b/backend/app/models/metric_alert.py
new file mode 100644
index 00000000..e74b11c1
--- /dev/null
+++ b/backend/app/models/metric_alert.py
@@ -0,0 +1,76 @@
+"""Models for fleet-wide metric monitoring and alerting."""
+
+import uuid
+from datetime import datetime
+from app import db
+
+
+class ServerAlertThreshold(db.Model):
+    """Per-server or global alert threshold configuration."""
+    __tablename__ = 'server_alert_thresholds'
+
+    id = db.Column(db.String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
+    server_id = db.Column(db.String(36), db.ForeignKey('servers.id'), nullable=True, index=True)
+    # null = global default
+
+    metric = db.Column(db.String(20), nullable=False)  # cpu, memory, disk
+    warning_threshold = db.Column(db.Float, default=80.0)
+    critical_threshold = db.Column(db.Float, default=95.0)
+    duration_seconds = db.Column(db.Integer, default=300)  # sustained for N seconds
+    enabled = db.Column(db.Boolean, default=True)
+
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    server = db.relationship('Server', backref='alert_thresholds')
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'server_id': self.server_id,
+            'server_name': self.server.name if self.server else None,
+            'metric': self.metric,
+            'warning_threshold': self.warning_threshold,
+            'critical_threshold': self.critical_threshold,
+            'duration_seconds': self.duration_seconds,
+            'enabled': self.enabled,
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+        }
+
+
+class MetricAlert(db.Model):
+    """Alert triggered when server metrics exceed thresholds."""
+    __tablename__ = 'metric_alerts'
+
+    id = db.Column(db.String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
+    server_id = db.Column(db.String(36), db.ForeignKey('servers.id'), nullable=False, index=True)
+
+    metric = db.Column(db.String(20), nullable=False)  # cpu, memory, disk
+    severity = db.Column(db.String(10), nullable=False)  # warning, critical
+    value = db.Column(db.Float)  # the value that triggered it
+    threshold = db.Column(db.Float)  # the threshold exceeded
+    duration_seconds = db.Column(db.Integer)  # how long it was exceeded
+
+    status = db.Column(db.String(20), default='active', index=True)  # active, acknowledged, resolved
+    acknowledged_by = db.Column(db.Integer, db.ForeignKey('users.id'), nullable=True)
+
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    resolved_at = db.Column(db.DateTime)
+
+    server = db.relationship('Server', backref='metric_alerts')
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'server_id': self.server_id,
+            'server_name': self.server.name if self.server else None,
+            'metric': self.metric,
+            'severity': self.severity,
+            'value': self.value,
+            'threshold': self.threshold,
+            'duration_seconds': self.duration_seconds,
+            'status': self.status,
+            'acknowledged_by': self.acknowledged_by,
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+            'resolved_at': self.resolved_at.isoformat() if self.resolved_at else None,
+        }
diff --git a/backend/app/models/server.py b/backend/app/models/server.py
index 4004a8fc..03d827e8 100644
--- a/backend/app/models/server.py
+++ b/backend/app/models/server.py
@@ -16,11 +16,16 @@ class ServerGroup(db.Model):
     icon = db.Column(db.String(50), default='server')  # Icon name
     parent_id = db.Column(db.String(36), db.ForeignKey('server_groups.id'), nullable=True)
 
+    # Fleet Management
+    auto_upgrade = db.Column(db.Boolean, default=False)
+    upgrade_channel = db.Column(db.String(20), default='stable')  # stable, beta
+
     created_at = db.Column(db.DateTime, default=datetime.utcnow)
     updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
 
     # Relationships
-    servers = db.relationship('Server', back_populates='group', lazy='dynamic')
+    # Use 'subquery' to eagerly load servers in a single query, avoiding N+1
+    servers = db.relationship('Server', back_populates='group', lazy='subquery')
     children = db.relationship('ServerGroup', backref=db.backref('parent', remote_side=[id]))
 
     def to_dict(self, include_servers=False):
@@ -31,7 +36,9 @@ def to_dict(self, include_servers=False):
             'color': self.color,
             'icon': self.icon,
             'parent_id': self.parent_id,
-            'server_count': self.servers.count(),
+            'auto_upgrade': self.auto_upgrade,
+            'upgrade_channel': self.upgrade_channel,
+            'server_count': len(self.servers),
             'created_at': self.created_at.isoformat() if self.created_at else None,
             'updated_at': self.updated_at.isoformat() if self.updated_at else None,
         }
@@ -56,11 +63,11 @@ class Server(db.Model):
     ip_address = db.Column(db.String(45))  # IPv4 or IPv6
 
     # Organization
-    group_id = db.Column(db.String(36), db.ForeignKey('server_groups.id'), nullable=True)
+    group_id = db.Column(db.String(36), db.ForeignKey('server_groups.id'), nullable=True, index=True)
     tags = db.Column(db.JSON, default=list)  # ["production", "us-east", "docker"]
 
     # Status
-    status = db.Column(db.String(20), default='pending')
+    status = db.Column(db.String(20), default='pending', index=True)
     # pending, connecting, online, offline, error, maintenance
     last_seen = db.Column(db.DateTime)
     last_error = db.Column(db.Text)
@@ -68,6 +75,8 @@ class Server(db.Model):
     # Agent Info
     agent_version = db.Column(db.String(20))
     agent_id = db.Column(db.String(36), unique=True, index=True)  # Agent's UUID
+    auto_upgrade = db.Column(db.Boolean, default=False)
+    upgrade_channel = db.Column(db.String(20), default='stable')  # stable, beta
 
     # System Info (reported by agent)
     os_type = db.Column(db.String(20))  # linux, windows, darwin
@@ -378,6 +387,13 @@ class ServerCommand(db.Model):
     error = db.Column(db.Text)
     exit_code = db.Column(db.Integer)
 
+    # Retry / offline queue
+    retry_count = db.Column(db.Integer, default=0)
+    max_retries = db.Column(db.Integer, default=3)
+    next_retry_at = db.Column(db.DateTime)
+    backoff_seconds = db.Column(db.Integer, default=30)  # initial backoff, doubles each retry
+    queued = db.Column(db.Boolean, default=False)  # True when agent was offline at send time
+
     created_at = db.Column(db.DateTime, default=datetime.utcnow)
 
     server = db.relationship('Server', back_populates='commands')
@@ -395,6 +411,9 @@ def to_dict(self):
             'result': self.result,
             'error': self.error,
             'exit_code': self.exit_code,
+            'retry_count': self.retry_count,
+            'max_retries': self.max_retries,
+            'queued': self.queued,
             'created_at': self.created_at.isoformat() if self.created_at else None,
         }
 
@@ -414,12 +433,29 @@ class AgentSession(db.Model):
     ip_address = db.Column(db.String(45))
     user_agent = db.Column(db.String(255))  # Agent version info
 
+    # Latency tracking
+    heartbeat_latency_ms = db.Column(db.Float)  # Latest heartbeat round-trip latency
+    avg_latency_ms = db.Column(db.Float)  # Running average latency
+    latency_samples = db.Column(db.Integer, default=0)  # Number of samples in average
+
     is_active = db.Column(db.Boolean, default=True, index=True)
     disconnected_at = db.Column(db.DateTime)
     disconnect_reason = db.Column(db.String(100))
 
     server = db.relationship('Server', back_populates='sessions')
 
+    def update_latency(self, latency_ms):
+        """Update latency with exponential moving average"""
+        self.heartbeat_latency_ms = latency_ms
+        if self.avg_latency_ms is None or self.latency_samples == 0:
+            self.avg_latency_ms = latency_ms
+            self.latency_samples = 1
+        else:
+            # EMA with alpha = 0.2 for smoothing
+            alpha = 0.2
+            self.avg_latency_ms = alpha * latency_ms + (1 - alpha) * self.avg_latency_ms
+            self.latency_samples += 1
+
     def to_dict(self):
         return {
             'id': self.id,
@@ -427,7 +463,107 @@ def to_dict(self):
             'connected_at': self.connected_at.isoformat() if self.connected_at else None,
             'last_heartbeat': self.last_heartbeat.isoformat() if self.last_heartbeat else None,
             'ip_address': self.ip_address,
+            'heartbeat_latency_ms': self.heartbeat_latency_ms,
+            'avg_latency_ms': self.avg_latency_ms,
             'is_active': self.is_active,
             'disconnected_at': self.disconnected_at.isoformat() if self.disconnected_at else None,
             'disconnect_reason': self.disconnect_reason,
         }
+
+
+class AgentRollout(db.Model):
+    """Tracks staged rollout progress"""
+    __tablename__ = 'agent_rollouts'
+
+    id = db.Column(db.String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
+    version_id = db.Column(db.String(36), db.ForeignKey('agent_versions.id'), nullable=False)
+    group_id = db.Column(db.String(36), db.ForeignKey('server_groups.id'), nullable=True)
+    user_id = db.Column(db.Integer, db.ForeignKey('users.id'))
+
+    # Configuration
+    batch_size = db.Column(db.Integer, default=5)
+    delay_minutes = db.Column(db.Integer, default=10)
+    strategy = db.Column(db.String(20), default='staged')  # staged, all, canary
+
+    # Progress
+    status = db.Column(db.String(20), default='pending')  # pending, running, paused, completed, failed, cancelled
+    total_servers = db.Column(db.Integer, default=0)
+    processed_servers = db.Column(db.Integer, default=0)
+    failed_servers = db.Column(db.Integer, default=0)
+    current_wave = db.Column(db.Integer, default=0)
+
+    # Results per server
+    server_results = db.Column(db.JSON, default=list)  # [{server_id, status, error, wave}]
+
+    error = db.Column(db.Text)
+
+    started_at = db.Column(db.DateTime)
+    completed_at = db.Column(db.DateTime)
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    version = db.relationship('AgentVersion')
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'version_id': self.version_id,
+            'version': self.version.version if self.version else None,
+            'group_id': self.group_id,
+            'user_id': self.user_id,
+            'batch_size': self.batch_size,
+            'delay_minutes': self.delay_minutes,
+            'strategy': self.strategy,
+            'status': self.status,
+            'total_servers': self.total_servers,
+            'processed_servers': self.processed_servers,
+            'failed_servers': self.failed_servers,
+            'current_wave': self.current_wave,
+            'server_results': self.server_results or [],
+            'error': self.error,
+            'started_at': self.started_at.isoformat() if self.started_at else None,
+            'completed_at': self.completed_at.isoformat() if self.completed_at else None,
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+        }
+
+
+class AgentVersion(db.Model):
+    """Available agent versions and compatibility matrix"""
+    __tablename__ = 'agent_versions'
+
+    id = db.Column(db.String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
+    version = db.Column(db.String(20), nullable=False, unique=True)
+    channel = db.Column(db.String(20), default='stable')  # stable, beta
+    
+    # Compatibility
+    min_panel_version = db.Column(db.String(20))
+    max_panel_version = db.Column(db.String(20))
+    
+    # Metadata
+    release_notes = db.Column(db.Text)
+    is_active = db.Column(db.Boolean, default=True)
+    published_at = db.Column(db.DateTime, default=datetime.utcnow)
+    
+    # Assets (mapped by platform: linux-amd64, windows-amd64, etc.)
+    assets = db.Column(db.JSON)  # {"linux-amd64": "url", "checksums": "url"}
+    
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'version': self.version,
+            'channel': self.channel,
+            'min_panel_version': self.min_panel_version,
+            'max_panel_version': self.max_panel_version,
+            'release_notes': self.release_notes,
+            'is_active': self.is_active,
+            'published_at': self.published_at.isoformat() if self.published_at else None,
+            'assets': self.assets or {},
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+            'updated_at': self.updated_at.isoformat() if self.updated_at else None,
+        }
+
+    def __repr__(self):
+        return f'<AgentVersion {self.version}>'
diff --git a/backend/app/models/server_template.py b/backend/app/models/server_template.py
new file mode 100644
index 00000000..19544d6e
--- /dev/null
+++ b/backend/app/models/server_template.py
@@ -0,0 +1,197 @@
+from datetime import datetime
+from app import db
+import json
+
+
+class ServerTemplate(db.Model):
+    """Defines expected state for a server — packages, services, firewall rules, users, files."""
+    __tablename__ = 'server_templates'
+
+    id = db.Column(db.Integer, primary_key=True)
+    name = db.Column(db.String(128), nullable=False, unique=True)
+    description = db.Column(db.Text)
+    category = db.Column(db.String(64), default='general')  # web, database, mail, custom
+
+    # Template version tracking
+    version = db.Column(db.Integer, default=1)
+
+    # Inheritance
+    parent_id = db.Column(db.Integer, db.ForeignKey('server_templates.id'), nullable=True)
+    parent = db.relationship('ServerTemplate', remote_side=[id], backref='children')
+
+    # Expected state specification
+    packages_json = db.Column(db.Text)       # ["nginx", "php8.1-fpm", ...]
+    services_json = db.Column(db.Text)       # [{"name": "nginx", "enabled": true, "running": true}, ...]
+    firewall_rules_json = db.Column(db.Text) # [{"port": 80, "protocol": "tcp", "action": "allow"}, ...]
+    files_json = db.Column(db.Text)          # [{"path": "/etc/nginx/...", "content_hash": "...", "mode": "0644"}, ...]
+    users_json = db.Column(db.Text)          # [{"name": "www-data", "groups": ["www-data"]}, ...]
+    sysctl_json = db.Column(db.Text)         # [{"key": "net.ipv4.ip_forward", "value": "1"}, ...]
+
+    # Auto-remediation
+    auto_remediate = db.Column(db.Boolean, default=False)
+    remediation_approval_required = db.Column(db.Boolean, default=True)
+
+    created_by = db.Column(db.Integer, db.ForeignKey('users.id'))
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    assignments = db.relationship('ServerTemplateAssignment', backref='template', lazy='dynamic')
+
+    def _get_json(self, field):
+        val = getattr(self, field)
+        return json.loads(val) if val else []
+
+    def _set_json(self, field, value):
+        setattr(self, field, json.dumps(value))
+
+    @property
+    def packages(self):
+        return self._get_json('packages_json')
+
+    @packages.setter
+    def packages(self, v):
+        self._set_json('packages_json', v)
+
+    @property
+    def services(self):
+        return self._get_json('services_json')
+
+    @services.setter
+    def services(self, v):
+        self._set_json('services_json', v)
+
+    @property
+    def firewall_rules(self):
+        return self._get_json('firewall_rules_json')
+
+    @firewall_rules.setter
+    def firewall_rules(self, v):
+        self._set_json('firewall_rules_json', v)
+
+    @property
+    def files(self):
+        return self._get_json('files_json')
+
+    @files.setter
+    def files(self, v):
+        self._set_json('files_json', v)
+
+    @property
+    def users(self):
+        return self._get_json('users_json')
+
+    @users.setter
+    def users(self, v):
+        self._set_json('users_json', v)
+
+    @property
+    def sysctl_params(self):
+        return self._get_json('sysctl_json')
+
+    @sysctl_params.setter
+    def sysctl_params(self, v):
+        self._set_json('sysctl_json', v)
+
+    def get_merged_spec(self):
+        """Get full spec including inherited fields from parent."""
+        if not self.parent:
+            return {
+                'packages': self.packages,
+                'services': self.services,
+                'firewall_rules': self.firewall_rules,
+                'files': self.files,
+                'users': self.users,
+                'sysctl_params': self.sysctl_params,
+            }
+        parent_spec = self.parent.get_merged_spec()
+        # Child overrides parent
+        for key in ['packages', 'services', 'firewall_rules', 'files', 'users', 'sysctl_params']:
+            child_val = getattr(self, key)
+            if child_val:
+                if key == 'packages':
+                    parent_spec[key] = list(set(parent_spec.get(key, []) + child_val))
+                else:
+                    parent_spec[key] = child_val
+        return parent_spec
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'name': self.name,
+            'description': self.description,
+            'category': self.category,
+            'version': self.version,
+            'parent_id': self.parent_id,
+            'parent_name': self.parent.name if self.parent else None,
+            'packages': self.packages,
+            'services': self.services,
+            'firewall_rules': self.firewall_rules,
+            'files': self.files,
+            'users': self.users,
+            'sysctl_params': self.sysctl_params,
+            'auto_remediate': self.auto_remediate,
+            'remediation_approval_required': self.remediation_approval_required,
+            'assignment_count': self.assignments.count(),
+            'created_by': self.created_by,
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+            'updated_at': self.updated_at.isoformat() if self.updated_at else None,
+        }
+
+    def __repr__(self):
+        return f'<ServerTemplate {self.name} v{self.version}>'
+
+
+class ServerTemplateAssignment(db.Model):
+    """Tracks which template is applied to which server."""
+    __tablename__ = 'server_template_assignments'
+
+    id = db.Column(db.Integer, primary_key=True)
+    template_id = db.Column(db.Integer, db.ForeignKey('server_templates.id'), nullable=False)
+    server_id = db.Column(db.Integer, db.ForeignKey('servers.id'), nullable=False)
+
+    # Compliance status
+    STATUS_COMPLIANT = 'compliant'
+    STATUS_DRIFTED = 'drifted'
+    STATUS_CHECKING = 'checking'
+    STATUS_REMEDIATING = 'remediating'
+    STATUS_UNKNOWN = 'unknown'
+    status = db.Column(db.String(32), default=STATUS_UNKNOWN)
+
+    # Drift details
+    drift_report_json = db.Column(db.Text)
+    last_check_at = db.Column(db.DateTime)
+    last_remediation_at = db.Column(db.DateTime)
+
+    applied_at = db.Column(db.DateTime, default=datetime.utcnow)
+    updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    server = db.relationship('Server', backref=db.backref('template_assignments', lazy='dynamic'))
+
+    __table_args__ = (
+        db.UniqueConstraint('template_id', 'server_id', name='uq_template_server'),
+    )
+
+    @property
+    def drift_report(self):
+        return json.loads(self.drift_report_json) if self.drift_report_json else {}
+
+    @drift_report.setter
+    def drift_report(self, v):
+        self.drift_report_json = json.dumps(v)
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'template_id': self.template_id,
+            'template_name': self.template.name if self.template else None,
+            'server_id': self.server_id,
+            'server_name': self.server.name if self.server else None,
+            'status': self.status,
+            'drift_report': self.drift_report,
+            'last_check_at': self.last_check_at.isoformat() if self.last_check_at else None,
+            'last_remediation_at': self.last_remediation_at.isoformat() if self.last_remediation_at else None,
+            'applied_at': self.applied_at.isoformat() if self.applied_at else None,
+        }
+
+    def __repr__(self):
+        return f'<ServerTemplateAssignment template={self.template_id} server={self.server_id}>'
diff --git a/backend/app/models/status_page.py b/backend/app/models/status_page.py
new file mode 100644
index 00000000..d2fda84a
--- /dev/null
+++ b/backend/app/models/status_page.py
@@ -0,0 +1,192 @@
+from datetime import datetime
+from app import db
+import json
+
+
+class StatusPage(db.Model):
+    """Public-facing status page configuration."""
+    __tablename__ = 'status_pages'
+
+    id = db.Column(db.Integer, primary_key=True)
+    name = db.Column(db.String(128), nullable=False)
+    slug = db.Column(db.String(128), nullable=False, unique=True)
+    description = db.Column(db.Text)
+
+    # Branding
+    logo_url = db.Column(db.String(512))
+    primary_color = db.Column(db.String(7), default='#4f46e5')
+    custom_domain = db.Column(db.String(256))
+
+    # Settings
+    is_public = db.Column(db.Boolean, default=True)
+    show_uptime = db.Column(db.Boolean, default=True)
+    show_history = db.Column(db.Boolean, default=True)
+
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    components = db.relationship('StatusComponent', backref='status_page', lazy='dynamic',
+                                 order_by='StatusComponent.sort_order', cascade='all, delete-orphan')
+    incidents = db.relationship('StatusIncident', backref='status_page', lazy='dynamic',
+                                order_by='StatusIncident.created_at.desc()', cascade='all, delete-orphan')
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'name': self.name,
+            'slug': self.slug,
+            'description': self.description,
+            'logo_url': self.logo_url,
+            'primary_color': self.primary_color,
+            'custom_domain': self.custom_domain,
+            'is_public': self.is_public,
+            'show_uptime': self.show_uptime,
+            'show_history': self.show_history,
+            'component_count': self.components.count(),
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+        }
+
+
+class StatusComponent(db.Model):
+    """A service/component shown on the status page."""
+    __tablename__ = 'status_components'
+
+    id = db.Column(db.Integer, primary_key=True)
+    page_id = db.Column(db.Integer, db.ForeignKey('status_pages.id'), nullable=False)
+    name = db.Column(db.String(128), nullable=False)
+    description = db.Column(db.Text)
+    group = db.Column(db.String(64))  # e.g., "Web Services", "APIs"
+    sort_order = db.Column(db.Integer, default=0)
+
+    # Health check config
+    check_type = db.Column(db.String(16), default='http')  # http, tcp, dns, smtp, ping
+    check_target = db.Column(db.String(512))  # URL, host:port, etc.
+    check_interval = db.Column(db.Integer, default=60)  # seconds
+    check_timeout = db.Column(db.Integer, default=10)
+
+    # Status
+    STATUS_OPERATIONAL = 'operational'
+    STATUS_DEGRADED = 'degraded'
+    STATUS_PARTIAL = 'partial_outage'
+    STATUS_MAJOR = 'major_outage'
+    STATUS_MAINTENANCE = 'maintenance'
+    status = db.Column(db.String(32), default=STATUS_OPERATIONAL)
+
+    last_check_at = db.Column(db.DateTime)
+    last_response_time = db.Column(db.Integer)  # ms
+
+    # Uptime data
+    uptime_24h = db.Column(db.Float, default=100.0)
+    uptime_7d = db.Column(db.Float, default=100.0)
+    uptime_30d = db.Column(db.Float, default=100.0)
+    uptime_90d = db.Column(db.Float, default=100.0)
+
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+
+    checks = db.relationship('HealthCheck', backref='component', lazy='dynamic',
+                             order_by='HealthCheck.checked_at.desc()', cascade='all, delete-orphan')
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'page_id': self.page_id,
+            'name': self.name,
+            'description': self.description,
+            'group': self.group,
+            'sort_order': self.sort_order,
+            'check_type': self.check_type,
+            'check_target': self.check_target,
+            'check_interval': self.check_interval,
+            'check_timeout': self.check_timeout,
+            'status': self.status,
+            'last_check_at': self.last_check_at.isoformat() if self.last_check_at else None,
+            'last_response_time': self.last_response_time,
+            'uptime_24h': self.uptime_24h,
+            'uptime_7d': self.uptime_7d,
+            'uptime_30d': self.uptime_30d,
+            'uptime_90d': self.uptime_90d,
+        }
+
+
+class HealthCheck(db.Model):
+    """Individual health check result."""
+    __tablename__ = 'health_checks'
+
+    id = db.Column(db.Integer, primary_key=True)
+    component_id = db.Column(db.Integer, db.ForeignKey('status_components.id'), nullable=False)
+    status = db.Column(db.String(16))  # up, down, degraded
+    response_time = db.Column(db.Integer)  # ms
+    status_code = db.Column(db.Integer)
+    error = db.Column(db.Text)
+    checked_at = db.Column(db.DateTime, default=datetime.utcnow)
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'component_id': self.component_id,
+            'status': self.status,
+            'response_time': self.response_time,
+            'status_code': self.status_code,
+            'error': self.error,
+            'checked_at': self.checked_at.isoformat() if self.checked_at else None,
+        }
+
+
+class StatusIncident(db.Model):
+    """An incident on the status page."""
+    __tablename__ = 'status_incidents'
+
+    id = db.Column(db.Integer, primary_key=True)
+    page_id = db.Column(db.Integer, db.ForeignKey('status_pages.id'), nullable=False)
+    title = db.Column(db.String(256), nullable=False)
+    status = db.Column(db.String(32), default='investigating')  # investigating, identified, monitoring, resolved
+    impact = db.Column(db.String(32), default='minor')  # none, minor, major, critical
+    body = db.Column(db.Text)
+
+    # Maintenance window
+    is_maintenance = db.Column(db.Boolean, default=False)
+    scheduled_start = db.Column(db.DateTime)
+    scheduled_end = db.Column(db.DateTime)
+
+    resolved_at = db.Column(db.DateTime)
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    updates = db.relationship('StatusIncidentUpdate', backref='incident', lazy='dynamic',
+                              order_by='StatusIncidentUpdate.created_at.desc()', cascade='all, delete-orphan')
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'page_id': self.page_id,
+            'title': self.title,
+            'status': self.status,
+            'impact': self.impact,
+            'body': self.body,
+            'is_maintenance': self.is_maintenance,
+            'scheduled_start': self.scheduled_start.isoformat() if self.scheduled_start else None,
+            'scheduled_end': self.scheduled_end.isoformat() if self.scheduled_end else None,
+            'resolved_at': self.resolved_at.isoformat() if self.resolved_at else None,
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+            'updates': [u.to_dict() for u in self.updates.limit(20).all()],
+        }
+
+
+class StatusIncidentUpdate(db.Model):
+    """Timeline update for an incident."""
+    __tablename__ = 'status_incident_updates'
+
+    id = db.Column(db.Integer, primary_key=True)
+    incident_id = db.Column(db.Integer, db.ForeignKey('status_incidents.id'), nullable=False)
+    status = db.Column(db.String(32))
+    body = db.Column(db.Text, nullable=False)
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'incident_id': self.incident_id,
+            'status': self.status,
+            'body': self.body,
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+        }
diff --git a/backend/app/models/user.py b/backend/app/models/user.py
index ab8fb244..493c6993 100644
--- a/backend/app/models/user.py
+++ b/backend/app/models/user.py
@@ -17,11 +17,11 @@ class User(db.Model):
     email = db.Column(db.String(120), unique=True, nullable=False, index=True)
     username = db.Column(db.String(80), unique=True, nullable=False, index=True)
     password_hash = db.Column(db.String(256), nullable=True)
-    auth_provider = db.Column(db.String(50), default='local')  # local, google, github, oidc, saml
+    auth_provider = db.Column(db.String(50), default='local', index=True)  # local, google, github, oidc, saml
     role = db.Column(db.String(20), default='developer')  # 'admin', 'developer', 'viewer'
     permissions = db.Column(db.Text, nullable=True)  # JSON per-feature read/write flags
     is_active = db.Column(db.Boolean, default=True)
-    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    created_at = db.Column(db.DateTime, default=datetime.utcnow, index=True)
     updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
     last_login_at = db.Column(db.DateTime, nullable=True)
     created_by = db.Column(db.Integer, db.ForeignKey('users.id'), nullable=True)
@@ -36,6 +36,9 @@ class User(db.Model):
     backup_codes = db.Column(db.Text, nullable=True)  # JSON array of hashed backup codes
     totp_confirmed_at = db.Column(db.DateTime, nullable=True)  # When 2FA was enabled
 
+    # Sidebar preferences: { preset: 'full'|'web'|'email'|'devops'|'minimal'|'custom', hiddenItems: [...] }
+    sidebar_config = db.Column(db.Text, nullable=True)
+
     # Relationships
     applications = db.relationship('Application', backref='owner', lazy='dynamic')
 
@@ -166,6 +169,19 @@ def has_permission(self, feature, level='read'):
         feature_perms = perms.get(feature, {})
         return feature_perms.get(level, False)
 
+    def get_sidebar_config(self):
+        """Return sidebar config dict, or default."""
+        if self.sidebar_config:
+            try:
+                return json.loads(self.sidebar_config)
+            except (json.JSONDecodeError, TypeError):
+                pass
+        return {'preset': 'full', 'hiddenItems': []}
+
+    def set_sidebar_config(self, config):
+        """Store sidebar config as JSON."""
+        self.sidebar_config = json.dumps(config) if config else None
+
     def to_dict(self):
         return {
             'id': self.id,
@@ -177,10 +193,12 @@ def to_dict(self):
             'totp_enabled': self.totp_enabled,
             'auth_provider': self.auth_provider or 'local',
             'has_password': self.has_password,
+            'sidebar_config': self.get_sidebar_config(),
             'created_at': self.created_at.isoformat(),
             'updated_at': self.updated_at.isoformat(),
             'last_login_at': self.last_login_at.isoformat() if self.last_login_at else None,
-            'created_by': self.created_by
+            'created_by': self.created_by,
+            'is_admin': self.is_admin
         }
 
     def get_backup_codes(self):
diff --git a/backend/app/models/workflow.py b/backend/app/models/workflow.py
index c30af13f..33398919 100644
--- a/backend/app/models/workflow.py
+++ b/backend/app/models/workflow.py
@@ -1,5 +1,6 @@
 from datetime import datetime
 from app import db
+import json
 
 
 class Workflow(db.Model):
@@ -14,6 +15,13 @@ class Workflow(db.Model):
     edges = db.Column(db.Text, nullable=True)  # JSON array of edges
     viewport = db.Column(db.Text, nullable=True)  # JSON object {x, y, zoom}
 
+    # Automation fields
+    is_active = db.Column(db.Boolean, default=False)
+    trigger_type = db.Column(db.String(50), default='manual')  # manual, cron, event, webhook
+    trigger_config = db.Column(db.Text, nullable=True)  # JSON configuration for the trigger
+    last_run_at = db.Column(db.DateTime, nullable=True)
+    last_status = db.Column(db.String(20), nullable=True)  # success, failed
+
     # Metadata
     created_at = db.Column(db.DateTime, default=datetime.utcnow)
     updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
@@ -23,9 +31,9 @@ class Workflow(db.Model):
 
     # Relationships
     user = db.relationship('User', backref=db.backref('workflows', lazy='dynamic'))
+    executions = db.relationship('WorkflowExecution', backref='workflow', lazy='dynamic', cascade='all, delete-orphan')
 
     def to_dict(self):
-        import json
         return {
             'id': self.id,
             'name': self.name,
@@ -33,6 +41,11 @@ def to_dict(self):
             'nodes': json.loads(self.nodes) if self.nodes else [],
             'edges': json.loads(self.edges) if self.edges else [],
             'viewport': json.loads(self.viewport) if self.viewport else None,
+            'is_active': self.is_active,
+            'trigger_type': self.trigger_type,
+            'trigger_config': json.loads(self.trigger_config) if self.trigger_config else {},
+            'last_run_at': self.last_run_at.isoformat() if self.last_run_at else None,
+            'last_status': self.last_status,
             'created_at': self.created_at.isoformat() if self.created_at else None,
             'updated_at': self.updated_at.isoformat() if self.updated_at else None,
             'user_id': self.user_id,
@@ -42,3 +55,53 @@ def to_dict(self):
 
     def __repr__(self):
         return f'<Workflow {self.name}>'
+
+
+class WorkflowExecution(db.Model):
+    __tablename__ = 'workflow_executions'
+
+    id = db.Column(db.Integer, primary_key=True)
+    workflow_id = db.Column(db.Integer, db.ForeignKey('workflows.id'), nullable=False)
+    status = db.Column(db.String(20), default='running')  # running, success, failed, cancelled
+    trigger_type = db.Column(db.String(50))
+    context = db.Column(db.Text, nullable=True)  # JSON data passed between steps
+    results = db.Column(db.Text, nullable=True)  # JSON results of each step
+
+    started_at = db.Column(db.DateTime, default=datetime.utcnow)
+    completed_at = db.Column(db.DateTime, nullable=True)
+
+    logs = db.relationship('WorkflowLog', backref='execution', lazy='dynamic', cascade='all, delete-orphan')
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'workflow_id': self.workflow_id,
+            'status': self.status,
+            'trigger_type': self.trigger_type,
+            'context': json.loads(self.context) if self.context else {},
+            'results': json.loads(self.results) if self.results else {},
+            'started_at': self.started_at.isoformat() if self.started_at else None,
+            'completed_at': self.completed_at.isoformat() if self.completed_at else None,
+            'duration': (self.completed_at - self.started_at).total_seconds() if self.completed_at else None
+        }
+
+
+class WorkflowLog(db.Model):
+    __tablename__ = 'workflow_logs'
+
+    id = db.Column(db.Integer, primary_key=True)
+    execution_id = db.Column(db.Integer, db.ForeignKey('workflow_executions.id'), nullable=False)
+    level = db.Column(db.String(10), default='INFO')  # INFO, WARNING, ERROR, DEBUG
+    message = db.Column(db.Text, nullable=False)
+    node_id = db.Column(db.String(100), nullable=True)  # ID of the node that generated the log
+    timestamp = db.Column(db.DateTime, default=datetime.utcnow)
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'execution_id': self.execution_id,
+            'level': self.level,
+            'message': self.message,
+            'node_id': self.node_id,
+            'timestamp': self.timestamp.isoformat()
+        }
diff --git a/backend/app/models/workspace.py b/backend/app/models/workspace.py
new file mode 100644
index 00000000..8e154f52
--- /dev/null
+++ b/backend/app/models/workspace.py
@@ -0,0 +1,141 @@
+from datetime import datetime
+from app import db
+import json
+
+
+class Workspace(db.Model):
+    """Isolated container for servers, users, and settings."""
+    __tablename__ = 'workspaces'
+
+    id = db.Column(db.Integer, primary_key=True)
+    name = db.Column(db.String(128), nullable=False, unique=True)
+    slug = db.Column(db.String(128), nullable=False, unique=True)
+    description = db.Column(db.Text)
+
+    # Branding
+    logo_url = db.Column(db.String(512))
+    primary_color = db.Column(db.String(7))  # hex color
+
+    # Settings
+    settings_json = db.Column(db.Text)
+
+    # Quotas
+    max_servers = db.Column(db.Integer, default=0)  # 0 = unlimited
+    max_users = db.Column(db.Integer, default=0)
+    max_api_calls = db.Column(db.Integer, default=0)
+
+    # Status
+    STATUS_ACTIVE = 'active'
+    STATUS_ARCHIVED = 'archived'
+    status = db.Column(db.String(32), default=STATUS_ACTIVE)
+
+    # Billing
+    billing_notes = db.Column(db.Text)
+
+    created_by = db.Column(db.Integer, db.ForeignKey('users.id'))
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    members = db.relationship('WorkspaceMember', backref='workspace', lazy='dynamic')
+    api_keys = db.relationship('WorkspaceApiKey', backref='workspace', lazy='dynamic')
+
+    @property
+    def settings(self):
+        return json.loads(self.settings_json) if self.settings_json else {}
+
+    @settings.setter
+    def settings(self, v):
+        self.settings_json = json.dumps(v)
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'name': self.name,
+            'slug': self.slug,
+            'description': self.description,
+            'logo_url': self.logo_url,
+            'primary_color': self.primary_color,
+            'settings': self.settings,
+            'max_servers': self.max_servers,
+            'max_users': self.max_users,
+            'max_api_calls': self.max_api_calls,
+            'status': self.status,
+            'member_count': self.members.count(),
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+            'updated_at': self.updated_at.isoformat() if self.updated_at else None,
+        }
+
+    def __repr__(self):
+        return f'<Workspace {self.name}>'
+
+
+class WorkspaceMember(db.Model):
+    """Maps users to workspaces with roles."""
+    __tablename__ = 'workspace_members'
+
+    id = db.Column(db.Integer, primary_key=True)
+    workspace_id = db.Column(db.Integer, db.ForeignKey('workspaces.id'), nullable=False)
+    user_id = db.Column(db.Integer, db.ForeignKey('users.id'), nullable=False)
+
+    ROLE_OWNER = 'owner'
+    ROLE_ADMIN = 'admin'
+    ROLE_MEMBER = 'member'
+    ROLE_VIEWER = 'viewer'
+    role = db.Column(db.String(32), default=ROLE_MEMBER)
+
+    joined_at = db.Column(db.DateTime, default=datetime.utcnow)
+
+    user = db.relationship('User', backref=db.backref('workspace_memberships', lazy='dynamic'))
+
+    __table_args__ = (
+        db.UniqueConstraint('workspace_id', 'user_id', name='uq_workspace_user'),
+    )
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'workspace_id': self.workspace_id,
+            'user_id': self.user_id,
+            'username': self.user.username if self.user else None,
+            'email': self.user.email if self.user else None,
+            'role': self.role,
+            'joined_at': self.joined_at.isoformat() if self.joined_at else None,
+        }
+
+
+class WorkspaceApiKey(db.Model):
+    """API keys scoped to a single workspace."""
+    __tablename__ = 'workspace_api_keys'
+
+    id = db.Column(db.Integer, primary_key=True)
+    workspace_id = db.Column(db.Integer, db.ForeignKey('workspaces.id'), nullable=False)
+    name = db.Column(db.String(128), nullable=False)
+    key_hash = db.Column(db.String(256), nullable=False)
+    key_prefix = db.Column(db.String(16))
+    scopes_json = db.Column(db.Text)
+    is_active = db.Column(db.Boolean, default=True)
+    expires_at = db.Column(db.DateTime, nullable=True)
+    created_by = db.Column(db.Integer, db.ForeignKey('users.id'))
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    last_used_at = db.Column(db.DateTime)
+
+    @property
+    def scopes(self):
+        return json.loads(self.scopes_json) if self.scopes_json else []
+
+    @scopes.setter
+    def scopes(self, v):
+        self.scopes_json = json.dumps(v)
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'workspace_id': self.workspace_id,
+            'name': self.name,
+            'key_prefix': self.key_prefix,
+            'scopes': self.scopes,
+            'is_active': self.is_active,
+            'expires_at': self.expires_at.isoformat() if self.expires_at else None,
+            'created_at': self.created_at.isoformat() if self.created_at else None,
+            'last_used_at': self.last_used_at.isoformat() if self.last_used_at else None,
+        }
diff --git a/backend/app/services/advanced_ssl_service.py b/backend/app/services/advanced_ssl_service.py
new file mode 100644
index 00000000..5a0de41d
--- /dev/null
+++ b/backend/app/services/advanced_ssl_service.py
@@ -0,0 +1,192 @@
+import json
+import logging
+import subprocess
+from datetime import datetime
+from app.utils.system import run_command
+
+logger = logging.getLogger(__name__)
+
+
+class AdvancedSSLService:
+    """Service for advanced SSL certificate features."""
+
+    SSL_PROFILES = {
+        'modern': {
+            'label': 'Modern (TLS 1.3 only)',
+            'protocols': 'TLSv1.3',
+            'ciphers': '',
+            'description': 'Best security. Supports only modern browsers.',
+        },
+        'intermediate': {
+            'label': 'Intermediate (TLS 1.2+)',
+            'protocols': 'TLSv1.2 TLSv1.3',
+            'ciphers': 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384',
+            'description': 'Recommended for most servers. Good compatibility.',
+        },
+        'legacy': {
+            'label': 'Legacy (TLS 1.0+)',
+            'protocols': 'TLSv1 TLSv1.1 TLSv1.2 TLSv1.3',
+            'ciphers': 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256',
+            'description': 'Maximum compatibility. Supports old clients.',
+        },
+    }
+
+    @staticmethod
+    def get_ssl_profiles():
+        return AdvancedSSLService.SSL_PROFILES
+
+    @staticmethod
+    def issue_wildcard_cert(domain, dns_provider, credentials):
+        """Issue wildcard SSL via DNS-01 challenge."""
+        wildcard = f'*.{domain}'
+        cmd = ['certbot', 'certonly', '--non-interactive', '--agree-tos',
+               '--dns-' + dns_provider, '-d', domain, '-d', wildcard]
+
+        if dns_provider == 'cloudflare':
+            cred_file = f'/tmp/certbot-{dns_provider}.ini'
+            with open(cred_file, 'w') as f:
+                f.write(f"dns_cloudflare_api_token = {credentials.get('api_token', '')}\n")
+            import os
+            os.chmod(cred_file, 0o600)
+            cmd.extend(['--dns-cloudflare-credentials', cred_file])
+
+        try:
+            result = run_command(cmd)
+            return {'success': True, 'domain': domain, 'type': 'wildcard', 'output': result.get('stdout', '')}
+        except Exception as e:
+            return {'success': False, 'error': str(e)}
+
+    @staticmethod
+    def issue_san_cert(domains):
+        """Issue multi-domain (SAN) certificate."""
+        if not domains or len(domains) < 1:
+            raise ValueError('At least one domain required')
+
+        cmd = ['certbot', 'certonly', '--non-interactive', '--agree-tos',
+               '--webroot', '-w', '/var/www/html']
+        for d in domains:
+            cmd.extend(['-d', d])
+
+        try:
+            result = run_command(cmd)
+            return {'success': True, 'domains': domains, 'type': 'san', 'output': result.get('stdout', '')}
+        except Exception as e:
+            return {'success': False, 'error': str(e)}
+
+    @staticmethod
+    def upload_custom_cert(domain, cert_pem, key_pem, chain_pem=None):
+        """Upload custom certificate files."""
+        import os
+        cert_dir = f'/etc/ssl/serverkit/{domain}'
+        os.makedirs(cert_dir, exist_ok=True)
+
+        cert_path = os.path.join(cert_dir, 'cert.pem')
+        key_path = os.path.join(cert_dir, 'key.pem')
+        chain_path = os.path.join(cert_dir, 'chain.pem')
+
+        with open(cert_path, 'w') as f:
+            f.write(cert_pem)
+        with open(key_path, 'w') as f:
+            f.write(key_pem)
+        if os.name != 'nt':
+            os.chmod(key_path, 0o600)
+        if chain_pem:
+            with open(chain_path, 'w') as f:
+                f.write(chain_pem)
+
+        return {
+            'domain': domain,
+            'cert_path': cert_path,
+            'key_path': key_path,
+            'chain_path': chain_path if chain_pem else None,
+        }
+
+    @staticmethod
+    def get_cert_health(domain):
+        """Check SSL health — grade, cipher suites, protocol versions."""
+        import ssl
+        import socket
+        from datetime import timezone
+
+        result = {
+            'domain': domain,
+            'valid': False,
+            'grade': 'F',
+            'protocols': [],
+            'cipher_suites': [],
+            'issuer': None,
+            'expires_at': None,
+            'days_remaining': None,
+        }
+
+        try:
+            ctx = ssl.create_default_context()
+            with socket.create_connection((domain, 443), timeout=10) as sock:
+                with ctx.wrap_socket(sock, server_hostname=domain) as ssock:
+                    cert = ssock.getpeercert()
+                    cipher = ssock.cipher()
+
+                    result['valid'] = True
+                    result['cipher_suites'] = [cipher[0]] if cipher else []
+                    result['protocols'] = [ssock.version()]
+
+                    # Parse expiry
+                    not_after = cert.get('notAfter')
+                    if not_after:
+                        expiry = datetime.strptime(not_after, '%b %d %H:%M:%S %Y %Z')
+                        result['expires_at'] = expiry.isoformat()
+                        result['days_remaining'] = (expiry - datetime.utcnow()).days
+
+                    # Issuer
+                    issuer = cert.get('issuer', ())
+                    for field in issuer:
+                        for k, v in field:
+                            if k == 'organizationName':
+                                result['issuer'] = v
+
+                    # Simple grading
+                    version = ssock.version()
+                    if version == 'TLSv1.3':
+                        result['grade'] = 'A+'
+                    elif version == 'TLSv1.2':
+                        result['grade'] = 'A'
+                    elif version == 'TLSv1.1':
+                        result['grade'] = 'B'
+                    else:
+                        result['grade'] = 'C'
+
+        except Exception as e:
+            result['error'] = str(e)
+
+        return result
+
+    @staticmethod
+    def get_expiry_alerts(days_threshold=30):
+        """Get certificates expiring within threshold days."""
+        import os
+        import glob
+
+        alerts = []
+        cert_paths = glob.glob('/etc/letsencrypt/live/*/cert.pem')
+        cert_paths += glob.glob('/etc/ssl/serverkit/*/cert.pem')
+
+        for cert_path in cert_paths:
+            try:
+                domain = os.path.basename(os.path.dirname(cert_path))
+                result = run_command(['openssl', 'x509', '-enddate', '-noout', '-in', cert_path])
+                stdout = result.get('stdout', '')
+                if 'notAfter=' in stdout:
+                    date_str = stdout.split('notAfter=')[1].strip()
+                    expiry = datetime.strptime(date_str, '%b %d %H:%M:%S %Y %Z')
+                    days = (expiry - datetime.utcnow()).days
+                    if days <= days_threshold:
+                        alerts.append({
+                            'domain': domain,
+                            'expires_at': expiry.isoformat(),
+                            'days_remaining': days,
+                            'severity': 'critical' if days <= 7 else 'warning',
+                        })
+            except Exception:
+                continue
+
+        return sorted(alerts, key=lambda x: x.get('days_remaining', 999))
diff --git a/backend/app/services/agent_fleet_service.py b/backend/app/services/agent_fleet_service.py
new file mode 100644
index 00000000..a6b19656
--- /dev/null
+++ b/backend/app/services/agent_fleet_service.py
@@ -0,0 +1,542 @@
+"""
+AgentFleet Service
+
+Manages agent fleet operations including bulk upgrades, staged rollouts,
+health monitoring, offline command queuing, and retry with backoff.
+"""
+
+from datetime import datetime, timedelta
+from typing import List, Dict, Optional
+import threading
+import time
+import uuid
+
+from app import db
+from app.models.server import (
+    Server, ServerGroup, AgentVersion, ServerCommand, AgentSession, AgentRollout
+)
+from app.services.agent_registry import agent_registry
+
+
+class AgentFleetService:
+    """Service for managing a fleet of agents."""
+
+    def __init__(self):
+        self._rollout_threads = {}
+        self._rollout_cancel = {}  # rollout_id -> threading.Event
+
+    # ==================== Fleet Health ====================
+
+    def get_fleet_health(self) -> Dict:
+        """Get aggregated health metrics for the entire fleet."""
+        now = datetime.utcnow()
+        one_hour_ago = now - timedelta(hours=1)
+
+        servers = Server.query.all()
+        total_count = len(servers)
+
+        online_count = sum(1 for s in servers if s.status == 'online')
+        offline_count = sum(1 for s in servers if s.status == 'offline')
+        pending_count = sum(1 for s in servers if s.status == 'pending')
+
+        # Real heartbeat latency from active sessions
+        active_sessions = AgentSession.query.filter_by(is_active=True).all()
+        latencies = [s.avg_latency_ms for s in active_sessions if s.avg_latency_ms is not None]
+        avg_latency = sum(latencies) / len(latencies) if latencies else 0.0
+
+        # Command success rate in the last hour
+        commands = ServerCommand.query.filter(ServerCommand.created_at >= one_hour_ago).all()
+        if commands:
+            success_count = sum(1 for c in commands if c.status == 'completed')
+            command_success_rate = (success_count / len(commands)) * 100
+        else:
+            command_success_rate = 100.0
+
+        # Queued commands count
+        queued_count = ServerCommand.query.filter_by(queued=True, status='pending').count()
+
+        return {
+            'total_servers': total_count,
+            'online_servers': online_count,
+            'offline_servers': offline_count,
+            'pending_servers': pending_count,
+            'uptime_percentage': (online_count / total_count * 100) if total_count > 0 else 100,
+            'avg_heartbeat_latency': round(avg_latency, 1),
+            'command_success_rate': round(command_success_rate, 1),
+            'queued_commands': queued_count,
+            'version_distribution': self._get_version_distribution(servers)
+        }
+
+    def _get_version_distribution(self, servers: List[Server]) -> Dict[str, int]:
+        """Calculate distribution of agent versions."""
+        dist = {}
+        for s in servers:
+            version = s.agent_version or 'unknown'
+            dist[version] = dist.get(version, 0) + 1
+        return dist
+
+    # ==================== Upgrades ====================
+
+    def upgrade_servers(self, server_ids: List[str], version_id: Optional[str] = None, user_id: int = None) -> Dict:
+        """Trigger upgrades for a list of servers."""
+        version = None
+        if version_id:
+            version = AgentVersion.query.get(version_id)
+        else:
+            version = AgentVersion.query.filter_by(
+                channel='stable', is_active=True
+            ).order_by(AgentVersion.version.desc()).first()
+
+        if not version:
+            return {'success': False, 'error': 'No suitable agent version found'}
+
+        results = []
+        for server_id in server_ids:
+            server = Server.query.get(server_id)
+            if not server:
+                results.append({'server_id': server_id, 'success': False, 'error': 'Server not found'})
+                continue
+
+            platform = f"{server.os_type}-{server.architecture}"
+            download_url = version.assets.get(platform) if version.assets else None
+
+            if not download_url:
+                results.append({'server_id': server_id, 'success': False, 'error': f'No asset for platform {platform}'})
+                continue
+
+            params = {
+                'version': version.version,
+                'download_url': download_url,
+                'checksums_url': version.assets.get('checksums') if version.assets else None
+            }
+
+            if server.status != 'online':
+                # Queue command for offline agent
+                self.queue_command(server_id, 'agent:update', params, user_id=user_id)
+                results.append({'server_id': server_id, 'success': True, 'message': 'Upgrade queued (agent offline)'})
+                continue
+
+            threading.Thread(
+                target=agent_registry.send_command,
+                args=(server_id, 'agent:update', params),
+                kwargs={'user_id': user_id, 'timeout': 60.0},
+                daemon=True
+            ).start()
+
+            results.append({'server_id': server_id, 'success': True, 'message': 'Upgrade triggered'})
+
+        return {'success': True, 'results': results}
+
+    # ==================== Staged Rollouts ====================
+
+    def staged_rollout(
+        self, group_id: str, version_id: str,
+        batch_size: int = 5, delay_minutes: int = 10,
+        strategy: str = 'staged', user_id: int = None,
+        server_ids: List[str] = None
+    ) -> Dict:
+        """Perform a staged rollout of an agent version."""
+        version = AgentVersion.query.get(version_id)
+        if not version:
+            return {'success': False, 'error': 'Version not found'}
+
+        if group_id:
+            group = ServerGroup.query.get(group_id)
+            if not group:
+                return {'success': False, 'error': 'Group not found'}
+            target_servers = Server.query.filter_by(group_id=group_id, status='online').all()
+        elif server_ids:
+            target_servers = Server.query.filter(
+                Server.id.in_(server_ids), Server.status == 'online'
+            ).all()
+        else:
+            target_servers = Server.query.filter_by(status='online').all()
+
+        if not target_servers:
+            return {'success': True, 'message': 'No online servers to upgrade'}
+
+        ids = [s.id for s in target_servers]
+
+        # Create persistent rollout record
+        rollout = AgentRollout(
+            version_id=version_id,
+            group_id=group_id,
+            user_id=user_id,
+            batch_size=batch_size,
+            delay_minutes=delay_minutes,
+            strategy=strategy,
+            status='running',
+            total_servers=len(ids),
+            started_at=datetime.utcnow()
+        )
+        db.session.add(rollout)
+        db.session.commit()
+
+        rollout_id = rollout.id
+
+        # Setup cancellation
+        cancel_event = threading.Event()
+        self._rollout_cancel[rollout_id] = cancel_event
+
+        thread = threading.Thread(
+            target=self._run_staged_rollout,
+            args=(rollout_id, ids, version_id, batch_size, delay_minutes, user_id, cancel_event),
+            daemon=True
+        )
+        self._rollout_threads[rollout_id] = thread
+        thread.start()
+
+        return {'success': True, 'rollout_id': rollout_id, 'rollout': rollout.to_dict()}
+
+    def _run_staged_rollout(self, rollout_id, server_ids, version_id, batch_size, delay_minutes, user_id, cancel_event):
+        """Run staged rollout in batches with health checks between waves."""
+        from app import create_app
+        app = create_app()
+
+        with app.app_context():
+            total = len(server_ids)
+            processed = 0
+            failed = 0
+            wave = 0
+            server_results = []
+
+            for i in range(0, total, batch_size):
+                if cancel_event.is_set():
+                    self._update_rollout_status(rollout_id, 'cancelled', processed, failed, wave, server_results)
+                    return
+
+                batch = server_ids[i:i + batch_size]
+                wave += 1
+
+                # Upgrade this batch
+                result = self.upgrade_servers(batch, version_id, user_id)
+                batch_results = result.get('results', [])
+
+                for r in batch_results:
+                    server_results.append({
+                        'server_id': r['server_id'],
+                        'status': 'success' if r.get('success') else 'failed',
+                        'error': r.get('error'),
+                        'wave': wave
+                    })
+                    if not r.get('success'):
+                        failed += 1
+
+                processed += len(batch)
+
+                # Update rollout progress
+                self._update_rollout_status(rollout_id, 'running', processed, failed, wave, server_results)
+
+                if processed < total:
+                    # Health check: if more than 50% of current wave failed, abort
+                    wave_failures = sum(1 for r in batch_results if not r.get('success'))
+                    if wave_failures > len(batch) * 0.5:
+                        self._update_rollout_status(
+                            rollout_id, 'failed', processed, failed, wave, server_results,
+                            error=f'Wave {wave} had >50% failures ({wave_failures}/{len(batch)}), aborting rollout'
+                        )
+                        return
+
+                    # Wait between waves, checking for cancellation
+                    wait_seconds = delay_minutes * 60
+                    if cancel_event.wait(timeout=wait_seconds):
+                        self._update_rollout_status(rollout_id, 'cancelled', processed, failed, wave, server_results)
+                        return
+
+                    # Post-wave health check: verify previous batch servers are still online
+                    offline_count = 0
+                    for sid in batch:
+                        server = Server.query.get(sid)
+                        if server and server.status != 'online':
+                            offline_count += 1
+
+                    if offline_count > len(batch) * 0.3:
+                        self._update_rollout_status(
+                            rollout_id, 'failed', processed, failed, wave, server_results,
+                            error=f'Post-wave health check failed: {offline_count}/{len(batch)} servers offline after wave {wave}'
+                        )
+                        return
+
+            self._update_rollout_status(rollout_id, 'completed', processed, failed, wave, server_results)
+
+    def _update_rollout_status(self, rollout_id, status, processed, failed, wave, server_results, error=None):
+        """Update rollout record in database."""
+        try:
+            rollout = AgentRollout.query.get(rollout_id)
+            if rollout:
+                rollout.status = status
+                rollout.processed_servers = processed
+                rollout.failed_servers = failed
+                rollout.current_wave = wave
+                rollout.server_results = server_results
+                rollout.error = error
+                if status in ('completed', 'failed', 'cancelled'):
+                    rollout.completed_at = datetime.utcnow()
+                db.session.commit()
+        except Exception as e:
+            print(f"Error updating rollout status: {e}")
+            db.session.rollback()
+
+    def cancel_rollout(self, rollout_id: str) -> bool:
+        """Cancel an active rollout."""
+        cancel_event = self._rollout_cancel.get(rollout_id)
+        if cancel_event:
+            cancel_event.set()
+            return True
+
+        # Try to cancel in DB directly if thread already finished
+        rollout = AgentRollout.query.get(rollout_id)
+        if rollout and rollout.status == 'running':
+            rollout.status = 'cancelled'
+            rollout.completed_at = datetime.utcnow()
+            db.session.commit()
+            return True
+
+        return False
+
+    def get_rollouts(self, status: str = None, limit: int = 20) -> List[Dict]:
+        """Get rollout history."""
+        query = AgentRollout.query.order_by(AgentRollout.created_at.desc())
+        if status:
+            query = query.filter_by(status=status)
+        rollouts = query.limit(limit).all()
+        return [r.to_dict() for r in rollouts]
+
+    def get_rollout(self, rollout_id: str) -> Optional[Dict]:
+        """Get a specific rollout."""
+        rollout = AgentRollout.query.get(rollout_id)
+        return rollout.to_dict() if rollout else None
+
+    # ==================== Registration ====================
+
+    def approve_registration(self, server_id: str, user_id: int) -> bool:
+        """Approve a pending agent registration."""
+        server = Server.query.get(server_id)
+        if not server or server.status != 'pending':
+            return False
+
+        server.status = 'connecting'
+        server.registered_by = user_id
+        server.registered_at = datetime.utcnow()
+        db.session.commit()
+        return True
+
+    def reject_registration(self, server_id: str) -> bool:
+        """Reject and delete a pending agent registration."""
+        server = Server.query.get(server_id)
+        if not server or server.status != 'pending':
+            return False
+
+        db.session.delete(server)
+        db.session.commit()
+        return True
+
+    # ==================== Offline Command Queue ====================
+
+    def queue_command(
+        self, server_id: str, action: str, params: dict = None,
+        user_id: int = None, max_retries: int = 3, backoff_seconds: int = 30
+    ) -> ServerCommand:
+        """Queue a command for an offline agent. Delivered on reconnect."""
+        command = ServerCommand(
+            id=str(uuid.uuid4()),
+            server_id=server_id,
+            user_id=user_id,
+            command_type=action,
+            command_data=params,
+            status='pending',
+            queued=True,
+            max_retries=max_retries,
+            backoff_seconds=backoff_seconds
+        )
+        db.session.add(command)
+        db.session.commit()
+        return command
+
+    def deliver_queued_commands(self, server_id: str):
+        """Deliver all queued commands for a server that just reconnected."""
+        commands = ServerCommand.query.filter_by(
+            server_id=server_id, queued=True, status='pending'
+        ).order_by(ServerCommand.created_at.asc()).all()
+
+        for cmd in commands:
+            cmd.queued = False
+            cmd.status = 'running'
+            cmd.started_at = datetime.utcnow()
+            db.session.commit()
+
+            # Send asynchronously
+            threading.Thread(
+                target=self._deliver_single_command,
+                args=(server_id, cmd.id, cmd.command_type, cmd.command_data, cmd.user_id),
+                daemon=True
+            ).start()
+
+    def _deliver_single_command(self, server_id, command_id, action, params, user_id):
+        """Send a single queued command and update its status."""
+        from app import create_app
+        app = create_app()
+
+        with app.app_context():
+            result = agent_registry.send_command(
+                server_id, action, params, user_id=user_id, timeout=60.0
+            )
+
+            try:
+                cmd = ServerCommand.query.get(command_id)
+                if cmd:
+                    if result.get('success'):
+                        cmd.status = 'completed'
+                        cmd.result = result.get('data')
+                    else:
+                        cmd.status = 'failed'
+                        cmd.error = result.get('error')
+                    cmd.completed_at = datetime.utcnow()
+                    db.session.commit()
+            except Exception as e:
+                print(f"Error updating queued command: {e}")
+                db.session.rollback()
+
+    def get_queued_commands(self, server_id: str = None) -> List[Dict]:
+        """Get all pending queued commands, optionally filtered by server."""
+        query = ServerCommand.query.filter_by(queued=True, status='pending')
+        if server_id:
+            query = query.filter_by(server_id=server_id)
+        return [c.to_dict() for c in query.order_by(ServerCommand.created_at.asc()).all()]
+
+    # ==================== Command Retry ====================
+
+    def retry_command(self, command_id: str) -> Dict:
+        """Retry a failed command with exponential backoff."""
+        cmd = ServerCommand.query.get(command_id)
+        if not cmd:
+            return {'success': False, 'error': 'Command not found'}
+
+        if cmd.status not in ('failed', 'timeout'):
+            return {'success': False, 'error': f'Cannot retry command with status: {cmd.status}'}
+
+        if cmd.retry_count >= cmd.max_retries:
+            return {'success': False, 'error': f'Max retries ({cmd.max_retries}) exceeded'}
+
+        server = Server.query.get(cmd.server_id)
+        if not server:
+            return {'success': False, 'error': 'Server not found'}
+
+        cmd.retry_count += 1
+
+        if server.status != 'online':
+            # Re-queue for offline delivery
+            cmd.queued = True
+            cmd.status = 'pending'
+            # Exponential backoff for next_retry_at
+            backoff = cmd.backoff_seconds * (2 ** (cmd.retry_count - 1))
+            cmd.next_retry_at = datetime.utcnow() + timedelta(seconds=backoff)
+            db.session.commit()
+            return {'success': True, 'message': 'Command re-queued (agent offline)', 'retry_count': cmd.retry_count}
+
+        # Agent is online, send immediately
+        cmd.status = 'running'
+        cmd.started_at = datetime.utcnow()
+        db.session.commit()
+
+        threading.Thread(
+            target=self._deliver_single_command,
+            args=(cmd.server_id, cmd.id, cmd.command_type, cmd.command_data, cmd.user_id),
+            daemon=True
+        ).start()
+
+        return {'success': True, 'message': 'Command retry triggered', 'retry_count': cmd.retry_count}
+
+    def process_scheduled_retries(self):
+        """Process commands that are due for retry. Call periodically."""
+        now = datetime.utcnow()
+        commands = ServerCommand.query.filter(
+            ServerCommand.status == 'pending',
+            ServerCommand.queued == True,
+            ServerCommand.next_retry_at != None,
+            ServerCommand.next_retry_at <= now
+        ).all()
+
+        for cmd in commands:
+            server = Server.query.get(cmd.server_id)
+            if server and server.status == 'online':
+                cmd.queued = False
+                cmd.status = 'running'
+                cmd.started_at = datetime.utcnow()
+                db.session.commit()
+
+                threading.Thread(
+                    target=self._deliver_single_command,
+                    args=(cmd.server_id, cmd.id, cmd.command_type, cmd.command_data, cmd.user_id),
+                    daemon=True
+                ).start()
+
+    # ==================== Diagnostics ====================
+
+    def get_server_diagnostics(self, server_id: str) -> Dict:
+        """Get detailed connection diagnostics for a server."""
+        server = Server.query.get(server_id)
+        if not server:
+            return {'error': 'Server not found'}
+
+        # Active session
+        active_session = AgentSession.query.filter_by(
+            server_id=server_id, is_active=True
+        ).first()
+
+        # Recent sessions (last 10)
+        recent_sessions = AgentSession.query.filter_by(
+            server_id=server_id
+        ).order_by(AgentSession.connected_at.desc()).limit(10).all()
+
+        # Command stats (last 24h)
+        one_day_ago = datetime.utcnow() - timedelta(hours=24)
+        recent_commands = ServerCommand.query.filter(
+            ServerCommand.server_id == server_id,
+            ServerCommand.created_at >= one_day_ago
+        ).all()
+
+        total_cmds = len(recent_commands)
+        success_cmds = sum(1 for c in recent_commands if c.status == 'completed')
+        failed_cmds = sum(1 for c in recent_commands if c.status == 'failed')
+        timeout_cmds = sum(1 for c in recent_commands if c.status == 'timeout')
+
+        # Calculate uptime from sessions
+        uptime_seconds = 0
+        for session in recent_sessions:
+            start = session.connected_at or session.connected_at
+            end = session.disconnected_at or datetime.utcnow()
+            uptime_seconds += (end - start).total_seconds()
+
+        # Queued commands for this server
+        queued = ServerCommand.query.filter_by(
+            server_id=server_id, queued=True, status='pending'
+        ).count()
+
+        return {
+            'server_id': server_id,
+            'server_name': server.name,
+            'status': server.status,
+            'agent_version': server.agent_version,
+            'last_seen': server.last_seen.isoformat() if server.last_seen else None,
+            'connection': {
+                'is_connected': active_session is not None,
+                'current_latency_ms': active_session.heartbeat_latency_ms if active_session else None,
+                'avg_latency_ms': active_session.avg_latency_ms if active_session else None,
+                'connected_since': active_session.connected_at.isoformat() if active_session else None,
+                'ip_address': active_session.ip_address if active_session else server.ip_address,
+            },
+            'commands_24h': {
+                'total': total_cmds,
+                'success': success_cmds,
+                'failed': failed_cmds,
+                'timeout': timeout_cmds,
+                'success_rate': round((success_cmds / total_cmds * 100), 1) if total_cmds > 0 else 100.0,
+            },
+            'queued_commands': queued,
+            'uptime_seconds_24h': round(uptime_seconds),
+            'recent_sessions': [s.to_dict() for s in recent_sessions],
+        }
+
+
+fleet_service = AgentFleetService()
diff --git a/backend/app/services/agent_plugin_service.py b/backend/app/services/agent_plugin_service.py
new file mode 100644
index 00000000..6bd44d6c
--- /dev/null
+++ b/backend/app/services/agent_plugin_service.py
@@ -0,0 +1,306 @@
+import json
+import logging
+from datetime import datetime
+from app import db
+from app.models.agent_plugin import AgentPlugin, AgentPluginInstall
+from app.models.server import Server
+
+logger = logging.getLogger(__name__)
+
+
+class AgentPluginService:
+    """Service for managing agent plugins."""
+
+    # Plugin specification interface
+    PLUGIN_SPEC = {
+        'required_fields': ['name', 'display_name', 'version'],
+        'capability_types': ['metrics', 'health_checks', 'commands', 'scheduled_tasks', 'event_hooks'],
+        'permission_types': ['filesystem', 'network', 'docker', 'process', 'system'],
+    }
+
+    @staticmethod
+    def list_plugins(status=None):
+        query = AgentPlugin.query
+        if status:
+            query = query.filter_by(status=status)
+        return query.order_by(AgentPlugin.display_name).all()
+
+    @staticmethod
+    def get_plugin(plugin_id):
+        return AgentPlugin.query.get(plugin_id)
+
+    @staticmethod
+    def get_plugin_by_name(name):
+        return AgentPlugin.query.filter_by(name=name).first()
+
+    @staticmethod
+    def create_plugin(data):
+        """Register a new plugin from manifest data."""
+        if AgentPlugin.query.filter_by(name=data['name']).first():
+            raise ValueError(f"Plugin '{data['name']}' already exists")
+
+        plugin = AgentPlugin(
+            name=data['name'],
+            display_name=data.get('display_name', data['name']),
+            version=data['version'],
+            description=data.get('description', ''),
+            author=data.get('author', ''),
+            homepage=data.get('homepage', ''),
+            max_memory_mb=data.get('max_memory_mb', 128),
+            max_cpu_percent=data.get('max_cpu_percent', 10),
+        )
+        plugin.manifest = data.get('manifest', data)
+        plugin.capabilities = data.get('capabilities', [])
+        plugin.dependencies = data.get('dependencies', [])
+        plugin.permissions = data.get('permissions', [])
+
+        db.session.add(plugin)
+        db.session.commit()
+        return plugin
+
+    @staticmethod
+    def update_plugin(plugin_id, data):
+        plugin = AgentPlugin.query.get(plugin_id)
+        if not plugin:
+            return None
+
+        for field in ['display_name', 'version', 'description', 'author', 'homepage',
+                      'max_memory_mb', 'max_cpu_percent', 'status']:
+            if field in data:
+                setattr(plugin, field, data[field])
+
+        if 'capabilities' in data:
+            plugin.capabilities = data['capabilities']
+        if 'dependencies' in data:
+            plugin.dependencies = data['dependencies']
+        if 'permissions' in data:
+            plugin.permissions = data['permissions']
+        if 'manifest' in data:
+            plugin.manifest = data['manifest']
+
+        db.session.commit()
+        return plugin
+
+    @staticmethod
+    def delete_plugin(plugin_id):
+        plugin = AgentPlugin.query.get(plugin_id)
+        if not plugin:
+            return False
+
+        # Check for active installations
+        active = plugin.installations.filter(
+            AgentPluginInstall.status.in_([
+                AgentPluginInstall.STATUS_ENABLED,
+                AgentPluginInstall.STATUS_INSTALLING
+            ])
+        ).count()
+        if active > 0:
+            raise ValueError(f'Cannot delete plugin with {active} active installations')
+
+        # Remove all installation records
+        AgentPluginInstall.query.filter_by(plugin_id=plugin_id).delete()
+        db.session.delete(plugin)
+        db.session.commit()
+        return True
+
+    # --- Installation Management ---
+
+    @staticmethod
+    def install_plugin(plugin_id, server_id, config=None):
+        """Install a plugin on a server."""
+        plugin = AgentPlugin.query.get(plugin_id)
+        if not plugin:
+            raise ValueError('Plugin not found')
+
+        server = Server.query.get(server_id)
+        if not server:
+            raise ValueError('Server not found')
+
+        # Check if already installed
+        existing = AgentPluginInstall.query.filter_by(
+            plugin_id=plugin_id, server_id=server_id
+        ).first()
+        if existing and existing.status in ['enabled', 'installing']:
+            raise ValueError('Plugin already installed on this server')
+
+        # Check dependencies
+        for dep_name in plugin.dependencies:
+            dep_plugin = AgentPlugin.query.filter_by(name=dep_name).first()
+            if not dep_plugin:
+                raise ValueError(f"Required dependency '{dep_name}' not available")
+            dep_install = AgentPluginInstall.query.filter_by(
+                plugin_id=dep_plugin.id, server_id=server_id, status='enabled'
+            ).first()
+            if not dep_install:
+                raise ValueError(f"Dependency '{dep_name}' not installed on server")
+
+        if existing:
+            existing.status = AgentPluginInstall.STATUS_INSTALLING
+            existing.installed_version = plugin.version
+            existing.error_message = None
+            if config:
+                existing.config = config
+            install = existing
+        else:
+            install = AgentPluginInstall(
+                plugin_id=plugin_id,
+                server_id=server_id,
+                installed_version=plugin.version,
+                status=AgentPluginInstall.STATUS_INSTALLING,
+            )
+            if config:
+                install.config = config
+            db.session.add(install)
+
+        db.session.commit()
+
+        # Send install command to agent
+        try:
+            from app.agent_gateway import get_agent_gateway
+            gw = get_agent_gateway()
+            if gw:
+                gw.send_command(server.agent_id, 'plugin_install', {
+                    'plugin_name': plugin.name,
+                    'version': plugin.version,
+                    'manifest': plugin.manifest,
+                    'config': install.config,
+                    'permissions': plugin.permissions,
+                    'resource_limits': {
+                        'max_memory_mb': plugin.max_memory_mb,
+                        'max_cpu_percent': plugin.max_cpu_percent,
+                    }
+                })
+        except Exception as e:
+            logger.warning(f'Could not send plugin install command: {e}')
+
+        return install
+
+    @staticmethod
+    def uninstall_plugin(install_id):
+        install = AgentPluginInstall.query.get(install_id)
+        if not install:
+            return False
+
+        install.status = AgentPluginInstall.STATUS_UNINSTALLING
+        db.session.commit()
+
+        # Send uninstall command to agent
+        try:
+            from app.agent_gateway import get_agent_gateway
+            gw = get_agent_gateway()
+            if gw and install.server:
+                gw.send_command(install.server.agent_id, 'plugin_uninstall', {
+                    'plugin_name': install.plugin.name,
+                })
+        except Exception as e:
+            logger.warning(f'Could not send plugin uninstall command: {e}')
+
+        return True
+
+    @staticmethod
+    def enable_plugin(install_id):
+        install = AgentPluginInstall.query.get(install_id)
+        if not install:
+            return None
+        install.status = AgentPluginInstall.STATUS_ENABLED
+        db.session.commit()
+        return install
+
+    @staticmethod
+    def disable_plugin(install_id):
+        install = AgentPluginInstall.query.get(install_id)
+        if not install:
+            return None
+        install.status = AgentPluginInstall.STATUS_DISABLED
+        db.session.commit()
+
+        try:
+            from app.agent_gateway import get_agent_gateway
+            gw = get_agent_gateway()
+            if gw and install.server:
+                gw.send_command(install.server.agent_id, 'plugin_disable', {
+                    'plugin_name': install.plugin.name,
+                })
+        except Exception as e:
+            logger.warning(f'Could not send plugin disable command: {e}')
+
+        return install
+
+    @staticmethod
+    def update_install_status(install_id, status, error=None, health=None, metrics=None):
+        install = AgentPluginInstall.query.get(install_id)
+        if not install:
+            return None
+        install.status = status
+        if error is not None:
+            install.error_message = error
+        if health is not None:
+            install.health_status = health
+            install.last_health_check = datetime.utcnow()
+        if metrics is not None:
+            install.metrics_json = json.dumps(metrics)
+        db.session.commit()
+        return install
+
+    @staticmethod
+    def update_install_config(install_id, config):
+        install = AgentPluginInstall.query.get(install_id)
+        if not install:
+            return None
+        install.config = config
+        db.session.commit()
+
+        try:
+            from app.agent_gateway import get_agent_gateway
+            gw = get_agent_gateway()
+            if gw and install.server:
+                gw.send_command(install.server.agent_id, 'plugin_configure', {
+                    'plugin_name': install.plugin.name,
+                    'config': config,
+                })
+        except Exception as e:
+            logger.warning(f'Could not send plugin config update: {e}')
+
+        return install
+
+    @staticmethod
+    def get_server_plugins(server_id):
+        return AgentPluginInstall.query.filter_by(server_id=server_id).all()
+
+    @staticmethod
+    def get_plugin_installations(plugin_id):
+        return AgentPluginInstall.query.filter_by(plugin_id=plugin_id).all()
+
+    @staticmethod
+    def get_install(install_id):
+        return AgentPluginInstall.query.get(install_id)
+
+    @staticmethod
+    def bulk_install(plugin_id, server_ids, config=None):
+        """Install plugin on multiple servers."""
+        results = []
+        for sid in server_ids:
+            try:
+                install = AgentPluginService.install_plugin(plugin_id, sid, config)
+                results.append({'server_id': sid, 'status': 'installing', 'install_id': install.id})
+            except ValueError as e:
+                results.append({'server_id': sid, 'status': 'error', 'error': str(e)})
+        return results
+
+    @staticmethod
+    def validate_manifest(manifest):
+        """Validate a plugin manifest against the spec."""
+        errors = []
+        for field in AgentPluginService.PLUGIN_SPEC['required_fields']:
+            if field not in manifest:
+                errors.append(f"Missing required field: {field}")
+
+        for cap in manifest.get('capabilities', []):
+            if cap not in AgentPluginService.PLUGIN_SPEC['capability_types']:
+                errors.append(f"Unknown capability: {cap}")
+
+        for perm in manifest.get('permissions', []):
+            if perm not in AgentPluginService.PLUGIN_SPEC['permission_types']:
+                errors.append(f"Unknown permission: {perm}")
+
+        return errors
diff --git a/backend/app/services/agent_registry.py b/backend/app/services/agent_registry.py
index db298454..0118aa56 100644
--- a/backend/app/services/agent_registry.py
+++ b/backend/app/services/agent_registry.py
@@ -7,9 +7,12 @@
 
 import hmac
 import hashlib
+import logging
 import secrets
 import time
 import threading
+
+logger = logging.getLogger(__name__)
 from datetime import datetime, timedelta
 from typing import Dict, Optional, Callable, Any
 from dataclasses import dataclass, field
@@ -120,7 +123,7 @@ def _check_heartbeats(self):
                     self._handle_agent_timeout(server_id)
 
             except Exception as e:
-                print(f"Error in heartbeat checker: {e}")
+                logger.error("Error in heartbeat checker: %s", e)
 
             self._stop_heartbeat.wait(30)  # Check every 30 seconds
 
@@ -152,7 +155,7 @@ def _handle_agent_timeout(self, server_id: str):
                     session.disconnect_reason = 'heartbeat_timeout'
                     db.session.commit()
             except Exception as e:
-                print(f"Error updating server status: {e}")
+                logger.exception("Error updating server status")
 
     # ==================== Connection Management ====================
 
@@ -211,8 +214,16 @@ def register_agent(
             )
             db.session.add(session)
             db.session.commit()
+
+            # Deliver any queued commands for this server
+            try:
+                from app.services.agent_fleet_service import fleet_service
+                fleet_service.deliver_queued_commands(server_id)
+            except Exception as e:
+                logger.error("Error delivering queued commands: %s", e)
+
         except Exception as e:
-            print(f"Error registering agent: {e}")
+            logger.exception("Error registering agent")
             db.session.rollback()
 
         return session_token
@@ -244,7 +255,7 @@ def unregister_agent(self, socket_id: str, reason: str = 'disconnect'):
                     session.disconnect_reason = reason
                     db.session.commit()
             except Exception as e:
-                print(f"Error unregistering agent: {e}")
+                logger.exception("Error unregistering agent")
                 db.session.rollback()
 
     def get_agent(self, server_id: str) -> Optional[ConnectedAgent]:
@@ -272,27 +283,44 @@ def get_connected_servers(self) -> list:
 
     # ==================== Heartbeat ====================
 
-    def update_heartbeat(self, server_id: str, metrics: dict = None):
+    def update_heartbeat(self, server_id: str, metrics: dict = None, client_timestamp: int = None):
         """Update agent heartbeat and optionally store metrics"""
+        now = datetime.utcnow()
         with self._lock:
             agent = self._agents.get(server_id)
             if agent:
-                agent.last_heartbeat = datetime.utcnow()
+                agent.last_heartbeat = now
+
+        # Calculate heartbeat latency if client sent a timestamp
+        latency_ms = None
+        if client_timestamp:
+            now_ms = int(time.time() * 1000)
+            latency_ms = max(0, now_ms - client_timestamp)
 
         # Update server last_seen
         try:
             server = Server.query.get(server_id)
             if server:
-                server.last_seen = datetime.utcnow()
+                server.last_seen = now
                 if server.status != 'online':
                     server.status = 'online'
                 db.session.commit()
 
+            # Update session latency
+            if latency_ms is not None:
+                session = AgentSession.query.filter_by(
+                    server_id=server_id, is_active=True
+                ).first()
+                if session:
+                    session.last_heartbeat = now
+                    session.update_latency(latency_ms)
+                    db.session.commit()
+
             # Store metrics if provided
             if metrics:
                 self._store_metrics(server_id, metrics)
         except Exception as e:
-            print(f"Error updating heartbeat: {e}")
+            logger.exception("Error updating heartbeat")
             db.session.rollback()
 
     def _store_metrics(self, server_id: str, metrics: dict):
@@ -309,7 +337,7 @@ def _store_metrics(self, server_id: str, metrics: dict):
             db.session.add(metric)
             db.session.commit()
         except Exception as e:
-            print(f"Error storing metrics: {e}")
+            logger.exception("Error storing metrics")
             db.session.rollback()
 
     # ==================== Command Routing ====================
@@ -447,10 +475,17 @@ def handle_command_result(self, socket_id: str, result: dict):
         """Handle command result from agent"""
         agent = self.get_agent_by_socket(socket_id)
         if not agent:
+            logger.warning(f"Command result from unknown socket: {socket_id}")
             return
 
         command_id = result.get('command_id')
         if not command_id:
+            logger.warning(f"Command result missing command_id from agent: {agent.server_id}")
+            return
+
+        # Validate command_id format to prevent injection
+        if not isinstance(command_id, str) or len(command_id) > 64:
+            logger.warning(f"Invalid command_id format from agent: {agent.server_id}")
             return
 
         with self._lock:
@@ -494,7 +529,7 @@ def verify_agent_auth(
 
         # Check timestamp (allow 5 minute window)
         now = int(time.time() * 1000)
-        if abs(now - timestamp) > 300000:  # 5 minutes
+        if abs(now - timestamp) > 60000:  # 60 seconds
             if ip_address:
                 anomaly_detection_service.track_auth_attempt(None, False, ip_address)
             return None
@@ -550,6 +585,11 @@ def verify_agent_auth(
         if ip_address:
             anomaly_detection_service.track_auth_attempt(server.id, True, ip_address)
 
+        # TODO: Implement per-message session token validation. Currently, the session
+        # token is issued at auth time but not verified on each subsequent message.
+        # Full session-per-message validation requires protocol changes on both the
+        # agent (Go) and backend sides.
+
         return server
 
     # ==================== System Info ====================
@@ -572,7 +612,7 @@ def update_system_info(self, server_id: str, info: dict):
                 server.agent_version = info.get('agent_version', server.agent_version)
                 db.session.commit()
         except Exception as e:
-            print(f"Error updating system info: {e}")
+            logger.exception("Error updating system info")
             db.session.rollback()
 
 
diff --git a/backend/app/services/background_job_service.py b/backend/app/services/background_job_service.py
new file mode 100644
index 00000000..c5e932ae
--- /dev/null
+++ b/backend/app/services/background_job_service.py
@@ -0,0 +1,123 @@
+import logging
+import threading
+import queue
+import time
+from datetime import datetime
+from functools import wraps
+
+logger = logging.getLogger(__name__)
+
+
+class BackgroundJobService:
+    """Simple background job queue for long-running tasks."""
+
+    _queue = queue.Queue()
+    _workers = []
+    _results = {}
+    _lock = threading.Lock()
+    _running = False
+
+    @classmethod
+    def start(cls, app, num_workers=3):
+        """Start background worker threads."""
+        if cls._running:
+            return
+
+        cls._running = True
+
+        for i in range(num_workers):
+            t = threading.Thread(
+                target=cls._worker_loop,
+                args=(app,),
+                daemon=True,
+                name=f'bg-worker-{i}',
+            )
+            t.start()
+            cls._workers.append(t)
+
+        logger.info(f'Background job service started with {num_workers} workers')
+
+    @classmethod
+    def _worker_loop(cls, app):
+        while cls._running:
+            try:
+                job = cls._queue.get(timeout=1)
+            except queue.Empty:
+                continue
+
+            job_id = job['id']
+            with cls._lock:
+                cls._results[job_id] = {'status': 'running', 'started_at': datetime.utcnow().isoformat()}
+
+            try:
+                with app.app_context():
+                    result = job['func'](*job.get('args', ()), **job.get('kwargs', {}))
+                with cls._lock:
+                    cls._results[job_id] = {
+                        'status': 'completed',
+                        'result': result,
+                        'completed_at': datetime.utcnow().isoformat(),
+                    }
+            except Exception as e:
+                logger.error(f'Background job {job_id} failed: {e}')
+                with cls._lock:
+                    cls._results[job_id] = {
+                        'status': 'failed',
+                        'error': str(e),
+                        'completed_at': datetime.utcnow().isoformat(),
+                    }
+            finally:
+                cls._queue.task_done()
+
+    @classmethod
+    def enqueue(cls, func, *args, job_id=None, **kwargs):
+        """Add a job to the queue. Returns job_id."""
+        import uuid
+        job_id = job_id or str(uuid.uuid4())[:8]
+
+        with cls._lock:
+            cls._results[job_id] = {'status': 'queued', 'queued_at': datetime.utcnow().isoformat()}
+
+        cls._queue.put({
+            'id': job_id,
+            'func': func,
+            'args': args,
+            'kwargs': kwargs,
+        })
+
+        return job_id
+
+    @classmethod
+    def get_job_status(cls, job_id):
+        with cls._lock:
+            return cls._results.get(job_id)
+
+    @classmethod
+    def list_jobs(cls):
+        with cls._lock:
+            return dict(cls._results)
+
+    @classmethod
+    def cleanup_old(cls, max_age_seconds=3600):
+        """Remove completed/failed jobs older than max_age."""
+        now = datetime.utcnow()
+        with cls._lock:
+            to_remove = []
+            for jid, info in cls._results.items():
+                if info['status'] in ('completed', 'failed'):
+                    completed_at = info.get('completed_at')
+                    if completed_at:
+                        dt = datetime.fromisoformat(completed_at)
+                        if (now - dt).total_seconds() > max_age_seconds:
+                            to_remove.append(jid)
+            for jid in to_remove:
+                del cls._results[jid]
+
+    @classmethod
+    def get_queue_stats(cls):
+        return {
+            'queue_size': cls._queue.qsize(),
+            'workers': len(cls._workers),
+            'total_jobs': len(cls._results),
+            'running': cls._running,
+        }
diff --git a/backend/app/services/build_service.py b/backend/app/services/build_service.py
index 0ede960f..35a2cd4f 100644
--- a/backend/app/services/build_service.py
+++ b/backend/app/services/build_service.py
@@ -481,8 +481,7 @@ def build_with_custom_command(cls, app_id: int, app_path: str,
                 env.update(env_vars)
 
             process = subprocess.Popen(
-                build_cmd,
-                shell=True,
+                ['bash', '-c', build_cmd],
                 cwd=app_path,
                 env=env,
                 stdout=subprocess.PIPE,
diff --git a/backend/app/services/cache_service.py b/backend/app/services/cache_service.py
new file mode 100644
index 00000000..997ef1c2
--- /dev/null
+++ b/backend/app/services/cache_service.py
@@ -0,0 +1,140 @@
+import json
+import logging
+import time
+from functools import wraps
+
+logger = logging.getLogger(__name__)
+
+# In-memory cache fallback (used when Redis is not available)
+_memory_cache = {}
+_redis_client = None
+
+
+def _get_redis():
+    """Get Redis client, or None if unavailable."""
+    global _redis_client
+    if _redis_client is not None:
+        return _redis_client
+    try:
+        import redis
+        import os
+        url = os.environ.get('REDIS_URL', 'redis://localhost:6379/0')
+        _redis_client = redis.from_url(url, decode_responses=True, socket_timeout=2)
+        _redis_client.ping()
+        logger.info('Redis cache connected')
+        return _redis_client
+    except Exception:
+        _redis_client = None
+        return None
+
+
+class CacheService:
+    """Caching service with Redis backend and in-memory fallback."""
+
+    DEFAULT_TTL = 300  # 5 minutes
+
+    @staticmethod
+    def get(key):
+        r = _get_redis()
+        if r:
+            try:
+                val = r.get(f'sk:{key}')
+                return json.loads(val) if val else None
+            except Exception:
+                pass
+
+        entry = _memory_cache.get(key)
+        if entry and entry['expires'] > time.time():
+            return entry['value']
+        elif entry:
+            del _memory_cache[key]
+        return None
+
+    @staticmethod
+    def set(key, value, ttl=None):
+        ttl = ttl or CacheService.DEFAULT_TTL
+        r = _get_redis()
+        if r:
+            try:
+                r.setex(f'sk:{key}', ttl, json.dumps(value))
+                return
+            except Exception:
+                pass
+
+        _memory_cache[key] = {
+            'value': value,
+            'expires': time.time() + ttl,
+        }
+
+    @staticmethod
+    def delete(key):
+        r = _get_redis()
+        if r:
+            try:
+                r.delete(f'sk:{key}')
+            except Exception:
+                pass
+        _memory_cache.pop(key, None)
+
+    @staticmethod
+    def delete_pattern(pattern):
+        r = _get_redis()
+        if r:
+            try:
+                keys = r.keys(f'sk:{pattern}')
+                if keys:
+                    r.delete(*keys)
+            except Exception:
+                pass
+
+        to_delete = [k for k in _memory_cache if k.startswith(pattern.replace('*', ''))]
+        for k in to_delete:
+            del _memory_cache[k]
+
+    @staticmethod
+    def flush():
+        r = _get_redis()
+        if r:
+            try:
+                keys = r.keys('sk:*')
+                if keys:
+                    r.delete(*keys)
+            except Exception:
+                pass
+        _memory_cache.clear()
+
+    @staticmethod
+    def get_stats():
+        r = _get_redis()
+        if r:
+            try:
+                info = r.info('memory')
+                return {
+                    'backend': 'redis',
+                    'used_memory': info.get('used_memory_human'),
+                    'keys': r.dbsize(),
+                }
+            except Exception:
+                pass
+
+        return {
+            'backend': 'memory',
+            'keys': len(_memory_cache),
+            'used_memory': 'N/A',
+        }
+
+
+def cached(key_template, ttl=300):
+    """Decorator for caching function results."""
+    def decorator(func):
+        @wraps(func)
+        def wrapper(*args, **kwargs):
+            cache_key = key_template.format(*args, **kwargs)
+            result = CacheService.get(cache_key)
+            if result is not None:
+                return result
+            result = func(*args, **kwargs)
+            CacheService.set(cache_key, result, ttl)
+            return result
+        return wrapper
+    return decorator
diff --git a/backend/app/services/cloud_provisioning_service.py b/backend/app/services/cloud_provisioning_service.py
new file mode 100644
index 00000000..8b99593a
--- /dev/null
+++ b/backend/app/services/cloud_provisioning_service.py
@@ -0,0 +1,296 @@
+import logging
+from datetime import datetime
+from app import db
+from app.models.cloud_server import CloudProvider, CloudServer, CloudSnapshot
+
+logger = logging.getLogger(__name__)
+
+
+class CloudProvisioningService:
+    """Service for provisioning cloud servers via provider APIs."""
+
+    SUPPORTED_PROVIDERS = {
+        'digitalocean': {
+            'name': 'DigitalOcean',
+            'regions': ['nyc1', 'nyc3', 'sfo3', 'ams3', 'lon1', 'fra1', 'sgp1', 'blr1', 'tor1', 'syd1'],
+            'sizes': ['s-1vcpu-1gb', 's-1vcpu-2gb', 's-2vcpu-2gb', 's-2vcpu-4gb', 's-4vcpu-8gb', 's-8vcpu-16gb'],
+            'images': ['ubuntu-22-04-x64', 'ubuntu-24-04-x64', 'debian-12-x64', 'centos-stream-9-x64', 'rocky-9-x64'],
+        },
+        'hetzner': {
+            'name': 'Hetzner Cloud',
+            'regions': ['nbg1', 'fsn1', 'hel1', 'ash', 'hil'],
+            'sizes': ['cx22', 'cx32', 'cx42', 'cx52', 'cpx11', 'cpx21', 'cpx31'],
+            'images': ['ubuntu-22.04', 'ubuntu-24.04', 'debian-12', 'centos-stream-9', 'rocky-9'],
+        },
+        'vultr': {
+            'name': 'Vultr',
+            'regions': ['ewr', 'ord', 'dfw', 'sea', 'lax', 'atl', 'ams', 'lhr', 'fra', 'nrt', 'icn', 'sgp', 'syd'],
+            'sizes': ['vc2-1c-1gb', 'vc2-1c-2gb', 'vc2-2c-4gb', 'vc2-4c-8gb', 'vc2-6c-16gb'],
+            'images': ['Ubuntu 22.04', 'Ubuntu 24.04', 'Debian 12', 'CentOS Stream 9'],
+        },
+        'linode': {
+            'name': 'Linode (Akamai)',
+            'regions': ['us-east', 'us-central', 'us-west', 'eu-west', 'eu-central', 'ap-south', 'ap-northeast', 'ap-southeast'],
+            'sizes': ['g6-nanode-1', 'g6-standard-1', 'g6-standard-2', 'g6-standard-4', 'g6-standard-6'],
+            'images': ['linode/ubuntu22.04', 'linode/ubuntu24.04', 'linode/debian12'],
+        },
+    }
+
+    # --- Providers ---
+
+    @staticmethod
+    def list_providers():
+        return CloudProvider.query.filter_by(is_active=True).all()
+
+    @staticmethod
+    def get_provider(provider_id):
+        return CloudProvider.query.get(provider_id)
+
+    @staticmethod
+    def create_provider(data, user_id=None):
+        ptype = data.get('provider_type')
+        if ptype not in CloudProvisioningService.SUPPORTED_PROVIDERS:
+            raise ValueError(f'Unsupported provider: {ptype}')
+
+        provider = CloudProvider(
+            name=data.get('name', CloudProvisioningService.SUPPORTED_PROVIDERS[ptype]['name']),
+            provider_type=ptype,
+            api_key_encrypted=data.get('api_key', ''),
+            created_by=user_id,
+        )
+        db.session.add(provider)
+        db.session.commit()
+        return provider
+
+    @staticmethod
+    def delete_provider(provider_id):
+        provider = CloudProvider.query.get(provider_id)
+        if not provider:
+            return False
+        provider.is_active = False
+        db.session.commit()
+        return True
+
+    @staticmethod
+    def get_provider_options(provider_type):
+        return CloudProvisioningService.SUPPORTED_PROVIDERS.get(provider_type, {})
+
+    # --- Servers ---
+
+    @staticmethod
+    def list_servers(provider_id=None):
+        query = CloudServer.query.filter(CloudServer.status != CloudServer.STATUS_DESTROYED)
+        if provider_id:
+            query = query.filter_by(provider_id=provider_id)
+        return query.order_by(CloudServer.created_at.desc()).all()
+
+    @staticmethod
+    def get_server(server_id):
+        return CloudServer.query.get(server_id)
+
+    @staticmethod
+    def create_server(data, user_id=None):
+        """Provision a new cloud server."""
+        provider = CloudProvider.query.get(data['provider_id'])
+        if not provider:
+            raise ValueError('Provider not found')
+
+        server = CloudServer(
+            provider_id=provider.id,
+            name=data['name'],
+            region=data.get('region'),
+            size=data.get('size'),
+            image=data.get('image'),
+            ssh_key_id=data.get('ssh_key_id'),
+            created_by=user_id,
+        )
+        db.session.add(server)
+        db.session.commit()
+
+        # Call provider API to create server
+        try:
+            result = CloudProvisioningService._provider_create(provider, server, data)
+            server.external_id = result.get('id')
+            server.ip_address = result.get('ip_address')
+            server.ipv6_address = result.get('ipv6_address')
+            server.monthly_cost = result.get('monthly_cost', 0)
+            server.status = CloudServer.STATUS_ACTIVE
+            server.hostname = result.get('hostname', server.name)
+            db.session.commit()
+        except Exception as e:
+            server.status = CloudServer.STATUS_ERROR
+            server.server_metadata = {'error': str(e)}
+            db.session.commit()
+            raise
+
+        # Auto-install agent if requested
+        if data.get('install_agent') and server.ip_address:
+            try:
+                CloudProvisioningService._install_agent(server)
+                server.agent_installed = True
+                db.session.commit()
+            except Exception as e:
+                logger.warning(f'Agent install failed for {server.name}: {e}')
+
+        return server
+
+    @staticmethod
+    def destroy_server(server_id):
+        server = CloudServer.query.get(server_id)
+        if not server:
+            return False
+
+        try:
+            CloudProvisioningService._provider_destroy(server.provider, server)
+        except Exception as e:
+            logger.error(f'Provider destroy failed: {e}')
+
+        server.status = CloudServer.STATUS_DESTROYED
+        server.destroyed_at = datetime.utcnow()
+        db.session.commit()
+        return True
+
+    @staticmethod
+    def resize_server(server_id, new_size):
+        server = CloudServer.query.get(server_id)
+        if not server:
+            return None
+        try:
+            CloudProvisioningService._provider_resize(server.provider, server, new_size)
+            server.size = new_size
+            db.session.commit()
+            return server
+        except Exception as e:
+            raise ValueError(f'Resize failed: {e}')
+
+    # --- Snapshots ---
+
+    @staticmethod
+    def create_snapshot(server_id, name):
+        server = CloudServer.query.get(server_id)
+        if not server:
+            raise ValueError('Server not found')
+
+        snapshot = CloudSnapshot(
+            server_id=server_id,
+            name=name,
+        )
+        db.session.add(snapshot)
+        db.session.commit()
+
+        try:
+            result = CloudProvisioningService._provider_snapshot(server.provider, server, name)
+            snapshot.external_id = result.get('id')
+            snapshot.size_gb = result.get('size_gb')
+            snapshot.status = 'available'
+            db.session.commit()
+        except Exception as e:
+            snapshot.status = 'error'
+            db.session.commit()
+            raise
+
+        return snapshot
+
+    @staticmethod
+    def get_snapshots(server_id):
+        return CloudSnapshot.query.filter_by(server_id=server_id).order_by(CloudSnapshot.created_at.desc()).all()
+
+    @staticmethod
+    def delete_snapshot(snapshot_id):
+        snapshot = CloudSnapshot.query.get(snapshot_id)
+        if not snapshot:
+            return False
+        db.session.delete(snapshot)
+        db.session.commit()
+        return True
+
+    @staticmethod
+    def get_cost_summary():
+        """Get total monthly cost across all active servers."""
+        servers = CloudServer.query.filter(
+            CloudServer.status.in_([CloudServer.STATUS_ACTIVE, CloudServer.STATUS_OFF])
+        ).all()
+
+        by_provider = {}
+        total = 0
+        for s in servers:
+            key = s.provider.name if s.provider else 'Unknown'
+            by_provider.setdefault(key, {'count': 0, 'cost': 0})
+            by_provider[key]['count'] += 1
+            by_provider[key]['cost'] += s.monthly_cost or 0
+            total += s.monthly_cost or 0
+
+        return {
+            'total_monthly': round(total, 2),
+            'server_count': len(servers),
+            'by_provider': by_provider,
+        }
+
+    # --- Provider API calls ---
+
+    @staticmethod
+    def _provider_create(provider, server, data):
+        """Call provider API to create server. Returns dict with id, ip_address, etc."""
+        ptype = provider.provider_type
+
+        if ptype == 'digitalocean':
+            import requests
+            resp = requests.post('https://api.digitalocean.com/v2/droplets', json={
+                'name': server.name,
+                'region': server.region,
+                'size': server.size,
+                'image': server.image,
+                'ssh_keys': [data.get('ssh_key_id')] if data.get('ssh_key_id') else [],
+            }, headers={'Authorization': f'Bearer {provider.api_key_encrypted}'}, timeout=30)
+            resp.raise_for_status()
+            droplet = resp.json().get('droplet', {})
+            networks = droplet.get('networks', {})
+            ipv4 = next((n['ip_address'] for n in networks.get('v4', []) if n['type'] == 'public'), None)
+            return {
+                'id': str(droplet.get('id')),
+                'ip_address': ipv4,
+                'monthly_cost': droplet.get('size', {}).get('price_monthly', 0),
+            }
+
+        elif ptype == 'hetzner':
+            import requests
+            resp = requests.post('https://api.hetzner.cloud/v1/servers', json={
+                'name': server.name,
+                'server_type': server.size,
+                'image': server.image,
+                'location': server.region,
+            }, headers={'Authorization': f'Bearer {provider.api_key_encrypted}'}, timeout=30)
+            resp.raise_for_status()
+            srv = resp.json().get('server', {})
+            return {
+                'id': str(srv.get('id')),
+                'ip_address': srv.get('public_net', {}).get('ipv4', {}).get('ip'),
+            }
+
+        # Fallback for unsupported or mock
+        return {'id': 'mock-id', 'ip_address': '0.0.0.0'}
+
+    @staticmethod
+    def _provider_destroy(provider, server):
+        if not server.external_id:
+            return
+        ptype = provider.provider_type
+        if ptype == 'digitalocean':
+            import requests
+            requests.delete(
+                f'https://api.digitalocean.com/v2/droplets/{server.external_id}',
+                headers={'Authorization': f'Bearer {provider.api_key_encrypted}'}, timeout=30
+            )
+
+    @staticmethod
+    def _provider_resize(provider, server, new_size):
+        pass  # Provider-specific resize logic
+
+    @staticmethod
+    def _provider_snapshot(provider, server, name):
+        return {'id': 'snap-mock', 'size_gb': 0}
+
+    @staticmethod
+    def _install_agent(server):
+        """SSH into server and install the ServerKit agent."""
+        pass  # Would use paramiko or similar to SSH and run install script
diff --git a/backend/app/services/cron_service.py b/backend/app/services/cron_service.py
index 289210f1..c9ddfb84 100644
--- a/backend/app/services/cron_service.py
+++ b/backend/app/services/cron_service.py
@@ -7,6 +7,7 @@
 
 import os
 import re
+import shlex
 import subprocess
 import platform
 from typing import Dict, List, Optional
@@ -245,6 +246,20 @@ def _describe_schedule(cls, schedule: str) -> str:
 
         return ', '.join(descriptions) if descriptions else schedule
 
+    BLOCKED_PATTERNS = [';', '&&', '||', '|', '`', '$(', '>', '<', '\n', '\r']
+
+    @classmethod
+    def _validate_command(cls, command: str) -> bool:
+        """Validate cron command to prevent injection."""
+        for pattern in cls.BLOCKED_PATTERNS:
+            if pattern in command:
+                return False
+        # Require absolute paths
+        parts = shlex.split(command)
+        if parts and not parts[0].startswith('/'):
+            return False
+        return True
+
     @classmethod
     def add_job(cls, schedule: str, command: str, name: str = None,
                 description: str = None) -> Dict:
@@ -257,6 +272,9 @@ def add_job(cls, schedule: str, command: str, name: str = None,
         if not command or not command.strip():
             return {'success': False, 'error': 'Command cannot be empty'}
 
+        if not cls._validate_command(command):
+            return {'success': False, 'error': 'Invalid command: must use absolute paths and cannot contain shell operators (;, &&, ||, |, `, $())'}
+
         # Generate job ID
         job_id = f"job_{datetime.now().strftime('%Y%m%d%H%M%S')}"
 
@@ -594,8 +612,7 @@ def run_job_now(cls, job_id: str) -> Dict:
         try:
             # Run the command
             result = subprocess.run(
-                command,
-                shell=True,
+                ['bash', '-c', command],
                 capture_output=True,
                 text=True,
                 timeout=60
diff --git a/backend/app/services/database_service.py b/backend/app/services/database_service.py
index 23ab8d25..1cc64e3a 100644
--- a/backend/app/services/database_service.py
+++ b/backend/app/services/database_service.py
@@ -1,5 +1,6 @@
 import subprocess
 import os
+import re
 import secrets
 import string
 import json
@@ -8,8 +9,19 @@
 from app import paths
 
 
+def _validate_identifier(name: str, max_length: int = 64) -> bool:
+    """Validate database/user identifiers to prevent SQL injection."""
+    return bool(re.match(r'^[a-zA-Z0-9_$]{1,}$', name)) and len(name) <= max_length
+
+
 class DatabaseService:
-    """Service for managing MySQL/MariaDB and PostgreSQL databases."""
+    """Service for managing MySQL/MariaDB and PostgreSQL databases.
+
+    NOTE (L6): Subprocess timeout values in this service (typically 30s) should be
+    reviewed periodically to ensure they are appropriate. Shorter timeouts reduce
+    the window for resource exhaustion attacks, but may break legitimate long-running
+    operations like large database backups or restores.
+    """
 
     BACKUP_DIR = paths.DB_BACKUP_DIR
 
@@ -51,14 +63,77 @@ def mysql_execute(query, database=None, root_password=None):
         """Execute a MySQL query."""
         try:
             cmd = ['mysql', '-u', 'root']
-            if root_password:
-                cmd.extend([f'-p{root_password}'])
             if database:
                 cmd.extend(['-D', database])
             cmd.extend(['-e', query])
 
+            # Use MYSQL_PWD env var to avoid passing password on CLI
+            env = None
+            if root_password:
+                env = os.environ.copy()
+                env['MYSQL_PWD'] = root_password
+
             result = subprocess.run(
-                cmd, capture_output=True, text=True
+                cmd, capture_output=True, text=True, env=env
+            )
+            return {
+                'success': result.returncode == 0,
+                'output': result.stdout,
+                'error': result.stderr if result.returncode != 0 else None
+            }
+        except Exception as e:
+            return {'success': False, 'error': str(e)}
+
+    @staticmethod
+    def _mysql_execute_parameterized(query, params, database=None, root_password=None):
+        """Execute a MySQL query with parameterized values using mysql CLI.
+
+        Uses the mysql --execute flag with a prepared statement approach:
+        passes the query through stdin with proper escaping to avoid injection.
+
+        Args:
+            query: SQL query with %s placeholders
+            params: List of parameter values to substitute safely
+            database: Optional database name
+            root_password: Optional MySQL root password
+        """
+        try:
+            # Build the parameterized query using mysql's built-in escaping
+            # by passing values through a SET/EXECUTE pattern via stdin
+            cmd = ['mysql', '-u', 'root', '--batch', '-N']
+            if database:
+                cmd.extend(['-D', database])
+
+            # Use MYSQL_PWD env var to avoid passing password on CLI
+            env = None
+            if root_password:
+                env = os.environ.copy()
+                env['MYSQL_PWD'] = root_password
+
+            # Build a safe query using user-defined variables and EXECUTE
+            # For simple single-param queries, we use a quoted literal approach
+            # MySQL's cli doesn't support true parameterized queries, so we use
+            # hex-encoding for string safety
+            safe_params = []
+            for p in params:
+                if p is None:
+                    safe_params.append('NULL')
+                elif isinstance(p, (int, float)):
+                    safe_params.append(str(p))
+                else:
+                    # Hex-encode string values: 0x<hex> is safe from injection
+                    hex_val = p.encode('utf-8').hex()
+                    safe_params.append(f"0x{hex_val}")
+
+            # Replace %s placeholders with safe values
+            safe_query = query
+            for sp in safe_params:
+                safe_query = safe_query.replace('%s', sp, 1)
+
+            cmd.extend(['-e', safe_query])
+
+            result = subprocess.run(
+                cmd, capture_output=True, text=True, env=env
             )
             return {
                 'success': result.returncode == 0,
@@ -83,15 +158,16 @@ def mysql_list_databases(root_password=None):
         for line in result['output'].strip().split('\n')[1:]:
             db_name = line.strip()
             if db_name and db_name not in system_dbs:
-                # Get database size
-                size_result = DatabaseService.mysql_execute(
-                    f"SELECT SUM(data_length + index_length) as size FROM information_schema.tables WHERE table_schema = '{db_name}';",
-                    root_password=root_password
+                # Get database size using parameterized query via MySQL CLI
+                # Pass db_name as a separate argument to avoid SQL injection
+                size_query = "SELECT SUM(data_length + index_length) as size FROM information_schema.tables WHERE table_schema = %s;"
+                size_result = DatabaseService._mysql_execute_parameterized(
+                    size_query, [db_name], root_password=root_password
                 )
                 size = 0
                 if size_result['success']:
                     try:
-                        size_line = size_result['output'].strip().split('\n')[1]
+                        size_line = size_result['output'].strip().split('\n')[0]
                         size = int(size_line) if size_line and size_line != 'NULL' else 0
                     except (IndexError, ValueError):
                         pass
@@ -106,6 +182,12 @@ def mysql_list_databases(root_password=None):
     @staticmethod
     def mysql_create_database(name, charset='utf8mb4', collation='utf8mb4_unicode_ci', root_password=None):
         """Create a MySQL database."""
+        if not _validate_identifier(name):
+            return {'success': False, 'error': 'Invalid identifier: only alphanumeric characters and underscores allowed'}
+        if not _validate_identifier(charset):
+            return {'success': False, 'error': 'Invalid charset identifier'}
+        if not _validate_identifier(collation, max_length=128):
+            return {'success': False, 'error': 'Invalid collation identifier'}
         query = f"CREATE DATABASE IF NOT EXISTS `{name}` CHARACTER SET {charset} COLLATE {collation};"
         result = DatabaseService.mysql_execute(query, root_password=root_password)
         return result
@@ -113,6 +195,8 @@ def mysql_create_database(name, charset='utf8mb4', collation='utf8mb4_unicode_ci
     @staticmethod
     def mysql_drop_database(name, root_password=None):
         """Drop a MySQL database."""
+        if not _validate_identifier(name):
+            return {'success': False, 'error': 'Invalid identifier: only alphanumeric characters and underscores allowed'}
         query = f"DROP DATABASE IF EXISTS `{name}`;"
         result = DatabaseService.mysql_execute(query, root_password=root_password)
         return result
@@ -140,13 +224,51 @@ def mysql_list_users(root_password=None):
     @staticmethod
     def mysql_create_user(username, password, host='localhost', root_password=None):
         """Create a MySQL user."""
-        query = f"CREATE USER IF NOT EXISTS '{username}'@'{host}' IDENTIFIED BY '{password}';"
-        result = DatabaseService.mysql_execute(query, root_password=root_password)
-        return result
+        if not _validate_identifier(username):
+            return {'success': False, 'error': 'Invalid identifier: only alphanumeric characters and underscores allowed'}
+        if not _validate_identifier(host):
+            return {'success': False, 'error': 'Invalid host identifier'}
+        # Use hex-encoded password with UNHEX + QUOTE to safely pass the password
+        # without manual string escaping. Username and host are validated above.
+        try:
+            cmd = ['mysql', '-u', 'root']
+
+            env = None
+            if root_password:
+                env = os.environ.copy()
+                env['MYSQL_PWD'] = root_password
+
+            # Hex-encode the password so it never appears as a raw string in SQL.
+            # UNHEX converts it back to bytes, CAST converts to string, QUOTE wraps
+            # it safely for use in a dynamic SQL statement.
+            hex_pw = password.encode('utf-8').hex()
+            safe_stmt = (
+                f"SET @pw = UNHEX('{hex_pw}');\n"
+                f"SET @pw = CAST(@pw AS CHAR);\n"
+                f"SET @sql = CONCAT('CREATE USER IF NOT EXISTS ''{username}''@''{host}'' IDENTIFIED BY ', QUOTE(@pw));\n"
+                f"PREPARE stmt FROM @sql;\n"
+                f"EXECUTE stmt;\n"
+                f"DEALLOCATE PREPARE stmt;\n"
+            )
+
+            result = subprocess.run(
+                cmd, capture_output=True, text=True, input=safe_stmt, env=env
+            )
+            return {
+                'success': result.returncode == 0,
+                'output': result.stdout,
+                'error': result.stderr if result.returncode != 0 else None
+            }
+        except Exception as e:
+            return {'success': False, 'error': str(e)}
 
     @staticmethod
     def mysql_drop_user(username, host='localhost', root_password=None):
         """Drop a MySQL user."""
+        if not _validate_identifier(username):
+            return {'success': False, 'error': 'Invalid identifier: only alphanumeric characters and underscores allowed'}
+        if not _validate_identifier(host):
+            return {'success': False, 'error': 'Invalid host identifier'}
         query = f"DROP USER IF EXISTS '{username}'@'{host}';"
         result = DatabaseService.mysql_execute(query, root_password=root_password)
         return result
@@ -154,6 +276,12 @@ def mysql_drop_user(username, host='localhost', root_password=None):
     @staticmethod
     def mysql_grant_privileges(username, database, privileges='ALL', host='localhost', root_password=None):
         """Grant privileges to a MySQL user."""
+        if not _validate_identifier(username):
+            return {'success': False, 'error': 'Invalid identifier: only alphanumeric characters and underscores allowed'}
+        if not _validate_identifier(database):
+            return {'success': False, 'error': 'Invalid identifier: only alphanumeric characters and underscores allowed'}
+        if not _validate_identifier(host):
+            return {'success': False, 'error': 'Invalid host identifier'}
         query = f"GRANT {privileges} ON `{database}`.* TO '{username}'@'{host}'; FLUSH PRIVILEGES;"
         result = DatabaseService.mysql_execute(query, root_password=root_password)
         return result
@@ -161,6 +289,12 @@ def mysql_grant_privileges(username, database, privileges='ALL', host='localhost
     @staticmethod
     def mysql_revoke_privileges(username, database, privileges='ALL', host='localhost', root_password=None):
         """Revoke privileges from a MySQL user."""
+        if not _validate_identifier(username):
+            return {'success': False, 'error': 'Invalid identifier: only alphanumeric characters and underscores allowed'}
+        if not _validate_identifier(database):
+            return {'success': False, 'error': 'Invalid identifier: only alphanumeric characters and underscores allowed'}
+        if not _validate_identifier(host):
+            return {'success': False, 'error': 'Invalid host identifier'}
         query = f"REVOKE {privileges} ON `{database}`.* FROM '{username}'@'{host}'; FLUSH PRIVILEGES;"
         result = DatabaseService.mysql_execute(query, root_password=root_password)
         return result
@@ -168,6 +302,10 @@ def mysql_revoke_privileges(username, database, privileges='ALL', host='localhos
     @staticmethod
     def mysql_get_user_privileges(username, host='localhost', root_password=None):
         """Get privileges for a MySQL user."""
+        if not _validate_identifier(username):
+            return []
+        if not _validate_identifier(host):
+            return []
         result = DatabaseService.mysql_execute(
             f"SHOW GRANTS FOR '{username}'@'{host}';",
             root_password=root_password
@@ -194,13 +332,17 @@ def mysql_backup(database, output_path=None, root_password=None):
 
         try:
             cmd = ['mysqldump', '-u', 'root']
-            if root_password:
-                cmd.append(f'-p{root_password}')
             cmd.append(database)
 
+            # Use MYSQL_PWD env var to avoid passing password on CLI
+            env = None
+            if root_password:
+                env = os.environ.copy()
+                env['MYSQL_PWD'] = root_password
+
             # Pipe through gzip
             with open(output_path, 'wb') as f:
-                dump = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+                dump = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env)
                 gzip = subprocess.Popen(['gzip'], stdin=dump.stdout, stdout=f, stderr=subprocess.PIPE)
                 dump.stdout.close()
                 gzip.communicate()
@@ -224,14 +366,18 @@ def mysql_restore(database, backup_path, root_password=None):
 
         try:
             cmd = ['mysql', '-u', 'root']
-            if root_password:
-                cmd.append(f'-p{root_password}')
             cmd.append(database)
 
+            # Use MYSQL_PWD env var to avoid passing password on CLI
+            env = None
+            if root_password:
+                env = os.environ.copy()
+                env['MYSQL_PWD'] = root_password
+
             if backup_path.endswith('.gz'):
                 # Decompress and restore
                 gunzip = subprocess.Popen(['gunzip', '-c', backup_path], stdout=subprocess.PIPE)
-                restore = subprocess.Popen(cmd, stdin=gunzip.stdout, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+                restore = subprocess.Popen(cmd, stdin=gunzip.stdout, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env)
                 gunzip.stdout.close()
                 _, stderr = restore.communicate()
 
@@ -239,7 +385,7 @@ def mysql_restore(database, backup_path, root_password=None):
                     return {'success': False, 'error': stderr.decode()}
             else:
                 with open(backup_path, 'r') as f:
-                    result = subprocess.run(cmd, stdin=f, capture_output=True, text=True)
+                    result = subprocess.run(cmd, stdin=f, capture_output=True, text=True, env=env)
                     if result.returncode != 0:
                         return {'success': False, 'error': result.stderr}
 
@@ -367,10 +513,20 @@ def pg_create_database(name, owner=None, encoding='UTF8'):
     @staticmethod
     def pg_drop_database(name):
         """Drop a PostgreSQL database."""
-        # Terminate connections first
-        DatabaseService.pg_execute(
-            f"SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE datname = '{name}';"
-        )
+        if not _validate_identifier(name):
+            return {'success': False, 'error': 'Invalid identifier: only alphanumeric characters and underscores allowed'}
+        # Terminate connections first using psql variable binding to prevent injection
+        try:
+            cmd = [
+                'sudo', '-u', 'postgres', 'psql', '-d', 'postgres',
+                '-v', f'dbname={name}',
+                '-c', "SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE datname = :'dbname';",
+                '-t', '-A'
+            ]
+            subprocess.run(cmd, capture_output=True, text=True)
+        except Exception:
+            pass
+        # Name is validated above, safe to use in identifier position
         result = DatabaseService.pg_execute(f'DROP DATABASE IF EXISTS "{name}";')
         return result
 
@@ -555,8 +711,12 @@ def mysql_execute_query(database, query, readonly=True, root_password=None, time
 
             # Build mysql command with JSON output format
             cmd = ['mysql', '-u', 'root']
+
+            # Use MYSQL_PWD env var to avoid passing password on CLI
+            env = None
             if root_password:
-                cmd.extend([f'-p{root_password}'])
+                env = os.environ.copy()
+                env['MYSQL_PWD'] = root_password
             cmd.extend([
                 '-D', database,
                 '-e', query,
@@ -570,7 +730,8 @@ def mysql_execute_query(database, query, readonly=True, root_password=None, time
                 cmd,
                 capture_output=True,
                 text=True,
-                timeout=timeout
+                timeout=timeout,
+                env=env
             )
 
             execution_time = time.time() - start_time
@@ -1038,10 +1199,13 @@ def list_docker_mysql_containers():
     def docker_mysql_execute(container_name, query, database=None, user='root', password=None):
         """Execute a MySQL query inside a Docker container."""
         try:
-            cmd = ['docker', 'exec', container_name, 'mysql', '-u', user]
+            cmd = ['docker', 'exec']
 
+            # Use MYSQL_PWD env var to avoid passing password on CLI
             if password:
-                cmd.append(f'-p{password}')
+                cmd.extend(['-e', f'MYSQL_PWD={password}'])
+
+            cmd.extend([container_name, 'mysql', '-u', user])
 
             if database:
                 cmd.extend(['-D', database])
@@ -1137,9 +1301,11 @@ def docker_mysql_execute_query(container_name, database, query, user='root', pas
         try:
             start_time = time.time()
 
-            cmd = ['docker', 'exec', container_name, 'mysql', '-u', user]
+            cmd = ['docker', 'exec']
+            # Use MYSQL_PWD env var to avoid passing password on CLI
             if password:
-                cmd.append(f'-p{password}')
+                cmd.extend(['-e', f'MYSQL_PWD={password}'])
+            cmd.extend([container_name, 'mysql', '-u', user])
             cmd.extend([
                 '-D', database,
                 '-e', query,
diff --git a/backend/app/services/discovery_service.py b/backend/app/services/discovery_service.py
new file mode 100644
index 00000000..0966225e
--- /dev/null
+++ b/backend/app/services/discovery_service.py
@@ -0,0 +1,146 @@
+"""
+Discovery Service
+
+Handles auto-discovery of new servers on the local network.
+Uses UDP broadcast to find agents.
+"""
+
+import socket
+import json
+import hmac
+import hashlib
+import threading
+import time
+import logging
+from datetime import datetime
+from typing import List, Dict, Optional
+
+from app import db
+from app.models.server import Server
+
+logger = logging.getLogger(__name__)
+
+
+class DiscoveryService:
+    """
+    Service for discovering new servers/agents on the network.
+    """
+
+    # Maximum allowed age for discovery responses (seconds)
+    MAX_RESPONSE_AGE = 30
+
+    def __init__(self, port=9000, secret_key: Optional[str] = None):
+        self.port = port
+        self.secret_key = secret_key
+        self._discovered_agents = {}  # agent_id -> info
+        self._is_scanning = False
+        self._lock = threading.Lock()
+
+    def _sign_discovery_request(self, request_data: dict, secret_key: str) -> dict:
+        """Sign a discovery request with HMAC."""
+        request_data['timestamp'] = int(time.time() * 1000)
+        message = json.dumps(request_data, sort_keys=True)
+        signature = hmac.new(secret_key.encode(), message.encode(), hashlib.sha256).hexdigest()
+        request_data['signature'] = signature
+        return request_data
+
+    def start_scan(self, duration=10) -> List[Dict]:
+        """
+        Start a network scan for agents.
+        """
+        if self._is_scanning:
+            return list(self._discovered_agents.values())
+
+        self._is_scanning = True
+        self._discovered_agents = {}
+        
+        # Start listening thread
+        listen_thread = threading.Thread(target=self._listen_for_responses, daemon=True)
+        listen_thread.start()
+        
+        # Send broadcast requests
+        self._send_broadcast_request()
+        
+        # Wait for duration
+        time.sleep(duration)
+        
+        self._is_scanning = False
+        return list(self._discovered_agents.values())
+
+    def _send_broadcast_request(self):
+        """Send UDP broadcast request to discover agents"""
+        try:
+            sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+            sock.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
+            sock.settimeout(2)
+            
+            request_data = {
+                'type': 'discovery_request',
+                'timestamp': int(time.time() * 1000)
+            }
+
+            # Sign the request if a shared secret is configured
+            if self.secret_key:
+                request_data = self._sign_discovery_request(request_data, self.secret_key)
+
+            message = json.dumps(request_data)
+
+            # Broadcast to common local networks
+            sock.sendto(message.encode(), ('255.255.255.255', self.port))
+            sock.close()
+        except Exception as e:
+            logger.error(f"Error sending discovery broadcast: {e}")
+
+    def _listen_for_responses(self):
+        """Listen for UDP discovery responses from agents"""
+        try:
+            sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+            sock.bind(('', self.port + 1))  # Listen on port + 1
+            sock.settimeout(1)
+            
+            start_time = time.time()
+            while self._is_scanning:
+                try:
+                    data, addr = sock.recvfrom(4096)
+                    try:
+                        info = json.loads(data.decode())
+                        if info.get('type') == 'discovery':
+                            # Validate timestamp to prevent replay attacks
+                            response_ts = info.get('timestamp')
+                            if response_ts:
+                                age_seconds = abs(time.time() * 1000 - response_ts) / 1000
+                                if age_seconds > self.MAX_RESPONSE_AGE:
+                                    logger.warning(f"Stale discovery response from {addr[0]} (age: {age_seconds:.0f}s), ignoring")
+                                    continue
+
+                            agent_id = info.get('agent_id')
+                            if agent_id:
+                                # Add IP address from sender
+                                info['ip_address'] = addr[0]
+
+                                # Check if already registered
+                                server = Server.query.filter_by(agent_id=agent_id).first()
+                                info['is_registered'] = server is not None
+                                if server:
+                                    info['server_name'] = server.name
+                                    info['server_id'] = server.id
+
+                                with self._lock:
+                                    self._discovered_agents[agent_id] = info
+                            else:
+                                logger.warning(f"Discovery response from {addr[0]} missing agent_id")
+                    except Exception as e:
+                        logger.error(f"Error parsing discovery response: {e}")
+                except socket.timeout:
+                    continue
+            sock.close()
+        except Exception as e:
+            logger.error(f"Error in discovery listener: {e}")
+
+    def get_discovered_agents(self) -> List[Dict]:
+        """Get currently discovered agents"""
+        with self._lock:
+            return list(self._discovered_agents.values())
+
+
+discovery_service = DiscoveryService()
diff --git a/backend/app/services/dns_zone_service.py b/backend/app/services/dns_zone_service.py
new file mode 100644
index 00000000..b7a8f747
--- /dev/null
+++ b/backend/app/services/dns_zone_service.py
@@ -0,0 +1,306 @@
+import json
+import logging
+from datetime import datetime
+from app import db
+from app.models.dns_zone import DNSZone, DNSRecord
+
+logger = logging.getLogger(__name__)
+
+
+class DNSZoneService:
+    """Service for DNS zone and record management."""
+
+    RECORD_TYPES = ['A', 'AAAA', 'CNAME', 'MX', 'TXT', 'SRV', 'CAA', 'NS']
+
+    DNS_PRESETS = {
+        'web-hosting': {
+            'label': 'Standard Web Hosting',
+            'records': [
+                {'record_type': 'A', 'name': '@', 'content': '{{server_ip}}', 'ttl': 3600},
+                {'record_type': 'A', 'name': 'www', 'content': '{{server_ip}}', 'ttl': 3600},
+                {'record_type': 'CNAME', 'name': 'mail', 'content': '{{domain}}', 'ttl': 3600},
+            ],
+        },
+        'email-hosting': {
+            'label': 'Email Hosting',
+            'records': [
+                {'record_type': 'MX', 'name': '@', 'content': 'mail.{{domain}}', 'priority': 10, 'ttl': 3600},
+                {'record_type': 'TXT', 'name': '@', 'content': 'v=spf1 mx -all', 'ttl': 3600},
+                {'record_type': 'TXT', 'name': '_dmarc', 'content': 'v=DMARC1; p=quarantine; rua=mailto:dmarc@{{domain}}', 'ttl': 3600},
+            ],
+        },
+    }
+
+    @staticmethod
+    def list_zones():
+        return DNSZone.query.order_by(DNSZone.domain).all()
+
+    @staticmethod
+    def get_zone(zone_id):
+        return DNSZone.query.get(zone_id)
+
+    @staticmethod
+    def create_zone(data):
+        domain = data.get('domain', '').strip().lower()
+        if not domain:
+            raise ValueError('Domain required')
+        if DNSZone.query.filter_by(domain=domain).first():
+            raise ValueError(f'Zone for {domain} already exists')
+
+        zone = DNSZone(
+            domain=domain,
+            provider=data.get('provider', 'manual'),
+            provider_zone_id=data.get('provider_zone_id'),
+        )
+        if data.get('provider_config'):
+            zone.provider_config = data['provider_config']
+
+        db.session.add(zone)
+        db.session.commit()
+        return zone
+
+    @staticmethod
+    def delete_zone(zone_id):
+        zone = DNSZone.query.get(zone_id)
+        if not zone:
+            return False
+        db.session.delete(zone)
+        db.session.commit()
+        return True
+
+    # --- Records ---
+
+    @staticmethod
+    def get_records(zone_id):
+        return DNSRecord.query.filter_by(zone_id=zone_id).order_by(
+            DNSRecord.record_type, DNSRecord.name
+        ).all()
+
+    @staticmethod
+    def create_record(zone_id, data):
+        zone = DNSZone.query.get(zone_id)
+        if not zone:
+            raise ValueError('Zone not found')
+
+        record_type = data.get('record_type', '').upper()
+        if record_type not in DNSZoneService.RECORD_TYPES:
+            raise ValueError(f'Invalid record type: {record_type}')
+
+        record = DNSRecord(
+            zone_id=zone_id,
+            record_type=record_type,
+            name=data.get('name', '@'),
+            content=data.get('content', ''),
+            ttl=data.get('ttl', 3600),
+            priority=data.get('priority'),
+            proxied=data.get('proxied', False),
+        )
+        db.session.add(record)
+        db.session.commit()
+
+        # Sync to provider if configured
+        if zone.provider != 'manual':
+            DNSZoneService._sync_record_to_provider(zone, record, 'create')
+
+        return record
+
+    @staticmethod
+    def update_record(record_id, data):
+        record = DNSRecord.query.get(record_id)
+        if not record:
+            return None
+        for field in ['name', 'content', 'ttl', 'priority', 'proxied']:
+            if field in data:
+                setattr(record, field, data[field])
+        db.session.commit()
+
+        zone = record.zone
+        if zone.provider != 'manual':
+            DNSZoneService._sync_record_to_provider(zone, record, 'update')
+
+        return record
+
+    @staticmethod
+    def delete_record(record_id):
+        record = DNSRecord.query.get(record_id)
+        if not record:
+            return False
+        zone = record.zone
+        if zone.provider != 'manual' and record.provider_record_id:
+            DNSZoneService._sync_record_to_provider(zone, record, 'delete')
+        db.session.delete(record)
+        db.session.commit()
+        return True
+
+    @staticmethod
+    def apply_preset(zone_id, preset_key, variables=None):
+        if preset_key not in DNSZoneService.DNS_PRESETS:
+            raise ValueError(f'Unknown preset: {preset_key}')
+
+        zone = DNSZone.query.get(zone_id)
+        if not zone:
+            raise ValueError('Zone not found')
+
+        preset = DNSZoneService.DNS_PRESETS[preset_key]
+        variables = variables or {}
+        variables.setdefault('domain', zone.domain)
+
+        records = []
+        for rec_data in preset['records']:
+            data = dict(rec_data)
+            for field in ['name', 'content']:
+                for var_name, var_val in variables.items():
+                    data[field] = data[field].replace('{{' + var_name + '}}', var_val)
+            record = DNSZoneService.create_record(zone_id, data)
+            records.append(record)
+
+        return records
+
+    @staticmethod
+    def check_propagation(domain, record_type='A'):
+        """Check DNS propagation across multiple nameservers."""
+        import socket
+
+        nameservers = [
+            ('Google', '8.8.8.8'),
+            ('Cloudflare', '1.1.1.1'),
+            ('OpenDNS', '208.67.222.222'),
+            ('Quad9', '9.9.9.9'),
+        ]
+
+        results = []
+        for ns_name, ns_ip in nameservers:
+            try:
+                from app.utils.system import run_command
+                result = run_command(['dig', f'@{ns_ip}', domain, record_type, '+short'], timeout=5)
+                stdout = result.get('stdout', '').strip()
+                results.append({
+                    'nameserver': ns_name,
+                    'ip': ns_ip,
+                    'result': stdout.split('\n') if stdout else [],
+                    'propagated': bool(stdout),
+                })
+            except Exception:
+                results.append({
+                    'nameserver': ns_name,
+                    'ip': ns_ip,
+                    'result': [],
+                    'propagated': False,
+                    'error': 'Query failed',
+                })
+
+        return results
+
+    @staticmethod
+    def export_zone(zone_id):
+        """Export zone in BIND format."""
+        zone = DNSZone.query.get(zone_id)
+        if not zone:
+            return None
+
+        records = DNSZoneService.get_records(zone_id)
+        lines = [f'; Zone file for {zone.domain}', f'$ORIGIN {zone.domain}.', f'$TTL 3600', '']
+
+        for rec in records:
+            name = rec.name if rec.name != '@' else zone.domain + '.'
+            if rec.record_type == 'MX':
+                lines.append(f'{name}\t{rec.ttl}\tIN\t{rec.record_type}\t{rec.priority or 10}\t{rec.content}')
+            elif rec.record_type == 'SRV':
+                lines.append(f'{name}\t{rec.ttl}\tIN\t{rec.record_type}\t{rec.priority or 0}\t{rec.content}')
+            else:
+                lines.append(f'{name}\t{rec.ttl}\tIN\t{rec.record_type}\t{rec.content}')
+
+        return '\n'.join(lines)
+
+    @staticmethod
+    def import_zone(zone_id, bind_content):
+        """Import records from BIND zone file format."""
+        zone = DNSZone.query.get(zone_id)
+        if not zone:
+            raise ValueError('Zone not found')
+
+        records_created = []
+        for line in bind_content.strip().split('\n'):
+            line = line.strip()
+            if not line or line.startswith(';') or line.startswith('$'):
+                continue
+            parts = line.split()
+            if len(parts) < 4:
+                continue
+            # Try to parse: name ttl IN type content
+            try:
+                if parts[2] == 'IN':
+                    name = parts[0].rstrip('.')
+                    ttl = int(parts[1])
+                    rtype = parts[3]
+                    content = ' '.join(parts[4:])
+                    if name == zone.domain:
+                        name = '@'
+                    record = DNSZoneService.create_record(zone_id, {
+                        'record_type': rtype, 'name': name,
+                        'content': content, 'ttl': ttl,
+                    })
+                    records_created.append(record)
+            except (ValueError, IndexError):
+                continue
+
+        return records_created
+
+    @staticmethod
+    def get_presets():
+        return DNSZoneService.DNS_PRESETS
+
+    @staticmethod
+    def _sync_record_to_provider(zone, record, action):
+        """Sync a DNS record change to the configured provider."""
+        provider = zone.provider
+        config = zone.provider_config
+
+        try:
+            if provider == 'cloudflare':
+                DNSZoneService._cloudflare_sync(zone, record, action, config)
+        except Exception as e:
+            logger.error(f'DNS provider sync failed: {e}')
+
+    @staticmethod
+    def _cloudflare_sync(zone, record, action, config):
+        """Sync record to Cloudflare API."""
+        import requests
+
+        api_token = config.get('api_token')
+        if not api_token:
+            return
+
+        headers = {'Authorization': f'Bearer {api_token}', 'Content-Type': 'application/json'}
+        base_url = f'https://api.cloudflare.com/client/v4/zones/{zone.provider_zone_id}/dns_records'
+
+        if action == 'create':
+            payload = {
+                'type': record.record_type,
+                'name': record.name,
+                'content': record.content,
+                'ttl': record.ttl,
+                'proxied': record.proxied,
+            }
+            if record.priority is not None:
+                payload['priority'] = record.priority
+            resp = requests.post(base_url, json=payload, headers=headers, timeout=10)
+            if resp.ok:
+                data = resp.json()
+                record.provider_record_id = data.get('result', {}).get('id')
+                db.session.commit()
+
+        elif action == 'update' and record.provider_record_id:
+            url = f'{base_url}/{record.provider_record_id}'
+            payload = {
+                'type': record.record_type,
+                'name': record.name,
+                'content': record.content,
+                'ttl': record.ttl,
+                'proxied': record.proxied,
+            }
+            requests.put(url, json=payload, headers=headers, timeout=10)
+
+        elif action == 'delete' and record.provider_record_id:
+            url = f'{base_url}/{record.provider_record_id}'
+            requests.delete(url, headers=headers, timeout=10)
diff --git a/backend/app/services/docker_service.py b/backend/app/services/docker_service.py
index b478db0c..edad776c 100644
--- a/backend/app/services/docker_service.py
+++ b/backend/app/services/docker_service.py
@@ -1,9 +1,13 @@
+import logging
 import subprocess
 import json
 import os
+import shlex
 import yaml
 from datetime import datetime
 
+logger = logging.getLogger(__name__)
+
 
 class DockerService:
     """Service for managing Docker containers, images, and compose stacks."""
@@ -23,8 +27,8 @@ def _get_compose_cmd(cls):
             if result.returncode == 0:
                 cls._compose_cmd = ['docker', 'compose']
                 return cls._compose_cmd
-        except Exception:
-            pass
+        except Exception as e:
+            logger.error(f"Failed to detect docker compose v2: {e}")
         # Fallback to docker-compose (v1)
         cls._compose_cmd = ['docker-compose']
         return cls._compose_cmd
@@ -56,7 +60,8 @@ def get_docker_info():
             if result.returncode == 0:
                 return json.loads(result.stdout)
             return None
-        except Exception:
+        except Exception as e:
+            logger.error(f"Failed to get Docker info: {e}")
             return None
 
     # ==================== CONTAINER MANAGEMENT ====================
@@ -89,6 +94,7 @@ def list_containers(all_containers=True):
                     })
             return containers
         except Exception as e:
+            logger.error(f"Failed to list containers: {e}")
             return []
 
     @staticmethod
@@ -104,7 +110,8 @@ def get_container(container_id):
                 if data:
                     return data[0]
             return None
-        except Exception:
+        except Exception as e:
+            logger.error(f"Failed to inspect container {container_id}: {e}")
             return None
 
     @staticmethod
@@ -138,7 +145,7 @@ def create_container(image, name=None, ports=None, volumes=None, env=None,
             cmd.append(image)
 
             if command:
-                cmd.extend(command.split())
+                cmd.extend(shlex.split(command))
 
             result = subprocess.run(cmd, capture_output=True, text=True)
 
@@ -183,7 +190,7 @@ def run_container(image, name=None, ports=None, volumes=None, env=None,
             cmd.append(image)
 
             if command:
-                cmd.extend(command.split())
+                cmd.extend(shlex.split(command))
 
             result = subprocess.run(cmd, capture_output=True, text=True)
 
@@ -217,6 +224,13 @@ def stop_container(container_id, timeout=10):
                 capture_output=True, text=True
             )
             if result.returncode == 0:
+                try:
+                    from app.services.workflow_engine import WorkflowEventBus
+                    WorkflowEventBus.emit('app_stopped', {
+                        'container_id': container_id
+                    })
+                except Exception as e:
+                    logger.error(f"Failed to emit app_stopped event: {e}")
                 return {'success': True}
             return {'success': False, 'error': result.stderr}
         except Exception as e:
@@ -305,7 +319,8 @@ def stream_container_logs(container_id, tail=100, since=None, timestamps=True):
                 bufsize=1
             )
             return process
-        except Exception:
+        except Exception as e:
+            logger.error(f"Failed to start log stream for container {container_id}: {e}")
             return None
 
     @staticmethod
@@ -470,7 +485,8 @@ def get_container_stats(container_id):
             if result.returncode == 0 and result.stdout.strip():
                 return json.loads(result.stdout.strip())
             return None
-        except Exception:
+        except Exception as e:
+            logger.error(f"Failed to get stats for container {container_id}: {e}")
             return None
 
     @staticmethod
@@ -483,7 +499,7 @@ def exec_command(container_id, command, interactive=False, tty=False):
             if tty:
                 cmd.append('-t')
             cmd.append(container_id)
-            cmd.extend(command.split())
+            cmd.extend(shlex.split(command))
 
             result = subprocess.run(cmd, capture_output=True, text=True, timeout=60)
             return {
@@ -522,7 +538,8 @@ def list_images():
                         'created': image.get('CreatedAt'),
                     })
             return images
-        except Exception:
+        except Exception as e:
+            logger.error(f"Failed to list images: {e}")
             return []
 
     @staticmethod
@@ -612,7 +629,8 @@ def list_networks():
                         'scope': network.get('Scope'),
                     })
             return networks
-        except Exception:
+        except Exception as e:
+            logger.error(f"Failed to list networks: {e}")
             return []
 
     @staticmethod
@@ -666,7 +684,8 @@ def list_volumes():
                         'mountpoint': volume.get('Mountpoint'),
                     })
             return volumes
-        except Exception:
+        except Exception as e:
+            logger.error(f"Failed to list volumes: {e}")
             return []
 
     @staticmethod
@@ -779,7 +798,8 @@ def compose_ps(cls, project_path):
                         continue
                 return containers
             return []
-        except Exception:
+        except Exception as e:
+            logger.error(f"Failed to list compose services: {e}")
             return []
 
     @classmethod
@@ -899,7 +919,8 @@ def get_disk_usage():
                 if line:
                     usage.append(json.loads(line))
             return usage
-        except Exception:
+        except Exception as e:
+            logger.error(f"Failed to get Docker disk usage: {e}")
             return []
 
     @staticmethod
diff --git a/backend/app/services/environment_health_service.py b/backend/app/services/environment_health_service.py
index 6398c403..8fcdc6d4 100644
--- a/backend/app/services/environment_health_service.py
+++ b/backend/app/services/environment_health_service.py
@@ -90,6 +90,18 @@ def check_health(cls, site_id: int) -> Dict:
         site.last_health_check = datetime.utcnow()
         db.session.commit()
 
+        # Emit event for workflow triggers on unhealthy status
+        if overall in ('unhealthy', 'degraded'):
+            try:
+                from app.services.workflow_engine import WorkflowEventBus
+                WorkflowEventBus.emit('health_check_failed', {
+                    'site_id': site_id,
+                    'overall_status': overall,
+                    'checks': checks
+                })
+            except Exception:
+                pass
+
         return {
             'success': True,
             'site_id': site_id,
diff --git a/backend/app/services/file_service.py b/backend/app/services/file_service.py
index ab02a7fc..82fc0f7f 100644
--- a/backend/app/services/file_service.py
+++ b/backend/app/services/file_service.py
@@ -299,8 +299,13 @@ def rename(cls, old_path: str, new_name: str) -> Dict:
         if not os.path.exists(old_path):
             return {'success': False, 'error': 'Path not found'}
 
+        # Validate new_name has no path separators
+        if '/' in new_name or '\\' in new_name or '..' in new_name:
+            return {'success': False, 'error': 'Invalid filename: path separators not allowed'}
+
         new_path = os.path.join(os.path.dirname(old_path), new_name)
 
+        # Re-validate the constructed path
         if not cls.is_path_allowed(new_path):
             return {'success': False, 'error': 'Access denied: target path not allowed'}
 
@@ -370,6 +375,9 @@ def change_permissions(cls, path: str, mode: str) -> Dict:
         try:
             # Convert octal string to int
             mode_int = int(mode, 8)
+            # Validate permission mode
+            if mode_int < 0o000 or mode_int > 0o777:
+                return {'success': False, 'error': 'Invalid permission mode. Must be between 000 and 777.'}
             os.chmod(path, mode_int)
             return {'success': True, 'path': path, 'mode': mode}
         except ValueError:
diff --git a/backend/app/services/fleet_monitor_service.py b/backend/app/services/fleet_monitor_service.py
new file mode 100644
index 00000000..3dd134a0
--- /dev/null
+++ b/backend/app/services/fleet_monitor_service.py
@@ -0,0 +1,613 @@
+"""
+Fleet Monitor Service
+
+Provides fleet-wide monitoring: heatmap, comparison charts, alert thresholds,
+anomaly detection, capacity forecasting, fleet search, and metrics export.
+"""
+
+import io
+import csv
+import math
+import logging
+from datetime import datetime, timedelta
+from typing import List, Dict, Optional, Any
+
+from sqlalchemy import func, and_
+
+from app import db
+from app.models.server import Server, ServerMetrics, ServerGroup
+from app.models.metric_alert import ServerAlertThreshold, MetricAlert
+from app.services.agent_registry import agent_registry
+
+logger = logging.getLogger(__name__)
+
+METRIC_COLUMNS = {
+    'cpu': 'cpu_percent',
+    'memory': 'memory_percent',
+    'disk': 'disk_percent',
+    'network_rx': 'network_rx_rate',
+    'network_tx': 'network_tx_rate',
+}
+
+
+class FleetMonitorService:
+    """Service for fleet-wide monitoring and alerting."""
+
+    # ==================== Fleet Heatmap ====================
+
+    @staticmethod
+    def get_fleet_heatmap(group_id: str = None) -> List[Dict]:
+        """Get latest metrics for all servers, shaped for heatmap display."""
+        query = Server.query
+        if group_id:
+            query = query.filter_by(group_id=group_id)
+
+        servers = query.all()
+        result = []
+
+        for server in servers:
+            latest = ServerMetrics.query.filter_by(
+                server_id=server.id
+            ).order_by(ServerMetrics.timestamp.desc()).first()
+
+            result.append({
+                'id': server.id,
+                'name': server.name,
+                'status': server.status,
+                'group_id': server.group_id,
+                'group_name': server.group.name if server.group else None,
+                'cpu': round(latest.cpu_percent, 1) if latest and latest.cpu_percent is not None else None,
+                'memory': round(latest.memory_percent, 1) if latest and latest.memory_percent is not None else None,
+                'disk': round(latest.disk_percent, 1) if latest and latest.disk_percent is not None else None,
+                'containers': latest.container_running if latest else None,
+                'last_update': latest.timestamp.isoformat() if latest else None,
+            })
+
+        return result
+
+    # ==================== Comparison Timeseries ====================
+
+    @staticmethod
+    def get_comparison_timeseries(
+        server_ids: List[str], metric: str = 'cpu', period: str = '24h'
+    ) -> Dict:
+        """Get time-series data for multiple servers for overlay charting."""
+        hours_back = {'1h': 1, '6h': 6, '24h': 24, '7d': 168, '30d': 720}.get(period, 24)
+        interval = {'1h': 1, '6h': 5, '24h': 15, '7d': 60, '30d': 360}.get(period, 15)
+        cutoff = datetime.utcnow() - timedelta(hours=hours_back)
+        col_name = METRIC_COLUMNS.get(metric, 'cpu_percent')
+
+        series = []
+        for server_id in server_ids:
+            server = Server.query.get(server_id)
+            if not server:
+                continue
+
+            records = ServerMetrics.query.filter(
+                ServerMetrics.server_id == server_id,
+                ServerMetrics.timestamp >= cutoff
+            ).order_by(ServerMetrics.timestamp.asc()).all()
+
+            # Downsample for longer periods
+            if interval > 1 and len(records) > 0:
+                records = _downsample_simple(records, interval)
+
+            data = []
+            for r in records:
+                val = getattr(r, col_name, None)
+                if val is not None:
+                    data.append({
+                        'timestamp': r.timestamp.isoformat(),
+                        'value': round(val, 2)
+                    })
+
+            series.append({
+                'server_id': server_id,
+                'name': server.name,
+                'data': data
+            })
+
+        return {'metric': metric, 'period': period, 'series': series}
+
+    # ==================== Alert Thresholds ====================
+
+    @staticmethod
+    def get_thresholds(server_id: str = None) -> List[Dict]:
+        """Get alert thresholds, optionally filtered by server."""
+        query = ServerAlertThreshold.query
+        if server_id:
+            query = query.filter(
+                (ServerAlertThreshold.server_id == server_id) |
+                (ServerAlertThreshold.server_id == None)
+            )
+        return [t.to_dict() for t in query.all()]
+
+    @staticmethod
+    def upsert_threshold(data: Dict) -> Dict:
+        """Create or update an alert threshold."""
+        threshold_id = data.get('id')
+        if threshold_id:
+            threshold = ServerAlertThreshold.query.get(threshold_id)
+            if not threshold:
+                return {'error': 'Threshold not found'}
+        else:
+            threshold = ServerAlertThreshold()
+            db.session.add(threshold)
+
+        threshold.server_id = data.get('server_id')
+        threshold.metric = data.get('metric', 'cpu')
+        threshold.warning_threshold = data.get('warning_threshold', 80.0)
+        threshold.critical_threshold = data.get('critical_threshold', 95.0)
+        threshold.duration_seconds = data.get('duration_seconds', 300)
+        threshold.enabled = data.get('enabled', True)
+
+        db.session.commit()
+        return threshold.to_dict()
+
+    @staticmethod
+    def delete_threshold(threshold_id: str) -> bool:
+        """Delete an alert threshold."""
+        threshold = ServerAlertThreshold.query.get(threshold_id)
+        if not threshold:
+            return False
+        db.session.delete(threshold)
+        db.session.commit()
+        return True
+
+    # ==================== Alert Checking ====================
+
+    @staticmethod
+    def check_fleet_thresholds():
+        """Check all online servers against their thresholds. Call periodically."""
+        thresholds = ServerAlertThreshold.query.filter_by(enabled=True).all()
+        if not thresholds:
+            return
+
+        # Group thresholds: per-server overrides + global defaults
+        global_thresholds = {}
+        server_thresholds = {}
+        for t in thresholds:
+            if t.server_id:
+                server_thresholds.setdefault(t.server_id, {})[t.metric] = t
+            else:
+                global_thresholds[t.metric] = t
+
+        servers = Server.query.filter_by(status='online').all()
+
+        for server in servers:
+            for metric_name, col_name in METRIC_COLUMNS.items():
+                # Find applicable threshold (server-specific > global)
+                threshold = server_thresholds.get(server.id, {}).get(metric_name)
+                if not threshold:
+                    threshold = global_thresholds.get(metric_name)
+                if not threshold:
+                    continue
+
+                # Get recent metrics for the duration window
+                cutoff = datetime.utcnow() - timedelta(seconds=threshold.duration_seconds)
+                recent = ServerMetrics.query.filter(
+                    ServerMetrics.server_id == server.id,
+                    ServerMetrics.timestamp >= cutoff
+                ).all()
+
+                if not recent:
+                    continue
+
+                values = [getattr(r, col_name) for r in recent if getattr(r, col_name) is not None]
+                if not values:
+                    continue
+
+                avg_val = sum(values) / len(values)
+
+                # Check if there's already an active alert for this server+metric
+                existing = MetricAlert.query.filter_by(
+                    server_id=server.id, metric=metric_name, status='active'
+                ).first()
+
+                if avg_val >= threshold.critical_threshold:
+                    if not existing or existing.severity != 'critical':
+                        if existing:
+                            existing.resolved_at = datetime.utcnow()
+                            existing.status = 'resolved'
+                        alert = MetricAlert(
+                            server_id=server.id,
+                            metric=metric_name,
+                            severity='critical',
+                            value=round(avg_val, 1),
+                            threshold=threshold.critical_threshold,
+                            duration_seconds=threshold.duration_seconds
+                        )
+                        db.session.add(alert)
+                elif avg_val >= threshold.warning_threshold:
+                    if not existing or existing.severity == 'critical':
+                        if existing and existing.severity == 'critical':
+                            existing.resolved_at = datetime.utcnow()
+                            existing.status = 'resolved'
+                        if not existing or existing.severity == 'critical':
+                            alert = MetricAlert(
+                                server_id=server.id,
+                                metric=metric_name,
+                                severity='warning',
+                                value=round(avg_val, 1),
+                                threshold=threshold.warning_threshold,
+                                duration_seconds=threshold.duration_seconds
+                            )
+                            db.session.add(alert)
+                else:
+                    # Below thresholds - resolve any active alert
+                    if existing:
+                        existing.resolved_at = datetime.utcnow()
+                        existing.status = 'resolved'
+
+        try:
+            db.session.commit()
+        except Exception as e:
+            logger.error(f"Error checking fleet thresholds: {e}")
+            db.session.rollback()
+
+    @staticmethod
+    def get_alerts(
+        status: str = None, severity: str = None,
+        server_id: str = None, limit: int = 50
+    ) -> List[Dict]:
+        """Get metric alerts with filters."""
+        query = MetricAlert.query.order_by(MetricAlert.created_at.desc())
+        if status:
+            query = query.filter_by(status=status)
+        if severity:
+            query = query.filter_by(severity=severity)
+        if server_id:
+            query = query.filter_by(server_id=server_id)
+        return [a.to_dict() for a in query.limit(limit).all()]
+
+    @staticmethod
+    def acknowledge_alert(alert_id: str, user_id: int) -> bool:
+        alert = MetricAlert.query.get(alert_id)
+        if not alert or alert.status != 'active':
+            return False
+        alert.status = 'acknowledged'
+        alert.acknowledged_by = user_id
+        db.session.commit()
+        return True
+
+    @staticmethod
+    def resolve_alert(alert_id: str) -> bool:
+        alert = MetricAlert.query.get(alert_id)
+        if not alert or alert.status == 'resolved':
+            return False
+        alert.status = 'resolved'
+        alert.resolved_at = datetime.utcnow()
+        db.session.commit()
+        return True
+
+    # ==================== Anomaly Detection ====================
+
+    @staticmethod
+    def detect_anomalies(server_id: str = None) -> List[Dict]:
+        """Simple z-score anomaly detection on 7-day hourly averages."""
+        servers = [Server.query.get(server_id)] if server_id else Server.query.filter_by(status='online').all()
+        cutoff = datetime.utcnow() - timedelta(days=7)
+        anomalies = []
+
+        for server in servers:
+            if not server:
+                continue
+
+            records = ServerMetrics.query.filter(
+                ServerMetrics.server_id == server.id,
+                ServerMetrics.timestamp >= cutoff
+            ).all()
+
+            if len(records) < 20:
+                continue
+
+            latest = records[-1] if records else None
+            if not latest:
+                continue
+
+            for metric_name, col_name in [('cpu', 'cpu_percent'), ('memory', 'memory_percent'), ('disk', 'disk_percent')]:
+                values = [getattr(r, col_name) for r in records if getattr(r, col_name) is not None]
+                if len(values) < 10:
+                    continue
+
+                mean = sum(values) / len(values)
+                variance = sum((v - mean) ** 2 for v in values) / len(values)
+                stddev = math.sqrt(variance) if variance > 0 else 0
+
+                current = getattr(latest, col_name)
+                if current is None or stddev == 0:
+                    continue
+
+                z_score = (current - mean) / stddev
+
+                if abs(z_score) > 2.5:
+                    anomalies.append({
+                        'server_id': server.id,
+                        'server_name': server.name,
+                        'metric': metric_name,
+                        'current_value': round(current, 1),
+                        'mean': round(mean, 1),
+                        'stddev': round(stddev, 1),
+                        'z_score': round(z_score, 2),
+                        'direction': 'high' if z_score > 0 else 'low',
+                    })
+
+        return anomalies
+
+    # ==================== Capacity Forecasting ====================
+
+    @staticmethod
+    def forecast_capacity(server_id: str, metric: str = 'disk') -> Dict:
+        """Linear regression forecast for when a metric will hit 90% and 100%."""
+        col_name = METRIC_COLUMNS.get(metric, 'disk_percent')
+        cutoff = datetime.utcnow() - timedelta(days=30)
+
+        records = ServerMetrics.query.filter(
+            ServerMetrics.server_id == server_id,
+            ServerMetrics.timestamp >= cutoff
+        ).order_by(ServerMetrics.timestamp.asc()).all()
+
+        values = []
+        for r in records:
+            val = getattr(r, col_name)
+            if val is not None:
+                # Convert timestamp to days from first record
+                values.append((r.timestamp, val))
+
+        if len(values) < 48:  # Need at least 2 days of data
+            return {
+                'server_id': server_id,
+                'metric': metric,
+                'error': 'Insufficient data (need at least 2 days of metrics)',
+                'data_points': len(values)
+            }
+
+        # Aggregate to daily averages for regression
+        daily = {}
+        for ts, val in values:
+            day_key = ts.strftime('%Y-%m-%d')
+            daily.setdefault(day_key, []).append(val)
+        daily_avgs = [(k, sum(v) / len(v)) for k, v in sorted(daily.items())]
+
+        if len(daily_avgs) < 2:
+            return {
+                'server_id': server_id,
+                'metric': metric,
+                'error': 'Insufficient daily data points',
+                'data_points': len(daily_avgs)
+            }
+
+        # Simple linear regression: y = mx + b
+        n = len(daily_avgs)
+        x_vals = list(range(n))
+        y_vals = [v for _, v in daily_avgs]
+
+        x_mean = sum(x_vals) / n
+        y_mean = sum(y_vals) / n
+
+        numerator = sum((x - x_mean) * (y - y_mean) for x, y in zip(x_vals, y_vals))
+        denominator = sum((x - x_mean) ** 2 for x in x_vals)
+
+        if denominator == 0:
+            return {'server_id': server_id, 'metric': metric, 'trend': 'flat', 'growth_rate_per_day': 0}
+
+        slope = numerator / denominator  # % per day
+        intercept = y_mean - slope * x_mean
+
+        current = y_vals[-1]
+
+        # Predict when metric reaches 90% and 100%
+        predictions = {}
+        for target in [90, 100]:
+            if current >= target:
+                predictions[f'days_to_{target}pct'] = 0
+                predictions[f'date_{target}pct'] = 'already exceeded'
+            elif slope <= 0:
+                predictions[f'days_to_{target}pct'] = None
+                predictions[f'date_{target}pct'] = 'never (decreasing trend)'
+            else:
+                days_needed = (target - current) / slope
+                target_date = datetime.utcnow() + timedelta(days=days_needed)
+                predictions[f'days_to_{target}pct'] = round(days_needed, 1)
+                predictions[f'date_{target}pct'] = target_date.strftime('%Y-%m-%d')
+
+        # Generate trend line data for charting
+        trend_data = []
+        for i, (day, avg) in enumerate(daily_avgs):
+            trend_data.append({
+                'date': day,
+                'actual': round(avg, 1),
+                'trend': round(intercept + slope * i, 1)
+            })
+
+        # Extend trend 14 days into the future
+        for i in range(1, 15):
+            future_day = (datetime.utcnow() + timedelta(days=i)).strftime('%Y-%m-%d')
+            predicted = intercept + slope * (n - 1 + i)
+            trend_data.append({
+                'date': future_day,
+                'actual': None,
+                'trend': round(min(predicted, 100), 1)
+            })
+
+        return {
+            'server_id': server_id,
+            'metric': metric,
+            'current_value': round(current, 1),
+            'growth_rate_per_day': round(slope, 3),
+            'trend': 'increasing' if slope > 0.1 else ('decreasing' if slope < -0.1 else 'stable'),
+            'predictions': predictions,
+            'trend_data': trend_data,
+            'data_points': len(values),
+            'daily_samples': len(daily_avgs),
+        }
+
+    # ==================== Fleet Search ====================
+
+    @staticmethod
+    def search_fleet(query: str, search_type: str = 'any') -> List[Dict]:
+        """Search across all servers for containers, services, or ports."""
+        query_lower = query.lower()
+        results = []
+
+        # Search server names and hostnames
+        if search_type in ('any', 'server'):
+            servers = Server.query.filter(
+                (Server.name.ilike(f'%{query}%')) |
+                (Server.hostname.ilike(f'%{query}%')) |
+                (Server.ip_address.ilike(f'%{query}%'))
+            ).all()
+            for s in servers:
+                results.append({
+                    'server_id': s.id,
+                    'server_name': s.name,
+                    'match_type': 'server',
+                    'match_name': s.name,
+                    'match_detail': f'{s.hostname} ({s.ip_address})',
+                    'status': s.status,
+                })
+
+        # Search containers via connected agents
+        if search_type in ('any', 'container'):
+            connected = agent_registry.get_connected_servers()
+            for server_id in connected:
+                server = Server.query.get(server_id)
+                if not server:
+                    continue
+
+                # Check cached metrics extra data for container info
+                latest = ServerMetrics.query.filter_by(
+                    server_id=server_id
+                ).order_by(ServerMetrics.timestamp.desc()).first()
+
+                if latest and latest.extra:
+                    containers = latest.extra.get('containers', [])
+                    for container in containers:
+                        name = container.get('name', '')
+                        image = container.get('image', '')
+                        if query_lower in name.lower() or query_lower in image.lower():
+                            results.append({
+                                'server_id': server_id,
+                                'server_name': server.name,
+                                'match_type': 'container',
+                                'match_name': name,
+                                'match_detail': image,
+                                'status': container.get('status', 'unknown'),
+                            })
+
+        # Search tags
+        if search_type in ('any', 'tag'):
+            all_servers = Server.query.all()
+            for s in all_servers:
+                if s.tags:
+                    for tag in s.tags:
+                        if query_lower in tag.lower():
+                            results.append({
+                                'server_id': s.id,
+                                'server_name': s.name,
+                                'match_type': 'tag',
+                                'match_name': tag,
+                                'match_detail': f'Tag on {s.name}',
+                                'status': s.status,
+                            })
+
+        return results
+
+    # ==================== Prometheus Export ====================
+
+    @staticmethod
+    def get_prometheus_metrics() -> str:
+        """Generate Prometheus exposition format metrics for all servers."""
+        lines = []
+        servers = Server.query.all()
+
+        metrics_defs = [
+            ('serverkit_cpu_percent', 'CPU usage percentage', 'cpu_percent'),
+            ('serverkit_memory_percent', 'Memory usage percentage', 'memory_percent'),
+            ('serverkit_disk_percent', 'Disk usage percentage', 'disk_percent'),
+            ('serverkit_containers_running', 'Number of running containers', 'container_running'),
+        ]
+
+        for metric_name, help_text, col_name in metrics_defs:
+            lines.append(f'# HELP {metric_name} {help_text}')
+            lines.append(f'# TYPE {metric_name} gauge')
+
+            for server in servers:
+                latest = ServerMetrics.query.filter_by(
+                    server_id=server.id
+                ).order_by(ServerMetrics.timestamp.desc()).first()
+
+                if latest:
+                    val = getattr(latest, col_name)
+                    if val is not None:
+                        safe_name = server.name.replace('"', '\\"')
+                        lines.append(
+                            f'{metric_name}{{server="{safe_name}",server_id="{server.id}"}} {val}'
+                        )
+            lines.append('')
+
+        # Server status (1 = online, 0 = offline)
+        lines.append('# HELP serverkit_server_up Server online status')
+        lines.append('# TYPE serverkit_server_up gauge')
+        for server in servers:
+            val = 1 if server.status == 'online' else 0
+            safe_name = server.name.replace('"', '\\"')
+            lines.append(
+                f'serverkit_server_up{{server="{safe_name}",server_id="{server.id}"}} {val}'
+            )
+
+        return '\n'.join(lines) + '\n'
+
+    # ==================== CSV Export ====================
+
+    @staticmethod
+    def export_metrics_csv(server_ids: List[str], metric: str = 'cpu', period: str = '24h') -> str:
+        """Export metrics as CSV string."""
+        hours_back = {'1h': 1, '6h': 6, '24h': 24, '7d': 168, '30d': 720}.get(period, 24)
+        cutoff = datetime.utcnow() - timedelta(hours=hours_back)
+        col_name = METRIC_COLUMNS.get(metric, 'cpu_percent')
+
+        output = io.StringIO()
+        writer = csv.writer(output)
+        writer.writerow(['timestamp', 'server_id', 'server_name', metric])
+
+        for server_id in server_ids:
+            server = Server.query.get(server_id)
+            if not server:
+                continue
+
+            records = ServerMetrics.query.filter(
+                ServerMetrics.server_id == server_id,
+                ServerMetrics.timestamp >= cutoff
+            ).order_by(ServerMetrics.timestamp.asc()).all()
+
+            for r in records:
+                val = getattr(r, col_name)
+                if val is not None:
+                    writer.writerow([
+                        r.timestamp.isoformat(),
+                        server_id,
+                        server.name,
+                        round(val, 2)
+                    ])
+
+        return output.getvalue()
+
+
+def _downsample_simple(records, interval_minutes):
+    """Simple downsampling by picking one record per interval."""
+    if not records:
+        return []
+
+    result = [records[0]]
+    last_ts = records[0].timestamp
+
+    for r in records[1:]:
+        if (r.timestamp - last_ts).total_seconds() >= interval_minutes * 60:
+            result.append(r)
+            last_ts = r.timestamp
+
+    return result
+
+
+fleet_monitor_service = FleetMonitorService()
diff --git a/backend/app/services/git_deploy_service.py b/backend/app/services/git_deploy_service.py
index 876e81a1..86908e06 100644
--- a/backend/app/services/git_deploy_service.py
+++ b/backend/app/services/git_deploy_service.py
@@ -447,8 +447,7 @@ def _run_script(cls, script: str, cwd: str) -> Dict:
         """Run a deployment script."""
         try:
             result = subprocess.run(
-                script,
-                shell=True,
+                ['bash', '-c', script],
                 cwd=cwd,
                 capture_output=True,
                 text=True,
diff --git a/backend/app/services/git_service.py b/backend/app/services/git_service.py
index 01dc809c..82653638 100644
--- a/backend/app/services/git_service.py
+++ b/backend/app/services/git_service.py
@@ -286,8 +286,7 @@ def _run_script(cls, script: str, working_dir: str) -> Dict:
         """Run a deployment script."""
         try:
             result = subprocess.run(
-                script,
-                shell=True,
+                ['bash', '-c', script],
                 cwd=working_dir,
                 capture_output=True,
                 text=True,
@@ -434,6 +433,17 @@ def handle_webhook(cls, app_id: int, payload: Dict) -> Dict:
                 'message': f'Ignoring push to {ref}, configured branch is {branch}'
             }
 
+        # Emit event for workflow triggers
+        try:
+            from app.services.workflow_engine import WorkflowEventBus
+            WorkflowEventBus.emit('git_push', {
+                'app_id': app_id,
+                'branch': branch,
+                'ref': ref
+            })
+        except Exception:
+            pass
+
         # Trigger deployment
         return cls.deploy(app_id)
 
diff --git a/backend/app/services/marketplace_service.py b/backend/app/services/marketplace_service.py
new file mode 100644
index 00000000..154872f1
--- /dev/null
+++ b/backend/app/services/marketplace_service.py
@@ -0,0 +1,172 @@
+import logging
+from app import db
+from app.models.marketplace import Extension, ExtensionInstall
+
+logger = logging.getLogger(__name__)
+
+
+class MarketplaceService:
+    """Service for the extension marketplace."""
+
+    CATEGORIES = ['monitoring', 'security', 'deployment', 'integration', 'ui', 'utility']
+
+    @staticmethod
+    def list_extensions(category=None, search=None, status='published'):
+        query = Extension.query
+        if status:
+            query = query.filter_by(status=status)
+        if category:
+            query = query.filter_by(category=category)
+        if search:
+            query = query.filter(
+                db.or_(
+                    Extension.display_name.ilike(f'%{search}%'),
+                    Extension.description.ilike(f'%{search}%'),
+                )
+            )
+        return query.order_by(Extension.download_count.desc()).all()
+
+    @staticmethod
+    def get_extension(ext_id):
+        return Extension.query.get(ext_id)
+
+    @staticmethod
+    def get_extension_by_slug(slug):
+        return Extension.query.filter_by(slug=slug).first()
+
+    @staticmethod
+    def create_extension(data, user_id=None):
+        slug = data.get('slug', data['name'].lower().replace(' ', '-'))
+        if Extension.query.filter_by(slug=slug).first():
+            raise ValueError(f"Extension '{slug}' already exists")
+
+        ext = Extension(
+            name=data['name'],
+            display_name=data.get('display_name', data['name']),
+            slug=slug,
+            description=data.get('description', ''),
+            long_description=data.get('long_description', ''),
+            version=data.get('version', '1.0.0'),
+            author=data.get('author', ''),
+            homepage=data.get('homepage', ''),
+            repository=data.get('repository', ''),
+            license=data.get('license', 'MIT'),
+            category=data.get('category', 'utility'),
+            extension_type=data.get('extension_type', 'integration'),
+            entry_point=data.get('entry_point', ''),
+            submitted_by=user_id,
+        )
+        ext.tags = data.get('tags', [])
+        if data.get('config_schema'):
+            ext.config_schema = data['config_schema']
+
+        db.session.add(ext)
+        db.session.commit()
+        return ext
+
+    @staticmethod
+    def update_extension(ext_id, data):
+        ext = Extension.query.get(ext_id)
+        if not ext:
+            return None
+        for field in ['display_name', 'description', 'long_description', 'version',
+                      'author', 'homepage', 'repository', 'license', 'category',
+                      'extension_type', 'entry_point', 'status']:
+            if field in data:
+                setattr(ext, field, data[field])
+        if 'tags' in data:
+            ext.tags = data['tags']
+        if 'config_schema' in data:
+            ext.config_schema = data['config_schema']
+        db.session.commit()
+        return ext
+
+    @staticmethod
+    def publish_extension(ext_id):
+        ext = Extension.query.get(ext_id)
+        if not ext:
+            return None
+        ext.status = Extension.STATUS_PUBLISHED
+        db.session.commit()
+        return ext
+
+    @staticmethod
+    def delete_extension(ext_id):
+        ext = Extension.query.get(ext_id)
+        if not ext:
+            return False
+        ExtensionInstall.query.filter_by(extension_id=ext_id).delete()
+        db.session.delete(ext)
+        db.session.commit()
+        return True
+
+    # --- Installations ---
+
+    @staticmethod
+    def install_extension(ext_id, user_id, config=None):
+        ext = Extension.query.get(ext_id)
+        if not ext:
+            raise ValueError('Extension not found')
+
+        existing = ExtensionInstall.query.filter_by(
+            extension_id=ext_id, user_id=user_id
+        ).first()
+        if existing and existing.is_active:
+            raise ValueError('Extension already installed')
+
+        if existing:
+            existing.is_active = True
+            existing.installed_version = ext.version
+            if config:
+                existing.config = config
+            install = existing
+        else:
+            install = ExtensionInstall(
+                extension_id=ext_id,
+                user_id=user_id,
+                installed_version=ext.version,
+            )
+            if config:
+                install.config = config
+            db.session.add(install)
+
+        ext.download_count += 1
+        db.session.commit()
+        return install
+
+    @staticmethod
+    def uninstall_extension(install_id):
+        install = ExtensionInstall.query.get(install_id)
+        if not install:
+            return False
+        install.is_active = False
+        db.session.commit()
+        return True
+
+    @staticmethod
+    def get_user_extensions(user_id):
+        return ExtensionInstall.query.filter_by(user_id=user_id, is_active=True).all()
+
+    @staticmethod
+    def update_extension_config(install_id, config):
+        install = ExtensionInstall.query.get(install_id)
+        if not install:
+            return None
+        install.config = config
+        db.session.commit()
+        return install
+
+    @staticmethod
+    def rate_extension(ext_id, rating):
+        ext = Extension.query.get(ext_id)
+        if not ext:
+            return None
+        total = ext.rating * ext.rating_count + rating
+        ext.rating_count += 1
+        ext.rating = round(total / ext.rating_count, 2)
+        db.session.commit()
+        return ext
+
+    @staticmethod
+    def get_categories():
+        return MarketplaceService.CATEGORIES
diff --git a/backend/app/services/migration_service.py b/backend/app/services/migration_service.py
index a8f438ac..8e4612a6 100644
--- a/backend/app/services/migration_service.py
+++ b/backend/app/services/migration_service.py
@@ -31,24 +31,62 @@ def _get_alembic_config(cls, app):
         cfg.set_main_option('sqlalchemy.url', app.config['SQLALCHEMY_DATABASE_URI'])
         return cfg
 
+    # Map SQLAlchemy type names to SQLite-compatible type strings
+    _TYPE_MAP = {
+        'INTEGER': 'INTEGER', 'BIGINTEGER': 'INTEGER', 'SMALLINTEGER': 'INTEGER',
+        'FLOAT': 'REAL', 'NUMERIC': 'REAL',
+        'BOOLEAN': 'BOOLEAN',
+        'DATETIME': 'DATETIME', 'DATE': 'DATE', 'TIME': 'TIME',
+        'TEXT': 'TEXT', 'STRING': 'TEXT', 'VARCHAR': 'TEXT',
+        'JSON': 'TEXT',
+    }
+
+    @classmethod
+    def _sqlite_type(cls, sa_type):
+        """Convert a SQLAlchemy column type to a SQLite type string."""
+        type_name = type(sa_type).__name__.upper()
+        return cls._TYPE_MAP.get(type_name, 'TEXT')
+
     @classmethod
     def _fix_missing_columns(cls, db):
-        """Add columns that may be missing from existing tables.
+        """Sync database schema with ORM models.
 
+        Compares every model column against the actual database and adds any
+        that are missing.  Also creates tables that don't exist yet.
         Runs raw SQL before any ORM queries to prevent crashes when models
         reference columns that don't exist in the database yet.
         """
         inspector = sa_inspect(db.engine)
-        existing_tables = inspector.get_table_names()
-
-        if 'users' in existing_tables:
-            cols = {c['name'] for c in inspector.get_columns('users')}
-            if 'auth_provider' not in cols:
-                logger.info('Adding missing column: users.auth_provider')
-                with db.engine.begin() as conn:
-                    conn.execute(text(
-                        "ALTER TABLE users ADD COLUMN auth_provider VARCHAR(50) DEFAULT 'local'"
-                    ))
+        existing_tables = set(inspector.get_table_names())
+        added = 0
+
+        for table_name, table_obj in db.metadata.tables.items():
+            if table_name not in existing_tables:
+                # Entire table is missing — create_all will handle it later
+                continue
+
+            existing_cols = {c['name'] for c in inspector.get_columns(table_name)}
+
+            for col in table_obj.columns:
+                if col.name in existing_cols:
+                    continue
+
+                sqlite_type = cls._sqlite_type(col.type)
+                sql = f'ALTER TABLE {table_name} ADD COLUMN {col.name} {sqlite_type}'
+
+                try:
+                    with db.engine.begin() as conn:
+                        conn.execute(text(sql))
+                    logger.info(f'Auto-added missing column: {table_name}.{col.name} ({sqlite_type})')
+                    added += 1
+                except Exception as e:
+                    logger.warning(f'Failed to add {table_name}.{col.name}: {e}')
+
+        # Create any entirely new tables
+        db.create_all()
+
+        if added:
+            logger.info(f'Schema sync complete: {added} column(s) added')
 
     @classmethod
     def check_and_prepare(cls, app):
diff --git a/backend/app/services/monitoring_service.py b/backend/app/services/monitoring_service.py
index 57fd9a18..5a781230 100644
--- a/backend/app/services/monitoring_service.py
+++ b/backend/app/services/monitoring_service.py
@@ -1,5 +1,6 @@
 import os
 import json
+import logging
 import psutil
 import smtplib
 from email.mime.text import MIMEText
@@ -10,6 +11,8 @@
 import threading
 import time
 
+logger = logging.getLogger(__name__)
+
 from .notification_service import NotificationService
 from app import paths
 
@@ -280,6 +283,25 @@ def process_alerts(cls, alerts: List[Dict]) -> None:
         # Send to all configured notification channels (Discord, Slack, Telegram, etc.)
         NotificationService.send_all(alerts_to_send)
 
+        # Emit events for workflow triggers
+        try:
+            from app.services.workflow_engine import WorkflowEventBus
+            for alert in alerts_to_send:
+                if alert['type'] == 'cpu':
+                    WorkflowEventBus.emit('high_cpu', {
+                        'percent': alert.get('value'),
+                        'threshold': alert.get('threshold'),
+                        'severity': alert.get('severity')
+                    })
+                elif alert['type'] == 'memory':
+                    WorkflowEventBus.emit('high_memory', {
+                        'percent': alert.get('value'),
+                        'threshold': alert.get('threshold'),
+                        'severity': alert.get('severity')
+                    })
+        except Exception:
+            logger.exception("Error emitting workflow events for alerts")
+
     @classmethod
     def log_alert(cls, alerts: List[Dict]) -> None:
         """Log alerts to file."""
diff --git a/backend/app/services/nginx_advanced_service.py b/backend/app/services/nginx_advanced_service.py
new file mode 100644
index 00000000..2a5cb4b6
--- /dev/null
+++ b/backend/app/services/nginx_advanced_service.py
@@ -0,0 +1,201 @@
+import os
+import json
+import logging
+import re
+from app.utils.system import run_command
+
+logger = logging.getLogger(__name__)
+
+
+class NginxAdvancedService:
+    """Advanced Nginx configuration: reverse proxy, load balancing, caching, rate limiting."""
+
+    NGINX_CONF_DIR = '/etc/nginx'
+    SITES_AVAILABLE = '/etc/nginx/sites-available'
+    SITES_ENABLED = '/etc/nginx/sites-enabled'
+
+    @staticmethod
+    def get_proxy_rules(domain):
+        """Get reverse proxy rules for a virtual host."""
+        conf_path = os.path.join(NginxAdvancedService.SITES_AVAILABLE, domain)
+        if not os.path.isfile(conf_path):
+            return {'error': 'Config not found'}
+        try:
+            with open(conf_path, 'r') as f:
+                content = f.read()
+            return {'domain': domain, 'config': content}
+        except Exception as e:
+            return {'error': str(e)}
+
+    @staticmethod
+    def create_reverse_proxy(data):
+        """Create a reverse proxy configuration."""
+        domain = data['domain']
+        upstreams = data.get('upstreams', [])
+        lb_method = data.get('lb_method', 'round_robin')
+        cache = data.get('cache', {})
+        rate_limit = data.get('rate_limit', {})
+        headers = data.get('headers', {})
+        locations = data.get('locations', [])
+
+        upstream_name = domain.replace('.', '_')
+
+        lines = []
+
+        # Upstream block
+        if upstreams:
+            lines.append(f'upstream {upstream_name} {{')
+            if lb_method == 'least_conn':
+                lines.append('    least_conn;')
+            elif lb_method == 'ip_hash':
+                lines.append('    ip_hash;')
+            for u in upstreams:
+                weight = f' weight={u["weight"]}' if u.get('weight') else ''
+                lines.append(f'    server {u["address"]}{weight};')
+            lines.append('}')
+            lines.append('')
+
+        # Rate limiting zone
+        if rate_limit.get('enabled'):
+            rps = rate_limit.get('requests_per_second', 10)
+            lines.append(f'limit_req_zone $binary_remote_addr zone={upstream_name}_limit:10m rate={rps}r/s;')
+            lines.append('')
+
+        # Cache zone
+        if cache.get('enabled'):
+            cache_size = cache.get('size', '100m')
+            cache_ttl = cache.get('ttl', '60m')
+            lines.append(f'proxy_cache_path /var/cache/nginx/{upstream_name} levels=1:2 keys_zone={upstream_name}_cache:10m max_size={cache_size} inactive={cache_ttl};')
+            lines.append('')
+
+        # Server block
+        lines.append('server {')
+        lines.append(f'    listen 80;')
+        lines.append(f'    server_name {domain};')
+        lines.append('')
+
+        # Custom headers
+        for header_name, header_value in headers.get('add', {}).items():
+            lines.append(f'    add_header {header_name} "{header_value}";')
+        for header_name in headers.get('remove', []):
+            lines.append(f'    proxy_hide_header {header_name};')
+
+        if rate_limit.get('enabled'):
+            burst = rate_limit.get('burst', 20)
+            lines.append(f'    limit_req zone={upstream_name}_limit burst={burst} nodelay;')
+
+        lines.append('')
+
+        # Custom location blocks
+        for loc in locations:
+            lines.append(f'    location {loc["path"]} {{')
+            if loc.get('proxy_pass'):
+                lines.append(f'        proxy_pass {loc["proxy_pass"]};')
+            elif upstreams:
+                lines.append(f'        proxy_pass http://{upstream_name};')
+            lines.append('        proxy_set_header Host $host;')
+            lines.append('        proxy_set_header X-Real-IP $remote_addr;')
+            lines.append('        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;')
+            lines.append('        proxy_set_header X-Forwarded-Proto $scheme;')
+
+            if cache.get('enabled') and not loc.get('no_cache'):
+                lines.append(f'        proxy_cache {upstream_name}_cache;')
+                for bypass in cache.get('bypass_rules', []):
+                    lines.append(f'        proxy_cache_bypass {bypass};')
+
+            lines.append('    }')
+            lines.append('')
+
+        # Default location if no custom locations
+        if not locations:
+            lines.append('    location / {')
+            if upstreams:
+                lines.append(f'        proxy_pass http://{upstream_name};')
+            lines.append('        proxy_set_header Host $host;')
+            lines.append('        proxy_set_header X-Real-IP $remote_addr;')
+            lines.append('        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;')
+            lines.append('        proxy_set_header X-Forwarded-Proto $scheme;')
+            if cache.get('enabled'):
+                lines.append(f'        proxy_cache {upstream_name}_cache;')
+            lines.append('    }')
+
+        lines.append('}')
+
+        config = '\n'.join(lines)
+
+        # Write config
+        conf_path = os.path.join(NginxAdvancedService.SITES_AVAILABLE, domain)
+        with open(conf_path, 'w') as f:
+            f.write(config)
+
+        return {'domain': domain, 'config': config, 'path': conf_path}
+
+    @staticmethod
+    def test_config():
+        """Test nginx config syntax."""
+        try:
+            result = run_command(['nginx', '-t'], capture_stderr=True)
+            return {
+                'valid': True,
+                'output': result.get('stdout', '') + result.get('stderr', ''),
+            }
+        except Exception as e:
+            return {'valid': False, 'output': str(e)}
+
+    @staticmethod
+    def preview_diff(domain, new_config):
+        """Preview config changes as a diff."""
+        conf_path = os.path.join(NginxAdvancedService.SITES_AVAILABLE, domain)
+        old_config = ''
+        if os.path.isfile(conf_path):
+            with open(conf_path, 'r') as f:
+                old_config = f.read()
+
+        import difflib
+        diff = list(difflib.unified_diff(
+            old_config.splitlines(keepends=True),
+            new_config.splitlines(keepends=True),
+            fromfile=f'{domain} (current)',
+            tofile=f'{domain} (new)',
+        ))
+        return {'diff': ''.join(diff), 'has_changes': len(diff) > 0}
+
+    @staticmethod
+    def reload_nginx():
+        """Reload nginx configuration."""
+        try:
+            run_command(['sudo', 'nginx', '-s', 'reload'])
+            return {'success': True}
+        except Exception as e:
+            return {'success': False, 'error': str(e)}
+
+    @staticmethod
+    def get_vhost_logs(domain, log_type='access', lines=100):
+        """Get access or error log for a virtual host."""
+        log_dir = '/var/log/nginx'
+        if log_type == 'error':
+            log_file = os.path.join(log_dir, f'{domain}.error.log')
+        else:
+            log_file = os.path.join(log_dir, f'{domain}.access.log')
+
+        if not os.path.isfile(log_file):
+            # Fallback to default logs
+            log_file = os.path.join(log_dir, f'{log_type}.log')
+
+        if not os.path.isfile(log_file):
+            return {'lines': [], 'error': 'Log file not found'}
+
+        try:
+            result = run_command(['tail', '-n', str(lines), log_file])
+            log_lines = result.get('stdout', '').strip().split('\n')
+            return {'lines': log_lines, 'file': log_file}
+        except Exception as e:
+            return {'lines': [], 'error': str(e)}
+
+    @staticmethod
+    def get_load_balancing_methods():
+        return {
+            'round_robin': 'Round Robin (default)',
+            'least_conn': 'Least Connections',
+            'ip_hash': 'IP Hash (sticky sessions)',
+        }
diff --git a/backend/app/services/nginx_service.py b/backend/app/services/nginx_service.py
index 3ec1aaa3..3fe20bd4 100644
--- a/backend/app/services/nginx_service.py
+++ b/backend/app/services/nginx_service.py
@@ -7,6 +7,19 @@
 from app.utils.system import ServiceControl, run_privileged, is_command_available
 
 
+def _validate_domain(domain: str) -> bool:
+    """Validate domain name to prevent nginx config injection."""
+    return bool(re.match(r'^(?:[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?\.)*[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$', domain, re.IGNORECASE))
+
+
+def _validate_path(path: str) -> bool:
+    """Validate filesystem path for nginx config."""
+    # Block path traversal and special characters
+    if '..' in path or '\n' in path or '\r' in path or ';' in path:
+        return False
+    return bool(re.match(r'^/[a-zA-Z0-9/_\-\.]+$', path))
+
+
 class NginxService:
     """Service for Nginx configuration management."""
 
@@ -415,6 +428,15 @@ def create_site(cls, name: str, app_type: str, domains: List[str],
         if not domains:
             return {'success': False, 'error': 'At least one domain is required'}
 
+        # Validate all domains
+        for domain in domains:
+            if not _validate_domain(domain):
+                return {'success': False, 'error': f'Invalid domain name: {domain}'}
+
+        # Validate root_path if provided
+        if root_path and not _validate_path(root_path):
+            return {'success': False, 'error': f'Invalid root path: {root_path}'}
+
         domains_str = ' '.join(domains)
 
         # Select template based on app type
diff --git a/backend/app/services/python_service.py b/backend/app/services/python_service.py
index 3d96732d..54b7c10c 100644
--- a/backend/app/services/python_service.py
+++ b/backend/app/services/python_service.py
@@ -552,8 +552,7 @@ def run_command(app_path, command):
             env.update(env_vars)
 
             result = subprocess.run(
-                command,
-                shell=True,
+                ['bash', '-c', command],
                 cwd=app_path,
                 env=env,
                 capture_output=True,
diff --git a/backend/app/services/server_template_service.py b/backend/app/services/server_template_service.py
new file mode 100644
index 00000000..6d74b9f9
--- /dev/null
+++ b/backend/app/services/server_template_service.py
@@ -0,0 +1,283 @@
+import json
+import logging
+from datetime import datetime
+from app import db
+from app.models.server_template import ServerTemplate, ServerTemplateAssignment
+from app.models.server import Server
+
+logger = logging.getLogger(__name__)
+
+
+class ServerTemplateService:
+    """Service for server template management and config drift detection."""
+
+    # Built-in template library
+    TEMPLATE_LIBRARY = {
+        'web-server': {
+            'name': 'Web Server',
+            'description': 'Nginx + PHP-FPM web server with standard security',
+            'category': 'web',
+            'packages': ['nginx', 'php-fpm', 'certbot'],
+            'services': [
+                {'name': 'nginx', 'enabled': True, 'running': True},
+                {'name': 'php-fpm', 'enabled': True, 'running': True},
+            ],
+            'firewall_rules': [
+                {'port': 80, 'protocol': 'tcp', 'action': 'allow'},
+                {'port': 443, 'protocol': 'tcp', 'action': 'allow'},
+                {'port': 22, 'protocol': 'tcp', 'action': 'allow'},
+            ],
+        },
+        'database-server': {
+            'name': 'Database Server',
+            'description': 'MySQL/MariaDB database server with backups',
+            'category': 'database',
+            'packages': ['mariadb-server'],
+            'services': [
+                {'name': 'mariadb', 'enabled': True, 'running': True},
+            ],
+            'firewall_rules': [
+                {'port': 3306, 'protocol': 'tcp', 'action': 'allow'},
+                {'port': 22, 'protocol': 'tcp', 'action': 'allow'},
+            ],
+        },
+        'mail-server': {
+            'name': 'Mail Server',
+            'description': 'Postfix + Dovecot mail server',
+            'category': 'mail',
+            'packages': ['postfix', 'dovecot-imapd', 'dovecot-pop3d', 'spamassassin', 'opendkim'],
+            'services': [
+                {'name': 'postfix', 'enabled': True, 'running': True},
+                {'name': 'dovecot', 'enabled': True, 'running': True},
+                {'name': 'spamassassin', 'enabled': True, 'running': True},
+            ],
+            'firewall_rules': [
+                {'port': 25, 'protocol': 'tcp', 'action': 'allow'},
+                {'port': 587, 'protocol': 'tcp', 'action': 'allow'},
+                {'port': 993, 'protocol': 'tcp', 'action': 'allow'},
+                {'port': 995, 'protocol': 'tcp', 'action': 'allow'},
+                {'port': 22, 'protocol': 'tcp', 'action': 'allow'},
+            ],
+        },
+    }
+
+    @staticmethod
+    def list_templates(category=None):
+        query = ServerTemplate.query
+        if category:
+            query = query.filter_by(category=category)
+        return query.order_by(ServerTemplate.name).all()
+
+    @staticmethod
+    def get_template(template_id):
+        return ServerTemplate.query.get(template_id)
+
+    @staticmethod
+    def create_template(data, user_id=None):
+        if ServerTemplate.query.filter_by(name=data['name']).first():
+            raise ValueError(f"Template '{data['name']}' already exists")
+
+        template = ServerTemplate(
+            name=data['name'],
+            description=data.get('description', ''),
+            category=data.get('category', 'general'),
+            parent_id=data.get('parent_id'),
+            auto_remediate=data.get('auto_remediate', False),
+            remediation_approval_required=data.get('remediation_approval_required', True),
+            created_by=user_id,
+        )
+        template.packages = data.get('packages', [])
+        template.services = data.get('services', [])
+        template.firewall_rules = data.get('firewall_rules', [])
+        template.files = data.get('files', [])
+        template.users = data.get('users', [])
+        template.sysctl_params = data.get('sysctl_params', [])
+
+        db.session.add(template)
+        db.session.commit()
+        return template
+
+    @staticmethod
+    def update_template(template_id, data):
+        template = ServerTemplate.query.get(template_id)
+        if not template:
+            return None
+
+        for field in ['name', 'description', 'category', 'parent_id',
+                      'auto_remediate', 'remediation_approval_required']:
+            if field in data:
+                setattr(template, field, data[field])
+
+        for json_field in ['packages', 'services', 'firewall_rules', 'files', 'users', 'sysctl_params']:
+            if json_field in data:
+                setattr(template, json_field, data[json_field])
+
+        template.version += 1
+        db.session.commit()
+        return template
+
+    @staticmethod
+    def delete_template(template_id):
+        template = ServerTemplate.query.get(template_id)
+        if not template:
+            return False
+        active = template.assignments.count()
+        if active > 0:
+            raise ValueError(f'Cannot delete template with {active} active assignments')
+        # Remove children references
+        for child in template.children:
+            child.parent_id = None
+        db.session.delete(template)
+        db.session.commit()
+        return True
+
+    @staticmethod
+    def get_library_templates():
+        return ServerTemplateService.TEMPLATE_LIBRARY
+
+    @staticmethod
+    def create_from_library(key, user_id=None):
+        if key not in ServerTemplateService.TEMPLATE_LIBRARY:
+            raise ValueError(f"Unknown library template: {key}")
+        data = ServerTemplateService.TEMPLATE_LIBRARY[key].copy()
+        return ServerTemplateService.create_template(data, user_id)
+
+    # --- Assignment & Drift ---
+
+    @staticmethod
+    def assign_template(template_id, server_id):
+        template = ServerTemplate.query.get(template_id)
+        if not template:
+            raise ValueError('Template not found')
+        server = Server.query.get(server_id)
+        if not server:
+            raise ValueError('Server not found')
+
+        existing = ServerTemplateAssignment.query.filter_by(
+            template_id=template_id, server_id=server_id
+        ).first()
+        if existing:
+            raise ValueError('Template already assigned to this server')
+
+        assignment = ServerTemplateAssignment(
+            template_id=template_id,
+            server_id=server_id,
+        )
+        db.session.add(assignment)
+        db.session.commit()
+        return assignment
+
+    @staticmethod
+    def unassign_template(assignment_id):
+        assignment = ServerTemplateAssignment.query.get(assignment_id)
+        if not assignment:
+            return False
+        db.session.delete(assignment)
+        db.session.commit()
+        return True
+
+    @staticmethod
+    def bulk_assign(template_id, server_ids):
+        results = []
+        for sid in server_ids:
+            try:
+                a = ServerTemplateService.assign_template(template_id, sid)
+                results.append({'server_id': sid, 'status': 'assigned', 'assignment_id': a.id})
+            except ValueError as e:
+                results.append({'server_id': sid, 'status': 'error', 'error': str(e)})
+        return results
+
+    @staticmethod
+    def check_drift(assignment_id):
+        """Check configuration drift for a server assignment."""
+        assignment = ServerTemplateAssignment.query.get(assignment_id)
+        if not assignment:
+            return None
+
+        assignment.status = ServerTemplateAssignment.STATUS_CHECKING
+        db.session.commit()
+
+        # Send drift check command to agent
+        try:
+            from app.agent_gateway import get_agent_gateway
+            gw = get_agent_gateway()
+            if gw and assignment.server:
+                spec = assignment.template.get_merged_spec()
+                gw.send_command(assignment.server.agent_id, 'config_drift_check', {
+                    'assignment_id': assignment.id,
+                    'spec': spec,
+                })
+        except Exception as e:
+            logger.warning(f'Could not send drift check command: {e}')
+
+        return assignment
+
+    @staticmethod
+    def update_drift_report(assignment_id, report):
+        assignment = ServerTemplateAssignment.query.get(assignment_id)
+        if not assignment:
+            return None
+        assignment.drift_report = report
+        assignment.last_check_at = datetime.utcnow()
+        has_drift = any(
+            report.get(k, []) for k in ['missing_packages', 'extra_packages',
+                                          'stopped_services', 'missing_rules', 'changed_files']
+        )
+        assignment.status = (
+            ServerTemplateAssignment.STATUS_DRIFTED if has_drift
+            else ServerTemplateAssignment.STATUS_COMPLIANT
+        )
+        db.session.commit()
+        return assignment
+
+    @staticmethod
+    def remediate(assignment_id):
+        """Apply template to bring server back to expected state."""
+        assignment = ServerTemplateAssignment.query.get(assignment_id)
+        if not assignment:
+            return None
+
+        assignment.status = ServerTemplateAssignment.STATUS_REMEDIATING
+        db.session.commit()
+
+        try:
+            from app.agent_gateway import get_agent_gateway
+            gw = get_agent_gateway()
+            if gw and assignment.server:
+                spec = assignment.template.get_merged_spec()
+                gw.send_command(assignment.server.agent_id, 'config_remediate', {
+                    'assignment_id': assignment.id,
+                    'spec': spec,
+                })
+        except Exception as e:
+            logger.warning(f'Could not send remediate command: {e}')
+
+        return assignment
+
+    @staticmethod
+    def get_server_assignments(server_id):
+        return ServerTemplateAssignment.query.filter_by(server_id=server_id).all()
+
+    @staticmethod
+    def get_template_assignments(template_id):
+        return ServerTemplateAssignment.query.filter_by(template_id=template_id).all()
+
+    @staticmethod
+    def get_compliance_summary():
+        """Get fleet-wide compliance summary."""
+        assignments = ServerTemplateAssignment.query.all()
+        total = len(assignments)
+        if total == 0:
+            return {'total': 0, 'compliant': 0, 'drifted': 0, 'unknown': 0, 'compliance_pct': 100}
+
+        compliant = sum(1 for a in assignments if a.status == 'compliant')
+        drifted = sum(1 for a in assignments if a.status == 'drifted')
+        unknown = total - compliant - drifted
+
+        return {
+            'total': total,
+            'compliant': compliant,
+            'drifted': drifted,
+            'unknown': unknown,
+            'compliance_pct': round(compliant / total * 100, 1) if total > 0 else 100,
+        }
diff --git a/backend/app/services/settings_service.py b/backend/app/services/settings_service.py
index 10e36bd2..2515ccc6 100644
--- a/backend/app/services/settings_service.py
+++ b/backend/app/services/settings_service.py
@@ -120,15 +120,15 @@ def initialize_defaults():
 
     @staticmethod
     def needs_setup():
-        """Check if initial setup is required."""
-        # If no users exist, setup is needed
+        """Check if initial setup is needed."""
+        from app.models.user import User
         user_count = User.query.count()
         if user_count == 0:
             return True
-
-        # Check setup_completed setting
         setup_completed = SettingsService.get('setup_completed', False)
-        return not setup_completed
+        if setup_completed:
+            return False  # Once completed, never re-enable without admin action
+        return True
 
     @staticmethod
     def complete_setup(user_id=None):
diff --git a/backend/app/services/status_page_service.py b/backend/app/services/status_page_service.py
new file mode 100644
index 00000000..77181ba0
--- /dev/null
+++ b/backend/app/services/status_page_service.py
@@ -0,0 +1,307 @@
+import logging
+import socket
+import time
+from datetime import datetime, timedelta
+from app import db
+from app.models.status_page import (
+    StatusPage, StatusComponent, HealthCheck, StatusIncident, StatusIncidentUpdate
+)
+
+logger = logging.getLogger(__name__)
+
+
+class StatusPageService:
+    """Service for public status pages and automated health checks."""
+
+    # --- Pages ---
+
+    @staticmethod
+    def list_pages():
+        return StatusPage.query.order_by(StatusPage.name).all()
+
+    @staticmethod
+    def get_page(page_id):
+        return StatusPage.query.get(page_id)
+
+    @staticmethod
+    def get_page_by_slug(slug):
+        return StatusPage.query.filter_by(slug=slug).first()
+
+    @staticmethod
+    def create_page(data):
+        slug = data.get('slug', '').strip().lower()
+        if StatusPage.query.filter_by(slug=slug).first():
+            raise ValueError(f"Status page '{slug}' already exists")
+
+        page = StatusPage(
+            name=data['name'],
+            slug=slug,
+            description=data.get('description', ''),
+            logo_url=data.get('logo_url'),
+            primary_color=data.get('primary_color', '#4f46e5'),
+            custom_domain=data.get('custom_domain'),
+            is_public=data.get('is_public', True),
+            show_uptime=data.get('show_uptime', True),
+            show_history=data.get('show_history', True),
+        )
+        db.session.add(page)
+        db.session.commit()
+        return page
+
+    @staticmethod
+    def update_page(page_id, data):
+        page = StatusPage.query.get(page_id)
+        if not page:
+            return None
+        for field in ['name', 'description', 'logo_url', 'primary_color',
+                      'custom_domain', 'is_public', 'show_uptime', 'show_history']:
+            if field in data:
+                setattr(page, field, data[field])
+        db.session.commit()
+        return page
+
+    @staticmethod
+    def delete_page(page_id):
+        page = StatusPage.query.get(page_id)
+        if not page:
+            return False
+        db.session.delete(page)
+        db.session.commit()
+        return True
+
+    @staticmethod
+    def get_public_page(slug):
+        """Get public status page data (no auth required)."""
+        page = StatusPage.query.filter_by(slug=slug, is_public=True).first()
+        if not page:
+            return None
+
+        components = page.components.all()
+        grouped = {}
+        for comp in components:
+            group = comp.group or 'Services'
+            grouped.setdefault(group, []).append(comp.to_dict())
+
+        # Active incidents
+        active_incidents = page.incidents.filter(
+            StatusIncident.status != 'resolved'
+        ).limit(10).all()
+
+        # Recent resolved
+        resolved = page.incidents.filter_by(status='resolved').limit(5).all()
+
+        # Overall status
+        statuses = [c.status for c in components]
+        if any(s == 'major_outage' for s in statuses):
+            overall = 'major_outage'
+        elif any(s in ('partial_outage', 'degraded') for s in statuses):
+            overall = 'degraded'
+        elif any(s == 'maintenance' for s in statuses):
+            overall = 'maintenance'
+        else:
+            overall = 'operational'
+
+        return {
+            'page': page.to_dict(),
+            'overall_status': overall,
+            'groups': grouped,
+            'active_incidents': [i.to_dict() for i in active_incidents],
+            'recent_incidents': [i.to_dict() for i in resolved],
+        }
+
+    # --- Components ---
+
+    @staticmethod
+    def create_component(page_id, data):
+        page = StatusPage.query.get(page_id)
+        if not page:
+            raise ValueError('Status page not found')
+
+        comp = StatusComponent(
+            page_id=page_id,
+            name=data['name'],
+            description=data.get('description', ''),
+            group=data.get('group', 'Services'),
+            sort_order=data.get('sort_order', 0),
+            check_type=data.get('check_type', 'http'),
+            check_target=data.get('check_target', ''),
+            check_interval=data.get('check_interval', 60),
+            check_timeout=data.get('check_timeout', 10),
+        )
+        db.session.add(comp)
+        db.session.commit()
+        return comp
+
+    @staticmethod
+    def update_component(comp_id, data):
+        comp = StatusComponent.query.get(comp_id)
+        if not comp:
+            return None
+        for field in ['name', 'description', 'group', 'sort_order', 'check_type',
+                      'check_target', 'check_interval', 'check_timeout', 'status']:
+            if field in data:
+                setattr(comp, field, data[field])
+        db.session.commit()
+        return comp
+
+    @staticmethod
+    def delete_component(comp_id):
+        comp = StatusComponent.query.get(comp_id)
+        if not comp:
+            return False
+        db.session.delete(comp)
+        db.session.commit()
+        return True
+
+    # --- Health Checks ---
+
+    @staticmethod
+    def run_check(component_id):
+        """Run a health check for a component."""
+        comp = StatusComponent.query.get(component_id)
+        if not comp:
+            return None
+
+        check_result = StatusPageService._perform_check(comp)
+
+        hc = HealthCheck(
+            component_id=component_id,
+            status=check_result['status'],
+            response_time=check_result.get('response_time'),
+            status_code=check_result.get('status_code'),
+            error=check_result.get('error'),
+        )
+        db.session.add(hc)
+
+        # Update component
+        comp.last_check_at = datetime.utcnow()
+        comp.last_response_time = check_result.get('response_time')
+        if check_result['status'] == 'up':
+            comp.status = StatusComponent.STATUS_OPERATIONAL
+        elif check_result['status'] == 'degraded':
+            comp.status = StatusComponent.STATUS_DEGRADED
+        else:
+            comp.status = StatusComponent.STATUS_MAJOR
+
+        db.session.commit()
+        return hc
+
+    @staticmethod
+    def _perform_check(comp):
+        """Execute the actual health check."""
+        start = time.time()
+        result = {'status': 'down', 'response_time': None, 'error': None}
+
+        try:
+            if comp.check_type == 'http':
+                import requests
+                resp = requests.get(comp.check_target, timeout=comp.check_timeout, verify=True)
+                result['response_time'] = int((time.time() - start) * 1000)
+                result['status_code'] = resp.status_code
+                if resp.status_code < 400:
+                    result['status'] = 'up'
+                elif resp.status_code < 500:
+                    result['status'] = 'degraded'
+                else:
+                    result['status'] = 'down'
+
+            elif comp.check_type == 'tcp':
+                host, port = comp.check_target.rsplit(':', 1)
+                sock = socket.create_connection((host, int(port)), timeout=comp.check_timeout)
+                result['response_time'] = int((time.time() - start) * 1000)
+                result['status'] = 'up'
+                sock.close()
+
+            elif comp.check_type == 'ping':
+                from app.utils.system import run_command
+                res = run_command(['ping', '-c', '1', '-W', str(comp.check_timeout), comp.check_target])
+                result['response_time'] = int((time.time() - start) * 1000)
+                result['status'] = 'up'
+
+            elif comp.check_type == 'dns':
+                socket.getaddrinfo(comp.check_target, None)
+                result['response_time'] = int((time.time() - start) * 1000)
+                result['status'] = 'up'
+
+        except Exception as e:
+            result['response_time'] = int((time.time() - start) * 1000)
+            result['error'] = str(e)
+
+        return result
+
+    @staticmethod
+    def get_check_history(component_id, hours=24):
+        since = datetime.utcnow() - timedelta(hours=hours)
+        return HealthCheck.query.filter(
+            HealthCheck.component_id == component_id,
+            HealthCheck.checked_at >= since
+        ).order_by(HealthCheck.checked_at.desc()).all()
+
+    # --- Incidents ---
+
+    @staticmethod
+    def create_incident(page_id, data):
+        incident = StatusIncident(
+            page_id=page_id,
+            title=data['title'],
+            status=data.get('status', 'investigating'),
+            impact=data.get('impact', 'minor'),
+            body=data.get('body', ''),
+            is_maintenance=data.get('is_maintenance', False),
+            scheduled_start=data.get('scheduled_start'),
+            scheduled_end=data.get('scheduled_end'),
+        )
+        db.session.add(incident)
+        db.session.commit()
+        return incident
+
+    @staticmethod
+    def update_incident(incident_id, data):
+        incident = StatusIncident.query.get(incident_id)
+        if not incident:
+            return None
+        for field in ['title', 'status', 'impact', 'body']:
+            if field in data:
+                setattr(incident, field, data[field])
+        if data.get('status') == 'resolved':
+            incident.resolved_at = datetime.utcnow()
+
+        # Add timeline update
+        if data.get('update_body'):
+            update = StatusIncidentUpdate(
+                incident_id=incident_id,
+                status=data.get('status', incident.status),
+                body=data['update_body'],
+            )
+            db.session.add(update)
+
+        db.session.commit()
+        return incident
+
+    @staticmethod
+    def delete_incident(incident_id):
+        incident = StatusIncident.query.get(incident_id)
+        if not incident:
+            return False
+        db.session.delete(incident)
+        db.session.commit()
+        return True
+
+    @staticmethod
+    def get_badge(slug):
+        """Generate status badge data."""
+        page = StatusPage.query.filter_by(slug=slug).first()
+        if not page:
+            return None
+
+        components = page.components.all()
+        statuses = [c.status for c in components]
+
+        if not statuses or all(s == 'operational' for s in statuses):
+            return {'label': 'status', 'message': 'operational', 'color': 'brightgreen'}
+        elif any(s == 'major_outage' for s in statuses):
+            return {'label': 'status', 'message': 'major outage', 'color': 'red'}
+        elif any(s in ('partial_outage', 'degraded') for s in statuses):
+            return {'label': 'status', 'message': 'degraded', 'color': 'yellow'}
+        else:
+            return {'label': 'status', 'message': 'maintenance', 'color': 'blue'}
diff --git a/backend/app/services/template_service.py b/backend/app/services/template_service.py
index 68ddef25..9a360633 100644
--- a/backend/app/services/template_service.py
+++ b/backend/app/services/template_service.py
@@ -808,8 +808,7 @@ def _run_script(cls, script: str, cwd: str, variables: Dict) -> Dict:
             env.update(variables)
 
             result = subprocess.run(
-                script,
-                shell=True,
+                ['bash', '-c', script],
                 cwd=cwd,
                 env=env,
                 capture_output=True,
diff --git a/backend/app/services/workflow_engine.py b/backend/app/services/workflow_engine.py
new file mode 100644
index 00000000..f5d75647
--- /dev/null
+++ b/backend/app/services/workflow_engine.py
@@ -0,0 +1,705 @@
+"""
+Advanced Workflow & Automation Engine
+
+Executes event-driven workflows with DAG-based execution, logic branching,
+variable interpolation, timeouts, retries, and script sandboxing.
+"""
+
+import json
+import logging
+import os
+import re
+import signal
+import subprocess
+import threading
+import traceback
+from collections import deque
+from datetime import datetime
+from typing import Dict, List, Any, Optional, Set, Tuple
+
+from app import db
+from app.models import Workflow, WorkflowExecution, WorkflowLog, User
+from app.services.workflow_service import WorkflowService
+from app.services.docker_service import DockerService
+from app.services.database_service import DatabaseService
+from app.services.notification_service import NotificationService
+
+logger = logging.getLogger(__name__)
+
+# Defaults for node execution
+DEFAULT_TIMEOUT = 300  # 5 minutes
+MAX_TIMEOUT = 3600  # 1 hour
+DEFAULT_RETRY_COUNT = 0
+MAX_RETRY_COUNT = 5
+DEFAULT_RETRY_DELAY = 5  # seconds
+MAX_OUTPUT_SIZE = 1024 * 512  # 512 KB
+
+
+class CycleDetectedError(Exception):
+    """Raised when a cycle is detected in the workflow graph."""
+    pass
+
+
+class NodeTimeoutError(Exception):
+    """Raised when a node exceeds its timeout."""
+    pass
+
+
+class WorkflowEngine:
+    """Engine for executing advanced workflows with DAG support."""
+
+    # ------------------------------------------------------------------
+    # Public API
+    # ------------------------------------------------------------------
+
+    @staticmethod
+    def validate_graph(nodes: List[Dict], edges: List[Dict]) -> Optional[str]:
+        """
+        Validate a workflow graph for cycles.
+
+        Returns None if valid, or an error message string if a cycle is found.
+        """
+        adj: Dict[str, List[str]] = {}
+        node_ids = {n['id'] for n in nodes}
+
+        for edge in edges:
+            src = edge['source']
+            if src not in adj:
+                adj[src] = []
+            adj[src].append(edge['target'])
+
+        # Kahn's algorithm for cycle detection
+        in_degree = {nid: 0 for nid in node_ids}
+        for src, targets in adj.items():
+            for t in targets:
+                if t in in_degree:
+                    in_degree[t] += 1
+
+        queue = deque(nid for nid, deg in in_degree.items() if deg == 0)
+        visited_count = 0
+
+        while queue:
+            nid = queue.popleft()
+            visited_count += 1
+            for neighbor in adj.get(nid, []):
+                if neighbor in in_degree:
+                    in_degree[neighbor] -= 1
+                    if in_degree[neighbor] == 0:
+                        queue.append(neighbor)
+
+        if visited_count < len(node_ids):
+            # Find nodes involved in the cycle for a helpful message
+            cycle_nodes = [nid for nid, deg in in_degree.items() if deg > 0]
+            node_labels = {}
+            for n in nodes:
+                node_labels[n['id']] = n.get('data', {}).get('label', n['id'])
+            cycle_labels = [node_labels.get(nid, nid) for nid in cycle_nodes[:5]]
+            return f"Cycle detected involving: {', '.join(cycle_labels)}"
+
+        return None
+
+    @staticmethod
+    def execute_workflow(workflow_id: int, trigger_type: str = 'manual',
+                         context: Dict[str, Any] = None) -> int:
+        """
+        Execute a workflow by ID.
+
+        Returns the ID of the created WorkflowExecution.
+        """
+        workflow = Workflow.query.get(workflow_id)
+        if not workflow:
+            raise ValueError(f"Workflow {workflow_id} not found")
+
+        nodes = json.loads(workflow.nodes) if workflow.nodes else []
+        edges = json.loads(workflow.edges) if workflow.edges else []
+
+        # Validate graph before executing
+        cycle_err = WorkflowEngine.validate_graph(nodes, edges)
+        if cycle_err:
+            raise CycleDetectedError(cycle_err)
+
+        execution = WorkflowExecution(
+            workflow_id=workflow_id,
+            trigger_type=trigger_type,
+            status='running',
+            context=json.dumps(context or {}),
+            started_at=datetime.utcnow()
+        )
+        db.session.add(execution)
+        db.session.commit()
+
+        workflow.last_run_at = execution.started_at
+        db.session.commit()
+
+        try:
+            WorkflowEngine._run_execution(execution.id, nodes, edges)
+        except Exception as e:
+            WorkflowEngine._log(execution.id, f"Engine Error: {str(e)}", level='ERROR')
+            execution.status = 'failed'
+            execution.completed_at = datetime.utcnow()
+            workflow.last_status = 'failed'
+            db.session.commit()
+
+        return execution.id
+
+    # ------------------------------------------------------------------
+    # DAG Execution
+    # ------------------------------------------------------------------
+
+    @staticmethod
+    def _run_execution(execution_id: int, nodes: List[Dict], edges: List[Dict]):
+        """Run the workflow using topological DAG execution with branch support."""
+        execution = WorkflowExecution.query.get(execution_id)
+        workflow = execution.workflow
+
+        WorkflowEngine._log(execution_id, f"Starting workflow: {workflow.name}")
+
+        if not nodes:
+            WorkflowEngine._log(execution_id, "Workflow has no nodes", level='WARNING')
+            execution.status = 'success'
+            execution.completed_at = datetime.utcnow()
+            db.session.commit()
+            return
+
+        # Build graph structures
+        node_map = {n['id']: n for n in nodes}
+        adj: Dict[str, List[Tuple[str, str]]] = {}  # source -> [(target, sourceHandle)]
+        in_degree: Dict[str, int] = {n['id']: 0 for n in nodes}
+
+        for edge in edges:
+            src = edge['source']
+            tgt = edge['target']
+            src_handle = edge.get('sourceHandle', 'output')
+            if src not in adj:
+                adj[src] = []
+            adj[src].append((tgt, src_handle))
+            if tgt in in_degree:
+                in_degree[tgt] += 1
+
+        # Start with root nodes (no incoming edges)
+        ready = deque(nid for nid, deg in in_degree.items() if deg == 0)
+        if not ready:
+            ready.append(nodes[0]['id'])
+
+        context = json.loads(execution.context) if execution.context else {}
+        results: Dict[str, Dict] = {}
+        processed: Set[str] = set()
+        # Track which branches are active (for logic_if gating)
+        # Maps node_id -> set of sourceHandles that were activated
+        active_branches: Dict[str, Set[str]] = {}
+        failed = False
+
+        while ready and not failed:
+            node_id = ready.popleft()
+
+            if node_id in processed:
+                continue
+
+            node = node_map.get(node_id)
+            if not node:
+                continue
+
+            # Check if this node is gated by a logic_if branch
+            if not WorkflowEngine._is_node_reachable(node_id, edges, active_branches, processed):
+                processed.add(node_id)
+                # Still decrement successors so they can become ready
+                for tgt, _ in adj.get(node_id, []):
+                    if tgt in in_degree:
+                        in_degree[tgt] -= 1
+                        if in_degree[tgt] == 0:
+                            ready.append(tgt)
+                continue
+
+            node_label = node.get('data', {}).get('label', node_id)
+            WorkflowEngine._log(execution_id, f"Executing node: {node_label} ({node['type']})", node_id=node_id)
+
+            try:
+                node_result = WorkflowEngine._execute_node_with_retry(
+                    node, edges, execution, context, results
+                )
+                results[node_id] = node_result
+
+                if not node_result.get('success', True):
+                    WorkflowEngine._log(
+                        execution_id,
+                        f"Node failed: {node_result.get('error', 'unknown')}",
+                        level='ERROR', node_id=node_id
+                    )
+                    if node_result.get('critical', True):
+                        failed = True
+                        break
+
+                # For logic_if nodes, record which branch was taken
+                if node['type'] == 'logic_if':
+                    branch = node_result.get('branch', 'true')
+                    if node_id not in active_branches:
+                        active_branches[node_id] = set()
+                    active_branches[node_id].add(branch)
+
+                # Enqueue successor nodes whose in-degree reaches 0
+                for tgt, src_handle in adj.get(node_id, []):
+                    if tgt in in_degree:
+                        in_degree[tgt] -= 1
+                        if in_degree[tgt] == 0:
+                            ready.append(tgt)
+
+            except Exception as e:
+                WorkflowEngine._log(execution_id, f"Node Execution Error: {str(e)}", level='ERROR', node_id=node_id)
+                WorkflowEngine._log(execution_id, traceback.format_exc(), level='DEBUG', node_id=node_id)
+                failed = True
+                break
+
+            processed.add(node_id)
+
+        execution.status = 'failed' if failed else 'success'
+        execution.results = json.dumps(results)
+        execution.completed_at = datetime.utcnow()
+        workflow.last_status = execution.status
+        db.session.commit()
+
+        WorkflowEngine._log(execution_id, f"Workflow finished with status: {execution.status}")
+
+    @staticmethod
+    def _is_node_reachable(node_id: str, edges: List[Dict],
+                           active_branches: Dict[str, Set[str]],
+                           processed: Set[str]) -> bool:
+        """
+        Check if a node should execute based on logic_if branching.
+
+        A node is unreachable if ALL its incoming edges from logic_if nodes
+        come through inactive branches.
+        """
+        incoming_from_logic = []
+
+        for edge in edges:
+            if edge['target'] != node_id:
+                continue
+            src = edge['source']
+            src_handle = edge.get('sourceHandle', 'output')
+
+            # Only gate on logic_if nodes that have already been processed
+            if src in active_branches:
+                incoming_from_logic.append((src, src_handle))
+
+        if not incoming_from_logic:
+            return True  # No logic_if gating, always reachable
+
+        # Reachable if at least one logic_if branch leading here is active
+        for src, src_handle in incoming_from_logic:
+            if src_handle in active_branches[src]:
+                return True
+
+        return False
+
+    # ------------------------------------------------------------------
+    # Node Execution with Retry
+    # ------------------------------------------------------------------
+
+    @staticmethod
+    def _execute_node_with_retry(node: Dict, edges: List, execution: WorkflowExecution,
+                                  context: Dict, results: Dict) -> Dict:
+        """Execute a node with retry support."""
+        node_data = node.get('data', {})
+        retry_count = min(int(node_data.get('retryCount', DEFAULT_RETRY_COUNT)), MAX_RETRY_COUNT)
+        retry_delay = max(1, int(node_data.get('retryDelay', DEFAULT_RETRY_DELAY)))
+
+        last_result = None
+        for attempt in range(retry_count + 1):
+            if attempt > 0:
+                WorkflowEngine._log(
+                    execution.id,
+                    f"Retry {attempt}/{retry_count} after {retry_delay}s",
+                    node_id=node['id']
+                )
+                import time
+                time.sleep(retry_delay)
+
+            last_result = WorkflowEngine._execute_node(node, edges, execution, context, results)
+
+            if last_result.get('success', True):
+                return last_result
+
+        return last_result
+
+    # ------------------------------------------------------------------
+    # Node Execution
+    # ------------------------------------------------------------------
+
+    @staticmethod
+    def _execute_node(node: Dict, edges: List, execution: WorkflowExecution,
+                      context: Dict, results: Dict) -> Dict:
+        """Execute a single node and return its results."""
+        node_type = node.get('type')
+        node_data = node.get('data', {})
+
+        if node_type == 'trigger':
+            return {'success': True, 'output': context}
+
+        elif node_type in ('database', 'dockerApp', 'service', 'domain'):
+            res = WorkflowService.deploy_node(node, edges, execution.workflow.user_id, results)
+            return res
+
+        elif node_type == 'notification':
+            return WorkflowEngine._execute_notification(node, execution, context, results)
+
+        elif node_type == 'script':
+            return WorkflowEngine._execute_script(node, execution, context, results)
+
+        elif node_type == 'logic_if':
+            return WorkflowEngine._execute_logic_if(node, context, results)
+
+        return {'success': True, 'message': f"Node type {node_type} passed through"}
+
+    # ------------------------------------------------------------------
+    # Logic If Evaluation
+    # ------------------------------------------------------------------
+
+    @staticmethod
+    def _execute_logic_if(node: Dict, context: Dict, results: Dict) -> Dict:
+        """
+        Evaluate a logic_if condition.
+
+        The condition is a Python expression that has access to:
+        - results: dict of {node_id: node_result}
+        - context: the workflow execution context
+        """
+        node_data = node.get('data', {})
+        condition = node_data.get('condition', '').strip()
+
+        if not condition:
+            return {'success': True, 'branch': 'true'}
+
+        # Build a safe evaluation namespace
+        eval_globals = {"__builtins__": {}}
+        eval_locals = {
+            'results': results,
+            'context': context,
+            # Expose common helpers
+            'len': len,
+            'str': str,
+            'int': int,
+            'float': float,
+            'bool': bool,
+            'abs': abs,
+            'min': min,
+            'max': max,
+            'any': any,
+            'all': all,
+            'isinstance': isinstance,
+        }
+
+        try:
+            result = eval(condition, eval_globals, eval_locals)
+            branch = 'true' if result else 'false'
+            return {
+                'success': True,
+                'branch': branch,
+                'condition': condition,
+                'evaluated': bool(result)
+            }
+        except Exception as e:
+            return {
+                'success': False,
+                'error': f"Condition evaluation failed: {str(e)}",
+                'condition': condition,
+                'branch': 'false',
+                'critical': False  # Don't kill the whole workflow for a bad condition
+            }
+
+    # ------------------------------------------------------------------
+    # Variable Interpolation
+    # ------------------------------------------------------------------
+
+    @staticmethod
+    def _interpolate(text: str, context: Dict, results: Dict,
+                     execution: Optional[WorkflowExecution] = None) -> str:
+        """
+        Replace variable placeholders in text.
+
+        Supported syntax:
+        - ${node_id.field}     — access a specific field from a node's result
+        - ${node_id.output}    — shorthand for the output field
+        - {{workflow_name}}    — built-in workflow variables
+        - {{execution_id}}     — current execution ID
+        - {{started_at}}       — execution start time
+        - {{context.field}}    — access context fields
+        """
+        if not text or not isinstance(text, str):
+            return text
+
+        # Replace ${node_id.field} patterns
+        def replace_node_var(match):
+            node_id = match.group(1)
+            field = match.group(2)
+            node_result = results.get(node_id, {})
+            if field == 'output' and 'output' not in node_result:
+                # Try stdout as fallback for script nodes
+                return str(node_result.get('stdout', ''))
+            return str(node_result.get(field, ''))
+
+        text = re.sub(r'\$\{([^.}]+)\.([^}]+)\}', replace_node_var, text)
+
+        # Replace {{builtin}} patterns
+        builtins = {
+            'workflow_name': execution.workflow.name if execution else '',
+            'execution_id': str(execution.id) if execution else '',
+            'started_at': execution.started_at.isoformat() if execution and execution.started_at else '',
+            'trigger_type': execution.trigger_type if execution else '',
+        }
+
+        # Add context.* variables
+        for key, value in context.items():
+            builtins[f'context.{key}'] = str(value)
+
+        for key, value in builtins.items():
+            text = text.replace('{{' + key + '}}', value)
+
+        # Replace {{node_id.field}} as alternative syntax
+        def replace_node_var_braces(match):
+            node_id = match.group(1)
+            field = match.group(2)
+            node_result = results.get(node_id, {})
+            return str(node_result.get(field, ''))
+
+        text = re.sub(r'\{\{([^.}]+)\.([^}]+)\}\}', replace_node_var_braces, text)
+
+        return text
+
+    # ------------------------------------------------------------------
+    # Notification Node
+    # ------------------------------------------------------------------
+
+    @staticmethod
+    def _execute_notification(node: Dict, execution: WorkflowExecution,
+                              context: Dict, results: Dict) -> Dict:
+        """Execute a notification node with variable interpolation."""
+        node_data = node.get('data', {})
+        channel = node_data.get('channel', 'system')
+        message = node_data.get('message', 'Workflow notification')
+
+        # Interpolate variables in the message
+        message = WorkflowEngine._interpolate(message, context, results, execution)
+
+        title = f"Workflow: {execution.workflow.name}"
+
+        # Build alert in the format NotificationService expects
+        alerts = [{
+            'type': 'workflow',
+            'severity': 'info',
+            'message': message,
+            'value': '',
+            'threshold': ''
+        }]
+
+        try:
+            if channel == 'system' or channel == 'all':
+                result = NotificationService.send_all(alerts)
+            elif channel == 'discord':
+                config = NotificationService.get_config().get('discord', {})
+                result = NotificationService.send_discord(alerts, config)
+            elif channel == 'slack':
+                config = NotificationService.get_config().get('slack', {})
+                result = NotificationService.send_slack(alerts, config)
+            elif channel == 'email':
+                config = NotificationService.get_config().get('email', {})
+                result = NotificationService.send_email(alerts, config)
+            elif channel == 'telegram':
+                config = NotificationService.get_config().get('telegram', {})
+                result = NotificationService.send_telegram(alerts, config)
+            else:
+                result = NotificationService.send_all(alerts)
+
+            return {'success': result.get('success', True), 'channel': channel}
+        except Exception as e:
+            return {'success': False, 'error': str(e), 'critical': False}
+
+    # ------------------------------------------------------------------
+    # Script Node (Sandboxed)
+    # ------------------------------------------------------------------
+
+    @staticmethod
+    def _execute_script(node: Dict, execution: WorkflowExecution,
+                        context: Dict, results: Dict) -> Dict:
+        """Execute a script node with timeout, output limits, and variable interpolation."""
+        node_data = node.get('data', {})
+        script_type = node_data.get('language', 'bash')
+        content = node_data.get('content', '')
+        timeout = min(int(node_data.get('timeout', DEFAULT_TIMEOUT)), MAX_TIMEOUT)
+
+        if not content.strip():
+            return {'success': True, 'stdout': '', 'stderr': '', 'returncode': 0}
+
+        # Interpolate variables in script content
+        content = WorkflowEngine._interpolate(content, context, results, execution)
+
+        # Build environment with node results available as env vars
+        env = os.environ.copy()
+        env['WORKFLOW_ID'] = str(execution.workflow_id)
+        env['EXECUTION_ID'] = str(execution.id)
+        env['TRIGGER_TYPE'] = execution.trigger_type or 'manual'
+
+        for nid, nresult in results.items():
+            safe_id = re.sub(r'[^a-zA-Z0-9_]', '_', nid).upper()
+            if isinstance(nresult, dict):
+                stdout = nresult.get('stdout', nresult.get('output', ''))
+                if isinstance(stdout, str):
+                    env[f'NODE_{safe_id}_OUTPUT'] = stdout[:4096]
+                rc = nresult.get('returncode')
+                if rc is not None:
+                    env[f'NODE_{safe_id}_RC'] = str(rc)
+
+        try:
+            if script_type == 'bash':
+                cmd = ['bash', '-c', content]
+            elif script_type == 'python':
+                cmd = ['python3', '-c', content]
+            else:
+                return {'success': False, 'error': f"Unsupported script language: {script_type}"}
+
+            proc = subprocess.run(
+                cmd,
+                capture_output=True,
+                text=True,
+                timeout=timeout,
+                env=env,
+                cwd='/tmp' if os.name != 'nt' else None
+            )
+
+            stdout = proc.stdout[:MAX_OUTPUT_SIZE] if proc.stdout else ''
+            stderr = proc.stderr[:MAX_OUTPUT_SIZE] if proc.stderr else ''
+
+            return {
+                'success': proc.returncode == 0,
+                'stdout': stdout,
+                'stderr': stderr,
+                'returncode': proc.returncode
+            }
+
+        except subprocess.TimeoutExpired:
+            return {
+                'success': False,
+                'error': f"Script timed out after {timeout}s",
+                'stdout': '',
+                'stderr': '',
+                'returncode': -1
+            }
+        except FileNotFoundError:
+            fallback = 'python' if script_type == 'python' else script_type
+            try:
+                proc = subprocess.run(
+                    [fallback, '-c', content] if script_type == 'python' else content,
+                    capture_output=True, text=True, timeout=timeout,
+                    env=env, shell=(script_type == 'bash'),
+                    cwd='/tmp' if os.name != 'nt' else None
+                )
+                stdout = proc.stdout[:MAX_OUTPUT_SIZE] if proc.stdout else ''
+                stderr = proc.stderr[:MAX_OUTPUT_SIZE] if proc.stderr else ''
+                return {
+                    'success': proc.returncode == 0,
+                    'stdout': stdout, 'stderr': stderr,
+                    'returncode': proc.returncode
+                }
+            except Exception as e:
+                return {'success': False, 'error': str(e)}
+        except Exception as e:
+            return {'success': False, 'error': str(e)}
+
+    # ------------------------------------------------------------------
+    # Logging
+    # ------------------------------------------------------------------
+
+    @staticmethod
+    def _log(execution_id: int, message: str, level: str = 'INFO', node_id: str = None):
+        """Add a log entry for an execution."""
+        log_entry = WorkflowLog(
+            execution_id=execution_id,
+            level=level,
+            message=message,
+            node_id=node_id
+        )
+        db.session.add(log_entry)
+        db.session.commit()
+        logger.info(f"[{level}] Workflow {execution_id}: {message}")
+
+    # Keep backward-compatible alias
+    log = _log
+
+
+# ------------------------------------------------------------------
+# Event Bus for workflow triggers
+# ------------------------------------------------------------------
+
+class WorkflowEventBus:
+    """
+    Simple in-process event bus for triggering workflows on system events.
+
+    Events are emitted by services (monitoring, health checks, git deploy)
+    and matched against workflows with trigger_type='event'.
+    """
+
+    _listeners_lock = threading.Lock()
+
+    @staticmethod
+    def emit(event_type: str, data: Dict[str, Any] = None):
+        """
+        Emit an event that may trigger workflows.
+
+        Args:
+            event_type: One of health_check_failed, high_cpu, high_memory,
+                        git_push, app_stopped, or any custom string.
+            data: Event payload passed as workflow context.
+        """
+        from flask import current_app
+        try:
+            app = current_app._get_current_object()
+        except RuntimeError:
+            logger.warning(f"WorkflowEventBus.emit called outside app context for {event_type}")
+            return
+
+        threading.Thread(
+            target=WorkflowEventBus._process_event,
+            args=(app, event_type, data or {}),
+            daemon=True,
+            name=f'wf-event-{event_type}'
+        ).start()
+
+    @staticmethod
+    def _process_event(app, event_type: str, data: Dict):
+        """Find and execute workflows subscribed to this event type."""
+        with app.app_context():
+            try:
+                workflows = Workflow.query.filter_by(
+                    is_active=True,
+                    trigger_type='event'
+                ).all()
+
+                for workflow in workflows:
+                    try:
+                        config = json.loads(workflow.trigger_config) if workflow.trigger_config else {}
+                        subscribed_event = config.get('eventType', '')
+
+                        if subscribed_event != event_type:
+                            continue
+
+                        # Cooldown: don't re-trigger within 60 seconds
+                        if workflow.last_run_at:
+                            elapsed = (datetime.utcnow() - workflow.last_run_at).total_seconds()
+                            if elapsed < 60:
+                                continue
+
+                        logger.info(f"Event '{event_type}' triggering workflow: {workflow.name}")
+                        context = {
+                            'event_type': event_type,
+                            'event_data': data,
+                            'triggered_at': datetime.utcnow().isoformat()
+                        }
+                        WorkflowEngine.execute_workflow(
+                            workflow_id=workflow.id,
+                            trigger_type='event',
+                            context=context
+                        )
+                    except Exception as e:
+                        logger.error(f"Event trigger failed for workflow {workflow.id}: {e}")
+
+            except Exception as e:
+                logger.error(f"WorkflowEventBus._process_event error: {e}")
diff --git a/backend/app/services/workspace_service.py b/backend/app/services/workspace_service.py
new file mode 100644
index 00000000..3be852c1
--- /dev/null
+++ b/backend/app/services/workspace_service.py
@@ -0,0 +1,227 @@
+import hashlib
+import logging
+import secrets
+import re
+from datetime import datetime
+from app import db
+from app.models.workspace import Workspace, WorkspaceMember, WorkspaceApiKey
+from app.models.user import User
+
+logger = logging.getLogger(__name__)
+
+
+class WorkspaceService:
+    """Service for multi-tenancy workspace management."""
+
+    @staticmethod
+    def _slugify(name):
+        slug = re.sub(r'[^a-z0-9]+', '-', name.lower()).strip('-')
+        return slug or 'workspace'
+
+    @staticmethod
+    def list_workspaces(user_id=None, include_archived=False):
+        query = Workspace.query
+        if not include_archived:
+            query = query.filter_by(status=Workspace.STATUS_ACTIVE)
+        if user_id:
+            member_ws_ids = db.session.query(WorkspaceMember.workspace_id).filter_by(user_id=user_id)
+            query = query.filter(Workspace.id.in_(member_ws_ids))
+        return query.order_by(Workspace.name).all()
+
+    @staticmethod
+    def get_workspace(workspace_id):
+        return Workspace.query.get(workspace_id)
+
+    @staticmethod
+    def get_workspace_by_slug(slug):
+        return Workspace.query.filter_by(slug=slug).first()
+
+    @staticmethod
+    def create_workspace(data, user_id):
+        name = data.get('name', '').strip()
+        if not name:
+            raise ValueError('Workspace name required')
+
+        slug = WorkspaceService._slugify(name)
+        # Ensure unique slug
+        base_slug = slug
+        counter = 1
+        while Workspace.query.filter_by(slug=slug).first():
+            slug = f'{base_slug}-{counter}'
+            counter += 1
+
+        workspace = Workspace(
+            name=name,
+            slug=slug,
+            description=data.get('description', ''),
+            logo_url=data.get('logo_url'),
+            primary_color=data.get('primary_color'),
+            max_servers=data.get('max_servers', 0),
+            max_users=data.get('max_users', 0),
+            max_api_calls=data.get('max_api_calls', 0),
+            created_by=user_id,
+        )
+        if 'settings' in data:
+            workspace.settings = data['settings']
+
+        db.session.add(workspace)
+        db.session.flush()
+
+        # Creator becomes owner
+        member = WorkspaceMember(
+            workspace_id=workspace.id,
+            user_id=user_id,
+            role=WorkspaceMember.ROLE_OWNER,
+        )
+        db.session.add(member)
+        db.session.commit()
+        return workspace
+
+    @staticmethod
+    def update_workspace(workspace_id, data):
+        ws = Workspace.query.get(workspace_id)
+        if not ws:
+            return None
+        for field in ['name', 'description', 'logo_url', 'primary_color',
+                      'max_servers', 'max_users', 'max_api_calls', 'billing_notes']:
+            if field in data:
+                setattr(ws, field, data[field])
+        if 'settings' in data:
+            ws.settings = data['settings']
+        db.session.commit()
+        return ws
+
+    @staticmethod
+    def archive_workspace(workspace_id):
+        ws = Workspace.query.get(workspace_id)
+        if not ws:
+            return None
+        ws.status = Workspace.STATUS_ARCHIVED
+        db.session.commit()
+        return ws
+
+    @staticmethod
+    def restore_workspace(workspace_id):
+        ws = Workspace.query.get(workspace_id)
+        if not ws:
+            return None
+        ws.status = Workspace.STATUS_ACTIVE
+        db.session.commit()
+        return ws
+
+    @staticmethod
+    def delete_workspace(workspace_id):
+        ws = Workspace.query.get(workspace_id)
+        if not ws:
+            return False
+        WorkspaceApiKey.query.filter_by(workspace_id=workspace_id).delete()
+        WorkspaceMember.query.filter_by(workspace_id=workspace_id).delete()
+        db.session.delete(ws)
+        db.session.commit()
+        return True
+
+    # --- Members ---
+
+    @staticmethod
+    def get_members(workspace_id):
+        return WorkspaceMember.query.filter_by(workspace_id=workspace_id).all()
+
+    @staticmethod
+    def add_member(workspace_id, user_id, role='member'):
+        ws = Workspace.query.get(workspace_id)
+        if not ws:
+            raise ValueError('Workspace not found')
+
+        # Quota check
+        if ws.max_users > 0 and ws.members.count() >= ws.max_users:
+            raise ValueError('Workspace user limit reached')
+
+        existing = WorkspaceMember.query.filter_by(
+            workspace_id=workspace_id, user_id=user_id
+        ).first()
+        if existing:
+            raise ValueError('User already a member')
+
+        member = WorkspaceMember(
+            workspace_id=workspace_id,
+            user_id=user_id,
+            role=role,
+        )
+        db.session.add(member)
+        db.session.commit()
+        return member
+
+    @staticmethod
+    def update_member_role(member_id, role):
+        member = WorkspaceMember.query.get(member_id)
+        if not member:
+            return None
+        member.role = role
+        db.session.commit()
+        return member
+
+    @staticmethod
+    def remove_member(member_id):
+        member = WorkspaceMember.query.get(member_id)
+        if not member:
+            return False
+        if member.role == WorkspaceMember.ROLE_OWNER:
+            # Ensure at least one owner remains
+            owner_count = WorkspaceMember.query.filter_by(
+                workspace_id=member.workspace_id, role=WorkspaceMember.ROLE_OWNER
+            ).count()
+            if owner_count <= 1:
+                raise ValueError('Cannot remove the last owner')
+        db.session.delete(member)
+        db.session.commit()
+        return True
+
+    @staticmethod
+    def get_user_role(workspace_id, user_id):
+        member = WorkspaceMember.query.filter_by(
+            workspace_id=workspace_id, user_id=user_id
+        ).first()
+        return member.role if member else None
+
+    # --- API Keys ---
+
+    @staticmethod
+    def create_api_key(workspace_id, name, scopes=None, user_id=None):
+        raw_key = f'wsk_{secrets.token_urlsafe(32)}'
+        key_hash = hashlib.sha256(raw_key.encode()).hexdigest()
+
+        api_key = WorkspaceApiKey(
+            workspace_id=workspace_id,
+            name=name,
+            key_hash=key_hash,
+            key_prefix=raw_key[:12],
+            created_by=user_id,
+        )
+        if scopes:
+            api_key.scopes = scopes
+        db.session.add(api_key)
+        db.session.commit()
+        return api_key, raw_key
+
+    @staticmethod
+    def list_api_keys(workspace_id):
+        return WorkspaceApiKey.query.filter_by(workspace_id=workspace_id).all()
+
+    @staticmethod
+    def revoke_api_key(key_id):
+        key = WorkspaceApiKey.query.get(key_id)
+        if not key:
+            return False
+        key.is_active = False
+        db.session.commit()
+        return True
+
+    @staticmethod
+    def get_all_workspaces_admin():
+        """Super-admin: see all workspaces with usage info."""
+        workspaces = Workspace.query.order_by(Workspace.name).all()
+        return [{
+            **ws.to_dict(),
+            'member_count': ws.members.count(),
+            'api_key_count': ws.api_keys.filter_by(is_active=True).count(),
+        } for ws in workspaces]
diff --git a/backend/app/utils/crypto.py b/backend/app/utils/crypto.py
index 1924758f..3544c7a7 100644
--- a/backend/app/utils/crypto.py
+++ b/backend/app/utils/crypto.py
@@ -6,10 +6,14 @@
 
 import os
 import base64
+import warnings
+import logging
 from cryptography.fernet import Fernet, InvalidToken
 from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
 
+logger = logging.getLogger(__name__)
+
 
 def get_encryption_key() -> bytes:
     """
@@ -26,6 +30,10 @@ def get_encryption_key() -> bytes:
     """
     key = os.environ.get('SERVERKIT_ENCRYPTION_KEY')
     if not key:
+        if os.environ.get('FLASK_ENV') == 'production':
+            raise ValueError('CRITICAL: SERVERKIT_ENCRYPTION_KEY must be set in production')
+        logger.warning('SECURITY WARNING: Using derived development encryption key. Set SERVERKIT_ENCRYPTION_KEY for production.')
+        warnings.warn('Using derived development encryption key - not suitable for production')
         # In development, use a default key (NOT for production!)
         # This allows the system to work without explicit configuration
         default_key = "DEV_ONLY_NOT_SECURE_CHANGE_IN_PRODUCTION_KEY"
diff --git a/backend/app/utils/system.py b/backend/app/utils/system.py
index 88047f3a..0c2cce60 100644
--- a/backend/app/utils/system.py
+++ b/backend/app/utils/system.py
@@ -66,6 +66,23 @@ def run_privileged(cmd: Union[List[str], str], *, user: Optional[str] = None, **
     return subprocess.run(cmd, **kwargs)
 
 
+def run_command(cmd: Union[List[str], str], *, timeout: int = 60,
+                capture_stderr: bool = False, **kwargs) -> dict:
+    """Run a shell command and return a dict with stdout/stderr/returncode.
+
+    This is a convenience wrapper used by services that need simple dict results
+    rather than a raw ``CompletedProcess`` object.
+    """
+    kwargs.setdefault('capture_output', True)
+    kwargs.setdefault('text', True)
+    result = subprocess.run(cmd, timeout=timeout, **kwargs)
+    return {
+        'stdout': result.stdout or '',
+        'stderr': result.stderr or '',
+        'returncode': result.returncode,
+    }
+
+
 def is_command_available(cmd: str) -> bool:
     """Check whether *cmd* is available on the system.
 
diff --git a/backend/cli.py b/backend/cli.py
index 13deb2e2..52fa31db 100644
--- a/backend/cli.py
+++ b/backend/cli.py
@@ -78,6 +78,10 @@ def create_admin(email, username, password):
         db.session.add(user)
         db.session.commit()
 
+        # Mark setup as complete so the UI doesn't show the setup wizard
+        from app.services.settings_service import SettingsService
+        SettingsService.complete_setup(user_id=user.id)
+
         click.echo(click.style(f'Admin user "{username}" created successfully!', fg='green'))
 
 
diff --git a/backend/config.py b/backend/config.py
index 4df2898c..cadd43da 100644
--- a/backend/config.py
+++ b/backend/config.py
@@ -1,5 +1,6 @@
 import os
 import sys
+import warnings
 from datetime import timedelta
 
 # Default insecure keys that must be changed in production
@@ -20,7 +21,7 @@ class Config:
 
     # JWT
     JWT_SECRET_KEY = os.environ.get('JWT_SECRET_KEY', 'jwt-secret-key-change-in-production')
-    JWT_ACCESS_TOKEN_EXPIRES = timedelta(hours=1)
+    JWT_ACCESS_TOKEN_EXPIRES = timedelta(minutes=15)
     JWT_REFRESH_TOKEN_EXPIRES = timedelta(days=30)
 
     # CORS - Allow both dev server and Flask server
@@ -30,6 +31,13 @@ class Config:
 class DevelopmentConfig(Config):
     DEBUG = True
 
+    @classmethod
+    def init_app(cls, app):
+        if app.config.get('SECRET_KEY') == 'dev-secret-key-change-in-production':
+            warnings.warn('WARNING: Using default SECRET_KEY. Change before deploying.')
+        if app.config.get('JWT_SECRET_KEY') == 'jwt-secret-key-change-in-production':
+            warnings.warn('WARNING: Using default JWT_SECRET_KEY. Change before deploying.')
+
 
 class TestingConfig(Config):
     """Config for pytest and other automated tests."""
@@ -43,6 +51,11 @@ class TestingConfig(Config):
 class ProductionConfig(Config):
     DEBUG = False
 
+    # Secure session cookies in production
+    SESSION_COOKIE_SECURE = True
+    SESSION_COOKIE_HTTPONLY = True
+    SESSION_COOKIE_SAMESITE = 'Lax'
+
     def __init__(self):
         # Validate that secret keys are not default values in production
         if self.SECRET_KEY in INSECURE_SECRET_KEYS:
@@ -55,6 +68,21 @@ def __init__(self):
             print("Generate a secure key with: python -c \"import secrets; print(secrets.token_hex(32))\"", file=sys.stderr)
             sys.exit(1)
 
+    @classmethod
+    def init_app(cls, app):
+        """Validate production configuration."""
+        insecure_keys = ['dev-secret-key-change-in-production', 'jwt-secret-key-change-in-production']
+        if app.config['SECRET_KEY'] in insecure_keys:
+            raise ValueError('CRITICAL: SECRET_KEY must be changed for production deployment')
+        if app.config['JWT_SECRET_KEY'] in insecure_keys:
+            raise ValueError('CRITICAL: JWT_SECRET_KEY must be changed for production deployment')
+        # Validate CORS origins
+        cors_raw = os.environ.get('CORS_ORIGINS', '')
+        cors_origins = [o.strip() for o in cors_raw.split(',') if o.strip()]
+        if not cors_origins:
+            raise ValueError('CORS_ORIGINS must be explicitly set in production')
+        app.config['CORS_ORIGINS'] = cors_origins
+
 
 config = {
     'development': DevelopmentConfig,
diff --git a/backend/migrations/versions/003_workflows_automation.py b/backend/migrations/versions/003_workflows_automation.py
new file mode 100644
index 00000000..6f59b3d9
--- /dev/null
+++ b/backend/migrations/versions/003_workflows_automation.py
@@ -0,0 +1,90 @@
+"""Add workflows and automation tables.
+
+Revision ID: 003_workflows_automation
+Revises: 002_permissions_invitations
+Create Date: 2026-03-23
+"""
+from alembic import op
+import sqlalchemy as sa
+from datetime import datetime
+
+revision = '003_workflows_automation'
+down_revision = '002_permissions_invitations'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    conn = op.get_bind()
+    inspector = sa.inspect(conn)
+    existing_tables = inspector.get_table_names()
+
+    # Create workflows table if missing (old version might have it but without automation fields)
+    if 'workflows' not in existing_tables:
+        op.create_table('workflows',
+            sa.Column('id', sa.Integer(), primary_key=True),
+            sa.Column('name', sa.String(100), nullable=False),
+            sa.Column('description', sa.Text(), nullable=True),
+            sa.Column('nodes', sa.Text(), nullable=True),
+            sa.Column('edges', sa.Text(), nullable=True),
+            sa.Column('viewport', sa.Text(), nullable=True),
+            sa.Column('is_active', sa.Boolean(), default=False),
+            sa.Column('trigger_type', sa.String(50), default='manual'),
+            sa.Column('trigger_config', sa.Text(), nullable=True),
+            sa.Column('last_run_at', sa.DateTime(), nullable=True),
+            sa.Column('last_status', sa.String(20), nullable=True),
+            sa.Column('created_at', sa.DateTime(), default=datetime.utcnow),
+            sa.Column('updated_at', sa.DateTime(), default=datetime.utcnow),
+            sa.Column('user_id', sa.Integer(), sa.ForeignKey('users.id'), nullable=False)
+        )
+    else:
+        # Add automation columns to existing workflows table if they don't exist
+        existing_cols = {c['name'] for c in inspector.get_columns('workflows')}
+        with op.batch_alter_table('workflows') as batch_op:
+            if 'is_active' not in existing_cols:
+                batch_op.add_column(sa.Column('is_active', sa.Boolean(), nullable=True, server_default='0'))
+            if 'trigger_type' not in existing_cols:
+                batch_op.add_column(sa.Column('trigger_type', sa.String(50), nullable=True, server_default='manual'))
+            if 'trigger_config' not in existing_cols:
+                batch_op.add_column(sa.Column('trigger_config', sa.Text(), nullable=True))
+            if 'last_run_at' not in existing_cols:
+                batch_op.add_column(sa.Column('last_run_at', sa.DateTime(), nullable=True))
+            if 'last_status' not in existing_cols:
+                batch_op.add_column(sa.Column('last_status', sa.String(20), nullable=True))
+
+    # Create workflow_executions table
+    if 'workflow_executions' not in existing_tables:
+        op.create_table('workflow_executions',
+            sa.Column('id', sa.Integer(), primary_key=True),
+            sa.Column('workflow_id', sa.Integer(), sa.ForeignKey('workflows.id'), nullable=False),
+            sa.Column('status', sa.String(20), default='running'),
+            sa.Column('trigger_type', sa.String(50), nullable=True),
+            sa.Column('context', sa.Text(), nullable=True),
+            sa.Column('results', sa.Text(), nullable=True),
+            sa.Column('started_at', sa.DateTime(), default=datetime.utcnow),
+            sa.Column('completed_at', sa.DateTime(), nullable=True)
+        )
+
+    # Create workflow_logs table
+    if 'workflow_logs' not in existing_tables:
+        op.create_table('workflow_logs',
+            sa.Column('id', sa.Integer(), primary_key=True),
+            sa.Column('execution_id', sa.Integer(), sa.ForeignKey('workflow_executions.id'), nullable=False),
+            sa.Column('level', sa.String(10), default='INFO'),
+            sa.Column('message', sa.Text(), nullable=False),
+            sa.Column('node_id', sa.String(100), nullable=True),
+            sa.Column('timestamp', sa.DateTime(), default=datetime.utcnow)
+        )
+
+
+def downgrade():
+    op.drop_table('workflow_logs')
+    op.drop_table('workflow_executions')
+    
+    # We don't drop 'workflows' as it existed before, but we can drop the new columns
+    with op.batch_alter_table('workflows') as batch_op:
+        batch_op.drop_column('last_status')
+        batch_op.drop_column('last_run_at')
+        batch_op.drop_column('trigger_config')
+        batch_op.drop_column('trigger_type')
+        batch_op.drop_column('is_active')
diff --git a/backend/requirements.txt b/backend/requirements.txt
index e15ea80f..61774898 100644
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -9,7 +9,7 @@ Flask-Migrate==4.0.7
 
 # Authentication
 Flask-JWT-Extended==4.6.0
-PyJWT==2.8.0
+PyJWT==2.12.1
 
 # CORS
 Flask-Cors==6.0.2
@@ -40,6 +40,7 @@ Flask-Limiter==3.5.0
 click==8.1.7
 
 schedule==1.2.2
+croniter==6.0.0
 passlib==1.7.4
 bcrypt==4.2.1
 
diff --git a/dev.sh b/dev.sh
index c157ffc6..8028c0cf 100644
--- a/dev.sh
+++ b/dev.sh
@@ -17,7 +17,7 @@ FRONTEND_DIR="$PROJECT_ROOT/frontend"
 CYAN='\033[0;36m'
 GREEN='\033[0;32m'
 RED='\033[0;31m'
-YELLOW='\033[0;33m'
+YELLOW='\033[1;33m'
 DIM='\033[2m'
 NC='\033[0m'
 
diff --git a/docs/ARCHITECTURE.md b/docs/ARCHITECTURE.md
index 9b2aad3a..eb52d3ff 100644
--- a/docs/ARCHITECTURE.md
+++ b/docs/ARCHITECTURE.md
@@ -11,6 +11,8 @@
 - [Template System](#template-system)
 - [Port Allocation](#port-allocation)
 - [Database Linking](#database-linking)
+- [Workflow Automation](#workflow-automation)
+- [Environment Pipeline](#environment-pipeline)
 - [File Paths](#file-paths)
 
 ---
@@ -97,27 +99,6 @@ User Request                    What Happens
 └─────────┘
 ```
 
-### Detailed Nginx → Container Flow
-
-```
-                    NGINX CONFIG                                    DOCKER
-              /etc/nginx/sites-enabled/                         CONTAINER
-             ─────────────────────────                     ─────────────────
-
-             server {
-                 listen 80;
-                 server_name my-blog.com;
-                                                           ┌─────────────────┐
-                 location / {                              │   WordPress     │
-                     proxy_pass ─────────────────────────► │                 │
-                        http://127.0.0.1:8001;             │  0.0.0.0:80     │
-                     proxy_set_header Host $host;          │       ▲         │
-                     proxy_set_header X-Real-IP ...;       │       │         │
-                 }                                         │   (mapped to    │
-             }                                             │    host:8001)   │
-                                                           └─────────────────┘
-```
-
 ---
 
 ## Template System
@@ -135,106 +116,6 @@ User Request                    What Happens
 │   └────┬────┘  └────┬────┘  └────┬────┘  └────┬────┘  └────┬────┘             │
 │        │            │            │            │            │                   │
 └────────┼────────────┼────────────┼────────────┼────────────┼───────────────────┘
-         │            │            │            │            │
-         │     User clicks "Deploy" in UI                    │
-         │            │                                      │
-         ▼            ▼                                      ▼
-┌─────────────────────────────────────────────────────────────────────────────────┐
-│                              SERVERKIT BACKEND                                   │
-│                                                                                  │
-│  TemplateService.install_template()                                             │
-│  ├── 1. Parse template YAML                                                     │
-│  ├── 2. Generate unique port (8000-60000)                                       │
-│  ├── 3. Substitute variables:                                                   │
-│  │       ${APP_NAME}    → "my-blog"                                             │
-│  │       ${HTTP_PORT}   → "8247"                                                │
-│  │       ${DB_PASSWORD} → "auto_generated"                                      │
-│  ├── 4. Create /var/serverkit/apps/my-blog/docker-compose.yml                   │
-│  ├── 5. Run: docker compose up -d --build                                       │
-│  └── 6. Store app record in database                                            │
-│                                                                                  │
-└─────────────────────────────────────────────────────────────────────────────────┘
-         │
-         ▼
-┌─────────────────────────────────────────────────────────────────────────────────┐
-│                              APP CREATED                                         │
-│                                                                                  │
-│   ┌─────────────────────────────────────────────────────────────────────────┐   │
-│   │  App Name:    my-blog                                                   │   │
-│   │  Type:        docker                                                    │   │
-│   │  Port:        8247 (auto-assigned)                                      │   │
-│   │  Status:      running                                                   │   │
-│   │  Container:   my-blog                                                   │   │
-│   │  Path:        /var/serverkit/apps/my-blog/                              │   │
-│   │                                                                         │   │
-│   │  Private URL: http://server-ip:8247  ◄── Works immediately!             │   │
-│   └─────────────────────────────────────────────────────────────────────────┘   │
-│                                                                                  │
-└─────────────────────────────────────────────────────────────────────────────────┘
-         │
-         │  User clicks "Connect Domain"
-         ▼
-┌─────────────────────────────────────────────────────────────────────────────────┐
-│                              DOMAIN CONNECTED                                    │
-│                                                                                  │
-│  DomainService.create_domain()                                                  │
-│  ├── 1. Validate domain DNS points to server                                    │
-│  ├── 2. Check container port is accessible                                      │
-│  ├── 3. Generate Nginx config:                                                  │
-│  │                                                                              │
-│  │      server {                                                                │
-│  │          listen 80;                                                          │
-│  │          server_name my-blog.com;                                            │
-│  │                                                                              │
-│  │          location / {                                                        │
-│  │              proxy_pass http://127.0.0.1:8247;  ◄── Container port           │
-│  │              proxy_set_header Host $host;                                    │
-│  │              proxy_set_header X-Real-IP $remote_addr;                        │
-│  │              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;    │
-│  │              proxy_set_header X-Forwarded-Proto $scheme;                     │
-│  │          }                                                                   │
-│  │      }                                                                       │
-│  │                                                                              │
-│  ├── 4. Write to /etc/nginx/sites-available/my-blog                             │
-│  ├── 5. Symlink to /etc/nginx/sites-enabled/my-blog                             │
-│  ├── 6. Test config: nginx -t                                                   │
-│  ├── 7. Reload: systemctl reload nginx                                          │
-│  └── 8. (Optional) Request SSL via Let's Encrypt                                │
-│                                                                                  │
-│   Public URL: https://my-blog.com  ◄── Now accessible worldwide!                │
-│                                                                                  │
-└─────────────────────────────────────────────────────────────────────────────────┘
-```
-
-### Template YAML Structure
-
-```yaml
-# Example: flask-hello-world.yaml
-
-id: flask-hello-world
-name: Flask - Hello World
-version: "1.0"
-description: Simple Flask debug app
-categories:
-  - development
-  - api
-
-variables:
-  - name: HTTP_PORT          # Variable name
-    type: port               # Auto-generates available port
-    default: "5000"          # Starting port to search from
-    hidden: true             # Don't show in UI
-
-compose:                     # Docker Compose configuration
-  services:
-    app:
-      image: python:3.12-slim
-      container_name: ${APP_NAME}
-      ports:
-        - "${HTTP_PORT}:5000"    # Host:Container port mapping
-      environment:
-        - APP_NAME=${APP_NAME}
-        - EXTERNAL_PORT=${HTTP_PORT}
 ```
 
 ---
@@ -243,144 +124,62 @@ compose:                     # Docker Compose configuration
 
 ### How ServerKit Finds Available Ports
 
+ServerKit automatically scans the database, Docker, and system sockets to find the first available port (starting from 8000) for new applications, ensuring no conflicts occur during deployment.
+
+---
+
+## Database Linking
+
+### How Apps Connect to Databases
+
+ServerKit automates the creation of databases and users, then injects the credentials as environment variables (`DB_HOST`, `DB_USER`, etc.) directly into the application container, allowing for seamless connectivity.
+
+---
+
+## Workflow Automation
+
+ServerKit includes a node-based visual workflow builder for automating server tasks.
+
 ```
 ┌─────────────────────────────────────────────────────────────────────────────────┐
-│                              PORT ALLOCATION                                     │
+│                              WORKFLOW BUILDER                                    │
 │                                                                                  │
-│  TemplateService._find_available_port(start=8000)                               │
-│                                                                                  │
-│  ┌─────────────────────────────────────────────────────────────────────────┐   │
-│  │  Step 1: Check Database                                                  │   │
-│  │  SELECT port FROM applications WHERE port IS NOT NULL                    │   │
-│  │  Result: [8001, 8002, 8005, 8010]                                        │   │
-│  └─────────────────────────────────────────────────────────────────────────┘   │
-│                            │                                                    │
-│                            ▼                                                    │
-│  ┌─────────────────────────────────────────────────────────────────────────┐   │
-│  │  Step 2: Check Docker                                                    │   │
-│  │  docker ps --format '{{.Ports}}'                                         │   │
-│  │  Parse: "0.0.0.0:8003->80/tcp" → 8003                                    │   │
-│  │  Result: [8003, 8004]                                                    │   │
-│  └─────────────────────────────────────────────────────────────────────────┘   │
-│                            │                                                    │
-│                            ▼                                                    │
-│  ┌─────────────────────────────────────────────────────────────────────────┐   │
-│  │  Step 3: Socket Bind Test                                                │   │
-│  │  Try: socket.bind(('127.0.0.1', port))                                   │   │
-│  │  If fails → port in use by system                                        │   │
-│  └─────────────────────────────────────────────────────────────────────────┘   │
-│                            │                                                    │
-│                            ▼                                                    │
-│  ┌─────────────────────────────────────────────────────────────────────────┐   │
-│  │  Step 4: Return First Available                                          │   │
-│  │                                                                          │   │
-│  │  Checking 8000... taken (DB)                                             │   │
-│  │  Checking 8001... taken (DB)                                             │   │
-│  │  Checking 8002... taken (DB)                                             │   │
-│  │  Checking 8003... taken (Docker)                                         │   │
-│  │  Checking 8004... taken (Docker)                                         │   │
-│  │  Checking 8005... taken (DB)                                             │   │
-│  │  Checking 8006... AVAILABLE ✓                                            │   │
-│  │                                                                          │   │
-│  │  Return: 8006                                                            │   │
-│  └─────────────────────────────────────────────────────────────────────────┘   │
+│   ┌───────────┐       ┌───────────┐       ┌───────────┐       ┌───────────┐      │
+│   │  TRIGGER  │──────▶│  ACTION   │──────▶│ CONDITION │──────▶│  NOTIFY   │      │
+│   │ (Git Push)│       │ (Build)   │       │ (Success?)│       │ (Discord) │      │
+│   └───────────┘       └───────────┘       └─────┬─────┘       └───────────┘      │
+│                                                 │                                │
+│                                                 ▼                                │
+│                                           ┌───────────┐                          │
+│                                           │  ROLLBACK │                          │
+│                                           └───────────┘                          │
 │                                                                                  │
 └─────────────────────────────────────────────────────────────────────────────────┘
 ```
 
-### Port Map Example
-
-```
-┌──────────┬────────────────────────────────────────┐
-│   Port   │              Service                   │
-├──────────┼────────────────────────────────────────┤
-│    22    │ SSH                                    │
-│    80    │ Nginx (HTTP)                           │
-│   443    │ Nginx (HTTPS)                          │
-│  3306    │ MySQL                                  │
-│  5432    │ PostgreSQL                             │
-│  5000    │ ServerKit Backend API                  │
-│  6379    │ Redis                                  │
-├──────────┼────────────────────────────────────────┤
-│  8001    │ App: wordpress-blog                    │
-│  8002    │ App: flask-api                         │
-│  8003    │ App: node-frontend                     │
-│  8004    │ App: grafana-monitoring                │
-│  8005    │ App: n8n-automation                    │
-│  8006    │ App: (next available)                  │
-│   ...    │ ...                                    │
-│ 60000    │ (max port range)                       │
-└──────────┴────────────────────────────────────────┘
-```
+- **Nodes:** Represent individual steps (Triggers, Actions, Logic, Notifications).
+- **Edges:** Define the flow of execution.
+- **Engine:** The `WorkflowService` parses the JSON graph and executes steps sequentially or in parallel.
 
 ---
 
-## Database Linking
+## Environment Pipeline
 
-### How Apps Connect to Databases
+Specifically designed for WordPress, the environment pipeline allows for professional staging/dev workflows.
 
 ```
-┌────────────────────────────────────────────────────────────────────────────────┐
-│                                                                                 │
-│    ┌──────────────────┐              ┌──────────────────┐                      │
-│    │   APP (Flask)    │              │ DATABASE (MySQL) │                      │
-│    │                  │              │                  │                      │
-│    │  Needs DB access │              │  db: my_app_db   │                      │
-│    │                  │              │  user: app_user  │                      │
-│    └────────┬─────────┘              └────────┬─────────┘                      │
-│             │                                  │                                │
-│             │      User clicks "Link Database" │                                │
-│             │                                  │                                │
-│             └──────────────┬───────────────────┘                                │
-│                            │                                                    │
-│                            ▼                                                    │
-│    ┌────────────────────────────────────────────────────────────────────────┐  │
-│    │                    SERVERKIT LINKS THEM                                 │  │
-│    │                                                                         │  │
-│    │  1. Creates database: my_app_db                                         │  │
-│    │  2. Creates user with secure password                                   │  │
-│    │  3. Grants permissions                                                  │  │
-│    │  4. Injects environment variables into app container:                   │  │
-│    │                                                                         │  │
-│    │     ┌─────────────────────────────────────────────────────────────┐    │  │
-│    │     │  DB_HOST=localhost                                          │    │  │
-│    │     │  DB_PORT=3306                                               │    │  │
-│    │     │  DB_NAME=my_app_db                                          │    │  │
-│    │     │  DB_USER=app_user                                           │    │  │
-│    │     │  DB_PASSWORD=xK9#mP2$vL7@nQ4                                │    │  │
-│    │     │                                                             │    │  │
-│    │     │  # Also provides connection URL format:                     │    │  │
-│    │     │  DATABASE_URL=mysql://app_user:xK9#mP2$vL7@nQ4@localhost/db │    │  │
-│    │     └─────────────────────────────────────────────────────────────┘    │  │
-│    │                                                                         │  │
-│    │  5. Restarts app container to pick up new env vars                      │  │
-│    │                                                                         │  │
-│    └────────────────────────────────────────────────────────────────────────┘  │
-│                            │                                                    │
-│                            ▼                                                    │
-│    ┌────────────────────────────────────────────────────────────────────────┐  │
-│    │                         APP CODE                                        │  │
-│    │                                                                         │  │
-│    │  # Python/Flask example                                                 │  │
-│    │  import os                                                              │  │
-│    │  import mysql.connector                                                 │  │
-│    │                                                                         │  │
-│    │  db = mysql.connector.connect(                                          │  │
-│    │      host=os.environ['DB_HOST'],      # localhost                       │  │
-│    │      port=os.environ['DB_PORT'],      # 3306                            │  │
-│    │      database=os.environ['DB_NAME'],  # my_app_db                       │  │
-│    │      user=os.environ['DB_USER'],      # app_user                        │  │
-│    │      password=os.environ['DB_PASSWORD']                                 │  │
-│    │  )                                                                      │  │
-│    │                                                                         │  │
-│    │  # Or use the URL directly:                                             │  │
-│    │  # SQLAlchemy: create_engine(os.environ['DATABASE_URL'])                │  │
-│    │                                                                         │  │
-│    └────────────────────────────────────────────────────────────────────────┘  │
-│                                                                                 │
-└─────────────────────────────────────────────────────────────────────────────────┘
+┌──────────────┐ promotion  ┌──────────────┐ promotion  ┌──────────────┐
+│     DEV      │───────────▶│   STAGING    │───────────▶│  PRODUCTION  │
+│ (Standalone) │            │ (Standalone) │            │ (Production) │
+└──────┬───────┘            └──────┬───────┘            └──────┬───────┘
+       │                           │                           │
+       └─────────── sync ──────────┴─────────── sync ──────────┘
 ```
 
+- **Promotion:** Push code (Git) and Database from a lower environment to a higher one.
+- **Syncing:** Pull the latest production database and media to dev/staging for testing.
+- **Sanitization:** Automatically strip sensitive user data during sync.
+
 ---
 
 ## File Paths
@@ -388,168 +187,30 @@ compose:                     # Docker Compose configuration
 ### Where Everything Lives
 
 ```
-SERVER FILESYSTEM
-─────────────────────────────────────────────────────────────────────────────────
-
 /var/serverkit/                          # ServerKit data root
 ├── apps/                                # All deployed applications
-│   ├── my-blog/
-│   │   ├── docker-compose.yml           # Generated from template
-│   │   ├── .env                         # Environment variables
-│   │   └── data/                        # Persistent volumes
-│   ├── flask-api/
-│   │   ├── docker-compose.yml
-│   │   └── app/                         # Application code
-│   └── ...
-│
 ├── backups/                             # Database backups
-│   ├── mysql/
-│   └── postgres/
-│
-└── ssl/                                 # SSL certificates (if not using certbot)
+└── ssl/                                 # SSL certificates
 
 /etc/serverkit/                          # ServerKit configuration
 ├── templates/                           # Template library (YAML files)
-│   ├── wordpress.yaml
-│   ├── flask-hello-world.yaml
-│   ├── grafana.yaml
-│   └── ...
 └── config.yaml                          # Main config
-
-/etc/nginx/                              # Nginx configuration
-├── sites-available/                     # All site configs
-│   ├── my-blog                          # Generated by ServerKit
-│   ├── flask-api
-│   └── default
-├── sites-enabled/                       # Enabled sites (symlinks)
-│   ├── my-blog -> ../sites-available/my-blog
-│   └── flask-api -> ../sites-available/flask-api
-└── nginx.conf                           # Main nginx config
-
-/var/log/nginx/                          # Nginx logs (per-app)
-├── my-blog.access.log
-├── my-blog.error.log
-├── flask-api.access.log
-└── flask-api.error.log
-
-/var/lib/mysql/                          # MySQL data
-/var/lib/postgresql/                     # PostgreSQL data
 ```
 
 ---
 
 ## Component Diagram
 
-```
-┌─────────────────────────────────────────────────────────────────────────────────┐
-│                                SERVERKIT                                         │
-│                                                                                  │
-│  ┌─────────────────────────────────────────────────────────────────────────┐   │
-│  │                            FRONTEND (React)                              │   │
-│  │                         Served via Nginx :80/443                         │   │
-│  │                                                                          │   │
-│  │   ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐    │   │
-│  │   │Dashboard │ │   Apps   │ │ Domains  │ │ Docker   │ │ Security │    │   │
-│  │   └──────────┘ └──────────┘ └──────────┘ └──────────┘ └──────────┘    │   │
-│  │   ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐    │   │
-│  │   │Databases │ │Templates │ │ Firewall │ │  Cron    │ │ Settings │    │   │
-│  │   └──────────┘ └──────────┘ └──────────┘ └──────────┘ └──────────┘    │   │
-│  │                                                                          │   │
-│  └─────────────────────────────────┬────────────────────────────────────────┘   │
-│                                    │                                            │
-│                          REST API + WebSocket                                   │
-│                                    │                                            │
-│                                    ▼                                            │
-│  ┌─────────────────────────────────────────────────────────────────────────┐   │
-│  │                          BACKEND (Flask)                                 │   │
-│  │                            Port 5000                                     │   │
-│  │                                                                          │   │
-│  │   ┌─────────────────────────────────────────────────────────────────┐   │   │
-│  │   │                         SERVICES                                 │   │   │
-│  │   │                                                                  │   │   │
-│  │   │  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐          │   │   │
-│  │   │  │DockerService │  │ NginxService │  │TemplateServ. │          │   │   │
-│  │   │  │              │  │              │  │              │          │   │   │
-│  │   │  │ • compose_up │  │ • create_site│  │ • install    │          │   │   │
-│  │   │  │ • logs       │  │ • enable_ssl │  │ • variables  │          │   │   │
-│  │   │  │ • stats      │  │ • reload     │  │ • validate   │          │   │   │
-│  │   │  └──────────────┘  └──────────────┘  └──────────────┘          │   │   │
-│  │   │                                                                  │   │   │
-│  │   │  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐          │   │   │
-│  │   │  │  DBService   │  │  SSLService  │  │SecurityServ. │          │   │   │
-│  │   │  │              │  │              │  │              │          │   │   │
-│  │   │  │ • create_db  │  │ • certbot    │  │ • ClamAV     │          │   │   │
-│  │   │  │ • users      │  │ • renew      │  │ • 2FA        │          │   │   │
-│  │   │  │ • backup     │  │ • wildcard   │  │ • firewall   │          │   │   │
-│  │   │  └──────────────┘  └──────────────┘  └──────────────┘          │   │   │
-│  │   │                                                                  │   │   │
-│  │   └──────────────────────────────────────────────────────────────────┘   │   │
-│  │                                                                          │   │
-│  └─────────────────────────────────┬────────────────────────────────────────┘   │
-│                                    │                                            │
-│                                    ▼                                            │
-│  ┌─────────────────────────────────────────────────────────────────────────┐   │
-│  │                       DATABASE (SQLite/PostgreSQL)                       │   │
-│  │                                                                          │   │
-│  │   ┌───────────┐ ┌───────────┐ ┌───────────┐ ┌───────────┐ ┌─────────┐  │   │
-│  │   │   Apps    │ │  Domains  │ │   Users   │ │ Databases │ │ Settings│  │   │
-│  │   └───────────┘ └───────────┘ └───────────┘ └───────────┘ └─────────┘  │   │
-│  │                                                                          │   │
-│  └─────────────────────────────────────────────────────────────────────────┘   │
-│                                                                                  │
-└──────────────────────────────────────────────────────────────────────────────────┘
-```
+ServerKit follows a modern 3-tier architecture:
+1. **Frontend:** React-based dashboard served via Nginx.
+2. **Backend:** Flask REST API managing Docker, Nginx, and system services.
+3. **Agent:** Go-based remote agent for multi-server management.
 
 ---
 
 ## Troubleshooting
 
-### 502 Bad Gateway
-
-```
-Problem: Nginx can't reach the container
-
-Check:
-┌─────────────────────────────────────────────────────────────────┐
-│ 1. Is container running?                                        │
-│    docker ps | grep <app-name>                                  │
-│                                                                 │
-│ 2. Is port bound to host?                                       │
-│    docker port <container-name>                                 │
-│    Expected: 5000/tcp -> 0.0.0.0:8001                          │
-│                                                                 │
-│ 3. Is port accessible?                                          │
-│    curl -I http://127.0.0.1:8001                               │
-│    Expected: HTTP/1.1 200 OK                                    │
-│                                                                 │
-│ 4. Does nginx config have correct port?                         │
-│    cat /etc/nginx/sites-enabled/<app-name>                     │
-│    Check: proxy_pass http://127.0.0.1:8001;                    │
-│                                                                 │
-│ 5. Check nginx error log:                                       │
-│    tail -50 /var/log/nginx/<app-name>.error.log                │
-└─────────────────────────────────────────────────────────────────┘
-```
-
-### Container Won't Start
-
-```
-Problem: docker compose up fails
-
-Check:
-┌─────────────────────────────────────────────────────────────────┐
-│ 1. Check compose logs:                                          │
-│    cd /var/serverkit/apps/<app-name>                           │
-│    docker compose logs                                          │
-│                                                                 │
-│ 2. Validate compose file:                                       │
-│    docker compose config                                        │
-│                                                                 │
-│ 3. Check for port conflicts:                                    │
-│    docker ps --format "{{.Ports}}"                             │
-│    netstat -tulpn | grep <port>                                │
-└─────────────────────────────────────────────────────────────────┘
-```
+Refer to the [Deployment Guide](DEPLOYMENT.md) for detailed troubleshooting steps regarding 502 errors, container failures, and networking issues.
 
 ---
 
diff --git a/frontend/package-lock.json b/frontend/package-lock.json
index f798d077..51157ce2 100644
--- a/frontend/package-lock.json
+++ b/frontend/package-lock.json
@@ -8,6 +8,7 @@
             "name": "serverkit-frontend",
             "version": "0.1.0",
             "dependencies": {
+                "@rollup/rollup-win32-x64-msvc": "^4.60.0",
                 "@xterm/addon-fit": "^0.10.0",
                 "@xterm/addon-web-links": "^0.11.0",
                 "@xterm/xterm": "^5.5.0",
@@ -28,7 +29,7 @@
                 "eslint-plugin-react-hooks": "^5.1.0-rc.0",
                 "eslint-plugin-react-refresh": "^0.4.9",
                 "globals": "^15.9.0",
-                "less": "^4.5.1",
+                "sass": "^1.86.0",
                 "vite": "^5.4.1"
             }
         },
@@ -973,6 +974,316 @@
                 "@jridgewell/sourcemap-codec": "^1.4.14"
             }
         },
+        "node_modules/@parcel/watcher": {
+            "version": "2.5.6",
+            "resolved": "https://registry.npmjs.org/@parcel/watcher/-/watcher-2.5.6.tgz",
+            "integrity": "sha512-tmmZ3lQxAe/k/+rNnXQRawJ4NjxO2hqiOLTHvWchtGZULp4RyFeh6aU4XdOYBFe2KE1oShQTv4AblOs2iOrNnQ==",
+            "dev": true,
+            "hasInstallScript": true,
+            "license": "MIT",
+            "optional": true,
+            "dependencies": {
+                "detect-libc": "^2.0.3",
+                "is-glob": "^4.0.3",
+                "node-addon-api": "^7.0.0",
+                "picomatch": "^4.0.3"
+            },
+            "engines": {
+                "node": ">= 10.0.0"
+            },
+            "funding": {
+                "type": "opencollective",
+                "url": "https://opencollective.com/parcel"
+            },
+            "optionalDependencies": {
+                "@parcel/watcher-android-arm64": "2.5.6",
+                "@parcel/watcher-darwin-arm64": "2.5.6",
+                "@parcel/watcher-darwin-x64": "2.5.6",
+                "@parcel/watcher-freebsd-x64": "2.5.6",
+                "@parcel/watcher-linux-arm-glibc": "2.5.6",
+                "@parcel/watcher-linux-arm-musl": "2.5.6",
+                "@parcel/watcher-linux-arm64-glibc": "2.5.6",
+                "@parcel/watcher-linux-arm64-musl": "2.5.6",
+                "@parcel/watcher-linux-x64-glibc": "2.5.6",
+                "@parcel/watcher-linux-x64-musl": "2.5.6",
+                "@parcel/watcher-win32-arm64": "2.5.6",
+                "@parcel/watcher-win32-ia32": "2.5.6",
+                "@parcel/watcher-win32-x64": "2.5.6"
+            }
+        },
+        "node_modules/@parcel/watcher-android-arm64": {
+            "version": "2.5.6",
+            "resolved": "https://registry.npmjs.org/@parcel/watcher-android-arm64/-/watcher-android-arm64-2.5.6.tgz",
+            "integrity": "sha512-YQxSS34tPF/6ZG7r/Ih9xy+kP/WwediEUsqmtf0cuCV5TPPKw/PQHRhueUo6JdeFJaqV3pyjm0GdYjZotbRt/A==",
+            "cpu": [
+                "arm64"
+            ],
+            "dev": true,
+            "license": "MIT",
+            "optional": true,
+            "os": [
+                "android"
+            ],
+            "engines": {
+                "node": ">= 10.0.0"
+            },
+            "funding": {
+                "type": "opencollective",
+                "url": "https://opencollective.com/parcel"
+            }
+        },
+        "node_modules/@parcel/watcher-darwin-arm64": {
+            "version": "2.5.6",
+            "resolved": "https://registry.npmjs.org/@parcel/watcher-darwin-arm64/-/watcher-darwin-arm64-2.5.6.tgz",
+            "integrity": "sha512-Z2ZdrnwyXvvvdtRHLmM4knydIdU9adO3D4n/0cVipF3rRiwP+3/sfzpAwA/qKFL6i1ModaabkU7IbpeMBgiVEA==",
+            "cpu": [
+                "arm64"
+            ],
+            "dev": true,
+            "license": "MIT",
+            "optional": true,
+            "os": [
+                "darwin"
+            ],
+            "engines": {
+                "node": ">= 10.0.0"
+            },
+            "funding": {
+                "type": "opencollective",
+                "url": "https://opencollective.com/parcel"
+            }
+        },
+        "node_modules/@parcel/watcher-darwin-x64": {
+            "version": "2.5.6",
+            "resolved": "https://registry.npmjs.org/@parcel/watcher-darwin-x64/-/watcher-darwin-x64-2.5.6.tgz",
+            "integrity": "sha512-HgvOf3W9dhithcwOWX9uDZyn1lW9R+7tPZ4sug+NGrGIo4Rk1hAXLEbcH1TQSqxts0NYXXlOWqVpvS1SFS4fRg==",
+            "cpu": [
+                "x64"
+            ],
+            "dev": true,
+            "license": "MIT",
+            "optional": true,
+            "os": [
+                "darwin"
+            ],
+            "engines": {
+                "node": ">= 10.0.0"
+            },
+            "funding": {
+                "type": "opencollective",
+                "url": "https://opencollective.com/parcel"
+            }
+        },
+        "node_modules/@parcel/watcher-freebsd-x64": {
+            "version": "2.5.6",
+            "resolved": "https://registry.npmjs.org/@parcel/watcher-freebsd-x64/-/watcher-freebsd-x64-2.5.6.tgz",
+            "integrity": "sha512-vJVi8yd/qzJxEKHkeemh7w3YAn6RJCtYlE4HPMoVnCpIXEzSrxErBW5SJBgKLbXU3WdIpkjBTeUNtyBVn8TRng==",
+            "cpu": [
+                "x64"
+            ],
+            "dev": true,
+            "license": "MIT",
+            "optional": true,
+            "os": [
+                "freebsd"
+            ],
+            "engines": {
+                "node": ">= 10.0.0"
+            },
+            "funding": {
+                "type": "opencollective",
+                "url": "https://opencollective.com/parcel"
+            }
+        },
+        "node_modules/@parcel/watcher-linux-arm-glibc": {
+            "version": "2.5.6",
+            "resolved": "https://registry.npmjs.org/@parcel/watcher-linux-arm-glibc/-/watcher-linux-arm-glibc-2.5.6.tgz",
+            "integrity": "sha512-9JiYfB6h6BgV50CCfasfLf/uvOcJskMSwcdH1PHH9rvS1IrNy8zad6IUVPVUfmXr+u+Km9IxcfMLzgdOudz9EQ==",
+            "cpu": [
+                "arm"
+            ],
+            "dev": true,
+            "license": "MIT",
+            "optional": true,
+            "os": [
+                "linux"
+            ],
+            "engines": {
+                "node": ">= 10.0.0"
+            },
+            "funding": {
+                "type": "opencollective",
+                "url": "https://opencollective.com/parcel"
+            }
+        },
+        "node_modules/@parcel/watcher-linux-arm-musl": {
+            "version": "2.5.6",
+            "resolved": "https://registry.npmjs.org/@parcel/watcher-linux-arm-musl/-/watcher-linux-arm-musl-2.5.6.tgz",
+            "integrity": "sha512-Ve3gUCG57nuUUSyjBq/MAM0CzArtuIOxsBdQ+ftz6ho8n7s1i9E1Nmk/xmP323r2YL0SONs1EuwqBp2u1k5fxg==",
+            "cpu": [
+                "arm"
+            ],
+            "dev": true,
+            "license": "MIT",
+            "optional": true,
+            "os": [
+                "linux"
+            ],
+            "engines": {
+                "node": ">= 10.0.0"
+            },
+            "funding": {
+                "type": "opencollective",
+                "url": "https://opencollective.com/parcel"
+            }
+        },
+        "node_modules/@parcel/watcher-linux-arm64-glibc": {
+            "version": "2.5.6",
+            "resolved": "https://registry.npmjs.org/@parcel/watcher-linux-arm64-glibc/-/watcher-linux-arm64-glibc-2.5.6.tgz",
+            "integrity": "sha512-f2g/DT3NhGPdBmMWYoxixqYr3v/UXcmLOYy16Bx0TM20Tchduwr4EaCbmxh1321TABqPGDpS8D/ggOTaljijOA==",
+            "cpu": [
+                "arm64"
+            ],
+            "dev": true,
+            "license": "MIT",
+            "optional": true,
+            "os": [
+                "linux"
+            ],
+            "engines": {
+                "node": ">= 10.0.0"
+            },
+            "funding": {
+                "type": "opencollective",
+                "url": "https://opencollective.com/parcel"
+            }
+        },
+        "node_modules/@parcel/watcher-linux-arm64-musl": {
+            "version": "2.5.6",
+            "resolved": "https://registry.npmjs.org/@parcel/watcher-linux-arm64-musl/-/watcher-linux-arm64-musl-2.5.6.tgz",
+            "integrity": "sha512-qb6naMDGlbCwdhLj6hgoVKJl2odL34z2sqkC7Z6kzir8b5W65WYDpLB6R06KabvZdgoHI/zxke4b3zR0wAbDTA==",
+            "cpu": [
+                "arm64"
+            ],
+            "dev": true,
+            "license": "MIT",
+            "optional": true,
+            "os": [
+                "linux"
+            ],
+            "engines": {
+                "node": ">= 10.0.0"
+            },
+            "funding": {
+                "type": "opencollective",
+                "url": "https://opencollective.com/parcel"
+            }
+        },
+        "node_modules/@parcel/watcher-linux-x64-glibc": {
+            "version": "2.5.6",
+            "resolved": "https://registry.npmjs.org/@parcel/watcher-linux-x64-glibc/-/watcher-linux-x64-glibc-2.5.6.tgz",
+            "integrity": "sha512-kbT5wvNQlx7NaGjzPFu8nVIW1rWqV780O7ZtkjuWaPUgpv2NMFpjYERVi0UYj1msZNyCzGlaCWEtzc+exjMGbQ==",
+            "cpu": [
+                "x64"
+            ],
+            "dev": true,
+            "license": "MIT",
+            "optional": true,
+            "os": [
+                "linux"
+            ],
+            "engines": {
+                "node": ">= 10.0.0"
+            },
+            "funding": {
+                "type": "opencollective",
+                "url": "https://opencollective.com/parcel"
+            }
+        },
+        "node_modules/@parcel/watcher-linux-x64-musl": {
+            "version": "2.5.6",
+            "resolved": "https://registry.npmjs.org/@parcel/watcher-linux-x64-musl/-/watcher-linux-x64-musl-2.5.6.tgz",
+            "integrity": "sha512-1JRFeC+h7RdXwldHzTsmdtYR/Ku8SylLgTU/reMuqdVD7CtLwf0VR1FqeprZ0eHQkO0vqsbvFLXUmYm/uNKJBg==",
+            "cpu": [
+                "x64"
+            ],
+            "dev": true,
+            "license": "MIT",
+            "optional": true,
+            "os": [
+                "linux"
+            ],
+            "engines": {
+                "node": ">= 10.0.0"
+            },
+            "funding": {
+                "type": "opencollective",
+                "url": "https://opencollective.com/parcel"
+            }
+        },
+        "node_modules/@parcel/watcher-win32-arm64": {
+            "version": "2.5.6",
+            "resolved": "https://registry.npmjs.org/@parcel/watcher-win32-arm64/-/watcher-win32-arm64-2.5.6.tgz",
+            "integrity": "sha512-3ukyebjc6eGlw9yRt678DxVF7rjXatWiHvTXqphZLvo7aC5NdEgFufVwjFfY51ijYEWpXbqF5jtrK275z52D4Q==",
+            "cpu": [
+                "arm64"
+            ],
+            "dev": true,
+            "license": "MIT",
+            "optional": true,
+            "os": [
+                "win32"
+            ],
+            "engines": {
+                "node": ">= 10.0.0"
+            },
+            "funding": {
+                "type": "opencollective",
+                "url": "https://opencollective.com/parcel"
+            }
+        },
+        "node_modules/@parcel/watcher-win32-ia32": {
+            "version": "2.5.6",
+            "resolved": "https://registry.npmjs.org/@parcel/watcher-win32-ia32/-/watcher-win32-ia32-2.5.6.tgz",
+            "integrity": "sha512-k35yLp1ZMwwee3Ez/pxBi5cf4AoBKYXj00CZ80jUz5h8prpiaQsiRPKQMxoLstNuqe2vR4RNPEAEcjEFzhEz/g==",
+            "cpu": [
+                "ia32"
+            ],
+            "dev": true,
+            "license": "MIT",
+            "optional": true,
+            "os": [
+                "win32"
+            ],
+            "engines": {
+                "node": ">= 10.0.0"
+            },
+            "funding": {
+                "type": "opencollective",
+                "url": "https://opencollective.com/parcel"
+            }
+        },
+        "node_modules/@parcel/watcher-win32-x64": {
+            "version": "2.5.6",
+            "resolved": "https://registry.npmjs.org/@parcel/watcher-win32-x64/-/watcher-win32-x64-2.5.6.tgz",
+            "integrity": "sha512-hbQlYcCq5dlAX9Qx+kFb0FHue6vbjlf0FrNzSKdYK2APUf7tGfGxQCk2ihEREmbR6ZMc0MVAD5RIX/41gpUzTw==",
+            "cpu": [
+                "x64"
+            ],
+            "dev": true,
+            "license": "MIT",
+            "optional": true,
+            "os": [
+                "win32"
+            ],
+            "engines": {
+                "node": ">= 10.0.0"
+            },
+            "funding": {
+                "type": "opencollective",
+                "url": "https://opencollective.com/parcel"
+            }
+        },
         "node_modules/@remix-run/router": {
             "version": "1.23.2",
             "resolved": "https://registry.npmjs.org/@remix-run/router/-/router-1.23.2.tgz",
@@ -1326,15 +1637,13 @@
             ]
         },
         "node_modules/@rollup/rollup-win32-x64-msvc": {
-            "version": "4.55.1",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.55.1.tgz",
-            "integrity": "sha512-SPEpaL6DX4rmcXtnhdrQYgzQ5W2uW3SCJch88lB2zImhJRhIIK44fkUrgIV/Q8yUNfw5oyZ5vkeQsZLhCb06lw==",
+            "version": "4.60.0",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.60.0.tgz",
+            "integrity": "sha512-PrsWNQ8BuE00O3Xsx3ALh2Df8fAj9+cvvX9AIA6o4KpATR98c9mud4XtDWVvsEuyia5U4tVSTKygawyJkjm60w==",
             "cpu": [
                 "x64"
             ],
-            "dev": true,
             "license": "MIT",
-            "optional": true,
             "os": [
                 "win32"
             ]
@@ -1993,6 +2302,22 @@
                 "url": "https://github.com/chalk/chalk?sponsor=1"
             }
         },
+        "node_modules/chokidar": {
+            "version": "4.0.3",
+            "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-4.0.3.tgz",
+            "integrity": "sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==",
+            "dev": true,
+            "license": "MIT",
+            "dependencies": {
+                "readdirp": "^4.0.1"
+            },
+            "engines": {
+                "node": ">= 14.16.0"
+            },
+            "funding": {
+                "url": "https://paulmillr.com/funding/"
+            }
+        },
         "node_modules/classcat": {
             "version": "5.0.5",
             "resolved": "https://registry.npmjs.org/classcat/-/classcat-5.0.5.tgz",
@@ -2042,19 +2367,6 @@
             "dev": true,
             "license": "MIT"
         },
-        "node_modules/copy-anything": {
-            "version": "2.0.6",
-            "resolved": "https://registry.npmjs.org/copy-anything/-/copy-anything-2.0.6.tgz",
-            "integrity": "sha512-1j20GZTsvKNkc4BY3NpMOM8tt///wY3FpIzozTOFO2ffuZcV61nojHXVKIy3WM+7ADCy5FVhdZYHYDdgTU0yJw==",
-            "dev": true,
-            "license": "MIT",
-            "dependencies": {
-                "is-what": "^3.14.1"
-            },
-            "funding": {
-                "url": "https://github.com/sponsors/mesqueeb"
-            }
-        },
         "node_modules/cross-spawn": {
             "version": "7.0.6",
             "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
@@ -2383,6 +2695,17 @@
                 "url": "https://github.com/sponsors/ljharb"
             }
         },
+        "node_modules/detect-libc": {
+            "version": "2.1.2",
+            "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz",
+            "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "optional": true,
+            "engines": {
+                "node": ">=8"
+            }
+        },
         "node_modules/doctrine": {
             "version": "2.1.0",
             "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz",
@@ -2450,20 +2773,6 @@
                 "node": ">=10.0.0"
             }
         },
-        "node_modules/errno": {
-            "version": "0.1.8",
-            "resolved": "https://registry.npmjs.org/errno/-/errno-0.1.8.tgz",
-            "integrity": "sha512-dJ6oBr5SQ1VSd9qkk7ByRgb/1SH4JZjCHSW/mr63/QcXO9zLVxvJ6Oy13nio03rxpSnVDDjFor75SjVeZWPW/A==",
-            "dev": true,
-            "license": "MIT",
-            "optional": true,
-            "dependencies": {
-                "prr": "~1.0.1"
-            },
-            "bin": {
-                "errno": "cli.js"
-            }
-        },
         "node_modules/es-abstract": {
             "version": "1.24.1",
             "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.24.1.tgz",
@@ -3205,14 +3514,6 @@
                 "url": "https://github.com/sponsors/ljharb"
             }
         },
-        "node_modules/graceful-fs": {
-            "version": "4.2.11",
-            "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz",
-            "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==",
-            "dev": true,
-            "license": "ISC",
-            "optional": true
-        },
         "node_modules/has-bigints": {
             "version": "1.1.0",
             "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.1.0.tgz",
@@ -3307,20 +3608,6 @@
                 "node": ">= 0.4"
             }
         },
-        "node_modules/iconv-lite": {
-            "version": "0.6.3",
-            "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz",
-            "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==",
-            "dev": true,
-            "license": "MIT",
-            "optional": true,
-            "dependencies": {
-                "safer-buffer": ">= 2.1.2 < 3.0.0"
-            },
-            "engines": {
-                "node": ">=0.10.0"
-            }
-        },
         "node_modules/ignore": {
             "version": "5.3.2",
             "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
@@ -3331,19 +3618,12 @@
                 "node": ">= 4"
             }
         },
-        "node_modules/image-size": {
-            "version": "0.5.5",
-            "resolved": "https://registry.npmjs.org/image-size/-/image-size-0.5.5.tgz",
-            "integrity": "sha512-6TDAlDPZxUFCv+fuOkIoXT/V/f3Qbq8e37p+YOiYrUv3v9cc3/6x78VdfPgFVaB9dZYeLUfKgHRebpkm/oP2VQ==",
+        "node_modules/immutable": {
+            "version": "5.1.5",
+            "resolved": "https://registry.npmjs.org/immutable/-/immutable-5.1.5.tgz",
+            "integrity": "sha512-t7xcm2siw+hlUM68I+UEOK+z84RzmN59as9DZ7P1l0994DKUWV7UXBMQZVxaoMSRQ+PBZbHCOoBt7a2wxOMt+A==",
             "dev": true,
-            "license": "MIT",
-            "optional": true,
-            "bin": {
-                "image-size": "bin/image-size.js"
-            },
-            "engines": {
-                "node": ">=0.10.0"
-            }
+            "license": "MIT"
         },
         "node_modules/import-fresh": {
             "version": "3.3.1",
@@ -3778,13 +4058,6 @@
                 "url": "https://github.com/sponsors/ljharb"
             }
         },
-        "node_modules/is-what": {
-            "version": "3.14.1",
-            "resolved": "https://registry.npmjs.org/is-what/-/is-what-3.14.1.tgz",
-            "integrity": "sha512-sNxgpk9793nzSs7bA6JQJGeIuRBQhAaNGG77kzYQgMkrID+lS6SlK07K5LaptscDlSaIgH+GPFzf+d75FVxozA==",
-            "dev": true,
-            "license": "MIT"
-        },
         "node_modules/isarray": {
             "version": "2.0.5",
             "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz",
@@ -3909,34 +4182,6 @@
                 "json-buffer": "3.0.1"
             }
         },
-        "node_modules/less": {
-            "version": "4.5.1",
-            "resolved": "https://registry.npmjs.org/less/-/less-4.5.1.tgz",
-            "integrity": "sha512-UKgI3/KON4u6ngSsnDADsUERqhZknsVZbnuzlRZXLQCmfC/MDld42fTydUE9B+Mla1AL6SJ/Pp6SlEFi/AVGfw==",
-            "dev": true,
-            "hasInstallScript": true,
-            "license": "Apache-2.0",
-            "dependencies": {
-                "copy-anything": "^2.0.1",
-                "parse-node-version": "^1.0.1",
-                "tslib": "^2.3.0"
-            },
-            "bin": {
-                "lessc": "bin/lessc"
-            },
-            "engines": {
-                "node": ">=14"
-            },
-            "optionalDependencies": {
-                "errno": "^0.1.1",
-                "graceful-fs": "^4.1.2",
-                "image-size": "~0.5.0",
-                "make-dir": "^2.1.0",
-                "mime": "^1.4.1",
-                "needle": "^3.1.0",
-                "source-map": "~0.6.0"
-            }
-        },
         "node_modules/levn": {
             "version": "0.4.1",
             "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz",
@@ -4011,32 +4256,6 @@
                 "react": "^16.5.1 || ^17.0.0 || ^18.0.0"
             }
         },
-        "node_modules/make-dir": {
-            "version": "2.1.0",
-            "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-2.1.0.tgz",
-            "integrity": "sha512-LS9X+dc8KLxXCb8dni79fLIIUA5VyZoyjSMCwTluaXA0o27cCK0bhXkpgw+sTXVpPy/lSO57ilRixqk0vDmtRA==",
-            "dev": true,
-            "license": "MIT",
-            "optional": true,
-            "dependencies": {
-                "pify": "^4.0.1",
-                "semver": "^5.6.0"
-            },
-            "engines": {
-                "node": ">=6"
-            }
-        },
-        "node_modules/make-dir/node_modules/semver": {
-            "version": "5.7.2",
-            "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz",
-            "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==",
-            "dev": true,
-            "license": "ISC",
-            "optional": true,
-            "bin": {
-                "semver": "bin/semver"
-            }
-        },
         "node_modules/math-intrinsics": {
             "version": "1.1.0",
             "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
@@ -4047,20 +4266,6 @@
                 "node": ">= 0.4"
             }
         },
-        "node_modules/mime": {
-            "version": "1.6.0",
-            "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
-            "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==",
-            "dev": true,
-            "license": "MIT",
-            "optional": true,
-            "bin": {
-                "mime": "cli.js"
-            },
-            "engines": {
-                "node": ">=4"
-            }
-        },
         "node_modules/minimatch": {
             "version": "3.1.2",
             "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
@@ -4106,23 +4311,13 @@
             "dev": true,
             "license": "MIT"
         },
-        "node_modules/needle": {
-            "version": "3.3.1",
-            "resolved": "https://registry.npmjs.org/needle/-/needle-3.3.1.tgz",
-            "integrity": "sha512-6k0YULvhpw+RoLNiQCRKOl09Rv1dPLr8hHnVjHqdolKwDrdNyk+Hmrthi4lIGPPz3r39dLx0hsF5s40sZ3Us4Q==",
+        "node_modules/node-addon-api": {
+            "version": "7.1.1",
+            "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-7.1.1.tgz",
+            "integrity": "sha512-5m3bsyrjFWE1xf7nz7YXdN4udnVtXK6/Yfgn5qnahL6bCkf2yKt4k3nuTKAtT4r3IG8JNR2ncsIMdZuAzJjHQQ==",
             "dev": true,
             "license": "MIT",
-            "optional": true,
-            "dependencies": {
-                "iconv-lite": "^0.6.3",
-                "sax": "^1.2.4"
-            },
-            "bin": {
-                "needle": "bin/needle"
-            },
-            "engines": {
-                "node": ">= 4.4.x"
-            }
+            "optional": true
         },
         "node_modules/node-releases": {
             "version": "2.0.27",
@@ -4319,16 +4514,6 @@
                 "node": ">=6"
             }
         },
-        "node_modules/parse-node-version": {
-            "version": "1.0.1",
-            "resolved": "https://registry.npmjs.org/parse-node-version/-/parse-node-version-1.0.1.tgz",
-            "integrity": "sha512-3YHlOa/JgH6Mnpr05jP9eDG254US9ek25LyIxZlDItp2iJtwyaXQb57lBYLdT3MowkUFYEV2XXNAYIPlESvJlA==",
-            "dev": true,
-            "license": "MIT",
-            "engines": {
-                "node": ">= 0.10"
-            }
-        },
         "node_modules/path-exists": {
             "version": "4.0.0",
             "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
@@ -4363,15 +4548,18 @@
             "dev": true,
             "license": "ISC"
         },
-        "node_modules/pify": {
-            "version": "4.0.1",
-            "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz",
-            "integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==",
+        "node_modules/picomatch": {
+            "version": "4.0.4",
+            "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+            "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
             "dev": true,
             "license": "MIT",
             "optional": true,
             "engines": {
-                "node": ">=6"
+                "node": ">=12"
+            },
+            "funding": {
+                "url": "https://github.com/sponsors/jonschlinkert"
             }
         },
         "node_modules/possible-typed-array-names": {
@@ -4434,14 +4622,6 @@
                 "react-is": "^16.13.1"
             }
         },
-        "node_modules/prr": {
-            "version": "1.0.1",
-            "resolved": "https://registry.npmjs.org/prr/-/prr-1.0.1.tgz",
-            "integrity": "sha512-yPw4Sng1gWghHQWj0B3ZggWUm4qVbPwPFcRG8KyxiU7J2OHFSoEHKS+EZ3fv5l1t9CyCiop6l/ZYeWbrgoQejw==",
-            "dev": true,
-            "license": "MIT",
-            "optional": true
-        },
         "node_modules/punycode": {
             "version": "2.3.1",
             "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz",
@@ -4556,6 +4736,20 @@
                 "react-dom": ">=16.6.0"
             }
         },
+        "node_modules/readdirp": {
+            "version": "4.1.2",
+            "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.2.tgz",
+            "integrity": "sha512-GDhwkLfywWL2s6vEjyhri+eXmfH6j1L7JE27WhqLeYzoh/A3DBaYGEj2H/HFZCn/kMfim73FXxEJTw06WtxQwg==",
+            "dev": true,
+            "license": "MIT",
+            "engines": {
+                "node": ">= 14.18.0"
+            },
+            "funding": {
+                "type": "individual",
+                "url": "https://paulmillr.com/funding/"
+            }
+        },
         "node_modules/recharts": {
             "version": "2.15.4",
             "resolved": "https://registry.npmjs.org/recharts/-/recharts-2.15.4.tgz",
@@ -4711,6 +4905,20 @@
                 "fsevents": "~2.3.2"
             }
         },
+        "node_modules/rollup/node_modules/@rollup/rollup-win32-x64-msvc": {
+            "version": "4.55.1",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.55.1.tgz",
+            "integrity": "sha512-SPEpaL6DX4rmcXtnhdrQYgzQ5W2uW3SCJch88lB2zImhJRhIIK44fkUrgIV/Q8yUNfw5oyZ5vkeQsZLhCb06lw==",
+            "cpu": [
+                "x64"
+            ],
+            "dev": true,
+            "license": "MIT",
+            "optional": true,
+            "os": [
+                "win32"
+            ]
+        },
         "node_modules/safe-array-concat": {
             "version": "1.1.3",
             "resolved": "https://registry.npmjs.org/safe-array-concat/-/safe-array-concat-1.1.3.tgz",
@@ -4766,23 +4974,25 @@
                 "url": "https://github.com/sponsors/ljharb"
             }
         },
-        "node_modules/safer-buffer": {
-            "version": "2.1.2",
-            "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
-            "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
+        "node_modules/sass": {
+            "version": "1.98.0",
+            "resolved": "https://registry.npmjs.org/sass/-/sass-1.98.0.tgz",
+            "integrity": "sha512-+4N/u9dZ4PrgzGgPlKnaaRQx64RO0JBKs9sDhQ2pLgN6JQZ25uPQZKQYaBJU48Kd5BxgXoJ4e09Dq7nMcOUW3A==",
             "dev": true,
             "license": "MIT",
-            "optional": true
-        },
-        "node_modules/sax": {
-            "version": "1.4.4",
-            "resolved": "https://registry.npmjs.org/sax/-/sax-1.4.4.tgz",
-            "integrity": "sha512-1n3r/tGXO6b6VXMdFT54SHzT9ytu9yr7TaELowdYpMqY/Ao7EnlQGmAQ1+RatX7Tkkdm6hONI2owqNx2aZj5Sw==",
-            "dev": true,
-            "license": "BlueOak-1.0.0",
-            "optional": true,
+            "dependencies": {
+                "chokidar": "^4.0.0",
+                "immutable": "^5.1.5",
+                "source-map-js": ">=0.6.2 <2.0.0"
+            },
+            "bin": {
+                "sass": "sass.js"
+            },
             "engines": {
-                "node": ">=11.0.0"
+                "node": ">=14.0.0"
+            },
+            "optionalDependencies": {
+                "@parcel/watcher": "^2.4.1"
             }
         },
         "node_modules/scheduler": {
@@ -4980,17 +5190,6 @@
                 "node": ">=10.0.0"
             }
         },
-        "node_modules/source-map": {
-            "version": "0.6.1",
-            "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
-            "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
-            "dev": true,
-            "license": "BSD-3-Clause",
-            "optional": true,
-            "engines": {
-                "node": ">=0.10.0"
-            }
-        },
         "node_modules/source-map-js": {
             "version": "1.2.1",
             "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz",
@@ -5158,13 +5357,6 @@
             "integrity": "sha512-+FbBPE1o9QAYvviau/qC5SE3caw21q3xkvWKBtja5vgqOWIHHJ3ioaq1VPfn/Szqctz2bU/oYeKd9/z5BL+PVg==",
             "license": "MIT"
         },
-        "node_modules/tslib": {
-            "version": "2.8.1",
-            "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz",
-            "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==",
-            "dev": true,
-            "license": "0BSD"
-        },
         "node_modules/type-check": {
             "version": "0.4.0",
             "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz",
diff --git a/frontend/package.json b/frontend/package.json
index 4bffede5..31f83ab4 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -9,6 +9,9 @@
         "lint": "eslint .",
         "preview": "vite preview"
     },
+    "optionalDependencies": {
+        "@rollup/rollup-win32-x64-msvc": "^4.60.0"
+    },
     "dependencies": {
         "@xterm/addon-fit": "^0.10.0",
         "@xterm/addon-web-links": "^0.11.0",
@@ -30,7 +33,7 @@
         "eslint-plugin-react-hooks": "^5.1.0-rc.0",
         "eslint-plugin-react-refresh": "^0.4.9",
         "globals": "^15.9.0",
-        "less": "^4.5.1",
+        "sass": "^1.86.0",
         "vite": "^5.4.1"
     }
 }
diff --git a/frontend/public/manifest.json b/frontend/public/manifest.json
new file mode 100644
index 00000000..e886aba5
--- /dev/null
+++ b/frontend/public/manifest.json
@@ -0,0 +1,36 @@
+{
+    "name": "ServerKit",
+    "short_name": "ServerKit",
+    "description": "Server control panel for managing web applications, databases, and infrastructure",
+    "start_url": "/",
+    "display": "standalone",
+    "background_color": "#0f172a",
+    "theme_color": "#4f46e5",
+    "orientation": "any",
+    "icons": [
+        {
+            "src": "/favicon.svg",
+            "sizes": "any",
+            "type": "image/svg+xml",
+            "purpose": "any maskable"
+        }
+    ],
+    "categories": ["utilities", "productivity"],
+    "shortcuts": [
+        {
+            "name": "Dashboard",
+            "url": "/",
+            "description": "View server dashboard"
+        },
+        {
+            "name": "Services",
+            "url": "/services",
+            "description": "Manage services"
+        },
+        {
+            "name": "Terminal",
+            "url": "/terminal",
+            "description": "Open terminal"
+        }
+    ]
+}
diff --git a/frontend/public/sw.js b/frontend/public/sw.js
new file mode 100644
index 00000000..5295ad34
--- /dev/null
+++ b/frontend/public/sw.js
@@ -0,0 +1,76 @@
+// ServerKit Service Worker for PWA / Offline support
+
+const CACHE_NAME = 'serverkit-v1';
+const OFFLINE_URL = '/';
+
+// Assets to cache on install
+const PRECACHE_ASSETS = [
+    '/',
+    '/favicon.svg',
+    '/manifest.json',
+];
+
+self.addEventListener('install', (event) => {
+    event.waitUntil(
+        caches.open(CACHE_NAME).then((cache) => {
+            return cache.addAll(PRECACHE_ASSETS);
+        })
+    );
+    self.skipWaiting();
+});
+
+self.addEventListener('activate', (event) => {
+    event.waitUntil(
+        caches.keys().then((keys) => {
+            return Promise.all(
+                keys.filter((key) => key !== CACHE_NAME).map((key) => caches.delete(key))
+            );
+        })
+    );
+    self.clients.claim();
+});
+
+self.addEventListener('fetch', (event) => {
+    // Skip API requests — always go to network
+    if (event.request.url.includes('/api/')) {
+        return;
+    }
+
+    event.respondWith(
+        fetch(event.request).catch(() => {
+            return caches.match(event.request).then((cached) => {
+                return cached || caches.match(OFFLINE_URL);
+            });
+        })
+    );
+});
+
+// Push notification handler
+self.addEventListener('push', (event) => {
+    const data = event.data ? event.data.json() : {};
+    const title = data.title || 'ServerKit';
+    const options = {
+        body: data.body || 'New notification',
+        icon: '/favicon.svg',
+        badge: '/favicon.svg',
+        data: data.url || '/',
+        actions: data.actions || [],
+    };
+
+    event.waitUntil(self.registration.showNotification(title, options));
+});
+
+self.addEventListener('notificationclick', (event) => {
+    event.notification.close();
+    const url = event.notification.data || '/';
+    event.waitUntil(
+        self.clients.matchAll({ type: 'window' }).then((clients) => {
+            for (const client of clients) {
+                if (client.url === url && 'focus' in client) {
+                    return client.focus();
+                }
+            }
+            return self.clients.openWindow(url);
+        })
+    );
+});
diff --git a/frontend/src/App.jsx b/frontend/src/App.jsx
index 511ab200..45fba18e 100644
--- a/frontend/src/App.jsx
+++ b/frontend/src/App.jsx
@@ -1,250 +1,277 @@
-import React, { useEffect } from 'react';
-import { BrowserRouter as Router, Routes, Route, Navigate, useLocation } from 'react-router-dom';
-import { AuthProvider, useAuth } from './contexts/AuthContext';
-import { ToastProvider } from './contexts/ToastContext';
-import { ThemeProvider } from './contexts/ThemeContext';
-import { ResourceTierProvider } from './contexts/ResourceTierContext';
-import { ToastContainer } from './components/Toast';
-import DashboardLayout from './layouts/DashboardLayout';
-import Dashboard from './pages/Dashboard';
-import Login from './pages/Login';
-import Register from './pages/Register';
-import Setup from './pages/Setup';
-import Applications from './pages/Applications';
-import ApplicationDetail from './pages/ApplicationDetail';
-import Docker from './pages/Docker';
-import Databases from './pages/Databases';
-import Domains from './pages/Domains';
-import Monitoring from './pages/Monitoring';
-import Backups from './pages/Backups';
-import Terminal from './pages/Terminal';
-import Settings from './pages/Settings';
-import FileManager from './pages/FileManager';
-import FTPServer from './pages/FTPServer';
-// Firewall is now part of Security page
-import Git from './pages/Git';
-import CronJobs from './pages/CronJobs';
-import Security from './pages/Security';
-import Services from './pages/Services';
-import ServiceDetail from './pages/ServiceDetail';
-import Templates from './pages/Templates';
-import WorkflowBuilder from './pages/WorkflowBuilder';
-import Servers from './pages/Servers';
-import ServerDetail from './pages/ServerDetail';
-import Downloads from './pages/Downloads';
-import WordPress from './pages/WordPress';
-import WordPressDetail from './pages/WordPressDetail';
-import WordPressProjects from './pages/WordPressProjects';
-import WordPressProject from './pages/WordPressProject';
-import SSLCertificates from './pages/SSLCertificates';
-import Email from './pages/Email';
-import SSOCallback from './pages/SSOCallback';
-import DatabaseMigration from './pages/DatabaseMigration';
-
-// Page title mapping
-const PAGE_TITLES = {
-    '/': 'Dashboard',
-    '/login': 'Login',
-    '/register': 'Register',
-    '/setup': 'Setup',
-    '/services': 'Services',
-    '/apps': 'Applications',
-    '/wordpress': 'WordPress Sites',
-    '/wordpress/projects': 'WordPress Projects',
-    '/templates': 'Templates',
-    '/workflow': 'Workflow Builder',
-    '/domains': 'Domains',
-    '/databases': 'Databases',
-    '/ssl': 'SSL Certificates',
-    '/docker': 'Docker',
-    '/servers': 'Servers',
-    '/downloads': 'Downloads',
-    '/git': 'Git Repositories',
-    '/files': 'File Manager',
-    '/ftp': 'FTP Server',
-    '/monitoring': 'Monitoring',
-    '/backups': 'Backups',
-    '/cron': 'Cron Jobs',
-    '/security': 'Security',
-    '/email': 'Email Server',
-    '/terminal': 'Terminal',
-    '/settings': 'Settings',
-    '/migrate': 'Database Migration',
-};
-
-function PageTitleUpdater() {
-    const location = useLocation();
-
-    useEffect(() => {
-        const path = location.pathname;
-        let title = PAGE_TITLES[path];
-
-        // Handle dynamic routes and tab sub-routes
-        if (!title) {
-            // Check if it's a base page with a tab suffix (e.g., /security/firewall)
-            const basePath = '/' + path.split('/')[1];
-            if (PAGE_TITLES[basePath]) {
-                title = PAGE_TITLES[basePath];
-            } else if (path.startsWith('/services/')) title = 'Service Details';
-            else if (path.startsWith('/apps/')) title = 'Application Details';
-            else if (path.startsWith('/servers/')) title = 'Server Details';
-            else if (path.startsWith('/wordpress/projects/')) title = 'WordPress Pipeline';
-            else if (path.startsWith('/wordpress/')) title = 'WordPress Site';
-            else title = 'ServerKit';
-        }
-
-        document.title = title ? `${title} | ServerKit` : 'ServerKit';
-    }, [location]);
-
-    return null;
-}
-
-function PrivateRoute({ children }) {
-    const { isAuthenticated, loading, needsSetup, needsMigration } = useAuth();
-
-    if (loading) {
-        return <div className="loading">Loading...</div>;
-    }
-
-    // Priority: migrations > setup > auth
-    if (needsMigration) {
-        return <Navigate to="/migrate" />;
-    }
-
-    if (needsSetup) {
-        return <Navigate to="/setup" />;
-    }
-
-    return isAuthenticated ? children : <Navigate to="/login" />;
-}
-
-function PublicRoute({ children }) {
-    const { isAuthenticated, loading, needsSetup, needsMigration } = useAuth();
-
-    if (loading) {
-        return <div className="loading">Loading...</div>;
-    }
-
-    // Priority: migrations > setup > auth
-    if (needsMigration) {
-        return <Navigate to="/migrate" />;
-    }
-
-    if (needsSetup) {
-        return <Navigate to="/setup" />;
-    }
-
-    return isAuthenticated ? <Navigate to="/" /> : children;
-}
-
-function SetupRoute({ children }) {
-    const { loading, needsSetup, isAuthenticated } = useAuth();
-
-    if (loading) {
-        return <div className="loading">Loading...</div>;
-    }
-
-    // If setup is not needed, redirect appropriately
-    if (!needsSetup) {
-        return isAuthenticated ? <Navigate to="/" /> : <Navigate to="/login" />;
-    }
-
-    return children;
-}
-
-function AppRoutes() {
-    return (
-        <Routes>
-            <Route path="/migrate" element={<DatabaseMigration />} />
-            <Route path="/setup" element={
-                <SetupRoute>
-                    <Setup />
-                </SetupRoute>
-            } />
-            <Route path="/login" element={
-                <PublicRoute>
-                    <Login />
-                </PublicRoute>
-            } />
-            <Route path="/login/callback/:provider" element={
-                <PublicRoute>
-                    <SSOCallback />
-                </PublicRoute>
-            } />
-            <Route path="/register" element={
-                <PublicRoute>
-                    <Register />
-                </PublicRoute>
-            } />
-            <Route path="/" element={
-                <PrivateRoute>
-                    <DashboardLayout />
-                </PrivateRoute>
-            }>
-                <Route index element={<Dashboard />} />
-                <Route path="services" element={<Services />} />
-                <Route path="services/:id" element={<ServiceDetail />} />
-                <Route path="apps" element={<Navigate to="/services" replace />} />
-                <Route path="apps/:id" element={<ApplicationDetail />} />
-                <Route path="apps/:id/:tab" element={<ApplicationDetail />} />
-                <Route path="wordpress" element={<WordPress />} />
-                <Route path="wordpress/projects" element={<WordPressProjects />} />
-                <Route path="wordpress/projects/:id" element={<WordPressProject />} />
-                <Route path="wordpress/projects/:id/:tab" element={<WordPressProject />} />
-                <Route path="wordpress/:id" element={<WordPressDetail />} />
-                <Route path="wordpress/:id/:tab" element={<WordPressDetail />} />
-                <Route path="templates" element={<Templates />} />
-                <Route path="workflow" element={<WorkflowBuilder />} />
-                <Route path="domains" element={<Domains />} />
-                <Route path="databases" element={<Databases />} />
-                <Route path="databases/:tab" element={<Databases />} />
-                <Route path="ssl" element={<SSLCertificates />} />
-                <Route path="docker" element={<Docker />} />
-                <Route path="docker/:tab" element={<Docker />} />
-                <Route path="servers" element={<Servers />} />
-                <Route path="servers/:id" element={<ServerDetail />} />
-                <Route path="servers/:id/:tab" element={<ServerDetail />} />
-                <Route path="downloads" element={<Downloads />} />
-                <Route path="firewall" element={<Navigate to="/security/firewall" replace />} />
-                <Route path="git" element={<Git />} />
-                <Route path="git/:tab" element={<Git />} />
-                <Route path="files" element={<FileManager />} />
-                <Route path="ftp" element={<FTPServer />} />
-                <Route path="ftp/:tab" element={<FTPServer />} />
-                <Route path="monitoring" element={<Monitoring />} />
-                <Route path="monitoring/:tab" element={<Monitoring />} />
-                <Route path="backups" element={<Backups />} />
-                <Route path="backups/:tab" element={<Backups />} />
-                <Route path="cron" element={<CronJobs />} />
-                <Route path="security" element={<Security />} />
-                <Route path="security/:tab" element={<Security />} />
-                <Route path="email" element={<Email />} />
-                <Route path="email/:tab" element={<Email />} />
-                <Route path="terminal" element={<Terminal />} />
-                <Route path="terminal/:tab" element={<Terminal />} />
-                <Route path="settings" element={<Settings />} />
-                <Route path="settings/:tab" element={<Settings />} />
-            </Route>
-        </Routes>
-    );
-}
-
-function App() {
-    return (
-        <Router>
-            <PageTitleUpdater />
-            <ThemeProvider>
-                <AuthProvider>
-                    <ResourceTierProvider>
-                        <ToastProvider>
-                            <AppRoutes />
-                            <ToastContainer />
-                        </ToastProvider>
-                    </ResourceTierProvider>
-                </AuthProvider>
-            </ThemeProvider>
-        </Router>
-    );
-}
-
-export default App;
+import React, { useEffect } from 'react';
+import { BrowserRouter as Router, Routes, Route, Navigate, useLocation } from 'react-router-dom';
+import { AuthProvider, useAuth } from './contexts/AuthContext';
+import { ToastProvider } from './contexts/ToastContext';
+import { ThemeProvider } from './contexts/ThemeContext';
+import { ResourceTierProvider } from './contexts/ResourceTierContext';
+import { ToastContainer } from './components/Toast';
+import DashboardLayout from './layouts/DashboardLayout';
+import Dashboard from './pages/Dashboard';
+import Login from './pages/Login';
+import Register from './pages/Register';
+import Setup from './pages/Setup';
+import Applications from './pages/Applications';
+import ApplicationDetail from './pages/ApplicationDetail';
+import Docker from './pages/Docker';
+import Databases from './pages/Databases';
+import Domains from './pages/Domains';
+import Monitoring from './pages/Monitoring';
+import Backups from './pages/Backups';
+import Terminal from './pages/Terminal';
+import Settings from './pages/Settings';
+import FileManager from './pages/FileManager';
+import FTPServer from './pages/FTPServer';
+// Firewall is now part of Security page
+import Git from './pages/Git';
+import CronJobs from './pages/CronJobs';
+import Security from './pages/Security';
+import Services from './pages/Services';
+import ServiceDetail from './pages/ServiceDetail';
+import Templates from './pages/Templates';
+import WorkflowBuilder from './pages/WorkflowBuilder';
+import Servers from './pages/Servers';
+import ServerDetail from './pages/ServerDetail';
+import AgentFleet from './pages/AgentFleet';
+import FleetMonitor from './pages/FleetMonitor';
+import Downloads from './pages/Downloads';
+import WordPress from './pages/WordPress';
+import WordPressDetail from './pages/WordPressDetail';
+import WordPressProjects from './pages/WordPressProjects';
+import WordPressProject from './pages/WordPressProject';
+import SSLCertificates from './pages/SSLCertificates';
+import Email from './pages/Email';
+import SSOCallback from './pages/SSOCallback';
+import DatabaseMigration from './pages/DatabaseMigration';
+import AgentPlugins from './pages/AgentPlugins';
+import ServerTemplates from './pages/ServerTemplates';
+import Workspaces from './pages/Workspaces';
+import DNSZones from './pages/DNSZones';
+import StatusPages from './pages/StatusPages';
+import CloudProvision from './pages/CloudProvision';
+import Marketplace from './pages/Marketplace';
+
+// Page title mapping
+const PAGE_TITLES = {
+    '/': 'Dashboard',
+    '/login': 'Login',
+    '/register': 'Register',
+    '/setup': 'Setup',
+    '/services': 'Services',
+    '/apps': 'Applications',
+    '/wordpress': 'WordPress Sites',
+    '/wordpress/projects': 'WordPress Projects',
+    '/templates': 'Templates',
+    '/workflow': 'Workflow Builder',
+    '/domains': 'Domains',
+    '/databases': 'Databases',
+    '/ssl': 'SSL Certificates',
+    '/docker': 'Docker',
+    '/servers': 'Servers',
+    '/downloads': 'Downloads',
+    '/git': 'Git Repositories',
+    '/files': 'File Manager',
+    '/ftp': 'FTP Server',
+    '/monitoring': 'Monitoring',
+    '/backups': 'Backups',
+    '/cron': 'Cron Jobs',
+    '/security': 'Security',
+    '/email': 'Email Server',
+    '/terminal': 'Terminal',
+    '/settings': 'Settings',
+    '/migrate': 'Database Migration',
+    '/fleet': 'Agent Fleet',
+    '/fleet-monitor': 'Fleet Monitor',
+    '/agent-plugins': 'Agent Plugins',
+    '/server-templates': 'Server Templates',
+    '/workspaces': 'Workspaces',
+    '/dns': 'DNS Zones',
+    '/status-pages': 'Status Pages',
+    '/cloud': 'Cloud Provisioning',
+    '/marketplace': 'Marketplace',
+};
+
+function PageTitleUpdater() {
+    const location = useLocation();
+
+    useEffect(() => {
+        const path = location.pathname;
+        let title = PAGE_TITLES[path];
+
+        // Handle dynamic routes and tab sub-routes
+        if (!title) {
+            // Check if it's a base page with a tab suffix (e.g., /security/firewall)
+            const basePath = '/' + path.split('/')[1];
+            if (PAGE_TITLES[basePath]) {
+                title = PAGE_TITLES[basePath];
+            } else if (path.startsWith('/services/')) title = 'Service Details';
+            else if (path.startsWith('/apps/')) title = 'Application Details';
+            else if (path.startsWith('/servers/')) title = 'Server Details';
+            else if (path.startsWith('/wordpress/projects/')) title = 'WordPress Pipeline';
+            else if (path.startsWith('/wordpress/')) title = 'WordPress Site';
+            else title = 'ServerKit';
+        }
+
+        document.title = title ? `${title} | ServerKit` : 'ServerKit';
+    }, [location]);
+
+    return null;
+}
+
+function PrivateRoute({ children }) {
+    const { isAuthenticated, loading, needsSetup, needsMigration } = useAuth();
+
+    if (loading) {
+        return <div className="loading">Loading...</div>;
+    }
+
+    // Priority: migrations > setup > auth
+    if (needsMigration) {
+        return <Navigate to="/migrate" />;
+    }
+
+    if (needsSetup) {
+        return <Navigate to="/setup" />;
+    }
+
+    return isAuthenticated ? children : <Navigate to="/login" />;
+}
+
+function PublicRoute({ children }) {
+    const { isAuthenticated, loading, needsSetup, needsMigration } = useAuth();
+
+    if (loading) {
+        return <div className="loading">Loading...</div>;
+    }
+
+    // Priority: migrations > setup > auth
+    if (needsMigration) {
+        return <Navigate to="/migrate" />;
+    }
+
+    if (needsSetup) {
+        return <Navigate to="/setup" />;
+    }
+
+    return isAuthenticated ? <Navigate to="/" /> : children;
+}
+
+function SetupRoute({ children }) {
+    const { loading, needsSetup, isAuthenticated } = useAuth();
+
+    if (loading) {
+        return <div className="loading">Loading...</div>;
+    }
+
+    // If setup is not needed, redirect appropriately
+    if (!needsSetup) {
+        return isAuthenticated ? <Navigate to="/" /> : <Navigate to="/login" />;
+    }
+
+    return children;
+}
+
+function AppRoutes() {
+    return (
+        <Routes>
+            <Route path="/migrate" element={<DatabaseMigration />} />
+            <Route path="/setup" element={
+                <SetupRoute>
+                    <Setup />
+                </SetupRoute>
+            } />
+            <Route path="/login" element={
+                <PublicRoute>
+                    <Login />
+                </PublicRoute>
+            } />
+            <Route path="/login/callback/:provider" element={
+                <PublicRoute>
+                    <SSOCallback />
+                </PublicRoute>
+            } />
+            <Route path="/register" element={
+                <PublicRoute>
+                    <Register />
+                </PublicRoute>
+            } />
+            <Route path="/" element={
+                <PrivateRoute>
+                    <DashboardLayout />
+                </PrivateRoute>
+            }>
+                <Route index element={<Dashboard />} />
+                <Route path="services" element={<Services />} />
+                <Route path="services/:id" element={<ServiceDetail />} />
+                <Route path="apps" element={<Navigate to="/services" replace />} />
+                <Route path="apps/:id" element={<ApplicationDetail />} />
+                <Route path="apps/:id/:tab" element={<ApplicationDetail />} />
+                <Route path="wordpress" element={<WordPress />} />
+                <Route path="wordpress/projects" element={<WordPressProjects />} />
+                <Route path="wordpress/projects/:id" element={<WordPressProject />} />
+                <Route path="wordpress/projects/:id/:tab" element={<WordPressProject />} />
+                <Route path="wordpress/:id" element={<WordPressDetail />} />
+                <Route path="wordpress/:id/:tab" element={<WordPressDetail />} />
+                <Route path="templates" element={<Templates />} />
+                <Route path="workflow" element={<WorkflowBuilder />} />
+                <Route path="domains" element={<Domains />} />
+                <Route path="databases" element={<Databases />} />
+                <Route path="databases/:tab" element={<Databases />} />
+                <Route path="ssl" element={<SSLCertificates />} />
+                <Route path="docker" element={<Docker />} />
+                <Route path="docker/:tab" element={<Docker />} />
+                <Route path="servers" element={<Servers />} />
+                <Route path="servers/:id" element={<ServerDetail />} />
+                <Route path="servers/:id/:tab" element={<ServerDetail />} />
+                <Route path="fleet" element={<AgentFleet />} />
+                <Route path="fleet-monitor" element={<FleetMonitor />} />
+                <Route path="agent-plugins" element={<AgentPlugins />} />
+                <Route path="server-templates" element={<ServerTemplates />} />
+                <Route path="workspaces" element={<Workspaces />} />
+                <Route path="dns" element={<DNSZones />} />
+                <Route path="status-pages" element={<StatusPages />} />
+                <Route path="cloud" element={<CloudProvision />} />
+                <Route path="marketplace" element={<Marketplace />} />
+                <Route path="downloads" element={<Downloads />} />
+                <Route path="firewall" element={<Navigate to="/security/firewall" replace />} />
+                <Route path="git" element={<Git />} />
+                <Route path="git/:tab" element={<Git />} />
+                <Route path="files" element={<FileManager />} />
+                <Route path="ftp" element={<FTPServer />} />
+                <Route path="ftp/:tab" element={<FTPServer />} />
+                <Route path="monitoring" element={<Monitoring />} />
+                <Route path="monitoring/:tab" element={<Monitoring />} />
+                <Route path="backups" element={<Backups />} />
+                <Route path="backups/:tab" element={<Backups />} />
+                <Route path="cron" element={<CronJobs />} />
+                <Route path="security" element={<Security />} />
+                <Route path="security/:tab" element={<Security />} />
+                <Route path="email" element={<Email />} />
+                <Route path="email/:tab" element={<Email />} />
+                <Route path="terminal" element={<Terminal />} />
+                <Route path="terminal/:tab" element={<Terminal />} />
+                <Route path="settings" element={<Settings />} />
+                <Route path="settings/:tab" element={<Settings />} />
+            </Route>
+        </Routes>
+    );
+}
+
+function App() {
+    return (
+        <Router>
+            <PageTitleUpdater />
+            <ThemeProvider>
+                <AuthProvider>
+                    <ResourceTierProvider>
+                        <ToastProvider>
+                            <AppRoutes />
+                            <ToastContainer />
+                        </ToastProvider>
+                    </ResourceTierProvider>
+                </AuthProvider>
+            </ThemeProvider>
+        </Router>
+    );
+}
+
+export default App;
diff --git a/frontend/src/components/EmptyState.jsx b/frontend/src/components/EmptyState.jsx
new file mode 100644
index 00000000..8edeadf8
--- /dev/null
+++ b/frontend/src/components/EmptyState.jsx
@@ -0,0 +1,24 @@
+import React from 'react';
+import { Inbox } from 'lucide-react';
+
+export default function EmptyState({
+    icon: Icon = Inbox,
+    title = 'No items found',
+    description = '',
+    action = null
+}) {
+    return (
+        <div className="empty-state">
+            <div className="empty-state__icon">
+                <Icon size={48} />
+            </div>
+            <h3 className="empty-state__title">{title}</h3>
+            {description && (
+                <p className="empty-state__description">{description}</p>
+            )}
+            {action && (
+                <div className="empty-state__action">{action}</div>
+            )}
+        </div>
+    );
+}
diff --git a/frontend/src/components/EnvironmentVariables.jsx b/frontend/src/components/EnvironmentVariables.jsx
index 2c40d6a3..b90cd566 100644
--- a/frontend/src/components/EnvironmentVariables.jsx
+++ b/frontend/src/components/EnvironmentVariables.jsx
@@ -1,6 +1,7 @@
 import React, { useState, useEffect, useRef } from 'react';
 import api from '../services/api';
 import { useToast } from '../contexts/ToastContext';
+import Modal from './Modal';
 
 const EnvironmentVariables = ({ appId }) => {
     const toast = useToast();
@@ -429,14 +430,7 @@ const EnvironmentVariables = ({ appId }) => {
             )}
 
             {/* Import Modal */}
-            {showImportModal && (
-                <div className="modal-overlay" onClick={() => setShowImportModal(false)}>
-                    <div className="modal" onClick={e => e.stopPropagation()}>
-                        <div className="modal-header">
-                            <h2>Import Environment Variables</h2>
-                            <button className="modal-close" onClick={() => setShowImportModal(false)}>&times;</button>
-                        </div>
-                        <div className="modal-body">
+            <Modal open={showImportModal} onClose={() => setShowImportModal(false)} title="Import Environment Variables">
                             <p className="hint">Paste your .env file content below or upload a file.</p>
 
                             <div className="import-file-upload">
@@ -471,7 +465,6 @@ const EnvironmentVariables = ({ appId }) => {
                                 />
                                 <span>Overwrite existing variables with same keys</span>
                             </label>
-                        </div>
                         <div className="modal-footer">
                             <button className="btn btn-secondary" onClick={() => setShowImportModal(false)}>
                                 Cancel
@@ -480,19 +473,10 @@ const EnvironmentVariables = ({ appId }) => {
                                 {saving ? 'Importing...' : 'Import'}
                             </button>
                         </div>
-                    </div>
-                </div>
-            )}
+            </Modal>
 
             {/* History Modal */}
-            {showHistoryModal && (
-                <div className="modal-overlay" onClick={() => setShowHistoryModal(false)}>
-                    <div className="modal modal-lg" onClick={e => e.stopPropagation()}>
-                        <div className="modal-header">
-                            <h2>Change History</h2>
-                            <button className="modal-close" onClick={() => setShowHistoryModal(false)}>&times;</button>
-                        </div>
-                        <div className="modal-body">
+            <Modal open={showHistoryModal} onClose={() => setShowHistoryModal(false)} title="Change History" size="lg">
                             {history.length === 0 ? (
                                 <p className="hint">No changes recorded yet.</p>
                             ) : (
@@ -519,15 +503,12 @@ const EnvironmentVariables = ({ appId }) => {
                                     </tbody>
                                 </table>
                             )}
-                        </div>
                         <div className="modal-footer">
                             <button className="btn btn-secondary" onClick={() => setShowHistoryModal(false)}>
                                 Close
                             </button>
                         </div>
-                    </div>
-                </div>
-            )}
+            </Modal>
         </div>
     );
 };
diff --git a/frontend/src/components/LinkAppModal.jsx b/frontend/src/components/LinkAppModal.jsx
index f6c82628..483cc235 100644
--- a/frontend/src/components/LinkAppModal.jsx
+++ b/frontend/src/components/LinkAppModal.jsx
@@ -1,6 +1,7 @@
 import React, { useState, useEffect } from 'react';
 import { X, Link2, GitBranch, AlertCircle, Check } from 'lucide-react';
 import api from '../services/api';
+import Modal from './Modal';
 
 const LinkAppModal = ({ app, onClose, onLinked }) => {
     const [apps, setApps] = useState([]);
@@ -68,18 +69,7 @@ const LinkAppModal = ({ app, onClose, onLinked }) => {
     };
 
     return (
-        <div className="modal-overlay" onClick={onClose}>
-            <div className="modal link-app-modal" onClick={e => e.stopPropagation()}>
-                <div className="modal-header">
-                    <h2>
-                        <Link2 size={20} />
-                        Link Application
-                    </h2>
-                    <button className="modal-close" onClick={onClose}>
-                        <X size={20} />
-                    </button>
-                </div>
-
+        <Modal open={true} onClose={onClose} title="Link Application" className="link-app-modal">
                 {error && (
                     <div className="error-message">
                         <AlertCircle size={16} />
@@ -221,8 +211,7 @@ const LinkAppModal = ({ app, onClose, onLinked }) => {
                         </div>
                     </form>
                 )}
-            </div>
-        </div>
+        </Modal>
     );
 };
 
diff --git a/frontend/src/components/Modal.jsx b/frontend/src/components/Modal.jsx
new file mode 100644
index 00000000..3fc20ca3
--- /dev/null
+++ b/frontend/src/components/Modal.jsx
@@ -0,0 +1,51 @@
+import { useEffect, useRef } from 'react';
+
+export default function Modal({ open, onClose, title, children, footer, className = '', size = '' }) {
+    const modalRef = useRef(null);
+
+    // Close on Escape key
+    useEffect(() => {
+        if (!open) return;
+        const handleKeyDown = (e) => {
+            if (e.key === 'Escape') onClose();
+        };
+        document.addEventListener('keydown', handleKeyDown);
+        return () => document.removeEventListener('keydown', handleKeyDown);
+    }, [open, onClose]);
+
+    // Focus trap: focus the modal when it opens
+    useEffect(() => {
+        if (open && modalRef.current) {
+            modalRef.current.focus();
+        }
+    }, [open]);
+
+    if (!open) return null;
+
+    return (
+        <div className="modal-overlay" onClick={onClose}>
+            <div
+                className={`modal ${size ? `modal-${size}` : ''} ${className}`.trim()}
+                onClick={e => e.stopPropagation()}
+                ref={modalRef}
+                tabIndex={-1}
+                role="dialog"
+                aria-modal="true"
+                aria-label={title}
+            >
+                <div className="modal-header">
+                    <h3>{title}</h3>
+                    <button className="modal-close" onClick={onClose} aria-label="Close">&times;</button>
+                </div>
+                <div className="modal-body">
+                    {children}
+                </div>
+                {footer && (
+                    <div className="modal-footer">
+                        {footer}
+                    </div>
+                )}
+            </div>
+        </div>
+    );
+}
diff --git a/frontend/src/components/QueryRunner.jsx b/frontend/src/components/QueryRunner.jsx
index d3b73f7d..4ead687c 100644
--- a/frontend/src/components/QueryRunner.jsx
+++ b/frontend/src/components/QueryRunner.jsx
@@ -1,6 +1,7 @@
 import React, { useState, useEffect, useRef, useCallback } from 'react';
 import api from '../services/api';
 import { useToast } from '../contexts/ToastContext';
+import Modal from './Modal';
 
 const HISTORY_KEY = 'serverkit_query_history';
 const MAX_HISTORY = 50;
@@ -247,35 +248,21 @@ const QueryRunner = ({ database, dbType, onClose }) => {
     const dbName = dbType === 'sqlite' ? database.name : database.name;
 
     return (
-        <div className="modal-overlay query-runner-overlay" onClick={onClose}>
-            <div className="query-runner-modal" onClick={e => e.stopPropagation()}>
-                <div className="query-runner-header">
-                    <div className="query-runner-title">
-                        <svg viewBox="0 0 24 24" width="20" height="20" stroke="currentColor" fill="none" strokeWidth="2">
-                            <polyline points="16 18 22 12 16 6"/>
-                            <polyline points="8 6 2 12 8 18"/>
-                        </svg>
-                        <span>Query Runner - {dbName}</span>
-                        <span className={`db-type-badge ${dbType}`}>
-                            {dbType === 'mysql' ? 'MySQL' : dbType === 'postgresql' ? 'PostgreSQL' : dbType === 'docker' ? 'Docker MySQL' : 'SQLite'}
-                        </span>
-                    </div>
-                    <div className="query-runner-actions">
-                        {isAdmin && (
-                            <label className="readonly-toggle">
-                                <input
-                                    type="checkbox"
-                                    checked={!readonly}
-                                    onChange={(e) => setReadonly(!e.target.checked)}
-                                />
-                                <span>Allow write queries</span>
-                            </label>
-                        )}
-                        <button className="btn btn-secondary btn-sm" onClick={() => setShowHistory(!showHistory)}>
-                            History
-                        </button>
-                        <button className="modal-close" onClick={onClose}>&times;</button>
-                    </div>
+        <Modal open={true} onClose={onClose} title={`Query Runner - ${dbName}`} className="query-runner-modal">
+                <div className="query-runner-actions-bar">
+                    {isAdmin && (
+                        <label className="readonly-toggle">
+                            <input
+                                type="checkbox"
+                                checked={!readonly}
+                                onChange={(e) => setReadonly(!e.target.checked)}
+                            />
+                            <span>Allow write queries</span>
+                        </label>
+                    )}
+                    <button className="btn btn-secondary btn-sm" onClick={() => setShowHistory(!showHistory)}>
+                        History
+                    </button>
                 </div>
 
                 <div className="query-runner-body">
@@ -465,8 +452,7 @@ const QueryRunner = ({ database, dbType, onClose }) => {
                         </div>
                     </div>
                 )}
-            </div>
-        </div>
+        </Modal>
     );
 };
 
diff --git a/frontend/src/components/Sidebar.jsx b/frontend/src/components/Sidebar.jsx
index 8fb567af..ab6825ad 100644
--- a/frontend/src/components/Sidebar.jsx
+++ b/frontend/src/components/Sidebar.jsx
@@ -1,13 +1,14 @@
-import React, { useState, useEffect, useRef } from 'react';
-import { NavLink, useNavigate } from 'react-router-dom';
+import React, { useState, useEffect, useRef, useMemo } from 'react';
+import { NavLink, useNavigate, useLocation } from 'react-router-dom';
 import { useAuth } from '../contexts/AuthContext';
 import { useTheme } from '../contexts/ThemeContext';
-import { Star, Settings, LogOut, Sun, Moon, Monitor, ChevronRight, ChevronUp, Layers } from 'lucide-react';
+import { Star, Settings, LogOut, Sun, Moon, Monitor, ChevronRight, ChevronDown, ChevronUp, Layers, Palette, PanelLeft, Check } from 'lucide-react';
 import { api } from '../services/api';
 import ServerKitLogo from './ServerKitLogo';
+import { SIDEBAR_CATEGORIES, CATEGORY_LABELS, SIDEBAR_PRESETS, getVisibleItems } from './sidebarItems';
 
 const Sidebar = () => {
-    const { user, logout } = useAuth();
+    const { user, logout, updateUser } = useAuth();
     const { theme, resolvedTheme, setTheme, whiteLabel } = useTheme();
     const navigate = useNavigate();
     const [starAnimating, setStarAnimating] = useState(false);
@@ -47,8 +48,6 @@ const Sidebar = () => {
         };
 
         const scheduleNext = () => {
-            // Each time it plays, the next interval gets longer
-            // 1st: 8-11 min, 2nd: 16-22 min, 3rd: 24-33 min, etc.
             const multiplier = playCount + 1;
             const minMinutes = 8 * multiplier;
             const maxMinutes = 11 * multiplier;
@@ -60,7 +59,6 @@ const Sidebar = () => {
             }, delay);
         };
 
-        // First play after 1 minute
         const initialDelay = setTimeout(() => {
             triggerAnimation();
             scheduleNext();
@@ -72,6 +70,105 @@ const Sidebar = () => {
         };
     }, [whiteLabel.enabled]);
 
+    const conditions = { wpInstalled };
+    const currentPreset = user?.sidebar_config?.preset || 'full';
+    const [manualExpanded, setManualExpanded] = useState({});
+    const [autoExpanded, setAutoExpanded] = useState(null);
+    const location = useLocation();
+
+    const toggleExpand = (itemId) => {
+        const currentlyExpanded = manualExpanded[itemId] ?? (autoExpanded === itemId);
+        setManualExpanded(prev => ({ ...prev, [itemId]: !currentlyExpanded }));
+    };
+
+    const handlePresetSwitch = (presetKey) => {
+        if (presetKey === currentPreset) return;
+        const config = { preset: presetKey, hiddenItems: [] };
+        // Update locally first (instant), persist to backend in background
+        updateUser({ sidebar_config: config });
+        api.updateCurrentUser({ sidebar_config: config }).catch(() => {});
+    };
+
+    const visibleItems = useMemo(
+        () => getVisibleItems(user?.sidebar_config),
+        [user?.sidebar_config]
+    );
+
+    // Group visible items by category
+    const groupedItems = useMemo(() => {
+        const groups = {};
+        for (const cat of SIDEBAR_CATEGORIES) {
+            const items = visibleItems.filter(item => item.category === cat);
+            if (items.length > 0) {
+                groups[cat] = items;
+            }
+        }
+        return groups;
+    }, [visibleItems]);
+
+    // Auto-expand the active parent (or parent of active sub-item), auto-close others
+    useEffect(() => {
+        const path = location.pathname;
+        let activeParent = null;
+        for (const item of visibleItems) {
+            if (!item.subItems?.length) continue;
+            // Expand if on the parent route itself or any sub-item route
+            if (path === item.route || path.startsWith(item.route + '/') ||
+                item.subItems.some(sub => path === sub.route || path.startsWith(sub.route + '/'))) {
+                activeParent = item.id;
+                break;
+            }
+        }
+        setAutoExpanded(activeParent);
+        setManualExpanded({});
+    }, [location.pathname, visibleItems]);
+
+    const renderNavItem = (item) => {
+        const hasChildren = item.subItems && item.subItems.length > 0;
+        // Show expanded if manually toggled OR auto-expanded by active route
+        const isExpanded = manualExpanded[item.id] ?? (autoExpanded === item.id);
+        const visibleSubs = hasChildren
+            ? item.subItems.filter(sub => !sub.requiresCondition || conditions[sub.requiresCondition])
+            : [];
+
+        return (
+            <React.Fragment key={item.id}>
+                <div className={`nav-item-row ${hasChildren ? 'has-children' : ''}`}>
+                    <NavLink
+                        to={item.route}
+                        className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}
+                        end={item.end || hasChildren}
+                    >
+                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor"
+                            dangerouslySetInnerHTML={{ __html: item.icon }}
+                        />
+                        {item.label}
+                    </NavLink>
+                    {visibleSubs.length > 0 && (
+                        <button
+                            className={`nav-expand-btn ${isExpanded ? 'expanded' : ''}`}
+                            onClick={(e) => { e.stopPropagation(); toggleExpand(item.id); }}
+                        >
+                            <ChevronRight size={14} />
+                        </button>
+                    )}
+                </div>
+                {isExpanded && visibleSubs.map(sub => (
+                    <NavLink
+                        key={sub.id}
+                        to={sub.route}
+                        className={({ isActive }) => `nav-item nav-sub-item ${isActive ? 'active' : ''}`}
+                    >
+                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor"
+                            dangerouslySetInnerHTML={{ __html: sub.icon }}
+                        />
+                        {sub.label}
+                    </NavLink>
+                ))}
+            </React.Fragment>
+        );
+    };
+
     return (
         <aside className="sidebar">
             {whiteLabel.enabled ? (
@@ -129,186 +226,18 @@ const Sidebar = () => {
             )}
 
             <div className="nav-scroll">
-                <div className="nav-category">Overview</div>
-                <nav className="nav">
-                    <NavLink to="/" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`} end>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <rect x="3" y="3" width="7" height="7"/>
-                            <rect x="14" y="3" width="7" height="7"/>
-                            <rect x="14" y="14" width="7" height="7"/>
-                            <rect x="3" y="14" width="7" height="7"/>
-                        </svg>
-                        Dashboard
-                    </NavLink>
-                </nav>
-
-                <div className="nav-category">Infrastructure</div>
-                <nav className="nav">
-                    <NavLink to="/servers" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <rect x="2" y="2" width="20" height="8" rx="2" ry="2"/>
-                            <rect x="2" y="14" width="20" height="8" rx="2" ry="2"/>
-                            <line x1="6" y1="6" x2="6.01" y2="6"/>
-                            <line x1="6" y1="18" x2="6.01" y2="18"/>
-                        </svg>
-                        Servers
-                    </NavLink>
-                    <NavLink to="/domains" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <circle cx="12" cy="12" r="10"/>
-                            <line x1="2" y1="12" x2="22" y2="12"/>
-                            <path d="M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z"/>
-                        </svg>
-                        Domains & Sites
-                    </NavLink>
-                    <NavLink to="/services" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <path d="M21 16V8a2 2 0 0 0-1-1.73l-7-4a2 2 0 0 0-2 0l-7 4A2 2 0 0 0 3 8v8a2 2 0 0 0 1 1.73l7 4a2 2 0 0 0 2 0l7-4A2 2 0 0 0 21 16z"/>
-                            <polyline points="3.27 6.96 12 12.01 20.73 6.96"/>
-                            <line x1="12" y1="22.08" x2="12" y2="12"/>
-                        </svg>
-                        Services
-                    </NavLink>
-                    <NavLink to="/wordpress" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <circle cx="12" cy="12" r="10"/>
-                            <path d="M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z"/>
-                            <path d="M3.5 9h17M3.5 15h17"/>
-                        </svg>
-                        WordPress
-                    </NavLink>
-                    {wpInstalled && (
-                        <NavLink to="/wordpress/projects" className={({ isActive }) => `nav-item nav-sub-item ${isActive ? 'active' : ''}`}>
-                            <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                                <path d="M22 12h-4l-3 9L9 3l-3 9H2"/>
-                            </svg>
-                            Pipeline
-                        </NavLink>
-                    )}
-                    <NavLink to="/templates" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <rect x="3" y="3" width="7" height="9"/>
-                            <rect x="14" y="3" width="7" height="5"/>
-                            <rect x="14" y="12" width="7" height="9"/>
-                            <rect x="3" y="16" width="7" height="5"/>
-                        </svg>
-                        Templates
-                    </NavLink>
-                    <NavLink to="/workflow" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <circle cx="18" cy="5" r="3"/>
-                            <circle cx="6" cy="12" r="3"/>
-                            <circle cx="18" cy="19" r="3"/>
-                            <path d="M8.59 13.51l6.83 3.98"/>
-                            <path d="M15.41 6.51l-6.82 3.98"/>
-                        </svg>
-                        Workflow Builder
-                    </NavLink>
-                    <NavLink to="/databases" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <ellipse cx="12" cy="5" rx="9" ry="3"/>
-                            <path d="M21 12c0 1.66-4 3-9 3s-9-1.34-9-3"/>
-                            <path d="M3 5v14c0 1.66 4 3 9 3s9-1.34 9-3V5"/>
-                        </svg>
-                        Databases
-                    </NavLink>
-                    <NavLink to="/ssl" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <rect x="3" y="11" width="18" height="11" rx="2" ry="2"/>
-                            <path d="M7 11V7a5 5 0 0 1 10 0v4"/>
-                        </svg>
-                        SSL Certificates
-                    </NavLink>
-                    <NavLink to="/docker" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <rect x="2" y="7" width="6" height="6" rx="1"/>
-                            <rect x="9" y="7" width="6" height="6" rx="1"/>
-                            <rect x="16" y="7" width="6" height="6" rx="1"/>
-                            <rect x="2" y="14" width="6" height="6" rx="1"/>
-                            <rect x="9" y="14" width="6" height="6" rx="1"/>
-                        </svg>
-                        Docker
-                    </NavLink>
-                    <NavLink to="/git" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <circle cx="18" cy="18" r="3"/>
-                            <circle cx="6" cy="6" r="3"/>
-                            <path d="M6 21V9a9 9 0 0 0 9 9"/>
-                        </svg>
-                        Git
-                    </NavLink>
-                </nav>
-
-                <div className="nav-category">Operations</div>
-                <nav className="nav">
-                    <NavLink to="/files" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <path d="M22 19a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h5l2 3h9a2 2 0 0 1 2 2z"/>
-                        </svg>
-                        File Manager
-                    </NavLink>
-                    <NavLink to="/ftp" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4"/>
-                            <polyline points="17 8 12 3 7 8"/>
-                            <line x1="12" y1="3" x2="12" y2="15"/>
-                        </svg>
-                        FTP Server
-                    </NavLink>
-                    <NavLink to="/monitoring" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <path d="M22 12h-4l-3 9L9 3l-3 9H2"/>
-                        </svg>
-                        Monitoring
-                    </NavLink>
-                    <NavLink to="/backups" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4"/>
-                            <polyline points="7 10 12 15 17 10"/>
-                            <line x1="12" y1="15" x2="12" y2="3"/>
-                        </svg>
-                        Backups
-                    </NavLink>
-                    <NavLink to="/cron" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <circle cx="12" cy="12" r="10"/>
-                            <polyline points="12 6 12 12 16 14"/>
-                        </svg>
-                        Cron Jobs
-                    </NavLink>
-                    <NavLink to="/security" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/>
-                            <path d="M12 8v4m0 4h.01"/>
-                        </svg>
-                        Security
-                    </NavLink>
-                    <NavLink to="/email" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <path d="M4 4h16c1.1 0 2 .9 2 2v12c0 1.1-.9 2-2 2H4c-1.1 0-2-.9-2-2V6c0-1.1.9-2 2-2z"/>
-                            <polyline points="22,6 12,13 2,6"/>
-                        </svg>
-                        Email Server
-                    </NavLink>
-                </nav>
-
-                <div className="nav-category">System</div>
-                <nav className="nav">
-                    <NavLink to="/terminal" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <path d="M4 17l6-6-6-6M12 19h8"/>
-                        </svg>
-                        Terminal / Logs
-                    </NavLink>
-                    <NavLink to="/downloads" className={({ isActive }) => `nav-item ${isActive ? 'active' : ''}`}>
-                        <svg className="nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                            <path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4"/>
-                            <polyline points="7 10 12 15 17 10"/>
-                            <line x1="12" y1="15" x2="12" y2="3"/>
-                        </svg>
-                        Downloads
-                    </NavLink>
-                </nav>
+                {SIDEBAR_CATEGORIES.map(cat => {
+                    const items = groupedItems[cat];
+                    if (!items) return null;
+                    return (
+                        <React.Fragment key={cat}>
+                            <div className="nav-category">{CATEGORY_LABELS[cat]}</div>
+                            <nav className="nav">
+                                {items.map(renderNavItem)}
+                            </nav>
+                        </React.Fragment>
+                    );
+                })}
             </div>
 
             <div className="sidebar-footer" ref={menuRef}>
@@ -340,13 +269,45 @@ const Sidebar = () => {
                                 </button>
                             </div>
                         </div>
+                        <div className="context-menu-section">
+                            <div className="context-menu-label">Sidebar View</div>
+                            <div className="view-switcher">
+                                {Object.entries(SIDEBAR_PRESETS).map(([key, preset]) => (
+                                    <button
+                                        key={key}
+                                        className={`view-btn ${currentPreset === key ? 'active' : ''}`}
+                                        onClick={() => handlePresetSwitch(key)}
+                                        title={preset.description}
+                                    >
+                                        {preset.label}
+                                        {currentPreset === key && <Check size={10} />}
+                                    </button>
+                                ))}
+                            </div>
+                        </div>
                         <div className="context-menu-divider" />
+                        <button
+                            className="context-menu-item"
+                            onClick={() => { navigate('/settings/appearance'); setMenuOpen(false); }}
+                        >
+                            <Palette size={15} />
+                            Appearance
+                            <ChevronRight size={14} className="context-menu-arrow" />
+                        </button>
+                        <button
+                            className="context-menu-item"
+                            onClick={() => { navigate('/settings/sidebar'); setMenuOpen(false); }}
+                        >
+                            <PanelLeft size={15} />
+                            Customize Sidebar
+                            <ChevronRight size={14} className="context-menu-arrow" />
+                        </button>
                         <button
                             className="context-menu-item"
                             onClick={() => { navigate('/settings'); setMenuOpen(false); }}
                         >
                             <Settings size={15} />
-                            Settings
+                            All Settings
                             <ChevronRight size={14} className="context-menu-arrow" />
                         </button>
                         <div className="context-menu-divider" />
diff --git a/frontend/src/components/StatusBadge.jsx b/frontend/src/components/StatusBadge.jsx
new file mode 100644
index 00000000..75eb5930
--- /dev/null
+++ b/frontend/src/components/StatusBadge.jsx
@@ -0,0 +1,33 @@
+import React from 'react';
+
+const STATUS_MAP = {
+    online: { label: 'Online', className: 'status-badge--success' },
+    running: { label: 'Running', className: 'status-badge--success' },
+    healthy: { label: 'Healthy', className: 'status-badge--success' },
+    active: { label: 'Active', className: 'status-badge--success' },
+    connected: { label: 'Connected', className: 'status-badge--success' },
+    offline: { label: 'Offline', className: 'status-badge--danger' },
+    stopped: { label: 'Stopped', className: 'status-badge--danger' },
+    error: { label: 'Error', className: 'status-badge--danger' },
+    failed: { label: 'Failed', className: 'status-badge--danger' },
+    disconnected: { label: 'Disconnected', className: 'status-badge--danger' },
+    warning: { label: 'Warning', className: 'status-badge--warning' },
+    degraded: { label: 'Degraded', className: 'status-badge--warning' },
+    pending: { label: 'Pending', className: 'status-badge--info' },
+    building: { label: 'Building', className: 'status-badge--info' },
+    deploying: { label: 'Deploying', className: 'status-badge--info' },
+    paused: { label: 'Paused', className: 'status-badge--muted' },
+    unknown: { label: 'Unknown', className: 'status-badge--muted' },
+};
+
+export default function StatusBadge({ status, label, className = '' }) {
+    const mapped = STATUS_MAP[status?.toLowerCase()] || STATUS_MAP.unknown;
+    const displayLabel = label || mapped.label || status;
+
+    return (
+        <span className={`status-badge ${mapped.className} ${className}`.trim()}>
+            <span className="status-badge__dot" />
+            {displayLabel}
+        </span>
+    );
+}
diff --git a/frontend/src/components/security/AuditTab.jsx b/frontend/src/components/security/AuditTab.jsx
new file mode 100644
index 00000000..ab043345
--- /dev/null
+++ b/frontend/src/components/security/AuditTab.jsx
@@ -0,0 +1,112 @@
+import React, { useState } from 'react';
+import api from '../../services/api';
+
+const AuditTab = () => {
+    const [audit, setAudit] = useState(null);
+    const [loading, setLoading] = useState(false);
+    const [error, setError] = useState(null);
+
+    const runAudit = async () => {
+        setLoading(true);
+        setError(null);
+        try {
+            const data = await api.generateSecurityAudit();
+            setAudit(data.audit);
+        } catch (err) {
+            setError(err.message);
+        } finally {
+            setLoading(false);
+        }
+    };
+
+    const getSeverityClass = (severity) => {
+        switch (severity) {
+            case 'pass': return 'badge-success';
+            case 'critical': return 'badge-danger';
+            case 'warning': return 'badge-warning';
+            case 'info': return 'badge-info';
+            default: return 'badge-secondary';
+        }
+    };
+
+    const getScoreClass = (score) => {
+        if (score >= 80) return 'score-excellent';
+        if (score >= 60) return 'score-good';
+        if (score >= 40) return 'score-fair';
+        return 'score-poor';
+    };
+
+    return (
+        <div className="audit-tab">
+            <div className="card">
+                <div className="card-header">
+                    <h3>Security Audit</h3>
+                    <button className="btn btn-primary" onClick={runAudit} disabled={loading}>
+                        {loading ? 'Running Audit...' : 'Run Audit'}
+                    </button>
+                </div>
+                <div className="card-body">
+                    {error && <div className="alert alert-danger">{error}</div>}
+
+                    {!audit && !loading && (
+                        <div className="empty-state">
+                            <svg viewBox="0 0 24 24" width="48" height="48" stroke="currentColor" fill="none" strokeWidth="1">
+                                <path d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4"/>
+                            </svg>
+                            <p>Run a security audit to check your server&apos;s configuration.</p>
+                        </div>
+                    )}
+
+                    {loading && (
+                        <div className="loading-state">
+                            <div className="spinner"></div>
+                            <p>Running security audit...</p>
+                        </div>
+                    )}
+
+                    {audit && !loading && (
+                        <div className="audit-results">
+                            <div className={`audit-score ${getScoreClass(audit.score)}`}>
+                                <span className="score-value">{audit.score}</span>
+                                <span className="score-label">Security Score</span>
+                            </div>
+
+                            <div className="audit-timestamp">
+                                Generated: {new Date(audit.generated_at).toLocaleString()}
+                            </div>
+
+                            {Object.entries(audit.services || {}).map(([service, data]) => (
+                                <div key={service} className="audit-section">
+                                    <h4>{service.toUpperCase()}</h4>
+                                    <div className="findings-list">
+                                        {data.findings?.map((finding, idx) => (
+                                            <div key={idx} className="finding-item">
+                                                <span className={`badge ${getSeverityClass(finding.severity)}`}>
+                                                    {finding.severity}
+                                                </span>
+                                                <span className="finding-message">{finding.message}</span>
+                                            </div>
+                                        ))}
+                                    </div>
+                                </div>
+                            ))}
+
+                            {audit.recommendations?.length > 0 && (
+                                <div className="audit-section recommendations">
+                                    <h4>Recommendations</h4>
+                                    <ul>
+                                        {audit.recommendations.map((rec, idx) => (
+                                            <li key={idx}>{rec}</li>
+                                        ))}
+                                    </ul>
+                                </div>
+                            )}
+                        </div>
+                    )}
+                </div>
+            </div>
+        </div>
+    );
+};
+
+export default AuditTab;
diff --git a/frontend/src/components/security/AutoUpdatesTab.jsx b/frontend/src/components/security/AutoUpdatesTab.jsx
new file mode 100644
index 00000000..3a5fb2d9
--- /dev/null
+++ b/frontend/src/components/security/AutoUpdatesTab.jsx
@@ -0,0 +1,140 @@
+import React, { useState, useEffect } from 'react';
+import api from '../../services/api';
+import { useToast } from '../../contexts/ToastContext';
+
+const AutoUpdatesTab = () => {
+    const [status, setStatus] = useState(null);
+    const [loading, setLoading] = useState(true);
+    const [actionLoading, setActionLoading] = useState(false);
+    const toast = useToast();
+
+    useEffect(() => {
+        loadStatus();
+    }, []);
+
+    const loadStatus = async () => {
+        setLoading(true);
+        try {
+            const data = await api.getAutoUpdatesStatus();
+            setStatus(data);
+        } catch (error) {
+            console.error('Failed to load auto-updates status:', error);
+        } finally {
+            setLoading(false);
+        }
+    };
+
+    const handleInstall = async () => {
+        setActionLoading(true);
+        try {
+            await api.installAutoUpdates();
+            toast.success('Auto-updates package installed');
+            await loadStatus();
+        } catch (error) {
+            toast.error(`Failed to install: ${error.message}`);
+        } finally {
+            setActionLoading(false);
+        }
+    };
+
+    const handleEnable = async () => {
+        setActionLoading(true);
+        try {
+            await api.enableAutoUpdates();
+            toast.success('Automatic updates enabled');
+            await loadStatus();
+        } catch (error) {
+            toast.error(`Failed to enable: ${error.message}`);
+        } finally {
+            setActionLoading(false);
+        }
+    };
+
+    const handleDisable = async () => {
+        setActionLoading(true);
+        try {
+            await api.disableAutoUpdates();
+            toast.success('Automatic updates disabled');
+            await loadStatus();
+        } catch (error) {
+            toast.error(`Failed to disable: ${error.message}`);
+        } finally {
+            setActionLoading(false);
+        }
+    };
+
+    if (loading) {
+        return <div className="loading-sm">Loading auto-updates status...</div>;
+    }
+
+    if (!status?.supported) {
+        return (
+            <div className="auto-updates-tab">
+                <div className="empty-state">
+                    <svg viewBox="0 0 24 24" width="48" height="48" stroke="currentColor" fill="none" strokeWidth="1">
+                        <path d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"/>
+                    </svg>
+                    <h3>Not Supported</h3>
+                    <p>Automatic security updates are not supported on this system.</p>
+                </div>
+            </div>
+        );
+    }
+
+    return (
+        <div className="auto-updates-tab">
+            <div className="card">
+                <div className="card-header">
+                    <h3>Automatic Security Updates</h3>
+                    <button className="btn btn-sm btn-secondary" onClick={loadStatus}>Refresh</button>
+                </div>
+                <div className="card-body">
+                    <div className="info-list">
+                        <div className="info-item">
+                            <span className="info-label">Package</span>
+                            <span className="info-value">{status.package}</span>
+                        </div>
+                        <div className="info-item">
+                            <span className="info-label">Installed</span>
+                            <span className={`badge ${status.installed ? 'badge-success' : 'badge-warning'}`}>
+                                {status.installed ? 'Yes' : 'No'}
+                            </span>
+                        </div>
+                        <div className="info-item">
+                            <span className="info-label">Status</span>
+                            <span className={`badge ${status.enabled ? 'badge-success' : 'badge-secondary'}`}>
+                                {status.enabled ? 'Enabled' : 'Disabled'}
+                            </span>
+                        </div>
+                    </div>
+
+                    <div className="auto-updates-actions" style={{ marginTop: '1.5rem' }}>
+                        {!status.installed ? (
+                            <button className="btn btn-primary" onClick={handleInstall} disabled={actionLoading}>
+                                {actionLoading ? 'Installing...' : 'Install Auto-Updates'}
+                            </button>
+                        ) : status.enabled ? (
+                            <button className="btn btn-warning" onClick={handleDisable} disabled={actionLoading}>
+                                {actionLoading ? 'Disabling...' : 'Disable Auto-Updates'}
+                            </button>
+                        ) : (
+                            <button className="btn btn-success" onClick={handleEnable} disabled={actionLoading}>
+                                {actionLoading ? 'Enabling...' : 'Enable Auto-Updates'}
+                            </button>
+                        )}
+                    </div>
+
+                    <div className="help-text" style={{ marginTop: '1.5rem' }}>
+                        <p>
+                            <strong>What are automatic security updates?</strong><br/>
+                            When enabled, your server will automatically download and install security updates,
+                            helping protect against known vulnerabilities without manual intervention.
+                        </p>
+                    </div>
+                </div>
+            </div>
+        </div>
+    );
+};
+
+export default AutoUpdatesTab;
diff --git a/frontend/src/components/security/EventsTab.jsx b/frontend/src/components/security/EventsTab.jsx
new file mode 100644
index 00000000..ded62ed3
--- /dev/null
+++ b/frontend/src/components/security/EventsTab.jsx
@@ -0,0 +1,98 @@
+import React, { useState, useEffect } from 'react';
+import api from '../../services/api';
+
+const EventsTab = () => {
+    const [events, setEvents] = useState([]);
+    const [failedLogins, setFailedLogins] = useState(null);
+    const [loading, setLoading] = useState(true);
+
+    useEffect(() => {
+        loadEvents();
+        loadFailedLogins();
+    }, []);
+
+    async function loadEvents() {
+        try {
+            const data = await api.getSecurityEvents(50);
+            setEvents(data.events || []);
+        } catch (err) {
+            console.error('Failed to load security events:', err);
+        } finally {
+            setLoading(false);
+        }
+    }
+
+    async function loadFailedLogins() {
+        try {
+            const data = await api.getFailedLogins(24);
+            setFailedLogins(data);
+        } catch (err) {
+            console.error('Failed to load failed logins:', err);
+        }
+    }
+
+    function getEventIcon(type) {
+        if (type.includes('malware')) {
+            return <svg viewBox="0 0 24 24" width="16" height="16" stroke="currentColor" fill="none" strokeWidth="2"><path d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"/></svg>;
+        }
+        if (type.includes('integrity')) {
+            return <svg viewBox="0 0 24 24" width="16" height="16" stroke="currentColor" fill="none" strokeWidth="2"><path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z"/><polyline points="14 2 14 8 20 8"/></svg>;
+        }
+        return <svg viewBox="0 0 24 24" width="16" height="16" stroke="currentColor" fill="none" strokeWidth="2"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/></svg>;
+    }
+
+    return (
+        <div className="events-tab">
+            {failedLogins && (
+                <div className={`card ${failedLogins.alert_triggered ? 'card-warning' : ''}`}>
+                    <div className="card-header">
+                        <h3>Failed Login Attempts (24h)</h3>
+                        <button className="btn btn-sm btn-secondary" onClick={loadFailedLogins}>Refresh</button>
+                    </div>
+                    <div className="card-body">
+                        <div className="failed-login-summary">
+                            <span className={`count ${failedLogins.alert_triggered ? 'danger' : ''}`}>
+                                {failedLogins.failed_attempts}
+                            </span>
+                            <span className="label">failed attempts (threshold: {failedLogins.threshold})</span>
+                        </div>
+                        {failedLogins.recent_failures?.length > 0 && (
+                            <details className="recent-failures">
+                                <summary>View recent failures</summary>
+                                <pre>{failedLogins.recent_failures.join('\n')}</pre>
+                            </details>
+                        )}
+                    </div>
+                </div>
+            )}
+
+            <div className="card">
+                <div className="card-header">
+                    <h3>Security Events</h3>
+                    <button className="btn btn-sm btn-secondary" onClick={loadEvents}>Refresh</button>
+                </div>
+                <div className="card-body">
+                    {loading ? (
+                        <div className="loading-sm">Loading...</div>
+                    ) : events.length === 0 ? (
+                        <p className="text-muted">No security events recorded.</p>
+                    ) : (
+                        <div className="events-list">
+                            {events.map((event, index) => (
+                                <div key={index} className={`event-item ${event.type}`}>
+                                    <div className="event-icon">{getEventIcon(event.type)}</div>
+                                    <div className="event-content">
+                                        <span className="event-message">{event.message}</span>
+                                        <span className="event-time">{new Date(event.timestamp).toLocaleString()}</span>
+                                    </div>
+                                </div>
+                            ))}
+                        </div>
+                    )}
+                </div>
+            </div>
+        </div>
+    );
+};
+
+export default EventsTab;
diff --git a/frontend/src/components/security/Fail2banTab.jsx b/frontend/src/components/security/Fail2banTab.jsx
new file mode 100644
index 00000000..1f0079c9
--- /dev/null
+++ b/frontend/src/components/security/Fail2banTab.jsx
@@ -0,0 +1,218 @@
+import React, { useState, useEffect } from 'react';
+import api from '../../services/api';
+import ConfirmDialog from '../ConfirmDialog';
+import { useToast } from '../../contexts/ToastContext';
+import Modal from '../Modal';
+
+const Fail2banTab = () => {
+    const [status, setStatus] = useState(null);
+    const [bans, setBans] = useState([]);
+    const [loading, setLoading] = useState(true);
+    const [actionLoading, setActionLoading] = useState(false);
+    const [showBanModal, setShowBanModal] = useState(false);
+    const [banIP, setBanIP] = useState('');
+    const [banJail, setBanJail] = useState('sshd');
+    const [confirmDialog, setConfirmDialog] = useState(null);
+    const toast = useToast();
+
+    useEffect(() => {
+        loadData();
+    }, []);
+
+    const loadData = async () => {
+        setLoading(true);
+        try {
+            const [statusData, bansData] = await Promise.all([
+                api.getFail2banStatus(),
+                api.getAllFail2banBans().catch(() => ({ banned_ips: [] }))
+            ]);
+            setStatus(statusData);
+            setBans(bansData.banned_ips || []);
+        } catch (error) {
+            console.error('Failed to load Fail2ban data:', error);
+        } finally {
+            setLoading(false);
+        }
+    };
+
+    const handleInstall = async () => {
+        setActionLoading(true);
+        try {
+            await api.installFail2ban();
+            toast.success('Fail2ban installed successfully');
+            await loadData();
+        } catch (error) {
+            toast.error(`Failed to install: ${error.message}`);
+        } finally {
+            setActionLoading(false);
+        }
+    };
+
+    const handleBan = async () => {
+        if (!banIP.trim()) return;
+        setActionLoading(true);
+        try {
+            await api.fail2banBan(banIP, banJail);
+            toast.success(`IP ${banIP} banned in ${banJail}`);
+            setShowBanModal(false);
+            setBanIP('');
+            await loadData();
+        } catch (error) {
+            toast.error(`Failed to ban IP: ${error.message}`);
+        } finally {
+            setActionLoading(false);
+        }
+    };
+
+    const handleUnban = async (ip, jail) => {
+        setConfirmDialog({
+            title: 'Unban IP',
+            message: `Are you sure you want to unban ${ip} from ${jail}?`,
+            confirmText: 'Unban',
+            variant: 'warning',
+            onConfirm: async () => {
+                try {
+                    await api.fail2banUnban(ip, jail);
+                    toast.success(`IP ${ip} unbanned`);
+                    await loadData();
+                } catch (error) {
+                    toast.error(`Failed to unban: ${error.message}`);
+                }
+                setConfirmDialog(null);
+            },
+            onCancel: () => setConfirmDialog(null)
+        });
+    };
+
+    if (loading) {
+        return <div className="loading-sm">Loading Fail2ban status...</div>;
+    }
+
+    return (
+        <div className="fail2ban-tab">
+            {!status?.installed ? (
+                <div className="empty-state">
+                    <svg viewBox="0 0 24 24" width="48" height="48" stroke="currentColor" fill="none" strokeWidth="1">
+                        <path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/>
+                    </svg>
+                    <h3>Fail2ban Not Installed</h3>
+                    <p>Install Fail2ban to protect against brute force attacks.</p>
+                    <button className="btn btn-primary" onClick={handleInstall} disabled={actionLoading}>
+                        {actionLoading ? 'Installing...' : 'Install Fail2ban'}
+                    </button>
+                </div>
+            ) : (
+                <>
+                    <div className="card">
+                        <div className="card-header">
+                            <h3>Fail2ban Status</h3>
+                            <div className="card-actions">
+                                <button className="btn btn-sm btn-primary" onClick={() => setShowBanModal(true)}>
+                                    Ban IP
+                                </button>
+                                <button className="btn btn-sm btn-secondary" onClick={loadData}>
+                                    Refresh
+                                </button>
+                            </div>
+                        </div>
+                        <div className="card-body">
+                            <div className="info-list">
+                                <div className="info-item">
+                                    <span className="info-label">Service</span>
+                                    <span className={`badge ${status.service_running ? 'badge-success' : 'badge-danger'}`}>
+                                        {status.service_running ? 'Running' : 'Stopped'}
+                                    </span>
+                                </div>
+                                <div className="info-item">
+                                    <span className="info-label">Version</span>
+                                    <span className="info-value">{status.version || 'Unknown'}</span>
+                                </div>
+                                <div className="info-item">
+                                    <span className="info-label">Active Jails</span>
+                                    <span className="info-value">{status.jails?.join(', ') || 'None'}</span>
+                                </div>
+                                <div className="info-item">
+                                    <span className="info-label">Total Banned IPs</span>
+                                    <span className="info-value">{bans.length}</span>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+
+                    <div className="card">
+                        <div className="card-header">
+                            <h3>Banned IPs</h3>
+                        </div>
+                        <div className="card-body">
+                            {bans.length === 0 ? (
+                                <p className="text-muted">No IPs are currently banned.</p>
+                            ) : (
+                                <table className="table">
+                                    <thead>
+                                        <tr>
+                                            <th>IP Address</th>
+                                            <th>Jail</th>
+                                            <th>Actions</th>
+                                        </tr>
+                                    </thead>
+                                    <tbody>
+                                        {bans.map((ban, index) => (
+                                            <tr key={index}>
+                                                <td><code>{ban.ip}</code></td>
+                                                <td><span className="badge badge-info">{ban.jail}</span></td>
+                                                <td>
+                                                    <button className="btn btn-sm btn-warning" onClick={() => handleUnban(ban.ip, ban.jail)}>
+                                                        Unban
+                                                    </button>
+                                                </td>
+                                            </tr>
+                                        ))}
+                                    </tbody>
+                                </table>
+                            )}
+                        </div>
+                    </div>
+                </>
+            )}
+
+            <Modal open={showBanModal} onClose={() => setShowBanModal(false)} title="Ban IP Address">
+                            <div className="form-group">
+                                <label>IP Address</label>
+                                <input
+                                    type="text"
+                                    value={banIP}
+                                    onChange={(e) => setBanIP(e.target.value)}
+                                    placeholder="192.168.1.100"
+                                />
+                            </div>
+                            <div className="form-group">
+                                <label>Jail</label>
+                                <select value={banJail} onChange={(e) => setBanJail(e.target.value)}>
+                                    {status?.jails?.map(jail => (
+                                        <option key={jail} value={jail}>{jail}</option>
+                                    ))}
+                                </select>
+                            </div>
+                        <div className="modal-footer">
+                            <button className="btn btn-secondary" onClick={() => setShowBanModal(false)}>Cancel</button>
+                            <button className="btn btn-danger" onClick={handleBan} disabled={actionLoading || !banIP.trim()}>
+                                {actionLoading ? 'Banning...' : 'Ban IP'}
+                            </button>
+                        </div>
+            </Modal>
+
+            {confirmDialog && (
+                <ConfirmDialog
+                    title={confirmDialog.title}
+                    message={confirmDialog.message}
+                    confirmText={confirmDialog.confirmText}
+                    variant={confirmDialog.variant}
+                    onConfirm={confirmDialog.onConfirm}
+                    onCancel={confirmDialog.onCancel}
+                />
+            )}
+        </div>
+    );
+};
+
+export default Fail2banTab;
diff --git a/frontend/src/components/security/FirewallTab.jsx b/frontend/src/components/security/FirewallTab.jsx
new file mode 100644
index 00000000..53a871e8
--- /dev/null
+++ b/frontend/src/components/security/FirewallTab.jsx
@@ -0,0 +1,523 @@
+import React, { useState, useEffect } from 'react';
+import api from '../../services/api';
+import ConfirmDialog from '../ConfirmDialog';
+import { useToast } from '../../contexts/ToastContext';
+import Modal from '../Modal';
+
+const FirewallTab = () => {
+    const [status, setStatus] = useState(null);
+    const [rules, setRules] = useState([]);
+    const [blockedIPs, setBlockedIPs] = useState([]);
+    const [loading, setLoading] = useState(true);
+    const [activeSubTab, setActiveSubTab] = useState('status');
+    const [showBlockIPModal, setShowBlockIPModal] = useState(false);
+    const [showPortModal, setShowPortModal] = useState(false);
+    const [showInstallModal, setShowInstallModal] = useState(false);
+    const [blockIP, setBlockIP] = useState('');
+    const [newPort, setNewPort] = useState({ port: '', protocol: 'tcp' });
+    const [selectedFirewall, setSelectedFirewall] = useState('ufw');
+    const [actionLoading, setActionLoading] = useState(false);
+    const [confirmDialog, setConfirmDialog] = useState(null);
+    const toast = useToast();
+
+    const commonPorts = [
+        { port: 22, name: 'SSH', protocol: 'tcp' },
+        { port: 80, name: 'HTTP', protocol: 'tcp' },
+        { port: 443, name: 'HTTPS', protocol: 'tcp' },
+        { port: 21, name: 'FTP', protocol: 'tcp' },
+        { port: 25, name: 'SMTP', protocol: 'tcp' },
+        { port: 3306, name: 'MySQL', protocol: 'tcp' },
+        { port: 5432, name: 'PostgreSQL', protocol: 'tcp' },
+        { port: 6379, name: 'Redis', protocol: 'tcp' },
+        { port: 27017, name: 'MongoDB', protocol: 'tcp' },
+    ];
+
+    useEffect(() => {
+        loadData();
+    }, []);
+
+    const loadData = async () => {
+        setLoading(true);
+        try {
+            await Promise.all([loadStatus(), loadRules(), loadBlockedIPs()]);
+        } catch (error) {
+            console.error('Failed to load firewall data:', error);
+        } finally {
+            setLoading(false);
+        }
+    };
+
+    const loadStatus = async () => {
+        try {
+            const data = await api.getFirewallStatus();
+            setStatus(data);
+        } catch (error) {
+            console.error('Failed to load status:', error);
+        }
+    };
+
+    const loadRules = async () => {
+        try {
+            const data = await api.getFirewallRules();
+            setRules(data.rules || []);
+        } catch (error) {
+            console.error('Failed to load rules:', error);
+        }
+    };
+
+    const loadBlockedIPs = async () => {
+        try {
+            const data = await api.getBlockedIPs();
+            setBlockedIPs(data.blocked_ips || []);
+        } catch (error) {
+            console.error('Failed to load blocked IPs:', error);
+        }
+    };
+
+    const handleEnable = async () => {
+        setActionLoading(true);
+        try {
+            await api.enableFirewall();
+            toast.success('Firewall enabled');
+            await loadStatus();
+        } catch (error) {
+            toast.error(`Failed to enable firewall: ${error.message}`);
+        } finally {
+            setActionLoading(false);
+        }
+    };
+
+    const handleDisable = async () => {
+        setConfirmDialog({
+            title: 'Disable Firewall',
+            message: 'Are you sure you want to disable the firewall? This will leave your server unprotected.',
+            confirmText: 'Disable',
+            variant: 'danger',
+            onConfirm: async () => {
+                setActionLoading(true);
+                try {
+                    await api.disableFirewall();
+                    toast.success('Firewall disabled');
+                    await loadStatus();
+                } catch (error) {
+                    toast.error(`Failed to disable firewall: ${error.message}`);
+                } finally {
+                    setActionLoading(false);
+                    setConfirmDialog(null);
+                }
+            },
+            onCancel: () => setConfirmDialog(null)
+        });
+    };
+
+    const handleBlockIP = async () => {
+        if (!blockIP.trim()) return;
+        setActionLoading(true);
+        try {
+            await api.blockIP(blockIP);
+            toast.success(`IP ${blockIP} blocked`);
+            setShowBlockIPModal(false);
+            setBlockIP('');
+            await loadBlockedIPs();
+            await loadRules();
+        } catch (error) {
+            toast.error(`Failed to block IP: ${error.message}`);
+        } finally {
+            setActionLoading(false);
+        }
+    };
+
+    const handleUnblockIP = async (ip) => {
+        setConfirmDialog({
+            title: 'Unblock IP',
+            message: `Are you sure you want to unblock ${ip}?`,
+            confirmText: 'Unblock',
+            variant: 'warning',
+            onConfirm: async () => {
+                try {
+                    await api.unblockIP(ip);
+                    toast.success(`IP ${ip} unblocked`);
+                    await loadBlockedIPs();
+                    await loadRules();
+                } catch (error) {
+                    toast.error(`Failed to unblock IP: ${error.message}`);
+                }
+                setConfirmDialog(null);
+            },
+            onCancel: () => setConfirmDialog(null)
+        });
+    };
+
+    const handleAllowPort = async () => {
+        if (!newPort.port) return;
+        setActionLoading(true);
+        try {
+            await api.allowPort(parseInt(newPort.port), newPort.protocol);
+            toast.success(`Port ${newPort.port}/${newPort.protocol} allowed`);
+            setShowPortModal(false);
+            setNewPort({ port: '', protocol: 'tcp' });
+            await loadRules();
+        } catch (error) {
+            toast.error(`Failed to allow port: ${error.message}`);
+        } finally {
+            setActionLoading(false);
+        }
+    };
+
+    const handleQuickAllowPort = async (port, protocol) => {
+        setActionLoading(true);
+        try {
+            await api.allowPort(port, protocol);
+            toast.success(`Port ${port}/${protocol} allowed`);
+            await loadRules();
+        } catch (error) {
+            toast.error(`Failed to allow port: ${error.message}`);
+        } finally {
+            setActionLoading(false);
+        }
+    };
+
+    const handleRemovePort = async (port, protocol) => {
+        setConfirmDialog({
+            title: 'Remove Port Rule',
+            message: `Are you sure you want to remove the rule for port ${port}/${protocol}?`,
+            confirmText: 'Remove',
+            variant: 'danger',
+            onConfirm: async () => {
+                try {
+                    await api.denyPort(parseInt(port), protocol);
+                    toast.success(`Port ${port}/${protocol} rule removed`);
+                    await loadRules();
+                } catch (error) {
+                    toast.error(`Failed to remove port: ${error.message}`);
+                }
+                setConfirmDialog(null);
+            },
+            onCancel: () => setConfirmDialog(null)
+        });
+    };
+
+    const handleInstall = async () => {
+        setActionLoading(true);
+        try {
+            await api.installFirewall(selectedFirewall);
+            toast.success(`${selectedFirewall.toUpperCase()} installed successfully`);
+            setShowInstallModal(false);
+            await loadData();
+        } catch (error) {
+            toast.error(`Failed to install firewall: ${error.message}`);
+        } finally {
+            setActionLoading(false);
+        }
+    };
+
+    const isActive = status?.any_active;
+    const activeFirewall = status?.active_firewall;
+
+    if (loading) {
+        return <div className="loading-sm">Loading firewall status...</div>;
+    }
+
+    return (
+        <div className="firewall-tab">
+            {!status?.any_installed ? (
+                <div className="empty-state">
+                    <svg viewBox="0 0 24 24" width="48" height="48" stroke="currentColor" fill="none" strokeWidth="1">
+                        <path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/>
+                    </svg>
+                    <h3>No Firewall Installed</h3>
+                    <p>Install a firewall to protect your server from unauthorized access.</p>
+                    <button className="btn btn-primary" onClick={() => setShowInstallModal(true)}>
+                        Install Firewall
+                    </button>
+                </div>
+            ) : (
+                <>
+                    <div className="firewall-header">
+                        <div className="firewall-status-row">
+                            <div className={`status-indicator ${isActive ? 'active' : 'inactive'}`}>
+                                <svg viewBox="0 0 24 24" width="20" height="20" stroke="currentColor" fill="none" strokeWidth="2">
+                                    <path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/>
+                                </svg>
+                                <span>{isActive ? 'Firewall Active' : 'Firewall Inactive'}</span>
+                                <span className="firewall-type">({activeFirewall?.toUpperCase()})</span>
+                            </div>
+                            <div className="firewall-actions">
+                                <button className="btn btn-sm btn-secondary" onClick={() => setShowBlockIPModal(true)}>
+                                    Block IP
+                                </button>
+                                <button className="btn btn-sm btn-secondary" onClick={() => setShowPortModal(true)}>
+                                    Allow Port
+                                </button>
+                                {isActive ? (
+                                    <button className="btn btn-sm btn-danger" onClick={handleDisable} disabled={actionLoading}>
+                                        Disable
+                                    </button>
+                                ) : (
+                                    <button className="btn btn-sm btn-success" onClick={handleEnable} disabled={actionLoading}>
+                                        Enable
+                                    </button>
+                                )}
+                            </div>
+                        </div>
+                    </div>
+
+                    <div className="firewall-stats">
+                        <div className="stat-mini">
+                            <span className="stat-value">{rules.length}</span>
+                            <span className="stat-label">Rules</span>
+                        </div>
+                        <div className="stat-mini">
+                            <span className="stat-value">{blockedIPs.length}</span>
+                            <span className="stat-label">Blocked IPs</span>
+                        </div>
+                        <div className="stat-mini">
+                            <span className="stat-value">{rules.filter(r => r.type === 'port' || r.port).length}</span>
+                            <span className="stat-label">Ports Open</span>
+                        </div>
+                    </div>
+
+                    <div className="subtabs">
+                        <button className={`subtab ${activeSubTab === 'status' ? 'active' : ''}`} onClick={() => setActiveSubTab('status')}>
+                            Status
+                        </button>
+                        <button className={`subtab ${activeSubTab === 'rules' ? 'active' : ''}`} onClick={() => setActiveSubTab('rules')}>
+                            Rules
+                        </button>
+                        <button className={`subtab ${activeSubTab === 'blocked' ? 'active' : ''}`} onClick={() => setActiveSubTab('blocked')}>
+                            Blocked IPs
+                        </button>
+                        <button className={`subtab ${activeSubTab === 'quick' ? 'active' : ''}`} onClick={() => setActiveSubTab('quick')}>
+                            Quick Ports
+                        </button>
+                    </div>
+
+                    {activeSubTab === 'status' && (
+                        <div className="card">
+                            <div className="card-header">
+                                <h3>Firewall Information</h3>
+                                <button className="btn btn-sm btn-secondary" onClick={loadData}>Refresh</button>
+                            </div>
+                            <div className="card-body">
+                                <div className="info-list">
+                                    <div className="info-item">
+                                        <span className="info-label">Type</span>
+                                        <span className="info-value">{activeFirewall?.toUpperCase()}</span>
+                                    </div>
+                                    <div className="info-item">
+                                        <span className="info-label">Status</span>
+                                        <span className={`badge ${isActive ? 'badge-success' : 'badge-danger'}`}>
+                                            {isActive ? 'Active' : 'Inactive'}
+                                        </span>
+                                    </div>
+                                    {activeFirewall === 'firewalld' && status?.firewalld?.default_zone && (
+                                        <div className="info-item">
+                                            <span className="info-label">Default Zone</span>
+                                            <span className="info-value">{status.firewalld.default_zone}</span>
+                                        </div>
+                                    )}
+                                </div>
+                            </div>
+                        </div>
+                    )}
+
+                    {activeSubTab === 'rules' && (
+                        <div className="card">
+                            <div className="card-header">
+                                <h3>Firewall Rules</h3>
+                                <button className="btn btn-sm btn-primary" onClick={() => setShowPortModal(true)}>Add Rule</button>
+                            </div>
+                            <div className="card-body">
+                                {rules.length === 0 ? (
+                                    <p className="text-muted">No rules configured</p>
+                                ) : (
+                                    <table className="table">
+                                        <thead>
+                                            <tr>
+                                                <th>Type</th>
+                                                <th>Target</th>
+                                                <th>Protocol</th>
+                                                <th>Actions</th>
+                                            </tr>
+                                        </thead>
+                                        <tbody>
+                                            {rules.map((rule, index) => (
+                                                <tr key={index}>
+                                                    <td><span className="badge badge-info">{rule.type}</span></td>
+                                                    <td>
+                                                        {rule.type === 'service' && rule.service}
+                                                        {rule.type === 'port' && rule.port}
+                                                        {rule.type === 'rich' && <code>{rule.rule}</code>}
+                                                    </td>
+                                                    <td>{rule.protocol || '-'}</td>
+                                                    <td>
+                                                        {rule.type === 'port' && (
+                                                            <button className="btn btn-sm btn-danger" onClick={() => handleRemovePort(rule.port, rule.protocol)}>
+                                                                Remove
+                                                            </button>
+                                                        )}
+                                                    </td>
+                                                </tr>
+                                            ))}
+                                        </tbody>
+                                    </table>
+                                )}
+                            </div>
+                        </div>
+                    )}
+
+                    {activeSubTab === 'blocked' && (
+                        <div className="card">
+                            <div className="card-header">
+                                <h3>Blocked IP Addresses</h3>
+                                <button className="btn btn-sm btn-primary" onClick={() => setShowBlockIPModal(true)}>Block IP</button>
+                            </div>
+                            <div className="card-body">
+                                {blockedIPs.length === 0 ? (
+                                    <div className="empty-state-sm">
+                                        <p>No blocked IPs</p>
+                                    </div>
+                                ) : (
+                                    <div className="blocked-list">
+                                        {blockedIPs.map((item, index) => (
+                                            <div key={index} className="blocked-item">
+                                                <div className="blocked-info">
+                                                    <span className="blocked-ip">{item.ip}</span>
+                                                </div>
+                                                <button className="btn btn-sm btn-warning" onClick={() => handleUnblockIP(item.ip)}>
+                                                    Unblock
+                                                </button>
+                                            </div>
+                                        ))}
+                                    </div>
+                                )}
+                            </div>
+                        </div>
+                    )}
+
+                    {activeSubTab === 'quick' && (
+                        <div className="card">
+                            <div className="card-header">
+                                <h3>Quick Port Access</h3>
+                            </div>
+                            <div className="card-body">
+                                <p className="text-muted" style={{ marginBottom: '1rem' }}>One-click enable/disable common service ports</p>
+                                <div className="quick-ports-grid">
+                                    {commonPorts.map(({ port, name, protocol }) => {
+                                        const isAllowed = rules.some(r =>
+                                            (r.port === String(port) || r.port === port) && r.protocol === protocol
+                                        );
+                                        return (
+                                            <div key={port} className="quick-port-card">
+                                                <div className="port-info">
+                                                    <span className="port-name">{name}</span>
+                                                    <span className="port-number">{port}/{protocol}</span>
+                                                </div>
+                                                {isAllowed ? (
+                                                    <button className="btn btn-sm btn-danger" onClick={() => handleRemovePort(port, protocol)} disabled={actionLoading}>
+                                                        Block
+                                                    </button>
+                                                ) : (
+                                                    <button className="btn btn-sm btn-success" onClick={() => handleQuickAllowPort(port, protocol)} disabled={actionLoading}>
+                                                        Allow
+                                                    </button>
+                                                )}
+                                            </div>
+                                        );
+                                    })}
+                                </div>
+                            </div>
+                        </div>
+                    )}
+                </>
+            )}
+
+            {/* Block IP Modal */}
+            <Modal open={showBlockIPModal} onClose={() => setShowBlockIPModal(false)} title="Block IP Address">
+                            <div className="form-group">
+                                <label>IP Address</label>
+                                <input
+                                    type="text"
+                                    value={blockIP}
+                                    onChange={(e) => setBlockIP(e.target.value)}
+                                    placeholder="192.168.1.100 or 10.0.0.0/24"
+                                />
+                            </div>
+                            <p className="text-muted">You can block a single IP or a range using CIDR notation.</p>
+                        <div className="modal-footer">
+                            <button className="btn btn-secondary" onClick={() => setShowBlockIPModal(false)}>Cancel</button>
+                            <button className="btn btn-danger" onClick={handleBlockIP} disabled={actionLoading || !blockIP.trim()}>
+                                {actionLoading ? 'Blocking...' : 'Block IP'}
+                            </button>
+                        </div>
+            </Modal>
+
+            {/* Allow Port Modal */}
+            <Modal open={showPortModal} onClose={() => setShowPortModal(false)} title="Allow Port">
+                            <div className="form-row">
+                                <div className="form-group">
+                                    <label>Port Number</label>
+                                    <input
+                                        type="number"
+                                        value={newPort.port}
+                                        onChange={(e) => setNewPort({ ...newPort, port: e.target.value })}
+                                        placeholder="8080"
+                                        min="1"
+                                        max="65535"
+                                    />
+                                </div>
+                                <div className="form-group">
+                                    <label>Protocol</label>
+                                    <select value={newPort.protocol} onChange={(e) => setNewPort({ ...newPort, protocol: e.target.value })}>
+                                        <option value="tcp">TCP</option>
+                                        <option value="udp">UDP</option>
+                                    </select>
+                                </div>
+                            </div>
+                        <div className="modal-footer">
+                            <button className="btn btn-secondary" onClick={() => setShowPortModal(false)}>Cancel</button>
+                            <button className="btn btn-primary" onClick={handleAllowPort} disabled={actionLoading || !newPort.port}>
+                                {actionLoading ? 'Adding...' : 'Allow Port'}
+                            </button>
+                        </div>
+            </Modal>
+
+            {/* Install Firewall Modal */}
+            <Modal open={showInstallModal} onClose={() => setShowInstallModal(false)} title="Install Firewall">
+                            <div className="form-group">
+                                <label>Select Firewall</label>
+                                <select value={selectedFirewall} onChange={(e) => setSelectedFirewall(e.target.value)}>
+                                    <option value="ufw">UFW (Recommended for Ubuntu)</option>
+                                    <option value="firewalld">firewalld (CentOS/RHEL)</option>
+                                </select>
+                            </div>
+                            <div className="install-info">
+                                {selectedFirewall === 'ufw' ? (
+                                    <p><strong>UFW (Uncomplicated Firewall)</strong> is simple and easy to use for Ubuntu/Debian systems.</p>
+                                ) : (
+                                    <p><strong>firewalld</strong> is a dynamically managed firewall with zone-based configuration for CentOS/RHEL.</p>
+                                )}
+                            </div>
+                        <div className="modal-footer">
+                            <button className="btn btn-secondary" onClick={() => setShowInstallModal(false)}>Cancel</button>
+                            <button className="btn btn-primary" onClick={handleInstall} disabled={actionLoading}>
+                                {actionLoading ? 'Installing...' : 'Install'}
+                            </button>
+                        </div>
+            </Modal>
+
+            {confirmDialog && (
+                <ConfirmDialog
+                    title={confirmDialog.title}
+                    message={confirmDialog.message}
+                    confirmText={confirmDialog.confirmText}
+                    variant={confirmDialog.variant}
+                    onConfirm={confirmDialog.onConfirm}
+                    onCancel={confirmDialog.onCancel}
+                />
+            )}
+        </div>
+    );
+};
+
+export default FirewallTab;
diff --git a/frontend/src/components/security/IPListsTab.jsx b/frontend/src/components/security/IPListsTab.jsx
new file mode 100644
index 00000000..136c73b0
--- /dev/null
+++ b/frontend/src/components/security/IPListsTab.jsx
@@ -0,0 +1,156 @@
+import React, { useState, useEffect } from 'react';
+import api from '../../services/api';
+import ConfirmDialog from '../ConfirmDialog';
+import { useToast } from '../../contexts/ToastContext';
+import Modal from '../Modal';
+
+const IPListsTab = () => {
+    const [lists, setLists] = useState({ allowlist: [], blocklist: [] });
+    const [loading, setLoading] = useState(true);
+    const [showAddModal, setShowAddModal] = useState(null);
+    const [newIP, setNewIP] = useState('');
+    const [newComment, setNewComment] = useState('');
+    const [actionLoading, setActionLoading] = useState(false);
+    const [confirmDialog, setConfirmDialog] = useState(null);
+    const toast = useToast();
+
+    useEffect(() => {
+        loadLists();
+    }, []);
+
+    const loadLists = async () => {
+        setLoading(true);
+        try {
+            const data = await api.getIPLists();
+            setLists({
+                allowlist: data.allowlist || [],
+                blocklist: data.blocklist || []
+            });
+        } catch (error) {
+            console.error('Failed to load IP lists:', error);
+        } finally {
+            setLoading(false);
+        }
+    };
+
+    const handleAdd = async () => {
+        if (!newIP.trim()) return;
+        setActionLoading(true);
+        try {
+            await api.addToIPList(newIP, showAddModal, newComment);
+            toast.success(`IP added to ${showAddModal}`);
+            setShowAddModal(null);
+            setNewIP('');
+            setNewComment('');
+            await loadLists();
+        } catch (error) {
+            toast.error(`Failed to add IP: ${error.message}`);
+        } finally {
+            setActionLoading(false);
+        }
+    };
+
+    const handleRemove = async (ip, listType) => {
+        setConfirmDialog({
+            title: `Remove from ${listType}`,
+            message: `Are you sure you want to remove ${ip} from the ${listType}?`,
+            confirmText: 'Remove',
+            variant: 'warning',
+            onConfirm: async () => {
+                try {
+                    await api.removeFromIPList(ip, listType);
+                    toast.success(`IP removed from ${listType}`);
+                    await loadLists();
+                } catch (error) {
+                    toast.error(`Failed to remove IP: ${error.message}`);
+                }
+                setConfirmDialog(null);
+            },
+            onCancel: () => setConfirmDialog(null)
+        });
+    };
+
+    const renderList = (title, listType, items, badgeClass) => (
+        <div className="card">
+            <div className="card-header">
+                <h3>{title}</h3>
+                <button className="btn btn-sm btn-primary" onClick={() => setShowAddModal(listType)}>
+                    Add IP
+                </button>
+            </div>
+            <div className="card-body">
+                {items.length === 0 ? (
+                    <p className="text-muted">No IPs in {listType}.</p>
+                ) : (
+                    <div className="ip-list">
+                        {items.map((item, index) => (
+                            <div key={index} className="ip-list-item">
+                                <div className="ip-info">
+                                    <code className={badgeClass}>{item.ip}</code>
+                                    {item.comment && <span className="ip-comment">{item.comment}</span>}
+                                    <span className="ip-date">{new Date(item.added_at).toLocaleDateString()}</span>
+                                </div>
+                                <button className="btn btn-sm btn-danger" onClick={() => handleRemove(item.ip, listType)}>
+                                    Remove
+                                </button>
+                            </div>
+                        ))}
+                    </div>
+                )}
+            </div>
+        </div>
+    );
+
+    if (loading) {
+        return <div className="loading-sm">Loading IP lists...</div>;
+    }
+
+    return (
+        <div className="ip-lists-tab">
+            <div className="ip-lists-grid">
+                {renderList('Allowlist', 'allowlist', lists.allowlist, 'ip-allowed')}
+                {renderList('Blocklist', 'blocklist', lists.blocklist, 'ip-blocked')}
+            </div>
+
+            <Modal open={!!showAddModal} onClose={() => setShowAddModal(null)} title={`Add to ${showAddModal || ''}`}>
+                            <div className="form-group">
+                                <label>IP Address or CIDR</label>
+                                <input
+                                    type="text"
+                                    value={newIP}
+                                    onChange={(e) => setNewIP(e.target.value)}
+                                    placeholder="192.168.1.100 or 10.0.0.0/24"
+                                />
+                            </div>
+                            <div className="form-group">
+                                <label>Comment (optional)</label>
+                                <input
+                                    type="text"
+                                    value={newComment}
+                                    onChange={(e) => setNewComment(e.target.value)}
+                                    placeholder="Office IP, VPN, etc."
+                                />
+                            </div>
+                        <div className="modal-footer">
+                            <button className="btn btn-secondary" onClick={() => setShowAddModal(null)}>Cancel</button>
+                            <button className="btn btn-primary" onClick={handleAdd} disabled={actionLoading || !newIP.trim()}>
+                                {actionLoading ? 'Adding...' : 'Add'}
+                            </button>
+                        </div>
+            </Modal>
+
+            {confirmDialog && (
+                <ConfirmDialog
+                    title={confirmDialog.title}
+                    message={confirmDialog.message}
+                    confirmText={confirmDialog.confirmText}
+                    variant={confirmDialog.variant}
+                    onConfirm={confirmDialog.onConfirm}
+                    onCancel={confirmDialog.onCancel}
+                />
+            )}
+        </div>
+    );
+};
+
+export default IPListsTab;
diff --git a/frontend/src/components/security/IntegrityTab.jsx b/frontend/src/components/security/IntegrityTab.jsx
new file mode 100644
index 00000000..c9972b12
--- /dev/null
+++ b/frontend/src/components/security/IntegrityTab.jsx
@@ -0,0 +1,138 @@
+import React, { useState } from 'react';
+import api from '../../services/api';
+
+const IntegrityTab = () => {
+    const [checking, setChecking] = useState(false);
+    const [initializing, setInitializing] = useState(false);
+    const [results, setResults] = useState(null);
+    const [message, setMessage] = useState(null);
+
+    async function handleInitialize() {
+        if (!confirm('This will create a new baseline for file integrity monitoring. Continue?')) return;
+
+        setInitializing(true);
+        setMessage(null);
+        try {
+            const result = await api.initializeIntegrityDatabase();
+            setMessage({ type: 'success', text: result.message });
+        } catch (err) {
+            setMessage({ type: 'error', text: err.message });
+        } finally {
+            setInitializing(false);
+        }
+    }
+
+    async function handleCheck() {
+        setChecking(true);
+        setMessage(null);
+        try {
+            const result = await api.checkFileIntegrity();
+            setResults(result);
+            if (result.total_changes === 0) {
+                setMessage({ type: 'success', text: 'No changes detected' });
+            }
+        } catch (err) {
+            setMessage({ type: 'error', text: err.message });
+        } finally {
+            setChecking(false);
+        }
+    }
+
+    return (
+        <div className="integrity-tab">
+            {message && (
+                <div className={`alert alert-${message.type === 'success' ? 'success' : 'danger'}`}>
+                    {message.text}
+                </div>
+            )}
+
+            <div className="card">
+                <div className="card-header">
+                    <h3>File Integrity Monitoring</h3>
+                </div>
+                <div className="card-body">
+                    <p className="description">
+                        File integrity monitoring tracks changes to critical system files. Initialize a baseline database,
+                        then periodically check for unauthorized modifications.
+                    </p>
+
+                    <div className="integrity-actions">
+                        <button
+                            className="btn btn-secondary"
+                            onClick={handleInitialize}
+                            disabled={initializing}
+                        >
+                            {initializing ? 'Initializing...' : 'Initialize Baseline'}
+                        </button>
+                        <button
+                            className="btn btn-primary"
+                            onClick={handleCheck}
+                            disabled={checking}
+                        >
+                            {checking ? 'Checking...' : 'Check Integrity'}
+                        </button>
+                    </div>
+                </div>
+            </div>
+
+            {results && results.total_changes > 0 && (
+                <div className="card">
+                    <div className="card-header">
+                        <h3>Changes Detected</h3>
+                        <span className="badge badge-warning">{results.total_changes} changes</span>
+                    </div>
+                    <div className="card-body">
+                        {results.changes.modified?.length > 0 && (
+                            <div className="change-section">
+                                <h4>Modified Files ({results.changes.modified.length})</h4>
+                                <ul className="file-list">
+                                    {results.changes.modified.map((file, i) => (
+                                        <li key={i}>{file.path}</li>
+                                    ))}
+                                </ul>
+                            </div>
+                        )}
+
+                        {results.changes.deleted?.length > 0 && (
+                            <div className="change-section">
+                                <h4>Deleted Files ({results.changes.deleted.length})</h4>
+                                <ul className="file-list">
+                                    {results.changes.deleted.map((file, i) => (
+                                        <li key={i}>{file}</li>
+                                    ))}
+                                </ul>
+                            </div>
+                        )}
+
+                        {results.changes.new?.length > 0 && (
+                            <div className="change-section">
+                                <h4>New Files ({results.changes.new.length})</h4>
+                                <ul className="file-list">
+                                    {results.changes.new.slice(0, 50).map((file, i) => (
+                                        <li key={i}>{file}</li>
+                                    ))}
+                                    {results.changes.new.length > 50 && (
+                                        <li className="text-muted">... and {results.changes.new.length - 50} more</li>
+                                    )}
+                                </ul>
+                            </div>
+                        )}
+
+                        {results.changes.permission_changed?.length > 0 && (
+                            <div className="change-section">
+                                <h4>Permission Changes ({results.changes.permission_changed.length})</h4>
+                                <ul className="file-list">
+                                    {results.changes.permission_changed.map((file, i) => (
+                                        <li key={i}>{file.path} ({file.old_mode} → {file.new_mode})</li>
+                                    ))}
+                                </ul>
+                            </div>
+                        )}
+                    </div>
+                </div>
+            )}
+        </div>
+    );
+};
+
+export default IntegrityTab;
diff --git a/frontend/src/components/security/OverviewTab.jsx b/frontend/src/components/security/OverviewTab.jsx
new file mode 100644
index 00000000..0f006086
--- /dev/null
+++ b/frontend/src/components/security/OverviewTab.jsx
@@ -0,0 +1,193 @@
+import React, { useState, useEffect } from 'react';
+import api from '../../services/api';
+
+const InstallClamAVButton = ({ onInstalled }) => {
+    const [installing, setInstalling] = useState(false);
+    const [error, setError] = useState(null);
+
+    async function handleInstall() {
+        setInstalling(true);
+        setError(null);
+        try {
+            await api.installClamAV();
+            onInstalled();
+        } catch (err) {
+            setError(err.message);
+        } finally {
+            setInstalling(false);
+        }
+    }
+
+    return (
+        <div>
+            <button className="btn btn-primary" onClick={handleInstall} disabled={installing}>
+                {installing ? 'Installing...' : 'Install ClamAV'}
+            </button>
+            {error && <p className="error-text" style={{ marginTop: '0.5rem' }}>{error}</p>}
+        </div>
+    );
+};
+
+const OverviewTab = ({ status, onRefresh }) => {
+    const [clamavStatus, setClamavStatus] = useState(null);
+    const [loading, setLoading] = useState(true);
+
+    useEffect(() => {
+        loadClamavStatus();
+    }, []);
+
+    async function loadClamavStatus() {
+        try {
+            const data = await api.getClamAVStatus();
+            setClamavStatus(data);
+        } catch (err) {
+            console.error('Failed to load ClamAV status:', err);
+        } finally {
+            setLoading(false);
+        }
+    }
+
+    const alerts = status?.recent_alerts || {};
+
+    return (
+        <div className="security-overview">
+            <div className="stats-grid">
+                <div className={`stat-card ${alerts.total > 0 ? 'warning' : 'success'}`}>
+                    <div className="stat-icon">
+                        <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
+                            <path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/>
+                        </svg>
+                    </div>
+                    <div className="stat-content">
+                        <span className="stat-value">{alerts.total || 0}</span>
+                        <span className="stat-label">Alerts (24h)</span>
+                    </div>
+                </div>
+
+                <div className={`stat-card ${alerts.malware_detections > 0 ? 'danger' : 'success'}`}>
+                    <div className="stat-icon">
+                        <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
+                            <path d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"/>
+                        </svg>
+                    </div>
+                    <div className="stat-content">
+                        <span className="stat-value">{alerts.malware_detections || 0}</span>
+                        <span className="stat-label">Malware Detected</span>
+                    </div>
+                </div>
+
+                <div className={`stat-card ${clamavStatus?.installed ? 'success' : 'warning'}`}>
+                    <div className="stat-icon">
+                        <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
+                            <circle cx="12" cy="12" r="10"/>
+                            {clamavStatus?.installed && <polyline points="9 12 12 15 16 10"/>}
+                            {!clamavStatus?.installed && <line x1="15" y1="9" x2="9" y2="15"/>}
+                        </svg>
+                    </div>
+                    <div className="stat-content">
+                        <span className="stat-value">{clamavStatus?.installed ? 'Active' : 'Not Installed'}</span>
+                        <span className="stat-label">ClamAV Status</span>
+                    </div>
+                </div>
+
+                <div className={`stat-card ${status?.scan_status === 'running' ? 'info' : 'default'}`}>
+                    <div className="stat-icon">
+                        <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
+                            <circle cx="11" cy="11" r="8"/>
+                            <line x1="21" y1="21" x2="16.65" y2="16.65"/>
+                        </svg>
+                    </div>
+                    <div className="stat-content">
+                        <span className="stat-value" style={{ textTransform: 'capitalize' }}>{status?.scan_status || 'Idle'}</span>
+                        <span className="stat-label">Scan Status</span>
+                    </div>
+                </div>
+            </div>
+
+            <div className="security-grid">
+                <div className="card">
+                    <div className="card-header">
+                        <h3>ClamAV Antivirus</h3>
+                        <button className="btn btn-sm btn-secondary" onClick={loadClamavStatus}>Refresh</button>
+                    </div>
+                    <div className="card-body">
+                        {loading ? (
+                            <div className="loading-sm">Loading...</div>
+                        ) : clamavStatus?.installed ? (
+                            <div className="info-list">
+                                <div className="info-item">
+                                    <span className="info-label">Version</span>
+                                    <span className="info-value">{clamavStatus.version || 'Unknown'}</span>
+                                </div>
+                                <div className="info-item">
+                                    <span className="info-label">Service</span>
+                                    <span className={`badge ${clamavStatus.service_running ? 'badge-success' : 'badge-warning'}`}>
+                                        {clamavStatus.service_running ? 'Running' : 'Stopped'}
+                                    </span>
+                                </div>
+                                <div className="info-item">
+                                    <span className="info-label">Last Definition Update</span>
+                                    <span className="info-value">
+                                        {clamavStatus.last_update ? new Date(clamavStatus.last_update).toLocaleString() : 'Unknown'}
+                                    </span>
+                                </div>
+                            </div>
+                        ) : (
+                            <div className="not-installed">
+                                <p>ClamAV is not installed on this server.</p>
+                                <InstallClamAVButton onInstalled={loadClamavStatus} />
+                            </div>
+                        )}
+                    </div>
+                </div>
+
+                <div className="card">
+                    <div className="card-header">
+                        <h3>File Integrity Monitoring</h3>
+                    </div>
+                    <div className="card-body">
+                        <div className="info-list">
+                            <div className="info-item">
+                                <span className="info-label">Status</span>
+                                <span className={`badge ${status?.file_integrity?.enabled ? 'badge-success' : 'badge-secondary'}`}>
+                                    {status?.file_integrity?.enabled ? 'Enabled' : 'Disabled'}
+                                </span>
+                            </div>
+                            <div className="info-item">
+                                <span className="info-label">Database</span>
+                                <span className={`badge ${status?.file_integrity?.database_exists ? 'badge-success' : 'badge-warning'}`}>
+                                    {status?.file_integrity?.database_exists ? 'Initialized' : 'Not Initialized'}
+                                </span>
+                            </div>
+                            <div className="info-item">
+                                <span className="info-label">Changes Detected (24h)</span>
+                                <span className="info-value">{alerts.integrity_changes || 0}</span>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+
+                <div className="card">
+                    <div className="card-header">
+                        <h3>Notifications</h3>
+                    </div>
+                    <div className="card-body">
+                        <div className="info-list">
+                            <div className="info-item">
+                                <span className="info-label">Security Alerts</span>
+                                <span className={`badge ${status?.notifications_enabled ? 'badge-success' : 'badge-secondary'}`}>
+                                    {status?.notifications_enabled ? 'Enabled' : 'Disabled'}
+                                </span>
+                            </div>
+                        </div>
+                        <p className="help-text" style={{ marginTop: '1rem' }}>
+                            Configure notification channels in Settings → Notifications to receive security alerts via Discord, Slack, or Telegram.
+                        </p>
+                    </div>
+                </div>
+            </div>
+        </div>
+    );
+};
+
+export default OverviewTab;
diff --git a/frontend/src/components/security/QuarantineTab.jsx b/frontend/src/components/security/QuarantineTab.jsx
new file mode 100644
index 00000000..30cc4207
--- /dev/null
+++ b/frontend/src/components/security/QuarantineTab.jsx
@@ -0,0 +1,104 @@
+import React, { useState, useEffect } from 'react';
+import api from '../../services/api';
+
+const QuarantineTab = () => {
+    const [files, setFiles] = useState([]);
+    const [loading, setLoading] = useState(true);
+    const [message, setMessage] = useState(null);
+
+    useEffect(() => {
+        loadFiles();
+    }, []);
+
+    async function loadFiles() {
+        try {
+            const data = await api.getQuarantinedFiles();
+            setFiles(data.files || []);
+        } catch (err) {
+            console.error('Failed to load quarantined files:', err);
+        } finally {
+            setLoading(false);
+        }
+    }
+
+    async function handleDelete(filename) {
+        if (!confirm(`Permanently delete ${filename}? This cannot be undone.`)) return;
+
+        try {
+            await api.deleteQuarantinedFile(filename);
+            setMessage({ type: 'success', text: 'File deleted' });
+            loadFiles();
+        } catch (err) {
+            setMessage({ type: 'error', text: err.message });
+        }
+    }
+
+    function formatBytes(bytes) {
+        if (!bytes) return '0 B';
+        const k = 1024;
+        const sizes = ['B', 'KB', 'MB', 'GB'];
+        const i = Math.floor(Math.log(bytes) / Math.log(k));
+        return parseFloat((bytes / Math.pow(k, i)).toFixed(1)) + ' ' + sizes[i];
+    }
+
+    return (
+        <div className="quarantine-tab">
+            {message && (
+                <div className={`alert alert-${message.type === 'success' ? 'success' : 'danger'}`}>
+                    {message.text}
+                </div>
+            )}
+
+            <div className="card">
+                <div className="card-header">
+                    <h3>Quarantined Files</h3>
+                    <button className="btn btn-sm btn-secondary" onClick={loadFiles}>Refresh</button>
+                </div>
+                <div className="card-body">
+                    {loading ? (
+                        <div className="loading-sm">Loading...</div>
+                    ) : files.length === 0 ? (
+                        <div className="empty-state">
+                            <svg viewBox="0 0 24 24" width="48" height="48" stroke="currentColor" fill="none" strokeWidth="1">
+                                <path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/>
+                                <polyline points="9 12 12 15 16 10"/>
+                            </svg>
+                            <p>No files in quarantine</p>
+                            <span className="text-muted">Infected files will appear here when detected</span>
+                        </div>
+                    ) : (
+                        <table className="table">
+                            <thead>
+                                <tr>
+                                    <th>Filename</th>
+                                    <th>Size</th>
+                                    <th>Quarantined</th>
+                                    <th>Actions</th>
+                                </tr>
+                            </thead>
+                            <tbody>
+                                {files.map((file, index) => (
+                                    <tr key={index}>
+                                        <td className="path-cell">{file.name}</td>
+                                        <td>{formatBytes(file.size)}</td>
+                                        <td>{new Date(file.quarantined_at).toLocaleString()}</td>
+                                        <td>
+                                            <button
+                                                className="btn btn-sm btn-danger"
+                                                onClick={() => handleDelete(file.name)}
+                                            >
+                                                Delete
+                                            </button>
+                                        </td>
+                                    </tr>
+                                ))}
+                            </tbody>
+                        </table>
+                    )}
+                </div>
+            </div>
+        </div>
+    );
+};
+
+export default QuarantineTab;
diff --git a/frontend/src/components/security/SSHKeysTab.jsx b/frontend/src/components/security/SSHKeysTab.jsx
new file mode 100644
index 00000000..0a2ba7bf
--- /dev/null
+++ b/frontend/src/components/security/SSHKeysTab.jsx
@@ -0,0 +1,154 @@
+import React, { useState, useEffect } from 'react';
+import api from '../../services/api';
+import ConfirmDialog from '../ConfirmDialog';
+import { useToast } from '../../contexts/ToastContext';
+import Modal from '../Modal';
+
+const SSHKeysTab = () => {
+    const [keys, setKeys] = useState([]);
+    const [loading, setLoading] = useState(true);
+    const [showAddModal, setShowAddModal] = useState(false);
+    const [newKey, setNewKey] = useState('');
+    const [actionLoading, setActionLoading] = useState(false);
+    const [confirmDialog, setConfirmDialog] = useState(null);
+    const toast = useToast();
+
+    useEffect(() => {
+        loadKeys();
+    }, []);
+
+    const loadKeys = async () => {
+        setLoading(true);
+        try {
+            const data = await api.getSSHKeys();
+            setKeys(data.keys || []);
+        } catch (error) {
+            console.error('Failed to load SSH keys:', error);
+        } finally {
+            setLoading(false);
+        }
+    };
+
+    const handleAddKey = async () => {
+        if (!newKey.trim()) return;
+        setActionLoading(true);
+        try {
+            await api.addSSHKey(newKey);
+            toast.success('SSH key added successfully');
+            setShowAddModal(false);
+            setNewKey('');
+            await loadKeys();
+        } catch (error) {
+            toast.error(`Failed to add key: ${error.message}`);
+        } finally {
+            setActionLoading(false);
+        }
+    };
+
+    const handleRemoveKey = async (keyId, comment) => {
+        setConfirmDialog({
+            title: 'Remove SSH Key',
+            message: `Are you sure you want to remove the SSH key${comment ? ` "${comment}"` : ''}? This may lock you out if it's your only key.`,
+            confirmText: 'Remove',
+            variant: 'danger',
+            onConfirm: async () => {
+                try {
+                    await api.removeSSHKey(keyId);
+                    toast.success('SSH key removed');
+                    await loadKeys();
+                } catch (error) {
+                    toast.error(`Failed to remove key: ${error.message}`);
+                }
+                setConfirmDialog(null);
+            },
+            onCancel: () => setConfirmDialog(null)
+        });
+    };
+
+    return (
+        <div className="ssh-keys-tab">
+            <div className="card">
+                <div className="card-header">
+                    <h3>SSH Authorized Keys</h3>
+                    <div className="card-actions">
+                        <button className="btn btn-sm btn-primary" onClick={() => setShowAddModal(true)}>
+                            Add Key
+                        </button>
+                        <button className="btn btn-sm btn-secondary" onClick={loadKeys}>
+                            Refresh
+                        </button>
+                    </div>
+                </div>
+                <div className="card-body">
+                    {loading ? (
+                        <div className="loading-sm">Loading...</div>
+                    ) : keys.length === 0 ? (
+                        <div className="empty-state-sm">
+                            <p>No SSH keys configured for root user.</p>
+                            <button className="btn btn-primary" onClick={() => setShowAddModal(true)}>
+                                Add SSH Key
+                            </button>
+                        </div>
+                    ) : (
+                        <table className="table">
+                            <thead>
+                                <tr>
+                                    <th>Type</th>
+                                    <th>Fingerprint</th>
+                                    <th>Comment</th>
+                                    <th>Actions</th>
+                                </tr>
+                            </thead>
+                            <tbody>
+                                {keys.map((key) => (
+                                    <tr key={key.id}>
+                                        <td><code>{key.type}</code></td>
+                                        <td><code className="fingerprint">{key.fingerprint}</code></td>
+                                        <td>{key.comment || '-'}</td>
+                                        <td>
+                                            <button className="btn btn-sm btn-danger" onClick={() => handleRemoveKey(key.id, key.comment)}>
+                                                Remove
+                                            </button>
+                                        </td>
+                                    </tr>
+                                ))}
+                            </tbody>
+                        </table>
+                    )}
+                </div>
+            </div>
+
+            <Modal open={showAddModal} onClose={() => setShowAddModal(false)} title="Add SSH Public Key" size="lg">
+                            <div className="form-group">
+                                <label>Public Key</label>
+                                <textarea
+                                    value={newKey}
+                                    onChange={(e) => setNewKey(e.target.value)}
+                                    placeholder="ssh-rsa AAAA... user@host or ssh-ed25519 AAAA... user@host"
+                                    rows={4}
+                                />
+                                <p className="help-text">Paste your SSH public key (typically from ~/.ssh/id_rsa.pub or ~/.ssh/id_ed25519.pub)</p>
+                            </div>
+                        <div className="modal-footer">
+                            <button className="btn btn-secondary" onClick={() => setShowAddModal(false)}>Cancel</button>
+                            <button className="btn btn-primary" onClick={handleAddKey} disabled={actionLoading || !newKey.trim()}>
+                                {actionLoading ? 'Adding...' : 'Add Key'}
+                            </button>
+                        </div>
+            </Modal>
+
+            {confirmDialog && (
+                <ConfirmDialog
+                    title={confirmDialog.title}
+                    message={confirmDialog.message}
+                    confirmText={confirmDialog.confirmText}
+                    variant={confirmDialog.variant}
+                    onConfirm={confirmDialog.onConfirm}
+                    onCancel={confirmDialog.onCancel}
+                />
+            )}
+        </div>
+    );
+};
+
+export default SSHKeysTab;
diff --git a/frontend/src/components/security/ScannerTab.jsx b/frontend/src/components/security/ScannerTab.jsx
new file mode 100644
index 00000000..2b5481dc
--- /dev/null
+++ b/frontend/src/components/security/ScannerTab.jsx
@@ -0,0 +1,241 @@
+import React, { useState, useEffect } from 'react';
+import api from '../../services/api';
+
+const ScannerTab = () => {
+    const [scanStatus, setScanStatus] = useState({ status: 'idle' });
+    const [scanPath, setScanPath] = useState('/var/www');
+    const [scanning, setScanning] = useState(false);
+    const [updating, setUpdating] = useState(false);
+    const [history, setHistory] = useState([]);
+    const [message, setMessage] = useState(null);
+
+    useEffect(() => {
+        loadScanStatus();
+        loadHistory();
+        const interval = setInterval(loadScanStatus, 5000);
+        return () => clearInterval(interval);
+    }, []);
+
+    async function loadScanStatus() {
+        try {
+            const data = await api.getScanStatus();
+            setScanStatus(data);
+        } catch (err) {
+            console.error('Failed to load scan status:', err);
+        }
+    }
+
+    async function loadHistory() {
+        try {
+            const data = await api.getScanHistory(20);
+            setHistory(data.scans || []);
+        } catch (err) {
+            console.error('Failed to load scan history:', err);
+        }
+    }
+
+    async function handleStartScan(type) {
+        setScanning(true);
+        setMessage(null);
+        try {
+            let result;
+            if (type === 'quick') {
+                result = await api.runQuickScan();
+            } else if (type === 'full') {
+                result = await api.runFullScan();
+            } else {
+                result = await api.scanDirectory(scanPath);
+            }
+            setMessage({ type: 'success', text: result.message });
+            loadScanStatus();
+        } catch (err) {
+            setMessage({ type: 'error', text: err.message });
+        } finally {
+            setScanning(false);
+        }
+    }
+
+    async function handleUpdateDefinitions() {
+        setUpdating(true);
+        setMessage(null);
+        try {
+            const result = await api.updateVirusDefinitions();
+            setMessage({ type: result.success ? 'success' : 'error', text: result.message || result.error });
+        } catch (err) {
+            setMessage({ type: 'error', text: err.message });
+        } finally {
+            setUpdating(false);
+        }
+    }
+
+    async function handleCancelScan() {
+        try {
+            await api.cancelScan();
+            loadScanStatus();
+        } catch (err) {
+            setMessage({ type: 'error', text: err.message });
+        }
+    }
+
+    const isScanning = scanStatus.status === 'running';
+
+    return (
+        <div className="scanner-tab">
+            {message && (
+                <div className={`alert alert-${message.type === 'success' ? 'success' : 'danger'}`}>
+                    {message.text}
+                </div>
+            )}
+
+            <div className="scan-options">
+                <div className="scan-card" onClick={() => !isScanning && !scanning && handleStartScan('quick')}>
+                    <div className="scan-card-icon">
+                        <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
+                            <polygon points="5 3 19 12 5 21 5 3"/>
+                        </svg>
+                    </div>
+                    <h4>Quick Scan</h4>
+                    <span className="scan-desc">Scan common web directories</span>
+                    <button
+                        className="btn btn-primary btn-sm"
+                        onClick={(e) => { e.stopPropagation(); handleStartScan('quick'); }}
+                        disabled={isScanning || scanning}
+                    >
+                        Start Scan
+                    </button>
+                </div>
+
+                <div className="scan-card" onClick={() => !isScanning && !scanning && handleStartScan('full')}>
+                    <div className="scan-card-icon">
+                        <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
+                            <circle cx="12" cy="12" r="10"/>
+                            <circle cx="12" cy="12" r="6"/>
+                            <circle cx="12" cy="12" r="2"/>
+                        </svg>
+                    </div>
+                    <h4>Full Scan</h4>
+                    <span className="scan-desc">Scan entire system (slow)</span>
+                    <button
+                        className="btn btn-primary btn-sm"
+                        onClick={(e) => { e.stopPropagation(); handleStartScan('full'); }}
+                        disabled={isScanning || scanning}
+                    >
+                        Start Scan
+                    </button>
+                </div>
+
+                <div className="scan-card scan-card--custom">
+                    <div className="scan-card-icon">
+                        <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
+                            <path d="M22 19a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h5l2 3h9a2 2 0 0 1 2 2z"/>
+                        </svg>
+                    </div>
+                    <h4>Custom Path</h4>
+                    <span className="scan-desc">Scan a specific directory</span>
+                    <div className="scan-custom-input">
+                        <input
+                            type="text"
+                            value={scanPath}
+                            onChange={(e) => setScanPath(e.target.value)}
+                            placeholder="/path/to/scan"
+                            disabled={isScanning}
+                            onClick={(e) => e.stopPropagation()}
+                        />
+                        <button
+                            className="btn btn-primary btn-sm"
+                            onClick={() => handleStartScan('custom')}
+                            disabled={isScanning || scanning || !scanPath}
+                        >
+                            Scan
+                        </button>
+                    </div>
+                </div>
+            </div>
+
+            <div className="scan-toolbar">
+                <button className="btn btn-sm btn-secondary" onClick={handleUpdateDefinitions} disabled={updating}>
+                    <svg viewBox="0 0 24 24" width="14" height="14" stroke="currentColor" fill="none" strokeWidth="2">
+                        <path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4"/>
+                        <polyline points="7 10 12 15 17 10"/>
+                        <line x1="12" y1="15" x2="12" y2="3"/>
+                    </svg>
+                    {updating ? 'Updating...' : 'Update Definitions'}
+                </button>
+            </div>
+
+            {isScanning && (
+                <div className="card scan-progress">
+                    <div className="card-header">
+                        <h3>Scan in Progress</h3>
+                        <button className="btn btn-sm btn-danger" onClick={handleCancelScan}>
+                            Cancel
+                        </button>
+                    </div>
+                    <div className="card-body">
+                        <div className="progress-info">
+                            <div className="spinner"></div>
+                            <div>
+                                <p><strong>Scanning:</strong> {scanStatus.directory}</p>
+                                <p><strong>Started:</strong> {new Date(scanStatus.started_at).toLocaleString()}</p>
+                                {scanStatus.files_scanned > 0 && (
+                                    <p><strong>Files scanned:</strong> {scanStatus.files_scanned}</p>
+                                )}
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            )}
+
+            <div className="card">
+                <div className="card-header">
+                    <h3>Scan History</h3>
+                    <button className="btn btn-sm btn-secondary" onClick={loadHistory}>Refresh</button>
+                </div>
+                <div className="card-body">
+                    {history.length === 0 ? (
+                        <div className="empty-state-sm">
+                            <svg viewBox="0 0 24 24" width="40" height="40" stroke="currentColor" fill="none" strokeWidth="1.5">
+                                <circle cx="11" cy="11" r="8"/>
+                                <line x1="21" y1="21" x2="16.65" y2="16.65"/>
+                            </svg>
+                            <p>No scans have been run yet. Start a scan above to check for threats.</p>
+                        </div>
+                    ) : (
+                        <table className="table">
+                            <thead>
+                                <tr>
+                                    <th>Date</th>
+                                    <th>Directory</th>
+                                    <th>Status</th>
+                                    <th>Threats</th>
+                                </tr>
+                            </thead>
+                            <tbody>
+                                {history.map((scan, index) => (
+                                    <tr key={index}>
+                                        <td>{new Date(scan.started_at).toLocaleString()}</td>
+                                        <td className="path-cell">{scan.directory}</td>
+                                        <td>
+                                            <span className={`badge badge-${scan.status === 'completed' ? 'success' : scan.status === 'error' ? 'danger' : 'warning'}`}>
+                                                {scan.status}
+                                            </span>
+                                        </td>
+                                        <td>
+                                            {scan.infected_files?.length > 0 ? (
+                                                <span className="badge badge-danger">{scan.infected_files.length} found</span>
+                                            ) : (
+                                                <span className="badge badge-success">Clean</span>
+                                            )}
+                                        </td>
+                                    </tr>
+                                ))}
+                            </tbody>
+                        </table>
+                    )}
+                </div>
+            </div>
+        </div>
+    );
+};
+
+export default ScannerTab;
diff --git a/frontend/src/components/security/SecurityConfigTab.jsx b/frontend/src/components/security/SecurityConfigTab.jsx
new file mode 100644
index 00000000..0976e98f
--- /dev/null
+++ b/frontend/src/components/security/SecurityConfigTab.jsx
@@ -0,0 +1,197 @@
+import React, { useState, useEffect } from 'react';
+import api from '../../services/api';
+
+const SecurityConfigTab = () => {
+    const [config, setConfig] = useState(null);
+    const [loading, setLoading] = useState(true);
+    const [saving, setSaving] = useState(false);
+    const [message, setMessage] = useState(null);
+
+    useEffect(() => {
+        loadConfig();
+    }, []);
+
+    async function loadConfig() {
+        try {
+            const data = await api.getSecurityConfig();
+            setConfig(data);
+        } catch (err) {
+            console.error('Failed to load security config:', err);
+        } finally {
+            setLoading(false);
+        }
+    }
+
+    async function handleSave() {
+        setSaving(true);
+        setMessage(null);
+        try {
+            await api.updateSecurityConfig(config);
+            setMessage({ type: 'success', text: 'Settings saved' });
+        } catch (err) {
+            setMessage({ type: 'error', text: err.message });
+        } finally {
+            setSaving(false);
+        }
+    }
+
+    function updateConfig(section, key, value) {
+        setConfig(prev => ({
+            ...prev,
+            [section]: {
+                ...prev[section],
+                [key]: value
+            }
+        }));
+    }
+
+    if (loading) {
+        return <div className="loading-sm">Loading settings...</div>;
+    }
+
+    return (
+        <div className="settings-tab">
+            {message && (
+                <div className={`alert alert-${message.type === 'success' ? 'success' : 'danger'}`}>
+                    {message.text}
+                </div>
+            )}
+
+            <div className="card">
+                <div className="card-header">
+                    <h3>ClamAV Settings</h3>
+                </div>
+                <div className="card-body">
+                    <div className="form-group">
+                        <label className="toggle-switch-label">
+                            <span>Enable ClamAV scanning</span>
+                            <label className="toggle-switch">
+                                <input
+                                    type="checkbox"
+                                    checked={config?.clamav?.enabled || false}
+                                    onChange={(e) => updateConfig('clamav', 'enabled', e.target.checked)}
+                                />
+                                <span className="toggle-slider"></span>
+                            </label>
+                        </label>
+                    </div>
+
+                    <div className="form-group">
+                        <label className="toggle-switch-label">
+                            <span>Scan files on upload</span>
+                            <label className="toggle-switch">
+                                <input
+                                    type="checkbox"
+                                    checked={config?.clamav?.scan_on_upload || false}
+                                    onChange={(e) => updateConfig('clamav', 'scan_on_upload', e.target.checked)}
+                                />
+                                <span className="toggle-slider"></span>
+                            </label>
+                        </label>
+                    </div>
+
+                    <div className="form-group">
+                        <label>Quarantine Path</label>
+                        <input
+                            type="text"
+                            value={config?.clamav?.quarantine_path || '/var/quarantine'}
+                            onChange={(e) => updateConfig('clamav', 'quarantine_path', e.target.value)}
+                        />
+                    </div>
+                </div>
+            </div>
+
+            <div className="card">
+                <div className="card-header">
+                    <h3>File Integrity Settings</h3>
+                </div>
+                <div className="card-body">
+                    <div className="form-group">
+                        <label className="toggle-switch-label">
+                            <span>Enable file integrity monitoring</span>
+                            <label className="toggle-switch">
+                                <input
+                                    type="checkbox"
+                                    checked={config?.file_integrity?.enabled || false}
+                                    onChange={(e) => updateConfig('file_integrity', 'enabled', e.target.checked)}
+                                />
+                                <span className="toggle-slider"></span>
+                            </label>
+                        </label>
+                    </div>
+
+                    <div className="form-group">
+                        <label className="toggle-switch-label">
+                            <span>Alert on file changes</span>
+                            <label className="toggle-switch">
+                                <input
+                                    type="checkbox"
+                                    checked={config?.file_integrity?.alert_on_change || false}
+                                    onChange={(e) => updateConfig('file_integrity', 'alert_on_change', e.target.checked)}
+                                />
+                                <span className="toggle-slider"></span>
+                            </label>
+                        </label>
+                    </div>
+                </div>
+            </div>
+
+            <div className="card">
+                <div className="card-header">
+                    <h3>Notification Settings</h3>
+                </div>
+                <div className="card-body">
+                    <div className="form-group">
+                        <label className="toggle-switch-label">
+                            <span>Notify on malware detection</span>
+                            <label className="toggle-switch">
+                                <input
+                                    type="checkbox"
+                                    checked={config?.notifications?.on_malware_found || false}
+                                    onChange={(e) => updateConfig('notifications', 'on_malware_found', e.target.checked)}
+                                />
+                                <span className="toggle-slider"></span>
+                            </label>
+                        </label>
+                    </div>
+
+                    <div className="form-group">
+                        <label className="toggle-switch-label">
+                            <span>Notify on integrity changes</span>
+                            <label className="toggle-switch">
+                                <input
+                                    type="checkbox"
+                                    checked={config?.notifications?.on_integrity_change || false}
+                                    onChange={(e) => updateConfig('notifications', 'on_integrity_change', e.target.checked)}
+                                />
+                                <span className="toggle-slider"></span>
+                            </label>
+                        </label>
+                    </div>
+
+                    <div className="form-group">
+                        <label className="toggle-switch-label">
+                            <span>Notify on suspicious activity</span>
+                            <label className="toggle-switch">
+                                <input
+                                    type="checkbox"
+                                    checked={config?.notifications?.on_suspicious_activity || false}
+                                    onChange={(e) => updateConfig('notifications', 'on_suspicious_activity', e.target.checked)}
+                                />
+                                <span className="toggle-slider"></span>
+                            </label>
+                        </label>
+                    </div>
+                </div>
+            </div>
+
+            <div className="form-actions">
+                <button className="btn btn-primary" onClick={handleSave} disabled={saving}>
+                    {saving ? 'Saving...' : 'Save Settings'}
+                </button>
+            </div>
+        </div>
+    );
+};
+
+export default SecurityConfigTab;
diff --git a/frontend/src/components/security/VulnerabilityTab.jsx b/frontend/src/components/security/VulnerabilityTab.jsx
new file mode 100644
index 00000000..e9c7a37c
--- /dev/null
+++ b/frontend/src/components/security/VulnerabilityTab.jsx
@@ -0,0 +1,185 @@
+import React, { useState, useEffect } from 'react';
+import api from '../../services/api';
+import { useToast } from '../../contexts/ToastContext';
+
+const VulnerabilityTab = () => {
+    const [lynisStatus, setLynisStatus] = useState(null);
+    const [scanStatus, setScanStatus] = useState(null);
+    const [loading, setLoading] = useState(true);
+    const [actionLoading, setActionLoading] = useState(false);
+    const toast = useToast();
+
+    useEffect(() => {
+        loadStatus();
+    }, []);
+
+    useEffect(() => {
+        let interval;
+        if (scanStatus?.status === 'running') {
+            interval = setInterval(loadScanStatus, 5000);
+        }
+        return () => clearInterval(interval);
+    }, [scanStatus?.status]);
+
+    const loadStatus = async () => {
+        setLoading(true);
+        try {
+            const [lynis, scan] = await Promise.all([
+                api.getLynisStatus(),
+                api.getLynisScanStatus()
+            ]);
+            setLynisStatus(lynis);
+            setScanStatus(scan);
+        } catch (error) {
+            console.error('Failed to load Lynis status:', error);
+        } finally {
+            setLoading(false);
+        }
+    };
+
+    const loadScanStatus = async () => {
+        try {
+            const scan = await api.getLynisScanStatus();
+            setScanStatus(scan);
+        } catch (error) {
+            console.error('Failed to load scan status:', error);
+        }
+    };
+
+    const handleInstall = async () => {
+        setActionLoading(true);
+        try {
+            await api.installLynis();
+            toast.success('Lynis installed successfully');
+            await loadStatus();
+        } catch (error) {
+            toast.error(`Failed to install: ${error.message}`);
+        } finally {
+            setActionLoading(false);
+        }
+    };
+
+    const handleStartScan = async () => {
+        setActionLoading(true);
+        try {
+            await api.runLynisScan();
+            toast.success('Vulnerability scan started');
+            await loadScanStatus();
+        } catch (error) {
+            toast.error(`Failed to start scan: ${error.message}`);
+        } finally {
+            setActionLoading(false);
+        }
+    };
+
+    if (loading) {
+        return <div className="loading-sm">Loading vulnerability scanner status...</div>;
+    }
+
+    return (
+        <div className="vulnerability-tab">
+            {!lynisStatus?.installed ? (
+                <div className="empty-state">
+                    <svg viewBox="0 0 24 24" width="48" height="48" stroke="currentColor" fill="none" strokeWidth="1">
+                        <circle cx="12" cy="12" r="10"/>
+                        <circle cx="12" cy="12" r="6"/>
+                        <circle cx="12" cy="12" r="2"/>
+                    </svg>
+                    <h3>Lynis Not Installed</h3>
+                    <p>Install Lynis to perform security audits and vulnerability scanning.</p>
+                    <button className="btn btn-primary" onClick={handleInstall} disabled={actionLoading}>
+                        {actionLoading ? 'Installing...' : 'Install Lynis'}
+                    </button>
+                </div>
+            ) : (
+                <>
+                    <div className="card">
+                        <div className="card-header">
+                            <h3>Lynis Vulnerability Scanner</h3>
+                            <button
+                                className="btn btn-primary"
+                                onClick={handleStartScan}
+                                disabled={actionLoading || scanStatus?.status === 'running'}
+                            >
+                                {scanStatus?.status === 'running' ? 'Scanning...' : 'Start Scan'}
+                            </button>
+                        </div>
+                        <div className="card-body">
+                            <div className="info-list">
+                                <div className="info-item">
+                                    <span className="info-label">Version</span>
+                                    <span className="info-value">{lynisStatus.version || 'Unknown'}</span>
+                                </div>
+                                <div className="info-item">
+                                    <span className="info-label">Scan Status</span>
+                                    <span className={`badge badge-${scanStatus?.status === 'completed' ? 'success' : scanStatus?.status === 'running' ? 'info' : 'secondary'}`}>
+                                        {scanStatus?.status || 'Idle'}
+                                    </span>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+
+                    {scanStatus?.status === 'running' && (
+                        <div className="card scan-progress">
+                            <div className="card-header">
+                                <h3>Scan in Progress</h3>
+                            </div>
+                            <div className="card-body">
+                                <div className="progress-info">
+                                    <div className="spinner"></div>
+                                    <p>Scanning system for vulnerabilities...</p>
+                                    <p className="text-muted">Started: {new Date(scanStatus.started_at).toLocaleString()}</p>
+                                </div>
+                            </div>
+                        </div>
+                    )}
+
+                    {scanStatus?.status === 'completed' && (
+                        <div className="card">
+                            <div className="card-header">
+                                <h3>Scan Results</h3>
+                                {scanStatus.hardening_index && (
+                                    <span className={`badge badge-${scanStatus.hardening_index >= 70 ? 'success' : scanStatus.hardening_index >= 50 ? 'warning' : 'danger'}`}>
+                                        Hardening Index: {scanStatus.hardening_index}
+                                    </span>
+                                )}
+                            </div>
+                            <div className="card-body">
+                                {scanStatus.warnings?.length > 0 && (
+                                    <div className="scan-section">
+                                        <h4>Warnings ({scanStatus.warnings.length})</h4>
+                                        <ul className="findings-list compact">
+                                            {scanStatus.warnings.slice(0, 20).map((warning, idx) => (
+                                                <li key={idx} className="warning">{warning}</li>
+                                            ))}
+                                            {scanStatus.warnings.length > 20 && (
+                                                <li className="text-muted">...and {scanStatus.warnings.length - 20} more</li>
+                                            )}
+                                        </ul>
+                                    </div>
+                                )}
+
+                                {scanStatus.suggestions?.length > 0 && (
+                                    <div className="scan-section">
+                                        <h4>Suggestions ({scanStatus.suggestions.length})</h4>
+                                        <ul className="findings-list compact">
+                                            {scanStatus.suggestions.slice(0, 20).map((suggestion, idx) => (
+                                                <li key={idx} className="suggestion">{suggestion}</li>
+                                            ))}
+                                            {scanStatus.suggestions.length > 20 && (
+                                                <li className="text-muted">...and {scanStatus.suggestions.length - 20} more</li>
+                                            )}
+                                        </ul>
+                                    </div>
+                                )}
+                            </div>
+                        </div>
+                    )}
+                </>
+            )}
+        </div>
+    );
+};
+
+export default VulnerabilityTab;
diff --git a/frontend/src/components/security/index.js b/frontend/src/components/security/index.js
new file mode 100644
index 00000000..47ee9275
--- /dev/null
+++ b/frontend/src/components/security/index.js
@@ -0,0 +1,13 @@
+export { default as OverviewTab } from './OverviewTab';
+export { default as FirewallTab } from './FirewallTab';
+export { default as Fail2banTab } from './Fail2banTab';
+export { default as SSHKeysTab } from './SSHKeysTab';
+export { default as IPListsTab } from './IPListsTab';
+export { default as ScannerTab } from './ScannerTab';
+export { default as QuarantineTab } from './QuarantineTab';
+export { default as IntegrityTab } from './IntegrityTab';
+export { default as AuditTab } from './AuditTab';
+export { default as VulnerabilityTab } from './VulnerabilityTab';
+export { default as AutoUpdatesTab } from './AutoUpdatesTab';
+export { default as EventsTab } from './EventsTab';
+export { default as SecurityConfigTab } from './SecurityConfigTab';
diff --git a/frontend/src/components/service-detail/GitConnectModal.jsx b/frontend/src/components/service-detail/GitConnectModal.jsx
index 8b6675a3..5baeab5f 100644
--- a/frontend/src/components/service-detail/GitConnectModal.jsx
+++ b/frontend/src/components/service-detail/GitConnectModal.jsx
@@ -1,6 +1,7 @@
 import React, { useState, useEffect } from 'react';
 import api from '../../services/api';
 import { useToast } from '../../contexts/ToastContext';
+import Modal from '../Modal';
 
 const GitConnectModal = ({ appId, deployConfig, onClose, onSaved }) => {
     const toast = useToast();
@@ -72,13 +73,7 @@ const GitConnectModal = ({ appId, deployConfig, onClose, onSaved }) => {
     }
 
     return (
-        <div className="modal-overlay" onClick={onClose}>
-            <div className="modal-content" onClick={(e) => e.stopPropagation()}>
-                <div className="modal-header">
-                    <h2>{deployConfig ? 'Edit Repository' : 'Connect Repository'}</h2>
-                    <button className="modal-close" onClick={onClose}>&times;</button>
-                </div>
-
+        <Modal open={true} onClose={onClose} title={deployConfig ? 'Edit Repository' : 'Connect Repository'}>
                 <form className="git-connect-modal__form" onSubmit={handleSubmit}>
                     <div className="git-connect-modal__field">
                         <label>Repository URL</label>
@@ -159,8 +154,7 @@ const GitConnectModal = ({ appId, deployConfig, onClose, onSaved }) => {
                         </button>
                     </div>
                 </form>
-            </div>
-        </div>
+        </Modal>
     );
 };
 
diff --git a/frontend/src/components/settings/AboutTab.jsx b/frontend/src/components/settings/AboutTab.jsx
new file mode 100644
index 00000000..b798e838
--- /dev/null
+++ b/frontend/src/components/settings/AboutTab.jsx
@@ -0,0 +1,199 @@
+import React, { useState, useEffect } from 'react';
+import api from '../../services/api';
+import {
+    Github, FileText, HelpCircle, MessageSquare, Bug, Check, Download, CheckCircle,
+    RefreshCw, ExternalLink, Star, X
+} from 'lucide-react';
+import ServerKitLogo from '../ServerKitLogo';
+
+const STAR_PROMPT_KEY = 'serverkit-star-prompt-dismissed';
+
+const AboutTab = () => {
+    const [version, setVersion] = useState('...');
+    const [updateInfo, setUpdateInfo] = useState(null);
+    const [checkingUpdate, setCheckingUpdate] = useState(false);
+    const [showStarPrompt, setShowStarPrompt] = useState(() => {
+        return localStorage.getItem(STAR_PROMPT_KEY) !== 'true';
+    });
+
+    useEffect(() => {
+        const fetchVersion = async () => {
+            try {
+                const data = await api.getVersion();
+                setVersion(data.version || '1.0.0');
+            } catch (error) {
+                setVersion('1.0.0');
+            }
+        };
+        fetchVersion();
+    }, []);
+
+    const dismissStarPrompt = () => {
+        setShowStarPrompt(false);
+        localStorage.setItem(STAR_PROMPT_KEY, 'true');
+    };
+
+    const checkForUpdate = async () => {
+        setCheckingUpdate(true);
+        try {
+            const data = await api.checkUpdate();
+            setUpdateInfo(data);
+        } catch (error) {
+            setUpdateInfo({ error: 'Failed to check for updates' });
+        }
+        setCheckingUpdate(false);
+    };
+
+    return (
+        <div className="settings-section">
+            <div className="section-header">
+                <h2>About ServerKit</h2>
+                <p>Server management made simple</p>
+            </div>
+
+            <div className="about-card">
+                <div className="about-logo">
+                    <ServerKitLogo width={64} height={64} />
+                </div>
+                <h3>ServerKit</h3>
+                <p className="version">Version {version}</p>
+                <p className="description">
+                    A modern, lightweight server management panel for managing web applications,
+                    databases, domains, and more. Built with Flask and React.
+                </p>
+
+                <div className="update-check">
+                    {!updateInfo ? (
+                        <button
+                            className="btn btn-secondary btn-sm"
+                            onClick={checkForUpdate}
+                            disabled={checkingUpdate}
+                        >
+                            {checkingUpdate ? (
+                                <><RefreshCw size={14} className="spinning" /> Checking...</>
+                            ) : (
+                                <><Download size={14} /> Check for Updates</>
+                            )}
+                        </button>
+                    ) : updateInfo.error ? (
+                        <div className="update-status error">
+                            <span>{updateInfo.error}</span>
+                            <button className="btn-link" onClick={checkForUpdate}>Retry</button>
+                        </div>
+                    ) : updateInfo.update_available ? (
+                        <div className="update-status available">
+                            <Download size={16} />
+                            <span>Update available: <strong>v{updateInfo.latest_version}</strong></span>
+                            <a
+                                href={updateInfo.release_url}
+                                target="_blank"
+                                rel="noopener noreferrer"
+                                className="btn btn-accent btn-sm"
+                            >
+                                View Release <ExternalLink size={12} />
+                            </a>
+                        </div>
+                    ) : (
+                        <div className="update-status current">
+                            <CheckCircle size={16} />
+                            <span>You&apos;re up to date!</span>
+                        </div>
+                    )}
+                </div>
+            </div>
+
+            {showStarPrompt && (
+                <div className="star-prompt-card">
+                    <button className="dismiss-btn" onClick={dismissStarPrompt} title="Dismiss">
+                        <X size={16} />
+                    </button>
+                    <div className="star-icon">
+                        <Star size={24} />
+                    </div>
+                    <div className="star-content">
+                        <h4>Enjoying ServerKit?</h4>
+                        <p>If you find ServerKit useful, consider starring the repository on GitHub. It helps others discover the project!</p>
+                        <a
+                            href="https://github.com/jhd3197/ServerKit"
+                            target="_blank"
+                            rel="noopener noreferrer"
+                            className="btn btn-accent"
+                        >
+                            <Star size={16} />
+                            Star on GitHub
+                        </a>
+                    </div>
+                </div>
+            )}
+
+            <div className="settings-card">
+                <h3>Features</h3>
+                <ul className="feature-list">
+                    <li>
+                        <Check size={16} />
+                        Application Management (PHP, Python, Node.js, Docker)
+                    </li>
+                    <li>
+                        <Check size={16} />
+                        Domain & SSL Certificate Management
+                    </li>
+                    <li>
+                        <Check size={16} />
+                        Database Management (MySQL, PostgreSQL)
+                    </li>
+                    <li>
+                        <Check size={16} />
+                        Docker Container Management
+                    </li>
+                    <li>
+                        <Check size={16} />
+                        System Monitoring & Alerts
+                    </li>
+                    <li>
+                        <Check size={16} />
+                        Automated Backups
+                    </li>
+                    <li>
+                        <Check size={16} />
+                        Git Deployment with Webhooks
+                    </li>
+                </ul>
+            </div>
+
+            <div className="settings-card">
+                <h3>Links</h3>
+                <div className="link-list">
+                    <a href="https://github.com/jhd3197/ServerKit" target="_blank" rel="noopener noreferrer" className="link-item">
+                        <Github size={18} />
+                        GitHub Repository
+                    </a>
+                    <a href="https://github.com/jhd3197/ServerKit#readme" target="_blank" rel="noopener noreferrer" className="link-item">
+                        <FileText size={18} />
+                        Documentation
+                    </a>
+                    <a href="https://github.com/jhd3197/ServerKit/issues" target="_blank" rel="noopener noreferrer" className="link-item">
+                        <HelpCircle size={18} />
+                        Support & Issues
+                    </a>
+                    <a href="https://github.com/jhd3197/ServerKit/discussions" target="_blank" rel="noopener noreferrer" className="link-item">
+                        <MessageSquare size={18} />
+                        Discussions
+                    </a>
+                    <a href="https://github.com/jhd3197/ServerKit/issues/new" target="_blank" rel="noopener noreferrer" className="link-item">
+                        <Bug size={18} />
+                        Report a Bug
+                    </a>
+                </div>
+            </div>
+
+            <div className="settings-card">
+                <h3>License</h3>
+                <p className="license-text">
+                    ServerKit is open source software licensed under the MIT License.
+                </p>
+            </div>
+        </div>
+    );
+};
+
+export default AboutTab;
diff --git a/frontend/src/components/settings/ActivityTab.jsx b/frontend/src/components/settings/ActivityTab.jsx
index 0b72f5e8..53fd858b 100644
--- a/frontend/src/components/settings/ActivityTab.jsx
+++ b/frontend/src/components/settings/ActivityTab.jsx
@@ -1,15 +1,19 @@
-import React, { useState, useEffect } from 'react';
+import { useState, useEffect } from 'react';
 import api from '../../services/api';
+import ContributionGraph from './ContributionGraph';
+import { Search, Filter, X, ChevronRight, User as UserIcon, Activity as ActivityIcon, Terminal } from 'lucide-react';
 
 const ActivityTab = () => {
     const [summary, setSummary] = useState(null);
-    const [feed, setFeed] = useState([]);
-    const [feedPagination, setFeedPagination] = useState(null);
+    const [logs, setLogs] = useState([]);
     const [loading, setLoading] = useState(true);
     const [feedLoading, setFeedLoading] = useState(false);
     const [users, setUsers] = useState([]);
-    const [filters, setFilters] = useState({ user_id: '', action: '', page: 1 });
     const [actions, setActions] = useState([]);
+    const [pagination, setPagination] = useState({
+        page: 1, perPage: 50, total: 0, pages: 1
+    });
+    const [filters, setFilters] = useState({ action: '', user_id: '' });
 
     useEffect(() => {
         loadSummary();
@@ -18,8 +22,8 @@ const ActivityTab = () => {
     }, []);
 
     useEffect(() => {
-        loadFeed();
-    }, [filters]);
+        loadLogs();
+    }, [pagination.page, filters]);
 
     async function loadSummary() {
         try {
@@ -32,16 +36,23 @@ const ActivityTab = () => {
         }
     }
 
-    async function loadFeed() {
+    async function loadLogs() {
         try {
             setFeedLoading(true);
-            const params = { per_page: 20 };
-            if (filters.page) params.page = filters.page;
-            if (filters.user_id) params.user_id = filters.user_id;
+            const params = {
+                page: pagination.page,
+                per_page: pagination.perPage
+            };
             if (filters.action) params.action = filters.action;
-            const data = await api.getActivityFeed(params);
-            setFeed(data.logs || []);
-            setFeedPagination(data.pagination);
+            if (filters.user_id) params.user_id = filters.user_id;
+
+            const data = await api.getAuditLogs(params);
+            setLogs(data.logs || []);
+            setPagination(prev => ({
+                ...prev,
+                total: data.pagination?.total || 0,
+                pages: data.pagination?.pages || 1
+            }));
         } catch {
             // Silently handle
         } finally {
@@ -53,34 +64,70 @@ const ActivityTab = () => {
         try {
             const data = await api.getUsers();
             setUsers(data.users || []);
-        } catch {
-            // Silently handle
-        }
+        } catch { /* ignore */ }
     }
 
     async function loadActions() {
         try {
             const data = await api.getAuditLogActions();
             setActions(data.actions || []);
-        } catch {
-            // Silently handle
-        }
+        } catch { /* ignore */ }
+    }
+
+    function handleFilterChange(name, value) {
+        setFilters(prev => ({ ...prev, [name]: value }));
+        setPagination(prev => ({ ...prev, page: 1 }));
     }
 
     function formatDate(dateString) {
         if (!dateString) return '';
-        return new Date(dateString).toLocaleDateString('en-US', {
-            month: 'short', day: 'numeric', hour: '2-digit', minute: '2-digit'
+        const date = new Date(dateString);
+        return date.toLocaleString('en-US', {
+            month: 'short', day: 'numeric',
+            hour: '2-digit', minute: '2-digit'
         });
     }
 
+    function getActionIcon(action) {
+        if (action.includes('login')) {
+            return <UserIcon size={16} />;
+        }
+        if (action.includes('app') || action.includes('deploy')) {
+            return <Terminal size={16} />;
+        }
+        if (action.includes('setting')) {
+            return <ActivityIcon size={16} />;
+        }
+        return <ChevronRight size={16} />;
+    }
+
     function getActionClass(action) {
-        if (action?.includes('delete') || action?.includes('revoke')) return 'action-danger';
-        if (action?.includes('failed') || action?.includes('disable')) return 'action-warning';
-        if (action?.includes('create') || action?.includes('login') || action?.includes('accept')) return 'action-success';
+        if (action?.includes('failed') || action?.includes('delete') || action?.includes('revoke')) return 'action-danger';
+        if (action?.includes('create') || action?.includes('enable') || action?.includes('login') || action?.includes('accept')) return 'action-success';
+        if (action?.includes('update') || action?.includes('disable')) return 'action-warning';
         return 'action-info';
     }
 
+    function formatActionName(action) {
+        return action.replace(/\./g, ' ').replace(/_/g, ' ');
+    }
+
+    function renderDetails(details) {
+        if (!details || Object.keys(details).length === 0) return null;
+        return (
+            <div className="log-details">
+                {Object.entries(details).map(([key, value]) => (
+                    <span key={key} className="detail-item">
+                        <span className="detail-key">{key}</span>
+                        <span className="detail-value">
+                            {typeof value === 'object' ? JSON.stringify(value) : String(value)}
+                        </span>
+                    </span>
+                ))}
+            </div>
+        );
+    }
+
     if (loading) {
         return <div className="activity-tab"><div className="loading-state">Loading activity...</div></div>;
     }
@@ -94,7 +141,7 @@ const ActivityTab = () => {
             <div className="tab-header">
                 <div className="tab-header-content">
                     <h3>Activity Dashboard</h3>
-                    <p>Monitor team activity and recent actions</p>
+                    <p>Monitor team activity, audit actions, and system events</p>
                 </div>
             </div>
 
@@ -102,102 +149,158 @@ const ActivityTab = () => {
                 <>
                     <div className="activity-summary">
                         <div className="activity-stat-card">
-                            <span className="stat-number">{summary.active_users_today}</span>
                             <span className="stat-label">Active Users Today</span>
+                            <span className="stat-number">{summary.active_users_today}</span>
                         </div>
                         <div className="activity-stat-card">
-                            <span className="stat-number">{summary.actions_this_week}</span>
                             <span className="stat-label">Actions This Week</span>
+                            <span className="stat-number">{summary.actions_this_week}</span>
                         </div>
                         <div className="activity-stat-card">
-                            <span className="stat-number">{summary.total_users}</span>
                             <span className="stat-label">Total Users</span>
+                            <span className="stat-number">{summary.total_users}</span>
                         </div>
                     </div>
 
+                    <div className="graphs-section">
+                        <ContributionGraph
+                            data={summary.daily_counts}
+                            title="Overall System Activity"
+                        />
+                        {summary.top_user_daily && summary.top_user_daily.length > 0 && summary.top_users?.length > 1 && (
+                            <ContributionGraph
+                                data={summary.top_user_daily}
+                                title="Most Active User Activity"
+                                username={summary.top_users[0]?.username}
+                            />
+                        )}
+                    </div>
+
                     {summary.top_users && summary.top_users.length > 0 && (
                         <div className="most-active-users">
                             <h4>Most Active Users (This Week)</h4>
-                            {summary.top_users.map((u, i) => (
-                                <div key={u.user_id} className="active-user-item">
-                                    <span className="active-user-rank">{i + 1}</span>
-                                    <span className="active-user-name">{u.username}</span>
-                                    <div className="active-user-bar-wrapper">
-                                        <div
-                                            className="active-user-bar"
-                                            style={{ width: `${(u.action_count / maxCount) * 100}%` }}
-                                        />
+                            <div className="active-users-list">
+                                {summary.top_users.map((u, i) => (
+                                    <div key={u.user_id} className="active-user-item">
+                                        <span className="active-user-rank">{i + 1}</span>
+                                        <div className="active-user-info">
+                                            <span className="active-user-name">{u.username}</span>
+                                            <div className="active-user-bar-wrapper">
+                                                <div
+                                                    className="active-user-bar"
+                                                    style={{ width: `${(u.action_count / maxCount) * 100}%` }}
+                                                />
+                                            </div>
+                                        </div>
+                                        <span className="active-user-count">{u.action_count} actions</span>
                                     </div>
-                                    <span className="active-user-count">{u.action_count}</span>
-                                </div>
-                            ))}
+                                ))}
+                            </div>
                         </div>
                     )}
                 </>
             )}
 
             <div className="activity-feed-section">
-                <h4>Activity Feed</h4>
+                <div className="section-header">
+                    <h4>Audit Log</h4>
+                </div>
+                
                 <div className="filters-bar">
                     <div className="filter-group">
-                        <label>User</label>
-                        <select value={filters.user_id} onChange={e => setFilters(f => ({ ...f, user_id: e.target.value, page: 1 }))}>
-                            <option value="">All users</option>
-                            {users.map(u => (
-                                <option key={u.id} value={u.id}>{u.username}</option>
+                        <label><Filter size={12} /> Action Type</label>
+                        <select
+                            className="form-control"
+                            value={filters.action}
+                            onChange={e => handleFilterChange('action', e.target.value)}
+                        >
+                            <option value="">All Actions</option>
+                            {actions.map(action => (
+                                <option key={action} value={action}>{formatActionName(action)}</option>
                             ))}
                         </select>
                     </div>
                     <div className="filter-group">
-                        <label>Action</label>
-                        <select value={filters.action} onChange={e => setFilters(f => ({ ...f, action: e.target.value, page: 1 }))}>
-                            <option value="">All actions</option>
-                            {actions.map(a => (
-                                <option key={a} value={a}>{a}</option>
+                        <label><UserIcon size={12} /> User</label>
+                        <select
+                            className="form-control"
+                            value={filters.user_id}
+                            onChange={e => handleFilterChange('user_id', e.target.value)}
+                        >
+                            <option value="">All Users</option>
+                            {users.map(u => (
+                                <option key={u.id} value={u.id}>{u.username}</option>
                             ))}
                         </select>
                     </div>
+                    {(filters.action || filters.user_id) && (
+                        <button className="btn btn-ghost btn-sm btn-clear" onClick={() => {
+                            setFilters({ action: '', user_id: '' });
+                            setPagination(prev => ({ ...prev, page: 1 }));
+                        }}>
+                            <X size={14} /> Clear
+                        </button>
+                    )}
                 </div>
 
                 {feedLoading ? (
-                    <div className="loading-state">Loading...</div>
-                ) : feed.length === 0 ? (
-                    <div className="empty-state">No activity found</div>
+                    <div className="loading-state">
+                        <div className="spinner" />
+                        Loading logs...
+                    </div>
+                ) : logs.length === 0 ? (
+                    <div className="empty-state">
+                        <Search size={40} />
+                        <p>No audit logs found</p>
+                    </div>
                 ) : (
                     <div className="audit-log-list">
-                        {feed.map(entry => (
-                            <div key={entry.id} className={`log-entry ${getActionClass(entry.action)}`}>
+                        {logs.map(log => (
+                            <div key={log.id} className={`log-entry ${getActionClass(log.action)}`}>
+                                <div className="log-icon">
+                                    {getActionIcon(log.action)}
+                                </div>
                                 <div className="log-content">
                                     <div className="log-header">
-                                        <span className="log-action">{entry.action}</span>
-                                        {entry.username && <span className="log-user">by {entry.username}</span>}
-                                    </div>
-                                    <div className="log-meta">
-                                        <span>{formatDate(entry.created_at)}</span>
-                                        {entry.ip_address && <span className="log-ip">{entry.ip_address}</span>}
+                                        <span className="log-action">{formatActionName(log.action)}</span>
+                                        <span className="log-user">
+                                            {log.username || 'System'}
+                                        </span>
+                                        {log.target_type && (
+                                            <span className="log-target">
+                                                on {log.target_type} {log.target_id ? `#${log.target_id}` : ''}
+                                            </span>
+                                        )}
+                                        <span className="log-time">{formatDate(log.created_at)}</span>
                                     </div>
+                                    {renderDetails(log.details)}
+                                    {log.ip_address && (
+                                        <div className="log-meta">
+                                            <span className="log-ip">{log.ip_address}</span>
+                                        </div>
+                                    )}
                                 </div>
                             </div>
                         ))}
                     </div>
                 )}
 
-                {feedPagination && feedPagination.pages > 1 && (
+                {pagination.pages > 1 && (
                     <div className="pagination">
                         <button
-                            className="btn btn-ghost btn-sm"
-                            disabled={!feedPagination.has_prev}
-                            onClick={() => setFilters(f => ({ ...f, page: f.page - 1 }))}
+                            className="btn btn-sm btn-outline"
+                            disabled={pagination.page <= 1}
+                            onClick={() => setPagination(prev => ({ ...prev, page: prev.page - 1 }))}
                         >
                             Previous
                         </button>
                         <span className="pagination-info">
-                            Page {feedPagination.page} of {feedPagination.pages}
+                            Page {pagination.page} of {pagination.pages}
                         </span>
                         <button
-                            className="btn btn-ghost btn-sm"
-                            disabled={!feedPagination.has_next}
-                            onClick={() => setFilters(f => ({ ...f, page: f.page + 1 }))}
+                            className="btn btn-sm btn-outline"
+                            disabled={pagination.page >= pagination.pages}
+                            onClick={() => setPagination(prev => ({ ...prev, page: prev.page + 1 }))}
                         >
                             Next
                         </button>
diff --git a/frontend/src/components/settings/ApiKeyModal.jsx b/frontend/src/components/settings/ApiKeyModal.jsx
index d255f30f..ba77b203 100644
--- a/frontend/src/components/settings/ApiKeyModal.jsx
+++ b/frontend/src/components/settings/ApiKeyModal.jsx
@@ -1,5 +1,6 @@
 import { useState } from 'react';
 import { X, Copy, Check, AlertTriangle } from 'lucide-react';
+import Modal from '../Modal';
 
 const SCOPE_OPTIONS = [
     { value: '*', label: 'Full Access' },
@@ -71,13 +72,7 @@ const ApiKeyModal = ({ onClose, onSubmit, createdKey }) => {
     // Show created key view
     if (createdKey) {
         return (
-            <div className="modal-overlay" onClick={onClose}>
-                <div className="modal api-key-modal" onClick={e => e.stopPropagation()}>
-                    <div className="modal-header">
-                        <h3>API Key Created</h3>
-                        <button className="modal-close" onClick={onClose}><X size={18} /></button>
-                    </div>
-                    <div className="modal-body">
+            <Modal open={true} onClose={onClose} title="API Key Created" className="api-key-modal">
                         <div className="api-key-modal__warning">
                             <AlertTriangle size={16} />
                             <span>Copy this key now. It will not be shown again.</span>
@@ -89,22 +84,15 @@ const ApiKeyModal = ({ onClose, onSubmit, createdKey }) => {
                                 {copied ? 'Copied' : 'Copy'}
                             </button>
                         </div>
-                    </div>
                     <div className="modal-footer">
                         <button className="btn btn-primary" onClick={onClose}>Done</button>
                     </div>
-                </div>
-            </div>
+            </Modal>
         );
     }
 
     return (
-        <div className="modal-overlay" onClick={onClose}>
-            <div className="modal api-key-modal" onClick={e => e.stopPropagation()}>
-                <div className="modal-header">
-                    <h3>Create API Key</h3>
-                    <button className="modal-close" onClick={onClose}><X size={18} /></button>
-                </div>
+        <Modal open={true} onClose={onClose} title="Create API Key" className="api-key-modal">
                 <form onSubmit={handleSubmit}>
                     <div className="modal-body">
                         <div className="form-group">
@@ -171,8 +159,7 @@ const ApiKeyModal = ({ onClose, onSubmit, createdKey }) => {
                         </button>
                     </div>
                 </form>
-            </div>
-        </div>
+        </Modal>
     );
 };
 
diff --git a/frontend/src/components/settings/AppearanceTab.jsx b/frontend/src/components/settings/AppearanceTab.jsx
new file mode 100644
index 00000000..506df3d9
--- /dev/null
+++ b/frontend/src/components/settings/AppearanceTab.jsx
@@ -0,0 +1,150 @@
+import { useTheme } from '../../contexts/ThemeContext';
+import useDashboardLayout from '../../hooks/useDashboardLayout';
+import { ChevronDown, ChevronUp, RotateCcw } from 'lucide-react';
+
+const ACCENT_PRESETS = [
+    { label: 'Indigo', color: '#6366f1' },
+    { label: 'Ocean', color: '#0ea5e9' },
+    { label: 'Forest', color: '#10b981' },
+    { label: 'Sunset', color: '#f97316' },
+    { label: 'Rose', color: '#f43f5e' },
+    { label: 'Violet', color: '#8b5cf6' },
+    { label: 'Amber', color: '#f59e0b' },
+    { label: 'Cyan', color: '#06b6d4' },
+];
+
+const AppearanceTab = () => {
+    const { theme, setTheme, accentColor, setAccentColor } = useTheme();
+    const { widgets, toggleWidget, moveWidget, resetLayout } = useDashboardLayout();
+
+    return (
+        <div className="settings-section">
+            <div className="section-header">
+                <h2>Appearance</h2>
+                <p>Customize the look and feel of your dashboard</p>
+            </div>
+
+            <div className="settings-card">
+                <h3>Theme</h3>
+                <p>Select your preferred color scheme</p>
+                <div className="theme-options">
+                    <button
+                        className={`theme-option ${theme === 'dark' ? 'active' : ''}`}
+                        onClick={() => setTheme('dark')}
+                    >
+                        <div className="theme-preview dark">
+                            <div className="preview-sidebar"></div>
+                            <div className="preview-content">
+                                <div className="preview-card"></div>
+                                <div className="preview-card"></div>
+                            </div>
+                        </div>
+                        <span>Dark</span>
+                    </button>
+                    <button
+                        className={`theme-option ${theme === 'light' ? 'active' : ''}`}
+                        onClick={() => setTheme('light')}
+                    >
+                        <div className="theme-preview light">
+                            <div className="preview-sidebar"></div>
+                            <div className="preview-content">
+                                <div className="preview-card"></div>
+                                <div className="preview-card"></div>
+                            </div>
+                        </div>
+                        <span>Light</span>
+                    </button>
+                    <button
+                        className={`theme-option ${theme === 'system' ? 'active' : ''}`}
+                        onClick={() => setTheme('system')}
+                    >
+                        <div className="theme-preview system">
+                            <div className="preview-sidebar"></div>
+                            <div className="preview-content">
+                                <div className="preview-card"></div>
+                                <div className="preview-card"></div>
+                            </div>
+                        </div>
+                        <span>System</span>
+                    </button>
+                </div>
+            </div>
+
+            <div className="settings-card">
+                <h3>Accent Color</h3>
+                <p>Choose the primary accent color used across the interface</p>
+                <div className="accent-presets">
+                    {ACCENT_PRESETS.map(({ label, color }) => (
+                        <button
+                            key={color}
+                            className={`accent-preset${accentColor === color ? ' active' : ''}`}
+                            onClick={() => setAccentColor(color)}
+                        >
+                            <span className="accent-swatch" style={{ background: color }} />
+                            <span className="accent-label">{label}</span>
+                        </button>
+                    ))}
+                </div>
+                <div className="accent-custom">
+                    <label className="accent-custom-label">Custom color</label>
+                    <div className="accent-custom-row">
+                        <input
+                            type="color"
+                            className="accent-custom-input"
+                            value={accentColor}
+                            onChange={(e) => setAccentColor(e.target.value)}
+                        />
+                        <span className="accent-custom-hex">{accentColor.toUpperCase()}</span>
+                    </div>
+                </div>
+            </div>
+
+            <div className="settings-card">
+                <h3>Dashboard Widgets</h3>
+                <p>Toggle visibility and reorder widgets on the dashboard</p>
+                <div className="widget-list">
+                    {widgets.map((widget, idx) => (
+                        <div key={widget.id} className={`widget-item${!widget.visible ? ' widget-item--hidden' : ''}`}>
+                            <div className="widget-item__info">
+                                <label className="toggle-switch">
+                                    <input
+                                        type="checkbox"
+                                        checked={widget.visible}
+                                        onChange={() => toggleWidget(widget.id)}
+                                    />
+                                    <span className="toggle-slider"></span>
+                                </label>
+                                <span className="widget-item__label">{widget.label}</span>
+                            </div>
+                            <div className="widget-item__controls">
+                                <button
+                                    className="widget-move-btn"
+                                    onClick={() => moveWidget(widget.id, 'up')}
+                                    disabled={idx === 0}
+                                    title="Move up"
+                                >
+                                    <ChevronUp size={14} />
+                                </button>
+                                <button
+                                    className="widget-move-btn"
+                                    onClick={() => moveWidget(widget.id, 'down')}
+                                    disabled={idx === widgets.length - 1}
+                                    title="Move down"
+                                >
+                                    <ChevronDown size={14} />
+                                </button>
+                            </div>
+                        </div>
+                    ))}
+                </div>
+                <button className="btn btn-secondary btn-sm" onClick={resetLayout} style={{ marginTop: '12px' }}>
+                    <RotateCcw size={14} />
+                    Reset to defaults
+                </button>
+            </div>
+
+        </div>
+    );
+};
+
+export default AppearanceTab;
diff --git a/frontend/src/components/settings/ContributionGraph.jsx b/frontend/src/components/settings/ContributionGraph.jsx
new file mode 100644
index 00000000..e84af796
--- /dev/null
+++ b/frontend/src/components/settings/ContributionGraph.jsx
@@ -0,0 +1,69 @@
+import React from 'react';
+
+const ContributionGraph = ({ data, title, username }) => {
+    if (!data || data.length === 0) return null;
+
+    const maxCount = Math.max(...data.map(d => d.count), 1);
+    
+    // Group by week for display
+    const weeks = [];
+    let currentWeek = [];
+    
+    data.forEach((day, index) => {
+        currentWeek.push(day);
+        if (currentWeek.length === 7 || index === data.length - 1) {
+            weeks.push(currentWeek);
+            currentWeek = [];
+        }
+    });
+
+    const getLevel = (count) => {
+        if (count === 0) return 0;
+        const percentage = (count / maxCount) * 100;
+        if (percentage <= 25) return 1;
+        if (percentage <= 50) return 2;
+        if (percentage <= 75) return 3;
+        return 4;
+    };
+
+    const formatDate = (dateStr) => {
+        const date = new Date(dateStr);
+        return date.toLocaleDateString('en-US', { month: 'short', day: 'numeric', year: 'numeric' });
+    };
+
+    return (
+        <div className="contribution-graph-container">
+            <div className="graph-header">
+                <h4>{title} {username && <span className="username">@{username}</span>}</h4>
+                <div className="graph-legend">
+                    <span>Less</span>
+                    <div className="legend-cells">
+                        <div className="cell level-0" />
+                        <div className="cell level-1" />
+                        <div className="cell level-2" />
+                        <div className="cell level-3" />
+                        <div className="cell level-4" />
+                    </div>
+                    <span>More</span>
+                </div>
+            </div>
+            <div className="graph-grid-wrapper">
+                <div className="graph-grid">
+                    {weeks.map((week, weekIndex) => (
+                        <div key={weekIndex} className="graph-week">
+                            {week.map((day, dayIndex) => (
+                                <div
+                                    key={dayIndex}
+                                    className={`graph-cell level-${getLevel(day.count)}`}
+                                    title={`${day.count} actions on ${formatDate(day.date)}`}
+                                />
+                            ))}
+                        </div>
+                    ))}
+                </div>
+            </div>
+        </div>
+    );
+};
+
+export default ContributionGraph;
diff --git a/frontend/src/components/settings/IconReferenceTab.jsx b/frontend/src/components/settings/IconReferenceTab.jsx
new file mode 100644
index 00000000..8dfcc068
--- /dev/null
+++ b/frontend/src/components/settings/IconReferenceTab.jsx
@@ -0,0 +1,132 @@
+import React, { useState } from 'react';
+import {
+    Github, FileText, HelpCircle, MessageSquare, Bug, Check, Download, CheckCircle,
+    RefreshCw, ExternalLink, Star, X, Code, Search, Container, Globe, BarChart3,
+    Database, Shield, Cloud, Video, Music, Image, Home, Server, GitBranch, Workflow,
+    HardDrive, Lock, Users, Settings as SettingsIcon, Layers, ChevronDown, Copy, Tag,
+    Cpu, AlertTriangle, Info, Activity, Terminal, Play, Square, Trash2, Plus, Package,
+    ArrowRight, ArrowLeft, Eye, Save, Clock, Calendar, Edit3, Link, Unlink, Archive,
+    Radio, Zap, MemoryStick, Monitor, Sun, Moon, ChevronRight, ChevronUp, LogOut,
+    Loader, RotateCcw, FolderOpen, Layout, Palette, Camera, Newspaper, TrendingUp,
+    Sparkles, ArrowUpCircle, AlertCircle, XCircle, GitCompare, GitCommit, Rocket,
+    Minus, Unlock, ArrowDownLeft, ArrowUpRight
+} from 'lucide-react';
+
+const ICON_CATALOG = {
+    'General': {
+        Search, X, Check, Copy, Plus, Trash2, Edit3, Save, Eye, Info,
+        HelpCircle, AlertTriangle, AlertCircle, ExternalLink, Link, Unlink,
+        ChevronDown, ChevronRight, ChevronUp, ArrowRight, ArrowLeft,
+        ArrowUpRight, ArrowDownLeft, ArrowUpCircle
+    },
+    'Status': {
+        CheckCircle, XCircle, Loader, RefreshCw, RotateCcw, Activity,
+        Zap, Sparkles
+    },
+    'Files & Data': {
+        FileText, FolderOpen, Archive, Download, Package, Database,
+        HardDrive, Layers, Tag
+    },
+    'Media': {
+        Image, Video, Music, Camera
+    },
+    'Development': {
+        Code, Terminal, GitBranch, GitCommit, GitCompare, Rocket,
+        Bug, Container, Workflow, Layout
+    },
+    'Infrastructure': {
+        Server, Globe, Cloud, Shield, Lock, Unlock, Cpu, MemoryStick,
+        Radio, Monitor
+    },
+    'Communication': {
+        MessageSquare, Users
+    },
+    'Navigation & UI': {
+        Home, Star, Sun, Moon, Palette, Play, Square, Calendar, Clock,
+        LogOut, SettingsIcon, Newspaper, TrendingUp, BarChart3, Minus
+    },
+    'Brands': {
+        Github
+    }
+};
+
+const IconReferenceTab = () => {
+    const [searchQuery, setSearchQuery] = useState('');
+    const [copiedIcon, setCopiedIcon] = useState(null);
+
+    function handleCopyImport(name) {
+        navigator.clipboard.writeText(name);
+        setCopiedIcon(name);
+        setTimeout(() => setCopiedIcon(null), 1500);
+    }
+
+    const filteredCatalog = Object.entries(ICON_CATALOG).reduce((acc, [group, icons]) => {
+        if (!searchQuery) {
+            acc[group] = icons;
+            return acc;
+        }
+        const filtered = Object.entries(icons).filter(([name]) =>
+            name.toLowerCase().includes(searchQuery.toLowerCase())
+        );
+        if (filtered.length > 0) {
+            acc[group] = Object.fromEntries(filtered);
+        }
+        return acc;
+    }, {});
+
+    const totalIcons = Object.values(ICON_CATALOG).reduce((sum, icons) => sum + Object.keys(icons).length, 0);
+
+    return (
+        <div className="settings-section">
+            <h2>Icon Reference</h2>
+            <p className="section-description">
+                Lucide React icons available in the project ({totalIcons} icons). Click an icon name to copy it.
+            </p>
+
+            <div className="settings-card">
+                <div className="form-group">
+                    <div className="search-input-wrapper" style={{ position: 'relative' }}>
+                        <Search size={16} style={{ position: 'absolute', left: 12, top: '50%', transform: 'translateY(-50%)', opacity: 0.5 }} />
+                        <input
+                            type="text"
+                            placeholder="Search icons..."
+                            value={searchQuery}
+                            onChange={(e) => setSearchQuery(e.target.value)}
+                            className="form-input"
+                            style={{ paddingLeft: 36 }}
+                        />
+                    </div>
+                </div>
+            </div>
+
+            {Object.entries(filteredCatalog).map(([group, icons]) => (
+                <div key={group} className="settings-card">
+                    <h3>{group}</h3>
+                    <div className="icon-reference-grid">
+                        {Object.entries(icons).map(([name, IconComp]) => (
+                            <button
+                                key={name}
+                                className={`icon-reference-item ${copiedIcon === name ? 'copied' : ''}`}
+                                onClick={() => handleCopyImport(name)}
+                                title={`Click to copy "${name}"`}
+                            >
+                                <IconComp size={20} />
+                                <span className="icon-reference-name">
+                                    {copiedIcon === name ? 'Copied!' : name}
+                                </span>
+                            </button>
+                        ))}
+                    </div>
+                </div>
+            ))}
+
+            {Object.keys(filteredCatalog).length === 0 && (
+                <div className="settings-card">
+                    <p style={{ textAlign: 'center', opacity: 0.5 }}>No icons match &quot;{searchQuery}&quot;</p>
+                </div>
+            )}
+        </div>
+    );
+};
+
+export default IconReferenceTab;
diff --git a/frontend/src/components/settings/InviteModal.jsx b/frontend/src/components/settings/InviteModal.jsx
index a0ee2c43..108a7050 100644
--- a/frontend/src/components/settings/InviteModal.jsx
+++ b/frontend/src/components/settings/InviteModal.jsx
@@ -1,6 +1,7 @@
 import React, { useState, useEffect } from 'react';
 import api from '../../services/api';
 import PermissionEditor from './PermissionEditor';
+import Modal from '../Modal';
 
 const InviteModal = ({ onClose, onCreated }) => {
     const [email, setEmail] = useState('');
@@ -67,18 +68,7 @@ const InviteModal = ({ onClose, onCreated }) => {
     // Show result screen after creation
     if (result) {
         return (
-            <div className="modal-overlay">
-                <div className="modal modal-md">
-                    <div className="modal-header">
-                        <h3>Invitation Created</h3>
-                        <button className="modal-close" onClick={onClose}>
-                            <svg viewBox="0 0 24 24" width="20" height="20" stroke="currentColor" fill="none" strokeWidth="2">
-                                <line x1="18" y1="6" x2="6" y2="18"/>
-                                <line x1="6" y1="6" x2="18" y2="18"/>
-                            </svg>
-                        </button>
-                    </div>
-                    <div className="modal-body">
+            <Modal open={true} onClose={onClose} title="Invitation Created" size="md">
                         <p>Share this invitation link:</p>
                         <div className="invite-link-display">
                             <code>{result.invite_url}</code>
@@ -96,28 +86,15 @@ const InviteModal = ({ onClose, onCreated }) => {
                                 Email could not be sent: {result.email_error}
                             </p>
                         )}
-                    </div>
                     <div className="modal-footer">
                         <button className="btn btn-primary" onClick={onClose}>Done</button>
                     </div>
-                </div>
-            </div>
+            </Modal>
         );
     }
 
     return (
-        <div className="modal-overlay">
-            <div className="modal modal-md">
-                <div className="modal-header">
-                    <h3>Invite User</h3>
-                    <button className="modal-close" onClick={onClose}>
-                        <svg viewBox="0 0 24 24" width="20" height="20" stroke="currentColor" fill="none" strokeWidth="2">
-                            <line x1="18" y1="6" x2="6" y2="18"/>
-                            <line x1="6" y1="6" x2="18" y2="18"/>
-                        </svg>
-                    </button>
-                </div>
-
+        <Modal open={true} onClose={onClose} title="Invite User" size="md">
                 <form onSubmit={handleSubmit}>
                     <div className="modal-body">
                         {error && <div className="error-message">{error}</div>}
@@ -195,8 +172,7 @@ const InviteModal = ({ onClose, onCreated }) => {
                         </button>
                     </div>
                 </form>
-            </div>
-        </div>
+        </Modal>
     );
 };
 
diff --git a/frontend/src/components/settings/NotificationsTab.jsx b/frontend/src/components/settings/NotificationsTab.jsx
new file mode 100644
index 00000000..214f553d
--- /dev/null
+++ b/frontend/src/components/settings/NotificationsTab.jsx
@@ -0,0 +1,689 @@
+import React, { useState, useEffect } from 'react';
+import { useAuth } from '../../contexts/AuthContext';
+import api from '../../services/api';
+
+const NotificationsTab = () => {
+    const { isAdmin, user } = useAuth();
+    const [loading, setLoading] = useState(true);
+    const [saving, setSaving] = useState(false);
+    const [testing, setTesting] = useState(null);
+    const [message, setMessage] = useState(null);
+    const [activeSection, setActiveSection] = useState('personal');
+    const [config, setConfig] = useState({
+        discord: { enabled: false, webhook_url: '', username: 'ServerKit', avatar_url: '', notify_on: ['critical', 'warning'] },
+        slack: { enabled: false, webhook_url: '', channel: '', username: 'ServerKit', icon_emoji: ':robot_face:', notify_on: ['critical', 'warning'] },
+        telegram: { enabled: false, bot_token: '', chat_id: '', notify_on: ['critical', 'warning'] },
+        email: { enabled: false, smtp_host: '', smtp_port: 587, smtp_user: '', smtp_password: '', smtp_tls: true, from_email: '', from_name: 'ServerKit', to_emails: [], notify_on: ['critical', 'warning'] },
+        generic_webhook: { enabled: false, url: '', headers: {}, notify_on: ['critical', 'warning'] }
+    });
+    const [expandedChannel, setExpandedChannel] = useState(null);
+    const [userPrefs, setUserPrefs] = useState({
+        enabled: true,
+        channels: ['email'],
+        severities: ['critical', 'warning'],
+        email: '',
+        discord_webhook: '',
+        telegram_chat_id: '',
+        categories: { system: true, security: true, backups: true, apps: true },
+        quiet_hours: { enabled: false, start: '22:00', end: '08:00' }
+    });
+
+    const severityOptions = ['critical', 'warning', 'info', 'success'];
+
+    useEffect(() => {
+        loadUserPrefs();
+        if (isAdmin) loadConfig();
+    }, [isAdmin]);
+
+    async function loadConfig() {
+        try {
+            const data = await api.getNotificationsConfig();
+            setConfig(prev => ({
+                discord: { ...prev.discord, ...data.discord },
+                slack: { ...prev.slack, ...data.slack },
+                telegram: { ...prev.telegram, ...data.telegram },
+                email: { ...prev.email, ...data.email },
+                generic_webhook: { ...prev.generic_webhook, ...data.generic_webhook }
+            }));
+        } catch (err) {
+            console.error('Failed to load notification config:', err);
+        } finally {
+            setLoading(false);
+        }
+    }
+
+    async function loadUserPrefs() {
+        try {
+            const data = await api.getUserNotificationPreferences();
+            setUserPrefs(prev => ({ ...prev, ...data }));
+        } catch (err) {
+            console.error('Failed to load user notification preferences:', err);
+        } finally {
+            setLoading(false);
+        }
+    }
+
+    async function handleSaveUserPrefs() {
+        setSaving(true);
+        setMessage(null);
+        try {
+            await api.updateUserNotificationPreferences(userPrefs);
+            setMessage({ type: 'success', text: 'Your notification preferences have been saved' });
+        } catch (err) {
+            setMessage({ type: 'error', text: err.message });
+        } finally {
+            setSaving(false);
+        }
+    }
+
+    async function handleTestUserNotification() {
+        setTesting('user');
+        setMessage(null);
+        try {
+            const result = await api.testUserNotification();
+            setMessage({ type: result.success ? 'success' : 'error', text: result.success ? 'Test notification sent!' : (result.error || 'Test failed') });
+        } catch (err) {
+            setMessage({ type: 'error', text: err.message });
+        } finally {
+            setTesting(null);
+        }
+    }
+
+    async function handleSaveChannel(channel) {
+        setSaving(true);
+        setMessage(null);
+        try {
+            await api.updateNotificationChannel(channel, config[channel]);
+            setMessage({ type: 'success', text: `${channel.charAt(0).toUpperCase() + channel.slice(1).replace('_', ' ')} settings saved` });
+        } catch (err) {
+            setMessage({ type: 'error', text: err.message });
+        } finally {
+            setSaving(false);
+        }
+    }
+
+    async function handleTestChannel(channel) {
+        setTesting(channel);
+        setMessage(null);
+        try {
+            const result = await api.testNotificationChannel(channel);
+            setMessage({ type: result.success ? 'success' : 'error', text: result.message || result.error || 'Test completed' });
+        } catch (err) {
+            setMessage({ type: 'error', text: err.message });
+        } finally {
+            setTesting(null);
+        }
+    }
+
+    function updateChannelConfig(channel, key, value) {
+        setConfig(prev => ({
+            ...prev,
+            [channel]: { ...prev[channel], [key]: value }
+        }));
+    }
+
+    function toggleSeverity(channel, severity) {
+        const current = config[channel].notify_on || [];
+        const updated = current.includes(severity)
+            ? current.filter(s => s !== severity)
+            : [...current, severity];
+        updateChannelConfig(channel, 'notify_on', updated);
+    }
+
+    if (loading) {
+        return <div className="loading">Loading notification settings...</div>;
+    }
+
+    const userPrefsUI = (
+        <div className="user-notification-prefs">
+            <div className="settings-card">
+                <div className="form-group">
+                    <label className="toggle-switch-label">
+                        <span>Enable notifications for my account</span>
+                        <label className="toggle-switch">
+                            <input
+                                type="checkbox"
+                                checked={userPrefs.enabled}
+                                onChange={(e) => setUserPrefs({...userPrefs, enabled: e.target.checked})}
+                            />
+                            <span className="toggle-slider"></span>
+                        </label>
+                    </label>
+                </div>
+            </div>
+
+            <div className="settings-card">
+                <h3>Notification Channels</h3>
+                <p>Choose how you want to receive notifications</p>
+                <div className="channel-toggles">
+                    {['email', 'discord', 'slack', 'telegram'].map(ch => (
+                        <label key={ch} className="channel-toggle">
+                            <input
+                                type="checkbox"
+                                checked={userPrefs.channels?.includes(ch)}
+                                onChange={(e) => {
+                                    const channels = e.target.checked
+                                        ? [...(userPrefs.channels || []), ch]
+                                        : (userPrefs.channels || []).filter(c => c !== ch);
+                                    setUserPrefs({...userPrefs, channels});
+                                }}
+                            />
+                            <span>{ch.charAt(0).toUpperCase() + ch.slice(1)}</span>
+                        </label>
+                    ))}
+                </div>
+            </div>
+
+            {userPrefs.channels?.includes('email') && (
+                <div className="settings-card">
+                    <h3>Email Settings</h3>
+                    <div className="form-group">
+                        <label>Notification Email (optional)</label>
+                        <input
+                            type="email"
+                            value={userPrefs.email || ''}
+                            onChange={(e) => setUserPrefs({...userPrefs, email: e.target.value})}
+                            placeholder={user?.email || 'Uses your account email'}
+                        />
+                        <span className="form-help">Leave empty to use your account email</span>
+                    </div>
+                </div>
+            )}
+
+            {userPrefs.channels?.includes('discord') && (
+                <div className="settings-card">
+                    <h3>Personal Discord Webhook</h3>
+                    <div className="form-group">
+                        <label>Webhook URL</label>
+                        <input
+                            type="text"
+                            value={userPrefs.discord_webhook || ''}
+                            onChange={(e) => setUserPrefs({...userPrefs, discord_webhook: e.target.value})}
+                            placeholder="https://discord.com/api/webhooks/..."
+                        />
+                        <span className="form-help">Create a webhook in your personal server or DM channel</span>
+                    </div>
+                </div>
+            )}
+
+            {userPrefs.channels?.includes('telegram') && (
+                <div className="settings-card">
+                    <h3>Personal Telegram</h3>
+                    <div className="form-group">
+                        <label>Your Chat ID</label>
+                        <input
+                            type="text"
+                            value={userPrefs.telegram_chat_id || ''}
+                            onChange={(e) => setUserPrefs({...userPrefs, telegram_chat_id: e.target.value})}
+                            placeholder="Your personal chat ID"
+                        />
+                        <span className="form-help">Use @userinfobot to get your personal chat ID</span>
+                    </div>
+                </div>
+            )}
+
+            <div className="settings-card">
+                <h3>Severity Levels</h3>
+                <p>Which alert types do you want to receive?</p>
+                <div className="severity-toggles">
+                    {severityOptions.map(severity => (
+                        <label key={severity} className={`severity-toggle ${severity}`}>
+                            <input
+                                type="checkbox"
+                                checked={userPrefs.severities?.includes(severity)}
+                                onChange={(e) => {
+                                    const severities = e.target.checked
+                                        ? [...(userPrefs.severities || []), severity]
+                                        : (userPrefs.severities || []).filter(s => s !== severity);
+                                    setUserPrefs({...userPrefs, severities});
+                                }}
+                            />
+                            <span>{severity.charAt(0).toUpperCase() + severity.slice(1)}</span>
+                        </label>
+                    ))}
+                </div>
+            </div>
+
+            <div className="settings-card">
+                <h3>Notification Categories</h3>
+                <p>What types of events should trigger notifications?</p>
+                <div className="category-toggles">
+                    {Object.entries({
+                        system: 'System Alerts (CPU, Memory, Disk)',
+                        security: 'Security Events',
+                        backups: 'Backup Status',
+                        apps: 'Application Events'
+                    }).map(([key, label]) => (
+                        <label key={key} className="category-toggle">
+                            <input
+                                type="checkbox"
+                                checked={userPrefs.categories?.[key] !== false}
+                                onChange={(e) => setUserPrefs({
+                                    ...userPrefs,
+                                    categories: { ...userPrefs.categories, [key]: e.target.checked }
+                                })}
+                            />
+                            <span>{label}</span>
+                        </label>
+                    ))}
+                </div>
+            </div>
+
+            <div className="settings-card">
+                <h3>Quiet Hours</h3>
+                <p>Pause non-critical notifications during these hours</p>
+                <div className="form-group">
+                    <label className="toggle-switch-label">
+                        <span>Enable quiet hours</span>
+                        <label className="toggle-switch">
+                            <input
+                                type="checkbox"
+                                checked={userPrefs.quiet_hours?.enabled}
+                                onChange={(e) => setUserPrefs({
+                                    ...userPrefs,
+                                    quiet_hours: { ...userPrefs.quiet_hours, enabled: e.target.checked }
+                                })}
+                            />
+                            <span className="toggle-slider"></span>
+                        </label>
+                    </label>
+                </div>
+                {userPrefs.quiet_hours?.enabled && (
+                    <div className="form-row">
+                        <div className="form-group">
+                            <label>Start Time</label>
+                            <input
+                                type="time"
+                                value={userPrefs.quiet_hours?.start || '22:00'}
+                                onChange={(e) => setUserPrefs({
+                                    ...userPrefs,
+                                    quiet_hours: { ...userPrefs.quiet_hours, start: e.target.value }
+                                })}
+                            />
+                        </div>
+                        <div className="form-group">
+                            <label>End Time</label>
+                            <input
+                                type="time"
+                                value={userPrefs.quiet_hours?.end || '08:00'}
+                                onChange={(e) => setUserPrefs({
+                                    ...userPrefs,
+                                    quiet_hours: { ...userPrefs.quiet_hours, end: e.target.value }
+                                })}
+                            />
+                        </div>
+                    </div>
+                )}
+            </div>
+
+            <div className="form-actions">
+                <button
+                    className="btn btn-secondary"
+                    onClick={handleTestUserNotification}
+                    disabled={testing === 'user' || !userPrefs.enabled}
+                >
+                    {testing === 'user' ? 'Sending...' : 'Send Test Notification'}
+                </button>
+                <button
+                    className="btn btn-primary"
+                    onClick={handleSaveUserPrefs}
+                    disabled={saving}
+                >
+                    {saving ? 'Saving...' : 'Save Preferences'}
+                </button>
+            </div>
+        </div>
+    );
+
+    const channels = [
+        { id: 'discord', name: 'Discord', icon: (
+            <svg viewBox="0 0 24 24" width="24" height="24" fill="currentColor">
+                <path d="M20.317 4.37a19.791 19.791 0 0 0-4.885-1.515.074.074 0 0 0-.079.037c-.21.375-.444.864-.608 1.25a18.27 18.27 0 0 0-5.487 0 12.64 12.64 0 0 0-.617-1.25.077.077 0 0 0-.079-.037A19.736 19.736 0 0 0 3.677 4.37a.07.07 0 0 0-.032.027C.533 9.046-.32 13.58.099 18.057a.082.082 0 0 0 .031.057 19.9 19.9 0 0 0 5.993 3.03.078.078 0 0 0 .084-.028 14.09 14.09 0 0 0 1.226-1.994.076.076 0 0 0-.041-.106 13.107 13.107 0 0 1-1.872-.892.077.077 0 0 1-.008-.128 10.2 10.2 0 0 0 .372-.292.074.074 0 0 1 .077-.01c3.928 1.793 8.18 1.793 12.062 0a.074.074 0 0 1 .078.01c.12.098.246.198.373.292a.077.077 0 0 1-.006.127 12.299 12.299 0 0 1-1.873.892.077.077 0 0 0-.041.107c.36.698.772 1.362 1.225 1.993a.076.076 0 0 0 .084.028 19.839 19.839 0 0 0 6.002-3.03.077.077 0 0 0 .032-.054c.5-5.177-.838-9.674-3.549-13.66a.061.061 0 0 0-.031-.03zM8.02 15.33c-1.183 0-2.157-1.085-2.157-2.419 0-1.333.956-2.419 2.157-2.419 1.21 0 2.176 1.096 2.157 2.42 0 1.333-.956 2.418-2.157 2.418zm7.975 0c-1.183 0-2.157-1.085-2.157-2.419 0-1.333.955-2.419 2.157-2.419 1.21 0 2.176 1.096 2.157 2.42 0 1.333-.946 2.418-2.157 2.418z"/>
+            </svg>
+        ), description: 'Send rich notifications to Discord channels via webhooks' },
+        { id: 'slack', name: 'Slack', icon: (
+            <svg viewBox="0 0 24 24" width="24" height="24" fill="currentColor">
+                <path d="M5.042 15.165a2.528 2.528 0 0 1-2.52 2.523A2.528 2.528 0 0 1 0 15.165a2.527 2.527 0 0 1 2.522-2.52h2.52v2.52zM6.313 15.165a2.527 2.527 0 0 1 2.521-2.52 2.527 2.527 0 0 1 2.521 2.52v6.313A2.528 2.528 0 0 1 8.834 24a2.528 2.528 0 0 1-2.521-2.522v-6.313zM8.834 5.042a2.528 2.528 0 0 1-2.521-2.52A2.528 2.528 0 0 1 8.834 0a2.528 2.528 0 0 1 2.521 2.522v2.52H8.834zM8.834 6.313a2.528 2.528 0 0 1 2.521 2.521 2.528 2.528 0 0 1-2.521 2.521H2.522A2.528 2.528 0 0 1 0 8.834a2.528 2.528 0 0 1 2.522-2.521h6.312zM18.956 8.834a2.528 2.528 0 0 1 2.522-2.521A2.528 2.528 0 0 1 24 8.834a2.528 2.528 0 0 1-2.522 2.521h-2.522V8.834zM17.688 8.834a2.528 2.528 0 0 1-2.523 2.521 2.527 2.527 0 0 1-2.52-2.521V2.522A2.527 2.527 0 0 1 15.165 0a2.528 2.528 0 0 1 2.523 2.522v6.312zM15.165 18.956a2.528 2.528 0 0 1 2.523 2.522A2.528 2.528 0 0 1 15.165 24a2.527 2.527 0 0 1-2.52-2.522v-2.522h2.52zM15.165 17.688a2.527 2.527 0 0 1-2.52-2.523 2.526 2.526 0 0 1 2.52-2.52h6.313A2.527 2.527 0 0 1 24 15.165a2.528 2.528 0 0 1-2.522 2.523h-6.313z"/>
+            </svg>
+        ), description: 'Send notifications to Slack channels via incoming webhooks' },
+        { id: 'telegram', name: 'Telegram', icon: (
+            <svg viewBox="0 0 24 24" width="24" height="24" fill="currentColor">
+                <path d="M11.944 0A12 12 0 0 0 0 12a12 12 0 0 0 12 12 12 12 0 0 0 12-12A12 12 0 0 0 12 0a12 12 0 0 0-.056 0zm4.962 7.224c.1-.002.321.023.465.14a.506.506 0 0 1 .171.325c.016.093.036.306.02.472-.18 1.898-.962 6.502-1.36 8.627-.168.9-.499 1.201-.82 1.23-.696.065-1.225-.46-1.9-.902-1.056-.693-1.653-1.124-2.678-1.8-1.185-.78-.417-1.21.258-1.91.177-.184 3.247-2.977 3.307-3.23.007-.032.014-.15-.056-.212s-.174-.041-.249-.024c-.106.024-1.793 1.14-5.061 3.345-.48.33-.913.49-1.302.48-.428-.008-1.252-.241-1.865-.44-.752-.245-1.349-.374-1.297-.789.027-.216.325-.437.893-.663 3.498-1.524 5.83-2.529 6.998-3.014 3.332-1.386 4.025-1.627 4.476-1.635z"/>
+            </svg>
+        ), description: 'Send notifications to Telegram chats via bot API' },
+        { id: 'email', name: 'Email', icon: (
+            <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
+                <path d="M4 4h16c1.1 0 2 .9 2 2v12c0 1.1-.9 2-2 2H4c-1.1 0-2-.9-2-2V6c0-1.1.9-2 2-2z"/>
+                <polyline points="22,6 12,13 2,6"/>
+            </svg>
+        ), description: 'Send email notifications with HTML templates via SMTP' },
+        { id: 'generic_webhook', name: 'Generic Webhook', icon: (
+            <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
+                <path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"/>
+                <path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"/>
+            </svg>
+        ), description: 'Send JSON payloads to any webhook endpoint' }
+    ];
+
+    return (
+        <div className="settings-section">
+            <div className="section-header">
+                <h2>Notification Settings</h2>
+                <p>Configure how you receive alerts and notifications</p>
+            </div>
+
+            {message && (
+                <div className={`alert alert-${message.type === 'success' ? 'success' : 'danger'}`}>
+                    {message.text}
+                </div>
+            )}
+
+            <div className="notification-tabs">
+                <button
+                    className={`notification-tab ${activeSection === 'personal' ? 'active' : ''}`}
+                    onClick={() => setActiveSection('personal')}
+                >
+                    <svg viewBox="0 0 24 24" width="18" height="18" stroke="currentColor" fill="none" strokeWidth="2">
+                        <path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2"/>
+                        <circle cx="12" cy="7" r="4"/>
+                    </svg>
+                    My Preferences
+                </button>
+                {isAdmin && (
+                    <button
+                        className={`notification-tab ${activeSection === 'admin' ? 'active' : ''}`}
+                        onClick={() => setActiveSection('admin')}
+                    >
+                        <svg viewBox="0 0 24 24" width="18" height="18" stroke="currentColor" fill="none" strokeWidth="2">
+                            <circle cx="12" cy="12" r="3"/>
+                            <path d="M19.4 15a1.65 1.65 0 0 0 .33 1.82l.06.06a2 2 0 0 1 0 2.83 2 2 0 0 1-2.83 0l-.06-.06a1.65 1.65 0 0 0-1.82-.33 1.65 1.65 0 0 0-1 1.51V21a2 2 0 0 1-2 2 2 2 0 0 1-2-2v-.09A1.65 1.65 0 0 0 9 19.4a1.65 1.65 0 0 0-1.82.33l-.06.06a2 2 0 0 1-2.83 0 2 2 0 0 1 0-2.83l.06-.06a1.65 1.65 0 0 0 .33-1.82 1.65 1.65 0 0 0-1.51-1H3a2 2 0 0 1-2-2 2 2 0 0 1 2-2h.09A1.65 1.65 0 0 0 4.6 9a1.65 1.65 0 0 0-.33-1.82l-.06-.06a2 2 0 0 1 0-2.83 2 2 0 0 1 2.83 0l.06.06a1.65 1.65 0 0 0 1.82.33H9a1.65 1.65 0 0 0 1-1.51V3a2 2 0 0 1 2-2 2 2 0 0 1 2 2v.09a1.65 1.65 0 0 0 1 1.51 1.65 1.65 0 0 0 1.82-.33l.06-.06a2 2 0 0 1 2.83 0 2 2 0 0 1 0 2.83l-.06.06a1.65 1.65 0 0 0-.33 1.82V9a1.65 1.65 0 0 0 1.51 1H21a2 2 0 0 1 2 2 2 2 0 0 1-2 2h-.09a1.65 1.65 0 0 0-1.51 1z"/>
+                        </svg>
+                        System Webhooks
+                    </button>
+                )}
+            </div>
+
+            {activeSection === 'personal' && userPrefsUI}
+
+            {activeSection === 'admin' && isAdmin && (
+            <div className="notification-channels">
+                {channels.map(channel => (
+                    <div key={channel.id} className={`notification-channel-card ${config[channel.id]?.enabled ? 'enabled' : ''}`}>
+                        <div
+                            className="channel-header"
+                            onClick={() => setExpandedChannel(expandedChannel === channel.id ? null : channel.id)}
+                        >
+                            <div className="channel-icon">{channel.icon}</div>
+                            <div className="channel-info">
+                                <h3>{channel.name}</h3>
+                                <p>{channel.description}</p>
+                            </div>
+                            <div className="channel-status">
+                                <span className={`badge ${config[channel.id]?.enabled ? 'badge-success' : 'badge-secondary'}`}>
+                                    {config[channel.id]?.enabled ? 'Enabled' : 'Disabled'}
+                                </span>
+                                <svg
+                                    viewBox="0 0 24 24"
+                                    width="20"
+                                    height="20"
+                                    className={`expand-icon ${expandedChannel === channel.id ? 'expanded' : ''}`}
+                                >
+                                    <polyline points="6 9 12 15 18 9" stroke="currentColor" fill="none" strokeWidth="2"/>
+                                </svg>
+                            </div>
+                        </div>
+
+                        {expandedChannel === channel.id && (
+                            <div className="channel-config">
+                                <div className="form-group">
+                                    <label className="toggle-switch-label">
+                                        <span>Enable {channel.name}</span>
+                                        <label className="toggle-switch">
+                                            <input
+                                                type="checkbox"
+                                                checked={config[channel.id]?.enabled || false}
+                                                onChange={(e) => updateChannelConfig(channel.id, 'enabled', e.target.checked)}
+                                            />
+                                            <span className="toggle-slider"></span>
+                                        </label>
+                                    </label>
+                                </div>
+
+                                {channel.id === 'discord' && (
+                                    <>
+                                        <div className="form-group">
+                                            <label>Webhook URL</label>
+                                            <input
+                                                type="text"
+                                                value={config.discord.webhook_url || ''}
+                                                onChange={(e) => updateChannelConfig('discord', 'webhook_url', e.target.value)}
+                                                placeholder="https://discord.com/api/webhooks/..."
+                                            />
+                                            <span className="form-help">Create a webhook in Discord: Server Settings → Integrations → Webhooks</span>
+                                        </div>
+                                        <div className="form-row">
+                                            <div className="form-group">
+                                                <label>Bot Username</label>
+                                                <input
+                                                    type="text"
+                                                    value={config.discord.username || 'ServerKit'}
+                                                    onChange={(e) => updateChannelConfig('discord', 'username', e.target.value)}
+                                                    placeholder="ServerKit"
+                                                />
+                                            </div>
+                                            <div className="form-group">
+                                                <label>Avatar URL (optional)</label>
+                                                <input
+                                                    type="text"
+                                                    value={config.discord.avatar_url || ''}
+                                                    onChange={(e) => updateChannelConfig('discord', 'avatar_url', e.target.value)}
+                                                    placeholder="https://example.com/avatar.png"
+                                                />
+                                            </div>
+                                        </div>
+                                    </>
+                                )}
+
+                                {channel.id === 'slack' && (
+                                    <>
+                                        <div className="form-group">
+                                            <label>Webhook URL</label>
+                                            <input
+                                                type="text"
+                                                value={config.slack.webhook_url || ''}
+                                                onChange={(e) => updateChannelConfig('slack', 'webhook_url', e.target.value)}
+                                                placeholder="https://hooks.slack.com/services/..."
+                                            />
+                                            <span className="form-help">Create an incoming webhook in Slack: Apps → Incoming Webhooks</span>
+                                        </div>
+                                        <div className="form-row">
+                                            <div className="form-group">
+                                                <label>Channel (optional)</label>
+                                                <input
+                                                    type="text"
+                                                    value={config.slack.channel || ''}
+                                                    onChange={(e) => updateChannelConfig('slack', 'channel', e.target.value)}
+                                                    placeholder="#alerts"
+                                                />
+                                            </div>
+                                            <div className="form-group">
+                                                <label>Username</label>
+                                                <input
+                                                    type="text"
+                                                    value={config.slack.username || 'ServerKit'}
+                                                    onChange={(e) => updateChannelConfig('slack', 'username', e.target.value)}
+                                                    placeholder="ServerKit"
+                                                />
+                                            </div>
+                                        </div>
+                                    </>
+                                )}
+
+                                {channel.id === 'telegram' && (
+                                    <>
+                                        <div className="form-group">
+                                            <label>Bot Token</label>
+                                            <input
+                                                type="password"
+                                                value={config.telegram.bot_token || ''}
+                                                onChange={(e) => updateChannelConfig('telegram', 'bot_token', e.target.value)}
+                                                placeholder="123456:ABC-DEF..."
+                                            />
+                                            <span className="form-help">Get a bot token from @BotFather on Telegram</span>
+                                        </div>
+                                        <div className="form-group">
+                                            <label>Chat ID</label>
+                                            <input
+                                                type="text"
+                                                value={config.telegram.chat_id || ''}
+                                                onChange={(e) => updateChannelConfig('telegram', 'chat_id', e.target.value)}
+                                                placeholder="-1001234567890"
+                                            />
+                                            <span className="form-help">Use @userinfobot or @getidsbot to find your chat ID</span>
+                                        </div>
+                                    </>
+                                )}
+
+                                {channel.id === 'email' && (
+                                    <>
+                                        <div className="form-row">
+                                            <div className="form-group">
+                                                <label>SMTP Host</label>
+                                                <input
+                                                    type="text"
+                                                    value={config.email.smtp_host || ''}
+                                                    onChange={(e) => updateChannelConfig('email', 'smtp_host', e.target.value)}
+                                                    placeholder="smtp.example.com"
+                                                />
+                                            </div>
+                                            <div className="form-group">
+                                                <label>SMTP Port</label>
+                                                <input
+                                                    type="number"
+                                                    value={config.email.smtp_port || 587}
+                                                    onChange={(e) => updateChannelConfig('email', 'smtp_port', parseInt(e.target.value))}
+                                                    placeholder="587"
+                                                />
+                                            </div>
+                                        </div>
+                                        <div className="form-row">
+                                            <div className="form-group">
+                                                <label>SMTP Username</label>
+                                                <input
+                                                    type="text"
+                                                    value={config.email.smtp_user || ''}
+                                                    onChange={(e) => updateChannelConfig('email', 'smtp_user', e.target.value)}
+                                                    placeholder="user@example.com"
+                                                />
+                                            </div>
+                                            <div className="form-group">
+                                                <label>SMTP Password</label>
+                                                <input
+                                                    type="password"
+                                                    value={config.email.smtp_password || ''}
+                                                    onChange={(e) => updateChannelConfig('email', 'smtp_password', e.target.value)}
+                                                    placeholder="••••••••"
+                                                />
+                                            </div>
+                                        </div>
+                                        <div className="form-row">
+                                            <div className="form-group">
+                                                <label>From Email</label>
+                                                <input
+                                                    type="email"
+                                                    value={config.email.from_email || ''}
+                                                    onChange={(e) => updateChannelConfig('email', 'from_email', e.target.value)}
+                                                    placeholder="alerts@example.com"
+                                                />
+                                            </div>
+                                            <div className="form-group">
+                                                <label>From Name</label>
+                                                <input
+                                                    type="text"
+                                                    value={config.email.from_name || 'ServerKit'}
+                                                    onChange={(e) => updateChannelConfig('email', 'from_name', e.target.value)}
+                                                    placeholder="ServerKit"
+                                                />
+                                            </div>
+                                        </div>
+                                        <div className="form-group">
+                                            <label>Recipient Emails (comma-separated)</label>
+                                            <input
+                                                type="text"
+                                                value={(config.email.to_emails || []).join(', ')}
+                                                onChange={(e) => updateChannelConfig('email', 'to_emails', e.target.value.split(',').map(s => s.trim()).filter(Boolean))}
+                                                placeholder="admin@example.com, team@example.com"
+                                            />
+                                        </div>
+                                        <div className="form-group">
+                                            <label className="toggle-switch-label">
+                                                <span>Use TLS</span>
+                                                <label className="toggle-switch">
+                                                    <input
+                                                        type="checkbox"
+                                                        checked={config.email.smtp_tls !== false}
+                                                        onChange={(e) => updateChannelConfig('email', 'smtp_tls', e.target.checked)}
+                                                    />
+                                                    <span className="toggle-slider"></span>
+                                                </label>
+                                            </label>
+                                        </div>
+                                    </>
+                                )}
+
+                                {channel.id === 'generic_webhook' && (
+                                    <div className="form-group">
+                                        <label>Webhook URL</label>
+                                        <input
+                                            type="text"
+                                            value={config.generic_webhook.url || ''}
+                                            onChange={(e) => updateChannelConfig('generic_webhook', 'url', e.target.value)}
+                                            placeholder="https://your-endpoint.com/webhook"
+                                        />
+                                        <span className="form-help">Receives JSON payload with alert data</span>
+                                    </div>
+                                )}
+
+                                <div className="form-group">
+                                    <label>Alert Severities</label>
+                                    <div className="severity-toggles">
+                                        {severityOptions.map(severity => (
+                                            <label key={severity} className={`severity-toggle ${severity}`}>
+                                                <input
+                                                    type="checkbox"
+                                                    checked={config[channel.id]?.notify_on?.includes(severity) || false}
+                                                    onChange={() => toggleSeverity(channel.id, severity)}
+                                                />
+                                                <span>{severity.charAt(0).toUpperCase() + severity.slice(1)}</span>
+                                            </label>
+                                        ))}
+                                    </div>
+                                </div>
+
+                                <div className="channel-actions">
+                                    <button
+                                        className="btn btn-secondary"
+                                        onClick={() => handleTestChannel(channel.id)}
+                                        disabled={testing === channel.id || !config[channel.id]?.enabled}
+                                    >
+                                        {testing === channel.id ? 'Testing...' : 'Send Test'}
+                                    </button>
+                                    <button
+                                        className="btn btn-primary"
+                                        onClick={() => handleSaveChannel(channel.id)}
+                                        disabled={saving}
+                                    >
+                                        {saving ? 'Saving...' : 'Save'}
+                                    </button>
+                                </div>
+                            </div>
+                        )}
+                    </div>
+                ))}
+            </div>
+            )}
+        </div>
+    );
+};
+
+export default NotificationsTab;
diff --git a/frontend/src/components/settings/ProfileTab.jsx b/frontend/src/components/settings/ProfileTab.jsx
new file mode 100644
index 00000000..3256a7b4
--- /dev/null
+++ b/frontend/src/components/settings/ProfileTab.jsx
@@ -0,0 +1,97 @@
+import React, { useState, useEffect } from 'react';
+import { useAuth } from '../../contexts/AuthContext';
+
+const ProfileTab = () => {
+    const { user, updateUser } = useAuth();
+    const [formData, setFormData] = useState({
+        username: '',
+        email: ''
+    });
+    const [loading, setLoading] = useState(false);
+    const [message, setMessage] = useState(null);
+
+    useEffect(() => {
+        if (user) {
+            setFormData({
+                username: user.username || '',
+                email: user.email || ''
+            });
+        }
+    }, [user]);
+
+    async function handleSubmit(e) {
+        e.preventDefault();
+        setLoading(true);
+        setMessage(null);
+
+        try {
+            await updateUser(formData);
+            setMessage({ type: 'success', text: 'Profile updated successfully' });
+        } catch (err) {
+            setMessage({ type: 'error', text: err.message });
+        } finally {
+            setLoading(false);
+        }
+    }
+
+    return (
+        <div className="settings-section">
+            <div className="section-header">
+                <h2>Profile Settings</h2>
+                <p>Update your personal information</p>
+            </div>
+
+            {message && (
+                <div className={`alert alert-${message.type === 'success' ? 'success' : 'danger'}`}>
+                    {message.text}
+                </div>
+            )}
+
+            <form onSubmit={handleSubmit} className="settings-form">
+                <div className="form-group">
+                    <label>Username</label>
+                    <input
+                        type="text"
+                        value={formData.username}
+                        onChange={(e) => setFormData({ ...formData, username: e.target.value })}
+                        required
+                    />
+                </div>
+
+                <div className="form-group">
+                    <label>Email Address</label>
+                    <input
+                        type="email"
+                        value={formData.email}
+                        onChange={(e) => setFormData({ ...formData, email: e.target.value })}
+                        required
+                    />
+                </div>
+
+                <div className="form-group">
+                    <label>Role</label>
+                    <input type="text" value={user?.role || 'user'} disabled className="input-disabled" />
+                    <span className="form-help">Contact an administrator to change your role</span>
+                </div>
+
+                <div className="form-group">
+                    <label>Member Since</label>
+                    <input
+                        type="text"
+                        value={user?.created_at ? new Date(user.created_at).toLocaleDateString() : '-'}
+                        disabled
+                        className="input-disabled"
+                    />
+                </div>
+
+                <div className="form-actions">
+                    <button type="submit" className="btn btn-primary" disabled={loading}>
+                        {loading ? 'Saving...' : 'Save Changes'}
+                    </button>
+                </div>
+            </form>
+        </div>
+    );
+};
+
+export default ProfileTab;
diff --git a/frontend/src/components/settings/SSOConfigTab.jsx b/frontend/src/components/settings/SSOConfigTab.jsx
index 504b7017..ad99bf96 100644
--- a/frontend/src/components/settings/SSOConfigTab.jsx
+++ b/frontend/src/components/settings/SSOConfigTab.jsx
@@ -156,19 +156,32 @@ const SSOConfigTab = () => {
             )}
 
             {/* General Settings */}
-            <div className="settings-card">
-                <h3><Globe size={18} /> General Settings</h3>
-                <div className="settings-form">
-                    <div className="form-group">
-                        <label className="toggle-label">
-                            <input
-                                type="checkbox"
-                                checked={autoProvision}
-                                onChange={e => setAutoProvision(e.target.checked)}
-                            />
+            <div className="settings-card sso-general-card">
+                <div className="settings-card__header">
+                    <div className="settings-card__header-left">
+                        <Globe size={20} />
+                        <div>
+                            <h3>General Settings</h3>
+                        </div>
+                    </div>
+                </div>
+
+                <div className="sso-general-form">
+                    <div className="settings-row">
+                        <div className="settings-label">
                             <span>Auto-provision users</span>
-                        </label>
-                        <p className="form-help">Automatically create accounts for new SSO users</p>
+                            <span className="settings-hint">Automatically create accounts for new SSO users</span>
+                        </div>
+                        <div className="settings-control">
+                            <label className="toggle-switch">
+                                <input
+                                    type="checkbox"
+                                    checked={autoProvision}
+                                    onChange={e => setAutoProvision(e.target.checked)}
+                                />
+                                <span className="toggle-slider"></span>
+                            </label>
+                        </div>
                     </div>
 
                     <div className="form-group">
@@ -180,23 +193,29 @@ const SSOConfigTab = () => {
                         </select>
                     </div>
 
-                    <div className="form-group">
-                        <label className="toggle-label">
-                            <input
-                                type="checkbox"
-                                checked={forceSso}
-                                onChange={e => setForceSso(e.target.checked)}
-                            />
+                    <div className="settings-row">
+                        <div className="settings-label">
                             <span>SSO-only mode</span>
-                        </label>
-                        <p className="form-help">
-                            {forceSso && (
-                                <span className="text-warning">
-                                    <AlertTriangle size={14} /> Password login will be disabled for all users.
-                                </span>
-                            )}
-                            {!forceSso && 'Disable password login and require SSO for all users'}
-                        </p>
+                            <span className="settings-hint">
+                                {forceSso ? (
+                                    <span className="text-warning">
+                                        <AlertTriangle size={14} /> Password login will be disabled for all users.
+                                    </span>
+                                ) : (
+                                    'Disable password login and require SSO for all users'
+                                )}
+                            </span>
+                        </div>
+                        <div className="settings-control">
+                            <label className="toggle-switch">
+                                <input
+                                    type="checkbox"
+                                    checked={forceSso}
+                                    onChange={e => setForceSso(e.target.checked)}
+                                />
+                                <span className="toggle-slider"></span>
+                            </label>
+                        </div>
                     </div>
 
                     <div className="form-group">
@@ -207,7 +226,7 @@ const SSOConfigTab = () => {
                             onChange={e => setAllowedDomains(e.target.value)}
                             placeholder="company.com, example.org"
                         />
-                        <p className="form-help">Comma-separated. Leave empty to allow all domains.</p>
+                        <span className="form-help">Comma-separated. Leave empty to allow all domains.</span>
                     </div>
 
                     <button
@@ -247,15 +266,20 @@ const SSOConfigTab = () => {
 
                         {isExpanded && (
                             <div className="sso-provider-config__body">
-                                <div className="form-group">
-                                    <label className="toggle-label">
-                                        <input
-                                            type="checkbox"
-                                            checked={enabled}
-                                            onChange={e => setFieldValue(provider.id, 'enabled', e.target.checked)}
-                                        />
+                                <div className="settings-row">
+                                    <div className="settings-label">
                                         <span>Enable {provider.name}</span>
-                                    </label>
+                                    </div>
+                                    <div className="settings-control">
+                                        <label className="toggle-switch">
+                                            <input
+                                                type="checkbox"
+                                                checked={enabled}
+                                                onChange={e => setFieldValue(provider.id, 'enabled', e.target.checked)}
+                                            />
+                                            <span className="toggle-slider"></span>
+                                        </label>
+                                    </div>
                                 </div>
 
                                 {provider.fields.map(field => (
diff --git a/frontend/src/components/settings/SecuritySettingsTab.jsx b/frontend/src/components/settings/SecuritySettingsTab.jsx
new file mode 100644
index 00000000..9bb3fc57
--- /dev/null
+++ b/frontend/src/components/settings/SecuritySettingsTab.jsx
@@ -0,0 +1,597 @@
+import React, { useState, useEffect } from 'react';
+import { useAuth } from '../../contexts/AuthContext';
+import api from '../../services/api';
+import SSOProviderIcon from '../SSOProviderIcon';
+import Modal from '../Modal';
+
+const LinkedAccounts = () => {
+    const { ssoProviders } = useAuth();
+    const [identities, setIdentities] = useState([]);
+    const [loading, setLoading] = useState(true);
+    const [unlinking, setUnlinking] = useState(null);
+    const [linkingProvider, setLinkingProvider] = useState(null);
+    const [error, setError] = useState('');
+
+    useEffect(() => {
+        loadIdentities();
+    }, []);
+
+    async function loadIdentities() {
+        try {
+            const data = await api.getSSOIdentities();
+            setIdentities(data.identities || []);
+        } catch (err) {
+            // SSO may not be configured; silently handle
+        } finally {
+            setLoading(false);
+        }
+    }
+
+    async function handleUnlink(provider) {
+        setUnlinking(provider);
+        setError('');
+        try {
+            await api.unlinkSSOProvider(provider);
+            await loadIdentities();
+        } catch (err) {
+            setError(err.message);
+        } finally {
+            setUnlinking(null);
+        }
+    }
+
+    async function handleLink(provider) {
+        setLinkingProvider(provider);
+        setError('');
+        try {
+            const redirectUri = `${window.location.origin}/login/callback/${provider}`;
+            const { auth_url } = await api.startSSOAuth(provider, redirectUri);
+            window.location.href = auth_url;
+        } catch (err) {
+            setError(err.message);
+            setLinkingProvider(null);
+        }
+    }
+
+    if (loading || (!ssoProviders?.length && !identities.length)) {
+        return null;
+    }
+
+    const linkedProviderIds = identities.map(i => i.provider);
+    const availableToLink = (ssoProviders || []).filter(p => !linkedProviderIds.includes(p.id));
+
+    return (
+        <div className="settings-card">
+            <h3>Linked Accounts</h3>
+            <p className="text-secondary">Connect external identity providers to your account</p>
+
+            {error && <div className="alert alert-danger">{error}</div>}
+
+            {identities.length > 0 && (
+                <div className="linked-accounts-list">
+                    {identities.map(identity => (
+                        <div key={identity.id} className="linked-account">
+                            <div className="linked-account__info">
+                                <SSOProviderIcon provider={identity.provider} />
+                                <div>
+                                    <span className="linked-account__provider">{identity.provider}</span>
+                                    <span className="linked-account__email">{identity.provider_email}</span>
+                                </div>
+                            </div>
+                            <button
+                                className="btn btn-sm btn-danger"
+                                onClick={() => handleUnlink(identity.provider)}
+                                disabled={unlinking === identity.provider}
+                            >
+                                {unlinking === identity.provider ? 'Unlinking...' : 'Unlink'}
+                            </button>
+                        </div>
+                    ))}
+                </div>
+            )}
+
+            {availableToLink.length > 0 && (
+                <div className="linked-accounts-available">
+                    {availableToLink.map(p => (
+                        <button
+                            key={p.id}
+                            className="btn btn-secondary btn-sm"
+                            onClick={() => handleLink(p.id)}
+                            disabled={linkingProvider === p.id}
+                        >
+                            <SSOProviderIcon provider={p.id} />
+                            {linkingProvider === p.id ? 'Redirecting...' : `Link ${p.name}`}
+                        </button>
+                    ))}
+                </div>
+            )}
+        </div>
+    );
+};
+
+const SecuritySettingsTab = () => {
+    const { updateUser, user } = useAuth();
+    const [formData, setFormData] = useState({
+        currentPassword: '',
+        newPassword: '',
+        confirmPassword: ''
+    });
+    const [loading, setLoading] = useState(false);
+    const [message, setMessage] = useState(null);
+
+    // 2FA state
+    const [twoFAStatus, setTwoFAStatus] = useState(null);
+    const [twoFALoading, setTwoFALoading] = useState(true);
+    const [showSetupModal, setShowSetupModal] = useState(false);
+    const [showDisableModal, setShowDisableModal] = useState(false);
+    const [showBackupCodesModal, setShowBackupCodesModal] = useState(false);
+    const [setupData, setSetupData] = useState(null);
+    const [verificationCode, setVerificationCode] = useState('');
+    const [backupCodes, setBackupCodes] = useState([]);
+    const [twoFAError, setTwoFAError] = useState('');
+
+    useEffect(() => {
+        load2FAStatus();
+    }, []);
+
+    async function load2FAStatus() {
+        try {
+            const status = await api.get2FAStatus();
+            setTwoFAStatus(status);
+        } catch (err) {
+            console.error('Failed to load 2FA status:', err);
+        } finally {
+            setTwoFALoading(false);
+        }
+    }
+
+    async function handleSubmit(e) {
+        e.preventDefault();
+        setMessage(null);
+
+        if (formData.newPassword !== formData.confirmPassword) {
+            setMessage({ type: 'error', text: 'Passwords do not match' });
+            return;
+        }
+
+        if (formData.newPassword.length < 8) {
+            setMessage({ type: 'error', text: 'Password must be at least 8 characters' });
+            return;
+        }
+
+        setLoading(true);
+
+        try {
+            await updateUser({ password: formData.newPassword });
+            setMessage({ type: 'success', text: 'Password changed successfully' });
+            setFormData({ currentPassword: '', newPassword: '', confirmPassword: '' });
+        } catch (err) {
+            setMessage({ type: 'error', text: err.message });
+        } finally {
+            setLoading(false);
+        }
+    }
+
+    async function handleInitiate2FA() {
+        setTwoFAError('');
+        setTwoFALoading(true);
+        try {
+            const data = await api.initiate2FASetup();
+            setSetupData(data);
+            setShowSetupModal(true);
+        } catch (err) {
+            setTwoFAError(err.message);
+        } finally {
+            setTwoFALoading(false);
+        }
+    }
+
+    async function handleConfirm2FA() {
+        if (!verificationCode || verificationCode.length !== 6) {
+            setTwoFAError('Please enter a 6-digit code');
+            return;
+        }
+
+        setTwoFALoading(true);
+        setTwoFAError('');
+        try {
+            const result = await api.confirm2FASetup(verificationCode);
+            setBackupCodes(result.backup_codes);
+            setShowSetupModal(false);
+            setShowBackupCodesModal(true);
+            setVerificationCode('');
+            load2FAStatus();
+        } catch (err) {
+            setTwoFAError(err.message || 'Invalid verification code');
+        } finally {
+            setTwoFALoading(false);
+        }
+    }
+
+    async function handleDisable2FA() {
+        if (!verificationCode) {
+            setTwoFAError('Please enter a verification code');
+            return;
+        }
+
+        setTwoFALoading(true);
+        setTwoFAError('');
+        try {
+            await api.disable2FA(verificationCode);
+            setShowDisableModal(false);
+            setVerificationCode('');
+            load2FAStatus();
+        } catch (err) {
+            setTwoFAError(err.message || 'Invalid verification code');
+        } finally {
+            setTwoFALoading(false);
+        }
+    }
+
+    async function handleRegenerateBackupCodes() {
+        if (!verificationCode || verificationCode.length !== 6) {
+            setTwoFAError('Please enter a 6-digit code');
+            return;
+        }
+
+        setTwoFALoading(true);
+        setTwoFAError('');
+        try {
+            const result = await api.regenerateBackupCodes(verificationCode);
+            setBackupCodes(result.backup_codes);
+            setShowBackupCodesModal(true);
+            setVerificationCode('');
+            load2FAStatus();
+        } catch (err) {
+            setTwoFAError(err.message || 'Invalid verification code');
+        } finally {
+            setTwoFALoading(false);
+        }
+    }
+
+    function downloadBackupCodes() {
+        const content = `ServerKit Backup Codes
+Generated: ${new Date().toLocaleString()}
+
+These codes can be used to access your account if you lose your authenticator device.
+Each code can only be used once.
+
+${backupCodes.join('\n')}
+
+Keep these codes in a safe place.`;
+
+        const blob = new Blob([content], { type: 'text/plain' });
+        const url = URL.createObjectURL(blob);
+        const a = document.createElement('a');
+        a.href = url;
+        a.download = 'serverkit-backup-codes.txt';
+        document.body.appendChild(a);
+        a.click();
+        document.body.removeChild(a);
+        URL.revokeObjectURL(url);
+    }
+
+    function copyBackupCodes() {
+        navigator.clipboard.writeText(backupCodes.join('\n'));
+    }
+
+    return (
+        <div className="settings-section">
+            <div className="section-header">
+                <h2>Security Settings</h2>
+                <p>Manage your password and security preferences</p>
+            </div>
+
+            {message && (
+                <div className={`alert alert-${message.type === 'success' ? 'success' : 'danger'}`}>
+                    {message.text}
+                </div>
+            )}
+
+            {/* Two-Factor Authentication Section */}
+            <div className="settings-card two-fa-card">
+                <div className="two-fa-header">
+                    <div className="two-fa-icon">
+                        <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
+                            <rect x="3" y="11" width="18" height="11" rx="2" ry="2"/>
+                            <path d="M7 11V7a5 5 0 0 1 10 0v4"/>
+                        </svg>
+                    </div>
+                    <div>
+                        <h3>Two-Factor Authentication (2FA)</h3>
+                        <p>Add an extra layer of security to your account</p>
+                    </div>
+                </div>
+
+                {twoFALoading && !twoFAStatus ? (
+                    <div className="loading-sm">Loading...</div>
+                ) : twoFAStatus?.enabled ? (
+                    <div className="two-fa-enabled">
+                        <div className="two-fa-status">
+                            <span className="badge badge-success">Enabled</span>
+                            <span className="two-fa-info">
+                                Enabled on {new Date(twoFAStatus.confirmed_at).toLocaleDateString()}
+                            </span>
+                        </div>
+                        <div className="two-fa-backup-info">
+                            <span>Backup codes remaining: <strong>{twoFAStatus.backup_codes_remaining}</strong></span>
+                            {twoFAStatus.backup_codes_remaining <= 3 && (
+                                <span className="warning-text">Consider regenerating your backup codes</span>
+                            )}
+                        </div>
+                        <div className="two-fa-actions">
+                            <button
+                                className="btn btn-secondary"
+                                onClick={() => {
+                                    setVerificationCode('');
+                                    setTwoFAError('');
+                                    setShowBackupCodesModal(true);
+                                }}
+                            >
+                                Regenerate Backup Codes
+                            </button>
+                            <button
+                                className="btn btn-danger"
+                                onClick={() => {
+                                    setVerificationCode('');
+                                    setTwoFAError('');
+                                    setShowDisableModal(true);
+                                }}
+                            >
+                                Disable 2FA
+                            </button>
+                        </div>
+                    </div>
+                ) : (
+                    <div className="two-fa-disabled">
+                        <p className="two-fa-description">
+                            Two-factor authentication adds an additional layer of security to your account
+                            by requiring a code from your authenticator app in addition to your password.
+                        </p>
+                        <button
+                            className="btn btn-primary"
+                            onClick={handleInitiate2FA}
+                            disabled={twoFALoading}
+                        >
+                            Enable Two-Factor Authentication
+                        </button>
+                    </div>
+                )}
+            </div>
+
+            <form onSubmit={handleSubmit} className="settings-form">
+                <h3>Change Password</h3>
+
+                <div className="form-group">
+                    <label>Current Password</label>
+                    <input
+                        type="password"
+                        value={formData.currentPassword}
+                        onChange={(e) => setFormData({ ...formData, currentPassword: e.target.value })}
+                        placeholder="Enter current password"
+                    />
+                </div>
+
+                <div className="form-group">
+                    <label>New Password</label>
+                    <input
+                        type="password"
+                        value={formData.newPassword}
+                        onChange={(e) => setFormData({ ...formData, newPassword: e.target.value })}
+                        placeholder="Enter new password"
+                        required
+                    />
+                    <span className="form-help">Minimum 8 characters</span>
+                </div>
+
+                <div className="form-group">
+                    <label>Confirm New Password</label>
+                    <input
+                        type="password"
+                        value={formData.confirmPassword}
+                        onChange={(e) => setFormData({ ...formData, confirmPassword: e.target.value })}
+                        placeholder="Confirm new password"
+                        required
+                    />
+                </div>
+
+                <div className="form-actions">
+                    <button type="submit" className="btn btn-primary" disabled={loading}>
+                        {loading ? 'Changing...' : 'Change Password'}
+                    </button>
+                </div>
+            </form>
+
+            <div className="settings-card">
+                <h3>Sessions</h3>
+                <p>Manage your active sessions</p>
+                <div className="session-item current">
+                    <div className="session-info">
+                        <svg viewBox="0 0 24 24" width="20" height="20">
+                            <rect x="2" y="3" width="20" height="14" rx="2" ry="2"/>
+                            <line x1="8" y1="21" x2="16" y2="21"/>
+                            <line x1="12" y1="17" x2="12" y2="21"/>
+                        </svg>
+                        <div>
+                            <span className="session-device">Current Session</span>
+                            <span className="session-details">This device - Active now</span>
+                        </div>
+                    </div>
+                    <span className="badge badge-success">Current</span>
+                </div>
+            </div>
+
+            {/* Linked Accounts */}
+            <LinkedAccounts />
+
+            {/* 2FA Setup Modal */}
+            {showSetupModal && setupData && (
+                <Modal open={true} onClose={() => setShowSetupModal(false)} title="Set Up Two-Factor Authentication" size="md">
+                            <div className="setup-steps">
+                                <div className="setup-step">
+                                    <span className="step-number">1</span>
+                                    <div className="step-content">
+                                        <h4>Scan the QR Code</h4>
+                                        <p>Use your authenticator app (Google Authenticator, Authy, 1Password, etc.) to scan this QR code.</p>
+                                        {setupData.qr_code ? (
+                                            <div className="qr-code-container">
+                                                <img src={setupData.qr_code} alt="2FA QR Code" className="qr-code" />
+                                            </div>
+                                        ) : (
+                                            <div className="qr-fallback">
+                                                <p>QR code unavailable. Enter this secret manually:</p>
+                                                <code className="secret-key">{setupData.secret}</code>
+                                            </div>
+                                        )}
+                                        <details className="manual-entry">
+                                            <summary>Can&apos;t scan? Enter manually</summary>
+                                            <p>Account: {user?.email ?? ''}</p>
+                                            <p>Secret: <code>{setupData.secret}</code></p>
+                                        </details>
+                                    </div>
+                                </div>
+
+                                <div className="setup-step">
+                                    <span className="step-number">2</span>
+                                    <div className="step-content">
+                                        <h4>Enter Verification Code</h4>
+                                        <p>Enter the 6-digit code from your authenticator app to verify setup.</p>
+                                        <input
+                                            type="text"
+                                            value={verificationCode}
+                                            onChange={(e) => setVerificationCode(e.target.value.replace(/\D/g, '').slice(0, 6))}
+                                            placeholder="000000"
+                                            className="verification-input"
+                                            autoFocus
+                                        />
+                                        {twoFAError && <p className="error-text">{twoFAError}</p>}
+                                    </div>
+                                </div>
+                            </div>
+                        <div className="modal-footer">
+                            <button className="btn btn-secondary" onClick={() => setShowSetupModal(false)}>
+                                Cancel
+                            </button>
+                            <button
+                                className="btn btn-primary"
+                                onClick={handleConfirm2FA}
+                                disabled={twoFALoading || verificationCode.length !== 6}
+                            >
+                                {twoFALoading ? 'Verifying...' : 'Enable 2FA'}
+                            </button>
+                        </div>
+                </Modal>
+            )}
+
+            {/* Disable 2FA Modal */}
+            {showDisableModal && (
+                <Modal open={true} onClose={() => setShowDisableModal(false)} title="Disable Two-Factor Authentication">
+                            <div className="warning-box">
+                                <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
+                                    <path d="M10.29 3.86L1.82 18a2 2 0 0 0 1.71 3h16.94a2 2 0 0 0 1.71-3L13.71 3.86a2 2 0 0 0-3.42 0z"/>
+                                    <line x1="12" y1="9" x2="12" y2="13"/>
+                                    <line x1="12" y1="17" x2="12.01" y2="17"/>
+                                </svg>
+                                <p>Disabling 2FA will make your account less secure. You will only need your password to log in.</p>
+                            </div>
+                            <div className="form-group">
+                                <label>Enter a verification code or backup code to disable 2FA:</label>
+                                <input
+                                    type="text"
+                                    value={verificationCode}
+                                    onChange={(e) => setVerificationCode(e.target.value)}
+                                    placeholder="Code from authenticator or backup code"
+                                    autoFocus
+                                />
+                                {twoFAError && <p className="error-text">{twoFAError}</p>}
+                            </div>
+                        <div className="modal-footer">
+                            <button className="btn btn-secondary" onClick={() => setShowDisableModal(false)}>
+                                Cancel
+                            </button>
+                            <button
+                                className="btn btn-danger"
+                                onClick={handleDisable2FA}
+                                disabled={twoFALoading || !verificationCode}
+                            >
+                                {twoFALoading ? 'Disabling...' : 'Disable 2FA'}
+                            </button>
+                        </div>
+                </Modal>
+            )}
+
+            {/* Backup Codes Modal */}
+            {showBackupCodesModal && (
+                <Modal open={true} onClose={() => setShowBackupCodesModal(false)} title={backupCodes.length > 0 ? 'Your Backup Codes' : 'Regenerate Backup Codes'} size="md">
+                            {backupCodes.length > 0 ? (
+                                <>
+                                    <div className="warning-box">
+                                        <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
+                                            <circle cx="12" cy="12" r="10"/>
+                                            <line x1="12" y1="8" x2="12" y2="12"/>
+                                            <line x1="12" y1="16" x2="12.01" y2="16"/>
+                                        </svg>
+                                        <p>Save these backup codes in a secure location. They will not be shown again. Each code can only be used once.</p>
+                                    </div>
+                                    <div className="backup-codes-grid">
+                                        {backupCodes.map((code, index) => (
+                                            <code key={index} className="backup-code">{code}</code>
+                                        ))}
+                                    </div>
+                                    <div className="backup-codes-actions">
+                                        <button className="btn btn-secondary" onClick={downloadBackupCodes}>
+                                            <svg viewBox="0 0 24 24" width="16" height="16" stroke="currentColor" fill="none" strokeWidth="2">
+                                                <path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4M7 10l5 5 5-5M12 15V3"/>
+                                            </svg>
+                                            Download
+                                        </button>
+                                        <button className="btn btn-secondary" onClick={copyBackupCodes}>
+                                            <svg viewBox="0 0 24 24" width="16" height="16" stroke="currentColor" fill="none" strokeWidth="2">
+                                                <rect x="9" y="9" width="13" height="13" rx="2" ry="2"/>
+                                                <path d="M5 15H4a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h9a2 2 0 0 1 2 2v1"/>
+                                            </svg>
+                                            Copy
+                                        </button>
+                                    </div>
+                                </>
+                            ) : (
+                                <>
+                                    <p>Enter a code from your authenticator app to generate new backup codes. This will invalidate all existing backup codes.</p>
+                                    <div className="form-group">
+                                        <label>Verification Code</label>
+                                        <input
+                                            type="text"
+                                            value={verificationCode}
+                                            onChange={(e) => setVerificationCode(e.target.value.replace(/\D/g, '').slice(0, 6))}
+                                            placeholder="000000"
+                                            autoFocus
+                                        />
+                                        {twoFAError && <p className="error-text">{twoFAError}</p>}
+                                    </div>
+                                </>
+                            )}
+                        <div className="modal-footer">
+                            <button className="btn btn-secondary" onClick={() => {
+                                setShowBackupCodesModal(false);
+                                setBackupCodes([]);
+                                setVerificationCode('');
+                            }}>
+                                {backupCodes.length > 0 ? 'Done' : 'Cancel'}
+                            </button>
+                            {backupCodes.length === 0 && (
+                                <button
+                                    className="btn btn-primary"
+                                    onClick={handleRegenerateBackupCodes}
+                                    disabled={twoFALoading || verificationCode.length !== 6}
+                                >
+                                    {twoFALoading ? 'Generating...' : 'Generate New Codes'}
+                                </button>
+                            )}
+                        </div>
+                </Modal>
+            )}
+        </div>
+    );
+};
+
+export default SecuritySettingsTab;
diff --git a/frontend/src/components/settings/SidebarSettings.jsx b/frontend/src/components/settings/SidebarSettings.jsx
new file mode 100644
index 00000000..6b9d0eb8
--- /dev/null
+++ b/frontend/src/components/settings/SidebarSettings.jsx
@@ -0,0 +1,220 @@
+import { useState, useMemo } from 'react';
+import { useAuth } from '../../contexts/AuthContext';
+import api from '../../services/api';
+import { Check, RotateCcw } from 'lucide-react';
+import {
+    SIDEBAR_ITEMS,
+    SIDEBAR_PRESETS,
+    SIDEBAR_CATEGORIES,
+    CATEGORY_LABELS
+} from '../sidebarItems';
+
+const PRESET_ICONS = {
+    full: <svg viewBox="0 0 24 24" width="20" height="20" fill="none" stroke="currentColor"><rect x="3" y="3" width="7" height="7"/><rect x="14" y="3" width="7" height="7"/><rect x="14" y="14" width="7" height="7"/><rect x="3" y="14" width="7" height="7"/></svg>,
+    web: <svg viewBox="0 0 24 24" width="20" height="20" fill="none" stroke="currentColor"><circle cx="12" cy="12" r="10"/><line x1="2" y1="12" x2="22" y2="12"/><path d="M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z"/></svg>,
+    email: <svg viewBox="0 0 24 24" width="20" height="20" fill="none" stroke="currentColor"><path d="M4 4h16c1.1 0 2 .9 2 2v12c0 1.1-.9 2-2 2H4c-1.1 0-2-.9-2-2V6c0-1.1.9-2 2-2z"/><polyline points="22,6 12,13 2,6"/></svg>,
+    devops: <svg viewBox="0 0 24 24" width="20" height="20" fill="none" stroke="currentColor"><rect x="2" y="7" width="6" height="6" rx="1"/><rect x="9" y="7" width="6" height="6" rx="1"/><rect x="16" y="7" width="6" height="6" rx="1"/><rect x="2" y="14" width="6" height="6" rx="1"/><rect x="9" y="14" width="6" height="6" rx="1"/></svg>,
+    minimal: <svg viewBox="0 0 24 24" width="20" height="20" fill="none" stroke="currentColor"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
+};
+
+const SidebarSettings = () => {
+    const { user, updateUser } = useAuth();
+    const currentConfig = user?.sidebar_config || { preset: 'full', hiddenItems: [] };
+    const [preset, setPreset] = useState(currentConfig.preset || 'full');
+    const [hiddenItems, setHiddenItems] = useState(currentConfig.hiddenItems || []);
+    const [saving, setSaving] = useState(false);
+    const [message, setMessage] = useState(null);
+
+    const toggleableItems = useMemo(
+        () => SIDEBAR_ITEMS.filter(item => !item.alwaysVisible),
+        []
+    );
+
+    const activeHidden = preset === 'custom'
+        ? hiddenItems
+        : (SIDEBAR_PRESETS[preset]?.hiddenItems || []);
+
+    const visibleCount = SIDEBAR_ITEMS.filter(
+        item => item.alwaysVisible || !activeHidden.includes(item.id)
+    ).length;
+
+    const handlePresetChange = (newPreset) => {
+        if (newPreset === preset) return;
+        setPreset(newPreset);
+        if (newPreset !== 'custom') {
+            setHiddenItems(SIDEBAR_PRESETS[newPreset]?.hiddenItems || []);
+        }
+    };
+
+    const handleToggleItem = (itemId) => {
+        // Switching to custom mode when toggling
+        if (preset !== 'custom') {
+            setPreset('custom');
+            // Start from current preset's hidden items
+            const currentHidden = SIDEBAR_PRESETS[preset]?.hiddenItems || [];
+            const newHidden = currentHidden.includes(itemId)
+                ? currentHidden.filter(id => id !== itemId)
+                : [...currentHidden, itemId];
+            setHiddenItems(newHidden);
+        } else {
+            setHiddenItems(prev =>
+                prev.includes(itemId)
+                    ? prev.filter(id => id !== itemId)
+                    : [...prev, itemId]
+            );
+        }
+    };
+
+    const handleSave = async () => {
+        setSaving(true);
+        setMessage(null);
+        try {
+            const config = { preset, hiddenItems: preset === 'custom' ? hiddenItems : [] };
+            await api.updateCurrentUser({ sidebar_config: config });
+            await updateUser({ sidebar_config: config });
+            setMessage({ type: 'success', text: 'Sidebar preferences saved' });
+        } catch (err) {
+            setMessage({ type: 'error', text: err.message || 'Failed to save preferences' });
+        } finally {
+            setSaving(false);
+            setTimeout(() => setMessage(null), 3000);
+        }
+    };
+
+    const handleReset = () => {
+        setPreset('full');
+        setHiddenItems([]);
+    };
+
+    const hasChanges = preset !== (currentConfig.preset || 'full') ||
+        JSON.stringify(hiddenItems) !== JSON.stringify(currentConfig.hiddenItems || []);
+
+    return (
+        <div className="sidebar-settings">
+            <div className="settings-section">
+                <h3>View Profiles</h3>
+                <p className="settings-section-desc">
+                    Choose a preset or build a custom view. Only visible items appear in your sidebar.
+                </p>
+
+                <div className="sidebar-presets">
+                    {Object.entries(SIDEBAR_PRESETS).map(([key, profile]) => (
+                        <button
+                            key={key}
+                            className={`sidebar-preset-card ${preset === key ? 'active' : ''}`}
+                            onClick={() => handlePresetChange(key)}
+                        >
+                            <div className="preset-card-icon">
+                                {PRESET_ICONS[key]}
+                            </div>
+                            <div className="preset-card-info">
+                                <span className="preset-card-label">{profile.label}</span>
+                                <span className="preset-card-desc">{profile.description}</span>
+                            </div>
+                            {preset === key && (
+                                <div className="preset-card-check">
+                                    <Check size={16} />
+                                </div>
+                            )}
+                        </button>
+                    ))}
+                    <button
+                        className={`sidebar-preset-card ${preset === 'custom' ? 'active' : ''}`}
+                        onClick={() => handlePresetChange('custom')}
+                    >
+                        <div className="preset-card-icon">
+                            <svg viewBox="0 0 24 24" width="20" height="20" fill="none" stroke="currentColor">
+                                <path d="M12 20h9"/><path d="M16.5 3.5a2.121 2.121 0 0 1 3 3L7 19l-4 1 1-4L16.5 3.5z"/>
+                            </svg>
+                        </div>
+                        <div className="preset-card-info">
+                            <span className="preset-card-label">Custom</span>
+                            <span className="preset-card-desc">Toggle individual items on/off</span>
+                        </div>
+                        {preset === 'custom' && (
+                            <div className="preset-card-check">
+                                <Check size={16} />
+                            </div>
+                        )}
+                    </button>
+                </div>
+            </div>
+
+            <div className="settings-section">
+                <div className="settings-section-header">
+                    <h3>Sidebar Items</h3>
+                    <span className="sidebar-item-count">{visibleCount} of {SIDEBAR_ITEMS.length} visible</span>
+                </div>
+                <p className="settings-section-desc">
+                    {preset === 'custom'
+                        ? 'Toggle items to show or hide them in your sidebar.'
+                        : `Showing items for the "${SIDEBAR_PRESETS[preset]?.label || preset}" profile. Switch to Custom to modify individually.`
+                    }
+                </p>
+
+                <div className="sidebar-items-list">
+                    {SIDEBAR_CATEGORIES.map(cat => {
+                        const catItems = toggleableItems.filter(item => item.category === cat);
+                        if (catItems.length === 0) return null;
+                        return (
+                            <div key={cat} className="sidebar-items-group">
+                                <div className="sidebar-items-group-label">{CATEGORY_LABELS[cat]}</div>
+                                {catItems.map(item => {
+                                    const isVisible = !activeHidden.includes(item.id);
+                                    return (
+                                        <label
+                                            key={item.id}
+                                            className={`sidebar-item-toggle ${!isVisible ? 'hidden-item' : ''}`}
+                                        >
+                                            <div className="sidebar-item-toggle-info">
+                                                <svg className="sidebar-item-toggle-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor"
+                                                    dangerouslySetInnerHTML={{ __html: item.icon }}
+                                                />
+                                                <span>{item.label}</span>
+                                            </div>
+                                            <div className={`toggle-switch ${isVisible ? 'on' : ''}`}
+                                                onClick={(e) => {
+                                                    e.preventDefault();
+                                                    handleToggleItem(item.id);
+                                                }}
+                                            >
+                                                <div className="toggle-knob" />
+                                            </div>
+                                        </label>
+                                    );
+                                })}
+                            </div>
+                        );
+                    })}
+                </div>
+            </div>
+
+            <div className="sidebar-settings-actions">
+                <button
+                    className="btn btn-ghost"
+                    onClick={handleReset}
+                    disabled={preset === 'full' && hiddenItems.length === 0}
+                >
+                    <RotateCcw size={14} />
+                    Reset to Default
+                </button>
+                <button
+                    className="btn btn-primary"
+                    onClick={handleSave}
+                    disabled={saving || !hasChanges}
+                >
+                    {saving ? 'Saving...' : 'Save Changes'}
+                </button>
+            </div>
+
+            {message && (
+                <div className={`settings-message ${message.type}`}>
+                    {message.type === 'success' && <Check size={14} />}
+                    {message.text}
+                </div>
+            )}
+        </div>
+    );
+};
+
+export default SidebarSettings;
diff --git a/frontend/src/components/settings/SiteSettingsTab.jsx b/frontend/src/components/settings/SiteSettingsTab.jsx
new file mode 100644
index 00000000..b04ae896
--- /dev/null
+++ b/frontend/src/components/settings/SiteSettingsTab.jsx
@@ -0,0 +1,112 @@
+import React, { useState, useEffect } from 'react';
+import api from '../../services/api';
+
+const SiteSettingsTab = ({ onDevModeChange }) => {
+    const [settings, setSettings] = useState({
+        registration_enabled: false,
+        dev_mode: false
+    });
+    const [loading, setLoading] = useState(true);
+    const [saving, setSaving] = useState(false);
+    const [message, setMessage] = useState(null);
+
+    useEffect(() => {
+        loadSettings();
+    }, []);
+
+    async function loadSettings() {
+        try {
+            const data = await api.getSystemSettings();
+            setSettings({
+                registration_enabled: data.registration_enabled || false,
+                dev_mode: data.dev_mode || false
+            });
+        } catch (err) {
+            console.error('Failed to load settings:', err);
+        } finally {
+            setLoading(false);
+        }
+    }
+
+    async function handleToggleSetting(key, label) {
+        setSaving(true);
+        setMessage(null);
+
+        try {
+            const newValue = !settings[key];
+            await api.updateSystemSetting(key, newValue);
+            setSettings({ ...settings, [key]: newValue });
+            setMessage({ type: 'success', text: `${label} ${newValue ? 'enabled' : 'disabled'}` });
+            if (key === 'dev_mode' && onDevModeChange) {
+                onDevModeChange(newValue);
+            }
+        } catch (err) {
+            setMessage({ type: 'error', text: err.message || 'Failed to update setting' });
+        } finally {
+            setSaving(false);
+        }
+    }
+
+    if (loading) {
+        return <div className="settings-section"><p>Loading...</p></div>;
+    }
+
+    return (
+        <div className="settings-section">
+            <h2>Site Settings</h2>
+            <p className="section-description">Configure global site settings</p>
+
+            {message && (
+                <div className={`message ${message.type}`}>{message.text}</div>
+            )}
+
+            <div className="settings-card">
+                <h3>User Registration</h3>
+                <p>Allow new users to create accounts on the login page.</p>
+
+                <div className="form-group">
+                    <label className="toggle-switch-label">
+                        <span>Enable public registration</span>
+                        <label className="toggle-switch">
+                            <input
+                                type="checkbox"
+                                checked={settings.registration_enabled}
+                                onChange={() => handleToggleSetting('registration_enabled', 'User registration')}
+                                disabled={saving}
+                            />
+                            <span className="toggle-slider"></span>
+                        </label>
+                    </label>
+                    <span className="form-help">
+                        When disabled, only administrators can create new user accounts.
+                    </span>
+                </div>
+            </div>
+
+            <div className="settings-card">
+                <h3>Developer Mode</h3>
+                <p>Enable developer tools and diagnostics.</p>
+
+                <div className="form-group">
+                    <label className="toggle-switch-label">
+                        <span>Enable developer mode</span>
+                        <label className="toggle-switch">
+                            <input
+                                type="checkbox"
+                                checked={settings.dev_mode}
+                                onChange={() => handleToggleSetting('dev_mode', 'Developer mode')}
+                                disabled={saving}
+                            />
+                            <span className="toggle-slider"></span>
+                        </label>
+                    </label>
+                    <span className="form-help">
+                        Enables the Developer tab with icon reference and diagnostic tools.
+                    </span>
+                </div>
+            </div>
+        </div>
+    );
+};
+
+export default SiteSettingsTab;
diff --git a/frontend/src/components/settings/SystemTab.jsx b/frontend/src/components/settings/SystemTab.jsx
new file mode 100644
index 00000000..e4c935a8
--- /dev/null
+++ b/frontend/src/components/settings/SystemTab.jsx
@@ -0,0 +1,263 @@
+import React, { useState, useEffect } from 'react';
+import { useAuth } from '../../contexts/AuthContext';
+import api from '../../services/api';
+
+function formatBytes(bytes) {
+    if (!bytes) return '-';
+    const units = ['B', 'KB', 'MB', 'GB', 'TB'];
+    let i = 0;
+    while (bytes >= 1024 && i < units.length - 1) {
+        bytes /= 1024;
+        i++;
+    }
+    return `${bytes.toFixed(1)} ${units[i]}`;
+}
+
+function formatUptime(seconds) {
+    if (!seconds) return '-';
+    const days = Math.floor(seconds / 86400);
+    const hours = Math.floor((seconds % 86400) / 3600);
+    const minutes = Math.floor((seconds % 3600) / 60);
+
+    const parts = [];
+    if (days > 0) parts.push(`${days}d`);
+    if (hours > 0) parts.push(`${hours}h`);
+    if (minutes > 0) parts.push(`${minutes}m`);
+
+    return parts.join(' ') || '< 1m';
+}
+
+const SystemTab = () => {
+    const { isAdmin } = useAuth();
+    const [metrics, setMetrics] = useState(null);
+    const [loading, setLoading] = useState(true);
+    const [timezones, setTimezones] = useState([]);
+    const [selectedTimezone, setSelectedTimezone] = useState('');
+    const [savingTimezone, setSavingTimezone] = useState(false);
+    const [timezoneMessage, setTimezoneMessage] = useState(null);
+
+    useEffect(() => {
+        if (isAdmin) {
+            loadMetrics();
+            loadTimezones();
+        }
+    }, [isAdmin]);
+
+    async function loadMetrics() {
+        try {
+            const data = await api.getSystemMetrics();
+            setMetrics(data);
+            if (data?.time?.timezone_id) {
+                setSelectedTimezone(data.time.timezone_id);
+            }
+        } catch (err) {
+            console.error('Failed to load metrics:', err);
+        } finally {
+            setLoading(false);
+        }
+    }
+
+    async function loadTimezones() {
+        try {
+            const data = await api.getTimezones();
+            setTimezones(data.timezones || []);
+        } catch (err) {
+            console.error('Failed to load timezones:', err);
+        }
+    }
+
+    async function handleTimezoneChange() {
+        if (!selectedTimezone) return;
+
+        setSavingTimezone(true);
+        setTimezoneMessage(null);
+
+        try {
+            const result = await api.setTimezone(selectedTimezone);
+            setTimezoneMessage({ type: 'success', text: result.message || 'Timezone updated' });
+            // Refresh metrics to show new time
+            loadMetrics();
+        } catch (err) {
+            setTimezoneMessage({ type: 'error', text: err.message || 'Failed to set timezone' });
+        } finally {
+            setSavingTimezone(false);
+            setTimeout(() => setTimezoneMessage(null), 5000);
+        }
+    }
+
+    if (!isAdmin) {
+        return (
+            <div className="settings-section">
+                <div className="section-header">
+                    <h2>System Information</h2>
+                    <p>View system details and server information</p>
+                </div>
+                <div className="alert alert-warning">
+                    Admin access required to view system information.
+                </div>
+            </div>
+        );
+    }
+
+    if (loading) {
+        return <div className="loading">Loading system information...</div>;
+    }
+
+    return (
+        <div className="settings-section">
+            <div className="section-header">
+                <h2>System Information</h2>
+                <p>View system details and server information</p>
+            </div>
+
+            <div className="system-info-grid">
+                <div className="settings-card">
+                    <h3>CPU</h3>
+                    <div className="info-list">
+                        <div className="info-item">
+                            <span className="info-label">Usage</span>
+                            <span className="info-value">{metrics?.cpu?.percent?.toFixed(1) || 0}%</span>
+                        </div>
+                        <div className="info-item">
+                            <span className="info-label">Cores</span>
+                            <span className="info-value">{metrics?.cpu?.count || '-'}</span>
+                        </div>
+                        <div className="info-item">
+                            <span className="info-label">Load Average</span>
+                            <span className="info-value">
+                                {metrics?.cpu?.load_avg ? metrics.cpu.load_avg.map(l => l.toFixed(2)).join(', ') : '-'}
+                            </span>
+                        </div>
+                    </div>
+                </div>
+
+                <div className="settings-card">
+                    <h3>Memory</h3>
+                    <div className="info-list">
+                        <div className="info-item">
+                            <span className="info-label">Usage</span>
+                            <span className="info-value">{metrics?.memory?.percent?.toFixed(1) || 0}%</span>
+                        </div>
+                        <div className="info-item">
+                            <span className="info-label">Used</span>
+                            <span className="info-value">{formatBytes(metrics?.memory?.used)}</span>
+                        </div>
+                        <div className="info-item">
+                            <span className="info-label">Total</span>
+                            <span className="info-value">{formatBytes(metrics?.memory?.total)}</span>
+                        </div>
+                    </div>
+                </div>
+
+                <div className="settings-card">
+                    <h3>Disk</h3>
+                    <div className="info-list">
+                        <div className="info-item">
+                            <span className="info-label">Usage</span>
+                            <span className="info-value">{metrics?.disk?.percent?.toFixed(1) || 0}%</span>
+                        </div>
+                        <div className="info-item">
+                            <span className="info-label">Used</span>
+                            <span className="info-value">{formatBytes(metrics?.disk?.used)}</span>
+                        </div>
+                        <div className="info-item">
+                            <span className="info-label">Total</span>
+                            <span className="info-value">{formatBytes(metrics?.disk?.total)}</span>
+                        </div>
+                    </div>
+                </div>
+
+                <div className="settings-card">
+                    <h3>Network</h3>
+                    <div className="info-list">
+                        <div className="info-item">
+                            <span className="info-label">Bytes Sent</span>
+                            <span className="info-value">{formatBytes(metrics?.network?.bytes_sent)}</span>
+                        </div>
+                        <div className="info-item">
+                            <span className="info-label">Bytes Received</span>
+                            <span className="info-value">{formatBytes(metrics?.network?.bytes_recv)}</span>
+                        </div>
+                    </div>
+                </div>
+            </div>
+
+            {metrics?.system && (
+                <div className="settings-card">
+                    <h3>System Details</h3>
+                    <div className="info-list">
+                        <div className="info-item">
+                            <span className="info-label">Hostname</span>
+                            <span className="info-value">{metrics.system.hostname || '-'}</span>
+                        </div>
+                        <div className="info-item">
+                            <span className="info-label">Platform</span>
+                            <span className="info-value">{metrics.system.platform || '-'}</span>
+                        </div>
+                        <div className="info-item">
+                            <span className="info-label">OS Version</span>
+                            <span className="info-value">{metrics.system.version || '-'}</span>
+                        </div>
+                        <div className="info-item">
+                            <span className="info-label">Uptime</span>
+                            <span className="info-value">{formatUptime(metrics.system.uptime)}</span>
+                        </div>
+                    </div>
+                </div>
+            )}
+
+            {/* Server Time & Timezone */}
+            <div className="settings-card">
+                <h3>Server Time & Timezone</h3>
+                {metrics?.time && (
+                    <div className="info-list" style={{ marginBottom: '1rem' }}>
+                        <div className="info-item">
+                            <span className="info-label">Current Time</span>
+                            <span className="info-value">{metrics.time.current_time_formatted}</span>
+                        </div>
+                        <div className="info-item">
+                            <span className="info-label">UTC Offset</span>
+                            <span className="info-value">{metrics.time.utc_offset}</span>
+                        </div>
+                        <div className="info-item">
+                            <span className="info-label">Current Timezone</span>
+                            <span className="info-value">{metrics.time.timezone_id || metrics.time.timezone_name}</span>
+                        </div>
+                    </div>
+                )}
+                <div className="form-group">
+                    <label>Change Timezone</label>
+                    <div className="timezone-selector">
+                        <select
+                            value={selectedTimezone}
+                            onChange={(e) => setSelectedTimezone(e.target.value)}
+                            className="form-control"
+                        >
+                            <option value="">Select timezone...</option>
+                            {timezones.map((tz) => (
+                                <option key={tz} value={tz}>{tz}</option>
+                            ))}
+                        </select>
+                        <button
+                            className="btn btn-primary"
+                            onClick={handleTimezoneChange}
+                            disabled={savingTimezone || !selectedTimezone || selectedTimezone === metrics?.time?.timezone_id}
+                        >
+                            {savingTimezone ? 'Saving...' : 'Apply'}
+                        </button>
+                    </div>
+                    {timezoneMessage && (
+                        <div className={`timezone-message ${timezoneMessage.type}`}>
+                            {timezoneMessage.text}
+                        </div>
+                    )}
+                    <span className="form-help">
+                        Changing timezone requires server restart to take full effect
+                    </span>
+                </div>
+            </div>
+        </div>
+    );
+};
+
+export default SystemTab;
diff --git a/frontend/src/components/settings/UserModal.jsx b/frontend/src/components/settings/UserModal.jsx
index d8c68d27..cec19333 100644
--- a/frontend/src/components/settings/UserModal.jsx
+++ b/frontend/src/components/settings/UserModal.jsx
@@ -2,6 +2,7 @@ import React, { useState, useEffect } from 'react';
 import { useAuth } from '../../contexts/AuthContext';
 import api from '../../services/api';
 import PermissionEditor from './PermissionEditor';
+import Modal from '../Modal';
 
 const UserModal = ({ user, onSave, onClose }) => {
     const [formData, setFormData] = useState({
@@ -113,18 +114,7 @@ const UserModal = ({ user, onSave, onClose }) => {
     }
 
     return (
-        <div className="modal-overlay">
-            <div className="modal modal-md">
-                <div className="modal-header">
-                    <h3>{isEditing ? 'Edit User' : 'Add New User'}</h3>
-                    <button className="modal-close" onClick={onClose}>
-                        <svg viewBox="0 0 24 24" width="20" height="20" stroke="currentColor" fill="none" strokeWidth="2">
-                            <line x1="18" y1="6" x2="6" y2="18"/>
-                            <line x1="6" y1="6" x2="18" y2="18"/>
-                        </svg>
-                    </button>
-                </div>
-
+        <Modal open={true} onClose={onClose} title={isEditing ? 'Edit User' : 'Add New User'} size="md">
                 <form onSubmit={handleSubmit}>
                     <div className="modal-body">
                         {error && <div className="error-message">{error}</div>}
@@ -274,8 +264,7 @@ const UserModal = ({ user, onSave, onClose }) => {
                         </button>
                     </div>
                 </form>
-            </div>
-        </div>
+        </Modal>
     );
 };
 
diff --git a/frontend/src/components/settings/UsersTab.jsx b/frontend/src/components/settings/UsersTab.jsx
index 5a699833..dce4a06f 100644
--- a/frontend/src/components/settings/UsersTab.jsx
+++ b/frontend/src/components/settings/UsersTab.jsx
@@ -3,6 +3,7 @@ import api from '../../services/api';
 import { useAuth } from '../../contexts/AuthContext';
 import UserModal from './UserModal';
 import InvitationsTab from './InvitationsTab';
+import Modal from '../Modal';
 
 const UsersTab = () => {
     const [users, setUsers] = useState([]);
@@ -227,21 +228,9 @@ const UsersTab = () => {
             )}
 
             {deleteConfirm && (
-                <div className="modal-overlay">
-                    <div className="modal modal-sm">
-                        <div className="modal-header">
-                            <h3>Delete User</h3>
-                            <button className="modal-close" onClick={() => setDeleteConfirm(null)}>
-                                <svg viewBox="0 0 24 24" width="20" height="20" stroke="currentColor" fill="none" strokeWidth="2">
-                                    <line x1="18" y1="6" x2="6" y2="18"/>
-                                    <line x1="6" y1="6" x2="18" y2="18"/>
-                                </svg>
-                            </button>
-                        </div>
-                        <div className="modal-body">
+                <Modal open={true} onClose={() => setDeleteConfirm(null)} title="Delete User" size="sm">
                             <p>Are you sure you want to delete <strong>{deleteConfirm.username}</strong>?</p>
                             <p className="text-muted">This action cannot be undone.</p>
-                        </div>
                         <div className="modal-footer">
                             <button className="btn btn-ghost" onClick={() => setDeleteConfirm(null)}>
                                 Cancel
@@ -250,8 +239,7 @@ const UsersTab = () => {
                                 Delete User
                             </button>
                         </div>
-                    </div>
-                </div>
+                </Modal>
             )}
 
             <InvitationsTab />
diff --git a/frontend/src/components/settings/WebhookSubscriptionModal.jsx b/frontend/src/components/settings/WebhookSubscriptionModal.jsx
index 2e95f95e..ddc1458c 100644
--- a/frontend/src/components/settings/WebhookSubscriptionModal.jsx
+++ b/frontend/src/components/settings/WebhookSubscriptionModal.jsx
@@ -1,6 +1,7 @@
 import { useState, useEffect } from 'react';
 import { X } from 'lucide-react';
 import api from '../../services/api';
+import Modal from '../Modal';
 
 const WebhookSubscriptionModal = ({ subscription, onClose, onSubmit }) => {
     const [name, setName] = useState('');
@@ -70,12 +71,7 @@ const WebhookSubscriptionModal = ({ subscription, onClose, onSubmit }) => {
     }, {});
 
     return (
-        <div className="modal-overlay" onClick={onClose}>
-            <div className="modal webhook-modal" onClick={e => e.stopPropagation()}>
-                <div className="modal-header">
-                    <h3>{subscription ? 'Edit Subscription' : 'Create Webhook Subscription'}</h3>
-                    <button className="modal-close" onClick={onClose}><X size={18} /></button>
-                </div>
+        <Modal open={true} onClose={onClose} title={subscription ? 'Edit Subscription' : 'Create Webhook Subscription'} className="webhook-modal">
                 <form onSubmit={handleSubmit}>
                     <div className="modal-body">
                         <div className="form-group">
@@ -173,8 +169,7 @@ const WebhookSubscriptionModal = ({ subscription, onClose, onSubmit }) => {
                         </button>
                     </div>
                 </form>
-            </div>
-        </div>
+        </Modal>
     );
 };
 
diff --git a/frontend/src/components/settings/WhiteLabelTab.jsx b/frontend/src/components/settings/WhiteLabelTab.jsx
new file mode 100644
index 00000000..c85f44d6
--- /dev/null
+++ b/frontend/src/components/settings/WhiteLabelTab.jsx
@@ -0,0 +1,177 @@
+import { useRef } from 'react';
+import { useTheme } from '../../contexts/ThemeContext';
+import { Star, X, Layers, Image, Type, Upload } from 'lucide-react';
+
+const WHITELABEL_MODES = [
+    { id: 'image_text', label: 'Logo + Text', icon: Layers, desc: 'Mini logo with brand name' },
+    { id: 'image_full', label: 'Full-width Logo', icon: Image, desc: 'Banner image only' },
+    { id: 'text_only', label: 'Text Only', icon: Type, desc: 'Just the brand name' },
+];
+
+const WhiteLabelTab = () => {
+    const { whiteLabel, setWhiteLabel } = useTheme();
+    const logoInputRef = useRef(null);
+
+    return (
+        <div className="settings-section">
+            <div className="section-header">
+                <h2>White Label</h2>
+                <p>Replace the default ServerKit branding with your own</p>
+            </div>
+
+            <div className="settings-card">
+                <h3>Custom Branding</h3>
+                <p>Replace the sidebar logo, name, and GitHub star link</p>
+
+                <div className="settings-row">
+                    <div className="settings-label">
+                        <span>Enable custom branding</span>
+                        <span className="settings-hint">Replaces the sidebar logo, name, and GitHub star link</span>
+                    </div>
+                    <div className="settings-control">
+                        <label className="toggle-switch">
+                            <input
+                                type="checkbox"
+                                checked={whiteLabel.enabled}
+                                onChange={(e) => setWhiteLabel({ enabled: e.target.checked })}
+                            />
+                            <span className="toggle-slider"></span>
+                        </label>
+                    </div>
+                </div>
+
+                {whiteLabel.enabled && (
+                    <>
+                        <div className="whitelabel-modes">
+                            {WHITELABEL_MODES.map(({ id, label, icon: Icon, desc }) => (
+                                <button
+                                    key={id}
+                                    className={`whitelabel-mode${whiteLabel.mode === id ? ' active' : ''}`}
+                                    onClick={() => setWhiteLabel({ mode: id })}
+                                >
+                                    <Icon size={20} />
+                                    <span className="whitelabel-mode__label">{label}</span>
+                                    <span className="whitelabel-mode__desc">{desc}</span>
+                                </button>
+                            ))}
+                        </div>
+
+                        <div className="whitelabel-fields">
+                            {whiteLabel.mode !== 'image_full' && (
+                                <div className="form-group">
+                                    <label>Brand Name</label>
+                                    <input
+                                        type="text"
+                                        value={whiteLabel.brandName}
+                                        onChange={(e) => setWhiteLabel({ brandName: e.target.value })}
+                                        placeholder="My Brand"
+                                        maxLength={30}
+                                    />
+                                </div>
+                            )}
+
+                            {whiteLabel.mode !== 'text_only' && (
+                                <div className="form-group">
+                                    <label>Logo Image</label>
+                                    <div className="whitelabel-upload" onClick={() => logoInputRef.current?.click()}>
+                                        {whiteLabel.logoData ? (
+                                            <div className="whitelabel-logo-preview">
+                                                <img src={whiteLabel.logoData} alt="Logo preview" />
+                                                <button
+                                                    className="btn btn-secondary btn-sm"
+                                                    onClick={(e) => { e.stopPropagation(); setWhiteLabel({ logoData: '' }); }}
+                                                >
+                                                    <X size={12} /> Remove
+                                                </button>
+                                            </div>
+                                        ) : (
+                                            <div className="whitelabel-upload__placeholder">
+                                                <Upload size={20} />
+                                                <span>Click to upload logo</span>
+                                                <span className="whitelabel-upload__hint">PNG, JPG, SVG — max 200KB</span>
+                                            </div>
+                                        )}
+                                        <input
+                                            ref={logoInputRef}
+                                            type="file"
+                                            accept="image/png,image/jpeg,image/svg+xml,image/webp"
+                                            style={{ display: 'none' }}
+                                            onChange={(e) => {
+                                                const file = e.target.files?.[0];
+                                                if (!file) return;
+                                                if (file.size > 200 * 1024) {
+                                                    alert('Image must be under 200KB');
+                                                    return;
+                                                }
+                                                const reader = new FileReader();
+                                                reader.onload = (ev) => setWhiteLabel({ logoData: ev.target.result });
+                                                reader.readAsDataURL(file);
+                                                e.target.value = '';
+                                            }}
+                                        />
+                                    </div>
+                                </div>
+                            )}
+                        </div>
+
+                        <div className="whitelabel-preview">
+                            <span className="whitelabel-preview__label">Preview</span>
+                            <div className="whitelabel-preview__box">
+                                {whiteLabel.mode === 'image_full' ? (
+                                    <div className="brand-custom-banner">
+                                        {whiteLabel.logoData ? (
+                                            <img src={whiteLabel.logoData} alt="Preview" />
+                                        ) : (
+                                            <Layers size={24} />
+                                        )}
+                                    </div>
+                                ) : whiteLabel.mode === 'text_only' ? (
+                                    <span className="brand-custom-text">
+                                        {whiteLabel.brandName || 'Brand'}
+                                    </span>
+                                ) : (
+                                    <>
+                                        <div className="brand-custom-logo">
+                                            {whiteLabel.logoData ? (
+                                                <img src={whiteLabel.logoData} alt="Preview" />
+                                            ) : (
+                                                <Layers size={16} />
+                                            )}
+                                        </div>
+                                        <span className="brand-custom-text">
+                                            {whiteLabel.brandName || 'Brand'}
+                                        </span>
+                                    </>
+                                )}
+                            </div>
+                        </div>
+
+                        <div className="whitelabel-star-prompt">
+                            <div className="star-icon">
+                                <Star size={22} />
+                            </div>
+                            <div className="star-content">
+                                <h4>Support ServerKit</h4>
+                                <p>
+                                    By using custom branding, the GitHub star link is hidden from the sidebar.
+                                    If ServerKit is useful to you, please consider starring the project — it helps the community grow!
+                                </p>
+                                <a
+                                    href="https://github.com/jhd3197/ServerKit"
+                                    target="_blank"
+                                    rel="noopener noreferrer"
+                                    className="btn btn-primary btn-sm"
+                                >
+                                    <Star size={14} />
+                                    Star on GitHub
+                                </a>
+                            </div>
+                        </div>
+                    </>
+                )}
+            </div>
+        </div>
+    );
+};
+
+export default WhiteLabelTab;
diff --git a/frontend/src/components/setup/SetupStepAccount.jsx b/frontend/src/components/setup/SetupStepAccount.jsx
index e580376b..b34c4706 100644
--- a/frontend/src/components/setup/SetupStepAccount.jsx
+++ b/frontend/src/components/setup/SetupStepAccount.jsx
@@ -9,9 +9,12 @@ const SetupStepAccount = ({ onComplete }) => {
     const [confirmPassword, setConfirmPassword] = useState('');
     const [error, setError] = useState('');
     const [loading, setLoading] = useState(false);
-    const { register } = useAuth();
+    const { register, login, registrationEnabled } = useAuth();
 
-    async function handleSubmit(e) {
+    // If users already exist (e.g. admin created via CLI), show login form instead
+    const showLogin = !registrationEnabled;
+
+    async function handleRegister(e) {
         e.preventDefault();
         setError('');
 
@@ -37,6 +40,80 @@ const SetupStepAccount = ({ onComplete }) => {
         }
     }
 
+    async function handleLogin(e) {
+        e.preventDefault();
+        setError('');
+        setLoading(true);
+
+        try {
+            await login(email, password);
+            onComplete({ email, username: email });
+        } catch (err) {
+            setError(err.message || 'Failed to sign in');
+        } finally {
+            setLoading(false);
+        }
+    }
+
+    if (showLogin) {
+        return (
+            <div className="wizard-step">
+                <h2 className="wizard-step-title">Sign In</h2>
+                <p className="wizard-step-description">
+                    An admin account already exists. Sign in to continue setup.
+                </p>
+
+                <div className="wizard-info-banner">
+                    <div className="wizard-info-icon">
+                        <Info size={20} />
+                    </div>
+                    <p>
+                        It looks like an admin account was created via the CLI.
+                        Sign in with those credentials to finish setting up your server.
+                    </p>
+                </div>
+
+                {error && <div className="error-message">{error}</div>}
+
+                <form onSubmit={handleLogin}>
+                    <div className="form-group">
+                        <label htmlFor="email">Email</label>
+                        <input
+                            type="email"
+                            id="email"
+                            value={email}
+                            onChange={(e) => setEmail(e.target.value)}
+                            placeholder="admin@example.com"
+                            required
+                            autoFocus
+                        />
+                    </div>
+
+                    <div className="form-group">
+                        <label htmlFor="password">Password</label>
+                        <input
+                            type="password"
+                            id="password"
+                            value={password}
+                            onChange={(e) => setPassword(e.target.value)}
+                            placeholder="Enter your password"
+                            required
+                        />
+                    </div>
+
+                    <button
+                        type="submit"
+                        className="btn-wizard-next"
+                        disabled={loading}
+                        style={{ width: '100%', justifyContent: 'center' }}
+                    >
+                        {loading ? 'Signing in...' : 'Sign In & Continue'}
+                    </button>
+                </form>
+            </div>
+        );
+    }
+
     return (
         <div className="wizard-step">
             <h2 className="wizard-step-title">Create Admin Account</h2>
@@ -57,7 +134,7 @@ const SetupStepAccount = ({ onComplete }) => {
 
             {error && <div className="error-message">{error}</div>}
 
-            <form onSubmit={handleSubmit}>
+            <form onSubmit={handleRegister}>
                 <div className="form-group">
                     <label htmlFor="email">Admin Email</label>
                     <input
diff --git a/frontend/src/components/sidebarItems.js b/frontend/src/components/sidebarItems.js
new file mode 100644
index 00000000..19b48485
--- /dev/null
+++ b/frontend/src/components/sidebarItems.js
@@ -0,0 +1,211 @@
+// Sidebar navigation items definition
+// Items with subItems render as collapsible groups (collapsed by default)
+// The 'dashboard' item is always visible and cannot be hidden
+
+export const SIDEBAR_CATEGORIES = ['overview', 'infrastructure', 'operations', 'system'];
+
+export const CATEGORY_LABELS = {
+    overview: 'Overview',
+    infrastructure: 'Infrastructure',
+    operations: 'Operations',
+    system: 'System'
+};
+
+export const SIDEBAR_ITEMS = [
+    {
+        id: 'dashboard',
+        label: 'Dashboard',
+        route: '/',
+        category: 'overview',
+        alwaysVisible: true,
+        end: true,
+        icon: '<rect x="3" y="3" width="7" height="7"/><rect x="14" y="3" width="7" height="7"/><rect x="14" y="14" width="7" height="7"/><rect x="3" y="14" width="7" height="7"/>'
+    },
+    {
+        id: 'servers',
+        label: 'Servers',
+        route: '/servers',
+        category: 'infrastructure',
+        icon: '<rect x="2" y="2" width="20" height="8" rx="2" ry="2"/><rect x="2" y="14" width="20" height="8" rx="2" ry="2"/><line x1="6" y1="6" x2="6.01" y2="6"/><line x1="6" y1="18" x2="6.01" y2="18"/>',
+        subItems: [
+            { id: 'fleet', label: 'Agent Fleet', route: '/fleet', icon: '<path d="M17 21v-2a4 4 0 0 0-4-4H5a4 4 0 0 0-4 4v2"/><circle cx="9" cy="7" r="4"/><path d="M23 21v-2a4 4 0 0 0-3-3.87"/><path d="M16 3.13a4 4 0 0 1 0 7.75"/>' },
+            { id: 'fleet-monitor', label: 'Fleet Monitor', route: '/fleet-monitor', icon: '<path d="M22 12h-4l-3 9L9 3l-3 9H2"/>' },
+            { id: 'cloud', label: 'Cloud Servers', route: '/cloud', icon: '<path d="M18 10h-1.26A8 8 0 1 0 9 20h9a5 5 0 0 0 0-10z"/>' },
+            { id: 'agent-plugins', label: 'Plugins', route: '/agent-plugins', icon: '<path d="M14.7 6.3a1 1 0 0 0 0 1.4l1.6 1.6a1 1 0 0 0 1.4 0l3.77-3.77a6 6 0 0 1-7.94 7.94l-6.91 6.91a2.12 2.12 0 0 1-3-3l6.91-6.91a6 6 0 0 1 7.94-7.94l-3.76 3.76z"/>' },
+            { id: 'server-templates', label: 'Config Templates', route: '/server-templates', icon: '<path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z"/><polyline points="14 2 14 8 20 8"/><line x1="16" y1="13" x2="8" y2="13"/><line x1="16" y1="17" x2="8" y2="17"/><polyline points="10 9 9 9 8 9"/>' }
+        ]
+    },
+    {
+        id: 'domains',
+        label: 'Domains',
+        route: '/domains',
+        category: 'infrastructure',
+        icon: '<circle cx="12" cy="12" r="10"/><line x1="2" y1="12" x2="22" y2="12"/><path d="M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z"/>',
+        subItems: [
+            { id: 'dns', label: 'DNS Zones', route: '/dns', icon: '<path d="M12 2L2 7l10 5 10-5-10-5z"/><path d="M2 17l10 5 10-5"/><path d="M2 12l10 5 10-5"/>' },
+            { id: 'ssl', label: 'SSL Certificates', route: '/ssl', icon: '<rect x="3" y="11" width="18" height="11" rx="2" ry="2"/><path d="M7 11V7a5 5 0 0 1 10 0v4"/>' }
+        ]
+    },
+    {
+        id: 'services',
+        label: 'Services',
+        route: '/services',
+        category: 'infrastructure',
+        icon: '<path d="M21 16V8a2 2 0 0 0-1-1.73l-7-4a2 2 0 0 0-2 0l-7 4A2 2 0 0 0 3 8v8a2 2 0 0 0 1 1.73l7 4a2 2 0 0 0 2 0l7-4A2 2 0 0 0 21 16z"/><polyline points="3.27 6.96 12 12.01 20.73 6.96"/><line x1="12" y1="22.08" x2="12" y2="12"/>',
+        subItems: [
+            { id: 'templates', label: 'Templates', route: '/templates', icon: '<rect x="3" y="3" width="7" height="9"/><rect x="14" y="3" width="7" height="5"/><rect x="14" y="12" width="7" height="9"/><rect x="3" y="16" width="7" height="5"/>' }
+        ]
+    },
+    {
+        id: 'wordpress',
+        label: 'WordPress',
+        route: '/wordpress',
+        category: 'infrastructure',
+        icon: '<circle cx="12" cy="12" r="10"/><path d="M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z"/><path d="M3.5 9h17M3.5 15h17"/>',
+        subItems: [
+            { id: 'wp-pipeline', label: 'Pipeline', route: '/wordpress/projects', requiresCondition: 'wpInstalled', icon: '<path d="M22 12h-4l-3 9L9 3l-3 9H2"/>' }
+        ]
+    },
+    {
+        id: 'workflow',
+        label: 'Workflow Builder',
+        route: '/workflow',
+        category: 'infrastructure',
+        icon: '<circle cx="18" cy="5" r="3"/><circle cx="6" cy="12" r="3"/><circle cx="18" cy="19" r="3"/><path d="M8.59 13.51l6.83 3.98"/><path d="M15.41 6.51l-6.82 3.98"/>'
+    },
+    {
+        id: 'databases',
+        label: 'Databases',
+        route: '/databases',
+        category: 'infrastructure',
+        icon: '<ellipse cx="12" cy="5" rx="9" ry="3"/><path d="M21 12c0 1.66-4 3-9 3s-9-1.34-9-3"/><path d="M3 5v14c0 1.66 4 3 9 3s9-1.34 9-3V5"/>'
+    },
+    {
+        id: 'docker',
+        label: 'Docker',
+        route: '/docker',
+        category: 'infrastructure',
+        icon: '<rect x="2" y="7" width="6" height="6" rx="1"/><rect x="9" y="7" width="6" height="6" rx="1"/><rect x="16" y="7" width="6" height="6" rx="1"/><rect x="2" y="14" width="6" height="6" rx="1"/><rect x="9" y="14" width="6" height="6" rx="1"/>'
+    },
+    {
+        id: 'git',
+        label: 'Git',
+        route: '/git',
+        category: 'infrastructure',
+        icon: '<circle cx="18" cy="18" r="3"/><circle cx="6" cy="6" r="3"/><path d="M6 21V9a9 9 0 0 0 9 9"/>'
+    },
+    {
+        id: 'files',
+        label: 'Files',
+        route: '/files',
+        category: 'operations',
+        icon: '<path d="M22 19a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h5l2 3h9a2 2 0 0 1 2 2z"/>',
+        subItems: [
+            { id: 'ftp', label: 'FTP Server', route: '/ftp', icon: '<path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4"/><polyline points="17 8 12 3 7 8"/><line x1="12" y1="3" x2="12" y2="15"/>' }
+        ]
+    },
+    {
+        id: 'monitoring',
+        label: 'Monitoring',
+        route: '/monitoring',
+        category: 'operations',
+        icon: '<path d="M22 12h-4l-3 9L9 3l-3 9H2"/>',
+        subItems: [
+            { id: 'status-pages', label: 'Status Pages', route: '/status-pages', icon: '<path d="M22 11.08V12a10 10 0 1 1-5.93-9.14"/><polyline points="22 4 12 14.01 9 11.01"/>' }
+        ]
+    },
+    {
+        id: 'backups',
+        label: 'Backups',
+        route: '/backups',
+        category: 'operations',
+        icon: '<path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4"/><polyline points="7 10 12 15 17 10"/><line x1="12" y1="15" x2="12" y2="3"/>'
+    },
+    {
+        id: 'cron',
+        label: 'Cron Jobs',
+        route: '/cron',
+        category: 'operations',
+        icon: '<circle cx="12" cy="12" r="10"/><polyline points="12 6 12 12 16 14"/>'
+    },
+    {
+        id: 'security',
+        label: 'Security',
+        route: '/security',
+        category: 'operations',
+        icon: '<path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/><path d="M12 8v4m0 4h.01"/>'
+    },
+    {
+        id: 'email',
+        label: 'Email Server',
+        route: '/email',
+        category: 'operations',
+        icon: '<path d="M4 4h16c1.1 0 2 .9 2 2v12c0 1.1-.9 2-2 2H4c-1.1 0-2-.9-2-2V6c0-1.1.9-2 2-2z"/><polyline points="22,6 12,13 2,6"/>'
+    },
+    {
+        id: 'workspaces',
+        label: 'Workspaces',
+        route: '/workspaces',
+        category: 'system',
+        icon: '<path d="M3 3h7v7H3zM14 3h7v7h-7zM14 14h7v7h-7zM3 14h7v7H3z"/>'
+    },
+    {
+        id: 'terminal',
+        label: 'Terminal / Logs',
+        route: '/terminal',
+        category: 'system',
+        icon: '<path d="M4 17l6-6-6-6M12 19h8"/>'
+    },
+    {
+        id: 'marketplace',
+        label: 'Marketplace',
+        route: '/marketplace',
+        category: 'system',
+        icon: '<circle cx="9" cy="21" r="1"/><circle cx="20" cy="21" r="1"/><path d="M1 1h4l2.68 13.39a2 2 0 0 0 2 1.61h9.72a2 2 0 0 0 2-1.61L23 6H6"/>',
+        subItems: [
+            { id: 'downloads', label: 'Downloads', route: '/downloads', icon: '<path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4"/><polyline points="7 10 12 15 17 10"/><line x1="12" y1="15" x2="12" y2="3"/>' }
+        ]
+    }
+];
+
+// Preset profiles define which items are hidden (top-level only)
+export const SIDEBAR_PRESETS = {
+    full: {
+        label: 'Full',
+        description: 'All sidebar items visible',
+        hiddenItems: []
+    },
+    web: {
+        label: 'Web Hosting',
+        description: 'Domains, SSL, databases, and web essentials',
+        hiddenItems: ['docker', 'git', 'workflow', 'email', 'workspaces', 'marketplace']
+    },
+    email: {
+        label: 'Email Admin',
+        description: 'Email server, security, DNS, and monitoring',
+        hiddenItems: ['services', 'wordpress', 'workflow', 'databases', 'docker', 'git', 'cron', 'workspaces', 'marketplace']
+    },
+    devops: {
+        label: 'Docker / DevOps',
+        description: 'Docker, Git, monitoring, and CI/CD tools',
+        hiddenItems: ['wordpress', 'email', 'marketplace']
+    },
+    minimal: {
+        label: 'Minimal',
+        description: 'Just the essentials — dashboard, servers, terminal',
+        hiddenItems: ['wordpress', 'workflow', 'databases', 'docker', 'git', 'email', 'cron', 'workspaces', 'marketplace']
+    }
+};
+
+// Get visible items based on config
+export function getVisibleItems(sidebarConfig) {
+    const { preset = 'full', hiddenItems = [] } = sidebarConfig || {};
+
+    const hidden = preset === 'custom'
+        ? hiddenItems
+        : (SIDEBAR_PRESETS[preset]?.hiddenItems || []);
+
+    return SIDEBAR_ITEMS.filter(item =>
+        item.alwaysVisible || !hidden.includes(item.id)
+    );
+}
diff --git a/frontend/src/components/wordpress/AutoSyncScheduleModal.jsx b/frontend/src/components/wordpress/AutoSyncScheduleModal.jsx
index e9355eff..d084d8bd 100644
--- a/frontend/src/components/wordpress/AutoSyncScheduleModal.jsx
+++ b/frontend/src/components/wordpress/AutoSyncScheduleModal.jsx
@@ -1,6 +1,7 @@
 import React, { useState, useEffect } from 'react';
 import { Clock, RefreshCw } from 'lucide-react';
 import Spinner from '../Spinner';
+import Modal from '../Modal';
 
 const SCHEDULE_PRESETS = [
     { label: 'Daily at 3 AM', value: '0 3 * * *' },
@@ -83,16 +84,7 @@ const AutoSyncScheduleModal = ({ environment, prodId, onClose, api }) => {
     const envName = environment?.name || 'Environment';
 
     return (
-        <div className="modal-overlay" onClick={onClose}>
-            <div className="modal auto-sync-modal" onClick={e => e.stopPropagation()}>
-                <div className="modal-header">
-                    <h2>
-                        <Clock size={18} />
-                        Auto-Sync Schedule
-                    </h2>
-                    <button className="modal-close" onClick={onClose}>&times;</button>
-                </div>
-
+        <Modal open={true} onClose={onClose} title="Auto-Sync Schedule" className="auto-sync-modal">
                 {loading ? (
                     <div className="auto-sync-loading">
                         <Spinner size="sm" />
@@ -183,8 +175,7 @@ const AutoSyncScheduleModal = ({ environment, prodId, onClose, api }) => {
                         {saving ? <><Spinner size="sm" /> Saving...</> : 'Save Schedule'}
                     </button>
                 </div>
-            </div>
-        </div>
+        </Modal>
     );
 };
 
diff --git a/frontend/src/components/wordpress/BasicAuthModal.jsx b/frontend/src/components/wordpress/BasicAuthModal.jsx
index cdd04dde..4fa47c98 100644
--- a/frontend/src/components/wordpress/BasicAuthModal.jsx
+++ b/frontend/src/components/wordpress/BasicAuthModal.jsx
@@ -1,6 +1,7 @@
 import React, { useState, useEffect } from 'react';
 import { Shield, Copy, Check, AlertTriangle } from 'lucide-react';
 import Spinner from '../Spinner';
+import Modal from '../Modal';
 
 const BasicAuthModal = ({ environment, prodId, onClose, api }) => {
     const [loading, setLoading] = useState(true);
@@ -64,16 +65,7 @@ const BasicAuthModal = ({ environment, prodId, onClose, api }) => {
     const envName = environment?.name || 'Environment';
 
     return (
-        <div className="modal-overlay" onClick={onClose}>
-            <div className="modal basic-auth-modal" onClick={e => e.stopPropagation()}>
-                <div className="modal-header">
-                    <h2>
-                        <Shield size={18} />
-                        Basic Auth
-                    </h2>
-                    <button className="modal-close" onClick={onClose}>&times;</button>
-                </div>
-
+        <Modal open={true} onClose={onClose} title="Basic Auth" className="basic-auth-modal">
                 <div className="basic-auth-body">
                     <div className="basic-auth-env-name">{envName}</div>
 
@@ -155,8 +147,7 @@ const BasicAuthModal = ({ environment, prodId, onClose, api }) => {
                         Close
                     </button>
                 </div>
-            </div>
-        </div>
+        </Modal>
     );
 };
 
diff --git a/frontend/src/components/wordpress/CommitList.jsx b/frontend/src/components/wordpress/CommitList.jsx
index ad8c47ba..350ef7c3 100644
--- a/frontend/src/components/wordpress/CommitList.jsx
+++ b/frontend/src/components/wordpress/CommitList.jsx
@@ -1,5 +1,6 @@
 import React, { useState } from 'react';
 import { GitCommit, Rocket, Copy, CheckCircle } from 'lucide-react';
+import Modal from '../Modal';
 
 const CommitList = ({ commits, currentCommit, onDeploy, onCreateDev, loading = false }) => {
     const [actionLoading, setActionLoading] = useState({});
@@ -141,14 +142,7 @@ const CreateDevModal = ({ commit, onClose, onCreate, loading }) => {
     }
 
     return (
-        <div className="modal-overlay" onClick={onClose}>
-            <div className="modal" onClick={e => e.stopPropagation()}>
-                <div className="modal-header">
-                    <h2>Create Dev Environment</h2>
-                    <button className="modal-close" onClick={onClose}>&times;</button>
-                </div>
-
-                <div className="modal-body">
+        <Modal open={true} onClose={onClose} title="Create Dev Environment">
                     <p className="hint">
                         Create a development environment with code from commit{' '}
                         <code>{commit.sha.substring(0, 7)}</code>
@@ -188,9 +182,7 @@ const CreateDevModal = ({ commit, onClose, onCreate, loading }) => {
                             </button>
                         </div>
                     </form>
-                </div>
-            </div>
-        </div>
+        </Modal>
     );
 };
 
diff --git a/frontend/src/components/wordpress/CompareView.jsx b/frontend/src/components/wordpress/CompareView.jsx
index f0c40f6c..59b3da8d 100644
--- a/frontend/src/components/wordpress/CompareView.jsx
+++ b/frontend/src/components/wordpress/CompareView.jsx
@@ -2,6 +2,7 @@ import React, { useState, useEffect } from 'react';
 import { GitCompare, Check, X, Minus, RefreshCw } from 'lucide-react';
 import wordpressApi from '../../services/wordpress';
 import Spinner from '../Spinner';
+import Modal from '../Modal';
 
 const CompareView = ({ projectId, envA, envB, onClose }) => {
     const [comparison, setComparison] = useState(null);
@@ -31,16 +32,7 @@ const CompareView = ({ projectId, envA, envB, onClose }) => {
     const envBType = envB?.environment_type || 'development';
 
     return (
-        <div className="modal-overlay" onClick={onClose}>
-            <div className="modal modal-xl" onClick={e => e.stopPropagation()}>
-                <div className="modal-header">
-                    <h2>
-                        <GitCompare size={18} style={{ marginRight: 8, verticalAlign: -3 }} />
-                        Compare Environments
-                    </h2>
-                    <button className="modal-close" onClick={onClose}>&times;</button>
-                </div>
-
+        <Modal open={true} onClose={onClose} title="Compare Environments" size="xl">
                 <div className="compare-header">
                     <div className={`compare-env-pill ${envAType}`}>
                         <span className="compare-env-type">{envAType}</span>
@@ -142,8 +134,7 @@ const CompareView = ({ projectId, envA, envB, onClose }) => {
                 <div className="modal-actions">
                     <button className="btn btn-secondary" onClick={onClose}>Close</button>
                 </div>
-            </div>
-        </div>
+        </Modal>
     );
 };
 
diff --git a/frontend/src/components/wordpress/CreateSiteModal.jsx b/frontend/src/components/wordpress/CreateSiteModal.jsx
index b645d255..eb17ec76 100644
--- a/frontend/src/components/wordpress/CreateSiteModal.jsx
+++ b/frontend/src/components/wordpress/CreateSiteModal.jsx
@@ -1,5 +1,6 @@
 import React, { useState } from 'react';
 import { X } from 'lucide-react';
+import Modal from '../Modal';
 
 const CreateSiteModal = ({ onClose, onCreate }) => {
     const [formData, setFormData] = useState({
@@ -57,15 +58,7 @@ const CreateSiteModal = ({ onClose, onCreate }) => {
     }
 
     return (
-        <div className="modal-overlay" onClick={onClose}>
-            <div className="modal" onClick={e => e.stopPropagation()}>
-                <div className="modal-header">
-                    <h2>Create WordPress Site</h2>
-                    <button className="modal-close" onClick={onClose}>
-                        <X size={20} />
-                    </button>
-                </div>
-
+        <Modal open={true} onClose={onClose} title="Create WordPress Site">
                 {error && <div className="error-message">{error}</div>}
 
                 <form onSubmit={handleSubmit}>
@@ -151,8 +144,7 @@ const CreateSiteModal = ({ onClose, onCreate }) => {
                         </button>
                     </div>
                 </form>
-            </div>
-        </div>
+        </Modal>
     );
 };
 
diff --git a/frontend/src/components/wordpress/PromoteModal.jsx b/frontend/src/components/wordpress/PromoteModal.jsx
index d7032316..f0b58f6d 100644
--- a/frontend/src/components/wordpress/PromoteModal.jsx
+++ b/frontend/src/components/wordpress/PromoteModal.jsx
@@ -2,6 +2,7 @@ import React, { useState, useEffect } from 'react';
 import { ArrowRight, Shield } from 'lucide-react';
 import wordpressApi from '../../services/wordpress';
 import Spinner from '../Spinner';
+import Modal from '../Modal';
 
 const PromoteModal = ({ sourceEnv, targetEnv, onClose, onPromote }) => {
     const [promotionType, setPromotionType] = useState('code');
@@ -63,13 +64,7 @@ const PromoteModal = ({ sourceEnv, targetEnv, onClose, onPromote }) => {
     const targetType = targetEnv.environment_type || 'staging';
 
     return (
-        <div className="modal-overlay" onClick={onClose}>
-            <div className="modal modal-lg" onClick={e => e.stopPropagation()}>
-                <div className="modal-header">
-                    <h2>Promote Environment</h2>
-                    <button className="modal-close" onClick={onClose}>&times;</button>
-                </div>
-
+        <Modal open={true} onClose={onClose} title="Promote Environment" size="lg">
                 <form onSubmit={handleSubmit}>
                     <div className="promote-direction">
                         <div className={`promote-env-pill ${sourceType}`}>
@@ -240,8 +235,7 @@ const PromoteModal = ({ sourceEnv, targetEnv, onClose, onPromote }) => {
                         </button>
                     </div>
                 </form>
-            </div>
-        </div>
+        </Modal>
     );
 };
 
diff --git a/frontend/src/components/wordpress/ResourceLimitsModal.jsx b/frontend/src/components/wordpress/ResourceLimitsModal.jsx
index f2bec00a..c5eed852 100644
--- a/frontend/src/components/wordpress/ResourceLimitsModal.jsx
+++ b/frontend/src/components/wordpress/ResourceLimitsModal.jsx
@@ -1,6 +1,7 @@
 import React, { useState } from 'react';
 import { Cpu, HardDrive, AlertTriangle } from 'lucide-react';
 import Spinner from '../Spinner';
+import Modal from '../Modal';
 
 const PRESETS = {
     low: { memory: '256M', cpus: '0.25', db_memory: '256M', db_cpus: '0.25' },
@@ -41,16 +42,7 @@ const ResourceLimitsModal = ({ environment, currentLimits, onClose, onApply }) =
     const envName = environment?.name || 'Environment';
 
     return (
-        <div className="modal-overlay" onClick={onClose}>
-            <div className="modal resource-limits-modal" onClick={e => e.stopPropagation()}>
-                <div className="modal-header">
-                    <h2>
-                        <Cpu size={18} />
-                        Resource Limits
-                    </h2>
-                    <button className="modal-close" onClick={onClose}>&times;</button>
-                </div>
-
+        <Modal open={true} onClose={onClose} title="Resource Limits" className="resource-limits-modal">
                 <form onSubmit={handleSubmit}>
                     <div className="resource-limits-env-name">{envName}</div>
 
@@ -140,8 +132,7 @@ const ResourceLimitsModal = ({ environment, currentLimits, onClose, onApply }) =
                         </button>
                     </div>
                 </form>
-            </div>
-        </div>
+        </Modal>
     );
 };
 
diff --git a/frontend/src/components/wordpress/SanitizationProfileForm.jsx b/frontend/src/components/wordpress/SanitizationProfileForm.jsx
index f47ddca2..92f8731c 100644
--- a/frontend/src/components/wordpress/SanitizationProfileForm.jsx
+++ b/frontend/src/components/wordpress/SanitizationProfileForm.jsx
@@ -2,6 +2,7 @@ import React, { useState, useEffect } from 'react';
 import { Shield, Plus, Trash2, Star, Edit3, Save } from 'lucide-react';
 import wordpressApi from '../../services/wordpress';
 import Spinner from '../Spinner';
+import Modal from '../Modal';
 
 const SanitizationProfileForm = ({ onClose, onProfilesChange }) => {
     const [profiles, setProfiles] = useState([]);
@@ -71,16 +72,7 @@ const SanitizationProfileForm = ({ onClose, onProfilesChange }) => {
     }
 
     return (
-        <div className="modal-overlay" onClick={onClose}>
-            <div className="modal modal-lg" onClick={e => e.stopPropagation()}>
-                <div className="modal-header">
-                    <h2>
-                        <Shield size={18} style={{ marginRight: 8, verticalAlign: -3 }} />
-                        Sanitization Profiles
-                    </h2>
-                    <button className="modal-close" onClick={onClose}>&times;</button>
-                </div>
-
+        <Modal open={true} onClose={onClose} title="Sanitization Profiles" size="lg">
                 <div className="sanitization-profiles-body">
                     {loading ? (
                         <div className="sanitization-loading">
@@ -124,8 +116,7 @@ const SanitizationProfileForm = ({ onClose, onProfilesChange }) => {
                 <div className="modal-actions">
                     <button className="btn btn-secondary" onClick={onClose}>Close</button>
                 </div>
-            </div>
-        </div>
+        </Modal>
     );
 };
 
diff --git a/frontend/src/components/wordpress/SyncModal.jsx b/frontend/src/components/wordpress/SyncModal.jsx
index a4f9b6aa..4e40f054 100644
--- a/frontend/src/components/wordpress/SyncModal.jsx
+++ b/frontend/src/components/wordpress/SyncModal.jsx
@@ -2,6 +2,7 @@ import React, { useState, useEffect } from 'react';
 import { ArrowDownLeft, Shield } from 'lucide-react';
 import wordpressApi from '../../services/wordpress';
 import Spinner from '../Spinner';
+import Modal from '../Modal';
 
 const SyncModal = ({ environment, productionName, onClose, onSync }) => {
     const [syncType, setSyncType] = useState('database');
@@ -64,13 +65,7 @@ const SyncModal = ({ environment, productionName, onClose, onSync }) => {
     const envType = environment.environment_type || 'development';
 
     return (
-        <div className="modal-overlay" onClick={onClose}>
-            <div className="modal" onClick={e => e.stopPropagation()}>
-                <div className="modal-header">
-                    <h2>Sync from Production</h2>
-                    <button className="modal-close" onClick={onClose}>&times;</button>
-                </div>
-
+        <Modal open={true} onClose={onClose} title="Sync from Production">
                 <form onSubmit={handleSubmit}>
                     <div className="sync-direction">
                         <div className="promote-env-pill production">
@@ -211,8 +206,7 @@ const SyncModal = ({ environment, productionName, onClose, onSync }) => {
                         </button>
                     </div>
                 </form>
-            </div>
-        </div>
+        </Modal>
     );
 };
 
diff --git a/frontend/src/components/wordpress/WpCliTerminal.jsx b/frontend/src/components/wordpress/WpCliTerminal.jsx
index d2dfdcca..d52df74f 100644
--- a/frontend/src/components/wordpress/WpCliTerminal.jsx
+++ b/frontend/src/components/wordpress/WpCliTerminal.jsx
@@ -1,6 +1,7 @@
 import React, { useState, useRef, useEffect } from 'react';
 import { Terminal, Play, Clock, X } from 'lucide-react';
 import Spinner from '../Spinner';
+import Modal from '../Modal';
 
 const QUICK_COMMANDS = [
     { label: 'Plugin List', command: 'wp plugin list --format=table' },
@@ -91,16 +92,7 @@ const WpCliTerminal = ({ environment, prodId, onClose, api }) => {
     const envName = environment?.name || 'Environment';
 
     return (
-        <div className="modal-overlay" onClick={onClose}>
-            <div className="modal wpcli-terminal-modal" onClick={e => e.stopPropagation()}>
-                <div className="modal-header">
-                    <h2>
-                        <Terminal size={18} />
-                        WP-CLI - {envName}
-                    </h2>
-                    <button className="modal-close" onClick={onClose}>&times;</button>
-                </div>
-
+        <Modal open={true} onClose={onClose} title={`WP-CLI - ${envName}`} className="wpcli-terminal-modal">
                 <div className="wpcli-quick-actions">
                     {QUICK_COMMANDS.map(qc => (
                         <button
@@ -189,8 +181,7 @@ const WpCliTerminal = ({ environment, prodId, onClose, api }) => {
                         <Play size={12} />
                     </button>
                 </div>
-            </div>
-        </div>
+        </Modal>
     );
 };
 
diff --git a/frontend/src/components/workflow/ConfigPanel.jsx b/frontend/src/components/workflow/ConfigPanel.jsx
index 01ec3b7d..be050b36 100644
--- a/frontend/src/components/workflow/ConfigPanel.jsx
+++ b/frontend/src/components/workflow/ConfigPanel.jsx
@@ -4,30 +4,36 @@ import { X } from 'lucide-react';
 const ConfigPanel = ({
     isOpen,
     title,
-    icon: Icon,
-    headerColor = '#6366f1',
+    icon,
+    color,
+    headerColor,
     onClose,
     children,
     footer
 }) => {
+    const borderColor = color || headerColor || '#6366f1';
+
     const handleKeyDown = useCallback((e) => {
-        if (e.key === 'Escape' && isOpen) {
+        if (e.key === 'Escape') {
             onClose();
         }
-    }, [isOpen, onClose]);
+    }, [onClose]);
 
     useEffect(() => {
         document.addEventListener('keydown', handleKeyDown);
         return () => document.removeEventListener('keydown', handleKeyDown);
     }, [handleKeyDown]);
 
+    // Always show when rendered (panels are conditionally rendered by parent)
+    const panelOpen = isOpen !== undefined ? isOpen : true;
+
     return (
-        <div className={`config-panel ${isOpen ? 'open' : ''}`}>
-            <div className="config-panel-header" style={{ borderColor: headerColor }}>
+        <div className={`config-panel ${panelOpen ? 'open' : ''}`}>
+            <div className="config-panel-header" style={{ borderColor }}>
                 <div className="config-panel-title">
-                    {Icon && (
-                        <div className="config-panel-icon" style={{ backgroundColor: headerColor }}>
-                            <Icon size={18} />
+                    {icon && (
+                        <div className="config-panel-icon" style={{ backgroundColor: borderColor }}>
+                            {typeof icon === 'function' ? React.createElement(icon, { size: 18 }) : icon}
                         </div>
                     )}
                     <h3>{title}</h3>
diff --git a/frontend/src/components/workflow/DeploymentProgressModal.jsx b/frontend/src/components/workflow/DeploymentProgressModal.jsx
index 2b1df43c..bef290fa 100644
--- a/frontend/src/components/workflow/DeploymentProgressModal.jsx
+++ b/frontend/src/components/workflow/DeploymentProgressModal.jsx
@@ -1,5 +1,6 @@
 import React from 'react';
 import { X, Loader, CheckCircle, XCircle, Server, Database, Globe, Box, ExternalLink } from 'lucide-react';
+import Modal from '../Modal';
 
 const nodeTypeConfig = {
     dockerApp: { icon: Server, label: 'Docker App', color: '#2496ed' },
@@ -21,17 +22,7 @@ const DeploymentProgressModal = ({ isDeploying, results, nodes, onClose }) => {
     const isComplete = !isDeploying && results;
 
     return (
-        <div className="deployment-modal-overlay" onClick={onClose}>
-            <div className="deployment-modal" onClick={(e) => e.stopPropagation()}>
-                <div className="deployment-modal-header">
-                    <h2>
-                        {isDeploying ? 'Deploying...' : hasErrors ? 'Deployment Completed with Errors' : 'Deployment Complete'}
-                    </h2>
-                    <button className="modal-close-btn" onClick={onClose}>
-                        <X size={20} />
-                    </button>
-                </div>
-
+        <Modal open={true} onClose={onClose} title={isDeploying ? 'Deploying...' : hasErrors ? 'Deployment Completed with Errors' : 'Deployment Complete'} className="deployment-modal">
                 <div className="deployment-modal-content">
                     {isDeploying && !results && (
                         <div className="deployment-loading">
@@ -129,8 +120,7 @@ const DeploymentProgressModal = ({ isDeploying, results, nodes, onClose }) => {
                         </button>
                     )}
                 </div>
-            </div>
-        </div>
+        </Modal>
     );
 };
 
diff --git a/frontend/src/components/workflow/WorkflowExecutionHistory.jsx b/frontend/src/components/workflow/WorkflowExecutionHistory.jsx
new file mode 100644
index 00000000..b9af163d
--- /dev/null
+++ b/frontend/src/components/workflow/WorkflowExecutionHistory.jsx
@@ -0,0 +1,154 @@
+import React, { useState, useEffect, useCallback } from 'react';
+import { X, Clock, CheckCircle, XCircle, Loader2, List, FileText, RefreshCw, Activity } from 'lucide-react';
+import api from '../../services/api';
+import Modal from '../Modal';
+
+const WorkflowExecutionHistory = ({ workflowId, onClose }) => {
+    const [executions, setExecutions] = useState([]);
+    const [selectedExecution, setSelectedExecution] = useState(null);
+    const [logs, setLogs] = useState([]);
+    const [isLoading, setIsLoading] = useState(true);
+    const [isLogsLoading, setIsLogsLoading] = useState(false);
+
+    const fetchExecutions = useCallback(async () => {
+        setIsLoading(true);
+        try {
+            const response = await api.getWorkflowExecutions(workflowId);
+            setExecutions(response.executions || []);
+        } catch (error) {
+            console.error('Failed to fetch executions:', error);
+        } finally {
+            setIsLoading(false);
+        }
+    }, [workflowId]);
+
+    const fetchLogs = useCallback(async (executionId) => {
+        setIsLogsLoading(true);
+        try {
+            const response = await api.getWorkflowExecutionLogs(executionId);
+            setLogs(response.logs || []);
+        } catch (error) {
+            console.error('Failed to fetch logs:', error);
+        } finally {
+            setIsLogsLoading(false);
+        }
+    }, []);
+
+    useEffect(() => {
+        fetchExecutions();
+    }, [fetchExecutions]);
+
+    useEffect(() => {
+        if (selectedExecution) {
+            fetchLogs(selectedExecution.id);
+        }
+    }, [selectedExecution, fetchLogs]);
+
+    const getStatusIcon = (status) => {
+        switch (status) {
+            case 'success': return <CheckCircle size={16} className="text-green-500" />;
+            case 'failed': return <XCircle size={16} className="text-red-500" />;
+            case 'running': return <Loader2 size={16} className="text-blue-500 animate-spin" />;
+            default: return <Clock size={16} className="text-gray-500" />;
+        }
+    };
+
+    return (
+        <Modal open={true} onClose={onClose} title="Execution History" size="lg">
+                <div className="flex-1 flex overflow-hidden">
+                    {/* Executions List */}
+                    <div className="w-1/3 border-r border-gray-700 overflow-y-auto bg-gray-900/30">
+                        {isLoading ? (
+                            <div className="p-8 flex justify-center"><Loader2 className="animate-spin text-gray-500" /></div>
+                        ) : executions.length === 0 ? (
+                            <div className="p-8 text-center text-gray-500 text-sm">No executions found</div>
+                        ) : (
+                            <div className="divide-y divide-gray-800">
+                                {executions.map((exec) => (
+                                    <div 
+                                        key={exec.id}
+                                        className={`p-3 cursor-pointer transition-colors hover:bg-gray-800/50 ${selectedExecution?.id === exec.id ? 'bg-blue-900/20 border-l-2 border-blue-500' : ''}`}
+                                        onClick={() => setSelectedExecution(exec)}
+                                    >
+                                        <div className="flex justify-between items-center mb-1">
+                                            <span className="text-xs font-mono text-gray-400">#{exec.id}</span>
+                                            {getStatusIcon(exec.status)}
+                                        </div>
+                                        <div className="text-sm font-medium">{exec.trigger_type} trigger</div>
+                                        <div className="text-[10px] text-gray-500 mt-1 flex items-center gap-1">
+                                            <Clock size={10} />
+                                            {new Date(exec.started_at).toLocaleString()}
+                                        </div>
+                                    </div>
+                                ))}
+                            </div>
+                        )}
+                    </div>
+
+                    {/* Execution Details & Logs */}
+                    <div className="flex-1 flex flex-col overflow-hidden bg-gray-900/50">
+                        {selectedExecution ? (
+                            <>
+                                <div className="p-4 border-b border-gray-800 flex justify-between items-center">
+                                    <div>
+                                        <h3 className="text-sm font-semibold flex items-center gap-2">
+                                            Execution Details #{selectedExecution.id}
+                                            <span className={`text-[10px] px-1.5 py-0.5 rounded uppercase font-bold ${
+                                                selectedExecution.status === 'success' ? 'bg-green-900/30 text-green-400 border border-green-500/30' : 
+                                                selectedExecution.status === 'failed' ? 'bg-red-900/30 text-red-400 border border-red-500/30' : 
+                                                'bg-blue-900/30 text-blue-400 border border-blue-500/30'
+                                            }`}>
+                                                {selectedExecution.status}
+                                            </span>
+                                        </h3>
+                                        <div className="text-[10px] text-gray-500 mt-1">
+                                            Duration: {selectedExecution.duration ? `${selectedExecution.duration.toFixed(2)}s` : 'N/A'}
+                                        </div>
+                                    </div>
+                                </div>
+
+                                <div className="flex-1 overflow-y-auto p-4 font-mono text-xs">
+                                    <div className="flex items-center gap-2 text-gray-400 mb-4 border-b border-gray-800 pb-2">
+                                        <FileText size={14} />
+                                        <span>Execution Logs</span>
+                                    </div>
+
+                                    {isLogsLoading ? (
+                                        <div className="flex justify-center p-8"><Loader2 className="animate-spin text-gray-500" /></div>
+                                    ) : logs.length === 0 ? (
+                                        <div className="text-gray-600 italic">No logs available for this execution.</div>
+                                    ) : (
+                                        <div className="space-y-1">
+                                            {logs.map((log) => (
+                                                <div key={log.id} className="flex gap-3 py-0.5 hover:bg-white/5 px-1 rounded transition-colors">
+                                                    <span className="text-gray-600 shrink-0">[{new Date(log.timestamp).toLocaleTimeString([], { hour12: false, hour: '2-digit', minute: '2-digit', second: '2-digit' })}]</span>
+                                                    <span className={`shrink-0 w-12 font-bold ${
+                                                        log.level === 'ERROR' ? 'text-red-400' : 
+                                                        log.level === 'WARNING' ? 'text-yellow-400' : 
+                                                        log.level === 'DEBUG' ? 'text-gray-500' : 'text-blue-400'
+                                                    }`}>
+                                                        {log.level}
+                                                    </span>
+                                                    {log.node_id && (
+                                                        <span className="text-indigo-400 shrink-0">[{log.node_id}]</span>
+                                                    )}
+                                                    <span className="text-gray-300 break-all">{log.message}</span>
+                                                </div>
+                                            ))}
+                                        </div>
+                                    )}
+                                </div>
+                            </>
+                        ) : (
+                            <div className="flex-1 flex flex-col items-center justify-center text-gray-600">
+                                <Activity size={48} className="mb-4 opacity-20" />
+                                <p>Select an execution to view details and logs</p>
+                            </div>
+                        )}
+                    </div>
+                </div>
+        </Modal>
+    );
+};
+
+export default WorkflowExecutionHistory;
diff --git a/frontend/src/components/workflow/WorkflowListModal.jsx b/frontend/src/components/workflow/WorkflowListModal.jsx
index 7a4e69f1..4f4d4d87 100644
--- a/frontend/src/components/workflow/WorkflowListModal.jsx
+++ b/frontend/src/components/workflow/WorkflowListModal.jsx
@@ -1,6 +1,7 @@
 import React, { useState, useEffect } from 'react';
 import { X, Trash2, Clock, Layers, GitBranch, Loader } from 'lucide-react';
 import api from '../../services/api';
+import Modal from '../Modal';
 
 const WorkflowListModal = ({ onLoad, onClose }) => {
     const [workflows, setWorkflows] = useState([]);
@@ -65,15 +66,7 @@ const WorkflowListModal = ({ onLoad, onClose }) => {
     };
 
     return (
-        <div className="workflow-modal-overlay" onClick={onClose}>
-            <div className="workflow-modal" onClick={(e) => e.stopPropagation()}>
-                <div className="workflow-modal-header">
-                    <h2>Load Workflow</h2>
-                    <button className="modal-close-btn" onClick={onClose}>
-                        <X size={20} />
-                    </button>
-                </div>
-
+        <Modal open={true} onClose={onClose} title="Load Workflow" className="workflow-modal">
                 <div className="workflow-modal-content">
                     {loading ? (
                         <div className="workflow-list-loading">
@@ -138,8 +131,7 @@ const WorkflowListModal = ({ onLoad, onClose }) => {
                         </div>
                     )}
                 </div>
-            </div>
-        </div>
+        </Modal>
     );
 };
 
diff --git a/frontend/src/components/workflow/nodes/LogicIfNode.jsx b/frontend/src/components/workflow/nodes/LogicIfNode.jsx
new file mode 100644
index 00000000..0df9303d
--- /dev/null
+++ b/frontend/src/components/workflow/nodes/LogicIfNode.jsx
@@ -0,0 +1,56 @@
+import React, { memo } from 'react';
+import { Handle, Position } from '@xyflow/react';
+import { GitBranch } from 'lucide-react';
+
+const LogicIfNode = ({ data, selected }) => {
+    const {
+        condition = '',
+        label = 'If/Else'
+    } = data;
+
+    return (
+        <div className={`workflow-node node-logic ${selected ? 'node-selected' : ''}`}>
+            <Handle
+                type="target"
+                position={Position.Top}
+                id="input"
+                className="handle-input"
+            />
+
+            <div className="node-icon node-icon-logic">
+                <GitBranch size={16} />
+            </div>
+            <div className="node-content">
+                <div className="node-label">{label}</div>
+                <div className="node-sublabel">
+                    {condition || 'No condition'}
+                </div>
+            </div>
+
+            <div className="node-outputs">
+                <div className="node-output-branch">
+                    <span className="node-branch-label node-branch-true">TRUE</span>
+                    <Handle
+                        type="source"
+                        position={Position.Bottom}
+                        id="true"
+                        className="handle-output handle-true"
+                        style={{ left: '25%' }}
+                    />
+                </div>
+                <div className="node-output-branch">
+                    <span className="node-branch-label node-branch-false">FALSE</span>
+                    <Handle
+                        type="source"
+                        position={Position.Bottom}
+                        id="false"
+                        className="handle-output handle-false"
+                        style={{ left: '75%' }}
+                    />
+                </div>
+            </div>
+        </div>
+    );
+};
+
+export default memo(LogicIfNode);
diff --git a/frontend/src/components/workflow/nodes/NotificationNode.jsx b/frontend/src/components/workflow/nodes/NotificationNode.jsx
new file mode 100644
index 00000000..b697267d
--- /dev/null
+++ b/frontend/src/components/workflow/nodes/NotificationNode.jsx
@@ -0,0 +1,50 @@
+import React, { memo } from 'react';
+import { Handle, Position } from '@xyflow/react';
+import { Bell, MessageSquare, Mail, Slack } from 'lucide-react';
+
+const NotificationNode = ({ data, selected }) => {
+    const {
+        channel = 'discord',
+        label = 'Notify',
+        message = ''
+    } = data;
+
+    const getIcon = () => {
+        switch (channel) {
+            case 'discord': return <MessageSquare size={16} />;
+            case 'slack': return <Slack size={16} />;
+            case 'email': return <Mail size={16} />;
+            default: return <Bell size={16} />;
+        }
+    };
+
+    return (
+        <div className={`workflow-node node-notification ${selected ? 'node-selected' : ''}`}>
+            <Handle
+                type="target"
+                position={Position.Top}
+                id="input"
+                className="handle-input"
+            />
+
+            <div className={`node-icon node-icon-${channel}`}>
+                {getIcon()}
+            </div>
+            <div className="node-content">
+                <div className="node-label">{label}</div>
+                <div className="node-sublabel">
+                    {channel.charAt(0).toUpperCase() + channel.slice(1)}
+                </div>
+            </div>
+
+            <Handle
+                type="source"
+                position={Position.Bottom}
+                id="output"
+                className="handle-output"
+            />
+        </div>
+    );
+};
+
+export default memo(NotificationNode);
diff --git a/frontend/src/components/workflow/nodes/ScriptNode.jsx b/frontend/src/components/workflow/nodes/ScriptNode.jsx
new file mode 100644
index 00000000..bbfb3d2a
--- /dev/null
+++ b/frontend/src/components/workflow/nodes/ScriptNode.jsx
@@ -0,0 +1,49 @@
+import React, { memo } from 'react';
+import { Handle, Position } from '@xyflow/react';
+import { Terminal, Code, Cpu } from 'lucide-react';
+
+const ScriptNode = ({ data, selected }) => {
+    const {
+        language = 'bash',
+        label = 'Run Script',
+        content = ''
+    } = data;
+
+    const getIcon = () => {
+        switch (language) {
+            case 'bash': return <Terminal size={16} />;
+            case 'python': return <Code size={16} />;
+            default: return <Cpu size={16} />;
+        }
+    };
+
+    return (
+        <div className={`workflow-node node-script ${selected ? 'node-selected' : ''}`}>
+            <Handle
+                type="target"
+                position={Position.Top}
+                id="input"
+                className="handle-input"
+            />
+
+            <div className={`node-icon node-icon-${language}`}>
+                {getIcon()}
+            </div>
+            <div className="node-content">
+                <div className="node-label">{label}</div>
+                <div className="node-sublabel">
+                    {language.charAt(0).toUpperCase() + language.slice(1)}
+                </div>
+            </div>
+
+            <Handle
+                type="source"
+                position={Position.Bottom}
+                id="output"
+                className="handle-output"
+            />
+        </div>
+    );
+};
+
+export default memo(ScriptNode);
diff --git a/frontend/src/components/workflow/nodes/TriggerNode.jsx b/frontend/src/components/workflow/nodes/TriggerNode.jsx
new file mode 100644
index 00000000..fd50fbf8
--- /dev/null
+++ b/frontend/src/components/workflow/nodes/TriggerNode.jsx
@@ -0,0 +1,73 @@
+import React, { memo } from 'react';
+import { Handle, Position } from '@xyflow/react';
+import { Zap, Clock, Webhook, Activity, Play } from 'lucide-react';
+
+const TriggerNode = ({ data, selected }) => {
+    const {
+        triggerType = 'manual',
+        label = 'Trigger',
+        isActive = false,
+        lastStatus = null,
+        triggerConfig = {}
+    } = data;
+
+    const getIcon = () => {
+        switch (triggerType) {
+            case 'manual': return <Play size={16} />;
+            case 'cron': return <Clock size={16} />;
+            case 'webhook': return <Webhook size={16} />;
+            case 'event': return <Zap size={16} />;
+            default: return <Activity size={16} />;
+        }
+    };
+
+    const statusClass = !isActive ? 'inactive'
+        : lastStatus === 'success' ? 'success'
+        : lastStatus === 'failed' ? 'error'
+        : 'active';
+
+    const getSublabel = () => {
+        const typeName = triggerType.charAt(0).toUpperCase() + triggerType.slice(1);
+        const status = isActive ? 'Active' : 'Disabled';
+
+        if (triggerType === 'cron' && triggerConfig.cron) {
+            return `${triggerConfig.cron} \u2022 ${status}`;
+        }
+        if (triggerType === 'webhook' && triggerConfig.webhook_id) {
+            return `...${triggerConfig.webhook_id.slice(-8)} \u2022 ${status}`;
+        }
+        if (triggerType === 'event' && triggerConfig.eventType) {
+            const eventLabels = {
+                health_check_failed: 'Health Fail',
+                high_cpu: 'High CPU',
+                high_memory: 'High Memory',
+                git_push: 'Git Push',
+                app_stopped: 'App Stopped'
+            };
+            return `${eventLabels[triggerConfig.eventType] || triggerConfig.eventType} \u2022 ${status}`;
+        }
+
+        return `${typeName} \u2022 ${status}`;
+    };
+
+    return (
+        <div className={`workflow-node node-trigger node-status-${statusClass} ${selected ? 'node-selected' : ''}`}>
+            <div className={`node-icon node-icon-${triggerType}`}>
+                {getIcon()}
+            </div>
+            <div className="node-content">
+                <div className="node-label">{label}</div>
+                <div className="node-sublabel">{getSublabel()}</div>
+            </div>
+
+            <Handle
+                type="source"
+                position={Position.Bottom}
+                id="output"
+                className="handle-output"
+            />
+        </div>
+    );
+};
+
+export default memo(TriggerNode);
diff --git a/frontend/src/components/workflow/panels/LogicIfConfigPanel.jsx b/frontend/src/components/workflow/panels/LogicIfConfigPanel.jsx
new file mode 100644
index 00000000..42820efe
--- /dev/null
+++ b/frontend/src/components/workflow/panels/LogicIfConfigPanel.jsx
@@ -0,0 +1,65 @@
+import React from 'react';
+import ConfigPanel from '../ConfigPanel';
+import { GitBranch } from 'lucide-react';
+
+const LogicIfConfigPanel = ({ node, onChange, onClose, onDelete }) => {
+    const { data } = node;
+    const { condition = '', label = 'If/Else' } = data;
+
+    return (
+        <ConfigPanel
+            title="Logic (If/Else)"
+            icon={<GitBranch size={16} />}
+            color="#f97316"
+            onClose={onClose}
+            footer={onDelete && (
+                <button className="btn-delete-node" onClick={onDelete}>
+                    Remove Node
+                </button>
+            )}
+        >
+            <div className="form-group">
+                <label>Label</label>
+                <input
+                    type="text"
+                    value={label}
+                    onChange={(e) => onChange({ ...data, label: e.target.value })}
+                />
+            </div>
+
+            <div className="form-group">
+                <label>Condition (Python expression)</label>
+                <input
+                    type="text"
+                    className="font-mono"
+                    value={condition}
+                    onChange={(e) => onChange({ ...data, condition: e.target.value })}
+                    placeholder="e.g. results['node_1']['returncode'] == 0"
+                />
+                <span className="form-hint">Must evaluate to truthy or falsy. Errors follow the false branch.</span>
+            </div>
+
+            <div className="panel-info-box">
+                <strong>Available Variables</strong><br />
+                <code>results</code> — dict of previous node outputs, keyed by node ID<br />
+                <code>context</code> — trigger execution context<br /><br />
+                <strong>Examples</strong><br />
+                <code>{"results['abc123']['returncode'] == 0"}</code><br />
+                <code>{"context.get('event_type') == 'high_cpu'"}</code>
+            </div>
+
+            <div className="branch-legend">
+                <div className="branch-legend-item">
+                    <span className="branch-dot branch-dot-true" />
+                    <span>True branch — condition is truthy</span>
+                </div>
+                <div className="branch-legend-item">
+                    <span className="branch-dot branch-dot-false" />
+                    <span>False branch — condition is falsy or errors</span>
+                </div>
+            </div>
+        </ConfigPanel>
+    );
+};
+
+export default LogicIfConfigPanel;
diff --git a/frontend/src/components/workflow/panels/NotificationConfigPanel.jsx b/frontend/src/components/workflow/panels/NotificationConfigPanel.jsx
new file mode 100644
index 00000000..f983fb70
--- /dev/null
+++ b/frontend/src/components/workflow/panels/NotificationConfigPanel.jsx
@@ -0,0 +1,79 @@
+import React from 'react';
+import ConfigPanel from '../ConfigPanel';
+import { Bell, MessageSquare, Mail, Slack, Send, Globe } from 'lucide-react';
+
+const NotificationConfigPanel = ({ node, onChange, onClose, onDelete }) => {
+    const { data } = node;
+    const { channel = 'discord', label = 'Notify', message = '' } = data;
+
+    const channels = [
+        { id: 'discord', icon: MessageSquare, label: 'Discord' },
+        { id: 'slack', icon: Slack, label: 'Slack' },
+        { id: 'email', icon: Mail, label: 'Email' },
+        { id: 'telegram', icon: Send, label: 'Telegram' },
+        { id: 'webhook', icon: Globe, label: 'Webhook' },
+        { id: 'system', icon: Bell, label: 'All Channels' },
+    ];
+
+    return (
+        <ConfigPanel
+            title="Notification"
+            icon={<Bell size={16} />}
+            color="#818cf8"
+            onClose={onClose}
+            footer={onDelete && (
+                <button className="btn-delete-node" onClick={onDelete}>
+                    Remove Node
+                </button>
+            )}
+        >
+            <div className="form-group">
+                <label>Label</label>
+                <input
+                    type="text"
+                    value={label}
+                    onChange={(e) => onChange({ ...data, label: e.target.value })}
+                />
+            </div>
+
+            <div className="form-group">
+                <label>Channel</label>
+                <div className="channel-grid">
+                    {channels.map(({ id, icon: Icon, label: chLabel }) => (
+                        <button
+                            key={id}
+                            className={`channel-btn ${channel === id ? 'active' : ''}`}
+                            onClick={() => onChange({ ...data, channel: id })}
+                        >
+                            <Icon size={14} />
+                            <span>{chLabel}</span>
+                        </button>
+                    ))}
+                </div>
+            </div>
+
+            <div className="form-group">
+                <label>Message Template</label>
+                <textarea
+                    value={message}
+                    onChange={(e) => onChange({ ...data, message: e.target.value })}
+                    placeholder={'Build finished for {{workflow_name}}\\nExit code: ${build.returncode}'}
+                    rows={8}
+                />
+            </div>
+
+            <div className="panel-info-box">
+                <strong>Variables</strong><br />
+                <code>{'{{workflow_name}}'}</code>, <code>{'{{execution_id}}'}</code>, <code>{'{{started_at}}'}</code><br />
+                <code>{'${node_id.stdout}'}</code> — output from a node<br />
+                <code>{'{{context.field}}'}</code> — trigger context value
+            </div>
+
+            <div className="panel-info-box panel-info-warning">
+                Channels must be configured in <strong>Settings &rarr; Notifications</strong> before they can send messages.
+            </div>
+        </ConfigPanel>
+    );
+};
+
+export default NotificationConfigPanel;
diff --git a/frontend/src/components/workflow/panels/ScriptConfigPanel.jsx b/frontend/src/components/workflow/panels/ScriptConfigPanel.jsx
new file mode 100644
index 00000000..9d07bd07
--- /dev/null
+++ b/frontend/src/components/workflow/panels/ScriptConfigPanel.jsx
@@ -0,0 +1,114 @@
+import React from 'react';
+import ConfigPanel from '../ConfigPanel';
+import { Terminal, Code } from 'lucide-react';
+
+const ScriptConfigPanel = ({ node, onChange, onClose, onDelete }) => {
+    const { data } = node;
+    const {
+        language = 'bash',
+        label = 'Run Script',
+        content = '',
+        timeout = 300,
+        retryCount = 0,
+        retryDelay = 5
+    } = data;
+
+    return (
+        <ConfigPanel
+            title="Script"
+            icon={<Terminal size={16} />}
+            color="#71717a"
+            onClose={onClose}
+            footer={onDelete && (
+                <button className="btn-delete-node" onClick={onDelete}>
+                    Remove Node
+                </button>
+            )}
+        >
+            <div className="form-group">
+                <label>Label</label>
+                <input
+                    type="text"
+                    value={label}
+                    onChange={(e) => onChange({ ...data, label: e.target.value })}
+                />
+            </div>
+
+            <div className="form-group">
+                <label>Language</label>
+                <div className="lang-toggle">
+                    <button
+                        className={`lang-btn ${language === 'bash' ? 'active' : ''}`}
+                        onClick={() => onChange({ ...data, language: 'bash' })}
+                    >
+                        <Terminal size={14} />
+                        Bash
+                    </button>
+                    <button
+                        className={`lang-btn ${language === 'python' ? 'active' : ''}`}
+                        onClick={() => onChange({ ...data, language: 'python' })}
+                    >
+                        <Code size={14} />
+                        Python
+                    </button>
+                </div>
+            </div>
+
+            <div className="form-group">
+                <label>Script Content</label>
+                <textarea
+                    className="script-editor font-mono"
+                    value={content}
+                    onChange={(e) => onChange({ ...data, content: e.target.value })}
+                    placeholder={language === 'bash'
+                        ? "#!/bin/bash\necho 'Hello World'"
+                        : "print('Hello World')"
+                    }
+                    rows={12}
+                />
+            </div>
+
+            <div className="form-row form-row-3">
+                <div className="form-group">
+                    <label>Timeout (s)</label>
+                    <input
+                        type="number"
+                        min="1"
+                        max="3600"
+                        value={timeout}
+                        onChange={(e) => onChange({ ...data, timeout: parseInt(e.target.value) || 300 })}
+                    />
+                </div>
+                <div className="form-group">
+                    <label>Retries</label>
+                    <input
+                        type="number"
+                        min="0"
+                        max="5"
+                        value={retryCount}
+                        onChange={(e) => onChange({ ...data, retryCount: parseInt(e.target.value) || 0 })}
+                    />
+                </div>
+                <div className="form-group">
+                    <label>Delay (s)</label>
+                    <input
+                        type="number"
+                        min="1"
+                        max="300"
+                        value={retryDelay}
+                        onChange={(e) => onChange({ ...data, retryDelay: parseInt(e.target.value) || 5 })}
+                    />
+                </div>
+            </div>
+
+            <div className="panel-info-box">
+                <strong>Variables</strong><br />
+                <code>{'${node_id.stdout}'}</code> — output from a previous node<br />
+                <code>$WORKFLOW_ID</code>, <code>$EXECUTION_ID</code> — workflow metadata<br />
+                <code>$NODE_ID_OUTPUT</code> — node output as env var
+            </div>
+        </ConfigPanel>
+    );
+};
+
+export default ScriptConfigPanel;
diff --git a/frontend/src/components/workflow/panels/TriggerConfigPanel.jsx b/frontend/src/components/workflow/panels/TriggerConfigPanel.jsx
new file mode 100644
index 00000000..d1b2b54e
--- /dev/null
+++ b/frontend/src/components/workflow/panels/TriggerConfigPanel.jsx
@@ -0,0 +1,176 @@
+import React, { useState } from 'react';
+import ConfigPanel from '../ConfigPanel';
+import { Play, Clock, Webhook, Zap, Copy, Check } from 'lucide-react';
+
+const TriggerConfigPanel = ({ node, onChange, onClose, onDelete }) => {
+    const { data } = node;
+    const { triggerType = 'manual', label = 'Trigger', isActive = true, triggerConfig = {} } = data;
+    const [copied, setCopied] = useState(false);
+
+    const handleTypeChange = (type) => {
+        const typeLabels = {
+            manual: 'Manual Trigger',
+            cron: 'Scheduled Task',
+            webhook: 'Webhook Trigger',
+            event: 'Event Listener'
+        };
+        onChange({
+            ...data,
+            triggerType: type,
+            label: typeLabels[type] || `${type} Trigger`
+        });
+    };
+
+    const handleConfigChange = (key, value) => {
+        onChange({
+            ...data,
+            triggerConfig: { ...triggerConfig, [key]: value }
+        });
+    };
+
+    const toggleActive = () => {
+        onChange({ ...data, isActive: !isActive });
+    };
+
+    const webhookUrl = triggerConfig.webhook_id
+        ? `${window.location.origin}/api/v1/workflows/hooks/${triggerConfig.webhook_id}`
+        : null;
+
+    const copyWebhookUrl = () => {
+        if (webhookUrl) {
+            navigator.clipboard.writeText(webhookUrl);
+            setCopied(true);
+            setTimeout(() => setCopied(false), 2000);
+        }
+    };
+
+    const triggerTypes = [
+        { id: 'manual', icon: Play, label: 'Manual', desc: 'Run on demand via button or API' },
+        { id: 'cron', icon: Clock, label: 'Schedule', desc: 'Run on a cron schedule' },
+        { id: 'webhook', icon: Webhook, label: 'Webhook', desc: 'Triggered by HTTP POST' },
+        { id: 'event', icon: Zap, label: 'Event', desc: 'React to system events' },
+    ];
+
+    return (
+        <ConfigPanel
+            title="Trigger"
+            icon={<Play size={16} />}
+            color="#3b82f6"
+            onClose={onClose}
+            footer={onDelete && (
+                <button className="btn-delete-node" onClick={onDelete}>
+                    Remove Node
+                </button>
+            )}
+        >
+            <div className="form-group">
+                <label>Label</label>
+                <input
+                    type="text"
+                    value={label}
+                    onChange={(e) => onChange({ ...data, label: e.target.value })}
+                />
+            </div>
+
+            <div className="form-group">
+                <label>Trigger Type</label>
+                <div className="trigger-type-grid">
+                    {triggerTypes.map(({ id, icon: Icon, label: typeLabel, desc }) => (
+                        <button
+                            key={id}
+                            className={`trigger-type-btn ${triggerType === id ? 'active' : ''}`}
+                            onClick={() => handleTypeChange(id)}
+                        >
+                            <Icon size={18} />
+                            <span className="trigger-type-name">{typeLabel}</span>
+                            <span className="trigger-type-desc">{desc}</span>
+                        </button>
+                    ))}
+                </div>
+            </div>
+
+            <div className="form-group">
+                <label className="toggle-label">
+                    <span>Enabled</span>
+                    <button
+                        className={`toggle-switch ${isActive ? 'active' : ''}`}
+                        onClick={toggleActive}
+                    >
+                        <span className="toggle-knob" />
+                    </button>
+                </label>
+            </div>
+
+            {triggerType === 'cron' && (
+                <div className="form-group">
+                    <label>Cron Expression</label>
+                    <input
+                        type="text"
+                        className="font-mono"
+                        value={triggerConfig.cron || '0 * * * *'}
+                        onChange={(e) => handleConfigChange('cron', e.target.value)}
+                        placeholder="e.g. 0 0 * * *"
+                    />
+                    <span className="form-hint">
+                        Format: minute hour day month weekday. Examples: <code>*/5 * * * *</code> (every 5 min), <code>0 0 * * *</code> (daily midnight)
+                    </span>
+                </div>
+            )}
+
+            {triggerType === 'webhook' && (
+                <div className="form-group">
+                    <label>Webhook URL</label>
+                    {webhookUrl ? (
+                        <>
+                            <div className="input-with-action">
+                                <input
+                                    type="text"
+                                    value={webhookUrl}
+                                    readOnly
+                                    className="input-readonly font-mono"
+                                />
+                                <button className="input-action-btn" onClick={copyWebhookUrl} title="Copy URL">
+                                    {copied ? <Check size={14} /> : <Copy size={14} />}
+                                </button>
+                            </div>
+                            <span className="form-hint">
+                                Send a POST request to this URL to trigger the workflow. Request body is available as <code>context.body</code>.
+                            </span>
+                        </>
+                    ) : (
+                        <div className="panel-info-box panel-info-warning">
+                            Save the workflow first to generate the webhook URL.
+                        </div>
+                    )}
+                </div>
+            )}
+
+            {triggerType === 'event' && (
+                <div className="form-group">
+                    <label>System Event</label>
+                    <select
+                        value={triggerConfig.eventType || 'health_check_failed'}
+                        onChange={(e) => handleConfigChange('eventType', e.target.value)}
+                    >
+                        <option value="health_check_failed">Health Check Failed</option>
+                        <option value="high_cpu">High CPU Usage (&gt;80%)</option>
+                        <option value="high_memory">High Memory Usage (&gt;80%)</option>
+                        <option value="git_push">Git Push Received</option>
+                        <option value="app_stopped">Application Stopped</option>
+                    </select>
+                    <span className="form-hint">
+                        Event data is available as <code>context.event_data</code> in scripts and conditions.
+                    </span>
+                </div>
+            )}
+
+            {triggerType === 'manual' && (
+                <div className="panel-info-box">
+                    Click <strong>Execute</strong> in the toolbar or call the workflow API to run manually.
+                </div>
+            )}
+        </ConfigPanel>
+    );
+};
+
+export default TriggerConfigPanel;
diff --git a/frontend/src/contexts/AuthContext.jsx b/frontend/src/contexts/AuthContext.jsx
index 460c5456..9df7814f 100644
--- a/frontend/src/contexts/AuthContext.jsx
+++ b/frontend/src/contexts/AuthContext.jsx
@@ -20,7 +20,7 @@ export function AuthProvider({ children }) {
         checkSetupStatus();
     }, []);
 
-    async function checkSetupStatus() {
+    async function checkSetupStatus(retries = 3) {
         try {
             const status = await api.getSetupStatus();
             setSetupStatus({
@@ -37,7 +37,18 @@ export function AuthProvider({ children }) {
             await checkAuth();
         } catch (error) {
             console.error('Setup status check failed:', error);
-            // Fallback to checking auth directly
+            // Backend may not be ready yet — retry before falling back
+            if (retries > 0) {
+                await new Promise(r => setTimeout(r, 2000));
+                return checkSetupStatus(retries - 1);
+            }
+            // Exhausted retries — assume fresh install so user isn't locked out
+            setSetupStatus(prev => ({
+                ...prev,
+                needsSetup: true,
+                registrationEnabled: true,
+                checked: true
+            }));
             await checkAuth();
         }
     }
diff --git a/frontend/src/main.jsx b/frontend/src/main.jsx
index 53c9c6da..96a58803 100644
--- a/frontend/src/main.jsx
+++ b/frontend/src/main.jsx
@@ -1,7 +1,7 @@
 import React from 'react'
 import ReactDOM from 'react-dom/client'
 import App from './App.jsx'
-import './styles/main.less'
+import './styles/main.scss'
 
 ReactDOM.createRoot(document.getElementById('root')).render(
     <React.StrictMode>
diff --git a/frontend/src/pages/AgentFleet.jsx b/frontend/src/pages/AgentFleet.jsx
new file mode 100644
index 00000000..09042a85
--- /dev/null
+++ b/frontend/src/pages/AgentFleet.jsx
@@ -0,0 +1,862 @@
+import React, { useState, useEffect, useCallback } from 'react';
+import {
+    Users,
+    Shield,
+    Activity,
+    Download,
+    RefreshCw,
+    CheckCircle,
+    AlertCircle,
+    Clock,
+    Zap,
+    Search,
+    ChevronRight,
+    Server,
+    Layers,
+    Package,
+    Plus,
+    Trash2,
+    Play,
+    Pause,
+    XCircle,
+    Wifi,
+    WifiOff,
+    RotateCcw,
+    Info
+} from 'lucide-react';
+import api from '../services/api';
+import { useToast } from '../contexts/ToastContext';
+import { useAuth } from '../contexts/AuthContext';
+
+const AgentFleet = () => {
+    const [activeTab, setActiveTab] = useState('dashboard');
+    const [loading, setLoading] = useState(true);
+    const [health, setHealth] = useState(null);
+    const [versions, setVersions] = useState([]);
+    const [discoveredAgents, setDiscoveredAgents] = useState([]);
+    const [pendingServers, setPendingServers] = useState([]);
+    const [rollouts, setRollouts] = useState([]);
+    const [queuedCommands, setQueuedCommands] = useState([]);
+    const [diagnostics, setDiagnostics] = useState(null);
+    const [diagnosticsServerId, setDiagnosticsServerId] = useState('');
+    const [isScanning, setIsScanning] = useState(false);
+    const [selectedVersion, setSelectedVersion] = useState('');
+    const [rolloutStrategy, setRolloutStrategy] = useState('all');
+    const [rolloutBatchSize, setRolloutBatchSize] = useState(5);
+    const [rolloutDelay, setRolloutDelay] = useState(10);
+    const { addToast } = useToast();
+    const { user } = useAuth();
+
+    useEffect(() => {
+        fetchData();
+    }, [activeTab]);
+
+    const fetchData = async () => {
+        setLoading(true);
+        try {
+            if (activeTab === 'dashboard') {
+                const data = await api.getFleetHealth();
+                setHealth(data);
+            } else if (activeTab === 'versions') {
+                const data = await api.getAgentVersions();
+                setVersions(data);
+            } else if (activeTab === 'rollouts') {
+                const [rolloutData, versionData] = await Promise.all([
+                    api.getRollouts(),
+                    api.getAgentVersions()
+                ]);
+                setRollouts(rolloutData);
+                setVersions(versionData);
+                if (versionData.length > 0 && !selectedVersion) {
+                    setSelectedVersion(versionData[0].id);
+                }
+            } else if (activeTab === 'discovery') {
+                const data = await api.getDiscoveredAgents();
+                setDiscoveredAgents(data);
+            } else if (activeTab === 'approvals') {
+                const data = await api.getServers();
+                setPendingServers((data.servers || data).filter(s => s.status === 'pending'));
+            } else if (activeTab === 'queue') {
+                const data = await api.getQueuedCommands();
+                setQueuedCommands(data);
+            }
+        } catch (error) {
+            console.error('Error fetching fleet data:', error);
+            addToast('Error', 'Failed to fetch fleet data', 'error');
+        } finally {
+            setLoading(false);
+        }
+    };
+
+    const startDiscovery = async () => {
+        setIsScanning(true);
+        try {
+            addToast('Discovery', 'Scanning network for agents...', 'info');
+            await api.startDiscovery(10);
+            const data = await api.getDiscoveredAgents();
+            setDiscoveredAgents(data);
+            addToast('Success', `Discovered ${data.length} agents`, 'success');
+        } catch (error) {
+            addToast('Error', 'Discovery scan failed', 'error');
+        } finally {
+            setIsScanning(false);
+        }
+    };
+
+    const approveAgent = async (serverId) => {
+        try {
+            await api.approveRegistration(serverId);
+            addToast('Success', 'Agent registration approved', 'success');
+            fetchData();
+        } catch (error) {
+            addToast('Error', 'Failed to approve agent', 'error');
+        }
+    };
+
+    const rejectAgent = async (serverId) => {
+        try {
+            await api.rejectRegistration(serverId);
+            addToast('Success', 'Agent registration rejected', 'success');
+            fetchData();
+        } catch (error) {
+            addToast('Error', 'Failed to reject agent', 'error');
+        }
+    };
+
+    const triggerUpgrade = async () => {
+        if (!selectedVersion) {
+            addToast('Error', 'Select a target version', 'error');
+            return;
+        }
+
+        try {
+            if (rolloutStrategy === 'all') {
+                await api.upgradeFleet([], selectedVersion);
+                addToast('Success', 'Upgrade triggered for all online agents', 'success');
+            } else {
+                const data = {
+                    version_id: selectedVersion,
+                    strategy: rolloutStrategy,
+                    batch_size: rolloutStrategy === 'canary' ? 1 : rolloutBatchSize,
+                    delay_minutes: rolloutDelay
+                };
+                await api.startRollout(data);
+                addToast('Success', 'Staged rollout started', 'success');
+            }
+            fetchData();
+        } catch (error) {
+            addToast('Error', 'Failed to trigger upgrade', 'error');
+        }
+    };
+
+    const cancelRollout = async (rolloutId) => {
+        try {
+            await api.cancelRollout(rolloutId);
+            addToast('Success', 'Rollout cancelled', 'success');
+            fetchData();
+        } catch (error) {
+            addToast('Error', 'Failed to cancel rollout', 'error');
+        }
+    };
+
+    const retryCommand = async (commandId) => {
+        try {
+            await api.retryCommand(commandId);
+            addToast('Success', 'Command retry triggered', 'success');
+            fetchData();
+        } catch (error) {
+            addToast('Error', 'Failed to retry command', 'error');
+        }
+    };
+
+    const loadDiagnostics = async (serverId) => {
+        try {
+            const data = await api.getServerDiagnostics(serverId);
+            setDiagnostics(data);
+            setDiagnosticsServerId(serverId);
+        } catch (error) {
+            addToast('Error', 'Failed to load diagnostics', 'error');
+        }
+    };
+
+    const rolloutStatusBadge = (status) => {
+        const map = {
+            running: 'badge-info',
+            completed: 'badge-success',
+            failed: 'badge-error',
+            cancelled: 'badge-warning',
+            pending: 'badge-default'
+        };
+        return map[status] || 'badge-default';
+    };
+
+    return (
+        <div className="page-container">
+            <div className="page-header">
+                <div className="header-info">
+                    <h1>Agent Fleet Management</h1>
+                    <p>Monitor health, manage versions, and control updates across your infrastructure.</p>
+                </div>
+                <div className="header-actions">
+                    <button
+                        className="btn btn-primary"
+                        onClick={fetchData}
+                        disabled={loading}
+                    >
+                        <RefreshCw size={18} className={loading ? 'animate-spin' : ''} />
+                        Refresh
+                    </button>
+                </div>
+            </div>
+
+            <div className="tabs-container">
+                <div className="tabs">
+                    {[
+                        { key: 'dashboard', icon: Activity, label: 'Dashboard' },
+                        { key: 'versions', icon: Package, label: 'Versions' },
+                        { key: 'rollouts', icon: Zap, label: 'Rollouts' },
+                        { key: 'queue', icon: Clock, label: 'Command Queue' },
+                        { key: 'discovery', icon: Search, label: 'Discovery' },
+                        { key: 'approvals', icon: Shield, label: 'Approvals' },
+                    ].map(tab => (
+                        <button
+                            key={tab.key}
+                            className={`tab ${activeTab === tab.key ? 'active' : ''}`}
+                            onClick={() => setActiveTab(tab.key)}
+                        >
+                            <tab.icon size={18} />
+                            {tab.label}
+                            {tab.key === 'approvals' && pendingServers.length > 0 && (
+                                <span className="badge badge-error ml-2">{pendingServers.length}</span>
+                            )}
+                            {tab.key === 'queue' && queuedCommands.length > 0 && (
+                                <span className="badge badge-warning ml-2">{queuedCommands.length}</span>
+                            )}
+                        </button>
+                    ))}
+                </div>
+            </div>
+
+            <div className="tab-content mt-6">
+                {/* ==================== Dashboard ==================== */}
+                {activeTab === 'dashboard' && health && (
+                    <div className="space-y-6">
+                        <div className="grid grid-cols-1 md:grid-cols-4 gap-4">
+                            <div className="stat-card">
+                                <div className="stat-icon bg-blue-100 text-blue-600">
+                                    <Server size={24} />
+                                </div>
+                                <div className="stat-content">
+                                    <div className="stat-value">{health.total_servers}</div>
+                                    <div className="stat-label">Total Agents</div>
+                                </div>
+                            </div>
+                            <div className="stat-card">
+                                <div className="stat-icon bg-green-100 text-green-600">
+                                    <CheckCircle size={24} />
+                                </div>
+                                <div className="stat-content">
+                                    <div className="stat-value">{health.online_servers}</div>
+                                    <div className="stat-label">Online</div>
+                                </div>
+                            </div>
+                            <div className="stat-card">
+                                <div className="stat-icon bg-red-100 text-red-600">
+                                    <AlertCircle size={24} />
+                                </div>
+                                <div className="stat-content">
+                                    <div className="stat-value">{health.offline_servers}</div>
+                                    <div className="stat-label">Offline</div>
+                                </div>
+                            </div>
+                            <div className="stat-card">
+                                <div className="stat-icon bg-purple-100 text-purple-600">
+                                    <Zap size={24} />
+                                </div>
+                                <div className="stat-content">
+                                    <div className="stat-value">{health.command_success_rate}%</div>
+                                    <div className="stat-label">Success Rate</div>
+                                </div>
+                            </div>
+                        </div>
+
+                        <div className="grid grid-cols-1 lg:grid-cols-2 gap-6">
+                            <div className="card">
+                                <div className="card-header">
+                                    <h2>Fleet Health Summary</h2>
+                                </div>
+                                <div className="card-body">
+                                    <div className="space-y-4">
+                                        <div className="flex justify-between items-center">
+                                            <span className="text-gray-600">Overall Uptime</span>
+                                            <span className="font-semibold text-green-600">{health.uptime_percentage?.toFixed(2)}%</span>
+                                        </div>
+                                        <div className="w-full bg-gray-200 rounded-full h-2">
+                                            <div
+                                                className="bg-green-600 h-2 rounded-full"
+                                                style={{ width: `${health.uptime_percentage}%` }}
+                                            ></div>
+                                        </div>
+
+                                        <div className="flex justify-between items-center mt-6">
+                                            <span className="text-gray-600">Avg Heartbeat Latency</span>
+                                            <span className="font-semibold">{health.avg_heartbeat_latency} ms</span>
+                                        </div>
+                                        <div className="w-full bg-gray-200 rounded-full h-2">
+                                            <div
+                                                className="bg-blue-600 h-2 rounded-full"
+                                                style={{ width: `${Math.min(100, health.avg_heartbeat_latency / 2)}%` }}
+                                            ></div>
+                                        </div>
+
+                                        {health.queued_commands > 0 && (
+                                            <div className="flex justify-between items-center mt-4 p-3 bg-yellow-50 rounded-lg">
+                                                <span className="text-yellow-700 flex items-center gap-2">
+                                                    <Clock size={16} /> Queued Commands
+                                                </span>
+                                                <span className="font-semibold text-yellow-700">{health.queued_commands}</span>
+                                            </div>
+                                        )}
+                                    </div>
+                                </div>
+                            </div>
+
+                            <div className="card">
+                                <div className="card-header">
+                                    <h2>Version Distribution</h2>
+                                </div>
+                                <div className="card-body">
+                                    <div className="space-y-4">
+                                        {Object.entries(health.version_distribution || {}).map(([version, count]) => (
+                                            <div key={version} className="space-y-1">
+                                                <div className="flex justify-between text-sm">
+                                                    <span>v{version}</span>
+                                                    <span className="text-gray-500">{count} agents ({(count / health.total_servers * 100).toFixed(0)}%)</span>
+                                                </div>
+                                                <div className="w-full bg-gray-200 rounded-full h-2">
+                                                    <div
+                                                        className="bg-indigo-600 h-2 rounded-full"
+                                                        style={{ width: `${count / health.total_servers * 100}%` }}
+                                                    ></div>
+                                                </div>
+                                            </div>
+                                        ))}
+                                        {Object.keys(health.version_distribution || {}).length === 0 && (
+                                            <p className="text-gray-500 text-center py-4">No agents registered yet.</p>
+                                        )}
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                )}
+
+                {/* ==================== Versions ==================== */}
+                {activeTab === 'versions' && (
+                    <div className="card">
+                        <div className="card-header flex justify-between items-center">
+                            <h2>Agent Versions</h2>
+                            <button className="btn btn-sm btn-primary">
+                                <Plus size={16} /> Add Version
+                            </button>
+                        </div>
+                        <div className="overflow-x-auto">
+                            <table className="table">
+                                <thead>
+                                    <tr>
+                                        <th>Version</th>
+                                        <th>Channel</th>
+                                        <th>Published</th>
+                                        <th>Panel Compatibility</th>
+                                        <th>Status</th>
+                                        <th>Actions</th>
+                                    </tr>
+                                </thead>
+                                <tbody>
+                                    {versions.map(v => (
+                                        <tr key={v.id}>
+                                            <td className="font-semibold">v{v.version}</td>
+                                            <td>
+                                                <span className={`badge ${v.channel === 'stable' ? 'badge-success' : 'badge-warning'}`}>
+                                                    {v.channel}
+                                                </span>
+                                            </td>
+                                            <td>{new Date(v.published_at).toLocaleDateString()}</td>
+                                            <td>{v.min_panel_version || 'Any'} - {v.max_panel_version || 'Latest'}</td>
+                                            <td>
+                                                <span className={`flex items-center gap-1 ${v.is_active ? 'text-green-600' : 'text-gray-400'}`}>
+                                                    {v.is_active ? <CheckCircle size={14} /> : <Clock size={14} />}
+                                                    {v.is_active ? 'Active' : 'Inactive'}
+                                                </span>
+                                            </td>
+                                            <td className="actions">
+                                                <button className="btn btn-ghost btn-sm" title="Edit"><RefreshCw size={14} /></button>
+                                                <button className="btn btn-ghost btn-sm text-red-600" title="Delete"><Trash2 size={14} /></button>
+                                            </td>
+                                        </tr>
+                                    ))}
+                                    {versions.length === 0 && (
+                                        <tr>
+                                            <td colSpan="6" className="text-center py-8 text-gray-500">
+                                                No agent versions registered in database.
+                                            </td>
+                                        </tr>
+                                    )}
+                                </tbody>
+                            </table>
+                        </div>
+                        {versions.length > 0 && versions[0].release_notes && (
+                            <div className="card-body border-t">
+                                <h3 className="text-sm font-semibold mb-2">Latest Release Notes (v{versions[0].version})</h3>
+                                <p className="text-sm text-gray-600 whitespace-pre-wrap">{versions[0].release_notes}</p>
+                            </div>
+                        )}
+                    </div>
+                )}
+
+                {/* ==================== Rollouts ==================== */}
+                {activeTab === 'rollouts' && (
+                    <div className="space-y-6">
+                        <div className="card">
+                            <div className="card-header">
+                                <h2>Trigger Fleet Upgrade</h2>
+                            </div>
+                            <div className="card-body">
+                                <p className="text-gray-600 mb-4">
+                                    Push a specific agent version to multiple servers at once.
+                                </p>
+                                <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-4">
+                                    <div className="form-group">
+                                        <label>Target Version</label>
+                                        <select
+                                            className="form-select w-full"
+                                            value={selectedVersion}
+                                            onChange={e => setSelectedVersion(e.target.value)}
+                                        >
+                                            <option value="">Select version...</option>
+                                            {versions.map(v => (
+                                                <option key={v.id} value={v.id}>v{v.version} ({v.channel})</option>
+                                            ))}
+                                        </select>
+                                    </div>
+                                    <div className="form-group">
+                                        <label>Rollout Strategy</label>
+                                        <select
+                                            className="form-select w-full"
+                                            value={rolloutStrategy}
+                                            onChange={e => setRolloutStrategy(e.target.value)}
+                                        >
+                                            <option value="all">All At Once</option>
+                                            <option value="staged">Staged (Batch by Batch)</option>
+                                            <option value="canary">Canary (1 server first)</option>
+                                        </select>
+                                    </div>
+                                    {rolloutStrategy === 'staged' && (
+                                        <>
+                                            <div className="form-group">
+                                                <label>Batch Size</label>
+                                                <input
+                                                    type="number"
+                                                    className="form-input w-full"
+                                                    value={rolloutBatchSize}
+                                                    onChange={e => setRolloutBatchSize(parseInt(e.target.value) || 5)}
+                                                    min={1}
+                                                />
+                                            </div>
+                                            <div className="form-group">
+                                                <label>Delay (minutes)</label>
+                                                <input
+                                                    type="number"
+                                                    className="form-input w-full"
+                                                    value={rolloutDelay}
+                                                    onChange={e => setRolloutDelay(parseInt(e.target.value) || 10)}
+                                                    min={1}
+                                                />
+                                            </div>
+                                        </>
+                                    )}
+                                </div>
+                                <div className="mt-6 flex justify-end">
+                                    <button
+                                        className="btn btn-primary"
+                                        onClick={triggerUpgrade}
+                                        disabled={!selectedVersion}
+                                    >
+                                        <Play size={18} /> Start Rollout
+                                    </button>
+                                </div>
+                            </div>
+                        </div>
+
+                        <div className="card">
+                            <div className="card-header">
+                                <h2>Rollout History</h2>
+                            </div>
+                            {rollouts.length > 0 ? (
+                                <div className="overflow-x-auto">
+                                    <table className="table">
+                                        <thead>
+                                            <tr>
+                                                <th>Version</th>
+                                                <th>Strategy</th>
+                                                <th>Progress</th>
+                                                <th>Status</th>
+                                                <th>Started</th>
+                                                <th>Actions</th>
+                                            </tr>
+                                        </thead>
+                                        <tbody>
+                                            {rollouts.map(r => (
+                                                <tr key={r.id}>
+                                                    <td className="font-semibold">v{r.version}</td>
+                                                    <td>{r.strategy}</td>
+                                                    <td>
+                                                        <div className="flex items-center gap-3">
+                                                            <div className="w-24 bg-gray-200 rounded-full h-2">
+                                                                <div
+                                                                    className={`h-2 rounded-full ${r.status === 'failed' ? 'bg-red-500' : r.status === 'completed' ? 'bg-green-500' : 'bg-blue-500'}`}
+                                                                    style={{ width: `${r.total_servers > 0 ? (r.processed_servers / r.total_servers * 100) : 0}%` }}
+                                                                ></div>
+                                                            </div>
+                                                            <span className="text-sm text-gray-500">
+                                                                {r.processed_servers}/{r.total_servers}
+                                                                {r.failed_servers > 0 && (
+                                                                    <span className="text-red-500 ml-1">({r.failed_servers} failed)</span>
+                                                                )}
+                                                            </span>
+                                                        </div>
+                                                    </td>
+                                                    <td>
+                                                        <span className={`badge ${rolloutStatusBadge(r.status)}`}>
+                                                            {r.status}
+                                                        </span>
+                                                    </td>
+                                                    <td className="text-sm">{r.started_at ? new Date(r.started_at).toLocaleString() : '-'}</td>
+                                                    <td className="actions">
+                                                        {r.status === 'running' && (
+                                                            <button
+                                                                className="btn btn-sm btn-ghost text-red-600"
+                                                                onClick={() => cancelRollout(r.id)}
+                                                                title="Cancel Rollout"
+                                                            >
+                                                                <XCircle size={14} /> Cancel
+                                                            </button>
+                                                        )}
+                                                        {r.error && (
+                                                            <span className="text-xs text-red-500" title={r.error}>
+                                                                <AlertCircle size={14} />
+                                                            </span>
+                                                        )}
+                                                    </td>
+                                                </tr>
+                                            ))}
+                                        </tbody>
+                                    </table>
+                                </div>
+                            ) : (
+                                <div className="card-body py-12 text-center text-gray-500">
+                                    <Zap size={48} className="mx-auto text-gray-300 mb-4" />
+                                    <p>No rollouts have been started yet.</p>
+                                </div>
+                            )}
+                        </div>
+                    </div>
+                )}
+
+                {/* ==================== Command Queue ==================== */}
+                {activeTab === 'queue' && (
+                    <div className="card">
+                        <div className="card-header flex justify-between items-center">
+                            <h2>Queued Commands</h2>
+                            <p className="text-sm text-gray-500">Commands waiting to be delivered when agents reconnect</p>
+                        </div>
+                        {queuedCommands.length > 0 ? (
+                            <div className="overflow-x-auto">
+                                <table className="table">
+                                    <thead>
+                                        <tr>
+                                            <th>Server</th>
+                                            <th>Command</th>
+                                            <th>Retries</th>
+                                            <th>Queued At</th>
+                                            <th>Actions</th>
+                                        </tr>
+                                    </thead>
+                                    <tbody>
+                                        {queuedCommands.map(cmd => (
+                                            <tr key={cmd.id}>
+                                                <td>{cmd.server_id?.slice(0, 8)}...</td>
+                                                <td className="font-mono text-sm">{cmd.command_type}</td>
+                                                <td>
+                                                    <span className={cmd.retry_count > 0 ? 'text-yellow-600' : ''}>
+                                                        {cmd.retry_count}/{cmd.max_retries}
+                                                    </span>
+                                                </td>
+                                                <td className="text-sm">{new Date(cmd.created_at).toLocaleString()}</td>
+                                                <td className="actions">
+                                                    <button
+                                                        className="btn btn-sm btn-ghost"
+                                                        onClick={() => retryCommand(cmd.id)}
+                                                        title="Retry now"
+                                                    >
+                                                        <RotateCcw size={14} /> Retry
+                                                    </button>
+                                                </td>
+                                            </tr>
+                                        ))}
+                                    </tbody>
+                                </table>
+                            </div>
+                        ) : (
+                            <div className="card-body py-12 text-center text-gray-500">
+                                <CheckCircle size={48} className="mx-auto text-gray-300 mb-4" />
+                                <p>No queued commands. All agents are up to date.</p>
+                            </div>
+                        )}
+                    </div>
+                )}
+
+                {/* ==================== Discovery ==================== */}
+                {activeTab === 'discovery' && (
+                    <div className="space-y-6">
+                        <div className="flex justify-between items-center">
+                            <h2>Network Discovery</h2>
+                            <button
+                                className="btn btn-primary"
+                                onClick={startDiscovery}
+                                disabled={isScanning}
+                            >
+                                {isScanning ? <RefreshCw size={18} className="animate-spin" /> : <Search size={18} />}
+                                {isScanning ? 'Scanning...' : 'Start Scan'}
+                            </button>
+                        </div>
+
+                        <div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4">
+                            {discoveredAgents.map(agent => (
+                                <div key={agent.agent_id} className="card p-4 flex flex-col justify-between">
+                                    <div>
+                                        <div className="flex justify-between items-start mb-2">
+                                            <div className="bg-blue-100 p-2 rounded text-blue-600">
+                                                <Server size={20} />
+                                            </div>
+                                            {agent.is_registered ? (
+                                                <span className="badge badge-success">Registered</span>
+                                            ) : (
+                                                <span className="badge badge-warning">New</span>
+                                            )}
+                                        </div>
+                                        <h3 className="font-bold">{agent.hostname}</h3>
+                                        <p className="text-sm text-gray-500">{agent.ip_address}</p>
+                                        <div className="mt-4 space-y-2 text-sm">
+                                            <div className="flex justify-between">
+                                                <span className="text-gray-500">OS:</span>
+                                                <span>{agent.os} ({agent.arch})</span>
+                                            </div>
+                                            <div className="flex justify-between">
+                                                <span className="text-gray-500">Agent Version:</span>
+                                                <span>v{agent.agent_version}</span>
+                                            </div>
+                                        </div>
+                                    </div>
+                                    <div className="mt-4 pt-4 border-t">
+                                        {agent.is_registered ? (
+                                            <button
+                                                className="btn btn-sm btn-ghost w-full"
+                                                onClick={() => {
+                                                    setActiveTab('dashboard');
+                                                    loadDiagnostics(agent.server_id);
+                                                }}
+                                            >
+                                                View Details
+                                            </button>
+                                        ) : (
+                                            <button className="btn btn-sm btn-primary w-full">Add to Fleet</button>
+                                        )}
+                                    </div>
+                                </div>
+                            ))}
+                            {discoveredAgents.length === 0 && !isScanning && (
+                                <div className="col-span-full py-12 text-center card bg-gray-50">
+                                    <Search size={48} className="mx-auto text-gray-300 mb-4" />
+                                    <p className="text-gray-500">No agents discovered yet. Start a scan to find agents on your local network.</p>
+                                </div>
+                            )}
+                        </div>
+                    </div>
+                )}
+
+                {/* ==================== Approvals ==================== */}
+                {activeTab === 'approvals' && (
+                    <div className="card">
+                        <div className="card-header">
+                            <h2>Pending Registrations</h2>
+                        </div>
+                        <div className="overflow-x-auto">
+                            <table className="table">
+                                <thead>
+                                    <tr>
+                                        <th>Server Name</th>
+                                        <th>IP Address</th>
+                                        <th>Requested</th>
+                                        <th>Agent Version</th>
+                                        <th>Actions</th>
+                                    </tr>
+                                </thead>
+                                <tbody>
+                                    {pendingServers.map(server => (
+                                        <tr key={server.id}>
+                                            <td className="font-semibold">{server.name}</td>
+                                            <td>{server.ip_address || 'N/A'}</td>
+                                            <td>{new Date(server.created_at).toLocaleString()}</td>
+                                            <td>v{server.agent_version || 'Unknown'}</td>
+                                            <td className="actions">
+                                                <button
+                                                    className="btn btn-sm btn-success flex items-center gap-1"
+                                                    onClick={() => approveAgent(server.id)}
+                                                >
+                                                    <CheckCircle size={14} /> Approve
+                                                </button>
+                                                <button
+                                                    className="btn btn-sm btn-ghost text-red-600"
+                                                    onClick={() => rejectAgent(server.id)}
+                                                >
+                                                    <XCircle size={14} /> Reject
+                                                </button>
+                                            </td>
+                                        </tr>
+                                    ))}
+                                    {pendingServers.length === 0 && (
+                                        <tr>
+                                            <td colSpan="5" className="text-center py-8 text-gray-500">
+                                                No pending agent registrations.
+                                            </td>
+                                        </tr>
+                                    )}
+                                </tbody>
+                            </table>
+                        </div>
+                    </div>
+                )}
+
+                {/* ==================== Diagnostics Modal ==================== */}
+                {diagnostics && (
+                    <div className="fixed inset-0 z-50 flex items-center justify-center bg-black bg-opacity-50" onClick={() => setDiagnostics(null)}>
+                        <div className="bg-white rounded-lg shadow-xl w-full max-w-2xl max-h-[80vh] overflow-y-auto m-4" onClick={e => e.stopPropagation()}>
+                            <div className="p-6 border-b flex justify-between items-center">
+                                <h2 className="text-lg font-semibold">
+                                    Agent Diagnostics - {diagnostics.server_name}
+                                </h2>
+                                <button className="btn btn-ghost btn-sm" onClick={() => setDiagnostics(null)}>
+                                    <XCircle size={18} />
+                                </button>
+                            </div>
+                            <div className="p-6 space-y-6">
+                                <div className="grid grid-cols-2 gap-4">
+                                    <div>
+                                        <label className="text-sm text-gray-500">Status</label>
+                                        <p className="font-semibold flex items-center gap-2">
+                                            {diagnostics.connection.is_connected ? (
+                                                <><Wifi size={16} className="text-green-500" /> Connected</>
+                                            ) : (
+                                                <><WifiOff size={16} className="text-red-500" /> Disconnected</>
+                                            )}
+                                        </p>
+                                    </div>
+                                    <div>
+                                        <label className="text-sm text-gray-500">Agent Version</label>
+                                        <p className="font-semibold">v{diagnostics.agent_version || 'Unknown'}</p>
+                                    </div>
+                                    <div>
+                                        <label className="text-sm text-gray-500">Current Latency</label>
+                                        <p className="font-semibold">
+                                            {diagnostics.connection.current_latency_ms != null
+                                                ? `${diagnostics.connection.current_latency_ms.toFixed(1)} ms`
+                                                : 'N/A'}
+                                        </p>
+                                    </div>
+                                    <div>
+                                        <label className="text-sm text-gray-500">Avg Latency</label>
+                                        <p className="font-semibold">
+                                            {diagnostics.connection.avg_latency_ms != null
+                                                ? `${diagnostics.connection.avg_latency_ms.toFixed(1)} ms`
+                                                : 'N/A'}
+                                        </p>
+                                    </div>
+                                    <div>
+                                        <label className="text-sm text-gray-500">IP Address</label>
+                                        <p className="font-semibold">{diagnostics.connection.ip_address || 'N/A'}</p>
+                                    </div>
+                                    <div>
+                                        <label className="text-sm text-gray-500">Connected Since</label>
+                                        <p className="font-semibold">
+                                            {diagnostics.connection.connected_since
+                                                ? new Date(diagnostics.connection.connected_since).toLocaleString()
+                                                : 'N/A'}
+                                        </p>
+                                    </div>
+                                </div>
+
+                                <div>
+                                    <h3 className="font-semibold mb-3">Command Stats (24h)</h3>
+                                    <div className="grid grid-cols-4 gap-3">
+                                        <div className="text-center p-3 bg-gray-50 rounded">
+                                            <div className="text-lg font-bold">{diagnostics.commands_24h.total}</div>
+                                            <div className="text-xs text-gray-500">Total</div>
+                                        </div>
+                                        <div className="text-center p-3 bg-green-50 rounded">
+                                            <div className="text-lg font-bold text-green-600">{diagnostics.commands_24h.success}</div>
+                                            <div className="text-xs text-gray-500">Success</div>
+                                        </div>
+                                        <div className="text-center p-3 bg-red-50 rounded">
+                                            <div className="text-lg font-bold text-red-600">{diagnostics.commands_24h.failed}</div>
+                                            <div className="text-xs text-gray-500">Failed</div>
+                                        </div>
+                                        <div className="text-center p-3 bg-yellow-50 rounded">
+                                            <div className="text-lg font-bold text-yellow-600">{diagnostics.commands_24h.timeout}</div>
+                                            <div className="text-xs text-gray-500">Timeout</div>
+                                        </div>
+                                    </div>
+                                </div>
+
+                                {diagnostics.queued_commands > 0 && (
+                                    <div className="p-3 bg-yellow-50 border border-yellow-200 rounded-lg flex items-center gap-2">
+                                        <Clock size={16} className="text-yellow-600" />
+                                        <span className="text-sm text-yellow-700">
+                                            {diagnostics.queued_commands} commands queued for delivery
+                                        </span>
+                                    </div>
+                                )}
+
+                                <div>
+                                    <h3 className="font-semibold mb-3">Recent Sessions</h3>
+                                    <div className="space-y-2 max-h-48 overflow-y-auto">
+                                        {diagnostics.recent_sessions.map(session => (
+                                            <div key={session.id} className="flex justify-between items-center text-sm p-2 bg-gray-50 rounded">
+                                                <div className="flex items-center gap-2">
+                                                    {session.is_active ? (
+                                                        <Wifi size={14} className="text-green-500" />
+                                                    ) : (
+                                                        <WifiOff size={14} className="text-gray-400" />
+                                                    )}
+                                                    <span>{session.ip_address}</span>
+                                                </div>
+                                                <div className="text-gray-500">
+                                                    {new Date(session.connected_at).toLocaleString()}
+                                                    {session.disconnect_reason && (
+                                                        <span className="ml-2 text-red-500">({session.disconnect_reason})</span>
+                                                    )}
+                                                </div>
+                                            </div>
+                                        ))}
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                )}
+            </div>
+        </div>
+    );
+};
+
+export default AgentFleet;
diff --git a/frontend/src/pages/AgentPlugins.jsx b/frontend/src/pages/AgentPlugins.jsx
new file mode 100644
index 00000000..e4268f28
--- /dev/null
+++ b/frontend/src/pages/AgentPlugins.jsx
@@ -0,0 +1,294 @@
+import React, { useState, useEffect, useCallback } from 'react';
+import { useNavigate } from 'react-router-dom';
+import api from '../services/api';
+import { useToast } from '../contexts/ToastContext';
+import { useAuth } from '../contexts/AuthContext';
+import Spinner from '../components/Spinner';
+import ConfirmDialog from '../components/ConfirmDialog';
+
+const AgentPlugins = () => {
+    const navigate = useNavigate();
+    const toast = useToast();
+    const { user } = useAuth();
+    const [plugins, setPlugins] = useState([]);
+    const [loading, setLoading] = useState(true);
+    const [showCreateModal, setShowCreateModal] = useState(false);
+    const [showInstallModal, setShowInstallModal] = useState(false);
+    const [selectedPlugin, setSelectedPlugin] = useState(null);
+    const [deleteConfirm, setDeleteConfirm] = useState(null);
+    const [servers, setServers] = useState([]);
+    const [filter, setFilter] = useState('all');
+
+    const [newPlugin, setNewPlugin] = useState({
+        name: '', display_name: '', version: '1.0.0', description: '',
+        author: '', capabilities: [], permissions: [],
+        max_memory_mb: 128, max_cpu_percent: 10
+    });
+
+    const loadPlugins = useCallback(async () => {
+        try {
+            const data = await api.getAgentPlugins();
+            setPlugins(data.plugins || []);
+        } catch (err) {
+            toast.error('Failed to load plugins');
+        } finally {
+            setLoading(false);
+        }
+    }, [toast]);
+
+    useEffect(() => {
+        loadPlugins();
+        api.getServers().then(data => setServers(data.servers || [])).catch(() => {});
+    }, [loadPlugins]);
+
+    const handleCreate = async () => {
+        try {
+            await api.createAgentPlugin(newPlugin);
+            toast.success('Plugin registered');
+            setShowCreateModal(false);
+            setNewPlugin({ name: '', display_name: '', version: '1.0.0', description: '', author: '', capabilities: [], permissions: [], max_memory_mb: 128, max_cpu_percent: 10 });
+            loadPlugins();
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const handleDelete = async (id) => {
+        try {
+            await api.deleteAgentPlugin(id);
+            toast.success('Plugin deleted');
+            setDeleteConfirm(null);
+            loadPlugins();
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const handleInstall = async (pluginId, serverId) => {
+        try {
+            await api.installAgentPlugin(pluginId, serverId);
+            toast.success('Plugin installation initiated');
+            setShowInstallModal(false);
+            loadPlugins();
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const toggleCapability = (cap) => {
+        setNewPlugin(prev => ({
+            ...prev,
+            capabilities: prev.capabilities.includes(cap)
+                ? prev.capabilities.filter(c => c !== cap)
+                : [...prev.capabilities, cap]
+        }));
+    };
+
+    const togglePermission = (perm) => {
+        setNewPlugin(prev => ({
+            ...prev,
+            permissions: prev.permissions.includes(perm)
+                ? prev.permissions.filter(p => p !== perm)
+                : [...prev.permissions, perm]
+        }));
+    };
+
+    const filteredPlugins = filter === 'all' ? plugins
+        : plugins.filter(p => p.status === filter);
+
+    const capabilityLabels = {
+        metrics: 'Custom Metrics',
+        health_checks: 'Health Checks',
+        commands: 'Custom Commands',
+        scheduled_tasks: 'Scheduled Tasks',
+        event_hooks: 'Event Hooks'
+    };
+
+    const permissionLabels = {
+        filesystem: 'Filesystem',
+        network: 'Network',
+        docker: 'Docker',
+        process: 'Process',
+        system: 'System'
+    };
+
+    if (loading) return <Spinner />;
+
+    return (
+        <div className="agent-plugins-page">
+            <div className="page-header">
+                <div className="page-header-content">
+                    <h1>Agent Plugins</h1>
+                    <p className="page-description">{plugins.length} plugin{plugins.length !== 1 ? 's' : ''} registered</p>
+                </div>
+                <div className="page-header-actions">
+                    <select value={filter} onChange={e => setFilter(e.target.value)} className="form-select">
+                        <option value="all">All Plugins</option>
+                        <option value="available">Available</option>
+                        <option value="deprecated">Deprecated</option>
+                    </select>
+                    {user?.is_admin && (
+                        <button className="btn btn-primary" onClick={() => setShowCreateModal(true)}>
+                            Register Plugin
+                        </button>
+                    )}
+                </div>
+            </div>
+
+            <div className="plugins-grid">
+                {filteredPlugins.map(plugin => (
+                    <div key={plugin.id} className="plugin-card card">
+                        <div className="plugin-card__header">
+                            <div className="plugin-card__info">
+                                <h3>{plugin.display_name}</h3>
+                                <span className="plugin-card__version">v{plugin.version}</span>
+                            </div>
+                            <span className={`badge badge--${plugin.status === 'available' ? 'success' : 'warning'}`}>
+                                {plugin.status}
+                            </span>
+                        </div>
+                        {plugin.description && (
+                            <p className="plugin-card__desc">{plugin.description}</p>
+                        )}
+                        <div className="plugin-card__meta">
+                            {plugin.author && <span>By {plugin.author}</span>}
+                            <span>{plugin.install_count} installation{plugin.install_count !== 1 ? 's' : ''}</span>
+                        </div>
+                        <div className="plugin-card__capabilities">
+                            {(plugin.capabilities || []).map(cap => (
+                                <span key={cap} className="badge badge--outline">{capabilityLabels[cap] || cap}</span>
+                            ))}
+                        </div>
+                        <div className="plugin-card__permissions">
+                            {(plugin.permissions || []).map(perm => (
+                                <span key={perm} className="badge badge--subtle">{permissionLabels[perm] || perm}</span>
+                            ))}
+                        </div>
+                        <div className="plugin-card__actions">
+                            <button className="btn btn-sm btn-primary" onClick={() => { setSelectedPlugin(plugin); setShowInstallModal(true); }}>
+                                Install
+                            </button>
+                            {user?.is_admin && (
+                                <button className="btn btn-sm btn-danger" onClick={() => setDeleteConfirm(plugin)}>
+                                    Delete
+                                </button>
+                            )}
+                        </div>
+                    </div>
+                ))}
+                {filteredPlugins.length === 0 && (
+                    <div className="empty-state">
+                        <p>No plugins found. Register a plugin to extend agent capabilities.</p>
+                    </div>
+                )}
+            </div>
+
+            {/* Create Plugin Modal */}
+            {showCreateModal && (
+                <div className="modal-overlay" onClick={() => setShowCreateModal(false)}>
+                    <div className="modal" onClick={e => e.stopPropagation()}>
+                        <div className="modal-header">
+                            <h2>Register Plugin</h2>
+                            <button className="modal-close" onClick={() => setShowCreateModal(false)}>&times;</button>
+                        </div>
+                        <div className="modal-body">
+                            <div className="form-group">
+                                <label>Plugin Name (identifier)</label>
+                                <input className="form-input" value={newPlugin.name} onChange={e => setNewPlugin({...newPlugin, name: e.target.value})} placeholder="my-plugin" />
+                            </div>
+                            <div className="form-group">
+                                <label>Display Name</label>
+                                <input className="form-input" value={newPlugin.display_name} onChange={e => setNewPlugin({...newPlugin, display_name: e.target.value})} placeholder="My Plugin" />
+                            </div>
+                            <div className="form-group">
+                                <label>Version</label>
+                                <input className="form-input" value={newPlugin.version} onChange={e => setNewPlugin({...newPlugin, version: e.target.value})} />
+                            </div>
+                            <div className="form-group">
+                                <label>Description</label>
+                                <textarea className="form-input" value={newPlugin.description} onChange={e => setNewPlugin({...newPlugin, description: e.target.value})} rows={3} />
+                            </div>
+                            <div className="form-group">
+                                <label>Author</label>
+                                <input className="form-input" value={newPlugin.author} onChange={e => setNewPlugin({...newPlugin, author: e.target.value})} />
+                            </div>
+                            <div className="form-group">
+                                <label>Capabilities</label>
+                                <div className="checkbox-group">
+                                    {Object.entries(capabilityLabels).map(([key, label]) => (
+                                        <label key={key} className="checkbox-label">
+                                            <input type="checkbox" checked={newPlugin.capabilities.includes(key)} onChange={() => toggleCapability(key)} />
+                                            {label}
+                                        </label>
+                                    ))}
+                                </div>
+                            </div>
+                            <div className="form-group">
+                                <label>Permissions</label>
+                                <div className="checkbox-group">
+                                    {Object.entries(permissionLabels).map(([key, label]) => (
+                                        <label key={key} className="checkbox-label">
+                                            <input type="checkbox" checked={newPlugin.permissions.includes(key)} onChange={() => togglePermission(key)} />
+                                            {label}
+                                        </label>
+                                    ))}
+                                </div>
+                            </div>
+                            <div className="form-row">
+                                <div className="form-group">
+                                    <label>Max Memory (MB)</label>
+                                    <input className="form-input" type="number" value={newPlugin.max_memory_mb} onChange={e => setNewPlugin({...newPlugin, max_memory_mb: parseInt(e.target.value) || 128})} />
+                                </div>
+                                <div className="form-group">
+                                    <label>Max CPU (%)</label>
+                                    <input className="form-input" type="number" value={newPlugin.max_cpu_percent} onChange={e => setNewPlugin({...newPlugin, max_cpu_percent: parseInt(e.target.value) || 10})} />
+                                </div>
+                            </div>
+                        </div>
+                        <div className="modal-footer">
+                            <button className="btn" onClick={() => setShowCreateModal(false)}>Cancel</button>
+                            <button className="btn btn-primary" onClick={handleCreate} disabled={!newPlugin.name || !newPlugin.display_name}>Register</button>
+                        </div>
+                    </div>
+                </div>
+            )}
+
+            {/* Install Plugin Modal */}
+            {showInstallModal && selectedPlugin && (
+                <div className="modal-overlay" onClick={() => setShowInstallModal(false)}>
+                    <div className="modal" onClick={e => e.stopPropagation()}>
+                        <div className="modal-header">
+                            <h2>Install {selectedPlugin.display_name}</h2>
+                            <button className="modal-close" onClick={() => setShowInstallModal(false)}>&times;</button>
+                        </div>
+                        <div className="modal-body">
+                            <p>Select a server to install this plugin on:</p>
+                            <div className="server-select-list">
+                                {servers.map(server => (
+                                    <div key={server.id} className="server-select-item" onClick={() => handleInstall(selectedPlugin.id, server.id)}>
+                                        <span className={`status-dot status-dot--${server.status === 'online' ? 'success' : 'danger'}`} />
+                                        <span>{server.name}</span>
+                                        <span className="text-muted">{server.hostname}</span>
+                                    </div>
+                                ))}
+                                {servers.length === 0 && <p className="text-muted">No servers available</p>}
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            )}
+
+            {deleteConfirm && (
+                <ConfirmDialog
+                    title="Delete Plugin"
+                    message={`Delete "${deleteConfirm.display_name}"? This cannot be undone.`}
+                    onConfirm={() => handleDelete(deleteConfirm.id)}
+                    onCancel={() => setDeleteConfirm(null)}
+                    variant="danger"
+                />
+            )}
+        </div>
+    );
+};
+
+export default AgentPlugins;
diff --git a/frontend/src/pages/ApplicationDetail.jsx b/frontend/src/pages/ApplicationDetail.jsx
index 06660aa9..67474597 100644
--- a/frontend/src/pages/ApplicationDetail.jsx
+++ b/frontend/src/pages/ApplicationDetail.jsx
@@ -4,6 +4,8 @@ import { GitBranch } from 'lucide-react';
 import api from '../services/api';
 import useTabParam from '../hooks/useTabParam';
 import { useToast } from '../contexts/ToastContext';
+import { useConfirm } from '../hooks/useConfirm';
+import { ConfirmDialog } from '../components/ConfirmDialog';
 import EnvironmentVariables from '../components/EnvironmentVariables';
 import PrivateURLSection from '../components/PrivateURLSection';
 import LinkedAppsSection from '../components/LinkedAppsSection';
@@ -83,7 +85,7 @@ const ApplicationDetail = () => {
                     </svg>
                 );
             default:
-                return <span style={{ fontSize: '20px', fontWeight: 'bold' }}>{type.charAt(0).toUpperCase()}</span>;
+                return <span className="text-xl font-bold">{type.charAt(0).toUpperCase()}</span>;
         }
     }
 
@@ -270,6 +272,7 @@ const ApplicationDetail = () => {
 // Overview Tab with new grid layout
 const OverviewTab = ({ app, onUpdate }) => {
     const navigate = useNavigate();
+    const { confirm: confirmOverview, confirmState: confirmOverviewState, handleConfirm: handleOverviewConfirm, handleCancel: handleOverviewCancel } = useConfirm();
     const [status, setStatus] = useState(null);
     const [appStatus, setAppStatus] = useState(null);
     const [linkedApps, setLinkedApps] = useState([]);
@@ -332,7 +335,8 @@ const OverviewTab = ({ app, onUpdate }) => {
     }
 
     async function handleUnlink() {
-        if (!window.confirm('Are you sure you want to unlink these apps? Database credentials will remain unchanged.')) {
+        const confirmed = await confirmOverview({ title: 'Unlink Apps', message: 'Are you sure you want to unlink these apps? Database credentials will remain unchanged.', variant: 'warning' });
+        if (!confirmed) {
             return;
         }
         setLinkLoading(true);
@@ -533,6 +537,16 @@ const OverviewTab = ({ app, onUpdate }) => {
                     onLinked={handleLinked}
                 />
             )}
+            <ConfirmDialog
+                isOpen={confirmOverviewState.isOpen}
+                title={confirmOverviewState.title}
+                message={confirmOverviewState.message}
+                confirmText={confirmOverviewState.confirmText}
+                cancelText={confirmOverviewState.cancelText}
+                variant={confirmOverviewState.variant}
+                onConfirm={handleOverviewConfirm}
+                onCancel={handleOverviewCancel}
+            />
         </div>
     );
 };
@@ -847,6 +861,7 @@ const CommandsTab = ({ appId, appType }) => {
 
 const BuildTab = ({ appId, appPath }) => {
     const toast = useToast();
+    const { confirm: confirmBuild, confirmState: confirmBuildState, handleConfirm: handleBuildConfirm, handleCancel: handleBuildCancel } = useConfirm();
     const [buildConfig, setBuildConfig] = useState(null);
     const [detection, setDetection] = useState(null);
     const [deployments, setDeployments] = useState([]);
@@ -965,10 +980,11 @@ const BuildTab = ({ appId, appPath }) => {
     }
 
     async function handleRollback(version = null) {
-        if (!confirm(version
+        const rollbackMsg = version
             ? `Rollback to version ${version}? This will replace the current deployment.`
-            : 'Rollback to previous deployment?'
-        )) return;
+            : 'Rollback to previous deployment?';
+        const confirmed = await confirmBuild({ title: 'Rollback', message: rollbackMsg, variant: 'warning' });
+        if (!confirmed) return;
 
         setDeploying(true);
         setError(null);
@@ -1182,6 +1198,16 @@ const BuildTab = ({ appId, appPath }) => {
                     </div>
                 </div>
             )}
+            <ConfirmDialog
+                isOpen={confirmBuildState.isOpen}
+                title={confirmBuildState.title}
+                message={confirmBuildState.message}
+                confirmText={confirmBuildState.confirmText}
+                cancelText={confirmBuildState.cancelText}
+                variant={confirmBuildState.variant}
+                onConfirm={handleBuildConfirm}
+                onCancel={handleBuildCancel}
+            />
         </div>
     );
 };
@@ -1254,6 +1280,7 @@ const LogsTab = ({ app }) => {
 
 const SettingsTab = ({ app, onUpdate }) => {
     const navigate = useNavigate();
+    const { confirm: confirmAppSettings, confirmState: confirmAppSettingsState, handleConfirm: handleAppSettingsConfirm, handleCancel: handleAppSettingsCancel } = useConfirm();
     const [deleting, setDeleting] = useState(false);
     const [environmentType, setEnvironmentType] = useState(app.environment_type || 'standalone');
     const [savingEnvironment, setSavingEnvironment] = useState(false);
@@ -1267,8 +1294,10 @@ const SettingsTab = ({ app, onUpdate }) => {
     };
 
     async function handleDelete() {
-        if (!confirm(`Delete ${app.name}? This action cannot be undone.`)) return;
-        if (!confirm('Are you sure? Type "delete" to confirm.')) return;
+        const firstConfirm = await confirmAppSettings({ title: 'Delete Application', message: `Delete ${app.name}? This action cannot be undone.` });
+        if (!firstConfirm) return;
+        const secondConfirm = await confirmAppSettings({ title: 'Confirm Deletion', message: 'Are you sure? This will permanently delete the application and all its data.' });
+        if (!secondConfirm) return;
 
         setDeleting(true);
         try {
@@ -1297,7 +1326,8 @@ const SettingsTab = ({ app, onUpdate }) => {
     }
 
     async function handleUnlink() {
-        if (!confirm(`Unlink ${app.name} from its linked application? Both apps will become standalone.`)) return;
+        const confirmed = await confirmAppSettings({ title: 'Unlink Application', message: `Unlink ${app.name} from its linked application? Both apps will become standalone.`, variant: 'warning' });
+        if (!confirmed) return;
 
         setUnlinking(true);
         try {
@@ -1379,12 +1409,23 @@ const SettingsTab = ({ app, onUpdate }) => {
                     {deleting ? 'Deleting...' : 'Delete Application'}
                 </button>
             </div>
+            <ConfirmDialog
+                isOpen={confirmAppSettingsState.isOpen}
+                title={confirmAppSettingsState.title}
+                message={confirmAppSettingsState.message}
+                confirmText={confirmAppSettingsState.confirmText}
+                cancelText={confirmAppSettingsState.cancelText}
+                variant={confirmAppSettingsState.variant}
+                onConfirm={handleAppSettingsConfirm}
+                onCancel={handleAppSettingsCancel}
+            />
         </div>
     );
 };
 
 const DeployTab = ({ appId, appPath }) => {
     const toast = useToast();
+    const { confirm: confirmDeploy, confirmState: confirmDeployState, handleConfirm: handleDeployConfirm, handleCancel: handleDeployCancel } = useConfirm();
     const [config, setConfig] = useState(null);
     const [gitStatus, setGitStatus] = useState(null);
     const [history, setHistory] = useState([]);
@@ -1425,7 +1466,7 @@ const DeployTab = ({ appId, appPath }) => {
                     postDeployScript: configRes.config.post_deploy_script || ''
                 });
                 try {
-                    const statusRes = await api.getGitStatus(appId);
+                    const statusRes = await api.getAppGitStatus(appId);
                     setGitStatus(statusRes);
                 } catch (e) {}
             } else {
@@ -1459,7 +1500,8 @@ const DeployTab = ({ appId, appPath }) => {
     }
 
     async function handleRemoveDeployment() {
-        if (!confirm('Remove deployment configuration? This will not delete the repository files.')) return;
+        const confirmed = await confirmDeploy({ title: 'Remove Deployment', message: 'Remove deployment configuration? This will not delete the repository files.', variant: 'warning' });
+        if (!confirmed) return;
         try {
             await api.removeDeployment(appId);
             setConfig(null);
@@ -1474,7 +1516,7 @@ const DeployTab = ({ appId, appPath }) => {
         setDeploying(true);
         setError(null);
         try {
-            const result = await api.triggerDeploy(appId, force);
+            const result = await api.triggerAppDeploy(appId, force);
             if (result.success) {
                 toast.success('Deployment completed successfully!');
             } else {
@@ -1686,6 +1728,16 @@ const DeployTab = ({ appId, appPath }) => {
                     </div>
                 </div>
             )}
+            <ConfirmDialog
+                isOpen={confirmDeployState.isOpen}
+                title={confirmDeployState.title}
+                message={confirmDeployState.message}
+                confirmText={confirmDeployState.confirmText}
+                cancelText={confirmDeployState.cancelText}
+                variant={confirmDeployState.variant}
+                onConfirm={handleDeployConfirm}
+                onCancel={handleDeployCancel}
+            />
         </div>
     );
 };
diff --git a/frontend/src/pages/Applications.jsx b/frontend/src/pages/Applications.jsx
index 0e96feae..7a3f3a8d 100644
--- a/frontend/src/pages/Applications.jsx
+++ b/frontend/src/pages/Applications.jsx
@@ -3,10 +3,13 @@ import { useNavigate } from 'react-router-dom';
 import { Plus, X, Container, Globe, Package, FileText, RefreshCw, Square, Play, Settings, Trash2, AlertTriangle } from 'lucide-react';
 import api from '../services/api';
 import { useToast } from '../contexts/ToastContext';
+import { useConfirm } from '../hooks/useConfirm';
+import { ConfirmDialog } from '../components/ConfirmDialog';
 
 const Applications = () => {
     const navigate = useNavigate();
     const toast = useToast();
+    const { confirm, confirmState, handleConfirm, handleCancel } = useConfirm();
     const [apps, setApps] = useState([]);
     const [appStats, setAppStats] = useState({});
     const [loading, setLoading] = useState(true);
@@ -98,7 +101,8 @@ const Applications = () => {
                 await api.restartApp(appId);
                 toast.success('Application restarted');
             } else if (action === 'delete') {
-                if (!confirm('Delete this application? This action cannot be undone.')) return;
+                const deleteConfirmed = await confirm({ title: 'Delete Application', message: 'Delete this application? This action cannot be undone.' });
+                if (!deleteConfirmed) return;
                 await api.deleteApp(appId);
                 toast.success('Application deleted');
             }
@@ -218,7 +222,7 @@ const Applications = () => {
                                     <th>Status</th>
                                     <th>Domain</th>
                                     <th>Resources</th>
-                                    <th style={{ textAlign: 'right' }}>Actions</th>
+                                    <th className="text-right">Actions</th>
                                 </tr>
                             </thead>
                             <tbody>
@@ -236,7 +240,7 @@ const Applications = () => {
                                             </td>
                                             <td>
                                                 <span className="docker-image-tag" style={{ borderLeft: `3px solid ${getStackColor(app.app_type)}` }}>
-                                                    {app.app_type === 'docker' && <Container size={12} style={{ marginRight: 4 }} />}
+                                                    {app.app_type === 'docker' && <Container size={12} className="mr-1" />}
                                                     {app.app_type.toUpperCase()}
                                                 </span>
                                             </td>
@@ -254,13 +258,13 @@ const Applications = () => {
                                                     {app.domains && app.domains.length > 0 ? (
                                                         app.domains.map((d, i) => (
                                                             <span key={i}>
-                                                                <Globe size={12} style={{ marginRight: 4, verticalAlign: 'middle' }} />
+                                                                <Globe size={12} className="mr-1 align-middle" />
                                                                 {d.name}
                                                                 {i < app.domains.length - 1 && <br />}
                                                             </span>
                                                         ))
                                                     ) : (
-                                                        <span style={{ color: 'var(--text-tertiary)' }}>-</span>
+                                                        <span className="text-gray-400">-</span>
                                                     )}
                                                 </span>
                                             </td>
@@ -324,6 +328,16 @@ const Applications = () => {
                     onClose={() => setSelectedApp(null)}
                 />
             )}
+            <ConfirmDialog
+                isOpen={confirmState.isOpen}
+                title={confirmState.title}
+                message={confirmState.message}
+                confirmText={confirmState.confirmText}
+                cancelText={confirmState.cancelText}
+                variant={confirmState.variant}
+                onConfirm={handleConfirm}
+                onCancel={handleCancel}
+            />
         </div>
     );
 };
@@ -446,12 +460,11 @@ const AppLogsModal = ({ app, onClose }) => {
                 </div>
                 <div className="modal-body">
                     {app.app_type !== 'docker' && (
-                        <div style={{ marginBottom: '1rem' }}>
+                        <div className="mb-4">
                             <select
                                 value={logType}
                                 onChange={(e) => setLogType(e.target.value)}
-                                className="docker-search"
-                                style={{ width: 'auto' }}
+                                className="docker-search w-auto"
                             >
                                 <option value="access">Access Logs</option>
                                 <option value="error">Error Logs</option>
diff --git a/frontend/src/pages/Backups.jsx b/frontend/src/pages/Backups.jsx
index b8f09559..b93b03f1 100644
--- a/frontend/src/pages/Backups.jsx
+++ b/frontend/src/pages/Backups.jsx
@@ -3,11 +3,14 @@ import useTabParam from '../hooks/useTabParam';
 import { Upload, Download, Check, AlertTriangle, Clock, Database, Package, FolderArchive, HardDrive, Cloud, CloudOff, RefreshCw, Trash2, Plus, Settings, CheckCircle, XCircle, Server, FileArchive } from 'lucide-react';
 import api from '../services/api';
 import { useToast } from '../contexts/ToastContext';
+import { useConfirm } from '../hooks/useConfirm';
+import { ConfirmDialog } from '../components/ConfirmDialog';
 
 const VALID_TABS = ['backups', 'schedules', 'storage', 'settings'];
 
 const Backups = () => {
     const toast = useToast();
+    const { confirm, confirmState, handleConfirm, handleCancel } = useConfirm();
     const [backups, setBackups] = useState([]);
     const [stats, setStats] = useState(null);
     const [schedules, setSchedules] = useState([]);
@@ -146,7 +149,8 @@ const Backups = () => {
     };
 
     const handleDeleteBackup = async (backupPath) => {
-        if (!window.confirm('Are you sure you want to delete this backup?')) return;
+        const confirmed = await confirm({ title: 'Delete Backup', message: 'Are you sure you want to delete this backup?' });
+        if (!confirmed) return;
         try {
             await api.deleteBackup(backupPath);
             toast.success('Backup deleted');
@@ -171,7 +175,8 @@ const Backups = () => {
 
     const handleRestore = async () => {
         if (!selectedBackup) return;
-        if (!window.confirm('Are you sure you want to restore this backup? This may overwrite existing data.')) return;
+        const restoreConfirmed = await confirm({ title: 'Restore Backup', message: 'Are you sure you want to restore this backup? This may overwrite existing data.', variant: 'warning' });
+        if (!restoreConfirmed) return;
 
         try {
             if (selectedBackup.type === 'application') {
@@ -222,7 +227,8 @@ const Backups = () => {
     };
 
     const handleRemoveSchedule = async (scheduleId) => {
-        if (!window.confirm('Are you sure you want to remove this schedule?')) return;
+        const confirmed = await confirm({ title: 'Remove Schedule', message: 'Are you sure you want to remove this schedule?' });
+        if (!confirmed) return;
         try {
             await api.removeBackupSchedule(scheduleId);
             toast.success('Schedule removed');
@@ -271,7 +277,8 @@ const Backups = () => {
     };
 
     const handleCleanup = async () => {
-        if (!window.confirm(`This will delete backups older than ${configForm.retention_days} days. Continue?`)) return;
+        const confirmed = await confirm({ title: 'Cleanup Backups', message: `This will delete backups older than ${configForm.retention_days} days. Continue?`, variant: 'warning' });
+        if (!confirmed) return;
         try {
             const result = await api.cleanupBackups(configForm.retention_days);
             toast.success(result.message);
@@ -1161,6 +1168,16 @@ const Backups = () => {
                     </div>
                 </div>
             )}
+            <ConfirmDialog
+                isOpen={confirmState.isOpen}
+                title={confirmState.title}
+                message={confirmState.message}
+                confirmText={confirmState.confirmText}
+                cancelText={confirmState.cancelText}
+                variant={confirmState.variant}
+                onConfirm={handleConfirm}
+                onCancel={handleCancel}
+            />
         </div>
     );
 };
diff --git a/frontend/src/pages/CloudProvision.jsx b/frontend/src/pages/CloudProvision.jsx
new file mode 100644
index 00000000..8ceb31cb
--- /dev/null
+++ b/frontend/src/pages/CloudProvision.jsx
@@ -0,0 +1,209 @@
+import React, { useState, useEffect, useCallback } from 'react';
+import api from '../services/api';
+import { useToast } from '../contexts/ToastContext';
+import { useAuth } from '../contexts/AuthContext';
+import Spinner from '../components/Spinner';
+import ConfirmDialog from '../components/ConfirmDialog';
+
+const CloudProvision = () => {
+    const toast = useToast();
+    const { user } = useAuth();
+    const [providers, setProviders] = useState([]);
+    const [servers, setServers] = useState([]);
+    const [costs, setCosts] = useState(null);
+    const [loading, setLoading] = useState(true);
+    const [showCreateProvider, setShowCreateProvider] = useState(false);
+    const [showCreateServer, setShowCreateServer] = useState(false);
+    const [providerOptions, setProviderOptions] = useState(null);
+    const [deleteConfirm, setDeleteConfirm] = useState(null);
+    const [tab, setTab] = useState('servers');
+
+    const [providerForm, setProviderForm] = useState({ name: '', provider_type: 'digitalocean', api_key: '' });
+    const [serverForm, setServerForm] = useState({ name: '', provider_id: '', region: '', size: '', image: '', install_agent: true });
+
+    const loadData = useCallback(async () => {
+        try {
+            const [pData, sData, cData] = await Promise.all([
+                api.getCloudProviders(),
+                api.getCloudServers(),
+                api.getCloudCosts(),
+            ]);
+            setProviders(pData.providers || []);
+            setServers(sData.servers || []);
+            setCosts(cData);
+        } catch (err) {
+            toast.error('Failed to load cloud data');
+        } finally {
+            setLoading(false);
+        }
+    }, [toast]);
+
+    useEffect(() => { loadData(); }, [loadData]);
+
+    const handleCreateProvider = async () => {
+        try {
+            await api.createCloudProvider(providerForm);
+            toast.success('Provider added');
+            setShowCreateProvider(false);
+            loadData();
+        } catch (err) { toast.error(err.message); }
+    };
+
+    const loadProviderOptions = async (type) => {
+        try {
+            const data = await api.getCloudProviderOptions(type);
+            setProviderOptions(data);
+        } catch (err) { toast.error(err.message); }
+    };
+
+    const handleCreateServer = async () => {
+        try {
+            await api.createCloudServer(serverForm);
+            toast.success('Server provisioning initiated');
+            setShowCreateServer(false);
+            loadData();
+        } catch (err) { toast.error(err.message); }
+    };
+
+    const handleDestroy = async (id) => {
+        try {
+            await api.destroyCloudServer(id);
+            toast.success('Server destroyed');
+            setDeleteConfirm(null);
+            loadData();
+        } catch (err) { toast.error(err.message); }
+    };
+
+    const providerTypes = {
+        digitalocean: 'DigitalOcean', hetzner: 'Hetzner Cloud', vultr: 'Vultr', linode: 'Linode'
+    };
+
+    if (loading) return <Spinner />;
+
+    return (
+        <div className="cloud-provision-page">
+            <div className="page-header">
+                <div className="page-header-content">
+                    <h1>Cloud Provisioning</h1>
+                    <p className="page-description">
+                        {servers.length} server{servers.length !== 1 ? 's' : ''}
+                        {costs && ` \u2022 $${costs.total_monthly}/mo`}
+                    </p>
+                </div>
+                <div className="page-header-actions">
+                    {user?.is_admin && (
+                        <>
+                            <button className="btn" onClick={() => setShowCreateProvider(true)}>Add Provider</button>
+                            <button className="btn btn-primary" onClick={() => setShowCreateServer(true)}>New Server</button>
+                        </>
+                    )}
+                </div>
+            </div>
+
+            <div className="tabs">
+                <button className={`tab ${tab === 'servers' ? 'active' : ''}`} onClick={() => setTab('servers')}>Servers</button>
+                <button className={`tab ${tab === 'providers' ? 'active' : ''}`} onClick={() => setTab('providers')}>Providers</button>
+                <button className={`tab ${tab === 'costs' ? 'active' : ''}`} onClick={() => setTab('costs')}>Costs</button>
+            </div>
+
+            {tab === 'servers' && (
+                <div className="cloud-servers-grid">
+                    {servers.map(srv => (
+                        <div key={srv.id} className="cloud-server-card card">
+                            <div className="cloud-server-card__header">
+                                <h3>{srv.name}</h3>
+                                <span className={`badge badge--${srv.status === 'active' ? 'success' : srv.status === 'error' ? 'danger' : 'warning'}`}>{srv.status}</span>
+                            </div>
+                            <div className="cloud-server-card__meta">
+                                <span>{srv.provider_name}</span>
+                                <span>{srv.region}</span>
+                                <span>{srv.size}</span>
+                            </div>
+                            {srv.ip_address && <div className="text-mono">{srv.ip_address}</div>}
+                            <div className="cloud-server-card__cost">
+                                ${srv.monthly_cost}/mo
+                            </div>
+                            <div className="cloud-server-card__actions">
+                                {srv.agent_installed && <span className="badge badge--success">Agent Installed</span>}
+                                {user?.is_admin && srv.status === 'active' && (
+                                    <button className="btn btn-sm btn-danger" onClick={() => setDeleteConfirm(srv)}>Destroy</button>
+                                )}
+                            </div>
+                        </div>
+                    ))}
+                    {servers.length === 0 && <div className="empty-state"><p>No cloud servers provisioned yet.</p></div>}
+                </div>
+            )}
+
+            {tab === 'providers' && (
+                <div className="providers-list">
+                    {providers.map(p => (
+                        <div key={p.id} className="provider-row card">
+                            <strong>{p.name}</strong>
+                            <span className="badge badge--outline">{providerTypes[p.provider_type] || p.provider_type}</span>
+                            <span>{p.server_count} servers</span>
+                        </div>
+                    ))}
+                    {providers.length === 0 && <div className="empty-state"><p>No providers configured.</p></div>}
+                </div>
+            )}
+
+            {tab === 'costs' && costs && (
+                <div className="costs-panel card">
+                    <h3>Monthly Cost Summary</h3>
+                    <div className="cost-total">${costs.total_monthly}/mo across {costs.server_count} servers</div>
+                    <div className="cost-breakdown">
+                        {Object.entries(costs.by_provider || {}).map(([name, data]) => (
+                            <div key={name} className="cost-row">
+                                <span>{name}</span>
+                                <span>{data.count} servers</span>
+                                <span>${data.cost.toFixed(2)}/mo</span>
+                            </div>
+                        ))}
+                    </div>
+                </div>
+            )}
+
+            {showCreateProvider && (
+                <div className="modal-overlay" onClick={() => setShowCreateProvider(false)}>
+                    <div className="modal" onClick={e => e.stopPropagation()}>
+                        <div className="modal-header"><h2>Add Cloud Provider</h2><button className="modal-close" onClick={() => setShowCreateProvider(false)}>&times;</button></div>
+                        <div className="modal-body">
+                            <div className="form-group"><label>Provider</label><select className="form-select" value={providerForm.provider_type} onChange={e => setProviderForm({...providerForm, provider_type: e.target.value})}>{Object.entries(providerTypes).map(([k,v]) => <option key={k} value={k}>{v}</option>)}</select></div>
+                            <div className="form-group"><label>Name</label><input className="form-input" value={providerForm.name} onChange={e => setProviderForm({...providerForm, name: e.target.value})} /></div>
+                            <div className="form-group"><label>API Key</label><input className="form-input" type="password" value={providerForm.api_key} onChange={e => setProviderForm({...providerForm, api_key: e.target.value})} /></div>
+                        </div>
+                        <div className="modal-footer"><button className="btn" onClick={() => setShowCreateProvider(false)}>Cancel</button><button className="btn btn-primary" onClick={handleCreateProvider}>Add</button></div>
+                    </div>
+                </div>
+            )}
+
+            {showCreateServer && (
+                <div className="modal-overlay" onClick={() => setShowCreateServer(false)}>
+                    <div className="modal" onClick={e => e.stopPropagation()}>
+                        <div className="modal-header"><h2>New Cloud Server</h2><button className="modal-close" onClick={() => setShowCreateServer(false)}>&times;</button></div>
+                        <div className="modal-body">
+                            <div className="form-group"><label>Provider</label><select className="form-select" value={serverForm.provider_id} onChange={e => { setServerForm({...serverForm, provider_id: parseInt(e.target.value)}); const p = providers.find(x => x.id === parseInt(e.target.value)); if (p) loadProviderOptions(p.provider_type); }}><option value="">Select provider</option>{providers.map(p => <option key={p.id} value={p.id}>{p.name}</option>)}</select></div>
+                            <div className="form-group"><label>Server Name</label><input className="form-input" value={serverForm.name} onChange={e => setServerForm({...serverForm, name: e.target.value})} /></div>
+                            {providerOptions && (
+                                <>
+                                    <div className="form-group"><label>Region</label><select className="form-select" value={serverForm.region} onChange={e => setServerForm({...serverForm, region: e.target.value})}><option value="">Select region</option>{(providerOptions.regions || []).map(r => <option key={r} value={r}>{r}</option>)}</select></div>
+                                    <div className="form-group"><label>Size</label><select className="form-select" value={serverForm.size} onChange={e => setServerForm({...serverForm, size: e.target.value})}><option value="">Select size</option>{(providerOptions.sizes || []).map(s => <option key={s} value={s}>{s}</option>)}</select></div>
+                                    <div className="form-group"><label>Image</label><select className="form-select" value={serverForm.image} onChange={e => setServerForm({...serverForm, image: e.target.value})}><option value="">Select image</option>{(providerOptions.images || []).map(i => <option key={i} value={i}>{i}</option>)}</select></div>
+                                </>
+                            )}
+                            <div className="form-group"><label className="checkbox-label"><input type="checkbox" checked={serverForm.install_agent} onChange={e => setServerForm({...serverForm, install_agent: e.target.checked})} /> Auto-install ServerKit agent</label></div>
+                        </div>
+                        <div className="modal-footer"><button className="btn" onClick={() => setShowCreateServer(false)}>Cancel</button><button className="btn btn-primary" onClick={handleCreateServer} disabled={!serverForm.name || !serverForm.provider_id}>Create</button></div>
+                    </div>
+                </div>
+            )}
+
+            {deleteConfirm && (
+                <ConfirmDialog title="Destroy Server" message={`Destroy "${deleteConfirm.name}"? This action is irreversible.`} onConfirm={() => handleDestroy(deleteConfirm.id)} onCancel={() => setDeleteConfirm(null)} variant="danger" />
+            )}
+        </div>
+    );
+};
+
+export default CloudProvision;
diff --git a/frontend/src/pages/CronJobs.jsx b/frontend/src/pages/CronJobs.jsx
index 037b9f11..9cf2f375 100644
--- a/frontend/src/pages/CronJobs.jsx
+++ b/frontend/src/pages/CronJobs.jsx
@@ -1,9 +1,12 @@
 import React, { useState, useEffect } from 'react';
 import api from '../services/api';
 import { useToast } from '../contexts/ToastContext';
+import { useConfirm } from '../hooks/useConfirm';
+import { ConfirmDialog } from '../components/ConfirmDialog';
 
 const CronJobs = () => {
     const toast = useToast();
+    const { confirm, confirmState, handleConfirm, handleCancel } = useConfirm();
     const [status, setStatus] = useState(null);
     const [jobs, setJobs] = useState([]);
     const [presets, setPresets] = useState({});
@@ -105,7 +108,8 @@ const CronJobs = () => {
     };
 
     const handleDeleteJob = async (jobId) => {
-        if (!window.confirm('Are you sure you want to delete this cron job?')) return;
+        const confirmed = await confirm({ title: 'Delete Cron Job', message: 'Are you sure you want to delete this cron job?' });
+        if (!confirmed) return;
         try {
             await api.deleteCronJob(jobId);
             toast.success('Cron job deleted');
@@ -521,6 +525,16 @@ const CronJobs = () => {
                     </div>
                 </div>
             )}
+            <ConfirmDialog
+                isOpen={confirmState.isOpen}
+                title={confirmState.title}
+                message={confirmState.message}
+                confirmText={confirmState.confirmText}
+                cancelText={confirmState.cancelText}
+                variant={confirmState.variant}
+                onConfirm={handleConfirm}
+                onCancel={handleCancel}
+            />
         </div>
     );
 };
diff --git a/frontend/src/pages/DNSZones.jsx b/frontend/src/pages/DNSZones.jsx
new file mode 100644
index 00000000..c0bad40b
--- /dev/null
+++ b/frontend/src/pages/DNSZones.jsx
@@ -0,0 +1,376 @@
+import React, { useState, useEffect, useCallback } from 'react';
+import api from '../services/api';
+import { useToast } from '../contexts/ToastContext';
+import { useAuth } from '../contexts/AuthContext';
+import Spinner from '../components/Spinner';
+import ConfirmDialog from '../components/ConfirmDialog';
+
+const DNSZones = () => {
+    const toast = useToast();
+    const { user } = useAuth();
+    const [zones, setZones] = useState([]);
+    const [loading, setLoading] = useState(true);
+    const [selectedZone, setSelectedZone] = useState(null);
+    const [records, setRecords] = useState([]);
+    const [showCreateZone, setShowCreateZone] = useState(false);
+    const [showCreateRecord, setShowCreateRecord] = useState(false);
+    const [showPropagation, setShowPropagation] = useState(null);
+    const [propagationResults, setPropagationResults] = useState([]);
+    const [deleteConfirm, setDeleteConfirm] = useState(null);
+
+    const [zoneForm, setZoneForm] = useState({ domain: '', provider: 'manual', provider_zone_id: '', api_token: '' });
+    const [recordForm, setRecordForm] = useState({
+        record_type: 'A', name: '@', content: '', ttl: 3600, priority: null
+    });
+
+    const RECORD_TYPES = ['A', 'AAAA', 'CNAME', 'MX', 'TXT', 'SRV', 'CAA', 'NS'];
+
+    const PROVIDER_CONFIG = {
+        cloudflare: {
+            zoneLabel: 'Cloudflare Zone ID',
+            zonePlaceholder: 'e.g. 023e105f4ecef8ad9ca31a8372d0c353',
+            tokenLabel: 'API Token',
+            tokenPlaceholder: 'Cloudflare API token (Edit zone permissions)',
+            helpText: 'Find your Zone ID in the Cloudflare dashboard under Overview → API.',
+        },
+        route53: {
+            zoneLabel: 'Hosted Zone ID',
+            zonePlaceholder: 'e.g. Z3M3LMPEXAMPLE',
+            tokenLabel: 'AWS Access Key',
+            tokenPlaceholder: 'AKIA... (needs Route 53 permissions)',
+            helpText: 'Use an IAM user with AmazonRoute53FullAccess policy.',
+            extraFields: [
+                { key: 'aws_secret_key', label: 'AWS Secret Key', placeholder: 'Secret access key', type: 'password' },
+                { key: 'aws_region', label: 'AWS Region', placeholder: 'us-east-1', type: 'text' },
+            ],
+        },
+        digitalocean: {
+            zoneLabel: 'Domain Name',
+            zonePlaceholder: 'e.g. example.com (must exist in your DO account)',
+            tokenLabel: 'Personal Access Token',
+            tokenPlaceholder: 'DigitalOcean personal access token',
+            helpText: 'Generate a token at API → Tokens with read+write scope.',
+        },
+    };
+
+    const loadZones = useCallback(async () => {
+        try {
+            const data = await api.getDNSZones();
+            setZones(data.zones || []);
+        } catch (err) {
+            toast.error('Failed to load DNS zones');
+        } finally {
+            setLoading(false);
+        }
+    }, [toast]);
+
+    useEffect(() => { loadZones(); }, [loadZones]);
+
+    const loadRecords = async (zoneId) => {
+        try {
+            const data = await api.getDNSRecords(zoneId);
+            setRecords(data.records || []);
+            setSelectedZone(zones.find(z => z.id === zoneId));
+        } catch (err) {
+            toast.error('Failed to load records');
+        }
+    };
+
+    const handleCreateZone = async () => {
+        try {
+            const payload = {
+                domain: zoneForm.domain,
+                provider: zoneForm.provider,
+            };
+            if (zoneForm.provider !== 'manual') {
+                payload.provider_zone_id = zoneForm.provider_zone_id;
+                payload.provider_config = { api_token: zoneForm.api_token };
+            }
+            await api.createDNSZone(payload);
+            toast.success('Zone created');
+            setShowCreateZone(false);
+            setZoneForm({ domain: '', provider: 'manual', provider_zone_id: '', api_token: '' });
+            loadZones();
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const handleCreateRecord = async () => {
+        if (!selectedZone) return;
+        try {
+            await api.createDNSRecord(selectedZone.id, recordForm);
+            toast.success('Record created');
+            setShowCreateRecord(false);
+            setRecordForm({ record_type: 'A', name: '@', content: '', ttl: 3600, priority: null });
+            loadRecords(selectedZone.id);
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const handleDeleteRecord = async (recordId) => {
+        try {
+            await api.deleteDNSRecord(recordId);
+            toast.success('Record deleted');
+            if (selectedZone) loadRecords(selectedZone.id);
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const handleDeleteZone = async (id) => {
+        try {
+            await api.deleteDNSZone(id);
+            toast.success('Zone deleted');
+            setDeleteConfirm(null);
+            if (selectedZone?.id === id) {
+                setSelectedZone(null);
+                setRecords([]);
+            }
+            loadZones();
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const handleCheckPropagation = async (domain) => {
+        try {
+            const data = await api.checkDNSPropagation(domain);
+            setPropagationResults(data.results || []);
+            setShowPropagation(domain);
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const handleExport = async (zoneId) => {
+        try {
+            const data = await api.exportDNSZone(zoneId);
+            const blob = new Blob([data.zone_file], { type: 'text/plain' });
+            const url = URL.createObjectURL(blob);
+            const a = document.createElement('a');
+            a.href = url;
+            a.download = `${selectedZone?.domain || 'zone'}.txt`;
+            a.click();
+            URL.revokeObjectURL(url);
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    if (loading) return <Spinner />;
+
+    return (
+        <div className="dns-zones-page">
+            <div className="page-header">
+                <div className="page-header-content">
+                    <h1>DNS Zones</h1>
+                    <p className="page-description">{zones.length} zone{zones.length !== 1 ? 's' : ''} configured</p>
+                </div>
+                <div className="page-header-actions">
+                    {user?.is_admin && (
+                        <button className="btn btn-primary" onClick={() => setShowCreateZone(true)}>Add Zone</button>
+                    )}
+                </div>
+            </div>
+
+            <div className="dns-layout">
+                <div className="dns-zones-list">
+                    {zones.map(zone => (
+                        <div key={zone.id}
+                            className={`dns-zone-item ${selectedZone?.id === zone.id ? 'active' : ''}`}
+                            onClick={() => loadRecords(zone.id)}>
+                            <div className="dns-zone-item__info">
+                                <strong>{zone.domain}</strong>
+                                <span className="text-muted">{zone.provider} \u2022 {zone.record_count} records</span>
+                            </div>
+                            <div className="dns-zone-item__actions" onClick={e => e.stopPropagation()}>
+                                <button className="btn btn-sm" onClick={() => handleCheckPropagation(zone.domain)}>Check</button>
+                                {user?.is_admin && (
+                                    <button className="btn btn-sm btn-danger" onClick={() => setDeleteConfirm(zone)}>Delete</button>
+                                )}
+                            </div>
+                        </div>
+                    ))}
+                    {zones.length === 0 && <div className="empty-state"><p>No DNS zones configured.</p></div>}
+                </div>
+
+                {selectedZone && (
+                    <div className="dns-records-panel">
+                        <div className="dns-records-panel__header">
+                            <h2>{selectedZone.domain}</h2>
+                            <div className="dns-records-panel__actions">
+                                <button className="btn btn-sm" onClick={() => handleExport(selectedZone.id)}>Export</button>
+                                {user?.is_admin && (
+                                    <button className="btn btn-sm btn-primary" onClick={() => setShowCreateRecord(true)}>Add Record</button>
+                                )}
+                            </div>
+                        </div>
+                        <table className="table">
+                            <thead>
+                                <tr>
+                                    <th>Type</th>
+                                    <th>Name</th>
+                                    <th>Content</th>
+                                    <th>TTL</th>
+                                    <th>Priority</th>
+                                    <th></th>
+                                </tr>
+                            </thead>
+                            <tbody>
+                                {records.map(rec => (
+                                    <tr key={rec.id}>
+                                        <td><span className="badge badge--outline">{rec.record_type}</span></td>
+                                        <td>{rec.name}</td>
+                                        <td className="text-mono">{rec.content}</td>
+                                        <td>{rec.ttl}</td>
+                                        <td>{rec.priority || '-'}</td>
+                                        <td>
+                                            {user?.is_admin && (
+                                                <button className="btn btn-sm btn-danger" onClick={() => handleDeleteRecord(rec.id)}>Delete</button>
+                                            )}
+                                        </td>
+                                    </tr>
+                                ))}
+                                {records.length === 0 && (
+                                    <tr><td colSpan={6} className="text-center text-muted">No records</td></tr>
+                                )}
+                            </tbody>
+                        </table>
+                    </div>
+                )}
+            </div>
+
+            {showCreateZone && (
+                <div className="modal-overlay" onClick={() => setShowCreateZone(false)}>
+                    <div className="modal" onClick={e => e.stopPropagation()}>
+                        <div className="modal-header">
+                            <h2>Add DNS Zone</h2>
+                            <button className="modal-close" onClick={() => setShowCreateZone(false)}>&times;</button>
+                        </div>
+                        <div className="modal-body">
+                            <div className="form-group">
+                                <label>Domain</label>
+                                <input className="form-input" value={zoneForm.domain} onChange={e => setZoneForm({...zoneForm, domain: e.target.value})} placeholder="example.com" />
+                            </div>
+                            <div className="form-group">
+                                <label>Provider</label>
+                                <select className="form-select" value={zoneForm.provider} onChange={e => setZoneForm({...zoneForm, provider: e.target.value})}>
+                                    <option value="manual">Manual</option>
+                                    <option value="cloudflare">Cloudflare</option>
+                                    <option value="route53">Route 53 (AWS)</option>
+                                    <option value="digitalocean">DigitalOcean</option>
+                                </select>
+                            </div>
+                            {zoneForm.provider !== 'manual' && (() => {
+                                const cfg = PROVIDER_CONFIG[zoneForm.provider];
+                                return (
+                                    <>
+                                        {cfg.helpText && (
+                                            <p className="text-muted text-sm">{cfg.helpText}</p>
+                                        )}
+                                        <div className="form-group">
+                                            <label>{cfg.zoneLabel}</label>
+                                            <input className="form-input" value={zoneForm.provider_zone_id} onChange={e => setZoneForm({...zoneForm, provider_zone_id: e.target.value})} placeholder={cfg.zonePlaceholder} />
+                                        </div>
+                                        <div className="form-group">
+                                            <label>{cfg.tokenLabel}</label>
+                                            <input className="form-input" type="password" value={zoneForm.api_token} onChange={e => setZoneForm({...zoneForm, api_token: e.target.value})} placeholder={cfg.tokenPlaceholder} />
+                                        </div>
+                                        {cfg.extraFields?.map(field => (
+                                            <div className="form-group" key={field.key}>
+                                                <label>{field.label}</label>
+                                                <input className="form-input" type={field.type} value={zoneForm[field.key] || ''} onChange={e => setZoneForm({...zoneForm, [field.key]: e.target.value})} placeholder={field.placeholder} />
+                                            </div>
+                                        ))}
+                                    </>
+                                );
+                            })()}
+                        </div>
+                        <div className="modal-footer">
+                            <button className="btn" onClick={() => setShowCreateZone(false)}>Cancel</button>
+                            <button className="btn btn-primary" onClick={handleCreateZone} disabled={!zoneForm.domain}>Create</button>
+                        </div>
+                    </div>
+                </div>
+            )}
+
+            {showCreateRecord && (
+                <div className="modal-overlay" onClick={() => setShowCreateRecord(false)}>
+                    <div className="modal" onClick={e => e.stopPropagation()}>
+                        <div className="modal-header">
+                            <h2>Add DNS Record</h2>
+                            <button className="modal-close" onClick={() => setShowCreateRecord(false)}>&times;</button>
+                        </div>
+                        <div className="modal-body">
+                            <div className="form-group">
+                                <label>Type</label>
+                                <select className="form-select" value={recordForm.record_type} onChange={e => setRecordForm({...recordForm, record_type: e.target.value})}>
+                                    {RECORD_TYPES.map(t => <option key={t} value={t}>{t}</option>)}
+                                </select>
+                            </div>
+                            <div className="form-group">
+                                <label>Name</label>
+                                <input className="form-input" value={recordForm.name} onChange={e => setRecordForm({...recordForm, name: e.target.value})} placeholder="@ or subdomain" />
+                            </div>
+                            <div className="form-group">
+                                <label>Content</label>
+                                <input className="form-input" value={recordForm.content} onChange={e => setRecordForm({...recordForm, content: e.target.value})} placeholder="IP address or hostname" />
+                            </div>
+                            <div className="form-row">
+                                <div className="form-group">
+                                    <label>TTL</label>
+                                    <input className="form-input" type="number" value={recordForm.ttl} onChange={e => setRecordForm({...recordForm, ttl: parseInt(e.target.value) || 3600})} />
+                                </div>
+                                {(recordForm.record_type === 'MX' || recordForm.record_type === 'SRV') && (
+                                    <div className="form-group">
+                                        <label>Priority</label>
+                                        <input className="form-input" type="number" value={recordForm.priority || ''} onChange={e => setRecordForm({...recordForm, priority: parseInt(e.target.value) || null})} />
+                                    </div>
+                                )}
+                            </div>
+                        </div>
+                        <div className="modal-footer">
+                            <button className="btn" onClick={() => setShowCreateRecord(false)}>Cancel</button>
+                            <button className="btn btn-primary" onClick={handleCreateRecord} disabled={!recordForm.content}>Create</button>
+                        </div>
+                    </div>
+                </div>
+            )}
+
+            {showPropagation && (
+                <div className="modal-overlay" onClick={() => setShowPropagation(null)}>
+                    <div className="modal" onClick={e => e.stopPropagation()}>
+                        <div className="modal-header">
+                            <h2>DNS Propagation: {showPropagation}</h2>
+                            <button className="modal-close" onClick={() => setShowPropagation(null)}>&times;</button>
+                        </div>
+                        <div className="modal-body">
+                            {propagationResults.map((r, i) => (
+                                <div key={i} className="propagation-row">
+                                    <span className={`status-dot status-dot--${r.propagated ? 'success' : 'danger'}`} />
+                                    <strong>{r.nameserver}</strong>
+                                    <span className="text-muted">({r.ip})</span>
+                                    <span className="text-mono">{r.result?.join(', ') || 'No result'}</span>
+                                </div>
+                            ))}
+                        </div>
+                    </div>
+                </div>
+            )}
+
+            {deleteConfirm && (
+                <ConfirmDialog
+                    title="Delete Zone"
+                    message={`Delete zone "${deleteConfirm.domain}"? All records will be removed.`}
+                    onConfirm={() => handleDeleteZone(deleteConfirm.id)}
+                    onCancel={() => setDeleteConfirm(null)}
+                    variant="danger"
+                />
+            )}
+        </div>
+    );
+};
+
+export default DNSZones;
diff --git a/frontend/src/pages/Dashboard.jsx b/frontend/src/pages/Dashboard.jsx
index 7124167f..60ac7f5b 100644
--- a/frontend/src/pages/Dashboard.jsx
+++ b/frontend/src/pages/Dashboard.jsx
@@ -1,9 +1,9 @@
 import React, { useState, useEffect, useCallback } from 'react';
 import { useNavigate } from 'react-router-dom';
 import {
-    Cpu, MemoryStick, HardDrive, Activity,
-    Plus, RefreshCw, Server, Zap,
-    RotateCcw, Database, Layers, Container, Globe, Code, Settings
+    HardDrive, Activity,
+    RefreshCw, Zap,
+    Database, Container, Globe, Code, Layers, Server, Terminal
 } from 'lucide-react';
 import api from '../services/api';
 import { useMetrics } from '../hooks/useMetrics';
@@ -19,49 +19,103 @@ const REFRESH_OPTIONS = [
     { label: '1m', value: 60 },
 ];
 
+const ServerSelectorIcon = () => (
+    <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
+        <rect x="2" y="2" width="20" height="8" rx="2" ry="2"/>
+        <rect x="2" y="14" width="20" height="8" rx="2" ry="2"/>
+        <line x1="6" y1="6" x2="6.01" y2="6"/>
+        <line x1="6" y1="18" x2="6.01" y2="18"/>
+    </svg>
+);
+
 const Dashboard = () => {
     const navigate = useNavigate();
-    const { metrics, loading: metricsLoading, connected, refresh: refreshMetrics } = useMetrics(true);
+    const { metrics: localMetrics, loading: metricsLoading, connected, refresh: refreshMetrics } = useMetrics(true);
     const { widgets } = useDashboardLayout();
     const [apps, setApps] = useState([]);
-    const [services, setServices] = useState([]);
-    const [dbStatus, setDbStatus] = useState(null);
     const [systemInfo, setSystemInfo] = useState(null);
     const [loading, setLoading] = useState(true);
     const [refreshInterval, setRefreshInterval] = useState(() => {
         const saved = localStorage.getItem('dashboard_refresh_interval');
-        return saved ? parseInt(saved, 10) : 10; // Default 10 seconds
+        return saved ? parseInt(saved, 10) : 10;
     });
-    const [lastUpdate, setLastUpdate] = useState(Date.now());
     const [localUptime, setLocalUptime] = useState(null);
     const [localTime, setLocalTime] = useState(null);
     const lastServerUptime = React.useRef(null);
     const lastServerTime = React.useRef(null);
-    const syncedAt = React.useRef(null);
+
+    // Server selector state
+    const [servers, setServers] = useState([]);
+    const [selectedServer, setSelectedServer] = useState({ id: 'local', name: 'Local (this server)' });
+    const isRemote = selectedServer.id !== 'local';
+
+    // Remote metrics (when a non-local server is selected)
+    const [remoteMetrics, setRemoteMetrics] = useState(null);
+    const [remoteSystemInfo, setRemoteSystemInfo] = useState(null);
+    const [remoteLoading, setRemoteLoading] = useState(false);
+
+    // Active metrics: remote when a remote server is selected, local otherwise
+    const metrics = isRemote ? remoteMetrics : localMetrics;
+
+    const fetchRemote = useCallback(async () => {
+        if (!isRemote) return;
+        setRemoteLoading(true);
+        try {
+            const [metricsData, sysInfo] = await Promise.all([
+                api.getRemoteSystemMetrics(selectedServer.id),
+                api.getRemoteSystemInfo(selectedServer.id).catch(() => null)
+            ]);
+            setRemoteMetrics(metricsData);
+            setRemoteSystemInfo(sysInfo);
+        } catch (err) {
+            console.error('Failed to load remote metrics:', err);
+        } finally {
+            setRemoteLoading(false);
+        }
+    }, [selectedServer.id, isRemote]);
+
+    // Load servers list on mount
+    useEffect(() => {
+        api.getAvailableServers()
+            .then(data => setServers(Array.isArray(data) ? data : []))
+            .catch(() => setServers([{ id: 'local', name: 'Local (this server)', status: 'online' }]));
+    }, []);
+
+    // Fetch remote metrics when a remote server is selected
+    useEffect(() => {
+        if (!isRemote) {
+            setRemoteMetrics(null);
+            setRemoteSystemInfo(null);
+            return;
+        }
+
+        fetchRemote();
+        const interval = refreshInterval > 0
+            ? setInterval(fetchRemote, refreshInterval * 1000)
+            : null;
+
+        return () => { if (interval) clearInterval(interval); };
+    }, [fetchRemote, refreshInterval, isRemote]);
 
     // Sync local counters when server data arrives
     useEffect(() => {
         const serverUptime = metrics?.system?.uptime_seconds;
         const serverTimeStr = metrics?.time?.current_time_formatted;
-        const serverTzId = metrics?.time?.timezone_id;
 
         if (serverUptime && serverUptime !== lastServerUptime.current) {
             lastServerUptime.current = serverUptime;
             setLocalUptime(serverUptime);
-            syncedAt.current = Date.now();
         }
 
         if (serverTimeStr && serverTimeStr !== lastServerTime.current) {
             lastServerTime.current = serverTimeStr;
-            // Parse server time into a Date object
             try {
                 const parsed = new Date(serverTimeStr);
                 if (!isNaN(parsed)) {
                     setLocalTime(parsed);
-                    syncedAt.current = Date.now();
                 }
             } catch {
-                // If parsing fails, try extracting just the time portion
+                // If parsing fails, skip
             }
         }
     }, [metrics?.system?.uptime_seconds, metrics?.time?.current_time_formatted]);
@@ -85,23 +139,15 @@ const Dashboard = () => {
         loadData();
     }, []);
 
-    // Polling fallback when WebSocket is not connected
+    // Polling fallback when WebSocket is not connected (local only)
     useEffect(() => {
-        if (refreshInterval > 0 && !connected) {
+        if (refreshInterval > 0 && !connected && !isRemote) {
             const interval = setInterval(() => {
                 refreshMetrics();
-                setLastUpdate(Date.now());
             }, refreshInterval * 1000);
             return () => clearInterval(interval);
         }
-    }, [refreshInterval, connected, refreshMetrics]);
-
-    // Update lastUpdate when metrics change (from WebSocket)
-    useEffect(() => {
-        if (metrics) {
-            setLastUpdate(Date.now());
-        }
-    }, [metrics]);
+    }, [refreshInterval, connected, refreshMetrics, isRemote]);
 
     // Save refresh interval preference
     const handleRefreshIntervalChange = useCallback((value) => {
@@ -109,17 +155,24 @@ const Dashboard = () => {
         localStorage.setItem('dashboard_refresh_interval', value.toString());
     }, []);
 
+    function handleServerChange(e) {
+        const serverId = e.target.value;
+        const server = servers.find(s => s.id === serverId) || { id: 'local', name: 'Local (this server)' };
+        setSelectedServer(server);
+        // Reset ticking counters when switching servers
+        lastServerUptime.current = null;
+        lastServerTime.current = null;
+        setLocalUptime(null);
+        setLocalTime(null);
+    }
+
     async function loadData() {
         try {
-            const [appsData, servicesData, dbData, sysInfoData] = await Promise.all([
+            const [appsData, sysInfoData] = await Promise.all([
                 api.getApps(),
-                api.getServicesStatus().catch(() => ({ services: [] })),
-                api.getDatabaseStatus().catch(() => null),
                 api.getSystemInfo().catch(() => null)
             ]);
             setApps(appsData.apps || []);
-            setServices(servicesData.services || []);
-            setDbStatus(dbData);
             setSystemInfo(sysInfoData);
         } catch (err) {
             console.error('Failed to load data:', err);
@@ -128,7 +181,15 @@ const Dashboard = () => {
         }
     }
 
-    // Helper to format uptime from seconds
+    function handleRefreshAll() {
+        if (isRemote) {
+            fetchRemote();
+        } else {
+            refreshMetrics();
+        }
+        loadData();
+    }
+
     function formatUptime(seconds) {
         if (!seconds) return { days: 0, hours: 0, minutes: 0 };
         const days = Math.floor(seconds / 86400);
@@ -137,15 +198,6 @@ const Dashboard = () => {
         return { days, hours, minutes };
     }
 
-    function getStatusClass(status) {
-        switch (status) {
-            case 'running': return 'status-active';
-            case 'stopped': return 'status-stopped';
-            case 'error': return 'status-error';
-            default: return 'status-warning';
-        }
-    }
-
     function getStackIcon(type) {
         switch (type) {
             case 'docker': return <Container size={16} />;
@@ -159,10 +211,10 @@ const Dashboard = () => {
 
     // Get uptime from local ticking counter (synced with server)
     const uptimeFormatted = formatUptime(localUptime ?? metrics?.system?.uptime_seconds);
-    // Fallback to systemInfo for static data, prefer metrics.system for live data
-    const hostname = metrics?.system?.hostname || systemInfo?.hostname || 'server';
-    const kernelVersion = metrics?.system?.kernel || systemInfo?.kernel || '-';
-    const ipAddress = metrics?.system?.ip_address || systemInfo?.ip_address || '-';
+    const activeSysInfo = isRemote ? remoteSystemInfo : systemInfo;
+    const hostname = metrics?.system?.hostname || activeSysInfo?.hostname || 'server';
+    const kernelVersion = metrics?.system?.kernel || activeSysInfo?.kernel || '-';
+    const ipAddress = metrics?.system?.ip_address || activeSysInfo?.ip_address || '-';
     const serverTime = metrics?.time;
 
     // Format the local ticking clock
@@ -170,6 +222,9 @@ const Dashboard = () => {
         ? localTime.toLocaleTimeString('en-US', { hour12: false })
         : serverTime?.current_time_formatted?.split(' ')[1] || '--:--:--';
 
+    // Show green if we have metrics data (regardless of transport — WS or HTTP poll)
+    const isConnected = isRemote ? !remoteLoading && !!remoteMetrics : !!localMetrics;
+
     if (loading && metricsLoading) {
         return <div className="loading">Loading dashboard...</div>;
     }
@@ -180,7 +235,7 @@ const Dashboard = () => {
             <div className="top-bar">
                 <div className="server-identity">
                     <h1>
-                        <span className={`status-dot-live ${connected ? '' : 'disconnected'}`}></span>
+                        <span className={`status-dot-live ${isConnected ? '' : 'disconnected'}`}></span>
                         {hostname}
                     </h1>
                     <div className="server-details">
@@ -192,6 +247,18 @@ const Dashboard = () => {
                     </div>
                 </div>
                 <div className="top-bar-right">
+                    {servers.length > 1 && (
+                        <div className="server-selector">
+                            <ServerSelectorIcon />
+                            <select value={selectedServer.id} onChange={handleServerChange}>
+                                {servers.map(server => (
+                                    <option key={server.id} value={server.id} disabled={server.status === 'offline'}>
+                                        {server.name} {server.status === 'offline' ? '(Offline)' : ''}
+                                    </option>
+                                ))}
+                            </select>
+                        </div>
+                    )}
                     <div className="clock-widget">
                         <span className="clock-time">{displayTime}</span>
                         <span className="clock-zone">{serverTime?.timezone_id || 'UTC'}</span>
@@ -199,7 +266,7 @@ const Dashboard = () => {
                     <div className="refresh-control">
                         <button
                             className="btn-refresh"
-                            onClick={() => { refreshMetrics(); loadData(); }}
+                            onClick={handleRefreshAll}
                             title="Refresh now"
                         >
                             <RefreshCw size={14} />
@@ -231,9 +298,6 @@ const Dashboard = () => {
                                 <div className="tile-val">{(metrics?.cpu?.percent || 0).toFixed(1)}%</div>
                                 <div className="tile-sub">
                                     <span>Cores: {metrics?.cpu?.count_logical || 0}</span>
-                                    <span className={metrics?.cpu?.percent > 50 ? 'trend-up' : 'trend-down'}>
-                                        {metrics?.cpu?.percent > 50 ? '▲' : '▼'} {Math.abs(metrics?.cpu?.percent - 50).toFixed(0)}%
-                                    </span>
                                 </div>
                             </div>
                         ),
@@ -290,27 +354,27 @@ const Dashboard = () => {
                         specs: () => (
                             <div key="specs" className="spec-panel">
                                 <h3 className="spec-panel-title">Quick Actions</h3>
-                                <button className="btn-action" onClick={() => navigate('/docker')}>
-                                    <span>Restart Services</span>
-                                    <span>►</span>
+                                <button className="btn-action" onClick={() => navigate('/servers')}>
+                                    <span>Manage Servers</span>
+                                    <span><Server size={14} /></span>
                                 </button>
-                                <button className="btn-action" onClick={() => navigate('/databases')}>
-                                    <span>Clear Cache</span>
-                                    <span><Zap size={14} /></span>
+                                <button className="btn-action" onClick={() => navigate('/docker')}>
+                                    <span>Docker Containers</span>
+                                    <span><Container size={14} /></span>
                                 </button>
-                                <button className="btn-action" onClick={() => navigate('/ssl')}>
-                                    <span>Rotate SSL Certs</span>
-                                    <span><RotateCcw size={14} /></span>
+                                <button className="btn-action" onClick={() => navigate('/terminal')}>
+                                    <span>Open Terminal</span>
+                                    <span><Terminal size={14} /></span>
                                 </button>
 
-                                <h3 className="spec-panel-title" style={{ marginTop: '1.5rem' }}>Hardware Specs</h3>
+                                <h3 className="spec-panel-title mt-6">Hardware Specs</h3>
                                 <div className="spec-row">
                                     <span className="spec-label">Processor</span>
-                                    <span className="spec-data">{systemInfo?.cpu?.model || 'N/A'}</span>
+                                    <span className="spec-data">{activeSysInfo?.cpu?.model || 'N/A'}</span>
                                 </div>
                                 <div className="spec-row">
                                     <span className="spec-label">Architecture</span>
-                                    <span className="spec-data">{systemInfo?.cpu?.architecture || 'N/A'}</span>
+                                    <span className="spec-data">{activeSysInfo?.cpu?.architecture || 'N/A'}</span>
                                 </div>
                                 <div className="spec-row">
                                     <span className="spec-label">Swap Memory</span>
@@ -321,7 +385,7 @@ const Dashboard = () => {
                         processes: () => (
                             <div key="processes" className="table-panel">
                                 <div className="table-header">
-                                    <span>Active Processes / Containers</span>
+                                    <span>Applications</span>
                                     <button className="btn btn-sm btn-secondary" onClick={loadData}>
                                         <RefreshCw size={14} />
                                     </button>
@@ -339,13 +403,13 @@ const Dashboard = () => {
                                     <tbody>
                                         {apps.length === 0 ? (
                                             <tr>
-                                                <td colSpan="5" style={{ textAlign: 'center', color: 'var(--text-tertiary)' }}>
+                                                <td colSpan="5" className="text-center text-gray-400">
                                                     No applications found
                                                 </td>
                                             </tr>
                                         ) : (
                                             apps.slice(0, 6).map(app => (
-                                                <tr key={app.id} onClick={() => navigate(`/apps/${app.id}`)} style={{ cursor: 'pointer' }}>
+                                                <tr key={app.id} onClick={() => navigate(`/apps/${app.id}`)} className="cursor-pointer">
                                                     <td>{app.id}</td>
                                                     <td>
                                                         <div className="app-name-cell">
diff --git a/frontend/src/pages/Databases.jsx b/frontend/src/pages/Databases.jsx
index 7b089d64..b8d2ac69 100644
--- a/frontend/src/pages/Databases.jsx
+++ b/frontend/src/pages/Databases.jsx
@@ -3,6 +3,8 @@ import { useParams } from 'react-router-dom';
 import useTabParam from '../hooks/useTabParam';
 import api from '../services/api';
 import { useToast } from '../contexts/ToastContext';
+import { useConfirm } from '../hooks/useConfirm';
+import { ConfirmDialog } from '../components/ConfirmDialog';
 import QueryRunner from '../components/QueryRunner';
 
 const VALID_TABS = ['mysql', 'postgresql', 'docker', 'backups', 'sqlite'];
@@ -104,6 +106,7 @@ const Databases = () => {
 
 const MySQLTab = ({ status }) => {
     const toast = useToast();
+    const { confirm, confirmState, handleConfirm, handleCancel } = useConfirm();
     const [databases, setDatabases] = useState([]);
     const [users, setUsers] = useState([]);
     const [loading, setLoading] = useState(true);
@@ -138,7 +141,8 @@ const MySQLTab = ({ status }) => {
     }
 
     async function handleDropDatabase(name) {
-        if (!confirm(`Drop database "${name}"? This cannot be undone!`)) return;
+        const confirmed = await confirm({ title: 'Drop Database', message: `Drop database "${name}"? This cannot be undone!` });
+        if (!confirmed) return;
 
         try {
             await api.dropMySQLDatabase(name);
@@ -163,7 +167,8 @@ const MySQLTab = ({ status }) => {
     }
 
     async function handleDropUser(username, host) {
-        if (!confirm(`Drop user "${username}"@"${host}"?`)) return;
+        const confirmed = await confirm({ title: 'Drop User', message: `Drop user "${username}"@"${host}"?` });
+        if (!confirmed) return;
 
         try {
             await api.dropMySQLUser(username, host);
@@ -349,12 +354,23 @@ const MySQLTab = ({ status }) => {
                     onClose={() => setQueryDb(null)}
                 />
             )}
+            <ConfirmDialog
+                isOpen={confirmState.isOpen}
+                title={confirmState.title}
+                message={confirmState.message}
+                confirmText={confirmState.confirmText}
+                cancelText={confirmState.cancelText}
+                variant={confirmState.variant}
+                onConfirm={handleConfirm}
+                onCancel={handleCancel}
+            />
         </div>
     );
 };
 
 const PostgreSQLTab = ({ status }) => {
     const toast = useToast();
+    const { confirm: confirmPg, confirmState: confirmPgState, handleConfirm: handlePgConfirm, handleCancel: handlePgCancel } = useConfirm();
     const [databases, setDatabases] = useState([]);
     const [users, setUsers] = useState([]);
     const [loading, setLoading] = useState(true);
@@ -389,7 +405,8 @@ const PostgreSQLTab = ({ status }) => {
     }
 
     async function handleDropDatabase(name) {
-        if (!confirm(`Drop database "${name}"? This cannot be undone!`)) return;
+        const confirmed = await confirmPg({ title: 'Drop Database', message: `Drop database "${name}"? This cannot be undone!` });
+        if (!confirmed) return;
 
         try {
             await api.dropPostgreSQLDatabase(name);
@@ -414,7 +431,8 @@ const PostgreSQLTab = ({ status }) => {
     }
 
     async function handleDropUser(username) {
-        if (!confirm(`Drop user "${username}"?`)) return;
+        const confirmed = await confirmPg({ title: 'Drop User', message: `Drop user "${username}"?` });
+        if (!confirmed) return;
 
         try {
             await api.dropPostgreSQLUser(username);
@@ -600,11 +618,22 @@ const PostgreSQLTab = ({ status }) => {
                     onClose={() => setQueryDb(null)}
                 />
             )}
+            <ConfirmDialog
+                isOpen={confirmPgState.isOpen}
+                title={confirmPgState.title}
+                message={confirmPgState.message}
+                confirmText={confirmPgState.confirmText}
+                cancelText={confirmPgState.cancelText}
+                variant={confirmPgState.variant}
+                onConfirm={handlePgConfirm}
+                onCancel={handlePgCancel}
+            />
         </div>
     );
 };
 
 const BackupsTab = () => {
+    const { confirm: confirmBackup, confirmState: confirmBackupState, handleConfirm: handleBackupConfirm, handleCancel: handleBackupCancel } = useConfirm();
     const [backups, setBackups] = useState([]);
     const [loading, setLoading] = useState(true);
     const [filter, setFilter] = useState('all');
@@ -627,7 +656,8 @@ const BackupsTab = () => {
     }
 
     async function handleDelete(filename) {
-        if (!confirm('Delete this backup?')) return;
+        const confirmed = await confirmBackup({ title: 'Delete Backup', message: 'Delete this backup?' });
+        if (!confirmed) return;
 
         try {
             await api.deleteDatabaseBackup(filename);
@@ -707,6 +737,16 @@ const BackupsTab = () => {
                     ))}
                 </div>
             )}
+            <ConfirmDialog
+                isOpen={confirmBackupState.isOpen}
+                title={confirmBackupState.title}
+                message={confirmBackupState.message}
+                confirmText={confirmBackupState.confirmText}
+                cancelText={confirmBackupState.cancelText}
+                variant={confirmBackupState.variant}
+                onConfirm={handleBackupConfirm}
+                onCancel={handleBackupCancel}
+            />
         </div>
     );
 };
diff --git a/frontend/src/pages/Docker.jsx b/frontend/src/pages/Docker.jsx
index 3b7c3533..cd7c601a 100644
--- a/frontend/src/pages/Docker.jsx
+++ b/frontend/src/pages/Docker.jsx
@@ -2,6 +2,8 @@ import React, { useState, useEffect, useCallback, createContext, useContext } fr
 import useTabParam from '../hooks/useTabParam';
 import api from '../services/api';
 import { useToast } from '../contexts/ToastContext';
+import { useConfirm } from '../hooks/useConfirm';
+import { ConfirmDialog } from '../components/ConfirmDialog';
 
 // Server context for Docker operations
 const ServerContext = createContext({ serverId: 'local', serverName: 'Local' });
@@ -354,9 +356,11 @@ const CreateVolumeButton = () => {
 const PruneButton = ({ onPruned }) => {
     const toast = useToast();
     const [loading, setLoading] = useState(false);
+    const { confirm, confirmState, handleConfirm, handleCancel } = useConfirm();
 
     async function handlePrune() {
-        if (!confirm('Remove unused Docker resources? This will remove:\n- Stopped containers\n- Unused images\n- Unused networks')) return;
+        const confirmed = await confirm({ title: 'Docker Cleanup', message: 'Remove unused Docker resources? This will remove stopped containers, unused images, and unused networks.' });
+        if (!confirmed) return;
 
         setLoading(true);
         try {
@@ -371,9 +375,21 @@ const PruneButton = ({ onPruned }) => {
     }
 
     return (
-        <button className="btn btn-secondary btn-sm" onClick={handlePrune} disabled={loading}>
-            {loading ? 'Cleaning...' : 'Prune Unused'}
-        </button>
+        <>
+            <button className="btn btn-secondary btn-sm" onClick={handlePrune} disabled={loading}>
+                {loading ? 'Cleaning...' : 'Prune Unused'}
+            </button>
+            <ConfirmDialog
+                isOpen={confirmState.isOpen}
+                title={confirmState.title}
+                message={confirmState.message}
+                confirmText={confirmState.confirmText}
+                cancelText={confirmState.cancelText}
+                variant={confirmState.variant}
+                onConfirm={handleConfirm}
+                onCancel={handleCancel}
+            />
+        </>
     );
 };
 
@@ -455,6 +471,7 @@ const TrashIcon = () => (
 const ContainersTab = ({ onStatsChange }) => {
     const toast = useToast();
     const { serverId, isRemote } = useServer();
+    const { confirm: confirmContainer, confirmState: confirmContainerState, handleConfirm: handleContainerConfirm, handleCancel: handleContainerCancel } = useConfirm();
     const [containers, setContainers] = useState([]);
     const [containerStats, setContainerStats] = useState({});
     const [loading, setLoading] = useState(true);
@@ -534,7 +551,8 @@ const ContainersTab = ({ onStatsChange }) => {
                 }
                 toast.success('Container restarted');
             } else if (action === 'remove') {
-                if (!confirm('Remove this container?')) return;
+                const removeConfirmed = await confirmContainer({ title: 'Remove Container', message: 'Remove this container?' });
+                if (!removeConfirmed) return;
                 if (isRemote) {
                     await api.removeRemoteContainer(serverId, containerId, true);
                 } else {
@@ -617,7 +635,7 @@ const ContainersTab = ({ onStatsChange }) => {
                             <th>Status</th>
                             <th>Bindings</th>
                             <th>Resources</th>
-                            <th style={{ textAlign: 'right' }}>Actions</th>
+                            <th className="text-right">Actions</th>
                         </tr>
                     </thead>
                     <tbody>
@@ -711,6 +729,16 @@ const ContainersTab = ({ onStatsChange }) => {
                     onClose={() => setExecContainer(null)}
                 />
             )}
+            <ConfirmDialog
+                isOpen={confirmContainerState.isOpen}
+                title={confirmContainerState.title}
+                message={confirmContainerState.message}
+                confirmText={confirmContainerState.confirmText}
+                cancelText={confirmContainerState.cancelText}
+                variant={confirmContainerState.variant}
+                onConfirm={handleContainerConfirm}
+                onCancel={handleContainerCancel}
+            />
         </div>
     );
 };
@@ -719,6 +747,7 @@ const ContainersTab = ({ onStatsChange }) => {
 const ImagesTab = ({ onStatsChange }) => {
     const toast = useToast();
     const { serverId, isRemote } = useServer();
+    const { confirm: confirmImage, confirmState: confirmImageState, handleConfirm: handleImageConfirm, handleCancel: handleImageCancel } = useConfirm();
     const [images, setImages] = useState([]);
     const [loading, setLoading] = useState(true);
     const [searchTerm, setSearchTerm] = useState('');
@@ -746,7 +775,8 @@ const ImagesTab = ({ onStatsChange }) => {
     }
 
     async function handleRemove(imageId) {
-        if (!confirm('Remove this image?')) return;
+        const confirmed = await confirmImage({ title: 'Remove Image', message: 'Remove this image?' });
+        if (!confirmed) return;
 
         try {
             if (isRemote) {
@@ -802,7 +832,7 @@ const ImagesTab = ({ onStatsChange }) => {
                             <th>Image ID</th>
                             <th>Size</th>
                             <th>Created</th>
-                            <th style={{ textAlign: 'right' }}>Actions</th>
+                            <th className="text-right">Actions</th>
                         </tr>
                     </thead>
                     <tbody>
@@ -829,6 +859,16 @@ const ImagesTab = ({ onStatsChange }) => {
                     </tbody>
                 </table>
             )}
+            <ConfirmDialog
+                isOpen={confirmImageState.isOpen}
+                title={confirmImageState.title}
+                message={confirmImageState.message}
+                confirmText={confirmImageState.confirmText}
+                cancelText={confirmImageState.cancelText}
+                variant={confirmImageState.variant}
+                onConfirm={handleImageConfirm}
+                onCancel={handleImageCancel}
+            />
         </div>
     );
 };
@@ -837,6 +877,7 @@ const ImagesTab = ({ onStatsChange }) => {
 const NetworksTab = ({ onStatsChange }) => {
     const toast = useToast();
     const { serverId, isRemote } = useServer();
+    const { confirm: confirmNetwork, confirmState: confirmNetworkState, handleConfirm: handleNetworkConfirm, handleCancel: handleNetworkCancel } = useConfirm();
     const [networks, setNetworks] = useState([]);
     const [loading, setLoading] = useState(true);
 
@@ -863,7 +904,8 @@ const NetworksTab = ({ onStatsChange }) => {
     }
 
     async function handleRemove(networkId) {
-        if (!confirm('Remove this network?')) return;
+        const confirmed = await confirmNetwork({ title: 'Remove Network', message: 'Remove this network?' });
+        if (!confirmed) return;
 
         try {
             await api.removeNetwork(networkId);
@@ -897,7 +939,7 @@ const NetworksTab = ({ onStatsChange }) => {
                             <th>Network ID</th>
                             <th>Driver</th>
                             <th>Scope</th>
-                            <th style={{ textAlign: 'right' }}>Actions</th>
+                            <th className="text-right">Actions</th>
                         </tr>
                     </thead>
                     <tbody>
@@ -923,6 +965,16 @@ const NetworksTab = ({ onStatsChange }) => {
                     </tbody>
                 </table>
             )}
+            <ConfirmDialog
+                isOpen={confirmNetworkState.isOpen}
+                title={confirmNetworkState.title}
+                message={confirmNetworkState.message}
+                confirmText={confirmNetworkState.confirmText}
+                cancelText={confirmNetworkState.cancelText}
+                variant={confirmNetworkState.variant}
+                onConfirm={handleNetworkConfirm}
+                onCancel={handleNetworkCancel}
+            />
         </div>
     );
 };
@@ -931,6 +983,7 @@ const NetworksTab = ({ onStatsChange }) => {
 const VolumesTab = ({ onStatsChange }) => {
     const toast = useToast();
     const { serverId, isRemote } = useServer();
+    const { confirm: confirmVolume, confirmState: confirmVolumeState, handleConfirm: handleVolumeConfirm, handleCancel: handleVolumeCancel } = useConfirm();
     const [volumes, setVolumes] = useState([]);
     const [loading, setLoading] = useState(true);
 
@@ -957,7 +1010,8 @@ const VolumesTab = ({ onStatsChange }) => {
     }
 
     async function handleRemove(volumeName) {
-        if (!confirm('Remove this volume? All data will be lost.')) return;
+        const confirmed = await confirmVolume({ title: 'Remove Volume', message: 'Remove this volume? All data will be lost.' });
+        if (!confirmed) return;
 
         try {
             await api.removeVolume(volumeName, true);
@@ -988,7 +1042,7 @@ const VolumesTab = ({ onStatsChange }) => {
                             <th>Name</th>
                             <th>Driver</th>
                             <th>Mountpoint</th>
-                            <th style={{ textAlign: 'right' }}>Actions</th>
+                            <th className="text-right">Actions</th>
                         </tr>
                     </thead>
                     <tbody>
@@ -999,7 +1053,7 @@ const VolumesTab = ({ onStatsChange }) => {
                                 </td>
                                 <td>{volume.driver}</td>
                                 <td>
-                                    <span className="docker-container-id" style={{ maxWidth: '300px', display: 'inline-block', overflow: 'hidden', textOverflow: 'ellipsis' }}>
+                                    <span className="docker-container-id truncate inline-block" style={{ maxWidth: '300px' }}>
                                         {volume.mountpoint || '-'}
                                     </span>
                                 </td>
@@ -1013,6 +1067,16 @@ const VolumesTab = ({ onStatsChange }) => {
                     </tbody>
                 </table>
             )}
+            <ConfirmDialog
+                isOpen={confirmVolumeState.isOpen}
+                title={confirmVolumeState.title}
+                message={confirmVolumeState.message}
+                confirmText={confirmVolumeState.confirmText}
+                cancelText={confirmVolumeState.cancelText}
+                variant={confirmVolumeState.variant}
+                onConfirm={handleVolumeConfirm}
+                onCancel={handleVolumeCancel}
+            />
         </div>
     );
 };
@@ -1021,6 +1085,7 @@ const VolumesTab = ({ onStatsChange }) => {
 const ComposeTab = ({ onStatsChange }) => {
     const toast = useToast();
     const { serverId, isRemote } = useServer();
+    const { confirm: confirmCompose, confirmState: confirmComposeState, handleConfirm: handleComposeConfirm, handleCancel: handleComposeCancel } = useConfirm();
     const [projects, setProjects] = useState([]);
     const [loading, setLoading] = useState(true);
     const [selectedProject, setSelectedProject] = useState(null);
@@ -1068,7 +1133,8 @@ const ComposeTab = ({ onStatsChange }) => {
                 }
                 toast.success('Project started');
             } else if (action === 'down') {
-                if (!confirm('Stop this compose project? Containers will be removed.')) {
+                const downConfirmed = await confirmCompose({ title: 'Stop Compose Project', message: 'Stop this compose project? Containers will be removed.' });
+                if (!downConfirmed) {
                     setActionLoading(prev => ({ ...prev, [project.Name || project.name]: false }));
                     return;
                 }
@@ -1146,7 +1212,7 @@ const ComposeTab = ({ onStatsChange }) => {
                             <th>Project</th>
                             <th>Status</th>
                             <th>Config File</th>
-                            <th style={{ textAlign: 'right' }}>Actions</th>
+                            <th className="text-right">Actions</th>
                         </tr>
                     </thead>
                     <tbody>
@@ -1171,7 +1237,7 @@ const ComposeTab = ({ onStatsChange }) => {
                                         <div className="docker-status-detail">{status}</div>
                                     </td>
                                     <td>
-                                        <span className="docker-container-id" style={{ maxWidth: '300px', display: 'inline-block', overflow: 'hidden', textOverflow: 'ellipsis' }}>
+                                        <span className="docker-container-id truncate inline-block" style={{ maxWidth: '300px' }}>
                                             {configFiles}
                                         </span>
                                     </td>
@@ -1232,6 +1298,16 @@ const ComposeTab = ({ onStatsChange }) => {
                     onClose={() => setLogsProject(null)}
                 />
             )}
+            <ConfirmDialog
+                isOpen={confirmComposeState.isOpen}
+                title={confirmComposeState.title}
+                message={confirmComposeState.message}
+                confirmText={confirmComposeState.confirmText}
+                cancelText={confirmComposeState.cancelText}
+                variant={confirmComposeState.variant}
+                onConfirm={handleComposeConfirm}
+                onCancel={handleComposeCancel}
+            />
         </div>
     );
 };
@@ -1309,12 +1385,12 @@ const ComposeLogsModal = ({ project, onClose }) => {
                     <button className="modal-close" onClick={onClose}>&times;</button>
                 </div>
                 <div className="modal-body">
-                    <div className="logs-controls" style={{ marginBottom: '10px', display: 'flex', gap: '10px', alignItems: 'center', flexWrap: 'wrap' }}>
+                    <div className="logs-controls flex flex-wrap items-center gap-2 mb-2">
                         <label>Service:</label>
                         <select
                             value={selectedService}
                             onChange={(e) => setSelectedService(e.target.value)}
-                            style={{ padding: '4px 8px' }}
+                            className="py-2 px-2"
                         >
                             <option value="">All Services</option>
                             {services.map(service => (
@@ -1322,7 +1398,7 @@ const ComposeLogsModal = ({ project, onClose }) => {
                             ))}
                         </select>
                         <label>Lines:</label>
-                        <select value={tail} onChange={(e) => setTail(Number(e.target.value))} style={{ padding: '4px 8px' }}>
+                        <select value={tail} onChange={(e) => setTail(Number(e.target.value))} className="py-2 px-2">
                             <option value={50}>50</option>
                             <option value={100}>100</option>
                             <option value={200}>200</option>
@@ -1505,9 +1581,9 @@ const ContainerLogsModal = ({ container, onClose }) => {
                     <button className="modal-close" onClick={onClose}>&times;</button>
                 </div>
                 <div className="modal-body">
-                    <div className="logs-controls" style={{ marginBottom: '10px', display: 'flex', gap: '10px', alignItems: 'center' }}>
+                    <div className="logs-controls flex items-center gap-2 mb-2">
                         <label>Lines:</label>
-                        <select value={tail} onChange={(e) => setTail(Number(e.target.value))} style={{ padding: '4px 8px' }}>
+                        <select value={tail} onChange={(e) => setTail(Number(e.target.value))} className="py-2 px-2">
                             <option value={50}>50</option>
                             <option value={100}>100</option>
                             <option value={200}>200</option>
diff --git a/frontend/src/pages/Domains.jsx b/frontend/src/pages/Domains.jsx
index f8fe0c17..b671ec12 100644
--- a/frontend/src/pages/Domains.jsx
+++ b/frontend/src/pages/Domains.jsx
@@ -34,10 +34,14 @@ const Domains = () => {
     async function loadData() {
         try {
             setLoading(true);
+            const timeout = (promise, ms) => Promise.race([
+                promise,
+                new Promise((_, reject) => setTimeout(() => reject(new Error('Request timeout')), ms))
+            ]);
             const [domainsData, appsData, sslData] = await Promise.all([
-                api.getDomains(),
-                api.getApps(),
-                api.getDomainsSslStatus().catch(() => null)
+                timeout(api.getDomains(), 10000).catch(() => ({ domains: [] })),
+                timeout(api.getApps(), 10000).catch(() => ({ apps: [] })),
+                timeout(api.getDomainsSslStatus(), 10000).catch(() => null)
             ]);
             setDomains(domainsData.domains || []);
             setApps(appsData.apps || []);
@@ -143,10 +147,6 @@ const Domains = () => {
         return app ? app.name : 'Unknown';
     }
 
-    if (loading) {
-        return <div className="loading">Loading domains...</div>;
-    }
-
     return (
         <div>
             <header className="top-bar">
@@ -200,7 +200,11 @@ const Domains = () => {
             {/* Domains List */}
             <h2 className="section-title">Domains</h2>
 
-            {domains.length === 0 ? (
+            {loading ? (
+                <div className="empty-state">
+                    <p>Loading domains...</p>
+                </div>
+            ) : domains.length === 0 ? (
                 <div className="empty-state">
                     <Globe size={48} />
                     <h3>No domains configured</h3>
diff --git a/frontend/src/pages/Email.jsx b/frontend/src/pages/Email.jsx
index d7fb8754..3759db82 100644
--- a/frontend/src/pages/Email.jsx
+++ b/frontend/src/pages/Email.jsx
@@ -494,7 +494,7 @@ function Email() {
                     <h2>Email Server Not Installed</h2>
                     <p>Install Postfix, Dovecot, OpenDKIM, and SpamAssassin to enable email hosting.</p>
                     <div className="install-form">
-                        <div className="form-group" style={{ width: '100%' }}>
+                        <div className="form-group w-full">
                             <label>Hostname (e.g. mail.example.com)</label>
                             <input type="text" value={installHostname} onChange={e => setInstallHostname(e.target.value)} placeholder="mail.example.com" />
                         </div>
@@ -926,7 +926,7 @@ function Email() {
                                     ))}
                                 </div>
                             </div>
-                            <div className="email-logs" style={{ marginTop: '2rem' }}>
+                            <div className="email-logs mt-8">
                                 <div className="section-header">
                                     <h2>Mail Logs</h2>
                                     <div className="log-controls">
diff --git a/frontend/src/pages/FleetMonitor.jsx b/frontend/src/pages/FleetMonitor.jsx
new file mode 100644
index 00000000..ce740690
--- /dev/null
+++ b/frontend/src/pages/FleetMonitor.jsx
@@ -0,0 +1,846 @@
+import React, { useState, useEffect, useMemo } from 'react';
+import {
+    Activity,
+    AlertTriangle,
+    BarChart3,
+    CheckCircle,
+    ChevronDown,
+    Download,
+    Eye,
+    Layers,
+    RefreshCw,
+    Search,
+    Server,
+    TrendingUp,
+    XCircle,
+    Zap
+} from 'lucide-react';
+import {
+    LineChart, Line, AreaChart, Area, XAxis, YAxis,
+    CartesianGrid, Tooltip, ResponsiveContainer, Legend
+} from 'recharts';
+import api from '../services/api';
+import { useToast } from '../contexts/ToastContext';
+
+const CHART_COLORS = [
+    '#6366f1', '#ec4899', '#14b8a6', '#f59e0b',
+    '#8b5cf6', '#06b6d4', '#ef4444', '#22c55e',
+    '#a855f7', '#f97316'
+];
+
+const METRIC_LABELS = {
+    cpu: 'CPU %',
+    memory: 'Memory %',
+    disk: 'Disk %',
+    network_rx: 'Network RX',
+    network_tx: 'Network TX'
+};
+
+const heatColor = (value) => {
+    if (value == null) return 'var(--card-bg)';
+    if (value >= 90) return '#ef4444';
+    if (value >= 75) return '#f97316';
+    if (value >= 50) return '#eab308';
+    return '#22c55e';
+};
+
+const FleetMonitor = () => {
+    const [activeTab, setActiveTab] = useState('overview');
+    const [loading, setLoading] = useState(true);
+    const { addToast } = useToast();
+
+    // Overview state
+    const [heatmapData, setHeatmapData] = useState([]);
+
+    // Comparison state
+    const [servers, setServers] = useState([]);
+    const [selectedServers, setSelectedServers] = useState([]);
+    const [compMetric, setCompMetric] = useState('cpu');
+    const [compPeriod, setCompPeriod] = useState('24h');
+    const [compData, setCompData] = useState(null);
+
+    // Alerts state
+    const [alerts, setAlerts] = useState([]);
+    const [thresholds, setThresholds] = useState([]);
+    const [alertFilter, setAlertFilter] = useState('active');
+    const [newThreshold, setNewThreshold] = useState({
+        metric: 'cpu', warning_threshold: 80, critical_threshold: 95, duration_seconds: 300
+    });
+
+    // Anomaly/Forecast state
+    const [anomalies, setAnomalies] = useState([]);
+    const [forecastServer, setForecastServer] = useState('');
+    const [forecastMetric, setForecastMetric] = useState('disk');
+    const [forecast, setForecast] = useState(null);
+
+    // Search state
+    const [searchQuery, setSearchQuery] = useState('');
+    const [searchType, setSearchType] = useState('any');
+    const [searchResults, setSearchResults] = useState([]);
+
+    useEffect(() => {
+        loadServers();
+    }, []);
+
+    useEffect(() => {
+        fetchTabData();
+    }, [activeTab, alertFilter]);
+
+    const loadServers = async () => {
+        try {
+            const data = await api.getServers();
+            const list = data.servers || data;
+            setServers(Array.isArray(list) ? list : []);
+        } catch (e) {
+            console.error('Error loading servers:', e);
+        }
+    };
+
+    const fetchTabData = async () => {
+        setLoading(true);
+        try {
+            if (activeTab === 'overview') {
+                const data = await api.getFleetHeatmap();
+                setHeatmapData(data);
+            } else if (activeTab === 'alerts') {
+                const [alertData, thresholdData] = await Promise.all([
+                    api.getFleetAlerts({ status: alertFilter !== 'all' ? alertFilter : undefined }),
+                    api.getFleetThresholds()
+                ]);
+                setAlerts(alertData);
+                setThresholds(thresholdData);
+            } else if (activeTab === 'anomalies') {
+                const data = await api.getFleetAnomalies();
+                setAnomalies(data);
+            }
+        } catch (e) {
+            console.error('Error fetching tab data:', e);
+        } finally {
+            setLoading(false);
+        }
+    };
+
+    const loadComparison = async () => {
+        if (selectedServers.length === 0) return;
+        setLoading(true);
+        try {
+            const data = await api.getFleetComparison(selectedServers, compMetric, compPeriod);
+            setCompData(data);
+        } catch (e) {
+            addToast('Error', 'Failed to load comparison data', 'error');
+        } finally {
+            setLoading(false);
+        }
+    };
+
+    const loadForecast = async (serverId) => {
+        try {
+            const data = await api.getCapacityForecast(serverId || forecastServer, forecastMetric);
+            setForecast(data);
+        } catch (e) {
+            addToast('Error', 'Failed to load forecast', 'error');
+        }
+    };
+
+    const handleSearch = async () => {
+        if (searchQuery.length < 2) return;
+        setLoading(true);
+        try {
+            const data = await api.searchFleet(searchQuery, searchType);
+            setSearchResults(data);
+        } catch (e) {
+            addToast('Error', 'Search failed', 'error');
+        } finally {
+            setLoading(false);
+        }
+    };
+
+    const acknowledgeAlert = async (id) => {
+        try {
+            await api.acknowledgeFleetAlert(id);
+            fetchTabData();
+        } catch (e) {
+            addToast('Error', 'Failed to acknowledge alert', 'error');
+        }
+    };
+
+    const resolveAlert = async (id) => {
+        try {
+            await api.resolveFleetAlert(id);
+            fetchTabData();
+        } catch (e) {
+            addToast('Error', 'Failed to resolve alert', 'error');
+        }
+    };
+
+    const saveThreshold = async () => {
+        try {
+            await api.createFleetThreshold(newThreshold);
+            addToast('Success', 'Threshold saved', 'success');
+            fetchTabData();
+        } catch (e) {
+            addToast('Error', 'Failed to save threshold', 'error');
+        }
+    };
+
+    const deleteThreshold = async (id) => {
+        try {
+            await api.deleteFleetThreshold(id);
+            fetchTabData();
+        } catch (e) {
+            addToast('Error', 'Failed to delete threshold', 'error');
+        }
+    };
+
+    const toggleServer = (id) => {
+        setSelectedServers(prev =>
+            prev.includes(id) ? prev.filter(s => s !== id) : [...prev, id]
+        );
+    };
+
+    // Merge comparison series into recharts-compatible format
+    const compChartData = useMemo(() => {
+        if (!compData?.series?.length) return [];
+        const timeMap = {};
+        compData.series.forEach((s, idx) => {
+            s.data.forEach(point => {
+                if (!timeMap[point.timestamp]) {
+                    timeMap[point.timestamp] = { timestamp: point.timestamp };
+                }
+                timeMap[point.timestamp][s.name] = point.value;
+            });
+        });
+        return Object.values(timeMap).sort((a, b) => a.timestamp.localeCompare(b.timestamp));
+    }, [compData]);
+
+    const exportCsv = async () => {
+        if (selectedServers.length === 0) return;
+        try {
+            const blob = await api.exportFleetCsv(selectedServers, compMetric, compPeriod);
+            const url = URL.createObjectURL(blob);
+            const a = document.createElement('a');
+            a.href = url;
+            a.download = `fleet_${compMetric}_${compPeriod}.csv`;
+            a.click();
+            URL.revokeObjectURL(url);
+        } catch (e) {
+            addToast('Error', 'Export failed', 'error');
+        }
+    };
+
+    return (
+        <div className="page-container">
+            <div className="page-header">
+                <div className="header-info">
+                    <h1>Fleet Monitor</h1>
+                    <p>Cross-server monitoring, alerts, and capacity planning.</p>
+                </div>
+                <div className="header-actions">
+                    <button className="btn btn-primary" onClick={fetchTabData} disabled={loading}>
+                        <RefreshCw size={18} className={loading ? 'animate-spin' : ''} />
+                        Refresh
+                    </button>
+                </div>
+            </div>
+
+            <div className="tabs-container">
+                <div className="tabs">
+                    {[
+                        { key: 'overview', icon: Layers, label: 'Overview' },
+                        { key: 'comparison', icon: BarChart3, label: 'Comparison' },
+                        { key: 'alerts', icon: AlertTriangle, label: 'Alerts' },
+                        { key: 'anomalies', icon: TrendingUp, label: 'Anomalies & Forecast' },
+                        { key: 'search', icon: Search, label: 'Fleet Search' },
+                    ].map(tab => (
+                        <button
+                            key={tab.key}
+                            className={`tab ${activeTab === tab.key ? 'active' : ''}`}
+                            onClick={() => setActiveTab(tab.key)}
+                        >
+                            <tab.icon size={18} />
+                            {tab.label}
+                        </button>
+                    ))}
+                </div>
+            </div>
+
+            <div className="tab-content mt-6">
+                {/* ==================== Overview Heatmap ==================== */}
+                {activeTab === 'overview' && (
+                    <div className="space-y-6">
+                        <div className="card">
+                            <div className="card-header">
+                                <h2>Server Health Heatmap</h2>
+                            </div>
+                            <div className="card-body">
+                                {heatmapData.length > 0 ? (
+                                    <div className="fleet-heatmap">
+                                        <div className="fleet-heatmap__header">
+                                            <div className="fleet-heatmap__label">Server</div>
+                                            <div className="fleet-heatmap__label">CPU</div>
+                                            <div className="fleet-heatmap__label">Memory</div>
+                                            <div className="fleet-heatmap__label">Disk</div>
+                                            <div className="fleet-heatmap__label">Containers</div>
+                                            <div className="fleet-heatmap__label">Status</div>
+                                        </div>
+                                        {heatmapData.map(server => (
+                                            <div key={server.id} className="fleet-heatmap__row">
+                                                <div className="fleet-heatmap__server">
+                                                    <Server size={14} />
+                                                    <span>{server.name}</span>
+                                                    {server.group_name && (
+                                                        <span className="text-xs text-gray-400 ml-1">({server.group_name})</span>
+                                                    )}
+                                                </div>
+                                                <div
+                                                    className="fleet-heatmap__cell"
+                                                    style={{ backgroundColor: heatColor(server.cpu), color: server.cpu >= 75 ? '#fff' : 'inherit' }}
+                                                    title={`CPU: ${server.cpu ?? 'N/A'}%`}
+                                                >
+                                                    {server.cpu != null ? `${server.cpu}%` : '-'}
+                                                </div>
+                                                <div
+                                                    className="fleet-heatmap__cell"
+                                                    style={{ backgroundColor: heatColor(server.memory), color: server.memory >= 75 ? '#fff' : 'inherit' }}
+                                                    title={`Memory: ${server.memory ?? 'N/A'}%`}
+                                                >
+                                                    {server.memory != null ? `${server.memory}%` : '-'}
+                                                </div>
+                                                <div
+                                                    className="fleet-heatmap__cell"
+                                                    style={{ backgroundColor: heatColor(server.disk), color: server.disk >= 75 ? '#fff' : 'inherit' }}
+                                                    title={`Disk: ${server.disk ?? 'N/A'}%`}
+                                                >
+                                                    {server.disk != null ? `${server.disk}%` : '-'}
+                                                </div>
+                                                <div className="fleet-heatmap__cell">
+                                                    {server.containers ?? '-'}
+                                                </div>
+                                                <div className="fleet-heatmap__cell">
+                                                    <span className={`badge ${server.status === 'online' ? 'badge-success' : 'badge-error'}`}>
+                                                        {server.status}
+                                                    </span>
+                                                </div>
+                                            </div>
+                                        ))}
+                                    </div>
+                                ) : (
+                                    <div className="py-12 text-center text-gray-500">
+                                        <Server size={48} className="mx-auto text-gray-300 mb-4" />
+                                        <p>No servers registered. Add servers to see the fleet heatmap.</p>
+                                    </div>
+                                )}
+                            </div>
+                        </div>
+                        <div className="flex gap-3 items-center text-sm text-gray-500">
+                            <span>Legend:</span>
+                            <span className="flex items-center gap-1"><span className="inline-block w-3 h-3 rounded" style={{ backgroundColor: '#22c55e' }}></span> 0-50%</span>
+                            <span className="flex items-center gap-1"><span className="inline-block w-3 h-3 rounded" style={{ backgroundColor: '#eab308' }}></span> 50-75%</span>
+                            <span className="flex items-center gap-1"><span className="inline-block w-3 h-3 rounded" style={{ backgroundColor: '#f97316' }}></span> 75-90%</span>
+                            <span className="flex items-center gap-1"><span className="inline-block w-3 h-3 rounded" style={{ backgroundColor: '#ef4444' }}></span> 90-100%</span>
+                        </div>
+                    </div>
+                )}
+
+                {/* ==================== Comparison ==================== */}
+                {activeTab === 'comparison' && (
+                    <div className="space-y-6">
+                        <div className="card">
+                            <div className="card-header flex justify-between items-center">
+                                <h2>Server Comparison</h2>
+                                <div className="flex gap-2">
+                                    <button className="btn btn-sm btn-ghost" onClick={exportCsv} disabled={selectedServers.length === 0}>
+                                        <Download size={14} /> Export CSV
+                                    </button>
+                                </div>
+                            </div>
+                            <div className="card-body">
+                                <div className="grid grid-cols-1 lg:grid-cols-4 gap-4 mb-6">
+                                    <div className="lg:col-span-2">
+                                        <label className="text-sm font-medium mb-1 block">Select Servers (click to toggle)</label>
+                                        <div className="flex flex-wrap gap-2 max-h-24 overflow-y-auto p-2 border rounded">
+                                            {servers.map(s => (
+                                                <button
+                                                    key={s.id}
+                                                    className={`btn btn-sm ${selectedServers.includes(s.id) ? 'btn-primary' : 'btn-ghost'}`}
+                                                    onClick={() => toggleServer(s.id)}
+                                                >
+                                                    {s.name}
+                                                </button>
+                                            ))}
+                                        </div>
+                                    </div>
+                                    <div>
+                                        <label className="text-sm font-medium mb-1 block">Metric</label>
+                                        <select className="form-select w-full" value={compMetric} onChange={e => setCompMetric(e.target.value)}>
+                                            {Object.entries(METRIC_LABELS).map(([k, v]) => (
+                                                <option key={k} value={k}>{v}</option>
+                                            ))}
+                                        </select>
+                                    </div>
+                                    <div>
+                                        <label className="text-sm font-medium mb-1 block">Period</label>
+                                        <div className="flex gap-1">
+                                            {['1h', '6h', '24h', '7d'].map(p => (
+                                                <button
+                                                    key={p}
+                                                    className={`btn btn-sm ${compPeriod === p ? 'btn-primary' : 'btn-ghost'}`}
+                                                    onClick={() => setCompPeriod(p)}
+                                                >
+                                                    {p}
+                                                </button>
+                                            ))}
+                                        </div>
+                                    </div>
+                                </div>
+                                <div className="flex justify-end mb-4">
+                                    <button
+                                        className="btn btn-primary"
+                                        onClick={loadComparison}
+                                        disabled={selectedServers.length === 0 || loading}
+                                    >
+                                        <BarChart3 size={16} /> Compare
+                                    </button>
+                                </div>
+
+                                {compChartData.length > 0 && compData?.series && (
+                                    <ResponsiveContainer width="100%" height={400}>
+                                        <AreaChart data={compChartData}>
+                                            <CartesianGrid strokeDasharray="3 3" stroke="var(--border-color)" />
+                                            <XAxis
+                                                dataKey="timestamp"
+                                                tickFormatter={v => new Date(v).toLocaleTimeString([], { hour: '2-digit', minute: '2-digit' })}
+                                                stroke="var(--text-secondary)"
+                                                fontSize={12}
+                                            />
+                                            <YAxis stroke="var(--text-secondary)" fontSize={12} unit="%" />
+                                            <Tooltip
+                                                labelFormatter={v => new Date(v).toLocaleString()}
+                                                contentStyle={{ backgroundColor: 'var(--card-bg)', border: '1px solid var(--border-color)' }}
+                                            />
+                                            <Legend />
+                                            {compData.series.map((s, i) => (
+                                                <Area
+                                                    key={s.server_id}
+                                                    type="monotone"
+                                                    dataKey={s.name}
+                                                    stroke={CHART_COLORS[i % CHART_COLORS.length]}
+                                                    fill={CHART_COLORS[i % CHART_COLORS.length]}
+                                                    fillOpacity={0.1}
+                                                    strokeWidth={2}
+                                                    dot={false}
+                                                />
+                                            ))}
+                                        </AreaChart>
+                                    </ResponsiveContainer>
+                                )}
+
+                                {selectedServers.length === 0 && (
+                                    <div className="py-12 text-center text-gray-500">
+                                        <BarChart3 size={48} className="mx-auto text-gray-300 mb-4" />
+                                        <p>Select servers above to compare their metrics.</p>
+                                    </div>
+                                )}
+                            </div>
+                        </div>
+                    </div>
+                )}
+
+                {/* ==================== Alerts ==================== */}
+                {activeTab === 'alerts' && (
+                    <div className="space-y-6">
+                        <div className="card">
+                            <div className="card-header flex justify-between items-center">
+                                <h2>Metric Alerts</h2>
+                                <div className="flex gap-1">
+                                    {['active', 'acknowledged', 'resolved', 'all'].map(f => (
+                                        <button
+                                            key={f}
+                                            className={`btn btn-sm ${alertFilter === f ? 'btn-primary' : 'btn-ghost'}`}
+                                            onClick={() => setAlertFilter(f)}
+                                        >
+                                            {f.charAt(0).toUpperCase() + f.slice(1)}
+                                        </button>
+                                    ))}
+                                </div>
+                            </div>
+                            {alerts.length > 0 ? (
+                                <div className="overflow-x-auto">
+                                    <table className="table">
+                                        <thead>
+                                            <tr>
+                                                <th>Server</th>
+                                                <th>Metric</th>
+                                                <th>Value</th>
+                                                <th>Threshold</th>
+                                                <th>Severity</th>
+                                                <th>Status</th>
+                                                <th>Time</th>
+                                                <th>Actions</th>
+                                            </tr>
+                                        </thead>
+                                        <tbody>
+                                            {alerts.map(a => (
+                                                <tr key={a.id}>
+                                                    <td className="font-semibold">{a.server_name}</td>
+                                                    <td>{METRIC_LABELS[a.metric] || a.metric}</td>
+                                                    <td className="font-mono">{a.value}%</td>
+                                                    <td className="font-mono">{a.threshold}%</td>
+                                                    <td>
+                                                        <span className={`badge ${a.severity === 'critical' ? 'badge-error' : 'badge-warning'}`}>
+                                                            {a.severity}
+                                                        </span>
+                                                    </td>
+                                                    <td>
+                                                        <span className={`badge ${a.status === 'active' ? 'badge-error' : a.status === 'acknowledged' ? 'badge-warning' : 'badge-success'}`}>
+                                                            {a.status}
+                                                        </span>
+                                                    </td>
+                                                    <td className="text-sm">{new Date(a.created_at).toLocaleString()}</td>
+                                                    <td className="actions">
+                                                        {a.status === 'active' && (
+                                                            <>
+                                                                <button className="btn btn-sm btn-ghost" onClick={() => acknowledgeAlert(a.id)}>
+                                                                    <Eye size={14} /> Ack
+                                                                </button>
+                                                                <button className="btn btn-sm btn-ghost" onClick={() => resolveAlert(a.id)}>
+                                                                    <CheckCircle size={14} />
+                                                                </button>
+                                                            </>
+                                                        )}
+                                                        {a.status === 'acknowledged' && (
+                                                            <button className="btn btn-sm btn-ghost" onClick={() => resolveAlert(a.id)}>
+                                                                <CheckCircle size={14} /> Resolve
+                                                            </button>
+                                                        )}
+                                                    </td>
+                                                </tr>
+                                            ))}
+                                        </tbody>
+                                    </table>
+                                </div>
+                            ) : (
+                                <div className="card-body py-8 text-center text-gray-500">
+                                    <CheckCircle size={36} className="mx-auto text-gray-300 mb-3" />
+                                    <p>No {alertFilter !== 'all' ? alertFilter : ''} alerts.</p>
+                                </div>
+                            )}
+                        </div>
+
+                        <div className="grid grid-cols-1 lg:grid-cols-2 gap-6">
+                            <div className="card">
+                                <div className="card-header"><h2>Alert Thresholds</h2></div>
+                                {thresholds.length > 0 ? (
+                                    <div className="overflow-x-auto">
+                                        <table className="table">
+                                            <thead>
+                                                <tr>
+                                                    <th>Scope</th>
+                                                    <th>Metric</th>
+                                                    <th>Warning</th>
+                                                    <th>Critical</th>
+                                                    <th>Duration</th>
+                                                    <th></th>
+                                                </tr>
+                                            </thead>
+                                            <tbody>
+                                                {thresholds.map(t => (
+                                                    <tr key={t.id}>
+                                                        <td>{t.server_name || 'Global'}</td>
+                                                        <td>{METRIC_LABELS[t.metric] || t.metric}</td>
+                                                        <td className="text-yellow-600">{t.warning_threshold}%</td>
+                                                        <td className="text-red-600">{t.critical_threshold}%</td>
+                                                        <td>{t.duration_seconds}s</td>
+                                                        <td>
+                                                            <button className="btn btn-ghost btn-sm text-red-600" onClick={() => deleteThreshold(t.id)}>
+                                                                <XCircle size={14} />
+                                                            </button>
+                                                        </td>
+                                                    </tr>
+                                                ))}
+                                            </tbody>
+                                        </table>
+                                    </div>
+                                ) : (
+                                    <div className="card-body py-6 text-center text-gray-500 text-sm">
+                                        No thresholds configured. Add one to start receiving metric alerts.
+                                    </div>
+                                )}
+                            </div>
+
+                            <div className="card">
+                                <div className="card-header"><h2>Add Threshold</h2></div>
+                                <div className="card-body space-y-4">
+                                    <div className="form-group">
+                                        <label>Server (leave empty for global)</label>
+                                        <select
+                                            className="form-select w-full"
+                                            value={newThreshold.server_id || ''}
+                                            onChange={e => setNewThreshold(p => ({ ...p, server_id: e.target.value || undefined }))}
+                                        >
+                                            <option value="">Global Default</option>
+                                            {servers.map(s => <option key={s.id} value={s.id}>{s.name}</option>)}
+                                        </select>
+                                    </div>
+                                    <div className="grid grid-cols-2 gap-4">
+                                        <div className="form-group">
+                                            <label>Metric</label>
+                                            <select className="form-select w-full" value={newThreshold.metric}
+                                                onChange={e => setNewThreshold(p => ({ ...p, metric: e.target.value }))}>
+                                                <option value="cpu">CPU</option>
+                                                <option value="memory">Memory</option>
+                                                <option value="disk">Disk</option>
+                                            </select>
+                                        </div>
+                                        <div className="form-group">
+                                            <label>Duration (seconds)</label>
+                                            <input type="number" className="form-input w-full" value={newThreshold.duration_seconds}
+                                                onChange={e => setNewThreshold(p => ({ ...p, duration_seconds: parseInt(e.target.value) || 300 }))} />
+                                        </div>
+                                    </div>
+                                    <div className="grid grid-cols-2 gap-4">
+                                        <div className="form-group">
+                                            <label>Warning (%)</label>
+                                            <input type="number" className="form-input w-full" value={newThreshold.warning_threshold}
+                                                onChange={e => setNewThreshold(p => ({ ...p, warning_threshold: parseFloat(e.target.value) || 80 }))} />
+                                        </div>
+                                        <div className="form-group">
+                                            <label>Critical (%)</label>
+                                            <input type="number" className="form-input w-full" value={newThreshold.critical_threshold}
+                                                onChange={e => setNewThreshold(p => ({ ...p, critical_threshold: parseFloat(e.target.value) || 95 }))} />
+                                        </div>
+                                    </div>
+                                    <button className="btn btn-primary w-full" onClick={saveThreshold}>
+                                        Save Threshold
+                                    </button>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                )}
+
+                {/* ==================== Anomalies & Forecast ==================== */}
+                {activeTab === 'anomalies' && (
+                    <div className="space-y-6">
+                        <div className="card">
+                            <div className="card-header"><h2>Anomaly Detection</h2></div>
+                            {anomalies.length > 0 ? (
+                                <div className="overflow-x-auto">
+                                    <table className="table">
+                                        <thead>
+                                            <tr>
+                                                <th>Server</th>
+                                                <th>Metric</th>
+                                                <th>Current</th>
+                                                <th>Baseline (mean)</th>
+                                                <th>Std Dev</th>
+                                                <th>Z-Score</th>
+                                                <th>Direction</th>
+                                            </tr>
+                                        </thead>
+                                        <tbody>
+                                            {anomalies.map((a, i) => (
+                                                <tr key={i}>
+                                                    <td className="font-semibold">{a.server_name}</td>
+                                                    <td>{METRIC_LABELS[a.metric] || a.metric}</td>
+                                                    <td className="font-mono text-red-600">{a.current_value}%</td>
+                                                    <td className="font-mono">{a.mean}%</td>
+                                                    <td className="font-mono">{a.stddev}</td>
+                                                    <td className="font-mono font-bold">{a.z_score}</td>
+                                                    <td>
+                                                        <span className={`badge ${a.direction === 'high' ? 'badge-error' : 'badge-info'}`}>
+                                                            {a.direction === 'high' ? 'Unusually High' : 'Unusually Low'}
+                                                        </span>
+                                                    </td>
+                                                </tr>
+                                            ))}
+                                        </tbody>
+                                    </table>
+                                </div>
+                            ) : (
+                                <div className="card-body py-8 text-center text-gray-500">
+                                    <CheckCircle size={36} className="mx-auto text-gray-300 mb-3" />
+                                    <p>No anomalies detected. All metrics are within normal ranges.</p>
+                                </div>
+                            )}
+                        </div>
+
+                        <div className="card">
+                            <div className="card-header"><h2>Capacity Forecast</h2></div>
+                            <div className="card-body">
+                                <div className="flex gap-4 mb-6">
+                                    <div className="form-group flex-1">
+                                        <label>Server</label>
+                                        <select className="form-select w-full" value={forecastServer}
+                                            onChange={e => setForecastServer(e.target.value)}>
+                                            <option value="">Select a server...</option>
+                                            {servers.map(s => <option key={s.id} value={s.id}>{s.name}</option>)}
+                                        </select>
+                                    </div>
+                                    <div className="form-group">
+                                        <label>Metric</label>
+                                        <select className="form-select w-full" value={forecastMetric}
+                                            onChange={e => setForecastMetric(e.target.value)}>
+                                            <option value="disk">Disk</option>
+                                            <option value="memory">Memory</option>
+                                            <option value="cpu">CPU</option>
+                                        </select>
+                                    </div>
+                                    <div className="form-group flex items-end">
+                                        <button className="btn btn-primary" onClick={() => loadForecast()} disabled={!forecastServer}>
+                                            <TrendingUp size={16} /> Forecast
+                                        </button>
+                                    </div>
+                                </div>
+
+                                {forecast && !forecast.error && (
+                                    <div className="space-y-6">
+                                        <div className="grid grid-cols-1 md:grid-cols-3 gap-4">
+                                            <div className="p-4 bg-gray-50 rounded-lg text-center">
+                                                <div className="text-sm text-gray-500">Current</div>
+                                                <div className="text-2xl font-bold">{forecast.current_value}%</div>
+                                            </div>
+                                            <div className="p-4 bg-gray-50 rounded-lg text-center">
+                                                <div className="text-sm text-gray-500">Growth Rate</div>
+                                                <div className="text-2xl font-bold">{forecast.growth_rate_per_day}%/day</div>
+                                            </div>
+                                            <div className="p-4 bg-gray-50 rounded-lg text-center">
+                                                <div className="text-sm text-gray-500">Trend</div>
+                                                <div className={`text-2xl font-bold ${forecast.trend === 'increasing' ? 'text-red-600' : forecast.trend === 'decreasing' ? 'text-green-600' : ''}`}>
+                                                    {forecast.trend}
+                                                </div>
+                                            </div>
+                                        </div>
+
+                                        {forecast.predictions && (
+                                            <div className="grid grid-cols-2 gap-4">
+                                                <div className={`p-4 rounded-lg border ${forecast.predictions.days_to_90pct === 0 ? 'border-red-300 bg-red-50' : 'border-yellow-300 bg-yellow-50'}`}>
+                                                    <div className="text-sm font-medium">Reaches 90%</div>
+                                                    <div className="text-lg font-bold">
+                                                        {forecast.predictions.date_90pct || 'N/A'}
+                                                        {forecast.predictions.days_to_90pct != null && forecast.predictions.days_to_90pct > 0 && (
+                                                            <span className="text-sm font-normal ml-2">({forecast.predictions.days_to_90pct} days)</span>
+                                                        )}
+                                                    </div>
+                                                </div>
+                                                <div className={`p-4 rounded-lg border ${forecast.predictions.days_to_100pct === 0 ? 'border-red-300 bg-red-50' : 'border-red-200 bg-red-50'}`}>
+                                                    <div className="text-sm font-medium">Reaches 100%</div>
+                                                    <div className="text-lg font-bold">
+                                                        {forecast.predictions.date_100pct || 'N/A'}
+                                                        {forecast.predictions.days_to_100pct != null && forecast.predictions.days_to_100pct > 0 && (
+                                                            <span className="text-sm font-normal ml-2">({forecast.predictions.days_to_100pct} days)</span>
+                                                        )}
+                                                    </div>
+                                                </div>
+                                            </div>
+                                        )}
+
+                                        {forecast.trend_data && (
+                                            <ResponsiveContainer width="100%" height={300}>
+                                                <LineChart data={forecast.trend_data}>
+                                                    <CartesianGrid strokeDasharray="3 3" stroke="var(--border-color)" />
+                                                    <XAxis dataKey="date" stroke="var(--text-secondary)" fontSize={11} />
+                                                    <YAxis stroke="var(--text-secondary)" fontSize={12} unit="%" domain={[0, 100]} />
+                                                    <Tooltip contentStyle={{ backgroundColor: 'var(--card-bg)', border: '1px solid var(--border-color)' }} />
+                                                    <Legend />
+                                                    <Line type="monotone" dataKey="actual" stroke="#6366f1" strokeWidth={2} dot={false} name="Actual" />
+                                                    <Line type="monotone" dataKey="trend" stroke="#ef4444" strokeWidth={2} strokeDasharray="5 5" dot={false} name="Trend" />
+                                                </LineChart>
+                                            </ResponsiveContainer>
+                                        )}
+                                    </div>
+                                )}
+
+                                {forecast?.error && (
+                                    <div className="p-4 bg-yellow-50 border border-yellow-200 rounded text-yellow-700 text-sm">
+                                        {forecast.error}
+                                    </div>
+                                )}
+
+                                {!forecast && (
+                                    <div className="py-8 text-center text-gray-500">
+                                        <TrendingUp size={36} className="mx-auto text-gray-300 mb-3" />
+                                        <p>Select a server and metric to see capacity predictions.</p>
+                                    </div>
+                                )}
+                            </div>
+                        </div>
+                    </div>
+                )}
+
+                {/* ==================== Fleet Search ==================== */}
+                {activeTab === 'search' && (
+                    <div className="card">
+                        <div className="card-header"><h2>Fleet Search</h2></div>
+                        <div className="card-body">
+                            <div className="flex gap-3 mb-6">
+                                <div className="flex-1">
+                                    <input
+                                        type="text"
+                                        className="form-input w-full"
+                                        placeholder="Search for servers, containers, tags..."
+                                        value={searchQuery}
+                                        onChange={e => setSearchQuery(e.target.value)}
+                                        onKeyDown={e => e.key === 'Enter' && handleSearch()}
+                                    />
+                                </div>
+                                <select className="form-select" value={searchType} onChange={e => setSearchType(e.target.value)}>
+                                    <option value="any">All Types</option>
+                                    <option value="server">Servers</option>
+                                    <option value="container">Containers</option>
+                                    <option value="tag">Tags</option>
+                                </select>
+                                <button className="btn btn-primary" onClick={handleSearch} disabled={searchQuery.length < 2}>
+                                    <Search size={16} /> Search
+                                </button>
+                            </div>
+
+                            {searchResults.length > 0 ? (
+                                <div className="overflow-x-auto">
+                                    <table className="table">
+                                        <thead>
+                                            <tr>
+                                                <th>Server</th>
+                                                <th>Type</th>
+                                                <th>Match</th>
+                                                <th>Detail</th>
+                                                <th>Status</th>
+                                            </tr>
+                                        </thead>
+                                        <tbody>
+                                            {searchResults.map((r, i) => (
+                                                <tr key={i}>
+                                                    <td className="font-semibold">{r.server_name}</td>
+                                                    <td><span className="badge badge-default">{r.match_type}</span></td>
+                                                    <td>{r.match_name}</td>
+                                                    <td className="text-sm text-gray-500">{r.match_detail}</td>
+                                                    <td>
+                                                        <span className={`badge ${r.status === 'online' || r.status === 'running' ? 'badge-success' : 'badge-error'}`}>
+                                                            {r.status}
+                                                        </span>
+                                                    </td>
+                                                </tr>
+                                            ))}
+                                        </tbody>
+                                    </table>
+                                </div>
+                            ) : searchQuery.length >= 2 && !loading ? (
+                                <div className="py-8 text-center text-gray-500">
+                                    <Search size={36} className="mx-auto text-gray-300 mb-3" />
+                                    <p>No results found for "{searchQuery}".</p>
+                                </div>
+                            ) : (
+                                <div className="py-8 text-center text-gray-500">
+                                    <Search size={36} className="mx-auto text-gray-300 mb-3" />
+                                    <p>Enter a search term to find servers, containers, or tags across your fleet.</p>
+                                </div>
+                            )}
+                        </div>
+                    </div>
+                )}
+            </div>
+        </div>
+    );
+};
+
+export default FleetMonitor;
diff --git a/frontend/src/pages/Git.jsx b/frontend/src/pages/Git.jsx
index c65d492c..cd9b3784 100644
--- a/frontend/src/pages/Git.jsx
+++ b/frontend/src/pages/Git.jsx
@@ -94,7 +94,7 @@ function Git() {
 
     const loadStatus = async () => {
         try {
-            const data = await api.getGitStatus();
+            const data = await api.getGitServerStatus();
             setStatus(data);
         } catch (error) {
             console.error('Failed to load status:', error);
@@ -367,7 +367,7 @@ function Git() {
     const handleTriggerDeploy = async (appId) => {
         setDeployingAppId(appId);
         try {
-            const result = await api.triggerDeploy(appId);
+            const result = await api.triggerGitDeploy(appId);
             if (result.success) {
                 toast.success(`Deployment started: v${result.version}`);
                 await loadAllDeployments();
diff --git a/frontend/src/pages/Marketplace.jsx b/frontend/src/pages/Marketplace.jsx
new file mode 100644
index 00000000..50660892
--- /dev/null
+++ b/frontend/src/pages/Marketplace.jsx
@@ -0,0 +1,164 @@
+import React, { useState, useEffect, useCallback } from 'react';
+import api from '../services/api';
+import { useToast } from '../contexts/ToastContext';
+import { useAuth } from '../contexts/AuthContext';
+import Spinner from '../components/Spinner';
+
+const Marketplace = () => {
+    const toast = useToast();
+    const { user } = useAuth();
+    const [extensions, setExtensions] = useState([]);
+    const [myExtensions, setMyExtensions] = useState([]);
+    const [loading, setLoading] = useState(true);
+    const [search, setSearch] = useState('');
+    const [category, setCategory] = useState('');
+    const [tab, setTab] = useState('browse');
+    const [showSubmit, setShowSubmit] = useState(false);
+    const [form, setForm] = useState({ name: '', display_name: '', description: '', category: 'utility', version: '1.0.0', author: '' });
+
+    const categories = ['monitoring', 'security', 'deployment', 'integration', 'ui', 'utility'];
+
+    const loadExtensions = useCallback(async () => {
+        try {
+            const [eData, mData] = await Promise.all([
+                api.getMarketplaceExtensions(category, search),
+                api.getMyExtensions(),
+            ]);
+            setExtensions(eData.extensions || []);
+            setMyExtensions(mData.extensions || []);
+        } catch (err) {
+            toast.error('Failed to load extensions');
+        } finally {
+            setLoading(false);
+        }
+    }, [category, search, toast]);
+
+    useEffect(() => { loadExtensions(); }, [loadExtensions]);
+
+    const handleInstall = async (extId) => {
+        try {
+            await api.installMarketplaceExtension(extId);
+            toast.success('Extension installed');
+            loadExtensions();
+        } catch (err) { toast.error(err.message); }
+    };
+
+    const handleUninstall = async (installId) => {
+        try {
+            await api.uninstallMarketplaceExtension(installId);
+            toast.success('Extension uninstalled');
+            loadExtensions();
+        } catch (err) { toast.error(err.message); }
+    };
+
+    const handleSubmit = async () => {
+        try {
+            await api.createMarketplaceExtension(form);
+            toast.success('Extension submitted');
+            setShowSubmit(false);
+            loadExtensions();
+        } catch (err) { toast.error(err.message); }
+    };
+
+    const renderStars = (rating) => {
+        const full = Math.floor(rating);
+        return '\u2605'.repeat(full) + '\u2606'.repeat(5 - full);
+    };
+
+    if (loading) return <Spinner />;
+
+    const installedIds = new Set(myExtensions.map(e => e.extension_id));
+
+    return (
+        <div className="marketplace-page">
+            <div className="page-header">
+                <div className="page-header-content">
+                    <h1>Marketplace</h1>
+                    <p className="page-description">{extensions.length} extensions available</p>
+                </div>
+                <div className="page-header-actions">
+                    <button className="btn" onClick={() => setShowSubmit(true)}>Submit Extension</button>
+                </div>
+            </div>
+
+            <div className="tabs">
+                <button className={`tab ${tab === 'browse' ? 'active' : ''}`} onClick={() => setTab('browse')}>Browse</button>
+                <button className={`tab ${tab === 'installed' ? 'active' : ''}`} onClick={() => setTab('installed')}>Installed ({myExtensions.length})</button>
+            </div>
+
+            {tab === 'browse' && (
+                <>
+                    <div className="marketplace-filters">
+                        <input className="form-input" placeholder="Search extensions..." value={search} onChange={e => setSearch(e.target.value)} />
+                        <select className="form-select" value={category} onChange={e => setCategory(e.target.value)}>
+                            <option value="">All Categories</option>
+                            {categories.map(c => <option key={c} value={c}>{c.charAt(0).toUpperCase() + c.slice(1)}</option>)}
+                        </select>
+                    </div>
+
+                    <div className="extensions-grid">
+                        {extensions.map(ext => (
+                            <div key={ext.id} className="extension-card card">
+                                <div className="extension-card__header">
+                                    <h3>{ext.display_name}</h3>
+                                    <span className="badge badge--outline">{ext.category}</span>
+                                </div>
+                                <p className="extension-card__desc">{ext.description}</p>
+                                <div className="extension-card__meta">
+                                    <span className="extension-card__rating">{renderStars(ext.rating)} ({ext.rating_count})</span>
+                                    <span>{ext.download_count} installs</span>
+                                </div>
+                                <div className="extension-card__info">
+                                    <span>v{ext.version}</span>
+                                    {ext.author && <span>by {ext.author}</span>}
+                                    <span className="badge badge--subtle">{ext.extension_type}</span>
+                                </div>
+                                <div className="extension-card__actions">
+                                    {installedIds.has(ext.id) ? (
+                                        <span className="badge badge--success">Installed</span>
+                                    ) : (
+                                        <button className="btn btn-sm btn-primary" onClick={() => handleInstall(ext.id)}>Install</button>
+                                    )}
+                                </div>
+                            </div>
+                        ))}
+                        {extensions.length === 0 && <div className="empty-state"><p>No extensions found.</p></div>}
+                    </div>
+                </>
+            )}
+
+            {tab === 'installed' && (
+                <div className="installed-list">
+                    {myExtensions.map(inst => (
+                        <div key={inst.id} className="installed-item card">
+                            <div className="installed-item__info">
+                                <strong>{inst.extension_name}</strong>
+                                <span className="text-muted">v{inst.installed_version}</span>
+                            </div>
+                            <button className="btn btn-sm btn-danger" onClick={() => handleUninstall(inst.id)}>Uninstall</button>
+                        </div>
+                    ))}
+                    {myExtensions.length === 0 && <div className="empty-state"><p>No extensions installed.</p></div>}
+                </div>
+            )}
+
+            {showSubmit && (
+                <div className="modal-overlay" onClick={() => setShowSubmit(false)}>
+                    <div className="modal" onClick={e => e.stopPropagation()}>
+                        <div className="modal-header"><h2>Submit Extension</h2><button className="modal-close" onClick={() => setShowSubmit(false)}>&times;</button></div>
+                        <div className="modal-body">
+                            <div className="form-group"><label>Name</label><input className="form-input" value={form.name} onChange={e => setForm({...form, name: e.target.value})} /></div>
+                            <div className="form-group"><label>Display Name</label><input className="form-input" value={form.display_name} onChange={e => setForm({...form, display_name: e.target.value})} /></div>
+                            <div className="form-group"><label>Description</label><textarea className="form-input" value={form.description} onChange={e => setForm({...form, description: e.target.value})} rows={3} /></div>
+                            <div className="form-group"><label>Category</label><select className="form-select" value={form.category} onChange={e => setForm({...form, category: e.target.value})}>{categories.map(c => <option key={c} value={c}>{c}</option>)}</select></div>
+                            <div className="form-group"><label>Author</label><input className="form-input" value={form.author} onChange={e => setForm({...form, author: e.target.value})} /></div>
+                        </div>
+                        <div className="modal-footer"><button className="btn" onClick={() => setShowSubmit(false)}>Cancel</button><button className="btn btn-primary" onClick={handleSubmit} disabled={!form.name}>Submit</button></div>
+                    </div>
+                </div>
+            )}
+        </div>
+    );
+};
+
+export default Marketplace;
diff --git a/frontend/src/pages/SSLCertificates.jsx b/frontend/src/pages/SSLCertificates.jsx
index d422289c..ceb9e04a 100644
--- a/frontend/src/pages/SSLCertificates.jsx
+++ b/frontend/src/pages/SSLCertificates.jsx
@@ -6,9 +6,12 @@ import {
 } from 'lucide-react';
 import api from '../services/api';
 import { useToast } from '../contexts/ToastContext';
+import { useConfirm } from '../hooks/useConfirm';
+import { ConfirmDialog } from '../components/ConfirmDialog';
 
 const SSLCertificates = () => {
     const toast = useToast();
+    const { confirm, confirmState, handleConfirm, handleCancel } = useConfirm();
     const [status, setStatus] = useState(null);
     const [loading, setLoading] = useState(true);
     const [actionLoading, setActionLoading] = useState(false);
@@ -102,7 +105,8 @@ const SSLCertificates = () => {
     }
 
     async function handleRevokeCertificate(domain) {
-        if (!confirm(`Revoke and delete the certificate for ${domain}? This cannot be undone.`)) return;
+        const confirmed = await confirm({ title: 'Revoke Certificate', message: `Revoke and delete the certificate for ${domain}? This cannot be undone.` });
+        if (!confirmed) return;
 
         try {
             setActionLoading(true);
@@ -178,7 +182,7 @@ const SSLCertificates = () => {
                     {[1, 2].map(i => (
                         <div key={i} className="ssl-cert-item">
                             <div className="skeleton-box" style={{ width: 40, height: 40, borderRadius: 10 }} />
-                            <div style={{ flex: 1 }}>
+                            <div className="flex-1">
                                 <div className="skeleton-box" style={{ width: 200, height: 14, marginBottom: 8 }} />
                                 <div className="skeleton-box" style={{ width: 300, height: 12 }} />
                             </div>
@@ -247,10 +251,9 @@ const SSLCertificates = () => {
                     </div>
                     {!certbotInstalled && (
                         <button
-                            className="btn btn-primary btn-sm"
+                            className="btn btn-primary btn-sm ml-auto"
                             onClick={handleInstallCertbot}
                             disabled={actionLoading}
-                            style={{ marginLeft: 'auto' }}
                         >
                             <Download size={14} />
                             Install
@@ -460,6 +463,16 @@ const SSLCertificates = () => {
                     </div>
                 </div>
             )}
+            <ConfirmDialog
+                isOpen={confirmState.isOpen}
+                title={confirmState.title}
+                message={confirmState.message}
+                confirmText={confirmState.confirmText}
+                cancelText={confirmState.cancelText}
+                variant={confirmState.variant}
+                onConfirm={handleConfirm}
+                onCancel={handleCancel}
+            />
         </div>
     );
 };
diff --git a/frontend/src/pages/Security.jsx b/frontend/src/pages/Security.jsx
index 2ced3380..ee7c586c 100644
--- a/frontend/src/pages/Security.jsx
+++ b/frontend/src/pages/Security.jsx
@@ -1,9 +1,22 @@
-import React, { useState, useEffect, useCallback } from 'react';
+import React, { useState, useEffect } from 'react';
 import { useAuth } from '../contexts/AuthContext';
 import useTabParam from '../hooks/useTabParam';
 import api from '../services/api';
-import ConfirmDialog from '../components/ConfirmDialog';
-import { useToast } from '../contexts/ToastContext';
+import {
+    OverviewTab,
+    FirewallTab,
+    Fail2banTab,
+    SSHKeysTab,
+    IPListsTab,
+    ScannerTab,
+    QuarantineTab,
+    IntegrityTab,
+    AuditTab,
+    VulnerabilityTab,
+    AutoUpdatesTab,
+    EventsTab,
+    SecurityConfigTab,
+} from '../components/security';
 
 const VALID_TABS = ['overview', 'firewall', 'fail2ban', 'ssh-keys', 'ip-lists', 'scanner', 'quarantine', 'integrity', 'audit', 'vulnerability', 'updates', 'events', 'settings'];
 
@@ -96,2460 +109,7 @@ const Security = () => {
                 {activeTab === 'vulnerability' && <VulnerabilityTab />}
                 {activeTab === 'updates' && <AutoUpdatesTab />}
                 {activeTab === 'events' && <EventsTab />}
-                {activeTab === 'settings' && <SettingsTab />}
-            </div>
-        </div>
-    );
-};
-
-const OverviewTab = ({ status, onRefresh }) => {
-    const [clamavStatus, setClamavStatus] = useState(null);
-    const [loading, setLoading] = useState(true);
-
-    useEffect(() => {
-        loadClamavStatus();
-    }, []);
-
-    async function loadClamavStatus() {
-        try {
-            const data = await api.getClamAVStatus();
-            setClamavStatus(data);
-        } catch (err) {
-            console.error('Failed to load ClamAV status:', err);
-        } finally {
-            setLoading(false);
-        }
-    }
-
-    const alerts = status?.recent_alerts || {};
-
-    return (
-        <div className="security-overview">
-            <div className="stats-grid">
-                <div className={`stat-card ${alerts.total > 0 ? 'warning' : 'success'}`}>
-                    <div className="stat-icon">
-                        <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
-                            <path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/>
-                        </svg>
-                    </div>
-                    <div className="stat-content">
-                        <span className="stat-value">{alerts.total || 0}</span>
-                        <span className="stat-label">Alerts (24h)</span>
-                    </div>
-                </div>
-
-                <div className={`stat-card ${alerts.malware_detections > 0 ? 'danger' : 'success'}`}>
-                    <div className="stat-icon">
-                        <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
-                            <path d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"/>
-                        </svg>
-                    </div>
-                    <div className="stat-content">
-                        <span className="stat-value">{alerts.malware_detections || 0}</span>
-                        <span className="stat-label">Malware Detected</span>
-                    </div>
-                </div>
-
-                <div className={`stat-card ${clamavStatus?.installed ? 'success' : 'warning'}`}>
-                    <div className="stat-icon">
-                        <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
-                            <circle cx="12" cy="12" r="10"/>
-                            {clamavStatus?.installed && <polyline points="9 12 12 15 16 10"/>}
-                            {!clamavStatus?.installed && <line x1="15" y1="9" x2="9" y2="15"/>}
-                        </svg>
-                    </div>
-                    <div className="stat-content">
-                        <span className="stat-value">{clamavStatus?.installed ? 'Active' : 'Not Installed'}</span>
-                        <span className="stat-label">ClamAV Status</span>
-                    </div>
-                </div>
-
-                <div className={`stat-card ${status?.scan_status === 'running' ? 'info' : 'default'}`}>
-                    <div className="stat-icon">
-                        <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
-                            <circle cx="11" cy="11" r="8"/>
-                            <line x1="21" y1="21" x2="16.65" y2="16.65"/>
-                        </svg>
-                    </div>
-                    <div className="stat-content">
-                        <span className="stat-value" style={{ textTransform: 'capitalize' }}>{status?.scan_status || 'Idle'}</span>
-                        <span className="stat-label">Scan Status</span>
-                    </div>
-                </div>
-            </div>
-
-            <div className="security-grid">
-                <div className="card">
-                    <div className="card-header">
-                        <h3>ClamAV Antivirus</h3>
-                        <button className="btn btn-sm btn-secondary" onClick={loadClamavStatus}>Refresh</button>
-                    </div>
-                    <div className="card-body">
-                        {loading ? (
-                            <div className="loading-sm">Loading...</div>
-                        ) : clamavStatus?.installed ? (
-                            <div className="info-list">
-                                <div className="info-item">
-                                    <span className="info-label">Version</span>
-                                    <span className="info-value">{clamavStatus.version || 'Unknown'}</span>
-                                </div>
-                                <div className="info-item">
-                                    <span className="info-label">Service</span>
-                                    <span className={`badge ${clamavStatus.service_running ? 'badge-success' : 'badge-warning'}`}>
-                                        {clamavStatus.service_running ? 'Running' : 'Stopped'}
-                                    </span>
-                                </div>
-                                <div className="info-item">
-                                    <span className="info-label">Last Definition Update</span>
-                                    <span className="info-value">
-                                        {clamavStatus.last_update ? new Date(clamavStatus.last_update).toLocaleString() : 'Unknown'}
-                                    </span>
-                                </div>
-                            </div>
-                        ) : (
-                            <div className="not-installed">
-                                <p>ClamAV is not installed on this server.</p>
-                                <InstallClamAVButton onInstalled={loadClamavStatus} />
-                            </div>
-                        )}
-                    </div>
-                </div>
-
-                <div className="card">
-                    <div className="card-header">
-                        <h3>File Integrity Monitoring</h3>
-                    </div>
-                    <div className="card-body">
-                        <div className="info-list">
-                            <div className="info-item">
-                                <span className="info-label">Status</span>
-                                <span className={`badge ${status?.file_integrity?.enabled ? 'badge-success' : 'badge-secondary'}`}>
-                                    {status?.file_integrity?.enabled ? 'Enabled' : 'Disabled'}
-                                </span>
-                            </div>
-                            <div className="info-item">
-                                <span className="info-label">Database</span>
-                                <span className={`badge ${status?.file_integrity?.database_exists ? 'badge-success' : 'badge-warning'}`}>
-                                    {status?.file_integrity?.database_exists ? 'Initialized' : 'Not Initialized'}
-                                </span>
-                            </div>
-                            <div className="info-item">
-                                <span className="info-label">Changes Detected (24h)</span>
-                                <span className="info-value">{alerts.integrity_changes || 0}</span>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-
-                <div className="card">
-                    <div className="card-header">
-                        <h3>Notifications</h3>
-                    </div>
-                    <div className="card-body">
-                        <div className="info-list">
-                            <div className="info-item">
-                                <span className="info-label">Security Alerts</span>
-                                <span className={`badge ${status?.notifications_enabled ? 'badge-success' : 'badge-secondary'}`}>
-                                    {status?.notifications_enabled ? 'Enabled' : 'Disabled'}
-                                </span>
-                            </div>
-                        </div>
-                        <p className="help-text" style={{ marginTop: '1rem' }}>
-                            Configure notification channels in Settings → Notifications to receive security alerts via Discord, Slack, or Telegram.
-                        </p>
-                    </div>
-                </div>
-            </div>
-        </div>
-    );
-};
-
-const InstallClamAVButton = ({ onInstalled }) => {
-    const [installing, setInstalling] = useState(false);
-    const [error, setError] = useState(null);
-
-    async function handleInstall() {
-        setInstalling(true);
-        setError(null);
-        try {
-            await api.installClamAV();
-            onInstalled();
-        } catch (err) {
-            setError(err.message);
-        } finally {
-            setInstalling(false);
-        }
-    }
-
-    return (
-        <div>
-            <button className="btn btn-primary" onClick={handleInstall} disabled={installing}>
-                {installing ? 'Installing...' : 'Install ClamAV'}
-            </button>
-            {error && <p className="error-text" style={{ marginTop: '0.5rem' }}>{error}</p>}
-        </div>
-    );
-};
-
-const FirewallTab = () => {
-    const [status, setStatus] = useState(null);
-    const [rules, setRules] = useState([]);
-    const [blockedIPs, setBlockedIPs] = useState([]);
-    const [loading, setLoading] = useState(true);
-    const [activeSubTab, setActiveSubTab] = useState('status');
-    const [showBlockIPModal, setShowBlockIPModal] = useState(false);
-    const [showPortModal, setShowPortModal] = useState(false);
-    const [showInstallModal, setShowInstallModal] = useState(false);
-    const [blockIP, setBlockIP] = useState('');
-    const [newPort, setNewPort] = useState({ port: '', protocol: 'tcp' });
-    const [selectedFirewall, setSelectedFirewall] = useState('ufw');
-    const [actionLoading, setActionLoading] = useState(false);
-    const [confirmDialog, setConfirmDialog] = useState(null);
-    const toast = useToast();
-
-    const commonPorts = [
-        { port: 22, name: 'SSH', protocol: 'tcp' },
-        { port: 80, name: 'HTTP', protocol: 'tcp' },
-        { port: 443, name: 'HTTPS', protocol: 'tcp' },
-        { port: 21, name: 'FTP', protocol: 'tcp' },
-        { port: 25, name: 'SMTP', protocol: 'tcp' },
-        { port: 3306, name: 'MySQL', protocol: 'tcp' },
-        { port: 5432, name: 'PostgreSQL', protocol: 'tcp' },
-        { port: 6379, name: 'Redis', protocol: 'tcp' },
-        { port: 27017, name: 'MongoDB', protocol: 'tcp' },
-    ];
-
-    useEffect(() => {
-        loadData();
-    }, []);
-
-    const loadData = async () => {
-        setLoading(true);
-        try {
-            await Promise.all([loadStatus(), loadRules(), loadBlockedIPs()]);
-        } catch (error) {
-            console.error('Failed to load firewall data:', error);
-        } finally {
-            setLoading(false);
-        }
-    };
-
-    const loadStatus = async () => {
-        try {
-            const data = await api.getFirewallStatus();
-            setStatus(data);
-        } catch (error) {
-            console.error('Failed to load status:', error);
-        }
-    };
-
-    const loadRules = async () => {
-        try {
-            const data = await api.getFirewallRules();
-            setRules(data.rules || []);
-        } catch (error) {
-            console.error('Failed to load rules:', error);
-        }
-    };
-
-    const loadBlockedIPs = async () => {
-        try {
-            const data = await api.getBlockedIPs();
-            setBlockedIPs(data.blocked_ips || []);
-        } catch (error) {
-            console.error('Failed to load blocked IPs:', error);
-        }
-    };
-
-    const handleEnable = async () => {
-        setActionLoading(true);
-        try {
-            await api.enableFirewall();
-            toast.success('Firewall enabled');
-            await loadStatus();
-        } catch (error) {
-            toast.error(`Failed to enable firewall: ${error.message}`);
-        } finally {
-            setActionLoading(false);
-        }
-    };
-
-    const handleDisable = async () => {
-        setConfirmDialog({
-            title: 'Disable Firewall',
-            message: 'Are you sure you want to disable the firewall? This will leave your server unprotected.',
-            confirmText: 'Disable',
-            variant: 'danger',
-            onConfirm: async () => {
-                setActionLoading(true);
-                try {
-                    await api.disableFirewall();
-                    toast.success('Firewall disabled');
-                    await loadStatus();
-                } catch (error) {
-                    toast.error(`Failed to disable firewall: ${error.message}`);
-                } finally {
-                    setActionLoading(false);
-                    setConfirmDialog(null);
-                }
-            },
-            onCancel: () => setConfirmDialog(null)
-        });
-    };
-
-    const handleBlockIP = async () => {
-        if (!blockIP.trim()) return;
-        setActionLoading(true);
-        try {
-            await api.blockIP(blockIP);
-            toast.success(`IP ${blockIP} blocked`);
-            setShowBlockIPModal(false);
-            setBlockIP('');
-            await loadBlockedIPs();
-            await loadRules();
-        } catch (error) {
-            toast.error(`Failed to block IP: ${error.message}`);
-        } finally {
-            setActionLoading(false);
-        }
-    };
-
-    const handleUnblockIP = async (ip) => {
-        setConfirmDialog({
-            title: 'Unblock IP',
-            message: `Are you sure you want to unblock ${ip}?`,
-            confirmText: 'Unblock',
-            variant: 'warning',
-            onConfirm: async () => {
-                try {
-                    await api.unblockIP(ip);
-                    toast.success(`IP ${ip} unblocked`);
-                    await loadBlockedIPs();
-                    await loadRules();
-                } catch (error) {
-                    toast.error(`Failed to unblock IP: ${error.message}`);
-                }
-                setConfirmDialog(null);
-            },
-            onCancel: () => setConfirmDialog(null)
-        });
-    };
-
-    const handleAllowPort = async () => {
-        if (!newPort.port) return;
-        setActionLoading(true);
-        try {
-            await api.allowPort(parseInt(newPort.port), newPort.protocol);
-            toast.success(`Port ${newPort.port}/${newPort.protocol} allowed`);
-            setShowPortModal(false);
-            setNewPort({ port: '', protocol: 'tcp' });
-            await loadRules();
-        } catch (error) {
-            toast.error(`Failed to allow port: ${error.message}`);
-        } finally {
-            setActionLoading(false);
-        }
-    };
-
-    const handleQuickAllowPort = async (port, protocol) => {
-        setActionLoading(true);
-        try {
-            await api.allowPort(port, protocol);
-            toast.success(`Port ${port}/${protocol} allowed`);
-            await loadRules();
-        } catch (error) {
-            toast.error(`Failed to allow port: ${error.message}`);
-        } finally {
-            setActionLoading(false);
-        }
-    };
-
-    const handleRemovePort = async (port, protocol) => {
-        setConfirmDialog({
-            title: 'Remove Port Rule',
-            message: `Are you sure you want to remove the rule for port ${port}/${protocol}?`,
-            confirmText: 'Remove',
-            variant: 'danger',
-            onConfirm: async () => {
-                try {
-                    await api.denyPort(parseInt(port), protocol);
-                    toast.success(`Port ${port}/${protocol} rule removed`);
-                    await loadRules();
-                } catch (error) {
-                    toast.error(`Failed to remove port: ${error.message}`);
-                }
-                setConfirmDialog(null);
-            },
-            onCancel: () => setConfirmDialog(null)
-        });
-    };
-
-    const handleInstall = async () => {
-        setActionLoading(true);
-        try {
-            await api.installFirewall(selectedFirewall);
-            toast.success(`${selectedFirewall.toUpperCase()} installed successfully`);
-            setShowInstallModal(false);
-            await loadData();
-        } catch (error) {
-            toast.error(`Failed to install firewall: ${error.message}`);
-        } finally {
-            setActionLoading(false);
-        }
-    };
-
-    const isActive = status?.any_active;
-    const activeFirewall = status?.active_firewall;
-
-    if (loading) {
-        return <div className="loading-sm">Loading firewall status...</div>;
-    }
-
-    return (
-        <div className="firewall-tab">
-            {!status?.any_installed ? (
-                <div className="empty-state">
-                    <svg viewBox="0 0 24 24" width="48" height="48" stroke="currentColor" fill="none" strokeWidth="1">
-                        <path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/>
-                    </svg>
-                    <h3>No Firewall Installed</h3>
-                    <p>Install a firewall to protect your server from unauthorized access.</p>
-                    <button className="btn btn-primary" onClick={() => setShowInstallModal(true)}>
-                        Install Firewall
-                    </button>
-                </div>
-            ) : (
-                <>
-                    <div className="firewall-header">
-                        <div className="firewall-status-row">
-                            <div className={`status-indicator ${isActive ? 'active' : 'inactive'}`}>
-                                <svg viewBox="0 0 24 24" width="20" height="20" stroke="currentColor" fill="none" strokeWidth="2">
-                                    <path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/>
-                                </svg>
-                                <span>{isActive ? 'Firewall Active' : 'Firewall Inactive'}</span>
-                                <span className="firewall-type">({activeFirewall?.toUpperCase()})</span>
-                            </div>
-                            <div className="firewall-actions">
-                                <button className="btn btn-sm btn-secondary" onClick={() => setShowBlockIPModal(true)}>
-                                    Block IP
-                                </button>
-                                <button className="btn btn-sm btn-secondary" onClick={() => setShowPortModal(true)}>
-                                    Allow Port
-                                </button>
-                                {isActive ? (
-                                    <button className="btn btn-sm btn-danger" onClick={handleDisable} disabled={actionLoading}>
-                                        Disable
-                                    </button>
-                                ) : (
-                                    <button className="btn btn-sm btn-success" onClick={handleEnable} disabled={actionLoading}>
-                                        Enable
-                                    </button>
-                                )}
-                            </div>
-                        </div>
-                    </div>
-
-                    <div className="firewall-stats">
-                        <div className="stat-mini">
-                            <span className="stat-value">{rules.length}</span>
-                            <span className="stat-label">Rules</span>
-                        </div>
-                        <div className="stat-mini">
-                            <span className="stat-value">{blockedIPs.length}</span>
-                            <span className="stat-label">Blocked IPs</span>
-                        </div>
-                        <div className="stat-mini">
-                            <span className="stat-value">{rules.filter(r => r.type === 'port' || r.port).length}</span>
-                            <span className="stat-label">Ports Open</span>
-                        </div>
-                    </div>
-
-                    <div className="subtabs">
-                        <button className={`subtab ${activeSubTab === 'status' ? 'active' : ''}`} onClick={() => setActiveSubTab('status')}>
-                            Status
-                        </button>
-                        <button className={`subtab ${activeSubTab === 'rules' ? 'active' : ''}`} onClick={() => setActiveSubTab('rules')}>
-                            Rules
-                        </button>
-                        <button className={`subtab ${activeSubTab === 'blocked' ? 'active' : ''}`} onClick={() => setActiveSubTab('blocked')}>
-                            Blocked IPs
-                        </button>
-                        <button className={`subtab ${activeSubTab === 'quick' ? 'active' : ''}`} onClick={() => setActiveSubTab('quick')}>
-                            Quick Ports
-                        </button>
-                    </div>
-
-                    {activeSubTab === 'status' && (
-                        <div className="card">
-                            <div className="card-header">
-                                <h3>Firewall Information</h3>
-                                <button className="btn btn-sm btn-secondary" onClick={loadData}>Refresh</button>
-                            </div>
-                            <div className="card-body">
-                                <div className="info-list">
-                                    <div className="info-item">
-                                        <span className="info-label">Type</span>
-                                        <span className="info-value">{activeFirewall?.toUpperCase()}</span>
-                                    </div>
-                                    <div className="info-item">
-                                        <span className="info-label">Status</span>
-                                        <span className={`badge ${isActive ? 'badge-success' : 'badge-danger'}`}>
-                                            {isActive ? 'Active' : 'Inactive'}
-                                        </span>
-                                    </div>
-                                    {activeFirewall === 'firewalld' && status?.firewalld?.default_zone && (
-                                        <div className="info-item">
-                                            <span className="info-label">Default Zone</span>
-                                            <span className="info-value">{status.firewalld.default_zone}</span>
-                                        </div>
-                                    )}
-                                </div>
-                            </div>
-                        </div>
-                    )}
-
-                    {activeSubTab === 'rules' && (
-                        <div className="card">
-                            <div className="card-header">
-                                <h3>Firewall Rules</h3>
-                                <button className="btn btn-sm btn-primary" onClick={() => setShowPortModal(true)}>Add Rule</button>
-                            </div>
-                            <div className="card-body">
-                                {rules.length === 0 ? (
-                                    <p className="text-muted">No rules configured</p>
-                                ) : (
-                                    <table className="table">
-                                        <thead>
-                                            <tr>
-                                                <th>Type</th>
-                                                <th>Target</th>
-                                                <th>Protocol</th>
-                                                <th>Actions</th>
-                                            </tr>
-                                        </thead>
-                                        <tbody>
-                                            {rules.map((rule, index) => (
-                                                <tr key={index}>
-                                                    <td><span className="badge badge-info">{rule.type}</span></td>
-                                                    <td>
-                                                        {rule.type === 'service' && rule.service}
-                                                        {rule.type === 'port' && rule.port}
-                                                        {rule.type === 'rich' && <code>{rule.rule}</code>}
-                                                    </td>
-                                                    <td>{rule.protocol || '-'}</td>
-                                                    <td>
-                                                        {rule.type === 'port' && (
-                                                            <button className="btn btn-sm btn-danger" onClick={() => handleRemovePort(rule.port, rule.protocol)}>
-                                                                Remove
-                                                            </button>
-                                                        )}
-                                                    </td>
-                                                </tr>
-                                            ))}
-                                        </tbody>
-                                    </table>
-                                )}
-                            </div>
-                        </div>
-                    )}
-
-                    {activeSubTab === 'blocked' && (
-                        <div className="card">
-                            <div className="card-header">
-                                <h3>Blocked IP Addresses</h3>
-                                <button className="btn btn-sm btn-primary" onClick={() => setShowBlockIPModal(true)}>Block IP</button>
-                            </div>
-                            <div className="card-body">
-                                {blockedIPs.length === 0 ? (
-                                    <div className="empty-state-sm">
-                                        <p>No blocked IPs</p>
-                                    </div>
-                                ) : (
-                                    <div className="blocked-list">
-                                        {blockedIPs.map((item, index) => (
-                                            <div key={index} className="blocked-item">
-                                                <div className="blocked-info">
-                                                    <span className="blocked-ip">{item.ip}</span>
-                                                </div>
-                                                <button className="btn btn-sm btn-warning" onClick={() => handleUnblockIP(item.ip)}>
-                                                    Unblock
-                                                </button>
-                                            </div>
-                                        ))}
-                                    </div>
-                                )}
-                            </div>
-                        </div>
-                    )}
-
-                    {activeSubTab === 'quick' && (
-                        <div className="card">
-                            <div className="card-header">
-                                <h3>Quick Port Access</h3>
-                            </div>
-                            <div className="card-body">
-                                <p className="text-muted" style={{ marginBottom: '1rem' }}>One-click enable/disable common service ports</p>
-                                <div className="quick-ports-grid">
-                                    {commonPorts.map(({ port, name, protocol }) => {
-                                        const isAllowed = rules.some(r =>
-                                            (r.port === String(port) || r.port === port) && r.protocol === protocol
-                                        );
-                                        return (
-                                            <div key={port} className="quick-port-card">
-                                                <div className="port-info">
-                                                    <span className="port-name">{name}</span>
-                                                    <span className="port-number">{port}/{protocol}</span>
-                                                </div>
-                                                {isAllowed ? (
-                                                    <button className="btn btn-sm btn-danger" onClick={() => handleRemovePort(port, protocol)} disabled={actionLoading}>
-                                                        Block
-                                                    </button>
-                                                ) : (
-                                                    <button className="btn btn-sm btn-success" onClick={() => handleQuickAllowPort(port, protocol)} disabled={actionLoading}>
-                                                        Allow
-                                                    </button>
-                                                )}
-                                            </div>
-                                        );
-                                    })}
-                                </div>
-                            </div>
-                        </div>
-                    )}
-                </>
-            )}
-
-            {/* Block IP Modal */}
-            {showBlockIPModal && (
-                <div className="modal-overlay" onClick={() => setShowBlockIPModal(false)}>
-                    <div className="modal" onClick={(e) => e.stopPropagation()}>
-                        <div className="modal-header">
-                            <h2>Block IP Address</h2>
-                            <button className="btn btn-icon" onClick={() => setShowBlockIPModal(false)}>×</button>
-                        </div>
-                        <div className="modal-body">
-                            <div className="form-group">
-                                <label>IP Address</label>
-                                <input
-                                    type="text"
-                                    value={blockIP}
-                                    onChange={(e) => setBlockIP(e.target.value)}
-                                    placeholder="192.168.1.100 or 10.0.0.0/24"
-                                />
-                            </div>
-                            <p className="text-muted">You can block a single IP or a range using CIDR notation.</p>
-                        </div>
-                        <div className="modal-footer">
-                            <button className="btn btn-secondary" onClick={() => setShowBlockIPModal(false)}>Cancel</button>
-                            <button className="btn btn-danger" onClick={handleBlockIP} disabled={actionLoading || !blockIP.trim()}>
-                                {actionLoading ? 'Blocking...' : 'Block IP'}
-                            </button>
-                        </div>
-                    </div>
-                </div>
-            )}
-
-            {/* Allow Port Modal */}
-            {showPortModal && (
-                <div className="modal-overlay" onClick={() => setShowPortModal(false)}>
-                    <div className="modal" onClick={(e) => e.stopPropagation()}>
-                        <div className="modal-header">
-                            <h2>Allow Port</h2>
-                            <button className="btn btn-icon" onClick={() => setShowPortModal(false)}>×</button>
-                        </div>
-                        <div className="modal-body">
-                            <div className="form-row">
-                                <div className="form-group">
-                                    <label>Port Number</label>
-                                    <input
-                                        type="number"
-                                        value={newPort.port}
-                                        onChange={(e) => setNewPort({ ...newPort, port: e.target.value })}
-                                        placeholder="8080"
-                                        min="1"
-                                        max="65535"
-                                    />
-                                </div>
-                                <div className="form-group">
-                                    <label>Protocol</label>
-                                    <select value={newPort.protocol} onChange={(e) => setNewPort({ ...newPort, protocol: e.target.value })}>
-                                        <option value="tcp">TCP</option>
-                                        <option value="udp">UDP</option>
-                                    </select>
-                                </div>
-                            </div>
-                        </div>
-                        <div className="modal-footer">
-                            <button className="btn btn-secondary" onClick={() => setShowPortModal(false)}>Cancel</button>
-                            <button className="btn btn-primary" onClick={handleAllowPort} disabled={actionLoading || !newPort.port}>
-                                {actionLoading ? 'Adding...' : 'Allow Port'}
-                            </button>
-                        </div>
-                    </div>
-                </div>
-            )}
-
-            {/* Install Firewall Modal */}
-            {showInstallModal && (
-                <div className="modal-overlay" onClick={() => setShowInstallModal(false)}>
-                    <div className="modal" onClick={(e) => e.stopPropagation()}>
-                        <div className="modal-header">
-                            <h2>Install Firewall</h2>
-                            <button className="btn btn-icon" onClick={() => setShowInstallModal(false)}>×</button>
-                        </div>
-                        <div className="modal-body">
-                            <div className="form-group">
-                                <label>Select Firewall</label>
-                                <select value={selectedFirewall} onChange={(e) => setSelectedFirewall(e.target.value)}>
-                                    <option value="ufw">UFW (Recommended for Ubuntu)</option>
-                                    <option value="firewalld">firewalld (CentOS/RHEL)</option>
-                                </select>
-                            </div>
-                            <div className="install-info">
-                                {selectedFirewall === 'ufw' ? (
-                                    <p><strong>UFW (Uncomplicated Firewall)</strong> is simple and easy to use for Ubuntu/Debian systems.</p>
-                                ) : (
-                                    <p><strong>firewalld</strong> is a dynamically managed firewall with zone-based configuration for CentOS/RHEL.</p>
-                                )}
-                            </div>
-                        </div>
-                        <div className="modal-footer">
-                            <button className="btn btn-secondary" onClick={() => setShowInstallModal(false)}>Cancel</button>
-                            <button className="btn btn-primary" onClick={handleInstall} disabled={actionLoading}>
-                                {actionLoading ? 'Installing...' : 'Install'}
-                            </button>
-                        </div>
-                    </div>
-                </div>
-            )}
-
-            {confirmDialog && (
-                <ConfirmDialog
-                    title={confirmDialog.title}
-                    message={confirmDialog.message}
-                    confirmText={confirmDialog.confirmText}
-                    variant={confirmDialog.variant}
-                    onConfirm={confirmDialog.onConfirm}
-                    onCancel={confirmDialog.onCancel}
-                />
-            )}
-        </div>
-    );
-};
-
-const ScannerTab = () => {
-    const [scanStatus, setScanStatus] = useState({ status: 'idle' });
-    const [scanPath, setScanPath] = useState('/var/www');
-    const [scanning, setScanning] = useState(false);
-    const [updating, setUpdating] = useState(false);
-    const [history, setHistory] = useState([]);
-    const [message, setMessage] = useState(null);
-
-    useEffect(() => {
-        loadScanStatus();
-        loadHistory();
-        const interval = setInterval(loadScanStatus, 5000);
-        return () => clearInterval(interval);
-    }, []);
-
-    async function loadScanStatus() {
-        try {
-            const data = await api.getScanStatus();
-            setScanStatus(data);
-        } catch (err) {
-            console.error('Failed to load scan status:', err);
-        }
-    }
-
-    async function loadHistory() {
-        try {
-            const data = await api.getScanHistory(20);
-            setHistory(data.scans || []);
-        } catch (err) {
-            console.error('Failed to load scan history:', err);
-        }
-    }
-
-    async function handleStartScan(type) {
-        setScanning(true);
-        setMessage(null);
-        try {
-            let result;
-            if (type === 'quick') {
-                result = await api.runQuickScan();
-            } else if (type === 'full') {
-                result = await api.runFullScan();
-            } else {
-                result = await api.scanDirectory(scanPath);
-            }
-            setMessage({ type: 'success', text: result.message });
-            loadScanStatus();
-        } catch (err) {
-            setMessage({ type: 'error', text: err.message });
-        } finally {
-            setScanning(false);
-        }
-    }
-
-    async function handleUpdateDefinitions() {
-        setUpdating(true);
-        setMessage(null);
-        try {
-            const result = await api.updateVirusDefinitions();
-            setMessage({ type: result.success ? 'success' : 'error', text: result.message || result.error });
-        } catch (err) {
-            setMessage({ type: 'error', text: err.message });
-        } finally {
-            setUpdating(false);
-        }
-    }
-
-    async function handleCancelScan() {
-        try {
-            await api.cancelScan();
-            loadScanStatus();
-        } catch (err) {
-            setMessage({ type: 'error', text: err.message });
-        }
-    }
-
-    const isScanning = scanStatus.status === 'running';
-
-    return (
-        <div className="scanner-tab">
-            {message && (
-                <div className={`alert alert-${message.type === 'success' ? 'success' : 'danger'}`}>
-                    {message.text}
-                </div>
-            )}
-
-            <div className="scan-options">
-                <div className="scan-card" onClick={() => !isScanning && !scanning && handleStartScan('quick')}>
-                    <div className="scan-card-icon">
-                        <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
-                            <polygon points="5 3 19 12 5 21 5 3"/>
-                        </svg>
-                    </div>
-                    <h4>Quick Scan</h4>
-                    <span className="scan-desc">Scan common web directories</span>
-                    <button
-                        className="btn btn-primary btn-sm"
-                        onClick={(e) => { e.stopPropagation(); handleStartScan('quick'); }}
-                        disabled={isScanning || scanning}
-                    >
-                        Start Scan
-                    </button>
-                </div>
-
-                <div className="scan-card" onClick={() => !isScanning && !scanning && handleStartScan('full')}>
-                    <div className="scan-card-icon">
-                        <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
-                            <circle cx="12" cy="12" r="10"/>
-                            <circle cx="12" cy="12" r="6"/>
-                            <circle cx="12" cy="12" r="2"/>
-                        </svg>
-                    </div>
-                    <h4>Full Scan</h4>
-                    <span className="scan-desc">Scan entire system (slow)</span>
-                    <button
-                        className="btn btn-primary btn-sm"
-                        onClick={(e) => { e.stopPropagation(); handleStartScan('full'); }}
-                        disabled={isScanning || scanning}
-                    >
-                        Start Scan
-                    </button>
-                </div>
-
-                <div className="scan-card scan-card--custom">
-                    <div className="scan-card-icon">
-                        <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
-                            <path d="M22 19a2 2 0 0 1-2 2H4a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h5l2 3h9a2 2 0 0 1 2 2z"/>
-                        </svg>
-                    </div>
-                    <h4>Custom Path</h4>
-                    <span className="scan-desc">Scan a specific directory</span>
-                    <div className="scan-custom-input">
-                        <input
-                            type="text"
-                            value={scanPath}
-                            onChange={(e) => setScanPath(e.target.value)}
-                            placeholder="/path/to/scan"
-                            disabled={isScanning}
-                            onClick={(e) => e.stopPropagation()}
-                        />
-                        <button
-                            className="btn btn-primary btn-sm"
-                            onClick={() => handleStartScan('custom')}
-                            disabled={isScanning || scanning || !scanPath}
-                        >
-                            Scan
-                        </button>
-                    </div>
-                </div>
-            </div>
-
-            <div className="scan-toolbar">
-                <button className="btn btn-sm btn-secondary" onClick={handleUpdateDefinitions} disabled={updating}>
-                    <svg viewBox="0 0 24 24" width="14" height="14" stroke="currentColor" fill="none" strokeWidth="2">
-                        <path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4"/>
-                        <polyline points="7 10 12 15 17 10"/>
-                        <line x1="12" y1="15" x2="12" y2="3"/>
-                    </svg>
-                    {updating ? 'Updating...' : 'Update Definitions'}
-                </button>
-            </div>
-
-            {isScanning && (
-                <div className="card scan-progress">
-                    <div className="card-header">
-                        <h3>Scan in Progress</h3>
-                        <button className="btn btn-sm btn-danger" onClick={handleCancelScan}>
-                            Cancel
-                        </button>
-                    </div>
-                    <div className="card-body">
-                        <div className="progress-info">
-                            <div className="spinner"></div>
-                            <div>
-                                <p><strong>Scanning:</strong> {scanStatus.directory}</p>
-                                <p><strong>Started:</strong> {new Date(scanStatus.started_at).toLocaleString()}</p>
-                                {scanStatus.files_scanned > 0 && (
-                                    <p><strong>Files scanned:</strong> {scanStatus.files_scanned}</p>
-                                )}
-                            </div>
-                        </div>
-                    </div>
-                </div>
-            )}
-
-            <div className="card">
-                <div className="card-header">
-                    <h3>Scan History</h3>
-                    <button className="btn btn-sm btn-secondary" onClick={loadHistory}>Refresh</button>
-                </div>
-                <div className="card-body">
-                    {history.length === 0 ? (
-                        <div className="empty-state-sm">
-                            <svg viewBox="0 0 24 24" width="40" height="40" stroke="currentColor" fill="none" strokeWidth="1.5">
-                                <circle cx="11" cy="11" r="8"/>
-                                <line x1="21" y1="21" x2="16.65" y2="16.65"/>
-                            </svg>
-                            <p>No scans have been run yet. Start a scan above to check for threats.</p>
-                        </div>
-                    ) : (
-                        <table className="table">
-                            <thead>
-                                <tr>
-                                    <th>Date</th>
-                                    <th>Directory</th>
-                                    <th>Status</th>
-                                    <th>Threats</th>
-                                </tr>
-                            </thead>
-                            <tbody>
-                                {history.map((scan, index) => (
-                                    <tr key={index}>
-                                        <td>{new Date(scan.started_at).toLocaleString()}</td>
-                                        <td className="path-cell">{scan.directory}</td>
-                                        <td>
-                                            <span className={`badge badge-${scan.status === 'completed' ? 'success' : scan.status === 'error' ? 'danger' : 'warning'}`}>
-                                                {scan.status}
-                                            </span>
-                                        </td>
-                                        <td>
-                                            {scan.infected_files?.length > 0 ? (
-                                                <span className="badge badge-danger">{scan.infected_files.length} found</span>
-                                            ) : (
-                                                <span className="badge badge-success">Clean</span>
-                                            )}
-                                        </td>
-                                    </tr>
-                                ))}
-                            </tbody>
-                        </table>
-                    )}
-                </div>
-            </div>
-        </div>
-    );
-};
-
-const QuarantineTab = () => {
-    const [files, setFiles] = useState([]);
-    const [loading, setLoading] = useState(true);
-    const [message, setMessage] = useState(null);
-
-    useEffect(() => {
-        loadFiles();
-    }, []);
-
-    async function loadFiles() {
-        try {
-            const data = await api.getQuarantinedFiles();
-            setFiles(data.files || []);
-        } catch (err) {
-            console.error('Failed to load quarantined files:', err);
-        } finally {
-            setLoading(false);
-        }
-    }
-
-    async function handleDelete(filename) {
-        if (!confirm(`Permanently delete ${filename}? This cannot be undone.`)) return;
-
-        try {
-            await api.deleteQuarantinedFile(filename);
-            setMessage({ type: 'success', text: 'File deleted' });
-            loadFiles();
-        } catch (err) {
-            setMessage({ type: 'error', text: err.message });
-        }
-    }
-
-    function formatBytes(bytes) {
-        if (!bytes) return '0 B';
-        const k = 1024;
-        const sizes = ['B', 'KB', 'MB', 'GB'];
-        const i = Math.floor(Math.log(bytes) / Math.log(k));
-        return parseFloat((bytes / Math.pow(k, i)).toFixed(1)) + ' ' + sizes[i];
-    }
-
-    return (
-        <div className="quarantine-tab">
-            {message && (
-                <div className={`alert alert-${message.type === 'success' ? 'success' : 'danger'}`}>
-                    {message.text}
-                </div>
-            )}
-
-            <div className="card">
-                <div className="card-header">
-                    <h3>Quarantined Files</h3>
-                    <button className="btn btn-sm btn-secondary" onClick={loadFiles}>Refresh</button>
-                </div>
-                <div className="card-body">
-                    {loading ? (
-                        <div className="loading-sm">Loading...</div>
-                    ) : files.length === 0 ? (
-                        <div className="empty-state">
-                            <svg viewBox="0 0 24 24" width="48" height="48" stroke="currentColor" fill="none" strokeWidth="1">
-                                <path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/>
-                                <polyline points="9 12 12 15 16 10"/>
-                            </svg>
-                            <p>No files in quarantine</p>
-                            <span className="text-muted">Infected files will appear here when detected</span>
-                        </div>
-                    ) : (
-                        <table className="table">
-                            <thead>
-                                <tr>
-                                    <th>Filename</th>
-                                    <th>Size</th>
-                                    <th>Quarantined</th>
-                                    <th>Actions</th>
-                                </tr>
-                            </thead>
-                            <tbody>
-                                {files.map((file, index) => (
-                                    <tr key={index}>
-                                        <td className="path-cell">{file.name}</td>
-                                        <td>{formatBytes(file.size)}</td>
-                                        <td>{new Date(file.quarantined_at).toLocaleString()}</td>
-                                        <td>
-                                            <button
-                                                className="btn btn-sm btn-danger"
-                                                onClick={() => handleDelete(file.name)}
-                                            >
-                                                Delete
-                                            </button>
-                                        </td>
-                                    </tr>
-                                ))}
-                            </tbody>
-                        </table>
-                    )}
-                </div>
-            </div>
-        </div>
-    );
-};
-
-const IntegrityTab = () => {
-    const [checking, setChecking] = useState(false);
-    const [initializing, setInitializing] = useState(false);
-    const [results, setResults] = useState(null);
-    const [message, setMessage] = useState(null);
-
-    async function handleInitialize() {
-        if (!confirm('This will create a new baseline for file integrity monitoring. Continue?')) return;
-
-        setInitializing(true);
-        setMessage(null);
-        try {
-            const result = await api.initializeIntegrityDatabase();
-            setMessage({ type: 'success', text: result.message });
-        } catch (err) {
-            setMessage({ type: 'error', text: err.message });
-        } finally {
-            setInitializing(false);
-        }
-    }
-
-    async function handleCheck() {
-        setChecking(true);
-        setMessage(null);
-        try {
-            const result = await api.checkFileIntegrity();
-            setResults(result);
-            if (result.total_changes === 0) {
-                setMessage({ type: 'success', text: 'No changes detected' });
-            }
-        } catch (err) {
-            setMessage({ type: 'error', text: err.message });
-        } finally {
-            setChecking(false);
-        }
-    }
-
-    return (
-        <div className="integrity-tab">
-            {message && (
-                <div className={`alert alert-${message.type === 'success' ? 'success' : 'danger'}`}>
-                    {message.text}
-                </div>
-            )}
-
-            <div className="card">
-                <div className="card-header">
-                    <h3>File Integrity Monitoring</h3>
-                </div>
-                <div className="card-body">
-                    <p className="description">
-                        File integrity monitoring tracks changes to critical system files. Initialize a baseline database,
-                        then periodically check for unauthorized modifications.
-                    </p>
-
-                    <div className="integrity-actions">
-                        <button
-                            className="btn btn-secondary"
-                            onClick={handleInitialize}
-                            disabled={initializing}
-                        >
-                            {initializing ? 'Initializing...' : 'Initialize Baseline'}
-                        </button>
-                        <button
-                            className="btn btn-primary"
-                            onClick={handleCheck}
-                            disabled={checking}
-                        >
-                            {checking ? 'Checking...' : 'Check Integrity'}
-                        </button>
-                    </div>
-                </div>
-            </div>
-
-            {results && results.total_changes > 0 && (
-                <div className="card">
-                    <div className="card-header">
-                        <h3>Changes Detected</h3>
-                        <span className="badge badge-warning">{results.total_changes} changes</span>
-                    </div>
-                    <div className="card-body">
-                        {results.changes.modified?.length > 0 && (
-                            <div className="change-section">
-                                <h4>Modified Files ({results.changes.modified.length})</h4>
-                                <ul className="file-list">
-                                    {results.changes.modified.map((file, i) => (
-                                        <li key={i}>{file.path}</li>
-                                    ))}
-                                </ul>
-                            </div>
-                        )}
-
-                        {results.changes.deleted?.length > 0 && (
-                            <div className="change-section">
-                                <h4>Deleted Files ({results.changes.deleted.length})</h4>
-                                <ul className="file-list">
-                                    {results.changes.deleted.map((file, i) => (
-                                        <li key={i}>{file}</li>
-                                    ))}
-                                </ul>
-                            </div>
-                        )}
-
-                        {results.changes.new?.length > 0 && (
-                            <div className="change-section">
-                                <h4>New Files ({results.changes.new.length})</h4>
-                                <ul className="file-list">
-                                    {results.changes.new.slice(0, 50).map((file, i) => (
-                                        <li key={i}>{file}</li>
-                                    ))}
-                                    {results.changes.new.length > 50 && (
-                                        <li className="text-muted">... and {results.changes.new.length - 50} more</li>
-                                    )}
-                                </ul>
-                            </div>
-                        )}
-
-                        {results.changes.permission_changed?.length > 0 && (
-                            <div className="change-section">
-                                <h4>Permission Changes ({results.changes.permission_changed.length})</h4>
-                                <ul className="file-list">
-                                    {results.changes.permission_changed.map((file, i) => (
-                                        <li key={i}>{file.path} ({file.old_mode} → {file.new_mode})</li>
-                                    ))}
-                                </ul>
-                            </div>
-                        )}
-                    </div>
-                </div>
-            )}
-        </div>
-    );
-};
-
-const EventsTab = () => {
-    const [events, setEvents] = useState([]);
-    const [failedLogins, setFailedLogins] = useState(null);
-    const [loading, setLoading] = useState(true);
-
-    useEffect(() => {
-        loadEvents();
-        loadFailedLogins();
-    }, []);
-
-    async function loadEvents() {
-        try {
-            const data = await api.getSecurityEvents(50);
-            setEvents(data.events || []);
-        } catch (err) {
-            console.error('Failed to load security events:', err);
-        } finally {
-            setLoading(false);
-        }
-    }
-
-    async function loadFailedLogins() {
-        try {
-            const data = await api.getFailedLogins(24);
-            setFailedLogins(data);
-        } catch (err) {
-            console.error('Failed to load failed logins:', err);
-        }
-    }
-
-    function getEventIcon(type) {
-        if (type.includes('malware')) {
-            return <svg viewBox="0 0 24 24" width="16" height="16" stroke="currentColor" fill="none" strokeWidth="2"><path d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"/></svg>;
-        }
-        if (type.includes('integrity')) {
-            return <svg viewBox="0 0 24 24" width="16" height="16" stroke="currentColor" fill="none" strokeWidth="2"><path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z"/><polyline points="14 2 14 8 20 8"/></svg>;
-        }
-        return <svg viewBox="0 0 24 24" width="16" height="16" stroke="currentColor" fill="none" strokeWidth="2"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/></svg>;
-    }
-
-    return (
-        <div className="events-tab">
-            {failedLogins && (
-                <div className={`card ${failedLogins.alert_triggered ? 'card-warning' : ''}`}>
-                    <div className="card-header">
-                        <h3>Failed Login Attempts (24h)</h3>
-                        <button className="btn btn-sm btn-secondary" onClick={loadFailedLogins}>Refresh</button>
-                    </div>
-                    <div className="card-body">
-                        <div className="failed-login-summary">
-                            <span className={`count ${failedLogins.alert_triggered ? 'danger' : ''}`}>
-                                {failedLogins.failed_attempts}
-                            </span>
-                            <span className="label">failed attempts (threshold: {failedLogins.threshold})</span>
-                        </div>
-                        {failedLogins.recent_failures?.length > 0 && (
-                            <details className="recent-failures">
-                                <summary>View recent failures</summary>
-                                <pre>{failedLogins.recent_failures.join('\n')}</pre>
-                            </details>
-                        )}
-                    </div>
-                </div>
-            )}
-
-            <div className="card">
-                <div className="card-header">
-                    <h3>Security Events</h3>
-                    <button className="btn btn-sm btn-secondary" onClick={loadEvents}>Refresh</button>
-                </div>
-                <div className="card-body">
-                    {loading ? (
-                        <div className="loading-sm">Loading...</div>
-                    ) : events.length === 0 ? (
-                        <p className="text-muted">No security events recorded.</p>
-                    ) : (
-                        <div className="events-list">
-                            {events.map((event, index) => (
-                                <div key={index} className={`event-item ${event.type}`}>
-                                    <div className="event-icon">{getEventIcon(event.type)}</div>
-                                    <div className="event-content">
-                                        <span className="event-message">{event.message}</span>
-                                        <span className="event-time">{new Date(event.timestamp).toLocaleString()}</span>
-                                    </div>
-                                </div>
-                            ))}
-                        </div>
-                    )}
-                </div>
-            </div>
-        </div>
-    );
-};
-
-const SettingsTab = () => {
-    const [config, setConfig] = useState(null);
-    const [loading, setLoading] = useState(true);
-    const [saving, setSaving] = useState(false);
-    const [message, setMessage] = useState(null);
-
-    useEffect(() => {
-        loadConfig();
-    }, []);
-
-    async function loadConfig() {
-        try {
-            const data = await api.getSecurityConfig();
-            setConfig(data);
-        } catch (err) {
-            console.error('Failed to load security config:', err);
-        } finally {
-            setLoading(false);
-        }
-    }
-
-    async function handleSave() {
-        setSaving(true);
-        setMessage(null);
-        try {
-            await api.updateSecurityConfig(config);
-            setMessage({ type: 'success', text: 'Settings saved' });
-        } catch (err) {
-            setMessage({ type: 'error', text: err.message });
-        } finally {
-            setSaving(false);
-        }
-    }
-
-    function updateConfig(section, key, value) {
-        setConfig(prev => ({
-            ...prev,
-            [section]: {
-                ...prev[section],
-                [key]: value
-            }
-        }));
-    }
-
-    if (loading) {
-        return <div className="loading-sm">Loading settings...</div>;
-    }
-
-    return (
-        <div className="settings-tab">
-            {message && (
-                <div className={`alert alert-${message.type === 'success' ? 'success' : 'danger'}`}>
-                    {message.text}
-                </div>
-            )}
-
-            <div className="card">
-                <div className="card-header">
-                    <h3>ClamAV Settings</h3>
-                </div>
-                <div className="card-body">
-                    <div className="form-group">
-                        <label className="toggle-switch-label">
-                            <span>Enable ClamAV scanning</span>
-                            <label className="toggle-switch">
-                                <input
-                                    type="checkbox"
-                                    checked={config?.clamav?.enabled || false}
-                                    onChange={(e) => updateConfig('clamav', 'enabled', e.target.checked)}
-                                />
-                                <span className="toggle-slider"></span>
-                            </label>
-                        </label>
-                    </div>
-
-                    <div className="form-group">
-                        <label className="toggle-switch-label">
-                            <span>Scan files on upload</span>
-                            <label className="toggle-switch">
-                                <input
-                                    type="checkbox"
-                                    checked={config?.clamav?.scan_on_upload || false}
-                                    onChange={(e) => updateConfig('clamav', 'scan_on_upload', e.target.checked)}
-                                />
-                                <span className="toggle-slider"></span>
-                            </label>
-                        </label>
-                    </div>
-
-                    <div className="form-group">
-                        <label>Quarantine Path</label>
-                        <input
-                            type="text"
-                            value={config?.clamav?.quarantine_path || '/var/quarantine'}
-                            onChange={(e) => updateConfig('clamav', 'quarantine_path', e.target.value)}
-                        />
-                    </div>
-                </div>
-            </div>
-
-            <div className="card">
-                <div className="card-header">
-                    <h3>File Integrity Settings</h3>
-                </div>
-                <div className="card-body">
-                    <div className="form-group">
-                        <label className="toggle-switch-label">
-                            <span>Enable file integrity monitoring</span>
-                            <label className="toggle-switch">
-                                <input
-                                    type="checkbox"
-                                    checked={config?.file_integrity?.enabled || false}
-                                    onChange={(e) => updateConfig('file_integrity', 'enabled', e.target.checked)}
-                                />
-                                <span className="toggle-slider"></span>
-                            </label>
-                        </label>
-                    </div>
-
-                    <div className="form-group">
-                        <label className="toggle-switch-label">
-                            <span>Alert on file changes</span>
-                            <label className="toggle-switch">
-                                <input
-                                    type="checkbox"
-                                    checked={config?.file_integrity?.alert_on_change || false}
-                                    onChange={(e) => updateConfig('file_integrity', 'alert_on_change', e.target.checked)}
-                                />
-                                <span className="toggle-slider"></span>
-                            </label>
-                        </label>
-                    </div>
-                </div>
-            </div>
-
-            <div className="card">
-                <div className="card-header">
-                    <h3>Notification Settings</h3>
-                </div>
-                <div className="card-body">
-                    <div className="form-group">
-                        <label className="toggle-switch-label">
-                            <span>Notify on malware detection</span>
-                            <label className="toggle-switch">
-                                <input
-                                    type="checkbox"
-                                    checked={config?.notifications?.on_malware_found || false}
-                                    onChange={(e) => updateConfig('notifications', 'on_malware_found', e.target.checked)}
-                                />
-                                <span className="toggle-slider"></span>
-                            </label>
-                        </label>
-                    </div>
-
-                    <div className="form-group">
-                        <label className="toggle-switch-label">
-                            <span>Notify on integrity changes</span>
-                            <label className="toggle-switch">
-                                <input
-                                    type="checkbox"
-                                    checked={config?.notifications?.on_integrity_change || false}
-                                    onChange={(e) => updateConfig('notifications', 'on_integrity_change', e.target.checked)}
-                                />
-                                <span className="toggle-slider"></span>
-                            </label>
-                        </label>
-                    </div>
-
-                    <div className="form-group">
-                        <label className="toggle-switch-label">
-                            <span>Notify on suspicious activity</span>
-                            <label className="toggle-switch">
-                                <input
-                                    type="checkbox"
-                                    checked={config?.notifications?.on_suspicious_activity || false}
-                                    onChange={(e) => updateConfig('notifications', 'on_suspicious_activity', e.target.checked)}
-                                />
-                                <span className="toggle-slider"></span>
-                            </label>
-                        </label>
-                    </div>
-                </div>
-            </div>
-
-            <div className="form-actions">
-                <button className="btn btn-primary" onClick={handleSave} disabled={saving}>
-                    {saving ? 'Saving...' : 'Save Settings'}
-                </button>
-            </div>
-        </div>
-    );
-};
-
-const Fail2banTab = () => {
-    const [status, setStatus] = useState(null);
-    const [bans, setBans] = useState([]);
-    const [loading, setLoading] = useState(true);
-    const [actionLoading, setActionLoading] = useState(false);
-    const [showBanModal, setShowBanModal] = useState(false);
-    const [banIP, setBanIP] = useState('');
-    const [banJail, setBanJail] = useState('sshd');
-    const [confirmDialog, setConfirmDialog] = useState(null);
-    const toast = useToast();
-
-    useEffect(() => {
-        loadData();
-    }, []);
-
-    const loadData = async () => {
-        setLoading(true);
-        try {
-            const [statusData, bansData] = await Promise.all([
-                api.getFail2banStatus(),
-                api.getAllFail2banBans().catch(() => ({ banned_ips: [] }))
-            ]);
-            setStatus(statusData);
-            setBans(bansData.banned_ips || []);
-        } catch (error) {
-            console.error('Failed to load Fail2ban data:', error);
-        } finally {
-            setLoading(false);
-        }
-    };
-
-    const handleInstall = async () => {
-        setActionLoading(true);
-        try {
-            await api.installFail2ban();
-            toast.success('Fail2ban installed successfully');
-            await loadData();
-        } catch (error) {
-            toast.error(`Failed to install: ${error.message}`);
-        } finally {
-            setActionLoading(false);
-        }
-    };
-
-    const handleBan = async () => {
-        if (!banIP.trim()) return;
-        setActionLoading(true);
-        try {
-            await api.fail2banBan(banIP, banJail);
-            toast.success(`IP ${banIP} banned in ${banJail}`);
-            setShowBanModal(false);
-            setBanIP('');
-            await loadData();
-        } catch (error) {
-            toast.error(`Failed to ban IP: ${error.message}`);
-        } finally {
-            setActionLoading(false);
-        }
-    };
-
-    const handleUnban = async (ip, jail) => {
-        setConfirmDialog({
-            title: 'Unban IP',
-            message: `Are you sure you want to unban ${ip} from ${jail}?`,
-            confirmText: 'Unban',
-            variant: 'warning',
-            onConfirm: async () => {
-                try {
-                    await api.fail2banUnban(ip, jail);
-                    toast.success(`IP ${ip} unbanned`);
-                    await loadData();
-                } catch (error) {
-                    toast.error(`Failed to unban: ${error.message}`);
-                }
-                setConfirmDialog(null);
-            },
-            onCancel: () => setConfirmDialog(null)
-        });
-    };
-
-    if (loading) {
-        return <div className="loading-sm">Loading Fail2ban status...</div>;
-    }
-
-    return (
-        <div className="fail2ban-tab">
-            {!status?.installed ? (
-                <div className="empty-state">
-                    <svg viewBox="0 0 24 24" width="48" height="48" stroke="currentColor" fill="none" strokeWidth="1">
-                        <path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/>
-                    </svg>
-                    <h3>Fail2ban Not Installed</h3>
-                    <p>Install Fail2ban to protect against brute force attacks.</p>
-                    <button className="btn btn-primary" onClick={handleInstall} disabled={actionLoading}>
-                        {actionLoading ? 'Installing...' : 'Install Fail2ban'}
-                    </button>
-                </div>
-            ) : (
-                <>
-                    <div className="card">
-                        <div className="card-header">
-                            <h3>Fail2ban Status</h3>
-                            <div className="card-actions">
-                                <button className="btn btn-sm btn-primary" onClick={() => setShowBanModal(true)}>
-                                    Ban IP
-                                </button>
-                                <button className="btn btn-sm btn-secondary" onClick={loadData}>
-                                    Refresh
-                                </button>
-                            </div>
-                        </div>
-                        <div className="card-body">
-                            <div className="info-list">
-                                <div className="info-item">
-                                    <span className="info-label">Service</span>
-                                    <span className={`badge ${status.service_running ? 'badge-success' : 'badge-danger'}`}>
-                                        {status.service_running ? 'Running' : 'Stopped'}
-                                    </span>
-                                </div>
-                                <div className="info-item">
-                                    <span className="info-label">Version</span>
-                                    <span className="info-value">{status.version || 'Unknown'}</span>
-                                </div>
-                                <div className="info-item">
-                                    <span className="info-label">Active Jails</span>
-                                    <span className="info-value">{status.jails?.join(', ') || 'None'}</span>
-                                </div>
-                                <div className="info-item">
-                                    <span className="info-label">Total Banned IPs</span>
-                                    <span className="info-value">{bans.length}</span>
-                                </div>
-                            </div>
-                        </div>
-                    </div>
-
-                    <div className="card">
-                        <div className="card-header">
-                            <h3>Banned IPs</h3>
-                        </div>
-                        <div className="card-body">
-                            {bans.length === 0 ? (
-                                <p className="text-muted">No IPs are currently banned.</p>
-                            ) : (
-                                <table className="table">
-                                    <thead>
-                                        <tr>
-                                            <th>IP Address</th>
-                                            <th>Jail</th>
-                                            <th>Actions</th>
-                                        </tr>
-                                    </thead>
-                                    <tbody>
-                                        {bans.map((ban, index) => (
-                                            <tr key={index}>
-                                                <td><code>{ban.ip}</code></td>
-                                                <td><span className="badge badge-info">{ban.jail}</span></td>
-                                                <td>
-                                                    <button className="btn btn-sm btn-warning" onClick={() => handleUnban(ban.ip, ban.jail)}>
-                                                        Unban
-                                                    </button>
-                                                </td>
-                                            </tr>
-                                        ))}
-                                    </tbody>
-                                </table>
-                            )}
-                        </div>
-                    </div>
-                </>
-            )}
-
-            {showBanModal && (
-                <div className="modal-overlay" onClick={() => setShowBanModal(false)}>
-                    <div className="modal" onClick={(e) => e.stopPropagation()}>
-                        <div className="modal-header">
-                            <h2>Ban IP Address</h2>
-                            <button className="btn btn-icon" onClick={() => setShowBanModal(false)}>×</button>
-                        </div>
-                        <div className="modal-body">
-                            <div className="form-group">
-                                <label>IP Address</label>
-                                <input
-                                    type="text"
-                                    value={banIP}
-                                    onChange={(e) => setBanIP(e.target.value)}
-                                    placeholder="192.168.1.100"
-                                />
-                            </div>
-                            <div className="form-group">
-                                <label>Jail</label>
-                                <select value={banJail} onChange={(e) => setBanJail(e.target.value)}>
-                                    {status?.jails?.map(jail => (
-                                        <option key={jail} value={jail}>{jail}</option>
-                                    ))}
-                                </select>
-                            </div>
-                        </div>
-                        <div className="modal-footer">
-                            <button className="btn btn-secondary" onClick={() => setShowBanModal(false)}>Cancel</button>
-                            <button className="btn btn-danger" onClick={handleBan} disabled={actionLoading || !banIP.trim()}>
-                                {actionLoading ? 'Banning...' : 'Ban IP'}
-                            </button>
-                        </div>
-                    </div>
-                </div>
-            )}
-
-            {confirmDialog && (
-                <ConfirmDialog
-                    title={confirmDialog.title}
-                    message={confirmDialog.message}
-                    confirmText={confirmDialog.confirmText}
-                    variant={confirmDialog.variant}
-                    onConfirm={confirmDialog.onConfirm}
-                    onCancel={confirmDialog.onCancel}
-                />
-            )}
-        </div>
-    );
-};
-
-const SSHKeysTab = () => {
-    const [keys, setKeys] = useState([]);
-    const [loading, setLoading] = useState(true);
-    const [showAddModal, setShowAddModal] = useState(false);
-    const [newKey, setNewKey] = useState('');
-    const [actionLoading, setActionLoading] = useState(false);
-    const [confirmDialog, setConfirmDialog] = useState(null);
-    const toast = useToast();
-
-    useEffect(() => {
-        loadKeys();
-    }, []);
-
-    const loadKeys = async () => {
-        setLoading(true);
-        try {
-            const data = await api.getSSHKeys();
-            setKeys(data.keys || []);
-        } catch (error) {
-            console.error('Failed to load SSH keys:', error);
-        } finally {
-            setLoading(false);
-        }
-    };
-
-    const handleAddKey = async () => {
-        if (!newKey.trim()) return;
-        setActionLoading(true);
-        try {
-            await api.addSSHKey(newKey);
-            toast.success('SSH key added successfully');
-            setShowAddModal(false);
-            setNewKey('');
-            await loadKeys();
-        } catch (error) {
-            toast.error(`Failed to add key: ${error.message}`);
-        } finally {
-            setActionLoading(false);
-        }
-    };
-
-    const handleRemoveKey = async (keyId, comment) => {
-        setConfirmDialog({
-            title: 'Remove SSH Key',
-            message: `Are you sure you want to remove the SSH key${comment ? ` "${comment}"` : ''}? This may lock you out if it's your only key.`,
-            confirmText: 'Remove',
-            variant: 'danger',
-            onConfirm: async () => {
-                try {
-                    await api.removeSSHKey(keyId);
-                    toast.success('SSH key removed');
-                    await loadKeys();
-                } catch (error) {
-                    toast.error(`Failed to remove key: ${error.message}`);
-                }
-                setConfirmDialog(null);
-            },
-            onCancel: () => setConfirmDialog(null)
-        });
-    };
-
-    return (
-        <div className="ssh-keys-tab">
-            <div className="card">
-                <div className="card-header">
-                    <h3>SSH Authorized Keys</h3>
-                    <div className="card-actions">
-                        <button className="btn btn-sm btn-primary" onClick={() => setShowAddModal(true)}>
-                            Add Key
-                        </button>
-                        <button className="btn btn-sm btn-secondary" onClick={loadKeys}>
-                            Refresh
-                        </button>
-                    </div>
-                </div>
-                <div className="card-body">
-                    {loading ? (
-                        <div className="loading-sm">Loading...</div>
-                    ) : keys.length === 0 ? (
-                        <div className="empty-state-sm">
-                            <p>No SSH keys configured for root user.</p>
-                            <button className="btn btn-primary" onClick={() => setShowAddModal(true)}>
-                                Add SSH Key
-                            </button>
-                        </div>
-                    ) : (
-                        <table className="table">
-                            <thead>
-                                <tr>
-                                    <th>Type</th>
-                                    <th>Fingerprint</th>
-                                    <th>Comment</th>
-                                    <th>Actions</th>
-                                </tr>
-                            </thead>
-                            <tbody>
-                                {keys.map((key) => (
-                                    <tr key={key.id}>
-                                        <td><code>{key.type}</code></td>
-                                        <td><code className="fingerprint">{key.fingerprint}</code></td>
-                                        <td>{key.comment || '-'}</td>
-                                        <td>
-                                            <button className="btn btn-sm btn-danger" onClick={() => handleRemoveKey(key.id, key.comment)}>
-                                                Remove
-                                            </button>
-                                        </td>
-                                    </tr>
-                                ))}
-                            </tbody>
-                        </table>
-                    )}
-                </div>
-            </div>
-
-            {showAddModal && (
-                <div className="modal-overlay" onClick={() => setShowAddModal(false)}>
-                    <div className="modal modal-lg" onClick={(e) => e.stopPropagation()}>
-                        <div className="modal-header">
-                            <h2>Add SSH Public Key</h2>
-                            <button className="btn btn-icon" onClick={() => setShowAddModal(false)}>×</button>
-                        </div>
-                        <div className="modal-body">
-                            <div className="form-group">
-                                <label>Public Key</label>
-                                <textarea
-                                    value={newKey}
-                                    onChange={(e) => setNewKey(e.target.value)}
-                                    placeholder="ssh-rsa AAAA... user@host or ssh-ed25519 AAAA... user@host"
-                                    rows={4}
-                                />
-                                <p className="help-text">Paste your SSH public key (typically from ~/.ssh/id_rsa.pub or ~/.ssh/id_ed25519.pub)</p>
-                            </div>
-                        </div>
-                        <div className="modal-footer">
-                            <button className="btn btn-secondary" onClick={() => setShowAddModal(false)}>Cancel</button>
-                            <button className="btn btn-primary" onClick={handleAddKey} disabled={actionLoading || !newKey.trim()}>
-                                {actionLoading ? 'Adding...' : 'Add Key'}
-                            </button>
-                        </div>
-                    </div>
-                </div>
-            )}
-
-            {confirmDialog && (
-                <ConfirmDialog
-                    title={confirmDialog.title}
-                    message={confirmDialog.message}
-                    confirmText={confirmDialog.confirmText}
-                    variant={confirmDialog.variant}
-                    onConfirm={confirmDialog.onConfirm}
-                    onCancel={confirmDialog.onCancel}
-                />
-            )}
-        </div>
-    );
-};
-
-const IPListsTab = () => {
-    const [lists, setLists] = useState({ allowlist: [], blocklist: [] });
-    const [loading, setLoading] = useState(true);
-    const [showAddModal, setShowAddModal] = useState(null);
-    const [newIP, setNewIP] = useState('');
-    const [newComment, setNewComment] = useState('');
-    const [actionLoading, setActionLoading] = useState(false);
-    const [confirmDialog, setConfirmDialog] = useState(null);
-    const toast = useToast();
-
-    useEffect(() => {
-        loadLists();
-    }, []);
-
-    const loadLists = async () => {
-        setLoading(true);
-        try {
-            const data = await api.getIPLists();
-            setLists({
-                allowlist: data.allowlist || [],
-                blocklist: data.blocklist || []
-            });
-        } catch (error) {
-            console.error('Failed to load IP lists:', error);
-        } finally {
-            setLoading(false);
-        }
-    };
-
-    const handleAdd = async () => {
-        if (!newIP.trim()) return;
-        setActionLoading(true);
-        try {
-            await api.addToIPList(newIP, showAddModal, newComment);
-            toast.success(`IP added to ${showAddModal}`);
-            setShowAddModal(null);
-            setNewIP('');
-            setNewComment('');
-            await loadLists();
-        } catch (error) {
-            toast.error(`Failed to add IP: ${error.message}`);
-        } finally {
-            setActionLoading(false);
-        }
-    };
-
-    const handleRemove = async (ip, listType) => {
-        setConfirmDialog({
-            title: `Remove from ${listType}`,
-            message: `Are you sure you want to remove ${ip} from the ${listType}?`,
-            confirmText: 'Remove',
-            variant: 'warning',
-            onConfirm: async () => {
-                try {
-                    await api.removeFromIPList(ip, listType);
-                    toast.success(`IP removed from ${listType}`);
-                    await loadLists();
-                } catch (error) {
-                    toast.error(`Failed to remove IP: ${error.message}`);
-                }
-                setConfirmDialog(null);
-            },
-            onCancel: () => setConfirmDialog(null)
-        });
-    };
-
-    const renderList = (title, listType, items, badgeClass) => (
-        <div className="card">
-            <div className="card-header">
-                <h3>{title}</h3>
-                <button className="btn btn-sm btn-primary" onClick={() => setShowAddModal(listType)}>
-                    Add IP
-                </button>
-            </div>
-            <div className="card-body">
-                {items.length === 0 ? (
-                    <p className="text-muted">No IPs in {listType}.</p>
-                ) : (
-                    <div className="ip-list">
-                        {items.map((item, index) => (
-                            <div key={index} className="ip-list-item">
-                                <div className="ip-info">
-                                    <code className={badgeClass}>{item.ip}</code>
-                                    {item.comment && <span className="ip-comment">{item.comment}</span>}
-                                    <span className="ip-date">{new Date(item.added_at).toLocaleDateString()}</span>
-                                </div>
-                                <button className="btn btn-sm btn-danger" onClick={() => handleRemove(item.ip, listType)}>
-                                    Remove
-                                </button>
-                            </div>
-                        ))}
-                    </div>
-                )}
-            </div>
-        </div>
-    );
-
-    if (loading) {
-        return <div className="loading-sm">Loading IP lists...</div>;
-    }
-
-    return (
-        <div className="ip-lists-tab">
-            <div className="ip-lists-grid">
-                {renderList('Allowlist', 'allowlist', lists.allowlist, 'ip-allowed')}
-                {renderList('Blocklist', 'blocklist', lists.blocklist, 'ip-blocked')}
-            </div>
-
-            {showAddModal && (
-                <div className="modal-overlay" onClick={() => setShowAddModal(null)}>
-                    <div className="modal" onClick={(e) => e.stopPropagation()}>
-                        <div className="modal-header">
-                            <h2>Add to {showAddModal}</h2>
-                            <button className="btn btn-icon" onClick={() => setShowAddModal(null)}>×</button>
-                        </div>
-                        <div className="modal-body">
-                            <div className="form-group">
-                                <label>IP Address or CIDR</label>
-                                <input
-                                    type="text"
-                                    value={newIP}
-                                    onChange={(e) => setNewIP(e.target.value)}
-                                    placeholder="192.168.1.100 or 10.0.0.0/24"
-                                />
-                            </div>
-                            <div className="form-group">
-                                <label>Comment (optional)</label>
-                                <input
-                                    type="text"
-                                    value={newComment}
-                                    onChange={(e) => setNewComment(e.target.value)}
-                                    placeholder="Office IP, VPN, etc."
-                                />
-                            </div>
-                        </div>
-                        <div className="modal-footer">
-                            <button className="btn btn-secondary" onClick={() => setShowAddModal(null)}>Cancel</button>
-                            <button className="btn btn-primary" onClick={handleAdd} disabled={actionLoading || !newIP.trim()}>
-                                {actionLoading ? 'Adding...' : 'Add'}
-                            </button>
-                        </div>
-                    </div>
-                </div>
-            )}
-
-            {confirmDialog && (
-                <ConfirmDialog
-                    title={confirmDialog.title}
-                    message={confirmDialog.message}
-                    confirmText={confirmDialog.confirmText}
-                    variant={confirmDialog.variant}
-                    onConfirm={confirmDialog.onConfirm}
-                    onCancel={confirmDialog.onCancel}
-                />
-            )}
-        </div>
-    );
-};
-
-const AuditTab = () => {
-    const [audit, setAudit] = useState(null);
-    const [loading, setLoading] = useState(false);
-    const [error, setError] = useState(null);
-
-    const runAudit = async () => {
-        setLoading(true);
-        setError(null);
-        try {
-            const data = await api.generateSecurityAudit();
-            setAudit(data.audit);
-        } catch (err) {
-            setError(err.message);
-        } finally {
-            setLoading(false);
-        }
-    };
-
-    const getSeverityClass = (severity) => {
-        switch (severity) {
-            case 'pass': return 'badge-success';
-            case 'critical': return 'badge-danger';
-            case 'warning': return 'badge-warning';
-            case 'info': return 'badge-info';
-            default: return 'badge-secondary';
-        }
-    };
-
-    const getScoreClass = (score) => {
-        if (score >= 80) return 'score-excellent';
-        if (score >= 60) return 'score-good';
-        if (score >= 40) return 'score-fair';
-        return 'score-poor';
-    };
-
-    return (
-        <div className="audit-tab">
-            <div className="card">
-                <div className="card-header">
-                    <h3>Security Audit</h3>
-                    <button className="btn btn-primary" onClick={runAudit} disabled={loading}>
-                        {loading ? 'Running Audit...' : 'Run Audit'}
-                    </button>
-                </div>
-                <div className="card-body">
-                    {error && <div className="alert alert-danger">{error}</div>}
-
-                    {!audit && !loading && (
-                        <div className="empty-state">
-                            <svg viewBox="0 0 24 24" width="48" height="48" stroke="currentColor" fill="none" strokeWidth="1">
-                                <path d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4"/>
-                            </svg>
-                            <p>Run a security audit to check your server's configuration.</p>
-                        </div>
-                    )}
-
-                    {loading && (
-                        <div className="loading-state">
-                            <div className="spinner"></div>
-                            <p>Running security audit...</p>
-                        </div>
-                    )}
-
-                    {audit && !loading && (
-                        <div className="audit-results">
-                            <div className={`audit-score ${getScoreClass(audit.score)}`}>
-                                <span className="score-value">{audit.score}</span>
-                                <span className="score-label">Security Score</span>
-                            </div>
-
-                            <div className="audit-timestamp">
-                                Generated: {new Date(audit.generated_at).toLocaleString()}
-                            </div>
-
-                            {Object.entries(audit.services || {}).map(([service, data]) => (
-                                <div key={service} className="audit-section">
-                                    <h4>{service.toUpperCase()}</h4>
-                                    <div className="findings-list">
-                                        {data.findings?.map((finding, idx) => (
-                                            <div key={idx} className="finding-item">
-                                                <span className={`badge ${getSeverityClass(finding.severity)}`}>
-                                                    {finding.severity}
-                                                </span>
-                                                <span className="finding-message">{finding.message}</span>
-                                            </div>
-                                        ))}
-                                    </div>
-                                </div>
-                            ))}
-
-                            {audit.recommendations?.length > 0 && (
-                                <div className="audit-section recommendations">
-                                    <h4>Recommendations</h4>
-                                    <ul>
-                                        {audit.recommendations.map((rec, idx) => (
-                                            <li key={idx}>{rec}</li>
-                                        ))}
-                                    </ul>
-                                </div>
-                            )}
-                        </div>
-                    )}
-                </div>
-            </div>
-        </div>
-    );
-};
-
-const VulnerabilityTab = () => {
-    const [lynisStatus, setLynisStatus] = useState(null);
-    const [scanStatus, setScanStatus] = useState(null);
-    const [loading, setLoading] = useState(true);
-    const [actionLoading, setActionLoading] = useState(false);
-    const toast = useToast();
-
-    useEffect(() => {
-        loadStatus();
-    }, []);
-
-    useEffect(() => {
-        let interval;
-        if (scanStatus?.status === 'running') {
-            interval = setInterval(loadScanStatus, 5000);
-        }
-        return () => clearInterval(interval);
-    }, [scanStatus?.status]);
-
-    const loadStatus = async () => {
-        setLoading(true);
-        try {
-            const [lynis, scan] = await Promise.all([
-                api.getLynisStatus(),
-                api.getLynisScanStatus()
-            ]);
-            setLynisStatus(lynis);
-            setScanStatus(scan);
-        } catch (error) {
-            console.error('Failed to load Lynis status:', error);
-        } finally {
-            setLoading(false);
-        }
-    };
-
-    const loadScanStatus = async () => {
-        try {
-            const scan = await api.getLynisScanStatus();
-            setScanStatus(scan);
-        } catch (error) {
-            console.error('Failed to load scan status:', error);
-        }
-    };
-
-    const handleInstall = async () => {
-        setActionLoading(true);
-        try {
-            await api.installLynis();
-            toast.success('Lynis installed successfully');
-            await loadStatus();
-        } catch (error) {
-            toast.error(`Failed to install: ${error.message}`);
-        } finally {
-            setActionLoading(false);
-        }
-    };
-
-    const handleStartScan = async () => {
-        setActionLoading(true);
-        try {
-            await api.runLynisScan();
-            toast.success('Vulnerability scan started');
-            await loadScanStatus();
-        } catch (error) {
-            toast.error(`Failed to start scan: ${error.message}`);
-        } finally {
-            setActionLoading(false);
-        }
-    };
-
-    if (loading) {
-        return <div className="loading-sm">Loading vulnerability scanner status...</div>;
-    }
-
-    return (
-        <div className="vulnerability-tab">
-            {!lynisStatus?.installed ? (
-                <div className="empty-state">
-                    <svg viewBox="0 0 24 24" width="48" height="48" stroke="currentColor" fill="none" strokeWidth="1">
-                        <circle cx="12" cy="12" r="10"/>
-                        <circle cx="12" cy="12" r="6"/>
-                        <circle cx="12" cy="12" r="2"/>
-                    </svg>
-                    <h3>Lynis Not Installed</h3>
-                    <p>Install Lynis to perform security audits and vulnerability scanning.</p>
-                    <button className="btn btn-primary" onClick={handleInstall} disabled={actionLoading}>
-                        {actionLoading ? 'Installing...' : 'Install Lynis'}
-                    </button>
-                </div>
-            ) : (
-                <>
-                    <div className="card">
-                        <div className="card-header">
-                            <h3>Lynis Vulnerability Scanner</h3>
-                            <button
-                                className="btn btn-primary"
-                                onClick={handleStartScan}
-                                disabled={actionLoading || scanStatus?.status === 'running'}
-                            >
-                                {scanStatus?.status === 'running' ? 'Scanning...' : 'Start Scan'}
-                            </button>
-                        </div>
-                        <div className="card-body">
-                            <div className="info-list">
-                                <div className="info-item">
-                                    <span className="info-label">Version</span>
-                                    <span className="info-value">{lynisStatus.version || 'Unknown'}</span>
-                                </div>
-                                <div className="info-item">
-                                    <span className="info-label">Scan Status</span>
-                                    <span className={`badge badge-${scanStatus?.status === 'completed' ? 'success' : scanStatus?.status === 'running' ? 'info' : 'secondary'}`}>
-                                        {scanStatus?.status || 'Idle'}
-                                    </span>
-                                </div>
-                            </div>
-                        </div>
-                    </div>
-
-                    {scanStatus?.status === 'running' && (
-                        <div className="card scan-progress">
-                            <div className="card-header">
-                                <h3>Scan in Progress</h3>
-                            </div>
-                            <div className="card-body">
-                                <div className="progress-info">
-                                    <div className="spinner"></div>
-                                    <p>Scanning system for vulnerabilities...</p>
-                                    <p className="text-muted">Started: {new Date(scanStatus.started_at).toLocaleString()}</p>
-                                </div>
-                            </div>
-                        </div>
-                    )}
-
-                    {scanStatus?.status === 'completed' && (
-                        <div className="card">
-                            <div className="card-header">
-                                <h3>Scan Results</h3>
-                                {scanStatus.hardening_index && (
-                                    <span className={`badge badge-${scanStatus.hardening_index >= 70 ? 'success' : scanStatus.hardening_index >= 50 ? 'warning' : 'danger'}`}>
-                                        Hardening Index: {scanStatus.hardening_index}
-                                    </span>
-                                )}
-                            </div>
-                            <div className="card-body">
-                                {scanStatus.warnings?.length > 0 && (
-                                    <div className="scan-section">
-                                        <h4>Warnings ({scanStatus.warnings.length})</h4>
-                                        <ul className="findings-list compact">
-                                            {scanStatus.warnings.slice(0, 20).map((warning, idx) => (
-                                                <li key={idx} className="warning">{warning}</li>
-                                            ))}
-                                            {scanStatus.warnings.length > 20 && (
-                                                <li className="text-muted">...and {scanStatus.warnings.length - 20} more</li>
-                                            )}
-                                        </ul>
-                                    </div>
-                                )}
-
-                                {scanStatus.suggestions?.length > 0 && (
-                                    <div className="scan-section">
-                                        <h4>Suggestions ({scanStatus.suggestions.length})</h4>
-                                        <ul className="findings-list compact">
-                                            {scanStatus.suggestions.slice(0, 20).map((suggestion, idx) => (
-                                                <li key={idx} className="suggestion">{suggestion}</li>
-                                            ))}
-                                            {scanStatus.suggestions.length > 20 && (
-                                                <li className="text-muted">...and {scanStatus.suggestions.length - 20} more</li>
-                                            )}
-                                        </ul>
-                                    </div>
-                                )}
-                            </div>
-                        </div>
-                    )}
-                </>
-            )}
-        </div>
-    );
-};
-
-const AutoUpdatesTab = () => {
-    const [status, setStatus] = useState(null);
-    const [loading, setLoading] = useState(true);
-    const [actionLoading, setActionLoading] = useState(false);
-    const toast = useToast();
-
-    useEffect(() => {
-        loadStatus();
-    }, []);
-
-    const loadStatus = async () => {
-        setLoading(true);
-        try {
-            const data = await api.getAutoUpdatesStatus();
-            setStatus(data);
-        } catch (error) {
-            console.error('Failed to load auto-updates status:', error);
-        } finally {
-            setLoading(false);
-        }
-    };
-
-    const handleInstall = async () => {
-        setActionLoading(true);
-        try {
-            await api.installAutoUpdates();
-            toast.success('Auto-updates package installed');
-            await loadStatus();
-        } catch (error) {
-            toast.error(`Failed to install: ${error.message}`);
-        } finally {
-            setActionLoading(false);
-        }
-    };
-
-    const handleEnable = async () => {
-        setActionLoading(true);
-        try {
-            await api.enableAutoUpdates();
-            toast.success('Automatic updates enabled');
-            await loadStatus();
-        } catch (error) {
-            toast.error(`Failed to enable: ${error.message}`);
-        } finally {
-            setActionLoading(false);
-        }
-    };
-
-    const handleDisable = async () => {
-        setActionLoading(true);
-        try {
-            await api.disableAutoUpdates();
-            toast.success('Automatic updates disabled');
-            await loadStatus();
-        } catch (error) {
-            toast.error(`Failed to disable: ${error.message}`);
-        } finally {
-            setActionLoading(false);
-        }
-    };
-
-    if (loading) {
-        return <div className="loading-sm">Loading auto-updates status...</div>;
-    }
-
-    if (!status?.supported) {
-        return (
-            <div className="auto-updates-tab">
-                <div className="empty-state">
-                    <svg viewBox="0 0 24 24" width="48" height="48" stroke="currentColor" fill="none" strokeWidth="1">
-                        <path d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"/>
-                    </svg>
-                    <h3>Not Supported</h3>
-                    <p>Automatic security updates are not supported on this system.</p>
-                </div>
-            </div>
-        );
-    }
-
-    return (
-        <div className="auto-updates-tab">
-            <div className="card">
-                <div className="card-header">
-                    <h3>Automatic Security Updates</h3>
-                    <button className="btn btn-sm btn-secondary" onClick={loadStatus}>Refresh</button>
-                </div>
-                <div className="card-body">
-                    <div className="info-list">
-                        <div className="info-item">
-                            <span className="info-label">Package</span>
-                            <span className="info-value">{status.package}</span>
-                        </div>
-                        <div className="info-item">
-                            <span className="info-label">Installed</span>
-                            <span className={`badge ${status.installed ? 'badge-success' : 'badge-warning'}`}>
-                                {status.installed ? 'Yes' : 'No'}
-                            </span>
-                        </div>
-                        <div className="info-item">
-                            <span className="info-label">Status</span>
-                            <span className={`badge ${status.enabled ? 'badge-success' : 'badge-secondary'}`}>
-                                {status.enabled ? 'Enabled' : 'Disabled'}
-                            </span>
-                        </div>
-                    </div>
-
-                    <div className="auto-updates-actions" style={{ marginTop: '1.5rem' }}>
-                        {!status.installed ? (
-                            <button className="btn btn-primary" onClick={handleInstall} disabled={actionLoading}>
-                                {actionLoading ? 'Installing...' : 'Install Auto-Updates'}
-                            </button>
-                        ) : status.enabled ? (
-                            <button className="btn btn-warning" onClick={handleDisable} disabled={actionLoading}>
-                                {actionLoading ? 'Disabling...' : 'Disable Auto-Updates'}
-                            </button>
-                        ) : (
-                            <button className="btn btn-success" onClick={handleEnable} disabled={actionLoading}>
-                                {actionLoading ? 'Enabling...' : 'Enable Auto-Updates'}
-                            </button>
-                        )}
-                    </div>
-
-                    <div className="help-text" style={{ marginTop: '1.5rem' }}>
-                        <p>
-                            <strong>What are automatic security updates?</strong><br/>
-                            When enabled, your server will automatically download and install security updates,
-                            helping protect against known vulnerabilities without manual intervention.
-                        </p>
-                    </div>
-                </div>
+                {activeTab === 'settings' && <SecurityConfigTab />}
             </div>
         </div>
     );
diff --git a/frontend/src/pages/ServerDetail.jsx b/frontend/src/pages/ServerDetail.jsx
index 60ecffb8..2ef1843a 100644
--- a/frontend/src/pages/ServerDetail.jsx
+++ b/frontend/src/pages/ServerDetail.jsx
@@ -3,10 +3,13 @@ import { useParams, Link, useNavigate } from 'react-router-dom';
 import api from '../services/api';
 import { useToast } from '../contexts/ToastContext';
 import MetricsGraph from '../components/MetricsGraph';
+import { useConfirm } from '../hooks/useConfirm';
+import { ConfirmDialog } from '../components/ConfirmDialog';
 
 const ServerDetail = () => {
     const { id, tab } = useParams();
     const navigate = useNavigate();
+    const { confirm, confirmState, handleConfirm, handleCancel } = useConfirm();
     const [server, setServer] = useState(null);
     const [metrics, setMetrics] = useState(null);
     const [systemInfo, setSystemInfo] = useState(null);
@@ -68,7 +71,8 @@ const ServerDetail = () => {
     }, [server, loadMetrics, loadSystemInfo]);
 
     async function handleDeleteServer() {
-        if (!confirm('Are you sure you want to remove this server? This action cannot be undone.')) return;
+        const confirmed = await confirm({ title: 'Remove Server', message: 'Are you sure you want to remove this server? This action cannot be undone.' });
+        if (!confirmed) return;
 
         try {
             await api.deleteServer(id);
@@ -94,7 +98,8 @@ const ServerDetail = () => {
     }
 
     async function handleRegenerateToken() {
-        if (!confirm('Generate a new registration token? The old token will be invalidated.')) return;
+        const tokenConfirmed = await confirm({ title: 'Regenerate Token', message: 'Generate a new registration token? The old token will be invalidated.', variant: 'warning' });
+        if (!tokenConfirmed) return;
 
         try {
             const result = await api.generateRegistrationToken(id);
@@ -235,6 +240,16 @@ const ServerDetail = () => {
                     onClose={() => setShowTokenModal(false)}
                 />
             )}
+            <ConfirmDialog
+                isOpen={confirmState.isOpen}
+                title={confirmState.title}
+                message={confirmState.message}
+                confirmText={confirmState.confirmText}
+                cancelText={confirmState.cancelText}
+                variant={confirmState.variant}
+                onConfirm={handleConfirm}
+                onCancel={handleCancel}
+            />
         </div>
     );
 };
@@ -397,6 +412,7 @@ const DockerTab = ({ serverId, serverStatus }) => {
     const [loading, setLoading] = useState(true);
     const [subTab, setSubTab] = useState('containers');
     const toast = useToast();
+    const { confirm: confirmDocker, confirmState: confirmDockerState, handleConfirm: handleDockerConfirm, handleCancel: handleDockerCancel } = useConfirm();
 
     useEffect(() => {
         if (serverStatus === 'online') {
@@ -436,7 +452,8 @@ const DockerTab = ({ serverId, serverStatus }) => {
                 result = await api.restartRemoteContainer(serverId, containerId);
                 toast.success('Container restarted');
             } else if (action === 'remove') {
-                if (!confirm('Remove this container?')) return;
+                const removeConfirmed = await confirmDocker({ title: 'Remove Container', message: 'Remove this container?' });
+                if (!removeConfirmed) return;
                 result = await api.removeRemoteContainer(serverId, containerId, true);
                 toast.success('Container removed');
             }
@@ -584,6 +601,16 @@ const DockerTab = ({ serverId, serverStatus }) => {
                     )}
                 </div>
             )}
+            <ConfirmDialog
+                isOpen={confirmDockerState.isOpen}
+                title={confirmDockerState.title}
+                message={confirmDockerState.message}
+                confirmText={confirmDockerState.confirmText}
+                cancelText={confirmDockerState.cancelText}
+                variant={confirmDockerState.variant}
+                onConfirm={handleDockerConfirm}
+                onCancel={handleDockerCancel}
+            />
         </div>
     );
 };
@@ -714,6 +741,7 @@ Install-ServerKitAgent -Server "${window.location.origin}" -Token "${token}"` :
 };
 
 const SettingsTab = ({ server, onUpdate, onRegenerateToken, onDelete }) => {
+    const { confirm: confirmSettings, confirmState: confirmSettingsState, handleConfirm: handleSettingsConfirm, handleCancel: handleSettingsCancel } = useConfirm();
     const [formData, setFormData] = useState({
         name: server.name || '',
         description: server.description || '',
@@ -784,7 +812,8 @@ const SettingsTab = ({ server, onUpdate, onRegenerateToken, onDelete }) => {
     }
 
     async function handleRotateKey() {
-        if (!confirm('Rotate API credentials? The agent must be online to receive new credentials.')) return;
+        const confirmed = await confirmSettings({ title: 'Rotate Credentials', message: 'Rotate API credentials? The agent must be online to receive new credentials.', variant: 'warning' });
+        if (!confirmed) return;
         setRotatingKey(true);
         try {
             const result = await api.rotateAPIKey(server.id);
@@ -1055,6 +1084,16 @@ const SettingsTab = ({ server, onUpdate, onRegenerateToken, onDelete }) => {
                     <TrashIcon /> Remove Server
                 </button>
             </div>
+            <ConfirmDialog
+                isOpen={confirmSettingsState.isOpen}
+                title={confirmSettingsState.title}
+                message={confirmSettingsState.message}
+                confirmText={confirmSettingsState.confirmText}
+                cancelText={confirmSettingsState.cancelText}
+                variant={confirmSettingsState.variant}
+                onConfirm={handleSettingsConfirm}
+                onCancel={handleSettingsCancel}
+            />
         </div>
     );
 };
diff --git a/frontend/src/pages/ServerTemplates.jsx b/frontend/src/pages/ServerTemplates.jsx
new file mode 100644
index 00000000..bda639a7
--- /dev/null
+++ b/frontend/src/pages/ServerTemplates.jsx
@@ -0,0 +1,309 @@
+import React, { useState, useEffect, useCallback } from 'react';
+import api from '../services/api';
+import { useToast } from '../contexts/ToastContext';
+import { useAuth } from '../contexts/AuthContext';
+import Spinner from '../components/Spinner';
+import ConfirmDialog from '../components/ConfirmDialog';
+
+const ServerTemplates = () => {
+    const toast = useToast();
+    const { user } = useAuth();
+    const [templates, setTemplates] = useState([]);
+    const [library, setLibrary] = useState({});
+    const [compliance, setCompliance] = useState(null);
+    const [loading, setLoading] = useState(true);
+    const [showCreateModal, setShowCreateModal] = useState(false);
+    const [showAssignModal, setShowAssignModal] = useState(false);
+    const [selectedTemplate, setSelectedTemplate] = useState(null);
+    const [selectedDetail, setSelectedDetail] = useState(null);
+    const [deleteConfirm, setDeleteConfirm] = useState(null);
+    const [servers, setServers] = useState([]);
+    const [tab, setTab] = useState('templates');
+
+    const [form, setForm] = useState({
+        name: '', description: '', category: 'general',
+        packages: '', services: [], firewall_rules: [],
+        auto_remediate: false, remediation_approval_required: true
+    });
+
+    const loadData = useCallback(async () => {
+        try {
+            const [tData, lData, cData] = await Promise.all([
+                api.getServerTemplates(),
+                api.getServerTemplateLibrary(),
+                api.getTemplateCompliance(),
+            ]);
+            setTemplates(tData.templates || []);
+            setLibrary(lData.templates || {});
+            setCompliance(cData);
+        } catch (err) {
+            toast.error('Failed to load templates');
+        } finally {
+            setLoading(false);
+        }
+    }, [toast]);
+
+    useEffect(() => {
+        loadData();
+        api.getServers().then(d => setServers(d.servers || [])).catch(() => {});
+    }, [loadData]);
+
+    const handleCreate = async () => {
+        try {
+            const data = {
+                ...form,
+                packages: form.packages.split('\n').map(p => p.trim()).filter(Boolean),
+            };
+            await api.createServerTemplate(data);
+            toast.success('Template created');
+            setShowCreateModal(false);
+            loadData();
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const handleCreateFromLibrary = async (key) => {
+        try {
+            await api.createServerTemplateFromLibrary(key);
+            toast.success('Template created from library');
+            loadData();
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const handleDelete = async (id) => {
+        try {
+            await api.deleteServerTemplate(id);
+            toast.success('Template deleted');
+            setDeleteConfirm(null);
+            loadData();
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const handleAssign = async (templateId, serverId) => {
+        try {
+            await api.assignServerTemplate(templateId, serverId);
+            toast.success('Template assigned');
+            setShowAssignModal(false);
+            loadData();
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const handleCheckDrift = async (assignmentId) => {
+        try {
+            await api.checkTemplateDrift(assignmentId);
+            toast.success('Drift check initiated');
+            loadData();
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const handleRemediate = async (assignmentId) => {
+        try {
+            await api.remediateTemplateDrift(assignmentId);
+            toast.success('Remediation initiated');
+            loadData();
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const categoryLabels = {
+        general: 'General', web: 'Web Server', database: 'Database', mail: 'Mail Server', custom: 'Custom'
+    };
+
+    if (loading) return <Spinner />;
+
+    return (
+        <div className="server-templates-page">
+            <div className="page-header">
+                <div className="page-header-content">
+                    <h1>Server Templates</h1>
+                    <p className="page-description">
+                        {templates.length} template{templates.length !== 1 ? 's' : ''}
+                        {compliance && ` \u2022 ${compliance.compliance_pct}% fleet compliance`}
+                    </p>
+                </div>
+                <div className="page-header-actions">
+                    {user?.is_admin && (
+                        <button className="btn btn-primary" onClick={() => setShowCreateModal(true)}>
+                            Create Template
+                        </button>
+                    )}
+                </div>
+            </div>
+
+            {compliance && (
+                <div className="compliance-bar">
+                    <div className="compliance-bar__stats">
+                        <div className="stat-item stat-item--success">
+                            <span className="stat-item__value">{compliance.compliant}</span>
+                            <span className="stat-item__label">Compliant</span>
+                        </div>
+                        <div className="stat-item stat-item--danger">
+                            <span className="stat-item__value">{compliance.drifted}</span>
+                            <span className="stat-item__label">Drifted</span>
+                        </div>
+                        <div className="stat-item stat-item--muted">
+                            <span className="stat-item__value">{compliance.unknown}</span>
+                            <span className="stat-item__label">Unknown</span>
+                        </div>
+                    </div>
+                    <div className="compliance-bar__progress">
+                        <div className="progress-fill" style={{ width: `${compliance.compliance_pct}%` }} />
+                    </div>
+                </div>
+            )}
+
+            <div className="tabs">
+                <button className={`tab ${tab === 'templates' ? 'active' : ''}`} onClick={() => setTab('templates')}>Templates</button>
+                <button className={`tab ${tab === 'library' ? 'active' : ''}`} onClick={() => setTab('library')}>Library</button>
+            </div>
+
+            {tab === 'templates' && (
+                <div className="templates-grid">
+                    {templates.map(tmpl => (
+                        <div key={tmpl.id} className="template-card card" onClick={() => setSelectedDetail(selectedDetail?.id === tmpl.id ? null : tmpl)}>
+                            <div className="template-card__header">
+                                <h3>{tmpl.name}</h3>
+                                <span className="badge badge--outline">{categoryLabels[tmpl.category] || tmpl.category}</span>
+                            </div>
+                            {tmpl.description && <p className="template-card__desc">{tmpl.description}</p>}
+                            <div className="template-card__meta">
+                                <span>v{tmpl.version}</span>
+                                <span>{tmpl.assignment_count} server{tmpl.assignment_count !== 1 ? 's' : ''}</span>
+                                {tmpl.parent_name && <span>Inherits: {tmpl.parent_name}</span>}
+                            </div>
+                            <div className="template-card__spec">
+                                {tmpl.packages?.length > 0 && <span>{tmpl.packages.length} packages</span>}
+                                {tmpl.services?.length > 0 && <span>{tmpl.services.length} services</span>}
+                                {tmpl.firewall_rules?.length > 0 && <span>{tmpl.firewall_rules.length} firewall rules</span>}
+                            </div>
+                            <div className="template-card__actions" onClick={e => e.stopPropagation()}>
+                                <button className="btn btn-sm btn-primary" onClick={() => { setSelectedTemplate(tmpl); setShowAssignModal(true); }}>
+                                    Assign
+                                </button>
+                                {user?.is_admin && (
+                                    <button className="btn btn-sm btn-danger" onClick={() => setDeleteConfirm(tmpl)}>Delete</button>
+                                )}
+                            </div>
+                        </div>
+                    ))}
+                    {templates.length === 0 && (
+                        <div className="empty-state">
+                            <p>No templates yet. Create one or use a library template.</p>
+                        </div>
+                    )}
+                </div>
+            )}
+
+            {tab === 'library' && (
+                <div className="templates-grid">
+                    {Object.entries(library).map(([key, tmpl]) => (
+                        <div key={key} className="template-card card">
+                            <div className="template-card__header">
+                                <h3>{tmpl.name}</h3>
+                                <span className="badge badge--outline">{categoryLabels[tmpl.category] || tmpl.category}</span>
+                            </div>
+                            <p className="template-card__desc">{tmpl.description}</p>
+                            <div className="template-card__spec">
+                                {tmpl.packages?.length > 0 && <span>{tmpl.packages.length} packages</span>}
+                                {tmpl.services?.length > 0 && <span>{tmpl.services.length} services</span>}
+                                {tmpl.firewall_rules?.length > 0 && <span>{tmpl.firewall_rules.length} firewall rules</span>}
+                            </div>
+                            <div className="template-card__actions">
+                                <button className="btn btn-sm btn-primary" onClick={() => handleCreateFromLibrary(key)}>
+                                    Use Template
+                                </button>
+                            </div>
+                        </div>
+                    ))}
+                </div>
+            )}
+
+            {/* Create Modal */}
+            {showCreateModal && (
+                <div className="modal-overlay" onClick={() => setShowCreateModal(false)}>
+                    <div className="modal" onClick={e => e.stopPropagation()}>
+                        <div className="modal-header">
+                            <h2>Create Template</h2>
+                            <button className="modal-close" onClick={() => setShowCreateModal(false)}>&times;</button>
+                        </div>
+                        <div className="modal-body">
+                            <div className="form-group">
+                                <label>Name</label>
+                                <input className="form-input" value={form.name} onChange={e => setForm({...form, name: e.target.value})} />
+                            </div>
+                            <div className="form-group">
+                                <label>Description</label>
+                                <textarea className="form-input" value={form.description} onChange={e => setForm({...form, description: e.target.value})} rows={2} />
+                            </div>
+                            <div className="form-group">
+                                <label>Category</label>
+                                <select className="form-select" value={form.category} onChange={e => setForm({...form, category: e.target.value})}>
+                                    {Object.entries(categoryLabels).map(([k, v]) => <option key={k} value={k}>{v}</option>)}
+                                </select>
+                            </div>
+                            <div className="form-group">
+                                <label>Packages (one per line)</label>
+                                <textarea className="form-input form-input--mono" value={form.packages} onChange={e => setForm({...form, packages: e.target.value})} rows={4} placeholder="nginx&#10;php-fpm&#10;certbot" />
+                            </div>
+                            <div className="form-group">
+                                <label className="checkbox-label">
+                                    <input type="checkbox" checked={form.auto_remediate} onChange={e => setForm({...form, auto_remediate: e.target.checked})} />
+                                    Auto-remediate drift
+                                </label>
+                            </div>
+                        </div>
+                        <div className="modal-footer">
+                            <button className="btn" onClick={() => setShowCreateModal(false)}>Cancel</button>
+                            <button className="btn btn-primary" onClick={handleCreate} disabled={!form.name}>Create</button>
+                        </div>
+                    </div>
+                </div>
+            )}
+
+            {/* Assign Modal */}
+            {showAssignModal && selectedTemplate && (
+                <div className="modal-overlay" onClick={() => setShowAssignModal(false)}>
+                    <div className="modal" onClick={e => e.stopPropagation()}>
+                        <div className="modal-header">
+                            <h2>Assign {selectedTemplate.name}</h2>
+                            <button className="modal-close" onClick={() => setShowAssignModal(false)}>&times;</button>
+                        </div>
+                        <div className="modal-body">
+                            <p>Select a server to apply this template:</p>
+                            <div className="server-select-list">
+                                {servers.map(server => (
+                                    <div key={server.id} className="server-select-item" onClick={() => handleAssign(selectedTemplate.id, server.id)}>
+                                        <span className={`status-dot status-dot--${server.status === 'online' ? 'success' : 'danger'}`} />
+                                        <span>{server.name}</span>
+                                    </div>
+                                ))}
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            )}
+
+            {deleteConfirm && (
+                <ConfirmDialog
+                    title="Delete Template"
+                    message={`Delete "${deleteConfirm.name}"? This cannot be undone.`}
+                    onConfirm={() => handleDelete(deleteConfirm.id)}
+                    onCancel={() => setDeleteConfirm(null)}
+                    variant="danger"
+                />
+            )}
+        </div>
+    );
+};
+
+export default ServerTemplates;
diff --git a/frontend/src/pages/ServiceDetail.jsx b/frontend/src/pages/ServiceDetail.jsx
index 24794741..3ec73f30 100644
--- a/frontend/src/pages/ServiceDetail.jsx
+++ b/frontend/src/pages/ServiceDetail.jsx
@@ -1,6 +1,8 @@
 import React, { useState, useEffect, useRef } from 'react';
 import { useParams, useNavigate, Link } from 'react-router-dom';
 import { useToast } from '../contexts/ToastContext';
+import { useConfirm } from '../hooks/useConfirm';
+import { ConfirmDialog } from '../components/ConfirmDialog';
 import { useService } from '../hooks/useService';
 import { getTabsForType } from '../utils/serviceTypes';
 import EnvironmentVariables from '../components/EnvironmentVariables';
@@ -30,6 +32,7 @@ const ServiceDetail = () => {
     const { id } = useParams();
     const navigate = useNavigate();
     const toast = useToast();
+    const { confirm, confirmState, handleConfirm, handleCancel } = useConfirm();
     const { service, deployConfig, loading, error, reload, performAction, deleteService } = useService(id);
     const [activeTab, setActiveTab] = useState('events');
     const [showDeployMenu, setShowDeployMenu] = useState(false);
@@ -75,8 +78,10 @@ const ServiceDetail = () => {
     }
 
     async function handleDelete() {
-        if (!confirm(`Delete ${service.name}? This action cannot be undone.`)) return;
-        if (!confirm('Are you sure? This will permanently remove the service and all its data.')) return;
+        const firstConfirm = await confirm({ title: 'Delete Service', message: `Delete ${service.name}? This action cannot be undone.` });
+        if (!firstConfirm) return;
+        const secondConfirm = await confirm({ title: 'Confirm Deletion', message: 'Are you sure? This will permanently remove the service and all its data.' });
+        if (!secondConfirm) return;
 
         setActionLoading('delete');
         try {
@@ -154,7 +159,7 @@ const ServiceDetail = () => {
                             onClick={() => setShowDeployMenu(!showDeployMenu)}
                         >
                             Deploy
-                            <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" style={{ marginLeft: 4 }}>
+                            <svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" className="ml-1">
                                 <polyline points="6 9 12 15 18 9"/>
                             </svg>
                         </button>
@@ -334,6 +339,16 @@ const ServiceDetail = () => {
                     }}
                 />
             )}
+            <ConfirmDialog
+                isOpen={confirmState.isOpen}
+                title={confirmState.title}
+                message={confirmState.message}
+                confirmText={confirmState.confirmText}
+                cancelText={confirmState.cancelText}
+                variant={confirmState.variant}
+                onConfirm={handleConfirm}
+                onCancel={handleCancel}
+            />
         </div>
     );
 };
@@ -356,7 +371,7 @@ function ServiceIcon({ type }) {
                 </svg>
             );
         default:
-            return <span style={{ fontSize: '16px', fontWeight: 'bold' }}>{type?.charAt(0).toUpperCase()}</span>;
+            return <span className="text-lg font-bold">{type?.charAt(0).toUpperCase()}</span>;
     }
 }
 
diff --git a/frontend/src/pages/Services.jsx b/frontend/src/pages/Services.jsx
index f4d42571..17999f9b 100644
--- a/frontend/src/pages/Services.jsx
+++ b/frontend/src/pages/Services.jsx
@@ -263,7 +263,7 @@ function ServiceTypeIcon({ type }) {
                 </svg>
             );
         case 'php':
-            return <span style={{ fontSize: '12px', fontWeight: 700 }}>PHP</span>;
+            return <span className="text-xs font-bold">PHP</span>;
         case 'static':
             return (
                 <svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2">
@@ -278,7 +278,7 @@ function ServiceTypeIcon({ type }) {
                 </svg>
             );
         default:
-            return <span style={{ fontSize: '12px', fontWeight: 700 }}>{type?.charAt(0).toUpperCase()}</span>;
+            return <span className="text-xs font-bold">{type?.charAt(0).toUpperCase()}</span>;
     }
 }
 
diff --git a/frontend/src/pages/Settings.jsx b/frontend/src/pages/Settings.jsx
index 12e42042..d23d9bd6 100644
--- a/frontend/src/pages/Settings.jsx
+++ b/frontend/src/pages/Settings.jsx
@@ -1,31 +1,25 @@
-import React, { useState, useEffect, useRef } from 'react';
+import { useState, useEffect } from 'react';
 import useTabParam from '../hooks/useTabParam';
 import { useAuth } from '../contexts/AuthContext';
-import { useTheme } from '../contexts/ThemeContext';
-import useDashboardLayout from '../hooks/useDashboardLayout';
 import api from '../services/api';
+import ProfileTab from '../components/settings/ProfileTab';
+import SecuritySettingsTab from '../components/settings/SecuritySettingsTab';
+import AppearanceTab from '../components/settings/AppearanceTab';
+import SidebarSettings from '../components/settings/SidebarSettings';
+import WhiteLabelTab from '../components/settings/WhiteLabelTab';
+import NotificationsTab from '../components/settings/NotificationsTab';
+import SystemTab from '../components/settings/SystemTab';
 import UsersTab from '../components/settings/UsersTab';
-import AuditLogTab from '../components/settings/AuditLogTab';
 import ActivityTab from '../components/settings/ActivityTab';
+import SiteSettingsTab from '../components/settings/SiteSettingsTab';
 import SSOConfigTab from '../components/settings/SSOConfigTab';
-import MigrationHistoryTab from '../components/settings/MigrationHistoryTab';
 import ApiSettingsTab from '../components/settings/ApiSettingsTab';
-import SSOProviderIcon from '../components/SSOProviderIcon';
-import {
-    Github, FileText, HelpCircle, MessageSquare, Bug, Check, Download, CheckCircle,
-    RefreshCw, ExternalLink, Star, X, Code, Search, Container, Globe, BarChart3,
-    Database, Shield, Cloud, Video, Music, Image, Home, Server, GitBranch, Workflow,
-    HardDrive, Lock, Users, Settings as SettingsIcon, Layers, ChevronDown, Copy, Tag,
-    Cpu, AlertTriangle, Info, Activity, Terminal, Play, Square, Trash2, Plus, Package,
-    ArrowRight, ArrowLeft, Eye, Save, Clock, Calendar, Edit3, Link, Unlink, Archive,
-    Radio, Zap, MemoryStick, Monitor, Sun, Moon, ChevronRight, ChevronUp, LogOut,
-    Loader, RotateCcw, FolderOpen, Layout, Palette, Camera, Newspaper, TrendingUp,
-    Sparkles, ArrowUpCircle, AlertCircle, XCircle, GitCompare, GitCommit, Rocket,
-    Minus, Unlock, ArrowDownLeft, ArrowUpRight, Upload, Type
-} from 'lucide-react';
-import ServerKitLogo from '../components/ServerKitLogo';
+import MigrationHistoryTab from '../components/settings/MigrationHistoryTab';
+import IconReferenceTab from '../components/settings/IconReferenceTab';
+import AboutTab from '../components/settings/AboutTab';
+import { Activity, Code, Database, Layers } from 'lucide-react';
 
-const VALID_TABS = ['profile', 'security', 'appearance', 'notifications', 'system', 'users', 'audit', 'activity', 'site', 'sso', 'api', 'migrations', 'developer', 'about'];
+const VALID_TABS = ['profile', 'security', 'appearance', 'sidebar', 'whitelabel', 'notifications', 'system', 'users', 'activity', 'site', 'sso', 'api', 'migrations', 'developer', 'about'];
 
 const Settings = () => {
     const [activeTab, setActiveTab] = useTabParam('/settings', VALID_TABS);
@@ -51,6 +45,7 @@ const Settings = () => {
 
             <div className="settings-layout">
                 <nav className="settings-nav">
+                    <div className="settings-nav-divider">Account</div>
                     <button
                         className={`settings-nav-item ${activeTab === 'profile' ? 'active' : ''}`}
                         onClick={() => setActiveTab('profile')}
@@ -71,6 +66,17 @@ const Settings = () => {
                         </svg>
                         Security
                     </button>
+                    <button
+                        className={`settings-nav-item ${activeTab === 'notifications' ? 'active' : ''}`}
+                        onClick={() => setActiveTab('notifications')}
+                    >
+                        <svg viewBox="0 0 24 24" width="18" height="18">
+                            <path d="M18 8A6 6 0 0 0 6 8c0 7-3 9-3 9h18s-3-2-3-9"/>
+                            <path d="M13.73 21a2 2 0 0 1-3.46 0"/>
+                        </svg>
+                        Notifications
+                    </button>
+                    <div className="settings-nav-divider">Preferences</div>
                     <button
                         className={`settings-nav-item ${activeTab === 'appearance' ? 'active' : ''}`}
                         onClick={() => setActiveTab('appearance')}
@@ -89,25 +95,21 @@ const Settings = () => {
                         Appearance
                     </button>
                     <button
-                        className={`settings-nav-item ${activeTab === 'notifications' ? 'active' : ''}`}
-                        onClick={() => setActiveTab('notifications')}
+                        className={`settings-nav-item ${activeTab === 'sidebar' ? 'active' : ''}`}
+                        onClick={() => setActiveTab('sidebar')}
                     >
                         <svg viewBox="0 0 24 24" width="18" height="18">
-                            <path d="M18 8A6 6 0 0 0 6 8c0 7-3 9-3 9h18s-3-2-3-9"/>
-                            <path d="M13.73 21a2 2 0 0 1-3.46 0"/>
+                            <rect x="3" y="3" width="18" height="18" rx="2" ry="2"/>
+                            <line x1="9" y1="3" x2="9" y2="21"/>
                         </svg>
-                        Notifications
+                        Sidebar
                     </button>
                     <button
-                        className={`settings-nav-item ${activeTab === 'system' ? 'active' : ''}`}
-                        onClick={() => setActiveTab('system')}
+                        className={`settings-nav-item ${activeTab === 'whitelabel' ? 'active' : ''}`}
+                        onClick={() => setActiveTab('whitelabel')}
                     >
-                        <svg viewBox="0 0 24 24" width="18" height="18">
-                            <rect x="2" y="3" width="20" height="14" rx="2" ry="2"/>
-                            <line x1="8" y1="21" x2="16" y2="21"/>
-                            <line x1="12" y1="17" x2="12" y2="21"/>
-                        </svg>
-                        System Info
+                        <Layers size={18} />
+                        White Label
                     </button>
                     {isAdmin && (
                         <>
@@ -124,19 +126,6 @@ const Settings = () => {
                                 </svg>
                                 Users
                             </button>
-                            <button
-                                className={`settings-nav-item ${activeTab === 'audit' ? 'active' : ''}`}
-                                onClick={() => setActiveTab('audit')}
-                            >
-                                <svg viewBox="0 0 24 24" width="18" height="18">
-                                    <path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z"/>
-                                    <polyline points="14 2 14 8 20 8"/>
-                                    <line x1="16" y1="13" x2="8" y2="13"/>
-                                    <line x1="16" y1="17" x2="8" y2="17"/>
-                                    <polyline points="10 9 9 9 8 9"/>
-                                </svg>
-                                Audit Log
-                            </button>
                             <button
                                 className={`settings-nav-item ${activeTab === 'activity' ? 'active' : ''}`}
                                 onClick={() => setActiveTab('activity')}
@@ -179,6 +168,17 @@ const Settings = () => {
                                 <Database size={18} />
                                 Migrations
                             </button>
+                            <button
+                                className={`settings-nav-item ${activeTab === 'system' ? 'active' : ''}`}
+                                onClick={() => setActiveTab('system')}
+                            >
+                                <svg viewBox="0 0 24 24" width="18" height="18">
+                                    <rect x="2" y="3" width="20" height="14" rx="2" ry="2"/>
+                                    <line x1="8" y1="21" x2="16" y2="21"/>
+                                    <line x1="12" y1="17" x2="12" y2="21"/>
+                                </svg>
+                                System Info
+                            </button>
                         </>
                     )}
                     {devMode && isAdmin && (
@@ -207,2393 +207,25 @@ const Settings = () => {
                 </nav>
 
                 <div className="settings-content">
-                    {activeTab === 'profile' && <ProfileSettings />}
-                    {activeTab === 'security' && <SecuritySettings />}
-                    {activeTab === 'appearance' && <AppearanceSettings />}
-                    {activeTab === 'notifications' && <NotificationSettings />}
-                    {activeTab === 'system' && <SystemInfo />}
+                    {activeTab === 'profile' && <ProfileTab />}
+                    {activeTab === 'security' && <SecuritySettingsTab />}
+                    {activeTab === 'appearance' && <AppearanceTab />}
+                    {activeTab === 'sidebar' && <SidebarSettings />}
+                    {activeTab === 'whitelabel' && <WhiteLabelTab />}
+                    {activeTab === 'notifications' && <NotificationsTab />}
                     {activeTab === 'users' && isAdmin && <UsersTab />}
-                    {activeTab === 'audit' && isAdmin && <AuditLogTab />}
                     {activeTab === 'activity' && isAdmin && <ActivityTab />}
-                    {activeTab === 'site' && isAdmin && <SiteSettings onDevModeChange={setDevMode} />}
+                    {activeTab === 'site' && isAdmin && <SiteSettingsTab onDevModeChange={setDevMode} />}
                     {activeTab === 'sso' && isAdmin && <SSOConfigTab />}
                     {activeTab === 'api' && isAdmin && <ApiSettingsTab />}
                     {activeTab === 'migrations' && isAdmin && <MigrationHistoryTab />}
-                    {activeTab === 'developer' && devMode && isAdmin && <IconReference />}
-                    {activeTab === 'about' && <AboutSection />}
-                </div>
-            </div>
-        </div>
-    );
-};
-
-const ProfileSettings = () => {
-    const { user, updateUser } = useAuth();
-    const [formData, setFormData] = useState({
-        username: '',
-        email: ''
-    });
-    const [loading, setLoading] = useState(false);
-    const [message, setMessage] = useState(null);
-
-    useEffect(() => {
-        if (user) {
-            setFormData({
-                username: user.username || '',
-                email: user.email || ''
-            });
-        }
-    }, [user]);
-
-    async function handleSubmit(e) {
-        e.preventDefault();
-        setLoading(true);
-        setMessage(null);
-
-        try {
-            await updateUser(formData);
-            setMessage({ type: 'success', text: 'Profile updated successfully' });
-        } catch (err) {
-            setMessage({ type: 'error', text: err.message });
-        } finally {
-            setLoading(false);
-        }
-    }
-
-    return (
-        <div className="settings-section">
-            <div className="section-header">
-                <h2>Profile Settings</h2>
-                <p>Update your personal information</p>
-            </div>
-
-            {message && (
-                <div className={`alert alert-${message.type === 'success' ? 'success' : 'danger'}`}>
-                    {message.text}
-                </div>
-            )}
-
-            <form onSubmit={handleSubmit} className="settings-form">
-                <div className="form-group">
-                    <label>Username</label>
-                    <input
-                        type="text"
-                        value={formData.username}
-                        onChange={(e) => setFormData({ ...formData, username: e.target.value })}
-                        required
-                    />
-                </div>
-
-                <div className="form-group">
-                    <label>Email Address</label>
-                    <input
-                        type="email"
-                        value={formData.email}
-                        onChange={(e) => setFormData({ ...formData, email: e.target.value })}
-                        required
-                    />
-                </div>
-
-                <div className="form-group">
-                    <label>Role</label>
-                    <input type="text" value={user?.role || 'user'} disabled className="input-disabled" />
-                    <span className="form-help">Contact an administrator to change your role</span>
-                </div>
-
-                <div className="form-group">
-                    <label>Member Since</label>
-                    <input
-                        type="text"
-                        value={user?.created_at ? new Date(user.created_at).toLocaleDateString() : '-'}
-                        disabled
-                        className="input-disabled"
-                    />
-                </div>
-
-                <div className="form-actions">
-                    <button type="submit" className="btn btn-primary" disabled={loading}>
-                        {loading ? 'Saving...' : 'Save Changes'}
-                    </button>
-                </div>
-            </form>
-        </div>
-    );
-};
-
-const LinkedAccounts = () => {
-    const { ssoProviders } = useAuth();
-    const [identities, setIdentities] = useState([]);
-    const [loading, setLoading] = useState(true);
-    const [unlinking, setUnlinking] = useState(null);
-    const [linkingProvider, setLinkingProvider] = useState(null);
-    const [error, setError] = useState('');
-
-    useEffect(() => {
-        loadIdentities();
-    }, []);
-
-    async function loadIdentities() {
-        try {
-            const data = await api.getSSOIdentities();
-            setIdentities(data.identities || []);
-        } catch (err) {
-            // SSO may not be configured; silently handle
-        } finally {
-            setLoading(false);
-        }
-    }
-
-    async function handleUnlink(provider) {
-        setUnlinking(provider);
-        setError('');
-        try {
-            await api.unlinkSSOProvider(provider);
-            await loadIdentities();
-        } catch (err) {
-            setError(err.message);
-        } finally {
-            setUnlinking(null);
-        }
-    }
-
-    async function handleLink(provider) {
-        setLinkingProvider(provider);
-        setError('');
-        try {
-            const redirectUri = `${window.location.origin}/login/callback/${provider}`;
-            const { auth_url } = await api.startSSOAuth(provider, redirectUri);
-            window.location.href = auth_url;
-        } catch (err) {
-            setError(err.message);
-            setLinkingProvider(null);
-        }
-    }
-
-    // Only show if SSO is configured
-    if (loading || (!ssoProviders?.length && !identities.length)) {
-        return null;
-    }
-
-    const linkedProviderIds = identities.map(i => i.provider);
-    const availableToLink = (ssoProviders || []).filter(p => !linkedProviderIds.includes(p.id));
-
-    return (
-        <div className="settings-card">
-            <h3>Linked Accounts</h3>
-            <p className="text-secondary">Connect external identity providers to your account</p>
-
-            {error && <div className="alert alert-danger">{error}</div>}
-
-            {identities.length > 0 && (
-                <div className="linked-accounts-list">
-                    {identities.map(identity => (
-                        <div key={identity.id} className="linked-account">
-                            <div className="linked-account__info">
-                                <SSOProviderIcon provider={identity.provider} />
-                                <div>
-                                    <span className="linked-account__provider">{identity.provider}</span>
-                                    <span className="linked-account__email">{identity.provider_email}</span>
-                                </div>
-                            </div>
-                            <button
-                                className="btn btn-sm btn-danger"
-                                onClick={() => handleUnlink(identity.provider)}
-                                disabled={unlinking === identity.provider}
-                            >
-                                {unlinking === identity.provider ? 'Unlinking...' : 'Unlink'}
-                            </button>
-                        </div>
-                    ))}
-                </div>
-            )}
-
-            {availableToLink.length > 0 && (
-                <div className="linked-accounts-available">
-                    {availableToLink.map(p => (
-                        <button
-                            key={p.id}
-                            className="btn btn-secondary btn-sm"
-                            onClick={() => handleLink(p.id)}
-                            disabled={linkingProvider === p.id}
-                        >
-                            <SSOProviderIcon provider={p.id} />
-                            {linkingProvider === p.id ? 'Redirecting...' : `Link ${p.name}`}
-                        </button>
-                    ))}
-                </div>
-            )}
-        </div>
-    );
-};
-
-const SecuritySettings = () => {
-    const { updateUser, user } = useAuth();
-    const [formData, setFormData] = useState({
-        currentPassword: '',
-        newPassword: '',
-        confirmPassword: ''
-    });
-    const [loading, setLoading] = useState(false);
-    const [message, setMessage] = useState(null);
-
-    // 2FA state
-    const [twoFAStatus, setTwoFAStatus] = useState(null);
-    const [twoFALoading, setTwoFALoading] = useState(true);
-    const [showSetupModal, setShowSetupModal] = useState(false);
-    const [showDisableModal, setShowDisableModal] = useState(false);
-    const [showBackupCodesModal, setShowBackupCodesModal] = useState(false);
-    const [setupData, setSetupData] = useState(null);
-    const [verificationCode, setVerificationCode] = useState('');
-    const [backupCodes, setBackupCodes] = useState([]);
-    const [twoFAError, setTwoFAError] = useState('');
-
-    useEffect(() => {
-        load2FAStatus();
-    }, []);
-
-    async function load2FAStatus() {
-        try {
-            const status = await api.get2FAStatus();
-            setTwoFAStatus(status);
-        } catch (err) {
-            console.error('Failed to load 2FA status:', err);
-        } finally {
-            setTwoFALoading(false);
-        }
-    }
-
-    async function handleSubmit(e) {
-        e.preventDefault();
-        setMessage(null);
-
-        if (formData.newPassword !== formData.confirmPassword) {
-            setMessage({ type: 'error', text: 'Passwords do not match' });
-            return;
-        }
-
-        if (formData.newPassword.length < 8) {
-            setMessage({ type: 'error', text: 'Password must be at least 8 characters' });
-            return;
-        }
-
-        setLoading(true);
-
-        try {
-            await updateUser({ password: formData.newPassword });
-            setMessage({ type: 'success', text: 'Password changed successfully' });
-            setFormData({ currentPassword: '', newPassword: '', confirmPassword: '' });
-        } catch (err) {
-            setMessage({ type: 'error', text: err.message });
-        } finally {
-            setLoading(false);
-        }
-    }
-
-    async function handleInitiate2FA() {
-        setTwoFAError('');
-        setTwoFALoading(true);
-        try {
-            const data = await api.initiate2FASetup();
-            setSetupData(data);
-            setShowSetupModal(true);
-        } catch (err) {
-            setTwoFAError(err.message);
-        } finally {
-            setTwoFALoading(false);
-        }
-    }
-
-    async function handleConfirm2FA() {
-        if (!verificationCode || verificationCode.length !== 6) {
-            setTwoFAError('Please enter a 6-digit code');
-            return;
-        }
-
-        setTwoFALoading(true);
-        setTwoFAError('');
-        try {
-            const result = await api.confirm2FASetup(verificationCode);
-            setBackupCodes(result.backup_codes);
-            setShowSetupModal(false);
-            setShowBackupCodesModal(true);
-            setVerificationCode('');
-            load2FAStatus();
-        } catch (err) {
-            setTwoFAError(err.message || 'Invalid verification code');
-        } finally {
-            setTwoFALoading(false);
-        }
-    }
-
-    async function handleDisable2FA() {
-        if (!verificationCode) {
-            setTwoFAError('Please enter a verification code');
-            return;
-        }
-
-        setTwoFALoading(true);
-        setTwoFAError('');
-        try {
-            await api.disable2FA(verificationCode);
-            setShowDisableModal(false);
-            setVerificationCode('');
-            load2FAStatus();
-        } catch (err) {
-            setTwoFAError(err.message || 'Invalid verification code');
-        } finally {
-            setTwoFALoading(false);
-        }
-    }
-
-    async function handleRegenerateBackupCodes() {
-        if (!verificationCode || verificationCode.length !== 6) {
-            setTwoFAError('Please enter a 6-digit code');
-            return;
-        }
-
-        setTwoFALoading(true);
-        setTwoFAError('');
-        try {
-            const result = await api.regenerateBackupCodes(verificationCode);
-            setBackupCodes(result.backup_codes);
-            setShowBackupCodesModal(true);
-            setVerificationCode('');
-            load2FAStatus();
-        } catch (err) {
-            setTwoFAError(err.message || 'Invalid verification code');
-        } finally {
-            setTwoFALoading(false);
-        }
-    }
-
-    function downloadBackupCodes() {
-        const content = `ServerKit Backup Codes
-Generated: ${new Date().toLocaleString()}
-
-These codes can be used to access your account if you lose your authenticator device.
-Each code can only be used once.
-
-${backupCodes.join('\n')}
-
-Keep these codes in a safe place.`;
-
-        const blob = new Blob([content], { type: 'text/plain' });
-        const url = URL.createObjectURL(blob);
-        const a = document.createElement('a');
-        a.href = url;
-        a.download = 'serverkit-backup-codes.txt';
-        document.body.appendChild(a);
-        a.click();
-        document.body.removeChild(a);
-        URL.revokeObjectURL(url);
-    }
-
-    function copyBackupCodes() {
-        navigator.clipboard.writeText(backupCodes.join('\n'));
-    }
-
-    return (
-        <div className="settings-section">
-            <div className="section-header">
-                <h2>Security Settings</h2>
-                <p>Manage your password and security preferences</p>
-            </div>
-
-            {message && (
-                <div className={`alert alert-${message.type === 'success' ? 'success' : 'danger'}`}>
-                    {message.text}
-                </div>
-            )}
-
-            {/* Two-Factor Authentication Section */}
-            <div className="settings-card two-fa-card">
-                <div className="two-fa-header">
-                    <div className="two-fa-icon">
-                        <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
-                            <rect x="3" y="11" width="18" height="11" rx="2" ry="2"/>
-                            <path d="M7 11V7a5 5 0 0 1 10 0v4"/>
-                        </svg>
-                    </div>
-                    <div>
-                        <h3>Two-Factor Authentication (2FA)</h3>
-                        <p>Add an extra layer of security to your account</p>
-                    </div>
-                </div>
-
-                {twoFALoading && !twoFAStatus ? (
-                    <div className="loading-sm">Loading...</div>
-                ) : twoFAStatus?.enabled ? (
-                    <div className="two-fa-enabled">
-                        <div className="two-fa-status">
-                            <span className="badge badge-success">Enabled</span>
-                            <span className="two-fa-info">
-                                Enabled on {new Date(twoFAStatus.confirmed_at).toLocaleDateString()}
-                            </span>
-                        </div>
-                        <div className="two-fa-backup-info">
-                            <span>Backup codes remaining: <strong>{twoFAStatus.backup_codes_remaining}</strong></span>
-                            {twoFAStatus.backup_codes_remaining <= 3 && (
-                                <span className="warning-text">Consider regenerating your backup codes</span>
-                            )}
-                        </div>
-                        <div className="two-fa-actions">
-                            <button
-                                className="btn btn-secondary"
-                                onClick={() => {
-                                    setVerificationCode('');
-                                    setTwoFAError('');
-                                    setShowBackupCodesModal(true);
-                                }}
-                            >
-                                Regenerate Backup Codes
-                            </button>
-                            <button
-                                className="btn btn-danger"
-                                onClick={() => {
-                                    setVerificationCode('');
-                                    setTwoFAError('');
-                                    setShowDisableModal(true);
-                                }}
-                            >
-                                Disable 2FA
-                            </button>
-                        </div>
-                    </div>
-                ) : (
-                    <div className="two-fa-disabled">
-                        <p className="two-fa-description">
-                            Two-factor authentication adds an additional layer of security to your account
-                            by requiring a code from your authenticator app in addition to your password.
-                        </p>
-                        <button
-                            className="btn btn-primary"
-                            onClick={handleInitiate2FA}
-                            disabled={twoFALoading}
-                        >
-                            Enable Two-Factor Authentication
-                        </button>
-                    </div>
-                )}
-            </div>
-
-            <form onSubmit={handleSubmit} className="settings-form">
-                <h3>Change Password</h3>
-
-                <div className="form-group">
-                    <label>Current Password</label>
-                    <input
-                        type="password"
-                        value={formData.currentPassword}
-                        onChange={(e) => setFormData({ ...formData, currentPassword: e.target.value })}
-                        placeholder="Enter current password"
-                    />
-                </div>
-
-                <div className="form-group">
-                    <label>New Password</label>
-                    <input
-                        type="password"
-                        value={formData.newPassword}
-                        onChange={(e) => setFormData({ ...formData, newPassword: e.target.value })}
-                        placeholder="Enter new password"
-                        required
-                    />
-                    <span className="form-help">Minimum 8 characters</span>
-                </div>
-
-                <div className="form-group">
-                    <label>Confirm New Password</label>
-                    <input
-                        type="password"
-                        value={formData.confirmPassword}
-                        onChange={(e) => setFormData({ ...formData, confirmPassword: e.target.value })}
-                        placeholder="Confirm new password"
-                        required
-                    />
-                </div>
-
-                <div className="form-actions">
-                    <button type="submit" className="btn btn-primary" disabled={loading}>
-                        {loading ? 'Changing...' : 'Change Password'}
-                    </button>
-                </div>
-            </form>
-
-            <div className="settings-card">
-                <h3>Sessions</h3>
-                <p>Manage your active sessions</p>
-                <div className="session-item current">
-                    <div className="session-info">
-                        <svg viewBox="0 0 24 24" width="20" height="20">
-                            <rect x="2" y="3" width="20" height="14" rx="2" ry="2"/>
-                            <line x1="8" y1="21" x2="16" y2="21"/>
-                            <line x1="12" y1="17" x2="12" y2="21"/>
-                        </svg>
-                        <div>
-                            <span className="session-device">Current Session</span>
-                            <span className="session-details">This device - Active now</span>
-                        </div>
-                    </div>
-                    <span className="badge badge-success">Current</span>
-                </div>
-            </div>
-
-            {/* Linked Accounts */}
-            <LinkedAccounts />
-
-            {/* 2FA Setup Modal */}
-            {showSetupModal && setupData && (
-                <div className="modal-overlay" onClick={() => setShowSetupModal(false)}>
-                    <div className="modal modal-md" onClick={e => e.stopPropagation()}>
-                        <div className="modal-header">
-                            <h2>Set Up Two-Factor Authentication</h2>
-                            <button className="modal-close" onClick={() => setShowSetupModal(false)}>&times;</button>
-                        </div>
-                        <div className="modal-body">
-                            <div className="setup-steps">
-                                <div className="setup-step">
-                                    <span className="step-number">1</span>
-                                    <div className="step-content">
-                                        <h4>Scan the QR Code</h4>
-                                        <p>Use your authenticator app (Google Authenticator, Authy, 1Password, etc.) to scan this QR code.</p>
-                                        {setupData.qr_code ? (
-                                            <div className="qr-code-container">
-                                                <img src={setupData.qr_code} alt="2FA QR Code" className="qr-code" />
-                                            </div>
-                                        ) : (
-                                            <div className="qr-fallback">
-                                                <p>QR code unavailable. Enter this secret manually:</p>
-                                                <code className="secret-key">{setupData.secret}</code>
-                                            </div>
-                                        )}
-                                        <details className="manual-entry">
-                                            <summary>Can't scan? Enter manually</summary>
-                                            <p>Account: {user?.email}</p>
-                                            <p>Secret: <code>{setupData.secret}</code></p>
-                                        </details>
-                                    </div>
-                                </div>
-
-                                <div className="setup-step">
-                                    <span className="step-number">2</span>
-                                    <div className="step-content">
-                                        <h4>Enter Verification Code</h4>
-                                        <p>Enter the 6-digit code from your authenticator app to verify setup.</p>
-                                        <input
-                                            type="text"
-                                            value={verificationCode}
-                                            onChange={(e) => setVerificationCode(e.target.value.replace(/\D/g, '').slice(0, 6))}
-                                            placeholder="000000"
-                                            className="verification-input"
-                                            autoFocus
-                                        />
-                                        {twoFAError && <p className="error-text">{twoFAError}</p>}
-                                    </div>
-                                </div>
-                            </div>
-                        </div>
-                        <div className="modal-footer">
-                            <button className="btn btn-secondary" onClick={() => setShowSetupModal(false)}>
-                                Cancel
-                            </button>
-                            <button
-                                className="btn btn-primary"
-                                onClick={handleConfirm2FA}
-                                disabled={twoFALoading || verificationCode.length !== 6}
-                            >
-                                {twoFALoading ? 'Verifying...' : 'Enable 2FA'}
-                            </button>
-                        </div>
-                    </div>
-                </div>
-            )}
-
-            {/* Disable 2FA Modal */}
-            {showDisableModal && (
-                <div className="modal-overlay" onClick={() => setShowDisableModal(false)}>
-                    <div className="modal" onClick={e => e.stopPropagation()}>
-                        <div className="modal-header">
-                            <h2>Disable Two-Factor Authentication</h2>
-                            <button className="modal-close" onClick={() => setShowDisableModal(false)}>&times;</button>
-                        </div>
-                        <div className="modal-body">
-                            <div className="warning-box">
-                                <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
-                                    <path d="M10.29 3.86L1.82 18a2 2 0 0 0 1.71 3h16.94a2 2 0 0 0 1.71-3L13.71 3.86a2 2 0 0 0-3.42 0z"/>
-                                    <line x1="12" y1="9" x2="12" y2="13"/>
-                                    <line x1="12" y1="17" x2="12.01" y2="17"/>
-                                </svg>
-                                <p>Disabling 2FA will make your account less secure. You will only need your password to log in.</p>
-                            </div>
-                            <div className="form-group">
-                                <label>Enter a verification code or backup code to disable 2FA:</label>
-                                <input
-                                    type="text"
-                                    value={verificationCode}
-                                    onChange={(e) => setVerificationCode(e.target.value)}
-                                    placeholder="Code from authenticator or backup code"
-                                    autoFocus
-                                />
-                                {twoFAError && <p className="error-text">{twoFAError}</p>}
-                            </div>
-                        </div>
-                        <div className="modal-footer">
-                            <button className="btn btn-secondary" onClick={() => setShowDisableModal(false)}>
-                                Cancel
-                            </button>
-                            <button
-                                className="btn btn-danger"
-                                onClick={handleDisable2FA}
-                                disabled={twoFALoading || !verificationCode}
-                            >
-                                {twoFALoading ? 'Disabling...' : 'Disable 2FA'}
-                            </button>
-                        </div>
-                    </div>
-                </div>
-            )}
-
-            {/* Backup Codes Modal */}
-            {showBackupCodesModal && (
-                <div className="modal-overlay" onClick={() => setShowBackupCodesModal(false)}>
-                    <div className="modal modal-md" onClick={e => e.stopPropagation()}>
-                        <div className="modal-header">
-                            <h2>{backupCodes.length > 0 ? 'Your Backup Codes' : 'Regenerate Backup Codes'}</h2>
-                            <button className="modal-close" onClick={() => setShowBackupCodesModal(false)}>&times;</button>
-                        </div>
-                        <div className="modal-body">
-                            {backupCodes.length > 0 ? (
-                                <>
-                                    <div className="warning-box">
-                                        <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
-                                            <circle cx="12" cy="12" r="10"/>
-                                            <line x1="12" y1="8" x2="12" y2="12"/>
-                                            <line x1="12" y1="16" x2="12.01" y2="16"/>
-                                        </svg>
-                                        <p>Save these backup codes in a secure location. They will not be shown again. Each code can only be used once.</p>
-                                    </div>
-                                    <div className="backup-codes-grid">
-                                        {backupCodes.map((code, index) => (
-                                            <code key={index} className="backup-code">{code}</code>
-                                        ))}
-                                    </div>
-                                    <div className="backup-codes-actions">
-                                        <button className="btn btn-secondary" onClick={downloadBackupCodes}>
-                                            <svg viewBox="0 0 24 24" width="16" height="16" stroke="currentColor" fill="none" strokeWidth="2">
-                                                <path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4M7 10l5 5 5-5M12 15V3"/>
-                                            </svg>
-                                            Download
-                                        </button>
-                                        <button className="btn btn-secondary" onClick={copyBackupCodes}>
-                                            <svg viewBox="0 0 24 24" width="16" height="16" stroke="currentColor" fill="none" strokeWidth="2">
-                                                <rect x="9" y="9" width="13" height="13" rx="2" ry="2"/>
-                                                <path d="M5 15H4a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h9a2 2 0 0 1 2 2v1"/>
-                                            </svg>
-                                            Copy
-                                        </button>
-                                    </div>
-                                </>
-                            ) : (
-                                <>
-                                    <p>Enter a code from your authenticator app to generate new backup codes. This will invalidate all existing backup codes.</p>
-                                    <div className="form-group">
-                                        <label>Verification Code</label>
-                                        <input
-                                            type="text"
-                                            value={verificationCode}
-                                            onChange={(e) => setVerificationCode(e.target.value.replace(/\D/g, '').slice(0, 6))}
-                                            placeholder="000000"
-                                            autoFocus
-                                        />
-                                        {twoFAError && <p className="error-text">{twoFAError}</p>}
-                                    </div>
-                                </>
-                            )}
-                        </div>
-                        <div className="modal-footer">
-                            <button className="btn btn-secondary" onClick={() => {
-                                setShowBackupCodesModal(false);
-                                setBackupCodes([]);
-                                setVerificationCode('');
-                            }}>
-                                {backupCodes.length > 0 ? 'Done' : 'Cancel'}
-                            </button>
-                            {backupCodes.length === 0 && (
-                                <button
-                                    className="btn btn-primary"
-                                    onClick={handleRegenerateBackupCodes}
-                                    disabled={twoFALoading || verificationCode.length !== 6}
-                                >
-                                    {twoFALoading ? 'Generating...' : 'Generate New Codes'}
-                                </button>
-                            )}
-                        </div>
-                    </div>
-                </div>
-            )}
-        </div>
-    );
-};
-
-const ACCENT_PRESETS = [
-    { label: 'Indigo', color: '#6366f1' },
-    { label: 'Ocean', color: '#0ea5e9' },
-    { label: 'Forest', color: '#10b981' },
-    { label: 'Sunset', color: '#f97316' },
-    { label: 'Rose', color: '#f43f5e' },
-    { label: 'Violet', color: '#8b5cf6' },
-    { label: 'Amber', color: '#f59e0b' },
-    { label: 'Cyan', color: '#06b6d4' },
-];
-
-const WHITELABEL_MODES = [
-    { id: 'image_text', label: 'Logo + Text', icon: Layers, desc: 'Mini logo with brand name' },
-    { id: 'image_full', label: 'Full-width Logo', icon: Image, desc: 'Banner image only' },
-    { id: 'text_only', label: 'Text Only', icon: Type, desc: 'Just the brand name' },
-];
-
-const AppearanceSettings = () => {
-    const { theme, setTheme, accentColor, setAccentColor, whiteLabel, setWhiteLabel } = useTheme();
-    const { widgets, toggleWidget, moveWidget, resetLayout } = useDashboardLayout();
-    const logoInputRef = useRef(null);
-
-    return (
-        <div className="settings-section">
-            <div className="section-header">
-                <h2>Appearance</h2>
-                <p>Customize the look and feel of your dashboard</p>
-            </div>
-
-            <div className="settings-card">
-                <h3>Theme</h3>
-                <p>Select your preferred color scheme</p>
-                <div className="theme-options">
-                    <button
-                        className={`theme-option ${theme === 'dark' ? 'active' : ''}`}
-                        onClick={() => setTheme('dark')}
-                    >
-                        <div className="theme-preview dark">
-                            <div className="preview-sidebar"></div>
-                            <div className="preview-content">
-                                <div className="preview-card"></div>
-                                <div className="preview-card"></div>
-                            </div>
-                        </div>
-                        <span>Dark</span>
-                    </button>
-                    <button
-                        className={`theme-option ${theme === 'light' ? 'active' : ''}`}
-                        onClick={() => setTheme('light')}
-                    >
-                        <div className="theme-preview light">
-                            <div className="preview-sidebar"></div>
-                            <div className="preview-content">
-                                <div className="preview-card"></div>
-                                <div className="preview-card"></div>
-                            </div>
-                        </div>
-                        <span>Light</span>
-                    </button>
-                    <button
-                        className={`theme-option ${theme === 'system' ? 'active' : ''}`}
-                        onClick={() => setTheme('system')}
-                    >
-                        <div className="theme-preview system">
-                            <div className="preview-sidebar"></div>
-                            <div className="preview-content">
-                                <div className="preview-card"></div>
-                                <div className="preview-card"></div>
-                            </div>
-                        </div>
-                        <span>System</span>
-                    </button>
-                </div>
-            </div>
-
-            <div className="settings-card">
-                <h3>Accent Color</h3>
-                <p>Choose the primary accent color used across the interface</p>
-                <div className="accent-presets">
-                    {ACCENT_PRESETS.map(({ label, color }) => (
-                        <button
-                            key={color}
-                            className={`accent-preset${accentColor === color ? ' active' : ''}`}
-                            onClick={() => setAccentColor(color)}
-                        >
-                            <span className="accent-swatch" style={{ background: color }} />
-                            <span className="accent-label">{label}</span>
-                        </button>
-                    ))}
-                </div>
-                <div className="accent-custom">
-                    <label className="accent-custom-label">Custom color</label>
-                    <div className="accent-custom-row">
-                        <input
-                            type="color"
-                            className="accent-custom-input"
-                            value={accentColor}
-                            onChange={(e) => setAccentColor(e.target.value)}
-                        />
-                        <span className="accent-custom-hex">{accentColor.toUpperCase()}</span>
-                    </div>
-                </div>
-            </div>
-
-            <div className="settings-card">
-                <h3>Dashboard Widgets</h3>
-                <p>Toggle visibility and reorder widgets on the dashboard</p>
-                <div className="widget-list">
-                    {widgets.map((widget, idx) => (
-                        <div key={widget.id} className={`widget-item${!widget.visible ? ' widget-item--hidden' : ''}`}>
-                            <div className="widget-item__info">
-                                <label className="toggle-switch">
-                                    <input
-                                        type="checkbox"
-                                        checked={widget.visible}
-                                        onChange={() => toggleWidget(widget.id)}
-                                    />
-                                    <span className="toggle-slider"></span>
-                                </label>
-                                <span className="widget-item__label">{widget.label}</span>
-                            </div>
-                            <div className="widget-item__controls">
-                                <button
-                                    className="widget-move-btn"
-                                    onClick={() => moveWidget(widget.id, 'up')}
-                                    disabled={idx === 0}
-                                    title="Move up"
-                                >
-                                    <ChevronUp size={14} />
-                                </button>
-                                <button
-                                    className="widget-move-btn"
-                                    onClick={() => moveWidget(widget.id, 'down')}
-                                    disabled={idx === widgets.length - 1}
-                                    title="Move down"
-                                >
-                                    <ChevronDown size={14} />
-                                </button>
-                            </div>
-                        </div>
-                    ))}
-                </div>
-                <button className="btn btn-secondary btn-sm" onClick={resetLayout} style={{ marginTop: '12px' }}>
-                    <RotateCcw size={14} />
-                    Reset to defaults
-                </button>
-            </div>
-
-            <div className="settings-card">
-                <h3>Custom Branding</h3>
-                <p>Replace the default ServerKit branding in the sidebar with your own</p>
-
-                <div className="settings-row">
-                    <div className="settings-label">
-                        <span>Enable custom branding</span>
-                        <span className="settings-hint">Replaces the sidebar logo, name, and GitHub star link</span>
-                    </div>
-                    <div className="settings-control">
-                        <label className="toggle-switch">
-                            <input
-                                type="checkbox"
-                                checked={whiteLabel.enabled}
-                                onChange={(e) => setWhiteLabel({ enabled: e.target.checked })}
-                            />
-                            <span className="toggle-slider"></span>
-                        </label>
-                    </div>
-                </div>
-
-                {whiteLabel.enabled && (
-                    <>
-                        <div className="whitelabel-modes">
-                            {WHITELABEL_MODES.map(({ id, label, icon: Icon, desc }) => (
-                                <button
-                                    key={id}
-                                    className={`whitelabel-mode${whiteLabel.mode === id ? ' active' : ''}`}
-                                    onClick={() => setWhiteLabel({ mode: id })}
-                                >
-                                    <Icon size={20} />
-                                    <span className="whitelabel-mode__label">{label}</span>
-                                    <span className="whitelabel-mode__desc">{desc}</span>
-                                </button>
-                            ))}
-                        </div>
-
-                        <div className="whitelabel-fields">
-                            {whiteLabel.mode !== 'image_full' && (
-                                <div className="form-group">
-                                    <label>Brand Name</label>
-                                    <input
-                                        type="text"
-                                        value={whiteLabel.brandName}
-                                        onChange={(e) => setWhiteLabel({ brandName: e.target.value })}
-                                        placeholder="My Brand"
-                                        maxLength={30}
-                                    />
-                                </div>
-                            )}
-
-                            {whiteLabel.mode !== 'text_only' && (
-                                <div className="form-group">
-                                    <label>Logo Image</label>
-                                    <div className="whitelabel-upload" onClick={() => logoInputRef.current?.click()}>
-                                        {whiteLabel.logoData ? (
-                                            <div className="whitelabel-logo-preview">
-                                                <img src={whiteLabel.logoData} alt="Logo preview" />
-                                                <button
-                                                    className="btn btn-secondary btn-sm"
-                                                    onClick={(e) => { e.stopPropagation(); setWhiteLabel({ logoData: '' }); }}
-                                                >
-                                                    <X size={12} /> Remove
-                                                </button>
-                                            </div>
-                                        ) : (
-                                            <div className="whitelabel-upload__placeholder">
-                                                <Upload size={20} />
-                                                <span>Click to upload logo</span>
-                                                <span className="whitelabel-upload__hint">PNG, JPG, SVG — max 200KB</span>
-                                            </div>
-                                        )}
-                                        <input
-                                            ref={logoInputRef}
-                                            type="file"
-                                            accept="image/png,image/jpeg,image/svg+xml,image/webp"
-                                            style={{ display: 'none' }}
-                                            onChange={(e) => {
-                                                const file = e.target.files?.[0];
-                                                if (!file) return;
-                                                if (file.size > 200 * 1024) {
-                                                    alert('Image must be under 200KB');
-                                                    return;
-                                                }
-                                                const reader = new FileReader();
-                                                reader.onload = (ev) => setWhiteLabel({ logoData: ev.target.result });
-                                                reader.readAsDataURL(file);
-                                                e.target.value = '';
-                                            }}
-                                        />
-                                    </div>
-                                </div>
-                            )}
-                        </div>
-
-                        <div className="whitelabel-preview">
-                            <span className="whitelabel-preview__label">Preview</span>
-                            <div className="whitelabel-preview__box">
-                                {whiteLabel.mode === 'image_full' ? (
-                                    <div className="brand-custom-banner">
-                                        {whiteLabel.logoData ? (
-                                            <img src={whiteLabel.logoData} alt="Preview" />
-                                        ) : (
-                                            <Layers size={24} />
-                                        )}
-                                    </div>
-                                ) : whiteLabel.mode === 'text_only' ? (
-                                    <span className="brand-custom-text">
-                                        {whiteLabel.brandName || 'Brand'}
-                                    </span>
-                                ) : (
-                                    <>
-                                        <div className="brand-custom-logo">
-                                            {whiteLabel.logoData ? (
-                                                <img src={whiteLabel.logoData} alt="Preview" />
-                                            ) : (
-                                                <Layers size={16} />
-                                            )}
-                                        </div>
-                                        <span className="brand-custom-text">
-                                            {whiteLabel.brandName || 'Brand'}
-                                        </span>
-                                    </>
-                                )}
-                            </div>
-                        </div>
-
-                        <div className="whitelabel-star-prompt">
-                            <div className="star-icon">
-                                <Star size={22} />
-                            </div>
-                            <div className="star-content">
-                                <h4>Support ServerKit</h4>
-                                <p>
-                                    By using custom branding, the GitHub star link is hidden from the sidebar.
-                                    If ServerKit is useful to you, please consider starring the project — it helps the community grow!
-                                </p>
-                                <a
-                                    href="https://github.com/jhd3197/ServerKit"
-                                    target="_blank"
-                                    rel="noopener noreferrer"
-                                    className="btn btn-primary btn-sm"
-                                >
-                                    <Star size={14} />
-                                    Star on GitHub
-                                </a>
-                            </div>
-                        </div>
-                    </>
-                )}
-            </div>
-        </div>
-    );
-};
-
-const NotificationSettings = () => {
-    const { isAdmin, user } = useAuth();
-    const [loading, setLoading] = useState(true);
-    const [saving, setSaving] = useState(false);
-    const [testing, setTesting] = useState(null);
-    const [message, setMessage] = useState(null);
-    const [activeSection, setActiveSection] = useState('personal');
-    const [config, setConfig] = useState({
-        discord: { enabled: false, webhook_url: '', username: 'ServerKit', avatar_url: '', notify_on: ['critical', 'warning'] },
-        slack: { enabled: false, webhook_url: '', channel: '', username: 'ServerKit', icon_emoji: ':robot_face:', notify_on: ['critical', 'warning'] },
-        telegram: { enabled: false, bot_token: '', chat_id: '', notify_on: ['critical', 'warning'] },
-        email: { enabled: false, smtp_host: '', smtp_port: 587, smtp_user: '', smtp_password: '', smtp_tls: true, from_email: '', from_name: 'ServerKit', to_emails: [], notify_on: ['critical', 'warning'] },
-        generic_webhook: { enabled: false, url: '', headers: {}, notify_on: ['critical', 'warning'] }
-    });
-    const [expandedChannel, setExpandedChannel] = useState(null);
-    const [userPrefs, setUserPrefs] = useState({
-        enabled: true,
-        channels: ['email'],
-        severities: ['critical', 'warning'],
-        email: '',
-        discord_webhook: '',
-        telegram_chat_id: '',
-        categories: { system: true, security: true, backups: true, apps: true },
-        quiet_hours: { enabled: false, start: '22:00', end: '08:00' }
-    });
-
-    const severityOptions = ['critical', 'warning', 'info', 'success'];
-
-    useEffect(() => {
-        loadUserPrefs();
-        if (isAdmin) loadConfig();
-    }, [isAdmin]);
-
-    async function loadConfig() {
-        try {
-            const data = await api.getNotificationsConfig();
-            setConfig(prev => ({
-                discord: { ...prev.discord, ...data.discord },
-                slack: { ...prev.slack, ...data.slack },
-                telegram: { ...prev.telegram, ...data.telegram },
-                email: { ...prev.email, ...data.email },
-                generic_webhook: { ...prev.generic_webhook, ...data.generic_webhook }
-            }));
-        } catch (err) {
-            console.error('Failed to load notification config:', err);
-        } finally {
-            setLoading(false);
-        }
-    }
-
-    async function loadUserPrefs() {
-        try {
-            const data = await api.getUserNotificationPreferences();
-            setUserPrefs(prev => ({ ...prev, ...data }));
-        } catch (err) {
-            console.error('Failed to load user notification preferences:', err);
-        } finally {
-            setLoading(false);
-        }
-    }
-
-    async function handleSaveUserPrefs() {
-        setSaving(true);
-        setMessage(null);
-        try {
-            await api.updateUserNotificationPreferences(userPrefs);
-            setMessage({ type: 'success', text: 'Your notification preferences have been saved' });
-        } catch (err) {
-            setMessage({ type: 'error', text: err.message });
-        } finally {
-            setSaving(false);
-        }
-    }
-
-    async function handleTestUserNotification() {
-        setTesting('user');
-        setMessage(null);
-        try {
-            const result = await api.testUserNotification();
-            setMessage({ type: result.success ? 'success' : 'error', text: result.success ? 'Test notification sent!' : (result.error || 'Test failed') });
-        } catch (err) {
-            setMessage({ type: 'error', text: err.message });
-        } finally {
-            setTesting(null);
-        }
-    }
-
-    async function handleSaveChannel(channel) {
-        setSaving(true);
-        setMessage(null);
-        try {
-            await api.updateNotificationChannel(channel, config[channel]);
-            setMessage({ type: 'success', text: `${channel.charAt(0).toUpperCase() + channel.slice(1).replace('_', ' ')} settings saved` });
-        } catch (err) {
-            setMessage({ type: 'error', text: err.message });
-        } finally {
-            setSaving(false);
-        }
-    }
-
-    async function handleTestChannel(channel) {
-        setTesting(channel);
-        setMessage(null);
-        try {
-            const result = await api.testNotificationChannel(channel);
-            setMessage({ type: result.success ? 'success' : 'error', text: result.message || result.error || 'Test completed' });
-        } catch (err) {
-            setMessage({ type: 'error', text: err.message });
-        } finally {
-            setTesting(null);
-        }
-    }
-
-    function updateChannelConfig(channel, key, value) {
-        setConfig(prev => ({
-            ...prev,
-            [channel]: { ...prev[channel], [key]: value }
-        }));
-    }
-
-    function toggleSeverity(channel, severity) {
-        const current = config[channel].notify_on || [];
-        const updated = current.includes(severity)
-            ? current.filter(s => s !== severity)
-            : [...current, severity];
-        updateChannelConfig(channel, 'notify_on', updated);
-    }
-
-    if (loading) {
-        return <div className="loading">Loading notification settings...</div>;
-    }
-
-    const userPrefsUI = (
-        <div className="user-notification-prefs">
-            <div className="settings-card">
-                <div className="form-group">
-                    <label className="toggle-switch-label">
-                        <span>Enable notifications for my account</span>
-                        <label className="toggle-switch">
-                            <input
-                                type="checkbox"
-                                checked={userPrefs.enabled}
-                                onChange={(e) => setUserPrefs({...userPrefs, enabled: e.target.checked})}
-                            />
-                            <span className="toggle-slider"></span>
-                        </label>
-                    </label>
-                </div>
-            </div>
-
-            <div className="settings-card">
-                <h3>Notification Channels</h3>
-                <p>Choose how you want to receive notifications</p>
-                <div className="channel-toggles">
-                    {['email', 'discord', 'slack', 'telegram'].map(ch => (
-                        <label key={ch} className="channel-toggle">
-                            <input
-                                type="checkbox"
-                                checked={userPrefs.channels?.includes(ch)}
-                                onChange={(e) => {
-                                    const channels = e.target.checked
-                                        ? [...(userPrefs.channels || []), ch]
-                                        : (userPrefs.channels || []).filter(c => c !== ch);
-                                    setUserPrefs({...userPrefs, channels});
-                                }}
-                            />
-                            <span>{ch.charAt(0).toUpperCase() + ch.slice(1)}</span>
-                        </label>
-                    ))}
-                </div>
-            </div>
-
-            {userPrefs.channels?.includes('email') && (
-                <div className="settings-card">
-                    <h3>Email Settings</h3>
-                    <div className="form-group">
-                        <label>Notification Email (optional)</label>
-                        <input
-                            type="email"
-                            value={userPrefs.email || ''}
-                            onChange={(e) => setUserPrefs({...userPrefs, email: e.target.value})}
-                            placeholder={user?.email || 'Uses your account email'}
-                        />
-                        <span className="form-help">Leave empty to use your account email</span>
-                    </div>
-                </div>
-            )}
-
-            {userPrefs.channels?.includes('discord') && (
-                <div className="settings-card">
-                    <h3>Personal Discord Webhook</h3>
-                    <div className="form-group">
-                        <label>Webhook URL</label>
-                        <input
-                            type="text"
-                            value={userPrefs.discord_webhook || ''}
-                            onChange={(e) => setUserPrefs({...userPrefs, discord_webhook: e.target.value})}
-                            placeholder="https://discord.com/api/webhooks/..."
-                        />
-                        <span className="form-help">Create a webhook in your personal server or DM channel</span>
-                    </div>
-                </div>
-            )}
-
-            {userPrefs.channels?.includes('telegram') && (
-                <div className="settings-card">
-                    <h3>Personal Telegram</h3>
-                    <div className="form-group">
-                        <label>Your Chat ID</label>
-                        <input
-                            type="text"
-                            value={userPrefs.telegram_chat_id || ''}
-                            onChange={(e) => setUserPrefs({...userPrefs, telegram_chat_id: e.target.value})}
-                            placeholder="Your personal chat ID"
-                        />
-                        <span className="form-help">Use @userinfobot to get your personal chat ID</span>
-                    </div>
-                </div>
-            )}
-
-            <div className="settings-card">
-                <h3>Severity Levels</h3>
-                <p>Which alert types do you want to receive?</p>
-                <div className="severity-toggles">
-                    {severityOptions.map(severity => (
-                        <label key={severity} className={`severity-toggle ${severity}`}>
-                            <input
-                                type="checkbox"
-                                checked={userPrefs.severities?.includes(severity)}
-                                onChange={(e) => {
-                                    const severities = e.target.checked
-                                        ? [...(userPrefs.severities || []), severity]
-                                        : (userPrefs.severities || []).filter(s => s !== severity);
-                                    setUserPrefs({...userPrefs, severities});
-                                }}
-                            />
-                            <span>{severity.charAt(0).toUpperCase() + severity.slice(1)}</span>
-                        </label>
-                    ))}
-                </div>
-            </div>
-
-            <div className="settings-card">
-                <h3>Notification Categories</h3>
-                <p>What types of events should trigger notifications?</p>
-                <div className="category-toggles">
-                    {Object.entries({
-                        system: 'System Alerts (CPU, Memory, Disk)',
-                        security: 'Security Events',
-                        backups: 'Backup Status',
-                        apps: 'Application Events'
-                    }).map(([key, label]) => (
-                        <label key={key} className="category-toggle">
-                            <input
-                                type="checkbox"
-                                checked={userPrefs.categories?.[key] !== false}
-                                onChange={(e) => setUserPrefs({
-                                    ...userPrefs,
-                                    categories: { ...userPrefs.categories, [key]: e.target.checked }
-                                })}
-                            />
-                            <span>{label}</span>
-                        </label>
-                    ))}
-                </div>
-            </div>
-
-            <div className="settings-card">
-                <h3>Quiet Hours</h3>
-                <p>Pause non-critical notifications during these hours</p>
-                <div className="form-group">
-                    <label className="toggle-switch-label">
-                        <span>Enable quiet hours</span>
-                        <label className="toggle-switch">
-                            <input
-                                type="checkbox"
-                                checked={userPrefs.quiet_hours?.enabled}
-                                onChange={(e) => setUserPrefs({
-                                    ...userPrefs,
-                                    quiet_hours: { ...userPrefs.quiet_hours, enabled: e.target.checked }
-                                })}
-                            />
-                            <span className="toggle-slider"></span>
-                        </label>
-                    </label>
-                </div>
-                {userPrefs.quiet_hours?.enabled && (
-                    <div className="form-row">
-                        <div className="form-group">
-                            <label>Start Time</label>
-                            <input
-                                type="time"
-                                value={userPrefs.quiet_hours?.start || '22:00'}
-                                onChange={(e) => setUserPrefs({
-                                    ...userPrefs,
-                                    quiet_hours: { ...userPrefs.quiet_hours, start: e.target.value }
-                                })}
-                            />
-                        </div>
-                        <div className="form-group">
-                            <label>End Time</label>
-                            <input
-                                type="time"
-                                value={userPrefs.quiet_hours?.end || '08:00'}
-                                onChange={(e) => setUserPrefs({
-                                    ...userPrefs,
-                                    quiet_hours: { ...userPrefs.quiet_hours, end: e.target.value }
-                                })}
-                            />
-                        </div>
-                    </div>
-                )}
-            </div>
-
-            <div className="form-actions">
-                <button
-                    className="btn btn-secondary"
-                    onClick={handleTestUserNotification}
-                    disabled={testing === 'user' || !userPrefs.enabled}
-                >
-                    {testing === 'user' ? 'Sending...' : 'Send Test Notification'}
-                </button>
-                <button
-                    className="btn btn-primary"
-                    onClick={handleSaveUserPrefs}
-                    disabled={saving}
-                >
-                    {saving ? 'Saving...' : 'Save Preferences'}
-                </button>
-            </div>
-        </div>
-    );
-
-    const channels = [
-        { id: 'discord', name: 'Discord', icon: (
-            <svg viewBox="0 0 24 24" width="24" height="24" fill="currentColor">
-                <path d="M20.317 4.37a19.791 19.791 0 0 0-4.885-1.515.074.074 0 0 0-.079.037c-.21.375-.444.864-.608 1.25a18.27 18.27 0 0 0-5.487 0 12.64 12.64 0 0 0-.617-1.25.077.077 0 0 0-.079-.037A19.736 19.736 0 0 0 3.677 4.37a.07.07 0 0 0-.032.027C.533 9.046-.32 13.58.099 18.057a.082.082 0 0 0 .031.057 19.9 19.9 0 0 0 5.993 3.03.078.078 0 0 0 .084-.028 14.09 14.09 0 0 0 1.226-1.994.076.076 0 0 0-.041-.106 13.107 13.107 0 0 1-1.872-.892.077.077 0 0 1-.008-.128 10.2 10.2 0 0 0 .372-.292.074.074 0 0 1 .077-.01c3.928 1.793 8.18 1.793 12.062 0a.074.074 0 0 1 .078.01c.12.098.246.198.373.292a.077.077 0 0 1-.006.127 12.299 12.299 0 0 1-1.873.892.077.077 0 0 0-.041.107c.36.698.772 1.362 1.225 1.993a.076.076 0 0 0 .084.028 19.839 19.839 0 0 0 6.002-3.03.077.077 0 0 0 .032-.054c.5-5.177-.838-9.674-3.549-13.66a.061.061 0 0 0-.031-.03zM8.02 15.33c-1.183 0-2.157-1.085-2.157-2.419 0-1.333.956-2.419 2.157-2.419 1.21 0 2.176 1.096 2.157 2.42 0 1.333-.956 2.418-2.157 2.418zm7.975 0c-1.183 0-2.157-1.085-2.157-2.419 0-1.333.955-2.419 2.157-2.419 1.21 0 2.176 1.096 2.157 2.42 0 1.333-.946 2.418-2.157 2.418z"/>
-            </svg>
-        ), description: 'Send rich notifications to Discord channels via webhooks' },
-        { id: 'slack', name: 'Slack', icon: (
-            <svg viewBox="0 0 24 24" width="24" height="24" fill="currentColor">
-                <path d="M5.042 15.165a2.528 2.528 0 0 1-2.52 2.523A2.528 2.528 0 0 1 0 15.165a2.527 2.527 0 0 1 2.522-2.52h2.52v2.52zM6.313 15.165a2.527 2.527 0 0 1 2.521-2.52 2.527 2.527 0 0 1 2.521 2.52v6.313A2.528 2.528 0 0 1 8.834 24a2.528 2.528 0 0 1-2.521-2.522v-6.313zM8.834 5.042a2.528 2.528 0 0 1-2.521-2.52A2.528 2.528 0 0 1 8.834 0a2.528 2.528 0 0 1 2.521 2.522v2.52H8.834zM8.834 6.313a2.528 2.528 0 0 1 2.521 2.521 2.528 2.528 0 0 1-2.521 2.521H2.522A2.528 2.528 0 0 1 0 8.834a2.528 2.528 0 0 1 2.522-2.521h6.312zM18.956 8.834a2.528 2.528 0 0 1 2.522-2.521A2.528 2.528 0 0 1 24 8.834a2.528 2.528 0 0 1-2.522 2.521h-2.522V8.834zM17.688 8.834a2.528 2.528 0 0 1-2.523 2.521 2.527 2.527 0 0 1-2.52-2.521V2.522A2.527 2.527 0 0 1 15.165 0a2.528 2.528 0 0 1 2.523 2.522v6.312zM15.165 18.956a2.528 2.528 0 0 1 2.523 2.522A2.528 2.528 0 0 1 15.165 24a2.527 2.527 0 0 1-2.52-2.522v-2.522h2.52zM15.165 17.688a2.527 2.527 0 0 1-2.52-2.523 2.526 2.526 0 0 1 2.52-2.52h6.313A2.527 2.527 0 0 1 24 15.165a2.528 2.528 0 0 1-2.522 2.523h-6.313z"/>
-            </svg>
-        ), description: 'Send notifications to Slack channels via incoming webhooks' },
-        { id: 'telegram', name: 'Telegram', icon: (
-            <svg viewBox="0 0 24 24" width="24" height="24" fill="currentColor">
-                <path d="M11.944 0A12 12 0 0 0 0 12a12 12 0 0 0 12 12 12 12 0 0 0 12-12A12 12 0 0 0 12 0a12 12 0 0 0-.056 0zm4.962 7.224c.1-.002.321.023.465.14a.506.506 0 0 1 .171.325c.016.093.036.306.02.472-.18 1.898-.962 6.502-1.36 8.627-.168.9-.499 1.201-.82 1.23-.696.065-1.225-.46-1.9-.902-1.056-.693-1.653-1.124-2.678-1.8-1.185-.78-.417-1.21.258-1.91.177-.184 3.247-2.977 3.307-3.23.007-.032.014-.15-.056-.212s-.174-.041-.249-.024c-.106.024-1.793 1.14-5.061 3.345-.48.33-.913.49-1.302.48-.428-.008-1.252-.241-1.865-.44-.752-.245-1.349-.374-1.297-.789.027-.216.325-.437.893-.663 3.498-1.524 5.83-2.529 6.998-3.014 3.332-1.386 4.025-1.627 4.476-1.635z"/>
-            </svg>
-        ), description: 'Send notifications to Telegram chats via bot API' },
-        { id: 'email', name: 'Email', icon: (
-            <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
-                <path d="M4 4h16c1.1 0 2 .9 2 2v12c0 1.1-.9 2-2 2H4c-1.1 0-2-.9-2-2V6c0-1.1.9-2 2-2z"/>
-                <polyline points="22,6 12,13 2,6"/>
-            </svg>
-        ), description: 'Send email notifications with HTML templates via SMTP' },
-        { id: 'generic_webhook', name: 'Generic Webhook', icon: (
-            <svg viewBox="0 0 24 24" width="24" height="24" stroke="currentColor" fill="none" strokeWidth="2">
-                <path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"/>
-                <path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"/>
-            </svg>
-        ), description: 'Send JSON payloads to any webhook endpoint' }
-    ];
-
-    return (
-        <div className="settings-section">
-            <div className="section-header">
-                <h2>Notification Settings</h2>
-                <p>Configure how you receive alerts and notifications</p>
-            </div>
-
-            {message && (
-                <div className={`alert alert-${message.type === 'success' ? 'success' : 'danger'}`}>
-                    {message.text}
-                </div>
-            )}
-
-            <div className="notification-tabs">
-                <button
-                    className={`notification-tab ${activeSection === 'personal' ? 'active' : ''}`}
-                    onClick={() => setActiveSection('personal')}
-                >
-                    <svg viewBox="0 0 24 24" width="18" height="18" stroke="currentColor" fill="none" strokeWidth="2">
-                        <path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2"/>
-                        <circle cx="12" cy="7" r="4"/>
-                    </svg>
-                    My Preferences
-                </button>
-                {isAdmin && (
-                    <button
-                        className={`notification-tab ${activeSection === 'admin' ? 'active' : ''}`}
-                        onClick={() => setActiveSection('admin')}
-                    >
-                        <svg viewBox="0 0 24 24" width="18" height="18" stroke="currentColor" fill="none" strokeWidth="2">
-                            <circle cx="12" cy="12" r="3"/>
-                            <path d="M19.4 15a1.65 1.65 0 0 0 .33 1.82l.06.06a2 2 0 0 1 0 2.83 2 2 0 0 1-2.83 0l-.06-.06a1.65 1.65 0 0 0-1.82-.33 1.65 1.65 0 0 0-1 1.51V21a2 2 0 0 1-2 2 2 2 0 0 1-2-2v-.09A1.65 1.65 0 0 0 9 19.4a1.65 1.65 0 0 0-1.82.33l-.06.06a2 2 0 0 1-2.83 0 2 2 0 0 1 0-2.83l.06-.06a1.65 1.65 0 0 0 .33-1.82 1.65 1.65 0 0 0-1.51-1H3a2 2 0 0 1-2-2 2 2 0 0 1 2-2h.09A1.65 1.65 0 0 0 4.6 9a1.65 1.65 0 0 0-.33-1.82l-.06-.06a2 2 0 0 1 0-2.83 2 2 0 0 1 2.83 0l.06.06a1.65 1.65 0 0 0 1.82.33H9a1.65 1.65 0 0 0 1-1.51V3a2 2 0 0 1 2-2 2 2 0 0 1 2 2v.09a1.65 1.65 0 0 0 1 1.51 1.65 1.65 0 0 0 1.82-.33l.06-.06a2 2 0 0 1 2.83 0 2 2 0 0 1 0 2.83l-.06.06a1.65 1.65 0 0 0-.33 1.82V9a1.65 1.65 0 0 0 1.51 1H21a2 2 0 0 1 2 2 2 2 0 0 1-2 2h-.09a1.65 1.65 0 0 0-1.51 1z"/>
-                        </svg>
-                        System Webhooks
-                    </button>
-                )}
-            </div>
-
-            {activeSection === 'personal' && userPrefsUI}
-
-            {activeSection === 'admin' && isAdmin && (
-            <div className="notification-channels">
-                {channels.map(channel => (
-                    <div key={channel.id} className={`notification-channel-card ${config[channel.id]?.enabled ? 'enabled' : ''}`}>
-                        <div
-                            className="channel-header"
-                            onClick={() => setExpandedChannel(expandedChannel === channel.id ? null : channel.id)}
-                        >
-                            <div className="channel-icon">{channel.icon}</div>
-                            <div className="channel-info">
-                                <h3>{channel.name}</h3>
-                                <p>{channel.description}</p>
-                            </div>
-                            <div className="channel-status">
-                                <span className={`badge ${config[channel.id]?.enabled ? 'badge-success' : 'badge-secondary'}`}>
-                                    {config[channel.id]?.enabled ? 'Enabled' : 'Disabled'}
-                                </span>
-                                <svg
-                                    viewBox="0 0 24 24"
-                                    width="20"
-                                    height="20"
-                                    className={`expand-icon ${expandedChannel === channel.id ? 'expanded' : ''}`}
-                                >
-                                    <polyline points="6 9 12 15 18 9" stroke="currentColor" fill="none" strokeWidth="2"/>
-                                </svg>
-                            </div>
-                        </div>
-
-                        {expandedChannel === channel.id && (
-                            <div className="channel-config">
-                                <div className="form-group">
-                                    <label className="toggle-switch-label">
-                                        <span>Enable {channel.name}</span>
-                                        <label className="toggle-switch">
-                                            <input
-                                                type="checkbox"
-                                                checked={config[channel.id]?.enabled || false}
-                                                onChange={(e) => updateChannelConfig(channel.id, 'enabled', e.target.checked)}
-                                            />
-                                            <span className="toggle-slider"></span>
-                                        </label>
-                                    </label>
-                                </div>
-
-                                {channel.id === 'discord' && (
-                                    <>
-                                        <div className="form-group">
-                                            <label>Webhook URL</label>
-                                            <input
-                                                type="text"
-                                                value={config.discord.webhook_url || ''}
-                                                onChange={(e) => updateChannelConfig('discord', 'webhook_url', e.target.value)}
-                                                placeholder="https://discord.com/api/webhooks/..."
-                                            />
-                                            <span className="form-help">Create a webhook in Discord: Server Settings → Integrations → Webhooks</span>
-                                        </div>
-                                        <div className="form-row">
-                                            <div className="form-group">
-                                                <label>Bot Username</label>
-                                                <input
-                                                    type="text"
-                                                    value={config.discord.username || 'ServerKit'}
-                                                    onChange={(e) => updateChannelConfig('discord', 'username', e.target.value)}
-                                                    placeholder="ServerKit"
-                                                />
-                                            </div>
-                                            <div className="form-group">
-                                                <label>Avatar URL (optional)</label>
-                                                <input
-                                                    type="text"
-                                                    value={config.discord.avatar_url || ''}
-                                                    onChange={(e) => updateChannelConfig('discord', 'avatar_url', e.target.value)}
-                                                    placeholder="https://example.com/avatar.png"
-                                                />
-                                            </div>
-                                        </div>
-                                    </>
-                                )}
-
-                                {channel.id === 'slack' && (
-                                    <>
-                                        <div className="form-group">
-                                            <label>Webhook URL</label>
-                                            <input
-                                                type="text"
-                                                value={config.slack.webhook_url || ''}
-                                                onChange={(e) => updateChannelConfig('slack', 'webhook_url', e.target.value)}
-                                                placeholder="https://hooks.slack.com/services/..."
-                                            />
-                                            <span className="form-help">Create an incoming webhook in Slack: Apps → Incoming Webhooks</span>
-                                        </div>
-                                        <div className="form-row">
-                                            <div className="form-group">
-                                                <label>Channel (optional)</label>
-                                                <input
-                                                    type="text"
-                                                    value={config.slack.channel || ''}
-                                                    onChange={(e) => updateChannelConfig('slack', 'channel', e.target.value)}
-                                                    placeholder="#alerts"
-                                                />
-                                            </div>
-                                            <div className="form-group">
-                                                <label>Username</label>
-                                                <input
-                                                    type="text"
-                                                    value={config.slack.username || 'ServerKit'}
-                                                    onChange={(e) => updateChannelConfig('slack', 'username', e.target.value)}
-                                                    placeholder="ServerKit"
-                                                />
-                                            </div>
-                                        </div>
-                                    </>
-                                )}
-
-                                {channel.id === 'telegram' && (
-                                    <>
-                                        <div className="form-group">
-                                            <label>Bot Token</label>
-                                            <input
-                                                type="password"
-                                                value={config.telegram.bot_token || ''}
-                                                onChange={(e) => updateChannelConfig('telegram', 'bot_token', e.target.value)}
-                                                placeholder="123456:ABC-DEF..."
-                                            />
-                                            <span className="form-help">Get a bot token from @BotFather on Telegram</span>
-                                        </div>
-                                        <div className="form-group">
-                                            <label>Chat ID</label>
-                                            <input
-                                                type="text"
-                                                value={config.telegram.chat_id || ''}
-                                                onChange={(e) => updateChannelConfig('telegram', 'chat_id', e.target.value)}
-                                                placeholder="-1001234567890"
-                                            />
-                                            <span className="form-help">Use @userinfobot or @getidsbot to find your chat ID</span>
-                                        </div>
-                                    </>
-                                )}
-
-                                {channel.id === 'email' && (
-                                    <>
-                                        <div className="form-row">
-                                            <div className="form-group">
-                                                <label>SMTP Host</label>
-                                                <input
-                                                    type="text"
-                                                    value={config.email.smtp_host || ''}
-                                                    onChange={(e) => updateChannelConfig('email', 'smtp_host', e.target.value)}
-                                                    placeholder="smtp.example.com"
-                                                />
-                                            </div>
-                                            <div className="form-group">
-                                                <label>SMTP Port</label>
-                                                <input
-                                                    type="number"
-                                                    value={config.email.smtp_port || 587}
-                                                    onChange={(e) => updateChannelConfig('email', 'smtp_port', parseInt(e.target.value))}
-                                                    placeholder="587"
-                                                />
-                                            </div>
-                                        </div>
-                                        <div className="form-row">
-                                            <div className="form-group">
-                                                <label>SMTP Username</label>
-                                                <input
-                                                    type="text"
-                                                    value={config.email.smtp_user || ''}
-                                                    onChange={(e) => updateChannelConfig('email', 'smtp_user', e.target.value)}
-                                                    placeholder="user@example.com"
-                                                />
-                                            </div>
-                                            <div className="form-group">
-                                                <label>SMTP Password</label>
-                                                <input
-                                                    type="password"
-                                                    value={config.email.smtp_password || ''}
-                                                    onChange={(e) => updateChannelConfig('email', 'smtp_password', e.target.value)}
-                                                    placeholder="••••••••"
-                                                />
-                                            </div>
-                                        </div>
-                                        <div className="form-row">
-                                            <div className="form-group">
-                                                <label>From Email</label>
-                                                <input
-                                                    type="email"
-                                                    value={config.email.from_email || ''}
-                                                    onChange={(e) => updateChannelConfig('email', 'from_email', e.target.value)}
-                                                    placeholder="alerts@example.com"
-                                                />
-                                            </div>
-                                            <div className="form-group">
-                                                <label>From Name</label>
-                                                <input
-                                                    type="text"
-                                                    value={config.email.from_name || 'ServerKit'}
-                                                    onChange={(e) => updateChannelConfig('email', 'from_name', e.target.value)}
-                                                    placeholder="ServerKit"
-                                                />
-                                            </div>
-                                        </div>
-                                        <div className="form-group">
-                                            <label>Recipient Emails (comma-separated)</label>
-                                            <input
-                                                type="text"
-                                                value={(config.email.to_emails || []).join(', ')}
-                                                onChange={(e) => updateChannelConfig('email', 'to_emails', e.target.value.split(',').map(s => s.trim()).filter(Boolean))}
-                                                placeholder="admin@example.com, team@example.com"
-                                            />
-                                        </div>
-                                        <div className="form-group">
-                                            <label className="toggle-switch-label">
-                                                <span>Use TLS</span>
-                                                <label className="toggle-switch">
-                                                    <input
-                                                        type="checkbox"
-                                                        checked={config.email.smtp_tls !== false}
-                                                        onChange={(e) => updateChannelConfig('email', 'smtp_tls', e.target.checked)}
-                                                    />
-                                                    <span className="toggle-slider"></span>
-                                                </label>
-                                            </label>
-                                        </div>
-                                    </>
-                                )}
-
-                                {channel.id === 'generic_webhook' && (
-                                    <div className="form-group">
-                                        <label>Webhook URL</label>
-                                        <input
-                                            type="text"
-                                            value={config.generic_webhook.url || ''}
-                                            onChange={(e) => updateChannelConfig('generic_webhook', 'url', e.target.value)}
-                                            placeholder="https://your-endpoint.com/webhook"
-                                        />
-                                        <span className="form-help">Receives JSON payload with alert data</span>
-                                    </div>
-                                )}
-
-                                <div className="form-group">
-                                    <label>Alert Severities</label>
-                                    <div className="severity-toggles">
-                                        {severityOptions.map(severity => (
-                                            <label key={severity} className={`severity-toggle ${severity}`}>
-                                                <input
-                                                    type="checkbox"
-                                                    checked={config[channel.id]?.notify_on?.includes(severity) || false}
-                                                    onChange={() => toggleSeverity(channel.id, severity)}
-                                                />
-                                                <span>{severity.charAt(0).toUpperCase() + severity.slice(1)}</span>
-                                            </label>
-                                        ))}
-                                    </div>
-                                </div>
-
-                                <div className="channel-actions">
-                                    <button
-                                        className="btn btn-secondary"
-                                        onClick={() => handleTestChannel(channel.id)}
-                                        disabled={testing === channel.id || !config[channel.id]?.enabled}
-                                    >
-                                        {testing === channel.id ? 'Testing...' : 'Send Test'}
-                                    </button>
-                                    <button
-                                        className="btn btn-primary"
-                                        onClick={() => handleSaveChannel(channel.id)}
-                                        disabled={saving}
-                                    >
-                                        {saving ? 'Saving...' : 'Save'}
-                                    </button>
-                                </div>
-                            </div>
-                        )}
-                    </div>
-                ))}
-            </div>
-            )}
-        </div>
-    );
-};
-
-const SystemInfo = () => {
-    const { isAdmin } = useAuth();
-    const [metrics, setMetrics] = useState(null);
-    const [loading, setLoading] = useState(true);
-    const [timezones, setTimezones] = useState([]);
-    const [selectedTimezone, setSelectedTimezone] = useState('');
-    const [savingTimezone, setSavingTimezone] = useState(false);
-    const [timezoneMessage, setTimezoneMessage] = useState(null);
-
-    useEffect(() => {
-        if (isAdmin) {
-            loadMetrics();
-            loadTimezones();
-        }
-    }, [isAdmin]);
-
-    async function loadMetrics() {
-        try {
-            const data = await api.getSystemMetrics();
-            setMetrics(data);
-            if (data?.time?.timezone_id) {
-                setSelectedTimezone(data.time.timezone_id);
-            }
-        } catch (err) {
-            console.error('Failed to load metrics:', err);
-        } finally {
-            setLoading(false);
-        }
-    }
-
-    async function loadTimezones() {
-        try {
-            const data = await api.getTimezones();
-            setTimezones(data.timezones || []);
-        } catch (err) {
-            console.error('Failed to load timezones:', err);
-        }
-    }
-
-    async function handleTimezoneChange() {
-        if (!selectedTimezone) return;
-
-        setSavingTimezone(true);
-        setTimezoneMessage(null);
-
-        try {
-            const result = await api.setTimezone(selectedTimezone);
-            setTimezoneMessage({ type: 'success', text: result.message || 'Timezone updated' });
-            // Refresh metrics to show new time
-            loadMetrics();
-        } catch (err) {
-            setTimezoneMessage({ type: 'error', text: err.message || 'Failed to set timezone' });
-        } finally {
-            setSavingTimezone(false);
-            setTimeout(() => setTimezoneMessage(null), 5000);
-        }
-    }
-
-    if (!isAdmin) {
-        return (
-            <div className="settings-section">
-                <div className="section-header">
-                    <h2>System Information</h2>
-                    <p>View system details and server information</p>
-                </div>
-                <div className="alert alert-warning">
-                    Admin access required to view system information.
+                    {activeTab === 'system' && isAdmin && <SystemTab />}
+                    {activeTab === 'developer' && devMode && isAdmin && <IconReferenceTab />}
+                    {activeTab === 'about' && <AboutTab />}
                 </div>
             </div>
-        );
-    }
-
-    if (loading) {
-        return <div className="loading">Loading system information...</div>;
-    }
-
-    return (
-        <div className="settings-section">
-            <div className="section-header">
-                <h2>System Information</h2>
-                <p>View system details and server information</p>
-            </div>
-
-            <div className="system-info-grid">
-                <div className="settings-card">
-                    <h3>CPU</h3>
-                    <div className="info-list">
-                        <div className="info-item">
-                            <span className="info-label">Usage</span>
-                            <span className="info-value">{metrics?.cpu?.percent?.toFixed(1) || 0}%</span>
-                        </div>
-                        <div className="info-item">
-                            <span className="info-label">Cores</span>
-                            <span className="info-value">{metrics?.cpu?.count || '-'}</span>
-                        </div>
-                        <div className="info-item">
-                            <span className="info-label">Load Average</span>
-                            <span className="info-value">
-                                {metrics?.cpu?.load_avg ? metrics.cpu.load_avg.map(l => l.toFixed(2)).join(', ') : '-'}
-                            </span>
-                        </div>
-                    </div>
-                </div>
-
-                <div className="settings-card">
-                    <h3>Memory</h3>
-                    <div className="info-list">
-                        <div className="info-item">
-                            <span className="info-label">Usage</span>
-                            <span className="info-value">{metrics?.memory?.percent?.toFixed(1) || 0}%</span>
-                        </div>
-                        <div className="info-item">
-                            <span className="info-label">Used</span>
-                            <span className="info-value">{formatBytes(metrics?.memory?.used)}</span>
-                        </div>
-                        <div className="info-item">
-                            <span className="info-label">Total</span>
-                            <span className="info-value">{formatBytes(metrics?.memory?.total)}</span>
-                        </div>
-                    </div>
-                </div>
-
-                <div className="settings-card">
-                    <h3>Disk</h3>
-                    <div className="info-list">
-                        <div className="info-item">
-                            <span className="info-label">Usage</span>
-                            <span className="info-value">{metrics?.disk?.percent?.toFixed(1) || 0}%</span>
-                        </div>
-                        <div className="info-item">
-                            <span className="info-label">Used</span>
-                            <span className="info-value">{formatBytes(metrics?.disk?.used)}</span>
-                        </div>
-                        <div className="info-item">
-                            <span className="info-label">Total</span>
-                            <span className="info-value">{formatBytes(metrics?.disk?.total)}</span>
-                        </div>
-                    </div>
-                </div>
-
-                <div className="settings-card">
-                    <h3>Network</h3>
-                    <div className="info-list">
-                        <div className="info-item">
-                            <span className="info-label">Bytes Sent</span>
-                            <span className="info-value">{formatBytes(metrics?.network?.bytes_sent)}</span>
-                        </div>
-                        <div className="info-item">
-                            <span className="info-label">Bytes Received</span>
-                            <span className="info-value">{formatBytes(metrics?.network?.bytes_recv)}</span>
-                        </div>
-                    </div>
-                </div>
-            </div>
-
-            {metrics?.system && (
-                <div className="settings-card">
-                    <h3>System Details</h3>
-                    <div className="info-list">
-                        <div className="info-item">
-                            <span className="info-label">Hostname</span>
-                            <span className="info-value">{metrics.system.hostname || '-'}</span>
-                        </div>
-                        <div className="info-item">
-                            <span className="info-label">Platform</span>
-                            <span className="info-value">{metrics.system.platform || '-'}</span>
-                        </div>
-                        <div className="info-item">
-                            <span className="info-label">OS Version</span>
-                            <span className="info-value">{metrics.system.version || '-'}</span>
-                        </div>
-                        <div className="info-item">
-                            <span className="info-label">Uptime</span>
-                            <span className="info-value">{formatUptime(metrics.system.uptime)}</span>
-                        </div>
-                    </div>
-                </div>
-            )}
-
-            {/* Server Time & Timezone */}
-            <div className="settings-card">
-                <h3>Server Time & Timezone</h3>
-                {metrics?.time && (
-                    <div className="info-list" style={{ marginBottom: '1rem' }}>
-                        <div className="info-item">
-                            <span className="info-label">Current Time</span>
-                            <span className="info-value">{metrics.time.current_time_formatted}</span>
-                        </div>
-                        <div className="info-item">
-                            <span className="info-label">UTC Offset</span>
-                            <span className="info-value">{metrics.time.utc_offset}</span>
-                        </div>
-                        <div className="info-item">
-                            <span className="info-label">Current Timezone</span>
-                            <span className="info-value">{metrics.time.timezone_id || metrics.time.timezone_name}</span>
-                        </div>
-                    </div>
-                )}
-                <div className="form-group">
-                    <label>Change Timezone</label>
-                    <div className="timezone-selector">
-                        <select
-                            value={selectedTimezone}
-                            onChange={(e) => setSelectedTimezone(e.target.value)}
-                            className="form-control"
-                        >
-                            <option value="">Select timezone...</option>
-                            {timezones.map((tz) => (
-                                <option key={tz} value={tz}>{tz}</option>
-                            ))}
-                        </select>
-                        <button
-                            className="btn btn-primary"
-                            onClick={handleTimezoneChange}
-                            disabled={savingTimezone || !selectedTimezone || selectedTimezone === metrics?.time?.timezone_id}
-                        >
-                            {savingTimezone ? 'Saving...' : 'Apply'}
-                        </button>
-                    </div>
-                    {timezoneMessage && (
-                        <div className={`timezone-message ${timezoneMessage.type}`}>
-                            {timezoneMessage.text}
-                        </div>
-                    )}
-                    <span className="form-help">
-                        Changing timezone requires server restart to take full effect
-                    </span>
-                </div>
-            </div>
-        </div>
-    );
-};
-
-const STAR_PROMPT_KEY = 'serverkit-star-prompt-dismissed';
-
-const AboutSection = () => {
-    const [version, setVersion] = useState('...');
-    const [updateInfo, setUpdateInfo] = useState(null);
-    const [checkingUpdate, setCheckingUpdate] = useState(false);
-    const [showStarPrompt, setShowStarPrompt] = useState(() => {
-        return localStorage.getItem(STAR_PROMPT_KEY) !== 'true';
-    });
-
-    useEffect(() => {
-        const fetchVersion = async () => {
-            try {
-                const data = await api.getVersion();
-                setVersion(data.version || '1.0.0');
-            } catch (error) {
-                setVersion('1.0.0');
-            }
-        };
-        fetchVersion();
-    }, []);
-
-    const dismissStarPrompt = () => {
-        setShowStarPrompt(false);
-        localStorage.setItem(STAR_PROMPT_KEY, 'true');
-    };
-
-    const checkForUpdate = async () => {
-        setCheckingUpdate(true);
-        try {
-            const data = await api.checkUpdate();
-            setUpdateInfo(data);
-        } catch (error) {
-            setUpdateInfo({ error: 'Failed to check for updates' });
-        }
-        setCheckingUpdate(false);
-    };
-
-    return (
-        <div className="settings-section">
-            <div className="section-header">
-                <h2>About ServerKit</h2>
-                <p>Server management made simple</p>
-            </div>
-
-            <div className="about-card">
-                <div className="about-logo">
-                    <ServerKitLogo width={64} height={64} />
-                </div>
-                <h3>ServerKit</h3>
-                <p className="version">Version {version}</p>
-                <p className="description">
-                    A modern, lightweight server management panel for managing web applications,
-                    databases, domains, and more. Built with Flask and React.
-                </p>
-
-                <div className="update-check">
-                    {!updateInfo ? (
-                        <button
-                            className="btn btn-secondary btn-sm"
-                            onClick={checkForUpdate}
-                            disabled={checkingUpdate}
-                        >
-                            {checkingUpdate ? (
-                                <><RefreshCw size={14} className="spinning" /> Checking...</>
-                            ) : (
-                                <><Download size={14} /> Check for Updates</>
-                            )}
-                        </button>
-                    ) : updateInfo.error ? (
-                        <div className="update-status error">
-                            <span>{updateInfo.error}</span>
-                            <button className="btn-link" onClick={checkForUpdate}>Retry</button>
-                        </div>
-                    ) : updateInfo.update_available ? (
-                        <div className="update-status available">
-                            <Download size={16} />
-                            <span>Update available: <strong>v{updateInfo.latest_version}</strong></span>
-                            <a
-                                href={updateInfo.release_url}
-                                target="_blank"
-                                rel="noopener noreferrer"
-                                className="btn btn-accent btn-sm"
-                            >
-                                View Release <ExternalLink size={12} />
-                            </a>
-                        </div>
-                    ) : (
-                        <div className="update-status current">
-                            <CheckCircle size={16} />
-                            <span>You're up to date!</span>
-                        </div>
-                    )}
-                </div>
-            </div>
-
-            {showStarPrompt && (
-                <div className="star-prompt-card">
-                    <button className="dismiss-btn" onClick={dismissStarPrompt} title="Dismiss">
-                        <X size={16} />
-                    </button>
-                    <div className="star-icon">
-                        <Star size={24} />
-                    </div>
-                    <div className="star-content">
-                        <h4>Enjoying ServerKit?</h4>
-                        <p>If you find ServerKit useful, consider starring the repository on GitHub. It helps others discover the project!</p>
-                        <a
-                            href="https://github.com/jhd3197/ServerKit"
-                            target="_blank"
-                            rel="noopener noreferrer"
-                            className="btn btn-accent"
-                        >
-                            <Star size={16} />
-                            Star on GitHub
-                        </a>
-                    </div>
-                </div>
-            )}
-
-            <div className="settings-card">
-                <h3>Features</h3>
-                <ul className="feature-list">
-                    <li>
-                        <Check size={16} />
-                        Application Management (PHP, Python, Node.js, Docker)
-                    </li>
-                    <li>
-                        <Check size={16} />
-                        Domain & SSL Certificate Management
-                    </li>
-                    <li>
-                        <Check size={16} />
-                        Database Management (MySQL, PostgreSQL)
-                    </li>
-                    <li>
-                        <Check size={16} />
-                        Docker Container Management
-                    </li>
-                    <li>
-                        <Check size={16} />
-                        System Monitoring & Alerts
-                    </li>
-                    <li>
-                        <Check size={16} />
-                        Automated Backups
-                    </li>
-                    <li>
-                        <Check size={16} />
-                        Git Deployment with Webhooks
-                    </li>
-                </ul>
-            </div>
-
-            <div className="settings-card">
-                <h3>Links</h3>
-                <div className="link-list">
-                    <a href="https://github.com/jhd3197/ServerKit" target="_blank" rel="noopener noreferrer" className="link-item">
-                        <Github size={18} />
-                        GitHub Repository
-                    </a>
-                    <a href="https://github.com/jhd3197/ServerKit#readme" target="_blank" rel="noopener noreferrer" className="link-item">
-                        <FileText size={18} />
-                        Documentation
-                    </a>
-                    <a href="https://github.com/jhd3197/ServerKit/issues" target="_blank" rel="noopener noreferrer" className="link-item">
-                        <HelpCircle size={18} />
-                        Support & Issues
-                    </a>
-                    <a href="https://github.com/jhd3197/ServerKit/discussions" target="_blank" rel="noopener noreferrer" className="link-item">
-                        <MessageSquare size={18} />
-                        Discussions
-                    </a>
-                    <a href="https://github.com/jhd3197/ServerKit/issues/new" target="_blank" rel="noopener noreferrer" className="link-item">
-                        <Bug size={18} />
-                        Report a Bug
-                    </a>
-                </div>
-            </div>
-
-            <div className="settings-card">
-                <h3>License</h3>
-                <p className="license-text">
-                    ServerKit is open source software licensed under the MIT License.
-                </p>
-            </div>
         </div>
     );
 };
 
-const SiteSettings = ({ onDevModeChange }) => {
-    const [settings, setSettings] = useState({
-        registration_enabled: false,
-        dev_mode: false
-    });
-    const [loading, setLoading] = useState(true);
-    const [saving, setSaving] = useState(false);
-    const [message, setMessage] = useState(null);
-
-    useEffect(() => {
-        loadSettings();
-    }, []);
-
-    async function loadSettings() {
-        try {
-            const data = await api.getSystemSettings();
-            setSettings({
-                registration_enabled: data.registration_enabled || false,
-                dev_mode: data.dev_mode || false
-            });
-        } catch (err) {
-            console.error('Failed to load settings:', err);
-        } finally {
-            setLoading(false);
-        }
-    }
-
-    async function handleToggleSetting(key, label) {
-        setSaving(true);
-        setMessage(null);
-
-        try {
-            const newValue = !settings[key];
-            await api.updateSystemSetting(key, newValue);
-            setSettings({ ...settings, [key]: newValue });
-            setMessage({ type: 'success', text: `${label} ${newValue ? 'enabled' : 'disabled'}` });
-            if (key === 'dev_mode' && onDevModeChange) {
-                onDevModeChange(newValue);
-            }
-        } catch (err) {
-            setMessage({ type: 'error', text: err.message || 'Failed to update setting' });
-        } finally {
-            setSaving(false);
-        }
-    }
-
-    if (loading) {
-        return <div className="settings-section"><p>Loading...</p></div>;
-    }
-
-    return (
-        <div className="settings-section">
-            <h2>Site Settings</h2>
-            <p className="section-description">Configure global site settings</p>
-
-            {message && (
-                <div className={`message ${message.type}`}>{message.text}</div>
-            )}
-
-            <div className="settings-card">
-                <h3>User Registration</h3>
-                <p>Allow new users to create accounts on the login page.</p>
-
-                <div className="form-group">
-                    <label className="toggle-switch-label">
-                        <span>Enable public registration</span>
-                        <label className="toggle-switch">
-                            <input
-                                type="checkbox"
-                                checked={settings.registration_enabled}
-                                onChange={() => handleToggleSetting('registration_enabled', 'User registration')}
-                                disabled={saving}
-                            />
-                            <span className="toggle-slider"></span>
-                        </label>
-                    </label>
-                    <span className="form-help">
-                        When disabled, only administrators can create new user accounts.
-                    </span>
-                </div>
-            </div>
-
-            <div className="settings-card">
-                <h3>Developer Mode</h3>
-                <p>Enable developer tools and diagnostics.</p>
-
-                <div className="form-group">
-                    <label className="toggle-switch-label">
-                        <span>Enable developer mode</span>
-                        <label className="toggle-switch">
-                            <input
-                                type="checkbox"
-                                checked={settings.dev_mode}
-                                onChange={() => handleToggleSetting('dev_mode', 'Developer mode')}
-                                disabled={saving}
-                            />
-                            <span className="toggle-slider"></span>
-                        </label>
-                    </label>
-                    <span className="form-help">
-                        Enables the Developer tab with icon reference and diagnostic tools.
-                    </span>
-                </div>
-            </div>
-        </div>
-    );
-};
-
-const ICON_CATALOG = {
-    'General': {
-        Search, X, Check, Copy, Plus, Trash2, Edit3, Save, Eye, Info,
-        HelpCircle, AlertTriangle, AlertCircle, ExternalLink, Link, Unlink,
-        ChevronDown, ChevronRight, ChevronUp, ArrowRight, ArrowLeft,
-        ArrowUpRight, ArrowDownLeft, ArrowUpCircle
-    },
-    'Status': {
-        CheckCircle, XCircle, Loader, RefreshCw, RotateCcw, Activity,
-        Zap, Sparkles
-    },
-    'Files & Data': {
-        FileText, FolderOpen, Archive, Download, Package, Database,
-        HardDrive, Layers, Tag
-    },
-    'Media': {
-        Image, Video, Music, Camera
-    },
-    'Development': {
-        Code, Terminal, GitBranch, GitCommit, GitCompare, Rocket,
-        Bug, Container, Workflow, Layout
-    },
-    'Infrastructure': {
-        Server, Globe, Cloud, Shield, Lock, Unlock, Cpu, MemoryStick,
-        Radio, Monitor
-    },
-    'Communication': {
-        MessageSquare, Users
-    },
-    'Navigation & UI': {
-        Home, Star, Sun, Moon, Palette, Play, Square, Calendar, Clock,
-        LogOut, SettingsIcon, Newspaper, TrendingUp, BarChart3, Minus
-    },
-    'Brands': {
-        Github
-    }
-};
-
-const IconReference = () => {
-    const [searchQuery, setSearchQuery] = useState('');
-    const [copiedIcon, setCopiedIcon] = useState(null);
-
-    function handleCopyImport(name) {
-        navigator.clipboard.writeText(name);
-        setCopiedIcon(name);
-        setTimeout(() => setCopiedIcon(null), 1500);
-    }
-
-    const filteredCatalog = Object.entries(ICON_CATALOG).reduce((acc, [group, icons]) => {
-        if (!searchQuery) {
-            acc[group] = icons;
-            return acc;
-        }
-        const filtered = Object.entries(icons).filter(([name]) =>
-            name.toLowerCase().includes(searchQuery.toLowerCase())
-        );
-        if (filtered.length > 0) {
-            acc[group] = Object.fromEntries(filtered);
-        }
-        return acc;
-    }, {});
-
-    const totalIcons = Object.values(ICON_CATALOG).reduce((sum, icons) => sum + Object.keys(icons).length, 0);
-
-    return (
-        <div className="settings-section">
-            <h2>Icon Reference</h2>
-            <p className="section-description">
-                Lucide React icons available in the project ({totalIcons} icons). Click an icon name to copy it.
-            </p>
-
-            <div className="settings-card">
-                <div className="form-group">
-                    <div className="search-input-wrapper" style={{ position: 'relative' }}>
-                        <Search size={16} style={{ position: 'absolute', left: 12, top: '50%', transform: 'translateY(-50%)', opacity: 0.5 }} />
-                        <input
-                            type="text"
-                            placeholder="Search icons..."
-                            value={searchQuery}
-                            onChange={(e) => setSearchQuery(e.target.value)}
-                            className="form-input"
-                            style={{ paddingLeft: 36 }}
-                        />
-                    </div>
-                </div>
-            </div>
-
-            {Object.entries(filteredCatalog).map(([group, icons]) => (
-                <div key={group} className="settings-card">
-                    <h3>{group}</h3>
-                    <div className="icon-reference-grid">
-                        {Object.entries(icons).map(([name, IconComp]) => (
-                            <button
-                                key={name}
-                                className={`icon-reference-item ${copiedIcon === name ? 'copied' : ''}`}
-                                onClick={() => handleCopyImport(name)}
-                                title={`Click to copy "${name}"`}
-                            >
-                                <IconComp size={20} />
-                                <span className="icon-reference-name">
-                                    {copiedIcon === name ? 'Copied!' : name}
-                                </span>
-                            </button>
-                        ))}
-                    </div>
-                </div>
-            ))}
-
-            {Object.keys(filteredCatalog).length === 0 && (
-                <div className="settings-card">
-                    <p style={{ textAlign: 'center', opacity: 0.5 }}>No icons match "{searchQuery}"</p>
-                </div>
-            )}
-        </div>
-    );
-};
-
-// Helper functions
-function formatBytes(bytes) {
-    if (!bytes) return '-';
-    const units = ['B', 'KB', 'MB', 'GB', 'TB'];
-    let i = 0;
-    while (bytes >= 1024 && i < units.length - 1) {
-        bytes /= 1024;
-        i++;
-    }
-    return `${bytes.toFixed(1)} ${units[i]}`;
-}
-
-function formatUptime(seconds) {
-    if (!seconds) return '-';
-    const days = Math.floor(seconds / 86400);
-    const hours = Math.floor((seconds % 86400) / 3600);
-    const minutes = Math.floor((seconds % 3600) / 60);
-
-    const parts = [];
-    if (days > 0) parts.push(`${days}d`);
-    if (hours > 0) parts.push(`${hours}h`);
-    if (minutes > 0) parts.push(`${minutes}m`);
-
-    return parts.join(' ') || '< 1m';
-}
-
 export default Settings;
diff --git a/frontend/src/pages/Setup.jsx b/frontend/src/pages/Setup.jsx
index 8a324953..d96f3969 100644
--- a/frontend/src/pages/Setup.jsx
+++ b/frontend/src/pages/Setup.jsx
@@ -125,9 +125,8 @@ const Setup = () => {
 
                 {currentStep > 2 && (
                     <button
-                        className="btn-wizard-prev"
+                        className="btn-wizard-prev mb-4"
                         onClick={handleBack}
-                        style={{ marginBottom: 16 }}
                     >
                         <ArrowLeft size={16} />
                         Back
diff --git a/frontend/src/pages/StatusPages.jsx b/frontend/src/pages/StatusPages.jsx
new file mode 100644
index 00000000..26da290f
--- /dev/null
+++ b/frontend/src/pages/StatusPages.jsx
@@ -0,0 +1,261 @@
+import React, { useState, useEffect, useCallback } from 'react';
+import api from '../services/api';
+import { useToast } from '../contexts/ToastContext';
+import { useAuth } from '../contexts/AuthContext';
+import Spinner from '../components/Spinner';
+import ConfirmDialog from '../components/ConfirmDialog';
+
+const StatusPages = () => {
+    const toast = useToast();
+    const { user } = useAuth();
+    const [pages, setPages] = useState([]);
+    const [loading, setLoading] = useState(true);
+    const [selectedPage, setSelectedPage] = useState(null);
+    const [components, setComponents] = useState([]);
+    const [incidents, setIncidents] = useState([]);
+    const [showCreatePage, setShowCreatePage] = useState(false);
+    const [showCreateComponent, setShowCreateComponent] = useState(false);
+    const [showCreateIncident, setShowCreateIncident] = useState(false);
+    const [deleteConfirm, setDeleteConfirm] = useState(null);
+    const [tab, setTab] = useState('components');
+
+    const [pageForm, setPageForm] = useState({ name: '', slug: '', description: '', primary_color: '#4f46e5' });
+    const [compForm, setCompForm] = useState({ name: '', group: 'Services', check_type: 'http', check_target: '', check_interval: 60 });
+    const [incidentForm, setIncidentForm] = useState({ title: '', impact: 'minor', body: '' });
+
+    const loadPages = useCallback(async () => {
+        try {
+            const data = await api.getStatusPages();
+            setPages(data.pages || []);
+        } catch (err) {
+            toast.error('Failed to load status pages');
+        } finally {
+            setLoading(false);
+        }
+    }, [toast]);
+
+    useEffect(() => { loadPages(); }, [loadPages]);
+
+    const loadPageDetails = async (pageId) => {
+        try {
+            const [cData, iData] = await Promise.all([
+                api.getStatusPageComponents(pageId),
+                api.getStatusPageIncidents(pageId),
+            ]);
+            setComponents(cData.components || []);
+            setIncidents(iData.incidents || []);
+            setSelectedPage(pages.find(p => p.id === pageId));
+        } catch (err) {
+            toast.error('Failed to load details');
+        }
+    };
+
+    const handleCreatePage = async () => {
+        try {
+            const page = await api.createStatusPage(pageForm);
+            toast.success('Status page created');
+            setShowCreatePage(false);
+            setPageForm({ name: '', slug: '', description: '', primary_color: '#4f46e5' });
+            loadPages();
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const handleCreateComponent = async () => {
+        if (!selectedPage) return;
+        try {
+            await api.createStatusComponent(selectedPage.id, compForm);
+            toast.success('Component added');
+            setShowCreateComponent(false);
+            loadPageDetails(selectedPage.id);
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const handleRunCheck = async (compId) => {
+        try {
+            const result = await api.runStatusCheck(compId);
+            toast.success(`Check: ${result.status} (${result.response_time}ms)`);
+            if (selectedPage) loadPageDetails(selectedPage.id);
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const handleCreateIncident = async () => {
+        if (!selectedPage) return;
+        try {
+            await api.createStatusIncident(selectedPage.id, incidentForm);
+            toast.success('Incident created');
+            setShowCreateIncident(false);
+            setIncidentForm({ title: '', impact: 'minor', body: '' });
+            loadPageDetails(selectedPage.id);
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const handleResolveIncident = async (incidentId) => {
+        try {
+            await api.updateStatusIncident(incidentId, { status: 'resolved', update_body: 'Issue has been resolved.' });
+            toast.success('Incident resolved');
+            if (selectedPage) loadPageDetails(selectedPage.id);
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const statusColors = {
+        operational: 'success', degraded: 'warning', partial_outage: 'warning', major_outage: 'danger', maintenance: 'info'
+    };
+
+    if (loading) return <Spinner />;
+
+    return (
+        <div className="status-pages-page">
+            <div className="page-header">
+                <div className="page-header-content">
+                    <h1>Status Pages</h1>
+                    <p className="page-description">{pages.length} page{pages.length !== 1 ? 's' : ''}</p>
+                </div>
+                <div className="page-header-actions">
+                    {user?.is_admin && (
+                        <button className="btn btn-primary" onClick={() => setShowCreatePage(true)}>Create Page</button>
+                    )}
+                </div>
+            </div>
+
+            <div className="status-layout">
+                <div className="status-pages-list">
+                    {pages.map(page => (
+                        <div key={page.id} className={`status-page-item ${selectedPage?.id === page.id ? 'active' : ''}`}
+                            onClick={() => loadPageDetails(page.id)}>
+                            <strong>{page.name}</strong>
+                            <span className="text-muted">/{page.slug} \u2022 {page.component_count} components</span>
+                        </div>
+                    ))}
+                    {pages.length === 0 && <div className="empty-state"><p>No status pages yet.</p></div>}
+                </div>
+
+                {selectedPage && (
+                    <div className="status-detail-panel">
+                        <div className="status-detail-panel__header">
+                            <h2>{selectedPage.name}</h2>
+                            <span className="text-muted">/{selectedPage.slug}</span>
+                        </div>
+
+                        <div className="tabs">
+                            <button className={`tab ${tab === 'components' ? 'active' : ''}`} onClick={() => setTab('components')}>Components</button>
+                            <button className={`tab ${tab === 'incidents' ? 'active' : ''}`} onClick={() => setTab('incidents')}>Incidents</button>
+                        </div>
+
+                        {tab === 'components' && (
+                            <>
+                                <div className="status-actions-bar">
+                                    {user?.is_admin && (
+                                        <button className="btn btn-sm btn-primary" onClick={() => setShowCreateComponent(true)}>Add Component</button>
+                                    )}
+                                </div>
+                                <div className="components-list">
+                                    {components.map(comp => (
+                                        <div key={comp.id} className="component-row">
+                                            <div className="component-row__info">
+                                                <span className={`status-dot status-dot--${statusColors[comp.status] || 'muted'}`} />
+                                                <div>
+                                                    <strong>{comp.name}</strong>
+                                                    <span className="text-muted"> \u2022 {comp.group}</span>
+                                                </div>
+                                            </div>
+                                            <div className="component-row__stats">
+                                                <span>{comp.uptime_30d?.toFixed(2)}% uptime</span>
+                                                {comp.last_response_time && <span>{comp.last_response_time}ms</span>}
+                                            </div>
+                                            <div className="component-row__actions">
+                                                <button className="btn btn-sm" onClick={() => handleRunCheck(comp.id)}>Check Now</button>
+                                            </div>
+                                        </div>
+                                    ))}
+                                    {components.length === 0 && <p className="text-muted">No components yet.</p>}
+                                </div>
+                            </>
+                        )}
+
+                        {tab === 'incidents' && (
+                            <>
+                                <div className="status-actions-bar">
+                                    {user?.is_admin && (
+                                        <button className="btn btn-sm btn-primary" onClick={() => setShowCreateIncident(true)}>Create Incident</button>
+                                    )}
+                                </div>
+                                <div className="incidents-list">
+                                    {incidents.map(inc => (
+                                        <div key={inc.id} className="incident-row">
+                                            <div className="incident-row__header">
+                                                <strong>{inc.title}</strong>
+                                                <span className={`badge badge--${inc.status === 'resolved' ? 'success' : 'warning'}`}>{inc.status}</span>
+                                            </div>
+                                            <span className="text-muted">Impact: {inc.impact}</span>
+                                            {inc.body && <p>{inc.body}</p>}
+                                            {inc.status !== 'resolved' && user?.is_admin && (
+                                                <button className="btn btn-sm btn-success" onClick={() => handleResolveIncident(inc.id)}>Resolve</button>
+                                            )}
+                                        </div>
+                                    ))}
+                                    {incidents.length === 0 && <p className="text-muted">No incidents.</p>}
+                                </div>
+                            </>
+                        )}
+                    </div>
+                )}
+            </div>
+
+            {showCreatePage && (
+                <div className="modal-overlay" onClick={() => setShowCreatePage(false)}>
+                    <div className="modal" onClick={e => e.stopPropagation()}>
+                        <div className="modal-header"><h2>Create Status Page</h2><button className="modal-close" onClick={() => setShowCreatePage(false)}>&times;</button></div>
+                        <div className="modal-body">
+                            <div className="form-group"><label>Name</label><input className="form-input" value={pageForm.name} onChange={e => setPageForm({...pageForm, name: e.target.value})} /></div>
+                            <div className="form-group"><label>Slug (URL path)</label><input className="form-input" value={pageForm.slug} onChange={e => setPageForm({...pageForm, slug: e.target.value})} placeholder="my-services" /></div>
+                            <div className="form-group"><label>Description</label><textarea className="form-input" value={pageForm.description} onChange={e => setPageForm({...pageForm, description: e.target.value})} rows={2} /></div>
+                        </div>
+                        <div className="modal-footer"><button className="btn" onClick={() => setShowCreatePage(false)}>Cancel</button><button className="btn btn-primary" onClick={handleCreatePage} disabled={!pageForm.name || !pageForm.slug}>Create</button></div>
+                    </div>
+                </div>
+            )}
+
+            {showCreateComponent && (
+                <div className="modal-overlay" onClick={() => setShowCreateComponent(false)}>
+                    <div className="modal" onClick={e => e.stopPropagation()}>
+                        <div className="modal-header"><h2>Add Component</h2><button className="modal-close" onClick={() => setShowCreateComponent(false)}>&times;</button></div>
+                        <div className="modal-body">
+                            <div className="form-group"><label>Name</label><input className="form-input" value={compForm.name} onChange={e => setCompForm({...compForm, name: e.target.value})} /></div>
+                            <div className="form-group"><label>Group</label><input className="form-input" value={compForm.group} onChange={e => setCompForm({...compForm, group: e.target.value})} /></div>
+                            <div className="form-group"><label>Check Type</label><select className="form-select" value={compForm.check_type} onChange={e => setCompForm({...compForm, check_type: e.target.value})}><option value="http">HTTP</option><option value="tcp">TCP</option><option value="dns">DNS</option><option value="ping">Ping</option></select></div>
+                            <div className="form-group"><label>Check Target</label><input className="form-input" value={compForm.check_target} onChange={e => setCompForm({...compForm, check_target: e.target.value})} placeholder="https://example.com or host:port" /></div>
+                            <div className="form-group"><label>Check Interval (seconds)</label><input className="form-input" type="number" value={compForm.check_interval} onChange={e => setCompForm({...compForm, check_interval: parseInt(e.target.value) || 60})} /></div>
+                        </div>
+                        <div className="modal-footer"><button className="btn" onClick={() => setShowCreateComponent(false)}>Cancel</button><button className="btn btn-primary" onClick={handleCreateComponent} disabled={!compForm.name}>Add</button></div>
+                    </div>
+                </div>
+            )}
+
+            {showCreateIncident && (
+                <div className="modal-overlay" onClick={() => setShowCreateIncident(false)}>
+                    <div className="modal" onClick={e => e.stopPropagation()}>
+                        <div className="modal-header"><h2>Create Incident</h2><button className="modal-close" onClick={() => setShowCreateIncident(false)}>&times;</button></div>
+                        <div className="modal-body">
+                            <div className="form-group"><label>Title</label><input className="form-input" value={incidentForm.title} onChange={e => setIncidentForm({...incidentForm, title: e.target.value})} /></div>
+                            <div className="form-group"><label>Impact</label><select className="form-select" value={incidentForm.impact} onChange={e => setIncidentForm({...incidentForm, impact: e.target.value})}><option value="none">None</option><option value="minor">Minor</option><option value="major">Major</option><option value="critical">Critical</option></select></div>
+                            <div className="form-group"><label>Description</label><textarea className="form-input" value={incidentForm.body} onChange={e => setIncidentForm({...incidentForm, body: e.target.value})} rows={3} /></div>
+                        </div>
+                        <div className="modal-footer"><button className="btn" onClick={() => setShowCreateIncident(false)}>Cancel</button><button className="btn btn-primary" onClick={handleCreateIncident} disabled={!incidentForm.title}>Create</button></div>
+                    </div>
+                </div>
+            )}
+        </div>
+    );
+};
+
+export default StatusPages;
diff --git a/frontend/src/pages/Terminal.jsx b/frontend/src/pages/Terminal.jsx
index 29fc3b88..68a6a095 100644
--- a/frontend/src/pages/Terminal.jsx
+++ b/frontend/src/pages/Terminal.jsx
@@ -2,6 +2,8 @@ import React, { useState, useEffect, useRef } from 'react';
 import useTabParam from '../hooks/useTabParam';
 import api from '../services/api';
 import { useToast } from '../contexts/ToastContext';
+import { useConfirm } from '../hooks/useConfirm';
+import { ConfirmDialog } from '../components/ConfirmDialog';
 
 const VALID_TABS = ['logs', 'journal', 'processes', 'services'];
 
@@ -76,6 +78,7 @@ const Terminal = () => {
 };
 
 const LogFilesTab = () => {
+    const { confirm, confirmState, handleConfirm, handleCancel } = useConfirm();
     const [logFiles, setLogFiles] = useState([]);
     const [selectedLog, setSelectedLog] = useState(null);
     const [logContent, setLogContent] = useState('');
@@ -141,7 +144,8 @@ const LogFilesTab = () => {
 
     async function handleClearLog() {
         if (!selectedLog) return;
-        if (!confirm(`Clear ${selectedLog}? This cannot be undone.`)) return;
+        const confirmed = await confirm({ title: 'Clear Log', message: `Clear ${selectedLog}? This cannot be undone.` });
+        if (!confirmed) return;
 
         try {
             await api.clearLog(selectedLog);
@@ -310,6 +314,16 @@ const LogFilesTab = () => {
                     </div>
                 </div>
             </div>
+            <ConfirmDialog
+                isOpen={confirmState.isOpen}
+                title={confirmState.title}
+                message={confirmState.message}
+                confirmText={confirmState.confirmText}
+                cancelText={confirmState.cancelText}
+                variant={confirmState.variant}
+                onConfirm={handleConfirm}
+                onCancel={handleCancel}
+            />
         </div>
     );
 };
@@ -460,6 +474,7 @@ const JournalTab = () => {
 
 const ProcessesTab = () => {
     const toast = useToast();
+    const { confirm, confirmState, handleConfirm, handleCancel } = useConfirm();
     const [processes, setProcesses] = useState([]);
     const [loading, setLoading] = useState(true);
     const [sortBy, setSortBy] = useState('cpu');
@@ -486,7 +501,8 @@ const ProcessesTab = () => {
         const confirmMsg = force
             ? `Force kill process ${pid}? This may cause data loss.`
             : `Kill process ${pid}?`;
-        if (!confirm(confirmMsg)) return;
+        const confirmed = await confirm({ title: force ? 'Force Kill Process' : 'Kill Process', message: confirmMsg, variant: force ? 'danger' : 'warning' });
+        if (!confirmed) return;
 
         try {
             await api.killProcess(pid, force);
@@ -688,6 +704,16 @@ const ProcessesTab = () => {
                     </div>
                 </div>
             )}
+            <ConfirmDialog
+                isOpen={confirmState.isOpen}
+                title={confirmState.title}
+                message={confirmState.message}
+                confirmText={confirmState.confirmText}
+                cancelText={confirmState.cancelText}
+                variant={confirmState.variant}
+                onConfirm={handleConfirm}
+                onCancel={handleCancel}
+            />
         </div>
     );
 };
diff --git a/frontend/src/pages/WordPressDetail.jsx b/frontend/src/pages/WordPressDetail.jsx
index 194f1199..6b7feb85 100644
--- a/frontend/src/pages/WordPressDetail.jsx
+++ b/frontend/src/pages/WordPressDetail.jsx
@@ -24,7 +24,7 @@ const DetailPageSkeleton = () => (
                 <div className="skeleton" style={{ width: 300, height: 16 }} />
             </div>
         </div>
-        <div className="app-detail-tabs" style={{ display: 'flex', gap: 8 }}>
+        <div className="app-detail-tabs flex gap-2">
             {[1, 2, 3, 4, 5, 6, 7].map(i => (
                 <div key={i} className="skeleton" style={{ width: 80, height: 32, borderRadius: 4 }} />
             ))}
@@ -894,7 +894,7 @@ const DatabaseTab = ({ siteId, site }) => {
             </div>
 
             {/* Snapshots */}
-            <div className="section-header" style={{ marginTop: 24 }}>
+            <div className="section-header mt-6">
                 <h3>Database Snapshots</h3>
                 <button className="btn btn-primary" onClick={() => setShowCreateModal(true)}>
                     <Plus size={14} /> Create Snapshot
diff --git a/frontend/src/pages/WordPressProject.jsx b/frontend/src/pages/WordPressProject.jsx
index e96e8b68..37c22a19 100644
--- a/frontend/src/pages/WordPressProject.jsx
+++ b/frontend/src/pages/WordPressProject.jsx
@@ -793,7 +793,7 @@ const CreatePipelineEnvModal = ({ onClose, onCreate, productionDomain, existingT
                     {formData.type === 'multidev' && (
                         <div className="form-group">
                             <label>
-                                <GitBranch size={14} style={{ marginRight: 4, verticalAlign: -2 }} />
+                                <GitBranch size={14} className="mr-1" style={{ verticalAlign: -2 }} />
                                 Git Branch *
                             </label>
 
@@ -898,9 +898,8 @@ const CreatePipelineEnvModal = ({ onClose, onCreate, productionDomain, existingT
                                     {branches.length > 0 && (
                                         <button
                                             type="button"
-                                            className="btn btn-ghost btn-sm"
+                                            className="btn btn-ghost btn-sm mt-1"
                                             onClick={() => { setUseCustomBranch(false); setFormData(prev => ({ ...prev, branch: '' })); }}
-                                            style={{ marginTop: 4 }}
                                         >
                                             Back to branch list
                                         </button>
diff --git a/frontend/src/pages/WorkflowBuilder.jsx b/frontend/src/pages/WorkflowBuilder.jsx
index 1dba9206..09639080 100644
--- a/frontend/src/pages/WorkflowBuilder.jsx
+++ b/frontend/src/pages/WorkflowBuilder.jsx
@@ -11,18 +11,27 @@ import {
     MiniMap
 } from '@xyflow/react';
 import '@xyflow/react/dist/style.css';
-import { Server, Database, Globe, Box, Save, FolderOpen, Plus, RefreshCw, Play, Layout, Eye } from 'lucide-react';
+import { Server, Database, Globe, Box, Save, FolderOpen, Plus, RefreshCw, Play, Layout, Eye, Bell, Terminal, Activity } from 'lucide-react';
 import api from '../services/api';
 import WorkflowListModal from '../components/workflow/WorkflowListModal';
 import DeploymentProgressModal from '../components/workflow/DeploymentProgressModal';
+import WorkflowExecutionHistory from '../components/workflow/WorkflowExecutionHistory';
 import DockerAppNode from '../components/workflow/nodes/DockerAppNode';
 import DatabaseNode from '../components/workflow/nodes/DatabaseNode';
 import DomainNode from '../components/workflow/nodes/DomainNode';
 import ServiceNode from '../components/workflow/nodes/ServiceNode';
+import TriggerNode from '../components/workflow/nodes/TriggerNode';
+import ScriptNode from '../components/workflow/nodes/ScriptNode';
+import NotificationNode from '../components/workflow/nodes/NotificationNode';
+import LogicIfNode from '../components/workflow/nodes/LogicIfNode';
 import DockerAppConfigPanel from '../components/workflow/panels/DockerAppConfigPanel';
 import DatabaseConfigPanel from '../components/workflow/panels/DatabaseConfigPanel';
 import DomainConfigPanel from '../components/workflow/panels/DomainConfigPanel';
 import ServiceConfigPanel from '../components/workflow/panels/ServiceConfigPanel';
+import TriggerConfigPanel from '../components/workflow/panels/TriggerConfigPanel';
+import ScriptConfigPanel from '../components/workflow/panels/ScriptConfigPanel';
+import NotificationConfigPanel from '../components/workflow/panels/NotificationConfigPanel';
+import LogicIfConfigPanel from '../components/workflow/panels/LogicIfConfigPanel';
 import { isValidConnection as checkValidConnection, getConnectionError, getConnectionType } from '../utils/connectionRules';
 import ConnectionEdge from '../components/workflow/ConnectionEdge';
 
@@ -33,14 +42,22 @@ const nodeTypes = {
     dockerApp: DockerAppNode,
     database: DatabaseNode,
     domain: DomainNode,
-    service: ServiceNode
+    service: ServiceNode,
+    trigger: TriggerNode,
+    script: ScriptNode,
+    notification: NotificationNode,
+    logic_if: LogicIfNode
 };
 
 const nodeColorMap = {
     dockerApp: '#2496ed',
     database: '#f59e0b',
     domain: '#10b981',
-    service: '#6366f1'
+    service: '#6366f1',
+    trigger: '#3b82f6',
+    script: '#6b7280',
+    notification: '#8b5cf6',
+    logic_if: '#f97316'
 };
 
 const edgeTypes = {
@@ -50,87 +67,73 @@ const edgeTypes = {
 let nodeId = 0;
 const getId = () => `node_${nodeId++}`;
 
-const NodePalette = ({ onAddNode, templates, onAddFromTemplate, existingApps, onAddExistingApp }) => {
-    const [showTemplates, setShowTemplates] = useState(false);
-    const [showExistingApps, setShowExistingApps] = useState(false);
-
+const NodePalette = ({ onAddNode }) => {
     return (
         <div className="workflow-palette">
             <div className="palette-section">
-                <div className="palette-header">Add Application</div>
+                <div className="palette-header">Triggers</div>
                 <button
-                    className="palette-item palette-item-docker"
-                    onClick={() => setShowTemplates(!showTemplates)}
+                    className="palette-item palette-item-trigger"
+                    onClick={() => onAddNode('trigger', { label: 'Manual Trigger', triggerType: 'manual', isActive: true })}
                 >
-                    <Plus size={16} />
-                    <span>From Template</span>
+                    <Play size={16} />
+                    <span>Manual</span>
                 </button>
-                {showTemplates && templates.length > 0 && (
-                    <div className="palette-submenu">
-                        {templates.map((template) => (
-                            <button
-                                key={template.id}
-                                className="palette-subitem"
-                                onClick={() => {
-                                    onAddFromTemplate(template);
-                                    setShowTemplates(false);
-                                }}
-                            >
-                                {template.name}
-                            </button>
-                        ))}
-                    </div>
-                )}
-                {showTemplates && templates.length === 0 && (
-                    <div className="palette-empty">No templates available</div>
-                )}
+                <button
+                    className="palette-item palette-item-trigger"
+                    onClick={() => onAddNode('trigger', { label: 'Scheduled Task', triggerType: 'cron', isActive: true, triggerConfig: { cron: '0 * * * *' } })}
+                >
+                    <Activity size={16} />
+                    <span>Schedule (Cron)</span>
+                </button>
+                <button
+                    className="palette-item palette-item-trigger"
+                    onClick={() => onAddNode('trigger', { label: 'Webhook Trigger', triggerType: 'webhook', isActive: true, triggerConfig: {} })}
+                >
+                    <Globe size={16} />
+                    <span>Webhook</span>
+                </button>
+                <button
+                    className="palette-item palette-item-trigger"
+                    onClick={() => onAddNode('trigger', { label: 'Event Listener', triggerType: 'event', isActive: true, triggerConfig: { eventType: 'health_check_failed' } })}
+                >
+                    <Eye size={16} />
+                    <span>System Event</span>
+                </button>
+            </div>
 
-                {existingApps.length > 0 && (
-                    <>
-                        <button
-                            className="palette-item palette-item-service"
-                            onClick={() => setShowExistingApps(!showExistingApps)}
-                        >
-                            <Server size={16} />
-                            <span>Existing App</span>
-                        </button>
-                        {showExistingApps && (
-                            <div className="palette-submenu">
-                                {existingApps.map((app) => (
-                                    <button
-                                        key={app.id}
-                                        className="palette-subitem"
-                                        onClick={() => {
-                                            onAddExistingApp(app);
-                                            setShowExistingApps(false);
-                                        }}
-                                    >
-                                        {app.name}
-                                        <span className={`status-badge status-${app.status}`}>
-                                            {app.status}
-                                        </span>
-                                    </button>
-                                ))}
-                            </div>
-                        )}
-                    </>
-                )}
+            <div className="palette-section">
+                <div className="palette-header">Actions</div>
+                <button
+                    className="palette-item palette-item-script"
+                    onClick={() => onAddNode('script', { label: 'Run Script', language: 'bash', content: '' })}
+                >
+                    <Terminal size={16} />
+                    <span>Run Script</span>
+                </button>
+                <button
+                    className="palette-item palette-item-notification"
+                    onClick={() => onAddNode('notification', { label: 'Send Notification', channel: 'system', message: '' })}
+                >
+                    <Bell size={16} />
+                    <span>Notification</span>
+                </button>
             </div>
 
             <div className="palette-section">
-                <div className="palette-header">Network</div>
+                <div className="palette-header">Flow Control</div>
                 <button
-                    className="palette-item palette-item-domain"
-                    onClick={() => onAddNode('domain', { name: 'example.com', ssl: 'none', dnsStatus: 'pending' })}
+                    className="palette-item palette-item-logic"
+                    onClick={() => onAddNode('logic_if', { label: 'If/Else', condition: '' })}
                 >
-                    <Globe size={16} />
-                    <span>Domain</span>
+                    <Layout size={16} />
+                    <span>Condition (If/Else)</span>
                 </button>
             </div>
 
             <div className="palette-section palette-section-info">
                 <div className="palette-hint">
-                    Tip: Click "Server Overview" to see all your infrastructure with connections
+                    Add a trigger, connect actions, then save and execute. Press Delete to remove selected nodes.
                 </div>
             </div>
         </div>
@@ -164,6 +167,11 @@ const WorkflowCanvas = () => {
     const [showDeployModal, setShowDeployModal] = useState(false);
     const [deploymentResults, setDeploymentResults] = useState(null);
 
+    // Automation state
+    const [isExecuting, setIsExecuting] = useState(false);
+    const [showHistory, setShowHistory] = useState(false);
+    const [executionId, setExecutionId] = useState(null);
+
     const memoizedNodeTypes = useMemo(() => nodeTypes, []);
     const memoizedEdgeTypes = useMemo(() => edgeTypes, []);
 
@@ -674,6 +682,32 @@ const WorkflowCanvas = () => {
         }
     }, [currentWorkflow, nodes, edges, workflowName, getViewport, setNodes]);
 
+    // Execute workflow
+    const executeWorkflow = useCallback(async () => {
+        if (!currentWorkflow) {
+            setSaveMessage('Save workflow first');
+            setTimeout(() => setSaveMessage(null), 3000);
+            return;
+        }
+
+        setIsExecuting(true);
+        setSaveMessage('Executing...');
+
+        try {
+            const response = await api.executeWorkflow(currentWorkflow.id);
+            setExecutionId(response.execution_id);
+            setSaveMessage('Execution started');
+            setShowHistory(true);
+            setTimeout(() => setSaveMessage(null), 3000);
+        } catch (error) {
+            console.error('Failed to execute workflow:', error);
+            setSaveMessage('Execution failed');
+            setTimeout(() => setSaveMessage(null), 3000);
+        } finally {
+            setIsExecuting(false);
+        }
+    }, [currentWorkflow]);
+
     const onConnect = useCallback(
         (params) => {
             if (checkValidConnection(params, nodes)) {
@@ -750,11 +784,25 @@ const WorkflowCanvas = () => {
         setSelectedEdge(null);
     }, []);
 
+    const handleDeleteNode = useCallback(() => {
+        if (!selectedNode) return;
+        setNodes((nds) => nds.filter((n) => n.id !== selectedNode.id));
+        setEdges((eds) => eds.filter((e) => e.source !== selectedNode.id && e.target !== selectedNode.id));
+        setSelectedNode(null);
+    }, [selectedNode, setNodes, setEdges]);
+
     const handleKeyDown = useCallback((event) => {
-        if ((event.key === 'Delete' || event.key === 'Backspace') && selectedEdge) {
-            deleteEdge(selectedEdge.id);
+        // Don't delete when typing in an input/textarea
+        if (event.target.tagName === 'INPUT' || event.target.tagName === 'TEXTAREA' || event.target.tagName === 'SELECT') return;
+
+        if (event.key === 'Delete' || event.key === 'Backspace') {
+            if (selectedEdge) {
+                deleteEdge(selectedEdge.id);
+            } else if (selectedNode) {
+                handleDeleteNode();
+            }
         }
-    }, [selectedEdge, deleteEdge]);
+    }, [selectedEdge, selectedNode, deleteEdge, handleDeleteNode]);
 
     React.useEffect(() => {
         document.addEventListener('keydown', handleKeyDown);
@@ -785,7 +833,8 @@ const WorkflowCanvas = () => {
         const panelProps = {
             node: selectedNode,
             onChange: handleNodeDataChange,
-            onClose: handlePanelClose
+            onClose: handlePanelClose,
+            onDelete: handleDeleteNode
         };
 
         switch (selectedNode.type) {
@@ -797,6 +846,14 @@ const WorkflowCanvas = () => {
                 return <DomainConfigPanel {...panelProps} />;
             case 'service':
                 return <ServiceConfigPanel {...panelProps} />;
+            case 'trigger':
+                return <TriggerConfigPanel {...panelProps} />;
+            case 'script':
+                return <ScriptConfigPanel {...panelProps} />;
+            case 'notification':
+                return <NotificationConfigPanel {...panelProps} />;
+            case 'logic_if':
+                return <LogicIfConfigPanel {...panelProps} />;
             default:
                 return null;
         }
@@ -818,52 +875,57 @@ const WorkflowCanvas = () => {
                     )}
                 </div>
                 <div className="toolbar-right">
-                    <button
-                        className="toolbar-btn toolbar-btn-overview"
-                        onClick={loadServerOverview}
-                        disabled={isLoading}
-                        title="Load full server infrastructure"
-                    >
-                        <Eye size={16} />
-                        <span>{isLoading ? 'Loading...' : 'Server Overview'}</span>
-                    </button>
                     <button
                         className="toolbar-btn"
                         onClick={newWorkflow}
-                        title="New custom view"
+                        title="New workflow"
                     >
                         <Plus size={16} />
-                        <span>New View</span>
+                        <span>New</span>
                     </button>
                     <button
                         className="toolbar-btn"
                         onClick={() => setShowLoadModal(true)}
-                        title="Load saved view"
+                        title="Load saved workflow"
                     >
                         <FolderOpen size={16} />
                         <span>Load</span>
                     </button>
+                    <div className="toolbar-divider" />
+                    <button
+                        className="toolbar-btn toolbar-btn-execute"
+                        onClick={executeWorkflow}
+                        disabled={isExecuting || !currentWorkflow}
+                        title="Execute workflow"
+                    >
+                        <Play size={16} />
+                        <span>{isExecuting ? 'Running...' : 'Execute'}</span>
+                    </button>
+                    <button
+                        className="toolbar-btn"
+                        onClick={() => setShowHistory(true)}
+                        disabled={!currentWorkflow}
+                        title="Execution history"
+                    >
+                        <Activity size={16} />
+                        <span>History</span>
+                    </button>
+                    <div className="toolbar-divider" />
                     <button
                         className="toolbar-btn toolbar-btn-primary"
                         onClick={saveWorkflow}
                         disabled={isSaving}
-                        title="Save current view"
+                        title="Save workflow"
                     >
                         <Save size={16} />
-                        <span>{isSaving ? 'Saving...' : 'Save View'}</span>
+                        <span>{isSaving ? 'Saving...' : 'Save'}</span>
                     </button>
                 </div>
                 {saveMessage && (
                     <div className="toolbar-message">{saveMessage}</div>
                 )}
             </div>
-            <NodePalette
-                onAddNode={addNode}
-                templates={templates}
-                onAddFromTemplate={addFromTemplate}
-                existingApps={existingAppsNotInView}
-                onAddExistingApp={addExistingApp}
-            />
+            <NodePalette onAddNode={addNode} />
             {connectionError && (
                 <div className="connection-error-toast">
                     {connectionError}
@@ -927,6 +989,12 @@ const WorkflowCanvas = () => {
                     onClose={() => setShowDeployModal(false)}
                 />
             )}
+            {showHistory && (
+                <WorkflowExecutionHistory
+                    workflowId={currentWorkflow?.id}
+                    onClose={() => setShowHistory(false)}
+                />
+            )}
         </div>
     );
 };
diff --git a/frontend/src/pages/Workspaces.jsx b/frontend/src/pages/Workspaces.jsx
new file mode 100644
index 00000000..0a7002f0
--- /dev/null
+++ b/frontend/src/pages/Workspaces.jsx
@@ -0,0 +1,242 @@
+import React, { useState, useEffect, useCallback } from 'react';
+import api from '../services/api';
+import { useToast } from '../contexts/ToastContext';
+import { useAuth } from '../contexts/AuthContext';
+import Spinner from '../components/Spinner';
+import ConfirmDialog from '../components/ConfirmDialog';
+
+const Workspaces = () => {
+    const toast = useToast();
+    const { user } = useAuth();
+    const [workspaces, setWorkspaces] = useState([]);
+    const [loading, setLoading] = useState(true);
+    const [showCreateModal, setShowCreateModal] = useState(false);
+    const [showMembersModal, setShowMembersModal] = useState(null);
+    const [members, setMembers] = useState([]);
+    const [deleteConfirm, setDeleteConfirm] = useState(null);
+    const [allUsers, setAllUsers] = useState([]);
+    const [form, setForm] = useState({ name: '', description: '', max_servers: 0, max_users: 0 });
+
+    const loadWorkspaces = useCallback(async () => {
+        try {
+            const data = await api.getWorkspaces();
+            setWorkspaces(data.workspaces || []);
+        } catch (err) {
+            toast.error('Failed to load workspaces');
+        } finally {
+            setLoading(false);
+        }
+    }, [toast]);
+
+    useEffect(() => { loadWorkspaces(); }, [loadWorkspaces]);
+
+    const handleCreate = async () => {
+        try {
+            await api.createWorkspace(form);
+            toast.success('Workspace created');
+            setShowCreateModal(false);
+            setForm({ name: '', description: '', max_servers: 0, max_users: 0 });
+            loadWorkspaces();
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const handleDelete = async (id) => {
+        try {
+            await api.deleteWorkspace(id);
+            toast.success('Workspace deleted');
+            setDeleteConfirm(null);
+            loadWorkspaces();
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const handleArchive = async (id) => {
+        try {
+            await api.archiveWorkspace(id);
+            toast.success('Workspace archived');
+            loadWorkspaces();
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const loadMembers = async (wsId) => {
+        try {
+            const [mData, uData] = await Promise.all([
+                api.getWorkspaceMembers(wsId),
+                api.getUsers().catch(() => ({ users: [] }))
+            ]);
+            setMembers(mData.members || []);
+            setAllUsers(uData.users || []);
+            setShowMembersModal(wsId);
+        } catch (err) {
+            toast.error('Failed to load members');
+        }
+    };
+
+    const handleAddMember = async (wsId, userId) => {
+        try {
+            await api.addWorkspaceMember(wsId, userId);
+            toast.success('Member added');
+            loadMembers(wsId);
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    const handleRemoveMember = async (memberId) => {
+        try {
+            await api.removeWorkspaceMember(memberId);
+            toast.success('Member removed');
+            if (showMembersModal) loadMembers(showMembersModal);
+        } catch (err) {
+            toast.error(err.message);
+        }
+    };
+
+    if (loading) return <Spinner />;
+
+    return (
+        <div className="workspaces-page">
+            <div className="page-header">
+                <div className="page-header-content">
+                    <h1>Workspaces</h1>
+                    <p className="page-description">{workspaces.length} workspace{workspaces.length !== 1 ? 's' : ''}</p>
+                </div>
+                <div className="page-header-actions">
+                    <button className="btn btn-primary" onClick={() => setShowCreateModal(true)}>
+                        Create Workspace
+                    </button>
+                </div>
+            </div>
+
+            <div className="workspaces-grid">
+                {workspaces.map(ws => (
+                    <div key={ws.id} className="workspace-card card">
+                        <div className="workspace-card__header">
+                            <div className="workspace-card__title">
+                                {ws.primary_color && (
+                                    <span className="workspace-card__color" style={{ backgroundColor: ws.primary_color }} />
+                                )}
+                                <h3>{ws.name}</h3>
+                            </div>
+                            <span className={`badge badge--${ws.status === 'active' ? 'success' : 'warning'}`}>
+                                {ws.status}
+                            </span>
+                        </div>
+                        {ws.description && <p className="workspace-card__desc">{ws.description}</p>}
+                        <div className="workspace-card__meta">
+                            <span>{ws.member_count} member{ws.member_count !== 1 ? 's' : ''}</span>
+                            <span className="text-muted">/{ws.slug}</span>
+                        </div>
+                        {(ws.max_servers > 0 || ws.max_users > 0) && (
+                            <div className="workspace-card__quotas">
+                                {ws.max_servers > 0 && <span>Max {ws.max_servers} servers</span>}
+                                {ws.max_users > 0 && <span>Max {ws.max_users} users</span>}
+                            </div>
+                        )}
+                        <div className="workspace-card__actions">
+                            <button className="btn btn-sm" onClick={() => loadMembers(ws.id)}>Members</button>
+                            {ws.status === 'active' && (
+                                <button className="btn btn-sm btn-warning" onClick={() => handleArchive(ws.id)}>Archive</button>
+                            )}
+                            {user?.is_admin && (
+                                <button className="btn btn-sm btn-danger" onClick={() => setDeleteConfirm(ws)}>Delete</button>
+                            )}
+                        </div>
+                    </div>
+                ))}
+                {workspaces.length === 0 && (
+                    <div className="empty-state">
+                        <p>No workspaces yet. Create one to isolate servers by team or project.</p>
+                    </div>
+                )}
+            </div>
+
+            {showCreateModal && (
+                <div className="modal-overlay" onClick={() => setShowCreateModal(false)}>
+                    <div className="modal" onClick={e => e.stopPropagation()}>
+                        <div className="modal-header">
+                            <h2>Create Workspace</h2>
+                            <button className="modal-close" onClick={() => setShowCreateModal(false)}>&times;</button>
+                        </div>
+                        <div className="modal-body">
+                            <div className="form-group">
+                                <label>Name</label>
+                                <input className="form-input" value={form.name} onChange={e => setForm({...form, name: e.target.value})} placeholder="My Team" />
+                            </div>
+                            <div className="form-group">
+                                <label>Description</label>
+                                <textarea className="form-input" value={form.description} onChange={e => setForm({...form, description: e.target.value})} rows={2} />
+                            </div>
+                            <div className="form-row">
+                                <div className="form-group">
+                                    <label>Max Servers (0 = unlimited)</label>
+                                    <input className="form-input" type="number" value={form.max_servers} onChange={e => setForm({...form, max_servers: parseInt(e.target.value) || 0})} />
+                                </div>
+                                <div className="form-group">
+                                    <label>Max Users (0 = unlimited)</label>
+                                    <input className="form-input" type="number" value={form.max_users} onChange={e => setForm({...form, max_users: parseInt(e.target.value) || 0})} />
+                                </div>
+                            </div>
+                        </div>
+                        <div className="modal-footer">
+                            <button className="btn" onClick={() => setShowCreateModal(false)}>Cancel</button>
+                            <button className="btn btn-primary" onClick={handleCreate} disabled={!form.name}>Create</button>
+                        </div>
+                    </div>
+                </div>
+            )}
+
+            {showMembersModal && (
+                <div className="modal-overlay" onClick={() => setShowMembersModal(null)}>
+                    <div className="modal" onClick={e => e.stopPropagation()}>
+                        <div className="modal-header">
+                            <h2>Workspace Members</h2>
+                            <button className="modal-close" onClick={() => setShowMembersModal(null)}>&times;</button>
+                        </div>
+                        <div className="modal-body">
+                            <div className="members-list">
+                                {members.map(m => (
+                                    <div key={m.id} className="member-row">
+                                        <div>
+                                            <strong>{m.username || m.email}</strong>
+                                            <span className="badge badge--outline ml-2">{m.role}</span>
+                                        </div>
+                                        {m.role !== 'owner' && (
+                                            <button className="btn btn-sm btn-danger" onClick={() => handleRemoveMember(m.id)}>Remove</button>
+                                        )}
+                                    </div>
+                                ))}
+                            </div>
+                            <hr />
+                            <h4>Add Member</h4>
+                            <div className="server-select-list">
+                                {allUsers.filter(u => !members.find(m => m.user_id === u.id)).map(u => (
+                                    <div key={u.id} className="server-select-item" onClick={() => handleAddMember(showMembersModal, u.id)}>
+                                        <span>{u.username || u.email}</span>
+                                    </div>
+                                ))}
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            )}
+
+            {deleteConfirm && (
+                <ConfirmDialog
+                    title="Delete Workspace"
+                    message={`Delete "${deleteConfirm.name}"? All data will be lost.`}
+                    onConfirm={() => handleDelete(deleteConfirm.id)}
+                    onCancel={() => setDeleteConfirm(null)}
+                    variant="danger"
+                />
+            )}
+        </div>
+    );
+};
+
+export default Workspaces;
diff --git a/frontend/src/services/api.js b/frontend/src/services/api.js
index 3b6ccf18..bad4bbc2 100644
--- a/frontend/src/services/api.js
+++ b/frontend/src/services/api.js
@@ -1,3201 +1,2 @@
-// Use relative URL in production (served from Flask), absolute in development
-const API_BASE_URL = import.meta.env.VITE_API_URL ||
-    (import.meta.env.PROD ? '/api/v1' : 'http://localhost:5000/api/v1');
-
-class ApiService {
-    constructor() {
-        this.baseUrl = API_BASE_URL;
-    }
-
-    getToken() {
-        return localStorage.getItem('access_token');
-    }
-
-    setTokens(accessToken, refreshToken) {
-        localStorage.setItem('access_token', accessToken);
-        localStorage.setItem('refresh_token', refreshToken);
-    }
-
-    clearTokens() {
-        localStorage.removeItem('access_token');
-        localStorage.removeItem('refresh_token');
-    }
-
-    async request(endpoint, options = {}) {
-        const url = `${this.baseUrl}${endpoint}`;
-        const token = this.getToken();
-
-        const config = {
-            headers: {
-                'Content-Type': 'application/json',
-                ...(token && { Authorization: `Bearer ${token}` }),
-                ...options.headers,
-            },
-            ...options,
-        };
-
-        if (options.body && typeof options.body === 'object') {
-            config.body = JSON.stringify(options.body);
-        }
-
-        try {
-            const response = await fetch(url, config);
-
-            if (response.status === 401) {
-                const refreshed = await this.refreshToken();
-                if (refreshed) {
-                    config.headers.Authorization = `Bearer ${this.getToken()}`;
-                    const retryResponse = await fetch(url, config);
-                    return this.handleResponse(retryResponse);
-                }
-                this.clearTokens();
-                window.location.href = '/login';
-                throw new Error('Session expired');
-            }
-
-            return this.handleResponse(response);
-        } catch (error) {
-            console.error('API Error:', error);
-            throw error;
-        }
-    }
-
-    async handleResponse(response) {
-        const data = await response.json();
-        if (!response.ok) {
-            throw new Error(data.error || 'Request failed');
-        }
-        return data;
-    }
-
-    async refreshToken() {
-        const refreshToken = localStorage.getItem('refresh_token');
-        if (!refreshToken) return false;
-
-        try {
-            const response = await fetch(`${this.baseUrl}/auth/refresh`, {
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                    Authorization: `Bearer ${refreshToken}`,
-                },
-            });
-
-            if (response.ok) {
-                const data = await response.json();
-                localStorage.setItem('access_token', data.access_token);
-                return true;
-            }
-            return false;
-        } catch {
-            return false;
-        }
-    }
-
-    // Auth endpoints
-    async getSetupStatus() {
-        return this.request('/auth/setup-status');
-    }
-
-    async login(email, password) {
-        const data = await this.request('/auth/login', {
-            method: 'POST',
-            body: { email, password },
-        });
-        this.setTokens(data.access_token, data.refresh_token);
-        return data;
-    }
-
-    async register(email, username, password, inviteToken) {
-        const body = { email, username, password };
-        if (inviteToken) body.invite_token = inviteToken;
-        const data = await this.request('/auth/register', {
-            method: 'POST',
-            body,
-        });
-        this.setTokens(data.access_token, data.refresh_token);
-        return data;
-    }
-
-    async completeOnboarding(useCases) {
-        return this.request('/auth/complete-onboarding', {
-            method: 'POST',
-            body: { use_cases: useCases },
-        });
-    }
-
-    async logout() {
-        this.clearTokens();
-    }
-
-    async getCurrentUser() {
-        return this.request('/auth/me');
-    }
-
-    async updateCurrentUser(data) {
-        return this.request('/auth/me', {
-            method: 'PUT',
-            body: data
-        });
-    }
-
-    // ========================================
-    // Admin - User Management endpoints
-    // ========================================
-    async getUsers() {
-        return this.request('/admin/users');
-    }
-
-    async getUser(userId) {
-        return this.request(`/admin/users/${userId}`);
-    }
-
-    async createUser(userData) {
-        return this.request('/admin/users', {
-            method: 'POST',
-            body: userData
-        });
-    }
-
-    async updateUser(userId, userData) {
-        return this.request(`/admin/users/${userId}`, {
-            method: 'PUT',
-            body: userData
-        });
-    }
-
-    async deleteUser(userId) {
-        return this.request(`/admin/users/${userId}`, {
-            method: 'DELETE'
-        });
-    }
-
-    // ========================================
-    // Admin - Audit Log endpoints
-    // ========================================
-    async getAuditLogs(params = {}) {
-        const searchParams = new URLSearchParams();
-        if (params.page) searchParams.append('page', params.page);
-        if (params.per_page) searchParams.append('per_page', params.per_page);
-        if (params.action) searchParams.append('action', params.action);
-        if (params.user_id) searchParams.append('user_id', params.user_id);
-        if (params.target_type) searchParams.append('target_type', params.target_type);
-        const query = searchParams.toString();
-        return this.request(`/admin/audit-logs${query ? '?' + query : ''}`);
-    }
-
-    async getAuditLogActions() {
-        return this.request('/admin/audit-logs/actions');
-    }
-
-    // ========================================
-    // Admin - System Settings endpoints
-    // ========================================
-    async getSystemSettings() {
-        const data = await this.request('/admin/settings');
-        const result = {};
-        if (data.settings && Array.isArray(data.settings)) {
-            for (const setting of data.settings) {
-                result[setting.key] = setting.value;
-            }
-        }
-        return result;
-    }
-
-    async updateSystemSettings(settings) {
-        return this.request('/admin/settings', {
-            method: 'PUT',
-            body: settings
-        });
-    }
-
-    async getSystemSetting(key) {
-        return this.request(`/admin/settings/${key}`);
-    }
-
-    async updateSystemSetting(key, value) {
-        return this.request(`/admin/settings/${key}`, {
-            method: 'PUT',
-            body: { value }
-        });
-    }
-
-    async getAdminStats() {
-        return this.request('/admin/stats');
-    }
-
-    // Apps endpoints
-    async getApps() {
-        return this.request('/apps');
-    }
-
-    async getApp(id) {
-        return this.request(`/apps/${id}`);
-    }
-
-    async createApp(appData) {
-        return this.request('/apps', {
-            method: 'POST',
-            body: appData,
-        });
-    }
-
-    async updateApp(id, appData) {
-        return this.request(`/apps/${id}`, {
-            method: 'PUT',
-            body: appData,
-        });
-    }
-
-    async deleteApp(id) {
-        return this.request(`/apps/${id}`, {
-            method: 'DELETE',
-        });
-    }
-
-    async startApp(id) {
-        return this.request(`/apps/${id}/start`, { method: 'POST' });
-    }
-
-    async stopApp(id) {
-        return this.request(`/apps/${id}/stop`, { method: 'POST' });
-    }
-
-    async restartApp(id) {
-        return this.request(`/apps/${id}/restart`, { method: 'POST' });
-    }
-
-    // App linking endpoints
-    async linkApp(appId, targetAppId, asEnvironment, options = {}) {
-        return this.request(`/apps/${appId}/link`, {
-            method: 'POST',
-            body: {
-                target_app_id: targetAppId,
-                as_environment: asEnvironment,
-                propagate_credentials: options.propagateCredentials !== false,
-                table_prefix: options.tablePrefix
-            }
-        });
-    }
-
-    async getLinkedApps(appId) {
-        return this.request(`/apps/${appId}/linked`);
-    }
-
-    async unlinkApp(appId) {
-        return this.request(`/apps/${appId}/link`, {
-            method: 'DELETE'
-        });
-    }
-
-    async updateAppEnvironment(appId, environmentType) {
-        return this.request(`/apps/${appId}/environment`, {
-            method: 'PUT',
-            body: { environment_type: environmentType }
-        });
-    }
-
-    // Domains endpoints
-    async getDomains() {
-        return this.request('/domains');
-    }
-
-    async getDomain(id) {
-        return this.request(`/domains/${id}`);
-    }
-
-    async createDomain(domainData) {
-        return this.request('/domains', {
-            method: 'POST',
-            body: domainData,
-        });
-    }
-
-    async updateDomain(id, domainData) {
-        return this.request(`/domains/${id}`, {
-            method: 'PUT',
-            body: domainData,
-        });
-    }
-
-    async deleteDomain(id) {
-        return this.request(`/domains/${id}`, {
-            method: 'DELETE',
-        });
-    }
-
-    async enableSsl(domainId, email) {
-        return this.request(`/domains/${domainId}/ssl/enable`, {
-            method: 'POST',
-            body: { email }
-        });
-    }
-
-    async disableSsl(domainId) {
-        return this.request(`/domains/${domainId}/ssl/disable`, { method: 'POST' });
-    }
-
-    async renewDomainSsl(domainId) {
-        return this.request(`/domains/${domainId}/ssl/renew`, { method: 'POST' });
-    }
-
-    async verifyDomain(domainId) {
-        return this.request(`/domains/${domainId}/verify`);
-    }
-
-    async getDomainsNginxSites() {
-        return this.request('/domains/nginx/sites');
-    }
-
-    async getDomainsSslStatus() {
-        return this.request('/domains/ssl/status');
-    }
-
-    // System endpoints
-    async getSystemMetrics() {
-        return this.request('/system/metrics');
-    }
-
-    async getSystemInfo() {
-        return this.request('/system/info');
-    }
-
-    async getServerTime() {
-        return this.request('/system/time');
-    }
-
-    async getTimezones() {
-        return this.request('/system/timezones');
-    }
-
-    async setTimezone(timezone) {
-        return this.request('/system/timezone', {
-            method: 'PUT',
-            body: { timezone }
-        });
-    }
-
-    async getVersion() {
-        return this.request('/system/version');
-    }
-
-    async checkUpdate() {
-        return this.request('/system/check-update');
-    }
-
-    async getProcesses() {
-        return this.request('/system/processes');
-    }
-
-    async getServices() {
-        return this.request('/system/services');
-    }
-
-    async healthCheck() {
-        return this.request('/system/health');
-    }
-
-    // Process endpoints
-    async getProcesses(limit = 50, sortBy = 'cpu') {
-        return this.request(`/processes?limit=${limit}&sort=${sortBy}`);
-    }
-
-    async getProcess(pid) {
-        return this.request(`/processes/${pid}`);
-    }
-
-    async killProcess(pid, force = false) {
-        return this.request(`/processes/${pid}?force=${force}`, { method: 'DELETE' });
-    }
-
-    async getServicesStatus() {
-        return this.request('/processes/services');
-    }
-
-    async controlService(serviceName, action) {
-        return this.request(`/processes/services/${serviceName}`, {
-            method: 'POST',
-            body: { action }
-        });
-    }
-
-    // Nginx endpoints
-    async getNginxStatus() {
-        return this.request('/nginx/status');
-    }
-
-    async testNginxConfig() {
-        return this.request('/nginx/test', { method: 'POST' });
-    }
-
-    async reloadNginx() {
-        return this.request('/nginx/reload', { method: 'POST' });
-    }
-
-    async getNginxSites() {
-        return this.request('/nginx/sites');
-    }
-
-    async createNginxSite(siteData) {
-        return this.request('/nginx/sites', {
-            method: 'POST',
-            body: siteData
-        });
-    }
-
-    async enableNginxSite(name) {
-        return this.request(`/nginx/sites/${name}/enable`, { method: 'POST' });
-    }
-
-    async disableNginxSite(name) {
-        return this.request(`/nginx/sites/${name}/disable`, { method: 'POST' });
-    }
-
-    async deleteNginxSite(name) {
-        return this.request(`/nginx/sites/${name}`, { method: 'DELETE' });
-    }
-
-    // SSL endpoints
-    async getSSLStatus() {
-        return this.request('/ssl/status');
-    }
-
-    async getCertificates() {
-        return this.request('/ssl/certificates');
-    }
-
-    async obtainCertificate(data) {
-        return this.request('/ssl/certificates', {
-            method: 'POST',
-            body: data
-        });
-    }
-
-    async renewCertificate(domain) {
-        return this.request(`/ssl/certificates/${domain}/renew`, { method: 'POST' });
-    }
-
-    async renewAllCertificates() {
-        return this.request('/ssl/certificates/renew-all', { method: 'POST' });
-    }
-
-    async revokeCertificate(domain) {
-        return this.request(`/ssl/certificates/${domain}`, { method: 'DELETE' });
-    }
-
-    async setupAutoRenewal() {
-        return this.request('/ssl/auto-renewal', { method: 'POST' });
-    }
-
-    async installCertbot() {
-        return this.request('/ssl/install-certbot', { method: 'POST' });
-    }
-
-    // Log endpoints
-    async getLogFiles() {
-        return this.request('/logs');
-    }
-
-    async readLog(filepath, lines = 100) {
-        return this.request(`/logs/read?path=${encodeURIComponent(filepath)}&lines=${lines}`);
-    }
-
-    async searchLog(filepath, pattern, lines = 100) {
-        return this.request(`/logs/search?path=${encodeURIComponent(filepath)}&pattern=${encodeURIComponent(pattern)}&lines=${lines}`);
-    }
-
-    async getAppLogs(appName, type = 'access', lines = 100) {
-        return this.request(`/logs/app/${appName}?type=${type}&lines=${lines}`);
-    }
-
-    async getJournalLogs(unit, lines = 100) {
-        const params = new URLSearchParams({ lines });
-        if (unit) params.append('unit', unit);
-        return this.request(`/logs/journal?${params}`);
-    }
-
-    async clearLog(filepath) {
-        return this.request('/logs/clear', {
-            method: 'POST',
-            body: { path: filepath }
-        });
-    }
-
-    // PHP endpoints
-    async getPHPVersions() {
-        return this.request('/php/versions');
-    }
-
-    async installPHPVersion(version) {
-        return this.request(`/php/versions/${version}/install`, { method: 'POST' });
-    }
-
-    async setDefaultPHPVersion(version) {
-        return this.request('/php/versions/default', {
-            method: 'POST',
-            body: { version }
-        });
-    }
-
-    async getPHPExtensions(version) {
-        return this.request(`/php/versions/${version}/extensions`);
-    }
-
-    async installPHPExtension(version, extension) {
-        return this.request(`/php/versions/${version}/extensions`, {
-            method: 'POST',
-            body: { extension }
-        });
-    }
-
-    async getPHPPools(version) {
-        return this.request(`/php/versions/${version}/pools`);
-    }
-
-    async createPHPPool(version, poolData) {
-        return this.request(`/php/versions/${version}/pools`, {
-            method: 'POST',
-            body: poolData
-        });
-    }
-
-    async deletePHPPool(version, poolName) {
-        return this.request(`/php/versions/${version}/pools/${poolName}`, { method: 'DELETE' });
-    }
-
-    async restartPHPFPM(version) {
-        return this.request(`/php/versions/${version}/fpm/restart`, { method: 'POST' });
-    }
-
-    async getPHPFPMStatus(version) {
-        return this.request(`/php/versions/${version}/fpm/status`);
-    }
-
-    // WordPress: Use dedicated wordpress.js service instead
-
-    // Python endpoints
-    async getPythonVersions() {
-        return this.request('/python/versions');
-    }
-
-    async createFlaskApp(data) {
-        return this.request('/python/apps/flask', {
-            method: 'POST',
-            body: data
-        });
-    }
-
-    async createDjangoApp(data) {
-        return this.request('/python/apps/django', {
-            method: 'POST',
-            body: data
-        });
-    }
-
-    async createPythonVenv(appId) {
-        return this.request(`/python/apps/${appId}/venv`, { method: 'POST' });
-    }
-
-    async getPythonPackages(appId) {
-        return this.request(`/python/apps/${appId}/packages`);
-    }
-
-    async installPythonPackages(appId, packages) {
-        return this.request(`/python/apps/${appId}/packages`, {
-            method: 'POST',
-            body: { packages }
-        });
-    }
-
-    async freezePythonRequirements(appId) {
-        return this.request(`/python/apps/${appId}/requirements`, { method: 'POST' });
-    }
-
-    async getPythonEnvVars(appId) {
-        return this.request(`/python/apps/${appId}/env`);
-    }
-
-    async setPythonEnvVars(appId, envVars) {
-        return this.request(`/python/apps/${appId}/env`, {
-            method: 'PUT',
-            body: { env_vars: envVars }
-        });
-    }
-
-    async deletePythonEnvVar(appId, key) {
-        return this.request(`/python/apps/${appId}/env/${key}`, { method: 'DELETE' });
-    }
-
-    async startPythonApp(appId) {
-        return this.request(`/python/apps/${appId}/start`, { method: 'POST' });
-    }
-
-    async stopPythonApp(appId) {
-        return this.request(`/python/apps/${appId}/stop`, { method: 'POST' });
-    }
-
-    async restartPythonApp(appId) {
-        return this.request(`/python/apps/${appId}/restart`, { method: 'POST' });
-    }
-
-    async getPythonAppStatus(appId) {
-        return this.request(`/python/apps/${appId}/status`);
-    }
-
-    async getGunicornConfig(appId) {
-        return this.request(`/python/apps/${appId}/gunicorn`);
-    }
-
-    async updateGunicornConfig(appId, content) {
-        return this.request(`/python/apps/${appId}/gunicorn`, {
-            method: 'PUT',
-            body: { content }
-        });
-    }
-
-    async runPythonMigrations(appId) {
-        return this.request(`/python/apps/${appId}/migrate`, { method: 'POST' });
-    }
-
-    async collectPythonStatic(appId) {
-        return this.request(`/python/apps/${appId}/collectstatic`, { method: 'POST' });
-    }
-
-    async runPythonCommand(appId, command) {
-        return this.request(`/python/apps/${appId}/run`, {
-            method: 'POST',
-            body: { command }
-        });
-    }
-
-    async deletePythonApp(appId, removeFiles = false) {
-        return this.request(`/python/apps/${appId}`, {
-            method: 'DELETE',
-            body: { remove_files: removeFiles }
-        });
-    }
-
-    // Docker endpoints
-    async getDockerStatus() {
-        return this.request('/docker/status');
-    }
-
-    async getDockerInfo() {
-        return this.request('/docker/info');
-    }
-
-    async getDockerDiskUsage() {
-        return this.request('/docker/disk-usage');
-    }
-
-    // Containers
-    async getContainers(all = true) {
-        return this.request(`/docker/containers?all=${all}`);
-    }
-
-    async getContainer(containerId) {
-        return this.request(`/docker/containers/${containerId}`);
-    }
-
-    async createContainer(data) {
-        return this.request('/docker/containers', {
-            method: 'POST',
-            body: data
-        });
-    }
-
-    async runContainer(data) {
-        return this.request('/docker/containers/run', {
-            method: 'POST',
-            body: data
-        });
-    }
-
-    async startContainer(containerId) {
-        return this.request(`/docker/containers/${containerId}/start`, { method: 'POST' });
-    }
-
-    async stopContainer(containerId, timeout = 10) {
-        return this.request(`/docker/containers/${containerId}/stop`, {
-            method: 'POST',
-            body: { timeout }
-        });
-    }
-
-    async restartContainer(containerId, timeout = 10) {
-        return this.request(`/docker/containers/${containerId}/restart`, {
-            method: 'POST',
-            body: { timeout }
-        });
-    }
-
-    async removeContainer(containerId, force = false, volumes = false) {
-        return this.request(`/docker/containers/${containerId}`, {
-            method: 'DELETE',
-            body: { force, volumes }
-        });
-    }
-
-    async getContainerLogs(containerId, tail = 100, since = null) {
-        const params = new URLSearchParams({ tail });
-        if (since) params.append('since', since);
-        return this.request(`/docker/containers/${containerId}/logs?${params}`);
-    }
-
-    async getContainerStats(containerId) {
-        return this.request(`/docker/containers/${containerId}/stats`);
-    }
-
-    async execContainer(containerId, command) {
-        return this.request(`/docker/containers/${containerId}/exec`, {
-            method: 'POST',
-            body: { command }
-        });
-    }
-
-    // Images
-    async getImages() {
-        return this.request('/docker/images');
-    }
-
-    async pullImage(image, tag = 'latest') {
-        return this.request('/docker/images/pull', {
-            method: 'POST',
-            body: { image, tag }
-        });
-    }
-
-    async removeImage(imageId, force = false) {
-        return this.request(`/docker/images/${imageId}`, {
-            method: 'DELETE',
-            body: { force }
-        });
-    }
-
-    async buildImage(path, tag, dockerfile = 'Dockerfile', noCache = false) {
-        return this.request('/docker/images/build', {
-            method: 'POST',
-            body: { path, tag, dockerfile, no_cache: noCache }
-        });
-    }
-
-    // Networks
-    async getNetworks() {
-        return this.request('/docker/networks');
-    }
-
-    async createNetwork(name, driver = 'bridge') {
-        return this.request('/docker/networks', {
-            method: 'POST',
-            body: { name, driver }
-        });
-    }
-
-    async removeNetwork(networkId) {
-        return this.request(`/docker/networks/${networkId}`, { method: 'DELETE' });
-    }
-
-    // Volumes
-    async getVolumes() {
-        return this.request('/docker/volumes');
-    }
-
-    async createVolume(name, driver = 'local') {
-        return this.request('/docker/volumes', {
-            method: 'POST',
-            body: { name, driver }
-        });
-    }
-
-    async removeVolume(volumeName, force = false) {
-        return this.request(`/docker/volumes/${volumeName}`, {
-            method: 'DELETE',
-            body: { force }
-        });
-    }
-
-    // Docker Compose
-    async composeUp(path, detach = true, build = false) {
-        return this.request('/docker/compose/up', {
-            method: 'POST',
-            body: { path, detach, build }
-        });
-    }
-
-    async composeDown(path, volumes = false, removeOrphans = true) {
-        return this.request('/docker/compose/down', {
-            method: 'POST',
-            body: { path, volumes, remove_orphans: removeOrphans }
-        });
-    }
-
-    async composePs(path) {
-        return this.request('/docker/compose/ps', {
-            method: 'POST',
-            body: { path }
-        });
-    }
-
-    async composeLogs(path, service = null, tail = 100) {
-        return this.request('/docker/compose/logs', {
-            method: 'POST',
-            body: { path, service, tail }
-        });
-    }
-
-    async composeRestart(path, service = null) {
-        return this.request('/docker/compose/restart', {
-            method: 'POST',
-            body: { path, service }
-        });
-    }
-
-    async composePull(path, service = null) {
-        return this.request('/docker/compose/pull', {
-            method: 'POST',
-            body: { path, service }
-        });
-    }
-
-    // Docker App
-    async createDockerApp(data) {
-        return this.request('/docker/apps', {
-            method: 'POST',
-            body: data
-        });
-    }
-
-    async pruneDocker(all = false, volumes = false) {
-        return this.request('/docker/prune', {
-            method: 'POST',
-            body: { all, volumes }
-        });
-    }
-
-    async dockerCleanup(includeVolumes = false) {
-        return this.request('/docker/cleanup', {
-            method: 'POST',
-            body: { volumes: includeVolumes }
-        });
-    }
-
-    async cleanupAllApps() {
-        return this.request('/docker/cleanup/apps', {
-            method: 'POST'
-        });
-    }
-
-    // Database endpoints
-    async getDatabaseStatus() {
-        return this.request('/databases/status');
-    }
-
-    // MySQL
-    async getMySQLDatabases(rootPassword = null) {
-        const params = rootPassword ? `?root_password=${encodeURIComponent(rootPassword)}` : '';
-        return this.request(`/databases/mysql${params}`);
-    }
-
-    async createMySQLDatabase(data) {
-        return this.request('/databases/mysql', {
-            method: 'POST',
-            body: data
-        });
-    }
-
-    async dropMySQLDatabase(name, rootPassword = null) {
-        return this.request(`/databases/mysql/${name}`, {
-            method: 'DELETE',
-            body: { root_password: rootPassword }
-        });
-    }
-
-    async getMySQLTables(database, rootPassword = null) {
-        const params = rootPassword ? `?root_password=${encodeURIComponent(rootPassword)}` : '';
-        return this.request(`/databases/mysql/${database}/tables${params}`);
-    }
-
-    async backupMySQLDatabase(database, rootPassword = null) {
-        return this.request(`/databases/mysql/${database}/backup`, {
-            method: 'POST',
-            body: { root_password: rootPassword }
-        });
-    }
-
-    async restoreMySQLDatabase(database, backupPath, rootPassword = null) {
-        return this.request(`/databases/mysql/${database}/restore`, {
-            method: 'POST',
-            body: { backup_path: backupPath, root_password: rootPassword }
-        });
-    }
-
-    async getMySQLUsers(rootPassword = null) {
-        const params = rootPassword ? `?root_password=${encodeURIComponent(rootPassword)}` : '';
-        return this.request(`/databases/mysql/users${params}`);
-    }
-
-    async createMySQLUser(data) {
-        return this.request('/databases/mysql/users', {
-            method: 'POST',
-            body: data
-        });
-    }
-
-    async dropMySQLUser(username, host = 'localhost', rootPassword = null) {
-        return this.request(`/databases/mysql/users/${username}`, {
-            method: 'DELETE',
-            body: { host, root_password: rootPassword }
-        });
-    }
-
-    async grantMySQLPrivileges(username, database, privileges = 'ALL', host = 'localhost', rootPassword = null) {
-        return this.request(`/databases/mysql/users/${username}/grant`, {
-            method: 'POST',
-            body: { database, privileges, host, root_password: rootPassword }
-        });
-    }
-
-    // PostgreSQL
-    async getPostgreSQLDatabases() {
-        return this.request('/databases/postgresql');
-    }
-
-    async createPostgreSQLDatabase(data) {
-        return this.request('/databases/postgresql', {
-            method: 'POST',
-            body: data
-        });
-    }
-
-    async dropPostgreSQLDatabase(name) {
-        return this.request(`/databases/postgresql/${name}`, { method: 'DELETE' });
-    }
-
-    async getPostgreSQLTables(database) {
-        return this.request(`/databases/postgresql/${database}/tables`);
-    }
-
-    async backupPostgreSQLDatabase(database) {
-        return this.request(`/databases/postgresql/${database}/backup`, { method: 'POST' });
-    }
-
-    async restorePostgreSQLDatabase(database, backupPath) {
-        return this.request(`/databases/postgresql/${database}/restore`, {
-            method: 'POST',
-            body: { backup_path: backupPath }
-        });
-    }
-
-    async getPostgreSQLUsers() {
-        return this.request('/databases/postgresql/users');
-    }
-
-    async createPostgreSQLUser(data) {
-        return this.request('/databases/postgresql/users', {
-            method: 'POST',
-            body: data
-        });
-    }
-
-    async dropPostgreSQLUser(username) {
-        return this.request(`/databases/postgresql/users/${username}`, { method: 'DELETE' });
-    }
-
-    async grantPostgreSQLPrivileges(username, database, privileges = 'ALL') {
-        return this.request(`/databases/postgresql/users/${username}/grant`, {
-            method: 'POST',
-            body: { database, privileges }
-        });
-    }
-
-    // Backups
-    async getDatabaseBackups(type = null) {
-        const params = type ? `?type=${type}` : '';
-        return this.request(`/databases/backups${params}`);
-    }
-
-    async deleteDatabaseBackup(filename) {
-        return this.request(`/databases/backups/${filename}`, { method: 'DELETE' });
-    }
-
-    async generateDatabasePassword(length = 16) {
-        return this.request(`/databases/generate-password?length=${length}`);
-    }
-
-    // Query Execution
-    async executeMySQLQuery(database, query, readonly = true) {
-        return this.request(`/databases/mysql/${database}/query`, {
-            method: 'POST',
-            body: { query, readonly }
-        });
-    }
-
-    async executePostgreSQLQuery(database, query, readonly = true) {
-        return this.request(`/databases/postgresql/${database}/query`, {
-            method: 'POST',
-            body: { query, readonly }
-        });
-    }
-
-    async executeSQLiteQuery(path, query, readonly = true) {
-        return this.request('/databases/sqlite/query', {
-            method: 'POST',
-            body: { path, query, readonly }
-        });
-    }
-
-    async getMySQLTableStructure(database, table) {
-        return this.request(`/databases/mysql/${database}/tables/${table}/structure`);
-    }
-
-    async getPostgreSQLTableStructure(database, table) {
-        return this.request(`/databases/postgresql/${database}/tables/${table}/structure`);
-    }
-
-    async getSQLiteTableStructure(path, table) {
-        return this.request(`/databases/sqlite/tables/${table}/structure?path=${encodeURIComponent(path)}`);
-    }
-
-    async getSQLiteDatabases() {
-        return this.request('/databases/sqlite');
-    }
-
-    async getSQLiteTables(path) {
-        return this.request(`/databases/sqlite/tables?path=${encodeURIComponent(path)}`);
-    }
-
-    // Docker Container Databases
-    async getDockerDatabases() {
-        return this.request('/databases/docker');
-    }
-
-    async getAppDatabases(appId) {
-        return this.request(`/databases/docker/app/${appId}`);
-    }
-
-    async getDockerContainerDatabases(container, password = null) {
-        const headers = password ? { 'X-DB-Password': password } : {};
-        return this.request(`/databases/docker/${container}/databases`, { headers });
-    }
-
-    async getDockerDatabaseTables(container, database, password = null) {
-        const headers = password ? { 'X-DB-Password': password } : {};
-        return this.request(`/databases/docker/${container}/${database}/tables`, { headers });
-    }
-
-    async executeDockerQuery(container, database, query, password = null, readonly = true) {
-        const headers = password ? { 'X-DB-Password': password } : {};
-        return this.request(`/databases/docker/${container}/${database}/query`, {
-            method: 'POST',
-            body: { query, readonly, password },
-            headers
-        });
-    }
-
-    // Docker App Logs and Status
-    async getDockerAppLogs(appId, lines = 100) {
-        return this.request(`/apps/${appId}/logs?lines=${lines}`);
-    }
-
-    async getDockerAppStatus(appId) {
-        return this.request(`/apps/${appId}/status`);
-    }
-
-    // ========================================
-    // Monitoring & Alerts endpoints
-    // ========================================
-    async getMonitoringStatus() {
-        return this.request('/monitoring/status');
-    }
-
-    async getMonitoringMetrics() {
-        return this.request('/monitoring/metrics');
-    }
-
-    async checkAlerts() {
-        return this.request('/monitoring/alerts/check');
-    }
-
-    async getAlertHistory(limit = 100) {
-        return this.request(`/monitoring/alerts/history?limit=${limit}`);
-    }
-
-    async getMonitoringConfig() {
-        return this.request('/monitoring/config');
-    }
-
-    async updateMonitoringConfig(config) {
-        return this.request('/monitoring/config', {
-            method: 'PUT',
-            body: config
-        });
-    }
-
-    async getMonitoringThresholds() {
-        return this.request('/monitoring/thresholds');
-    }
-
-    async updateMonitoringThresholds(thresholds) {
-        return this.request('/monitoring/thresholds', {
-            method: 'PUT',
-            body: thresholds
-        });
-    }
-
-    async startMonitoring() {
-        return this.request('/monitoring/start', { method: 'POST' });
-    }
-
-    async stopMonitoring() {
-        return this.request('/monitoring/stop', { method: 'POST' });
-    }
-
-    async testEmailAlert(email) {
-        return this.request('/monitoring/test/email', {
-            method: 'POST',
-            body: { email }
-        });
-    }
-
-    async testWebhookAlert(webhookUrl) {
-        return this.request('/monitoring/test/webhook', {
-            method: 'POST',
-            body: { webhook_url: webhookUrl }
-        });
-    }
-
-    // ========================================
-    // Backup System endpoints
-    // ========================================
-    async getBackups(type = null) {
-        const params = type ? `?type=${type}` : '';
-        return this.request(`/backups${params}`);
-    }
-
-    async getBackupStats() {
-        return this.request('/backups/stats');
-    }
-
-    async getBackupConfig() {
-        return this.request('/backups/config');
-    }
-
-    async updateBackupConfig(config) {
-        return this.request('/backups/config', {
-            method: 'PUT',
-            body: config
-        });
-    }
-
-    async backupApplication(applicationId, includeDb = false, dbConfig = null) {
-        return this.request('/backups/application', {
-            method: 'POST',
-            body: {
-                application_id: applicationId,
-                include_db: includeDb,
-                db_config: dbConfig
-            }
-        });
-    }
-
-    async backupDatabase(dbType, dbName, user = null, password = null, host = 'localhost') {
-        return this.request('/backups/database', {
-            method: 'POST',
-            body: { db_type: dbType, db_name: dbName, user, password, host }
-        });
-    }
-
-    async restoreApplication(backupPath, restorePath = null) {
-        return this.request('/backups/restore/application', {
-            method: 'POST',
-            body: { backup_path: backupPath, restore_path: restorePath }
-        });
-    }
-
-    async restoreDatabase(backupPath, dbType, dbName, user = null, password = null, host = 'localhost') {
-        return this.request('/backups/restore/database', {
-            method: 'POST',
-            body: { backup_path: backupPath, db_type: dbType, db_name: dbName, user, password, host }
-        });
-    }
-
-    async deleteBackup(backupPath) {
-        return this.request(`/backups/${encodeURIComponent(backupPath)}`, { method: 'DELETE' });
-    }
-
-    async cleanupBackups(retentionDays = null) {
-        return this.request('/backups/cleanup', {
-            method: 'POST',
-            body: retentionDays ? { retention_days: retentionDays } : {}
-        });
-    }
-
-    async getBackupSchedules() {
-        return this.request('/backups/schedules');
-    }
-
-    async addBackupSchedule(name, backupType, target, scheduleTime, days = null, uploadRemote = false) {
-        return this.request('/backups/schedules', {
-            method: 'POST',
-            body: { name, backup_type: backupType, target, schedule_time: scheduleTime, days, upload_remote: uploadRemote }
-        });
-    }
-
-    async updateBackupSchedule(scheduleId, updates) {
-        return this.request(`/backups/schedules/${scheduleId}`, {
-            method: 'PUT',
-            body: updates
-        });
-    }
-
-    async removeBackupSchedule(scheduleId) {
-        return this.request(`/backups/schedules/${scheduleId}`, { method: 'DELETE' });
-    }
-
-    async backupFiles(filePaths, name = null) {
-        return this.request('/backups/files', {
-            method: 'POST',
-            body: { paths: filePaths, name }
-        });
-    }
-
-    // Remote Storage
-    async getStorageConfig() {
-        return this.request('/backups/storage');
-    }
-
-    async updateStorageConfig(config) {
-        return this.request('/backups/storage', {
-            method: 'PUT',
-            body: config
-        });
-    }
-
-    async testStorageConnection(config = null) {
-        return this.request('/backups/storage/test', {
-            method: 'POST',
-            body: config || {}
-        });
-    }
-
-    async uploadBackupToRemote(backupPath) {
-        return this.request('/backups/upload', {
-            method: 'POST',
-            body: { backup_path: backupPath }
-        });
-    }
-
-    async verifyRemoteBackup(remoteKey, localPath) {
-        return this.request('/backups/verify', {
-            method: 'POST',
-            body: { remote_key: remoteKey, local_path: localPath }
-        });
-    }
-
-    async listRemoteBackups(prefix = null) {
-        const params = prefix ? `?prefix=${encodeURIComponent(prefix)}` : '';
-        return this.request(`/backups/remote${params}`);
-    }
-
-    async downloadRemoteBackup(remoteKey, localPath = null) {
-        return this.request('/backups/remote/download', {
-            method: 'POST',
-            body: { remote_key: remoteKey, local_path: localPath }
-        });
-    }
-
-    // ========================================
-    // Git Deployment endpoints
-    // ========================================
-    async getDeployConfig(appId) {
-        return this.request(`/deploy/apps/${appId}/config`);
-    }
-
-    async configureDeployment(appId, repoUrl, branch = 'main', autoDeploy = true, preDeployScript = null, postDeployScript = null) {
-        return this.request(`/deploy/apps/${appId}/config`, {
-            method: 'POST',
-            body: {
-                repo_url: repoUrl,
-                branch,
-                auto_deploy: autoDeploy,
-                pre_deploy_script: preDeployScript,
-                post_deploy_script: postDeployScript
-            }
-        });
-    }
-
-    async removeDeployment(appId) {
-        return this.request(`/deploy/apps/${appId}/config`, { method: 'DELETE' });
-    }
-
-    async triggerDeploy(appId, force = false) {
-        return this.request(`/deploy/apps/${appId}/deploy`, {
-            method: 'POST',
-            body: { force }
-        });
-    }
-
-    async pullChanges(appId, branch = null) {
-        return this.request(`/deploy/apps/${appId}/pull`, {
-            method: 'POST',
-            body: branch ? { branch } : {}
-        });
-    }
-
-    async getGitStatus(appId) {
-        return this.request(`/deploy/apps/${appId}/git-status`);
-    }
-
-    async getCommitInfo(appId) {
-        return this.request(`/deploy/apps/${appId}/commit`);
-    }
-
-    async getDeploymentHistory(appId = null, limit = 50) {
-        const params = new URLSearchParams({ limit });
-        if (appId) params.append('app_id', appId);
-        return this.request(`/deploy/history?${params}`);
-    }
-
-    async cloneRepository(appPath, repoUrl, branch = 'main') {
-        return this.request('/deploy/clone', {
-            method: 'POST',
-            body: { app_path: appPath, repo_url: repoUrl, branch }
-        });
-    }
-
-    async getAppBranches(appId) {
-        return this.request(`/deploy/apps/${appId}/branches`);
-    }
-
-    async getBranchesFromUrl(repoUrl) {
-        return this.request('/deploy/branches', {
-            method: 'POST',
-            body: { repo_url: repoUrl }
-        });
-    }
-
-    async getWebhookLogs(appId = null, limit = 50) {
-        const params = new URLSearchParams({ limit });
-        if (appId) params.append('app_id', appId);
-        return this.request(`/deploy/webhook-logs?${params}`);
-    }
-
-    // ========================================
-    // Build & Deployment endpoints
-    // ========================================
-    async getBuildConfig(appId) {
-        return this.request(`/builds/apps/${appId}/build-config`);
-    }
-
-    async configureBuild(appId, config) {
-        return this.request(`/builds/apps/${appId}/build-config`, {
-            method: 'POST',
-            body: config
-        });
-    }
-
-    async removeBuildConfig(appId) {
-        return this.request(`/builds/apps/${appId}/build-config`, { method: 'DELETE' });
-    }
-
-    async detectBuildMethod(appId) {
-        return this.request(`/builds/apps/${appId}/detect`);
-    }
-
-    async getNixpacksPlan(appId) {
-        return this.request(`/builds/apps/${appId}/nixpacks-plan`);
-    }
-
-    async triggerBuild(appId, noCache = false) {
-        return this.request(`/builds/apps/${appId}/build`, {
-            method: 'POST',
-            body: { no_cache: noCache }
-        });
-    }
-
-    async getBuildLogs(appId, limit = 20) {
-        return this.request(`/builds/apps/${appId}/build-logs?limit=${limit}`);
-    }
-
-    async getBuildLogDetail(appId, timestamp) {
-        return this.request(`/builds/apps/${appId}/build-logs/${timestamp}`);
-    }
-
-    async clearBuildCache(appId) {
-        return this.request(`/builds/apps/${appId}/clear-cache`, { method: 'POST' });
-    }
-
-    async deployApp(appId, options = {}) {
-        return this.request(`/builds/apps/${appId}/deploy`, {
-            method: 'POST',
-            body: options
-        });
-    }
-
-    async getDeployments(appId, limit = 20, offset = 0) {
-        return this.request(`/builds/apps/${appId}/deployments?limit=${limit}&offset=${offset}`);
-    }
-
-    async getDeploymentDetail(deploymentId, includeLogs = false) {
-        return this.request(`/builds/deployments/${deploymentId}?include_logs=${includeLogs}`);
-    }
-
-    async getDeploymentDiff(deploymentId) {
-        return this.request(`/builds/deployments/${deploymentId}/diff`);
-    }
-
-    async rollback(appId, targetVersion = null) {
-        return this.request(`/builds/apps/${appId}/rollback`, {
-            method: 'POST',
-            body: targetVersion ? { version: targetVersion } : {}
-        });
-    }
-
-    async getCurrentDeployment(appId) {
-        return this.request(`/builds/apps/${appId}/current-deployment`);
-    }
-
-    // ========================================
-    // Template endpoints
-    // ========================================
-    async listTemplates(category = null, search = null) {
-        const params = new URLSearchParams();
-        if (category) params.append('category', category);
-        if (search) params.append('search', search);
-        const query = params.toString();
-        return this.request(`/templates/${query ? '?' + query : ''}`);
-    }
-
-    async getTemplateCategories() {
-        return this.request('/templates/categories');
-    }
-
-    async getTemplate(templateId) {
-        return this.request(`/templates/${templateId}`);
-    }
-
-    async installTemplate(templateId, appName, variables = {}) {
-        return this.request(`/templates/${templateId}/install`, {
-            method: 'POST',
-            body: { app_name: appName, variables }
-        });
-    }
-
-    async validateTemplateInstall(templateId, appName, variables = {}) {
-        return this.request('/templates/validate-install', {
-            method: 'POST',
-            body: { template_id: templateId, app_name: appName, variables }
-        });
-    }
-
-    async testDatabaseConnection(config) {
-        return this.request('/templates/test-db-connection', {
-            method: 'POST',
-            body: config
-        });
-    }
-
-    async checkAppUpdate(appId) {
-        return this.request(`/templates/apps/${appId}/check-update`);
-    }
-
-    async updateAppFromTemplate(appId) {
-        return this.request(`/templates/apps/${appId}/update`, { method: 'POST' });
-    }
-
-    async getAppTemplateInfo(appId) {
-        return this.request(`/templates/apps/${appId}/template-info`);
-    }
-
-    async listTemplateRepos() {
-        return this.request('/templates/repos');
-    }
-
-    async addTemplateRepo(name, url) {
-        return this.request('/templates/repos', {
-            method: 'POST',
-            body: { name, url }
-        });
-    }
-
-    async removeTemplateRepo(url) {
-        return this.request('/templates/repos', {
-            method: 'DELETE',
-            body: { url }
-        });
-    }
-
-    async syncTemplates() {
-        return this.request('/templates/sync', { method: 'POST' });
-    }
-
-    // ========================================
-    // File Manager endpoints
-    // ========================================
-    async browseFiles(path = '/home', showHidden = false) {
-        const params = new URLSearchParams({ path, show_hidden: showHidden });
-        return this.request(`/files/browse?${params}`);
-    }
-
-    async getFileInfo(path) {
-        return this.request(`/files/info?path=${encodeURIComponent(path)}`);
-    }
-
-    async readFile(path) {
-        return this.request(`/files/read?path=${encodeURIComponent(path)}`);
-    }
-
-    async writeFile(path, content, createBackup = true) {
-        return this.request('/files/write', {
-            method: 'POST',
-            body: { path, content, create_backup: createBackup }
-        });
-    }
-
-    async createFile(path, content = '') {
-        return this.request('/files/create', {
-            method: 'POST',
-            body: { path, content }
-        });
-    }
-
-    async createDirectory(path) {
-        return this.request('/files/mkdir', {
-            method: 'POST',
-            body: { path }
-        });
-    }
-
-    async deleteFile(path) {
-        return this.request(`/files/delete?path=${encodeURIComponent(path)}`, {
-            method: 'DELETE'
-        });
-    }
-
-    async renameFile(path, newName) {
-        return this.request('/files/rename', {
-            method: 'POST',
-            body: { path, new_name: newName }
-        });
-    }
-
-    async copyFile(src, dest) {
-        return this.request('/files/copy', {
-            method: 'POST',
-            body: { src, dest }
-        });
-    }
-
-    async moveFile(src, dest) {
-        return this.request('/files/move', {
-            method: 'POST',
-            body: { src, dest }
-        });
-    }
-
-    async changeFilePermissions(path, mode) {
-        return this.request('/files/chmod', {
-            method: 'POST',
-            body: { path, mode }
-        });
-    }
-
-    async searchFiles(directory, pattern, maxResults = 100) {
-        const params = new URLSearchParams({ directory, pattern, max_results: maxResults });
-        return this.request(`/files/search?${params}`);
-    }
-
-    async getDiskUsage(path = '/') {
-        return this.request(`/files/disk-usage?path=${encodeURIComponent(path)}`);
-    }
-
-    async getAllDiskMounts() {
-        return this.request('/files/disk-mounts');
-    }
-
-    async analyzeDirectory(path = '/home', depth = 2, limit = 20) {
-        const params = new URLSearchParams({ path, depth, limit });
-        return this.request(`/files/analyze?${params}`);
-    }
-
-    async getFileTypeBreakdown(path = '/home', maxDepth = 3) {
-        const params = new URLSearchParams({ path, max_depth: maxDepth });
-        return this.request(`/files/type-breakdown?${params}`);
-    }
-
-    async downloadFile(path) {
-        const token = this.getToken();
-        const url = `${this.baseUrl}/files/download?path=${encodeURIComponent(path)}`;
-        window.open(`${url}&token=${token}`, '_blank');
-    }
-
-    async uploadFile(destination, file, onProgress = null) {
-        const token = this.getToken();
-        const formData = new FormData();
-        formData.append('file', file);
-        formData.append('destination', destination);
-
-        return new Promise((resolve, reject) => {
-            const xhr = new XMLHttpRequest();
-            xhr.open('POST', `${this.baseUrl}/files/upload`);
-            xhr.setRequestHeader('Authorization', `Bearer ${token}`);
-
-            if (onProgress) {
-                xhr.upload.onprogress = (e) => {
-                    if (e.lengthComputable) {
-                        onProgress((e.loaded / e.total) * 100);
-                    }
-                };
-            }
-
-            xhr.onload = () => {
-                if (xhr.status >= 200 && xhr.status < 300) {
-                    resolve(JSON.parse(xhr.responseText));
-                } else {
-                    reject(new Error(JSON.parse(xhr.responseText).error || 'Upload failed'));
-                }
-            };
-
-            xhr.onerror = () => reject(new Error('Upload failed'));
-            xhr.send(formData);
-        });
-    }
-
-    // ========================================
-    // FTP Server endpoints
-    // ========================================
-    async getFTPStatus() {
-        return this.request('/ftp/status');
-    }
-
-    async controlFTPService(action, service = null) {
-        return this.request(`/ftp/service/${action}`, {
-            method: 'POST',
-            body: service ? { service } : {}
-        });
-    }
-
-    async getFTPConfig(service = null) {
-        const params = service ? `?service=${service}` : '';
-        return this.request(`/ftp/config${params}`);
-    }
-
-    async updateFTPConfig(config, service = null) {
-        return this.request('/ftp/config', {
-            method: 'POST',
-            body: { config, service }
-        });
-    }
-
-    async getFTPUsers() {
-        return this.request('/ftp/users');
-    }
-
-    async createFTPUser(username, password = null, homeDir = null) {
-        return this.request('/ftp/users', {
-            method: 'POST',
-            body: { username, password, home_dir: homeDir }
-        });
-    }
-
-    async deleteFTPUser(username, deleteHome = false) {
-        const params = deleteHome ? '?delete_home=true' : '';
-        return this.request(`/ftp/users/${username}${params}`, {
-            method: 'DELETE'
-        });
-    }
-
-    async changeFTPPassword(username, password = null) {
-        return this.request(`/ftp/users/${username}/password`, {
-            method: 'POST',
-            body: password ? { password } : {}
-        });
-    }
-
-    async toggleFTPUser(username, enabled) {
-        return this.request(`/ftp/users/${username}/toggle`, {
-            method: 'POST',
-            body: { enabled }
-        });
-    }
-
-    async getFTPConnections() {
-        return this.request('/ftp/connections');
-    }
-
-    async disconnectFTPSession(pid) {
-        return this.request(`/ftp/connections/${pid}`, {
-            method: 'DELETE'
-        });
-    }
-
-    async getFTPLogs(lines = 100) {
-        return this.request(`/ftp/logs?lines=${lines}`);
-    }
-
-    async installFTPServer(service = 'vsftpd') {
-        return this.request('/ftp/install', {
-            method: 'POST',
-            body: { service }
-        });
-    }
-
-    async testFTPConnection(host = 'localhost', port = 21, username = null, password = null) {
-        return this.request('/ftp/test', {
-            method: 'POST',
-            body: { host, port, username, password }
-        });
-    }
-
-    // ========================================
-    // Firewall endpoints
-    // ========================================
-    async getFirewallStatus() {
-        return this.request('/firewall/status');
-    }
-
-    async enableFirewall(firewall = null) {
-        return this.request('/firewall/enable', {
-            method: 'POST',
-            body: firewall ? { firewall } : {}
-        });
-    }
-
-    async disableFirewall(firewall = null) {
-        return this.request('/firewall/disable', {
-            method: 'POST',
-            body: firewall ? { firewall } : {}
-        });
-    }
-
-    async getFirewallRules(firewall = null) {
-        const params = firewall ? `?firewall=${firewall}` : '';
-        return this.request(`/firewall/rules${params}`);
-    }
-
-    async addFirewallRule(ruleData) {
-        return this.request('/firewall/rules', {
-            method: 'POST',
-            body: ruleData
-        });
-    }
-
-    async removeFirewallRule(ruleData) {
-        return this.request('/firewall/rules', {
-            method: 'DELETE',
-            body: ruleData
-        });
-    }
-
-    async blockIP(ip, permanent = true) {
-        return this.request('/firewall/block-ip', {
-            method: 'POST',
-            body: { ip, permanent }
-        });
-    }
-
-    async unblockIP(ip, permanent = true) {
-        return this.request('/firewall/unblock-ip', {
-            method: 'POST',
-            body: { ip, permanent }
-        });
-    }
-
-    async getBlockedIPs() {
-        return this.request('/firewall/blocked-ips');
-    }
-
-    async allowPort(port, protocol = 'tcp', permanent = true) {
-        return this.request('/firewall/allow-port', {
-            method: 'POST',
-            body: { port, protocol, permanent }
-        });
-    }
-
-    async denyPort(port, protocol = 'tcp', permanent = true) {
-        return this.request('/firewall/deny-port', {
-            method: 'POST',
-            body: { port, protocol, permanent }
-        });
-    }
-
-    async getFirewallZones() {
-        return this.request('/firewall/zones');
-    }
-
-    async setDefaultZone(zone) {
-        return this.request('/firewall/zones/default', {
-            method: 'POST',
-            body: { zone }
-        });
-    }
-
-    async installFirewall(firewall = 'ufw') {
-        return this.request('/firewall/install', {
-            method: 'POST',
-            body: { firewall }
-        });
-    }
-
-    // ========================================
-    // Git Server endpoints
-    // ========================================
-    async getGitStatus() {
-        return this.request('/git/status');
-    }
-
-    async getGitRequirements() {
-        return this.request('/git/requirements');
-    }
-
-    async installGit(data) {
-        return this.request('/git/install', {
-            method: 'POST',
-            body: data
-        });
-    }
-
-    async uninstallGit(removeData = false) {
-        return this.request('/git/uninstall', {
-            method: 'POST',
-            body: { removeData }
-        });
-    }
-
-    async startGit() {
-        return this.request('/git/start', { method: 'POST' });
-    }
-
-    async stopGit() {
-        return this.request('/git/stop', { method: 'POST' });
-    }
-
-    async restartGit() {
-        return this.request('/git/restart', { method: 'POST' });
-    }
-
-    // ========================================
-    // WordPress Standalone endpoints
-    // ========================================
-    async getWordPressStatus() {
-        return this.request('/wordpress/standalone/status');
-    }
-
-    async getWordPressRequirements() {
-        return this.request('/wordpress/standalone/requirements');
-    }
-
-    async installWordPress(data) {
-        return this.request('/wordpress/standalone/install', {
-            method: 'POST',
-            body: data
-        });
-    }
-
-    async uninstallWordPress(removeData = false) {
-        return this.request('/wordpress/standalone/uninstall', {
-            method: 'POST',
-            body: { removeData }
-        });
-    }
-
-    async startWordPress() {
-        return this.request('/wordpress/standalone/start', { method: 'POST' });
-    }
-
-    async stopWordPress() {
-        return this.request('/wordpress/standalone/stop', { method: 'POST' });
-    }
-
-    async restartWordPress() {
-        return this.request('/wordpress/standalone/restart', { method: 'POST' });
-    }
-
-    // Git Webhooks
-    async getWebhooks() {
-        return this.request('/git/webhooks');
-    }
-
-    async getWebhook(webhookId) {
-        return this.request(`/git/webhooks/${webhookId}`);
-    }
-
-    async createWebhook(data) {
-        return this.request('/git/webhooks', {
-            method: 'POST',
-            body: data
-        });
-    }
-
-    async updateWebhook(webhookId, data) {
-        return this.request(`/git/webhooks/${webhookId}`, {
-            method: 'PUT',
-            body: data
-        });
-    }
-
-    async deleteWebhook(webhookId) {
-        return this.request(`/git/webhooks/${webhookId}`, { method: 'DELETE' });
-    }
-
-    async toggleWebhook(webhookId) {
-        return this.request(`/git/webhooks/${webhookId}/toggle`, { method: 'POST' });
-    }
-
-    async getWebhookLogs(webhookId, limit = 50) {
-        return this.request(`/git/webhooks/${webhookId}/logs?limit=${limit}`);
-    }
-
-    async testWebhook(webhookId) {
-        return this.request(`/git/webhooks/${webhookId}/test`, { method: 'POST' });
-    }
-
-    // Git Repositories
-    async getRepositories(limit = 50) {
-        return this.request(`/git/repos?limit=${limit}`);
-    }
-
-    async getRepository(owner, repo) {
-        return this.request(`/git/repos/${owner}/${repo}`);
-    }
-
-    async getRepoStats(owner, repo) {
-        return this.request(`/git/repos/${owner}/${repo}/stats`);
-    }
-
-    async getBranches(owner, repo) {
-        return this.request(`/git/repos/${owner}/${repo}/branches`);
-    }
-
-    async getBranch(owner, repo, branch) {
-        return this.request(`/git/repos/${owner}/${repo}/branches/${branch}`);
-    }
-
-    async getCommits(owner, repo, branch = null, page = 1, limit = 30) {
-        let url = `/git/repos/${owner}/${repo}/commits?page=${page}&limit=${limit}`;
-        if (branch) url += `&branch=${branch}`;
-        return this.request(url);
-    }
-
-    async getCommit(owner, repo, sha) {
-        return this.request(`/git/repos/${owner}/${repo}/commits/${sha}`);
-    }
-
-    async getRepoFiles(owner, repo, ref = 'main', path = '') {
-        let url = `/git/repos/${owner}/${repo}/contents?ref=${ref}`;
-        if (path) url += `&path=${path}`;
-        return this.request(url);
-    }
-
-    async getFileContent(owner, repo, filepath, ref = 'main') {
-        return this.request(`/git/repos/${owner}/${repo}/contents/${filepath}?ref=${ref}`);
-    }
-
-    async getRepoReadme(owner, repo, ref = null) {
-        let url = `/git/repos/${owner}/${repo}/readme`;
-        if (ref) url += `?ref=${ref}`;
-        return this.request(url);
-    }
-
-    async getGiteaVersion() {
-        return this.request('/git/version');
-    }
-
-    // Git Deployments
-    async getAppDeployments(appId, limit = 20) {
-        return this.request(`/git/deployments/app/${appId}?limit=${limit}`);
-    }
-
-    async getDeployment(deploymentId, includeLogs = false) {
-        return this.request(`/git/deployments/${deploymentId}?logs=${includeLogs}`);
-    }
-
-    async triggerDeploy(appId, branch = null) {
-        return this.request(`/git/deployments/app/${appId}/deploy`, {
-            method: 'POST',
-            body: branch ? { branch } : {}
-        });
-    }
-
-    async rollbackDeployment(appId, targetVersion = null) {
-        return this.request(`/git/deployments/app/${appId}/rollback`, {
-            method: 'POST',
-            body: targetVersion ? { targetVersion } : {}
-        });
-    }
-
-    async getWebhookDeployments(webhookId, limit = 20) {
-        return this.request(`/git/deployments/webhook/${webhookId}?limit=${limit}`);
-    }
-
-    // ========================================
-    // Cron Job endpoints
-    // ========================================
-    async getCronStatus() {
-        return this.request('/cron/status');
-    }
-
-    async getCronJobs() {
-        return this.request('/cron/jobs');
-    }
-
-    async createCronJob(data) {
-        return this.request('/cron/jobs', {
-            method: 'POST',
-            body: data
-        });
-    }
-
-    async updateCronJob(jobId, data) {
-        return this.request(`/cron/jobs/${jobId}`, {
-            method: 'PUT',
-            body: data
-        });
-    }
-
-    async deleteCronJob(jobId) {
-        return this.request(`/cron/jobs/${jobId}`, { method: 'DELETE' });
-    }
-
-    async toggleCronJob(jobId, enabled) {
-        return this.request(`/cron/jobs/${jobId}/toggle`, {
-            method: 'POST',
-            body: { enabled }
-        });
-    }
-
-    async runCronJob(jobId) {
-        return this.request(`/cron/jobs/${jobId}/run`, { method: 'POST' });
-    }
-
-    async getCronPresets() {
-        return this.request('/cron/presets');
-    }
-
-    // ========================================
-    // Uptime Tracking endpoints
-    // ========================================
-    async getCurrentUptime() {
-        return this.request('/uptime/current');
-    }
-
-    async getUptimeStats() {
-        return this.request('/uptime/stats');
-    }
-
-    async getUptimeGraph(period = '24h') {
-        return this.request(`/uptime/graph?period=${period}`);
-    }
-
-    async getUptimeHistory(hours = 24) {
-        return this.request(`/uptime/history?hours=${hours}`);
-    }
-
-    async startUptimeTracking() {
-        return this.request('/uptime/tracking/start', { method: 'POST' });
-    }
-
-    async stopUptimeTracking() {
-        return this.request('/uptime/tracking/stop', { method: 'POST' });
-    }
-
-    async getUptimeTrackingStatus() {
-        return this.request('/uptime/tracking/status');
-    }
-
-    // ========================================
-    // Metrics History endpoints
-    // ========================================
-    async getMetricsHistory(period = '1h') {
-        return this.request(`/metrics/history?period=${period}`);
-    }
-
-    async getMetricsStats() {
-        return this.request('/metrics/stats');
-    }
-
-    async startMetricsCollection() {
-        return this.request('/metrics/collection/start', { method: 'POST' });
-    }
-
-    async stopMetricsCollection() {
-        return this.request('/metrics/collection/stop', { method: 'POST' });
-    }
-
-    async triggerMetricsAggregation() {
-        return this.request('/metrics/aggregate', { method: 'POST' });
-    }
-
-    // ========================================
-    // Private URL endpoints
-    // ========================================
-    async enablePrivateUrl(appId, slug = null) {
-        return this.request(`/apps/${appId}/private-url`, {
-            method: 'POST',
-            body: slug ? { slug } : {}
-        });
-    }
-
-    async getPrivateUrl(appId) {
-        return this.request(`/apps/${appId}/private-url`);
-    }
-
-    async updatePrivateUrl(appId, slug) {
-        return this.request(`/apps/${appId}/private-url`, {
-            method: 'PUT',
-            body: { slug }
-        });
-    }
-
-    async disablePrivateUrl(appId) {
-        return this.request(`/apps/${appId}/private-url`, {
-            method: 'DELETE'
-        });
-    }
-
-    async regeneratePrivateUrl(appId) {
-        return this.request(`/apps/${appId}/private-url/regenerate`, {
-            method: 'POST'
-        });
-    }
-
-    // ========================================
-    // Environment Variables endpoints
-    // ========================================
-    async getEnvVars(appId, maskSecrets = false) {
-        const params = maskSecrets ? '?mask=true' : '';
-        return this.request(`/apps/${appId}/env${params}`);
-    }
-
-    async getEnvVar(appId, key) {
-        return this.request(`/apps/${appId}/env/${encodeURIComponent(key)}`);
-    }
-
-    async createEnvVar(appId, key, value, isSecret = false, description = null) {
-        return this.request(`/apps/${appId}/env`, {
-            method: 'POST',
-            body: { key, value, is_secret: isSecret, description }
-        });
-    }
-
-    async updateEnvVar(appId, key, data) {
-        return this.request(`/apps/${appId}/env/${encodeURIComponent(key)}`, {
-            method: 'PUT',
-            body: data
-        });
-    }
-
-    async deleteEnvVar(appId, key) {
-        return this.request(`/apps/${appId}/env/${encodeURIComponent(key)}`, {
-            method: 'DELETE'
-        });
-    }
-
-    async bulkSetEnvVars(appId, envVars) {
-        return this.request(`/apps/${appId}/env/bulk`, {
-            method: 'POST',
-            body: { env_vars: envVars }
-        });
-    }
-
-    async importEnvFile(appId, content, overwrite = true) {
-        return this.request(`/apps/${appId}/env/import`, {
-            method: 'POST',
-            body: { content, overwrite }
-        });
-    }
-
-    async exportEnvFile(appId, includeSecrets = true) {
-        const params = includeSecrets ? '' : '?include_secrets=false';
-        return this.request(`/apps/${appId}/env/export${params}`);
-    }
-
-    async getEnvVarHistory(appId, limit = 50) {
-        return this.request(`/apps/${appId}/env/history?limit=${limit}`);
-    }
-
-    async clearEnvVars(appId) {
-        return this.request(`/apps/${appId}/env/clear`, {
-            method: 'DELETE'
-        });
-    }
-
-    // ========================================
-    // Two-Factor Authentication endpoints
-    // ========================================
-    async get2FAStatus() {
-        return this.request('/auth/2fa/status');
-    }
-
-    async initiate2FASetup() {
-        return this.request('/auth/2fa/setup', { method: 'POST' });
-    }
-
-    async confirm2FASetup(code) {
-        return this.request('/auth/2fa/setup/confirm', {
-            method: 'POST',
-            body: { code }
-        });
-    }
-
-    async disable2FA(code) {
-        return this.request('/auth/2fa/disable', {
-            method: 'POST',
-            body: { code }
-        });
-    }
-
-    async regenerateBackupCodes(code) {
-        return this.request('/auth/2fa/backup-codes/regenerate', {
-            method: 'POST',
-            body: { code }
-        });
-    }
-
-    async verify2FA(tempToken, code) {
-        return this.request('/auth/2fa/verify', {
-            method: 'POST',
-            body: { temp_token: tempToken, code }
-        });
-    }
-
-    // ========================================
-    // Notification Webhooks endpoints
-    // ========================================
-    async getNotificationsStatus() {
-        return this.request('/notifications/status');
-    }
-
-    async getNotificationsConfig() {
-        return this.request('/notifications/config');
-    }
-
-    async updateNotificationChannel(channel, settings) {
-        return this.request(`/notifications/config/${channel}`, {
-            method: 'PUT',
-            body: settings
-        });
-    }
-
-    async testNotificationChannel(channel) {
-        return this.request(`/notifications/test/${channel}`, {
-            method: 'POST'
-        });
-    }
-
-    async testAllNotifications() {
-        return this.request('/notifications/test', {
-            method: 'POST'
-        });
-    }
-
-    // User notification preferences
-    async getUserNotificationPreferences() {
-        return this.request('/notifications/preferences');
-    }
-
-    async updateUserNotificationPreferences(preferences) {
-        return this.request('/notifications/preferences', {
-            method: 'PUT',
-            body: preferences
-        });
-    }
-
-    async testUserNotification() {
-        return this.request('/notifications/preferences/test', {
-            method: 'POST'
-        });
-    }
-
-    // ========================================
-    // Security (ClamAV, File Integrity) endpoints
-    // ========================================
-    async getSecurityStatus() {
-        return this.request('/security/status');
-    }
-
-    async getSecurityConfig() {
-        return this.request('/security/config');
-    }
-
-    async updateSecurityConfig(config) {
-        return this.request('/security/config', {
-            method: 'PUT',
-            body: config
-        });
-    }
-
-    async getClamAVStatus() {
-        return this.request('/security/clamav/status');
-    }
-
-    async installClamAV() {
-        return this.request('/security/clamav/install', { method: 'POST' });
-    }
-
-    async updateVirusDefinitions() {
-        return this.request('/security/clamav/update', { method: 'POST' });
-    }
-
-    async scanFile(path) {
-        return this.request('/security/scan/file', {
-            method: 'POST',
-            body: { path }
-        });
-    }
-
-    async scanDirectory(path, recursive = true) {
-        return this.request('/security/scan/directory', {
-            method: 'POST',
-            body: { path, recursive }
-        });
-    }
-
-    async getScanStatus() {
-        return this.request('/security/scan/status');
-    }
-
-    async cancelScan() {
-        return this.request('/security/scan/cancel', { method: 'POST' });
-    }
-
-    async getScanHistory(limit = 50) {
-        return this.request(`/security/scan/history?limit=${limit}`);
-    }
-
-    async runQuickScan() {
-        return this.request('/security/scan/quick', { method: 'POST' });
-    }
-
-    async runFullScan() {
-        return this.request('/security/scan/full', { method: 'POST' });
-    }
-
-    async getQuarantinedFiles() {
-        return this.request('/security/quarantine');
-    }
-
-    async quarantineFile(path) {
-        return this.request('/security/quarantine', {
-            method: 'POST',
-            body: { path }
-        });
-    }
-
-    async deleteQuarantinedFile(filename) {
-        return this.request(`/security/quarantine/${encodeURIComponent(filename)}`, {
-            method: 'DELETE'
-        });
-    }
-
-    async initializeIntegrityDatabase(paths = null) {
-        return this.request('/security/integrity/initialize', {
-            method: 'POST',
-            body: paths ? { paths } : {}
-        });
-    }
-
-    async checkFileIntegrity() {
-        return this.request('/security/integrity/check');
-    }
-
-    async getFailedLogins(hours = 24) {
-        return this.request(`/security/failed-logins?hours=${hours}`);
-    }
-
-    async getSecurityEvents(limit = 100) {
-        return this.request(`/security/events?limit=${limit}`);
-    }
-
-    // ========================================
-    // Fail2ban endpoints
-    // ========================================
-    async getFail2banStatus() {
-        return this.request('/security/fail2ban/status');
-    }
-
-    async installFail2ban() {
-        return this.request('/security/fail2ban/install', { method: 'POST' });
-    }
-
-    async getFail2banJailStatus(jail) {
-        return this.request(`/security/fail2ban/jails/${jail}`);
-    }
-
-    async getAllFail2banBans() {
-        return this.request('/security/fail2ban/bans');
-    }
-
-    async fail2banUnban(ip, jail = null) {
-        return this.request('/security/fail2ban/unban', {
-            method: 'POST',
-            body: { ip, jail }
-        });
-    }
-
-    async fail2banBan(ip, jail = 'sshd') {
-        return this.request('/security/fail2ban/ban', {
-            method: 'POST',
-            body: { ip, jail }
-        });
-    }
-
-    // ========================================
-    // SSH Key endpoints
-    // ========================================
-    async getSSHKeys(user = 'root') {
-        return this.request(`/security/ssh-keys?user=${user}`);
-    }
-
-    async addSSHKey(key, user = 'root') {
-        return this.request('/security/ssh-keys', {
-            method: 'POST',
-            body: { key, user }
-        });
-    }
-
-    async removeSSHKey(keyId, user = 'root') {
-        return this.request(`/security/ssh-keys/${keyId}?user=${user}`, {
-            method: 'DELETE'
-        });
-    }
-
-    // ========================================
-    // IP Lists endpoints
-    // ========================================
-    async getIPLists() {
-        return this.request('/security/ip-lists');
-    }
-
-    async addToIPList(ip, listType, comment = '') {
-        return this.request(`/security/ip-lists/${listType}`, {
-            method: 'POST',
-            body: { ip, comment }
-        });
-    }
-
-    async removeFromIPList(ip, listType) {
-        return this.request(`/security/ip-lists/${listType}/${encodeURIComponent(ip)}`, {
-            method: 'DELETE'
-        });
-    }
-
-    // ========================================
-    // Security Audit endpoints
-    // ========================================
-    async generateSecurityAudit() {
-        return this.request('/security/audit');
-    }
-
-    // ========================================
-    // Lynis (Vulnerability Scanning) endpoints
-    // ========================================
-    async getLynisStatus() {
-        return this.request('/security/lynis/status');
-    }
-
-    async installLynis() {
-        return this.request('/security/lynis/install', { method: 'POST' });
-    }
-
-    async runLynisScan() {
-        return this.request('/security/lynis/scan', { method: 'POST' });
-    }
-
-    async getLynisScanStatus() {
-        return this.request('/security/lynis/scan/status');
-    }
-
-    // ========================================
-    // Auto Updates endpoints
-    // ========================================
-    async getAutoUpdatesStatus() {
-        return this.request('/security/auto-updates/status');
-    }
-
-    async installAutoUpdates() {
-        return this.request('/security/auto-updates/install', { method: 'POST' });
-    }
-
-    async enableAutoUpdates() {
-        return this.request('/security/auto-updates/enable', { method: 'POST' });
-    }
-
-    async disableAutoUpdates() {
-        return this.request('/security/auto-updates/disable', { method: 'POST' });
-    }
-
-    // ========================================
-    // Workflow endpoints
-    // ========================================
-    async getWorkflows() {
-        return this.request('/workflows');
-    }
-
-    async getWorkflow(id) {
-        return this.request(`/workflows/${id}`);
-    }
-
-    async createWorkflow(data) {
-        return this.request('/workflows', {
-            method: 'POST',
-            body: data
-        });
-    }
-
-    async updateWorkflow(id, data) {
-        return this.request(`/workflows/${id}`, {
-            method: 'PUT',
-            body: data
-        });
-    }
-
-    async deleteWorkflow(id) {
-        return this.request(`/workflows/${id}`, {
-            method: 'DELETE'
-        });
-    }
-
-    async deployWorkflow(id) {
-        return this.request(`/workflows/${id}/deploy`, {
-            method: 'POST'
-        });
-    }
-
-    // ========================================
-    // Servers (Multi-Server Management) endpoints
-    // ========================================
-    async getServers() {
-        return this.request('/servers');
-    }
-
-    async getServer(id) {
-        return this.request(`/servers/${id}`);
-    }
-
-    async createServer(data) {
-        return this.request('/servers', {
-            method: 'POST',
-            body: data
-        });
-    }
-
-    async updateServer(id, data) {
-        return this.request(`/servers/${id}`, {
-            method: 'PUT',
-            body: data
-        });
-    }
-
-    async deleteServer(id) {
-        return this.request(`/servers/${id}`, {
-            method: 'DELETE'
-        });
-    }
-
-    async getServerStatus(id) {
-        return this.request(`/servers/${id}/status`);
-    }
-
-    async getServerMetrics(id) {
-        return this.request(`/servers/${id}/metrics`);
-    }
-
-    async pingServer(id) {
-        return this.request(`/servers/${id}/ping`, {
-            method: 'POST'
-        });
-    }
-
-    // Server Registration
-    async generateRegistrationToken(serverId) {
-        return this.request(`/servers/${serverId}/regenerate-token`, {
-            method: 'POST'
-        });
-    }
-
-    async registerServer(registrationData) {
-        return this.request('/servers/register', {
-            method: 'POST',
-            body: registrationData
-        });
-    }
-
-    // Server Groups
-    async getServerGroups() {
-        return this.request('/servers/groups');
-    }
-
-    async createServerGroup(data) {
-        return this.request('/servers/groups', {
-            method: 'POST',
-            body: data
-        });
-    }
-
-    async updateServerGroup(id, data) {
-        return this.request(`/servers/groups/${id}`, {
-            method: 'PUT',
-            body: data
-        });
-    }
-
-    async deleteServerGroup(id) {
-        return this.request(`/servers/groups/${id}`, {
-            method: 'DELETE'
-        });
-    }
-
-    // Remote Docker Operations (via agent)
-    async getRemoteContainers(serverId, all = false) {
-        return this.request(`/servers/${serverId}/docker/containers?all=${all}`);
-    }
-
-    async getRemoteContainer(serverId, containerId) {
-        return this.request(`/servers/${serverId}/docker/containers/${containerId}`);
-    }
-
-    async startRemoteContainer(serverId, containerId) {
-        return this.request(`/servers/${serverId}/docker/containers/${containerId}/start`, {
-            method: 'POST'
-        });
-    }
-
-    async stopRemoteContainer(serverId, containerId) {
-        return this.request(`/servers/${serverId}/docker/containers/${containerId}/stop`, {
-            method: 'POST'
-        });
-    }
-
-    async restartRemoteContainer(serverId, containerId) {
-        return this.request(`/servers/${serverId}/docker/containers/${containerId}/restart`, {
-            method: 'POST'
-        });
-    }
-
-    async removeRemoteContainer(serverId, containerId, force = false) {
-        return this.request(`/servers/${serverId}/docker/containers/${containerId}?force=${force}`, {
-            method: 'DELETE'
-        });
-    }
-
-    async getRemoteContainerStats(serverId, containerId) {
-        return this.request(`/servers/${serverId}/docker/containers/${containerId}/stats`);
-    }
-
-    async getRemoteContainerLogs(serverId, containerId, tail = 100, since = null) {
-        const params = new URLSearchParams({ tail });
-        if (since) params.append('since', since);
-        return this.request(`/servers/${serverId}/docker/containers/${containerId}/logs?${params}`);
-    }
-
-    async getRemoteImages(serverId) {
-        return this.request(`/servers/${serverId}/docker/images`);
-    }
-
-    async pullRemoteImage(serverId, image) {
-        return this.request(`/servers/${serverId}/docker/images/pull`, {
-            method: 'POST',
-            body: { image }
-        });
-    }
-
-    async removeRemoteImage(serverId, imageId, force = false) {
-        return this.request(`/servers/${serverId}/docker/images/${imageId}?force=${force}`, {
-            method: 'DELETE'
-        });
-    }
-
-    async getRemoteVolumes(serverId) {
-        return this.request(`/servers/${serverId}/docker/volumes`);
-    }
-
-    async getRemoteNetworks(serverId) {
-        return this.request(`/servers/${serverId}/docker/networks`);
-    }
-
-    async getRemoteSystemMetrics(serverId) {
-        return this.request(`/servers/${serverId}/system/metrics`);
-    }
-
-    async getRemoteSystemInfo(serverId) {
-        return this.request(`/servers/${serverId}/system/info`);
-    }
-
-    // Get available servers for Docker operations
-    async getAvailableServers() {
-        return this.request('/servers/available');
-    }
-
-    // Remote Docker Compose Operations
-    async getRemoteComposeProjects(serverId) {
-        return this.request(`/servers/${serverId}/docker/compose/projects`);
-    }
-
-    async getRemoteComposePs(serverId, projectPath) {
-        return this.request(`/servers/${serverId}/docker/compose/ps`, {
-            method: 'POST',
-            body: { project_path: projectPath }
-        });
-    }
-
-    async remoteComposeUp(serverId, projectPath, options = {}) {
-        return this.request(`/servers/${serverId}/docker/compose/up`, {
-            method: 'POST',
-            body: {
-                project_path: projectPath,
-                detach: options.detach !== false,
-                build: options.build || false
-            }
-        });
-    }
-
-    async remoteComposeDown(serverId, projectPath, options = {}) {
-        return this.request(`/servers/${serverId}/docker/compose/down`, {
-            method: 'POST',
-            body: {
-                project_path: projectPath,
-                volumes: options.volumes || false,
-                remove_orphans: options.removeOrphans !== false
-            }
-        });
-    }
-
-    async remoteComposeLogs(serverId, projectPath, service = null, tail = 100) {
-        return this.request(`/servers/${serverId}/docker/compose/logs`, {
-            method: 'POST',
-            body: {
-                project_path: projectPath,
-                service: service,
-                tail: tail
-            }
-        });
-    }
-
-    async remoteComposeRestart(serverId, projectPath, service = null) {
-        return this.request(`/servers/${serverId}/docker/compose/restart`, {
-            method: 'POST',
-            body: {
-                project_path: projectPath,
-                service: service
-            }
-        });
-    }
-
-    async remoteComposePull(serverId, projectPath, service = null) {
-        return this.request(`/servers/${serverId}/docker/compose/pull`, {
-            method: 'POST',
-            body: {
-                project_path: projectPath,
-                service: service
-            }
-        });
-    }
-
-    // Server Historical Metrics
-    async getServerMetricsHistory(serverId, period = '24h') {
-        return this.request(`/servers/${serverId}/metrics/history?period=${period}`);
-    }
-
-    async getServerMetricsAggregated(serverId, period = '24h', aggregation = 'hourly') {
-        return this.request(`/servers/${serverId}/metrics/aggregated?period=${period}&aggregation=${aggregation}`);
-    }
-
-    async compareServerMetrics(serverIds, metric = 'cpu', period = '24h') {
-        const ids = Array.isArray(serverIds) ? serverIds.join(',') : serverIds;
-        return this.request(`/servers/metrics/compare?ids=${ids}&metric=${metric}&period=${period}`);
-    }
-
-    async getMetricsRetentionStats() {
-        return this.request('/servers/metrics/retention');
-    }
-
-    async triggerMetricsCleanup() {
-        return this.request('/servers/metrics/cleanup', { method: 'POST' });
-    }
-
-    // Remote Terminal
-    async createTerminalSession(serverId, cols = 80, rows = 24) {
-        return this.request(`/servers/${serverId}/terminal`, {
-            method: 'POST',
-            body: { cols, rows }
-        });
-    }
-
-    async sendTerminalInput(sessionId, data) {
-        return this.request(`/servers/terminal/${sessionId}/input`, {
-            method: 'POST',
-            body: { data }
-        });
-    }
-
-    async resizeTerminal(sessionId, cols, rows) {
-        return this.request(`/servers/terminal/${sessionId}/resize`, {
-            method: 'POST',
-            body: { cols, rows }
-        });
-    }
-
-    async closeTerminalSession(sessionId) {
-        return this.request(`/servers/terminal/${sessionId}`, {
-            method: 'DELETE'
-        });
-    }
-
-    async listTerminalSessions() {
-        return this.request('/servers/terminal/sessions');
-    }
-
-    // Security Features
-    async getAllowedIPs(serverId) {
-        return this.request(`/servers/${serverId}/allowed-ips`);
-    }
-
-    async updateAllowedIPs(serverId, allowedIPs) {
-        return this.request(`/servers/${serverId}/allowed-ips`, {
-            method: 'PUT',
-            body: { allowed_ips: allowedIPs }
-        });
-    }
-
-    async getConnectionInfo(serverId) {
-        return this.request(`/servers/${serverId}/connection-info`);
-    }
-
-    async rotateAPIKey(serverId) {
-        return this.request(`/servers/${serverId}/rotate-api-key`, {
-            method: 'POST'
-        });
-    }
-
-    async getServerSecurityAlerts(serverId, options = {}) {
-        const params = new URLSearchParams();
-        if (options.status) params.append('status', options.status);
-        if (options.severity) params.append('severity', options.severity);
-        if (options.limit) params.append('limit', options.limit);
-        const query = params.toString() ? `?${params.toString()}` : '';
-        return this.request(`/servers/${serverId}/security/alerts${query}`);
-    }
-
-    async getAllSecurityAlerts(options = {}) {
-        const params = new URLSearchParams();
-        if (options.status) params.append('status', options.status);
-        if (options.severity) params.append('severity', options.severity);
-        if (options.type) params.append('type', options.type);
-        if (options.limit) params.append('limit', options.limit);
-        const query = params.toString() ? `?${params.toString()}` : '';
-        return this.request(`/servers/security/alerts${query}`);
-    }
-
-    async getSecurityAlertCounts(serverId = null) {
-        const query = serverId ? `?server_id=${serverId}` : '';
-        return this.request(`/servers/security/alerts/counts${query}`);
-    }
-
-    async acknowledgeAlert(alertId) {
-        return this.request(`/servers/security/alerts/${alertId}/acknowledge`, {
-            method: 'POST'
-        });
-    }
-
-    async resolveAlert(alertId) {
-        return this.request(`/servers/security/alerts/${alertId}/resolve`, {
-            method: 'POST'
-        });
-    }
-
-    // Agent Downloads
-    async getAgentVersion() {
-        return this.request('/servers/agent/version');
-    }
-
-    async getAgentDownloadUrl(os, arch) {
-        // Returns the download URL, caller should redirect or fetch
-        const baseUrl = this.baseUrl.replace('/api/v1', '');
-        return `${baseUrl}/api/servers/agent/download/${os}/${arch}`;
-    }
-
-    // ── Email Server ──
-    async getEmailStatus() { return this.request('/email/status'); }
-    async installEmailServer(data = {}) { return this.request('/email/install', { method: 'POST', body: JSON.stringify(data) }); }
-    async controlEmailService(component, action) { return this.request(`/email/service/${component}/${action}`, { method: 'POST' }); }
-    // Email Domains
-    async getEmailDomains() { return this.request('/email/domains'); }
-    async addEmailDomain(data) { return this.request('/email/domains', { method: 'POST', body: JSON.stringify(data) }); }
-    async getEmailDomain(domainId) { return this.request(`/email/domains/${domainId}`); }
-    async deleteEmailDomain(domainId) { return this.request(`/email/domains/${domainId}`, { method: 'DELETE' }); }
-    async verifyEmailDNS(domainId) { return this.request(`/email/domains/${domainId}/verify-dns`, { method: 'POST' }); }
-    async deployEmailDNS(domainId) { return this.request(`/email/domains/${domainId}/deploy-dns`, { method: 'POST' }); }
-    // Email Accounts
-    async getEmailAccounts(domainId) { return this.request(`/email/domains/${domainId}/accounts`); }
-    async createEmailAccount(domainId, data) { return this.request(`/email/domains/${domainId}/accounts`, { method: 'POST', body: JSON.stringify(data) }); }
-    async getEmailAccount(accountId) { return this.request(`/email/accounts/${accountId}`); }
-    async updateEmailAccount(accountId, data) { return this.request(`/email/accounts/${accountId}`, { method: 'PUT', body: JSON.stringify(data) }); }
-    async deleteEmailAccount(accountId) { return this.request(`/email/accounts/${accountId}`, { method: 'DELETE' }); }
-    async changeEmailPassword(accountId, password) { return this.request(`/email/accounts/${accountId}/password`, { method: 'POST', body: JSON.stringify({ password }) }); }
-    // Email Aliases
-    async getEmailAliases(domainId) { return this.request(`/email/domains/${domainId}/aliases`); }
-    async createEmailAlias(domainId, data) { return this.request(`/email/domains/${domainId}/aliases`, { method: 'POST', body: JSON.stringify(data) }); }
-    async deleteEmailAlias(aliasId) { return this.request(`/email/aliases/${aliasId}`, { method: 'DELETE' }); }
-    // Email Forwarding
-    async getEmailForwarding(accountId) { return this.request(`/email/accounts/${accountId}/forwarding`); }
-    async createEmailForwarding(accountId, data) { return this.request(`/email/accounts/${accountId}/forwarding`, { method: 'POST', body: JSON.stringify(data) }); }
-    async updateEmailForwarding(ruleId, data) { return this.request(`/email/forwarding/${ruleId}`, { method: 'PUT', body: JSON.stringify(data) }); }
-    async deleteEmailForwarding(ruleId) { return this.request(`/email/forwarding/${ruleId}`, { method: 'DELETE' }); }
-    // DNS Providers
-    async getEmailDNSProviders() { return this.request('/email/dns-providers'); }
-    async addEmailDNSProvider(data) { return this.request('/email/dns-providers', { method: 'POST', body: JSON.stringify(data) }); }
-    async deleteEmailDNSProvider(providerId) { return this.request(`/email/dns-providers/${providerId}`, { method: 'DELETE' }); }
-    async testEmailDNSProvider(providerId) { return this.request(`/email/dns-providers/${providerId}/test`, { method: 'POST' }); }
-    async getEmailDNSZones(providerId) { return this.request(`/email/dns-providers/${providerId}/zones`); }
-    // SpamAssassin
-    async getSpamConfig() { return this.request('/email/spam/config'); }
-    async updateSpamConfig(data) { return this.request('/email/spam/config', { method: 'PUT', body: JSON.stringify(data) }); }
-    async updateSpamRules() { return this.request('/email/spam/update-rules', { method: 'POST' }); }
-    // Roundcube Webmail
-    async getWebmailStatus() { return this.request('/email/webmail/status'); }
-    async installWebmail(data = {}) { return this.request('/email/webmail/install', { method: 'POST', body: JSON.stringify(data) }); }
-    async controlWebmail(action) { return this.request(`/email/webmail/service/${action}`, { method: 'POST' }); }
-    async configureWebmailProxy(domain) { return this.request('/email/webmail/configure-proxy', { method: 'POST', body: JSON.stringify({ domain }) }); }
-    // Mail Queue & Logs
-    async getMailQueue() { return this.request('/email/queue'); }
-    async flushMailQueue() { return this.request('/email/queue/flush', { method: 'POST' }); }
-    async deleteMailQueueItem(queueId) { return this.request(`/email/queue/${queueId}`, { method: 'DELETE' }); }
-    async getMailLogs(lines = 100) { return this.request(`/email/logs?lines=${lines}`); }
-
-    // ==================== SSO / OAuth ====================
-
-    async getSSOProviders() {
-        return this.request('/sso/providers');
-    }
-
-    async startSSOAuth(provider, redirectUri) {
-        return this.request(`/sso/authorize/${provider}?redirect_uri=${encodeURIComponent(redirectUri)}`);
-    }
-
-    async completeSSOAuth(provider, code, state, redirectUri) {
-        const data = await this.request(`/sso/callback/${provider}`, {
-            method: 'POST',
-            body: { code, state, redirect_uri: redirectUri },
-        });
-        if (data.access_token) {
-            this.setTokens(data.access_token, data.refresh_token);
-        }
-        return data;
-    }
-
-    async getSSOIdentities() {
-        return this.request('/sso/identities');
-    }
-
-    async linkSSOProvider(provider, code, state, redirectUri) {
-        return this.request(`/sso/link/${provider}`, {
-            method: 'POST',
-            body: { code, state, redirect_uri: redirectUri },
-        });
-    }
-
-    async unlinkSSOProvider(provider) {
-        return this.request(`/sso/link/${provider}`, { method: 'DELETE' });
-    }
-
-    // SSO Admin
-    async getSSOConfig() {
-        return this.request('/sso/admin/config');
-    }
-
-    async updateSSOProviderConfig(provider, config) {
-        return this.request(`/sso/admin/config/${provider}`, {
-            method: 'PUT',
-            body: config,
-        });
-    }
-
-    async testSSOProvider(provider) {
-        return this.request(`/sso/admin/test/${provider}`, { method: 'POST' });
-    }
-
-    async updateSSOGeneralSettings(settings) {
-        return this.request('/sso/admin/general', {
-            method: 'PUT',
-            body: settings,
-        });
-    }
-
-    // Database Migrations
-    async getMigrationStatus() {
-        return this.request('/migrations/status');
-    }
-
-    async createMigrationBackup() {
-        return this.request('/migrations/backup', { method: 'POST' });
-    }
-
-    async applyMigrations() {
-        return this.request('/migrations/apply', { method: 'POST' });
-    }
-
-    async getMigrationHistory() {
-        return this.request('/migrations/history');
-    }
-
-    // API Keys
-    async getApiKeys() {
-        return this.request('/api-keys/');
-    }
-
-    async createApiKey(data) {
-        return this.request('/api-keys/', { method: 'POST', body: data });
-    }
-
-    async getApiKey(id) {
-        return this.request(`/api-keys/${id}`);
-    }
-
-    async updateApiKey(id, data) {
-        return this.request(`/api-keys/${id}`, { method: 'PUT', body: data });
-    }
-
-    async revokeApiKey(id) {
-        return this.request(`/api-keys/${id}`, { method: 'DELETE' });
-    }
-
-    async rotateApiKey(id) {
-        return this.request(`/api-keys/${id}/rotate`, { method: 'POST' });
-    }
-
-    // Event Subscriptions (Webhooks)
-    async getEventSubscriptions() {
-        return this.request('/event-subscriptions/');
-    }
-
-    async createEventSubscription(data) {
-        return this.request('/event-subscriptions/', { method: 'POST', body: data });
-    }
-
-    async getAvailableEvents() {
-        return this.request('/event-subscriptions/events');
-    }
-
-    async getEventSubscription(id) {
-        return this.request(`/event-subscriptions/${id}`);
-    }
-
-    async updateEventSubscription(id, data) {
-        return this.request(`/event-subscriptions/${id}`, { method: 'PUT', body: data });
-    }
-
-    async deleteEventSubscription(id) {
-        return this.request(`/event-subscriptions/${id}`, { method: 'DELETE' });
-    }
-
-    async testEventSubscription(id) {
-        return this.request(`/event-subscriptions/${id}/test`, { method: 'POST' });
-    }
-
-    async getEventDeliveries(id, page = 1) {
-        return this.request(`/event-subscriptions/${id}/deliveries?page=${page}`);
-    }
-
-    async retryEventDelivery(subId, deliveryId) {
-        return this.request(`/event-subscriptions/${subId}/deliveries/${deliveryId}/retry`, { method: 'POST' });
-    }
-
-    // API Analytics
-    async getApiAnalyticsOverview(period = '24h') {
-        return this.request(`/api-analytics/overview?period=${period}`);
-    }
-
-    async getApiAnalyticsEndpoints(period = '24h', limit = 20) {
-        return this.request(`/api-analytics/endpoints?period=${period}&limit=${limit}`);
-    }
-
-    async getApiAnalyticsErrors(period = '24h') {
-        return this.request(`/api-analytics/errors?period=${period}`);
-    }
-
-    async getApiAnalyticsTimeseries(period = '24h', interval = 'hour') {
-        return this.request(`/api-analytics/timeseries?period=${period}&interval=${interval}`);
-    }
-
-    async getApiKeyUsage(keyId, period = '24h') {
-        return this.request(`/api-analytics/keys/${keyId}/usage?period=${period}`);
-    }
-
-    // ========================================
-    // Admin - Permissions endpoints
-    // ========================================
-    async getUserPermissions(userId) {
-        return this.request(`/admin/users/${userId}/permissions`);
-    }
-
-    async updateUserPermissions(userId, permissions) {
-        return this.request(`/admin/users/${userId}/permissions`, {
-            method: 'PUT',
-            body: { permissions }
-        });
-    }
-
-    async resetUserPermissions(userId) {
-        return this.request(`/admin/users/${userId}/permissions/reset`, {
-            method: 'POST'
-        });
-    }
-
-    async getPermissionTemplates() {
-        return this.request('/admin/permissions/templates');
-    }
-
-    // ========================================
-    // Admin - Invitations endpoints
-    // ========================================
-    async getInvitations(status) {
-        const query = status ? `?status=${status}` : '';
-        return this.request(`/admin/invitations/${query}`);
-    }
-
-    async createInvitation(data) {
-        return this.request('/admin/invitations/', {
-            method: 'POST',
-            body: data
-        });
-    }
-
-    async revokeInvitation(id) {
-        return this.request(`/admin/invitations/${id}`, {
-            method: 'DELETE'
-        });
-    }
-
-    async resendInvitation(id) {
-        return this.request(`/admin/invitations/resend/${id}`, {
-            method: 'POST'
-        });
-    }
-
-    async validateInvitation(token) {
-        return this.request(`/admin/invitations/validate/${token}`);
-    }
-
-    // ========================================
-    // Admin - Activity endpoints
-    // ========================================
-    async getActivitySummary() {
-        return this.request('/admin/activity/summary');
-    }
-
-    async getActivityFeed(params = {}) {
-        const searchParams = new URLSearchParams();
-        if (params.page) searchParams.append('page', params.page);
-        if (params.per_page) searchParams.append('per_page', params.per_page);
-        if (params.user_id) searchParams.append('user_id', params.user_id);
-        if (params.action) searchParams.append('action', params.action);
-        if (params.start_date) searchParams.append('start_date', params.start_date);
-        if (params.end_date) searchParams.append('end_date', params.end_date);
-        const query = searchParams.toString();
-        return this.request(`/admin/activity/feed${query ? '?' + query : ''}`);
-    }
-}
-
-export const api = new ApiService();
-export default api;
+// Backward compatibility — re-exports from modular structure
+export { default, api } from './api/index.js';
diff --git a/frontend/src/services/api/apps.js b/frontend/src/services/api/apps.js
new file mode 100644
index 00000000..2bf40f0f
--- /dev/null
+++ b/frontend/src/services/api/apps.js
@@ -0,0 +1,452 @@
+// Applications, app linking, environment variables, private URLs,
+// templates, builds, deployments
+
+// Apps endpoints
+export async function getApps() {
+    return this.request('/apps');
+}
+
+export async function getApp(id) {
+    return this.request(`/apps/${id}`);
+}
+
+export async function createApp(appData) {
+    return this.request('/apps', {
+        method: 'POST',
+        body: appData,
+    });
+}
+
+export async function updateApp(id, appData) {
+    return this.request(`/apps/${id}`, {
+        method: 'PUT',
+        body: appData,
+    });
+}
+
+export async function deleteApp(id) {
+    return this.request(`/apps/${id}`, {
+        method: 'DELETE',
+    });
+}
+
+export async function startApp(id) {
+    return this.request(`/apps/${id}/start`, { method: 'POST' });
+}
+
+export async function stopApp(id) {
+    return this.request(`/apps/${id}/stop`, { method: 'POST' });
+}
+
+export async function restartApp(id) {
+    return this.request(`/apps/${id}/restart`, { method: 'POST' });
+}
+
+// App linking endpoints
+export async function linkApp(appId, targetAppId, asEnvironment, options = {}) {
+    return this.request(`/apps/${appId}/link`, {
+        method: 'POST',
+        body: {
+            target_app_id: targetAppId,
+            as_environment: asEnvironment,
+            propagate_credentials: options.propagateCredentials !== false,
+            table_prefix: options.tablePrefix
+        }
+    });
+}
+
+export async function getLinkedApps(appId) {
+    return this.request(`/apps/${appId}/linked`);
+}
+
+export async function unlinkApp(appId) {
+    return this.request(`/apps/${appId}/link`, {
+        method: 'DELETE'
+    });
+}
+
+export async function updateAppEnvironment(appId, environmentType) {
+    return this.request(`/apps/${appId}/environment`, {
+        method: 'PUT',
+        body: { environment_type: environmentType }
+    });
+}
+
+// Private URL endpoints
+export async function enablePrivateUrl(appId, slug = null) {
+    return this.request(`/apps/${appId}/private-url`, {
+        method: 'POST',
+        body: slug ? { slug } : {}
+    });
+}
+
+export async function getPrivateUrl(appId) {
+    return this.request(`/apps/${appId}/private-url`);
+}
+
+export async function updatePrivateUrl(appId, slug) {
+    return this.request(`/apps/${appId}/private-url`, {
+        method: 'PUT',
+        body: { slug }
+    });
+}
+
+export async function disablePrivateUrl(appId) {
+    return this.request(`/apps/${appId}/private-url`, {
+        method: 'DELETE'
+    });
+}
+
+export async function regeneratePrivateUrl(appId) {
+    return this.request(`/apps/${appId}/private-url/regenerate`, {
+        method: 'POST'
+    });
+}
+
+// Environment Variables endpoints
+export async function getEnvVars(appId, maskSecrets = false) {
+    const params = maskSecrets ? '?mask=true' : '';
+    return this.request(`/apps/${appId}/env${params}`);
+}
+
+export async function getEnvVar(appId, key) {
+    return this.request(`/apps/${appId}/env/${encodeURIComponent(key)}`);
+}
+
+export async function createEnvVar(appId, key, value, isSecret = false, description = null) {
+    return this.request(`/apps/${appId}/env`, {
+        method: 'POST',
+        body: { key, value, is_secret: isSecret, description }
+    });
+}
+
+export async function updateEnvVar(appId, key, data) {
+    return this.request(`/apps/${appId}/env/${encodeURIComponent(key)}`, {
+        method: 'PUT',
+        body: data
+    });
+}
+
+export async function deleteEnvVar(appId, key) {
+    return this.request(`/apps/${appId}/env/${encodeURIComponent(key)}`, {
+        method: 'DELETE'
+    });
+}
+
+export async function bulkSetEnvVars(appId, envVars) {
+    return this.request(`/apps/${appId}/env/bulk`, {
+        method: 'POST',
+        body: { env_vars: envVars }
+    });
+}
+
+export async function importEnvFile(appId, content, overwrite = true) {
+    return this.request(`/apps/${appId}/env/import`, {
+        method: 'POST',
+        body: { content, overwrite }
+    });
+}
+
+export async function exportEnvFile(appId, includeSecrets = true) {
+    const params = includeSecrets ? '' : '?include_secrets=false';
+    return this.request(`/apps/${appId}/env/export${params}`);
+}
+
+export async function getEnvVarHistory(appId, limit = 50) {
+    return this.request(`/apps/${appId}/env/history?limit=${limit}`);
+}
+
+export async function clearEnvVars(appId) {
+    return this.request(`/apps/${appId}/env/clear`, {
+        method: 'DELETE'
+    });
+}
+
+// Docker App Logs and Status
+export async function getDockerAppLogs(appId, lines = 100) {
+    return this.request(`/apps/${appId}/logs?lines=${lines}`);
+}
+
+export async function getDockerAppStatus(appId) {
+    return this.request(`/apps/${appId}/status`);
+}
+
+// Template endpoints
+export async function listTemplates(category = null, search = null) {
+    const params = new URLSearchParams();
+    if (category) params.append('category', category);
+    if (search) params.append('search', search);
+    const query = params.toString();
+    return this.request(`/templates/${query ? '?' + query : ''}`);
+}
+
+export async function getTemplateCategories() {
+    return this.request('/templates/categories');
+}
+
+export async function getTemplate(templateId) {
+    return this.request(`/templates/${templateId}`);
+}
+
+export async function installTemplate(templateId, appName, variables = {}) {
+    return this.request(`/templates/${templateId}/install`, {
+        method: 'POST',
+        body: { app_name: appName, variables }
+    });
+}
+
+export async function validateTemplateInstall(templateId, appName, variables = {}) {
+    return this.request('/templates/validate-install', {
+        method: 'POST',
+        body: { template_id: templateId, app_name: appName, variables }
+    });
+}
+
+export async function testDatabaseConnection(config) {
+    return this.request('/templates/test-db-connection', {
+        method: 'POST',
+        body: config
+    });
+}
+
+export async function checkAppUpdate(appId) {
+    return this.request(`/templates/apps/${appId}/check-update`);
+}
+
+export async function updateAppFromTemplate(appId) {
+    return this.request(`/templates/apps/${appId}/update`, { method: 'POST' });
+}
+
+export async function getAppTemplateInfo(appId) {
+    return this.request(`/templates/apps/${appId}/template-info`);
+}
+
+export async function listTemplateRepos() {
+    return this.request('/templates/repos');
+}
+
+export async function addTemplateRepo(name, url) {
+    return this.request('/templates/repos', {
+        method: 'POST',
+        body: { name, url }
+    });
+}
+
+export async function removeTemplateRepo(url) {
+    return this.request('/templates/repos', {
+        method: 'DELETE',
+        body: { url }
+    });
+}
+
+export async function syncTemplates() {
+    return this.request('/templates/sync', { method: 'POST' });
+}
+
+// Git Deployment endpoints
+export async function getDeployConfig(appId) {
+    return this.request(`/deploy/apps/${appId}/config`);
+}
+
+export async function configureDeployment(appId, repoUrl, branch = 'main', autoDeploy = true, preDeployScript = null, postDeployScript = null) {
+    return this.request(`/deploy/apps/${appId}/config`, {
+        method: 'POST',
+        body: {
+            repo_url: repoUrl,
+            branch,
+            auto_deploy: autoDeploy,
+            pre_deploy_script: preDeployScript,
+            post_deploy_script: postDeployScript
+        }
+    });
+}
+
+export async function removeDeployment(appId) {
+    return this.request(`/deploy/apps/${appId}/config`, { method: 'DELETE' });
+}
+
+export async function triggerAppDeploy(appId, force = false) {
+    return this.request(`/deploy/apps/${appId}/deploy`, {
+        method: 'POST',
+        body: { force }
+    });
+}
+
+export async function pullChanges(appId, branch = null) {
+    return this.request(`/deploy/apps/${appId}/pull`, {
+        method: 'POST',
+        body: branch ? { branch } : {}
+    });
+}
+
+export async function getAppGitStatus(appId) {
+    return this.request(`/deploy/apps/${appId}/git-status`);
+}
+
+export async function getCommitInfo(appId) {
+    return this.request(`/deploy/apps/${appId}/commit`);
+}
+
+export async function getDeploymentHistory(appId = null, limit = 50) {
+    const params = new URLSearchParams({ limit });
+    if (appId) params.append('app_id', appId);
+    return this.request(`/deploy/history?${params}`);
+}
+
+export async function cloneRepository(appPath, repoUrl, branch = 'main') {
+    return this.request('/deploy/clone', {
+        method: 'POST',
+        body: { app_path: appPath, repo_url: repoUrl, branch }
+    });
+}
+
+export async function getAppBranches(appId) {
+    return this.request(`/deploy/apps/${appId}/branches`);
+}
+
+export async function getBranchesFromUrl(repoUrl) {
+    return this.request('/deploy/branches', {
+        method: 'POST',
+        body: { repo_url: repoUrl }
+    });
+}
+
+export async function getWebhookLogs(appId = null, limit = 50) {
+    const params = new URLSearchParams({ limit });
+    if (appId) params.append('app_id', appId);
+    return this.request(`/deploy/webhook-logs?${params}`);
+}
+
+// Build & Deployment endpoints
+export async function getBuildConfig(appId) {
+    return this.request(`/builds/apps/${appId}/build-config`);
+}
+
+export async function configureBuild(appId, config) {
+    return this.request(`/builds/apps/${appId}/build-config`, {
+        method: 'POST',
+        body: config
+    });
+}
+
+export async function removeBuildConfig(appId) {
+    return this.request(`/builds/apps/${appId}/build-config`, { method: 'DELETE' });
+}
+
+export async function detectBuildMethod(appId) {
+    return this.request(`/builds/apps/${appId}/detect`);
+}
+
+export async function getNixpacksPlan(appId) {
+    return this.request(`/builds/apps/${appId}/nixpacks-plan`);
+}
+
+export async function triggerBuild(appId, noCache = false) {
+    return this.request(`/builds/apps/${appId}/build`, {
+        method: 'POST',
+        body: { no_cache: noCache }
+    });
+}
+
+export async function getBuildLogs(appId, limit = 20) {
+    return this.request(`/builds/apps/${appId}/build-logs?limit=${limit}`);
+}
+
+export async function getBuildLogDetail(appId, timestamp) {
+    return this.request(`/builds/apps/${appId}/build-logs/${timestamp}`);
+}
+
+export async function clearBuildCache(appId) {
+    return this.request(`/builds/apps/${appId}/clear-cache`, { method: 'POST' });
+}
+
+export async function deployApp(appId, options = {}) {
+    return this.request(`/builds/apps/${appId}/deploy`, {
+        method: 'POST',
+        body: options
+    });
+}
+
+export async function getDeployments(appId, limit = 20, offset = 0) {
+    return this.request(`/builds/apps/${appId}/deployments?limit=${limit}&offset=${offset}`);
+}
+
+export async function getDeploymentDetail(deploymentId, includeLogs = false) {
+    return this.request(`/builds/deployments/${deploymentId}?include_logs=${includeLogs}`);
+}
+
+export async function getDeploymentDiff(deploymentId) {
+    return this.request(`/builds/deployments/${deploymentId}/diff`);
+}
+
+export async function rollback(appId, targetVersion = null) {
+    return this.request(`/builds/apps/${appId}/rollback`, {
+        method: 'POST',
+        body: targetVersion ? { version: targetVersion } : {}
+    });
+}
+
+export async function getCurrentDeployment(appId) {
+    return this.request(`/builds/apps/${appId}/current-deployment`);
+}
+
+// Workflow endpoints
+export async function getWorkflows() {
+    return this.request('/workflows');
+}
+
+export async function getWorkflow(id) {
+    return this.request(`/workflows/${id}`);
+}
+
+export async function createWorkflow(data) {
+    return this.request('/workflows', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function updateWorkflow(id, data) {
+    return this.request(`/workflows/${id}`, {
+        method: 'PUT',
+        body: data
+    });
+}
+
+export async function deleteWorkflow(id) {
+    return this.request(`/workflows/${id}`, {
+        method: 'DELETE'
+    });
+}
+
+export async function deployWorkflow(id) {
+    return this.request(`/workflows/${id}/deploy`, {
+        method: 'POST'
+    });
+}
+
+export async function executeWorkflow(id, context = {}) {
+    return this.request(`/workflows/${id}/execute`, {
+        method: 'POST',
+        body: { context }
+    });
+}
+
+export async function getWorkflowExecutions(id) {
+    return this.request(`/workflows/${id}/executions`);
+}
+
+export async function getWorkflowExecutionDetails(executionId) {
+    return this.request(`/workflows/executions/${executionId}`);
+}
+
+export async function getWorkflowExecutionLogs(executionId) {
+    return this.request(`/workflows/executions/${executionId}/logs`);
+}
+
+export async function validateWorkflow(data) {
+    return this.request('/workflows/validate', {
+        method: 'POST',
+        body: JSON.stringify(data)
+    });
+}
diff --git a/frontend/src/services/api/auth.js b/frontend/src/services/api/auth.js
new file mode 100644
index 00000000..21f51e33
--- /dev/null
+++ b/frontend/src/services/api/auth.js
@@ -0,0 +1,339 @@
+// Authentication, 2FA, SSO, user management, permissions, invitations
+
+// Auth endpoints
+export async function getSetupStatus() {
+    return this.request('/auth/setup-status');
+}
+
+export async function login(email, password) {
+    const data = await this.request('/auth/login', {
+        method: 'POST',
+        body: { email, password },
+    });
+    this.setTokens(data.access_token, data.refresh_token);
+    return data;
+}
+
+export async function register(email, username, password, inviteToken) {
+    const body = { email, username, password };
+    if (inviteToken) body.invite_token = inviteToken;
+    const data = await this.request('/auth/register', {
+        method: 'POST',
+        body,
+    });
+    this.setTokens(data.access_token, data.refresh_token);
+    return data;
+}
+
+export async function completeOnboarding(useCases) {
+    return this.request('/auth/complete-onboarding', {
+        method: 'POST',
+        body: { use_cases: useCases },
+    });
+}
+
+export async function logout() {
+    this.clearTokens();
+}
+
+export async function getCurrentUser() {
+    return this.request('/auth/me');
+}
+
+export async function updateCurrentUser(data) {
+    return this.request('/auth/me', {
+        method: 'PUT',
+        body: data
+    });
+}
+
+// Admin - User Management endpoints
+export async function getUsers() {
+    return this.request('/admin/users');
+}
+
+export async function getUser(userId) {
+    return this.request(`/admin/users/${userId}`);
+}
+
+export async function createUser(userData) {
+    return this.request('/admin/users', {
+        method: 'POST',
+        body: userData
+    });
+}
+
+export async function updateUser(userId, userData) {
+    return this.request(`/admin/users/${userId}`, {
+        method: 'PUT',
+        body: userData
+    });
+}
+
+export async function deleteUser(userId) {
+    return this.request(`/admin/users/${userId}`, {
+        method: 'DELETE'
+    });
+}
+
+// Admin - Audit Log endpoints
+export async function getAuditLogs(params = {}) {
+    const searchParams = new URLSearchParams();
+    if (params.page) searchParams.append('page', params.page);
+    if (params.per_page) searchParams.append('per_page', params.per_page);
+    if (params.action) searchParams.append('action', params.action);
+    if (params.user_id) searchParams.append('user_id', params.user_id);
+    if (params.target_type) searchParams.append('target_type', params.target_type);
+    const query = searchParams.toString();
+    return this.request(`/admin/audit-logs${query ? '?' + query : ''}`);
+}
+
+export async function getAuditLogActions() {
+    return this.request('/admin/audit-logs/actions');
+}
+
+// Admin - Permissions endpoints
+export async function getUserPermissions(userId) {
+    return this.request(`/admin/users/${userId}/permissions`);
+}
+
+export async function updateUserPermissions(userId, permissions) {
+    return this.request(`/admin/users/${userId}/permissions`, {
+        method: 'PUT',
+        body: { permissions }
+    });
+}
+
+export async function resetUserPermissions(userId) {
+    return this.request(`/admin/users/${userId}/permissions/reset`, {
+        method: 'POST'
+    });
+}
+
+export async function getPermissionTemplates() {
+    return this.request('/admin/permissions/templates');
+}
+
+// Admin - Invitations endpoints
+export async function getInvitations(status) {
+    const query = status ? `?status=${status}` : '';
+    return this.request(`/admin/invitations/${query}`);
+}
+
+export async function createInvitation(data) {
+    return this.request('/admin/invitations/', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function revokeInvitation(id) {
+    return this.request(`/admin/invitations/${id}`, {
+        method: 'DELETE'
+    });
+}
+
+export async function resendInvitation(id) {
+    return this.request(`/admin/invitations/resend/${id}`, {
+        method: 'POST'
+    });
+}
+
+export async function validateInvitation(token) {
+    return this.request(`/admin/invitations/validate/${token}`);
+}
+
+// Admin - Activity endpoints
+export async function getActivitySummary() {
+    return this.request('/admin/activity/summary');
+}
+
+export async function getActivityFeed(params = {}) {
+    const searchParams = new URLSearchParams();
+    if (params.page) searchParams.append('page', params.page);
+    if (params.per_page) searchParams.append('per_page', params.per_page);
+    if (params.user_id) searchParams.append('user_id', params.user_id);
+    if (params.action) searchParams.append('action', params.action);
+    if (params.start_date) searchParams.append('start_date', params.start_date);
+    if (params.end_date) searchParams.append('end_date', params.end_date);
+    const query = searchParams.toString();
+    return this.request(`/admin/activity/feed${query ? '?' + query : ''}`);
+}
+
+// Two-Factor Authentication endpoints
+export async function get2FAStatus() {
+    return this.request('/auth/2fa/status');
+}
+
+export async function initiate2FASetup() {
+    return this.request('/auth/2fa/setup', { method: 'POST' });
+}
+
+export async function confirm2FASetup(code) {
+    return this.request('/auth/2fa/setup/confirm', {
+        method: 'POST',
+        body: { code }
+    });
+}
+
+export async function disable2FA(code) {
+    return this.request('/auth/2fa/disable', {
+        method: 'POST',
+        body: { code }
+    });
+}
+
+export async function regenerateBackupCodes(code) {
+    return this.request('/auth/2fa/backup-codes/regenerate', {
+        method: 'POST',
+        body: { code }
+    });
+}
+
+export async function verify2FA(tempToken, code) {
+    return this.request('/auth/2fa/verify', {
+        method: 'POST',
+        body: { temp_token: tempToken, code }
+    });
+}
+
+// SSO / OAuth
+export async function getSSOProviders() {
+    return this.request('/sso/providers');
+}
+
+export async function startSSOAuth(provider, redirectUri) {
+    return this.request(`/sso/authorize/${provider}?redirect_uri=${encodeURIComponent(redirectUri)}`);
+}
+
+export async function completeSSOAuth(provider, code, state, redirectUri) {
+    const data = await this.request(`/sso/callback/${provider}`, {
+        method: 'POST',
+        body: { code, state, redirect_uri: redirectUri },
+    });
+    if (data.access_token) {
+        this.setTokens(data.access_token, data.refresh_token);
+    }
+    return data;
+}
+
+export async function getSSOIdentities() {
+    return this.request('/sso/identities');
+}
+
+export async function linkSSOProvider(provider, code, state, redirectUri) {
+    return this.request(`/sso/link/${provider}`, {
+        method: 'POST',
+        body: { code, state, redirect_uri: redirectUri },
+    });
+}
+
+export async function unlinkSSOProvider(provider) {
+    return this.request(`/sso/link/${provider}`, { method: 'DELETE' });
+}
+
+// SSO Admin
+export async function getSSOConfig() {
+    return this.request('/sso/admin/config');
+}
+
+export async function updateSSOProviderConfig(provider, config) {
+    return this.request(`/sso/admin/config/${provider}`, {
+        method: 'PUT',
+        body: config,
+    });
+}
+
+export async function testSSOProvider(provider) {
+    return this.request(`/sso/admin/test/${provider}`, { method: 'POST' });
+}
+
+export async function updateSSOGeneralSettings(settings) {
+    return this.request('/sso/admin/general', {
+        method: 'PUT',
+        body: settings,
+    });
+}
+
+// API Keys
+export async function getApiKeys() {
+    return this.request('/api-keys/');
+}
+
+export async function createApiKey(data) {
+    return this.request('/api-keys/', { method: 'POST', body: data });
+}
+
+export async function getApiKey(id) {
+    return this.request(`/api-keys/${id}`);
+}
+
+export async function updateApiKey(id, data) {
+    return this.request(`/api-keys/${id}`, { method: 'PUT', body: data });
+}
+
+export async function revokeApiKey(id) {
+    return this.request(`/api-keys/${id}`, { method: 'DELETE' });
+}
+
+export async function rotateApiKey(id) {
+    return this.request(`/api-keys/${id}/rotate`, { method: 'POST' });
+}
+
+// Event Subscriptions (Webhooks)
+export async function getEventSubscriptions() {
+    return this.request('/event-subscriptions/');
+}
+
+export async function createEventSubscription(data) {
+    return this.request('/event-subscriptions/', { method: 'POST', body: data });
+}
+
+export async function getAvailableEvents() {
+    return this.request('/event-subscriptions/events');
+}
+
+export async function getEventSubscription(id) {
+    return this.request(`/event-subscriptions/${id}`);
+}
+
+export async function updateEventSubscription(id, data) {
+    return this.request(`/event-subscriptions/${id}`, { method: 'PUT', body: data });
+}
+
+export async function deleteEventSubscription(id) {
+    return this.request(`/event-subscriptions/${id}`, { method: 'DELETE' });
+}
+
+export async function testEventSubscription(id) {
+    return this.request(`/event-subscriptions/${id}/test`, { method: 'POST' });
+}
+
+export async function getEventDeliveries(id, page = 1) {
+    return this.request(`/event-subscriptions/${id}/deliveries?page=${page}`);
+}
+
+export async function retryEventDelivery(subId, deliveryId) {
+    return this.request(`/event-subscriptions/${subId}/deliveries/${deliveryId}/retry`, { method: 'POST' });
+}
+
+// API Analytics
+export async function getApiAnalyticsOverview(period = '24h') {
+    return this.request(`/api-analytics/overview?period=${period}`);
+}
+
+export async function getApiAnalyticsEndpoints(period = '24h', limit = 20) {
+    return this.request(`/api-analytics/endpoints?period=${period}&limit=${limit}`);
+}
+
+export async function getApiAnalyticsErrors(period = '24h') {
+    return this.request(`/api-analytics/errors?period=${period}`);
+}
+
+export async function getApiAnalyticsTimeseries(period = '24h', interval = 'hour') {
+    return this.request(`/api-analytics/timeseries?period=${period}&interval=${interval}`);
+}
+
+export async function getApiKeyUsage(keyId, period = '24h') {
+    return this.request(`/api-analytics/keys/${keyId}/usage?period=${period}`);
+}
diff --git a/frontend/src/services/api/client.js b/frontend/src/services/api/client.js
new file mode 100644
index 00000000..907330c2
--- /dev/null
+++ b/frontend/src/services/api/client.js
@@ -0,0 +1,96 @@
+// Base HTTP client — constructor, token management, core request methods
+const API_BASE_URL = import.meta.env.VITE_API_URL ||
+    (import.meta.env.PROD ? '/api/v1' : 'http://localhost:5000/api/v1');
+
+class ApiClient {
+    constructor() {
+        this.baseUrl = API_BASE_URL;
+    }
+
+    getToken() {
+        return localStorage.getItem('access_token');
+    }
+
+    setTokens(accessToken, refreshToken) {
+        localStorage.setItem('access_token', accessToken);
+        localStorage.setItem('refresh_token', refreshToken);
+    }
+
+    clearTokens() {
+        localStorage.removeItem('access_token');
+        localStorage.removeItem('refresh_token');
+    }
+
+    async request(endpoint, options = {}) {
+        const url = `${this.baseUrl}${endpoint}`;
+        const token = this.getToken();
+
+        const config = {
+            headers: {
+                'Content-Type': 'application/json',
+                ...(token && { Authorization: `Bearer ${token}` }),
+                ...options.headers,
+            },
+            ...options,
+        };
+
+        if (options.body && typeof options.body === 'object') {
+            config.body = JSON.stringify(options.body);
+        }
+
+        try {
+            const response = await fetch(url, config);
+
+            if (response.status === 401) {
+                const refreshed = await this.refreshToken();
+                if (refreshed) {
+                    config.headers.Authorization = `Bearer ${this.getToken()}`;
+                    const retryResponse = await fetch(url, config);
+                    return this.handleResponse(retryResponse);
+                }
+                this.clearTokens();
+                window.location.href = '/login';
+                throw new Error('Session expired');
+            }
+
+            return this.handleResponse(response);
+        } catch (error) {
+            console.error('API Error:', error);
+            throw error;
+        }
+    }
+
+    async handleResponse(response) {
+        const data = await response.json();
+        if (!response.ok) {
+            throw new Error(data.error || 'Request failed');
+        }
+        return data;
+    }
+
+    async refreshToken() {
+        const refreshToken = localStorage.getItem('refresh_token');
+        if (!refreshToken) return false;
+
+        try {
+            const response = await fetch(`${this.baseUrl}/auth/refresh`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    Authorization: `Bearer ${refreshToken}`,
+                },
+            });
+
+            if (response.ok) {
+                const data = await response.json();
+                localStorage.setItem('access_token', data.access_token);
+                return true;
+            }
+            return false;
+        } catch {
+            return false;
+        }
+    }
+}
+
+export default ApiClient;
diff --git a/frontend/src/services/api/databases.js b/frontend/src/services/api/databases.js
new file mode 100644
index 00000000..878ec1e8
--- /dev/null
+++ b/frontend/src/services/api/databases.js
@@ -0,0 +1,225 @@
+// Database CRUD, MySQL, PostgreSQL, SQLite, Docker databases, queries
+
+// Database status
+export async function getDatabaseStatus() {
+    return this.request('/databases/status');
+}
+
+// MySQL
+export async function getMySQLDatabases(rootPassword = null) {
+    const params = rootPassword ? `?root_password=${encodeURIComponent(rootPassword)}` : '';
+    return this.request(`/databases/mysql${params}`);
+}
+
+export async function createMySQLDatabase(data) {
+    return this.request('/databases/mysql', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function dropMySQLDatabase(name, rootPassword = null) {
+    return this.request(`/databases/mysql/${name}`, {
+        method: 'DELETE',
+        body: { root_password: rootPassword }
+    });
+}
+
+export async function getMySQLTables(database, rootPassword = null) {
+    const params = rootPassword ? `?root_password=${encodeURIComponent(rootPassword)}` : '';
+    return this.request(`/databases/mysql/${database}/tables${params}`);
+}
+
+export async function backupMySQLDatabase(database, rootPassword = null) {
+    return this.request(`/databases/mysql/${database}/backup`, {
+        method: 'POST',
+        body: { root_password: rootPassword }
+    });
+}
+
+export async function restoreMySQLDatabase(database, backupPath, rootPassword = null) {
+    return this.request(`/databases/mysql/${database}/restore`, {
+        method: 'POST',
+        body: { backup_path: backupPath, root_password: rootPassword }
+    });
+}
+
+export async function getMySQLUsers(rootPassword = null) {
+    const params = rootPassword ? `?root_password=${encodeURIComponent(rootPassword)}` : '';
+    return this.request(`/databases/mysql/users${params}`);
+}
+
+export async function createMySQLUser(data) {
+    return this.request('/databases/mysql/users', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function dropMySQLUser(username, host = 'localhost', rootPassword = null) {
+    return this.request(`/databases/mysql/users/${username}`, {
+        method: 'DELETE',
+        body: { host, root_password: rootPassword }
+    });
+}
+
+export async function grantMySQLPrivileges(username, database, privileges = 'ALL', host = 'localhost', rootPassword = null) {
+    return this.request(`/databases/mysql/users/${username}/grant`, {
+        method: 'POST',
+        body: { database, privileges, host, root_password: rootPassword }
+    });
+}
+
+// PostgreSQL
+export async function getPostgreSQLDatabases() {
+    return this.request('/databases/postgresql');
+}
+
+export async function createPostgreSQLDatabase(data) {
+    return this.request('/databases/postgresql', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function dropPostgreSQLDatabase(name) {
+    return this.request(`/databases/postgresql/${name}`, { method: 'DELETE' });
+}
+
+export async function getPostgreSQLTables(database) {
+    return this.request(`/databases/postgresql/${database}/tables`);
+}
+
+export async function backupPostgreSQLDatabase(database) {
+    return this.request(`/databases/postgresql/${database}/backup`, { method: 'POST' });
+}
+
+export async function restorePostgreSQLDatabase(database, backupPath) {
+    return this.request(`/databases/postgresql/${database}/restore`, {
+        method: 'POST',
+        body: { backup_path: backupPath }
+    });
+}
+
+export async function getPostgreSQLUsers() {
+    return this.request('/databases/postgresql/users');
+}
+
+export async function createPostgreSQLUser(data) {
+    return this.request('/databases/postgresql/users', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function dropPostgreSQLUser(username) {
+    return this.request(`/databases/postgresql/users/${username}`, { method: 'DELETE' });
+}
+
+export async function grantPostgreSQLPrivileges(username, database, privileges = 'ALL') {
+    return this.request(`/databases/postgresql/users/${username}/grant`, {
+        method: 'POST',
+        body: { database, privileges }
+    });
+}
+
+// Backups
+export async function getDatabaseBackups(type = null) {
+    const params = type ? `?type=${type}` : '';
+    return this.request(`/databases/backups${params}`);
+}
+
+export async function deleteDatabaseBackup(filename) {
+    return this.request(`/databases/backups/${filename}`, { method: 'DELETE' });
+}
+
+export async function generateDatabasePassword(length = 16) {
+    return this.request(`/databases/generate-password?length=${length}`);
+}
+
+// Query Execution
+export async function executeMySQLQuery(database, query, readonly = true) {
+    return this.request(`/databases/mysql/${database}/query`, {
+        method: 'POST',
+        body: { query, readonly }
+    });
+}
+
+export async function executePostgreSQLQuery(database, query, readonly = true) {
+    return this.request(`/databases/postgresql/${database}/query`, {
+        method: 'POST',
+        body: { query, readonly }
+    });
+}
+
+export async function executeSQLiteQuery(path, query, readonly = true) {
+    return this.request('/databases/sqlite/query', {
+        method: 'POST',
+        body: { path, query, readonly }
+    });
+}
+
+export async function getMySQLTableStructure(database, table) {
+    return this.request(`/databases/mysql/${database}/tables/${table}/structure`);
+}
+
+export async function getPostgreSQLTableStructure(database, table) {
+    return this.request(`/databases/postgresql/${database}/tables/${table}/structure`);
+}
+
+export async function getSQLiteTableStructure(path, table) {
+    return this.request(`/databases/sqlite/tables/${table}/structure?path=${encodeURIComponent(path)}`);
+}
+
+export async function getSQLiteDatabases() {
+    return this.request('/databases/sqlite');
+}
+
+export async function getSQLiteTables(path) {
+    return this.request(`/databases/sqlite/tables?path=${encodeURIComponent(path)}`);
+}
+
+// Docker Container Databases
+export async function getDockerDatabases() {
+    return this.request('/databases/docker');
+}
+
+export async function getAppDatabases(appId) {
+    return this.request(`/databases/docker/app/${appId}`);
+}
+
+export async function getDockerContainerDatabases(container, password = null) {
+    const headers = password ? { 'X-DB-Password': password } : {};
+    return this.request(`/databases/docker/${container}/databases`, { headers });
+}
+
+export async function getDockerDatabaseTables(container, database, password = null) {
+    const headers = password ? { 'X-DB-Password': password } : {};
+    return this.request(`/databases/docker/${container}/${database}/tables`, { headers });
+}
+
+export async function executeDockerQuery(container, database, query, password = null, readonly = true) {
+    const headers = password ? { 'X-DB-Password': password } : {};
+    return this.request(`/databases/docker/${container}/${database}/query`, {
+        method: 'POST',
+        body: { query, readonly, password },
+        headers
+    });
+}
+
+// Database Migrations
+export async function getMigrationStatus() {
+    return this.request('/migrations/status');
+}
+
+export async function createMigrationBackup() {
+    return this.request('/migrations/backup', { method: 'POST' });
+}
+
+export async function applyMigrations() {
+    return this.request('/migrations/apply', { method: 'POST' });
+}
+
+export async function getMigrationHistory() {
+    return this.request('/migrations/history');
+}
diff --git a/frontend/src/services/api/dns.js b/frontend/src/services/api/dns.js
new file mode 100644
index 00000000..6ff7ef54
--- /dev/null
+++ b/frontend/src/services/api/dns.js
@@ -0,0 +1,59 @@
+// DNS Zones & Records
+
+export async function getDNSZones() {
+    return this.request('/dns/');
+}
+
+export async function getDNSZone(zoneId) {
+    return this.request(`/dns/${zoneId}`);
+}
+
+export async function createDNSZone(data) {
+    return this.request('/dns/', { method: 'POST', body: data });
+}
+
+export async function deleteDNSZone(zoneId) {
+    return this.request(`/dns/${zoneId}`, { method: 'DELETE' });
+}
+
+export async function getDNSRecords(zoneId) {
+    return this.request(`/dns/${zoneId}/records`);
+}
+
+export async function createDNSRecord(zoneId, data) {
+    return this.request(`/dns/${zoneId}/records`, { method: 'POST', body: data });
+}
+
+export async function updateDNSRecord(recordId, data) {
+    return this.request(`/dns/records/${recordId}`, { method: 'PUT', body: data });
+}
+
+export async function deleteDNSRecord(recordId) {
+    return this.request(`/dns/records/${recordId}`, { method: 'DELETE' });
+}
+
+export async function getDNSPresets() {
+    return this.request('/dns/presets');
+}
+
+export async function applyDNSPreset(zoneId, preset, variables = {}) {
+    return this.request(`/dns/${zoneId}/apply-preset`, {
+        method: 'POST',
+        body: { preset, variables },
+    });
+}
+
+export async function checkDNSPropagation(domain, type = 'A') {
+    return this.request(`/dns/propagation/${domain}?type=${type}`);
+}
+
+export async function exportDNSZone(zoneId) {
+    return this.request(`/dns/${zoneId}/export`);
+}
+
+export async function importDNSZone(zoneId, zoneFile) {
+    return this.request(`/dns/${zoneId}/import`, {
+        method: 'POST',
+        body: { zone_file: zoneFile },
+    });
+}
diff --git a/frontend/src/services/api/docker.js b/frontend/src/services/api/docker.js
new file mode 100644
index 00000000..40f7e6a9
--- /dev/null
+++ b/frontend/src/services/api/docker.js
@@ -0,0 +1,211 @@
+// Docker containers, images, volumes, networks, compose operations
+
+// Docker status
+export async function getDockerStatus() {
+    return this.request('/docker/status');
+}
+
+export async function getDockerInfo() {
+    return this.request('/docker/info');
+}
+
+export async function getDockerDiskUsage() {
+    return this.request('/docker/disk-usage');
+}
+
+// Containers
+export async function getContainers(all = true) {
+    return this.request(`/docker/containers?all=${all}`);
+}
+
+export async function getContainer(containerId) {
+    return this.request(`/docker/containers/${containerId}`);
+}
+
+export async function createContainer(data) {
+    return this.request('/docker/containers', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function runContainer(data) {
+    return this.request('/docker/containers/run', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function startContainer(containerId) {
+    return this.request(`/docker/containers/${containerId}/start`, { method: 'POST' });
+}
+
+export async function stopContainer(containerId, timeout = 10) {
+    return this.request(`/docker/containers/${containerId}/stop`, {
+        method: 'POST',
+        body: { timeout }
+    });
+}
+
+export async function restartContainer(containerId, timeout = 10) {
+    return this.request(`/docker/containers/${containerId}/restart`, {
+        method: 'POST',
+        body: { timeout }
+    });
+}
+
+export async function removeContainer(containerId, force = false, volumes = false) {
+    return this.request(`/docker/containers/${containerId}`, {
+        method: 'DELETE',
+        body: { force, volumes }
+    });
+}
+
+export async function getContainerLogs(containerId, tail = 100, since = null) {
+    const params = new URLSearchParams({ tail });
+    if (since) params.append('since', since);
+    return this.request(`/docker/containers/${containerId}/logs?${params}`);
+}
+
+export async function getContainerStats(containerId) {
+    return this.request(`/docker/containers/${containerId}/stats`);
+}
+
+export async function execContainer(containerId, command) {
+    return this.request(`/docker/containers/${containerId}/exec`, {
+        method: 'POST',
+        body: { command }
+    });
+}
+
+// Images
+export async function getImages() {
+    return this.request('/docker/images');
+}
+
+export async function pullImage(image, tag = 'latest') {
+    return this.request('/docker/images/pull', {
+        method: 'POST',
+        body: { image, tag }
+    });
+}
+
+export async function removeImage(imageId, force = false) {
+    return this.request(`/docker/images/${imageId}`, {
+        method: 'DELETE',
+        body: { force }
+    });
+}
+
+export async function buildImage(path, tag, dockerfile = 'Dockerfile', noCache = false) {
+    return this.request('/docker/images/build', {
+        method: 'POST',
+        body: { path, tag, dockerfile, no_cache: noCache }
+    });
+}
+
+// Networks
+export async function getNetworks() {
+    return this.request('/docker/networks');
+}
+
+export async function createNetwork(name, driver = 'bridge') {
+    return this.request('/docker/networks', {
+        method: 'POST',
+        body: { name, driver }
+    });
+}
+
+export async function removeNetwork(networkId) {
+    return this.request(`/docker/networks/${networkId}`, { method: 'DELETE' });
+}
+
+// Volumes
+export async function getVolumes() {
+    return this.request('/docker/volumes');
+}
+
+export async function createVolume(name, driver = 'local') {
+    return this.request('/docker/volumes', {
+        method: 'POST',
+        body: { name, driver }
+    });
+}
+
+export async function removeVolume(volumeName, force = false) {
+    return this.request(`/docker/volumes/${volumeName}`, {
+        method: 'DELETE',
+        body: { force }
+    });
+}
+
+// Docker Compose
+export async function composeUp(path, detach = true, build = false) {
+    return this.request('/docker/compose/up', {
+        method: 'POST',
+        body: { path, detach, build }
+    });
+}
+
+export async function composeDown(path, volumes = false, removeOrphans = true) {
+    return this.request('/docker/compose/down', {
+        method: 'POST',
+        body: { path, volumes, remove_orphans: removeOrphans }
+    });
+}
+
+export async function composePs(path) {
+    return this.request('/docker/compose/ps', {
+        method: 'POST',
+        body: { path }
+    });
+}
+
+export async function composeLogs(path, service = null, tail = 100) {
+    return this.request('/docker/compose/logs', {
+        method: 'POST',
+        body: { path, service, tail }
+    });
+}
+
+export async function composeRestart(path, service = null) {
+    return this.request('/docker/compose/restart', {
+        method: 'POST',
+        body: { path, service }
+    });
+}
+
+export async function composePull(path, service = null) {
+    return this.request('/docker/compose/pull', {
+        method: 'POST',
+        body: { path, service }
+    });
+}
+
+// Docker App
+export async function createDockerApp(data) {
+    return this.request('/docker/apps', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function pruneDocker(all = false, volumes = false) {
+    return this.request('/docker/prune', {
+        method: 'POST',
+        body: { all, volumes }
+    });
+}
+
+export async function dockerCleanup(includeVolumes = false) {
+    return this.request('/docker/cleanup', {
+        method: 'POST',
+        body: { volumes: includeVolumes }
+    });
+}
+
+export async function cleanupAllApps() {
+    return this.request('/docker/cleanup/apps', {
+        method: 'POST'
+    });
+}
diff --git a/frontend/src/services/api/files.js b/frontend/src/services/api/files.js
new file mode 100644
index 00000000..63936c88
--- /dev/null
+++ b/frontend/src/services/api/files.js
@@ -0,0 +1,549 @@
+// File manager, FTP, Git server, domains, DNS zones, status pages
+
+// File Manager endpoints
+export async function browseFiles(path = '/home', showHidden = false) {
+    const params = new URLSearchParams({ path, show_hidden: showHidden });
+    return this.request(`/files/browse?${params}`);
+}
+
+export async function getFileInfo(path) {
+    return this.request(`/files/info?path=${encodeURIComponent(path)}`);
+}
+
+export async function readFile(path) {
+    return this.request(`/files/read?path=${encodeURIComponent(path)}`);
+}
+
+export async function writeFile(path, content, createBackup = true) {
+    return this.request('/files/write', {
+        method: 'POST',
+        body: { path, content, create_backup: createBackup }
+    });
+}
+
+export async function createFile(path, content = '') {
+    return this.request('/files/create', {
+        method: 'POST',
+        body: { path, content }
+    });
+}
+
+export async function createDirectory(path) {
+    return this.request('/files/mkdir', {
+        method: 'POST',
+        body: { path }
+    });
+}
+
+export async function deleteFile(path) {
+    return this.request(`/files/delete?path=${encodeURIComponent(path)}`, {
+        method: 'DELETE'
+    });
+}
+
+export async function renameFile(path, newName) {
+    return this.request('/files/rename', {
+        method: 'POST',
+        body: { path, new_name: newName }
+    });
+}
+
+export async function copyFile(src, dest) {
+    return this.request('/files/copy', {
+        method: 'POST',
+        body: { src, dest }
+    });
+}
+
+export async function moveFile(src, dest) {
+    return this.request('/files/move', {
+        method: 'POST',
+        body: { src, dest }
+    });
+}
+
+export async function changeFilePermissions(path, mode) {
+    return this.request('/files/chmod', {
+        method: 'POST',
+        body: { path, mode }
+    });
+}
+
+export async function searchFiles(directory, pattern, maxResults = 100) {
+    const params = new URLSearchParams({ directory, pattern, max_results: maxResults });
+    return this.request(`/files/search?${params}`);
+}
+
+export async function getDiskUsage(path = '/') {
+    return this.request(`/files/disk-usage?path=${encodeURIComponent(path)}`);
+}
+
+export async function getAllDiskMounts() {
+    return this.request('/files/disk-mounts');
+}
+
+export async function analyzeDirectory(path = '/home', depth = 2, limit = 20) {
+    const params = new URLSearchParams({ path, depth, limit });
+    return this.request(`/files/analyze?${params}`);
+}
+
+export async function getFileTypeBreakdown(path = '/home', maxDepth = 3) {
+    const params = new URLSearchParams({ path, max_depth: maxDepth });
+    return this.request(`/files/type-breakdown?${params}`);
+}
+
+export async function downloadFile(path) {
+    const token = this.getToken();
+    const url = `${this.baseUrl}/files/download?path=${encodeURIComponent(path)}`;
+    window.open(`${url}&token=${token}`, '_blank');
+}
+
+export async function uploadFile(destination, file, onProgress = null) {
+    const token = this.getToken();
+    const formData = new FormData();
+    formData.append('file', file);
+    formData.append('destination', destination);
+
+    return new Promise((resolve, reject) => {
+        const xhr = new XMLHttpRequest();
+        xhr.open('POST', `${this.baseUrl}/files/upload`);
+        xhr.setRequestHeader('Authorization', `Bearer ${token}`);
+
+        if (onProgress) {
+            xhr.upload.onprogress = (e) => {
+                if (e.lengthComputable) {
+                    onProgress((e.loaded / e.total) * 100);
+                }
+            };
+        }
+
+        xhr.onload = () => {
+            if (xhr.status >= 200 && xhr.status < 300) {
+                resolve(JSON.parse(xhr.responseText));
+            } else {
+                reject(new Error(JSON.parse(xhr.responseText).error || 'Upload failed'));
+            }
+        };
+
+        xhr.onerror = () => reject(new Error('Upload failed'));
+        xhr.send(formData);
+    });
+}
+
+// FTP Server endpoints
+export async function getFTPStatus() {
+    return this.request('/ftp/status');
+}
+
+export async function controlFTPService(action, service = null) {
+    return this.request(`/ftp/service/${action}`, {
+        method: 'POST',
+        body: service ? { service } : {}
+    });
+}
+
+export async function getFTPConfig(service = null) {
+    const params = service ? `?service=${service}` : '';
+    return this.request(`/ftp/config${params}`);
+}
+
+export async function updateFTPConfig(config, service = null) {
+    return this.request('/ftp/config', {
+        method: 'POST',
+        body: { config, service }
+    });
+}
+
+export async function getFTPUsers() {
+    return this.request('/ftp/users');
+}
+
+export async function createFTPUser(username, password = null, homeDir = null) {
+    return this.request('/ftp/users', {
+        method: 'POST',
+        body: { username, password, home_dir: homeDir }
+    });
+}
+
+export async function deleteFTPUser(username, deleteHome = false) {
+    const params = deleteHome ? '?delete_home=true' : '';
+    return this.request(`/ftp/users/${username}${params}`, {
+        method: 'DELETE'
+    });
+}
+
+export async function changeFTPPassword(username, password = null) {
+    return this.request(`/ftp/users/${username}/password`, {
+        method: 'POST',
+        body: password ? { password } : {}
+    });
+}
+
+export async function toggleFTPUser(username, enabled) {
+    return this.request(`/ftp/users/${username}/toggle`, {
+        method: 'POST',
+        body: { enabled }
+    });
+}
+
+export async function getFTPConnections() {
+    return this.request('/ftp/connections');
+}
+
+export async function disconnectFTPSession(pid) {
+    return this.request(`/ftp/connections/${pid}`, {
+        method: 'DELETE'
+    });
+}
+
+export async function getFTPLogs(lines = 100) {
+    return this.request(`/ftp/logs?lines=${lines}`);
+}
+
+export async function installFTPServer(service = 'vsftpd') {
+    return this.request('/ftp/install', {
+        method: 'POST',
+        body: { service }
+    });
+}
+
+export async function testFTPConnection(host = 'localhost', port = 21, username = null, password = null) {
+    return this.request('/ftp/test', {
+        method: 'POST',
+        body: { host, port, username, password }
+    });
+}
+
+// Git Server endpoints
+export async function getGitServerStatus() {
+    return this.request('/git/status');
+}
+
+export async function getGitRequirements() {
+    return this.request('/git/requirements');
+}
+
+export async function installGit(data) {
+    return this.request('/git/install', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function uninstallGit(removeData = false) {
+    return this.request('/git/uninstall', {
+        method: 'POST',
+        body: { removeData }
+    });
+}
+
+export async function startGit() {
+    return this.request('/git/start', { method: 'POST' });
+}
+
+export async function stopGit() {
+    return this.request('/git/stop', { method: 'POST' });
+}
+
+export async function restartGit() {
+    return this.request('/git/restart', { method: 'POST' });
+}
+
+// Git Webhooks
+export async function getWebhooks() {
+    return this.request('/git/webhooks');
+}
+
+export async function getWebhook(webhookId) {
+    return this.request(`/git/webhooks/${webhookId}`);
+}
+
+export async function createWebhook(data) {
+    return this.request('/git/webhooks', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function updateWebhook(webhookId, data) {
+    return this.request(`/git/webhooks/${webhookId}`, {
+        method: 'PUT',
+        body: data
+    });
+}
+
+export async function deleteWebhook(webhookId) {
+    return this.request(`/git/webhooks/${webhookId}`, { method: 'DELETE' });
+}
+
+export async function toggleWebhook(webhookId) {
+    return this.request(`/git/webhooks/${webhookId}/toggle`, { method: 'POST' });
+}
+
+export async function getGitWebhookLogs(webhookId, limit = 50) {
+    return this.request(`/git/webhooks/${webhookId}/logs?limit=${limit}`);
+}
+
+export async function testWebhook(webhookId) {
+    return this.request(`/git/webhooks/${webhookId}/test`, { method: 'POST' });
+}
+
+// Git Repositories
+export async function getRepositories(limit = 50) {
+    return this.request(`/git/repos?limit=${limit}`);
+}
+
+export async function getRepository(owner, repo) {
+    return this.request(`/git/repos/${owner}/${repo}`);
+}
+
+export async function getRepoStats(owner, repo) {
+    return this.request(`/git/repos/${owner}/${repo}/stats`);
+}
+
+export async function getBranches(owner, repo) {
+    return this.request(`/git/repos/${owner}/${repo}/branches`);
+}
+
+export async function getBranch(owner, repo, branch) {
+    return this.request(`/git/repos/${owner}/${repo}/branches/${branch}`);
+}
+
+export async function getCommits(owner, repo, branch = null, page = 1, limit = 30) {
+    let url = `/git/repos/${owner}/${repo}/commits?page=${page}&limit=${limit}`;
+    if (branch) url += `&branch=${branch}`;
+    return this.request(url);
+}
+
+export async function getCommit(owner, repo, sha) {
+    return this.request(`/git/repos/${owner}/${repo}/commits/${sha}`);
+}
+
+export async function getRepoFiles(owner, repo, ref = 'main', path = '') {
+    let url = `/git/repos/${owner}/${repo}/contents?ref=${ref}`;
+    if (path) url += `&path=${path}`;
+    return this.request(url);
+}
+
+export async function getFileContent(owner, repo, filepath, ref = 'main') {
+    return this.request(`/git/repos/${owner}/${repo}/contents/${filepath}?ref=${ref}`);
+}
+
+export async function getRepoReadme(owner, repo, ref = null) {
+    let url = `/git/repos/${owner}/${repo}/readme`;
+    if (ref) url += `?ref=${ref}`;
+    return this.request(url);
+}
+
+export async function getGiteaVersion() {
+    return this.request('/git/version');
+}
+
+// Git Deployments
+export async function getAppDeployments(appId, limit = 20) {
+    return this.request(`/git/deployments/app/${appId}?limit=${limit}`);
+}
+
+export async function getDeployment(deploymentId, includeLogs = false) {
+    return this.request(`/git/deployments/${deploymentId}?logs=${includeLogs}`);
+}
+
+export async function triggerGitDeploy(appId, branch = null) {
+    return this.request(`/git/deployments/app/${appId}/deploy`, {
+        method: 'POST',
+        body: branch ? { branch } : {}
+    });
+}
+
+export async function rollbackDeployment(appId, targetVersion = null) {
+    return this.request(`/git/deployments/app/${appId}/rollback`, {
+        method: 'POST',
+        body: targetVersion ? { targetVersion } : {}
+    });
+}
+
+export async function getWebhookDeployments(webhookId, limit = 20) {
+    return this.request(`/git/deployments/webhook/${webhookId}?limit=${limit}`);
+}
+
+// Domains endpoints
+export async function getDomains() {
+    return this.request('/domains');
+}
+
+export async function getDomain(id) {
+    return this.request(`/domains/${id}`);
+}
+
+export async function createDomain(domainData) {
+    return this.request('/domains', {
+        method: 'POST',
+        body: domainData,
+    });
+}
+
+export async function updateDomain(id, domainData) {
+    return this.request(`/domains/${id}`, {
+        method: 'PUT',
+        body: domainData,
+    });
+}
+
+export async function deleteDomain(id) {
+    return this.request(`/domains/${id}`, {
+        method: 'DELETE',
+    });
+}
+
+export async function enableSsl(domainId, email) {
+    return this.request(`/domains/${domainId}/ssl/enable`, {
+        method: 'POST',
+        body: { email }
+    });
+}
+
+export async function disableSsl(domainId) {
+    return this.request(`/domains/${domainId}/ssl/disable`, { method: 'POST' });
+}
+
+export async function renewDomainSsl(domainId) {
+    return this.request(`/domains/${domainId}/ssl/renew`, { method: 'POST' });
+}
+
+export async function verifyDomain(domainId) {
+    return this.request(`/domains/${domainId}/verify`);
+}
+
+export async function getDomainsNginxSites() {
+    return this.request('/domains/nginx/sites');
+}
+
+export async function getDomainsSslStatus() {
+    return this.request('/domains/ssl/status');
+}
+
+// DNS Zones endpoints
+export async function getDNSZones() {
+    return this.request('/dns/');
+}
+
+export async function getDNSZone(id) {
+    return this.request(`/dns/${id}`);
+}
+
+export async function createDNSZone(data) {
+    return this.request('/dns/', { method: 'POST', body: data });
+}
+
+export async function deleteDNSZone(id) {
+    return this.request(`/dns/${id}`, { method: 'DELETE' });
+}
+
+export async function getDNSRecords(zoneId) {
+    return this.request(`/dns/${zoneId}/records`);
+}
+
+export async function createDNSRecord(zoneId, data) {
+    return this.request(`/dns/${zoneId}/records`, { method: 'POST', body: data });
+}
+
+export async function updateDNSRecord(recordId, data) {
+    return this.request(`/dns/records/${recordId}`, { method: 'PUT', body: data });
+}
+
+export async function deleteDNSRecord(recordId) {
+    return this.request(`/dns/records/${recordId}`, { method: 'DELETE' });
+}
+
+export async function getDNSPresets() {
+    return this.request('/dns/presets');
+}
+
+export async function applyDNSPreset(zoneId, preset, variables) {
+    return this.request(`/dns/${zoneId}/apply-preset`, {
+        method: 'POST', body: { preset, variables }
+    });
+}
+
+export async function checkDNSPropagation(domain, type = 'A') {
+    return this.request(`/dns/propagation/${domain}?type=${type}`);
+}
+
+export async function exportDNSZone(zoneId) {
+    return this.request(`/dns/${zoneId}/export`);
+}
+
+export async function importDNSZone(zoneId, zoneFile) {
+    return this.request(`/dns/${zoneId}/import`, {
+        method: 'POST', body: { zone_file: zoneFile }
+    });
+}
+
+// Status Pages endpoints
+export async function getStatusPages() {
+    return this.request('/status/');
+}
+
+export async function getStatusPage(id) {
+    return this.request(`/status/${id}`);
+}
+
+export async function createStatusPage(data) {
+    return this.request('/status/', { method: 'POST', body: data });
+}
+
+export async function updateStatusPage(id, data) {
+    return this.request(`/status/${id}`, { method: 'PUT', body: data });
+}
+
+export async function deleteStatusPage(id) {
+    return this.request(`/status/${id}`, { method: 'DELETE' });
+}
+
+export async function getPublicStatusPage(slug) {
+    return this.request(`/status/public/${slug}`);
+}
+
+export async function getStatusPageComponents(pageId) {
+    return this.request(`/status/${pageId}/components`);
+}
+
+export async function createStatusComponent(pageId, data) {
+    return this.request(`/status/${pageId}/components`, { method: 'POST', body: data });
+}
+
+export async function updateStatusComponent(compId, data) {
+    return this.request(`/status/components/${compId}`, { method: 'PUT', body: data });
+}
+
+export async function deleteStatusComponent(compId) {
+    return this.request(`/status/components/${compId}`, { method: 'DELETE' });
+}
+
+export async function runStatusCheck(compId) {
+    return this.request(`/status/components/${compId}/check`, { method: 'POST' });
+}
+
+export async function getStatusCheckHistory(compId, hours = 24) {
+    return this.request(`/status/components/${compId}/history?hours=${hours}`);
+}
+
+export async function getStatusPageIncidents(pageId) {
+    return this.request(`/status/${pageId}/incidents`);
+}
+
+export async function createStatusIncident(pageId, data) {
+    return this.request(`/status/${pageId}/incidents`, { method: 'POST', body: data });
+}
+
+export async function updateStatusIncident(incidentId, data) {
+    return this.request(`/status/incidents/${incidentId}`, { method: 'PUT', body: data });
+}
+
+export async function deleteStatusIncident(incidentId) {
+    return this.request(`/status/incidents/${incidentId}`, { method: 'DELETE' });
+}
+
+export async function getStatusBadge(slug) {
+    return this.request(`/status/badge/${slug}`);
+}
diff --git a/frontend/src/services/api/index.js b/frontend/src/services/api/index.js
new file mode 100644
index 00000000..017f7a8d
--- /dev/null
+++ b/frontend/src/services/api/index.js
@@ -0,0 +1,40 @@
+import ApiClient from './client.js';
+import * as authMethods from './auth.js';
+import * as appMethods from './apps.js';
+import * as dockerMethods from './docker.js';
+import * as databaseMethods from './databases.js';
+import * as serverMethods from './servers.js';
+import * as wordpressMethods from './wordpress.js';
+import * as systemMethods from './system.js';
+import * as securityMethods from './security.js';
+import * as fileMethods from './files.js';
+import * as dnsMethods from './dns.js';
+
+class ApiService extends ApiClient {
+    constructor() {
+        super();
+        // Bind all methods from domain modules to this instance
+        const modules = [
+            authMethods,
+            appMethods,
+            dockerMethods,
+            databaseMethods,
+            serverMethods,
+            wordpressMethods,
+            systemMethods,
+            securityMethods,
+            fileMethods,
+            dnsMethods,
+        ];
+        for (const mod of modules) {
+            for (const [key, fn] of Object.entries(mod)) {
+                if (typeof fn === 'function') {
+                    this[key] = fn.bind(this);
+                }
+            }
+        }
+    }
+}
+
+export const api = new ApiService();
+export default api;
diff --git a/frontend/src/services/api/security.js b/frontend/src/services/api/security.js
new file mode 100644
index 00000000..1528d03b
--- /dev/null
+++ b/frontend/src/services/api/security.js
@@ -0,0 +1,361 @@
+// Firewall, fail2ban, SSL certificates, ClamAV, file integrity,
+// SSH keys, IP lists, security audit, Lynis, auto-updates
+
+// Firewall endpoints
+export async function getFirewallStatus() {
+    return this.request('/firewall/status');
+}
+
+export async function enableFirewall(firewall = null) {
+    return this.request('/firewall/enable', {
+        method: 'POST',
+        body: firewall ? { firewall } : {}
+    });
+}
+
+export async function disableFirewall(firewall = null) {
+    return this.request('/firewall/disable', {
+        method: 'POST',
+        body: firewall ? { firewall } : {}
+    });
+}
+
+export async function getFirewallRules(firewall = null) {
+    const params = firewall ? `?firewall=${firewall}` : '';
+    return this.request(`/firewall/rules${params}`);
+}
+
+export async function addFirewallRule(ruleData) {
+    return this.request('/firewall/rules', {
+        method: 'POST',
+        body: ruleData
+    });
+}
+
+export async function removeFirewallRule(ruleData) {
+    return this.request('/firewall/rules', {
+        method: 'DELETE',
+        body: ruleData
+    });
+}
+
+export async function blockIP(ip, permanent = true) {
+    return this.request('/firewall/block-ip', {
+        method: 'POST',
+        body: { ip, permanent }
+    });
+}
+
+export async function unblockIP(ip, permanent = true) {
+    return this.request('/firewall/unblock-ip', {
+        method: 'POST',
+        body: { ip, permanent }
+    });
+}
+
+export async function getBlockedIPs() {
+    return this.request('/firewall/blocked-ips');
+}
+
+export async function allowPort(port, protocol = 'tcp', permanent = true) {
+    return this.request('/firewall/allow-port', {
+        method: 'POST',
+        body: { port, protocol, permanent }
+    });
+}
+
+export async function denyPort(port, protocol = 'tcp', permanent = true) {
+    return this.request('/firewall/deny-port', {
+        method: 'POST',
+        body: { port, protocol, permanent }
+    });
+}
+
+export async function getFirewallZones() {
+    return this.request('/firewall/zones');
+}
+
+export async function setDefaultZone(zone) {
+    return this.request('/firewall/zones/default', {
+        method: 'POST',
+        body: { zone }
+    });
+}
+
+export async function installFirewall(firewall = 'ufw') {
+    return this.request('/firewall/install', {
+        method: 'POST',
+        body: { firewall }
+    });
+}
+
+// SSL endpoints
+export async function getSSLStatus() {
+    return this.request('/ssl/status');
+}
+
+export async function getCertificates() {
+    return this.request('/ssl/certificates');
+}
+
+export async function obtainCertificate(data) {
+    return this.request('/ssl/certificates', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function renewCertificate(domain) {
+    return this.request(`/ssl/certificates/${domain}/renew`, { method: 'POST' });
+}
+
+export async function renewAllCertificates() {
+    return this.request('/ssl/certificates/renew-all', { method: 'POST' });
+}
+
+export async function revokeCertificate(domain) {
+    return this.request(`/ssl/certificates/${domain}`, { method: 'DELETE' });
+}
+
+export async function setupAutoRenewal() {
+    return this.request('/ssl/auto-renewal', { method: 'POST' });
+}
+
+export async function installCertbot() {
+    return this.request('/ssl/install-certbot', { method: 'POST' });
+}
+
+// Advanced SSL endpoints
+export async function getSSLProfiles() {
+    return this.request('/ssl/advanced/profiles');
+}
+
+export async function issueWildcardCert(domain, dnsProvider, credentials) {
+    return this.request('/ssl/advanced/wildcard', {
+        method: 'POST', body: { domain, dns_provider: dnsProvider, credentials }
+    });
+}
+
+export async function issueSANCert(domains) {
+    return this.request('/ssl/advanced/san', {
+        method: 'POST', body: { domains }
+    });
+}
+
+export async function uploadCustomCert(domain, certificate, privateKey, chain) {
+    return this.request('/ssl/advanced/upload', {
+        method: 'POST', body: { domain, certificate, private_key: privateKey, chain }
+    });
+}
+
+export async function getSSLHealth(domain) {
+    return this.request(`/ssl/advanced/health/${domain}`);
+}
+
+export async function getSSLExpiryAlerts(days = 30) {
+    return this.request(`/ssl/advanced/expiry-alerts?days=${days}`);
+}
+
+// Security (ClamAV, File Integrity) endpoints
+export async function getSecurityStatus() {
+    return this.request('/security/status');
+}
+
+export async function getSecurityConfig() {
+    return this.request('/security/config');
+}
+
+export async function updateSecurityConfig(config) {
+    return this.request('/security/config', {
+        method: 'PUT',
+        body: config
+    });
+}
+
+export async function getClamAVStatus() {
+    return this.request('/security/clamav/status');
+}
+
+export async function installClamAV() {
+    return this.request('/security/clamav/install', { method: 'POST' });
+}
+
+export async function updateVirusDefinitions() {
+    return this.request('/security/clamav/update', { method: 'POST' });
+}
+
+export async function scanFile(path) {
+    return this.request('/security/scan/file', {
+        method: 'POST',
+        body: { path }
+    });
+}
+
+export async function scanDirectory(path, recursive = true) {
+    return this.request('/security/scan/directory', {
+        method: 'POST',
+        body: { path, recursive }
+    });
+}
+
+export async function getScanStatus() {
+    return this.request('/security/scan/status');
+}
+
+export async function cancelScan() {
+    return this.request('/security/scan/cancel', { method: 'POST' });
+}
+
+export async function getScanHistory(limit = 50) {
+    return this.request(`/security/scan/history?limit=${limit}`);
+}
+
+export async function runQuickScan() {
+    return this.request('/security/scan/quick', { method: 'POST' });
+}
+
+export async function runFullScan() {
+    return this.request('/security/scan/full', { method: 'POST' });
+}
+
+export async function getQuarantinedFiles() {
+    return this.request('/security/quarantine');
+}
+
+export async function quarantineFile(path) {
+    return this.request('/security/quarantine', {
+        method: 'POST',
+        body: { path }
+    });
+}
+
+export async function deleteQuarantinedFile(filename) {
+    return this.request(`/security/quarantine/${encodeURIComponent(filename)}`, {
+        method: 'DELETE'
+    });
+}
+
+export async function initializeIntegrityDatabase(paths = null) {
+    return this.request('/security/integrity/initialize', {
+        method: 'POST',
+        body: paths ? { paths } : {}
+    });
+}
+
+export async function checkFileIntegrity() {
+    return this.request('/security/integrity/check');
+}
+
+export async function getFailedLogins(hours = 24) {
+    return this.request(`/security/failed-logins?hours=${hours}`);
+}
+
+export async function getSecurityEvents(limit = 100) {
+    return this.request(`/security/events?limit=${limit}`);
+}
+
+// Fail2ban endpoints
+export async function getFail2banStatus() {
+    return this.request('/security/fail2ban/status');
+}
+
+export async function installFail2ban() {
+    return this.request('/security/fail2ban/install', { method: 'POST' });
+}
+
+export async function getFail2banJailStatus(jail) {
+    return this.request(`/security/fail2ban/jails/${jail}`);
+}
+
+export async function getAllFail2banBans() {
+    return this.request('/security/fail2ban/bans');
+}
+
+export async function fail2banUnban(ip, jail = null) {
+    return this.request('/security/fail2ban/unban', {
+        method: 'POST',
+        body: { ip, jail }
+    });
+}
+
+export async function fail2banBan(ip, jail = 'sshd') {
+    return this.request('/security/fail2ban/ban', {
+        method: 'POST',
+        body: { ip, jail }
+    });
+}
+
+// SSH Key endpoints
+export async function getSSHKeys(user = 'root') {
+    return this.request(`/security/ssh-keys?user=${user}`);
+}
+
+export async function addSSHKey(key, user = 'root') {
+    return this.request('/security/ssh-keys', {
+        method: 'POST',
+        body: { key, user }
+    });
+}
+
+export async function removeSSHKey(keyId, user = 'root') {
+    return this.request(`/security/ssh-keys/${keyId}?user=${user}`, {
+        method: 'DELETE'
+    });
+}
+
+// IP Lists endpoints
+export async function getIPLists() {
+    return this.request('/security/ip-lists');
+}
+
+export async function addToIPList(ip, listType, comment = '') {
+    return this.request(`/security/ip-lists/${listType}`, {
+        method: 'POST',
+        body: { ip, comment }
+    });
+}
+
+export async function removeFromIPList(ip, listType) {
+    return this.request(`/security/ip-lists/${listType}/${encodeURIComponent(ip)}`, {
+        method: 'DELETE'
+    });
+}
+
+// Security Audit endpoints
+export async function generateSecurityAudit() {
+    return this.request('/security/audit');
+}
+
+// Lynis (Vulnerability Scanning) endpoints
+export async function getLynisStatus() {
+    return this.request('/security/lynis/status');
+}
+
+export async function installLynis() {
+    return this.request('/security/lynis/install', { method: 'POST' });
+}
+
+export async function runLynisScan() {
+    return this.request('/security/lynis/scan', { method: 'POST' });
+}
+
+export async function getLynisScanStatus() {
+    return this.request('/security/lynis/scan/status');
+}
+
+// Auto Updates endpoints
+export async function getAutoUpdatesStatus() {
+    return this.request('/security/auto-updates/status');
+}
+
+export async function installAutoUpdates() {
+    return this.request('/security/auto-updates/install', { method: 'POST' });
+}
+
+export async function enableAutoUpdates() {
+    return this.request('/security/auto-updates/enable', { method: 'POST' });
+}
+
+export async function disableAutoUpdates() {
+    return this.request('/security/auto-updates/disable', { method: 'POST' });
+}
diff --git a/frontend/src/services/api/servers.js b/frontend/src/services/api/servers.js
new file mode 100644
index 00000000..404560f6
--- /dev/null
+++ b/frontend/src/services/api/servers.js
@@ -0,0 +1,749 @@
+// Server management, remote Docker, fleet management, terminals, cloud provisioning
+
+// Servers (Multi-Server Management) endpoints
+export async function getServers() {
+    return this.request('/servers');
+}
+
+export async function getServer(id) {
+    return this.request(`/servers/${id}`);
+}
+
+export async function createServer(data) {
+    return this.request('/servers', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function updateServer(id, data) {
+    return this.request(`/servers/${id}`, {
+        method: 'PUT',
+        body: data
+    });
+}
+
+export async function deleteServer(id) {
+    return this.request(`/servers/${id}`, {
+        method: 'DELETE'
+    });
+}
+
+export async function getServerStatus(id) {
+    return this.request(`/servers/${id}/status`);
+}
+
+export async function getServerMetrics(id) {
+    return this.request(`/servers/${id}/metrics`);
+}
+
+export async function pingServer(id) {
+    return this.request(`/servers/${id}/ping`, {
+        method: 'POST'
+    });
+}
+
+// Server Registration
+export async function generateRegistrationToken(serverId) {
+    return this.request(`/servers/${serverId}/regenerate-token`, {
+        method: 'POST'
+    });
+}
+
+export async function registerServer(registrationData) {
+    return this.request('/servers/register', {
+        method: 'POST',
+        body: registrationData
+    });
+}
+
+// Server Groups
+export async function getServerGroups() {
+    return this.request('/servers/groups');
+}
+
+export async function createServerGroup(data) {
+    return this.request('/servers/groups', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function updateServerGroup(id, data) {
+    return this.request(`/servers/groups/${id}`, {
+        method: 'PUT',
+        body: data
+    });
+}
+
+export async function deleteServerGroup(id) {
+    return this.request(`/servers/groups/${id}`, {
+        method: 'DELETE'
+    });
+}
+
+// Remote Docker Operations (via agent)
+export async function getRemoteContainers(serverId, all = false) {
+    return this.request(`/servers/${serverId}/docker/containers?all=${all}`);
+}
+
+export async function getRemoteContainer(serverId, containerId) {
+    return this.request(`/servers/${serverId}/docker/containers/${containerId}`);
+}
+
+export async function startRemoteContainer(serverId, containerId) {
+    return this.request(`/servers/${serverId}/docker/containers/${containerId}/start`, {
+        method: 'POST'
+    });
+}
+
+export async function stopRemoteContainer(serverId, containerId) {
+    return this.request(`/servers/${serverId}/docker/containers/${containerId}/stop`, {
+        method: 'POST'
+    });
+}
+
+export async function restartRemoteContainer(serverId, containerId) {
+    return this.request(`/servers/${serverId}/docker/containers/${containerId}/restart`, {
+        method: 'POST'
+    });
+}
+
+export async function removeRemoteContainer(serverId, containerId, force = false) {
+    return this.request(`/servers/${serverId}/docker/containers/${containerId}?force=${force}`, {
+        method: 'DELETE'
+    });
+}
+
+export async function getRemoteContainerStats(serverId, containerId) {
+    return this.request(`/servers/${serverId}/docker/containers/${containerId}/stats`);
+}
+
+export async function getRemoteContainerLogs(serverId, containerId, tail = 100, since = null) {
+    const params = new URLSearchParams({ tail });
+    if (since) params.append('since', since);
+    return this.request(`/servers/${serverId}/docker/containers/${containerId}/logs?${params}`);
+}
+
+export async function getRemoteImages(serverId) {
+    return this.request(`/servers/${serverId}/docker/images`);
+}
+
+export async function pullRemoteImage(serverId, image) {
+    return this.request(`/servers/${serverId}/docker/images/pull`, {
+        method: 'POST',
+        body: { image }
+    });
+}
+
+export async function removeRemoteImage(serverId, imageId, force = false) {
+    return this.request(`/servers/${serverId}/docker/images/${imageId}?force=${force}`, {
+        method: 'DELETE'
+    });
+}
+
+export async function getRemoteVolumes(serverId) {
+    return this.request(`/servers/${serverId}/docker/volumes`);
+}
+
+export async function getRemoteNetworks(serverId) {
+    return this.request(`/servers/${serverId}/docker/networks`);
+}
+
+export async function getRemoteSystemMetrics(serverId) {
+    return this.request(`/servers/${serverId}/system/metrics`);
+}
+
+export async function getRemoteSystemInfo(serverId) {
+    return this.request(`/servers/${serverId}/system/info`);
+}
+
+// Get available servers for Docker operations
+export async function getAvailableServers() {
+    return this.request('/servers/available');
+}
+
+// Remote Docker Compose Operations
+export async function getRemoteComposeProjects(serverId) {
+    return this.request(`/servers/${serverId}/docker/compose/projects`);
+}
+
+export async function getRemoteComposePs(serverId, projectPath) {
+    return this.request(`/servers/${serverId}/docker/compose/ps`, {
+        method: 'POST',
+        body: { project_path: projectPath }
+    });
+}
+
+export async function remoteComposeUp(serverId, projectPath, options = {}) {
+    return this.request(`/servers/${serverId}/docker/compose/up`, {
+        method: 'POST',
+        body: {
+            project_path: projectPath,
+            detach: options.detach !== false,
+            build: options.build || false
+        }
+    });
+}
+
+export async function remoteComposeDown(serverId, projectPath, options = {}) {
+    return this.request(`/servers/${serverId}/docker/compose/down`, {
+        method: 'POST',
+        body: {
+            project_path: projectPath,
+            volumes: options.volumes || false,
+            remove_orphans: options.removeOrphans !== false
+        }
+    });
+}
+
+export async function remoteComposeLogs(serverId, projectPath, service = null, tail = 100) {
+    return this.request(`/servers/${serverId}/docker/compose/logs`, {
+        method: 'POST',
+        body: {
+            project_path: projectPath,
+            service: service,
+            tail: tail
+        }
+    });
+}
+
+export async function remoteComposeRestart(serverId, projectPath, service = null) {
+    return this.request(`/servers/${serverId}/docker/compose/restart`, {
+        method: 'POST',
+        body: {
+            project_path: projectPath,
+            service: service
+        }
+    });
+}
+
+export async function remoteComposePull(serverId, projectPath, service = null) {
+    return this.request(`/servers/${serverId}/docker/compose/pull`, {
+        method: 'POST',
+        body: {
+            project_path: projectPath,
+            service: service
+        }
+    });
+}
+
+// Server Historical Metrics
+export async function getServerMetricsHistory(serverId, period = '24h') {
+    return this.request(`/servers/${serverId}/metrics/history?period=${period}`);
+}
+
+export async function getServerMetricsAggregated(serverId, period = '24h', aggregation = 'hourly') {
+    return this.request(`/servers/${serverId}/metrics/aggregated?period=${period}&aggregation=${aggregation}`);
+}
+
+export async function compareServerMetrics(serverIds, metric = 'cpu', period = '24h') {
+    const ids = Array.isArray(serverIds) ? serverIds.join(',') : serverIds;
+    return this.request(`/servers/metrics/compare?ids=${ids}&metric=${metric}&period=${period}`);
+}
+
+export async function getMetricsRetentionStats() {
+    return this.request('/servers/metrics/retention');
+}
+
+export async function triggerMetricsCleanup() {
+    return this.request('/servers/metrics/cleanup', { method: 'POST' });
+}
+
+// Remote Terminal
+export async function createTerminalSession(serverId, cols = 80, rows = 24) {
+    return this.request(`/servers/${serverId}/terminal`, {
+        method: 'POST',
+        body: { cols, rows }
+    });
+}
+
+export async function sendTerminalInput(sessionId, data) {
+    return this.request(`/servers/terminal/${sessionId}/input`, {
+        method: 'POST',
+        body: { data }
+    });
+}
+
+export async function resizeTerminal(sessionId, cols, rows) {
+    return this.request(`/servers/terminal/${sessionId}/resize`, {
+        method: 'POST',
+        body: { cols, rows }
+    });
+}
+
+export async function closeTerminalSession(sessionId) {
+    return this.request(`/servers/terminal/${sessionId}`, {
+        method: 'DELETE'
+    });
+}
+
+export async function listTerminalSessions() {
+    return this.request('/servers/terminal/sessions');
+}
+
+// Security Features (per-server)
+export async function getAllowedIPs(serverId) {
+    return this.request(`/servers/${serverId}/allowed-ips`);
+}
+
+export async function updateAllowedIPs(serverId, allowedIPs) {
+    return this.request(`/servers/${serverId}/allowed-ips`, {
+        method: 'PUT',
+        body: { allowed_ips: allowedIPs }
+    });
+}
+
+export async function getConnectionInfo(serverId) {
+    return this.request(`/servers/${serverId}/connection-info`);
+}
+
+export async function rotateAPIKey(serverId) {
+    return this.request(`/servers/${serverId}/rotate-api-key`, {
+        method: 'POST'
+    });
+}
+
+export async function getServerSecurityAlerts(serverId, options = {}) {
+    const params = new URLSearchParams();
+    if (options.status) params.append('status', options.status);
+    if (options.severity) params.append('severity', options.severity);
+    if (options.limit) params.append('limit', options.limit);
+    const query = params.toString() ? `?${params.toString()}` : '';
+    return this.request(`/servers/${serverId}/security/alerts${query}`);
+}
+
+export async function getAllSecurityAlerts(options = {}) {
+    const params = new URLSearchParams();
+    if (options.status) params.append('status', options.status);
+    if (options.severity) params.append('severity', options.severity);
+    if (options.type) params.append('type', options.type);
+    if (options.limit) params.append('limit', options.limit);
+    const query = params.toString() ? `?${params.toString()}` : '';
+    return this.request(`/servers/security/alerts${query}`);
+}
+
+export async function getSecurityAlertCounts(serverId = null) {
+    const query = serverId ? `?server_id=${serverId}` : '';
+    return this.request(`/servers/security/alerts/counts${query}`);
+}
+
+export async function acknowledgeAlert(alertId) {
+    return this.request(`/servers/security/alerts/${alertId}/acknowledge`, {
+        method: 'POST'
+    });
+}
+
+export async function resolveAlert(alertId) {
+    return this.request(`/servers/security/alerts/${alertId}/resolve`, {
+        method: 'POST'
+    });
+}
+
+// Agent Downloads
+export async function getAgentVersion() {
+    return this.request('/servers/agent/version');
+}
+
+export async function getAgentDownloadUrl(os, arch) {
+    const baseUrl = this.baseUrl.replace('/api/v1', '');
+    return `${baseUrl}/api/servers/agent/download/${os}/${arch}`;
+}
+
+// Agent Fleet Management endpoints
+export async function getFleetHealth() {
+    return this.request('/servers/fleet/health');
+}
+
+export async function getAgentVersions() {
+    return this.request('/servers/fleet/versions');
+}
+
+export async function addAgentVersion(data) {
+    return this.request('/servers/fleet/versions', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function upgradeFleet(serverIds, versionId) {
+    return this.request('/servers/fleet/upgrade', {
+        method: 'POST',
+        body: { server_ids: serverIds, version_id: versionId }
+    });
+}
+
+export async function startRollout(data) {
+    return this.request('/servers/fleet/rollout', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function getRollouts(status) {
+    const query = status ? `?status=${status}` : '';
+    return this.request(`/servers/fleet/rollouts${query}`);
+}
+
+export async function getRollout(rolloutId) {
+    return this.request(`/servers/fleet/rollouts/${rolloutId}`);
+}
+
+export async function cancelRollout(rolloutId) {
+    return this.request(`/servers/fleet/rollouts/${rolloutId}/cancel`, {
+        method: 'POST'
+    });
+}
+
+export async function startDiscovery(duration = 10) {
+    return this.request(`/servers/fleet/discovery?duration=${duration}`, {
+        method: 'POST'
+    });
+}
+
+export async function getDiscoveredAgents() {
+    return this.request('/servers/fleet/discovery');
+}
+
+export async function approveRegistration(serverId) {
+    return this.request(`/servers/fleet/approve/${serverId}`, {
+        method: 'POST'
+    });
+}
+
+export async function rejectRegistration(serverId) {
+    return this.request(`/servers/fleet/reject/${serverId}`, {
+        method: 'POST'
+    });
+}
+
+export async function getQueuedCommands(serverId) {
+    const query = serverId ? `?server_id=${serverId}` : '';
+    return this.request(`/servers/fleet/commands/queued${query}`);
+}
+
+export async function retryCommand(commandId) {
+    return this.request(`/servers/fleet/commands/${commandId}/retry`, {
+        method: 'POST'
+    });
+}
+
+export async function getServerDiagnostics(serverId) {
+    return this.request(`/servers/fleet/diagnostics/${serverId}`);
+}
+
+// Fleet Monitor (Cross-Server Monitoring) endpoints
+export async function getFleetHeatmap(groupId) {
+    const query = groupId ? `?group_id=${groupId}` : '';
+    return this.request(`/fleet-monitor/heatmap${query}`);
+}
+
+export async function getFleetComparison(serverIds, metric, period) {
+    const ids = serverIds.join(',');
+    return this.request(`/fleet-monitor/comparison?ids=${ids}&metric=${metric}&period=${period}`);
+}
+
+export async function getFleetAlerts(params = {}) {
+    const searchParams = new URLSearchParams();
+    if (params.status) searchParams.append('status', params.status);
+    if (params.severity) searchParams.append('severity', params.severity);
+    if (params.server_id) searchParams.append('server_id', params.server_id);
+    if (params.limit) searchParams.append('limit', params.limit);
+    const query = searchParams.toString();
+    return this.request(`/fleet-monitor/alerts${query ? '?' + query : ''}`);
+}
+
+export async function acknowledgeFleetAlert(alertId) {
+    return this.request(`/fleet-monitor/alerts/${alertId}/acknowledge`, { method: 'POST' });
+}
+
+export async function resolveFleetAlert(alertId) {
+    return this.request(`/fleet-monitor/alerts/${alertId}/resolve`, { method: 'POST' });
+}
+
+export async function getFleetThresholds(serverId) {
+    const query = serverId ? `?server_id=${serverId}` : '';
+    return this.request(`/fleet-monitor/thresholds${query}`);
+}
+
+export async function createFleetThreshold(data) {
+    return this.request('/fleet-monitor/thresholds', { method: 'POST', body: data });
+}
+
+export async function deleteFleetThreshold(thresholdId) {
+    return this.request(`/fleet-monitor/thresholds/${thresholdId}`, { method: 'DELETE' });
+}
+
+export async function getFleetAnomalies(serverId) {
+    const query = serverId ? `?server_id=${serverId}` : '';
+    return this.request(`/fleet-monitor/anomalies${query}`);
+}
+
+export async function getCapacityForecast(serverId, metric = 'disk') {
+    return this.request(`/fleet-monitor/forecast/${serverId}?metric=${metric}`);
+}
+
+export async function searchFleet(query, type = 'any') {
+    return this.request(`/fleet-monitor/search?q=${encodeURIComponent(query)}&type=${type}`);
+}
+
+export async function exportFleetCsv(serverIds, metric, period) {
+    const ids = serverIds.join(',');
+    const url = `${this.baseUrl}/fleet-monitor/export/csv?ids=${ids}&metric=${metric}&period=${period}`;
+    const token = this.getToken();
+    const response = await fetch(url, {
+        headers: token ? { Authorization: `Bearer ${token}` } : {}
+    });
+    return response.blob();
+}
+
+// Agent Plugins endpoints
+export async function getAgentPlugins(status) {
+    const query = status ? `?status=${status}` : '';
+    return this.request(`/agent-plugins/${query}`);
+}
+
+export async function getAgentPlugin(id) {
+    return this.request(`/agent-plugins/${id}`);
+}
+
+export async function createAgentPlugin(data) {
+    return this.request('/agent-plugins/', { method: 'POST', body: data });
+}
+
+export async function updateAgentPlugin(id, data) {
+    return this.request(`/agent-plugins/${id}`, { method: 'PUT', body: data });
+}
+
+export async function deleteAgentPlugin(id) {
+    return this.request(`/agent-plugins/${id}`, { method: 'DELETE' });
+}
+
+export async function installAgentPlugin(pluginId, serverId, config) {
+    return this.request(`/agent-plugins/${pluginId}/install`, {
+        method: 'POST', body: { server_id: serverId, config }
+    });
+}
+
+export async function bulkInstallAgentPlugin(pluginId, serverIds, config) {
+    return this.request(`/agent-plugins/${pluginId}/bulk-install`, {
+        method: 'POST', body: { server_ids: serverIds, config }
+    });
+}
+
+export async function getPluginInstallations(pluginId) {
+    return this.request(`/agent-plugins/${pluginId}/installations`);
+}
+
+export async function getServerPlugins(serverId) {
+    return this.request(`/agent-plugins/server/${serverId}`);
+}
+
+export async function enablePluginInstall(installId) {
+    return this.request(`/agent-plugins/installs/${installId}/enable`, { method: 'POST' });
+}
+
+export async function disablePluginInstall(installId) {
+    return this.request(`/agent-plugins/installs/${installId}/disable`, { method: 'POST' });
+}
+
+export async function uninstallPlugin(installId) {
+    return this.request(`/agent-plugins/installs/${installId}`, { method: 'DELETE' });
+}
+
+export async function updatePluginInstallConfig(installId, config) {
+    return this.request(`/agent-plugins/installs/${installId}/config`, {
+        method: 'PUT', body: { config }
+    });
+}
+
+export async function getPluginSpec() {
+    return this.request('/agent-plugins/spec');
+}
+
+// Server Templates endpoints
+export async function getServerTemplates(category) {
+    const query = category ? `?category=${category}` : '';
+    return this.request(`/server-templates/${query}`);
+}
+
+export async function getServerTemplate(id) {
+    return this.request(`/server-templates/${id}`);
+}
+
+export async function getServerTemplateLibrary() {
+    return this.request('/server-templates/library');
+}
+
+export async function createServerTemplateFromLibrary(key) {
+    return this.request(`/server-templates/library/${key}`, { method: 'POST' });
+}
+
+export async function createServerTemplate(data) {
+    return this.request('/server-templates/', { method: 'POST', body: data });
+}
+
+export async function updateServerTemplate(id, data) {
+    return this.request(`/server-templates/${id}`, { method: 'PUT', body: data });
+}
+
+export async function deleteServerTemplate(id) {
+    return this.request(`/server-templates/${id}`, { method: 'DELETE' });
+}
+
+export async function assignServerTemplate(templateId, serverId) {
+    return this.request(`/server-templates/${templateId}/assign`, {
+        method: 'POST', body: { server_id: serverId }
+    });
+}
+
+export async function bulkAssignTemplate(templateId, serverIds) {
+    return this.request(`/server-templates/${templateId}/bulk-assign`, {
+        method: 'POST', body: { server_ids: serverIds }
+    });
+}
+
+export async function getTemplateAssignments(templateId) {
+    return this.request(`/server-templates/${templateId}/assignments`);
+}
+
+export async function unassignTemplate(assignmentId) {
+    return this.request(`/server-templates/assignments/${assignmentId}`, { method: 'DELETE' });
+}
+
+export async function checkTemplateDrift(assignmentId) {
+    return this.request(`/server-templates/assignments/${assignmentId}/check`, { method: 'POST' });
+}
+
+export async function remediateTemplateDrift(assignmentId) {
+    return this.request(`/server-templates/assignments/${assignmentId}/remediate`, { method: 'POST' });
+}
+
+export async function getTemplateCompliance() {
+    return this.request('/server-templates/compliance');
+}
+
+export async function getServerTemplateAssignments(serverId) {
+    return this.request(`/server-templates/server/${serverId}`);
+}
+
+// Workspaces endpoints
+export async function getWorkspaces(params = {}) {
+    const query = new URLSearchParams();
+    if (params.all) query.append('all', 'true');
+    if (params.include_archived) query.append('include_archived', 'true');
+    const qs = query.toString();
+    return this.request(`/workspaces/${qs ? '?' + qs : ''}`);
+}
+
+export async function getWorkspace(id) {
+    return this.request(`/workspaces/${id}`);
+}
+
+export async function createWorkspace(data) {
+    return this.request('/workspaces/', { method: 'POST', body: data });
+}
+
+export async function updateWorkspace(id, data) {
+    return this.request(`/workspaces/${id}`, { method: 'PUT', body: data });
+}
+
+export async function archiveWorkspace(id) {
+    return this.request(`/workspaces/${id}/archive`, { method: 'POST' });
+}
+
+export async function restoreWorkspace(id) {
+    return this.request(`/workspaces/${id}/restore`, { method: 'POST' });
+}
+
+export async function deleteWorkspace(id) {
+    return this.request(`/workspaces/${id}`, { method: 'DELETE' });
+}
+
+export async function getWorkspaceMembers(workspaceId) {
+    return this.request(`/workspaces/${workspaceId}/members`);
+}
+
+export async function addWorkspaceMember(workspaceId, userId, role) {
+    return this.request(`/workspaces/${workspaceId}/members`, {
+        method: 'POST', body: { user_id: userId, role: role || 'member' }
+    });
+}
+
+export async function updateWorkspaceMemberRole(memberId, role) {
+    return this.request(`/workspaces/members/${memberId}/role`, {
+        method: 'PUT', body: { role }
+    });
+}
+
+export async function removeWorkspaceMember(memberId) {
+    return this.request(`/workspaces/members/${memberId}`, { method: 'DELETE' });
+}
+
+export async function getWorkspaceApiKeys(workspaceId) {
+    return this.request(`/workspaces/${workspaceId}/api-keys`);
+}
+
+export async function createWorkspaceApiKey(workspaceId, name, scopes) {
+    return this.request(`/workspaces/${workspaceId}/api-keys`, {
+        method: 'POST', body: { name, scopes }
+    });
+}
+
+export async function revokeWorkspaceApiKey(keyId) {
+    return this.request(`/workspaces/api-keys/${keyId}/revoke`, { method: 'POST' });
+}
+
+// Cloud Provisioning endpoints
+export async function getCloudProviders() {
+    return this.request('/cloud/providers');
+}
+
+export async function createCloudProvider(data) {
+    return this.request('/cloud/providers', { method: 'POST', body: data });
+}
+
+export async function deleteCloudProvider(id) {
+    return this.request(`/cloud/providers/${id}`, { method: 'DELETE' });
+}
+
+export async function getCloudProviderOptions(type) {
+    return this.request(`/cloud/providers/${type}/options`);
+}
+
+export async function getCloudServers(providerId) {
+    const query = providerId ? `?provider_id=${providerId}` : '';
+    return this.request(`/cloud/servers${query}`);
+}
+
+export async function getCloudServer(id) {
+    return this.request(`/cloud/servers/${id}`);
+}
+
+export async function createCloudServer(data) {
+    return this.request('/cloud/servers', { method: 'POST', body: data });
+}
+
+export async function destroyCloudServer(id) {
+    return this.request(`/cloud/servers/${id}`, { method: 'DELETE' });
+}
+
+export async function resizeCloudServer(id, size) {
+    return this.request(`/cloud/servers/${id}/resize`, { method: 'POST', body: { size } });
+}
+
+export async function getCloudSnapshots(serverId) {
+    return this.request(`/cloud/servers/${serverId}/snapshots`);
+}
+
+export async function createCloudSnapshot(serverId, name) {
+    return this.request(`/cloud/servers/${serverId}/snapshots`, { method: 'POST', body: { name } });
+}
+
+export async function deleteCloudSnapshot(id) {
+    return this.request(`/cloud/snapshots/${id}`, { method: 'DELETE' });
+}
+
+export async function getCloudCosts() {
+    return this.request('/cloud/costs');
+}
diff --git a/frontend/src/services/api/system.js b/frontend/src/services/api/system.js
new file mode 100644
index 00000000..e0e43ed6
--- /dev/null
+++ b/frontend/src/services/api/system.js
@@ -0,0 +1,857 @@
+// System info, settings, processes, nginx, PHP, Python, logs, cron,
+// monitoring, backups, uptime, metrics, notifications, email, performance, mobile
+
+// Admin - System Settings endpoints
+export async function getSystemSettings() {
+    const data = await this.request('/admin/settings');
+    const result = {};
+    if (data.settings && Array.isArray(data.settings)) {
+        for (const setting of data.settings) {
+            result[setting.key] = setting.value;
+        }
+    }
+    return result;
+}
+
+export async function updateSystemSettings(settings) {
+    return this.request('/admin/settings', {
+        method: 'PUT',
+        body: settings
+    });
+}
+
+export async function getSystemSetting(key) {
+    return this.request(`/admin/settings/${key}`);
+}
+
+export async function updateSystemSetting(key, value) {
+    return this.request(`/admin/settings/${key}`, {
+        method: 'PUT',
+        body: { value }
+    });
+}
+
+export async function getAdminStats() {
+    return this.request('/admin/stats');
+}
+
+// System endpoints
+export async function getSystemMetrics() {
+    return this.request('/system/metrics');
+}
+
+export async function getSystemInfo() {
+    return this.request('/system/info');
+}
+
+export async function getServerTime() {
+    return this.request('/system/time');
+}
+
+export async function getTimezones() {
+    return this.request('/system/timezones');
+}
+
+export async function setTimezone(timezone) {
+    return this.request('/system/timezone', {
+        method: 'PUT',
+        body: { timezone }
+    });
+}
+
+export async function getVersion() {
+    return this.request('/system/version');
+}
+
+export async function checkUpdate() {
+    return this.request('/system/check-update');
+}
+
+export async function getSystemProcesses() {
+    return this.request('/system/processes');
+}
+
+export async function getServices() {
+    return this.request('/system/services');
+}
+
+export async function healthCheck() {
+    return this.request('/system/health');
+}
+
+// Process endpoints
+export async function getProcesses(limit = 50, sortBy = 'cpu') {
+    return this.request(`/processes?limit=${limit}&sort=${sortBy}`);
+}
+
+export async function getProcess(pid) {
+    return this.request(`/processes/${pid}`);
+}
+
+export async function killProcess(pid, force = false) {
+    return this.request(`/processes/${pid}?force=${force}`, { method: 'DELETE' });
+}
+
+export async function getServicesStatus() {
+    return this.request('/processes/services');
+}
+
+export async function controlService(serviceName, action) {
+    return this.request(`/processes/services/${serviceName}`, {
+        method: 'POST',
+        body: { action }
+    });
+}
+
+// Nginx endpoints
+export async function getNginxStatus() {
+    return this.request('/nginx/status');
+}
+
+export async function testNginxConfig() {
+    return this.request('/nginx/test', { method: 'POST' });
+}
+
+export async function reloadNginx() {
+    return this.request('/nginx/reload', { method: 'POST' });
+}
+
+export async function getNginxSites() {
+    return this.request('/nginx/sites');
+}
+
+export async function createNginxSite(siteData) {
+    return this.request('/nginx/sites', {
+        method: 'POST',
+        body: siteData
+    });
+}
+
+export async function enableNginxSite(name) {
+    return this.request(`/nginx/sites/${name}/enable`, { method: 'POST' });
+}
+
+export async function disableNginxSite(name) {
+    return this.request(`/nginx/sites/${name}/disable`, { method: 'POST' });
+}
+
+export async function deleteNginxSite(name) {
+    return this.request(`/nginx/sites/${name}`, { method: 'DELETE' });
+}
+
+// Nginx Advanced endpoints
+export async function getNginxProxyRules(domain) {
+    return this.request(`/nginx/advanced/proxy/${domain}`);
+}
+
+export async function createNginxProxy(data) {
+    return this.request('/nginx/advanced/proxy', { method: 'POST', body: data });
+}
+
+export async function testAdvancedNginxConfig() {
+    return this.request('/nginx/advanced/test', { method: 'POST' });
+}
+
+export async function reloadAdvancedNginx() {
+    return this.request('/nginx/advanced/reload', { method: 'POST' });
+}
+
+export async function previewNginxDiff(domain, config) {
+    return this.request('/nginx/advanced/diff', {
+        method: 'POST', body: { domain, config }
+    });
+}
+
+export async function getNginxVhostLogs(domain, type = 'access', lines = 100) {
+    return this.request(`/nginx/advanced/logs/${domain}?type=${type}&lines=${lines}`);
+}
+
+export async function getNginxLBMethods() {
+    return this.request('/nginx/advanced/lb-methods');
+}
+
+// Log endpoints
+export async function getLogFiles() {
+    return this.request('/logs');
+}
+
+export async function readLog(filepath, lines = 100) {
+    return this.request(`/logs/read?path=${encodeURIComponent(filepath)}&lines=${lines}`);
+}
+
+export async function searchLog(filepath, pattern, lines = 100) {
+    return this.request(`/logs/search?path=${encodeURIComponent(filepath)}&pattern=${encodeURIComponent(pattern)}&lines=${lines}`);
+}
+
+export async function getAppLogs(appName, type = 'access', lines = 100) {
+    return this.request(`/logs/app/${appName}?type=${type}&lines=${lines}`);
+}
+
+export async function getJournalLogs(unit, lines = 100) {
+    const params = new URLSearchParams({ lines });
+    if (unit) params.append('unit', unit);
+    return this.request(`/logs/journal?${params}`);
+}
+
+export async function clearLog(filepath) {
+    return this.request('/logs/clear', {
+        method: 'POST',
+        body: { path: filepath }
+    });
+}
+
+// PHP endpoints
+export async function getPHPVersions() {
+    return this.request('/php/versions');
+}
+
+export async function installPHPVersion(version) {
+    return this.request(`/php/versions/${version}/install`, { method: 'POST' });
+}
+
+export async function setDefaultPHPVersion(version) {
+    return this.request('/php/versions/default', {
+        method: 'POST',
+        body: { version }
+    });
+}
+
+export async function getPHPExtensions(version) {
+    return this.request(`/php/versions/${version}/extensions`);
+}
+
+export async function installPHPExtension(version, extension) {
+    return this.request(`/php/versions/${version}/extensions`, {
+        method: 'POST',
+        body: { extension }
+    });
+}
+
+export async function getPHPPools(version) {
+    return this.request(`/php/versions/${version}/pools`);
+}
+
+export async function createPHPPool(version, poolData) {
+    return this.request(`/php/versions/${version}/pools`, {
+        method: 'POST',
+        body: poolData
+    });
+}
+
+export async function deletePHPPool(version, poolName) {
+    return this.request(`/php/versions/${version}/pools/${poolName}`, { method: 'DELETE' });
+}
+
+export async function restartPHPFPM(version) {
+    return this.request(`/php/versions/${version}/fpm/restart`, { method: 'POST' });
+}
+
+export async function getPHPFPMStatus(version) {
+    return this.request(`/php/versions/${version}/fpm/status`);
+}
+
+// Python endpoints
+export async function getPythonVersions() {
+    return this.request('/python/versions');
+}
+
+export async function createFlaskApp(data) {
+    return this.request('/python/apps/flask', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function createDjangoApp(data) {
+    return this.request('/python/apps/django', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function createPythonVenv(appId) {
+    return this.request(`/python/apps/${appId}/venv`, { method: 'POST' });
+}
+
+export async function getPythonPackages(appId) {
+    return this.request(`/python/apps/${appId}/packages`);
+}
+
+export async function installPythonPackages(appId, packages) {
+    return this.request(`/python/apps/${appId}/packages`, {
+        method: 'POST',
+        body: { packages }
+    });
+}
+
+export async function freezePythonRequirements(appId) {
+    return this.request(`/python/apps/${appId}/requirements`, { method: 'POST' });
+}
+
+export async function getPythonEnvVars(appId) {
+    return this.request(`/python/apps/${appId}/env`);
+}
+
+export async function setPythonEnvVars(appId, envVars) {
+    return this.request(`/python/apps/${appId}/env`, {
+        method: 'PUT',
+        body: { env_vars: envVars }
+    });
+}
+
+export async function deletePythonEnvVar(appId, key) {
+    return this.request(`/python/apps/${appId}/env/${key}`, { method: 'DELETE' });
+}
+
+export async function startPythonApp(appId) {
+    return this.request(`/python/apps/${appId}/start`, { method: 'POST' });
+}
+
+export async function stopPythonApp(appId) {
+    return this.request(`/python/apps/${appId}/stop`, { method: 'POST' });
+}
+
+export async function restartPythonApp(appId) {
+    return this.request(`/python/apps/${appId}/restart`, { method: 'POST' });
+}
+
+export async function getPythonAppStatus(appId) {
+    return this.request(`/python/apps/${appId}/status`);
+}
+
+export async function getGunicornConfig(appId) {
+    return this.request(`/python/apps/${appId}/gunicorn`);
+}
+
+export async function updateGunicornConfig(appId, content) {
+    return this.request(`/python/apps/${appId}/gunicorn`, {
+        method: 'PUT',
+        body: { content }
+    });
+}
+
+export async function runPythonMigrations(appId) {
+    return this.request(`/python/apps/${appId}/migrate`, { method: 'POST' });
+}
+
+export async function collectPythonStatic(appId) {
+    return this.request(`/python/apps/${appId}/collectstatic`, { method: 'POST' });
+}
+
+export async function runPythonCommand(appId, command) {
+    return this.request(`/python/apps/${appId}/run`, {
+        method: 'POST',
+        body: { command }
+    });
+}
+
+export async function deletePythonApp(appId, removeFiles = false) {
+    return this.request(`/python/apps/${appId}`, {
+        method: 'DELETE',
+        body: { remove_files: removeFiles }
+    });
+}
+
+// Monitoring & Alerts endpoints
+export async function getMonitoringStatus() {
+    return this.request('/monitoring/status');
+}
+
+export async function getMonitoringMetrics() {
+    return this.request('/monitoring/metrics');
+}
+
+export async function checkAlerts() {
+    return this.request('/monitoring/alerts/check');
+}
+
+export async function getAlertHistory(limit = 100) {
+    return this.request(`/monitoring/alerts/history?limit=${limit}`);
+}
+
+export async function getMonitoringConfig() {
+    return this.request('/monitoring/config');
+}
+
+export async function updateMonitoringConfig(config) {
+    return this.request('/monitoring/config', {
+        method: 'PUT',
+        body: config
+    });
+}
+
+export async function getMonitoringThresholds() {
+    return this.request('/monitoring/thresholds');
+}
+
+export async function updateMonitoringThresholds(thresholds) {
+    return this.request('/monitoring/thresholds', {
+        method: 'PUT',
+        body: thresholds
+    });
+}
+
+export async function startMonitoring() {
+    return this.request('/monitoring/start', { method: 'POST' });
+}
+
+export async function stopMonitoring() {
+    return this.request('/monitoring/stop', { method: 'POST' });
+}
+
+export async function testEmailAlert(email) {
+    return this.request('/monitoring/test/email', {
+        method: 'POST',
+        body: { email }
+    });
+}
+
+export async function testWebhookAlert(webhookUrl) {
+    return this.request('/monitoring/test/webhook', {
+        method: 'POST',
+        body: { webhook_url: webhookUrl }
+    });
+}
+
+// Backup System endpoints
+export async function getBackups(type = null) {
+    const params = type ? `?type=${type}` : '';
+    return this.request(`/backups${params}`);
+}
+
+export async function getBackupStats() {
+    return this.request('/backups/stats');
+}
+
+export async function getBackupConfig() {
+    return this.request('/backups/config');
+}
+
+export async function updateBackupConfig(config) {
+    return this.request('/backups/config', {
+        method: 'PUT',
+        body: config
+    });
+}
+
+export async function backupApplication(applicationId, includeDb = false, dbConfig = null) {
+    return this.request('/backups/application', {
+        method: 'POST',
+        body: {
+            application_id: applicationId,
+            include_db: includeDb,
+            db_config: dbConfig
+        }
+    });
+}
+
+export async function backupDatabase(dbType, dbName, user = null, password = null, host = 'localhost') {
+    return this.request('/backups/database', {
+        method: 'POST',
+        body: { db_type: dbType, db_name: dbName, user, password, host }
+    });
+}
+
+export async function restoreApplication(backupPath, restorePath = null) {
+    return this.request('/backups/restore/application', {
+        method: 'POST',
+        body: { backup_path: backupPath, restore_path: restorePath }
+    });
+}
+
+export async function restoreDatabase(backupPath, dbType, dbName, user = null, password = null, host = 'localhost') {
+    return this.request('/backups/restore/database', {
+        method: 'POST',
+        body: { backup_path: backupPath, db_type: dbType, db_name: dbName, user, password, host }
+    });
+}
+
+export async function deleteBackup(backupPath) {
+    return this.request(`/backups/${encodeURIComponent(backupPath)}`, { method: 'DELETE' });
+}
+
+export async function cleanupBackups(retentionDays = null) {
+    return this.request('/backups/cleanup', {
+        method: 'POST',
+        body: retentionDays ? { retention_days: retentionDays } : {}
+    });
+}
+
+export async function getBackupSchedules() {
+    return this.request('/backups/schedules');
+}
+
+export async function addBackupSchedule(name, backupType, target, scheduleTime, days = null, uploadRemote = false) {
+    return this.request('/backups/schedules', {
+        method: 'POST',
+        body: { name, backup_type: backupType, target, schedule_time: scheduleTime, days, upload_remote: uploadRemote }
+    });
+}
+
+export async function updateBackupSchedule(scheduleId, updates) {
+    return this.request(`/backups/schedules/${scheduleId}`, {
+        method: 'PUT',
+        body: updates
+    });
+}
+
+export async function removeBackupSchedule(scheduleId) {
+    return this.request(`/backups/schedules/${scheduleId}`, { method: 'DELETE' });
+}
+
+export async function backupFiles(filePaths, name = null) {
+    return this.request('/backups/files', {
+        method: 'POST',
+        body: { paths: filePaths, name }
+    });
+}
+
+// Remote Storage
+export async function getStorageConfig() {
+    return this.request('/backups/storage');
+}
+
+export async function updateStorageConfig(config) {
+    return this.request('/backups/storage', {
+        method: 'PUT',
+        body: config
+    });
+}
+
+export async function testStorageConnection(config = null) {
+    return this.request('/backups/storage/test', {
+        method: 'POST',
+        body: config || {}
+    });
+}
+
+export async function uploadBackupToRemote(backupPath) {
+    return this.request('/backups/upload', {
+        method: 'POST',
+        body: { backup_path: backupPath }
+    });
+}
+
+export async function verifyRemoteBackup(remoteKey, localPath) {
+    return this.request('/backups/verify', {
+        method: 'POST',
+        body: { remote_key: remoteKey, local_path: localPath }
+    });
+}
+
+export async function listRemoteBackups(prefix = null) {
+    const params = prefix ? `?prefix=${encodeURIComponent(prefix)}` : '';
+    return this.request(`/backups/remote${params}`);
+}
+
+export async function downloadRemoteBackup(remoteKey, localPath = null) {
+    return this.request('/backups/remote/download', {
+        method: 'POST',
+        body: { remote_key: remoteKey, local_path: localPath }
+    });
+}
+
+// Cron Job endpoints
+export async function getCronStatus() {
+    return this.request('/cron/status');
+}
+
+export async function getCronJobs() {
+    return this.request('/cron/jobs');
+}
+
+export async function createCronJob(data) {
+    return this.request('/cron/jobs', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function updateCronJob(jobId, data) {
+    return this.request(`/cron/jobs/${jobId}`, {
+        method: 'PUT',
+        body: data
+    });
+}
+
+export async function deleteCronJob(jobId) {
+    return this.request(`/cron/jobs/${jobId}`, { method: 'DELETE' });
+}
+
+export async function toggleCronJob(jobId, enabled) {
+    return this.request(`/cron/jobs/${jobId}/toggle`, {
+        method: 'POST',
+        body: { enabled }
+    });
+}
+
+export async function runCronJob(jobId) {
+    return this.request(`/cron/jobs/${jobId}/run`, { method: 'POST' });
+}
+
+export async function getCronPresets() {
+    return this.request('/cron/presets');
+}
+
+// Uptime Tracking endpoints
+export async function getCurrentUptime() {
+    return this.request('/uptime/current');
+}
+
+export async function getUptimeStats() {
+    return this.request('/uptime/stats');
+}
+
+export async function getUptimeGraph(period = '24h') {
+    return this.request(`/uptime/graph?period=${period}`);
+}
+
+export async function getUptimeHistory(hours = 24) {
+    return this.request(`/uptime/history?hours=${hours}`);
+}
+
+export async function startUptimeTracking() {
+    return this.request('/uptime/tracking/start', { method: 'POST' });
+}
+
+export async function stopUptimeTracking() {
+    return this.request('/uptime/tracking/stop', { method: 'POST' });
+}
+
+export async function getUptimeTrackingStatus() {
+    return this.request('/uptime/tracking/status');
+}
+
+// Metrics History endpoints
+export async function getMetricsHistory(period = '1h') {
+    return this.request(`/metrics/history?period=${period}`);
+}
+
+export async function getMetricsStats() {
+    return this.request('/metrics/stats');
+}
+
+export async function startMetricsCollection() {
+    return this.request('/metrics/collection/start', { method: 'POST' });
+}
+
+export async function stopMetricsCollection() {
+    return this.request('/metrics/collection/stop', { method: 'POST' });
+}
+
+export async function triggerMetricsAggregation() {
+    return this.request('/metrics/aggregate', { method: 'POST' });
+}
+
+// Notification Webhooks endpoints
+export async function getNotificationsStatus() {
+    return this.request('/notifications/status');
+}
+
+export async function getNotificationsConfig() {
+    return this.request('/notifications/config');
+}
+
+export async function updateNotificationChannel(channel, settings) {
+    return this.request(`/notifications/config/${channel}`, {
+        method: 'PUT',
+        body: settings
+    });
+}
+
+export async function testNotificationChannel(channel) {
+    return this.request(`/notifications/test/${channel}`, {
+        method: 'POST'
+    });
+}
+
+export async function testAllNotifications() {
+    return this.request('/notifications/test', {
+        method: 'POST'
+    });
+}
+
+// User notification preferences
+export async function getUserNotificationPreferences() {
+    return this.request('/notifications/preferences');
+}
+
+export async function updateUserNotificationPreferences(preferences) {
+    return this.request('/notifications/preferences', {
+        method: 'PUT',
+        body: preferences
+    });
+}
+
+export async function testUserNotification() {
+    return this.request('/notifications/preferences/test', {
+        method: 'POST'
+    });
+}
+
+// Email Server
+export async function getEmailStatus() { return this.request('/email/status'); }
+export async function installEmailServer(data = {}) { return this.request('/email/install', { method: 'POST', body: JSON.stringify(data) }); }
+export async function controlEmailService(component, action) { return this.request(`/email/service/${component}/${action}`, { method: 'POST' }); }
+
+// Email Domains
+export async function getEmailDomains() { return this.request('/email/domains'); }
+export async function addEmailDomain(data) { return this.request('/email/domains', { method: 'POST', body: JSON.stringify(data) }); }
+export async function getEmailDomain(domainId) { return this.request(`/email/domains/${domainId}`); }
+export async function deleteEmailDomain(domainId) { return this.request(`/email/domains/${domainId}`, { method: 'DELETE' }); }
+export async function verifyEmailDNS(domainId) { return this.request(`/email/domains/${domainId}/verify-dns`, { method: 'POST' }); }
+export async function deployEmailDNS(domainId) { return this.request(`/email/domains/${domainId}/deploy-dns`, { method: 'POST' }); }
+
+// Email Accounts
+export async function getEmailAccounts(domainId) { return this.request(`/email/domains/${domainId}/accounts`); }
+export async function createEmailAccount(domainId, data) { return this.request(`/email/domains/${domainId}/accounts`, { method: 'POST', body: JSON.stringify(data) }); }
+export async function getEmailAccount(accountId) { return this.request(`/email/accounts/${accountId}`); }
+export async function updateEmailAccount(accountId, data) { return this.request(`/email/accounts/${accountId}`, { method: 'PUT', body: JSON.stringify(data) }); }
+export async function deleteEmailAccount(accountId) { return this.request(`/email/accounts/${accountId}`, { method: 'DELETE' }); }
+export async function changeEmailPassword(accountId, password) { return this.request(`/email/accounts/${accountId}/password`, { method: 'POST', body: JSON.stringify({ password }) }); }
+
+// Email Aliases
+export async function getEmailAliases(domainId) { return this.request(`/email/domains/${domainId}/aliases`); }
+export async function createEmailAlias(domainId, data) { return this.request(`/email/domains/${domainId}/aliases`, { method: 'POST', body: JSON.stringify(data) }); }
+export async function deleteEmailAlias(aliasId) { return this.request(`/email/aliases/${aliasId}`, { method: 'DELETE' }); }
+
+// Email Forwarding
+export async function getEmailForwarding(accountId) { return this.request(`/email/accounts/${accountId}/forwarding`); }
+export async function createEmailForwarding(accountId, data) { return this.request(`/email/accounts/${accountId}/forwarding`, { method: 'POST', body: JSON.stringify(data) }); }
+export async function updateEmailForwarding(ruleId, data) { return this.request(`/email/forwarding/${ruleId}`, { method: 'PUT', body: JSON.stringify(data) }); }
+export async function deleteEmailForwarding(ruleId) { return this.request(`/email/forwarding/${ruleId}`, { method: 'DELETE' }); }
+
+// DNS Providers
+export async function getEmailDNSProviders() { return this.request('/email/dns-providers'); }
+export async function addEmailDNSProvider(data) { return this.request('/email/dns-providers', { method: 'POST', body: JSON.stringify(data) }); }
+export async function deleteEmailDNSProvider(providerId) { return this.request(`/email/dns-providers/${providerId}`, { method: 'DELETE' }); }
+export async function testEmailDNSProvider(providerId) { return this.request(`/email/dns-providers/${providerId}/test`, { method: 'POST' }); }
+export async function getEmailDNSZones(providerId) { return this.request(`/email/dns-providers/${providerId}/zones`); }
+
+// SpamAssassin
+export async function getSpamConfig() { return this.request('/email/spam/config'); }
+export async function updateSpamConfig(data) { return this.request('/email/spam/config', { method: 'PUT', body: JSON.stringify(data) }); }
+export async function updateSpamRules() { return this.request('/email/spam/update-rules', { method: 'POST' }); }
+
+// Roundcube Webmail
+export async function getWebmailStatus() { return this.request('/email/webmail/status'); }
+export async function installWebmail(data = {}) { return this.request('/email/webmail/install', { method: 'POST', body: JSON.stringify(data) }); }
+export async function controlWebmail(action) { return this.request(`/email/webmail/service/${action}`, { method: 'POST' }); }
+export async function configureWebmailProxy(domain) { return this.request('/email/webmail/configure-proxy', { method: 'POST', body: JSON.stringify({ domain }) }); }
+
+// Mail Queue & Logs
+export async function getMailQueue() { return this.request('/email/queue'); }
+export async function flushMailQueue() { return this.request('/email/queue/flush', { method: 'POST' }); }
+export async function deleteMailQueueItem(queueId) { return this.request(`/email/queue/${queueId}`, { method: 'DELETE' }); }
+export async function getMailLogs(lines = 100) { return this.request(`/email/logs?lines=${lines}`); }
+
+// Performance endpoints
+export async function getCacheStats() {
+    return this.request('/performance/cache/stats');
+}
+
+export async function flushCache() {
+    return this.request('/performance/cache/flush', { method: 'POST' });
+}
+
+export async function getBackgroundJobs() {
+    return this.request('/performance/jobs');
+}
+
+export async function getJobStatus(jobId) {
+    return this.request(`/performance/jobs/${jobId}`);
+}
+
+export async function getJobStats() {
+    return this.request('/performance/jobs/stats');
+}
+
+export async function cleanupJobs() {
+    return this.request('/performance/jobs/cleanup', { method: 'POST' });
+}
+
+// Mobile / PWA endpoints
+export async function registerPushDevice(subscription, deviceName) {
+    return this.request('/mobile/push/register', {
+        method: 'POST', body: { subscription, device_name: deviceName }
+    });
+}
+
+export async function unregisterPushDevice(endpoint) {
+    return this.request('/mobile/push/unregister', {
+        method: 'POST', body: { endpoint }
+    });
+}
+
+export async function getQuickActions() {
+    return this.request('/mobile/quick-actions');
+}
+
+export async function executeQuickAction(actionId, params = {}) {
+    return this.request(`/mobile/quick-actions/${actionId}`, {
+        method: 'POST', body: params
+    });
+}
+
+export async function getMobileSummary() {
+    return this.request('/mobile/summary');
+}
+
+export async function getOfflineCache() {
+    return this.request('/mobile/offline-cache');
+}
+
+// Marketplace endpoints
+export async function getMarketplaceExtensions(category, search) {
+    const params = new URLSearchParams();
+    if (category) params.append('category', category);
+    if (search) params.append('search', search);
+    const qs = params.toString();
+    return this.request(`/marketplace/${qs ? '?' + qs : ''}`);
+}
+
+export async function getMarketplaceExtension(id) {
+    return this.request(`/marketplace/${id}`);
+}
+
+export async function createMarketplaceExtension(data) {
+    return this.request('/marketplace/', { method: 'POST', body: data });
+}
+
+export async function updateMarketplaceExtension(id, data) {
+    return this.request(`/marketplace/${id}`, { method: 'PUT', body: data });
+}
+
+export async function publishExtension(id) {
+    return this.request(`/marketplace/${id}/publish`, { method: 'POST' });
+}
+
+export async function deleteMarketplaceExtension(id) {
+    return this.request(`/marketplace/${id}`, { method: 'DELETE' });
+}
+
+export async function installMarketplaceExtension(extId, config) {
+    return this.request(`/marketplace/${extId}/install`, {
+        method: 'POST', body: { config }
+    });
+}
+
+export async function uninstallMarketplaceExtension(installId) {
+    return this.request(`/marketplace/installs/${installId}`, { method: 'DELETE' });
+}
+
+export async function updateMarketplaceExtensionConfig(installId, config) {
+    return this.request(`/marketplace/installs/${installId}/config`, {
+        method: 'PUT', body: { config }
+    });
+}
+
+export async function getMyExtensions() {
+    return this.request('/marketplace/my-extensions');
+}
+
+export async function rateExtension(extId, rating) {
+    return this.request(`/marketplace/${extId}/rate`, {
+        method: 'POST', body: { rating }
+    });
+}
diff --git a/frontend/src/services/api/wordpress.js b/frontend/src/services/api/wordpress.js
new file mode 100644
index 00000000..dde63748
--- /dev/null
+++ b/frontend/src/services/api/wordpress.js
@@ -0,0 +1,35 @@
+// WordPress standalone endpoints (from api.js, NOT the separate wordpress.js service)
+
+export async function getWordPressStatus() {
+    return this.request('/wordpress/standalone/status');
+}
+
+export async function getWordPressRequirements() {
+    return this.request('/wordpress/standalone/requirements');
+}
+
+export async function installWordPress(data) {
+    return this.request('/wordpress/standalone/install', {
+        method: 'POST',
+        body: data
+    });
+}
+
+export async function uninstallWordPress(removeData = false) {
+    return this.request('/wordpress/standalone/uninstall', {
+        method: 'POST',
+        body: { removeData }
+    });
+}
+
+export async function startWordPress() {
+    return this.request('/wordpress/standalone/start', { method: 'POST' });
+}
+
+export async function stopWordPress() {
+    return this.request('/wordpress/standalone/stop', { method: 'POST' });
+}
+
+export async function restartWordPress() {
+    return this.request('/wordpress/standalone/restart', { method: 'POST' });
+}
diff --git a/frontend/src/styles/_mixins.less b/frontend/src/styles/_mixins.scss
similarity index 53%
rename from frontend/src/styles/_mixins.less
rename to frontend/src/styles/_mixins.scss
index 84e97fc2..a9ad165a 100644
--- a/frontend/src/styles/_mixins.less
+++ b/frontend/src/styles/_mixins.scss
@@ -2,42 +2,55 @@
 // SERVERKIT DESIGN SYSTEM - MIXINS
 // ============================================
 
+// --------------------------------------------
+// COMPATIBILITY FUNCTION: fade()
+// Compatibility: LESS fade(color, N%) = color at N% opacity
+// --------------------------------------------
+@function fade($color, $amount) {
+    // Strip the % unit and convert to 0-1 range for rgba alpha
+    @if unit($amount) == '%' {
+        @return rgba($color, $amount / 100%);
+    } @else {
+        @return rgba($color, $amount / 100);
+    }
+}
+
 // --------------------------------------------
 // FLEXBOX
 // --------------------------------------------
-.flex-center() {
+@mixin flex-center() {
     display: flex;
     align-items: center;
     justify-content: center;
 }
 
-.flex-between() {
+@mixin flex-between() {
     display: flex;
     align-items: center;
     justify-content: space-between;
 }
 
-.flex-start() {
+@mixin flex-start() {
     display: flex;
     align-items: center;
     justify-content: flex-start;
 }
 
-.flex-column() {
+@mixin flex-column() {
     display: flex;
     flex-direction: column;
 }
 
-.flex-column-gap(@gap) {
+@mixin flex-column-gap($gap) {
     display: flex;
     flex-direction: column;
-    gap: @gap;
+    gap: $gap;
 }
 
 // --------------------------------------------
 // TRUNCATE
 // --------------------------------------------
-.truncate() {
+@mixin truncate() {
     white-space: nowrap;
     overflow: hidden;
     text-overflow: ellipsis;
@@ -46,30 +59,30 @@
 // --------------------------------------------
 // TRANSITIONS
 // --------------------------------------------
-.transition(@property: all) {
-    transition: @property @transition-base;
+@mixin transition($property: all) {
+    transition: $property $transition-base;
 }
 
-.transition-fast(@property: all) {
-    transition: @property @transition-fast;
+@mixin transition-fast($property: all) {
+    transition: $property $transition-fast;
 }
 
 // --------------------------------------------
 // CARDS & CONTAINERS
 // --------------------------------------------
-.card-base() {
-    background-color: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-xl;
-    .transition(border-color);
+@mixin card-base() {
+    background-color: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-xl;
+    @include transition(border-color);
 
     &:hover {
-        border-color: @border-active;
+        border-color: $border-active;
     }
 }
 
-.card-interactive() {
-    .card-base();
+@mixin card-interactive() {
+    @include card-base();
     cursor: pointer;
 
     &:hover {
@@ -80,40 +93,40 @@
 // --------------------------------------------
 // INPUTS
 // --------------------------------------------
-.input-base() {
+@mixin input-base() {
     width: 100%;
-    padding: @space-3 @space-4;
-    background: @bg-body;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    color: @text-primary;
-    font-size: @font-size-base;
-    .transition(border-color);
+    padding: $space-3 $space-4;
+    background: $bg-body;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    color: $text-primary;
+    font-size: $font-size-base;
+    @include transition(border-color);
 
     &:focus {
-        border-color: @accent-primary;
+        border-color: $accent-primary;
         outline: none;
     }
 
     &::placeholder {
-        color: @text-tertiary;
+        color: $text-tertiary;
     }
 }
 
 // --------------------------------------------
 // BUTTONS
 // --------------------------------------------
-.button-base() {
+@mixin button-base() {
     display: inline-flex;
     align-items: center;
-    gap: @space-2;
-    padding: @space-2 @space-5;
-    border-radius: @radius-lg;
+    gap: $space-2;
+    padding: $space-2 $space-5;
+    border-radius: $radius-lg;
     border: 1px solid transparent;
-    font-size: @font-size-sm + 1;
-    font-weight: @font-weight-medium;
+    font-size: $font-size-sm + 1;
+    font-weight: $font-weight-medium;
     cursor: pointer;
-    .transition();
+    @include transition();
     background: none;
 
     &:disabled {
@@ -125,63 +138,63 @@
 // --------------------------------------------
 // ICON CONTAINERS
 // --------------------------------------------
-.icon-box(@size: 40px) {
-    width: @size;
-    height: @size;
-    border-radius: @radius-lg;
-    .flex-center();
+@mixin icon-box($size: 40px) {
+    width: $size;
+    height: $size;
+    border-radius: $radius-lg;
+    @include flex-center();
     flex-shrink: 0;
 }
 
 // --------------------------------------------
 // STATUS INDICATORS
 // --------------------------------------------
-.status-dot(@color) {
+@mixin status-dot($color) {
     width: 6px;
     height: 6px;
-    background: @color;
-    border-radius: @radius-full;
+    background: $color;
+    border-radius: $radius-full;
 }
 
 // --------------------------------------------
 // LIST ITEMS
 // --------------------------------------------
-.list-item-base() {
+@mixin list-item-base() {
     display: flex;
     align-items: center;
-    gap: @space-5;
-    padding: @space-4 @space-5;
-    .card-base();
+    gap: $space-5;
+    padding: $space-4 $space-5;
+    @include card-base();
 }
 
 // --------------------------------------------
 // RESPONSIVE
 // --------------------------------------------
-.respond-to(@breakpoint, @rules) {
-    @media (max-width: @breakpoint) {
-        @rules();
+@mixin respond-to($breakpoint) {
+    @media (max-width: $breakpoint) {
+        @content;
     }
 }
 
 // --------------------------------------------
 // SCROLLBAR
 // --------------------------------------------
-.custom-scrollbar() {
+@mixin custom-scrollbar() {
     &::-webkit-scrollbar {
         width: 6px;
         height: 6px;
     }
 
     &::-webkit-scrollbar-track {
-        background: @bg-body;
+        background: $bg-body;
     }
 
     &::-webkit-scrollbar-thumb {
-        background: @border-active;
-        border-radius: @radius-sm;
+        background: $border-active;
+        border-radius: $radius-sm;
 
         &:hover {
-            background: @text-tertiary;
+            background: $text-tertiary;
         }
     }
 }
@@ -189,9 +202,9 @@
 // --------------------------------------------
 // FOCUS RING
 // --------------------------------------------
-.focus-ring() {
+@mixin focus-ring() {
     &:focus-visible {
-        outline: 2px solid @accent-primary;
+        outline: 2px solid $accent-primary;
         outline-offset: 2px;
     }
 }
@@ -199,16 +212,16 @@
 // --------------------------------------------
 // CODE/MONO
 // --------------------------------------------
-.mono-text() {
-    font-family: @font-mono;
-    font-size: @font-size-sm;
+@mixin mono-text() {
+    font-family: $font-mono;
+    font-size: $font-size-sm;
 }
 
-.code-block() {
-    background: @bg-body;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-4;
-    .mono-text();
-    .custom-scrollbar();
+@mixin code-block() {
+    background: $bg-body;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-4;
+    @include mono-text();
+    @include custom-scrollbar();
 }
diff --git a/frontend/src/styles/_theme-variables.less b/frontend/src/styles/_theme-variables.scss
similarity index 98%
rename from frontend/src/styles/_theme-variables.less
rename to frontend/src/styles/_theme-variables.scss
index 436ffbf4..bf0a331b 100644
--- a/frontend/src/styles/_theme-variables.less
+++ b/frontend/src/styles/_theme-variables.scss
@@ -2,7 +2,7 @@
 // SERVERKIT DESIGN SYSTEM - THEME VARIABLES
 // ============================================
 // CSS Custom Properties that enable runtime theme switching.
-// Must be imported FIRST before _variables.less
+// Must be imported FIRST before _variables.scss
 // ============================================
 
 // --------------------------------------------
diff --git a/frontend/src/styles/_variables.less b/frontend/src/styles/_variables.less
deleted file mode 100644
index 3d00cc82..00000000
--- a/frontend/src/styles/_variables.less
+++ /dev/null
@@ -1,206 +0,0 @@
-// ============================================
-// SERVERKIT DESIGN SYSTEM - VARIABLES
-// ============================================
-// Theme-sensitive colors use CSS custom properties for runtime theming.
-// Raw values (*-raw) are kept for LESS compile-time functions like fade().
-// ============================================
-
-@white: #f4f4f5;
-@black: #09090b;
-
-// --------------------------------------------
-// COLORS - Background (theme-sensitive)
-// --------------------------------------------
-// Raw values for LESS functions (dark theme defaults)
-@bg-body-raw: #09090b;
-@bg-sidebar-raw: #0f0f11;
-@bg-card-raw: #18181b;
-@bg-hover-raw: #27272a;
-@bg-elevated-raw: #1f1f23;
-@bg-secondary-raw: #27272a;
-@bg-tertiary-raw: #3f3f46;
-
-// Themed values using CSS custom properties
-@bg-body: var(--bg-body);
-@bg-sidebar: var(--bg-sidebar);
-@bg-card: var(--bg-card);
-@bg-hover: var(--bg-hover);
-@bg-elevated: var(--bg-elevated);
-@bg-secondary: var(--bg-secondary);
-@bg-tertiary: var(--bg-tertiary);
-
-// --------------------------------------------
-// COLORS - Borders (theme-sensitive)
-// --------------------------------------------
-// Raw values for LESS functions
-@border-default-raw: #27272a;
-@border-subtle-raw: #27272a;
-@border-active-raw: #3f3f46;
-@border-hover-raw: #3f3f46;
-
-// Themed values using CSS custom properties
-@border-default: var(--border-default);
-@border-subtle: var(--border-subtle);
-@border-active: var(--border-active);
-@border-hover: var(--border-hover);
-
-// --------------------------------------------
-// COLORS - Text (theme-sensitive)
-// --------------------------------------------
-// Raw values for LESS functions
-@text-primary-raw: #f4f4f5;
-@text-secondary-raw: #a1a1aa;
-@text-tertiary-raw: #71717a;
-
-// Themed values using CSS custom properties
-@text-primary: var(--text-primary);
-@text-secondary: var(--text-secondary);
-@text-tertiary: var(--text-tertiary);
-
-// --------------------------------------------
-// COLORS - Accent
-// --------------------------------------------
-// Raw values for LESS compile-time functions (fade, darken, etc.)
-@accent-primary-raw: #6366f1;
-@accent-hover-raw: #4f46e5;
-@accent-glow-raw: rgba(99, 102, 241, 0.15);
-@accent-shadow-raw: rgba(99, 102, 241, 0.3);
-
-// Themed values using CSS custom properties (runtime-switchable)
-@accent-primary: var(--accent-primary);
-@accent-hover: var(--accent-hover);
-@accent-glow: var(--accent-glow);
-@accent-shadow: var(--accent-shadow);
-
-// --------------------------------------------
-// COLORS - Semantic
-// --------------------------------------------
-@success: #10b981;
-@success-bg: rgba(16, 185, 129, 0.1);
-@success-border: rgba(16, 185, 129, 0.2);
-
-@warning: #f59e0b;
-@warning-bg: rgba(245, 158, 11, 0.1);
-@warning-border: rgba(245, 158, 11, 0.2);
-
-@danger: #ef4444;
-@danger-hover: #dc2626;
-@danger-bg: rgba(239, 68, 68, 0.1);
-@danger-border: rgba(239, 68, 68, 0.2);
-
-@info: #3b82f6;
-@info-bg: rgba(59, 130, 246, 0.1);
-@info-border: rgba(59, 130, 246, 0.2);
-
-// --------------------------------------------
-// COLORS - Brand (Database/Docker icons)
-// --------------------------------------------
-@color-mysql: #f29111;
-@color-mysql-secondary: #00758f;
-@color-postgresql: #336791;
-@color-postgresql-secondary: #5f9ab8;
-@color-docker: #2496ed;
-@color-php: #777bb4;
-@color-python: #3776ab;
-@color-wordpress: #21759b;
-@color-flask: #000000;
-@color-django: #092e20;
-
-// --------------------------------------------
-// TYPOGRAPHY
-// --------------------------------------------
-@font-main: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif;
-@font-mono: 'JetBrains Mono', 'Fira Code', 'Monaco', 'Consolas', monospace;
-
-@font-size-xs: 10px;
-@font-size-sm: 12px;
-@font-size-base: 14px;
-@font-size-md: 16px;
-@font-size-lg: 18px;
-@font-size-xl: 20px;
-@font-size-2xl: 24px;
-@font-size-3xl: 30px;
-
-@font-weight-normal: 400;
-@font-weight-medium: 500;
-@font-weight-semibold: 600;
-@font-weight-bold: 700;
-
-@line-height-tight: 1.25;
-@line-height-normal: 1.5;
-@line-height-relaxed: 1.6;
-
-// --------------------------------------------
-// SPACING
-// --------------------------------------------
-@space-1: 4px;
-@space-2: 8px;
-@space-3: 12px;
-@space-4: 16px;
-@space-5: 20px;
-@space-6: 24px;
-@space-8: 32px;
-@space-10: 40px;
-@space-12: 48px;
-@space-16: 64px;
-
-// --------------------------------------------
-// BORDER RADIUS
-// --------------------------------------------
-@radius-sm: 4px;
-@radius-md: 6px;
-@radius-lg: 8px;
-@radius-xl: 12px;
-@radius-2xl: 16px;
-@radius-full: 9999px;
-
-// --------------------------------------------
-// SHADOWS (theme-sensitive)
-// --------------------------------------------
-@shadow-sm: var(--shadow-sm);
-@shadow-md: var(--shadow-md);
-@shadow-lg: var(--shadow-lg);
-@shadow-accent: 0 4px 12px @accent-shadow;
-
-// --------------------------------------------
-// TRANSITIONS
-// --------------------------------------------
-@transition-fast: 0.15s ease;
-@transition-base: 0.2s ease;
-@transition-slow: 0.3s ease;
-
-// --------------------------------------------
-// LAYOUT
-// --------------------------------------------
-@sidebar-width: 280px;
-@header-height: 64px;
-
-// --------------------------------------------
-// Z-INDEX
-// --------------------------------------------
-@z-dropdown: 10;
-@z-sticky: 20;
-@z-fixed: 30;
-@z-modal-backdrop: 40;
-@z-modal: 50;
-@z-tooltip: 60;
-
-// --------------------------------------------
-// BREAKPOINTS
-// --------------------------------------------
-@breakpoint-sm: 640px;
-@breakpoint-md: 768px;
-@breakpoint-lg: 1024px;
-@breakpoint-xl: 1280px;
-
-// --------------------------------------------
-// ALIASES (for consistency across files)
-// --------------------------------------------
-@font-family-mono: @font-mono;
-@color-success: @success;
-@color-warning: @warning;
-@color-danger: @danger;
-@color-info: @info;
-@color-primary: @accent-primary;
-@bg-code: @bg-tertiary;
-@bg-input: @bg-card;
diff --git a/frontend/src/styles/_variables.scss b/frontend/src/styles/_variables.scss
new file mode 100644
index 00000000..5a80ba91
--- /dev/null
+++ b/frontend/src/styles/_variables.scss
@@ -0,0 +1,229 @@
+// ============================================
+// SERVERKIT DESIGN SYSTEM - VARIABLES
+// ============================================
+// Theme-sensitive colors use CSS custom properties for runtime theming.
+// Raw values (*-raw) are kept for SCSS compile-time functions like fade().
+// ============================================
+
+$white: #f4f4f5;
+$black: #09090b;
+
+// --------------------------------------------
+// COLORS - Background (theme-sensitive)
+// --------------------------------------------
+// Raw values for SCSS functions (dark theme defaults)
+$bg-body-raw: #09090b;
+$bg-sidebar-raw: #0f0f11;
+$bg-card-raw: #18181b;
+$bg-hover-raw: #27272a;
+$bg-elevated-raw: #1f1f23;
+$bg-secondary-raw: #27272a;
+$bg-tertiary-raw: #3f3f46;
+
+// Themed values using CSS custom properties
+$bg-body: var(--bg-body);
+$bg-sidebar: var(--bg-sidebar);
+$bg-card: var(--bg-card);
+$bg-hover: var(--bg-hover);
+$bg-elevated: var(--bg-elevated);
+$bg-secondary: var(--bg-secondary);
+$bg-tertiary: var(--bg-tertiary);
+
+// --------------------------------------------
+// COLORS - Borders (theme-sensitive)
+// --------------------------------------------
+// Raw values for SCSS functions
+$border-default-raw: #27272a;
+$border-subtle-raw: #27272a;
+$border-active-raw: #3f3f46;
+$border-hover-raw: #3f3f46;
+
+// Themed values using CSS custom properties
+$border-default: var(--border-default);
+$border-subtle: var(--border-subtle);
+$border-active: var(--border-active);
+$border-hover: var(--border-hover);
+
+// --------------------------------------------
+// COLORS - Text (theme-sensitive)
+// --------------------------------------------
+// Raw values for SCSS functions
+$text-primary-raw: #f4f4f5;
+$text-secondary-raw: #a1a1aa;
+$text-tertiary-raw: #71717a;
+
+// Themed values using CSS custom properties
+$text-primary: var(--text-primary);
+$text-secondary: var(--text-secondary);
+$text-tertiary: var(--text-tertiary);
+
+// --------------------------------------------
+// COLORS - Accent
+// --------------------------------------------
+// Raw values for SCSS compile-time functions (fade, darken, etc.)
+$accent-primary-raw: #6366f1;
+$accent-hover-raw: #4f46e5;
+$accent-glow-raw: rgba(99, 102, 241, 0.15);
+$accent-shadow-raw: rgba(99, 102, 241, 0.3);
+
+// Themed values using CSS custom properties (runtime-switchable)
+$accent-primary: var(--accent-primary);
+$accent-hover: var(--accent-hover);
+$accent-glow: var(--accent-glow);
+$accent-shadow: var(--accent-shadow);
+
+// --------------------------------------------
+// COLORS - Semantic
+// --------------------------------------------
+$success: #10b981;
+$success-bg: rgba(16, 185, 129, 0.1);
+$success-border: rgba(16, 185, 129, 0.2);
+
+$warning: #f59e0b;
+$warning-bg: rgba(245, 158, 11, 0.1);
+$warning-border: rgba(245, 158, 11, 0.2);
+
+$danger: #ef4444;
+$danger-hover: #dc2626;
+$danger-bg: rgba(239, 68, 68, 0.1);
+$danger-border: rgba(239, 68, 68, 0.2);
+
+$info: #3b82f6;
+$info-bg: rgba(59, 130, 246, 0.1);
+$info-border: rgba(59, 130, 246, 0.2);
+
+// --------------------------------------------
+// COLORS - Brand (Database/Docker icons)
+// --------------------------------------------
+$color-mysql: #f29111;
+$color-mysql-secondary: #00758f;
+$color-postgresql: #336791;
+$color-postgresql-secondary: #5f9ab8;
+$color-docker: #2496ed;
+$color-php: #777bb4;
+$color-python: #3776ab;
+$color-wordpress: #21759b;
+$color-flask: #000000;
+$color-django: #092e20;
+
+// --------------------------------------------
+// COLORS - UI Accents
+// --------------------------------------------
+$color-star: #f59e0b;
+
+// --------------------------------------------
+// TYPOGRAPHY
+// --------------------------------------------
+$font-main: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif;
+$font-mono: 'JetBrains Mono', 'Fira Code', 'Monaco', 'Consolas', monospace;
+
+$font-size-xs: 10px;
+$font-size-sm: 12px;
+$font-size-base: 14px;
+$font-size-md: 16px;
+$font-size-lg: 18px;
+$font-size-xl: 20px;
+$font-size-2xl: 24px;
+$font-size-3xl: 30px;
+
+$font-weight-normal: 400;
+$font-weight-medium: 500;
+$font-weight-semibold: 600;
+$font-weight-bold: 700;
+
+$line-height-tight: 1.25;
+$line-height-normal: 1.5;
+$line-height-relaxed: 1.6;
+
+// --------------------------------------------
+// SPACING
+// --------------------------------------------
+$space-1: 4px;
+$space-2: 8px;
+$space-3: 12px;
+$space-4: 16px;
+$space-5: 20px;
+$space-6: 24px;
+$space-8: 32px;
+$space-10: 40px;
+$space-12: 48px;
+$space-16: 64px;
+
+// Canonical spacing aliases
+$spacing-xs: $space-1;
+$spacing-sm: $space-2;
+$spacing-md: $space-4;
+$spacing-lg: $space-6;
+$spacing-xl: $space-8;
+
+// --------------------------------------------
+// BORDER RADIUS
+// --------------------------------------------
+$radius-sm: 4px;
+$radius-md: 6px;
+$radius-lg: 8px;
+$radius-xl: 12px;
+$radius-2xl: 16px;
+$radius-full: 9999px;
+
+// --------------------------------------------
+// SHADOWS (theme-sensitive)
+// --------------------------------------------
+$shadow-sm: var(--shadow-sm);
+$shadow-md: var(--shadow-md);
+$shadow-lg: var(--shadow-lg);
+$shadow-accent: 0 4px 12px $accent-shadow;
+
+// --------------------------------------------
+// TRANSITIONS
+// --------------------------------------------
+$transition-fast: 0.15s ease;
+$transition-base: 0.2s ease;
+$transition-slow: 0.3s ease;
+
+// --------------------------------------------
+// LAYOUT
+// --------------------------------------------
+$sidebar-width: 280px;
+$header-height: 64px;
+$sidebar-header-height: 70px;
+$sidebar-logo-size: 42px;
+$sidebar-icon-size: 28px;
+
+// --------------------------------------------
+// Z-INDEX
+// --------------------------------------------
+$z-dropdown: 10;
+$z-sticky: 20;
+$z-fixed: 30;
+$z-modal-backdrop: 40;
+$z-modal: 50;
+$z-tooltip: 60;
+
+// --------------------------------------------
+// BREAKPOINTS
+// --------------------------------------------
+$breakpoint-sm: 640px;
+$breakpoint-md: 768px;
+$breakpoint-lg: 1024px;
+$breakpoint-xl: 1280px;
+
+// --------------------------------------------
+// DEPRECATED — use the canonical names above
+// --------------------------------------------
+$font-family-mono: $font-mono;
+$color-success: $success;
+$color-warning: $warning;
+$color-danger: $danger;
+$color-info: $info;
+$color-primary: $accent-primary;
+$bg-code: $bg-tertiary;
+$bg-input: $bg-card;
+$border-color: $border-default;
+$card-bg: $bg-card;
+$hover-bg: $bg-hover;
+$primary-color: $accent-primary;
+$text-muted: $text-tertiary;
+$success-color: $success;
+$warning-color: $warning;
+$danger-color: $danger;
diff --git a/frontend/src/styles/base/_reset.less b/frontend/src/styles/base/_reset.scss
similarity index 69%
rename from frontend/src/styles/base/_reset.less
rename to frontend/src/styles/base/_reset.scss
index 24a618ea..120de3bf 100644
--- a/frontend/src/styles/base/_reset.less
+++ b/frontend/src/styles/base/_reset.scss
@@ -16,11 +16,11 @@ html {
 }
 
 body {
-    background-color: @bg-body;
-    color: @text-primary;
-    font-family: @font-main;
-    font-size: @font-size-base;
-    line-height: @line-height-normal;
+    background-color: $bg-body;
+    color: $text-primary;
+    font-family: $font-main;
+    font-size: $font-size-base;
+    line-height: $line-height-normal;
     min-height: 100vh;
 }
 
@@ -44,7 +44,7 @@ ul, ol {
 
 // Selection
 ::selection {
-    background: @accent-primary;
+    background: $accent-primary;
     color: white;
 }
 
@@ -55,14 +55,14 @@ ul, ol {
 }
 
 ::-webkit-scrollbar-track {
-    background: @bg-body;
+    background: $bg-body;
 }
 
 ::-webkit-scrollbar-thumb {
-    background: @border-active;
-    border-radius: @radius-sm;
+    background: $border-active;
+    border-radius: $radius-sm;
 
     &:hover {
-        background: @text-tertiary;
+        background: $text-tertiary;
     }
 }
diff --git a/frontend/src/styles/base/_typography.less b/frontend/src/styles/base/_typography.less
deleted file mode 100644
index 573a6316..00000000
--- a/frontend/src/styles/base/_typography.less
+++ /dev/null
@@ -1,55 +0,0 @@
-// ============================================
-// TYPOGRAPHY STYLES
-// ============================================
-
-// Headings
-h1, h2, h3, h4, h5, h6 {
-    font-weight: @font-weight-semibold;
-    line-height: @line-height-tight;
-    letter-spacing: -0.5px;
-}
-
-h1 { font-size: @font-size-2xl; }
-h2 { font-size: @font-size-lg; }
-h3 { font-size: @font-size-md; }
-h4 { font-size: @font-size-base; }
-
-// Text utilities
-.text-primary { color: @text-primary; }
-.text-secondary { color: @text-secondary; }
-.text-tertiary { color: @text-tertiary; }
-.text-success { color: @success; }
-.text-warning { color: @warning; }
-.text-danger { color: @danger; }
-.text-accent { color: @accent-primary; }
-
-// Weight utilities
-.font-normal { font-weight: @font-weight-normal; }
-.font-medium { font-weight: @font-weight-medium; }
-.font-semibold { font-weight: @font-weight-semibold; }
-.font-bold { font-weight: @font-weight-bold; }
-
-// Mono text
-.mono {
-    font-family: @font-mono;
-    font-size: @font-size-sm;
-}
-
-// Truncate
-.truncate {
-    .truncate();
-}
-
-// Subtitle (used in page headers)
-.subtitle {
-    color: @text-tertiary;
-    margin-top: @space-1;
-    font-size: @font-size-base;
-}
-
-// Section titles
-.section-title {
-    font-size: @font-size-lg;
-    margin-bottom: @space-5;
-    font-weight: @font-weight-semibold;
-}
diff --git a/frontend/src/styles/base/_typography.scss b/frontend/src/styles/base/_typography.scss
new file mode 100644
index 00000000..36b09849
--- /dev/null
+++ b/frontend/src/styles/base/_typography.scss
@@ -0,0 +1,55 @@
+// ============================================
+// TYPOGRAPHY STYLES
+// ============================================
+
+// Headings
+h1, h2, h3, h4, h5, h6 {
+    font-weight: $font-weight-semibold;
+    line-height: $line-height-tight;
+    letter-spacing: -0.5px;
+}
+
+h1 { font-size: $font-size-2xl; }
+h2 { font-size: $font-size-lg; }
+h3 { font-size: $font-size-md; }
+h4 { font-size: $font-size-base; }
+
+// Text utilities
+.text-primary { color: $text-primary; }
+.text-secondary { color: $text-secondary; }
+.text-tertiary { color: $text-tertiary; }
+.text-success { color: $success; }
+.text-warning { color: $warning; }
+.text-danger { color: $danger; }
+.text-accent { color: $accent-primary; }
+
+// Weight utilities
+.font-normal { font-weight: $font-weight-normal; }
+.font-medium { font-weight: $font-weight-medium; }
+.font-semibold { font-weight: $font-weight-semibold; }
+.font-bold { font-weight: $font-weight-bold; }
+
+// Mono text
+.mono {
+    font-family: $font-mono;
+    font-size: $font-size-sm;
+}
+
+// Truncate
+.truncate {
+    @include truncate();
+}
+
+// Subtitle (used in page headers)
+.subtitle {
+    color: $text-tertiary;
+    margin-top: $space-1;
+    font-size: $font-size-base;
+}
+
+// Section titles
+.section-title {
+    font-size: $font-size-lg;
+    margin-bottom: $space-5;
+    font-weight: $font-weight-semibold;
+}
diff --git a/frontend/src/styles/base/_utilities.scss b/frontend/src/styles/base/_utilities.scss
new file mode 100644
index 00000000..b1d89cf0
--- /dev/null
+++ b/frontend/src/styles/base/_utilities.scss
@@ -0,0 +1,190 @@
+// ============================================
+// TAILWIND-LIKE UTILITY CLASSES
+// ============================================
+// These classes provide layout and spacing utilities
+// used in some newer pages that expect Tailwind.
+
+// --------------------------------------------
+// DISPLAY & FLEX
+// --------------------------------------------
+.flex { display: flex; }
+.flex-wrap { flex-wrap: wrap; }
+.flex-col { flex-direction: column; }
+.items-center { align-items: center; }
+.items-start { align-items: flex-start; }
+.items-end { align-items: flex-end; }
+.self-start { align-self: flex-start; }
+.self-end { align-self: flex-end; }
+.self-center { align-self: center; }
+.justify-between { justify-content: space-between; }
+.justify-end { justify-content: flex-end; }
+.justify-center { justify-content: center; }
+.flex-1 { flex: 1; }
+.flex-shrink-0 { flex-shrink: 0; }
+.flex-grow { flex-grow: 1; }
+
+// --------------------------------------------
+// GRID
+// --------------------------------------------
+.grid { display: grid; }
+.grid-cols-1 { grid-template-columns: repeat(1, minmax(0, 1fr)); }
+.grid-cols-2 { grid-template-columns: repeat(2, minmax(0, 1fr)); }
+.grid-cols-3 { grid-template-columns: repeat(3, minmax(0, 1fr)); }
+.grid-cols-4 { grid-template-columns: repeat(4, minmax(0, 1fr)); }
+
+@media (min-width: $breakpoint-md) {
+    .md\:grid-cols-2 { grid-template-columns: repeat(2, minmax(0, 1fr)); }
+    .md\:grid-cols-3 { grid-template-columns: repeat(3, minmax(0, 1fr)); }
+    .md\:grid-cols-4 { grid-template-columns: repeat(4, minmax(0, 1fr)); }
+}
+
+@media (min-width: $breakpoint-lg) {
+    .lg\:grid-cols-2 { grid-template-columns: repeat(2, minmax(0, 1fr)); }
+    .lg\:grid-cols-3 { grid-template-columns: repeat(3, minmax(0, 1fr)); }
+    .lg\:grid-cols-4 { grid-template-columns: repeat(4, minmax(0, 1fr)); }
+}
+
+// --------------------------------------------
+// SPACING (Gaps)
+// --------------------------------------------
+.gap-1 { gap: 0.25rem; }
+.gap-2 { gap: 0.5rem; }
+.gap-3 { gap: 0.75rem; }
+.gap-4 { gap: 1rem; }
+.gap-6 { gap: 1.5rem; }
+.gap-8 { gap: 2rem; }
+
+// --------------------------------------------
+// STACK SPACING (space-y)
+// --------------------------------------------
+.space-y-2 > * + * { margin-top: 0.5rem; }
+.space-y-4 > * + * { margin-top: 1rem; }
+.space-y-6 > * + * { margin-top: 1.5rem; }
+.space-y-8 > * + * { margin-top: 2rem; }
+
+.space-x-2 > * + * { margin-left: 0.5rem; }
+.space-x-4 > * + * { margin-left: 1rem; }
+
+// --------------------------------------------
+// MARGINS
+// --------------------------------------------
+.mt-1 { margin-top: 0.25rem; }
+.mt-2 { margin-top: 0.5rem; }
+.mt-4 { margin-top: 1rem; }
+.mt-6 { margin-top: 1.5rem; }
+.mt-8 { margin-top: 2rem; }
+.mt-10 { margin-top: 2.5rem; }
+
+.mb-1 { margin-bottom: 0.25rem; }
+.mb-2 { margin-bottom: 0.5rem; }
+.mb-3 { margin-bottom: 0.75rem; }
+.mb-4 { margin-bottom: 1rem; }
+.mb-6 { margin-bottom: 1.5rem; }
+.mb-8 { margin-bottom: 2rem; }
+
+.ml-1 { margin-left: 0.25rem; }
+.ml-2 { margin-left: 0.5rem; }
+.ml-3 { margin-left: 0.75rem; }
+.ml-4 { margin-left: 1rem; }
+.ml-auto { margin-left: auto; }
+
+.mr-1 { margin-right: 0.25rem; }
+.mr-2 { margin-right: 0.5rem; }
+
+.mx-1 { margin-left: 0.25rem; margin-right: 0.25rem; }
+.mx-2 { margin-left: 0.5rem; margin-right: 0.5rem; }
+.mx-auto { margin-left: auto; margin-right: auto; }
+
+// --------------------------------------------
+// PADDING
+// --------------------------------------------
+.p-2 { padding: 0.5rem; }
+.p-4 { padding: 1rem; }
+.p-6 { padding: 1.5rem; }
+.px-2 { padding-left: 0.5rem; padding-right: 0.5rem; }
+.px-4 { padding-left: 1rem; padding-right: 1rem; }
+.py-2 { padding-top: 0.5rem; padding-bottom: 0.5rem; }
+.py-4 { padding-top: 1rem; padding-bottom: 1rem; }
+.py-12 { padding-top: 3rem; padding-bottom: 3rem; }
+
+// --------------------------------------------
+// SIZING
+// --------------------------------------------
+.w-full { width: 100%; }
+.w-auto { width: auto; }
+.w-\[1px\] { width: 1px; }
+.min-w-0 { min-width: 0; }
+.max-w-sm { max-width: 24rem; }
+.max-w-md { max-width: 28rem; }
+.max-w-lg { max-width: 32rem; }
+.max-w-xl { max-width: 36rem; }
+.h-6 { height: 1.5rem; }
+.h-full { height: 100%; }
+
+// --------------------------------------------
+// TEXT
+// --------------------------------------------
+.text-xs { font-size: 0.75rem; }
+.text-sm { font-size: 0.875rem; }
+.text-lg { font-size: 1.125rem; }
+.text-xl { font-size: 1.25rem; }
+.text-gray-300 { color: $text-tertiary; }
+.text-gray-400 { color: $text-tertiary; }
+.text-gray-500 { color: $text-secondary; }
+.text-gray-600 { color: $text-secondary; }
+.text-blue-600 { color: $accent-primary; }
+.text-green-600 { color: $success; }
+.text-red-600 { color: $danger; }
+.text-green-400 { color: $success; }
+.font-medium { font-weight: 500; }
+.font-semibold { font-weight: 600; }
+.font-bold { font-weight: 700; }
+.text-center { text-align: center; }
+.text-right { text-align: right; }
+.text-muted { color: $text-tertiary; }
+
+// --------------------------------------------
+// BACKGROUNDS
+// --------------------------------------------
+.bg-gray-700 { background-color: $bg-hover; }
+.bg-gray-100 { background-color: $bg-elevated; }
+.bg-blue-100 { background-color: fade($accent-primary-raw, 10%); }
+.bg-green-100 { background-color: fade($success, 10%); }
+.bg-red-100 { background-color: fade($danger, 10%); }
+.bg-body { background-color: $bg-body; }
+
+// --------------------------------------------
+// BORDERS
+// --------------------------------------------
+.border { border: 1px solid $border-default; }
+.border-b { border-bottom: 1px solid $border-subtle; }
+.rounded { border-radius: $radius-md; }
+.rounded-lg { border-radius: $radius-lg; }
+
+// --------------------------------------------
+// MISC
+// --------------------------------------------
+.block { display: block; }
+.inline-flex { display: inline-flex; }
+.hidden { display: none; }
+.truncate { overflow: hidden; text-overflow: ellipsis; white-space: nowrap; }
+.whitespace-nowrap { white-space: nowrap; }
+.overflow-hidden { overflow: hidden; }
+.overflow-y-auto { overflow-y: auto; }
+.cursor-pointer { cursor: pointer; }
+.inline-block { display: inline-block; }
+.btn-dismiss { float: right; background: none; border: none; cursor: pointer; color: inherit; }
+.align-middle { vertical-align: middle; }
+.max-h-24 { max-height: 6rem; }
+.animate-spin { animation: spin 1s linear infinite; }
+.animate-pulse { animation: pulse 2s cubic-bezier(0.4, 0, 0.6, 1) infinite; }
+
+@keyframes spin {
+    from { transform: rotate(0deg); }
+    to { transform: rotate(360deg); }
+}
+
+@keyframes pulse {
+    0%, 100% { opacity: 1; }
+    50% { opacity: .5; }
+}
diff --git a/frontend/src/styles/components/_api-settings.less b/frontend/src/styles/components/_api-settings.scss
similarity index 59%
rename from frontend/src/styles/components/_api-settings.less
rename to frontend/src/styles/components/_api-settings.scss
index c39465ba..e269f16c 100644
--- a/frontend/src/styles/components/_api-settings.less
+++ b/frontend/src/styles/components/_api-settings.scss
@@ -5,7 +5,7 @@
 .api-settings {
     display: flex;
     flex-direction: column;
-    gap: @space-6;
+    gap: $space-6;
 }
 
 // ─── Tables ────────────────────────────────────────────
@@ -17,41 +17,41 @@
 .api-settings__table {
     width: 100%;
     border-collapse: collapse;
-    font-size: @font-size-sm;
+    font-size: $font-size-sm;
 
     th, td {
-        padding: @space-2 @space-3;
+        padding: $space-2 $space-3;
         text-align: left;
-        border-bottom: 1px solid @border-subtle;
+        border-bottom: 1px solid $border-subtle;
     }
 
     th {
-        color: @text-secondary;
+        color: $text-secondary;
         font-weight: 500;
-        font-size: @font-size-xs;
+        font-size: $font-size-xs;
         text-transform: uppercase;
         letter-spacing: 0.05em;
     }
 
     td {
-        color: @text-primary;
+        color: $text-primary;
     }
 
     tbody tr:hover {
-        background: @bg-hover;
+        background: $bg-hover;
     }
 
     code {
-        font-family: @font-mono;
-        font-size: @font-size-xs;
+        font-family: $font-mono;
+        font-size: $font-size-xs;
         padding: 2px 6px;
-        background: @bg-elevated;
-        border-radius: @radius-sm;
+        background: $bg-elevated;
+        border-radius: $radius-sm;
     }
 
     &--compact {
         th, td {
-            padding: @space-1 @space-2;
+            padding: $space-1 $space-2;
         }
     }
 }
@@ -61,21 +61,21 @@
 }
 
 .api-settings__key-prefix {
-    font-family: @font-mono;
+    font-family: $font-mono;
 }
 
 .api-settings__muted {
-    color: @text-tertiary;
-    font-size: @font-size-xs;
+    color: $text-tertiary;
+    font-size: $font-size-xs;
 }
 
 .api-settings__actions {
     display: flex;
-    gap: @space-1;
+    gap: $space-1;
 }
 
 .api-settings__error-count {
-    color: @danger;
+    color: $danger;
     font-weight: 600;
 }
 
@@ -84,18 +84,18 @@
 .api-settings__rate-limits {
     display: grid;
     grid-template-columns: 1fr 1fr;
-    gap: @space-4;
-    padding: @space-4;
+    gap: $space-4;
+    padding: $space-4;
 
     .form-group--inline {
         display: flex;
         flex-direction: column;
-        gap: @space-1;
+        gap: $space-1;
 
         label {
-            font-size: @font-size-sm;
+            font-size: $font-size-sm;
             font-weight: 500;
-            color: @text-secondary;
+            color: $text-secondary;
         }
     }
 }
@@ -105,13 +105,13 @@
 .api-settings__webhooks {
     display: flex;
     flex-direction: column;
-    gap: @space-2;
-    padding: @space-2;
+    gap: $space-2;
+    padding: $space-2;
 }
 
 .api-settings__webhook-card {
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
     overflow: hidden;
 }
 
@@ -119,31 +119,31 @@
     display: flex;
     align-items: center;
     justify-content: space-between;
-    padding: @space-3 @space-4;
+    padding: $space-3 $space-4;
     cursor: pointer;
     transition: background 0.15s;
 
     &:hover {
-        background: @bg-hover;
+        background: $bg-hover;
     }
 }
 
 .api-settings__webhook-info {
     display: flex;
     flex-direction: column;
-    gap: @space-1;
+    gap: $space-1;
     min-width: 0;
 }
 
 .api-settings__webhook-name {
     font-weight: 600;
-    color: @text-primary;
+    color: $text-primary;
 }
 
 .api-settings__webhook-url {
-    font-family: @font-mono;
-    font-size: @font-size-xs;
-    color: @text-tertiary;
+    font-family: $font-mono;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
     overflow: hidden;
     text-overflow: ellipsis;
     white-space: nowrap;
@@ -152,33 +152,33 @@
 .api-settings__webhook-events {
     display: flex;
     flex-wrap: wrap;
-    gap: @space-1;
-    margin-top: @space-1;
+    gap: $space-1;
+    margin-top: $space-1;
 }
 
 .api-settings__webhook-controls {
     display: flex;
     align-items: center;
-    gap: @space-2;
+    gap: $space-2;
     flex-shrink: 0;
 }
 
 .api-settings__webhook-details {
-    border-top: 1px solid @border-subtle;
-    padding: @space-3 @space-4;
+    border-top: 1px solid $border-subtle;
+    padding: $space-3 $space-4;
 }
 
 .api-settings__webhook-actions {
     display: flex;
-    gap: @space-2;
-    margin-bottom: @space-3;
+    gap: $space-2;
+    margin-bottom: $space-3;
 }
 
 .api-settings__deliveries {
     h4 {
-        font-size: @font-size-sm;
-        color: @text-secondary;
-        margin-bottom: @space-2;
+        font-size: $font-size-sm;
+        color: $text-secondary;
+        margin-bottom: $space-2;
     }
 }
 
@@ -186,46 +186,46 @@
 
 .api-settings__period-select {
     display: flex;
-    gap: @space-1;
+    gap: $space-1;
 }
 
 .api-settings__stats-grid {
     display: grid;
     grid-template-columns: repeat(4, 1fr);
-    gap: @space-3;
-    padding: @space-4;
+    gap: $space-3;
+    padding: $space-4;
 }
 
 .api-settings__stat-card {
     display: flex;
     flex-direction: column;
-    gap: @space-1;
-    padding: @space-3;
-    background: @bg-elevated;
-    border-radius: @radius-md;
+    gap: $space-1;
+    padding: $space-3;
+    background: $bg-elevated;
+    border-radius: $radius-md;
     text-align: center;
 }
 
 .api-settings__stat-value {
-    font-size: @font-size-xl;
+    font-size: $font-size-xl;
     font-weight: 700;
-    color: @text-primary;
+    color: $text-primary;
 }
 
 .api-settings__stat-label {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
     text-transform: uppercase;
     letter-spacing: 0.05em;
 }
 
 .api-settings__chart {
-    padding: @space-4;
+    padding: $space-4;
 
     h4 {
-        font-size: @font-size-sm;
-        color: @text-secondary;
-        margin-bottom: @space-3;
+        font-size: $font-size-sm;
+        color: $text-secondary;
+        margin-bottom: $space-3;
     }
 }
 
@@ -234,7 +234,7 @@
     align-items: flex-end;
     gap: 2px;
     height: 120px;
-    padding: @space-2 0;
+    padding: $space-2 0;
 }
 
 .api-settings__bar-col {
@@ -248,85 +248,85 @@
 }
 
 .api-settings__bar {
-    background: @accent-primary;
-    border-radius: @radius-sm @radius-sm 0 0;
+    background: $accent-primary;
+    border-radius: $radius-sm $radius-sm 0 0;
     min-height: 2px;
     transition: height 0.3s ease;
 
     &--error {
-        background: @danger;
+        background: $danger;
         border-radius: 0;
     }
 }
 
 .api-settings__top-endpoints {
-    padding: @space-4;
+    padding: $space-4;
 
     h4 {
-        font-size: @font-size-sm;
-        color: @text-secondary;
-        margin-bottom: @space-2;
+        font-size: $font-size-sm;
+        color: $text-secondary;
+        margin-bottom: $space-2;
     }
 }
 
 // ─── Method Badges ─────────────────────────────────────
 
 .badge--method {
-    font-family: @font-mono;
-    font-size: @font-size-xs;
+    font-family: $font-mono;
+    font-size: $font-size-xs;
     font-weight: 600;
     padding: 1px 6px;
-    border-radius: @radius-sm;
+    border-radius: $radius-sm;
 }
 
 .badge--get {
-    background: @success-bg;
-    color: @success;
+    background: $success-bg;
+    color: $success;
 }
 
 .badge--post {
-    background: @info-bg;
-    color: @info;
+    background: $info-bg;
+    color: $info;
 }
 
 .badge--put {
-    background: @warning-bg;
-    color: @warning;
+    background: $warning-bg;
+    color: $warning;
 }
 
 .badge--delete {
-    background: @danger-bg;
-    color: @danger;
+    background: $danger-bg;
+    color: $danger;
 }
 
 .badge--patch {
-    background: @info-bg;
-    color: @info;
+    background: $info-bg;
+    color: $info;
 }
 
 // ─── Tier Badges ───────────────────────────────────────
 
 .badge--standard {
-    background: @bg-elevated;
-    color: @text-secondary;
+    background: $bg-elevated;
+    color: $text-secondary;
 }
 
 .badge--elevated {
-    background: @info-bg;
-    color: @info;
+    background: $info-bg;
+    color: $info;
 }
 
 .badge--unlimited {
-    background: @warning-bg;
-    color: @warning;
+    background: $warning-bg;
+    color: $warning;
 }
 
 .badge--subtle {
-    background: @bg-elevated;
-    color: @text-secondary;
-    font-size: @font-size-xs;
+    background: $bg-elevated;
+    color: $text-secondary;
+    font-size: $font-size-xs;
     padding: 1px 6px;
-    border-radius: @radius-sm;
+    border-radius: $radius-sm;
 }
 
 // ─── API Key Modal ─────────────────────────────────────
@@ -337,29 +337,29 @@
     .api-key-modal__warning {
         display: flex;
         align-items: center;
-        gap: @space-2;
-        padding: @space-3;
-        background: @warning-bg;
-        border: 1px solid @warning-border;
-        border-radius: @radius-md;
-        color: @warning;
-        font-size: @font-size-sm;
-        margin-bottom: @space-4;
+        gap: $space-2;
+        padding: $space-3;
+        background: $warning-bg;
+        border: 1px solid $warning-border;
+        border-radius: $radius-md;
+        color: $warning;
+        font-size: $font-size-sm;
+        margin-bottom: $space-4;
     }
 
     .api-key-modal__key-display {
         display: flex;
         align-items: center;
-        gap: @space-2;
-        padding: @space-3;
-        background: @bg-elevated;
-        border-radius: @radius-md;
+        gap: $space-2;
+        padding: $space-3;
+        background: $bg-elevated;
+        border-radius: $radius-md;
         overflow-x: auto;
 
         code {
             flex: 1;
-            font-family: @font-mono;
-            font-size: @font-size-sm;
+            font-family: $font-mono;
+            font-size: $font-size-sm;
             word-break: break-all;
         }
     }
@@ -367,70 +367,70 @@
     .api-key-modal__tiers {
         display: grid;
         grid-template-columns: repeat(3, 1fr);
-        gap: @space-2;
+        gap: $space-2;
     }
 
     .api-key-modal__tier-btn {
         display: flex;
         flex-direction: column;
         align-items: center;
-        gap: @space-1;
-        padding: @space-3;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-md;
+        gap: $space-1;
+        padding: $space-3;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-md;
         background: transparent;
-        color: @text-secondary;
+        color: $text-secondary;
         cursor: pointer;
         transition: all 0.15s;
 
         &:hover {
-            border-color: @border-default;
-            background: @bg-hover;
+            border-color: $border-default;
+            background: $bg-hover;
         }
 
         &.active {
-            border-color: @accent-primary;
-            background: fade(@accent-primary-raw, 8%);
-            color: @accent-primary;
+            border-color: $accent-primary;
+            background: fade($accent-primary-raw, 8%);
+            color: $accent-primary;
         }
     }
 
     .api-key-modal__tier-label {
         font-weight: 600;
-        font-size: @font-size-sm;
+        font-size: $font-size-sm;
     }
 
     .api-key-modal__tier-desc {
-        font-size: @font-size-xs;
+        font-size: $font-size-xs;
         opacity: 0.7;
     }
 
     .api-key-modal__scopes {
         display: grid;
         grid-template-columns: repeat(2, 1fr);
-        gap: @space-1;
+        gap: $space-1;
         max-height: 200px;
         overflow-y: auto;
-        padding: @space-2;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-md;
+        padding: $space-2;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-md;
     }
 
     .api-key-modal__scope-item {
         display: flex;
         align-items: center;
-        gap: @space-2;
-        font-size: @font-size-sm;
-        padding: @space-1;
+        gap: $space-2;
+        font-size: $font-size-sm;
+        padding: $space-1;
         cursor: pointer;
 
         &:hover {
-            background: @bg-hover;
-            border-radius: @radius-sm;
+            background: $bg-hover;
+            border-radius: $radius-sm;
         }
 
         input[type="checkbox"] {
-            accent-color: @accent-primary;
+            accent-color: $accent-primary;
         }
     }
 }
@@ -443,13 +443,13 @@
     .webhook-modal__events {
         max-height: 300px;
         overflow-y: auto;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-md;
-        padding: @space-2;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-md;
+        padding: $space-2;
     }
 
     .webhook-modal__event-group {
-        margin-bottom: @space-2;
+        margin-bottom: $space-2;
 
         &:last-child {
             margin-bottom: 0;
@@ -459,59 +459,59 @@
     .webhook-modal__category {
         display: flex;
         align-items: center;
-        gap: @space-2;
-        padding: @space-1;
+        gap: $space-2;
+        padding: $space-1;
         cursor: pointer;
-        font-size: @font-size-sm;
+        font-size: $font-size-sm;
 
         input[type="checkbox"] {
-            accent-color: @accent-primary;
+            accent-color: $accent-primary;
         }
     }
 
     .webhook-modal__event-list {
-        padding-left: @space-6;
+        padding-left: $space-6;
     }
 
     .webhook-modal__event-item {
         display: flex;
         align-items: center;
-        gap: @space-2;
-        padding: @space-1;
+        gap: $space-2;
+        padding: $space-1;
         cursor: pointer;
-        font-size: @font-size-sm;
+        font-size: $font-size-sm;
 
         &:hover {
-            background: @bg-hover;
-            border-radius: @radius-sm;
+            background: $bg-hover;
+            border-radius: $radius-sm;
         }
 
         input[type="checkbox"] {
-            accent-color: @accent-primary;
+            accent-color: $accent-primary;
         }
     }
 
     .webhook-modal__event-type {
-        font-family: @font-mono;
-        font-size: @font-size-xs;
-        color: @text-primary;
+        font-family: $font-mono;
+        font-size: $font-size-xs;
+        color: $text-primary;
     }
 
     .webhook-modal__event-desc {
-        color: @text-tertiary;
-        font-size: @font-size-xs;
+        color: $text-tertiary;
+        font-size: $font-size-xs;
     }
 
     .form-row {
         display: grid;
         grid-template-columns: 1fr 1fr;
-        gap: @space-4;
+        gap: $space-4;
     }
 }
 
 // ─── Responsive ────────────────────────────────────────
 
-@media (max-width: 768px) {
+@media (max-width: $breakpoint-md) {
     .api-settings__stats-grid {
         grid-template-columns: repeat(2, 1fr);
     }
diff --git a/frontend/src/styles/components/_badges.less b/frontend/src/styles/components/_badges.less
deleted file mode 100644
index 69b8d78d..00000000
--- a/frontend/src/styles/components/_badges.less
+++ /dev/null
@@ -1,155 +0,0 @@
-// ============================================
-// BADGE COMPONENTS
-// ============================================
-
-// Status badge
-.status-badge {
-    display: flex;
-    align-items: center;
-    gap: @space-2 - 2;
-    padding: @space-1 @space-2 + 2;
-    border-radius: @radius-full;
-    font-size: @font-size-xs + 1;
-    font-weight: @font-weight-semibold;
-    border: 1px solid transparent;
-}
-
-.status-dot {
-    .status-dot(currentColor);
-}
-
-// Status variants
-.status-active {
-    background: @success-bg;
-    color: @success;
-    border-color: @success-border;
-}
-
-.status-warning {
-    background: @warning-bg;
-    color: @warning;
-    border-color: @warning-border;
-}
-
-.status-stopped {
-    background: fade(@text-tertiary-raw, 10%);
-    color: @text-tertiary;
-    border-color: fade(@text-tertiary-raw, 20%);
-}
-
-.status-error {
-    background: @danger-bg;
-    color: @danger;
-    border-color: @danger-border;
-}
-
-// App type badge
-.app-type {
-    background: @bg-hover;
-    padding: @space-1 - 2 @space-2;
-    border-radius: @radius-sm;
-    font-weight: @font-weight-semibold;
-    font-size: @font-size-xs;
-    letter-spacing: 0.5px;
-    text-transform: uppercase;
-}
-
-// SSL badge
-.ssl-badge {
-    background: @success-bg;
-    color: @success;
-    padding: @space-1 - 2 @space-2;
-    border-radius: @radius-sm;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-semibold;
-}
-
-// Active badge (for themes/plugins)
-.active-badge {
-    background: @success-bg;
-    color: @success;
-    padding: @space-1 @space-3;
-    border-radius: @radius-full;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-semibold;
-}
-
-// Database type badge
-.db-type-badge {
-    display: inline-flex;
-    align-items: center;
-    gap: @space-1;
-    background: @bg-hover;
-    padding: @space-1 - 2 @space-2;
-    border-radius: @radius-sm;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-semibold;
-    text-transform: uppercase;
-    letter-spacing: 0.3px;
-
-    &.mysql {
-        color: @color-mysql;
-    }
-
-    &.postgresql {
-        color: @color-postgresql;
-    }
-}
-
-// Privilege tag
-.privilege-tag {
-    background: @accent-glow;
-    color: @accent-primary;
-    padding: @space-1 - 2 @space-2;
-    border-radius: @radius-sm;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-semibold;
-    text-transform: uppercase;
-    letter-spacing: 0.3px;
-}
-
-// Table name tag
-.table-tag {
-    background: @bg-hover;
-    border: 1px solid @border-subtle;
-    padding: @space-2 - 2 @space-3;
-    border-radius: @radius-md;
-    .mono-text();
-    color: @text-secondary;
-}
-
-// Environment badge
-.env-badge {
-    display: inline-flex;
-    align-items: center;
-    gap: @space-1;
-    padding: @space-1 - 2 @space-2;
-    border-radius: @radius-sm;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-semibold;
-    text-transform: uppercase;
-    letter-spacing: 0.3px;
-    border: 1px solid transparent;
-
-    &.env-production {
-        background: fade(@success, 15%);
-        color: @success;
-        border-color: fade(@success, 30%);
-    }
-
-    &.env-development {
-        background: fade(@accent-primary-raw, 15%);
-        color: @accent-primary;
-        border-color: fade(@accent-primary-raw, 30%);
-    }
-
-    &.env-staging {
-        background: fade(@warning, 15%);
-        color: @warning;
-        border-color: fade(@warning, 30%);
-    }
-
-    .env-linked-icon {
-        opacity: 0.7;
-    }
-}
diff --git a/frontend/src/styles/components/_badges.scss b/frontend/src/styles/components/_badges.scss
new file mode 100644
index 00000000..922dc1f4
--- /dev/null
+++ b/frontend/src/styles/components/_badges.scss
@@ -0,0 +1,193 @@
+// ============================================
+// BADGE COMPONENTS
+// ============================================
+
+// Status badge
+.status-badge {
+    display: flex;
+    align-items: center;
+    gap: $space-2 - 2;
+    padding: $space-1 $space-2 + 2;
+    border-radius: $radius-full;
+    font-size: $font-size-xs + 1;
+    font-weight: $font-weight-semibold;
+    border: 1px solid transparent;
+}
+
+.status-dot {
+    @include status-dot(currentColor);
+}
+
+// Status variants
+.status-active {
+    background: $success-bg;
+    color: $success;
+    border-color: $success-border;
+}
+
+.status-warning {
+    background: $warning-bg;
+    color: $warning;
+    border-color: $warning-border;
+}
+
+.status-stopped {
+    background: fade($text-tertiary-raw, 10%);
+    color: $text-tertiary;
+    border-color: fade($text-tertiary-raw, 20%);
+}
+
+.status-error {
+    background: $danger-bg;
+    color: $danger;
+    border-color: $danger-border;
+}
+
+// App type badge
+.app-type {
+    background: $bg-hover;
+    padding: $space-1 - 2 $space-2;
+    border-radius: $radius-sm;
+    font-weight: $font-weight-semibold;
+    font-size: $font-size-xs;
+    letter-spacing: 0.5px;
+    text-transform: uppercase;
+}
+
+// SSL badge
+.ssl-badge {
+    background: $success-bg;
+    color: $success;
+    padding: $space-1 - 2 $space-2;
+    border-radius: $radius-sm;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-semibold;
+}
+
+// Active badge (for themes/plugins)
+.active-badge {
+    background: $success-bg;
+    color: $success;
+    padding: $space-1 $space-3;
+    border-radius: $radius-full;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-semibold;
+}
+
+// Database type badge
+.db-type-badge {
+    display: inline-flex;
+    align-items: center;
+    gap: $space-1;
+    background: $bg-hover;
+    padding: $space-1 - 2 $space-2;
+    border-radius: $radius-sm;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-semibold;
+    text-transform: uppercase;
+    letter-spacing: 0.3px;
+
+    &.mysql {
+        color: $color-mysql;
+    }
+
+    &.postgresql {
+        color: $color-postgresql;
+    }
+}
+
+// Privilege tag
+.privilege-tag {
+    background: $accent-glow;
+    color: $accent-primary;
+    padding: $space-1 - 2 $space-2;
+    border-radius: $radius-sm;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-semibold;
+    text-transform: uppercase;
+    letter-spacing: 0.3px;
+}
+
+// Table name tag
+.table-tag {
+    background: $bg-hover;
+    border: 1px solid $border-subtle;
+    padding: $space-2 - 2 $space-3;
+    border-radius: $radius-md;
+    @include mono-text();
+    color: $text-secondary;
+}
+
+// Environment badge
+.env-badge {
+    display: inline-flex;
+    align-items: center;
+    gap: $space-1;
+    padding: $space-1 - 2 $space-2;
+    border-radius: $radius-sm;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-semibold;
+    text-transform: uppercase;
+    letter-spacing: 0.3px;
+    border: 1px solid transparent;
+
+    &.env-production {
+        background: fade($success, 15%);
+        color: $success;
+        border-color: fade($success, 30%);
+    }
+
+    &.env-development {
+        background: fade($accent-primary-raw, 15%);
+        color: $accent-primary;
+        border-color: fade($accent-primary-raw, 30%);
+    }
+
+    &.env-staging {
+        background: fade($warning, 15%);
+        color: $warning;
+        border-color: fade($warning, 30%);
+    }
+
+    .env-linked-icon {
+        opacity: 0.7;
+    }
+}
+
+// Global Badge Base
+.badge {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    padding: 0.25rem 0.5rem;
+    font-size: 0.75rem;
+    font-weight: 600;
+    line-height: 1;
+    border-radius: 9999px;
+    white-space: nowrap;
+}
+
+.badge-info {
+    background-color: fade($info, 15%);
+    color: $info;
+}
+
+.badge-success {
+    background-color: fade($success, 15%);
+    color: $success;
+}
+
+.badge-error {
+    background-color: fade($danger, 15%);
+    color: $danger;
+}
+
+.badge-warning {
+    background-color: fade($warning, 15%);
+    color: $warning;
+}
+
+.badge-default {
+    background-color: fade($text-tertiary-raw, 15%);
+    color: $text-tertiary;
+}
diff --git a/frontend/src/styles/components/_build.less b/frontend/src/styles/components/_build.less
deleted file mode 100644
index 5e8c16ef..00000000
--- a/frontend/src/styles/components/_build.less
+++ /dev/null
@@ -1,272 +0,0 @@
-// ============================================
-// BUILD TAB STYLES
-// ============================================
-
-// Build Tab Container
-.build-tab {
-    display: flex;
-    flex-direction: column;
-    gap: @space-6;
-}
-
-// Detection Results
-.detection-results {
-    display: grid;
-    grid-template-columns: repeat(auto-fit, minmax(150px, 1fr));
-    gap: @space-4;
-    margin-top: @space-4;
-}
-
-.detection-item {
-    display: flex;
-    flex-direction: column;
-    gap: @space-1;
-}
-
-.detection-label {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-    text-transform: uppercase;
-    letter-spacing: 0.05em;
-}
-
-.detection-value {
-    font-size: @font-size-md;
-    font-weight: @font-weight-medium;
-    color: @text-primary;
-    text-transform: capitalize;
-
-    &.text-success {
-        color: @success;
-    }
-}
-
-// Build Actions
-.build-actions {
-    display: flex;
-    gap: @space-3;
-    margin-top: @space-4;
-    padding-top: @space-4;
-    border-top: 1px solid @border-subtle;
-}
-
-// Info List
-.info-list {
-    display: flex;
-    flex-direction: column;
-    gap: @space-3;
-}
-
-.info-item {
-    display: flex;
-    justify-content: space-between;
-    align-items: center;
-    padding: @space-2 0;
-    border-bottom: 1px solid @border-subtle;
-
-    &:last-child {
-        border-bottom: none;
-    }
-}
-
-.info-label {
-    font-size: @font-size-sm;
-    color: @text-secondary;
-}
-
-.info-value {
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    color: @text-primary;
-
-    &.mono {
-        font-family: @font-mono;
-    }
-}
-
-// Current Deployment Card
-.current-deployment {
-    background: linear-gradient(135deg, fade(@success, 5%), fade(@accent-primary-raw, 5%));
-    border-color: fade(@success, 30%);
-
-    .deployment-current-info {
-        display: flex;
-        flex-direction: column;
-        gap: @space-3;
-        margin-top: @space-4;
-    }
-
-    .deployment-version {
-        display: flex;
-        align-items: center;
-        gap: @space-3;
-    }
-
-    .version-number {
-        font-size: @font-size-2xl;
-        font-weight: @font-weight-bold;
-        color: @text-primary;
-    }
-
-    .deployment-commit {
-        display: flex;
-        align-items: center;
-        gap: @space-2;
-    }
-
-    .commit-hash {
-        font-family: @font-mono;
-        font-size: @font-size-sm;
-        padding: @space-1 @space-2;
-        background: @bg-hover;
-        border-radius: @radius-sm;
-    }
-
-    .commit-message {
-        font-size: @font-size-sm;
-        color: @text-secondary;
-        max-width: 400px;
-        overflow: hidden;
-        text-overflow: ellipsis;
-        white-space: nowrap;
-    }
-
-    .deployment-meta {
-        display: flex;
-        gap: @space-4;
-        font-size: @font-size-sm;
-        color: @text-tertiary;
-    }
-
-    .deployment-actions {
-        margin-top: @space-4;
-        padding-top: @space-4;
-        border-top: 1px solid @border-subtle;
-    }
-}
-
-// Deployment History Table
-.version-tag {
-    font-family: @font-mono;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-}
-
-// Build Logs List
-.build-logs-list {
-    display: flex;
-    flex-direction: column;
-    gap: @space-2;
-}
-
-.build-log-item {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-    padding: @space-3;
-    background: @bg-hover;
-    border-radius: @radius-md;
-    cursor: pointer;
-    transition: all @transition-fast;
-
-    &:hover {
-        background: @bg-card;
-        box-shadow: @shadow-sm;
-    }
-
-    .build-log-method {
-        font-size: @font-size-sm;
-        font-weight: @font-weight-medium;
-        color: @text-primary;
-        text-transform: capitalize;
-    }
-
-    .build-log-time {
-        font-size: @font-size-sm;
-        color: @text-secondary;
-    }
-
-    .build-log-lines {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-        margin-left: auto;
-    }
-}
-
-// Build Log Modal
-.build-log-meta {
-    display: flex;
-    align-items: center;
-    gap: @space-4;
-    margin-bottom: @space-4;
-    padding-bottom: @space-4;
-    border-bottom: 1px solid @border-subtle;
-    flex-wrap: wrap;
-
-    span {
-        font-size: @font-size-sm;
-        color: @text-secondary;
-    }
-}
-
-.build-log-output {
-    margin: 0;
-    padding: @space-4;
-    background: @bg-body;
-    border-radius: @radius-md;
-    font-family: @font-mono;
-    font-size: @font-size-sm;
-    line-height: @line-height-relaxed;
-    color: @text-primary;
-    max-height: 500px;
-    overflow: auto;
-    white-space: pre-wrap;
-    word-break: break-all;
-}
-
-// Modal Large
-.modal-lg {
-    max-width: 900px;
-    width: 90%;
-}
-
-// Alert with close button
-.alert {
-    position: relative;
-    padding: @space-4;
-    border-radius: @radius-md;
-    margin-bottom: @space-4;
-
-    &-danger {
-        background: @danger-bg;
-        border: 1px solid @danger-border;
-        color: @danger;
-    }
-
-    &-close {
-        position: absolute;
-        top: @space-2;
-        right: @space-3;
-        background: none;
-        border: none;
-        font-size: @font-size-lg;
-        color: inherit;
-        opacity: 0.6;
-        cursor: pointer;
-
-        &:hover {
-            opacity: 1;
-        }
-    }
-}
-
-// Button extra small
-.btn-xs {
-    padding: @space-1 @space-2;
-    font-size: @font-size-xs;
-}
-
-// Utility classes
-.mono {
-    font-family: @font-mono;
-}
diff --git a/frontend/src/styles/components/_build.scss b/frontend/src/styles/components/_build.scss
new file mode 100644
index 00000000..28d65b3b
--- /dev/null
+++ b/frontend/src/styles/components/_build.scss
@@ -0,0 +1,272 @@
+// ============================================
+// BUILD TAB STYLES
+// ============================================
+
+// Build Tab Container
+.build-tab {
+    display: flex;
+    flex-direction: column;
+    gap: $space-6;
+}
+
+// Detection Results
+.detection-results {
+    display: grid;
+    grid-template-columns: repeat(auto-fit, minmax(150px, 1fr));
+    gap: $space-4;
+    margin-top: $space-4;
+}
+
+.detection-item {
+    display: flex;
+    flex-direction: column;
+    gap: $space-1;
+}
+
+.detection-label {
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+    text-transform: uppercase;
+    letter-spacing: 0.05em;
+}
+
+.detection-value {
+    font-size: $font-size-md;
+    font-weight: $font-weight-medium;
+    color: $text-primary;
+    text-transform: capitalize;
+
+    &.text-success {
+        color: $success;
+    }
+}
+
+// Build Actions
+.build-actions {
+    display: flex;
+    gap: $space-3;
+    margin-top: $space-4;
+    padding-top: $space-4;
+    border-top: 1px solid $border-subtle;
+}
+
+// Info List
+.info-list {
+    display: flex;
+    flex-direction: column;
+    gap: $space-3;
+}
+
+.info-item {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    padding: $space-2 0;
+    border-bottom: 1px solid $border-subtle;
+
+    &:last-child {
+        border-bottom: none;
+    }
+}
+
+.info-label {
+    font-size: $font-size-sm;
+    color: $text-secondary;
+}
+
+.info-value {
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    color: $text-primary;
+
+    &.mono {
+        font-family: $font-mono;
+    }
+}
+
+// Current Deployment Card
+.current-deployment {
+    background: linear-gradient(135deg, fade($success, 5%), fade($accent-primary-raw, 5%));
+    border-color: fade($success, 30%);
+
+    .deployment-current-info {
+        display: flex;
+        flex-direction: column;
+        gap: $space-3;
+        margin-top: $space-4;
+    }
+
+    .deployment-version {
+        display: flex;
+        align-items: center;
+        gap: $space-3;
+    }
+
+    .version-number {
+        font-size: $font-size-2xl;
+        font-weight: $font-weight-bold;
+        color: $text-primary;
+    }
+
+    .deployment-commit {
+        display: flex;
+        align-items: center;
+        gap: $space-2;
+    }
+
+    .commit-hash {
+        font-family: $font-mono;
+        font-size: $font-size-sm;
+        padding: $space-1 $space-2;
+        background: $bg-hover;
+        border-radius: $radius-sm;
+    }
+
+    .commit-message {
+        font-size: $font-size-sm;
+        color: $text-secondary;
+        max-width: 400px;
+        overflow: hidden;
+        text-overflow: ellipsis;
+        white-space: nowrap;
+    }
+
+    .deployment-meta {
+        display: flex;
+        gap: $space-4;
+        font-size: $font-size-sm;
+        color: $text-tertiary;
+    }
+
+    .deployment-actions {
+        margin-top: $space-4;
+        padding-top: $space-4;
+        border-top: 1px solid $border-subtle;
+    }
+}
+
+// Deployment History Table
+.version-tag {
+    font-family: $font-mono;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+}
+
+// Build Logs List
+.build-logs-list {
+    display: flex;
+    flex-direction: column;
+    gap: $space-2;
+}
+
+.build-log-item {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+    padding: $space-3;
+    background: $bg-hover;
+    border-radius: $radius-md;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    &:hover {
+        background: $bg-card;
+        box-shadow: $shadow-sm;
+    }
+
+    .build-log-method {
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
+        color: $text-primary;
+        text-transform: capitalize;
+    }
+
+    .build-log-time {
+        font-size: $font-size-sm;
+        color: $text-secondary;
+    }
+
+    .build-log-lines {
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        margin-left: auto;
+    }
+}
+
+// Build Log Modal
+.build-log-meta {
+    display: flex;
+    align-items: center;
+    gap: $space-4;
+    margin-bottom: $space-4;
+    padding-bottom: $space-4;
+    border-bottom: 1px solid $border-subtle;
+    flex-wrap: wrap;
+
+    span {
+        font-size: $font-size-sm;
+        color: $text-secondary;
+    }
+}
+
+.build-log-output {
+    margin: 0;
+    padding: $space-4;
+    background: $bg-body;
+    border-radius: $radius-md;
+    font-family: $font-mono;
+    font-size: $font-size-sm;
+    line-height: $line-height-relaxed;
+    color: $text-primary;
+    max-height: 500px;
+    overflow: auto;
+    white-space: pre-wrap;
+    word-break: break-all;
+}
+
+// Modal Large
+.modal-lg {
+    max-width: 900px;
+    width: 90%;
+}
+
+// Alert with close button
+.alert {
+    position: relative;
+    padding: $space-4;
+    border-radius: $radius-md;
+    margin-bottom: $space-4;
+
+    &-danger {
+        background: $danger-bg;
+        border: 1px solid $danger-border;
+        color: $danger;
+    }
+
+    &-close {
+        position: absolute;
+        top: $space-2;
+        right: $space-3;
+        background: none;
+        border: none;
+        font-size: $font-size-lg;
+        color: inherit;
+        opacity: 0.6;
+        cursor: pointer;
+
+        &:hover {
+            opacity: 1;
+        }
+    }
+}
+
+// Button extra small
+.btn-xs {
+    padding: $space-1 $space-2;
+    font-size: $font-size-xs;
+}
+
+// Utility classes
+.mono {
+    font-family: $font-mono;
+}
diff --git a/frontend/src/styles/components/_buttons.less b/frontend/src/styles/components/_buttons.scss
similarity index 59%
rename from frontend/src/styles/components/_buttons.less
rename to frontend/src/styles/components/_buttons.scss
index c11c9c1c..76373667 100644
--- a/frontend/src/styles/components/_buttons.less
+++ b/frontend/src/styles/components/_buttons.scss
@@ -3,7 +3,7 @@
 // ============================================
 
 .btn {
-    .button-base();
+    @include button-base();
 
     svg {
         width: 16px;
@@ -13,56 +13,56 @@
 
 // Primary button (accent color)
 .btn-primary {
-    background-color: @accent-primary;
+    background-color: $accent-primary;
     color: white;
-    box-shadow: @shadow-accent;
+    box-shadow: $shadow-accent;
 
     &:hover:not(:disabled) {
-        background-color: @accent-hover;
+        background-color: $accent-hover;
     }
 }
 
 // Secondary button (outlined)
 .btn-secondary {
     background-color: transparent;
-    border-color: @border-active;
-    color: @text-primary;
+    border-color: $border-active;
+    color: $text-primary;
 
     &:hover:not(:disabled) {
-        background-color: @bg-hover;
+        background-color: $bg-hover;
     }
 }
 
 // Danger button
 .btn-danger {
-    background: @danger;
+    background: $danger;
     color: white;
 
     &:hover:not(:disabled) {
-        background: @danger-hover;
+        background: $danger-hover;
     }
 }
 
 // Ghost button (no border)
 .btn-ghost {
     background: transparent;
-    color: @text-secondary;
+    color: $text-secondary;
 
     &:hover:not(:disabled) {
-        background-color: @bg-hover;
-        color: @text-primary;
+        background-color: $bg-hover;
+        color: $text-primary;
     }
 }
 
 // Size variants
 .btn-sm {
-    padding: @space-1 @space-2;
-    font-size: @font-size-xs + 1;
+    padding: $space-1 $space-2;
+    font-size: $font-size-xs + 1;
 }
 
 .btn-lg {
-    padding: @space-3 @space-6;
-    font-size: @font-size-base;
+    padding: $space-3 $space-6;
+    font-size: $font-size-base;
 }
 
 // Full width
@@ -73,7 +73,7 @@
 
 // Icon only button
 .btn-icon {
-    padding: @space-2;
+    padding: $space-2;
 
     svg {
         width: 18px;
@@ -85,20 +85,20 @@
 .btn-expand {
     background: none;
     border: none;
-    color: @text-tertiary;
+    color: $text-tertiary;
     cursor: pointer;
-    padding: @space-1 @space-2;
-    font-size: @font-size-sm;
-    .flex-start();
-    gap: @space-1;
-    .transition(color);
+    padding: $space-1 $space-2;
+    font-size: $font-size-sm;
+    @include flex-start();
+    gap: $space-1;
+    @include transition(color);
 
     &:hover {
-        color: @text-primary;
+        color: $text-primary;
     }
 }
 
-// Loading state (see _spinner.less for spinner-specific styles)
+// Loading state (see _spinner.scss for spinner-specific styles)
 .btn-loading {
     position: relative;
     pointer-events: none;
diff --git a/frontend/src/styles/components/_cards.less b/frontend/src/styles/components/_cards.less
deleted file mode 100644
index 91daf1fe..00000000
--- a/frontend/src/styles/components/_cards.less
+++ /dev/null
@@ -1,239 +0,0 @@
-// ============================================
-// CARD COMPONENTS
-// ============================================
-
-.card {
-    .card-base();
-    padding: @space-6;
-    position: relative;
-    overflow: hidden;
-
-    &:hover {
-        transform: translateY(-2px);
-    }
-}
-
-.card-header {
-    .flex-between();
-    margin-bottom: @space-5;
-}
-
-.card h3 {
-    font-size: @font-size-md;
-    font-weight: @font-weight-semibold;
-    color: @text-primary;
-    margin-bottom: @space-1;
-}
-
-.card-link {
-    color: @text-secondary;
-    text-decoration: none;
-    font-size: @font-size-sm + 1;
-    .transition(color);
-
-    &:hover {
-        color: @accent-primary;
-    }
-}
-
-// Application/Service icon
-.app-icon {
-    .icon-box(48px);
-    border-radius: @radius-xl - 2;
-    font-size: @font-size-lg;
-    font-weight: @font-weight-bold;
-    color: white;
-}
-
-// Metrics row at bottom of cards
-.metric-row {
-    margin-top: @space-6;
-    padding-top: @space-5;
-    border-top: 1px solid @border-subtle;
-    .flex-between();
-    font-size: @font-size-sm;
-    color: @text-secondary;
-}
-
-.metric-item {
-    .flex-column();
-    gap: @space-1;
-}
-
-.metric-value {
-    font-weight: @font-weight-semibold;
-    color: @text-primary;
-    .mono-text();
-}
-
-// Stats grid layout
-.stats-grid {
-    display: grid;
-    grid-template-columns: repeat(4, 1fr);
-    gap: @space-4;
-    margin-bottom: @space-6;
-
-    @media (max-width: @breakpoint-xl) {
-        grid-template-columns: repeat(2, 1fr);
-    }
-
-    @media (max-width: @breakpoint-sm) {
-        grid-template-columns: 1fr;
-    }
-}
-
-// Stat cards (dashboard)
-.stat-card {
-    background: @bg-card;
-    padding: @space-5;
-    border-radius: @radius-xl;
-    border: 1px solid @border-subtle;
-    display: flex;
-    align-items: center;
-    gap: @space-4;
-}
-
-.stat-icon {
-    width: 48px;
-    height: 48px;
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    border-radius: @radius-lg;
-    flex-shrink: 0;
-
-    svg {
-        width: 24px;
-        height: 24px;
-        stroke: currentColor;
-        stroke-width: 2;
-        fill: none;
-    }
-
-    // Default colors
-    background: fade(@accent-primary-raw, 10%);
-    color: @accent-primary;
-
-    &.backups {
-        background: fade(@accent-primary-raw, 10%);
-        color: @accent-primary;
-    }
-
-    &.apps {
-        background: fade(@success, 10%);
-        color: @success;
-    }
-
-    &.databases {
-        background: fade(@color-postgresql, 10%);
-        color: @color-postgresql;
-    }
-
-    &.size {
-        background: fade(@warning, 10%);
-        color: @warning;
-    }
-
-    &.alerts {
-        background: fade(@danger, 10%);
-        color: @danger;
-    }
-
-    &.schedules {
-        background: fade(@color-docker, 10%);
-        color: @color-docker;
-    }
-}
-
-.stat-content {
-    display: flex;
-    flex-direction: column;
-    gap: @space-1;
-    min-width: 0;
-}
-
-.stat-label {
-    font-size: @font-size-sm;
-    color: @text-tertiary;
-    font-weight: @font-weight-medium;
-}
-
-.stat-value {
-    font-size: @font-size-xl;
-    font-weight: @font-weight-bold;
-    color: @text-primary;
-    line-height: 1.2;
-}
-
-.stat-suffix {
-    font-size: @font-size-base;
-    color: @text-tertiary;
-    font-weight: @font-weight-normal;
-}
-
-// Progress bar
-.progress-bar {
-    height: 4px;
-    background: @bg-hover;
-    border-radius: @radius-sm - 2;
-    overflow: hidden;
-    margin-top: @space-1;
-}
-
-.progress-fill {
-    height: 100%;
-    border-radius: @radius-sm - 2;
-    .transition(width);
-}
-
-// Empty state card
-.empty-state {
-    text-align: center;
-    padding: @space-16 @space-5;
-    background: @bg-card;
-    border-radius: @radius-xl;
-    border: 1px solid @border-subtle;
-
-    svg {
-        color: @text-tertiary;
-        margin-bottom: @space-4;
-    }
-
-    h3 {
-        font-size: @font-size-md;
-        font-weight: @font-weight-semibold;
-        margin-bottom: @space-2;
-    }
-
-    p {
-        color: @text-secondary;
-        margin-bottom: @space-6;
-    }
-}
-
-// Section header
-.section-header {
-    .flex-between();
-    margin-bottom: @space-5;
-
-    h3 {
-        font-size: @font-size-md;
-        font-weight: @font-weight-semibold;
-    }
-}
-
-// Danger zone card
-.danger-zone {
-    border-color: fade(@danger, 30%);
-    background: fade(@danger, 5%);
-
-    h4 {
-        color: @danger;
-        margin-bottom: @space-2;
-    }
-
-    p {
-        color: @text-secondary;
-        margin-bottom: @space-4;
-    }
-}
diff --git a/frontend/src/styles/components/_cards.scss b/frontend/src/styles/components/_cards.scss
new file mode 100644
index 00000000..c0f90cd6
--- /dev/null
+++ b/frontend/src/styles/components/_cards.scss
@@ -0,0 +1,239 @@
+// ============================================
+// CARD COMPONENTS
+// ============================================
+
+.card {
+    @include card-base();
+    padding: $space-6;
+    position: relative;
+    overflow: hidden;
+
+    &:hover {
+        transform: translateY(-2px);
+    }
+}
+
+.card-header {
+    @include flex-between();
+    margin-bottom: $space-5;
+}
+
+.card h3 {
+    font-size: $font-size-md;
+    font-weight: $font-weight-semibold;
+    color: $text-primary;
+    margin-bottom: $space-1;
+}
+
+.card-link {
+    color: $text-secondary;
+    text-decoration: none;
+    font-size: $font-size-sm + 1;
+    @include transition(color);
+
+    &:hover {
+        color: $accent-primary;
+    }
+}
+
+// Application/Service icon
+.app-icon {
+    @include icon-box(48px);
+    border-radius: $radius-xl - 2;
+    font-size: $font-size-lg;
+    font-weight: $font-weight-bold;
+    color: white;
+}
+
+// Metrics row at bottom of cards
+.metric-row {
+    margin-top: $space-6;
+    padding-top: $space-5;
+    border-top: 1px solid $border-subtle;
+    @include flex-between();
+    font-size: $font-size-sm;
+    color: $text-secondary;
+}
+
+.metric-item {
+    @include flex-column();
+    gap: $space-1;
+}
+
+.metric-value {
+    font-weight: $font-weight-semibold;
+    color: $text-primary;
+    @include mono-text();
+}
+
+// Stats grid layout
+.stats-grid {
+    display: grid;
+    grid-template-columns: repeat(4, 1fr);
+    gap: $space-4;
+    margin-bottom: $space-6;
+
+    @media (max-width: $breakpoint-xl) {
+        grid-template-columns: repeat(2, 1fr);
+    }
+
+    @media (max-width: $breakpoint-sm) {
+        grid-template-columns: 1fr;
+    }
+}
+
+// Stat cards (dashboard)
+.stat-card {
+    background: $bg-card;
+    padding: $space-5;
+    border-radius: $radius-xl;
+    border: 1px solid $border-subtle;
+    display: flex;
+    align-items: center;
+    gap: $space-4;
+}
+
+.stat-icon {
+    width: 48px;
+    height: 48px;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    border-radius: $radius-lg;
+    flex-shrink: 0;
+
+    svg {
+        width: 24px;
+        height: 24px;
+        stroke: currentColor;
+        stroke-width: 2;
+        fill: none;
+    }
+
+    // Default colors
+    background: fade($accent-primary-raw, 10%);
+    color: $accent-primary;
+
+    &.backups {
+        background: fade($accent-primary-raw, 10%);
+        color: $accent-primary;
+    }
+
+    &.apps {
+        background: fade($success, 10%);
+        color: $success;
+    }
+
+    &.databases {
+        background: fade($color-postgresql, 10%);
+        color: $color-postgresql;
+    }
+
+    &.size {
+        background: fade($warning, 10%);
+        color: $warning;
+    }
+
+    &.alerts {
+        background: fade($danger, 10%);
+        color: $danger;
+    }
+
+    &.schedules {
+        background: fade($color-docker, 10%);
+        color: $color-docker;
+    }
+}
+
+.stat-content {
+    display: flex;
+    flex-direction: column;
+    gap: $space-1;
+    min-width: 0;
+}
+
+.stat-label {
+    font-size: $font-size-sm;
+    color: $text-tertiary;
+    font-weight: $font-weight-medium;
+}
+
+.stat-value {
+    font-size: $font-size-xl;
+    font-weight: $font-weight-bold;
+    color: $text-primary;
+    line-height: 1.2;
+}
+
+.stat-suffix {
+    font-size: $font-size-base;
+    color: $text-tertiary;
+    font-weight: $font-weight-normal;
+}
+
+// Progress bar
+.progress-bar {
+    height: 4px;
+    background: $bg-hover;
+    border-radius: $radius-sm - 2;
+    overflow: hidden;
+    margin-top: $space-1;
+}
+
+.progress-fill {
+    height: 100%;
+    border-radius: $radius-sm - 2;
+    @include transition(width);
+}
+
+// Empty state card
+.empty-state {
+    text-align: center;
+    padding: $space-16 $space-5;
+    background: $bg-card;
+    border-radius: $radius-xl;
+    border: 1px solid $border-subtle;
+
+    svg {
+        color: $text-tertiary;
+        margin-bottom: $space-4;
+    }
+
+    h3 {
+        font-size: $font-size-md;
+        font-weight: $font-weight-semibold;
+        margin-bottom: $space-2;
+    }
+
+    p {
+        color: $text-secondary;
+        margin-bottom: $space-6;
+    }
+}
+
+// Section header
+.section-header {
+    @include flex-between();
+    margin-bottom: $space-5;
+
+    h3 {
+        font-size: $font-size-md;
+        font-weight: $font-weight-semibold;
+    }
+}
+
+// Danger zone card
+.danger-zone {
+    border-color: fade($danger, 30%);
+    background: fade($danger, 5%);
+
+    h4 {
+        color: $danger;
+        margin-bottom: $space-2;
+    }
+
+    p {
+        color: $text-secondary;
+        margin-bottom: $space-4;
+    }
+}
diff --git a/frontend/src/styles/components/_contribution-graph.scss b/frontend/src/styles/components/_contribution-graph.scss
new file mode 100644
index 00000000..d2f1b08c
--- /dev/null
+++ b/frontend/src/styles/components/_contribution-graph.scss
@@ -0,0 +1,91 @@
+.contribution-graph-container {
+    padding: $space-4;
+    background: $bg-card;
+    border: 1px solid $border-default;
+    border-radius: $radius-md;
+    margin-bottom: $space-6;
+
+    .graph-header {
+        display: flex;
+        justify-content: space-between;
+        align-items: center;
+        margin-bottom: $space-4;
+
+        h4 {
+            margin: 0;
+            font-size: $font-size-md;
+            font-weight: 600;
+
+            .username {
+                color: $accent-primary;
+                margin-left: $space-2;
+                font-weight: 500;
+            }
+        }
+
+        .graph-legend {
+            display: flex;
+            align-items: center;
+            gap: $space-2;
+            font-size: $font-size-xs;
+            color: $text-tertiary;
+
+            .legend-cells {
+                display: flex;
+                gap: 2px;
+
+                .cell {
+                    width: 10px;
+                    height: 10px;
+                    border-radius: 2px;
+                }
+            }
+        }
+    }
+
+    .graph-grid-wrapper {
+        overflow-x: auto;
+        padding-bottom: $space-2;
+
+        &::-webkit-scrollbar {
+            height: 6px;
+        }
+        &::-webkit-scrollbar-track {
+            background: transparent;
+        }
+        &::-webkit-scrollbar-thumb {
+            background: $bg-hover;
+            border-radius: $radius-full;
+        }
+    }
+
+    .graph-grid {
+        display: flex;
+        gap: 3px;
+        min-width: fit-content;
+    }
+
+    .graph-week {
+        display: flex;
+        flex-direction: column;
+        gap: 3px;
+    }
+
+    .graph-cell {
+        width: 12px;
+        height: 12px;
+        border-radius: 2px;
+        transition: transform 0.1s ease;
+
+        &:hover {
+            transform: scale(1.2);
+            z-index: 10;
+        }
+    }
+
+    .level-0 { background-color: $bg-hover; }
+    .level-1 { background-color: fade($accent-primary-raw, 30%); }
+    .level-2 { background-color: fade($accent-primary-raw, 55%); }
+    .level-3 { background-color: fade($accent-primary-raw, 80%); }
+    .level-4 { background-color: $accent-primary; }
+}
diff --git a/frontend/src/styles/components/_credentials.less b/frontend/src/styles/components/_credentials.less
deleted file mode 100644
index 3738961a..00000000
--- a/frontend/src/styles/components/_credentials.less
+++ /dev/null
@@ -1,66 +0,0 @@
-// ============================================
-// CREDENTIALS DISPLAY COMPONENT
-// ============================================
-
-.credentials-box {
-    background: @bg-body;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-4;
-    margin: @space-4 0;
-
-    h4 {
-        font-size: @font-size-base;
-        font-weight: @font-weight-semibold;
-        margin-bottom: @space-3;
-        color: @success;
-    }
-
-    .warning {
-        font-size: @font-size-sm;
-        color: @warning;
-        margin-bottom: @space-3;
-        .flex-start();
-        gap: @space-2 - 2;
-    }
-}
-
-.credential-row {
-    .flex-start();
-    gap: @space-3;
-    padding: @space-2 0;
-    border-bottom: 1px solid @border-subtle;
-
-    &:last-child {
-        border-bottom: none;
-    }
-}
-
-.credential-label {
-    font-size: @font-size-sm;
-    color: @text-tertiary;
-    min-width: 80px;
-}
-
-.credential-value {
-    .mono-text();
-    font-size: @font-size-sm + 1;
-    color: @text-primary;
-    background: @bg-hover;
-    padding: @space-1 @space-2;
-    border-radius: @radius-sm;
-    flex: 1;
-}
-
-.credential-copy {
-    background: none;
-    border: none;
-    color: @text-tertiary;
-    cursor: pointer;
-    padding: @space-1;
-    .transition(color);
-
-    &:hover {
-        color: @accent-primary;
-    }
-}
diff --git a/frontend/src/styles/components/_credentials.scss b/frontend/src/styles/components/_credentials.scss
new file mode 100644
index 00000000..bb5e4d75
--- /dev/null
+++ b/frontend/src/styles/components/_credentials.scss
@@ -0,0 +1,66 @@
+// ============================================
+// CREDENTIALS DISPLAY COMPONENT
+// ============================================
+
+.credentials-box {
+    background: $bg-body;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-4;
+    margin: $space-4 0;
+
+    h4 {
+        font-size: $font-size-base;
+        font-weight: $font-weight-semibold;
+        margin-bottom: $space-3;
+        color: $success;
+    }
+
+    .warning {
+        font-size: $font-size-sm;
+        color: $warning;
+        margin-bottom: $space-3;
+        @include flex-start();
+        gap: $space-2 - 2;
+    }
+}
+
+.credential-row {
+    @include flex-start();
+    gap: $space-3;
+    padding: $space-2 0;
+    border-bottom: 1px solid $border-subtle;
+
+    &:last-child {
+        border-bottom: none;
+    }
+}
+
+.credential-label {
+    font-size: $font-size-sm;
+    color: $text-tertiary;
+    min-width: 80px;
+}
+
+.credential-value {
+    @include mono-text();
+    font-size: $font-size-sm + 1;
+    color: $text-primary;
+    background: $bg-hover;
+    padding: $space-1 $space-2;
+    border-radius: $radius-sm;
+    flex: 1;
+}
+
+.credential-copy {
+    background: none;
+    border: none;
+    color: $text-tertiary;
+    cursor: pointer;
+    padding: $space-1;
+    @include transition(color);
+
+    &:hover {
+        color: $accent-primary;
+    }
+}
diff --git a/frontend/src/styles/components/_deploy.less b/frontend/src/styles/components/_deploy.scss
similarity index 53%
rename from frontend/src/styles/components/_deploy.less
rename to frontend/src/styles/components/_deploy.scss
index 9e4b5fec..76847c64 100644
--- a/frontend/src/styles/components/_deploy.less
+++ b/frontend/src/styles/components/_deploy.scss
@@ -6,30 +6,30 @@
 .deploy-tab {
     display: flex;
     flex-direction: column;
-    gap: @space-6;
+    gap: $space-6;
 }
 
 // Deploy Setup Empty State
 .deploy-setup {
     .empty-state {
         text-align: center;
-        padding: @space-12 @space-8;
-        background: @bg-card;
-        border: 1px dashed @border-subtle;
-        border-radius: @radius-lg;
+        padding: $space-12 $space-8;
+        background: $bg-card;
+        border: 1px dashed $border-subtle;
+        border-radius: $radius-lg;
 
         svg {
-            color: @text-tertiary;
-            margin-bottom: @space-4;
+            color: $text-tertiary;
+            margin-bottom: $space-4;
         }
 
         h3 {
-            margin-bottom: @space-2;
+            margin-bottom: $space-2;
         }
 
         p {
-            color: @text-secondary;
-            margin-bottom: @space-6;
+            color: $text-secondary;
+            margin-bottom: $space-6;
             max-width: 400px;
             margin-left: auto;
             margin-right: auto;
@@ -39,69 +39,69 @@
 
 // Deploy Header
 .deploy-header {
-    margin-bottom: @space-4;
+    margin-bottom: $space-4;
 }
 
 .deploy-status-card {
     display: flex;
     justify-content: space-between;
     align-items: center;
-    padding: @space-4 @space-6;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
+    padding: $space-4 $space-6;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
 }
 
 .deploy-repo-info {
     display: flex;
     align-items: center;
-    gap: @space-3;
+    gap: $space-3;
 
     svg {
-        color: @text-secondary;
+        color: $text-secondary;
     }
 
     .repo-url {
         display: block;
-        font-weight: @font-weight-medium;
-        color: @text-primary;
+        font-weight: $font-weight-medium;
+        color: $text-primary;
     }
 
     .repo-branch {
         display: block;
-        font-size: @font-size-sm;
-        color: @text-secondary;
+        font-size: $font-size-sm;
+        color: $text-secondary;
     }
 }
 
 .deploy-actions {
     display: flex;
-    gap: @space-3;
+    gap: $space-3;
 }
 
 // Deploy Grid
 .deploy-grid {
     display: grid;
     grid-template-columns: repeat(auto-fit, minmax(300px, 1fr));
-    gap: @space-6;
+    gap: $space-6;
 }
 
 // Webhook URL
 .webhook-url {
     display: flex;
-    gap: @space-2;
+    gap: $space-2;
     align-items: center;
-    margin-top: @space-3;
-    padding: @space-3;
-    background: @bg-hover;
-    border-radius: @radius-md;
+    margin-top: $space-3;
+    padding: $space-3;
+    background: $bg-hover;
+    border-radius: $radius-md;
     overflow: hidden;
 
     code {
         flex: 1;
-        font-family: @font-mono;
-        font-size: @font-size-sm;
-        color: @text-primary;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
+        color: $text-primary;
         white-space: nowrap;
         overflow: hidden;
         text-overflow: ellipsis;
@@ -109,58 +109,58 @@
 }
 
 .webhook-logs-toggle {
-    margin-top: @space-4;
+    margin-top: $space-4;
 }
 
 // Webhook Logs
 .webhook-logs {
-    margin-top: @space-4;
-    padding-top: @space-4;
-    border-top: 1px solid @border-subtle;
+    margin-top: $space-4;
+    padding-top: $space-4;
+    border-top: 1px solid $border-subtle;
 }
 
 .webhook-logs-header {
     display: flex;
     justify-content: space-between;
     align-items: center;
-    margin-bottom: @space-3;
+    margin-bottom: $space-3;
 
     h4 {
         margin: 0;
-        font-size: @font-size-sm;
-        font-weight: @font-weight-semibold;
-        color: @text-secondary;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-semibold;
+        color: $text-secondary;
     }
 }
 
 .webhook-logs-list {
     display: flex;
     flex-direction: column;
-    gap: @space-3;
+    gap: $space-3;
     max-height: 400px;
     overflow-y: auto;
 }
 
 .webhook-log-item {
-    padding: @space-3;
-    background: @bg-hover;
-    border-radius: @radius-md;
-    border: 1px solid @border-subtle;
+    padding: $space-3;
+    background: $bg-hover;
+    border-radius: $radius-md;
+    border: 1px solid $border-subtle;
 }
 
 .webhook-log-header {
     display: flex;
     justify-content: space-between;
     align-items: center;
-    margin-bottom: @space-2;
+    margin-bottom: $space-2;
 }
 
 .provider-badge {
     display: inline-block;
-    padding: @space-1 @space-2;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-medium;
-    border-radius: @radius-sm;
+    padding: $space-1 $space-2;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-medium;
+    border-radius: $radius-sm;
     text-transform: capitalize;
 
     &.github {
@@ -180,27 +180,27 @@
 }
 
 .webhook-log-time {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
 }
 
 .webhook-log-details {
-    margin-bottom: @space-2;
+    margin-bottom: $space-2;
 }
 
 .webhook-log-size {
-    font-size: @font-size-sm;
-    color: @text-secondary;
+    font-size: $font-size-sm;
+    color: $text-secondary;
 }
 
 .webhook-log-preview {
     margin: 0;
-    padding: @space-2;
-    background: @bg-body;
-    border-radius: @radius-sm;
-    font-family: @font-mono;
-    font-size: @font-size-xs;
-    color: @text-secondary;
+    padding: $space-2;
+    background: $bg-body;
+    border-radius: $radius-sm;
+    font-family: $font-mono;
+    font-size: $font-size-xs;
+    color: $text-secondary;
     white-space: pre-wrap;
     word-break: break-all;
     max-height: 100px;
@@ -210,7 +210,7 @@
 // Input with action button
 .input-with-action {
     display: flex;
-    gap: @space-2;
+    gap: $space-2;
 
     input {
         flex: 1;
@@ -225,29 +225,29 @@
 .scripts-grid {
     display: grid;
     grid-template-columns: 1fr 1fr;
-    gap: @space-4;
+    gap: $space-4;
 
-    @media (max-width: 768px) {
+    @media (max-width: $breakpoint-md) {
         grid-template-columns: 1fr;
     }
 }
 
 .script-section {
     h4 {
-        margin: 0 0 @space-2 0;
-        font-size: @font-size-sm;
-        color: @text-secondary;
+        margin: 0 0 $space-2 0;
+        font-size: $font-size-sm;
+        color: $text-secondary;
     }
 }
 
 .script-code {
     margin: 0;
-    padding: @space-3;
-    background: @bg-hover;
-    border-radius: @radius-md;
-    font-family: @font-mono;
-    font-size: @font-size-sm;
-    color: @text-primary;
+    padding: $space-3;
+    background: $bg-hover;
+    border-radius: $radius-md;
+    font-family: $font-mono;
+    font-size: $font-size-sm;
+    color: $text-primary;
     white-space: pre-wrap;
     word-break: break-all;
 }
@@ -255,8 +255,8 @@
 // Card Actions
 .card-actions {
     display: flex;
-    gap: @space-2;
-    margin-top: @space-4;
-    padding-top: @space-4;
-    border-top: 1px solid @border-subtle;
+    gap: $space-2;
+    margin-top: $space-4;
+    padding-top: $space-4;
+    border-top: 1px solid $border-subtle;
 }
diff --git a/frontend/src/styles/components/_empty-state.scss b/frontend/src/styles/components/_empty-state.scss
new file mode 100644
index 00000000..0f34186a
--- /dev/null
+++ b/frontend/src/styles/components/_empty-state.scss
@@ -0,0 +1,33 @@
+.empty-state {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    justify-content: center;
+    padding: $spacing-xl * 2;
+    text-align: center;
+    min-height: 200px;
+
+    &__icon {
+        color: $text-tertiary;
+        margin-bottom: $spacing-md;
+        opacity: 0.5;
+    }
+
+    &__title {
+        font-size: $font-size-lg;
+        font-weight: $font-weight-semibold;
+        color: $text-secondary;
+        margin: 0 0 $spacing-sm;
+    }
+
+    &__description {
+        font-size: $font-size-sm + 1;
+        color: $text-tertiary;
+        max-width: 400px;
+        margin: 0 0 $spacing-md;
+    }
+
+    &__action {
+        margin-top: $spacing-sm;
+    }
+}
diff --git a/frontend/src/styles/components/_env-vars.less b/frontend/src/styles/components/_env-vars.scss
similarity index 55%
rename from frontend/src/styles/components/_env-vars.less
rename to frontend/src/styles/components/_env-vars.scss
index 08f1068e..131d751c 100644
--- a/frontend/src/styles/components/_env-vars.less
+++ b/frontend/src/styles/components/_env-vars.scss
@@ -7,7 +7,7 @@
         display: flex;
         justify-content: space-between;
         align-items: center;
-        margin-bottom: @space-4;
+        margin-bottom: $space-4;
 
         h3 {
             margin: 0;
@@ -15,35 +15,35 @@
 
         .header-actions {
             display: flex;
-            gap: @space-2;
+            gap: $space-2;
         }
     }
 
     .hint {
-        color: @text-tertiary;
-        font-size: @font-size-sm;
-        margin-bottom: @space-6;
+        color: $text-tertiary;
+        font-size: $font-size-sm;
+        margin-bottom: $space-6;
     }
 }
 
 // Add new variable form
 .env-add-form {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    padding: @space-4;
-    margin-bottom: @space-6;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    padding: $space-4;
+    margin-bottom: $space-6;
 
     .env-form-row {
         display: flex;
-        gap: @space-2;
-        margin-bottom: @space-2;
+        gap: $space-2;
+        margin-bottom: $space-2;
     }
 
     .env-key-input {
         width: 200px;
         flex-shrink: 0;
-        font-family: @font-mono;
+        font-family: $font-mono;
         text-transform: uppercase;
     }
 
@@ -57,11 +57,11 @@
         justify-content: center;
         width: 40px;
         height: 40px;
-        background: @bg-hover;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-sm;
+        background: $bg-hover;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-sm;
         cursor: pointer;
-        color: @text-tertiary;
+        color: $text-tertiary;
         transition: all 0.2s;
 
         input {
@@ -69,28 +69,28 @@
         }
 
         &:hover {
-            border-color: @accent-primary;
-            color: @accent-primary;
+            border-color: $accent-primary;
+            color: $accent-primary;
         }
 
         &:has(input:checked) {
-            background: fade(@accent-primary-raw, 20%);
-            border-color: @accent-primary;
-            color: @accent-primary;
+            background: fade($accent-primary-raw, 20%);
+            border-color: $accent-primary;
+            color: $accent-primary;
         }
     }
 
     .env-description-input {
         width: 100%;
-        font-size: @font-size-sm;
-        color: @text-secondary;
+        font-size: $font-size-sm;
+        color: $text-secondary;
     }
 }
 
 // Filter
 .env-filter {
     position: relative;
-    margin-bottom: @space-4;
+    margin-bottom: $space-4;
 
     input {
         width: 100%;
@@ -104,13 +104,13 @@
         transform: translateY(-50%);
         background: none;
         border: none;
-        color: @text-tertiary;
+        color: $text-tertiary;
         cursor: pointer;
         font-size: 18px;
         padding: 4px 8px;
 
         &:hover {
-            color: @text-primary;
+            color: $text-primary;
         }
     }
 }
@@ -119,47 +119,47 @@
 .env-list {
     display: flex;
     flex-direction: column;
-    gap: @space-2;
+    gap: $space-2;
 }
 
 .env-item {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    padding: @space-4;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    padding: $space-4;
     transition: border-color 0.2s;
 
     &:hover {
-        border-color: @border-active;
+        border-color: $border-active;
     }
 
     &.is-secret {
-        border-left: 3px solid @warning;
+        border-left: 3px solid $warning;
     }
 
     .env-item-header {
         display: flex;
         justify-content: space-between;
         align-items: center;
-        margin-bottom: @space-1;
+        margin-bottom: $space-1;
     }
 
     .env-key {
-        font-family: @font-mono;
+        font-family: $font-mono;
         font-weight: 600;
-        color: @text-primary;
+        color: $text-primary;
         display: flex;
         align-items: center;
-        gap: @space-1;
+        gap: $space-1;
 
         .secret-badge {
-            color: @warning;
+            color: $warning;
         }
     }
 
     .env-item-actions {
         display: flex;
-        gap: @space-1;
+        gap: $space-1;
         opacity: 0;
         transition: opacity 0.2s;
     }
@@ -169,28 +169,28 @@
     }
 
     .env-value {
-        font-family: @font-mono;
-        font-size: @font-size-sm;
-        color: @text-secondary;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
+        color: $text-secondary;
         word-break: break-all;
-        padding: @space-1 0;
+        padding: $space-1 0;
     }
 
     .env-description {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-        margin-top: @space-1;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        margin-top: $space-1;
         font-style: italic;
     }
 
     .env-edit-row {
         display: flex;
-        gap: @space-2;
-        margin-top: @space-2;
+        gap: $space-2;
+        margin-top: $space-2;
 
         input {
             flex: 1;
-            font-family: @font-mono;
+            font-family: $font-mono;
         }
     }
 }
@@ -203,30 +203,30 @@
     height: 28px;
     background: transparent;
     border: none;
-    border-radius: @radius-sm;
-    color: @text-tertiary;
+    border-radius: $radius-sm;
+    color: $text-tertiary;
     cursor: pointer;
     transition: all 0.2s;
 
     &:hover {
-        background: @bg-hover;
-        color: @text-primary;
+        background: $bg-hover;
+        color: $text-primary;
     }
 
     &.btn-danger:hover {
-        background: fade(@danger, 20%);
-        color: @danger;
+        background: fade($danger, 20%);
+        color: $danger;
     }
 }
 
 // Empty state
 .env-empty {
     text-align: center;
-    padding: @space-8;
-    color: @text-tertiary;
-    background: @bg-card;
-    border: 1px dashed @border-subtle;
-    border-radius: @radius-md;
+    padding: $space-8;
+    color: $text-tertiary;
+    background: $bg-card;
+    border: 1px dashed $border-subtle;
+    border-radius: $radius-md;
 }
 
 // Footer
@@ -234,34 +234,34 @@
     display: flex;
     justify-content: space-between;
     align-items: center;
-    margin-top: @space-6;
-    padding-top: @space-4;
-    border-top: 1px solid @border-subtle;
+    margin-top: $space-6;
+    padding-top: $space-4;
+    border-top: 1px solid $border-subtle;
 
     .env-count {
-        color: @text-tertiary;
-        font-size: @font-size-sm;
+        color: $text-tertiary;
+        font-size: $font-size-sm;
     }
 }
 
 // Import modal specific
 .import-file-upload {
-    margin-bottom: @space-4;
+    margin-bottom: $space-4;
 }
 
 .import-textarea {
     width: 100%;
-    font-family: @font-mono;
-    font-size: @font-size-sm;
-    background: @bg-body;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-sm;
-    padding: @space-4;
+    font-family: $font-mono;
+    font-size: $font-size-sm;
+    background: $bg-body;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-sm;
+    padding: $space-4;
     resize: vertical;
     min-height: 200px;
 
     &::placeholder {
-        color: @text-tertiary;
+        color: $text-tertiary;
     }
 }
 
diff --git a/frontend/src/styles/components/_forms.less b/frontend/src/styles/components/_forms.less
deleted file mode 100644
index c07d1d3e..00000000
--- a/frontend/src/styles/components/_forms.less
+++ /dev/null
@@ -1,128 +0,0 @@
-// ============================================
-// FORM COMPONENTS
-// ============================================
-
-.form-group {
-    margin-bottom: @space-5;
-
-    label {
-        display: block;
-        font-size: @font-size-sm + 1;
-        font-weight: @font-weight-medium;
-        color: @text-secondary;
-        margin-bottom: @space-2;
-    }
-
-    input,
-    select,
-    textarea {
-        .input-base();
-    }
-
-    select {
-        cursor: pointer;
-        appearance: none;
-        background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' viewBox='0 0 12 12'%3E%3Cpath fill='%2371717a' d='M6 8L1 3h10z'/%3E%3C/svg%3E");
-        background-repeat: no-repeat;
-        background-position: right @space-4 center;
-        padding-right: @space-10;
-    }
-
-    textarea {
-        font-family: @font-mono;
-        resize: vertical;
-        min-height: 120px;
-    }
-}
-
-// Two column form row
-.form-row {
-    display: grid;
-    grid-template-columns: 1fr 1fr;
-    gap: @space-4;
-
-    @media (max-width: @breakpoint-md) {
-        grid-template-columns: 1fr;
-    }
-}
-
-// Inline form (input + button)
-.install-form,
-.env-form,
-.command-input {
-    display: flex;
-    gap: @space-3;
-    margin-bottom: @space-6;
-
-    input {
-        flex: 1;
-        .input-base();
-    }
-}
-
-// Hint text
-.hint {
-    color: @text-tertiary;
-    font-size: @font-size-sm + 1;
-    margin-bottom: @space-4;
-}
-
-// Error message
-.error-message {
-    background: @danger-bg;
-    border: 1px solid @danger-border;
-    color: @danger;
-    padding: @space-3 @space-4;
-    border-radius: @radius-lg;
-    margin-bottom: @space-5;
-    font-size: @font-size-sm + 1;
-}
-
-.error-banner {
-    background: @danger-bg;
-    border: 1px solid @danger-border;
-    color: @danger;
-    padding: @space-3 @space-4;
-    border-radius: @radius-lg;
-    margin-bottom: @space-6;
-}
-
-// Filter toggle (checkbox)
-.filter-toggle {
-    .flex-start();
-    gap: @space-2;
-
-    label {
-        .flex-start();
-        gap: @space-2;
-        color: @text-secondary;
-        font-size: @font-size-sm + 1;
-        cursor: pointer;
-    }
-
-    input[type="checkbox"] {
-        width: 16px;
-        height: 16px;
-        accent-color: @accent-primary;
-    }
-}
-
-// Code editor textarea
-.code-editor {
-    width: 100%;
-    min-height: 400px;
-    padding: @space-4;
-    background: @bg-body;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    color: @text-primary;
-    font-family: @font-mono;
-    font-size: @font-size-sm + 1;
-    line-height: @line-height-relaxed;
-    resize: vertical;
-    .transition(border-color);
-
-    &:focus {
-        border-color: @accent-primary;
-    }
-}
diff --git a/frontend/src/styles/components/_forms.scss b/frontend/src/styles/components/_forms.scss
new file mode 100644
index 00000000..e8957f6e
--- /dev/null
+++ b/frontend/src/styles/components/_forms.scss
@@ -0,0 +1,143 @@
+// ============================================
+// FORM COMPONENTS
+// ============================================
+
+.form-group {
+    margin-bottom: $space-5;
+
+    label {
+        display: block;
+        font-size: $font-size-sm + 1;
+        font-weight: $font-weight-medium;
+        color: $text-secondary;
+        margin-bottom: $space-2;
+    }
+
+    input,
+    select,
+    textarea {
+        @include input-base();
+    }
+
+    select {
+        cursor: pointer;
+        appearance: none;
+        background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' viewBox='0 0 12 12'%3E%3Cpath fill='%2371717a' d='M6 8L1 3h10z'/%3E%3C/svg%3E");
+        background-repeat: no-repeat;
+        background-position: right $space-4 center;
+        padding-right: $space-10;
+    }
+
+    textarea {
+        font-family: $font-mono;
+        resize: vertical;
+        min-height: 120px;
+    }
+}
+
+// Two column form row
+.form-row {
+    display: grid;
+    grid-template-columns: 1fr 1fr;
+    gap: $space-4;
+
+    @media (max-width: $breakpoint-md) {
+        grid-template-columns: 1fr;
+    }
+}
+
+// Inline form (input + button)
+.install-form,
+.env-form,
+.command-input {
+    display: flex;
+    gap: $space-3;
+    margin-bottom: $space-6;
+
+    input {
+        flex: 1;
+        @include input-base();
+    }
+}
+
+// Hint text
+.hint {
+    color: $text-tertiary;
+    font-size: $font-size-sm + 1;
+    margin-bottom: $space-4;
+}
+
+// Error message
+.error-message {
+    background: $danger-bg;
+    border: 1px solid $danger-border;
+    color: $danger;
+    padding: $space-3 $space-4;
+    border-radius: $radius-lg;
+    margin-bottom: $space-5;
+    font-size: $font-size-sm + 1;
+}
+
+.error-banner {
+    background: $danger-bg;
+    border: 1px solid $danger-border;
+    color: $danger;
+    padding: $space-3 $space-4;
+    border-radius: $radius-lg;
+    margin-bottom: $space-6;
+}
+
+// Filter toggle (checkbox)
+.filter-toggle {
+    @include flex-start();
+    gap: $space-2;
+
+    label {
+        @include flex-start();
+        gap: $space-2;
+        color: $text-secondary;
+        font-size: $font-size-sm + 1;
+        cursor: pointer;
+    }
+
+    input[type="checkbox"] {
+        width: 16px;
+        height: 16px;
+        accent-color: $accent-primary;
+    }
+}
+
+// Standalone form elements (used outside .form-group)
+.form-input {
+    @include input-base();
+}
+
+.form-select {
+    @include input-base();
+    cursor: pointer;
+    appearance: none;
+    background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' viewBox='0 0 12 12'%3E%3Cpath fill='%2371717a' d='M6 8L1 3h10z'/%3E%3C/svg%3E");
+    background-repeat: no-repeat;
+    background-position: right $space-4 center;
+    padding-right: $space-10;
+}
+
+// Code editor textarea
+.code-editor {
+    width: 100%;
+    min-height: 400px;
+    padding: $space-4;
+    background: $bg-body;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    color: $text-primary;
+    font-family: $font-mono;
+    font-size: $font-size-sm + 1;
+    line-height: $line-height-relaxed;
+    resize: vertical;
+    @include transition(border-color);
+
+    &:focus {
+        border-color: $accent-primary;
+    }
+}
diff --git a/frontend/src/styles/components/_linked-apps.less b/frontend/src/styles/components/_linked-apps.less
deleted file mode 100644
index 14f539ff..00000000
--- a/frontend/src/styles/components/_linked-apps.less
+++ /dev/null
@@ -1,369 +0,0 @@
-// ============================================
-// LINKED APPS SECTION
-// ============================================
-
-.linked-apps-section {
-    margin-top: @space-4;
-}
-
-.linked-apps-header {
-    display: flex;
-    align-items: center;
-    justify-content: space-between;
-    margin-bottom: @space-4;
-
-    h3 {
-        display: flex;
-        align-items: center;
-        gap: @space-2;
-        margin: 0;
-        font-size: @font-size-base;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-    }
-}
-
-.linked-apps-content {
-    display: flex;
-    flex-direction: column;
-    gap: @space-4;
-}
-
-.current-environment {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-    padding: @space-3;
-    background: @bg-hover;
-    border-radius: @radius-md;
-
-    .env-label {
-        font-size: @font-size-sm;
-        color: @text-secondary;
-    }
-}
-
-.linked-apps-divider {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-    color: @text-tertiary;
-    font-size: @font-size-sm;
-
-    &::before,
-    &::after {
-        content: '';
-        flex: 1;
-        height: 1px;
-        background: @border-subtle;
-    }
-}
-
-.linked-apps-list {
-    display: flex;
-    flex-direction: column;
-    gap: @space-3;
-}
-
-.linked-app-item {
-    display: flex;
-    align-items: center;
-    justify-content: space-between;
-    padding: @space-3;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    transition: border-color @transition-fast;
-
-    &:hover {
-        border-color: @border-default;
-    }
-}
-
-.linked-app-info {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-}
-
-.linked-app-icon {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    width: 36px;
-    height: 36px;
-    background: @accent-glow;
-    color: @accent-primary;
-    border-radius: @radius-md;
-}
-
-.linked-app-details {
-    display: flex;
-    flex-direction: column;
-    gap: @space-1;
-}
-
-.linked-app-name {
-    font-weight: @font-weight-medium;
-    color: @text-primary;
-}
-
-.linked-app-meta {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    font-size: @font-size-sm;
-}
-
-.linked-app-port {
-    color: @text-tertiary;
-    font-family: @font-mono;
-    font-size: @font-size-xs;
-}
-
-.linked-app-actions {
-    display: flex;
-    gap: @space-2;
-}
-
-.linked-apps-empty,
-.linked-apps-info {
-    padding: @space-4;
-    text-align: center;
-    background: @bg-hover;
-    border-radius: @radius-md;
-
-    p {
-        margin: 0 0 @space-3;
-        color: @text-secondary;
-        font-size: @font-size-sm;
-    }
-
-    .btn {
-        margin-top: @space-2;
-    }
-}
-
-.linked-apps-info p {
-    margin: 0;
-}
-
-// Shared config info
-.shared-config-info {
-    padding: @space-3;
-    background: fade(@accent-primary-raw, 10%);
-    border: 1px solid fade(@accent-primary-raw, 20%);
-    border-radius: @radius-md;
-}
-
-.shared-config-badge {
-    display: inline-flex;
-    align-items: center;
-    gap: @space-1;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    color: @accent-primary;
-    margin-bottom: @space-2;
-}
-
-.shared-config-details {
-    display: flex;
-    flex-wrap: wrap;
-    gap: @space-3;
-    font-size: @font-size-xs;
-    color: @text-secondary;
-    font-family: @font-mono;
-
-    span {
-        background: @bg-card;
-        padding: @space-1 @space-2;
-        border-radius: @radius-sm;
-    }
-}
-
-// ============================================
-// LINK APP MODAL
-// ============================================
-
-.link-app-modal {
-    max-width: 500px;
-
-    .modal-header h2 {
-        display: flex;
-        align-items: center;
-        gap: @space-2;
-    }
-}
-
-.link-app-current {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    padding: @space-3;
-    background: @bg-hover;
-    border-radius: @radius-md;
-    margin-bottom: @space-4;
-
-    .link-app-label {
-        color: @text-tertiary;
-        font-size: @font-size-sm;
-    }
-
-    .link-app-name {
-        font-weight: @font-weight-medium;
-        color: @text-primary;
-    }
-}
-
-.link-app-empty {
-    text-align: center;
-    padding: @space-6;
-
-    svg {
-        color: @text-tertiary;
-        margin-bottom: @space-3;
-    }
-
-    h3 {
-        margin: 0 0 @space-2;
-        font-size: @font-size-lg;
-    }
-
-    p {
-        color: @text-secondary;
-        font-size: @font-size-sm;
-        margin-bottom: @space-4;
-    }
-}
-
-.env-radio-group {
-    display: flex;
-    gap: @space-2;
-}
-
-.env-radio-option {
-    flex: 1;
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    gap: @space-2;
-    padding: @space-3;
-    background: @bg-card;
-    border: 2px solid @border-subtle;
-    border-radius: @radius-md;
-    cursor: pointer;
-    transition: all @transition-fast;
-
-    input {
-        display: none;
-    }
-
-    &:hover {
-        border-color: @border-default;
-    }
-
-    &.selected {
-        border-color: @accent-primary;
-        background: @accent-glow;
-    }
-
-    .env-radio-label {
-        font-size: @font-size-xs;
-        color: @text-secondary;
-    }
-}
-
-.link-preview {
-    margin: @space-4 0;
-    padding: @space-4;
-    background: @bg-hover;
-    border-radius: @radius-md;
-}
-
-.link-preview-title {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-    text-transform: uppercase;
-    letter-spacing: 0.5px;
-    margin-bottom: @space-3;
-}
-
-.link-preview-diagram {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    gap: @space-4;
-}
-
-.link-preview-app {
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    gap: @space-2;
-    padding: @space-3;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    min-width: 120px;
-}
-
-.link-preview-name {
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    color: @text-primary;
-}
-
-.link-preview-connector {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    width: 32px;
-    height: 32px;
-    background: @accent-glow;
-    color: @accent-primary;
-    border-radius: 50%;
-}
-
-.modal-loading {
-    padding: @space-6;
-    text-align: center;
-    color: @text-secondary;
-}
-
-// Small status badge variant
-.status-badge-sm {
-    display: inline-flex;
-    align-items: center;
-    gap: 4px;
-    padding: 2px 8px;
-    border-radius: @radius-full;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-medium;
-
-    .status-dot {
-        width: 6px;
-        height: 6px;
-        border-radius: 50%;
-        background: currentColor;
-    }
-
-    &.status-active {
-        background: @success-bg;
-        color: @success;
-    }
-
-    &.status-stopped {
-        background: fade(@text-tertiary-raw, 10%);
-        color: @text-tertiary;
-    }
-
-    &.status-error {
-        background: @danger-bg;
-        color: @danger;
-    }
-
-    &.status-warning {
-        background: @warning-bg;
-        color: @warning;
-    }
-}
diff --git a/frontend/src/styles/components/_linked-apps.scss b/frontend/src/styles/components/_linked-apps.scss
new file mode 100644
index 00000000..64d9ee13
--- /dev/null
+++ b/frontend/src/styles/components/_linked-apps.scss
@@ -0,0 +1,369 @@
+// ============================================
+// LINKED APPS SECTION
+// ============================================
+
+.linked-apps-section {
+    margin-top: $space-4;
+}
+
+.linked-apps-header {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    margin-bottom: $space-4;
+
+    h3 {
+        display: flex;
+        align-items: center;
+        gap: $space-2;
+        margin: 0;
+        font-size: $font-size-base;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+    }
+}
+
+.linked-apps-content {
+    display: flex;
+    flex-direction: column;
+    gap: $space-4;
+}
+
+.current-environment {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+    padding: $space-3;
+    background: $bg-hover;
+    border-radius: $radius-md;
+
+    .env-label {
+        font-size: $font-size-sm;
+        color: $text-secondary;
+    }
+}
+
+.linked-apps-divider {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
+
+    &::before,
+    &::after {
+        content: '';
+        flex: 1;
+        height: 1px;
+        background: $border-subtle;
+    }
+}
+
+.linked-apps-list {
+    display: flex;
+    flex-direction: column;
+    gap: $space-3;
+}
+
+.linked-app-item {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    padding: $space-3;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    transition: border-color $transition-fast;
+
+    &:hover {
+        border-color: $border-default;
+    }
+}
+
+.linked-app-info {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+}
+
+.linked-app-icon {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    width: 36px;
+    height: 36px;
+    background: $accent-glow;
+    color: $accent-primary;
+    border-radius: $radius-md;
+}
+
+.linked-app-details {
+    display: flex;
+    flex-direction: column;
+    gap: $space-1;
+}
+
+.linked-app-name {
+    font-weight: $font-weight-medium;
+    color: $text-primary;
+}
+
+.linked-app-meta {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    font-size: $font-size-sm;
+}
+
+.linked-app-port {
+    color: $text-tertiary;
+    font-family: $font-mono;
+    font-size: $font-size-xs;
+}
+
+.linked-app-actions {
+    display: flex;
+    gap: $space-2;
+}
+
+.linked-apps-empty,
+.linked-apps-info {
+    padding: $space-4;
+    text-align: center;
+    background: $bg-hover;
+    border-radius: $radius-md;
+
+    p {
+        margin: 0 0 $space-3;
+        color: $text-secondary;
+        font-size: $font-size-sm;
+    }
+
+    .btn {
+        margin-top: $space-2;
+    }
+}
+
+.linked-apps-info p {
+    margin: 0;
+}
+
+// Shared config info
+.shared-config-info {
+    padding: $space-3;
+    background: fade($accent-primary-raw, 10%);
+    border: 1px solid fade($accent-primary-raw, 20%);
+    border-radius: $radius-md;
+}
+
+.shared-config-badge {
+    display: inline-flex;
+    align-items: center;
+    gap: $space-1;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    color: $accent-primary;
+    margin-bottom: $space-2;
+}
+
+.shared-config-details {
+    display: flex;
+    flex-wrap: wrap;
+    gap: $space-3;
+    font-size: $font-size-xs;
+    color: $text-secondary;
+    font-family: $font-mono;
+
+    span {
+        background: $bg-card;
+        padding: $space-1 $space-2;
+        border-radius: $radius-sm;
+    }
+}
+
+// ============================================
+// LINK APP MODAL
+// ============================================
+
+.link-app-modal {
+    max-width: 500px;
+
+    .modal-header h2 {
+        display: flex;
+        align-items: center;
+        gap: $space-2;
+    }
+}
+
+.link-app-current {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    padding: $space-3;
+    background: $bg-hover;
+    border-radius: $radius-md;
+    margin-bottom: $space-4;
+
+    .link-app-label {
+        color: $text-tertiary;
+        font-size: $font-size-sm;
+    }
+
+    .link-app-name {
+        font-weight: $font-weight-medium;
+        color: $text-primary;
+    }
+}
+
+.link-app-empty {
+    text-align: center;
+    padding: $space-6;
+
+    svg {
+        color: $text-tertiary;
+        margin-bottom: $space-3;
+    }
+
+    h3 {
+        margin: 0 0 $space-2;
+        font-size: $font-size-lg;
+    }
+
+    p {
+        color: $text-secondary;
+        font-size: $font-size-sm;
+        margin-bottom: $space-4;
+    }
+}
+
+.env-radio-group {
+    display: flex;
+    gap: $space-2;
+}
+
+.env-radio-option {
+    flex: 1;
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: $space-2;
+    padding: $space-3;
+    background: $bg-card;
+    border: 2px solid $border-subtle;
+    border-radius: $radius-md;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    input {
+        display: none;
+    }
+
+    &:hover {
+        border-color: $border-default;
+    }
+
+    &.selected {
+        border-color: $accent-primary;
+        background: $accent-glow;
+    }
+
+    .env-radio-label {
+        font-size: $font-size-xs;
+        color: $text-secondary;
+    }
+}
+
+.link-preview {
+    margin: $space-4 0;
+    padding: $space-4;
+    background: $bg-hover;
+    border-radius: $radius-md;
+}
+
+.link-preview-title {
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+    text-transform: uppercase;
+    letter-spacing: 0.5px;
+    margin-bottom: $space-3;
+}
+
+.link-preview-diagram {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    gap: $space-4;
+}
+
+.link-preview-app {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: $space-2;
+    padding: $space-3;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    min-width: 120px;
+}
+
+.link-preview-name {
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    color: $text-primary;
+}
+
+.link-preview-connector {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    width: 32px;
+    height: 32px;
+    background: $accent-glow;
+    color: $accent-primary;
+    border-radius: 50%;
+}
+
+.modal-loading {
+    padding: $space-6;
+    text-align: center;
+    color: $text-secondary;
+}
+
+// Small status badge variant
+.status-badge-sm {
+    display: inline-flex;
+    align-items: center;
+    gap: 4px;
+    padding: 2px 8px;
+    border-radius: $radius-full;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-medium;
+
+    .status-dot {
+        width: 6px;
+        height: 6px;
+        border-radius: 50%;
+        background: currentColor;
+    }
+
+    &.status-active {
+        background: $success-bg;
+        color: $success;
+    }
+
+    &.status-stopped {
+        background: fade($text-tertiary-raw, 10%);
+        color: $text-tertiary;
+    }
+
+    &.status-error {
+        background: $danger-bg;
+        color: $danger;
+    }
+
+    &.status-warning {
+        background: $warning-bg;
+        color: $warning;
+    }
+}
diff --git a/frontend/src/styles/components/_lists.less b/frontend/src/styles/components/_lists.less
deleted file mode 100644
index 42dd1846..00000000
--- a/frontend/src/styles/components/_lists.less
+++ /dev/null
@@ -1,182 +0,0 @@
-// ============================================
-// LIST COMPONENTS
-// ============================================
-
-// Base list
-.list-base {
-    .flex-column-gap(@space-2);
-}
-
-// Info list (key-value pairs)
-.info-list {
-    .flex-column-gap(@space-3);
-}
-
-.info-item {
-    .flex-between();
-    padding: @space-2 0;
-    border-bottom: 1px solid @border-subtle;
-
-    &:last-child {
-        border-bottom: none;
-    }
-}
-
-.info-label {
-    color: @text-tertiary;
-    font-size: @font-size-sm + 1;
-}
-
-.info-value {
-    color: @text-primary;
-    font-weight: @font-weight-medium;
-
-    &.mono {
-        .mono-text();
-    }
-}
-
-// Packages list
-.packages-list {
-    .flex-column-gap(@space-2);
-}
-
-.package-item {
-    .flex-between();
-    padding: @space-3 @space-4;
-    .card-base();
-}
-
-.package-name {
-    font-weight: @font-weight-medium;
-}
-
-.package-version {
-    color: @text-tertiary;
-    .mono-text();
-}
-
-// Environment variables list
-.env-list {
-    .flex-column-gap(@space-2);
-}
-
-.env-item {
-    display: flex;
-    align-items: center;
-    gap: @space-4;
-    padding: @space-3 @space-4;
-    .card-base();
-}
-
-.env-key {
-    font-weight: @font-weight-semibold;
-    .mono-text();
-    color: @accent-primary;
-    min-width: 150px;
-}
-
-.env-value {
-    flex: 1;
-    .mono-text();
-    color: @text-secondary;
-    word-break: break-all;
-}
-
-// Plugins/Themes list
-.plugins-list,
-.themes-list {
-    .flex-column-gap(@space-2);
-}
-
-.plugin-item,
-.theme-item {
-    .flex-between();
-    padding: @space-4;
-    .card-base();
-
-    &.active {
-        border-color: @success;
-        background: fade(@success, 5%);
-    }
-}
-
-.plugin-info,
-.theme-info {
-    .flex-start();
-    gap: @space-3;
-}
-
-.plugin-name,
-.theme-name {
-    font-weight: @font-weight-medium;
-}
-
-.plugin-version,
-.theme-version {
-    color: @text-tertiary;
-    font-size: @font-size-sm;
-}
-
-// Backups list
-.backups-list {
-    .flex-column-gap(@space-2);
-}
-
-.backup-item {
-    .flex-between();
-    padding: @space-4;
-    .card-base();
-}
-
-.backup-info {
-    .flex-start();
-    gap: @space-5;
-}
-
-.backup-name {
-    font-weight: @font-weight-medium;
-    .mono-text();
-}
-
-.backup-size,
-.backup-date {
-    color: @text-tertiary;
-    font-size: @font-size-sm + 1;
-}
-
-// Domains list
-.domains-list {
-    .flex-column-gap(@space-2);
-}
-
-.domain-item {
-    .flex-start();
-    gap: @space-2;
-
-    a {
-        color: @accent-primary;
-        .transition(color);
-
-        &:hover {
-            text-decoration: underline;
-        }
-    }
-}
-
-// Tables list (for database tables)
-.tables-list {
-    display: flex;
-    flex-wrap: wrap;
-    gap: @space-2;
-}
-
-// Privileges list
-.privileges-list {
-    display: flex;
-    flex-wrap: wrap;
-    gap: @space-2 - 2;
-    margin-top: @space-2;
-    padding-top: @space-2;
-    border-top: 1px solid @border-subtle;
-}
diff --git a/frontend/src/styles/components/_lists.scss b/frontend/src/styles/components/_lists.scss
new file mode 100644
index 00000000..93abfbbc
--- /dev/null
+++ b/frontend/src/styles/components/_lists.scss
@@ -0,0 +1,182 @@
+// ============================================
+// LIST COMPONENTS
+// ============================================
+
+// Base list
+.list-base {
+    @include flex-column-gap($space-2);
+}
+
+// Info list (key-value pairs)
+.info-list {
+    @include flex-column-gap($space-3);
+}
+
+.info-item {
+    @include flex-between();
+    padding: $space-2 0;
+    border-bottom: 1px solid $border-subtle;
+
+    &:last-child {
+        border-bottom: none;
+    }
+}
+
+.info-label {
+    color: $text-tertiary;
+    font-size: $font-size-sm + 1;
+}
+
+.info-value {
+    color: $text-primary;
+    font-weight: $font-weight-medium;
+
+    &.mono {
+        @include mono-text();
+    }
+}
+
+// Packages list
+.packages-list {
+    @include flex-column-gap($space-2);
+}
+
+.package-item {
+    @include flex-between();
+    padding: $space-3 $space-4;
+    @include card-base();
+}
+
+.package-name {
+    font-weight: $font-weight-medium;
+}
+
+.package-version {
+    color: $text-tertiary;
+    @include mono-text();
+}
+
+// Environment variables list
+.env-list {
+    @include flex-column-gap($space-2);
+}
+
+.env-item {
+    display: flex;
+    align-items: center;
+    gap: $space-4;
+    padding: $space-3 $space-4;
+    @include card-base();
+}
+
+.env-key {
+    font-weight: $font-weight-semibold;
+    @include mono-text();
+    color: $accent-primary;
+    min-width: 150px;
+}
+
+.env-value {
+    flex: 1;
+    @include mono-text();
+    color: $text-secondary;
+    word-break: break-all;
+}
+
+// Plugins/Themes list
+.plugins-list,
+.themes-list {
+    @include flex-column-gap($space-2);
+}
+
+.plugin-item,
+.theme-item {
+    @include flex-between();
+    padding: $space-4;
+    @include card-base();
+
+    &.active {
+        border-color: $success;
+        background: fade($success, 5%);
+    }
+}
+
+.plugin-info,
+.theme-info {
+    @include flex-start();
+    gap: $space-3;
+}
+
+.plugin-name,
+.theme-name {
+    font-weight: $font-weight-medium;
+}
+
+.plugin-version,
+.theme-version {
+    color: $text-tertiary;
+    font-size: $font-size-sm;
+}
+
+// Backups list
+.backups-list {
+    @include flex-column-gap($space-2);
+}
+
+.backup-item {
+    @include flex-between();
+    padding: $space-4;
+    @include card-base();
+}
+
+.backup-info {
+    @include flex-start();
+    gap: $space-5;
+}
+
+.backup-name {
+    font-weight: $font-weight-medium;
+    @include mono-text();
+}
+
+.backup-size,
+.backup-date {
+    color: $text-tertiary;
+    font-size: $font-size-sm + 1;
+}
+
+// Domains list
+.domains-list {
+    @include flex-column-gap($space-2);
+}
+
+.domain-item {
+    @include flex-start();
+    gap: $space-2;
+
+    a {
+        color: $accent-primary;
+        @include transition(color);
+
+        &:hover {
+            text-decoration: underline;
+        }
+    }
+}
+
+// Tables list (for database tables)
+.tables-list {
+    display: flex;
+    flex-wrap: wrap;
+    gap: $space-2;
+}
+
+// Privileges list
+.privileges-list {
+    display: flex;
+    flex-wrap: wrap;
+    gap: $space-2 - 2;
+    margin-top: $space-2;
+    padding-top: $space-2;
+    border-top: 1px solid $border-subtle;
+}
diff --git a/frontend/src/styles/components/_logs.less b/frontend/src/styles/components/_logs.less
deleted file mode 100644
index 1ff82c89..00000000
--- a/frontend/src/styles/components/_logs.less
+++ /dev/null
@@ -1,58 +0,0 @@
-// ============================================
-// LOGS & COMMAND OUTPUT COMPONENTS
-// ============================================
-
-// Log viewer
-.log-viewer {
-    .code-block();
-    max-height: 500px;
-    overflow-y: auto;
-    line-height: @line-height-normal;
-}
-
-// Log controls
-.log-controls {
-    .flex-start();
-    gap: @space-3;
-
-    select {
-        padding: @space-2 @space-3;
-        background: @bg-body;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-md;
-        color: @text-primary;
-        font-size: @font-size-sm + 1;
-    }
-}
-
-// Command output
-.command-output {
-    background: @bg-body;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-4;
-    margin-top: @space-5;
-
-    pre {
-        .mono-text();
-        white-space: pre-wrap;
-        word-break: break-all;
-        color: @text-primary;
-    }
-
-    &.error {
-        border-color: @danger;
-    }
-
-    .stderr {
-        color: @danger;
-    }
-}
-
-// Quick commands
-.quick-commands {
-    display: flex;
-    flex-wrap: wrap;
-    gap: @space-2;
-    margin-bottom: @space-5;
-}
diff --git a/frontend/src/styles/components/_logs.scss b/frontend/src/styles/components/_logs.scss
new file mode 100644
index 00000000..59ea256d
--- /dev/null
+++ b/frontend/src/styles/components/_logs.scss
@@ -0,0 +1,58 @@
+// ============================================
+// LOGS & COMMAND OUTPUT COMPONENTS
+// ============================================
+
+// Log viewer
+.log-viewer {
+    @include code-block();
+    max-height: 500px;
+    overflow-y: auto;
+    line-height: $line-height-normal;
+}
+
+// Log controls
+.log-controls {
+    @include flex-start();
+    gap: $space-3;
+
+    select {
+        padding: $space-2 $space-3;
+        background: $bg-body;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-md;
+        color: $text-primary;
+        font-size: $font-size-sm + 1;
+    }
+}
+
+// Command output
+.command-output {
+    background: $bg-body;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-4;
+    margin-top: $space-5;
+
+    pre {
+        @include mono-text();
+        white-space: pre-wrap;
+        word-break: break-all;
+        color: $text-primary;
+    }
+
+    &.error {
+        border-color: $danger;
+    }
+
+    .stderr {
+        color: $danger;
+    }
+}
+
+// Quick commands
+.quick-commands {
+    display: flex;
+    flex-wrap: wrap;
+    gap: $space-2;
+    margin-bottom: $space-5;
+}
diff --git a/frontend/src/styles/components/_metrics-graph.less b/frontend/src/styles/components/_metrics-graph.scss
similarity index 61%
rename from frontend/src/styles/components/_metrics-graph.less
rename to frontend/src/styles/components/_metrics-graph.scss
index 5511c1dc..9691ac78 100644
--- a/frontend/src/styles/components/_metrics-graph.less
+++ b/frontend/src/styles/components/_metrics-graph.scss
@@ -3,11 +3,11 @@
 // ============================================
 
 .metrics-graph-card {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-xl;
-    padding: @space-6;
-    margin-bottom: @space-6;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-xl;
+    padding: $space-6;
+    margin-bottom: $space-6;
 
     &.loading,
     &.error,
@@ -16,17 +16,17 @@
         flex-direction: column;
         align-items: center;
         justify-content: center;
-        gap: @space-3;
+        gap: $space-3;
         min-height: 200px;
-        color: @text-tertiary;
+        color: $text-tertiary;
 
         .muted {
-            font-size: @font-size-sm;
+            font-size: $font-size-sm;
         }
     }
 
     &.error {
-        color: @danger;
+        color: $danger;
     }
 }
 
@@ -34,63 +34,63 @@
     display: flex;
     align-items: center;
     justify-content: space-between;
-    margin-bottom: @space-5;
+    margin-bottom: $space-5;
 }
 
 .graph-title {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    font-size: @font-size-base;
-    font-weight: @font-weight-semibold;
-    color: @text-primary;
+    gap: $space-2;
+    font-size: $font-size-base;
+    font-weight: $font-weight-semibold;
+    color: $text-primary;
 }
 
 // Summary Row
 .metrics-summary-row {
     display: flex;
-    gap: @space-6;
-    padding: @space-4;
-    background: @bg-hover;
-    border-radius: @radius-lg;
-    margin-bottom: @space-5;
+    gap: $space-6;
+    padding: $space-4;
+    background: $bg-hover;
+    border-radius: $radius-lg;
+    margin-bottom: $space-5;
 }
 
 .summary-stat {
     display: flex;
     align-items: center;
-    gap: @space-3;
+    gap: $space-3;
 
     svg {
-        color: @text-tertiary;
+        color: $text-tertiary;
     }
 
     .stat-label {
         display: block;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
         text-transform: uppercase;
         letter-spacing: 0.5px;
     }
 
     .stat-value {
         display: block;
-        font-size: @font-size-lg;
-        font-weight: @font-weight-bold;
-        font-family: @font-mono;
-        color: @text-primary;
+        font-size: $font-size-lg;
+        font-weight: $font-weight-bold;
+        font-family: $font-mono;
+        color: $text-primary;
     }
 }
 
 // Chart Container
 .metrics-chart-container {
-    margin-bottom: @space-4;
+    margin-bottom: $space-4;
     background: linear-gradient(180deg, var(--bg-hover) 0%, transparent 100%);
-    border-radius: @radius-lg;
-    padding: @space-2 0;
+    border-radius: $radius-lg;
+    padding: $space-2 0;
 
     &.compact {
-        margin-bottom: @space-3;
+        margin-bottom: $space-3;
         background: transparent;
         padding: 0;
     }
@@ -125,27 +125,27 @@
 .metrics-tooltip {
     background: rgba(24, 24, 27, 0.95);
     backdrop-filter: blur(8px);
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-3 @space-4;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-3 $space-4;
     box-shadow: 0 8px 32px rgba(0, 0, 0, 0.4);
     min-width: 140px;
 
     .tooltip-time {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-        margin-bottom: @space-2;
-        padding-bottom: @space-2;
-        border-bottom: 1px solid @border-subtle;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        margin-bottom: $space-2;
+        padding-bottom: $space-2;
+        border-bottom: 1px solid $border-subtle;
         text-align: center;
     }
 
     .tooltip-row {
         display: flex;
         align-items: center;
-        gap: @space-2;
-        font-size: @font-size-sm;
-        padding: @space-1 0;
+        gap: $space-2;
+        font-size: $font-size-sm;
+        padding: $space-1 0;
     }
 
     .tooltip-dot {
@@ -156,13 +156,13 @@
     }
 
     .tooltip-label {
-        color: @text-secondary;
+        color: $text-secondary;
         flex: 1;
     }
 
     .tooltip-value {
-        font-family: @font-mono;
-        font-weight: @font-weight-bold;
+        font-family: $font-mono;
+        font-weight: $font-weight-bold;
         min-width: 48px;
         text-align: right;
     }
@@ -172,27 +172,27 @@
 .metrics-filter-legend {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    background: @bg-hover;
+    gap: $space-2;
+    background: $bg-hover;
     padding: 4px;
-    border-radius: @radius-md;
-    border: 1px solid @border-subtle;
+    border-radius: $radius-md;
+    border: 1px solid $border-subtle;
 }
 
 .filter-btn {
     background: transparent;
     border: 1px solid transparent;
-    color: @text-tertiary;
+    color: $text-tertiary;
     padding: 6px 12px;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-semibold;
-    border-radius: @radius-sm;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-semibold;
+    border-radius: $radius-sm;
     cursor: pointer;
-    transition: all @transition-fast;
+    transition: all $transition-fast;
     text-transform: uppercase;
 
     &:hover {
-        color: @text-primary;
+        color: $text-primary;
     }
 
     &.active {
@@ -216,7 +216,7 @@
     // Disk - Orange
     &.disk.active {
         background: rgba(245, 158, 11, 0.1);
-        color: #f59e0b;
+        color: $warning;
         border-color: rgba(245, 158, 11, 0.3);
     }
 }
@@ -226,25 +226,25 @@
     display: flex;
     align-items: center;
     justify-content: center;
-    gap: @space-8;
-    padding-top: @space-4;
-    margin-top: @space-2;
-    border-top: 1px solid @border-subtle;
+    gap: $space-8;
+    padding-top: $space-4;
+    margin-top: $space-2;
+    border-top: 1px solid $border-subtle;
 }
 
 .legend-item {
     display: flex;
     align-items: center;
-    gap: @space-3;
-    font-size: @font-size-sm;
-    color: @text-secondary;
-    padding: @space-1 @space-3;
-    border-radius: @radius-full;
-    transition: @transition-fast;
+    gap: $space-3;
+    font-size: $font-size-sm;
+    color: $text-secondary;
+    padding: $space-1 $space-3;
+    border-radius: $radius-full;
+    transition: $transition-fast;
 
     &:hover {
-        background: @bg-hover;
-        color: @text-primary;
+        background: $bg-hover;
+        color: $text-primary;
     }
 }
 
@@ -277,24 +277,24 @@
     }
 
     &.disk {
-        background: #f59e0b;
+        background: $warning;
         box-shadow: 0 0 8px rgba(245, 158, 11, 0.5);
     }
 }
 
 // Compact Version
 .metrics-graph-compact {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-xl;
-    padding: @space-4;
-    margin-bottom: @space-6;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-xl;
+    padding: $space-4;
+    margin-bottom: $space-6;
 
     .metrics-graph-header {
-        margin-bottom: @space-3;
+        margin-bottom: $space-3;
 
         .graph-title {
-            font-size: @font-size-sm;
+            font-size: $font-size-sm;
         }
     }
 }
@@ -303,24 +303,24 @@
     display: flex;
     align-items: center;
     justify-content: center;
-    gap: @space-5;
-    padding-top: @space-3;
-    border-top: 1px solid @border-subtle;
+    gap: $space-5;
+    padding-top: $space-3;
+    border-top: 1px solid $border-subtle;
 
     .summary-item {
         display: flex;
         align-items: center;
-        gap: @space-2;
-        font-size: @font-size-sm;
-        color: @text-secondary;
+        gap: $space-2;
+        font-size: $font-size-sm;
+        color: $text-secondary;
 
         svg {
-            color: @text-tertiary;
+            color: $text-tertiary;
         }
 
         span {
-            font-family: @font-mono;
-            font-weight: @font-weight-medium;
+            font-family: $font-mono;
+            font-weight: $font-weight-medium;
         }
     }
 }
@@ -328,42 +328,42 @@
 // Recharts Overrides
 .recharts-cartesian-grid-horizontal line,
 .recharts-cartesian-grid-vertical line {
-    stroke: @border-subtle;
+    stroke: $border-subtle;
     opacity: 0.5;
 }
 
 .recharts-text {
-    fill: @text-secondary;
+    fill: $text-secondary;
 }
 
 
 .recharts-tooltip-cursor {
-    stroke: @text-tertiary;
+    stroke: $text-tertiary;
     stroke-dasharray: 4 4;
 }
 
 // Responsive
-@media (max-width: @breakpoint-md) {
+@media (max-width: $breakpoint-md) {
     .metrics-summary-row {
         flex-wrap: wrap;
-        gap: @space-4;
+        gap: $space-4;
     }
 
     .summary-stat {
-        flex: 1 1 calc(50% - @space-2);
+        flex: 1 1 calc(50% - $space-2);
         min-width: 140px;
     }
 
     .metrics-legend {
         flex-wrap: wrap;
-        gap: @space-3;
+        gap: $space-3;
     }
 }
 
-@media (max-width: @breakpoint-sm) {
+@media (max-width: $breakpoint-sm) {
     .metrics-graph-header {
         flex-direction: column;
-        gap: @space-3;
+        gap: $space-3;
         align-items: flex-start;
     }
 
diff --git a/frontend/src/styles/components/_modals.less b/frontend/src/styles/components/_modals.less
deleted file mode 100644
index df6e3309..00000000
--- a/frontend/src/styles/components/_modals.less
+++ /dev/null
@@ -1,182 +0,0 @@
-// ============================================
-// MODAL COMPONENTS
-// ============================================
-
-.modal-overlay {
-    position: fixed;
-    inset: 0;
-    background: rgba(0, 0, 0, 0.7);
-    .flex-center();
-    z-index: @z-modal-backdrop;
-    padding: @space-5;
-    backdrop-filter: blur(4px);
-}
-
-.modal {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-2xl;
-    width: 100%;
-    max-width: 560px;
-    max-height: 90vh;
-    overflow-y: auto;
-    .custom-scrollbar();
-}
-
-.modal-lg {
-    max-width: 800px;
-}
-
-.modal-header {
-    .flex-between();
-    padding: @space-6;
-    border-bottom: 1px solid @border-subtle;
-
-    h2 {
-        font-size: @font-size-lg;
-        font-weight: @font-weight-semibold;
-    }
-}
-
-.modal-close {
-    background: none;
-    border: none;
-    color: @text-tertiary;
-    font-size: @font-size-2xl;
-    cursor: pointer;
-    line-height: 1;
-    padding: @space-1;
-    .transition(color);
-
-    &:hover {
-        color: @text-primary;
-    }
-}
-
-.modal-body {
-    padding: @space-6;
-    max-height: 60vh;
-    overflow-y: auto;
-    .custom-scrollbar();
-}
-
-.modal form {
-    padding: @space-6;
-}
-
-.modal-actions {
-    display: flex;
-    gap: @space-3;
-    justify-content: flex-end;
-    margin-top: @space-6;
-    padding-top: @space-6;
-    border-top: 1px solid @border-subtle;
-}
-
-.modal-footer {
-    display: flex;
-    gap: @space-3;
-    justify-content: flex-end;
-    padding: @space-4 @space-6;
-    border-top: 1px solid @border-subtle;
-}
-
-// Type selection grid (used in create app modal)
-.app-type-grid {
-    display: grid;
-    grid-template-columns: repeat(auto-fit, minmax(160px, 1fr));
-    gap: @space-4;
-    padding: @space-6;
-}
-
-.app-type-card {
-    background: @bg-body;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-xl;
-    padding: @space-6;
-    text-align: center;
-    cursor: pointer;
-    .transition();
-
-    &:hover {
-        border-color: @accent-primary;
-        background: @bg-hover;
-    }
-}
-
-.app-type-icon {
-    .icon-box(48px);
-    border-radius: @radius-xl;
-    font-size: @font-size-xl;
-    font-weight: @font-weight-bold;
-    color: white;
-    margin: 0 auto @space-4;
-}
-
-.app-type-card h3 {
-    font-size: @font-size-base;
-    font-weight: @font-weight-semibold;
-    margin-bottom: @space-1;
-    color: @text-primary;
-}
-
-.app-type-card p {
-    font-size: @font-size-sm;
-    color: @text-tertiary;
-    line-height: @line-height-normal;
-}
-
-// Confirmation Dialog
-.confirm-dialog {
-    max-width: 400px;
-    text-align: center;
-}
-
-.confirm-dialog-content {
-    padding: @space-8 @space-6 @space-6;
-}
-
-.confirm-dialog-icon {
-    .icon-box(64px);
-    border-radius: 50%;
-    margin: 0 auto @space-4;
-
-    svg {
-        width: 32px;
-        height: 32px;
-    }
-
-    &-danger {
-        background: fade(@danger, 15%);
-        color: @danger;
-    }
-
-    &-warning {
-        background: fade(@warning, 15%);
-        color: @warning;
-    }
-
-    &-info {
-        background: fade(@accent-primary-raw, 15%);
-        color: @accent-primary;
-    }
-}
-
-.confirm-dialog-title {
-    font-size: @font-size-lg;
-    font-weight: @font-weight-semibold;
-    margin-bottom: @space-2;
-}
-
-.confirm-dialog-message {
-    font-size: @font-size-sm;
-    color: @text-secondary;
-    line-height: @line-height-relaxed;
-}
-
-.confirm-dialog-actions {
-    display: flex;
-    gap: @space-3;
-    justify-content: center;
-    padding: @space-4 @space-6 @space-6;
-}
diff --git a/frontend/src/styles/components/_modals.scss b/frontend/src/styles/components/_modals.scss
new file mode 100644
index 00000000..cb15c747
--- /dev/null
+++ b/frontend/src/styles/components/_modals.scss
@@ -0,0 +1,182 @@
+// ============================================
+// MODAL COMPONENTS
+// ============================================
+
+.modal-overlay {
+    position: fixed;
+    inset: 0;
+    background: rgba(0, 0, 0, 0.7);
+    @include flex-center();
+    z-index: $z-modal-backdrop;
+    padding: $space-5;
+    backdrop-filter: blur(4px);
+}
+
+.modal {
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-2xl;
+    width: 100%;
+    max-width: 560px;
+    max-height: 90vh;
+    overflow-y: auto;
+    @include custom-scrollbar();
+}
+
+.modal-lg {
+    max-width: 800px;
+}
+
+.modal-header {
+    @include flex-between();
+    padding: $space-6;
+    border-bottom: 1px solid $border-subtle;
+
+    h2 {
+        font-size: $font-size-lg;
+        font-weight: $font-weight-semibold;
+    }
+}
+
+.modal-close {
+    background: none;
+    border: none;
+    color: $text-tertiary;
+    font-size: $font-size-2xl;
+    cursor: pointer;
+    line-height: 1;
+    padding: $space-1;
+    @include transition(color);
+
+    &:hover {
+        color: $text-primary;
+    }
+}
+
+.modal-body {
+    padding: $space-6;
+    max-height: 60vh;
+    overflow-y: auto;
+    @include custom-scrollbar();
+}
+
+.modal form {
+    padding: $space-6;
+}
+
+.modal-actions {
+    display: flex;
+    gap: $space-3;
+    justify-content: flex-end;
+    margin-top: $space-6;
+    padding-top: $space-6;
+    border-top: 1px solid $border-subtle;
+}
+
+.modal-footer {
+    display: flex;
+    gap: $space-3;
+    justify-content: flex-end;
+    padding: $space-4 $space-6;
+    border-top: 1px solid $border-subtle;
+}
+
+// Type selection grid (used in create app modal)
+.app-type-grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fit, minmax(160px, 1fr));
+    gap: $space-4;
+    padding: $space-6;
+}
+
+.app-type-card {
+    background: $bg-body;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-xl;
+    padding: $space-6;
+    text-align: center;
+    cursor: pointer;
+    @include transition();
+
+    &:hover {
+        border-color: $accent-primary;
+        background: $bg-hover;
+    }
+}
+
+.app-type-icon {
+    @include icon-box(48px);
+    border-radius: $radius-xl;
+    font-size: $font-size-xl;
+    font-weight: $font-weight-bold;
+    color: white;
+    margin: 0 auto $space-4;
+}
+
+.app-type-card h3 {
+    font-size: $font-size-base;
+    font-weight: $font-weight-semibold;
+    margin-bottom: $space-1;
+    color: $text-primary;
+}
+
+.app-type-card p {
+    font-size: $font-size-sm;
+    color: $text-tertiary;
+    line-height: $line-height-normal;
+}
+
+// Confirmation Dialog
+.confirm-dialog {
+    max-width: 400px;
+    text-align: center;
+}
+
+.confirm-dialog-content {
+    padding: $space-8 $space-6 $space-6;
+}
+
+.confirm-dialog-icon {
+    @include icon-box(64px);
+    border-radius: 50%;
+    margin: 0 auto $space-4;
+
+    svg {
+        width: 32px;
+        height: 32px;
+    }
+
+    &-danger {
+        background: fade($danger, 15%);
+        color: $danger;
+    }
+
+    &-warning {
+        background: fade($warning, 15%);
+        color: $warning;
+    }
+
+    &-info {
+        background: fade($accent-primary-raw, 15%);
+        color: $accent-primary;
+    }
+}
+
+.confirm-dialog-title {
+    font-size: $font-size-lg;
+    font-weight: $font-weight-semibold;
+    margin-bottom: $space-2;
+}
+
+.confirm-dialog-message {
+    font-size: $font-size-sm;
+    color: $text-secondary;
+    line-height: $line-height-relaxed;
+}
+
+.confirm-dialog-actions {
+    display: flex;
+    gap: $space-3;
+    justify-content: center;
+    padding: $space-4 $space-6 $space-6;
+}
diff --git a/frontend/src/styles/components/_notifications.less b/frontend/src/styles/components/_notifications.scss
similarity index 51%
rename from frontend/src/styles/components/_notifications.less
rename to frontend/src/styles/components/_notifications.scss
index 0e86e8f1..6fc4e563 100644
--- a/frontend/src/styles/components/_notifications.less
+++ b/frontend/src/styles/components/_notifications.scss
@@ -5,43 +5,43 @@
 // Notification Tabs
 .notification-tabs {
     display: flex;
-    gap: @space-2;
-    margin-bottom: @space-6;
-    padding-bottom: @space-4;
-    border-bottom: 1px solid @border-subtle;
+    gap: $space-2;
+    margin-bottom: $space-6;
+    padding-bottom: $space-4;
+    border-bottom: 1px solid $border-subtle;
 }
 
 .notification-tab {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    padding: @space-3 @space-4;
+    gap: $space-2;
+    padding: $space-3 $space-4;
     background: transparent;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    color: @text-secondary;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    color: $text-secondary;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
     cursor: pointer;
-    transition: all @transition-fast;
+    transition: all $transition-fast;
 
     svg {
         stroke-width: 2;
     }
 
     &:hover {
-        background: @bg-hover;
-        border-color: @border-default;
-        color: @text-primary;
+        background: $bg-hover;
+        border-color: $border-default;
+        color: $text-primary;
     }
 
     &.active {
-        background: @accent-glow;
-        border-color: @accent-primary;
-        color: @accent-primary;
+        background: $accent-glow;
+        border-color: $accent-primary;
+        color: $accent-primary;
 
         svg {
-            stroke: @accent-primary;
+            stroke: $accent-primary;
         }
     }
 }
@@ -50,48 +50,48 @@
 .user-notification-prefs {
     display: flex;
     flex-direction: column;
-    gap: @space-4;
+    gap: $space-4;
 }
 
 .channel-toggles,
 .category-toggles {
     display: flex;
     flex-wrap: wrap;
-    gap: @space-3;
+    gap: $space-3;
 }
 
 .channel-toggle,
 .category-toggle {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    padding: @space-2 @space-3;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
+    gap: $space-2;
+    padding: $space-2 $space-3;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
     cursor: pointer;
-    transition: all @transition-fast;
+    transition: all $transition-fast;
 
     input[type="checkbox"] {
-        accent-color: @accent-primary;
+        accent-color: $accent-primary;
     }
 
     span {
-        font-size: @font-size-sm;
-        color: @text-secondary;
+        font-size: $font-size-sm;
+        color: $text-secondary;
     }
 
     &:hover {
-        background: @bg-hover;
-        border-color: @border-default;
+        background: $bg-hover;
+        border-color: $border-default;
     }
 
     &:has(input:checked) {
-        background: @accent-glow;
-        border-color: fade(@accent-primary-raw, 40%);
+        background: $accent-glow;
+        border-color: fade($accent-primary-raw, 40%);
 
         span {
-            color: @text-primary;
+            color: $text-primary;
         }
     }
 }
@@ -99,31 +99,31 @@
 .notification-channels {
     display: flex;
     flex-direction: column;
-    gap: @space-4;
+    gap: $space-4;
 }
 
 .notification-channel-card {
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    background: @bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    background: $bg-card;
     overflow: hidden;
     transition: border-color 0.2s;
 
     &.enabled {
-        border-color: fade(@success, 40%);
+        border-color: fade($success, 40%);
     }
 }
 
 .channel-header {
     display: flex;
     align-items: center;
-    gap: @space-4;
-    padding: @space-4 @space-6;
+    gap: $space-4;
+    padding: $space-4 $space-6;
     cursor: pointer;
     transition: background 0.2s;
 
     &:hover {
-        background: @bg-hover;
+        background: $bg-hover;
     }
 }
 
@@ -133,16 +133,16 @@
     display: flex;
     align-items: center;
     justify-content: center;
-    background: @bg-hover;
-    border-radius: @radius-md;
+    background: $bg-hover;
+    border-radius: $radius-md;
     flex-shrink: 0;
 
     svg {
-        color: @text-secondary;
+        color: $text-secondary;
     }
 
     .notification-channel-card.enabled & svg {
-        color: @accent-primary;
+        color: $accent-primary;
     }
 }
 
@@ -151,25 +151,25 @@
     min-width: 0;
 
     h3 {
-        margin: 0 0 @space-1 0;
-        font-size: @font-size-md;
+        margin: 0 0 $space-1 0;
+        font-size: $font-size-md;
     }
 
     p {
         margin: 0;
-        color: @text-secondary;
-        font-size: @font-size-sm;
+        color: $text-secondary;
+        font-size: $font-size-sm;
     }
 }
 
 .channel-status {
     display: flex;
     align-items: center;
-    gap: @space-4;
+    gap: $space-4;
 }
 
 .expand-icon {
-    color: @text-tertiary;
+    color: $text-tertiary;
     transition: transform 0.2s;
 
     &.expanded {
@@ -178,9 +178,9 @@
 }
 
 .channel-config {
-    padding: @space-6;
-    border-top: 1px solid @border-subtle;
-    background: @bg-body;
+    padding: $space-6;
+    border-top: 1px solid $border-subtle;
+    background: $bg-body;
 }
 
 .toggle-switch-label {
@@ -196,7 +196,7 @@
 .form-row {
     display: grid;
     grid-template-columns: 1fr 1fr;
-    gap: @space-4;
+    gap: $space-4;
 
     @media (max-width: 600px) {
         grid-template-columns: 1fr;
@@ -206,47 +206,47 @@
 .severity-toggles {
     display: flex;
     flex-wrap: wrap;
-    gap: @space-2;
+    gap: $space-2;
 }
 
 .severity-toggle {
     display: flex;
     align-items: center;
-    gap: @space-1;
-    padding: @space-1 @space-2;
-    border-radius: @radius-sm;
-    background: @bg-hover;
+    gap: $space-1;
+    padding: $space-1 $space-2;
+    border-radius: $radius-sm;
+    background: $bg-hover;
     cursor: pointer;
     transition: all 0.2s;
-    font-size: @font-size-sm;
+    font-size: $font-size-sm;
 
     input {
         display: none;
     }
 
     span {
-        padding: 2px @space-1;
-        border-radius: @radius-sm;
+        padding: 2px $space-1;
+        border-radius: $radius-sm;
     }
 
     &.critical span {
-        background: fade(@danger, 20%);
-        color: @danger;
+        background: fade($danger, 20%);
+        color: $danger;
     }
 
     &.warning span {
-        background: fade(@warning, 20%);
-        color: @warning;
+        background: fade($warning, 20%);
+        color: $warning;
     }
 
     &.info span {
-        background: fade(@accent-primary-raw, 20%);
-        color: @accent-primary;
+        background: fade($accent-primary-raw, 20%);
+        color: $accent-primary;
     }
 
     &.success span {
-        background: fade(@success, 20%);
-        color: @success;
+        background: fade($success, 20%);
+        color: $success;
     }
 
     input:checked + span {
@@ -265,8 +265,8 @@
 .channel-actions {
     display: flex;
     justify-content: flex-end;
-    gap: @space-2;
-    margin-top: @space-6;
-    padding-top: @space-4;
-    border-top: 1px solid @border-subtle;
+    gap: $space-2;
+    margin-top: $space-6;
+    padding-top: $space-4;
+    border-top: 1px solid $border-subtle;
 }
diff --git a/frontend/src/styles/components/_private-url.less b/frontend/src/styles/components/_private-url.less
deleted file mode 100644
index f5f545a6..00000000
--- a/frontend/src/styles/components/_private-url.less
+++ /dev/null
@@ -1,158 +0,0 @@
-// ============================================
-// PRIVATE URL COMPONENT
-// ============================================
-
-.private-url-section {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    padding: @space-5;
-    margin-bottom: @space-5;
-
-    .section-header {
-        margin-bottom: @space-4;
-
-        h3 {
-            display: flex;
-            align-items: center;
-            gap: @space-2;
-            margin: 0;
-            font-size: @font-size-lg;
-            font-weight: 500;
-            color: @text-primary;
-
-            svg {
-                color: @accent-primary;
-            }
-        }
-    }
-}
-
-.private-url-disabled {
-    .hint {
-        color: @text-secondary;
-        font-size: @font-size-sm;
-        margin-bottom: @space-4;
-        line-height: 1.5;
-    }
-
-    .slug-hint {
-        color: @text-tertiary;
-        font-size: @font-size-xs;
-        margin-top: @space-2;
-    }
-}
-
-.private-url-form,
-.slug-edit-form {
-    display: flex;
-    gap: @space-3;
-    align-items: center;
-    flex-wrap: wrap;
-
-    .input-group {
-        display: flex;
-        align-items: center;
-        flex: 1;
-        min-width: 200px;
-    }
-
-    .input-prefix {
-        background: @bg-tertiary;
-        border: 1px solid @border-subtle;
-        border-right: none;
-        border-radius: @radius-sm 0 0 @radius-sm;
-        padding: @space-2 @space-3;
-        color: @text-tertiary;
-        font-family: @font-mono;
-        font-size: @font-size-sm;
-        height: 40px;
-        display: flex;
-        align-items: center;
-    }
-
-    .slug-input {
-        flex: 1;
-        border-radius: 0 @radius-sm @radius-sm 0;
-        font-family: @font-mono;
-        min-width: 150px;
-    }
-}
-
-.private-url-enabled {
-    .private-url-display {
-        background: fade(@success, 10%);
-        border: 1px solid fade(@success, 30%);
-        border-radius: @radius-md;
-        padding: @space-4;
-        margin-bottom: @space-4;
-    }
-
-    .url-box {
-        display: flex;
-        flex-direction: column;
-        gap: @space-2;
-        margin-bottom: @space-3;
-    }
-
-    .url-label {
-        color: @text-secondary;
-        font-size: @font-size-sm;
-    }
-
-    .url-value {
-        background: @bg-secondary;
-        padding: @space-2 @space-3;
-        border-radius: @radius-sm;
-        font-family: @font-mono;
-        font-size: @font-size-sm;
-        color: @text-primary;
-        word-break: break-all;
-        user-select: all;
-    }
-
-    .url-actions {
-        display: flex;
-        gap: @space-2;
-        flex-wrap: wrap;
-    }
-}
-
-.btn-link {
-    background: none;
-    border: none;
-    color: @accent-primary;
-    cursor: pointer;
-    padding: 0;
-    font-size: @font-size-sm;
-
-    &:hover {
-        text-decoration: underline;
-    }
-}
-
-.slug-edit-form {
-    margin-top: @space-4;
-    padding-top: @space-4;
-    border-top: 1px solid @border-subtle;
-}
-
-.private-url-footer {
-    margin-top: @space-4;
-    padding-top: @space-4;
-    border-top: 1px solid @border-subtle;
-}
-
-// Private URL indicator in app list
-.private-url-indicator {
-    display: inline-flex;
-    align-items: center;
-    gap: @space-1;
-    color: @success;
-    font-size: @font-size-sm;
-
-    svg {
-        width: 14px;
-        height: 14px;
-    }
-}
diff --git a/frontend/src/styles/components/_private-url.scss b/frontend/src/styles/components/_private-url.scss
new file mode 100644
index 00000000..00e29619
--- /dev/null
+++ b/frontend/src/styles/components/_private-url.scss
@@ -0,0 +1,158 @@
+// ============================================
+// PRIVATE URL COMPONENT
+// ============================================
+
+.private-url-section {
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    padding: $space-5;
+    margin-bottom: $space-5;
+
+    .section-header {
+        margin-bottom: $space-4;
+
+        h3 {
+            display: flex;
+            align-items: center;
+            gap: $space-2;
+            margin: 0;
+            font-size: $font-size-lg;
+            font-weight: 500;
+            color: $text-primary;
+
+            svg {
+                color: $accent-primary;
+            }
+        }
+    }
+}
+
+.private-url-disabled {
+    .hint {
+        color: $text-secondary;
+        font-size: $font-size-sm;
+        margin-bottom: $space-4;
+        line-height: 1.5;
+    }
+
+    .slug-hint {
+        color: $text-tertiary;
+        font-size: $font-size-xs;
+        margin-top: $space-2;
+    }
+}
+
+.private-url-form,
+.slug-edit-form {
+    display: flex;
+    gap: $space-3;
+    align-items: center;
+    flex-wrap: wrap;
+
+    .input-group {
+        display: flex;
+        align-items: center;
+        flex: 1;
+        min-width: 200px;
+    }
+
+    .input-prefix {
+        background: $bg-tertiary;
+        border: 1px solid $border-subtle;
+        border-right: none;
+        border-radius: $radius-sm 0 0 $radius-sm;
+        padding: $space-2 $space-3;
+        color: $text-tertiary;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
+        height: 40px;
+        display: flex;
+        align-items: center;
+    }
+
+    .slug-input {
+        flex: 1;
+        border-radius: 0 $radius-sm $radius-sm 0;
+        font-family: $font-mono;
+        min-width: 150px;
+    }
+}
+
+.private-url-enabled {
+    .private-url-display {
+        background: fade($success, 10%);
+        border: 1px solid fade($success, 30%);
+        border-radius: $radius-md;
+        padding: $space-4;
+        margin-bottom: $space-4;
+    }
+
+    .url-box {
+        display: flex;
+        flex-direction: column;
+        gap: $space-2;
+        margin-bottom: $space-3;
+    }
+
+    .url-label {
+        color: $text-secondary;
+        font-size: $font-size-sm;
+    }
+
+    .url-value {
+        background: $bg-secondary;
+        padding: $space-2 $space-3;
+        border-radius: $radius-sm;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
+        color: $text-primary;
+        word-break: break-all;
+        user-select: all;
+    }
+
+    .url-actions {
+        display: flex;
+        gap: $space-2;
+        flex-wrap: wrap;
+    }
+}
+
+.btn-link {
+    background: none;
+    border: none;
+    color: $accent-primary;
+    cursor: pointer;
+    padding: 0;
+    font-size: $font-size-sm;
+
+    &:hover {
+        text-decoration: underline;
+    }
+}
+
+.slug-edit-form {
+    margin-top: $space-4;
+    padding-top: $space-4;
+    border-top: 1px solid $border-subtle;
+}
+
+.private-url-footer {
+    margin-top: $space-4;
+    padding-top: $space-4;
+    border-top: 1px solid $border-subtle;
+}
+
+// Private URL indicator in app list
+.private-url-indicator {
+    display: inline-flex;
+    align-items: center;
+    gap: $space-1;
+    color: $success;
+    font-size: $font-size-sm;
+
+    svg {
+        width: 14px;
+        height: 14px;
+    }
+}
diff --git a/frontend/src/styles/components/_query-runner.less b/frontend/src/styles/components/_query-runner.scss
similarity index 53%
rename from frontend/src/styles/components/_query-runner.less
rename to frontend/src/styles/components/_query-runner.scss
index 92d819a2..8a80205a 100644
--- a/frontend/src/styles/components/_query-runner.less
+++ b/frontend/src/styles/components/_query-runner.scss
@@ -18,7 +18,7 @@
     max-height: 100%;
     display: flex;
     flex-direction: column;
-    background: @bg-body;
+    background: $bg-body;
     border-radius: 0;
     overflow: hidden;
 }
@@ -28,43 +28,43 @@
     display: flex;
     justify-content: space-between;
     align-items: center;
-    padding: @space-3 @space-4;
-    background: @bg-sidebar;
-    border-bottom: 1px solid @border-subtle;
+    padding: $space-3 $space-4;
+    background: $bg-sidebar;
+    border-bottom: 1px solid $border-subtle;
     flex-shrink: 0;
 }
 
 .query-runner-title {
     display: flex;
     align-items: center;
-    gap: @space-3;
-    font-size: @font-size-md;
-    font-weight: @font-weight-semibold;
-    color: @text-primary;
+    gap: $space-3;
+    font-size: $font-size-md;
+    font-weight: $font-weight-semibold;
+    color: $text-primary;
 
     svg {
-        color: @accent-primary;
+        color: $accent-primary;
     }
 
     .db-type-badge {
-        font-size: @font-size-xs;
-        padding: @space-1 @space-2;
-        border-radius: @radius-sm;
-        font-weight: @font-weight-medium;
+        font-size: $font-size-xs;
+        padding: $space-1 $space-2;
+        border-radius: $radius-sm;
+        font-weight: $font-weight-medium;
 
         &.mysql {
-            background: fade(@color-mysql, 15%);
-            color: @color-mysql;
+            background: fade($color-mysql, 15%);
+            color: $color-mysql;
         }
 
         &.postgresql {
-            background: fade(@color-postgresql, 15%);
-            color: @color-postgresql-secondary;
+            background: fade($color-postgresql, 15%);
+            color: $color-postgresql-secondary;
         }
 
         &.sqlite {
-            background: fade(@accent-primary-raw, 15%);
-            color: @accent-primary;
+            background: fade($accent-primary-raw, 15%);
+            color: $accent-primary;
         }
     }
 }
@@ -72,18 +72,18 @@
 .query-runner-actions {
     display: flex;
     align-items: center;
-    gap: @space-3;
+    gap: $space-3;
 
     .readonly-toggle {
         display: flex;
         align-items: center;
-        gap: @space-2;
-        font-size: @font-size-sm;
-        color: @text-secondary;
+        gap: $space-2;
+        font-size: $font-size-sm;
+        color: $text-secondary;
         cursor: pointer;
 
         input[type="checkbox"] {
-            accent-color: @warning;
+            accent-color: $warning;
         }
     }
 
@@ -95,15 +95,15 @@
         justify-content: center;
         background: transparent;
         border: none;
-        color: @text-secondary;
+        color: $text-secondary;
         font-size: 24px;
         cursor: pointer;
-        border-radius: @radius-md;
-        transition: all @transition-fast;
+        border-radius: $radius-md;
+        transition: all $transition-fast;
 
         &:hover {
-            background: @bg-hover;
-            color: @text-primary;
+            background: $bg-hover;
+            color: $text-primary;
         }
     }
 }
@@ -119,8 +119,8 @@
 .query-runner-sidebar {
     width: 260px;
     flex-shrink: 0;
-    background: @bg-sidebar;
-    border-right: 1px solid @border-subtle;
+    background: $bg-sidebar;
+    border-right: 1px solid $border-subtle;
     display: flex;
     flex-direction: column;
     overflow: hidden;
@@ -137,18 +137,18 @@
     }
 
     &:last-child {
-        border-top: 1px solid @border-subtle;
+        border-top: 1px solid $border-subtle;
         max-height: 40%;
     }
 
     h4 {
-        padding: @space-3 @space-4;
+        padding: $space-3 $space-4;
         margin: 0;
-        font-size: @font-size-sm;
-        font-weight: @font-weight-semibold;
-        color: @text-secondary;
-        background: @bg-card;
-        border-bottom: 1px solid @border-subtle;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-semibold;
+        color: $text-secondary;
+        background: $bg-card;
+        border-bottom: 1px solid $border-subtle;
         display: flex;
         align-items: center;
         justify-content: space-between;
@@ -162,14 +162,14 @@
             justify-content: center;
             background: transparent;
             border: none;
-            color: @text-secondary;
+            color: $text-secondary;
             cursor: pointer;
-            border-radius: @radius-sm;
-            transition: all @transition-fast;
+            border-radius: $radius-sm;
+            transition: all $transition-fast;
 
             &:hover {
-                background: @bg-hover;
-                color: @accent-primary;
+                background: $bg-hover;
+                color: $accent-primary;
             }
         }
     }
@@ -179,40 +179,40 @@
 .columns-list {
     flex: 1;
     overflow-y: auto;
-    padding: @space-2;
+    padding: $space-2;
 }
 
 .table-item {
     display: flex;
     align-items: center;
     justify-content: space-between;
-    padding: @space-2 @space-3;
-    border-radius: @radius-md;
+    padding: $space-2 $space-3;
+    border-radius: $radius-md;
     cursor: pointer;
-    transition: all @transition-fast;
+    transition: all $transition-fast;
 
     &:hover {
-        background: @bg-hover;
+        background: $bg-hover;
     }
 
     &.selected {
-        background: @accent-glow;
-        border: 1px solid fade(@accent-primary-raw, 30%);
+        background: $accent-glow;
+        border: 1px solid fade($accent-primary-raw, 30%);
     }
 
     .table-name {
-        font-size: @font-size-sm;
-        color: @text-primary;
+        font-size: $font-size-sm;
+        color: $text-primary;
         overflow: hidden;
         text-overflow: ellipsis;
         white-space: nowrap;
     }
 
     .table-rows {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
         flex-shrink: 0;
-        margin-left: @space-2;
+        margin-left: $space-2;
     }
 }
 
@@ -220,25 +220,25 @@
     display: flex;
     align-items: center;
     justify-content: space-between;
-    padding: @space-1 @space-3;
-    border-radius: @radius-sm;
+    padding: $space-1 $space-3;
+    border-radius: $radius-sm;
     cursor: pointer;
-    transition: all @transition-fast;
+    transition: all $transition-fast;
 
     &:hover {
-        background: @bg-hover;
+        background: $bg-hover;
     }
 
     .column-name {
-        font-size: @font-size-sm;
-        font-family: @font-mono;
-        color: @text-primary;
+        font-size: $font-size-sm;
+        font-family: $font-mono;
+        color: $text-primary;
     }
 
     .column-type {
-        font-size: @font-size-xs;
-        font-family: @font-mono;
-        color: @text-tertiary;
+        font-size: $font-size-xs;
+        font-family: $font-mono;
+        color: $text-tertiary;
     }
 }
 
@@ -248,37 +248,37 @@
     display: flex;
     flex-direction: column;
     overflow: hidden;
-    background: @bg-body;
+    background: $bg-body;
 }
 
 // Query editor
 .query-editor {
     flex-shrink: 0;
-    padding: @space-4;
-    border-bottom: 1px solid @border-subtle;
+    padding: $space-4;
+    border-bottom: 1px solid $border-subtle;
 
     textarea {
         width: 100%;
         height: 150px;
-        padding: @space-3;
-        font-family: @font-mono;
-        font-size: @font-size-sm;
-        line-height: @line-height-relaxed;
-        background: @bg-card;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-md;
-        color: @text-primary;
+        padding: $space-3;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
+        line-height: $line-height-relaxed;
+        background: $bg-card;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-md;
+        color: $text-primary;
         resize: vertical;
-        transition: border-color @transition-fast;
+        transition: border-color $transition-fast;
 
         &:focus {
             outline: none;
-            border-color: @accent-primary;
-            box-shadow: 0 0 0 3px @accent-glow;
+            border-color: $accent-primary;
+            box-shadow: 0 0 0 3px $accent-glow;
         }
 
         &::placeholder {
-            color: @text-tertiary;
+            color: $text-tertiary;
         }
     }
 }
@@ -287,23 +287,23 @@
     display: flex;
     justify-content: space-between;
     align-items: center;
-    margin-top: @space-3;
+    margin-top: $space-3;
 }
 
 .query-hints {
     display: flex;
     align-items: center;
-    gap: @space-2;
+    gap: $space-2;
 
     .hint {
         display: flex;
         align-items: center;
-        gap: @space-1;
-        font-size: @font-size-sm;
-        color: @text-tertiary;
+        gap: $space-1;
+        font-size: $font-size-sm;
+        color: $text-tertiary;
 
         svg {
-            color: @warning;
+            color: $warning;
         }
     }
 }
@@ -312,12 +312,12 @@
 .query-error {
     display: flex;
     align-items: flex-start;
-    gap: @space-2;
-    padding: @space-3 @space-4;
-    background: @danger-bg;
-    border-bottom: 1px solid @danger-border;
-    color: @danger;
-    font-size: @font-size-sm;
+    gap: $space-2;
+    padding: $space-3 $space-4;
+    background: $danger-bg;
+    border-bottom: 1px solid $danger-border;
+    color: $danger;
+    font-size: $font-size-sm;
 
     svg {
         flex-shrink: 0;
@@ -337,14 +337,14 @@
     display: flex;
     justify-content: space-between;
     align-items: center;
-    padding: @space-2 @space-4;
-    background: @bg-card;
-    border-bottom: 1px solid @border-subtle;
+    padding: $space-2 $space-4;
+    background: $bg-card;
+    border-bottom: 1px solid $border-subtle;
     flex-shrink: 0;
 
     .results-info {
-        font-size: @font-size-sm;
-        color: @text-secondary;
+        font-size: $font-size-sm;
+        color: $text-secondary;
     }
 }
 
@@ -357,12 +357,12 @@
 .results-table {
     width: 100%;
     border-collapse: collapse;
-    font-size: @font-size-sm;
+    font-size: $font-size-sm;
 
     th, td {
-        padding: @space-2 @space-3;
+        padding: $space-2 $space-3;
         text-align: left;
-        border-bottom: 1px solid @border-subtle;
+        border-bottom: 1px solid $border-subtle;
         white-space: nowrap;
         max-width: 300px;
         overflow: hidden;
@@ -372,41 +372,41 @@
     th {
         position: sticky;
         top: 0;
-        background: @bg-card;
-        font-weight: @font-weight-medium;
-        color: @text-secondary;
+        background: $bg-card;
+        font-weight: $font-weight-medium;
+        color: $text-secondary;
         cursor: pointer;
         user-select: none;
-        transition: background @transition-fast;
+        transition: background $transition-fast;
 
         &:hover {
-            background: @bg-hover;
+            background: $bg-hover;
         }
 
         &.sorted-asc,
         &.sorted-desc {
-            color: @accent-primary;
+            color: $accent-primary;
         }
 
         .sort-indicator {
-            font-size: @font-size-xs;
-            margin-left: @space-1;
+            font-size: $font-size-xs;
+            margin-left: $space-1;
         }
     }
 
     td {
-        font-family: @font-mono;
-        color: @text-primary;
+        font-family: $font-mono;
+        color: $text-primary;
 
         &.null-value {
-            color: @text-tertiary;
+            color: $text-tertiary;
             font-style: italic;
         }
     }
 
     tbody tr {
         &:hover {
-            background: fade(@bg-hover-raw, 50%);
+            background: fade($bg-hover-raw, 50%);
         }
     }
 }
@@ -418,14 +418,14 @@
     right: 0;
     width: 400px;
     max-height: calc(100% - 80px);
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    box-shadow: @shadow-lg;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    box-shadow: $shadow-lg;
     display: flex;
     flex-direction: column;
-    z-index: @z-modal;
-    margin: @space-4;
+    z-index: $z-modal;
+    margin: $space-4;
     overflow: hidden;
 }
 
@@ -433,51 +433,51 @@
     display: flex;
     justify-content: space-between;
     align-items: center;
-    padding: @space-3 @space-4;
-    border-bottom: 1px solid @border-subtle;
+    padding: $space-3 $space-4;
+    border-bottom: 1px solid $border-subtle;
 
     h4 {
         margin: 0;
-        font-size: @font-size-base;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
+        font-size: $font-size-base;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
     }
 }
 
 .history-list {
     flex: 1;
     overflow-y: auto;
-    padding: @space-2;
+    padding: $space-2;
 }
 
 .history-item {
-    padding: @space-3;
-    border-radius: @radius-md;
+    padding: $space-3;
+    border-radius: $radius-md;
     cursor: pointer;
-    transition: all @transition-fast;
+    transition: all $transition-fast;
 
     &:hover {
-        background: @bg-hover;
+        background: $bg-hover;
     }
 
     code {
         display: block;
-        font-family: @font-mono;
-        font-size: @font-size-sm;
-        color: @text-primary;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
+        color: $text-primary;
         white-space: nowrap;
         overflow: hidden;
         text-overflow: ellipsis;
-        margin-bottom: @space-1;
+        margin-bottom: $space-1;
     }
 
     .history-time {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
     }
 }
 
 // SQLite icon color
 .db-item-icon.sqlite {
-    color: @accent-primary;
+    color: $accent-primary;
 }
diff --git a/frontend/src/styles/components/_server-selector.scss b/frontend/src/styles/components/_server-selector.scss
new file mode 100644
index 00000000..8af15cab
--- /dev/null
+++ b/frontend/src/styles/components/_server-selector.scss
@@ -0,0 +1,41 @@
+// ============================================
+// SERVER SELECTOR — shared across Dashboard, Docker, etc.
+// ============================================
+
+.server-selector {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    padding: $space-2 $space-3;
+
+    svg {
+        color: $text-tertiary;
+        flex-shrink: 0;
+    }
+
+    select {
+        background: transparent;
+        border: none;
+        color: $text-primary;
+        font-size: $font-size-sm;
+        cursor: pointer;
+        padding-right: $space-4;
+        min-width: 140px;
+
+        &:focus {
+            outline: none;
+        }
+
+        option {
+            background: $bg-card;
+            color: $text-primary;
+        }
+
+        option:disabled {
+            color: $text-tertiary;
+        }
+    }
+}
diff --git a/frontend/src/styles/components/_services.less b/frontend/src/styles/components/_services.less
deleted file mode 100644
index 4b7ff8cf..00000000
--- a/frontend/src/styles/components/_services.less
+++ /dev/null
@@ -1,65 +0,0 @@
-// ============================================
-// SERVICES STATUS COMPONENTS
-// ============================================
-
-.services-grid {
-    display: flex;
-    flex-wrap: wrap;
-    gap: @space-3;
-    margin-bottom: @space-6;
-}
-
-.service-item {
-    .flex-start();
-    gap: @space-2;
-    padding: @space-2 @space-4;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    font-size: @font-size-sm + 1;
-}
-
-.service-dot {
-    width: 8px;
-    height: 8px;
-    border-radius: @radius-full;
-
-    &.running {
-        background: @success;
-        box-shadow: 0 0 8px @success;
-    }
-
-    &.stopped {
-        background: @text-tertiary;
-    }
-}
-
-.service-name {
-    font-weight: @font-weight-medium;
-    color: @text-primary;
-}
-
-.service-status {
-    color: @text-tertiary;
-    font-size: @font-size-sm;
-}
-
-// Live indicator (pulsing dot)
-.live-indicator {
-    color: @success;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-
-    &::before {
-        content: '';
-        display: inline-block;
-        .status-dot(@success);
-        margin-right: @space-1;
-        animation: pulse 2s infinite;
-    }
-}
-
-@keyframes pulse {
-    0%, 100% { opacity: 1; }
-    50% { opacity: 0.5; }
-}
diff --git a/frontend/src/styles/components/_services.scss b/frontend/src/styles/components/_services.scss
new file mode 100644
index 00000000..e515240d
--- /dev/null
+++ b/frontend/src/styles/components/_services.scss
@@ -0,0 +1,65 @@
+// ============================================
+// SERVICES STATUS COMPONENTS
+// ============================================
+
+.services-grid {
+    display: flex;
+    flex-wrap: wrap;
+    gap: $space-3;
+    margin-bottom: $space-6;
+}
+
+.service-item {
+    @include flex-start();
+    gap: $space-2;
+    padding: $space-2 $space-4;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    font-size: $font-size-sm + 1;
+}
+
+.service-dot {
+    width: 8px;
+    height: 8px;
+    border-radius: $radius-full;
+
+    &.running {
+        background: $success;
+        box-shadow: 0 0 8px $success;
+    }
+
+    &.stopped {
+        background: $text-tertiary;
+    }
+}
+
+.service-name {
+    font-weight: $font-weight-medium;
+    color: $text-primary;
+}
+
+.service-status {
+    color: $text-tertiary;
+    font-size: $font-size-sm;
+}
+
+// Live indicator (pulsing dot)
+.live-indicator {
+    color: $success;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+
+    &::before {
+        content: '';
+        display: inline-block;
+        @include status-dot($success);
+        margin-right: $space-1;
+        animation: pulse 2s infinite;
+    }
+}
+
+@keyframes pulse {
+    0%, 100% { opacity: 1; }
+    50% { opacity: 0.5; }
+}
diff --git a/frontend/src/styles/components/_spinner.less b/frontend/src/styles/components/_spinner.scss
similarity index 82%
rename from frontend/src/styles/components/_spinner.less
rename to frontend/src/styles/components/_spinner.scss
index 643f76b7..216a06eb 100644
--- a/frontend/src/styles/components/_spinner.less
+++ b/frontend/src/styles/components/_spinner.scss
@@ -44,8 +44,8 @@
 .spinner-ring {
     border-radius: 50%;
     border-style: solid;
-    border-color: fade(@accent-primary-raw, 30%);
-    border-top-color: @accent-primary;
+    border-color: fade($accent-primary-raw, 30%);
+    border-top-color: $accent-primary;
     animation: spinner-rotate 0.8s linear infinite;
 }
 
@@ -64,12 +64,12 @@
     flex-direction: column;
     align-items: center;
     justify-content: center;
-    gap: @space-3;
-    padding: @space-8;
-    color: @text-secondary;
+    gap: $space-3;
+    padding: $space-8;
+    color: $text-secondary;
 
     span {
-        font-size: @font-size-sm;
+        font-size: $font-size-sm;
     }
 }
 
@@ -86,8 +86,8 @@
         transform: translate(-50%, -50%);
 
         .spinner-ring {
-            border-color: @border-subtle;
-            border-top-color: @text-primary;
+            border-color: $border-subtle;
+            border-top-color: $text-primary;
         }
     }
 
@@ -97,8 +97,8 @@
     }
 
     &.btn-secondary .spinner .spinner-ring {
-        border-color: fade(@text-primary-raw, 30%);
-        border-top-color: @text-primary;
+        border-color: fade($text-primary-raw, 30%);
+        border-top-color: $text-primary;
     }
 
     &.btn-danger .spinner .spinner-ring {
diff --git a/frontend/src/styles/components/_status-badge.scss b/frontend/src/styles/components/_status-badge.scss
new file mode 100644
index 00000000..31a4e728
--- /dev/null
+++ b/frontend/src/styles/components/_status-badge.scss
@@ -0,0 +1,47 @@
+.status-badge {
+    display: inline-flex;
+    align-items: center;
+    gap: $spacing-xs;
+    padding: 2px $spacing-sm;
+    border-radius: $radius-full;
+    font-size: $font-size-xs + 1;
+    font-weight: $font-weight-medium;
+    line-height: 1.4;
+
+    &__dot {
+        width: 6px;
+        height: 6px;
+        border-radius: 50%;
+        flex-shrink: 0;
+    }
+
+    &--success {
+        background: rgba($success, 0.15);
+        color: $success;
+        .status-badge__dot { background: $success; }
+    }
+
+    &--danger {
+        background: rgba($danger, 0.15);
+        color: $danger;
+        .status-badge__dot { background: $danger; }
+    }
+
+    &--warning {
+        background: rgba($warning, 0.15);
+        color: $warning;
+        .status-badge__dot { background: $warning; }
+    }
+
+    &--info {
+        background: rgba($accent-primary-raw, 0.15);
+        color: $accent-primary;
+        .status-badge__dot { background: $accent-primary; }
+    }
+
+    &--muted {
+        background: $bg-hover;
+        color: $text-tertiary;
+        .status-badge__dot { background: $text-tertiary; }
+    }
+}
diff --git a/frontend/src/styles/components/_tabs.less b/frontend/src/styles/components/_tabs.less
deleted file mode 100644
index 34466a98..00000000
--- a/frontend/src/styles/components/_tabs.less
+++ /dev/null
@@ -1,44 +0,0 @@
-// ============================================
-// TAB COMPONENTS
-// ============================================
-
-.tabs {
-    display: flex;
-    gap: @space-2;
-    border-bottom: 1px solid @border-subtle;
-    margin-bottom: @space-6;
-    overflow-x: auto;
-    .custom-scrollbar();
-
-    @media (max-width: @breakpoint-md) {
-        overflow-x: auto;
-        -webkit-overflow-scrolling: touch;
-    }
-}
-
-.tab {
-    background: none;
-    border: none;
-    padding: @space-3 @space-5;
-    color: @text-secondary;
-    font-size: @font-size-base;
-    font-weight: @font-weight-medium;
-    cursor: pointer;
-    border-bottom: 2px solid transparent;
-    margin-bottom: -1px;
-    .transition();
-    white-space: nowrap;
-
-    &:hover {
-        color: @text-primary;
-    }
-
-    &.active {
-        color: @accent-primary;
-        border-bottom-color: @accent-primary;
-    }
-}
-
-.tab-content {
-    min-height: 400px;
-}
diff --git a/frontend/src/styles/components/_tabs.scss b/frontend/src/styles/components/_tabs.scss
new file mode 100644
index 00000000..1b577c0a
--- /dev/null
+++ b/frontend/src/styles/components/_tabs.scss
@@ -0,0 +1,115 @@
+// ============================================
+// TAB COMPONENTS
+// ============================================
+
+.tabs-container {
+    overflow: hidden;
+}
+
+.tabs {
+    display: flex;
+    gap: $space-2;
+    border-bottom: 1px solid $border-subtle;
+    margin-bottom: $space-6;
+    overflow-x: auto;
+    scrollbar-width: none;
+    @include custom-scrollbar();
+
+    &::-webkit-scrollbar {
+        display: none;
+    }
+
+    @media (max-width: $breakpoint-md) {
+        -webkit-overflow-scrolling: touch;
+    }
+}
+
+.tab {
+    display: inline-flex;
+    align-items: center;
+    gap: $space-2;
+    background: none;
+    border: none;
+    padding: $space-3 $space-5;
+    color: $text-secondary;
+    font-size: $font-size-base;
+    font-weight: $font-weight-medium;
+    cursor: pointer;
+    border-bottom: 2px solid transparent;
+    margin-bottom: -1px;
+    @include transition();
+    white-space: nowrap;
+
+    &:hover {
+        color: $text-primary;
+    }
+
+    &.active {
+        color: $accent-primary;
+        border-bottom-color: $accent-primary;
+    }
+}
+
+.tab-content {
+    min-height: 400px;
+}
+
+// tabs-nav variant (used by Servers, Domains, etc.)
+.tabs-nav {
+    display: flex;
+    gap: $space-1;
+    border-bottom: 1px solid $border-subtle;
+    margin-bottom: $space-6;
+
+    &.tabs-nav-scrollable {
+        overflow-x: auto;
+        scrollbar-width: none;
+
+        &::-webkit-scrollbar {
+            display: none;
+        }
+    }
+}
+
+.tab-btn {
+    display: inline-flex;
+    align-items: center;
+    gap: $space-2;
+    background: none;
+    border: none;
+    padding: $space-3 $space-5;
+    color: $text-secondary;
+    font-size: $font-size-base;
+    font-weight: $font-weight-medium;
+    cursor: pointer;
+    border-bottom: 2px solid transparent;
+    margin-bottom: -1px;
+    @include transition();
+    white-space: nowrap;
+
+    &:hover {
+        color: $text-primary;
+    }
+
+    &.active {
+        color: $accent-primary;
+        border-bottom-color: $accent-primary;
+    }
+}
+
+// Hide nested page headers when a page component is embedded as a tab
+.tab-embedded {
+    > .page-container > .page-header,
+    > .page-header,
+    > .top-bar,
+    > div > .page-header,
+    > div > .top-bar {
+        display: none;
+    }
+
+    > [class*="-page"] > .page-header,
+    > [class*="-page"] > header.top-bar,
+    > [class*="-page"] > .top-bar {
+        display: none;
+    }
+}
diff --git a/frontend/src/styles/components/_toasts.less b/frontend/src/styles/components/_toasts.scss
similarity index 56%
rename from frontend/src/styles/components/_toasts.less
rename to frontend/src/styles/components/_toasts.scss
index 53e4d648..3cbbd3e1 100644
--- a/frontend/src/styles/components/_toasts.less
+++ b/frontend/src/styles/components/_toasts.scss
@@ -4,12 +4,12 @@
 
 .toast-container {
     position: fixed;
-    top: @space-4;
-    right: @space-4;
+    top: $space-4;
+    right: $space-4;
     z-index: 9999;
     display: flex;
     flex-direction: column;
-    gap: @space-2;
+    gap: $space-2;
     max-width: 400px;
     pointer-events: none;
 }
@@ -17,12 +17,12 @@
 .toast {
     display: flex;
     align-items: flex-start;
-    gap: @space-3;
-    padding: @space-3 @space-4;
-    border-radius: @radius-md;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    box-shadow: @shadow-lg;
+    gap: $space-3;
+    padding: $space-3 $space-4;
+    border-radius: $radius-md;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    box-shadow: $shadow-lg;
     pointer-events: auto;
     animation: toast-slide-in 0.3s ease-out;
 
@@ -40,61 +40,61 @@
 
     &-message {
         flex: 1;
-        font-size: @font-size-sm;
+        font-size: $font-size-sm;
         line-height: 1.4;
-        color: @text-primary;
+        color: $text-primary;
     }
 
     &-dismiss {
         flex-shrink: 0;
         background: none;
         border: none;
-        padding: @space-1;
+        padding: $space-1;
         cursor: pointer;
-        color: @text-tertiary;
-        border-radius: @radius-sm;
-        .transition(all);
+        color: $text-tertiary;
+        border-radius: $radius-sm;
+        @include transition(all);
 
         &:hover {
-            color: @text-primary;
-            background: @bg-hover;
+            color: $text-primary;
+            background: $bg-hover;
         }
     }
 
     // Variants
     &-success {
-        border-color: fade(@success, 30%);
-        background: fade(@success, 10%);
+        border-color: fade($success, 30%);
+        background: fade($success, 10%);
 
         .toast-icon {
-            color: @success;
+            color: $success;
         }
     }
 
     &-error {
-        border-color: fade(@danger, 30%);
-        background: fade(@danger, 10%);
+        border-color: fade($danger, 30%);
+        background: fade($danger, 10%);
 
         .toast-icon {
-            color: @danger;
+            color: $danger;
         }
     }
 
     &-warning {
-        border-color: fade(@warning, 30%);
-        background: fade(@warning, 10%);
+        border-color: fade($warning, 30%);
+        background: fade($warning, 10%);
 
         .toast-icon {
-            color: @warning;
+            color: $warning;
         }
     }
 
     &-info {
-        border-color: fade(@accent-primary-raw, 30%);
-        background: fade(@accent-primary-raw, 10%);
+        border-color: fade($accent-primary-raw, 30%);
+        background: fade($accent-primary-raw, 10%);
 
         .toast-icon {
-            color: @accent-primary;
+            color: $accent-primary;
         }
     }
 }
diff --git a/frontend/src/styles/components/_two-factor.less b/frontend/src/styles/components/_two-factor.scss
similarity index 52%
rename from frontend/src/styles/components/_two-factor.less
rename to frontend/src/styles/components/_two-factor.scss
index 15da133d..087c4579 100644
--- a/frontend/src/styles/components/_two-factor.less
+++ b/frontend/src/styles/components/_two-factor.scss
@@ -6,8 +6,8 @@
 .totp-inputs {
     display: flex;
     justify-content: center;
-    gap: @space-2;
-    margin: @space-6 0;
+    gap: $space-2;
+    margin: $space-6 0;
 }
 
 .totp-input {
@@ -16,20 +16,20 @@
     font-size: 24px;
     font-weight: 600;
     text-align: center;
-    border: 2px solid @border-subtle;
-    border-radius: @radius-md;
-    background: @bg-card;
-    color: @text-primary;
+    border: 2px solid $border-subtle;
+    border-radius: $radius-md;
+    background: $bg-card;
+    color: $text-primary;
     transition: all 0.2s;
 
     &:focus {
-        border-color: @accent-primary;
+        border-color: $accent-primary;
         outline: none;
-        box-shadow: 0 0 0 3px fade(@accent-primary-raw, 20%);
+        box-shadow: 0 0 0 3px fade($accent-primary-raw, 20%);
     }
 
     &::placeholder {
-        color: @text-tertiary;
+        color: $text-tertiary;
     }
 }
 
@@ -38,16 +38,16 @@
     display: flex;
     flex-direction: column;
     align-items: center;
-    gap: @space-2;
-    margin-top: @space-6;
+    gap: $space-2;
+    margin-top: $space-6;
 }
 
 .link-button {
     background: none;
     border: none;
-    color: @accent-primary;
+    color: $accent-primary;
     cursor: pointer;
-    font-size: @font-size-sm;
+    font-size: $font-size-sm;
     padding: 0;
 
     &:hover {
@@ -57,16 +57,16 @@
 
 // 2FA Card in Settings
 .two-fa-card {
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-6;
-    margin-bottom: @space-6;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-6;
+    margin-bottom: $space-6;
 }
 
 .two-fa-header {
     display: flex;
-    gap: @space-4;
-    margin-bottom: @space-6;
+    gap: $space-4;
+    margin-bottom: $space-6;
 
     .two-fa-icon {
         width: 48px;
@@ -74,27 +74,27 @@
         display: flex;
         align-items: center;
         justify-content: center;
-        background: fade(@accent-primary-raw, 15%);
-        border-radius: @radius-md;
-        color: @accent-primary;
+        background: fade($accent-primary-raw, 15%);
+        border-radius: $radius-md;
+        color: $accent-primary;
         flex-shrink: 0;
     }
 
     h3 {
-        margin: 0 0 @space-1 0;
+        margin: 0 0 $space-1 0;
     }
 
     p {
         margin: 0;
-        color: @text-secondary;
-        font-size: @font-size-sm;
+        color: $text-secondary;
+        font-size: $font-size-sm;
     }
 }
 
 .two-fa-disabled {
     .two-fa-description {
-        color: @text-secondary;
-        margin-bottom: @space-4;
+        color: $text-secondary;
+        margin-bottom: $space-4;
     }
 }
 
@@ -102,33 +102,33 @@
     .two-fa-status {
         display: flex;
         align-items: center;
-        gap: @space-2;
-        margin-bottom: @space-4;
+        gap: $space-2;
+        margin-bottom: $space-4;
     }
 
     .two-fa-info {
-        color: @text-secondary;
-        font-size: @font-size-sm;
+        color: $text-secondary;
+        font-size: $font-size-sm;
     }
 
     .two-fa-backup-info {
-        background: @bg-hover;
-        padding: @space-2 @space-4;
-        border-radius: @radius-sm;
-        margin-bottom: @space-4;
+        background: $bg-hover;
+        padding: $space-2 $space-4;
+        border-radius: $radius-sm;
+        margin-bottom: $space-4;
         display: flex;
         flex-direction: column;
-        gap: @space-1;
+        gap: $space-1;
 
         .warning-text {
-            color: @warning;
-            font-size: @font-size-sm;
+            color: $warning;
+            font-size: $font-size-sm;
         }
     }
 
     .two-fa-actions {
         display: flex;
-        gap: @space-2;
+        gap: $space-2;
     }
 }
 
@@ -136,12 +136,12 @@
 .setup-steps {
     display: flex;
     flex-direction: column;
-    gap: @space-6;
+    gap: $space-6;
 }
 
 .setup-step {
     display: flex;
-    gap: @space-4;
+    gap: $space-4;
 
     .step-number {
         width: 28px;
@@ -149,11 +149,11 @@
         display: flex;
         align-items: center;
         justify-content: center;
-        background: @accent-primary;
+        background: $accent-primary;
         color: white;
         border-radius: 50%;
         font-weight: 600;
-        font-size: @font-size-sm;
+        font-size: $font-size-sm;
         flex-shrink: 0;
     }
 
@@ -161,13 +161,13 @@
         flex: 1;
 
         h4 {
-            margin: 0 0 @space-1 0;
+            margin: 0 0 $space-1 0;
         }
 
         p {
-            color: @text-secondary;
-            margin: 0 0 @space-4 0;
-            font-size: @font-size-sm;
+            color: $text-secondary;
+            margin: 0 0 $space-4 0;
+            font-size: $font-size-sm;
         }
     }
 }
@@ -175,10 +175,10 @@
 .qr-code-container {
     display: flex;
     justify-content: center;
-    padding: @space-4;
+    padding: $space-4;
     background: white;
-    border-radius: @radius-md;
-    margin-bottom: @space-4;
+    border-radius: $radius-md;
+    margin-bottom: $space-4;
 }
 
 .qr-code {
@@ -187,30 +187,30 @@
 }
 
 .qr-fallback {
-    background: @bg-hover;
-    padding: @space-4;
-    border-radius: @radius-md;
+    background: $bg-hover;
+    padding: $space-4;
+    border-radius: $radius-md;
     text-align: center;
 
     .secret-key {
         display: block;
-        font-size: @font-size-lg;
-        padding: @space-2;
-        margin-top: @space-2;
-        background: @bg-body;
-        border-radius: @radius-sm;
+        font-size: $font-size-lg;
+        padding: $space-2;
+        margin-top: $space-2;
+        background: $bg-body;
+        border-radius: $radius-sm;
         word-break: break-all;
     }
 }
 
 .manual-entry {
-    margin-top: @space-4;
-    font-size: @font-size-sm;
-    color: @text-secondary;
+    margin-top: $space-4;
+    font-size: $font-size-sm;
+    color: $text-secondary;
 
     summary {
         cursor: pointer;
-        color: @accent-primary;
+        color: $accent-primary;
 
         &:hover {
             text-decoration: underline;
@@ -218,13 +218,13 @@
     }
 
     p {
-        margin: @space-1 0;
+        margin: $space-1 0;
     }
 
     code {
-        background: @bg-hover;
+        background: $bg-hover;
         padding: 2px 6px;
-        border-radius: @radius-sm;
+        border-radius: $radius-sm;
     }
 }
 
@@ -233,7 +233,7 @@
     font-weight: 600;
     text-align: center;
     letter-spacing: 0.5em;
-    padding: @space-4;
+    padding: $space-4;
     width: 100%;
     max-width: 200px;
 }
@@ -241,56 +241,56 @@
 // Warning Box
 .warning-box {
     display: flex;
-    gap: @space-4;
-    padding: @space-4;
-    background: fade(@warning, 10%);
-    border: 1px solid fade(@warning, 30%);
-    border-radius: @radius-md;
-    margin-bottom: @space-6;
+    gap: $space-4;
+    padding: $space-4;
+    background: fade($warning, 10%);
+    border: 1px solid fade($warning, 30%);
+    border-radius: $radius-md;
+    margin-bottom: $space-6;
 
     svg {
         flex-shrink: 0;
-        color: @warning;
+        color: $warning;
     }
 
     p {
         margin: 0;
-        color: @text-primary;
-        font-size: @font-size-sm;
+        color: $text-primary;
+        font-size: $font-size-sm;
     }
 }
 
 .error-text {
-    color: @danger;
-    font-size: @font-size-sm;
-    margin-top: @space-1;
+    color: $danger;
+    font-size: $font-size-sm;
+    margin-top: $space-1;
 }
 
 // Backup Codes Grid
 .backup-codes-grid {
     display: grid;
     grid-template-columns: repeat(2, 1fr);
-    gap: @space-2;
-    margin-bottom: @space-6;
+    gap: $space-2;
+    margin-bottom: $space-6;
 }
 
 .backup-code {
     display: block;
-    padding: @space-2 @space-4;
-    background: @bg-hover;
-    border-radius: @radius-sm;
+    padding: $space-2 $space-4;
+    background: $bg-hover;
+    border-radius: $radius-sm;
     text-align: center;
-    font-size: @font-size-md;
-    font-family: @font-mono;
+    font-size: $font-size-md;
+    font-family: $font-mono;
 }
 
 .backup-codes-actions {
     display: flex;
     justify-content: center;
-    gap: @space-2;
+    gap: $space-2;
 
     .btn svg {
-        margin-right: @space-1;
+        margin-right: $space-1;
     }
 }
 
@@ -301,6 +301,6 @@
 
 // Loading small
 .loading-sm {
-    color: @text-tertiary;
-    font-size: @font-size-sm;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
 }
diff --git a/frontend/src/styles/components/_uptime.less b/frontend/src/styles/components/_uptime.scss
similarity index 50%
rename from frontend/src/styles/components/_uptime.less
rename to frontend/src/styles/components/_uptime.scss
index b929ec4b..ca9872ec 100644
--- a/frontend/src/styles/components/_uptime.less
+++ b/frontend/src/styles/components/_uptime.scss
@@ -3,23 +3,23 @@
 // ============================================
 
 .uptime-card {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-xl;
-    padding: @space-6;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-xl;
+    padding: $space-6;
 
     &.loading,
     &.error {
         display: flex;
         align-items: center;
         justify-content: center;
-        gap: @space-3;
+        gap: $space-3;
         min-height: 200px;
-        color: @text-tertiary;
+        color: $text-tertiary;
     }
 
     &.error {
-        color: @danger;
+        color: $danger;
     }
 }
 
@@ -27,63 +27,63 @@
     display: flex;
     align-items: flex-start;
     justify-content: space-between;
-    margin-bottom: @space-6;
+    margin-bottom: $space-6;
 }
 
 .uptime-title {
     display: flex;
     align-items: center;
-    gap: @space-3;
+    gap: $space-3;
 
     .uptime-icon {
-        color: @success;
+        color: $success;
     }
 
     h3 {
-        font-size: @font-size-lg;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-        margin: 0 0 @space-1 0;
+        font-size: $font-size-lg;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin: 0 0 $space-1 0;
     }
 }
 
 .uptime-status {
     display: inline-flex;
     align-items: center;
-    gap: @space-2;
-    font-size: @font-size-sm;
-    color: @text-secondary;
+    gap: $space-2;
+    font-size: $font-size-sm;
+    color: $text-secondary;
 
     .status-dot {
         width: 8px;
         height: 8px;
         border-radius: 50%;
-        background: @text-tertiary;
+        background: $text-tertiary;
     }
 
     &.online {
-        color: @success;
+        color: $success;
 
         .status-dot {
-            background: @success;
-            box-shadow: 0 0 8px @success;
+            background: $success;
+            box-shadow: 0 0 8px $success;
             animation: pulse-dot 2s ease-in-out infinite;
         }
     }
 
     &.degraded {
-        color: @warning;
+        color: $warning;
 
         .status-dot {
-            background: @warning;
+            background: $warning;
         }
     }
 
     &.offline {
-        color: @danger;
+        color: $danger;
 
         .status-dot {
-            background: @danger;
+            background: $danger;
         }
     }
 }
@@ -104,31 +104,31 @@
 
     .percentage-value {
         display: block;
-        font-size: @font-size-2xl;
-        font-weight: @font-weight-bold;
-        font-family: @font-mono;
-        color: @text-primary;
+        font-size: $font-size-2xl;
+        font-weight: $font-weight-bold;
+        font-family: $font-mono;
+        color: $text-primary;
 
         &.excellent {
-            color: @success;
+            color: $success;
         }
 
         &.good {
-            color: @success;
+            color: $success;
         }
 
         &.fair {
-            color: @warning;
+            color: $warning;
         }
 
         &.poor {
-            color: @danger;
+            color: $danger;
         }
     }
 
     .percentage-label {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
         text-transform: uppercase;
         letter-spacing: 0.5px;
     }
@@ -139,12 +139,12 @@
     display: flex;
     align-items: center;
     justify-content: center;
-    gap: @space-2;
-    padding: @space-5;
-    background: linear-gradient(135deg, fade(@accent-primary-raw, 5%), fade(@success, 5%));
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    margin-bottom: @space-6;
+    gap: $space-2;
+    padding: $space-5;
+    background: linear-gradient(135deg, fade($accent-primary-raw, 5%), fade($success, 5%));
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    margin-bottom: $space-6;
 }
 
 .uptime-counter-item {
@@ -155,73 +155,73 @@
 
     .counter-value {
         font-size: 32px;
-        font-weight: @font-weight-bold;
-        font-family: @font-mono;
-        color: @text-primary;
+        font-weight: $font-weight-bold;
+        font-family: $font-mono;
+        color: $text-primary;
         line-height: 1;
     }
 
     .counter-label {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
         text-transform: uppercase;
         letter-spacing: 0.5px;
-        margin-top: @space-1;
+        margin-top: $space-1;
     }
 }
 
 .counter-separator {
     font-size: 32px;
-    font-weight: @font-weight-bold;
-    font-family: @font-mono;
-    color: @text-tertiary;
-    margin: 0 @space-1;
-    margin-bottom: @space-4;
+    font-weight: $font-weight-bold;
+    font-family: $font-mono;
+    color: $text-tertiary;
+    margin: 0 $space-1;
+    margin-bottom: $space-4;
 }
 
 // Graph Section
 .uptime-graph-section {
-    margin-bottom: @space-5;
+    margin-bottom: $space-5;
 }
 
 .uptime-graph-header {
     display: flex;
     align-items: center;
     justify-content: space-between;
-    margin-bottom: @space-3;
+    margin-bottom: $space-3;
 
     .graph-title {
-        font-size: @font-size-sm;
-        font-weight: @font-weight-medium;
-        color: @text-secondary;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
+        color: $text-secondary;
     }
 }
 
 .period-selector {
     display: flex;
-    gap: @space-1;
-    background: @bg-hover;
-    padding: @space-1;
-    border-radius: @radius-md;
+    gap: $space-1;
+    background: $bg-hover;
+    padding: $space-1;
+    border-radius: $radius-md;
 }
 
 .period-btn {
-    padding: @space-1 @space-3;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-medium;
-    color: @text-tertiary;
+    padding: $space-1 $space-3;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-medium;
+    color: $text-tertiary;
     background: transparent;
     border: none;
-    border-radius: @radius-sm;
+    border-radius: $radius-sm;
     cursor: pointer;
-    transition: all @transition-fast;
+    transition: all $transition-fast;
 
     &:hover {
-        color: @text-primary;
+        color: $text-primary;
     }
 
     &.active {
-        background: @accent-primary;
+        background: $accent-primary;
         color: white;
     }
 }
@@ -230,8 +230,8 @@
     display: flex;
     gap: 2px;
     height: 32px;
-    background: @bg-hover;
-    border-radius: @radius-md;
+    background: $bg-hover;
+    border-radius: $radius-md;
     overflow: hidden;
     padding: 4px;
 }
@@ -239,7 +239,7 @@
 .graph-bar {
     flex: 1;
     border-radius: 2px;
-    transition: transform @transition-fast, opacity @transition-fast;
+    transition: transform $transition-fast, opacity $transition-fast;
     cursor: pointer;
     min-width: 4px;
 
@@ -249,29 +249,29 @@
     }
 
     &.up {
-        background: @success;
+        background: $success;
     }
 
     &.degraded {
-        background: @warning;
+        background: $warning;
     }
 
     &.down {
-        background: @danger;
+        background: $danger;
     }
 
     &.no_data,
     &.no-data {
-        background: @border-subtle;
+        background: $border-subtle;
     }
 }
 
 .uptime-graph-labels {
     display: flex;
     justify-content: space-between;
-    margin-top: @space-2;
-    font-size: @font-size-xs;
-    color: @text-tertiary;
+    margin-top: $space-2;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
 }
 
 // Legend
@@ -279,19 +279,19 @@
     display: flex;
     align-items: center;
     justify-content: center;
-    gap: @space-5;
-    padding: @space-3 0;
-    border-top: 1px solid @border-subtle;
-    border-bottom: 1px solid @border-subtle;
-    margin-bottom: @space-5;
+    gap: $space-5;
+    padding: $space-3 0;
+    border-top: 1px solid $border-subtle;
+    border-bottom: 1px solid $border-subtle;
+    margin-bottom: $space-5;
 }
 
 .legend-item {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    font-size: @font-size-xs;
-    color: @text-secondary;
+    gap: $space-2;
+    font-size: $font-size-xs;
+    color: $text-secondary;
 }
 
 .legend-dot {
@@ -300,19 +300,19 @@
     border-radius: 2px;
 
     &.up {
-        background: @success;
+        background: $success;
     }
 
     &.degraded {
-        background: @warning;
+        background: $warning;
     }
 
     &.down {
-        background: @danger;
+        background: $danger;
     }
 
     &.no-data {
-        background: @border-subtle;
+        background: $border-subtle;
     }
 }
 
@@ -320,41 +320,41 @@
 .uptime-stats-grid {
     display: grid;
     grid-template-columns: repeat(4, 1fr);
-    gap: @space-3;
+    gap: $space-3;
 }
 
 .uptime-stat {
     display: flex;
     flex-direction: column;
     align-items: center;
-    padding: @space-3;
-    background: @bg-hover;
-    border-radius: @radius-md;
+    padding: $space-3;
+    background: $bg-hover;
+    border-radius: $radius-md;
 
     .stat-period {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
         text-transform: uppercase;
-        margin-bottom: @space-1;
+        margin-bottom: $space-1;
     }
 
     .stat-value {
-        font-size: @font-size-md;
-        font-weight: @font-weight-bold;
-        font-family: @font-mono;
-        color: @text-primary;
+        font-size: $font-size-md;
+        font-weight: $font-weight-bold;
+        font-family: $font-mono;
+        color: $text-primary;
 
         &.excellent,
         &.good {
-            color: @success;
+            color: $success;
         }
 
         &.fair {
-            color: @warning;
+            color: $warning;
         }
 
         &.poor {
-            color: @danger;
+            color: $danger;
         }
     }
 }
@@ -364,39 +364,39 @@
     display: flex;
     align-items: center;
     justify-content: space-between;
-    padding: @space-4 @space-5;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
+    padding: $space-4 $space-5;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
 }
 
 .uptime-compact-status {
     display: flex;
     align-items: center;
-    gap: @space-3;
+    gap: $space-3;
 
     .uptime-compact-label {
-        font-size: @font-size-sm;
-        color: @text-secondary;
+        font-size: $font-size-sm;
+        color: $text-secondary;
     }
 
     .uptime-compact-percent {
-        font-size: @font-size-base;
-        font-weight: @font-weight-bold;
-        font-family: @font-mono;
-        padding: @space-1 @space-2;
-        border-radius: @radius-sm;
-        background: @success-bg;
-        color: @success;
+        font-size: $font-size-base;
+        font-weight: $font-weight-bold;
+        font-family: $font-mono;
+        padding: $space-1 $space-2;
+        border-radius: $radius-sm;
+        background: $success-bg;
+        color: $success;
 
         &.fair {
-            background: @warning-bg;
-            color: @warning;
+            background: $warning-bg;
+            color: $warning;
         }
 
         &.poor {
-            background: @danger-bg;
-            color: @danger;
+            background: $danger-bg;
+            color: $danger;
         }
     }
 }
@@ -405,23 +405,23 @@
     display: flex;
     align-items: baseline;
     gap: 2px;
-    font-family: @font-mono;
+    font-family: $font-mono;
 
     .value {
-        font-size: @font-size-lg;
-        font-weight: @font-weight-bold;
-        color: @text-primary;
+        font-size: $font-size-lg;
+        font-weight: $font-weight-bold;
+        color: $text-primary;
     }
 
     .unit {
-        font-size: @font-size-sm;
-        color: @text-tertiary;
-        margin-right: @space-1;
+        font-size: $font-size-sm;
+        color: $text-tertiary;
+        margin-right: $space-1;
     }
 }
 
 // Responsive
-@media (max-width: @breakpoint-md) {
+@media (max-width: $breakpoint-md) {
     .uptime-counter-item {
         min-width: 50px;
 
@@ -440,6 +440,6 @@
 
     .uptime-legend {
         flex-wrap: wrap;
-        gap: @space-3;
+        gap: $space-3;
     }
 }
diff --git a/frontend/src/styles/components/_users.less b/frontend/src/styles/components/_users.less
deleted file mode 100644
index 60e3323b..00000000
--- a/frontend/src/styles/components/_users.less
+++ /dev/null
@@ -1,773 +0,0 @@
-// ============================================
-// USER MANAGEMENT STYLES
-// ============================================
-
-// --------------------------------------------
-// Setup Page
-// --------------------------------------------
-.setup-card {
-    max-width: 480px;
-}
-
-.setup-info {
-    display: flex;
-    gap: @space-4;
-    padding: @space-4;
-    background: fade(@accent-primary-raw, 10%);
-    border-radius: @radius-md;
-    margin-bottom: @space-6;
-
-    .setup-info-icon {
-        flex-shrink: 0;
-        color: @accent-primary;
-    }
-
-    p {
-        margin: 0;
-        font-size: @font-size-sm;
-        color: @text-secondary;
-        line-height: 1.5;
-    }
-}
-
-.setup-footer {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    gap: @space-2;
-    margin-top: @space-6;
-    padding-top: @space-6;
-    border-top: 1px solid @border-default;
-    color: @text-tertiary;
-    font-size: @font-size-sm;
-
-    svg {
-        color: @success;
-    }
-}
-
-// --------------------------------------------
-// Users Tab
-// --------------------------------------------
-.users-tab {
-    .tab-header {
-        display: flex;
-        justify-content: space-between;
-        align-items: flex-start;
-        margin-bottom: @space-6;
-
-        .tab-header-content {
-            h3 {
-                margin: 0 0 @space-1 0;
-                font-size: @font-size-lg;
-                font-weight: 600;
-            }
-
-            p {
-                margin: 0;
-                color: @text-secondary;
-                font-size: @font-size-sm;
-            }
-        }
-    }
-}
-
-.users-table-container {
-    overflow-x: auto;
-    border: 1px solid @border-default;
-    border-radius: @radius-md;
-}
-
-.users-table {
-    width: 100%;
-    border-collapse: collapse;
-
-    th, td {
-        padding: @space-4;
-        text-align: left;
-        border-bottom: 1px solid @border-default;
-    }
-
-    th {
-        background: @bg-hover;
-        font-weight: 500;
-        font-size: @font-size-sm;
-        color: @text-secondary;
-        text-transform: uppercase;
-        letter-spacing: 0.05em;
-    }
-
-    tr:last-child td {
-        border-bottom: none;
-    }
-
-    tr:hover td {
-        background: @bg-card;
-    }
-
-    tr.inactive {
-        opacity: 0.6;
-
-        td {
-            background: fade(@warning, 5%);
-        }
-    }
-
-    .user-info {
-        display: flex;
-        align-items: center;
-        gap: @space-4;
-    }
-
-    .user-avatar {
-        width: 40px;
-        height: 40px;
-        border-radius: 50%;
-        background: @accent-primary;
-        color: #fff;
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        font-weight: 600;
-        font-size: @font-size-md;
-        flex-shrink: 0;
-    }
-
-    .user-details {
-        display: flex;
-        flex-direction: column;
-        gap: 2px;
-
-        .username {
-            font-weight: 500;
-            display: flex;
-            align-items: center;
-            gap: @space-2;
-        }
-
-        .email {
-            font-size: @font-size-sm;
-            color: @text-secondary;
-        }
-    }
-
-    .you-badge {
-        font-size: @font-size-xs;
-        padding: 2px 6px;
-        background: @accent-primary;
-        color: #fff;
-        border-radius: @radius-sm;
-        font-weight: 500;
-    }
-
-    .status-badge {
-        display: inline-flex;
-        align-items: center;
-        padding: 4px 10px;
-        border-radius: @radius-full;
-        font-size: @font-size-xs;
-        font-weight: 500;
-
-        &.active {
-            background: fade(@success, 15%);
-            color: @success;
-        }
-
-        &.inactive {
-            background: fade(@warning, 15%);
-            color: @warning;
-        }
-    }
-
-    .date-cell {
-        font-size: @font-size-sm;
-        color: @text-secondary;
-        white-space: nowrap;
-    }
-
-    .actions-cell {
-        display: flex;
-        gap: @space-1;
-    }
-}
-
-// --------------------------------------------
-// User Modal Styles
-// --------------------------------------------
-.form-row {
-    display: grid;
-    grid-template-columns: 1fr 1fr;
-    gap: @space-4;
-
-    @media (max-width: 600px) {
-        grid-template-columns: 1fr;
-    }
-}
-
-.checkbox-label {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    cursor: pointer;
-
-    input[type="checkbox"] {
-        width: 18px;
-        height: 18px;
-        cursor: pointer;
-    }
-
-    .checkbox-text {
-        font-weight: 400;
-    }
-}
-
-.form-help {
-    display: block;
-    margin-top: @space-1;
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-}
-
-.role-descriptions {
-    margin-top: @space-6;
-    padding: @space-4;
-    background: @bg-hover;
-    border-radius: @radius-md;
-
-    h4 {
-        margin: 0 0 @space-4 0;
-        font-size: @font-size-sm;
-        font-weight: 600;
-        color: @text-secondary;
-    }
-
-    .role-item {
-        display: flex;
-        gap: @space-2;
-        padding: @space-2 0;
-
-        &:not(:last-child) {
-            border-bottom: 1px solid @border-default;
-        }
-
-        .role-name {
-            font-weight: 500;
-            min-width: 80px;
-            font-size: @font-size-sm;
-        }
-
-        .role-desc {
-            font-size: @font-size-sm;
-            color: @text-secondary;
-        }
-    }
-}
-
-// --------------------------------------------
-// Audit Log Tab
-// --------------------------------------------
-.audit-log-tab {
-    .tab-header {
-        margin-bottom: @space-6;
-
-        h3 {
-            margin: 0 0 @space-1 0;
-            font-size: @font-size-lg;
-            font-weight: 600;
-        }
-
-        p {
-            margin: 0;
-            color: @text-secondary;
-            font-size: @font-size-sm;
-        }
-    }
-}
-
-.filters-bar {
-    display: flex;
-    gap: @space-4;
-    align-items: flex-end;
-    margin-bottom: @space-6;
-    padding: @space-4;
-    background: @bg-hover;
-    border-radius: @radius-md;
-
-    .filter-group {
-        display: flex;
-        flex-direction: column;
-        gap: @space-1;
-
-        label {
-            font-size: @font-size-sm;
-            font-weight: 500;
-            color: @text-secondary;
-        }
-
-        select {
-            min-width: 180px;
-        }
-    }
-}
-
-.audit-log-list {
-    display: flex;
-    flex-direction: column;
-    gap: @space-2;
-}
-
-.log-entry {
-    display: flex;
-    gap: @space-4;
-    padding: @space-4;
-    background: @bg-card;
-    border-radius: @radius-md;
-    border-left: 3px solid transparent;
-
-    &.action-success {
-        border-left-color: @success;
-    }
-
-    &.action-warning {
-        border-left-color: @warning;
-    }
-
-    &.action-danger {
-        border-left-color: @danger;
-    }
-
-    &.action-info {
-        border-left-color: @accent-primary;
-    }
-
-    .log-icon {
-        flex-shrink: 0;
-        width: 32px;
-        height: 32px;
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        background: @bg-hover;
-        border-radius: @radius-sm;
-        color: @text-secondary;
-    }
-
-    .log-content {
-        flex: 1;
-        min-width: 0;
-    }
-
-    .log-header {
-        display: flex;
-        flex-wrap: wrap;
-        gap: @space-2;
-        align-items: center;
-        margin-bottom: @space-1;
-
-        .log-action {
-            font-weight: 500;
-            text-transform: capitalize;
-        }
-
-        .log-user {
-            color: @text-secondary;
-            font-size: @font-size-sm;
-        }
-
-        .log-target {
-            color: @text-tertiary;
-            font-size: @font-size-sm;
-        }
-    }
-
-    .log-details {
-        display: flex;
-        flex-wrap: wrap;
-        gap: @space-2;
-        margin-bottom: @space-2;
-
-        .detail-item {
-            display: inline-flex;
-            gap: @space-1;
-            padding: 2px @space-2;
-            background: @bg-hover;
-            border-radius: @radius-sm;
-            font-size: @font-size-xs;
-
-            .detail-key {
-                color: @text-tertiary;
-            }
-
-            .detail-value {
-                color: @text-secondary;
-                max-width: 200px;
-                overflow: hidden;
-                text-overflow: ellipsis;
-                white-space: nowrap;
-            }
-        }
-    }
-
-    .log-meta {
-        display: flex;
-        gap: @space-4;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-
-        .log-ip {
-            font-family: @font-mono;
-        }
-    }
-}
-
-.pagination {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    gap: @space-4;
-    margin-top: @space-6;
-    padding-top: @space-6;
-    border-top: 1px solid @border-default;
-
-    .pagination-info {
-        font-size: @font-size-sm;
-        color: @text-secondary;
-    }
-}
-
-// --------------------------------------------
-// Settings Nav Divider
-// --------------------------------------------
-.settings-nav-divider {
-    padding: @space-2 @space-4;
-    margin-top: @space-4;
-    font-size: @font-size-xs;
-    font-weight: 600;
-    color: @text-tertiary;
-    text-transform: uppercase;
-    letter-spacing: 0.1em;
-}
-
-// --------------------------------------------
-// Loading & Empty States
-// --------------------------------------------
-.loading-state,
-.empty-state {
-    padding: @space-10;
-    text-align: center;
-    color: @text-secondary;
-}
-
-// --------------------------------------------
-// Button Variants
-// --------------------------------------------
-.btn.text-warning {
-    color: @warning;
-
-    &:hover {
-        background: fade(@warning, 10%);
-    }
-}
-
-.btn.text-success {
-    color: @success;
-
-    &:hover {
-        background: fade(@success, 10%);
-    }
-}
-
-.btn.text-danger {
-    color: @danger;
-
-    &:hover {
-        background: fade(@danger, 10%);
-    }
-}
-
-// --------------------------------------------
-// Permission Editor
-// --------------------------------------------
-.permission-editor {
-    margin-top: @space-4;
-    border: 1px solid @border-default;
-    border-radius: @radius-md;
-    max-height: 400px;
-    overflow-y: auto;
-}
-
-.permission-header-row {
-    display: grid;
-    grid-template-columns: 1fr 60px 60px;
-    gap: @space-2;
-    padding: @space-2 @space-4;
-    background: @bg-hover;
-    font-size: @font-size-xs;
-    font-weight: 600;
-    color: @text-secondary;
-    text-transform: uppercase;
-    letter-spacing: 0.05em;
-    border-bottom: 1px solid @border-default;
-    position: sticky;
-    top: 0;
-    z-index: 1;
-}
-
-.permission-level-label {
-    text-align: center;
-}
-
-.permission-group {
-    &:not(:last-child) {
-        border-bottom: 1px solid @border-default;
-    }
-}
-
-.permission-group-label {
-    padding: @space-2 @space-4;
-    font-size: @font-size-xs;
-    font-weight: 600;
-    color: @text-tertiary;
-    text-transform: uppercase;
-    letter-spacing: 0.1em;
-    background: fade(@bg-hover-raw, 50%);
-}
-
-.permission-row {
-    display: grid;
-    grid-template-columns: 1fr 60px 60px;
-    gap: @space-2;
-    align-items: center;
-    padding: @space-2 @space-4;
-
-    &:hover {
-        background: @bg-hover;
-    }
-}
-
-.permission-feature-name {
-    font-size: @font-size-sm;
-}
-
-.permission-checkbox {
-    display: flex;
-    justify-content: center;
-
-    input[type="checkbox"] {
-        width: 16px;
-        height: 16px;
-        cursor: pointer;
-    }
-}
-
-.customize-permissions-section {
-    margin-top: @space-4;
-
-    > .btn {
-        margin-bottom: @space-2;
-    }
-}
-
-// --------------------------------------------
-// Invitations Section
-// --------------------------------------------
-.invitations-section {
-    margin-top: @space-8;
-    padding-top: @space-8;
-    border-top: 1px solid @border-default;
-
-    .tab-header {
-        display: flex;
-        justify-content: space-between;
-        align-items: flex-start;
-        margin-bottom: @space-4;
-
-        .tab-header-content {
-            h4 {
-                margin: 0 0 @space-1 0;
-                font-size: @font-size-md;
-                font-weight: 600;
-            }
-
-            p {
-                margin: 0;
-                color: @text-secondary;
-                font-size: @font-size-sm;
-            }
-        }
-    }
-}
-
-.invite-link-display {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    padding: @space-3;
-    background: @bg-hover;
-    border: 1px solid @border-default;
-    border-radius: @radius-md;
-    margin-top: @space-2;
-
-    code {
-        flex: 1;
-        font-family: @font-mono;
-        font-size: @font-size-sm;
-        word-break: break-all;
-        color: @text-primary;
-    }
-}
-
-.invitation-status {
-    display: inline-flex;
-    align-items: center;
-    padding: 3px 8px;
-    border-radius: @radius-full;
-    font-size: @font-size-xs;
-    font-weight: 500;
-    text-transform: capitalize;
-
-    &.pending {
-        background: fade(@accent-primary-raw, 15%);
-        color: @accent-primary;
-    }
-
-    &.accepted {
-        background: fade(@success, 15%);
-        color: @success;
-    }
-
-    &.expired {
-        background: fade(@text-tertiary-raw, 15%);
-        color: @text-tertiary;
-    }
-
-    &.revoked {
-        background: fade(@danger, 15%);
-        color: @danger;
-    }
-}
-
-// --------------------------------------------
-// Activity Tab
-// --------------------------------------------
-.activity-tab {
-    .tab-header {
-        margin-bottom: @space-6;
-
-        h3 {
-            margin: 0 0 @space-1 0;
-            font-size: @font-size-lg;
-            font-weight: 600;
-        }
-
-        p {
-            margin: 0;
-            color: @text-secondary;
-            font-size: @font-size-sm;
-        }
-    }
-}
-
-.activity-summary {
-    display: grid;
-    grid-template-columns: repeat(3, 1fr);
-    gap: @space-4;
-    margin-bottom: @space-6;
-
-    @media (max-width: 600px) {
-        grid-template-columns: 1fr;
-    }
-}
-
-.activity-stat-card {
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    padding: @space-6;
-    background: @bg-card;
-    border: 1px solid @border-default;
-    border-radius: @radius-md;
-
-    .stat-number {
-        font-size: 2rem;
-        font-weight: 700;
-        color: @accent-primary;
-        line-height: 1;
-    }
-
-    .stat-label {
-        margin-top: @space-2;
-        font-size: @font-size-sm;
-        color: @text-secondary;
-    }
-}
-
-.most-active-users {
-    margin-bottom: @space-6;
-    padding: @space-4;
-    background: @bg-card;
-    border: 1px solid @border-default;
-    border-radius: @radius-md;
-
-    h4 {
-        margin: 0 0 @space-4 0;
-        font-size: @font-size-md;
-        font-weight: 600;
-    }
-}
-
-.active-user-item {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-    padding: @space-2 0;
-
-    &:not(:last-child) {
-        border-bottom: 1px solid @border-default;
-    }
-}
-
-.active-user-rank {
-    width: 24px;
-    text-align: center;
-    font-weight: 600;
-    font-size: @font-size-sm;
-    color: @text-tertiary;
-}
-
-.active-user-name {
-    min-width: 100px;
-    font-size: @font-size-sm;
-    font-weight: 500;
-}
-
-.active-user-bar-wrapper {
-    flex: 1;
-    height: 8px;
-    background: @bg-hover;
-    border-radius: @radius-full;
-    overflow: hidden;
-}
-
-.active-user-bar {
-    height: 100%;
-    background: @accent-primary;
-    border-radius: @radius-full;
-    transition: width 0.3s ease;
-}
-
-.active-user-count {
-    min-width: 40px;
-    text-align: right;
-    font-size: @font-size-sm;
-    font-weight: 600;
-    color: @text-secondary;
-}
-
-.activity-feed-section {
-    h4 {
-        margin: 0 0 @space-4 0;
-        font-size: @font-size-md;
-        font-weight: 600;
-    }
-}
diff --git a/frontend/src/styles/components/_users.scss b/frontend/src/styles/components/_users.scss
new file mode 100644
index 00000000..24148f1f
--- /dev/null
+++ b/frontend/src/styles/components/_users.scss
@@ -0,0 +1,1011 @@
+// ============================================
+// USER MANAGEMENT STYLES
+// ============================================
+
+// --------------------------------------------
+// Setup Page
+// --------------------------------------------
+.setup-card {
+    max-width: 480px;
+}
+
+.setup-info {
+    display: flex;
+    gap: $space-4;
+    padding: $space-4;
+    background: fade($accent-primary-raw, 10%);
+    border-radius: $radius-md;
+    margin-bottom: $space-6;
+
+    .setup-info-icon {
+        flex-shrink: 0;
+        color: $accent-primary;
+    }
+
+    p {
+        margin: 0;
+        font-size: $font-size-sm;
+        color: $text-secondary;
+        line-height: 1.5;
+    }
+}
+
+.setup-footer {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    gap: $space-2;
+    margin-top: $space-6;
+    padding-top: $space-6;
+    border-top: 1px solid $border-default;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
+
+    svg {
+        color: $success;
+    }
+}
+
+// --------------------------------------------
+// Users Tab
+// --------------------------------------------
+.users-tab {
+    .tab-header {
+        display: flex;
+        justify-content: space-between;
+        align-items: flex-start;
+        margin-bottom: $space-6;
+
+        .tab-header-content {
+            h3 {
+                margin: 0 0 $space-1 0;
+                font-size: $font-size-lg;
+                font-weight: 600;
+            }
+
+            p {
+                margin: 0;
+                color: $text-secondary;
+                font-size: $font-size-sm;
+            }
+        }
+    }
+}
+
+.users-table-container {
+    overflow-x: auto;
+    border: 1px solid $border-default;
+    border-radius: $radius-md;
+}
+
+.users-table {
+    width: 100%;
+    border-collapse: collapse;
+
+    th, td {
+        padding: $space-4;
+        text-align: left;
+        border-bottom: 1px solid $border-default;
+    }
+
+    th {
+        background: $bg-hover;
+        font-weight: 500;
+        font-size: $font-size-sm;
+        color: $text-secondary;
+        text-transform: uppercase;
+        letter-spacing: 0.05em;
+    }
+
+    tr:last-child td {
+        border-bottom: none;
+    }
+
+    tr:hover td {
+        background: $bg-card;
+    }
+
+    tr.inactive {
+        opacity: 0.6;
+
+        td {
+            background: fade($warning, 5%);
+        }
+    }
+
+    .user-info {
+        display: flex;
+        align-items: center;
+        gap: $space-4;
+    }
+
+    .user-avatar {
+        width: 40px;
+        height: 40px;
+        border-radius: 50%;
+        background: $accent-primary;
+        color: #fff;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        font-weight: 600;
+        font-size: $font-size-md;
+        flex-shrink: 0;
+    }
+
+    .user-details {
+        display: flex;
+        flex-direction: column;
+        gap: 2px;
+
+        .username {
+            font-weight: 500;
+            display: flex;
+            align-items: center;
+            gap: $space-2;
+        }
+
+        .email {
+            font-size: $font-size-sm;
+            color: $text-secondary;
+        }
+    }
+
+    .you-badge {
+        font-size: $font-size-xs;
+        padding: 2px 6px;
+        background: $accent-primary;
+        color: #fff;
+        border-radius: $radius-sm;
+        font-weight: 500;
+    }
+
+    .status-badge {
+        display: inline-flex;
+        align-items: center;
+        padding: 4px 10px;
+        border-radius: $radius-full;
+        font-size: $font-size-xs;
+        font-weight: 500;
+
+        &.active {
+            background: fade($success, 15%);
+            color: $success;
+        }
+
+        &.inactive {
+            background: fade($warning, 15%);
+            color: $warning;
+        }
+    }
+
+    .date-cell {
+        font-size: $font-size-sm;
+        color: $text-secondary;
+        white-space: nowrap;
+    }
+
+    .actions-cell {
+        display: flex;
+        gap: $space-1;
+    }
+}
+
+// --------------------------------------------
+// User Modal Styles
+// --------------------------------------------
+.form-row {
+    display: grid;
+    grid-template-columns: 1fr 1fr;
+    gap: $space-4;
+
+    @media (max-width: 600px) {
+        grid-template-columns: 1fr;
+    }
+}
+
+.checkbox-label {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    cursor: pointer;
+
+    input[type="checkbox"] {
+        width: 18px;
+        height: 18px;
+        cursor: pointer;
+    }
+
+    .checkbox-text {
+        font-weight: 400;
+    }
+}
+
+.form-help {
+    display: block;
+    margin-top: $space-1;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+}
+
+.role-descriptions {
+    margin-top: $space-6;
+    padding: $space-4;
+    background: $bg-hover;
+    border-radius: $radius-md;
+
+    h4 {
+        margin: 0 0 $space-4 0;
+        font-size: $font-size-sm;
+        font-weight: 600;
+        color: $text-secondary;
+    }
+
+    .role-item {
+        display: flex;
+        gap: $space-2;
+        padding: $space-2 0;
+
+        &:not(:last-child) {
+            border-bottom: 1px solid $border-default;
+        }
+
+        .role-name {
+            font-weight: 500;
+            min-width: 80px;
+            font-size: $font-size-sm;
+        }
+
+        .role-desc {
+            font-size: $font-size-sm;
+            color: $text-secondary;
+        }
+    }
+}
+
+// --------------------------------------------
+// Audit Log Tab
+// --------------------------------------------
+.audit-log-tab {
+    .tab-header {
+        margin-bottom: $space-6;
+
+        h3 {
+            margin: 0 0 $space-1 0;
+            font-size: $font-size-lg;
+            font-weight: 600;
+        }
+
+        p {
+            margin: 0;
+            color: $text-secondary;
+            font-size: $font-size-sm;
+        }
+    }
+}
+
+.filters-bar {
+    display: flex;
+    gap: $space-4;
+    align-items: flex-end;
+    margin-bottom: $space-6;
+    padding: $space-4;
+    background: $bg-hover;
+    border-radius: $radius-md;
+
+    .filter-group {
+        display: flex;
+        flex-direction: column;
+        gap: $space-1;
+
+        label {
+            font-size: $font-size-sm;
+            font-weight: 500;
+            color: $text-secondary;
+        }
+
+        select {
+            min-width: 180px;
+        }
+    }
+}
+
+.audit-log-list {
+    display: flex;
+    flex-direction: column;
+    gap: $space-2;
+}
+
+.log-entry {
+    display: flex;
+    gap: $space-4;
+    padding: $space-4;
+    background: $bg-card;
+    border-radius: $radius-md;
+    border-left: 3px solid transparent;
+
+    &.action-success {
+        border-left-color: $success;
+    }
+
+    &.action-warning {
+        border-left-color: $warning;
+    }
+
+    &.action-danger {
+        border-left-color: $danger;
+    }
+
+    &.action-info {
+        border-left-color: $accent-primary;
+    }
+
+    .log-icon {
+        flex-shrink: 0;
+        width: 32px;
+        height: 32px;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        background: $bg-hover;
+        border-radius: $radius-sm;
+        color: $text-secondary;
+    }
+
+    .log-content {
+        flex: 1;
+        min-width: 0;
+    }
+
+    .log-header {
+        display: flex;
+        flex-wrap: wrap;
+        gap: $space-2;
+        align-items: center;
+        margin-bottom: $space-1;
+
+        .log-action {
+            font-weight: 500;
+            text-transform: capitalize;
+        }
+
+        .log-user {
+            color: $text-secondary;
+            font-size: $font-size-sm;
+        }
+
+        .log-target {
+            color: $text-tertiary;
+            font-size: $font-size-sm;
+        }
+    }
+
+    .log-details {
+        display: flex;
+        flex-wrap: wrap;
+        gap: $space-2;
+        margin-bottom: $space-2;
+
+        .detail-item {
+            display: inline-flex;
+            gap: $space-1;
+            padding: 2px $space-2;
+            background: $bg-hover;
+            border-radius: $radius-sm;
+            font-size: $font-size-xs;
+
+            .detail-key {
+                color: $text-tertiary;
+            }
+
+            .detail-value {
+                color: $text-secondary;
+                max-width: 200px;
+                overflow: hidden;
+                text-overflow: ellipsis;
+                white-space: nowrap;
+            }
+        }
+    }
+
+    .log-meta {
+        display: flex;
+        gap: $space-4;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+
+        .log-ip {
+            font-family: $font-mono;
+        }
+    }
+}
+
+.pagination {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    gap: $space-4;
+    margin-top: $space-6;
+    padding-top: $space-6;
+    border-top: 1px solid $border-default;
+
+    .pagination-info {
+        font-size: $font-size-sm;
+        color: $text-secondary;
+    }
+}
+
+// --------------------------------------------
+// Settings Nav Divider
+// --------------------------------------------
+.settings-nav-divider {
+    padding: $space-2 $space-4;
+    margin-top: $space-4;
+    font-size: $font-size-xs;
+    font-weight: 600;
+    color: $text-tertiary;
+    text-transform: uppercase;
+    letter-spacing: 0.1em;
+
+    &:first-child {
+        margin-top: 0;
+    }
+}
+
+.settings-nav-spacer {
+    flex: 1;
+    min-height: $space-4;
+}
+
+// --------------------------------------------
+// Loading & Empty States
+// --------------------------------------------
+.loading-state,
+.empty-state {
+    padding: $space-10;
+    text-align: center;
+    color: $text-secondary;
+}
+
+// --------------------------------------------
+// Button Variants
+// --------------------------------------------
+.btn.text-warning {
+    color: $warning;
+
+    &:hover {
+        background: fade($warning, 10%);
+    }
+}
+
+.btn.text-success {
+    color: $success;
+
+    &:hover {
+        background: fade($success, 10%);
+    }
+}
+
+.btn.text-danger {
+    color: $danger;
+
+    &:hover {
+        background: fade($danger, 10%);
+    }
+}
+
+// --------------------------------------------
+// Permission Editor
+// --------------------------------------------
+.permission-editor {
+    margin-top: $space-4;
+    border: 1px solid $border-default;
+    border-radius: $radius-md;
+    max-height: 400px;
+    overflow-y: auto;
+}
+
+.permission-header-row {
+    display: grid;
+    grid-template-columns: 1fr 60px 60px;
+    gap: $space-2;
+    padding: $space-2 $space-4;
+    background: $bg-hover;
+    font-size: $font-size-xs;
+    font-weight: 600;
+    color: $text-secondary;
+    text-transform: uppercase;
+    letter-spacing: 0.05em;
+    border-bottom: 1px solid $border-default;
+    position: sticky;
+    top: 0;
+    z-index: 1;
+}
+
+.permission-level-label {
+    text-align: center;
+}
+
+.permission-group {
+    &:not(:last-child) {
+        border-bottom: 1px solid $border-default;
+    }
+}
+
+.permission-group-label {
+    padding: $space-2 $space-4;
+    font-size: $font-size-xs;
+    font-weight: 600;
+    color: $text-tertiary;
+    text-transform: uppercase;
+    letter-spacing: 0.1em;
+    background: fade($bg-hover-raw, 50%);
+}
+
+.permission-row {
+    display: grid;
+    grid-template-columns: 1fr 60px 60px;
+    gap: $space-2;
+    align-items: center;
+    padding: $space-2 $space-4;
+
+    &:hover {
+        background: $bg-hover;
+    }
+}
+
+.permission-feature-name {
+    font-size: $font-size-sm;
+}
+
+.permission-checkbox {
+    display: flex;
+    justify-content: center;
+
+    input[type="checkbox"] {
+        width: 16px;
+        height: 16px;
+        cursor: pointer;
+    }
+}
+
+.customize-permissions-section {
+    margin-top: $space-4;
+
+    > .btn {
+        margin-bottom: $space-2;
+    }
+}
+
+// --------------------------------------------
+// Invitations Section
+// --------------------------------------------
+.invitations-section {
+    margin-top: $space-8;
+    padding-top: $space-8;
+    border-top: 1px solid $border-default;
+
+    .tab-header {
+        display: flex;
+        justify-content: space-between;
+        align-items: flex-start;
+        margin-bottom: $space-4;
+
+        .tab-header-content {
+            h4 {
+                margin: 0 0 $space-1 0;
+                font-size: $font-size-md;
+                font-weight: 600;
+            }
+
+            p {
+                margin: 0;
+                color: $text-secondary;
+                font-size: $font-size-sm;
+            }
+        }
+    }
+}
+
+.invite-link-display {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    padding: $space-3;
+    background: $bg-hover;
+    border: 1px solid $border-default;
+    border-radius: $radius-md;
+    margin-top: $space-2;
+
+    code {
+        flex: 1;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
+        word-break: break-all;
+        color: $text-primary;
+    }
+}
+
+.invitation-status {
+    display: inline-flex;
+    align-items: center;
+    padding: 3px 8px;
+    border-radius: $radius-full;
+    font-size: $font-size-xs;
+    font-weight: 500;
+    text-transform: capitalize;
+
+    &.pending {
+        background: fade($accent-primary-raw, 15%);
+        color: $accent-primary;
+    }
+
+    &.accepted {
+        background: fade($success, 15%);
+        color: $success;
+    }
+
+    &.expired {
+        background: fade($text-tertiary-raw, 15%);
+        color: $text-tertiary;
+    }
+
+    &.revoked {
+        background: fade($danger, 15%);
+        color: $danger;
+    }
+}
+
+// --------------------------------------------
+// Activity Tab
+// --------------------------------------------
+.activity-tab {
+    .tab-header {
+        margin-bottom: $space-6;
+
+        h3 {
+            margin: 0 0 $space-1 0;
+            font-size: 1.5rem;
+            font-weight: 700;
+            color: $text-primary;
+        }
+
+        p {
+            margin: 0;
+            color: $text-secondary;
+            font-size: $font-size-md;
+        }
+    }
+}
+
+.activity-summary {
+    display: grid;
+    grid-template-columns: repeat(3, 1fr);
+    gap: $space-6;
+    margin-bottom: $space-8;
+
+    @media (max-width: 768px) {
+        grid-template-columns: 1fr;
+    }
+}
+
+.activity-stat-card {
+    display: flex;
+    flex-direction: column;
+    padding: $space-6;
+    background: $bg-card;
+    border: 1px solid $border-default;
+    border-radius: $radius-lg;
+    box-shadow: $shadow-sm;
+    transition: transform 0.2s ease, box-shadow 0.2s ease;
+
+    &:hover {
+        transform: translateY(-2px);
+        box-shadow: $shadow-md;
+    }
+
+    .stat-label {
+        font-size: $font-size-sm;
+        font-weight: 500;
+        color: $text-tertiary;
+        text-transform: uppercase;
+        letter-spacing: 0.05em;
+        margin-bottom: $space-2;
+    }
+
+    .stat-number {
+        font-size: 2.25rem;
+        font-weight: 800;
+        color: $accent-primary;
+        line-height: 1;
+    }
+}
+
+.most-active-users {
+    margin-bottom: $space-8;
+    padding: $space-6;
+    background: $bg-card;
+    border: 1px solid $border-default;
+    border-radius: $radius-lg;
+    box-shadow: $shadow-sm;
+
+    h4 {
+        margin: 0 0 $space-6 0;
+        font-size: $font-size-lg;
+        font-weight: 600;
+        color: $text-primary;
+    }
+}
+
+.active-users-list {
+    display: flex;
+    flex-direction: column;
+    gap: $space-4;
+}
+
+.active-user-item {
+    display: flex;
+    align-items: center;
+    gap: $space-4;
+
+    .active-user-rank {
+        width: 28px;
+        height: 28px;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        background: $bg-hover;
+        border-radius: 50%;
+        font-weight: 700;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+    }
+
+    .active-user-info {
+        flex: 1;
+        display: flex;
+        flex-direction: column;
+        gap: $space-1;
+    }
+
+    .active-user-name {
+        font-size: $font-size-sm;
+        font-weight: 600;
+        color: $text-primary;
+    }
+
+    .active-user-bar-wrapper {
+        height: 6px;
+        background: $bg-hover;
+        border-radius: $radius-full;
+        overflow: hidden;
+    }
+
+    .active-user-bar {
+        height: 100%;
+        background: linear-gradient(90deg, $accent-primary, $accent-hover);
+        border-radius: $radius-full;
+        transition: width 0.6s cubic-bezier(0.16, 1, 0.3, 1);
+    }
+
+    .active-user-count {
+        font-size: $font-size-sm;
+        font-weight: 600;
+        color: $text-secondary;
+        white-space: nowrap;
+    }
+}
+
+.activity-feed-section {
+    margin-top: $space-8;
+
+    .section-header {
+        display: flex;
+        justify-content: space-between;
+        align-items: center;
+        margin-bottom: $space-4;
+
+        h4 {
+            margin: 0;
+            font-size: $font-size-lg;
+            font-weight: 600;
+            color: $text-primary;
+        }
+    }
+}
+
+.filters-bar {
+    display: flex;
+    flex-wrap: wrap;
+    gap: $space-4;
+    align-items: flex-end;
+    margin-bottom: $space-6;
+    padding: $space-5;
+    background: $bg-hover;
+    border-radius: $radius-lg;
+    border: 1px solid $border-default;
+
+    .filter-group {
+        display: flex;
+        flex-direction: column;
+        gap: $space-2;
+
+        label {
+            display: flex;
+            align-items: center;
+            gap: $space-2;
+            font-size: $font-size-xs;
+            font-weight: 600;
+            color: $text-tertiary;
+            text-transform: uppercase;
+            letter-spacing: 0.05em;
+        }
+
+        select.form-control {
+            min-width: 200px;
+            height: 38px;
+            padding: 0 $space-3;
+            background: $bg-card;
+            border: 1px solid $border-default;
+            border-radius: $radius-md;
+            font-size: $font-size-sm;
+            color: $text-primary;
+            cursor: pointer;
+            transition: border-color 0.2s, box-shadow 0.2s;
+
+            &:focus {
+                outline: none;
+                border-color: $accent-primary;
+                box-shadow: 0 0 0 3px fade($accent-primary-raw, 10%);
+            }
+
+            &:hover {
+                border-color: $border-active;
+            }
+        }
+    }
+
+    .btn-clear {
+        height: 38px;
+        display: flex;
+        align-items: center;
+        gap: $space-2;
+        padding: 0 $space-4;
+        color: $text-tertiary;
+
+        &:hover {
+            color: $danger;
+            background: fade($danger, 10%);
+        }
+    }
+}
+
+.audit-log-list {
+    display: flex;
+    flex-direction: column;
+    gap: $space-3;
+}
+
+.log-entry {
+    display: flex;
+    gap: $space-5;
+    padding: $space-5;
+    background: $bg-card;
+    border-radius: $radius-lg;
+    border: 1px solid $border-default;
+    transition: transform 0.2s ease, box-shadow 0.2s ease;
+
+    &:hover {
+        transform: translateX(4px);
+        box-shadow: $shadow-sm;
+        border-color: $border-active;
+    }
+
+    &.action-success .log-icon { background: fade($success, 10%); color: $success; }
+    &.action-warning .log-icon { background: fade($warning, 10%); color: $warning; }
+    &.action-danger .log-icon { background: fade($danger, 10%); color: $danger; }
+    &.action-info .log-icon { background: fade($accent-primary-raw, 10%); color: $accent-primary; }
+
+    .log-icon {
+        flex-shrink: 0;
+        width: 42px;
+        height: 42px;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        border-radius: $radius-md;
+        background: $bg-hover;
+        color: $text-secondary;
+    }
+
+    .log-content {
+        flex: 1;
+        min-width: 0;
+    }
+
+    .log-header {
+        display: flex;
+        flex-wrap: wrap;
+        align-items: center;
+        gap: $space-2;
+        margin-bottom: $space-2;
+
+        .log-action {
+            font-weight: 600;
+            color: $text-primary;
+            text-transform: capitalize;
+            font-size: $font-size-md;
+        }
+
+        .log-user {
+            font-weight: 500;
+            color: $accent-primary;
+            background: fade($accent-primary-raw, 8%);
+            padding: 2px 8px;
+            border-radius: $radius-full;
+            font-size: $font-size-xs;
+        }
+
+        .log-target {
+            color: $text-tertiary;
+            font-size: $font-size-sm;
+        }
+
+        .log-time {
+            margin-left: auto;
+            color: $text-tertiary;
+            font-size: $font-size-xs;
+            font-weight: 500;
+        }
+    }
+
+    .log-details {
+        display: flex;
+        flex-wrap: wrap;
+        gap: $space-2;
+        margin-top: $space-3;
+
+        .detail-item {
+            display: inline-flex;
+            align-items: center;
+            gap: $space-2;
+            padding: 4px $space-3;
+            background: $bg-hover;
+            border: 1px solid $border-default;
+            border-radius: $radius-md;
+            font-size: $font-size-xs;
+
+            .detail-key {
+                color: $text-tertiary;
+                font-weight: 600;
+                text-transform: uppercase;
+                letter-spacing: 0.05em;
+                font-size: 0.7rem;
+            }
+
+            .detail-value {
+                color: $text-secondary;
+                font-family: $font-mono;
+                max-width: 300px;
+                overflow: hidden;
+                text-overflow: ellipsis;
+                white-space: nowrap;
+            }
+        }
+    }
+
+    .log-meta {
+        margin-top: $space-3;
+        display: flex;
+        gap: $space-4;
+
+        .log-ip {
+            font-size: $font-size-xs;
+            color: $text-tertiary;
+            background: $bg-hover;
+            padding: 2px 6px;
+            border-radius: $radius-sm;
+            font-family: $font-mono;
+        }
+    }
+}
diff --git a/frontend/src/styles/layout/_grid.less b/frontend/src/styles/layout/_grid.scss
similarity index 75%
rename from frontend/src/styles/layout/_grid.less
rename to frontend/src/styles/layout/_grid.scss
index 71cba479..7f2e0eff 100644
--- a/frontend/src/styles/layout/_grid.less
+++ b/frontend/src/styles/layout/_grid.scss
@@ -6,14 +6,14 @@
 .stats-strip {
     display: grid;
     grid-template-columns: repeat(4, 1fr);
-    gap: @space-6;
-    margin-bottom: @space-8;
+    gap: $space-6;
+    margin-bottom: $space-8;
 
-    @media (max-width: @breakpoint-xl) {
+    @media (max-width: $breakpoint-xl) {
         grid-template-columns: repeat(2, 1fr);
     }
 
-    @media (max-width: @breakpoint-sm) {
+    @media (max-width: $breakpoint-sm) {
         grid-template-columns: 1fr;
     }
 }
@@ -22,16 +22,16 @@
 .dashboard-grid {
     display: grid;
     grid-template-columns: repeat(auto-fit, minmax(340px, 1fr));
-    gap: @space-6;
+    gap: $space-6;
 }
 
 // Overview grid (2-column)
 .overview-grid {
     display: grid;
     grid-template-columns: repeat(auto-fit, minmax(300px, 1fr));
-    gap: @space-6;
+    gap: $space-6;
 
-    @media (max-width: @breakpoint-md) {
+    @media (max-width: $breakpoint-md) {
         grid-template-columns: 1fr;
     }
 }
diff --git a/frontend/src/styles/layout/_main-content.less b/frontend/src/styles/layout/_main-content.scss
similarity index 50%
rename from frontend/src/styles/layout/_main-content.less
rename to frontend/src/styles/layout/_main-content.scss
index 7267c92e..b1655f8b 100644
--- a/frontend/src/styles/layout/_main-content.less
+++ b/frontend/src/styles/layout/_main-content.scss
@@ -8,18 +8,18 @@
 }
 
 .main-content {
-    margin-left: @sidebar-width;
+    margin-left: $sidebar-width;
     flex: 1;
-    padding: @space-10;
+    padding: $space-10;
     overflow-y: auto;
     background-image:
         linear-gradient(var(--grid-color) 1px, transparent 1px),
         linear-gradient(90deg, var(--grid-color) 1px, transparent 1px);
     background-size: 40px 40px;
 
-    @media (max-width: @breakpoint-md) {
+    @media (max-width: $breakpoint-md) {
         margin-left: 0;
-        padding: @space-5;
+        padding: $space-5;
     }
 
     // Remove padding for fullscreen pages (workflow builder)
@@ -31,25 +31,33 @@
 
 // Top bar (page header)
 .top-bar {
-    .flex-between();
-    margin-bottom: @space-10;
+    @include flex-between();
+    margin-bottom: $space-10;
 
     h1 {
-        font-size: @font-size-2xl;
-        font-weight: @font-weight-semibold;
+        font-size: $font-size-2xl;
+        font-weight: $font-weight-semibold;
         letter-spacing: -0.5px;
     }
 
-    @media (max-width: @breakpoint-md) {
+    @media (max-width: $breakpoint-md) {
         flex-direction: column;
         align-items: flex-start;
-        gap: @space-4;
+        gap: $space-4;
     }
 }
 
 .top-bar-actions {
     display: flex;
-    gap: @space-3;
+    gap: $space-3;
+}
+
+// Shared Page Wrapper
+.page-container {
+    width: 100%;
+    max-width: 1400px;
+    margin: 0 auto;
+    padding-bottom: $space-10;
 }
 
 // Page Header (shared base)
@@ -57,36 +65,41 @@
     display: flex;
     justify-content: space-between;
     align-items: flex-start;
-    margin-bottom: @space-6;
+    margin-bottom: $space-6;
     flex-wrap: wrap;
-    gap: @space-4;
+    gap: $space-4;
 
-    .page-header-content {
+    .page-header-content,
+    .header-info {
         h1 {
-            font-size: @font-size-2xl;
-            font-weight: @font-weight-semibold;
-            margin: 0 0 @space-1 0;
+            font-size: $font-size-2xl;
+            font-weight: $font-weight-semibold;
+            margin: 0 0 $space-1 0;
+            color: $text-primary;
         }
 
-        .page-description {
-            color: @text-secondary;
-            font-size: @font-size-sm;
+        .page-description,
+        p {
+            color: $text-secondary;
+            font-size: $font-size-sm;
             margin: 0;
         }
     }
 
-    .page-header-actions {
+    .page-header-actions,
+    .header-actions {
         display: flex;
-        gap: @space-2;
+        gap: $space-2;
         align-items: center;
         flex-wrap: wrap;
     }
 
-    @media (max-width: @breakpoint-md) {
+    @media (max-width: $breakpoint-md) {
         flex-direction: column;
         align-items: stretch;
 
-        .page-header-actions {
+        .page-header-actions,
+        .header-actions {
             justify-content: flex-end;
         }
     }
@@ -94,13 +107,18 @@
 
 // Page placeholder
 .page {
-    font-size: @font-size-2xl;
-    color: @text-secondary;
+    font-size: $font-size-2xl;
+    color: $text-secondary;
 }
 
-// Loading state
+// Loading state (full-page spinner)
 .loading {
-    .flex-center();
-    min-height: 100vh;
-    color: @text-secondary;
+    @include flex-center();
+    min-height: 60vh;
+    color: $text-secondary;
+}
+
+// Route-level loading (within dashboard)
+.loading-state {
+    min-height: 40vh;
 }
diff --git a/frontend/src/styles/layout/_sidebar.less b/frontend/src/styles/layout/_sidebar.scss
similarity index 77%
rename from frontend/src/styles/layout/_sidebar.less
rename to frontend/src/styles/layout/_sidebar.scss
index 7d71bca2..192fc8d5 100644
--- a/frontend/src/styles/layout/_sidebar.less
+++ b/frontend/src/styles/layout/_sidebar.scss
@@ -3,24 +3,24 @@
 // ============================================
 
 .sidebar {
-    width: @sidebar-width;
-    background-color: @bg-body; // Seamless look with main content
-    border-right: 1px solid @border-default;
+    width: $sidebar-width;
+    background-color: $bg-body; // Seamless look with main content
+    border-right: 1px solid $border-default;
     display: flex;
     flex-direction: column;
     position: fixed;
     height: 100vh;
-    z-index: @z-fixed;
+    z-index: $z-fixed;
     padding: 0 1rem;
 
-    @media (max-width: @breakpoint-md) {
+    @media (max-width: $breakpoint-md) {
         display: none;
     }
 }
 
 // Brand Section - Clean & Minimal
 .brand-section {
-    height: 70px;
+    height: $sidebar-header-height;
     display: flex;
     align-items: center;
     gap: 10px;
@@ -30,8 +30,8 @@
 }
 
 .brand-logo {
-    width: 42px;
-    height: 42px;
+    width: $sidebar-logo-size;
+    height: $sidebar-logo-size;
     display: grid;
     place-items: center;
     flex-shrink: 0;
@@ -58,10 +58,10 @@
 
 .brand-text {
     font-size: 1.15rem;
-    font-weight: @font-weight-bold;
-    color: @text-primary;
+    font-weight: $font-weight-bold;
+    color: $text-primary;
     letter-spacing: -0.02em;
-    background: linear-gradient(135deg, @text-primary 0%, #a5b4fc 100%);
+    background: linear-gradient(135deg, $text-primary 0%, #a5b4fc 100%);
     -webkit-background-clip: text;
     -webkit-text-fill-color: transparent;
     background-clip: text;
@@ -73,10 +73,10 @@
     display: flex;
     align-items: center;
     justify-content: center;
-    width: 28px;
-    height: 28px;
+    width: $sidebar-icon-size;
+    height: $sidebar-icon-size;
     border-radius: 50%;
-    color: @text-tertiary;
+    color: $text-tertiary;
     transition: all 0.3s cubic-bezier(0.34, 1.56, 0.64, 1);
     position: relative;
     overflow: visible;
@@ -101,7 +101,7 @@
             position: absolute;
             width: 4px;
             height: 4px;
-            background: #f59e0b;
+            background: $color-star;
             border-radius: 50%;
             opacity: 0;
             top: 50%;
@@ -112,7 +112,7 @@
     .star-ring {
         inset: 0;
         border-radius: 50%;
-        border: 2px solid #f59e0b;
+        border: 2px solid $color-star;
         opacity: 0;
         transform: scale(0.8);
     }
@@ -121,7 +121,7 @@
         top: 50%;
         left: calc(100% + 10px);
         transform: translateY(-50%) translateX(-4px);
-        background: linear-gradient(135deg, #f59e0b 0%, #d97706 100%);
+        background: linear-gradient(135deg, $color-star 0%, #d97706 100%);
         color: white;
         font-size: 0.65rem;
         font-weight: 600;
@@ -144,7 +144,7 @@
     }
 
     &:hover {
-        color: #f59e0b;
+        color: $color-star;
         background: rgba(245, 158, 11, 0.15);
         transform: scale(1.1);
         box-shadow: 0 0 20px rgba(245, 158, 11, 0.3);
@@ -159,7 +159,7 @@
         animation: starPop 1.5s cubic-bezier(0.34, 1.56, 0.64, 1);
 
         svg {
-            color: #f59e0b;
+            color: $color-star;
             animation: starSpin 1.5s cubic-bezier(0.34, 1.56, 0.64, 1), starGlow 1.5s ease-in-out;
         }
 
@@ -371,13 +371,13 @@
 .brand-custom-logo {
     width: 32px;
     height: 32px;
-    border-radius: @radius-md;
+    border-radius: $radius-md;
     overflow: hidden;
     display: grid;
     place-items: center;
     flex-shrink: 0;
-    color: @text-tertiary;
-    background: @bg-secondary;
+    color: $text-tertiary;
+    background: $bg-secondary;
 
     img {
         width: 100%;
@@ -393,7 +393,7 @@
     align-items: center;
     justify-content: center;
     overflow: hidden;
-    color: @text-tertiary;
+    color: $text-tertiary;
 
     img {
         max-width: 100%;
@@ -404,9 +404,9 @@
 
 .brand-custom-text {
     font-size: 1.15rem;
-    font-weight: @font-weight-bold;
+    font-weight: $font-weight-bold;
     letter-spacing: -0.02em;
-    background: linear-gradient(135deg, @text-primary 0%, #a5b4fc 100%);
+    background: linear-gradient(135deg, $text-primary 0%, #a5b4fc 100%);
     -webkit-background-clip: text;
     -webkit-text-fill-color: transparent;
     background-clip: text;
@@ -433,8 +433,8 @@
 // Navigation Category Labels
 .nav-category {
     font-size: 0.7rem;
-    font-weight: @font-weight-semibold;
-    color: @text-secondary;
+    font-weight: $font-weight-semibold;
+    color: $text-secondary;
     text-transform: uppercase;
     letter-spacing: 0.08em;
     margin: 1.5rem 0 0.5rem 0.75rem;
@@ -456,13 +456,13 @@
 .nav-item {
     display: flex;
     align-items: center;
-    gap: 12px;
+    gap: 16px;
     padding: 0.5rem 0.75rem;
-    border-radius: @radius-lg;
-    color: @text-tertiary;
+    border-radius: $radius-lg;
+    color: $text-tertiary;
     text-decoration: none;
     font-size: 0.85rem;
-    font-weight: @font-weight-medium;
+    font-weight: $font-weight-medium;
     transition: all 0.2s ease;
     margin-bottom: 2px;
     position: relative;
@@ -472,14 +472,14 @@
 
     // Pro Hover State
     &:hover {
-        color: @text-primary;
+        color: $text-primary;
         background-color: rgba(255, 255, 255, 0.03);
     }
 
     // Pro Active State
     &.active {
-        background-color: @accent-glow;
-        color: @accent-primary;
+        background-color: $accent-glow;
+        color: $accent-primary;
 
         // Active Indicator Dot
         &::after {
@@ -489,12 +489,56 @@
             width: 4px;
             height: 4px;
             border-radius: 50%;
-            background-color: @accent-primary;
-            box-shadow: 0 0 6px @accent-primary;
+            background-color: $accent-primary;
+            box-shadow: 0 0 6px $accent-primary;
         }
     }
 }
 
+// Nav item row (parent with optional expand button)
+.nav-item-row {
+    display: flex;
+    align-items: center;
+
+    .nav-item {
+        flex: 1;
+        min-width: 0;
+    }
+
+    &.has-children .nav-item {
+        padding-right: 0;
+    }
+}
+
+.nav-expand-btn {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    width: 28px;
+    height: 28px;
+    border: none;
+    background: transparent;
+    color: $text-tertiary;
+    cursor: pointer;
+    border-radius: $radius-sm;
+    flex-shrink: 0;
+    transition: all 0.15s ease;
+    margin-right: 4px;
+
+    &:hover {
+        background: rgba(255, 255, 255, 0.06);
+        color: $text-primary;
+    }
+
+    svg {
+        transition: transform 0.2s ease;
+    }
+
+    &.expanded svg {
+        transform: rotate(90deg);
+    }
+}
+
 // Sub Navigation Item (indented under parent)
 .nav-sub-item {
     padding-left: 2.25rem;
@@ -510,7 +554,7 @@
     stroke-linecap: round;
     stroke-linejoin: round;
     fill: none;
-    opacity: 0.8;
+    opacity: 1;
     flex-shrink: 0;
 }
 
@@ -518,7 +562,7 @@
 .sidebar-footer {
     padding: 1rem 0;
     margin-top: auto;
-    border-top: 1px solid @border-default;
+    border-top: 1px solid $border-default;
     flex-shrink: 0;
     position: relative;
 }
@@ -529,12 +573,12 @@
     bottom: calc(100% + 4px);
     left: 0;
     right: 0;
-    background: @bg-elevated;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
+    background: $bg-elevated;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
     box-shadow: 0 8px 24px rgba(0, 0, 0, 0.25), 0 2px 8px rgba(0, 0, 0, 0.15);
-    padding: @space-1;
-    z-index: @z-tooltip;
+    padding: $space-1;
+    z-index: $z-tooltip;
     animation: contextMenuIn 0.15s ease-out;
 }
 
@@ -555,8 +599,8 @@
 
 .context-menu-label {
     font-size: 0.65rem;
-    font-weight: @font-weight-semibold;
-    color: @text-secondary;
+    font-weight: $font-weight-semibold;
+    color: $text-secondary;
     text-transform: uppercase;
     letter-spacing: 0.06em;
     margin-bottom: 6px;
@@ -566,8 +610,8 @@
 .theme-switcher {
     display: flex;
     gap: 2px;
-    background: @bg-secondary;
-    border-radius: @radius-md;
+    background: $bg-secondary;
+    border-radius: $radius-md;
     padding: 2px;
 }
 
@@ -579,26 +623,59 @@
     padding: 6px 0;
     border: none;
     background: transparent;
-    color: @text-tertiary;
-    border-radius: @radius-sm;
+    color: $text-tertiary;
+    border-radius: $radius-sm;
     cursor: pointer;
     transition: all 0.15s ease;
 
     &:hover {
-        color: @text-primary;
+        color: $text-primary;
     }
 
     &.active {
-        background: @accent-glow;
-        color: @accent-primary;
+        background: $accent-glow;
+        color: $accent-primary;
         box-shadow: 0 1px 3px rgba(0, 0, 0, 0.15);
     }
 }
 
+.view-switcher {
+    display: flex;
+    flex-wrap: wrap;
+    gap: 4px;
+}
+
+.view-btn {
+    display: inline-flex;
+    align-items: center;
+    gap: 4px;
+    padding: 4px 8px;
+    border: 1px solid $border-subtle;
+    background: transparent;
+    color: $text-tertiary;
+    font-size: 0.65rem;
+    font-weight: $font-weight-medium;
+    border-radius: $radius-sm;
+    cursor: pointer;
+    transition: all 0.15s ease;
+
+    &:hover {
+        border-color: $border-active;
+        color: $text-primary;
+        background: rgba(255, 255, 255, 0.03);
+    }
+
+    &.active {
+        border-color: $accent-primary;
+        color: $accent-primary;
+        background: $accent-glow;
+    }
+}
+
 .context-menu-divider {
     height: 1px;
-    background: @border-subtle;
-    margin: @space-1 0;
+    background: $border-subtle;
+    margin: $space-1 0;
 }
 
 .context-menu-item {
@@ -609,25 +686,25 @@
     padding: 8px 10px;
     border: none;
     background: transparent;
-    color: @text-secondary;
+    color: $text-secondary;
     font-size: 0.82rem;
-    font-weight: @font-weight-medium;
-    border-radius: @radius-md;
+    font-weight: $font-weight-medium;
+    border-radius: $radius-md;
     cursor: pointer;
     transition: all 0.15s ease;
     text-align: left;
 
     &:hover {
         background: rgba(255, 255, 255, 0.04);
-        color: @text-primary;
+        color: $text-primary;
     }
 
     &.danger {
-        color: @danger;
+        color: $danger;
 
         &:hover {
             background: rgba(239, 68, 68, 0.1);
-            color: @danger;
+            color: $danger;
         }
     }
 }
@@ -645,29 +722,29 @@
     gap: 10px;
     padding: 0.5rem;
     cursor: pointer;
-    border-radius: @radius-lg;
+    border-radius: $radius-lg;
     transition: all 0.2s ease;
 
     &:hover {
-        background: @bg-secondary;
+        background: $bg-secondary;
     }
 }
 
 .user-avatar {
     width: 28px;
     height: 28px;
-    background: @text-tertiary;
+    background: $text-tertiary;
     border-radius: 50%;
     display: grid;
     place-items: center;
     font-size: 0.75rem;
-    font-weight: @font-weight-semibold;
+    font-weight: $font-weight-semibold;
     color: white;
 }
 
 .user-menu-arrow {
     margin-left: auto;
-    color: @text-tertiary;
+    color: $text-tertiary;
     opacity: 0.5;
     transition: transform 0.2s ease, opacity 0.2s ease;
 
@@ -688,13 +765,13 @@
 
 .user-handle {
     font-size: 0.8rem;
-    font-weight: @font-weight-medium;
-    color: @text-primary;
+    font-weight: $font-weight-medium;
+    color: $text-primary;
 }
 
 .user-status {
     font-size: 0.7rem;
-    color: @success;
+    color: $success;
     display: flex;
     align-items: center;
     gap: 4px;
diff --git a/frontend/src/styles/main.less b/frontend/src/styles/main.scss
similarity index 84%
rename from frontend/src/styles/main.less
rename to frontend/src/styles/main.scss
index b5a792fe..8d2fd394 100644
--- a/frontend/src/styles/main.less
+++ b/frontend/src/styles/main.scss
@@ -1,7 +1,7 @@
 // ============================================
 // SERVERKIT - MAIN STYLESHEET
 // ============================================
-// This file imports all LESS partials in the correct order.
+// This file imports all SCSS partials in the correct order.
 // Import this file in your main React entry point.
 // ============================================
 
@@ -17,6 +17,7 @@
 // --------------------------------------------
 @import 'base/_reset';
 @import 'base/_typography';
+@import 'base/_utilities';
 
 // --------------------------------------------
 // 3. LAYOUT
@@ -52,6 +53,10 @@
 @import 'components/_users';
 @import 'components/_linked-apps';
 @import 'components/_api-settings';
+@import 'components/_empty-state';
+@import 'components/_status-badge';
+@import 'components/_server-selector';
+@import 'components/_contribution-graph';
 
 // --------------------------------------------
 // 5. PAGE-SPECIFIC STYLES
@@ -84,3 +89,11 @@
 @import 'pages/_migration-wizard';
 @import 'pages/_services';
 @import 'pages/_service-detail';
+@import 'pages/_fleet-monitor';
+@import 'pages/_agent-plugins';
+@import 'pages/_server-templates';
+@import 'pages/_workspaces';
+@import 'pages/_dns-zones';
+@import 'pages/_status-pages';
+@import 'pages/_cloud-provision';
+@import 'pages/_marketplace';
diff --git a/frontend/src/styles/pages/_agent-plugins.scss b/frontend/src/styles/pages/_agent-plugins.scss
new file mode 100644
index 00000000..5337fb6b
--- /dev/null
+++ b/frontend/src/styles/pages/_agent-plugins.scss
@@ -0,0 +1,111 @@
+// Agent Plugins page styles
+
+.agent-plugins-page {
+    .plugins-grid {
+        display: grid;
+        grid-template-columns: repeat(auto-fill, minmax(340px, 1fr));
+        gap: $spacing-lg;
+        margin-top: $spacing-lg;
+    }
+
+    .plugin-card {
+        padding: $spacing-lg;
+        display: flex;
+        flex-direction: column;
+        gap: $spacing-sm;
+
+        &__header {
+            display: flex;
+            justify-content: space-between;
+            align-items: flex-start;
+        }
+
+        &__info {
+            display: flex;
+            align-items: baseline;
+            gap: $spacing-sm;
+
+            h3 {
+                margin: 0;
+                font-size: 1.1rem;
+            }
+        }
+
+        &__version {
+            color: $text-muted;
+            font-size: 0.85rem;
+            font-family: $font-mono;
+        }
+
+        &__desc {
+            color: $text-secondary;
+            font-size: 0.9rem;
+            margin: 0;
+            line-height: 1.5;
+        }
+
+        &__meta {
+            display: flex;
+            gap: $spacing-md;
+            font-size: 0.85rem;
+            color: $text-muted;
+        }
+
+        &__capabilities,
+        &__permissions {
+            display: flex;
+            flex-wrap: wrap;
+            gap: $spacing-xs;
+        }
+
+        &__actions {
+            display: flex;
+            gap: $spacing-sm;
+            margin-top: $spacing-sm;
+            padding-top: $spacing-sm;
+            border-top: 1px solid $border-color;
+        }
+    }
+
+    .server-select-list {
+        display: flex;
+        flex-direction: column;
+        gap: $spacing-xs;
+        max-height: 300px;
+        overflow-y: auto;
+    }
+
+    .server-select-item {
+        display: flex;
+        align-items: center;
+        gap: $spacing-sm;
+        padding: $spacing-sm $spacing-md;
+        border-radius: $radius-md;
+        cursor: pointer;
+        transition: background-color 0.15s;
+
+        &:hover {
+            background: $hover-bg;
+        }
+    }
+
+    .checkbox-group {
+        display: flex;
+        flex-wrap: wrap;
+        gap: $spacing-sm;
+    }
+
+    .checkbox-label {
+        display: flex;
+        align-items: center;
+        gap: $spacing-xs;
+        font-size: 0.9rem;
+        cursor: pointer;
+    }
+
+    .form-row {
+        display: grid;
+        grid-template-columns: 1fr 1fr;
+        gap: $spacing-md;
+    }
+}
diff --git a/frontend/src/styles/pages/_applications.less b/frontend/src/styles/pages/_applications.scss
similarity index 54%
rename from frontend/src/styles/pages/_applications.less
rename to frontend/src/styles/pages/_applications.scss
index ca0031db..e268f157 100644
--- a/frontend/src/styles/pages/_applications.less
+++ b/frontend/src/styles/pages/_applications.scss
@@ -6,7 +6,7 @@
 .applications-page {
     display: flex;
     flex-direction: column;
-    gap: @space-4;
+    gap: $space-4;
 }
 
 // ============================================
@@ -17,14 +17,14 @@
     display: flex;
     justify-content: space-between;
     align-items: center;
-    gap: @space-4;
+    gap: $space-4;
     flex-wrap: wrap;
 }
 
 .apps-toolbar-left {
     display: flex;
     align-items: center;
-    gap: @space-4;
+    gap: $space-4;
     flex: 1;
     min-width: 0;
 }
@@ -32,7 +32,7 @@
 .apps-toolbar-right {
     display: flex;
     align-items: center;
-    gap: @space-3;
+    gap: $space-3;
 }
 
 // Search wrapper
@@ -44,60 +44,60 @@
 
 .apps-search-icon {
     position: absolute;
-    left: @space-3;
+    left: $space-3;
     top: 50%;
     transform: translateY(-50%);
-    color: @text-tertiary;
+    color: $text-tertiary;
     pointer-events: none;
 }
 
 .apps-search-input {
     width: 100%;
-    padding: @space-2 @space-3;
-    padding-left: @space-8 + 4;
-    padding-right: @space-8;
-    background: @bg-card;
-    border: 1px solid @border-default;
-    border-radius: @radius-md;
-    color: @text-primary;
-    font-size: @font-size-sm;
-    .transition(border-color);
+    padding: $space-2 $space-3;
+    padding-left: $space-8 + 4;
+    padding-right: $space-8;
+    background: $bg-card;
+    border: 1px solid $border-default;
+    border-radius: $radius-md;
+    color: $text-primary;
+    font-size: $font-size-sm;
+    @include transition(border-color);
 
     &::placeholder {
-        color: @text-tertiary;
+        color: $text-tertiary;
     }
 
     &:focus {
         outline: none;
-        border-color: @accent-primary;
+        border-color: $accent-primary;
     }
 }
 
 .apps-search-clear {
     position: absolute;
-    right: @space-2;
+    right: $space-2;
     top: 50%;
     transform: translateY(-50%);
     background: none;
     border: none;
-    padding: @space-1;
+    padding: $space-1;
     cursor: pointer;
-    color: @text-tertiary;
+    color: $text-tertiary;
     display: flex;
     align-items: center;
     justify-content: center;
-    border-radius: @radius-sm;
-    .transition(color);
+    border-radius: $radius-sm;
+    @include transition(color);
 
     &:hover {
-        color: @text-primary;
+        color: $text-primary;
     }
 }
 
 // Results count
 .apps-count {
-    font-size: @font-size-sm;
-    color: @text-tertiary;
+    font-size: $font-size-sm;
+    color: $text-tertiary;
     white-space: nowrap;
 }
 
@@ -108,62 +108,62 @@
 
 .apps-sort-select {
     appearance: none;
-    padding: @space-2 @space-8 @space-2 @space-3;
-    background: @bg-card;
-    border: 1px solid @border-default;
-    border-radius: @radius-md;
-    color: @text-primary;
-    font-size: @font-size-sm;
+    padding: $space-2 $space-8 $space-2 $space-3;
+    background: $bg-card;
+    border: 1px solid $border-default;
+    border-radius: $radius-md;
+    color: $text-primary;
+    font-size: $font-size-sm;
     cursor: pointer;
-    .transition(border-color);
+    @include transition(border-color);
 
     &:focus {
         outline: none;
-        border-color: @accent-primary;
+        border-color: $accent-primary;
     }
 }
 
 .apps-sort-icon {
     position: absolute;
-    right: @space-2;
+    right: $space-2;
     top: 50%;
     transform: translateY(-50%);
-    color: @text-tertiary;
+    color: $text-tertiary;
     pointer-events: none;
 }
 
 // View toggle
 .apps-view-toggle {
     display: flex;
-    background: @bg-card;
-    border: 1px solid @border-default;
-    border-radius: @radius-md;
+    background: $bg-card;
+    border: 1px solid $border-default;
+    border-radius: $radius-md;
     overflow: hidden;
 }
 
 .apps-view-btn {
-    padding: @space-2;
+    padding: $space-2;
     background: transparent;
     border: none;
     cursor: pointer;
-    color: @text-tertiary;
+    color: $text-tertiary;
     display: flex;
     align-items: center;
     justify-content: center;
-    .transition(all);
+    @include transition(all);
 
     &:hover {
-        color: @text-primary;
-        background: @bg-hover;
+        color: $text-primary;
+        background: $bg-hover;
     }
 
     &.active {
-        color: @accent-primary;
-        background: @accent-glow;
+        color: $accent-primary;
+        background: $accent-glow;
     }
 
     &:first-child {
-        border-right: 1px solid @border-default;
+        border-right: 1px solid $border-default;
     }
 }
 
@@ -175,42 +175,42 @@
     display: flex;
     justify-content: space-between;
     align-items: center;
-    padding: @space-3 @space-4;
-    background: @accent-glow;
-    border: 1px solid fade(@accent-primary-raw, 30%);
-    border-radius: @radius-lg;
-    gap: @space-4;
+    padding: $space-3 $space-4;
+    background: $accent-glow;
+    border: 1px solid fade($accent-primary-raw, 30%);
+    border-radius: $radius-lg;
+    gap: $space-4;
     flex-wrap: wrap;
 }
 
 .apps-bulk-info {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    color: @accent-primary;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
+    gap: $space-2;
+    color: $accent-primary;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
 }
 
 .apps-bulk-clear {
     background: none;
     border: none;
-    color: @text-secondary;
-    font-size: @font-size-sm;
+    color: $text-secondary;
+    font-size: $font-size-sm;
     cursor: pointer;
-    padding: @space-1 @space-2;
-    margin-left: @space-2;
-    border-radius: @radius-sm;
-    .transition(color);
+    padding: $space-1 $space-2;
+    margin-left: $space-2;
+    border-radius: $radius-sm;
+    @include transition(color);
 
     &:hover {
-        color: @text-primary;
+        color: $text-primary;
     }
 }
 
 .apps-bulk-actions {
     display: flex;
-    gap: @space-2;
+    gap: $space-2;
 }
 
 // ============================================
@@ -230,8 +230,8 @@
         height: 0;
 
         &:checked + .apps-checkbox-custom {
-            background: @accent-primary;
-            border-color: @accent-primary;
+            background: $accent-primary;
+            border-color: $accent-primary;
 
             &::after {
                 opacity: 1;
@@ -239,7 +239,7 @@
         }
 
         &:focus + .apps-checkbox-custom {
-            box-shadow: 0 0 0 2px @accent-glow;
+            box-shadow: 0 0 0 2px $accent-glow;
         }
     }
 }
@@ -247,11 +247,11 @@
 .apps-checkbox-custom {
     width: 18px;
     height: 18px;
-    background: @bg-card;
-    border: 1px solid @border-default;
-    border-radius: @radius-sm;
+    background: $bg-card;
+    border: 1px solid $border-default;
+    border-radius: $radius-sm;
     position: relative;
-    .transition(all);
+    @include transition(all);
 
     &::after {
         content: '';
@@ -260,15 +260,15 @@
         top: 2px;
         width: 5px;
         height: 9px;
-        border: solid @text-primary;
+        border: solid $text-primary;
         border-width: 0 2px 2px 0;
         transform: rotate(45deg);
         opacity: 0;
-        .transition(opacity);
+        @include transition(opacity);
     }
 
     &:hover {
-        border-color: @accent-primary;
+        border-color: $accent-primary;
     }
 }
 
@@ -277,43 +277,43 @@
 // ============================================
 
 .apps-list {
-    .flex-column-gap(@space-2);
+    @include flex-column-gap($space-2);
 }
 
 .apps-list-header {
     display: flex;
     align-items: center;
-    gap: @space-4;
-    padding: @space-2 @space-4;
-    color: @text-tertiary;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
+    gap: $space-4;
+    padding: $space-2 $space-4;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
 }
 
 .apps-list-header-text {
-    margin-left: @space-1;
+    margin-left: $space-1;
 }
 
 .app-row {
-    .list-item-base();
+    @include list-item-base();
     display: flex;
     align-items: center;
-    gap: @space-4;
-    .transition(all);
+    gap: $space-4;
+    @include transition(all);
 
     &.selected {
-        background: @accent-glow;
-        border-color: fade(@accent-primary-raw, 30%);
+        background: $accent-glow;
+        border-color: fade($accent-primary-raw, 30%);
     }
 
     &:hover {
-        border-color: @border-active;
+        border-color: $border-active;
     }
 }
 
 .app-info {
-    .flex-start();
-    gap: @space-4;
+    @include flex-start();
+    gap: $space-4;
     flex: 1;
     min-width: 0;
 }
@@ -321,13 +321,13 @@
 .app-icon {
     width: 40px;
     height: 40px;
-    border-radius: @radius-md;
+    border-radius: $radius-md;
     display: flex;
     align-items: center;
     justify-content: center;
     color: white;
-    font-weight: @font-weight-bold;
-    font-size: @font-size-md;
+    font-weight: $font-weight-bold;
+    font-size: $font-size-md;
     flex-shrink: 0;
 
     svg {
@@ -340,57 +340,57 @@
     flex: 1;
 
     h3 {
-        font-size: @font-size-base + 1;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-        margin-bottom: @space-1;
-        .truncate();
+        font-size: $font-size-base + 1;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin-bottom: $space-1;
+        @include truncate();
     }
 }
 
 .app-meta {
-    .flex-start();
-    gap: @space-3;
-    font-size: @font-size-sm;
-    color: @text-tertiary;
+    @include flex-start();
+    gap: $space-3;
+    font-size: $font-size-sm;
+    color: $text-tertiary;
     flex-wrap: wrap;
 
     a {
-        color: @text-secondary;
-        .transition(color);
+        color: $text-secondary;
+        @include transition(color);
 
         &:hover {
-            color: @accent-primary;
+            color: $accent-primary;
         }
     }
 }
 
 .app-type-badge {
-    font-size: @font-size-xs;
-    font-weight: @font-weight-medium;
-    color: @accent-primary;
-    background: @accent-glow;
-    padding: 2px @space-2;
-    border-radius: @radius-sm;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-medium;
+    color: $accent-primary;
+    background: $accent-glow;
+    padding: 2px $space-2;
+    border-radius: $radius-sm;
 }
 
 .app-port {
-    font-family: @font-mono;
-    font-size: @font-size-xs;
-    color: @text-secondary;
+    font-family: $font-mono;
+    font-size: $font-size-xs;
+    color: $text-secondary;
 }
 
 .app-domains-info {
     display: inline-flex;
     align-items: center;
-    gap: @space-1;
-    color: @text-secondary;
+    gap: $space-1;
+    color: $text-secondary;
 
     a {
-        color: @text-secondary;
+        color: $text-secondary;
 
         &:hover {
-            color: @accent-primary;
+            color: $accent-primary;
         }
     }
 }
@@ -398,9 +398,9 @@
 .private-url-indicator {
     display: inline-flex;
     align-items: center;
-    gap: @space-1;
-    color: @success;
-    font-size: @font-size-xs;
+    gap: $space-1;
+    color: $success;
+    font-size: $font-size-xs;
 }
 
 .app-status {
@@ -411,47 +411,47 @@
 .status-badge-enhanced {
     display: inline-flex;
     align-items: center;
-    gap: @space-2;
-    padding: @space-1 + 2 @space-3;
-    border-radius: @radius-full;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
+    gap: $space-2;
+    padding: $space-1 + 2 $space-3;
+    border-radius: $radius-full;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
     text-transform: capitalize;
 
     &.status-active {
-        background: @success-bg;
-        color: @success;
+        background: $success-bg;
+        color: $success;
 
         .status-dot-animated {
-            background: @success;
+            background: $success;
             animation: pulse-green 2s ease-in-out infinite;
         }
     }
 
     &.status-stopped {
-        background: @bg-tertiary;
-        color: @text-secondary;
+        background: $bg-tertiary;
+        color: $text-secondary;
 
         .status-dot-animated {
-            background: @text-tertiary;
+            background: $text-tertiary;
         }
     }
 
     &.status-error {
-        background: @danger-bg;
-        color: @danger;
+        background: $danger-bg;
+        color: $danger;
 
         .status-dot-animated {
-            background: @danger;
+            background: $danger;
         }
     }
 
     &.status-warning {
-        background: @warning-bg;
-        color: @warning;
+        background: $warning-bg;
+        color: $warning;
 
         .status-dot-animated {
-            background: @warning;
+            background: $warning;
             animation: pulse-yellow 2s ease-in-out infinite;
         }
     }
@@ -472,19 +472,19 @@
 
 @keyframes pulse-green {
     0%, 100% {
-        box-shadow: 0 0 0 0 fade(@success, 40%);
+        box-shadow: 0 0 0 0 fade($success, 40%);
     }
     50% {
-        box-shadow: 0 0 0 4px fade(@success, 0%);
+        box-shadow: 0 0 0 4px fade($success, 0%);
     }
 }
 
 @keyframes pulse-yellow {
     0%, 100% {
-        box-shadow: 0 0 0 0 fade(@warning, 40%);
+        box-shadow: 0 0 0 0 fade($warning, 40%);
     }
     50% {
-        box-shadow: 0 0 0 4px fade(@warning, 0%);
+        box-shadow: 0 0 0 4px fade($warning, 0%);
     }
 }
 
@@ -499,11 +499,11 @@
 
 .app-actions {
     display: flex;
-    gap: @space-2;
+    gap: $space-2;
     flex-shrink: 0;
 
     .btn-text {
-        @media (max-width: @breakpoint-md) {
+        @media (max-width: $breakpoint-md) {
             display: none;
         }
     }
@@ -516,34 +516,34 @@
 .apps-grid {
     display: grid;
     grid-template-columns: repeat(auto-fill, minmax(280px, 1fr));
-    gap: @space-4;
+    gap: $space-4;
 }
 
 .app-card {
-    background: @bg-card;
-    border: 1px solid @border-default;
-    border-radius: @radius-lg;
-    padding: @space-4;
+    background: $bg-card;
+    border: 1px solid $border-default;
+    border-radius: $radius-lg;
+    padding: $space-4;
     cursor: pointer;
     position: relative;
-    .transition(all);
+    @include transition(all);
 
     &:hover {
-        border-color: @border-active;
+        border-color: $border-active;
         transform: translateY(-2px);
-        box-shadow: @shadow-md;
+        box-shadow: $shadow-md;
     }
 
     &.selected {
-        background: @accent-glow;
-        border-color: fade(@accent-primary-raw, 30%);
+        background: $accent-glow;
+        border-color: fade($accent-primary-raw, 30%);
     }
 }
 
 .app-card-checkbox {
     position: absolute;
-    top: @space-3;
-    left: @space-3;
+    top: $space-3;
+    left: $space-3;
     z-index: 1;
 }
 
@@ -551,43 +551,43 @@
     display: flex;
     justify-content: space-between;
     align-items: flex-start;
-    margin-bottom: @space-3;
-    padding-left: @space-6 + @space-2;
+    margin-bottom: $space-3;
+    padding-left: $space-6 + $space-2;
 }
 
 .app-card-body {
     h3 {
-        font-size: @font-size-md;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-        margin-bottom: @space-2;
-        .truncate();
+        font-size: $font-size-md;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin-bottom: $space-2;
+        @include truncate();
     }
 }
 
 .app-card-meta {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    margin-bottom: @space-3;
+    gap: $space-2;
+    margin-bottom: $space-3;
 }
 
 .app-card-info {
     display: flex;
     flex-direction: column;
-    gap: @space-1;
+    gap: $space-1;
     min-height: 48px;
 }
 
 .app-card-info-row {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    font-size: @font-size-sm;
-    color: @text-secondary;
+    gap: $space-2;
+    font-size: $font-size-sm;
+    color: $text-secondary;
 
     svg {
-        color: @text-tertiary;
+        color: $text-tertiary;
         flex-shrink: 0;
     }
 }
@@ -595,15 +595,15 @@
 .app-card-actions {
     display: flex;
     justify-content: flex-end;
-    gap: @space-2;
-    margin-top: @space-3;
-    padding-top: @space-3;
-    border-top: 1px solid @border-subtle;
+    gap: $space-2;
+    margin-top: $space-3;
+    padding-top: $space-3;
+    border-top: 1px solid $border-subtle;
 }
 
 // Icon-only button
 .btn-icon {
-    padding: @space-2 !important;
+    padding: $space-2 !important;
 
     svg {
         margin: 0 !important;
@@ -621,25 +621,25 @@
 .confirm-modal-header {
     display: flex;
     align-items: center;
-    gap: @space-3;
-    margin-bottom: @space-3;
+    gap: $space-3;
+    margin-bottom: $space-3;
 
     h2 {
         margin: 0;
-        font-size: @font-size-lg;
+        font-size: $font-size-lg;
     }
 }
 
 .confirm-icon-danger {
-    color: @danger;
+    color: $danger;
     flex-shrink: 0;
 }
 
 .confirm-modal-message {
-    color: @text-secondary;
-    font-size: @font-size-base;
-    line-height: @line-height-relaxed;
-    margin-bottom: @space-5;
+    color: $text-secondary;
+    font-size: $font-size-base;
+    line-height: $line-height-relaxed;
+    margin-bottom: $space-5;
 }
 
 // ============================================
@@ -647,21 +647,21 @@
 // ============================================
 
 .app-header-info {
-    .flex-start();
-    gap: @space-5;
+    @include flex-start();
+    gap: $space-5;
 
-    @media (max-width: @breakpoint-md) {
+    @media (max-width: $breakpoint-md) {
         flex-direction: column;
         align-items: flex-start;
     }
 }
 
 .app-header-title {
-    .flex-start();
-    gap: @space-4;
+    @include flex-start();
+    gap: $space-4;
 
     h1 {
-        font-size: @font-size-2xl;
+        font-size: $font-size-2xl;
     }
 }
 
@@ -670,27 +670,27 @@
 // ============================================
 
 .deploy-tab {
-    .flex-column-gap(@space-5);
+    @include flex-column-gap($space-5);
 
     .deploy-setup {
-        padding: @space-8 0;
+        padding: $space-8 0;
     }
 
     .deploy-header {
-        margin-bottom: @space-5;
+        margin-bottom: $space-5;
     }
 
     .deploy-status-card {
         display: flex;
         align-items: center;
         justify-content: space-between;
-        gap: @space-4;
-        padding: @space-4 @space-5;
-        background: @bg-card;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-lg;
+        gap: $space-4;
+        padding: $space-4 $space-5;
+        background: $bg-card;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-lg;
 
-        @media (max-width: @breakpoint-md) {
+        @media (max-width: $breakpoint-md) {
             flex-direction: column;
             align-items: flex-start;
         }
@@ -699,57 +699,57 @@
     .deploy-repo-info {
         display: flex;
         align-items: center;
-        gap: @space-3;
+        gap: $space-3;
 
         svg {
             flex-shrink: 0;
-            color: @text-secondary;
+            color: $text-secondary;
         }
 
         > div {
             display: flex;
             flex-direction: column;
-            gap: @space-1;
+            gap: $space-1;
         }
 
         .repo-url {
-            font-family: @font-mono;
-            font-size: @font-size-sm;
-            color: @text-primary;
+            font-family: $font-mono;
+            font-size: $font-size-sm;
+            color: $text-primary;
             word-break: break-all;
         }
 
         .repo-branch {
-            font-size: @font-size-xs;
-            color: @text-tertiary;
+            font-size: $font-size-xs;
+            color: $text-tertiary;
         }
     }
 
     .deploy-actions {
         display: flex;
-        gap: @space-2;
+        gap: $space-2;
         flex-shrink: 0;
     }
 
     .deploy-grid {
         display: grid;
         grid-template-columns: repeat(auto-fit, minmax(320px, 1fr));
-        gap: @space-5;
+        gap: $space-5;
     }
 
     .webhook-url {
         display: flex;
         align-items: center;
-        gap: @space-3;
-        margin-top: @space-3;
-        padding: @space-3;
-        background: @bg-hover;
-        border-radius: @radius-md;
+        gap: $space-3;
+        margin-top: $space-3;
+        padding: $space-3;
+        background: $bg-hover;
+        border-radius: $radius-md;
 
         code {
             flex: 1;
-            font-size: @font-size-xs;
-            color: @text-secondary;
+            font-size: $font-size-xs;
+            color: $text-secondary;
             word-break: break-all;
         }
 
@@ -761,25 +761,25 @@
     .scripts-grid {
         display: grid;
         grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
-        gap: @space-4;
+        gap: $space-4;
     }
 
     .script-section {
         h4 {
-            font-size: @font-size-sm;
-            font-weight: @font-weight-medium;
-            color: @text-secondary;
-            margin-bottom: @space-2;
+            font-size: $font-size-sm;
+            font-weight: $font-weight-medium;
+            color: $text-secondary;
+            margin-bottom: $space-2;
         }
     }
 
     .script-code {
-        padding: @space-3;
-        background: @bg-hover;
-        border-radius: @radius-md;
-        font-family: @font-mono;
-        font-size: @font-size-xs;
-        color: @text-secondary;
+        padding: $space-3;
+        background: $bg-hover;
+        border-radius: $radius-md;
+        font-family: $font-mono;
+        font-size: $font-size-xs;
+        color: $text-secondary;
         overflow-x: auto;
         white-space: pre-wrap;
         word-break: break-word;
@@ -788,16 +788,16 @@
 
     .card-actions {
         display: flex;
-        gap: @space-2;
-        margin-top: @space-4;
-        padding-top: @space-4;
-        border-top: 1px solid @border-subtle;
+        gap: $space-2;
+        margin-top: $space-4;
+        padding-top: $space-4;
+        border-top: 1px solid $border-subtle;
     }
 
     .checkbox-label {
         display: flex;
         align-items: center;
-        gap: @space-2;
+        gap: $space-2;
         cursor: pointer;
 
         input[type="checkbox"] {
@@ -807,33 +807,33 @@
         }
 
         span {
-            font-size: @font-size-sm;
-            color: @text-primary;
+            font-size: $font-size-sm;
+            color: $text-primary;
         }
     }
 
     .form-help {
         display: block;
-        margin-top: @space-1;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        margin-top: $space-1;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
     }
 
     textarea {
-        font-family: @font-mono;
-        font-size: @font-size-sm;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
         resize: vertical;
         min-height: 80px;
     }
 
     .text-danger {
-        color: @danger;
-        font-size: @font-size-sm;
+        color: $danger;
+        font-size: $font-size-sm;
     }
 
     .text-muted {
-        color: @text-tertiary;
-        font-size: @font-size-sm;
+        color: $text-tertiary;
+        font-size: $font-size-sm;
     }
 }
 
@@ -846,7 +846,7 @@
         display: flex;
         justify-content: space-between;
         align-items: center;
-        margin-bottom: @space-4;
+        margin-bottom: $space-4;
 
         h3 {
             margin: 0;
@@ -854,45 +854,45 @@
     }
 
     .diagnostics-hint {
-        color: @text-tertiary;
-        font-size: @font-size-sm;
+        color: $text-tertiary;
+        font-size: $font-size-sm;
         margin: 0;
     }
 
     .diagnostics-results {
-        .flex-column-gap(@space-4);
+        @include flex-column-gap($space-4);
     }
 
     .health-summary {
-        padding: @space-3 @space-4;
-        border-radius: @radius-md;
-        font-weight: @font-weight-medium;
+        padding: $space-3 $space-4;
+        border-radius: $radius-md;
+        font-weight: $font-weight-medium;
 
         &.healthy {
             background: rgba(34, 197, 94, 0.1);
-            color: @success;
+            color: $success;
         }
 
         &.unhealthy {
             background: rgba(239, 68, 68, 0.1);
-            color: @danger;
+            color: $danger;
         }
     }
 
     .diagnostics-section {
         h4 {
-            font-size: @font-size-sm;
-            font-weight: @font-weight-semibold;
-            color: @text-secondary;
-            margin-bottom: @space-2;
+            font-size: $font-size-sm;
+            font-weight: $font-weight-semibold;
+            color: $text-secondary;
+            margin-bottom: $space-2;
             display: flex;
             align-items: center;
-            gap: @space-2;
+            gap: $space-2;
         }
 
         &.issues, &.recommendations {
-            padding: @space-3;
-            border-radius: @radius-md;
+            padding: $space-3;
+            border-radius: $radius-md;
         }
 
         &.issues {
@@ -909,37 +909,37 @@
     .check-list {
         display: flex;
         flex-wrap: wrap;
-        gap: @space-2 @space-4;
+        gap: $space-2 $space-4;
     }
 
     .check-item {
         display: flex;
         align-items: center;
-        gap: @space-2;
-        font-size: @font-size-sm;
-        color: @text-secondary;
+        gap: $space-2;
+        font-size: $font-size-sm;
+        color: $text-secondary;
     }
 
     .health-icon {
         font-weight: bold;
-        font-size: @font-size-base;
+        font-size: $font-size-base;
 
         &.healthy {
-            color: @success;
+            color: $success;
         }
 
         &.unhealthy {
-            color: @danger;
+            color: $danger;
         }
     }
 
     .issues-list, .recommendations-list {
         margin: 0;
-        padding-left: @space-5;
-        font-size: @font-size-sm;
+        padding-left: $space-5;
+        font-size: $font-size-sm;
 
         li {
-            margin-bottom: @space-1;
+            margin-bottom: $space-1;
 
             &:last-child {
                 margin-bottom: 0;
@@ -948,21 +948,21 @@
     }
 
     .issues-list {
-        color: @danger;
+        color: $danger;
     }
 
     .recommendations-list {
-        color: @warning;
+        color: $warning;
     }
 
     .config-preview {
-        margin: @space-2 0 0;
-        padding: @space-3;
-        background: @bg-hover;
-        border-radius: @radius-md;
-        font-family: @font-mono;
-        font-size: @font-size-xs;
-        color: @text-secondary;
+        margin: $space-2 0 0;
+        padding: $space-3;
+        background: $bg-hover;
+        border-radius: $radius-md;
+        font-family: $font-mono;
+        font-size: $font-size-xs;
+        color: $text-secondary;
         overflow-x: auto;
         white-space: pre;
         max-height: 300px;
@@ -971,15 +971,15 @@
 }
 
 .port-status {
-    font-size: @font-size-xs;
-    margin-left: @space-2;
+    font-size: $font-size-xs;
+    margin-left: $space-2;
 
     &.accessible {
-        color: @success;
+        color: $success;
     }
 
     &.not-accessible {
-        color: @danger;
+        color: $danger;
     }
 }
 
@@ -990,7 +990,7 @@
 .app-detail-page {
     display: flex;
     flex-direction: column;
-    gap: @space-4;
+    gap: $space-4;
 }
 
 // Top bar with breadcrumbs and actions
@@ -998,70 +998,70 @@
     display: flex;
     justify-content: space-between;
     align-items: center;
-    gap: @space-4;
+    gap: $space-4;
     flex-wrap: wrap;
 }
 
 .app-detail-breadcrumbs {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    font-size: @font-size-sm;
-    color: @text-tertiary;
+    gap: $space-2;
+    font-size: $font-size-sm;
+    color: $text-tertiary;
 
     a {
-        color: @text-secondary;
+        color: $text-secondary;
         text-decoration: none;
-        .transition(color);
+        @include transition(color);
 
         &:hover {
-            color: @accent-primary;
+            color: $accent-primary;
         }
     }
 
     .breadcrumb-separator {
-        color: @text-tertiary;
+        color: $text-tertiary;
     }
 
     .breadcrumb-current {
-        color: @text-primary;
-        font-weight: @font-weight-medium;
+        color: $text-primary;
+        font-weight: $font-weight-medium;
     }
 }
 
 .app-detail-actions {
     display: flex;
-    gap: @space-2;
+    gap: $space-2;
 }
 
 // App header with icon, title, status
 .app-detail-header {
     display: flex;
     align-items: center;
-    gap: @space-4;
-    padding: @space-5;
-    background: @bg-card;
-    border: 1px solid @border-default;
-    border-radius: @radius-lg;
+    gap: $space-4;
+    padding: $space-5;
+    background: $bg-card;
+    border: 1px solid $border-default;
+    border-radius: $radius-lg;
 }
 
 .app-detail-icon {
     width: 56px;
     height: 56px;
-    border-radius: @radius-lg;
+    border-radius: $radius-lg;
     display: flex;
     align-items: center;
     justify-content: center;
     flex-shrink: 0;
-    font-size: @font-size-xl;
-    font-weight: @font-weight-bold;
+    font-size: $font-size-xl;
+    font-weight: $font-weight-bold;
     color: white;
 
     img {
         width: 100%;
         height: 100%;
         object-fit: contain;
-        border-radius: @radius-lg;
+        border-radius: $radius-lg;
     }
 
     svg {
@@ -1074,35 +1074,35 @@
     min-width: 0;
 
     h1 {
-        font-size: @font-size-xl;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-        margin: 0 0 @space-1 0;
+        font-size: $font-size-xl;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin: 0 0 $space-1 0;
         display: flex;
         align-items: center;
-        gap: @space-3;
+        gap: $space-3;
     }
 }
 
 .app-detail-meta {
     display: flex;
     align-items: center;
-    gap: @space-4;
-    font-size: @font-size-sm;
-    color: @text-tertiary;
+    gap: $space-4;
+    font-size: $font-size-sm;
+    color: $text-tertiary;
 
     span {
         display: flex;
         align-items: center;
-        gap: @space-1;
+        gap: $space-1;
     }
 
     a {
-        color: @text-secondary;
-        .transition(color);
+        color: $text-secondary;
+        @include transition(color);
 
         &:hover {
-            color: @accent-primary;
+            color: $accent-primary;
         }
     }
 }
@@ -1111,25 +1111,25 @@
 .app-status-badge {
     display: inline-flex;
     align-items: center;
-    gap: @space-2;
-    padding: @space-1 @space-3;
-    border-radius: @radius-full;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
+    gap: $space-2;
+    padding: $space-1 $space-3;
+    border-radius: $radius-full;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
 
     &.running {
-        background: @success-bg;
-        color: @success;
+        background: $success-bg;
+        color: $success;
     }
 
     &.stopped {
-        background: @bg-tertiary;
-        color: @text-secondary;
+        background: $bg-tertiary;
+        color: $text-secondary;
     }
 
     &.error {
-        background: @danger-bg;
-        color: @danger;
+        background: $danger-bg;
+        color: $danger;
     }
 }
 
@@ -1147,34 +1147,34 @@
 // Tabs navigation
 .app-detail-tabs {
     display: flex;
-    gap: @space-1;
-    background: @bg-card;
-    border: 1px solid @border-default;
-    border-radius: @radius-lg;
-    padding: @space-1;
+    gap: $space-1;
+    background: $bg-card;
+    border: 1px solid $border-default;
+    border-radius: $radius-lg;
+    padding: $space-1;
     overflow-x: auto;
 }
 
 .app-detail-tab {
-    padding: @space-2 @space-4;
+    padding: $space-2 $space-4;
     background: transparent;
     border: none;
-    border-radius: @radius-md;
-    color: @text-secondary;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
+    border-radius: $radius-md;
+    color: $text-secondary;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
     cursor: pointer;
     white-space: nowrap;
-    .transition(all);
+    @include transition(all);
 
     &:hover {
-        color: @text-primary;
-        background: @bg-hover;
+        color: $text-primary;
+        background: $bg-hover;
     }
 
     &.active {
-        color: @accent-primary;
-        background: @accent-glow;
+        color: $accent-primary;
+        background: $accent-glow;
     }
 }
 
@@ -1187,9 +1187,9 @@
 .app-overview-grid {
     display: grid;
     grid-template-columns: 2fr 1fr;
-    gap: @space-4;
+    gap: $space-4;
 
-    @media (max-width: @breakpoint-lg) {
+    @media (max-width: $breakpoint-lg) {
         grid-template-columns: 1fr;
     }
 }
@@ -1198,14 +1198,14 @@
 .app-overview-right {
     display: flex;
     flex-direction: column;
-    gap: @space-4;
+    gap: $space-4;
 }
 
 // Panels
 .app-panel {
-    background: @bg-card;
-    border: 1px solid @border-default;
-    border-radius: @radius-lg;
+    background: $bg-card;
+    border: 1px solid $border-default;
+    border-radius: $radius-lg;
     overflow: hidden;
 }
 
@@ -1213,28 +1213,28 @@
     display: flex;
     justify-content: space-between;
     align-items: center;
-    padding: @space-4;
-    border-bottom: 1px solid @border-subtle;
+    padding: $space-4;
+    border-bottom: 1px solid $border-subtle;
 
     h3 {
         margin: 0;
-        font-size: @font-size-base;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
+        font-size: $font-size-base;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
     }
 }
 
 .app-panel-body {
-    padding: @space-4;
+    padding: $space-4;
 }
 
 // Info grid for key-value pairs
 .app-info-grid {
     display: grid;
     grid-template-columns: repeat(2, 1fr);
-    gap: @space-4;
+    gap: $space-4;
 
-    @media (max-width: @breakpoint-sm) {
+    @media (max-width: $breakpoint-sm) {
         grid-template-columns: 1fr;
     }
 }
@@ -1242,27 +1242,27 @@
 .app-info-item {
     display: flex;
     flex-direction: column;
-    gap: @space-1;
+    gap: $space-1;
 
     .info-label {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
         text-transform: uppercase;
         letter-spacing: 0.5px;
     }
 
     .info-value {
-        font-size: @font-size-sm;
-        color: @text-primary;
-        font-weight: @font-weight-medium;
+        font-size: $font-size-sm;
+        color: $text-primary;
+        font-weight: $font-weight-medium;
 
         &.mono {
-            font-family: @font-mono;
+            font-family: $font-mono;
         }
 
         a {
-            color: @accent-primary;
-            .transition(color);
+            color: $accent-primary;
+            @include transition(color);
 
             &:hover {
                 text-decoration: underline;
@@ -1275,15 +1275,15 @@
 .private-url-box {
     display: flex;
     align-items: center;
-    gap: @space-3;
-    padding: @space-3;
-    background: @bg-hover;
-    border-radius: @radius-md;
+    gap: $space-3;
+    padding: $space-3;
+    background: $bg-hover;
+    border-radius: $radius-md;
 
     code {
         flex: 1;
-        font-size: @font-size-sm;
-        color: @text-secondary;
+        font-size: $font-size-sm;
+        color: $text-secondary;
         word-break: break-all;
     }
 }
@@ -1292,156 +1292,156 @@
 .resource-bar-container {
     display: flex;
     flex-direction: column;
-    gap: @space-3;
+    gap: $space-3;
 }
 
 .resource-bar-item {
     display: flex;
     align-items: center;
-    gap: @space-3;
+    gap: $space-3;
 }
 
 .resource-bar-label {
     width: 40px;
-    font-size: @font-size-sm;
-    color: @text-secondary;
+    font-size: $font-size-sm;
+    color: $text-secondary;
     flex-shrink: 0;
 }
 
 .resource-bar-track {
     flex: 1;
     height: 8px;
-    background: @bg-hover;
-    border-radius: @radius-sm;
+    background: $bg-hover;
+    border-radius: $radius-sm;
     overflow: hidden;
 }
 
 .resource-bar-fill {
     height: 100%;
-    border-radius: @radius-sm;
-    .transition(width);
+    border-radius: $radius-sm;
+    @include transition(width);
 
     &.cpu {
-        background: @accent-primary;
+        background: $accent-primary;
     }
 
     &.ram {
-        background: @warning;
+        background: $warning;
     }
 }
 
 .resource-bar-value {
     width: 48px;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    color: @text-primary;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    color: $text-primary;
     text-align: right;
     flex-shrink: 0;
 }
 
 // Environment linking panel
 .env-link-section {
-    .flex-column-gap(@space-3);
+    @include flex-column-gap($space-3);
 }
 
 .env-link-item {
     display: flex;
     align-items: center;
     justify-content: space-between;
-    padding: @space-3;
-    background: @bg-hover;
-    border-radius: @radius-md;
+    padding: $space-3;
+    background: $bg-hover;
+    border-radius: $radius-md;
 
     .env-link-info {
         display: flex;
         align-items: center;
-        gap: @space-3;
+        gap: $space-3;
 
         .env-badge {
-            padding: @space-1 @space-2;
-            border-radius: @radius-sm;
-            font-size: @font-size-xs;
-            font-weight: @font-weight-semibold;
+            padding: $space-1 $space-2;
+            border-radius: $radius-sm;
+            font-size: $font-size-xs;
+            font-weight: $font-weight-semibold;
             text-transform: uppercase;
 
             &.prod {
                 background: rgba(239, 68, 68, 0.15);
-                color: @danger;
+                color: $danger;
             }
 
             &.dev {
                 background: rgba(34, 197, 94, 0.15);
-                color: @success;
+                color: $success;
             }
 
             &.staging {
                 background: rgba(234, 179, 8, 0.15);
-                color: @warning;
+                color: $warning;
             }
         }
 
         .env-name {
-            font-size: @font-size-sm;
-            color: @text-primary;
+            font-size: $font-size-sm;
+            color: $text-primary;
         }
     }
 }
 
 // Process status list
 .process-list {
-    .flex-column-gap(@space-2);
+    @include flex-column-gap($space-2);
 }
 
 .process-item {
     display: flex;
     align-items: center;
     justify-content: space-between;
-    padding: @space-2 @space-3;
-    background: @bg-hover;
-    border-radius: @radius-md;
+    padding: $space-2 $space-3;
+    background: $bg-hover;
+    border-radius: $radius-md;
 
     .process-name {
-        font-size: @font-size-sm;
-        color: @text-primary;
-        font-family: @font-mono;
+        font-size: $font-size-sm;
+        color: $text-primary;
+        font-family: $font-mono;
     }
 
     .process-status {
         display: flex;
         align-items: center;
-        gap: @space-2;
-        font-size: @font-size-xs;
+        gap: $space-2;
+        font-size: $font-size-xs;
 
         &.running {
-            color: @success;
+            color: $success;
         }
 
         &.stopped {
-            color: @text-tertiary;
+            color: $text-tertiary;
         }
     }
 }
 
 // Domains list
 .domains-list {
-    .flex-column-gap(@space-2);
+    @include flex-column-gap($space-2);
 }
 
 .domain-item {
     display: flex;
     align-items: center;
     justify-content: space-between;
-    padding: @space-2 @space-3;
-    background: @bg-hover;
-    border-radius: @radius-md;
+    padding: $space-2 $space-3;
+    background: $bg-hover;
+    border-radius: $radius-md;
 
     .domain-url {
-        font-size: @font-size-sm;
-        color: @text-primary;
+        font-size: $font-size-sm;
+        color: $text-primary;
 
         a {
-            color: @accent-primary;
-            .transition(color);
+            color: $accent-primary;
+            @include transition(color);
 
             &:hover {
                 text-decoration: underline;
@@ -1452,12 +1452,12 @@
     .domain-ssl {
         display: flex;
         align-items: center;
-        gap: @space-1;
-        font-size: @font-size-xs;
-        color: @success;
+        gap: $space-1;
+        font-size: $font-size-xs;
+        color: $success;
 
         &.no-ssl {
-            color: @text-tertiary;
+            color: $text-tertiary;
         }
     }
 }
@@ -1465,9 +1465,9 @@
 // Empty state for panels
 .panel-empty {
     text-align: center;
-    padding: @space-6;
-    color: @text-tertiary;
-    font-size: @font-size-sm;
+    padding: $space-6;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
 }
 
 // Loading state for resources
@@ -1475,17 +1475,17 @@
     display: flex;
     align-items: center;
     justify-content: center;
-    gap: @space-2;
-    padding: @space-4;
-    color: @text-tertiary;
-    font-size: @font-size-sm;
+    gap: $space-2;
+    padding: $space-4;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
 }
 
 // ============================================
 // RESPONSIVE ADJUSTMENTS
 // ============================================
 
-@media (max-width: @breakpoint-md) {
+@media (max-width: $breakpoint-md) {
     .apps-toolbar {
         flex-direction: column;
         align-items: stretch;
@@ -1520,8 +1520,8 @@
     .app-actions {
         width: 100%;
         justify-content: flex-end;
-        margin-top: @space-2;
-        padding-top: @space-2;
-        border-top: 1px solid @border-subtle;
+        margin-top: $space-2;
+        padding-top: $space-2;
+        border-top: 1px solid $border-subtle;
     }
 }
diff --git a/frontend/src/styles/pages/_auth.less b/frontend/src/styles/pages/_auth.scss
similarity index 54%
rename from frontend/src/styles/pages/_auth.less
rename to frontend/src/styles/pages/_auth.scss
index 03746039..ee54d376 100644
--- a/frontend/src/styles/pages/_auth.less
+++ b/frontend/src/styles/pages/_auth.scss
@@ -4,48 +4,48 @@
 
 .auth-container {
     min-height: 100vh;
-    .flex-center();
-    padding: @space-5;
+    @include flex-center();
+    padding: $space-5;
 }
 
 .auth-card {
     width: 100%;
     max-width: 400px;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-2xl;
-    padding: @space-10;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-2xl;
+    padding: $space-10;
 }
 
 .auth-header {
     text-align: center;
-    margin-bottom: @space-8;
+    margin-bottom: $space-8;
 
     .brand-logo {
         width: 48px;
         height: 48px;
-        margin: 0 auto @space-4;
+        margin: 0 auto $space-4;
     }
 
     h1 {
-        font-size: @font-size-2xl;
-        font-weight: @font-weight-bold;
-        margin-bottom: @space-2;
+        font-size: $font-size-2xl;
+        font-weight: $font-weight-bold;
+        margin-bottom: $space-2;
     }
 
     p {
-        color: @text-secondary;
+        color: $text-secondary;
     }
 }
 
 .auth-footer {
     text-align: center;
-    margin-top: @space-6;
-    color: @text-secondary;
+    margin-top: $space-6;
+    color: $text-secondary;
 
     a {
-        color: @accent-primary;
-        font-weight: @font-weight-medium;
+        color: $accent-primary;
+        font-weight: $font-weight-medium;
 
         &:hover {
             text-decoration: underline;
@@ -57,28 +57,28 @@
 .sso-providers {
     display: flex;
     flex-direction: column;
-    gap: @space-3;
+    gap: $space-3;
 }
 
 .btn-sso {
     display: flex;
     align-items: center;
     justify-content: center;
-    gap: @space-3;
+    gap: $space-3;
     width: 100%;
-    padding: @space-3 @space-4;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    background: @bg-card;
-    color: @text-primary;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
+    padding: $space-3 $space-4;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    background: $bg-card;
+    color: $text-primary;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
     cursor: pointer;
-    transition: all @transition-fast;
+    transition: all $transition-fast;
 
     &:hover:not(:disabled) {
-        border-color: @border-active;
-        background: @bg-hover;
+        border-color: $border-active;
+        background: $bg-hover;
     }
 
     &:disabled {
@@ -94,24 +94,24 @@
 .sso-divider {
     display: flex;
     align-items: center;
-    gap: @space-4;
-    margin: @space-6 0;
-    color: @text-tertiary;
-    font-size: @font-size-sm;
+    gap: $space-4;
+    margin: $space-6 0;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
 
     &::before,
     &::after {
         content: '';
         flex: 1;
         height: 1px;
-        background: @border-subtle;
+        background: $border-subtle;
     }
 }
 
 .sso-loading {
     display: flex;
     justify-content: center;
-    margin-bottom: @space-4;
+    margin-bottom: $space-4;
 
     .spinning {
         animation: spin 1s linear infinite;
diff --git a/frontend/src/styles/pages/_backups.less b/frontend/src/styles/pages/_backups.scss
similarity index 51%
rename from frontend/src/styles/pages/_backups.less
rename to frontend/src/styles/pages/_backups.scss
index 9f59922f..5771c2b5 100644
--- a/frontend/src/styles/pages/_backups.less
+++ b/frontend/src/styles/pages/_backups.scss
@@ -6,13 +6,13 @@
     // Stat icon variants for backups
     .stat-icon {
         &.backups {
-            background: fade(@success, 10%);
-            color: @success;
+            background: fade($success, 10%);
+            color: $success;
         }
 
         &.apps {
-            background: fade(@accent-primary-raw, 10%);
-            color: @accent-primary;
+            background: fade($accent-primary-raw, 10%);
+            color: $accent-primary;
         }
 
         &.databases {
@@ -21,29 +21,29 @@
         }
 
         &.size {
-            background: fade(@warning, 10%);
-            color: @warning;
+            background: fade($warning, 10%);
+            color: $warning;
         }
     }
 
     .filter-select {
-        padding: @space-2 @space-3;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-md;
-        background: @bg-hover;
-        color: @text-primary;
-        font-size: @font-size-sm;
+        padding: $space-2 $space-3;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-md;
+        background: $bg-hover;
+        color: $text-primary;
+        font-size: $font-size-sm;
 
         &:focus {
             outline: none;
-            border-color: @accent-primary;
+            border-color: $accent-primary;
         }
     }
 
     .backup-name {
         display: flex;
         align-items: center;
-        gap: @space-2;
+        gap: $space-2;
 
         svg {
             stroke: currentColor;
@@ -53,7 +53,7 @@
         }
 
         .icon-app {
-            color: @accent-primary;
+            color: $accent-primary;
         }
 
         .icon-db {
@@ -63,13 +63,13 @@
 
     .action-buttons {
         display: flex;
-        gap: @space-1;
+        gap: $space-1;
     }
 
     .checkbox-label {
         display: flex;
         align-items: center;
-        gap: @space-2;
+        gap: $space-2;
         cursor: pointer;
 
         input[type="checkbox"] {
@@ -79,101 +79,101 @@
         }
 
         span {
-            font-size: @font-size-sm;
-            color: @text-primary;
+            font-size: $font-size-sm;
+            color: $text-primary;
         }
     }
 
     .form-row {
         display: grid;
         grid-template-columns: 1fr 1fr;
-        gap: @space-4;
+        gap: $space-4;
     }
 
     .form-help {
         display: block;
-        margin-top: @space-1;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        margin-top: $space-1;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
     }
 
     .restore-warning {
         text-align: center;
-        padding: @space-6;
-        background: @danger-bg;
-        border-radius: @radius-md;
-        margin-bottom: @space-6;
+        padding: $space-6;
+        background: $danger-bg;
+        border-radius: $radius-md;
+        margin-bottom: $space-6;
 
         svg {
-            stroke: @danger;
+            stroke: $danger;
             fill: none;
             stroke-width: 2;
-            margin-bottom: @space-2;
+            margin-bottom: $space-2;
         }
 
         h3 {
-            color: @danger;
-            margin-bottom: @space-2;
+            color: $danger;
+            margin-bottom: $space-2;
         }
 
         p {
-            color: @text-secondary;
-            font-size: @font-size-sm;
+            color: $text-secondary;
+            font-size: $font-size-sm;
         }
     }
 
     .restore-details {
-        background: @bg-hover;
-        border-radius: @radius-md;
-        padding: @space-4;
+        background: $bg-hover;
+        border-radius: $radius-md;
+        padding: $space-4;
 
         .detail-row {
             display: flex;
             justify-content: space-between;
-            padding: @space-2 0;
+            padding: $space-2 0;
 
             &:not(:last-child) {
-                border-bottom: 1px solid @border-subtle;
+                border-bottom: 1px solid $border-subtle;
             }
         }
 
         .detail-label {
-            color: @text-tertiary;
-            font-size: @font-size-sm;
+            color: $text-tertiary;
+            font-size: $font-size-sm;
         }
 
         .detail-value {
-            font-weight: @font-weight-medium;
-            font-size: @font-size-sm;
-            color: @text-primary;
+            font-weight: $font-weight-medium;
+            font-size: $font-size-sm;
+            color: $text-primary;
         }
     }
 
     // Remote storage stat
     .stat-icon.cloud {
-        background: fade(@info, 10%);
-        color: @info;
+        background: fade($info, 10%);
+        color: $info;
     }
 
     // Storage provider config section
     .storage-provider-config {
-        margin: @space-4 0;
-        padding: @space-4;
-        background: @bg-hover;
-        border-radius: @radius-md;
-        border: 1px solid @border-subtle;
+        margin: $space-4 0;
+        padding: $space-4;
+        background: $bg-hover;
+        border-radius: $radius-md;
+        border: 1px solid $border-subtle;
 
         h4 {
-            margin: 0 0 @space-4;
-            font-size: @font-size-base;
-            color: @text-primary;
+            margin: 0 0 $space-4;
+            font-size: $font-size-base;
+            color: $text-primary;
         }
     }
 
     .form-help-inline {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-        font-weight: @font-weight-normal;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        font-weight: $font-weight-normal;
     }
 
     // Remote status badges in backup list
@@ -186,11 +186,11 @@
 
     // Text helper classes
     .text-success {
-        color: @success;
+        color: $success;
     }
 
     .text-muted {
-        color: @text-tertiary;
+        color: $text-tertiary;
     }
 
     // Spinning animation for upload/test buttons
@@ -206,18 +206,18 @@
     // Textarea for file paths
     textarea {
         width: 100%;
-        padding: @space-2 @space-3;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-md;
-        background: @bg-input;
-        color: @text-primary;
-        font-family: @font-mono;
-        font-size: @font-size-sm;
+        padding: $space-2 $space-3;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-md;
+        background: $bg-input;
+        color: $text-primary;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
         resize: vertical;
 
         &:focus {
             outline: none;
-            border-color: @accent-primary;
+            border-color: $accent-primary;
         }
     }
 }
diff --git a/frontend/src/styles/pages/_cloud-provision.scss b/frontend/src/styles/pages/_cloud-provision.scss
new file mode 100644
index 00000000..587dcd0d
--- /dev/null
+++ b/frontend/src/styles/pages/_cloud-provision.scss
@@ -0,0 +1,91 @@
+// Cloud Provisioning page styles
+
+.cloud-provision-page {
+    .cloud-servers-grid {
+        display: grid;
+        grid-template-columns: repeat(auto-fill, minmax(320px, 1fr));
+        gap: $spacing-lg;
+        margin-top: $spacing-lg;
+    }
+
+    .cloud-server-card {
+        padding: $spacing-lg;
+        display: flex;
+        flex-direction: column;
+        gap: $spacing-sm;
+
+        &__header {
+            display: flex;
+            justify-content: space-between;
+            align-items: center;
+            h3 { margin: 0; }
+        }
+
+        &__meta {
+            display: flex;
+            gap: $spacing-sm;
+            font-size: 0.85rem;
+            color: $text-muted;
+        }
+
+        &__cost {
+            font-size: 1.2rem;
+            font-weight: 600;
+            color: $primary-color;
+        }
+
+        &__actions {
+            display: flex;
+            justify-content: space-between;
+            align-items: center;
+            margin-top: $spacing-sm;
+            padding-top: $spacing-sm;
+            border-top: 1px solid $border-color;
+        }
+    }
+
+    .providers-list {
+        display: flex;
+        flex-direction: column;
+        gap: $spacing-sm;
+        margin-top: $spacing-lg;
+    }
+
+    .provider-row {
+        display: flex;
+        align-items: center;
+        gap: $spacing-md;
+        padding: $spacing-md;
+    }
+
+    .costs-panel {
+        max-width: 600px;
+        margin-top: $spacing-lg;
+        padding: $spacing-lg;
+    }
+
+    .cost-total {
+        font-size: 1.3rem;
+        font-weight: 600;
+        margin: $spacing-md 0;
+    }
+
+    .cost-breakdown {
+        display: flex;
+        flex-direction: column;
+        gap: $spacing-sm;
+    }
+
+    .cost-row {
+        display: flex;
+        justify-content: space-between;
+        padding: $spacing-sm 0;
+        border-bottom: 1px solid $border-color;
+        &:last-child { border-bottom: none; }
+    }
+
+    .text-mono {
+        font-family: $font-mono;
+        font-size: 0.9rem;
+    }
+}
diff --git a/frontend/src/styles/pages/_cron.less b/frontend/src/styles/pages/_cron.less
deleted file mode 100644
index 7f4a44d7..00000000
--- a/frontend/src/styles/pages/_cron.less
+++ /dev/null
@@ -1,243 +0,0 @@
-// ============================================
-// CRON JOBS PAGE
-// ============================================
-
-.cron-page {
-    .page-header {
-        margin-bottom: @space-6;
-
-        .page-header-content {
-            h1 {
-                font-size: @font-size-2xl;
-                font-weight: @font-weight-semibold;
-                margin: 0 0 @space-1 0;
-            }
-
-            .page-description {
-                color: @text-secondary;
-                margin: 0;
-            }
-        }
-    }
-
-    // Global SVG rule for buttons
-    .btn svg {
-        stroke: currentColor;
-        fill: none;
-        stroke-width: 2;
-        stroke-linecap: round;
-        stroke-linejoin: round;
-    }
-}
-
-// Stats icons
-.stat-icon {
-    &.cron {
-        background: fade(@accent-primary-raw, 10%);
-        color: @accent-primary;
-    }
-
-    &.jobs {
-        background: fade(@color-docker, 10%);
-        color: @color-docker;
-    }
-
-    &.active {
-        background: fade(@success, 10%);
-        color: @success;
-    }
-
-    &.platform {
-        background: fade(@warning, 10%);
-        color: @warning;
-    }
-}
-
-.cron-list {
-    .flex-column-gap(@space-3);
-}
-
-.cron-item {
-    .list-item-base();
-    transition: opacity 0.2s ease, background-color 0.15s ease;
-    cursor: pointer;
-
-    &:hover {
-        background: @bg-hover;
-    }
-
-    &.disabled {
-        opacity: 0.6;
-
-        .cron-item-icon {
-            color: @text-tertiary;
-        }
-    }
-}
-
-.cron-item-info {
-    .flex-start();
-    gap: @space-4;
-    flex: 1;
-    min-width: 0;
-}
-
-.cron-item-icon {
-    .icon-box();
-    background: @bg-hover;
-    border-radius: @radius-lg;
-    color: @accent-primary;
-}
-
-.cron-item-details {
-    min-width: 0;
-    flex: 1;
-
-    h3 {
-        font-size: @font-size-base;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-        margin-bottom: @space-1;
-        .truncate();
-    }
-}
-
-.cron-item-meta {
-    .flex-start();
-    gap: @space-3;
-    font-size: @font-size-sm;
-    color: @text-tertiary;
-    flex-wrap: wrap;
-    margin-bottom: @space-2;
-
-    .mono {
-        .mono-text();
-        background: @bg-hover;
-        padding: @space-1 - 2 @space-2 - 2;
-        border-radius: @radius-sm;
-    }
-
-    .description {
-        color: @text-secondary;
-    }
-}
-
-.cron-item-command {
-    code {
-        display: inline-block;
-        max-width: 100%;
-        font-family: @font-mono;
-        font-size: @font-size-xs;
-        color: @text-secondary;
-        background: @bg-hover;
-        padding: @space-1 @space-2;
-        border-radius: @radius-sm;
-        .truncate();
-    }
-}
-
-.cron-item-status {
-    flex-shrink: 0;
-    margin-right: @space-3;
-}
-
-.cron-item-actions {
-    display: flex;
-    gap: @space-2;
-    flex-shrink: 0;
-
-    .btn {
-        padding: @space-2;
-
-        svg {
-            stroke: currentColor;
-            stroke-width: 2;
-            fill: none;
-        }
-    }
-
-    .btn-warning {
-        background: fade(@warning, 10%);
-        color: @warning;
-        border: 1px solid fade(@warning, 20%);
-
-        &:hover {
-            background: fade(@warning, 20%);
-        }
-    }
-
-    .btn-success {
-        background: fade(@success, 10%);
-        color: @success;
-        border: 1px solid fade(@success, 20%);
-
-        &:hover {
-            background: fade(@success, 20%);
-        }
-    }
-}
-
-// Run output display
-.run-output {
-    display: flex;
-    flex-direction: column;
-    gap: @space-4;
-}
-
-.run-output-exit {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-}
-
-.run-output-label {
-    font-size: @font-size-sm;
-    font-weight: @font-weight-semibold;
-    color: @text-secondary;
-    text-transform: uppercase;
-    letter-spacing: 0.05em;
-}
-
-.run-output-section {
-    display: flex;
-    flex-direction: column;
-    gap: @space-2;
-}
-
-.run-output-pre {
-    font-family: @font-mono;
-    font-size: @font-size-xs;
-    background: @bg-hover;
-    color: @text-primary;
-    padding: @space-3;
-    border-radius: @radius-md;
-    border: 1px solid @border-subtle;
-    max-height: 300px;
-    overflow: auto;
-    white-space: pre-wrap;
-    word-break: break-all;
-    margin: 0;
-
-    &--error {
-        color: @danger;
-        border-color: fade(@danger, 20%);
-        background: fade(@danger, 5%);
-    }
-}
-
-// Spinner inline for running jobs
-.spinner-inline {
-    display: inline-block;
-    width: 14px;
-    height: 14px;
-    border: 2px solid @border-subtle;
-    border-top-color: @accent-primary;
-    border-radius: 50%;
-    animation: spin 0.8s linear infinite;
-}
-
-@keyframes spin {
-    to {
-        transform: rotate(360deg);
-    }
-}
diff --git a/frontend/src/styles/pages/_cron.scss b/frontend/src/styles/pages/_cron.scss
new file mode 100644
index 00000000..5a1dc037
--- /dev/null
+++ b/frontend/src/styles/pages/_cron.scss
@@ -0,0 +1,243 @@
+// ============================================
+// CRON JOBS PAGE
+// ============================================
+
+.cron-page {
+    .page-header {
+        margin-bottom: $space-6;
+
+        .page-header-content {
+            h1 {
+                font-size: $font-size-2xl;
+                font-weight: $font-weight-semibold;
+                margin: 0 0 $space-1 0;
+            }
+
+            .page-description {
+                color: $text-secondary;
+                margin: 0;
+            }
+        }
+    }
+
+    // Global SVG rule for buttons
+    .btn svg {
+        stroke: currentColor;
+        fill: none;
+        stroke-width: 2;
+        stroke-linecap: round;
+        stroke-linejoin: round;
+    }
+}
+
+// Stats icons
+.stat-icon {
+    &.cron {
+        background: fade($accent-primary-raw, 10%);
+        color: $accent-primary;
+    }
+
+    &.jobs {
+        background: fade($color-docker, 10%);
+        color: $color-docker;
+    }
+
+    &.active {
+        background: fade($success, 10%);
+        color: $success;
+    }
+
+    &.platform {
+        background: fade($warning, 10%);
+        color: $warning;
+    }
+}
+
+.cron-list {
+    @include flex-column-gap($space-3);
+}
+
+.cron-item {
+    @include list-item-base();
+    transition: opacity 0.2s ease, background-color 0.15s ease;
+    cursor: pointer;
+
+    &:hover {
+        background: $bg-hover;
+    }
+
+    &.disabled {
+        opacity: 0.6;
+
+        .cron-item-icon {
+            color: $text-tertiary;
+        }
+    }
+}
+
+.cron-item-info {
+    @include flex-start();
+    gap: $space-4;
+    flex: 1;
+    min-width: 0;
+}
+
+.cron-item-icon {
+    @include icon-box();
+    background: $bg-hover;
+    border-radius: $radius-lg;
+    color: $accent-primary;
+}
+
+.cron-item-details {
+    min-width: 0;
+    flex: 1;
+
+    h3 {
+        font-size: $font-size-base;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin-bottom: $space-1;
+        @include truncate();
+    }
+}
+
+.cron-item-meta {
+    @include flex-start();
+    gap: $space-3;
+    font-size: $font-size-sm;
+    color: $text-tertiary;
+    flex-wrap: wrap;
+    margin-bottom: $space-2;
+
+    .mono {
+        @include mono-text();
+        background: $bg-hover;
+        padding: $space-1 - 2 $space-2 - 2;
+        border-radius: $radius-sm;
+    }
+
+    .description {
+        color: $text-secondary;
+    }
+}
+
+.cron-item-command {
+    code {
+        display: inline-block;
+        max-width: 100%;
+        font-family: $font-mono;
+        font-size: $font-size-xs;
+        color: $text-secondary;
+        background: $bg-hover;
+        padding: $space-1 $space-2;
+        border-radius: $radius-sm;
+        @include truncate();
+    }
+}
+
+.cron-item-status {
+    flex-shrink: 0;
+    margin-right: $space-3;
+}
+
+.cron-item-actions {
+    display: flex;
+    gap: $space-2;
+    flex-shrink: 0;
+
+    .btn {
+        padding: $space-2;
+
+        svg {
+            stroke: currentColor;
+            stroke-width: 2;
+            fill: none;
+        }
+    }
+
+    .btn-warning {
+        background: fade($warning, 10%);
+        color: $warning;
+        border: 1px solid fade($warning, 20%);
+
+        &:hover {
+            background: fade($warning, 20%);
+        }
+    }
+
+    .btn-success {
+        background: fade($success, 10%);
+        color: $success;
+        border: 1px solid fade($success, 20%);
+
+        &:hover {
+            background: fade($success, 20%);
+        }
+    }
+}
+
+// Run output display
+.run-output {
+    display: flex;
+    flex-direction: column;
+    gap: $space-4;
+}
+
+.run-output-exit {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+}
+
+.run-output-label {
+    font-size: $font-size-sm;
+    font-weight: $font-weight-semibold;
+    color: $text-secondary;
+    text-transform: uppercase;
+    letter-spacing: 0.05em;
+}
+
+.run-output-section {
+    display: flex;
+    flex-direction: column;
+    gap: $space-2;
+}
+
+.run-output-pre {
+    font-family: $font-mono;
+    font-size: $font-size-xs;
+    background: $bg-hover;
+    color: $text-primary;
+    padding: $space-3;
+    border-radius: $radius-md;
+    border: 1px solid $border-subtle;
+    max-height: 300px;
+    overflow: auto;
+    white-space: pre-wrap;
+    word-break: break-all;
+    margin: 0;
+
+    &--error {
+        color: $danger;
+        border-color: fade($danger, 20%);
+        background: fade($danger, 5%);
+    }
+}
+
+// Spinner inline for running jobs
+.spinner-inline {
+    display: inline-block;
+    width: 14px;
+    height: 14px;
+    border: 2px solid $border-subtle;
+    border-top-color: $accent-primary;
+    border-radius: 50%;
+    animation: spin 0.8s linear infinite;
+}
+
+@keyframes spin {
+    to {
+        transform: rotate(360deg);
+    }
+}
diff --git a/frontend/src/styles/pages/_dashboard.less b/frontend/src/styles/pages/_dashboard.scss
similarity index 52%
rename from frontend/src/styles/pages/_dashboard.less
rename to frontend/src/styles/pages/_dashboard.scss
index b8c37891..449c0a52 100644
--- a/frontend/src/styles/pages/_dashboard.less
+++ b/frontend/src/styles/pages/_dashboard.scss
@@ -5,8 +5,13 @@
 .dashboard-page {
     display: flex;
     flex-direction: column;
-    gap: @space-6;
+    gap: $space-6;
     min-height: 100%;
+
+    // Override generic .top-bar margin from _main-content (40px not needed here)
+    > .top-bar {
+        margin-bottom: 0;
+    }
 }
 
 // --- Top Bar: Pro Layout ---
@@ -14,43 +19,43 @@
     display: flex;
     justify-content: space-between;
     align-items: center;
-    padding-bottom: @space-4;
-    border-bottom: 1px solid @border-subtle;
+    padding-bottom: $space-4;
+    border-bottom: 1px solid $border-subtle;
 }
 
 .server-identity {
     h1 {
         font-size: 1.5rem;
-        font-weight: @font-weight-bold;
+        font-weight: $font-weight-bold;
         letter-spacing: -0.02em;
         display: flex;
         align-items: center;
         gap: 10px;
-        color: @text-primary;
-        font-family: @font-mono;
+        color: $text-primary;
+        font-family: $font-mono;
     }
 }
 
 .status-dot-live {
     width: 10px;
     height: 10px;
-    background: @success;
+    background: $success;
     border-radius: 50%;
-    box-shadow: 0 0 10px @success;
+    box-shadow: 0 0 10px $success;
     display: inline-block;
 }
 
 .server-details {
     display: flex;
     align-items: center;
-    gap: @space-3;
-    margin-top: @space-2;
-    font-size: @font-size-sm;
-    color: @text-tertiary;
-    font-family: @font-mono;
+    gap: $space-3;
+    margin-top: $space-2;
+    font-size: $font-size-sm;
+    color: $text-tertiary;
+    font-family: $font-mono;
 
     .detail-separator {
-        color: @border-default;
+        color: $border-default;
         user-select: none;
     }
 }
@@ -59,7 +64,7 @@
 .top-bar-right {
     display: flex;
     align-items: center;
-    gap: @space-5;
+    gap: $space-5;
 }
 
 .clock-widget {
@@ -69,18 +74,18 @@
 }
 
 .clock-time {
-    font-family: @font-mono;
+    font-family: $font-mono;
     font-size: 1.25rem;
-    font-weight: @font-weight-bold;
-    color: @text-primary;
+    font-weight: $font-weight-bold;
+    color: $text-primary;
     letter-spacing: -0.01em;
     font-variant-numeric: tabular-nums;
 }
 
 .clock-zone {
-    color: @accent-primary;
-    font-weight: @font-weight-semibold;
-    font-size: @font-size-xs;
+    color: $accent-primary;
+    font-weight: $font-weight-semibold;
+    font-size: $font-size-xs;
     text-transform: uppercase;
     letter-spacing: 0.08em;
 }
@@ -89,7 +94,7 @@
 .grid-container {
     display: grid;
     grid-template-columns: repeat(12, 1fr);
-    gap: @space-5;
+    gap: $space-5;
     max-width: 1800px;
     margin: 0 auto;
     width: 100%;
@@ -98,10 +103,10 @@
 // --- Metric Tiles ---
 .metric-tile {
     grid-column: span 3;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-sm;
-    padding: @space-5;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-sm;
+    padding: $space-5;
     position: relative;
     overflow: hidden;
 
@@ -112,15 +117,15 @@
         left: 0;
         width: 100%;
         height: 2px;
-        background: linear-gradient(90deg, @accent-primary, transparent);
+        background: linear-gradient(90deg, $accent-primary, transparent);
         opacity: 0.5;
     }
 
-    @media (max-width: @breakpoint-xl) {
+    @media (max-width: $breakpoint-xl) {
         grid-column: span 6;
     }
 
-    @media (max-width: @breakpoint-md) {
+    @media (max-width: $breakpoint-md) {
         grid-column: span 12;
     }
 }
@@ -129,56 +134,56 @@
     display: flex;
     justify-content: space-between;
     align-items: center;
-    margin-bottom: @space-3;
+    margin-bottom: $space-3;
 }
 
 .tile-title {
-    font-size: @font-size-xs;
-    font-weight: @font-weight-semibold;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-semibold;
     text-transform: uppercase;
-    color: @text-tertiary;
+    color: $text-tertiary;
     letter-spacing: 0.05em;
 }
 
 .tile-icon {
-    &.cpu { color: @accent-primary; }
-    &.memory { color: @success; }
-    &.network { color: @warning; }
-    &.disk { color: @danger; }
+    &.cpu { color: $accent-primary; }
+    &.memory { color: $success; }
+    &.network { color: $warning; }
+    &.disk { color: $danger; }
 }
 
 .tile-val {
-    font-family: @font-mono;
+    font-family: $font-mono;
     font-size: 1.75rem;
-    font-weight: @font-weight-bold;
-    color: @text-primary;
+    font-weight: $font-weight-bold;
+    color: $text-primary;
 }
 
 .tile-val-unit {
-    font-size: @font-size-base;
-    font-weight: @font-weight-normal;
-    color: @text-tertiary;
-    margin-left: @space-1;
+    font-size: $font-size-base;
+    font-weight: $font-weight-normal;
+    color: $text-tertiary;
+    margin-left: $space-1;
 }
 
 .tile-sub {
-    font-size: @font-size-sm;
-    color: @text-tertiary;
-    margin-top: @space-2;
+    font-size: $font-size-sm;
+    color: $text-tertiary;
+    margin-top: $space-2;
     display: flex;
     justify-content: space-between;
 }
 
-.trend-up { color: @warning; }
-.trend-down { color: @success; }
+.trend-up { color: $warning; }
+.trend-down { color: $success; }
 
 // --- Chart Panel ---
 .chart-panel {
     grid-column: span 8;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-sm;
-    padding: @space-5;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-sm;
+    padding: $space-5;
     min-height: 450px;
     display: flex;
     flex-direction: column;
@@ -199,14 +204,14 @@
         display: flex;
         justify-content: space-between;
         align-items: center;
-        margin-bottom: @space-5;
-        gap: @space-4;
+        margin-bottom: $space-5;
+        gap: $space-4;
     }
 
     .graph-title {
-        font-weight: @font-weight-semibold;
-        font-size: @font-size-base;
-        color: @text-primary;
+        font-weight: $font-weight-semibold;
+        font-size: $font-size-base;
+        color: $text-primary;
     }
 
     .metrics-chart-container {
@@ -214,15 +219,15 @@
         margin-bottom: 0;
     }
 
-    @media (max-width: @breakpoint-lg) {
+    @media (max-width: $breakpoint-lg) {
         grid-column: span 12;
         min-height: 400px;
     }
 
-    @media (max-width: @breakpoint-md) {
+    @media (max-width: $breakpoint-md) {
         .metrics-graph-header {
             flex-wrap: wrap;
-            gap: @space-3;
+            gap: $space-3;
         }
     }
 }
@@ -230,33 +235,33 @@
 // --- Spec Panel ---
 .spec-panel {
     grid-column: span 4;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-sm;
-    padding: @space-5;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-sm;
+    padding: $space-5;
     display: flex;
     flex-direction: column;
-    gap: @space-4;
+    gap: $space-4;
 
-    @media (max-width: @breakpoint-lg) {
+    @media (max-width: $breakpoint-lg) {
         grid-column: span 12;
     }
 }
 
 .spec-panel-title {
-    font-size: @font-size-sm;
+    font-size: $font-size-sm;
     text-transform: uppercase;
-    color: @text-tertiary;
-    font-weight: @font-weight-semibold;
+    color: $text-tertiary;
+    font-weight: $font-weight-semibold;
     letter-spacing: 0.05em;
 }
 
 .spec-row {
     display: flex;
     justify-content: space-between;
-    border-bottom: 1px solid @border-subtle;
-    padding-bottom: @space-3;
-    font-size: @font-size-sm;
+    border-bottom: 1px solid $border-subtle;
+    padding-bottom: $space-3;
+    font-size: $font-size-sm;
 
     &:last-child {
         border: none;
@@ -265,12 +270,12 @@
 }
 
 .spec-label {
-    color: @text-tertiary;
+    color: $text-tertiary;
 }
 
 .spec-data {
-    font-family: @font-mono;
-    color: @text-primary;
+    font-family: $font-mono;
+    color: $text-primary;
     text-align: right;
     max-width: 60%;
     overflow: hidden;
@@ -280,36 +285,36 @@
 
 .btn-action {
     width: 100%;
-    padding: @space-3;
-    background: @bg-hover;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    color: @text-primary;
-    font-weight: @font-weight-semibold;
-    font-size: @font-size-sm;
+    padding: $space-3;
+    background: $bg-hover;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    color: $text-primary;
+    font-weight: $font-weight-semibold;
+    font-size: $font-size-sm;
     cursor: pointer;
     text-align: left;
     display: flex;
     justify-content: space-between;
     align-items: center;
-    transition: all @transition-fast;
+    transition: all $transition-fast;
 
     &:hover {
-        border-color: @accent-primary;
-        background: @accent-glow;
+        border-color: $accent-primary;
+        background: $accent-glow;
     }
 
     svg {
-        color: @text-tertiary;
+        color: $text-tertiary;
     }
 }
 
 // --- Process Table ---
 .table-panel {
     grid-column: span 12;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-sm;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-sm;
     overflow: hidden;
 }
 
@@ -317,37 +322,37 @@
     display: flex;
     justify-content: space-between;
     align-items: center;
-    padding: @space-4 @space-5;
-    border-bottom: 1px solid @border-subtle;
-    font-weight: @font-weight-semibold;
-    color: @text-primary;
+    padding: $space-4 $space-5;
+    border-bottom: 1px solid $border-subtle;
+    font-weight: $font-weight-semibold;
+    color: $text-primary;
 }
 
 .data-table {
     width: 100%;
     border-collapse: collapse;
-    font-size: @font-size-sm;
+    font-size: $font-size-sm;
 
     th {
         text-align: left;
-        padding: @space-4 @space-5;
-        background: @bg-hover;
-        color: @text-tertiary;
-        font-weight: @font-weight-semibold;
+        padding: $space-4 $space-5;
+        background: $bg-hover;
+        color: $text-tertiary;
+        font-weight: $font-weight-semibold;
         text-transform: uppercase;
-        font-size: @font-size-xs;
+        font-size: $font-size-xs;
         letter-spacing: 0.05em;
     }
 
     td {
-        padding: @space-4 @space-5;
-        border-bottom: 1px solid @border-subtle;
-        font-family: @font-mono;
-        color: @text-secondary;
+        padding: $space-4 $space-5;
+        border-bottom: 1px solid $border-subtle;
+        font-family: $font-mono;
+        color: $text-secondary;
     }
 
     tr:hover {
-        background: @bg-hover;
+        background: $bg-hover;
     }
 
     tr:last-child td {
@@ -358,56 +363,56 @@
 .app-name-cell {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    color: @text-primary;
+    gap: $space-2;
+    color: $text-primary;
 }
 
 .app-icon-mini {
     display: flex;
     align-items: center;
     justify-content: center;
-    color: @text-tertiary;
+    color: $text-tertiary;
 }
 
 // Status Badges
 .badge {
     padding: 2px 8px;
-    border-radius: @radius-sm;
-    font-size: @font-size-xs;
+    border-radius: $radius-sm;
+    font-size: $font-size-xs;
     text-transform: uppercase;
-    font-weight: @font-weight-semibold;
+    font-weight: $font-weight-semibold;
     letter-spacing: 0.5px;
 }
 
 .badge-running {
-    color: @success;
-    background: @success-bg;
-    border: 1px solid @success-border;
+    color: $success;
+    background: $success-bg;
+    border: 1px solid $success-border;
 }
 
 .badge-warning {
-    color: @warning;
-    background: @warning-bg;
-    border: 1px solid @warning-border;
+    color: $warning;
+    background: $warning-bg;
+    border: 1px solid $warning-border;
 }
 
 .badge-stopped {
-    color: @danger;
-    background: @danger-bg;
-    border: 1px solid @danger-border;
+    color: $danger;
+    background: $danger-bg;
+    border: 1px solid $danger-border;
 }
 
 // Responsive
-@media (max-width: @breakpoint-md) {
+@media (max-width: $breakpoint-md) {
     .top-bar {
         flex-direction: column;
         align-items: flex-start;
-        gap: @space-4;
+        gap: $space-4;
     }
 
     .server-details {
         flex-wrap: wrap;
-        gap: @space-3;
+        gap: $space-3;
     }
 
     .clock-widget {
@@ -424,14 +429,14 @@
     }
 }
 
-@media (max-width: @breakpoint-sm) {
+@media (max-width: $breakpoint-sm) {
     .server-details {
         flex-direction: column;
-        gap: @space-1;
+        gap: $space-1;
     }
 
     .metric-tile {
-        padding: @space-4;
+        padding: $space-4;
     }
 
     .tile-val {
@@ -444,9 +449,9 @@
     display: flex;
     flex-direction: column;
     align-items: flex-end;
-    gap: @space-2;
-    padding-left: @space-5;
-    border-left: 1px solid @border-subtle;
+    gap: $space-2;
+    padding-left: $space-5;
+    border-left: 1px solid $border-subtle;
 
     .refresh-select,
     .btn-refresh {
@@ -455,23 +460,23 @@
 }
 
 .refresh-select {
-    background: @bg-hover;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-sm;
-    color: @text-primary;
-    font-family: @font-mono;
-    font-size: @font-size-sm;
-    padding: @space-1 @space-2;
+    background: $bg-hover;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-sm;
+    color: $text-primary;
+    font-family: $font-mono;
+    font-size: $font-size-sm;
+    padding: $space-1 $space-2;
     cursor: pointer;
     outline: none;
 
     &:hover {
-        border-color: @accent-primary;
+        border-color: $accent-primary;
     }
 
     &:focus {
-        border-color: @accent-primary;
-        box-shadow: 0 0 0 2px @accent-glow;
+        border-color: $accent-primary;
+        box-shadow: 0 0 0 2px $accent-glow;
     }
 }
 
@@ -479,27 +484,27 @@
     display: flex;
     align-items: center;
     justify-content: center;
-    background: @bg-hover;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-sm;
-    color: @text-secondary;
-    padding: @space-2;
+    background: $bg-hover;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-sm;
+    color: $text-secondary;
+    padding: $space-2;
     cursor: pointer;
-    transition: all @transition-fast;
+    transition: all $transition-fast;
 
     &:hover {
-        border-color: @accent-primary;
-        color: @accent-primary;
-        background: @accent-glow;
+        border-color: $accent-primary;
+        color: $accent-primary;
+        background: $accent-glow;
     }
 }
 
 .status-dot-live.disconnected {
-    background: @warning;
-    box-shadow: 0 0 10px @warning;
+    background: $warning;
+    box-shadow: 0 0 10px $warning;
 }
 
-@media (max-width: @breakpoint-md) {
+@media (max-width: $breakpoint-md) {
     .refresh-control {
         width: 100%;
         justify-content: flex-start;
diff --git a/frontend/src/styles/pages/_databases.less b/frontend/src/styles/pages/_databases.less
deleted file mode 100644
index 44312158..00000000
--- a/frontend/src/styles/pages/_databases.less
+++ /dev/null
@@ -1,146 +0,0 @@
-// ============================================
-// DATABASES PAGE
-// ============================================
-
-// Status section
-.db-status {
-    display: flex;
-    gap: @space-6;
-    margin-bottom: @space-6;
-
-    @media (max-width: @breakpoint-md) {
-        flex-direction: column;
-    }
-}
-
-.db-status-item {
-    .flex-start();
-    gap: @space-3;
-    padding: @space-4 @space-6;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-xl;
-    flex: 1;
-}
-
-.status-icon {
-    .icon-box(48px);
-    border-radius: @radius-xl - 2;
-    font-size: @font-size-xl;
-    font-weight: @font-weight-bold;
-
-    &.mysql {
-        background: linear-gradient(135deg, @color-mysql-secondary, @color-mysql);
-        color: white;
-    }
-
-    &.postgresql {
-        background: linear-gradient(135deg, @color-postgresql, @color-postgresql-secondary);
-        color: white;
-    }
-}
-
-.status-info {
-    h3 {
-        font-size: @font-size-md;
-        font-weight: @font-weight-semibold;
-        margin-bottom: @space-1;
-    }
-
-    span {
-        font-size: @font-size-sm + 1;
-        color: @text-secondary;
-
-        &.running {
-            color: @success;
-        }
-
-        &.stopped {
-            color: @danger;
-        }
-    }
-}
-
-// Database list
-.db-list {
-    .flex-column-gap(@space-3);
-}
-
-.db-item {
-    .list-item-base();
-}
-
-.db-item-info {
-    .flex-start();
-    gap: @space-4;
-    flex: 1;
-    min-width: 0;
-}
-
-.db-item-icon {
-    .icon-box();
-    background: @bg-hover;
-    border-radius: @radius-lg;
-
-    &.mysql {
-        color: @color-mysql;
-    }
-
-    &.postgresql {
-        color: @color-postgresql;
-    }
-
-    &.user {
-        color: @accent-primary;
-    }
-}
-
-.db-item-details {
-    min-width: 0;
-
-    h3 {
-        font-size: @font-size-base;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-        margin-bottom: @space-1;
-        .truncate();
-    }
-}
-
-.db-item-meta {
-    .flex-start();
-    gap: @space-3;
-    font-size: @font-size-sm;
-    color: @text-tertiary;
-    flex-wrap: wrap;
-
-    .mono {
-        .mono-text();
-        background: @bg-hover;
-        padding: @space-1 - 2 @space-2 - 2;
-        border-radius: @radius-sm;
-    }
-
-    .host {
-        color: @text-secondary;
-    }
-}
-
-.db-item-actions {
-    display: flex;
-    gap: @space-2;
-    flex-shrink: 0;
-}
-
-// Users section
-.users-header {
-    .flex-between();
-    margin: @space-8 0 @space-4;
-    padding-top: @space-6;
-    border-top: 1px solid @border-subtle;
-
-    h3 {
-        font-size: @font-size-md;
-        font-weight: @font-weight-semibold;
-    }
-}
diff --git a/frontend/src/styles/pages/_databases.scss b/frontend/src/styles/pages/_databases.scss
new file mode 100644
index 00000000..12c53613
--- /dev/null
+++ b/frontend/src/styles/pages/_databases.scss
@@ -0,0 +1,146 @@
+// ============================================
+// DATABASES PAGE
+// ============================================
+
+// Status section
+.db-status {
+    display: flex;
+    gap: $space-6;
+    margin-bottom: $space-6;
+
+    @media (max-width: $breakpoint-md) {
+        flex-direction: column;
+    }
+}
+
+.db-status-item {
+    @include flex-start();
+    gap: $space-3;
+    padding: $space-4 $space-6;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-xl;
+    flex: 1;
+}
+
+.status-icon {
+    @include icon-box(48px);
+    border-radius: $radius-xl - 2;
+    font-size: $font-size-xl;
+    font-weight: $font-weight-bold;
+
+    &.mysql {
+        background: linear-gradient(135deg, $color-mysql-secondary, $color-mysql);
+        color: white;
+    }
+
+    &.postgresql {
+        background: linear-gradient(135deg, $color-postgresql, $color-postgresql-secondary);
+        color: white;
+    }
+}
+
+.status-info {
+    h3 {
+        font-size: $font-size-md;
+        font-weight: $font-weight-semibold;
+        margin-bottom: $space-1;
+    }
+
+    span {
+        font-size: $font-size-sm + 1;
+        color: $text-secondary;
+
+        &.running {
+            color: $success;
+        }
+
+        &.stopped {
+            color: $danger;
+        }
+    }
+}
+
+// Database list
+.db-list {
+    @include flex-column-gap($space-3);
+}
+
+.db-item {
+    @include list-item-base();
+}
+
+.db-item-info {
+    @include flex-start();
+    gap: $space-4;
+    flex: 1;
+    min-width: 0;
+}
+
+.db-item-icon {
+    @include icon-box();
+    background: $bg-hover;
+    border-radius: $radius-lg;
+
+    &.mysql {
+        color: $color-mysql;
+    }
+
+    &.postgresql {
+        color: $color-postgresql;
+    }
+
+    &.user {
+        color: $accent-primary;
+    }
+}
+
+.db-item-details {
+    min-width: 0;
+
+    h3 {
+        font-size: $font-size-base;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin-bottom: $space-1;
+        @include truncate();
+    }
+}
+
+.db-item-meta {
+    @include flex-start();
+    gap: $space-3;
+    font-size: $font-size-sm;
+    color: $text-tertiary;
+    flex-wrap: wrap;
+
+    .mono {
+        @include mono-text();
+        background: $bg-hover;
+        padding: $space-1 - 2 $space-2 - 2;
+        border-radius: $radius-sm;
+    }
+
+    .host {
+        color: $text-secondary;
+    }
+}
+
+.db-item-actions {
+    display: flex;
+    gap: $space-2;
+    flex-shrink: 0;
+}
+
+// Users section
+.users-header {
+    @include flex-between();
+    margin: $space-8 0 $space-4;
+    padding-top: $space-6;
+    border-top: 1px solid $border-subtle;
+
+    h3 {
+        font-size: $font-size-md;
+        font-weight: $font-weight-semibold;
+    }
+}
diff --git a/frontend/src/styles/pages/_dns-zones.scss b/frontend/src/styles/pages/_dns-zones.scss
new file mode 100644
index 00000000..bffea5a7
--- /dev/null
+++ b/frontend/src/styles/pages/_dns-zones.scss
@@ -0,0 +1,89 @@
+// DNS Zones page styles
+
+.dns-zones-page {
+    .dns-layout {
+        display: grid;
+        grid-template-columns: 320px 1fr;
+        gap: $spacing-lg;
+        margin-top: $spacing-lg;
+
+        @media (max-width: 900px) {
+            grid-template-columns: 1fr;
+        }
+    }
+
+    .dns-zones-list {
+        display: flex;
+        flex-direction: column;
+        gap: $spacing-xs;
+    }
+
+    .dns-zone-item {
+        display: flex;
+        justify-content: space-between;
+        align-items: center;
+        padding: $spacing-md;
+        background: $card-bg;
+        border: 1px solid $border-color;
+        border-radius: $radius-md;
+        cursor: pointer;
+        transition: border-color 0.15s;
+
+        &:hover, &.active {
+            border-color: $primary-color;
+        }
+
+        &__info {
+            display: flex;
+            flex-direction: column;
+            gap: 2px;
+        }
+
+        &__actions {
+            display: flex;
+            gap: $spacing-xs;
+        }
+    }
+
+    .dns-records-panel {
+        background: $card-bg;
+        border: 1px solid $border-color;
+        border-radius: $radius-lg;
+        padding: $spacing-lg;
+
+        &__header {
+            display: flex;
+            justify-content: space-between;
+            align-items: center;
+            margin-bottom: $spacing-lg;
+
+            h2 { margin: 0; }
+        }
+
+        &__actions {
+            display: flex;
+            gap: $spacing-sm;
+        }
+    }
+
+    .text-mono {
+        font-family: $font-mono;
+        font-size: 0.85rem;
+    }
+
+    .propagation-row {
+        display: flex;
+        align-items: center;
+        gap: $spacing-sm;
+        padding: $spacing-sm 0;
+        border-bottom: 1px solid $border-color;
+
+        &:last-child { border-bottom: none; }
+    }
+
+    .form-row {
+        display: grid;
+        grid-template-columns: 1fr 1fr;
+        gap: $spacing-md;
+    }
+}
diff --git a/frontend/src/styles/pages/_docker.less b/frontend/src/styles/pages/_docker.less
deleted file mode 100644
index 5d2368e3..00000000
--- a/frontend/src/styles/pages/_docker.less
+++ /dev/null
@@ -1,772 +0,0 @@
-// ============================================
-// DOCKER PAGE - NEW DESIGN
-// ============================================
-
-// Page Layout
-.docker-page-new {
-    padding: 0;
-}
-
-.docker-page-header {
-    display: flex;
-    justify-content: space-between;
-    align-items: center;
-    margin-bottom: @space-6;
-}
-
-.docker-page-title {
-    h2 {
-        font-size: @font-size-xl;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-        margin: 0;
-    }
-}
-
-.docker-page-subtitle {
-    color: @text-secondary;
-    font-size: @font-size-sm;
-    margin-top: @space-1;
-}
-
-.docker-page-actions {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-}
-
-// Server Selector
-.server-selector {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    padding: @space-2 @space-3;
-    margin-right: @space-2;
-
-    svg {
-        color: @text-tertiary;
-        flex-shrink: 0;
-    }
-
-    select {
-        background: transparent;
-        border: none;
-        color: @text-primary;
-        font-size: @font-size-sm;
-        cursor: pointer;
-        padding-right: @space-4;
-        min-width: 140px;
-
-        &:focus {
-            outline: none;
-        }
-
-        option {
-            background: @bg-card;
-            color: @text-primary;
-        }
-
-        option:disabled {
-            color: @text-tertiary;
-        }
-    }
-}
-
-// Stats Row
-.docker-stats-row {
-    display: grid;
-    grid-template-columns: repeat(4, 1fr);
-    gap: @space-4;
-    margin-bottom: @space-6;
-
-    @media (max-width: 1024px) {
-        grid-template-columns: repeat(2, 1fr);
-    }
-
-    @media (max-width: 640px) {
-        grid-template-columns: 1fr;
-    }
-}
-
-.docker-stat-card {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    padding: @space-5;
-}
-
-.docker-stat-label {
-    font-size: @font-size-xs;
-    font-weight: @font-weight-semibold;
-    text-transform: uppercase;
-    color: @text-tertiary;
-    margin-bottom: @space-2;
-    letter-spacing: 0.05em;
-}
-
-.docker-stat-value {
-    font-family: @font-mono;
-    font-size: @font-size-2xl;
-    font-weight: @font-weight-bold;
-    color: @text-primary;
-}
-
-.docker-stat-meta {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-    margin-top: @space-1;
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-}
-
-.docker-stat-running {
-    color: @success;
-
-    &::before {
-        content: '';
-        display: inline-block;
-        width: 6px;
-        height: 6px;
-        background: @success;
-        border-radius: 50%;
-        margin-right: @space-1;
-    }
-}
-
-.docker-stat-stopped {
-    color: @text-tertiary;
-
-    &::before {
-        content: '';
-        display: inline-block;
-        width: 6px;
-        height: 6px;
-        background: @text-tertiary;
-        border-radius: 50%;
-        margin-right: @space-1;
-    }
-}
-
-// Panel
-.docker-panel {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    overflow: hidden;
-}
-
-.docker-panel-header {
-    padding: @space-4 @space-5;
-    border-bottom: 1px solid @border-subtle;
-    display: flex;
-    justify-content: space-between;
-    align-items: center;
-}
-
-.docker-panel-tabs {
-    display: flex;
-    gap: @space-6;
-}
-
-.docker-panel-tab {
-    color: @text-tertiary;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    cursor: pointer;
-    padding-bottom: @space-1;
-    border-bottom: 2px solid transparent;
-    transition: all 0.2s;
-
-    &:hover {
-        color: @text-primary;
-    }
-
-    &.active {
-        color: @text-primary;
-        border-color: @accent-primary;
-    }
-}
-
-.docker-panel-actions {
-    display: flex;
-    gap: @space-2;
-}
-
-.docker-panel-content {
-    // Content area - no padding needed, tabs handle their own
-}
-
-// Table Header (filter + search)
-.docker-table-header {
-    display: flex;
-    justify-content: space-between;
-    align-items: center;
-    padding: @space-3 @space-5;
-    border-bottom: 1px solid @border-subtle;
-    background: @bg-hover;
-}
-
-.docker-filter-toggle {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    font-size: @font-size-sm;
-    color: @text-secondary;
-    cursor: pointer;
-
-    input[type="checkbox"] {
-        width: 14px;
-        height: 14px;
-        accent-color: @accent-primary;
-    }
-}
-
-.docker-search {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    padding: @space-2 @space-3;
-    border-radius: @radius-sm;
-    color: @text-primary;
-    font-size: @font-size-xs;
-    width: 200px;
-
-    &::placeholder {
-        color: @text-tertiary;
-    }
-
-    &:focus {
-        outline: none;
-        border-color: @accent-primary;
-    }
-}
-
-// Docker Table
-.docker-table {
-    width: 100%;
-    border-collapse: collapse;
-    font-size: @font-size-sm;
-
-    th {
-        text-align: left;
-        padding: @space-3 @space-5;
-        background: @bg-hover;
-        color: @text-tertiary;
-        font-size: @font-size-xs;
-        text-transform: uppercase;
-        letter-spacing: 0.05em;
-        font-weight: @font-weight-semibold;
-    }
-
-    td {
-        padding: @space-4 @space-5;
-        border-bottom: 1px solid @border-subtle;
-        vertical-align: middle;
-    }
-
-    tr:hover {
-        background: fade(@white, 2%);
-    }
-
-    tr:last-child td {
-        border-bottom: none;
-    }
-}
-
-// Container Name & ID
-.docker-container-name {
-    font-weight: @font-weight-semibold;
-    color: @text-primary;
-    font-size: @font-size-sm;
-    display: block;
-    margin-bottom: @space-1;
-}
-
-.docker-container-id {
-    font-family: @font-mono;
-    color: @accent-primary;
-    font-size: @font-size-xs;
-}
-
-// Image Tag
-.docker-image-tag {
-    font-family: @font-mono;
-    color: @text-secondary;
-    font-size: @font-size-xs;
-    background: @bg-hover;
-    padding: @space-1 @space-2;
-    border-radius: @radius-sm;
-}
-
-// Status Pill
-.docker-status-pill {
-    display: inline-flex;
-    align-items: center;
-    gap: @space-2;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-semibold;
-    padding: @space-1 @space-2;
-    border-radius: @radius-full;
-
-    &.running {
-        background: fade(@success, 10%);
-        color: @success;
-        border: 1px solid fade(@success, 20%);
-    }
-
-    &.exited {
-        background: fade(@danger, 10%);
-        color: @danger;
-        border: 1px solid fade(@danger, 20%);
-    }
-}
-
-.docker-status-dot {
-    width: 6px;
-    height: 6px;
-    border-radius: 50%;
-    background: currentColor;
-}
-
-.docker-status-detail {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-    margin-top: @space-1;
-}
-
-// Ports
-.docker-ports {
-    font-family: @font-mono;
-    color: @text-primary;
-    font-size: @font-size-xs;
-    line-height: 1.6;
-
-    &.faded {
-        opacity: 0.4;
-    }
-}
-
-// Resource Bars
-.docker-res-container {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-    margin-bottom: @space-1;
-
-    &:last-child {
-        margin-bottom: 0;
-    }
-}
-
-.docker-res-label {
-    width: 28px;
-    flex-shrink: 0;
-}
-
-.docker-res-track {
-    width: 50px;
-    height: 4px;
-    background: @bg-hover;
-    border-radius: 2px;
-    overflow: hidden;
-}
-
-.docker-res-fill {
-    height: 100%;
-    border-radius: 2px;
-    transition: width 0.3s ease;
-}
-
-.docker-res-value {
-    width: 32px;
-    text-align: right;
-    font-family: @font-mono;
-}
-
-.faded {
-    opacity: 0.3;
-}
-
-// Icon Actions
-.docker-actions-cell {
-    text-align: right;
-    white-space: nowrap;
-}
-
-.docker-icon-action {
-    background: transparent;
-    border: 1px solid transparent;
-    color: @text-tertiary;
-    width: 28px;
-    height: 28px;
-    border-radius: @radius-sm;
-    cursor: pointer;
-    transition: all 0.2s;
-    display: inline-flex;
-    align-items: center;
-    justify-content: center;
-    padding: 0;
-
-    &:hover:not(:disabled) {
-        color: @text-primary;
-        background: @bg-hover;
-        border-color: @border-subtle;
-    }
-
-    &:disabled {
-        opacity: 0.5;
-        cursor: not-allowed;
-    }
-
-    svg {
-        width: 14px;
-        height: 14px;
-    }
-}
-
-// Empty & Loading States
-.docker-empty {
-    text-align: center;
-    padding: @space-12;
-    color: @text-secondary;
-
-    h3 {
-        font-size: @font-size-lg;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-        margin: 0 0 @space-2 0;
-    }
-
-    p {
-        margin: 0;
-        font-size: @font-size-sm;
-    }
-}
-
-.docker-loading {
-    text-align: center;
-    padding: @space-12;
-    color: @text-secondary;
-}
-
-// ============================================
-// LEGACY STYLES (keep for Docker unavailable state)
-// ============================================
-
-.docker-list {
-    .flex-column-gap(@space-3);
-}
-
-.docker-item {
-    .list-item-base();
-}
-
-.docker-item-info {
-    .flex-start();
-    gap: @space-4;
-    flex: 1;
-    min-width: 0;
-}
-
-.docker-item-icon {
-    .icon-box();
-    background: @bg-hover;
-    border-radius: @radius-lg;
-    color: @color-docker;
-
-    &.image-icon {
-        color: #a78bfa; // Purple for images
-    }
-
-    &.network-icon {
-        color: #34d399; // Green for networks
-    }
-
-    &.volume-icon {
-        color: #fbbf24; // Yellow for volumes
-    }
-}
-
-.docker-item-details {
-    min-width: 0;
-
-    h3 {
-        font-size: @font-size-base;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-        margin-bottom: @space-1;
-        .truncate();
-    }
-}
-
-.docker-item-meta {
-    .flex-start();
-    gap: @space-3;
-    font-size: @font-size-sm;
-    color: @text-tertiary;
-    flex-wrap: wrap;
-
-    .mono {
-        .mono-text();
-        background: @bg-hover;
-        padding: @space-1 - 2 @space-2 - 2;
-        border-radius: @radius-sm;
-    }
-}
-
-.docker-item-status {
-    flex-shrink: 0;
-}
-
-.docker-item-actions {
-    display: flex;
-    gap: @space-2;
-    flex-shrink: 0;
-}
-
-// Container Exec Modal
-.exec-modal-body {
-    display: flex;
-    flex-direction: column;
-    height: 400px;
-}
-
-.exec-output {
-    flex: 1;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    padding: @space-4;
-    overflow-y: auto;
-    font-family: @font-mono;
-    font-size: @font-size-sm;
-    margin-bottom: @space-3;
-}
-
-.exec-welcome {
-    color: @text-secondary;
-    text-align: center;
-    padding: @space-8 0;
-
-    p {
-        margin-bottom: @space-2;
-    }
-
-    code {
-        background: @bg-hover;
-        padding: @space-1 @space-2;
-        border-radius: @radius-sm;
-        color: @accent-primary;
-    }
-}
-
-.exec-line {
-    margin-bottom: @space-2;
-
-    pre {
-        margin: 0;
-        white-space: pre-wrap;
-        word-break: break-all;
-    }
-
-    &.exec-command {
-        color: @accent-primary;
-        font-weight: @font-weight-medium;
-    }
-
-    &.exec-output {
-        color: @text-primary;
-    }
-
-    &.exec-error {
-        color: @danger;
-    }
-
-    &.exec-info {
-        color: @text-tertiary;
-        font-size: @font-size-xs;
-    }
-
-    &.exec-loading {
-        color: @text-secondary;
-        display: flex;
-        align-items: center;
-        gap: @space-2;
-    }
-}
-
-.spinner-inline {
-    display: inline-block;
-    width: 14px;
-    height: 14px;
-    border: 2px solid @border-subtle;
-    border-top-color: @accent-primary;
-    border-radius: 50%;
-    animation: spin 0.8s linear infinite;
-}
-
-.exec-input-form {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    padding: @space-2 @space-3;
-
-    &:focus-within {
-        border-color: @accent-primary;
-    }
-}
-
-.exec-prompt {
-    color: @accent-primary;
-    font-family: @font-mono;
-    font-weight: @font-weight-semibold;
-}
-
-.exec-input {
-    flex: 1;
-    border: none;
-    background: transparent;
-    color: @text-primary;
-    font-family: @font-mono;
-    font-size: @font-size-sm;
-    outline: none;
-
-    &::placeholder {
-        color: @text-tertiary;
-    }
-
-    &:disabled {
-        opacity: 0.5;
-    }
-}
-
-// Docker Unavailable State
-.docker-page {
-    .page-header {
-        margin-bottom: @space-6;
-
-        .page-header-content {
-            h1 {
-                font-size: @font-size-2xl;
-                font-weight: @font-weight-semibold;
-                margin: 0 0 @space-1 0;
-            }
-
-            .page-description {
-                color: @text-secondary;
-                margin: 0;
-            }
-        }
-    }
-}
-
-.docker-unavailable {
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    justify-content: center;
-    text-align: center;
-    padding: @space-12 @space-6;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-xl;
-    max-width: 600px;
-    margin: 0 auto;
-
-    .docker-unavailable-icon {
-        width: 100px;
-        height: 100px;
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        background: fade(@color-docker, 10%);
-        border-radius: @radius-xl;
-        margin-bottom: @space-6;
-
-        svg {
-            stroke: @color-docker;
-            opacity: 0.6;
-        }
-    }
-
-    h2 {
-        font-size: @font-size-xl;
-        font-weight: @font-weight-semibold;
-        margin: 0 0 @space-2 0;
-        color: @text-primary;
-    }
-
-    .docker-unavailable-message {
-        color: @text-secondary;
-        font-size: @font-size-base;
-        margin: 0 0 @space-4 0;
-    }
-
-    .docker-unavailable-details {
-        width: 100%;
-        margin-bottom: @space-6;
-
-        code {
-            display: block;
-            padding: @space-3 @space-4;
-            background: @bg-hover;
-            border: 1px solid @border-subtle;
-            border-radius: @radius-md;
-            font-family: @font-mono;
-            font-size: @font-size-xs;
-            color: @text-tertiary;
-            word-break: break-all;
-            text-align: left;
-        }
-    }
-
-    .docker-unavailable-help {
-        width: 100%;
-        padding: @space-5;
-        background: @bg-hover;
-        border-radius: @radius-lg;
-        text-align: left;
-        margin-bottom: @space-6;
-
-        h4 {
-            font-size: @font-size-sm;
-            font-weight: @font-weight-semibold;
-            margin: 0 0 @space-3 0;
-            color: @text-primary;
-        }
-
-        ul {
-            margin: 0;
-            padding-left: @space-5;
-
-            li {
-                font-size: @font-size-sm;
-                color: @text-secondary;
-                margin-bottom: @space-2;
-
-                &:last-child {
-                    margin-bottom: 0;
-                }
-            }
-        }
-    }
-
-    .btn {
-        display: inline-flex;
-        align-items: center;
-        gap: @space-2;
-
-        svg {
-            width: 16px;
-            height: 16px;
-        }
-    }
-}
diff --git a/frontend/src/styles/pages/_docker.scss b/frontend/src/styles/pages/_docker.scss
new file mode 100644
index 00000000..b0023fcc
--- /dev/null
+++ b/frontend/src/styles/pages/_docker.scss
@@ -0,0 +1,737 @@
+// ============================================
+// DOCKER PAGE - NEW DESIGN
+// ============================================
+
+// Page Layout
+.docker-page-new {
+    padding: 0;
+}
+
+.docker-page-header {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    margin-bottom: $space-6;
+}
+
+.docker-page-title {
+    h2 {
+        font-size: $font-size-xl;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin: 0;
+    }
+}
+
+.docker-page-subtitle {
+    color: $text-secondary;
+    font-size: $font-size-sm;
+    margin-top: $space-1;
+}
+
+.docker-page-actions {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+}
+
+// Docker-specific server-selector spacing (base styles in components/_server-selector)
+.docker-page-actions .server-selector {
+    margin-right: $space-2;
+}
+
+// Stats Row
+.docker-stats-row {
+    display: grid;
+    grid-template-columns: repeat(4, 1fr);
+    gap: $space-4;
+    margin-bottom: $space-6;
+
+    @media (max-width: $breakpoint-lg) {
+        grid-template-columns: repeat(2, 1fr);
+    }
+
+    @media (max-width: $breakpoint-sm) {
+        grid-template-columns: 1fr;
+    }
+}
+
+.docker-stat-card {
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    padding: $space-5;
+}
+
+.docker-stat-label {
+    font-size: $font-size-xs;
+    font-weight: $font-weight-semibold;
+    text-transform: uppercase;
+    color: $text-tertiary;
+    margin-bottom: $space-2;
+    letter-spacing: 0.05em;
+}
+
+.docker-stat-value {
+    font-family: $font-mono;
+    font-size: $font-size-2xl;
+    font-weight: $font-weight-bold;
+    color: $text-primary;
+}
+
+.docker-stat-meta {
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+    margin-top: $space-1;
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+}
+
+.docker-stat-running {
+    color: $success;
+
+    &::before {
+        content: '';
+        display: inline-block;
+        width: 6px;
+        height: 6px;
+        background: $success;
+        border-radius: 50%;
+        margin-right: $space-1;
+    }
+}
+
+.docker-stat-stopped {
+    color: $text-tertiary;
+
+    &::before {
+        content: '';
+        display: inline-block;
+        width: 6px;
+        height: 6px;
+        background: $text-tertiary;
+        border-radius: 50%;
+        margin-right: $space-1;
+    }
+}
+
+// Panel
+.docker-panel {
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    overflow: hidden;
+}
+
+.docker-panel-header {
+    padding: $space-4 $space-5;
+    border-bottom: 1px solid $border-subtle;
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+}
+
+.docker-panel-tabs {
+    display: flex;
+    gap: $space-6;
+}
+
+.docker-panel-tab {
+    color: $text-tertiary;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    cursor: pointer;
+    padding-bottom: $space-1;
+    border-bottom: 2px solid transparent;
+    transition: all 0.2s;
+
+    &:hover {
+        color: $text-primary;
+    }
+
+    &.active {
+        color: $text-primary;
+        border-color: $accent-primary;
+    }
+}
+
+.docker-panel-actions {
+    display: flex;
+    gap: $space-2;
+}
+
+.docker-panel-content {
+    // Content area - no padding needed, tabs handle their own
+}
+
+// Table Header (filter + search)
+.docker-table-header {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    padding: $space-3 $space-5;
+    border-bottom: 1px solid $border-subtle;
+    background: $bg-hover;
+}
+
+.docker-filter-toggle {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    font-size: $font-size-sm;
+    color: $text-secondary;
+    cursor: pointer;
+
+    input[type="checkbox"] {
+        width: 14px;
+        height: 14px;
+        accent-color: $accent-primary;
+    }
+}
+
+.docker-search {
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    padding: $space-2 $space-3;
+    border-radius: $radius-sm;
+    color: $text-primary;
+    font-size: $font-size-xs;
+    width: 200px;
+
+    &::placeholder {
+        color: $text-tertiary;
+    }
+
+    &:focus {
+        outline: none;
+        border-color: $accent-primary;
+    }
+}
+
+// Docker Table
+.docker-table {
+    width: 100%;
+    border-collapse: collapse;
+    font-size: $font-size-sm;
+
+    th {
+        text-align: left;
+        padding: $space-3 $space-5;
+        background: $bg-hover;
+        color: $text-tertiary;
+        font-size: $font-size-xs;
+        text-transform: uppercase;
+        letter-spacing: 0.05em;
+        font-weight: $font-weight-semibold;
+    }
+
+    td {
+        padding: $space-4 $space-5;
+        border-bottom: 1px solid $border-subtle;
+        vertical-align: middle;
+    }
+
+    tr:hover {
+        background: fade($white, 2%);
+    }
+
+    tr:last-child td {
+        border-bottom: none;
+    }
+}
+
+// Container Name & ID
+.docker-container-name {
+    font-weight: $font-weight-semibold;
+    color: $text-primary;
+    font-size: $font-size-sm;
+    display: block;
+    margin-bottom: $space-1;
+}
+
+.docker-container-id {
+    font-family: $font-mono;
+    color: $accent-primary;
+    font-size: $font-size-xs;
+}
+
+// Image Tag
+.docker-image-tag {
+    font-family: $font-mono;
+    color: $text-secondary;
+    font-size: $font-size-xs;
+    background: $bg-hover;
+    padding: $space-1 $space-2;
+    border-radius: $radius-sm;
+}
+
+// Status Pill
+.docker-status-pill {
+    display: inline-flex;
+    align-items: center;
+    gap: $space-2;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-semibold;
+    padding: $space-1 $space-2;
+    border-radius: $radius-full;
+
+    &.running {
+        background: fade($success, 10%);
+        color: $success;
+        border: 1px solid fade($success, 20%);
+    }
+
+    &.exited {
+        background: fade($danger, 10%);
+        color: $danger;
+        border: 1px solid fade($danger, 20%);
+    }
+}
+
+.docker-status-dot {
+    width: 6px;
+    height: 6px;
+    border-radius: 50%;
+    background: currentColor;
+}
+
+.docker-status-detail {
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+    margin-top: $space-1;
+}
+
+// Ports
+.docker-ports {
+    font-family: $font-mono;
+    color: $text-primary;
+    font-size: $font-size-xs;
+    line-height: 1.6;
+
+    &.faded {
+        opacity: 0.4;
+    }
+}
+
+// Resource Bars
+.docker-res-container {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+    margin-bottom: $space-1;
+
+    &:last-child {
+        margin-bottom: 0;
+    }
+}
+
+.docker-res-label {
+    width: 28px;
+    flex-shrink: 0;
+}
+
+.docker-res-track {
+    width: 50px;
+    height: 4px;
+    background: $bg-hover;
+    border-radius: 2px;
+    overflow: hidden;
+}
+
+.docker-res-fill {
+    height: 100%;
+    border-radius: 2px;
+    transition: width 0.3s ease;
+}
+
+.docker-res-value {
+    width: 32px;
+    text-align: right;
+    font-family: $font-mono;
+}
+
+.faded {
+    opacity: 0.3;
+}
+
+// Icon Actions
+.docker-actions-cell {
+    text-align: right;
+    white-space: nowrap;
+}
+
+.docker-icon-action {
+    background: transparent;
+    border: 1px solid transparent;
+    color: $text-tertiary;
+    width: 28px;
+    height: 28px;
+    border-radius: $radius-sm;
+    cursor: pointer;
+    transition: all 0.2s;
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    padding: 0;
+
+    &:hover:not(:disabled) {
+        color: $text-primary;
+        background: $bg-hover;
+        border-color: $border-subtle;
+    }
+
+    &:disabled {
+        opacity: 0.5;
+        cursor: not-allowed;
+    }
+
+    svg {
+        width: 14px;
+        height: 14px;
+    }
+}
+
+// Empty & Loading States
+.docker-empty {
+    text-align: center;
+    padding: $space-12;
+    color: $text-secondary;
+
+    h3 {
+        font-size: $font-size-lg;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin: 0 0 $space-2 0;
+    }
+
+    p {
+        margin: 0;
+        font-size: $font-size-sm;
+    }
+}
+
+.docker-loading {
+    text-align: center;
+    padding: $space-12;
+    color: $text-secondary;
+}
+
+// ============================================
+// LEGACY STYLES (keep for Docker unavailable state)
+// ============================================
+
+.docker-list {
+    @include flex-column-gap($space-3);
+}
+
+.docker-item {
+    @include list-item-base();
+}
+
+.docker-item-info {
+    @include flex-start();
+    gap: $space-4;
+    flex: 1;
+    min-width: 0;
+}
+
+.docker-item-icon {
+    @include icon-box();
+    background: $bg-hover;
+    border-radius: $radius-lg;
+    color: $color-docker;
+
+    &.image-icon {
+        color: #a78bfa; // Purple for images
+    }
+
+    &.network-icon {
+        color: #34d399; // Green for networks
+    }
+
+    &.volume-icon {
+        color: #fbbf24; // Yellow for volumes
+    }
+}
+
+.docker-item-details {
+    min-width: 0;
+
+    h3 {
+        font-size: $font-size-base;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin-bottom: $space-1;
+        @include truncate();
+    }
+}
+
+.docker-item-meta {
+    @include flex-start();
+    gap: $space-3;
+    font-size: $font-size-sm;
+    color: $text-tertiary;
+    flex-wrap: wrap;
+
+    .mono {
+        @include mono-text();
+        background: $bg-hover;
+        padding: $space-1 - 2 $space-2 - 2;
+        border-radius: $radius-sm;
+    }
+}
+
+.docker-item-status {
+    flex-shrink: 0;
+}
+
+.docker-item-actions {
+    display: flex;
+    gap: $space-2;
+    flex-shrink: 0;
+}
+
+// Container Exec Modal
+.exec-modal-body {
+    display: flex;
+    flex-direction: column;
+    height: 400px;
+}
+
+.exec-output {
+    flex: 1;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    padding: $space-4;
+    overflow-y: auto;
+    font-family: $font-mono;
+    font-size: $font-size-sm;
+    margin-bottom: $space-3;
+}
+
+.exec-welcome {
+    color: $text-secondary;
+    text-align: center;
+    padding: $space-8 0;
+
+    p {
+        margin-bottom: $space-2;
+    }
+
+    code {
+        background: $bg-hover;
+        padding: $space-1 $space-2;
+        border-radius: $radius-sm;
+        color: $accent-primary;
+    }
+}
+
+.exec-line {
+    margin-bottom: $space-2;
+
+    pre {
+        margin: 0;
+        white-space: pre-wrap;
+        word-break: break-all;
+    }
+
+    &.exec-command {
+        color: $accent-primary;
+        font-weight: $font-weight-medium;
+    }
+
+    &.exec-output {
+        color: $text-primary;
+    }
+
+    &.exec-error {
+        color: $danger;
+    }
+
+    &.exec-info {
+        color: $text-tertiary;
+        font-size: $font-size-xs;
+    }
+
+    &.exec-loading {
+        color: $text-secondary;
+        display: flex;
+        align-items: center;
+        gap: $space-2;
+    }
+}
+
+.spinner-inline {
+    display: inline-block;
+    width: 14px;
+    height: 14px;
+    border: 2px solid $border-subtle;
+    border-top-color: $accent-primary;
+    border-radius: 50%;
+    animation: spin 0.8s linear infinite;
+}
+
+.exec-input-form {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    padding: $space-2 $space-3;
+
+    &:focus-within {
+        border-color: $accent-primary;
+    }
+}
+
+.exec-prompt {
+    color: $accent-primary;
+    font-family: $font-mono;
+    font-weight: $font-weight-semibold;
+}
+
+.exec-input {
+    flex: 1;
+    border: none;
+    background: transparent;
+    color: $text-primary;
+    font-family: $font-mono;
+    font-size: $font-size-sm;
+    outline: none;
+
+    &::placeholder {
+        color: $text-tertiary;
+    }
+
+    &:disabled {
+        opacity: 0.5;
+    }
+}
+
+// Docker Unavailable State
+.docker-page {
+    .page-header {
+        margin-bottom: $space-6;
+
+        .page-header-content {
+            h1 {
+                font-size: $font-size-2xl;
+                font-weight: $font-weight-semibold;
+                margin: 0 0 $space-1 0;
+            }
+
+            .page-description {
+                color: $text-secondary;
+                margin: 0;
+            }
+        }
+    }
+}
+
+.docker-unavailable {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    justify-content: center;
+    text-align: center;
+    padding: $space-12 $space-6;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-xl;
+    max-width: 600px;
+    margin: 0 auto;
+
+    .docker-unavailable-icon {
+        width: 100px;
+        height: 100px;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        background: fade($color-docker, 10%);
+        border-radius: $radius-xl;
+        margin-bottom: $space-6;
+
+        svg {
+            stroke: $color-docker;
+            opacity: 0.6;
+        }
+    }
+
+    h2 {
+        font-size: $font-size-xl;
+        font-weight: $font-weight-semibold;
+        margin: 0 0 $space-2 0;
+        color: $text-primary;
+    }
+
+    .docker-unavailable-message {
+        color: $text-secondary;
+        font-size: $font-size-base;
+        margin: 0 0 $space-4 0;
+    }
+
+    .docker-unavailable-details {
+        width: 100%;
+        margin-bottom: $space-6;
+
+        code {
+            display: block;
+            padding: $space-3 $space-4;
+            background: $bg-hover;
+            border: 1px solid $border-subtle;
+            border-radius: $radius-md;
+            font-family: $font-mono;
+            font-size: $font-size-xs;
+            color: $text-tertiary;
+            word-break: break-all;
+            text-align: left;
+        }
+    }
+
+    .docker-unavailable-help {
+        width: 100%;
+        padding: $space-5;
+        background: $bg-hover;
+        border-radius: $radius-lg;
+        text-align: left;
+        margin-bottom: $space-6;
+
+        h4 {
+            font-size: $font-size-sm;
+            font-weight: $font-weight-semibold;
+            margin: 0 0 $space-3 0;
+            color: $text-primary;
+        }
+
+        ul {
+            margin: 0;
+            padding-left: $space-5;
+
+            li {
+                font-size: $font-size-sm;
+                color: $text-secondary;
+                margin-bottom: $space-2;
+
+                &:last-child {
+                    margin-bottom: 0;
+                }
+            }
+        }
+    }
+
+    .btn {
+        display: inline-flex;
+        align-items: center;
+        gap: $space-2;
+
+        svg {
+            width: 16px;
+            height: 16px;
+        }
+    }
+}
diff --git a/frontend/src/styles/pages/_domains.less b/frontend/src/styles/pages/_domains.less
deleted file mode 100644
index 9a473f5b..00000000
--- a/frontend/src/styles/pages/_domains.less
+++ /dev/null
@@ -1,228 +0,0 @@
-// ============================================
-// DOMAINS & SSL PAGE
-// ============================================
-
-// SSL Status Bar
-.ssl-status-bar {
-    display: flex;
-    gap: @space-6;
-    margin-bottom: @space-8;
-
-    @media (max-width: @breakpoint-md) {
-        flex-direction: column;
-    }
-}
-
-.ssl-status-item {
-    .flex-start();
-    gap: @space-4;
-    padding: @space-5;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-xl;
-    flex: 1;
-}
-
-.ssl-status-icon {
-    .icon-box(48px);
-    border-radius: @radius-xl - 2;
-
-    &.active {
-        background: @success-bg;
-        color: @success;
-    }
-
-    &.inactive {
-        background: @danger-bg;
-        color: @danger;
-    }
-}
-
-.ssl-status-info {
-    h4 {
-        font-size: @font-size-md;
-        font-weight: @font-weight-semibold;
-        margin-bottom: @space-1;
-    }
-
-    span {
-        font-size: @font-size-sm + 1;
-        color: @text-secondary;
-    }
-}
-
-// Domain List
-.domain-list {
-    .flex-column-gap(@space-3);
-}
-
-.domain-item {
-    .list-item-base();
-}
-
-.domain-item-info {
-    .flex-start();
-    gap: @space-4;
-    flex: 1;
-    min-width: 0;
-}
-
-.domain-item-icon {
-    .icon-box();
-    background: @bg-hover;
-    border-radius: @radius-lg;
-    color: @text-secondary;
-
-    &.ssl {
-        background: @success-bg;
-        color: @success;
-    }
-}
-
-.domain-item-details {
-    min-width: 0;
-
-    h3 {
-        font-size: @font-size-base;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-        margin-bottom: @space-1;
-        .flex-start();
-        gap: @space-2;
-    }
-}
-
-.primary-badge {
-    background: @accent-glow;
-    color: @accent-primary;
-    padding: @space-1 - 2 @space-2;
-    border-radius: @radius-sm;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-semibold;
-    text-transform: uppercase;
-}
-
-.domain-item-meta {
-    .flex-start();
-    gap: @space-4;
-    font-size: @font-size-sm;
-    color: @text-tertiary;
-
-    span {
-        .flex-start();
-        gap: @space-1;
-    }
-}
-
-.app-link {
-    color: @text-secondary;
-}
-
-.ssl-badge {
-    color: @success;
-}
-
-.domain-item-actions {
-    display: flex;
-    gap: @space-2;
-    flex-shrink: 0;
-    flex-wrap: wrap;
-}
-
-// Certificate List
-.cert-list {
-    .flex-column-gap(@space-3);
-}
-
-.cert-item {
-    .list-item-base();
-}
-
-.cert-item-info {
-    .flex-start();
-    gap: @space-4;
-    flex: 1;
-    min-width: 0;
-}
-
-.cert-item-icon {
-    .icon-box();
-    background: @success-bg;
-    border-radius: @radius-lg;
-    color: @success;
-}
-
-.cert-item-details {
-    min-width: 0;
-
-    h3 {
-        font-size: @font-size-base;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-        margin-bottom: @space-1;
-    }
-}
-
-.cert-item-meta {
-    .flex-start();
-    gap: @space-4;
-    font-size: @font-size-sm;
-    color: @text-tertiary;
-
-    span {
-        .flex-start();
-        gap: @space-1;
-
-        &.valid {
-            color: @success;
-        }
-
-        &.expiring {
-            color: @warning;
-        }
-    }
-}
-
-.cert-status {
-    flex-shrink: 0;
-}
-
-// SSL Info Box (in modal)
-.ssl-info-box {
-    .flex-start();
-    gap: @space-4;
-    padding: @space-5;
-    background: @success-bg;
-    border: 1px solid @success-border;
-    border-radius: @radius-lg;
-    margin-bottom: @space-5;
-    color: @success;
-
-    h4 {
-        font-size: @font-size-base;
-        font-weight: @font-weight-semibold;
-        margin-bottom: @space-1;
-    }
-
-    p {
-        font-size: @font-size-sm;
-        color: @text-secondary;
-
-        strong {
-            color: @text-primary;
-        }
-    }
-}
-
-// Checkbox label
-.checkbox-label {
-    .flex-start();
-    gap: @space-2;
-    cursor: pointer;
-
-    input[type="checkbox"] {
-        width: 16px;
-        height: 16px;
-        accent-color: @accent-primary;
-    }
-}
diff --git a/frontend/src/styles/pages/_domains.scss b/frontend/src/styles/pages/_domains.scss
new file mode 100644
index 00000000..a77a54fb
--- /dev/null
+++ b/frontend/src/styles/pages/_domains.scss
@@ -0,0 +1,228 @@
+// ============================================
+// DOMAINS & SSL PAGE
+// ============================================
+
+// SSL Status Bar
+.ssl-status-bar {
+    display: flex;
+    gap: $space-6;
+    margin-bottom: $space-8;
+
+    @media (max-width: $breakpoint-md) {
+        flex-direction: column;
+    }
+}
+
+.ssl-status-item {
+    @include flex-start();
+    gap: $space-4;
+    padding: $space-5;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-xl;
+    flex: 1;
+}
+
+.ssl-status-icon {
+    @include icon-box(48px);
+    border-radius: $radius-xl - 2;
+
+    &.active {
+        background: $success-bg;
+        color: $success;
+    }
+
+    &.inactive {
+        background: $danger-bg;
+        color: $danger;
+    }
+}
+
+.ssl-status-info {
+    h4 {
+        font-size: $font-size-md;
+        font-weight: $font-weight-semibold;
+        margin-bottom: $space-1;
+    }
+
+    span {
+        font-size: $font-size-sm + 1;
+        color: $text-secondary;
+    }
+}
+
+// Domain List
+.domain-list {
+    @include flex-column-gap($space-3);
+}
+
+.domain-item {
+    @include list-item-base();
+}
+
+.domain-item-info {
+    @include flex-start();
+    gap: $space-4;
+    flex: 1;
+    min-width: 0;
+}
+
+.domain-item-icon {
+    @include icon-box();
+    background: $bg-hover;
+    border-radius: $radius-lg;
+    color: $text-secondary;
+
+    &.ssl {
+        background: $success-bg;
+        color: $success;
+    }
+}
+
+.domain-item-details {
+    min-width: 0;
+
+    h3 {
+        font-size: $font-size-base;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin-bottom: $space-1;
+        @include flex-start();
+        gap: $space-2;
+    }
+}
+
+.primary-badge {
+    background: $accent-glow;
+    color: $accent-primary;
+    padding: $space-1 - 2 $space-2;
+    border-radius: $radius-sm;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-semibold;
+    text-transform: uppercase;
+}
+
+.domain-item-meta {
+    @include flex-start();
+    gap: $space-4;
+    font-size: $font-size-sm;
+    color: $text-tertiary;
+
+    span {
+        @include flex-start();
+        gap: $space-1;
+    }
+}
+
+.app-link {
+    color: $text-secondary;
+}
+
+.ssl-badge {
+    color: $success;
+}
+
+.domain-item-actions {
+    display: flex;
+    gap: $space-2;
+    flex-shrink: 0;
+    flex-wrap: wrap;
+}
+
+// Certificate List
+.cert-list {
+    @include flex-column-gap($space-3);
+}
+
+.cert-item {
+    @include list-item-base();
+}
+
+.cert-item-info {
+    @include flex-start();
+    gap: $space-4;
+    flex: 1;
+    min-width: 0;
+}
+
+.cert-item-icon {
+    @include icon-box();
+    background: $success-bg;
+    border-radius: $radius-lg;
+    color: $success;
+}
+
+.cert-item-details {
+    min-width: 0;
+
+    h3 {
+        font-size: $font-size-base;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin-bottom: $space-1;
+    }
+}
+
+.cert-item-meta {
+    @include flex-start();
+    gap: $space-4;
+    font-size: $font-size-sm;
+    color: $text-tertiary;
+
+    span {
+        @include flex-start();
+        gap: $space-1;
+
+        &.valid {
+            color: $success;
+        }
+
+        &.expiring {
+            color: $warning;
+        }
+    }
+}
+
+.cert-status {
+    flex-shrink: 0;
+}
+
+// SSL Info Box (in modal)
+.ssl-info-box {
+    @include flex-start();
+    gap: $space-4;
+    padding: $space-5;
+    background: $success-bg;
+    border: 1px solid $success-border;
+    border-radius: $radius-lg;
+    margin-bottom: $space-5;
+    color: $success;
+
+    h4 {
+        font-size: $font-size-base;
+        font-weight: $font-weight-semibold;
+        margin-bottom: $space-1;
+    }
+
+    p {
+        font-size: $font-size-sm;
+        color: $text-secondary;
+
+        strong {
+            color: $text-primary;
+        }
+    }
+}
+
+// Checkbox label
+.checkbox-label {
+    @include flex-start();
+    gap: $space-2;
+    cursor: pointer;
+
+    input[type="checkbox"] {
+        width: 16px;
+        height: 16px;
+        accent-color: $accent-primary;
+    }
+}
diff --git a/frontend/src/styles/pages/_downloads.less b/frontend/src/styles/pages/_downloads.scss
similarity index 55%
rename from frontend/src/styles/pages/_downloads.less
rename to frontend/src/styles/pages/_downloads.scss
index 9fea4bad..8608d02a 100644
--- a/frontend/src/styles/pages/_downloads.less
+++ b/frontend/src/styles/pages/_downloads.scss
@@ -7,16 +7,16 @@
         display: flex;
         justify-content: space-between;
         align-items: flex-start;
-        margin-bottom: @space-6;
+        margin-bottom: $space-6;
 
         .page-header-content {
             h1 {
-                margin-bottom: @space-2;
+                margin-bottom: $space-2;
             }
 
             .page-subtitle {
-                color: @text-secondary;
-                font-size: @font-size-base;
+                color: $text-secondary;
+                font-size: $font-size-base;
                 max-width: 600px;
             }
         }
@@ -27,47 +27,47 @@
         flex-direction: column;
         align-items: center;
         justify-content: center;
-        padding: @space-12;
-        color: @text-secondary;
+        padding: $space-12;
+        color: $text-secondary;
 
         .loading-spinner {
             width: 40px;
             height: 40px;
-            border: 3px solid @border-default;
-            border-top-color: @accent-primary;
+            border: 3px solid $border-default;
+            border-top-color: $accent-primary;
             border-radius: 50%;
             animation: spin 1s linear infinite;
-            margin-bottom: @space-4;
+            margin-bottom: $space-4;
         }
     }
 
     .alert-error {
-        background: @danger-bg;
-        border: 1px solid @danger-border;
-        border-radius: @radius-lg;
-        padding: @space-4;
-        margin-bottom: @space-6;
+        background: $danger-bg;
+        border: 1px solid $danger-border;
+        border-radius: $radius-lg;
+        padding: $space-4;
+        margin-bottom: $space-6;
         display: flex;
         align-items: center;
         justify-content: space-between;
 
         p {
-            color: @danger;
+            color: $danger;
             margin: 0;
         }
 
         button {
             background: transparent;
-            border: 1px solid @danger;
-            color: @danger;
-            padding: @space-2 @space-4;
-            border-radius: @radius-md;
+            border: 1px solid $danger;
+            color: $danger;
+            padding: $space-2 $space-4;
+            border-radius: $radius-md;
             cursor: pointer;
             transition: all 0.2s;
 
             &:hover {
-                background: @danger;
-                color: @white;
+                background: $danger;
+                color: $white;
             }
         }
     }
@@ -75,40 +75,40 @@
     // Version Banner
     .version-banner {
         background: linear-gradient(135deg, var(--accent-primary) 0%, var(--accent-hover) 100%);
-        border-radius: @radius-lg;
-        padding: @space-6 @space-8;
-        margin-bottom: @space-8;
+        border-radius: $radius-lg;
+        padding: $space-6 $space-8;
+        margin-bottom: $space-8;
         display: flex;
         justify-content: space-between;
         align-items: center;
-        color: @white;
+        color: $white;
 
-        @media (max-width: @breakpoint-md) {
+        @media (max-width: $breakpoint-md) {
             flex-direction: column;
             align-items: flex-start;
-            gap: @space-4;
-            padding: @space-5;
+            gap: $space-4;
+            padding: $space-5;
         }
 
         .version-info {
             display: flex;
             flex-direction: column;
-            gap: @space-1;
+            gap: $space-1;
 
             .version-label {
-                font-size: @font-size-sm;
+                font-size: $font-size-sm;
                 opacity: 0.8;
                 text-transform: uppercase;
                 letter-spacing: 0.5px;
             }
 
             .version-number {
-                font-size: @font-size-3xl;
+                font-size: $font-size-3xl;
                 font-weight: 700;
             }
 
             .version-date {
-                font-size: @font-size-sm;
+                font-size: $font-size-sm;
                 opacity: 0.75;
             }
         }
@@ -116,16 +116,16 @@
         .version-actions {
             display: flex;
             align-items: center;
-            gap: @space-3;
+            gap: $space-3;
         }
 
         .btn-banner-outline {
             background: transparent;
             border: 1px solid rgba(255, 255, 255, 0.4);
-            color: @white;
-            padding: @space-2 @space-4;
-            border-radius: @radius-md;
-            font-size: @font-size-sm;
+            color: $white;
+            padding: $space-2 $space-4;
+            border-radius: $radius-md;
+            font-size: $font-size-sm;
             cursor: pointer;
             transition: all 0.2s;
 
@@ -136,17 +136,17 @@
         }
 
         .btn-banner-primary {
-            background: @white;
-            color: @accent-primary;
+            background: $white;
+            color: $accent-primary;
             border: none;
-            padding: @space-2 @space-5;
-            border-radius: @radius-md;
-            font-size: @font-size-sm;
+            padding: $space-2 $space-5;
+            border-radius: $radius-md;
+            font-size: $font-size-sm;
             font-weight: 600;
             cursor: pointer;
             display: flex;
             align-items: center;
-            gap: @space-2;
+            gap: $space-2;
             transition: all 0.2s;
 
             svg {
@@ -163,24 +163,24 @@
 
     // Sections
     .downloads-section {
-        margin-bottom: @space-10;
+        margin-bottom: $space-10;
 
         h2 {
-            font-size: @font-size-xl;
+            font-size: $font-size-xl;
             font-weight: 600;
-            margin-bottom: @space-2;
+            margin-bottom: $space-2;
         }
 
         .section-description {
-            color: @text-secondary;
-            margin-bottom: @space-6;
+            color: $text-secondary;
+            margin-bottom: $space-6;
 
             code {
-                background: @bg-secondary;
-                padding: @space-1 @space-2;
-                border-radius: @radius-sm;
-                font-family: @font-mono;
-                font-size: @font-size-sm;
+                background: $bg-secondary;
+                padding: $space-1 $space-2;
+                border-radius: $radius-sm;
+                font-family: $font-mono;
+                font-size: $font-size-sm;
             }
         }
     }
@@ -189,31 +189,31 @@
     .download-cards {
         display: grid;
         grid-template-columns: repeat(auto-fill, minmax(280px, 1fr));
-        gap: @space-4;
+        gap: $space-4;
     }
 
     .download-card {
-        background: @bg-card;
-        border: 1px solid @border-default;
-        border-radius: @radius-lg;
-        padding: @space-6;
+        background: $bg-card;
+        border: 1px solid $border-default;
+        border-radius: $radius-lg;
+        padding: $space-6;
         display: flex;
         flex-direction: column;
         align-items: center;
         text-align: center;
-        gap: @space-3;
+        gap: $space-3;
         transition: all 0.2s;
 
         &:hover {
-            border-color: @accent-primary;
-            box-shadow: 0 0 0 1px @accent-primary;
+            border-color: $accent-primary;
+            box-shadow: 0 0 0 1px $accent-primary;
         }
 
         &.unavailable {
             opacity: 0.5;
 
             &:hover {
-                border-color: @border-default;
+                border-color: $border-default;
                 box-shadow: none;
             }
         }
@@ -224,27 +224,27 @@
             display: flex;
             align-items: center;
             justify-content: center;
-            background: @bg-elevated;
-            border-radius: @radius-lg;
-            margin-bottom: @space-1;
+            background: $bg-elevated;
+            border-radius: $radius-lg;
+            margin-bottom: $space-1;
 
             .platform-icon {
                 width: 32px;
                 height: 32px;
-                color: @text-primary;
+                color: $text-primary;
             }
         }
 
         .platform-info {
             h3 {
-                font-size: @font-size-lg;
+                font-size: $font-size-lg;
                 font-weight: 600;
-                margin: 0 0 @space-1;
+                margin: 0 0 $space-1;
             }
 
             .platform-arch {
-                font-size: @font-size-sm;
-                color: @text-secondary;
+                font-size: $font-size-sm;
+                color: $text-secondary;
             }
         }
 
@@ -252,7 +252,7 @@
             display: flex;
             align-items: center;
             justify-content: center;
-            gap: @space-2;
+            gap: $space-2;
             width: 100%;
             margin-top: auto;
 
@@ -267,31 +267,31 @@
     .install-commands {
         display: flex;
         flex-direction: column;
-        gap: @space-4;
+        gap: $space-4;
     }
 
     .command-block {
-        background: @bg-card;
-        border: 1px solid @border-default;
-        border-radius: @radius-lg;
+        background: $bg-card;
+        border: 1px solid $border-default;
+        border-radius: $radius-lg;
         overflow: hidden;
 
         .command-header {
             display: flex;
             align-items: center;
-            gap: @space-3;
-            padding: @space-4;
-            border-bottom: 1px solid @border-default;
-            background: @bg-elevated;
+            gap: $space-3;
+            padding: $space-4;
+            border-bottom: 1px solid $border-default;
+            background: $bg-elevated;
 
             .platform-icon {
                 width: 24px;
                 height: 24px;
-                color: @text-primary;
+                color: $text-primary;
             }
 
             h3 {
-                font-size: @font-size-base;
+                font-size: $font-size-base;
                 font-weight: 600;
                 margin: 0;
             }
@@ -299,8 +299,8 @@
 
         .command-content {
             position: relative;
-            padding: @space-4;
-            background: @bg-body;
+            padding: $space-4;
+            background: $bg-body;
 
             pre {
                 margin: 0;
@@ -309,9 +309,9 @@
                 overflow-x: auto;
 
                 code {
-                    font-family: @font-mono;
-                    font-size: @font-size-sm;
-                    color: @text-primary;
+                    font-family: $font-mono;
+                    font-size: $font-size-sm;
+                    color: $text-primary;
                     white-space: pre-wrap;
                     word-break: break-all;
                 }
@@ -319,20 +319,20 @@
 
             .copy-btn {
                 position: absolute;
-                top: @space-3;
-                right: @space-3;
-                background: @bg-secondary;
-                border: 1px solid @border-default;
-                border-radius: @radius-md;
-                padding: @space-2;
+                top: $space-3;
+                right: $space-3;
+                background: $bg-secondary;
+                border: 1px solid $border-default;
+                border-radius: $radius-md;
+                padding: $space-2;
                 cursor: pointer;
-                color: @text-secondary;
+                color: $text-secondary;
                 transition: all 0.2s;
 
                 &:hover {
-                    background: @bg-hover;
-                    color: @text-primary;
-                    border-color: @accent-primary;
+                    background: $bg-hover;
+                    color: $text-primary;
+                    border-color: $accent-primary;
                 }
 
                 svg {
@@ -343,12 +343,12 @@
         }
 
         .command-note {
-            padding: @space-3 @space-4;
-            background: @warning-bg;
-            color: @warning;
-            font-size: @font-size-sm;
+            padding: $space-3 $space-4;
+            background: $warning-bg;
+            color: $warning;
+            font-size: $font-size-sm;
             margin: 0;
-            border-top: 1px solid @warning-border;
+            border-top: 1px solid $warning-border;
         }
     }
 
@@ -356,78 +356,78 @@
     .manual-steps {
         display: flex;
         flex-direction: column;
-        gap: @space-4;
+        gap: $space-4;
     }
 
     .step {
         display: flex;
-        gap: @space-4;
-        padding: @space-4;
-        background: @bg-card;
-        border: 1px solid @border-default;
-        border-radius: @radius-lg;
+        gap: $space-4;
+        padding: $space-4;
+        background: $bg-card;
+        border: 1px solid $border-default;
+        border-radius: $radius-lg;
 
         .step-number {
             flex-shrink: 0;
             width: 32px;
             height: 32px;
-            background: @accent-primary;
+            background: $accent-primary;
             border-radius: 50%;
             display: flex;
             align-items: center;
             justify-content: center;
             font-weight: 600;
-            font-size: @font-size-sm;
-            color: @white;
+            font-size: $font-size-sm;
+            color: $white;
         }
 
         .step-content {
             flex: 1;
 
             h4 {
-                font-size: @font-size-base;
+                font-size: $font-size-base;
                 font-weight: 600;
-                margin: 0 0 @space-2;
+                margin: 0 0 $space-2;
             }
 
             p {
-                color: @text-secondary;
-                margin: 0 0 @space-2;
-                font-size: @font-size-sm;
+                color: $text-secondary;
+                margin: 0 0 $space-2;
+                font-size: $font-size-sm;
 
                 &:last-child {
                     margin-bottom: 0;
                 }
 
                 code {
-                    background: @bg-secondary;
-                    padding: @space-1 @space-2;
-                    border-radius: @radius-sm;
-                    font-family: @font-mono;
-                    font-size: @font-size-xs;
-                    color: @text-primary;
+                    background: $bg-secondary;
+                    padding: $space-1 $space-2;
+                    border-radius: $radius-sm;
+                    font-family: $font-mono;
+                    font-size: $font-size-xs;
+                    color: $text-primary;
                 }
             }
 
             pre {
-                background: @bg-body;
-                padding: @space-3;
-                border-radius: @radius-md;
-                margin: @space-2 0;
+                background: $bg-body;
+                padding: $space-3;
+                border-radius: $radius-md;
+                margin: $space-2 0;
                 overflow-x: auto;
 
                 code {
-                    font-family: @font-mono;
-                    font-size: @font-size-sm;
-                    color: @text-primary;
+                    font-family: $font-mono;
+                    font-size: $font-size-sm;
+                    color: $text-primary;
                     background: transparent;
                     padding: 0;
                 }
             }
 
             .step-note {
-                color: @text-tertiary;
-                font-size: @font-size-xs;
+                color: $text-tertiary;
+                font-size: $font-size-xs;
                 font-style: italic;
             }
         }
@@ -435,19 +435,19 @@
 
     // Verification
     .verification-command {
-        margin-top: @space-4;
+        margin-top: $space-4;
 
         pre {
-            background: @bg-card;
-            border: 1px solid @border-default;
-            padding: @space-4;
-            border-radius: @radius-lg;
+            background: $bg-card;
+            border: 1px solid $border-default;
+            padding: $space-4;
+            border-radius: $radius-lg;
             margin: 0;
 
             code {
-                font-family: @font-mono;
-                font-size: @font-size-sm;
-                color: @text-primary;
+                font-family: $font-mono;
+                font-size: $font-size-sm;
+                color: $text-primary;
             }
         }
     }
diff --git a/frontend/src/styles/pages/_email.less b/frontend/src/styles/pages/_email.scss
similarity index 51%
rename from frontend/src/styles/pages/_email.less
rename to frontend/src/styles/pages/_email.scss
index 7fb1e11d..45fbcefa 100644
--- a/frontend/src/styles/pages/_email.less
+++ b/frontend/src/styles/pages/_email.scss
@@ -7,26 +7,26 @@
         display: flex;
         justify-content: space-between;
         align-items: flex-start;
-        margin-bottom: @space-6;
+        margin-bottom: $space-6;
         flex-wrap: wrap;
-        gap: @space-4;
+        gap: $space-4;
 
         .page-header-content {
             h1 {
                 font-size: 24px;
-                font-weight: @font-weight-semibold;
+                font-weight: $font-weight-semibold;
                 margin: 0 0 4px 0;
             }
 
             .page-description {
-                color: @text-secondary;
+                color: $text-secondary;
                 margin: 0;
             }
         }
 
         .page-header-actions {
             display: flex;
-            gap: @space-2;
+            gap: $space-2;
         }
     }
 
@@ -39,30 +39,30 @@
 
     .tab-navigation {
         display: flex;
-        gap: @space-2;
-        margin-bottom: @space-6;
-        border-bottom: 1px solid @border-subtle;
-        padding-bottom: @space-2;
+        gap: $space-2;
+        margin-bottom: $space-6;
+        border-bottom: 1px solid $border-subtle;
+        padding-bottom: $space-2;
         overflow-x: auto;
 
         .tab-button {
-            padding: @space-2 @space-4;
+            padding: $space-2 $space-4;
             border: none;
             background: none;
-            color: @text-secondary;
+            color: $text-secondary;
             cursor: pointer;
-            border-radius: @radius-md;
+            border-radius: $radius-md;
             white-space: nowrap;
-            font-size: @font-size-sm;
+            font-size: $font-size-sm;
             transition: all 0.2s;
 
             &:hover {
-                background: @bg-hover;
-                color: @text-primary;
+                background: $bg-hover;
+                color: $text-primary;
             }
 
             &.active {
-                background: @accent-primary;
+                background: $accent-primary;
                 color: white;
             }
         }
@@ -74,31 +74,31 @@
         flex-direction: column;
         align-items: center;
         justify-content: center;
-        padding: 80px @space-6;
-        background: @bg-card;
-        border-radius: @radius-lg;
+        padding: 80px $space-6;
+        background: $bg-card;
+        border-radius: $radius-lg;
         text-align: center;
 
         .icon {
             font-size: 64px;
-            color: @text-tertiary;
-            margin-bottom: @space-4;
+            color: $text-tertiary;
+            margin-bottom: $space-4;
         }
 
         h2 {
-            margin: 0 0 @space-2 0;
+            margin: 0 0 $space-2 0;
         }
 
         p {
-            color: @text-secondary;
-            margin: 0 0 @space-6 0;
+            color: $text-secondary;
+            margin: 0 0 $space-6 0;
             max-width: 480px;
         }
 
         .install-form {
             display: flex;
             flex-direction: column;
-            gap: @space-4;
+            gap: $space-4;
             align-items: center;
             width: 100%;
             max-width: 400px;
@@ -109,17 +109,17 @@
         display: flex;
         justify-content: space-between;
         align-items: center;
-        margin-bottom: @space-4;
+        margin-bottom: $space-4;
 
         h2 {
             margin: 0;
-            font-size: @font-size-lg;
-            font-weight: @font-weight-semibold;
+            font-size: $font-size-lg;
+            font-weight: $font-weight-semibold;
         }
 
         .section-actions {
             display: flex;
-            gap: @space-2;
+            gap: $space-2;
         }
     }
 }
@@ -130,54 +130,54 @@
     .status-grid {
         display: grid;
         grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
-        gap: @space-4;
-        margin-bottom: @space-6;
+        gap: $space-4;
+        margin-bottom: $space-6;
     }
 }
 
 .email-service-card {
-    background: @bg-card;
-    border-radius: @radius-lg;
-    border: 1px solid @border-subtle;
-    padding: @space-5;
+    background: $bg-card;
+    border-radius: $radius-lg;
+    border: 1px solid $border-subtle;
+    padding: $space-5;
 }
 
 .email-service-header {
     display: flex;
     justify-content: space-between;
     align-items: flex-start;
-    gap: @space-4;
+    gap: $space-4;
 
     h3 {
-        margin: 0 0 @space-1 0;
-        font-size: @font-size-md;
-        font-weight: @font-weight-semibold;
+        margin: 0 0 $space-1 0;
+        font-size: $font-size-md;
+        font-weight: $font-weight-semibold;
     }
 
     .version {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
     }
 }
 
 .email-service-meta {
-    margin-top: @space-3;
-    font-size: @font-size-sm;
-    color: @text-secondary;
+    margin-top: $space-3;
+    font-size: $font-size-sm;
+    color: $text-secondary;
 
     .meta-item {
         display: flex;
         justify-content: space-between;
-        padding: @space-1 0;
+        padding: $space-1 0;
     }
 }
 
 .email-service-actions {
     display: flex;
-    gap: @space-2;
-    margin-top: @space-4;
-    padding-top: @space-4;
-    border-top: 1px solid @border-subtle;
+    gap: $space-2;
+    margin-top: $space-4;
+    padding-top: $space-4;
+    border-top: 1px solid $border-subtle;
 }
 
 // ── Domains Tab ──
@@ -186,75 +186,75 @@
     .domain-list {
         display: flex;
         flex-direction: column;
-        gap: @space-4;
+        gap: $space-4;
     }
 }
 
 .domain-card {
-    background: @bg-card;
-    border-radius: @radius-lg;
-    border: 1px solid @border-subtle;
-    padding: @space-5;
+    background: $bg-card;
+    border-radius: $radius-lg;
+    border: 1px solid $border-subtle;
+    padding: $space-5;
 
     .domain-header {
         display: flex;
         justify-content: space-between;
         align-items: flex-start;
-        margin-bottom: @space-3;
+        margin-bottom: $space-3;
 
         h3 {
             margin: 0;
-            font-size: @font-size-md;
+            font-size: $font-size-md;
         }
     }
 
     .domain-stats {
         display: flex;
-        gap: @space-6;
-        margin-bottom: @space-3;
-        font-size: @font-size-sm;
-        color: @text-secondary;
+        gap: $space-6;
+        margin-bottom: $space-3;
+        font-size: $font-size-sm;
+        color: $text-secondary;
 
         span {
             display: flex;
             align-items: center;
-            gap: @space-1;
+            gap: $space-1;
         }
     }
 
     .domain-dns {
         display: flex;
-        gap: @space-2;
+        gap: $space-2;
         flex-wrap: wrap;
-        margin-bottom: @space-3;
+        margin-bottom: $space-3;
 
         .dns-badge {
-            font-size: @font-size-xs;
-            padding: 2px @space-2;
-            border-radius: @radius-sm;
-            background: @bg-elevated;
-            border: 1px solid @border-subtle;
-            color: @text-secondary;
+            font-size: $font-size-xs;
+            padding: 2px $space-2;
+            border-radius: $radius-sm;
+            background: $bg-elevated;
+            border: 1px solid $border-subtle;
+            color: $text-secondary;
 
             &.verified {
-                background: @bg-elevated;
-                border-color: @success;
-                color: @success;
+                background: $bg-elevated;
+                border-color: $success;
+                color: $success;
             }
 
             &.missing {
-                background: @bg-elevated;
-                border-color: @danger;
-                color: @danger;
+                background: $bg-elevated;
+                border-color: $danger;
+                color: $danger;
             }
         }
     }
 
     .domain-actions {
         display: flex;
-        gap: @space-2;
-        padding-top: @space-3;
-        border-top: 1px solid @border-subtle;
+        gap: $space-2;
+        padding-top: $space-3;
+        border-top: 1px solid $border-subtle;
     }
 }
 
@@ -262,72 +262,72 @@
 
 .email-accounts {
     .domain-selector {
-        margin-bottom: @space-4;
+        margin-bottom: $space-4;
     }
 
     .accounts-list {
         display: flex;
         flex-direction: column;
-        gap: @space-3;
+        gap: $space-3;
     }
 }
 
 .account-card {
-    background: @bg-card;
-    border-radius: @radius-md;
-    border: 1px solid @border-subtle;
-    padding: @space-4;
+    background: $bg-card;
+    border-radius: $radius-md;
+    border: 1px solid $border-subtle;
+    padding: $space-4;
     display: flex;
     justify-content: space-between;
     align-items: center;
-    gap: @space-4;
+    gap: $space-4;
     flex-wrap: wrap;
 
     .account-info {
         .account-email {
-            font-weight: @font-weight-medium;
-            margin-bottom: @space-1;
+            font-weight: $font-weight-medium;
+            margin-bottom: $space-1;
         }
 
         .account-meta {
-            font-size: @font-size-sm;
-            color: @text-secondary;
+            font-size: $font-size-sm;
+            color: $text-secondary;
             display: flex;
-            gap: @space-4;
+            gap: $space-4;
         }
     }
 
     .account-actions {
         display: flex;
-        gap: @space-2;
+        gap: $space-2;
     }
 }
 
 // ── Form styles ──
 
 .email-form {
-    background: @bg-card;
-    border-radius: @radius-lg;
-    border: 1px solid @border-subtle;
-    padding: @space-5;
-    margin-bottom: @space-4;
+    background: $bg-card;
+    border-radius: $radius-lg;
+    border: 1px solid $border-subtle;
+    padding: $space-5;
+    margin-bottom: $space-4;
 
     .form-title {
-        font-size: @font-size-md;
-        font-weight: @font-weight-semibold;
-        margin: 0 0 @space-4 0;
+        font-size: $font-size-md;
+        font-weight: $font-weight-semibold;
+        margin: 0 0 $space-4 0;
     }
 
     .form-grid {
         display: grid;
         grid-template-columns: repeat(auto-fit, minmax(220px, 1fr));
-        gap: @space-4;
-        margin-bottom: @space-4;
+        gap: $space-4;
+        margin-bottom: $space-4;
     }
 
     .form-actions {
         display: flex;
-        gap: @space-2;
+        gap: $space-2;
         justify-content: flex-end;
     }
 }
@@ -339,44 +339,44 @@
     .items-list {
         display: flex;
         flex-direction: column;
-        gap: @space-3;
+        gap: $space-3;
     }
 }
 
 .alias-card,
 .forwarding-card {
-    background: @bg-card;
-    border-radius: @radius-md;
-    border: 1px solid @border-subtle;
-    padding: @space-4;
+    background: $bg-card;
+    border-radius: $radius-md;
+    border: 1px solid $border-subtle;
+    padding: $space-4;
     display: flex;
     justify-content: space-between;
     align-items: center;
-    gap: @space-4;
+    gap: $space-4;
     flex-wrap: wrap;
 
     .item-info {
         .item-mapping {
-            font-weight: @font-weight-medium;
-            margin-bottom: @space-1;
+            font-weight: $font-weight-medium;
+            margin-bottom: $space-1;
             display: flex;
             align-items: center;
-            gap: @space-2;
+            gap: $space-2;
 
             .arrow {
-                color: @text-tertiary;
+                color: $text-tertiary;
             }
         }
 
         .item-meta {
-            font-size: @font-size-sm;
-            color: @text-secondary;
+            font-size: $font-size-sm;
+            color: $text-secondary;
         }
     }
 
     .item-actions {
         display: flex;
-        gap: @space-2;
+        gap: $space-2;
     }
 }
 
@@ -386,70 +386,70 @@
     .provider-list {
         display: flex;
         flex-direction: column;
-        gap: @space-4;
+        gap: $space-4;
     }
 }
 
 .provider-card {
-    background: @bg-card;
-    border-radius: @radius-lg;
-    border: 1px solid @border-subtle;
-    padding: @space-5;
+    background: $bg-card;
+    border-radius: $radius-lg;
+    border: 1px solid $border-subtle;
+    padding: $space-5;
 
     .provider-header {
         display: flex;
         justify-content: space-between;
         align-items: flex-start;
-        margin-bottom: @space-3;
+        margin-bottom: $space-3;
 
         h3 {
             margin: 0;
-            font-size: @font-size-md;
+            font-size: $font-size-md;
         }
 
         .provider-type {
-            font-size: @font-size-xs;
-            padding: 2px @space-2;
-            border-radius: @radius-sm;
-            background: @bg-elevated;
+            font-size: $font-size-xs;
+            padding: 2px $space-2;
+            border-radius: $radius-sm;
+            background: $bg-elevated;
             text-transform: uppercase;
             letter-spacing: 0.5px;
         }
     }
 
     .provider-meta {
-        font-size: @font-size-sm;
-        color: @text-secondary;
-        margin-bottom: @space-3;
+        font-size: $font-size-sm;
+        color: $text-secondary;
+        margin-bottom: $space-3;
 
         .meta-row {
             display: flex;
-            gap: @space-4;
-            padding: @space-1 0;
+            gap: $space-4;
+            padding: $space-1 0;
         }
     }
 
     .provider-actions {
         display: flex;
-        gap: @space-2;
-        padding-top: @space-3;
-        border-top: 1px solid @border-subtle;
+        gap: $space-2;
+        padding-top: $space-3;
+        border-top: 1px solid $border-subtle;
     }
 
     .zones-list {
-        margin-top: @space-3;
-        padding: @space-3;
-        background: @bg-elevated;
-        border-radius: @radius-md;
-        font-size: @font-size-sm;
+        margin-top: $space-3;
+        padding: $space-3;
+        background: $bg-elevated;
+        border-radius: $radius-md;
+        font-size: $font-size-sm;
 
         .zone-item {
             display: flex;
             justify-content: space-between;
-            padding: @space-1 0;
+            padding: $space-1 0;
 
             &:not(:last-child) {
-                border-bottom: 1px solid @border-subtle;
+                border-bottom: 1px solid $border-subtle;
             }
         }
     }
@@ -459,26 +459,26 @@
 
 .email-spam {
     .spam-config {
-        background: @bg-card;
-        border-radius: @radius-lg;
-        border: 1px solid @border-subtle;
-        padding: @space-5;
+        background: $bg-card;
+        border-radius: $radius-lg;
+        border: 1px solid $border-subtle;
+        padding: $space-5;
     }
 
     .form-grid {
         display: grid;
         grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
-        gap: @space-4;
-        margin-bottom: @space-4;
+        gap: $space-4;
+        margin-bottom: $space-4;
     }
 
     .checkbox-field {
         display: flex;
         align-items: center;
-        gap: @space-2;
+        gap: $space-2;
 
         label {
-            font-size: @font-size-sm;
+            font-size: $font-size-sm;
         }
     }
 }
@@ -487,35 +487,35 @@
 
 .email-webmail {
     .webmail-card {
-        background: @bg-card;
-        border-radius: @radius-lg;
-        border: 1px solid @border-subtle;
-        padding: @space-5;
+        background: $bg-card;
+        border-radius: $radius-lg;
+        border: 1px solid $border-subtle;
+        padding: $space-5;
 
         .webmail-status-row {
             display: flex;
             justify-content: space-between;
             align-items: center;
-            margin-bottom: @space-4;
+            margin-bottom: $space-4;
         }
 
         .webmail-info {
-            font-size: @font-size-sm;
-            color: @text-secondary;
-            margin-bottom: @space-4;
+            font-size: $font-size-sm;
+            color: $text-secondary;
+            margin-bottom: $space-4;
         }
 
         .webmail-actions {
             display: flex;
-            gap: @space-2;
+            gap: $space-2;
             flex-wrap: wrap;
         }
     }
 
     .proxy-form {
-        margin-top: @space-4;
-        padding-top: @space-4;
-        border-top: 1px solid @border-subtle;
+        margin-top: $space-4;
+        padding-top: $space-4;
+        border-top: 1px solid $border-subtle;
     }
 }
 
@@ -525,42 +525,42 @@
     .queue-list {
         display: flex;
         flex-direction: column;
-        gap: @space-3;
+        gap: $space-3;
     }
 }
 
 .queue-item {
-    background: @bg-card;
-    border-radius: @radius-md;
-    border: 1px solid @border-subtle;
-    padding: @space-4;
+    background: $bg-card;
+    border-radius: $radius-md;
+    border: 1px solid $border-subtle;
+    padding: $space-4;
     display: flex;
     justify-content: space-between;
     align-items: flex-start;
-    gap: @space-4;
+    gap: $space-4;
 
     .queue-info {
         flex: 1;
 
         .queue-id {
-            font-family: @font-mono;
-            font-size: @font-size-sm;
-            font-weight: @font-weight-medium;
-            margin-bottom: @space-1;
+            font-family: $font-mono;
+            font-size: $font-size-sm;
+            font-weight: $font-weight-medium;
+            margin-bottom: $space-1;
         }
 
         .queue-meta {
-            font-size: @font-size-sm;
-            color: @text-secondary;
+            font-size: $font-size-sm;
+            color: $text-secondary;
             display: flex;
             flex-wrap: wrap;
-            gap: @space-3;
+            gap: $space-3;
         }
 
         .queue-error {
-            font-size: @font-size-sm;
-            color: @danger;
-            margin-top: @space-1;
+            font-size: $font-size-sm;
+            color: $danger;
+            margin-top: $space-1;
         }
     }
 }
@@ -569,14 +569,14 @@
 
 .email-logs {
     .log-output {
-        font-family: @font-mono;
-        font-size: @font-size-xs;
-        line-height: @line-height-relaxed;
-        color: @text-primary;
-        background: @bg-body;
-        padding: @space-4;
-        border-radius: @radius-md;
-        border: 1px solid @border-subtle;
+        font-family: $font-mono;
+        font-size: $font-size-xs;
+        line-height: $line-height-relaxed;
+        color: $text-primary;
+        background: $bg-body;
+        padding: $space-4;
+        border-radius: $radius-md;
+        border: 1px solid $border-subtle;
         max-height: 600px;
         overflow: auto;
         white-space: pre-wrap;
@@ -586,8 +586,8 @@
 
     .log-controls {
         display: flex;
-        gap: @space-2;
-        margin-bottom: @space-3;
+        gap: $space-2;
+        margin-bottom: $space-3;
         align-items: center;
     }
 }
@@ -597,11 +597,11 @@
 .status-badge {
     display: inline-flex;
     align-items: center;
-    gap: @space-1;
-    padding: 2px @space-2;
-    border-radius: @radius-sm;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-medium;
+    gap: $space-1;
+    padding: 2px $space-2;
+    border-radius: $radius-sm;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-medium;
 
     &::before {
         content: '';
@@ -611,28 +611,28 @@
     }
 
     &.online {
-        color: @success;
-        background: @bg-elevated;
+        color: $success;
+        background: $bg-elevated;
 
         &::before {
-            background: @success;
+            background: $success;
         }
     }
 
     &.offline {
-        color: @danger;
-        background: @bg-elevated;
+        color: $danger;
+        background: $bg-elevated;
 
         &::before {
-            background: @danger;
+            background: $danger;
         }
     }
 }
 
 .empty-state {
     text-align: center;
-    padding: @space-8;
-    color: @text-secondary;
+    padding: $space-8;
+    color: $text-secondary;
 
     p {
         margin: 0;
diff --git a/frontend/src/styles/pages/_file-manager.less b/frontend/src/styles/pages/_file-manager.scss
similarity index 57%
rename from frontend/src/styles/pages/_file-manager.less
rename to frontend/src/styles/pages/_file-manager.scss
index 6ea76407..9b5b73d6 100644
--- a/frontend/src/styles/pages/_file-manager.less
+++ b/frontend/src/styles/pages/_file-manager.scss
@@ -3,37 +3,37 @@
 .file-manager {
     display: flex;
     flex-direction: column;
-    gap: @space-4;
+    gap: $space-4;
 
     .page-header {
         display: flex;
         justify-content: space-between;
         align-items: flex-start;
         flex-wrap: wrap;
-        gap: @space-4;
+        gap: $space-4;
 
         .page-header-content {
             h1 {
-                font-size: @font-size-2xl;
-                font-weight: @font-weight-semibold;
-                margin: 0 0 @space-1 0;
+                font-size: $font-size-2xl;
+                font-weight: $font-weight-semibold;
+                margin: 0 0 $space-1 0;
             }
 
             .page-description {
-                color: @text-secondary;
+                color: $text-secondary;
                 margin: 0;
             }
         }
 
         .page-header-actions {
             display: flex;
-            gap: @space-2;
+            gap: $space-2;
             flex-wrap: wrap;
 
             .btn {
                 display: flex;
                 align-items: center;
-                gap: @space-2;
+                gap: $space-2;
             }
         }
     }
@@ -41,29 +41,29 @@
     .upload-progress {
         display: flex;
         align-items: center;
-        gap: @space-3;
-        padding: @space-3 @space-4;
-        background: @bg-card;
-        border-radius: @radius-lg;
+        gap: $space-3;
+        padding: $space-3 $space-4;
+        background: $bg-card;
+        border-radius: $radius-lg;
 
         .progress-bar {
             flex: 1;
             height: 8px;
-            background: @border-default;
-            border-radius: @radius-sm;
+            background: $border-default;
+            border-radius: $radius-sm;
             overflow: hidden;
 
             .progress-fill {
                 height: 100%;
-                background: @accent-primary;
-                .transition(width);
+                background: $accent-primary;
+                @include transition(width);
             }
         }
 
         span {
-            font-size: @font-size-sm;
-            font-weight: @font-weight-medium;
-            color: @text-secondary;
+            font-size: $font-size-sm;
+            font-weight: $font-weight-medium;
+            color: $text-secondary;
             min-width: 40px;
         }
     }
@@ -72,57 +72,57 @@
         display: flex;
         justify-content: space-between;
         align-items: center;
-        padding: @space-3 @space-4;
-        background: @bg-card;
-        border-radius: @radius-lg;
-        gap: @space-4;
+        padding: $space-3 $space-4;
+        background: $bg-card;
+        border-radius: $radius-lg;
+        gap: $space-4;
         flex-wrap: wrap;
 
         .path-breadcrumb {
             display: flex;
             align-items: center;
-            gap: @space-2;
+            gap: $space-2;
 
             .current-path {
-                font-family: @font-mono;
-                font-size: @font-size-sm;
-                color: @text-primary;
-                background: @bg-tertiary;
-                padding: @space-2 @space-3;
-                border-radius: @radius-md;
+                font-family: $font-mono;
+                font-size: $font-size-sm;
+                color: $text-primary;
+                background: $bg-tertiary;
+                padding: $space-2 $space-3;
+                border-radius: $radius-md;
             }
         }
 
         .toolbar-actions {
             display: flex;
             align-items: center;
-            gap: @space-3;
+            gap: $space-3;
             flex-wrap: wrap;
 
             .search-box {
                 display: flex;
                 align-items: center;
-                gap: @space-2;
-                background: @bg-tertiary;
-                border-radius: @radius-md;
-                padding: 0 @space-2;
+                gap: $space-2;
+                background: $bg-tertiary;
+                border-radius: $radius-md;
+                padding: 0 $space-2;
                 position: relative;
 
                 .search-icon {
-                    color: @text-tertiary;
+                    color: $text-tertiary;
                     flex-shrink: 0;
                 }
 
                 input {
                     background: transparent;
                     border: none;
-                    padding: @space-2 @space-3;
-                    font-size: @font-size-sm;
+                    padding: $space-2 $space-3;
+                    font-size: $font-size-sm;
                     width: 180px;
-                    color: @text-primary;
+                    color: $text-primary;
 
                     &::placeholder {
-                        color: @text-tertiary;
+                        color: $text-tertiary;
                     }
 
                     &:focus {
@@ -134,9 +134,9 @@
             .checkbox-label {
                 display: flex;
                 align-items: center;
-                gap: @space-2;
-                font-size: @font-size-sm;
-                color: @text-secondary;
+                gap: $space-2;
+                font-size: $font-size-sm;
+                color: $text-secondary;
                 cursor: pointer;
 
                 input[type="checkbox"] {
@@ -145,7 +145,7 @@
                 }
 
                 svg {
-                    color: @text-tertiary;
+                    color: $text-tertiary;
                 }
             }
         }
@@ -154,7 +154,7 @@
     // Main layout with sidebar
     .file-manager-layout {
         display: flex;
-        gap: @space-4;
+        gap: $space-4;
         min-height: 0;
     }
 
@@ -166,9 +166,9 @@
     .file-manager-content {
         display: grid;
         grid-template-columns: 1fr 400px;
-        gap: @space-4;
+        gap: $space-4;
 
-        @media (max-width: @breakpoint-xl) {
+        @media (max-width: $breakpoint-xl) {
             grid-template-columns: 1fr;
         }
     }
@@ -179,12 +179,12 @@
         flex-shrink: 0;
         display: flex;
         flex-direction: column;
-        gap: @space-4;
+        gap: $space-4;
         overflow-y: auto;
         max-height: calc(100vh - 120px);
-        .transition(all);
+        @include transition(all);
 
-        @media (max-width: @breakpoint-lg) {
+        @media (max-width: $breakpoint-lg) {
             position: fixed;
             right: 0;
             top: 64px;
@@ -192,22 +192,22 @@
             width: 100%;
             max-width: 360px;
             max-height: none;
-            background: @bg-body;
-            padding: @space-4;
-            z-index: @z-modal;
+            background: $bg-body;
+            padding: $space-4;
+            z-index: $z-modal;
             box-shadow: -4px 0 20px rgba(0, 0, 0, 0.3);
         }
     }
 
     &:not(.sidebar-open) .file-manager-sidebar {
-        @media (max-width: @breakpoint-lg) {
+        @media (max-width: $breakpoint-lg) {
             transform: translateX(100%);
         }
     }
 
     .sidebar-section {
-        background: @bg-card;
-        border-radius: @radius-lg;
+        background: $bg-card;
+        border-radius: $radius-lg;
         overflow: hidden;
 
         &:last-child {
@@ -218,27 +218,27 @@
     .sidebar-section-header {
         display: flex;
         align-items: center;
-        gap: @space-2;
-        padding: @space-3 @space-4;
-        background: @bg-elevated;
+        gap: $space-2;
+        padding: $space-3 $space-4;
+        background: $bg-elevated;
         border: none;
         width: 100%;
         text-align: left;
         cursor: pointer;
-        color: @text-primary;
-        font-size: @font-size-sm;
-        font-weight: @font-weight-medium;
-        .transition(background);
+        color: $text-primary;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
+        @include transition(background);
 
         &:hover {
-            background: @bg-tertiary;
+            background: $bg-tertiary;
         }
 
         &.static {
             cursor: default;
 
             &:hover {
-                background: @bg-elevated;
+                background: $bg-elevated;
             }
         }
 
@@ -252,7 +252,7 @@
     }
 
     .sidebar-section-content {
-        padding: @space-3 @space-4;
+        padding: $space-3 $space-4;
     }
 
     // Disk usage section
@@ -260,20 +260,20 @@
         display: flex;
         justify-content: space-between;
         align-items: center;
-        margin-bottom: @space-3;
+        margin-bottom: $space-3;
     }
 
     .disk-updated {
         display: flex;
         align-items: center;
-        gap: @space-1;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        gap: $space-1;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
     }
 
     .disk-mount-item {
-        padding: @space-3 0;
-        border-bottom: 1px solid @border-subtle;
+        padding: $space-3 0;
+        border-bottom: 1px solid $border-subtle;
 
         &:last-child {
             border-bottom: none;
@@ -289,50 +289,50 @@
         display: flex;
         justify-content: space-between;
         align-items: center;
-        margin-bottom: @space-2;
+        margin-bottom: $space-2;
     }
 
     .disk-mount-point {
-        font-family: @font-mono;
-        font-size: @font-size-sm;
-        color: @text-primary;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
+        color: $text-primary;
     }
 
     .disk-percent {
-        font-size: @font-size-sm;
-        font-weight: @font-weight-medium;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
 
-        &.healthy { color: @success; }
-        &.warning { color: @warning; }
-        &.critical { color: @danger; }
+        &.healthy { color: $success; }
+        &.warning { color: $warning; }
+        &.critical { color: $danger; }
     }
 
     .disk-progress {
         height: 6px;
-        background: @border-default;
-        border-radius: @radius-sm;
+        background: $border-default;
+        border-radius: $radius-sm;
         overflow: hidden;
-        margin-bottom: @space-2;
+        margin-bottom: $space-2;
 
         .disk-progress-fill {
             height: 100%;
-            .transition(width);
+            @include transition(width);
         }
 
-        &.healthy .disk-progress-fill { background: @success; }
-        &.warning .disk-progress-fill { background: @warning; }
-        &.critical .disk-progress-fill { background: @danger; }
+        &.healthy .disk-progress-fill { background: $success; }
+        &.warning .disk-progress-fill { background: $warning; }
+        &.critical .disk-progress-fill { background: $danger; }
     }
 
     .disk-mount-info {
         display: flex;
         justify-content: space-between;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
     }
 
     .disk-device {
-        font-family: @font-mono;
+        font-family: $font-mono;
     }
 
     // Analysis section
@@ -340,23 +340,23 @@
         display: flex;
         align-items: center;
         justify-content: center;
-        gap: @space-2;
-        padding: @space-6 0;
-        color: @text-secondary;
-        font-size: @font-size-sm;
+        gap: $space-2;
+        padding: $space-6 0;
+        color: $text-secondary;
+        font-size: $font-size-sm;
     }
 
     .analysis-total {
-        font-size: @font-size-sm;
-        font-weight: @font-weight-medium;
-        color: @text-primary;
-        margin-bottom: @space-3;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
+        color: $text-primary;
+        margin-bottom: $space-3;
     }
 
     .analysis-tabs {
         display: flex;
-        gap: @space-2;
-        margin-bottom: @space-3;
+        gap: $space-2;
+        margin-bottom: $space-3;
     }
 
     .analysis-tab {
@@ -364,41 +364,41 @@
         display: flex;
         align-items: center;
         justify-content: center;
-        gap: @space-1;
-        padding: @space-2;
-        background: @bg-tertiary;
+        gap: $space-1;
+        padding: $space-2;
+        background: $bg-tertiary;
         border: 1px solid transparent;
-        border-radius: @radius-md;
-        font-size: @font-size-xs;
-        color: @text-secondary;
+        border-radius: $radius-md;
+        font-size: $font-size-xs;
+        color: $text-secondary;
         cursor: pointer;
-        .transition(all);
+        @include transition(all);
 
         &:hover {
-            background: @bg-hover;
+            background: $bg-hover;
         }
 
         &.active {
-            background: @accent-glow;
-            border-color: fade(@accent-primary-raw, 30%);
-            color: @accent-primary;
+            background: $accent-glow;
+            border-color: fade($accent-primary-raw, 30%);
+            color: $accent-primary;
         }
     }
 
     .analysis-bars {
         display: flex;
         flex-direction: column;
-        gap: @space-2;
+        gap: $space-2;
     }
 
     .analysis-bar-item {
         cursor: pointer;
-        padding: @space-2;
-        border-radius: @radius-md;
-        .transition(background);
+        padding: $space-2;
+        border-radius: $radius-md;
+        @include transition(background);
 
         &:hover {
-            background: @bg-hover;
+            background: $bg-hover;
         }
     }
 
@@ -406,127 +406,127 @@
         display: flex;
         justify-content: space-between;
         align-items: center;
-        margin-bottom: @space-1;
+        margin-bottom: $space-1;
     }
 
     .analysis-bar-name {
         display: flex;
         align-items: center;
-        gap: @space-1;
-        font-size: @font-size-xs;
-        color: @text-primary;
-        .truncate();
+        gap: $space-1;
+        font-size: $font-size-xs;
+        color: $text-primary;
+        @include truncate();
 
         svg {
-            color: @warning;
+            color: $warning;
             flex-shrink: 0;
         }
     }
 
     .analysis-bar-size {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-        font-family: @font-mono;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        font-family: $font-mono;
     }
 
     .analysis-bar-track {
         height: 4px;
-        background: @border-default;
-        border-radius: @radius-sm;
+        background: $border-default;
+        border-radius: $radius-sm;
         overflow: hidden;
     }
 
     .analysis-bar-fill {
         height: 100%;
-        background: @accent-primary;
-        .transition(width);
+        background: $accent-primary;
+        @include transition(width);
     }
 
     .analysis-files {
         display: flex;
         flex-direction: column;
-        gap: @space-1;
+        gap: $space-1;
     }
 
     .analysis-file-item {
         display: flex;
         align-items: center;
-        gap: @space-2;
-        padding: @space-2;
-        border-radius: @radius-md;
+        gap: $space-2;
+        padding: $space-2;
+        border-radius: $radius-md;
         cursor: pointer;
-        .transition(background);
+        @include transition(background);
 
         &:hover {
-            background: @bg-hover;
+            background: $bg-hover;
         }
 
         svg {
-            color: @text-tertiary;
+            color: $text-tertiary;
             flex-shrink: 0;
         }
     }
 
     .analysis-file-name {
         flex: 1;
-        font-size: @font-size-xs;
-        color: @text-primary;
-        .truncate();
+        font-size: $font-size-xs;
+        color: $text-primary;
+        @include truncate();
     }
 
     .analysis-file-size {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-        font-family: @font-mono;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        font-family: $font-mono;
     }
 
     .analysis-empty {
-        padding: @space-4 0;
+        padding: $space-4 0;
         text-align: center;
-        color: @text-tertiary;
-        font-size: @font-size-sm;
+        color: $text-tertiary;
+        font-size: $font-size-sm;
     }
 
     // Type breakdown chart
     .type-breakdown-chart {
-        margin-bottom: @space-3;
+        margin-bottom: $space-3;
     }
 
     .type-breakdown-legend {
         display: flex;
         flex-direction: column;
-        gap: @space-2;
+        gap: $space-2;
     }
 
     .type-legend-item {
         display: flex;
         align-items: center;
-        gap: @space-2;
+        gap: $space-2;
     }
 
     .type-legend-color {
         width: 10px;
         height: 10px;
-        border-radius: @radius-sm;
+        border-radius: $radius-sm;
         flex-shrink: 0;
     }
 
     .type-legend-name {
         flex: 1;
-        font-size: @font-size-xs;
-        color: @text-primary;
+        font-size: $font-size-xs;
+        color: $text-primary;
     }
 
     .type-legend-size {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-        font-family: @font-mono;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        font-family: $font-mono;
     }
 
     // File list
     .file-list-container {
-        background: @bg-card;
-        border-radius: @radius-lg;
+        background: $bg-card;
+        border-radius: $radius-lg;
         overflow: hidden;
 
         .loading-state,
@@ -535,11 +535,11 @@
             flex-direction: column;
             align-items: center;
             justify-content: center;
-            padding: @space-12;
-            color: @text-tertiary;
+            padding: $space-12;
+            color: $text-tertiary;
 
             svg {
-                margin-bottom: @space-4;
+                margin-bottom: $space-4;
             }
 
             p {
@@ -552,65 +552,65 @@
         .file-list-header {
             display: grid;
             grid-template-columns: 1fr 100px 120px 120px 120px;
-            padding: @space-3 @space-4;
-            background: @bg-tertiary;
-            font-size: @font-size-xs;
-            font-weight: @font-weight-semibold;
+            padding: $space-3 $space-4;
+            background: $bg-tertiary;
+            font-size: $font-size-xs;
+            font-weight: $font-weight-semibold;
             text-transform: uppercase;
-            color: @text-tertiary;
-            border-bottom: 1px solid @border-default;
+            color: $text-tertiary;
+            border-bottom: 1px solid $border-default;
         }
 
         .file-item {
             display: grid;
             grid-template-columns: 1fr 100px 120px 120px 120px;
-            padding: @space-3 @space-4;
-            border-bottom: 1px solid @border-default;
+            padding: $space-3 $space-4;
+            border-bottom: 1px solid $border-default;
             cursor: pointer;
-            .transition(background);
+            @include transition(background);
 
             &:hover {
-                background: @bg-hover;
+                background: $bg-hover;
             }
 
             &.selected {
-                background: @accent-glow;
+                background: $accent-glow;
             }
 
             .col-name {
                 display: flex;
                 align-items: center;
-                gap: @space-2;
+                gap: $space-2;
                 overflow: hidden;
                 text-overflow: ellipsis;
                 white-space: nowrap;
 
                 .link-indicator {
-                    color: @text-tertiary;
-                    font-size: @font-size-sm;
+                    color: $text-tertiary;
+                    font-size: $font-size-sm;
                 }
             }
 
             .col-size,
             .col-modified,
             .col-permissions {
-                font-size: @font-size-sm;
-                color: @text-secondary;
+                font-size: $font-size-sm;
+                color: $text-secondary;
             }
 
             .col-permissions {
-                font-family: @font-mono;
-                font-size: @font-size-xs;
+                font-family: $font-mono;
+                font-size: $font-size-xs;
             }
 
             .col-actions {
                 display: flex;
-                gap: @space-1;
+                gap: $space-1;
                 justify-content: flex-end;
 
                 .btn-icon {
                     opacity: 0;
-                    .transition(opacity);
+                    @include transition(opacity);
                 }
             }
 
@@ -623,23 +623,23 @@
     // File icons
     .file-icon-svg {
         flex-shrink: 0;
-        color: @text-tertiary;
+        color: $text-tertiary;
 
-        &.folder { color: @warning; }
+        &.folder { color: $warning; }
         &.code { color: #8b5cf6; }
-        &.image { color: @success; }
+        &.image { color: $success; }
         &.video { color: #ec4899; }
-        &.audio { color: @warning; }
-        &.archive { color: @danger; }
+        &.audio { color: $warning; }
+        &.archive { color: $danger; }
         &.data { color: #14b8a6; }
-        &.text { color: @text-secondary; }
-        &.terminal { color: @success; }
+        &.text { color: $text-secondary; }
+        &.terminal { color: $success; }
     }
 
     // File preview
     .file-preview {
-        background: @bg-card;
-        border-radius: @radius-lg;
+        background: $bg-card;
+        border-radius: $radius-lg;
         display: flex;
         flex-direction: column;
         max-height: calc(100vh - 300px);
@@ -648,13 +648,13 @@
             display: flex;
             justify-content: space-between;
             align-items: center;
-            padding: @space-4;
-            border-bottom: 1px solid @border-default;
+            padding: $space-4;
+            border-bottom: 1px solid $border-default;
 
             h3 {
                 margin: 0;
-                font-size: @font-size-base;
-                font-weight: @font-weight-semibold;
+                font-size: $font-size-base;
+                font-weight: $font-weight-semibold;
                 overflow: hidden;
                 text-overflow: ellipsis;
                 white-space: nowrap;
@@ -662,37 +662,37 @@
 
             .preview-actions {
                 display: flex;
-                gap: @space-2;
+                gap: $space-2;
             }
         }
 
         .preview-info {
             display: flex;
-            gap: @space-4;
-            padding: @space-3 @space-4;
-            background: @bg-tertiary;
-            font-size: @font-size-xs;
-            color: @text-secondary;
+            gap: $space-4;
+            padding: $space-3 $space-4;
+            background: $bg-tertiary;
+            font-size: $font-size-xs;
+            color: $text-secondary;
             flex-wrap: wrap;
         }
 
         .file-editor {
             flex: 1;
-            padding: @space-4;
-            font-family: @font-mono;
-            font-size: @font-size-sm;
-            line-height: @line-height-relaxed;
-            background: @bg-body;
+            padding: $space-4;
+            font-family: $font-mono;
+            font-size: $font-size-sm;
+            line-height: $line-height-relaxed;
+            background: $bg-body;
             border: none;
             resize: none;
-            color: @text-primary;
+            color: $text-primary;
 
             &:focus {
                 outline: none;
             }
 
             &[readonly] {
-                background: @bg-tertiary;
+                background: $bg-tertiary;
             }
         }
 
@@ -702,43 +702,43 @@
             flex-direction: column;
             align-items: center;
             justify-content: center;
-            padding: @space-12;
-            color: @text-tertiary;
+            padding: $space-12;
+            color: $text-tertiary;
 
             svg {
-                margin-bottom: @space-4;
+                margin-bottom: $space-4;
             }
 
             p {
-                margin-bottom: @space-4;
+                margin-bottom: $space-4;
             }
         }
     }
 
     .permissions-help {
-        margin-top: @space-4;
-        padding: @space-3;
-        background: @bg-tertiary;
-        border-radius: @radius-md;
-        font-size: @font-size-sm;
+        margin-top: $space-4;
+        padding: $space-3;
+        background: $bg-tertiary;
+        border-radius: $radius-md;
+        font-size: $font-size-sm;
 
         p {
-            margin: 0 0 @space-2 0;
-            font-weight: @font-weight-medium;
+            margin: 0 0 $space-2 0;
+            font-weight: $font-weight-medium;
         }
 
         ul {
             margin: 0;
-            padding-left: @space-5;
+            padding-left: $space-5;
 
             li {
-                margin-bottom: @space-1;
+                margin-bottom: $space-1;
             }
 
             code {
-                background: @bg-body;
-                padding: 2px @space-2;
-                border-radius: @radius-sm;
+                background: $bg-body;
+                padding: 2px $space-2;
+                border-radius: $radius-sm;
             }
         }
     }
@@ -755,7 +755,7 @@
 }
 
 // Responsive adjustments
-@media (max-width: @breakpoint-md) {
+@media (max-width: $breakpoint-md) {
     .file-manager {
         .page-header {
             flex-direction: column;
@@ -794,7 +794,7 @@
     }
 }
 
-@media (max-width: @breakpoint-sm) {
+@media (max-width: $breakpoint-sm) {
     .file-manager {
         .file-list {
             .file-list-header,
diff --git a/frontend/src/styles/pages/_firewall.less b/frontend/src/styles/pages/_firewall.scss
similarity index 53%
rename from frontend/src/styles/pages/_firewall.less
rename to frontend/src/styles/pages/_firewall.scss
index 7513039c..31f188aa 100644
--- a/frontend/src/styles/pages/_firewall.less
+++ b/frontend/src/styles/pages/_firewall.scss
@@ -7,26 +7,26 @@
         display: flex;
         justify-content: space-between;
         align-items: flex-start;
-        margin-bottom: @space-6;
+        margin-bottom: $space-6;
         flex-wrap: wrap;
-        gap: @space-4;
+        gap: $space-4;
 
         .page-header-content {
             h1 {
-                font-size: @font-size-2xl;
-                font-weight: @font-weight-semibold;
-                margin: 0 0 @space-1 0;
+                font-size: $font-size-2xl;
+                font-weight: $font-weight-semibold;
+                margin: 0 0 $space-1 0;
             }
 
             .page-description {
-                color: @text-secondary;
+                color: $text-secondary;
                 margin: 0;
             }
         }
 
         .page-header-actions {
             display: flex;
-            gap: @space-2;
+            gap: $space-2;
         }
     }
 
@@ -42,26 +42,26 @@
         flex-direction: column;
         align-items: center;
         justify-content: center;
-        padding: 80px @space-6;
-        background: @bg-card;
-        border-radius: @radius-xl;
+        padding: 80px $space-6;
+        background: $bg-card;
+        border-radius: $radius-xl;
         text-align: center;
 
         .icon {
             font-size: 64px;
-            color: @text-tertiary;
-            margin-bottom: @space-6;
+            color: $text-tertiary;
+            margin-bottom: $space-6;
         }
 
         h2 {
-            margin: 0 0 @space-3 0;
-            font-size: @font-size-2xl;
-            font-weight: @font-weight-semibold;
+            margin: 0 0 $space-3 0;
+            font-size: $font-size-2xl;
+            font-weight: $font-weight-semibold;
         }
 
         p {
-            margin: 0 0 @space-6 0;
-            color: @text-secondary;
+            margin: 0 0 $space-6 0;
+            color: $text-secondary;
             max-width: 400px;
         }
     }
@@ -69,40 +69,40 @@
     .status-cards {
         display: grid;
         grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
-        gap: @space-4;
-        margin-bottom: @space-6;
+        gap: $space-4;
+        margin-bottom: $space-6;
     }
 
     .status-card {
         display: flex;
         align-items: center;
-        gap: @space-4;
-        padding: @space-5;
-        background: @bg-card;
-        border-radius: @radius-xl;
-        border-left: 4px solid @border-subtle;
+        gap: $space-4;
+        padding: $space-5;
+        background: $bg-card;
+        border-radius: $radius-xl;
+        border-left: 4px solid $border-subtle;
 
         &.success {
-            border-left-color: @success;
+            border-left-color: $success;
 
             .status-icon {
-                color: @success;
+                color: $success;
             }
         }
 
         &.danger {
-            border-left-color: @danger;
+            border-left-color: $danger;
 
             .status-icon {
-                color: @danger;
+                color: $danger;
             }
         }
 
         &.warning {
-            border-left-color: @warning;
+            border-left-color: $warning;
 
             .status-icon {
-                color: @warning;
+                color: $warning;
             }
         }
 
@@ -115,43 +115,43 @@
         .status-info {
             display: flex;
             flex-direction: column;
-            gap: @space-1;
+            gap: $space-1;
 
             .status-label {
-                font-size: @font-size-sm;
-                color: @text-secondary;
+                font-size: $font-size-sm;
+                color: $text-secondary;
             }
 
             .status-value {
-                font-size: @font-size-lg;
-                font-weight: @font-weight-semibold;
+                font-size: $font-size-lg;
+                font-weight: $font-weight-semibold;
             }
         }
     }
 
     .tabs {
         display: flex;
-        gap: @space-1;
-        margin-bottom: @space-6;
-        border-bottom: 1px solid @border-subtle;
+        gap: $space-1;
+        margin-bottom: $space-6;
+        border-bottom: 1px solid $border-subtle;
 
         .tab {
-            padding: @space-3 @space-5;
+            padding: $space-3 $space-5;
             background: none;
             border: none;
-            font-size: @font-size-base;
-            font-weight: @font-weight-medium;
-            color: @text-secondary;
+            font-size: $font-size-base;
+            font-weight: $font-weight-medium;
+            color: $text-secondary;
             cursor: pointer;
             position: relative;
-            transition: color @transition-fast;
+            transition: color $transition-fast;
 
             &:hover {
-                color: @text-primary;
+                color: $text-primary;
             }
 
             &.active {
-                color: @accent-primary;
+                color: $accent-primary;
 
                 &::after {
                     content: '';
@@ -160,7 +160,7 @@
                     left: 0;
                     right: 0;
                     height: 2px;
-                    background: @accent-primary;
+                    background: $accent-primary;
                 }
             }
         }
@@ -171,12 +171,12 @@
             display: flex;
             justify-content: space-between;
             align-items: center;
-            margin-bottom: @space-4;
+            margin-bottom: $space-4;
 
             h3 {
                 margin: 0;
-                font-size: @font-size-md;
-                font-weight: @font-weight-semibold;
+                font-size: $font-size-md;
+                font-weight: $font-weight-semibold;
             }
         }
 
@@ -185,18 +185,18 @@
             flex-direction: column;
             align-items: center;
             justify-content: center;
-            padding: @space-12;
-            background: @bg-card;
-            border-radius: @radius-lg;
-            color: @text-tertiary;
+            padding: $space-12;
+            background: $bg-card;
+            border-radius: $radius-lg;
+            color: $text-tertiary;
 
             .icon {
                 font-size: 48px;
-                margin-bottom: @space-4;
+                margin-bottom: $space-4;
             }
 
             p {
-                margin-bottom: @space-4;
+                margin-bottom: $space-4;
             }
         }
     }
@@ -205,56 +205,56 @@
     .overview-tab {
         display: grid;
         grid-template-columns: 1fr 1fr;
-        gap: @space-6;
+        gap: $space-6;
 
-        @media (max-width: @breakpoint-md) {
+        @media (max-width: $breakpoint-md) {
             grid-template-columns: 1fr;
         }
 
         .info-card,
         .protection-summary {
-            background: @bg-card;
-            border-radius: @radius-lg;
-            padding: @space-5;
+            background: $bg-card;
+            border-radius: $radius-lg;
+            padding: $space-5;
 
             h3 {
-                margin: 0 0 @space-4 0;
-                font-size: @font-size-md;
-                font-weight: @font-weight-semibold;
+                margin: 0 0 $space-4 0;
+                font-size: $font-size-md;
+                font-weight: $font-weight-semibold;
             }
         }
 
         .info-grid {
             display: grid;
-            gap: @space-3;
+            gap: $space-3;
         }
 
         .info-item {
             display: flex;
             justify-content: space-between;
             align-items: center;
-            padding: @space-2 0;
-            border-bottom: 1px solid @border-subtle;
+            padding: $space-2 0;
+            border-bottom: 1px solid $border-subtle;
 
             &:last-child {
                 border-bottom: none;
             }
 
             .info-label {
-                font-size: @font-size-sm;
-                color: @text-secondary;
+                font-size: $font-size-sm;
+                color: $text-secondary;
             }
 
             .info-value {
-                font-size: @font-size-sm;
-                font-weight: @font-weight-medium;
+                font-size: $font-size-sm;
+                font-weight: $font-weight-medium;
 
                 &.text-success {
-                    color: @success;
+                    color: $success;
                 }
 
                 &.text-danger {
-                    color: @danger;
+                    color: $danger;
                 }
             }
         }
@@ -262,26 +262,26 @@
         .summary-grid {
             display: flex;
             flex-direction: column;
-            gap: @space-3;
+            gap: $space-3;
         }
 
         .summary-item {
             display: flex;
             align-items: center;
-            gap: @space-3;
+            gap: $space-3;
 
             .summary-icon {
                 &.text-success {
-                    color: @success;
+                    color: $success;
                 }
 
                 &.text-danger {
-                    color: @danger;
+                    color: $danger;
                 }
             }
 
             .summary-text {
-                font-size: @font-size-sm;
+                font-size: $font-size-sm;
             }
         }
     }
@@ -289,8 +289,8 @@
     // Rules Tab
     .rules-tab {
         .rules-table {
-            background: @bg-card;
-            border-radius: @radius-lg;
+            background: $bg-card;
+            border-radius: $radius-lg;
             overflow: hidden;
 
             table {
@@ -299,28 +299,28 @@
 
                 th,
                 td {
-                    padding: @space-3 @space-4;
+                    padding: $space-3 $space-4;
                     text-align: left;
                 }
 
                 th {
-                    background: @bg-hover;
-                    font-size: @font-size-xs;
-                    font-weight: @font-weight-semibold;
+                    background: $bg-hover;
+                    font-size: $font-size-xs;
+                    font-weight: $font-weight-semibold;
                     text-transform: uppercase;
-                    color: @text-tertiary;
+                    color: $text-tertiary;
                 }
 
                 td {
-                    border-bottom: 1px solid @border-subtle;
-                    font-size: @font-size-sm;
+                    border-bottom: 1px solid $border-subtle;
+                    font-size: $font-size-sm;
 
                     .rule-code {
-                        font-family: @font-mono;
-                        font-size: @font-size-xs;
-                        background: @bg-hover;
-                        padding: @space-1 @space-2;
-                        border-radius: @radius-sm;
+                        font-family: $font-mono;
+                        font-size: $font-size-xs;
+                        background: $bg-hover;
+                        padding: $space-1 $space-2;
+                        border-radius: $radius-sm;
                     }
                 }
 
@@ -336,32 +336,32 @@
         .blocked-list {
             display: flex;
             flex-direction: column;
-            gap: @space-3;
+            gap: $space-3;
         }
 
         .blocked-item {
             display: flex;
             justify-content: space-between;
             align-items: center;
-            padding: @space-4;
-            background: @bg-card;
-            border-radius: @radius-lg;
-            border: 1px solid @border-subtle;
+            padding: $space-4;
+            background: $bg-card;
+            border-radius: $radius-lg;
+            border: 1px solid $border-subtle;
 
             .blocked-info {
                 display: flex;
                 flex-direction: column;
-                gap: @space-1;
+                gap: $space-1;
 
                 .blocked-ip {
-                    font-weight: @font-weight-semibold;
-                    color: @danger;
+                    font-weight: $font-weight-semibold;
+                    color: $danger;
                 }
 
                 .blocked-rule {
-                    font-family: @font-mono;
-                    font-size: @font-size-xs;
-                    color: @text-tertiary;
+                    font-family: $font-mono;
+                    font-size: $font-size-xs;
+                    color: $text-tertiary;
                 }
             }
         }
@@ -370,40 +370,40 @@
     // Quick Actions Tab
     .quick-tab {
         h3 {
-            margin: 0 0 @space-2 0;
-            font-size: @font-size-md;
-            font-weight: @font-weight-semibold;
+            margin: 0 0 $space-2 0;
+            font-size: $font-size-md;
+            font-weight: $font-weight-semibold;
         }
 
         .quick-ports {
             display: grid;
             grid-template-columns: repeat(auto-fill, minmax(220px, 1fr));
-            gap: @space-3;
-            margin-top: @space-6;
+            gap: $space-3;
+            margin-top: $space-6;
         }
 
         .quick-port-item {
             display: flex;
             justify-content: space-between;
             align-items: center;
-            padding: @space-4;
-            background: @bg-card;
-            border-radius: @radius-lg;
-            border: 1px solid @border-subtle;
+            padding: $space-4;
+            background: $bg-card;
+            border-radius: $radius-lg;
+            border: 1px solid $border-subtle;
 
             .port-info {
                 display: flex;
                 flex-direction: column;
-                gap: @space-1;
+                gap: $space-1;
 
                 .port-name {
-                    font-weight: @font-weight-medium;
+                    font-weight: $font-weight-medium;
                 }
 
                 .port-number {
-                    font-size: @font-size-sm;
-                    color: @text-tertiary;
-                    font-family: @font-mono;
+                    font-size: $font-size-sm;
+                    color: $text-tertiary;
+                    font-family: $font-mono;
                 }
             }
         }
@@ -411,18 +411,18 @@
 
     // Install info
     .install-info {
-        padding: @space-4;
-        background: @bg-hover;
-        border-radius: @radius-lg;
-        margin-top: @space-4;
+        padding: $space-4;
+        background: $bg-hover;
+        border-radius: $radius-lg;
+        margin-top: $space-4;
 
         p {
             margin: 0;
-            font-size: @font-size-sm;
-            line-height: @line-height-relaxed;
+            font-size: $font-size-sm;
+            line-height: $line-height-relaxed;
 
             strong {
-                color: @accent-primary;
+                color: $accent-primary;
             }
         }
     }
@@ -431,6 +431,6 @@
     .form-row {
         display: grid;
         grid-template-columns: 1fr 1fr;
-        gap: @space-4;
+        gap: $space-4;
     }
 }
diff --git a/frontend/src/styles/pages/_fleet-monitor.scss b/frontend/src/styles/pages/_fleet-monitor.scss
new file mode 100644
index 00000000..cae4548f
--- /dev/null
+++ b/frontend/src/styles/pages/_fleet-monitor.scss
@@ -0,0 +1,79 @@
+// ============================================
+// FLEET MONITOR PAGE
+// ============================================
+
+.fleet-heatmap {
+    width: 100%;
+
+    &__header {
+        display: grid;
+        grid-template-columns: 2fr 1fr 1fr 1fr 1fr 1fr;
+        gap: $space-2;
+        padding: $space-2 $space-3;
+        font-size: 0.75rem;
+        font-weight: 600;
+        text-transform: uppercase;
+        color: $text-secondary;
+        border-bottom: 1px solid $border-subtle;
+    }
+
+    &__row {
+        display: grid;
+        grid-template-columns: 2fr 1fr 1fr 1fr 1fr 1fr;
+        gap: $space-2;
+        padding: $space-2 $space-3;
+        align-items: center;
+        border-bottom: 1px solid $border-subtle;
+        transition: background 0.15s;
+
+        &:hover {
+            background: $bg-hover;
+        }
+
+        &:last-child {
+            border-bottom: none;
+        }
+    }
+
+    &__server {
+        display: flex;
+        align-items: center;
+        gap: $space-2;
+        font-weight: 500;
+        font-size: 0.875rem;
+        overflow: hidden;
+        text-overflow: ellipsis;
+        white-space: nowrap;
+    }
+
+    &__cell {
+        text-align: center;
+        padding: $space-1 $space-2;
+        border-radius: $radius-sm;
+        font-size: 0.8125rem;
+        font-weight: 500;
+        font-variant-numeric: tabular-nums;
+        transition: background-color 0.3s;
+    }
+
+    &__label {
+        text-align: center;
+    }
+}
+
+@media (max-width: $breakpoint-md) {
+    .fleet-heatmap {
+        &__header,
+        &__row {
+            grid-template-columns: 1.5fr 1fr 1fr 1fr;
+        }
+
+        // Hide containers and status columns on small screens
+        &__header > :nth-child(5),
+        &__header > :nth-child(6),
+        &__row > :nth-child(5),
+        &__row > :nth-child(6) {
+            display: none;
+        }
+    }
+}
diff --git a/frontend/src/styles/pages/_ftp-server.less b/frontend/src/styles/pages/_ftp-server.scss
similarity index 99%
rename from frontend/src/styles/pages/_ftp-server.less
rename to frontend/src/styles/pages/_ftp-server.scss
index 31d53510..cec59d21 100644
--- a/frontend/src/styles/pages/_ftp-server.less
+++ b/frontend/src/styles/pages/_ftp-server.scss
@@ -327,7 +327,7 @@
 
                 &.badge-warning {
                     background: rgba(255, 193, 7, 0.1);
-                    color: #f59e0b;
+                    color: $color-star;
                 }
             }
 
diff --git a/frontend/src/styles/pages/_git.less b/frontend/src/styles/pages/_git.less
deleted file mode 100644
index 1aa00f7f..00000000
--- a/frontend/src/styles/pages/_git.less
+++ /dev/null
@@ -1,1469 +0,0 @@
-// ============================================
-// GIT PAGE
-// ============================================
-
-.git-page {
-    .page-header {
-        display: flex;
-        justify-content: space-between;
-        align-items: flex-start;
-        margin-bottom: @space-6;
-        flex-wrap: wrap;
-        gap: @space-4;
-
-        .page-header-content {
-            h1 {
-                font-size: @font-size-2xl;
-                font-weight: @font-weight-semibold;
-                margin: 0 0 @space-1 0;
-            }
-
-            .page-description {
-                color: @text-secondary;
-                margin: 0;
-            }
-        }
-
-        .page-header-actions {
-            display: flex;
-            gap: @space-2;
-        }
-    }
-
-    .page-loading {
-        display: flex;
-        justify-content: center;
-        align-items: center;
-        min-height: 400px;
-    }
-
-    .empty-state-large {
-        display: flex;
-        flex-direction: column;
-        align-items: center;
-        justify-content: center;
-        padding: 60px @space-6;
-        background: @bg-card;
-        border-radius: @radius-xl;
-        text-align: center;
-
-        .empty-icon {
-            color: @text-tertiary;
-            margin-bottom: @space-6;
-        }
-
-        h2 {
-            margin: 0 0 @space-3 0;
-            font-size: @font-size-2xl;
-            font-weight: @font-weight-semibold;
-        }
-
-        p {
-            margin: 0 0 @space-6 0;
-            color: @text-secondary;
-            max-width: 400px;
-        }
-    }
-
-    .resource-warning {
-        background: fade(@warning, 10%);
-        border: 1px solid fade(@warning, 30%);
-        border-radius: @radius-lg;
-        padding: @space-5;
-        margin-bottom: @space-6;
-        text-align: left;
-        max-width: 500px;
-
-        .warning-header {
-            display: flex;
-            align-items: center;
-            gap: @space-2;
-            margin-bottom: @space-3;
-            color: @warning;
-
-            strong {
-                color: @text-primary;
-            }
-        }
-
-        ul {
-            margin: 0;
-            padding-left: @space-5;
-            color: @text-secondary;
-            font-size: @font-size-sm;
-
-            li {
-                margin-bottom: @space-1;
-
-                &:last-child {
-                    margin-bottom: 0;
-                }
-
-                strong {
-                    color: @text-primary;
-                }
-            }
-        }
-    }
-
-    .status-cards {
-        display: grid;
-        grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
-        gap: @space-4;
-        margin-bottom: @space-6;
-    }
-
-    .status-card {
-        display: flex;
-        align-items: center;
-        gap: @space-4;
-        padding: @space-5;
-        background: @bg-card;
-        border-radius: @radius-xl;
-        border-left: 4px solid @border-subtle;
-
-        &.success {
-            border-left-color: @success;
-
-            .status-icon {
-                color: @success;
-            }
-        }
-
-        &.danger {
-            border-left-color: @danger;
-
-            .status-icon {
-                color: @danger;
-            }
-        }
-
-        &.warning {
-            border-left-color: @warning;
-
-            .status-icon {
-                color: @warning;
-            }
-        }
-
-        .status-icon {
-            color: @text-tertiary;
-        }
-
-        .status-info {
-            display: flex;
-            flex-direction: column;
-            gap: @space-1;
-
-            .status-label {
-                font-size: @font-size-sm;
-                color: @text-secondary;
-            }
-
-            .status-value {
-                font-size: @font-size-lg;
-                font-weight: @font-weight-semibold;
-            }
-        }
-    }
-
-    .tabs {
-        display: flex;
-        gap: @space-1;
-        margin-bottom: @space-6;
-        border-bottom: 1px solid @border-subtle;
-
-        .tab {
-            padding: @space-3 @space-5;
-            background: none;
-            border: none;
-            font-size: @font-size-base;
-            font-weight: @font-weight-medium;
-            color: @text-secondary;
-            cursor: pointer;
-            position: relative;
-            transition: color @transition-fast;
-
-            &:hover {
-                color: @text-primary;
-            }
-
-            &.active {
-                color: @accent-primary;
-
-                &::after {
-                    content: '';
-                    position: absolute;
-                    bottom: -1px;
-                    left: 0;
-                    right: 0;
-                    height: 2px;
-                    background: @accent-primary;
-                }
-            }
-        }
-    }
-
-    .tab-content {
-        .section-header {
-            display: flex;
-            justify-content: space-between;
-            align-items: center;
-            margin-bottom: @space-4;
-
-            h3 {
-                margin: 0;
-                font-size: @font-size-md;
-                font-weight: @font-weight-semibold;
-            }
-        }
-    }
-
-    // Overview Tab
-    .overview-tab {
-        display: grid;
-        grid-template-columns: 1fr 1fr;
-        gap: @space-6;
-
-        @media (max-width: @breakpoint-md) {
-            grid-template-columns: 1fr;
-        }
-
-        .info-card {
-            background: @bg-card;
-            border-radius: @radius-lg;
-            padding: @space-5;
-
-            h3 {
-                margin: 0 0 @space-4 0;
-                font-size: @font-size-md;
-                font-weight: @font-weight-semibold;
-            }
-        }
-
-        .info-grid {
-            display: grid;
-            gap: @space-3;
-        }
-
-        .info-item {
-            display: flex;
-            justify-content: space-between;
-            align-items: center;
-            padding: @space-2 0;
-            border-bottom: 1px solid @border-subtle;
-
-            &:last-child {
-                border-bottom: none;
-            }
-
-            .info-label {
-                font-size: @font-size-sm;
-                color: @text-secondary;
-            }
-
-            .info-value {
-                font-size: @font-size-sm;
-                font-weight: @font-weight-medium;
-
-                &.text-success {
-                    color: @success;
-                }
-
-                &.text-danger {
-                    color: @danger;
-                }
-
-                &.code {
-                    font-family: @font-mono;
-                    font-size: @font-size-xs;
-                    background: @bg-hover;
-                    padding: @space-1 @space-2;
-                    border-radius: @radius-sm;
-                }
-
-                a {
-                    color: @accent-primary;
-                    text-decoration: none;
-
-                    &:hover {
-                        text-decoration: underline;
-                    }
-                }
-            }
-        }
-
-        .quick-actions {
-            display: flex;
-            gap: @space-3;
-            flex-wrap: wrap;
-        }
-    }
-
-    // Access Tab
-    .access-tab {
-        display: flex;
-        flex-direction: column;
-        gap: @space-4;
-
-        .info-card {
-            background: @bg-card;
-            border-radius: @radius-lg;
-            padding: @space-5;
-
-            h3 {
-                margin: 0 0 @space-2 0;
-                font-size: @font-size-md;
-                font-weight: @font-weight-semibold;
-            }
-
-            .text-muted {
-                color: @text-secondary;
-                font-size: @font-size-sm;
-                margin: 0 0 @space-4 0;
-            }
-        }
-
-        .access-url {
-            display: flex;
-            align-items: center;
-            gap: @space-3;
-            background: @bg-hover;
-            padding: @space-3 @space-4;
-            border-radius: @radius-md;
-            margin-bottom: @space-3;
-
-            code {
-                flex: 1;
-                font-family: @font-mono;
-                font-size: @font-size-sm;
-                color: @accent-primary;
-                word-break: break-all;
-            }
-        }
-
-        .ssh-note {
-            font-size: @font-size-sm;
-            color: @text-secondary;
-            padding: @space-3;
-            background: fade(@info, 10%);
-            border-radius: @radius-md;
-            border-left: 3px solid @info;
-
-            strong {
-                color: @text-primary;
-            }
-        }
-    }
-
-    // Settings Tab
-    .settings-tab {
-        display: flex;
-        flex-direction: column;
-        gap: @space-4;
-
-        .info-card {
-            background: @bg-card;
-            border-radius: @radius-lg;
-            padding: @space-5;
-
-            h3 {
-                margin: 0 0 @space-4 0;
-                font-size: @font-size-md;
-                font-weight: @font-weight-semibold;
-            }
-
-            &.danger-zone {
-                border: 1px solid fade(@danger, 30%);
-                background: fade(@danger, 5%);
-
-                h3 {
-                    color: @danger;
-                }
-
-                .text-muted {
-                    color: @text-secondary;
-                    font-size: @font-size-sm;
-                    margin: 0;
-                }
-            }
-        }
-
-        .settings-actions {
-            display: flex;
-            gap: @space-3;
-        }
-    }
-
-    // Install Modal
-    .modal-lg {
-        max-width: 500px;
-    }
-
-    .install-warning {
-        display: flex;
-        gap: @space-3;
-        background: fade(@info, 10%);
-        border: 1px solid fade(@info, 30%);
-        border-radius: @radius-lg;
-        padding: @space-4;
-        margin-bottom: @space-5;
-
-        svg {
-            flex-shrink: 0;
-            color: @info;
-        }
-
-        strong {
-            display: block;
-            margin-bottom: @space-2;
-        }
-
-        ul {
-            margin: 0;
-            padding-left: @space-4;
-            font-size: @font-size-sm;
-            color: @text-secondary;
-
-            li {
-                margin-bottom: @space-1;
-            }
-        }
-    }
-
-    .required {
-        color: @danger;
-    }
-
-    // Webhooks Tab
-    .webhooks-tab {
-        .webhooks-header {
-            display: flex;
-            justify-content: space-between;
-            align-items: flex-start;
-            margin-bottom: @space-5;
-
-            h3 {
-                margin: 0 0 @space-1 0;
-                font-size: @font-size-md;
-                font-weight: @font-weight-semibold;
-            }
-
-            .text-muted {
-                color: @text-secondary;
-                font-size: @font-size-sm;
-                margin: 0;
-            }
-        }
-
-        .loading-state {
-            display: flex;
-            justify-content: center;
-            padding: @space-10;
-        }
-
-        .empty-state {
-            display: flex;
-            flex-direction: column;
-            align-items: center;
-            justify-content: center;
-            padding: @space-10;
-            background: @bg-card;
-            border-radius: @radius-xl;
-            text-align: center;
-
-            svg {
-                color: @text-tertiary;
-                margin-bottom: @space-4;
-            }
-
-            h4 {
-                margin: 0 0 @space-2 0;
-                font-size: @font-size-lg;
-                font-weight: @font-weight-semibold;
-            }
-
-            p {
-                margin: 0 0 @space-5 0;
-                color: @text-secondary;
-            }
-        }
-
-        .webhooks-list {
-            display: flex;
-            flex-direction: column;
-            gap: @space-4;
-        }
-
-        .webhook-card {
-            background: @bg-card;
-            border-radius: @radius-lg;
-            padding: @space-5;
-            border: 1px solid @border-subtle;
-            transition: border-color @transition-fast;
-
-            &:hover {
-                border-color: @border-default;
-            }
-
-            &.inactive {
-                opacity: 0.7;
-                background: @bg-hover;
-            }
-
-            .webhook-header {
-                display: flex;
-                justify-content: space-between;
-                align-items: center;
-                margin-bottom: @space-4;
-
-                .webhook-info {
-                    display: flex;
-                    align-items: center;
-                    gap: @space-3;
-
-                    h4 {
-                        margin: 0;
-                        font-size: @font-size-md;
-                        font-weight: @font-weight-semibold;
-                    }
-                }
-
-                .webhook-status {
-                    display: flex;
-                    align-items: center;
-                    gap: @space-2;
-                    font-size: @font-size-sm;
-                    color: @text-secondary;
-
-                    .status-dot {
-                        width: 8px;
-                        height: 8px;
-                        border-radius: 50%;
-                        background: @text-tertiary;
-
-                        &.active {
-                            background: @success;
-                        }
-
-                        &.inactive {
-                            background: @text-tertiary;
-                        }
-                    }
-                }
-            }
-
-            .webhook-details {
-                display: grid;
-                grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
-                gap: @space-3;
-                margin-bottom: @space-4;
-                padding: @space-4;
-                background: @bg-hover;
-                border-radius: @radius-md;
-
-                .detail-item {
-                    display: flex;
-                    flex-direction: column;
-                    gap: @space-1;
-
-                    .label {
-                        font-size: @font-size-xs;
-                        color: @text-tertiary;
-                        text-transform: uppercase;
-                        letter-spacing: 0.5px;
-                    }
-
-                    .value {
-                        font-size: @font-size-sm;
-                        color: @text-primary;
-                        word-break: break-all;
-                    }
-                }
-            }
-
-            .webhook-actions {
-                display: flex;
-                gap: @space-2;
-                flex-wrap: wrap;
-            }
-        }
-
-        .source-badge {
-            display: inline-flex;
-            align-items: center;
-            padding: @space-1 @space-2;
-            border-radius: @radius-md;
-            font-size: @font-size-xs;
-            font-weight: @font-weight-medium;
-            text-transform: uppercase;
-
-            &.github {
-                background: fade(#333, 15%);
-                color: #333;
-
-                @media (prefers-color-scheme: dark) {
-                    background: fade(#f0f0f0, 15%);
-                    color: #f0f0f0;
-                }
-            }
-
-            &.gitlab {
-                background: fade(#fc6d26, 15%);
-                color: #fc6d26;
-            }
-
-            &.bitbucket {
-                background: fade(#0052cc, 15%);
-                color: #0052cc;
-            }
-        }
-    }
-
-    // Webhook Modal
-    .form-row {
-        display: grid;
-        grid-template-columns: 1fr 1fr;
-        gap: @space-4;
-
-        @media (max-width: @breakpoint-sm) {
-            grid-template-columns: 1fr;
-        }
-    }
-
-    .form-group.checkbox {
-        label {
-            display: flex;
-            align-items: center;
-            gap: @space-2;
-            cursor: pointer;
-            font-weight: @font-weight-normal;
-
-            input[type="checkbox"] {
-                width: 18px;
-                height: 18px;
-                cursor: pointer;
-            }
-        }
-    }
-
-    // Secret Display
-    .secret-warning {
-        display: flex;
-        align-items: center;
-        gap: @space-3;
-        padding: @space-4;
-        background: fade(@warning, 15%);
-        border: 1px solid fade(@warning, 30%);
-        border-radius: @radius-md;
-        margin-bottom: @space-4;
-
-        svg {
-            color: @warning;
-            flex-shrink: 0;
-        }
-
-        span {
-            font-weight: @font-weight-medium;
-        }
-    }
-
-    .secret-display {
-        display: flex;
-        align-items: center;
-        gap: @space-3;
-        padding: @space-4;
-        background: @bg-hover;
-        border-radius: @radius-md;
-        margin-bottom: @space-4;
-
-        code {
-            flex: 1;
-            font-family: @font-mono;
-            font-size: @font-size-sm;
-            word-break: break-all;
-        }
-    }
-
-    // Repositories Tab
-    .repositories-tab {
-        .repos-header {
-            display: flex;
-            justify-content: space-between;
-            align-items: center;
-            margin-bottom: @space-5;
-
-            h3 {
-                margin: 0;
-                font-size: @font-size-md;
-                font-weight: @font-weight-semibold;
-            }
-        }
-
-        .loading-state {
-            display: flex;
-            justify-content: center;
-            padding: @space-10;
-        }
-
-        .empty-state {
-            display: flex;
-            flex-direction: column;
-            align-items: center;
-            justify-content: center;
-            padding: @space-10;
-            background: @bg-card;
-            border-radius: @radius-xl;
-            text-align: center;
-
-            svg {
-                color: @text-tertiary;
-                margin-bottom: @space-4;
-            }
-
-            h4 {
-                margin: 0 0 @space-2 0;
-                font-size: @font-size-lg;
-                font-weight: @font-weight-semibold;
-            }
-
-            p {
-                margin: 0 0 @space-5 0;
-                color: @text-secondary;
-            }
-        }
-
-        .repos-list {
-            display: flex;
-            flex-direction: column;
-            gap: @space-3;
-        }
-
-        .repo-card {
-            display: flex;
-            align-items: center;
-            padding: @space-4;
-            background: @bg-card;
-            border-radius: @radius-lg;
-            border: 1px solid @border-subtle;
-            cursor: pointer;
-            transition: all @transition-fast;
-
-            &:hover {
-                border-color: @accent-primary;
-                background: @bg-hover;
-
-                .repo-arrow {
-                    color: @accent-primary;
-                }
-            }
-
-            .repo-info {
-                flex: 1;
-                min-width: 0;
-
-                .repo-name {
-                    display: flex;
-                    align-items: center;
-                    gap: @space-2;
-                    margin-bottom: @space-2;
-
-                    .owner {
-                        color: @text-secondary;
-                    }
-
-                    .name {
-                        font-weight: @font-weight-semibold;
-                    }
-
-                    .badge {
-                        padding: 2px @space-2;
-                        border-radius: @radius-sm;
-                        font-size: @font-size-xs;
-                        font-weight: @font-weight-medium;
-
-                        &.private {
-                            background: fade(@warning, 20%);
-                            color: @warning;
-                        }
-
-                        &.fork {
-                            background: fade(@info, 20%);
-                            color: @info;
-                        }
-                    }
-                }
-
-                .repo-description {
-                    margin: 0 0 @space-2 0;
-                    font-size: @font-size-sm;
-                    color: @text-secondary;
-                    white-space: nowrap;
-                    overflow: hidden;
-                    text-overflow: ellipsis;
-                }
-
-                .repo-meta {
-                    display: flex;
-                    align-items: center;
-                    gap: @space-4;
-                    font-size: @font-size-xs;
-                    color: @text-tertiary;
-
-                    .meta-item {
-                        display: flex;
-                        align-items: center;
-                        gap: @space-1;
-
-                        svg {
-                            opacity: 0.6;
-                        }
-
-                        &.updated {
-                            margin-left: auto;
-                        }
-                    }
-                }
-            }
-
-            .repo-arrow {
-                color: @text-tertiary;
-                transition: color @transition-fast;
-            }
-        }
-
-        // Repository Detail View
-        .repo-detail {
-            .repo-detail-header {
-                display: flex;
-                align-items: flex-start;
-                gap: @space-4;
-                margin-bottom: @space-5;
-                padding-bottom: @space-4;
-                border-bottom: 1px solid @border-subtle;
-
-                .btn-ghost {
-                    padding: @space-2;
-                }
-
-                .repo-title {
-                    flex: 1;
-
-                    h3 {
-                        margin: 0 0 @space-1 0;
-                        font-size: @font-size-lg;
-                        font-weight: @font-weight-semibold;
-                    }
-
-                    p {
-                        margin: 0;
-                        font-size: @font-size-sm;
-                        color: @text-secondary;
-                    }
-                }
-
-                .branch-selector {
-                    select {
-                        padding: @space-2 @space-4;
-                        background: @bg-card;
-                        border: 1px solid @border-default;
-                        border-radius: @radius-md;
-                        font-size: @font-size-sm;
-                        color: @text-primary;
-                        cursor: pointer;
-
-                        &:focus {
-                            outline: none;
-                            border-color: @accent-primary;
-                        }
-                    }
-                }
-            }
-
-            .repo-detail-tabs {
-                display: flex;
-                gap: @space-1;
-                margin-bottom: @space-4;
-                border-bottom: 1px solid @border-subtle;
-
-                .tab {
-                    display: flex;
-                    align-items: center;
-                    gap: @space-2;
-                    padding: @space-3 @space-4;
-                    background: none;
-                    border: none;
-                    font-size: @font-size-sm;
-                    font-weight: @font-weight-medium;
-                    color: @text-secondary;
-                    cursor: pointer;
-                    position: relative;
-                    transition: color @transition-fast;
-
-                    &:hover {
-                        color: @text-primary;
-                    }
-
-                    &.active {
-                        color: @accent-primary;
-
-                        &::after {
-                            content: '';
-                            position: absolute;
-                            bottom: -1px;
-                            left: 0;
-                            right: 0;
-                            height: 2px;
-                            background: @accent-primary;
-                        }
-                    }
-                }
-            }
-
-            .repo-detail-content {
-                background: @bg-card;
-                border-radius: @radius-lg;
-                border: 1px solid @border-subtle;
-            }
-        }
-
-        // Files Browser
-        .files-browser {
-            .breadcrumb {
-                display: flex;
-                align-items: center;
-                padding: @space-3 @space-4;
-                background: @bg-hover;
-                border-bottom: 1px solid @border-subtle;
-                font-size: @font-size-sm;
-
-                button {
-                    background: none;
-                    border: none;
-                    color: @accent-primary;
-                    cursor: pointer;
-                    padding: 0;
-
-                    &:hover {
-                        text-decoration: underline;
-                    }
-                }
-
-                .separator {
-                    margin: 0 @space-2;
-                    color: @text-tertiary;
-                }
-            }
-
-            .files-list {
-                .file-item {
-                    display: flex;
-                    align-items: center;
-                    gap: @space-3;
-                    padding: @space-3 @space-4;
-                    border-bottom: 1px solid @border-subtle;
-                    transition: background @transition-fast;
-
-                    &:last-child {
-                        border-bottom: none;
-                    }
-
-                    &.dir {
-                        cursor: pointer;
-
-                        &:hover {
-                            background: @bg-hover;
-                        }
-                    }
-
-                    .file-icon {
-                        color: @text-tertiary;
-                    }
-
-                    &.dir .file-icon svg {
-                        color: @info;
-                    }
-
-                    .file-name {
-                        flex: 1;
-                        font-size: @font-size-sm;
-                    }
-
-                    .file-size {
-                        font-size: @font-size-xs;
-                        color: @text-tertiary;
-                        font-family: @font-mono;
-                    }
-                }
-            }
-        }
-
-        // Commits List
-        .commits-list {
-            .commit-item {
-                display: flex;
-                align-items: flex-start;
-                gap: @space-4;
-                padding: @space-4;
-                border-bottom: 1px solid @border-subtle;
-
-                &:last-child {
-                    border-bottom: none;
-                }
-
-                .commit-info {
-                    flex: 1;
-                    min-width: 0;
-
-                    .commit-message {
-                        font-size: @font-size-sm;
-                        font-weight: @font-weight-medium;
-                        margin-bottom: @space-1;
-                        white-space: nowrap;
-                        overflow: hidden;
-                        text-overflow: ellipsis;
-                    }
-
-                    .commit-meta {
-                        font-size: @font-size-xs;
-                        color: @text-tertiary;
-
-                        .author {
-                            color: @text-secondary;
-                            margin-right: @space-2;
-                        }
-                    }
-                }
-
-                .commit-sha {
-                    code {
-                        padding: @space-1 @space-2;
-                        background: @bg-hover;
-                        border-radius: @radius-sm;
-                        font-size: @font-size-xs;
-                        font-family: @font-mono;
-                        color: @accent-primary;
-                    }
-                }
-            }
-
-            .btn-block {
-                width: 100%;
-                margin: @space-4;
-                width: calc(100% - @space-8);
-            }
-        }
-
-        // Branches List
-        .branches-list {
-            .branch-item {
-                display: flex;
-                align-items: center;
-                gap: @space-4;
-                padding: @space-4;
-                border-bottom: 1px solid @border-subtle;
-
-                &:last-child {
-                    border-bottom: none;
-                }
-
-                &.active {
-                    background: fade(@accent-primary-raw, 5%);
-                }
-
-                .branch-info {
-                    flex: 1;
-
-                    .branch-name {
-                        display: flex;
-                        align-items: center;
-                        gap: @space-2;
-                        font-size: @font-size-sm;
-                        font-weight: @font-weight-medium;
-                        margin-bottom: @space-1;
-
-                        svg {
-                            color: @text-tertiary;
-                        }
-
-                        .badge {
-                            padding: 2px @space-2;
-                            border-radius: @radius-sm;
-                            font-size: @font-size-xs;
-                            font-weight: @font-weight-medium;
-
-                            &.default {
-                                background: fade(@success, 20%);
-                                color: @success;
-                            }
-
-                            &.protected {
-                                background: fade(@warning, 20%);
-                                color: @warning;
-                            }
-                        }
-                    }
-
-                    .branch-commit {
-                        font-size: @font-size-xs;
-                        color: @text-tertiary;
-
-                        code {
-                            color: @accent-primary;
-                            margin-right: @space-2;
-                        }
-                    }
-                }
-            }
-        }
-    }
-
-    // Deployments Tab
-    .deployments-tab {
-        .deployments-header {
-            display: flex;
-            justify-content: space-between;
-            align-items: flex-start;
-            margin-bottom: @space-5;
-
-            h3 {
-                margin: 0 0 @space-1 0;
-                font-size: @font-size-md;
-                font-weight: @font-weight-semibold;
-            }
-
-            .text-muted {
-                color: @text-secondary;
-                font-size: @font-size-sm;
-                margin: 0;
-            }
-        }
-
-        .loading-state {
-            display: flex;
-            justify-content: center;
-            padding: @space-10;
-        }
-
-        .empty-state {
-            display: flex;
-            flex-direction: column;
-            align-items: center;
-            justify-content: center;
-            padding: @space-10;
-            background: @bg-card;
-            border-radius: @radius-xl;
-            text-align: center;
-
-            svg {
-                color: @text-tertiary;
-                margin-bottom: @space-4;
-            }
-
-            h4 {
-                margin: 0 0 @space-2 0;
-                font-size: @font-size-lg;
-                font-weight: @font-weight-semibold;
-            }
-
-            p {
-                margin: 0 0 @space-5 0;
-                color: @text-secondary;
-            }
-        }
-
-        .deployments-list {
-            display: flex;
-            flex-direction: column;
-            gap: @space-4;
-        }
-
-        .deployment-card {
-            background: @bg-card;
-            border-radius: @radius-lg;
-            padding: @space-5;
-            border: 1px solid @border-subtle;
-            border-left: 4px solid @border-subtle;
-
-            &.success {
-                border-left-color: @success;
-            }
-
-            &.failed {
-                border-left-color: @danger;
-            }
-
-            &.running {
-                border-left-color: @warning;
-            }
-
-            .deployment-header {
-                display: flex;
-                justify-content: space-between;
-                align-items: center;
-                margin-bottom: @space-4;
-
-                .deployment-version {
-                    display: flex;
-                    align-items: center;
-                    gap: @space-3;
-
-                    .version {
-                        font-size: @font-size-lg;
-                        font-weight: @font-weight-semibold;
-                    }
-
-                    .badge {
-                        padding: 2px @space-2;
-                        border-radius: @radius-sm;
-                        font-size: @font-size-xs;
-                        font-weight: @font-weight-medium;
-
-                        &.rollback {
-                            background: fade(@info, 20%);
-                            color: @info;
-                        }
-                    }
-
-                    .status-badge {
-                        padding: @space-1 @space-2;
-                        border-radius: @radius-md;
-                        font-size: @font-size-xs;
-                        font-weight: @font-weight-medium;
-                        text-transform: uppercase;
-
-                        &.success {
-                            background: fade(@success, 15%);
-                            color: @success;
-                        }
-
-                        &.failed {
-                            background: fade(@danger, 15%);
-                            color: @danger;
-                        }
-
-                        &.running {
-                            background: fade(@warning, 15%);
-                            color: @warning;
-                        }
-                    }
-                }
-
-                .deployment-time {
-                    font-size: @font-size-sm;
-                    color: @text-tertiary;
-                }
-            }
-
-            .deployment-details {
-                display: grid;
-                grid-template-columns: repeat(auto-fit, minmax(150px, 1fr));
-                gap: @space-3;
-                margin-bottom: @space-4;
-                padding: @space-4;
-                background: @bg-hover;
-                border-radius: @radius-md;
-
-                .detail-item {
-                    display: flex;
-                    align-items: center;
-                    gap: @space-2;
-                    font-size: @font-size-sm;
-
-                    .label {
-                        color: @text-tertiary;
-                    }
-
-                    .value {
-                        color: @text-primary;
-                    }
-
-                    code {
-                        padding: 2px @space-2;
-                        background: @bg-card;
-                        border-radius: @radius-sm;
-                        font-size: @font-size-xs;
-                        font-family: @font-mono;
-                        color: @accent-primary;
-                    }
-
-                    &.commit-message {
-                        grid-column: 1 / -1;
-
-                        .message {
-                            color: @text-secondary;
-                            font-style: italic;
-                        }
-                    }
-
-                    &.error {
-                        grid-column: 1 / -1;
-                        color: @danger;
-
-                        .value {
-                            color: @danger;
-                        }
-                    }
-                }
-            }
-
-            .deployment-actions {
-                display: flex;
-                gap: @space-2;
-                flex-wrap: wrap;
-            }
-        }
-    }
-
-    // Form section for webhook modal
-    .form-section {
-        margin-top: @space-5;
-        padding-top: @space-5;
-        border-top: 1px solid @border-subtle;
-
-        h4 {
-            margin: 0 0 @space-1 0;
-            font-size: @font-size-base;
-            font-weight: @font-weight-semibold;
-        }
-
-        .text-muted {
-            color: @text-secondary;
-            font-size: @font-size-sm;
-            margin: 0 0 @space-4 0;
-        }
-    }
-
-    .form-hint {
-        display: block;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-        margin-top: @space-1;
-    }
-
-    .form-group textarea {
-        width: 100%;
-        min-height: 80px;
-        padding: @space-3;
-        font-family: @font-mono;
-        font-size: @font-size-sm;
-        background: @bg-elevated;
-        border: 1px solid @border-default;
-        border-radius: @radius-md;
-        color: @text-primary;
-        resize: vertical;
-
-        &:focus {
-            outline: none;
-            border-color: @accent-primary;
-        }
-
-        &::placeholder {
-            color: @text-tertiary;
-        }
-    }
-
-    // Modal XL size
-    .modal-xl {
-        max-width: 800px;
-    }
-
-    // Deployment Logs Modal
-    .deployment-summary {
-        display: flex;
-        flex-wrap: wrap;
-        gap: @space-4;
-        padding: @space-4;
-        background: @bg-hover;
-        border-radius: @radius-md;
-        margin-bottom: @space-4;
-
-        .summary-item {
-            display: flex;
-            align-items: center;
-            gap: @space-2;
-            font-size: @font-size-sm;
-
-            .label {
-                color: @text-tertiary;
-            }
-
-            .status-badge {
-                padding: @space-1 @space-2;
-                border-radius: @radius-md;
-                font-size: @font-size-xs;
-                font-weight: @font-weight-medium;
-                text-transform: uppercase;
-
-                &.success {
-                    background: fade(@success, 15%);
-                    color: @success;
-                }
-
-                &.failed {
-                    background: fade(@danger, 15%);
-                    color: @danger;
-                }
-
-                &.running {
-                    background: fade(@warning, 15%);
-                    color: @warning;
-                }
-            }
-
-            code {
-                padding: 2px @space-2;
-                background: @bg-card;
-                border-radius: @radius-sm;
-                font-size: @font-size-xs;
-                font-family: @font-mono;
-                color: @accent-primary;
-            }
-        }
-    }
-
-    .deployment-error {
-        padding: @space-4;
-        background: fade(@danger, 10%);
-        border: 1px solid fade(@danger, 30%);
-        border-radius: @radius-md;
-        margin-bottom: @space-4;
-        color: @danger;
-        font-size: @font-size-sm;
-
-        strong {
-            margin-right: @space-2;
-        }
-    }
-
-    .log-section {
-        margin-bottom: @space-4;
-
-        h4 {
-            margin: 0 0 @space-2 0;
-            font-size: @font-size-sm;
-            font-weight: @font-weight-semibold;
-            color: @text-secondary;
-        }
-
-        .log-output {
-            padding: @space-4;
-            background: @bg-hover;
-            border-radius: @radius-md;
-            font-family: @font-mono;
-            font-size: @font-size-xs;
-            color: @text-primary;
-            white-space: pre-wrap;
-            word-break: break-all;
-            max-height: 300px;
-            overflow-y: auto;
-            margin: 0;
-        }
-    }
-
-    .no-logs {
-        padding: @space-6;
-        text-align: center;
-        color: @text-tertiary;
-    }
-}
diff --git a/frontend/src/styles/pages/_git.scss b/frontend/src/styles/pages/_git.scss
new file mode 100644
index 00000000..06bbba4a
--- /dev/null
+++ b/frontend/src/styles/pages/_git.scss
@@ -0,0 +1,1469 @@
+// ============================================
+// GIT PAGE
+// ============================================
+
+.git-page {
+    .page-header {
+        display: flex;
+        justify-content: space-between;
+        align-items: flex-start;
+        margin-bottom: $space-6;
+        flex-wrap: wrap;
+        gap: $space-4;
+
+        .page-header-content {
+            h1 {
+                font-size: $font-size-2xl;
+                font-weight: $font-weight-semibold;
+                margin: 0 0 $space-1 0;
+            }
+
+            .page-description {
+                color: $text-secondary;
+                margin: 0;
+            }
+        }
+
+        .page-header-actions {
+            display: flex;
+            gap: $space-2;
+        }
+    }
+
+    .page-loading {
+        display: flex;
+        justify-content: center;
+        align-items: center;
+        min-height: 400px;
+    }
+
+    .empty-state-large {
+        display: flex;
+        flex-direction: column;
+        align-items: center;
+        justify-content: center;
+        padding: 60px $space-6;
+        background: $bg-card;
+        border-radius: $radius-xl;
+        text-align: center;
+
+        .empty-icon {
+            color: $text-tertiary;
+            margin-bottom: $space-6;
+        }
+
+        h2 {
+            margin: 0 0 $space-3 0;
+            font-size: $font-size-2xl;
+            font-weight: $font-weight-semibold;
+        }
+
+        p {
+            margin: 0 0 $space-6 0;
+            color: $text-secondary;
+            max-width: 400px;
+        }
+    }
+
+    .resource-warning {
+        background: fade($warning, 10%);
+        border: 1px solid fade($warning, 30%);
+        border-radius: $radius-lg;
+        padding: $space-5;
+        margin-bottom: $space-6;
+        text-align: left;
+        max-width: 500px;
+
+        .warning-header {
+            display: flex;
+            align-items: center;
+            gap: $space-2;
+            margin-bottom: $space-3;
+            color: $warning;
+
+            strong {
+                color: $text-primary;
+            }
+        }
+
+        ul {
+            margin: 0;
+            padding-left: $space-5;
+            color: $text-secondary;
+            font-size: $font-size-sm;
+
+            li {
+                margin-bottom: $space-1;
+
+                &:last-child {
+                    margin-bottom: 0;
+                }
+
+                strong {
+                    color: $text-primary;
+                }
+            }
+        }
+    }
+
+    .status-cards {
+        display: grid;
+        grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
+        gap: $space-4;
+        margin-bottom: $space-6;
+    }
+
+    .status-card {
+        display: flex;
+        align-items: center;
+        gap: $space-4;
+        padding: $space-5;
+        background: $bg-card;
+        border-radius: $radius-xl;
+        border-left: 4px solid $border-subtle;
+
+        &.success {
+            border-left-color: $success;
+
+            .status-icon {
+                color: $success;
+            }
+        }
+
+        &.danger {
+            border-left-color: $danger;
+
+            .status-icon {
+                color: $danger;
+            }
+        }
+
+        &.warning {
+            border-left-color: $warning;
+
+            .status-icon {
+                color: $warning;
+            }
+        }
+
+        .status-icon {
+            color: $text-tertiary;
+        }
+
+        .status-info {
+            display: flex;
+            flex-direction: column;
+            gap: $space-1;
+
+            .status-label {
+                font-size: $font-size-sm;
+                color: $text-secondary;
+            }
+
+            .status-value {
+                font-size: $font-size-lg;
+                font-weight: $font-weight-semibold;
+            }
+        }
+    }
+
+    .tabs {
+        display: flex;
+        gap: $space-1;
+        margin-bottom: $space-6;
+        border-bottom: 1px solid $border-subtle;
+
+        .tab {
+            padding: $space-3 $space-5;
+            background: none;
+            border: none;
+            font-size: $font-size-base;
+            font-weight: $font-weight-medium;
+            color: $text-secondary;
+            cursor: pointer;
+            position: relative;
+            transition: color $transition-fast;
+
+            &:hover {
+                color: $text-primary;
+            }
+
+            &.active {
+                color: $accent-primary;
+
+                &::after {
+                    content: '';
+                    position: absolute;
+                    bottom: -1px;
+                    left: 0;
+                    right: 0;
+                    height: 2px;
+                    background: $accent-primary;
+                }
+            }
+        }
+    }
+
+    .tab-content {
+        .section-header {
+            display: flex;
+            justify-content: space-between;
+            align-items: center;
+            margin-bottom: $space-4;
+
+            h3 {
+                margin: 0;
+                font-size: $font-size-md;
+                font-weight: $font-weight-semibold;
+            }
+        }
+    }
+
+    // Overview Tab
+    .overview-tab {
+        display: grid;
+        grid-template-columns: 1fr 1fr;
+        gap: $space-6;
+
+        @media (max-width: $breakpoint-md) {
+            grid-template-columns: 1fr;
+        }
+
+        .info-card {
+            background: $bg-card;
+            border-radius: $radius-lg;
+            padding: $space-5;
+
+            h3 {
+                margin: 0 0 $space-4 0;
+                font-size: $font-size-md;
+                font-weight: $font-weight-semibold;
+            }
+        }
+
+        .info-grid {
+            display: grid;
+            gap: $space-3;
+        }
+
+        .info-item {
+            display: flex;
+            justify-content: space-between;
+            align-items: center;
+            padding: $space-2 0;
+            border-bottom: 1px solid $border-subtle;
+
+            &:last-child {
+                border-bottom: none;
+            }
+
+            .info-label {
+                font-size: $font-size-sm;
+                color: $text-secondary;
+            }
+
+            .info-value {
+                font-size: $font-size-sm;
+                font-weight: $font-weight-medium;
+
+                &.text-success {
+                    color: $success;
+                }
+
+                &.text-danger {
+                    color: $danger;
+                }
+
+                &.code {
+                    font-family: $font-mono;
+                    font-size: $font-size-xs;
+                    background: $bg-hover;
+                    padding: $space-1 $space-2;
+                    border-radius: $radius-sm;
+                }
+
+                a {
+                    color: $accent-primary;
+                    text-decoration: none;
+
+                    &:hover {
+                        text-decoration: underline;
+                    }
+                }
+            }
+        }
+
+        .quick-actions {
+            display: flex;
+            gap: $space-3;
+            flex-wrap: wrap;
+        }
+    }
+
+    // Access Tab
+    .access-tab {
+        display: flex;
+        flex-direction: column;
+        gap: $space-4;
+
+        .info-card {
+            background: $bg-card;
+            border-radius: $radius-lg;
+            padding: $space-5;
+
+            h3 {
+                margin: 0 0 $space-2 0;
+                font-size: $font-size-md;
+                font-weight: $font-weight-semibold;
+            }
+
+            .text-muted {
+                color: $text-secondary;
+                font-size: $font-size-sm;
+                margin: 0 0 $space-4 0;
+            }
+        }
+
+        .access-url {
+            display: flex;
+            align-items: center;
+            gap: $space-3;
+            background: $bg-hover;
+            padding: $space-3 $space-4;
+            border-radius: $radius-md;
+            margin-bottom: $space-3;
+
+            code {
+                flex: 1;
+                font-family: $font-mono;
+                font-size: $font-size-sm;
+                color: $accent-primary;
+                word-break: break-all;
+            }
+        }
+
+        .ssh-note {
+            font-size: $font-size-sm;
+            color: $text-secondary;
+            padding: $space-3;
+            background: fade($info, 10%);
+            border-radius: $radius-md;
+            border-left: 3px solid $info;
+
+            strong {
+                color: $text-primary;
+            }
+        }
+    }
+
+    // Settings Tab
+    .settings-tab {
+        display: flex;
+        flex-direction: column;
+        gap: $space-4;
+
+        .info-card {
+            background: $bg-card;
+            border-radius: $radius-lg;
+            padding: $space-5;
+
+            h3 {
+                margin: 0 0 $space-4 0;
+                font-size: $font-size-md;
+                font-weight: $font-weight-semibold;
+            }
+
+            &.danger-zone {
+                border: 1px solid fade($danger, 30%);
+                background: fade($danger, 5%);
+
+                h3 {
+                    color: $danger;
+                }
+
+                .text-muted {
+                    color: $text-secondary;
+                    font-size: $font-size-sm;
+                    margin: 0;
+                }
+            }
+        }
+
+        .settings-actions {
+            display: flex;
+            gap: $space-3;
+        }
+    }
+
+    // Install Modal
+    .modal-lg {
+        max-width: 500px;
+    }
+
+    .install-warning {
+        display: flex;
+        gap: $space-3;
+        background: fade($info, 10%);
+        border: 1px solid fade($info, 30%);
+        border-radius: $radius-lg;
+        padding: $space-4;
+        margin-bottom: $space-5;
+
+        svg {
+            flex-shrink: 0;
+            color: $info;
+        }
+
+        strong {
+            display: block;
+            margin-bottom: $space-2;
+        }
+
+        ul {
+            margin: 0;
+            padding-left: $space-4;
+            font-size: $font-size-sm;
+            color: $text-secondary;
+
+            li {
+                margin-bottom: $space-1;
+            }
+        }
+    }
+
+    .required {
+        color: $danger;
+    }
+
+    // Webhooks Tab
+    .webhooks-tab {
+        .webhooks-header {
+            display: flex;
+            justify-content: space-between;
+            align-items: flex-start;
+            margin-bottom: $space-5;
+
+            h3 {
+                margin: 0 0 $space-1 0;
+                font-size: $font-size-md;
+                font-weight: $font-weight-semibold;
+            }
+
+            .text-muted {
+                color: $text-secondary;
+                font-size: $font-size-sm;
+                margin: 0;
+            }
+        }
+
+        .loading-state {
+            display: flex;
+            justify-content: center;
+            padding: $space-10;
+        }
+
+        .empty-state {
+            display: flex;
+            flex-direction: column;
+            align-items: center;
+            justify-content: center;
+            padding: $space-10;
+            background: $bg-card;
+            border-radius: $radius-xl;
+            text-align: center;
+
+            svg {
+                color: $text-tertiary;
+                margin-bottom: $space-4;
+            }
+
+            h4 {
+                margin: 0 0 $space-2 0;
+                font-size: $font-size-lg;
+                font-weight: $font-weight-semibold;
+            }
+
+            p {
+                margin: 0 0 $space-5 0;
+                color: $text-secondary;
+            }
+        }
+
+        .webhooks-list {
+            display: flex;
+            flex-direction: column;
+            gap: $space-4;
+        }
+
+        .webhook-card {
+            background: $bg-card;
+            border-radius: $radius-lg;
+            padding: $space-5;
+            border: 1px solid $border-subtle;
+            transition: border-color $transition-fast;
+
+            &:hover {
+                border-color: $border-default;
+            }
+
+            &.inactive {
+                opacity: 0.7;
+                background: $bg-hover;
+            }
+
+            .webhook-header {
+                display: flex;
+                justify-content: space-between;
+                align-items: center;
+                margin-bottom: $space-4;
+
+                .webhook-info {
+                    display: flex;
+                    align-items: center;
+                    gap: $space-3;
+
+                    h4 {
+                        margin: 0;
+                        font-size: $font-size-md;
+                        font-weight: $font-weight-semibold;
+                    }
+                }
+
+                .webhook-status {
+                    display: flex;
+                    align-items: center;
+                    gap: $space-2;
+                    font-size: $font-size-sm;
+                    color: $text-secondary;
+
+                    .status-dot {
+                        width: 8px;
+                        height: 8px;
+                        border-radius: 50%;
+                        background: $text-tertiary;
+
+                        &.active {
+                            background: $success;
+                        }
+
+                        &.inactive {
+                            background: $text-tertiary;
+                        }
+                    }
+                }
+            }
+
+            .webhook-details {
+                display: grid;
+                grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
+                gap: $space-3;
+                margin-bottom: $space-4;
+                padding: $space-4;
+                background: $bg-hover;
+                border-radius: $radius-md;
+
+                .detail-item {
+                    display: flex;
+                    flex-direction: column;
+                    gap: $space-1;
+
+                    .label {
+                        font-size: $font-size-xs;
+                        color: $text-tertiary;
+                        text-transform: uppercase;
+                        letter-spacing: 0.5px;
+                    }
+
+                    .value {
+                        font-size: $font-size-sm;
+                        color: $text-primary;
+                        word-break: break-all;
+                    }
+                }
+            }
+
+            .webhook-actions {
+                display: flex;
+                gap: $space-2;
+                flex-wrap: wrap;
+            }
+        }
+
+        .source-badge {
+            display: inline-flex;
+            align-items: center;
+            padding: $space-1 $space-2;
+            border-radius: $radius-md;
+            font-size: $font-size-xs;
+            font-weight: $font-weight-medium;
+            text-transform: uppercase;
+
+            &.github {
+                background: fade(#333, 15%);
+                color: #333;
+
+                @media (prefers-color-scheme: dark) {
+                    background: fade(#f0f0f0, 15%);
+                    color: #f0f0f0;
+                }
+            }
+
+            &.gitlab {
+                background: fade(#fc6d26, 15%);
+                color: #fc6d26;
+            }
+
+            &.bitbucket {
+                background: fade(#0052cc, 15%);
+                color: #0052cc;
+            }
+        }
+    }
+
+    // Webhook Modal
+    .form-row {
+        display: grid;
+        grid-template-columns: 1fr 1fr;
+        gap: $space-4;
+
+        @media (max-width: $breakpoint-sm) {
+            grid-template-columns: 1fr;
+        }
+    }
+
+    .form-group.checkbox {
+        label {
+            display: flex;
+            align-items: center;
+            gap: $space-2;
+            cursor: pointer;
+            font-weight: $font-weight-normal;
+
+            input[type="checkbox"] {
+                width: 18px;
+                height: 18px;
+                cursor: pointer;
+            }
+        }
+    }
+
+    // Secret Display
+    .secret-warning {
+        display: flex;
+        align-items: center;
+        gap: $space-3;
+        padding: $space-4;
+        background: fade($warning, 15%);
+        border: 1px solid fade($warning, 30%);
+        border-radius: $radius-md;
+        margin-bottom: $space-4;
+
+        svg {
+            color: $warning;
+            flex-shrink: 0;
+        }
+
+        span {
+            font-weight: $font-weight-medium;
+        }
+    }
+
+    .secret-display {
+        display: flex;
+        align-items: center;
+        gap: $space-3;
+        padding: $space-4;
+        background: $bg-hover;
+        border-radius: $radius-md;
+        margin-bottom: $space-4;
+
+        code {
+            flex: 1;
+            font-family: $font-mono;
+            font-size: $font-size-sm;
+            word-break: break-all;
+        }
+    }
+
+    // Repositories Tab
+    .repositories-tab {
+        .repos-header {
+            display: flex;
+            justify-content: space-between;
+            align-items: center;
+            margin-bottom: $space-5;
+
+            h3 {
+                margin: 0;
+                font-size: $font-size-md;
+                font-weight: $font-weight-semibold;
+            }
+        }
+
+        .loading-state {
+            display: flex;
+            justify-content: center;
+            padding: $space-10;
+        }
+
+        .empty-state {
+            display: flex;
+            flex-direction: column;
+            align-items: center;
+            justify-content: center;
+            padding: $space-10;
+            background: $bg-card;
+            border-radius: $radius-xl;
+            text-align: center;
+
+            svg {
+                color: $text-tertiary;
+                margin-bottom: $space-4;
+            }
+
+            h4 {
+                margin: 0 0 $space-2 0;
+                font-size: $font-size-lg;
+                font-weight: $font-weight-semibold;
+            }
+
+            p {
+                margin: 0 0 $space-5 0;
+                color: $text-secondary;
+            }
+        }
+
+        .repos-list {
+            display: flex;
+            flex-direction: column;
+            gap: $space-3;
+        }
+
+        .repo-card {
+            display: flex;
+            align-items: center;
+            padding: $space-4;
+            background: $bg-card;
+            border-radius: $radius-lg;
+            border: 1px solid $border-subtle;
+            cursor: pointer;
+            transition: all $transition-fast;
+
+            &:hover {
+                border-color: $accent-primary;
+                background: $bg-hover;
+
+                .repo-arrow {
+                    color: $accent-primary;
+                }
+            }
+
+            .repo-info {
+                flex: 1;
+                min-width: 0;
+
+                .repo-name {
+                    display: flex;
+                    align-items: center;
+                    gap: $space-2;
+                    margin-bottom: $space-2;
+
+                    .owner {
+                        color: $text-secondary;
+                    }
+
+                    .name {
+                        font-weight: $font-weight-semibold;
+                    }
+
+                    .badge {
+                        padding: 2px $space-2;
+                        border-radius: $radius-sm;
+                        font-size: $font-size-xs;
+                        font-weight: $font-weight-medium;
+
+                        &.private {
+                            background: fade($warning, 20%);
+                            color: $warning;
+                        }
+
+                        &.fork {
+                            background: fade($info, 20%);
+                            color: $info;
+                        }
+                    }
+                }
+
+                .repo-description {
+                    margin: 0 0 $space-2 0;
+                    font-size: $font-size-sm;
+                    color: $text-secondary;
+                    white-space: nowrap;
+                    overflow: hidden;
+                    text-overflow: ellipsis;
+                }
+
+                .repo-meta {
+                    display: flex;
+                    align-items: center;
+                    gap: $space-4;
+                    font-size: $font-size-xs;
+                    color: $text-tertiary;
+
+                    .meta-item {
+                        display: flex;
+                        align-items: center;
+                        gap: $space-1;
+
+                        svg {
+                            opacity: 0.6;
+                        }
+
+                        &.updated {
+                            margin-left: auto;
+                        }
+                    }
+                }
+            }
+
+            .repo-arrow {
+                color: $text-tertiary;
+                transition: color $transition-fast;
+            }
+        }
+
+        // Repository Detail View
+        .repo-detail {
+            .repo-detail-header {
+                display: flex;
+                align-items: flex-start;
+                gap: $space-4;
+                margin-bottom: $space-5;
+                padding-bottom: $space-4;
+                border-bottom: 1px solid $border-subtle;
+
+                .btn-ghost {
+                    padding: $space-2;
+                }
+
+                .repo-title {
+                    flex: 1;
+
+                    h3 {
+                        margin: 0 0 $space-1 0;
+                        font-size: $font-size-lg;
+                        font-weight: $font-weight-semibold;
+                    }
+
+                    p {
+                        margin: 0;
+                        font-size: $font-size-sm;
+                        color: $text-secondary;
+                    }
+                }
+
+                .branch-selector {
+                    select {
+                        padding: $space-2 $space-4;
+                        background: $bg-card;
+                        border: 1px solid $border-default;
+                        border-radius: $radius-md;
+                        font-size: $font-size-sm;
+                        color: $text-primary;
+                        cursor: pointer;
+
+                        &:focus {
+                            outline: none;
+                            border-color: $accent-primary;
+                        }
+                    }
+                }
+            }
+
+            .repo-detail-tabs {
+                display: flex;
+                gap: $space-1;
+                margin-bottom: $space-4;
+                border-bottom: 1px solid $border-subtle;
+
+                .tab {
+                    display: flex;
+                    align-items: center;
+                    gap: $space-2;
+                    padding: $space-3 $space-4;
+                    background: none;
+                    border: none;
+                    font-size: $font-size-sm;
+                    font-weight: $font-weight-medium;
+                    color: $text-secondary;
+                    cursor: pointer;
+                    position: relative;
+                    transition: color $transition-fast;
+
+                    &:hover {
+                        color: $text-primary;
+                    }
+
+                    &.active {
+                        color: $accent-primary;
+
+                        &::after {
+                            content: '';
+                            position: absolute;
+                            bottom: -1px;
+                            left: 0;
+                            right: 0;
+                            height: 2px;
+                            background: $accent-primary;
+                        }
+                    }
+                }
+            }
+
+            .repo-detail-content {
+                background: $bg-card;
+                border-radius: $radius-lg;
+                border: 1px solid $border-subtle;
+            }
+        }
+
+        // Files Browser
+        .files-browser {
+            .breadcrumb {
+                display: flex;
+                align-items: center;
+                padding: $space-3 $space-4;
+                background: $bg-hover;
+                border-bottom: 1px solid $border-subtle;
+                font-size: $font-size-sm;
+
+                button {
+                    background: none;
+                    border: none;
+                    color: $accent-primary;
+                    cursor: pointer;
+                    padding: 0;
+
+                    &:hover {
+                        text-decoration: underline;
+                    }
+                }
+
+                .separator {
+                    margin: 0 $space-2;
+                    color: $text-tertiary;
+                }
+            }
+
+            .files-list {
+                .file-item {
+                    display: flex;
+                    align-items: center;
+                    gap: $space-3;
+                    padding: $space-3 $space-4;
+                    border-bottom: 1px solid $border-subtle;
+                    transition: background $transition-fast;
+
+                    &:last-child {
+                        border-bottom: none;
+                    }
+
+                    &.dir {
+                        cursor: pointer;
+
+                        &:hover {
+                            background: $bg-hover;
+                        }
+                    }
+
+                    .file-icon {
+                        color: $text-tertiary;
+                    }
+
+                    &.dir .file-icon svg {
+                        color: $info;
+                    }
+
+                    .file-name {
+                        flex: 1;
+                        font-size: $font-size-sm;
+                    }
+
+                    .file-size {
+                        font-size: $font-size-xs;
+                        color: $text-tertiary;
+                        font-family: $font-mono;
+                    }
+                }
+            }
+        }
+
+        // Commits List
+        .commits-list {
+            .commit-item {
+                display: flex;
+                align-items: flex-start;
+                gap: $space-4;
+                padding: $space-4;
+                border-bottom: 1px solid $border-subtle;
+
+                &:last-child {
+                    border-bottom: none;
+                }
+
+                .commit-info {
+                    flex: 1;
+                    min-width: 0;
+
+                    .commit-message {
+                        font-size: $font-size-sm;
+                        font-weight: $font-weight-medium;
+                        margin-bottom: $space-1;
+                        white-space: nowrap;
+                        overflow: hidden;
+                        text-overflow: ellipsis;
+                    }
+
+                    .commit-meta {
+                        font-size: $font-size-xs;
+                        color: $text-tertiary;
+
+                        .author {
+                            color: $text-secondary;
+                            margin-right: $space-2;
+                        }
+                    }
+                }
+
+                .commit-sha {
+                    code {
+                        padding: $space-1 $space-2;
+                        background: $bg-hover;
+                        border-radius: $radius-sm;
+                        font-size: $font-size-xs;
+                        font-family: $font-mono;
+                        color: $accent-primary;
+                    }
+                }
+            }
+
+            .btn-block {
+                width: 100%;
+                margin: $space-4;
+                width: calc(100% - $space-8);
+            }
+        }
+
+        // Branches List
+        .branches-list {
+            .branch-item {
+                display: flex;
+                align-items: center;
+                gap: $space-4;
+                padding: $space-4;
+                border-bottom: 1px solid $border-subtle;
+
+                &:last-child {
+                    border-bottom: none;
+                }
+
+                &.active {
+                    background: fade($accent-primary-raw, 5%);
+                }
+
+                .branch-info {
+                    flex: 1;
+
+                    .branch-name {
+                        display: flex;
+                        align-items: center;
+                        gap: $space-2;
+                        font-size: $font-size-sm;
+                        font-weight: $font-weight-medium;
+                        margin-bottom: $space-1;
+
+                        svg {
+                            color: $text-tertiary;
+                        }
+
+                        .badge {
+                            padding: 2px $space-2;
+                            border-radius: $radius-sm;
+                            font-size: $font-size-xs;
+                            font-weight: $font-weight-medium;
+
+                            &.default {
+                                background: fade($success, 20%);
+                                color: $success;
+                            }
+
+                            &.protected {
+                                background: fade($warning, 20%);
+                                color: $warning;
+                            }
+                        }
+                    }
+
+                    .branch-commit {
+                        font-size: $font-size-xs;
+                        color: $text-tertiary;
+
+                        code {
+                            color: $accent-primary;
+                            margin-right: $space-2;
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    // Deployments Tab
+    .deployments-tab {
+        .deployments-header {
+            display: flex;
+            justify-content: space-between;
+            align-items: flex-start;
+            margin-bottom: $space-5;
+
+            h3 {
+                margin: 0 0 $space-1 0;
+                font-size: $font-size-md;
+                font-weight: $font-weight-semibold;
+            }
+
+            .text-muted {
+                color: $text-secondary;
+                font-size: $font-size-sm;
+                margin: 0;
+            }
+        }
+
+        .loading-state {
+            display: flex;
+            justify-content: center;
+            padding: $space-10;
+        }
+
+        .empty-state {
+            display: flex;
+            flex-direction: column;
+            align-items: center;
+            justify-content: center;
+            padding: $space-10;
+            background: $bg-card;
+            border-radius: $radius-xl;
+            text-align: center;
+
+            svg {
+                color: $text-tertiary;
+                margin-bottom: $space-4;
+            }
+
+            h4 {
+                margin: 0 0 $space-2 0;
+                font-size: $font-size-lg;
+                font-weight: $font-weight-semibold;
+            }
+
+            p {
+                margin: 0 0 $space-5 0;
+                color: $text-secondary;
+            }
+        }
+
+        .deployments-list {
+            display: flex;
+            flex-direction: column;
+            gap: $space-4;
+        }
+
+        .deployment-card {
+            background: $bg-card;
+            border-radius: $radius-lg;
+            padding: $space-5;
+            border: 1px solid $border-subtle;
+            border-left: 4px solid $border-subtle;
+
+            &.success {
+                border-left-color: $success;
+            }
+
+            &.failed {
+                border-left-color: $danger;
+            }
+
+            &.running {
+                border-left-color: $warning;
+            }
+
+            .deployment-header {
+                display: flex;
+                justify-content: space-between;
+                align-items: center;
+                margin-bottom: $space-4;
+
+                .deployment-version {
+                    display: flex;
+                    align-items: center;
+                    gap: $space-3;
+
+                    .version {
+                        font-size: $font-size-lg;
+                        font-weight: $font-weight-semibold;
+                    }
+
+                    .badge {
+                        padding: 2px $space-2;
+                        border-radius: $radius-sm;
+                        font-size: $font-size-xs;
+                        font-weight: $font-weight-medium;
+
+                        &.rollback {
+                            background: fade($info, 20%);
+                            color: $info;
+                        }
+                    }
+
+                    .status-badge {
+                        padding: $space-1 $space-2;
+                        border-radius: $radius-md;
+                        font-size: $font-size-xs;
+                        font-weight: $font-weight-medium;
+                        text-transform: uppercase;
+
+                        &.success {
+                            background: fade($success, 15%);
+                            color: $success;
+                        }
+
+                        &.failed {
+                            background: fade($danger, 15%);
+                            color: $danger;
+                        }
+
+                        &.running {
+                            background: fade($warning, 15%);
+                            color: $warning;
+                        }
+                    }
+                }
+
+                .deployment-time {
+                    font-size: $font-size-sm;
+                    color: $text-tertiary;
+                }
+            }
+
+            .deployment-details {
+                display: grid;
+                grid-template-columns: repeat(auto-fit, minmax(150px, 1fr));
+                gap: $space-3;
+                margin-bottom: $space-4;
+                padding: $space-4;
+                background: $bg-hover;
+                border-radius: $radius-md;
+
+                .detail-item {
+                    display: flex;
+                    align-items: center;
+                    gap: $space-2;
+                    font-size: $font-size-sm;
+
+                    .label {
+                        color: $text-tertiary;
+                    }
+
+                    .value {
+                        color: $text-primary;
+                    }
+
+                    code {
+                        padding: 2px $space-2;
+                        background: $bg-card;
+                        border-radius: $radius-sm;
+                        font-size: $font-size-xs;
+                        font-family: $font-mono;
+                        color: $accent-primary;
+                    }
+
+                    &.commit-message {
+                        grid-column: 1 / -1;
+
+                        .message {
+                            color: $text-secondary;
+                            font-style: italic;
+                        }
+                    }
+
+                    &.error {
+                        grid-column: 1 / -1;
+                        color: $danger;
+
+                        .value {
+                            color: $danger;
+                        }
+                    }
+                }
+            }
+
+            .deployment-actions {
+                display: flex;
+                gap: $space-2;
+                flex-wrap: wrap;
+            }
+        }
+    }
+
+    // Form section for webhook modal
+    .form-section {
+        margin-top: $space-5;
+        padding-top: $space-5;
+        border-top: 1px solid $border-subtle;
+
+        h4 {
+            margin: 0 0 $space-1 0;
+            font-size: $font-size-base;
+            font-weight: $font-weight-semibold;
+        }
+
+        .text-muted {
+            color: $text-secondary;
+            font-size: $font-size-sm;
+            margin: 0 0 $space-4 0;
+        }
+    }
+
+    .form-hint {
+        display: block;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        margin-top: $space-1;
+    }
+
+    .form-group textarea {
+        width: 100%;
+        min-height: 80px;
+        padding: $space-3;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
+        background: $bg-elevated;
+        border: 1px solid $border-default;
+        border-radius: $radius-md;
+        color: $text-primary;
+        resize: vertical;
+
+        &:focus {
+            outline: none;
+            border-color: $accent-primary;
+        }
+
+        &::placeholder {
+            color: $text-tertiary;
+        }
+    }
+
+    // Modal XL size
+    .modal-xl {
+        max-width: 800px;
+    }
+
+    // Deployment Logs Modal
+    .deployment-summary {
+        display: flex;
+        flex-wrap: wrap;
+        gap: $space-4;
+        padding: $space-4;
+        background: $bg-hover;
+        border-radius: $radius-md;
+        margin-bottom: $space-4;
+
+        .summary-item {
+            display: flex;
+            align-items: center;
+            gap: $space-2;
+            font-size: $font-size-sm;
+
+            .label {
+                color: $text-tertiary;
+            }
+
+            .status-badge {
+                padding: $space-1 $space-2;
+                border-radius: $radius-md;
+                font-size: $font-size-xs;
+                font-weight: $font-weight-medium;
+                text-transform: uppercase;
+
+                &.success {
+                    background: fade($success, 15%);
+                    color: $success;
+                }
+
+                &.failed {
+                    background: fade($danger, 15%);
+                    color: $danger;
+                }
+
+                &.running {
+                    background: fade($warning, 15%);
+                    color: $warning;
+                }
+            }
+
+            code {
+                padding: 2px $space-2;
+                background: $bg-card;
+                border-radius: $radius-sm;
+                font-size: $font-size-xs;
+                font-family: $font-mono;
+                color: $accent-primary;
+            }
+        }
+    }
+
+    .deployment-error {
+        padding: $space-4;
+        background: fade($danger, 10%);
+        border: 1px solid fade($danger, 30%);
+        border-radius: $radius-md;
+        margin-bottom: $space-4;
+        color: $danger;
+        font-size: $font-size-sm;
+
+        strong {
+            margin-right: $space-2;
+        }
+    }
+
+    .log-section {
+        margin-bottom: $space-4;
+
+        h4 {
+            margin: 0 0 $space-2 0;
+            font-size: $font-size-sm;
+            font-weight: $font-weight-semibold;
+            color: $text-secondary;
+        }
+
+        .log-output {
+            padding: $space-4;
+            background: $bg-hover;
+            border-radius: $radius-md;
+            font-family: $font-mono;
+            font-size: $font-size-xs;
+            color: $text-primary;
+            white-space: pre-wrap;
+            word-break: break-all;
+            max-height: 300px;
+            overflow-y: auto;
+            margin: 0;
+        }
+    }
+
+    .no-logs {
+        padding: $space-6;
+        text-align: center;
+        color: $text-tertiary;
+    }
+}
diff --git a/frontend/src/styles/pages/_marketplace.scss b/frontend/src/styles/pages/_marketplace.scss
new file mode 100644
index 00000000..2bd63f80
--- /dev/null
+++ b/frontend/src/styles/pages/_marketplace.scss
@@ -0,0 +1,84 @@
+// Marketplace page styles
+
+.marketplace-page {
+    .marketplace-filters {
+        display: flex;
+        gap: $spacing-md;
+        margin: $spacing-lg 0;
+
+        .form-input { flex: 1; }
+        .form-select { width: 200px; }
+    }
+
+    .extensions-grid {
+        display: grid;
+        grid-template-columns: repeat(auto-fill, minmax(320px, 1fr));
+        gap: $spacing-lg;
+    }
+
+    .extension-card {
+        padding: $spacing-lg;
+        display: flex;
+        flex-direction: column;
+        gap: $spacing-sm;
+
+        &__header {
+            display: flex;
+            justify-content: space-between;
+            align-items: center;
+            h3 { margin: 0; }
+        }
+
+        &__desc {
+            color: $text-secondary;
+            font-size: 0.9rem;
+            margin: 0;
+            line-height: 1.5;
+        }
+
+        &__meta {
+            display: flex;
+            justify-content: space-between;
+            font-size: 0.85rem;
+            color: $text-muted;
+        }
+
+        &__rating {
+            color: $warning-color;
+            letter-spacing: 1px;
+        }
+
+        &__info {
+            display: flex;
+            gap: $spacing-sm;
+            font-size: 0.8rem;
+            color: $text-muted;
+        }
+
+        &__actions {
+            margin-top: $spacing-sm;
+            padding-top: $spacing-sm;
+            border-top: 1px solid $border-color;
+        }
+    }
+
+    .installed-list {
+        display: flex;
+        flex-direction: column;
+        gap: $spacing-sm;
+        margin-top: $spacing-lg;
+    }
+
+    .installed-item {
+        display: flex;
+        justify-content: space-between;
+        align-items: center;
+        padding: $spacing-md;
+
+        &__info {
+            display: flex;
+            align-items: baseline;
+            gap: $spacing-sm;
+        }
+    }
+}
diff --git a/frontend/src/styles/pages/_migration-wizard.less b/frontend/src/styles/pages/_migration-wizard.scss
similarity index 51%
rename from frontend/src/styles/pages/_migration-wizard.less
rename to frontend/src/styles/pages/_migration-wizard.scss
index 62257e71..bba61980 100644
--- a/frontend/src/styles/pages/_migration-wizard.less
+++ b/frontend/src/styles/pages/_migration-wizard.scss
@@ -10,38 +10,38 @@
 // Status panel (version info)
 // --------------------------------------------
 .migration-status-panel {
-    background: @bg-elevated;
-    border: 1px solid @border-default;
-    border-radius: @radius-xl;
-    padding: @space-5;
-    margin-bottom: @space-6;
+    background: $bg-elevated;
+    border: 1px solid $border-default;
+    border-radius: $radius-xl;
+    padding: $space-5;
+    margin-bottom: $space-6;
 }
 
 .migration-status-row {
     display: flex;
     justify-content: space-between;
     align-items: center;
-    padding: @space-2 0;
+    padding: $space-2 0;
 
     &:not(:last-child) {
-        border-bottom: 1px solid @border-subtle;
+        border-bottom: 1px solid $border-subtle;
     }
 }
 
 .migration-status-label {
-    color: @text-secondary;
-    font-size: @font-size-sm;
+    color: $text-secondary;
+    font-size: $font-size-sm;
 }
 
 .migration-status-value {
-    font-weight: @font-weight-semibold;
-    font-size: @font-size-sm;
+    font-weight: $font-weight-semibold;
+    font-size: $font-size-sm;
 
-    code& {
-        background: @bg-secondary;
+    @at-root code#{&} {
+        background: $bg-secondary;
         padding: 2px 8px;
-        border-radius: @radius-md;
-        font-family: @font-family-mono;
+        border-radius: $radius-md;
+        font-family: $font-family-mono;
     }
 }
 
@@ -49,43 +49,43 @@
 // Migration list (pending changes)
 // --------------------------------------------
 .migration-list {
-    margin-bottom: @space-6;
+    margin-bottom: $space-6;
 }
 
 .migration-list-title {
-    font-size: @font-size-sm;
-    font-weight: @font-weight-semibold;
-    color: @text-secondary;
-    margin-bottom: @space-3;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-semibold;
+    color: $text-secondary;
+    margin-bottom: $space-3;
 }
 
 .migration-list-item {
     display: flex;
     align-items: center;
-    gap: @space-3;
-    padding: @space-3 @space-4;
-    background: @bg-elevated;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    font-size: @font-size-sm;
+    gap: $space-3;
+    padding: $space-3 $space-4;
+    background: $bg-elevated;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    font-size: $font-size-sm;
 
     &:not(:last-child) {
-        margin-bottom: @space-2;
+        margin-bottom: $space-2;
     }
 
     svg {
         flex-shrink: 0;
-        color: @accent-primary;
+        color: $accent-primary;
     }
 
     code {
-        font-family: @font-family-mono;
-        color: @text-secondary;
-        font-size: @font-size-xs;
+        font-family: $font-family-mono;
+        color: $text-secondary;
+        font-size: $font-size-xs;
     }
 
     span {
-        color: @text-primary;
+        color: $text-primary;
     }
 }
 
@@ -93,34 +93,34 @@
 // Login section (inline login for wizard)
 // --------------------------------------------
 .migration-login-section {
-    margin-top: @space-6;
-    padding-top: @space-6;
-    border-top: 1px solid @border-default;
+    margin-top: $space-6;
+    padding-top: $space-6;
+    border-top: 1px solid $border-default;
 }
 
 .migration-login-form {
     display: flex;
     flex-direction: column;
-    gap: @space-3;
+    gap: $space-3;
     max-width: 400px;
 
     input {
         width: 100%;
-        padding: @space-3 @space-4;
-        background: @bg-elevated;
-        border: 1px solid @border-default;
-        border-radius: @radius-lg;
-        font-size: @font-size-base;
-        color: @text-primary;
-        .transition(border-color);
+        padding: $space-3 $space-4;
+        background: $bg-elevated;
+        border: 1px solid $border-default;
+        border-radius: $radius-lg;
+        font-size: $font-size-base;
+        color: $text-primary;
+        @include transition(border-color);
 
         &::placeholder {
-            color: @text-tertiary;
+            color: $text-tertiary;
         }
 
         &:focus {
             outline: none;
-            border-color: @accent-primary;
+            border-color: $accent-primary;
         }
     }
 
@@ -130,39 +130,39 @@
 }
 
 .migration-error-inline {
-    padding: @space-3;
-    background: @danger-bg;
-    border: 1px solid @danger-border;
-    border-radius: @radius-lg;
-    color: @danger;
-    font-size: @font-size-sm;
+    padding: $space-3;
+    background: $danger-bg;
+    border: 1px solid $danger-border;
+    border-radius: $radius-lg;
+    color: $danger;
+    font-size: $font-size-sm;
 }
 
 // --------------------------------------------
 // Backup status
 // --------------------------------------------
 .migration-backup-actions {
-    margin-bottom: @space-6;
+    margin-bottom: $space-6;
 }
 
 .backup-status {
     display: flex;
     align-items: flex-start;
-    gap: @space-3;
-    padding: @space-4;
-    border-radius: @radius-lg;
-    margin-bottom: @space-6;
+    gap: $space-3;
+    padding: $space-4;
+    border-radius: $radius-lg;
+    margin-bottom: $space-6;
 
     &--success {
-        background: @success-bg;
-        border: 1px solid @success-border;
-        color: @success;
+        background: $success-bg;
+        border: 1px solid $success-border;
+        color: $success;
     }
 
     &--error {
-        background: @danger-bg;
-        border: 1px solid @danger-border;
-        color: @danger;
+        background: $danger-bg;
+        border: 1px solid $danger-border;
+        color: $danger;
     }
 
     svg {
@@ -172,19 +172,19 @@
 
     strong {
         display: block;
-        margin-bottom: @space-1;
+        margin-bottom: $space-1;
     }
 
     code {
         display: block;
-        font-size: @font-size-xs;
-        color: @text-secondary;
+        font-size: $font-size-xs;
+        color: $text-secondary;
         word-break: break-all;
-        font-family: @font-family-mono;
+        font-family: $font-family-mono;
     }
 
     span {
-        font-size: @font-size-sm;
+        font-size: $font-size-sm;
     }
 }
 
@@ -193,23 +193,23 @@
 // --------------------------------------------
 .migration-apply-actions {
     text-align: center;
-    padding: @space-6 0;
+    padding: $space-6 0;
 }
 
 .migration-progress {
     display: flex;
     flex-direction: column;
     align-items: center;
-    gap: @space-4;
-    padding: @space-8 0;
-    color: @text-secondary;
+    gap: $space-4;
+    padding: $space-8 0;
+    color: $text-secondary;
 
     svg {
-        color: @accent-primary;
+        color: $accent-primary;
     }
 
     span {
-        font-size: @font-size-base;
+        font-size: $font-size-base;
     }
 }
 
@@ -218,59 +218,59 @@
 // --------------------------------------------
 .migration-success {
     text-align: center;
-    padding: @space-8 0;
+    padding: $space-8 0;
 
     svg {
-        color: @success;
-        margin-bottom: @space-4;
+        color: $success;
+        margin-bottom: $space-4;
     }
 
     h2 {
-        font-size: @font-size-xl;
-        font-weight: @font-weight-bold;
-        margin-bottom: @space-2;
+        font-size: $font-size-xl;
+        font-weight: $font-weight-bold;
+        margin-bottom: $space-2;
     }
 
     p {
-        color: @text-secondary;
-        font-size: @font-size-base;
+        color: $text-secondary;
+        font-size: $font-size-base;
     }
 
     code {
-        background: @bg-secondary;
+        background: $bg-secondary;
         padding: 2px 8px;
-        border-radius: @radius-md;
-        font-family: @font-family-mono;
-        font-size: @font-size-sm;
+        border-radius: $radius-md;
+        font-family: $font-family-mono;
+        font-size: $font-size-sm;
     }
 }
 
 .migration-error {
     display: flex;
     align-items: flex-start;
-    gap: @space-3;
-    padding: @space-4;
-    background: @danger-bg;
-    border: 1px solid @danger-border;
-    border-radius: @radius-lg;
-    margin-bottom: @space-6;
+    gap: $space-3;
+    padding: $space-4;
+    background: $danger-bg;
+    border: 1px solid $danger-border;
+    border-radius: $radius-lg;
+    margin-bottom: $space-6;
 
     > svg {
         flex-shrink: 0;
-        color: @danger;
+        color: $danger;
         margin-top: 2px;
     }
 
     strong {
         display: block;
-        color: @danger;
-        margin-bottom: @space-1;
+        color: $danger;
+        margin-bottom: $space-1;
     }
 
     span {
         display: block;
-        font-size: @font-size-sm;
-        color: @text-secondary;
+        font-size: $font-size-sm;
+        color: $text-secondary;
     }
 
     .btn-wizard-prev {
@@ -286,21 +286,21 @@
 .migration-nav-right {
     display: flex;
     align-items: center;
-    gap: @space-4;
+    gap: $space-4;
 }
 
 .btn-text-link {
     background: none;
     border: none;
-    color: @text-tertiary;
-    font-size: @font-size-sm;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
     cursor: pointer;
     padding: 0;
     text-decoration: underline;
-    .transition(color);
+    @include transition(color);
 
     &:hover {
-        color: @text-secondary;
+        color: $text-secondary;
     }
 }
 
diff --git a/frontend/src/styles/pages/_monitoring.less b/frontend/src/styles/pages/_monitoring.scss
similarity index 60%
rename from frontend/src/styles/pages/_monitoring.less
rename to frontend/src/styles/pages/_monitoring.scss
index 16039516..ea41cccd 100644
--- a/frontend/src/styles/pages/_monitoring.less
+++ b/frontend/src/styles/pages/_monitoring.scss
@@ -6,54 +6,54 @@
     .monitoring-overview {
         display: flex;
         flex-direction: column;
-        gap: @space-6;
+        gap: $space-6;
     }
 
     .threshold-grid {
         display: grid;
         grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
-        gap: @space-4;
+        gap: $space-4;
     }
 
     .threshold-item {
         display: flex;
         justify-content: space-between;
         align-items: center;
-        padding: @space-4;
-        background: @bg-hover;
-        border-radius: @radius-md;
+        padding: $space-4;
+        background: $bg-hover;
+        border-radius: $radius-md;
     }
 
     .threshold-label {
-        color: @text-secondary;
-        font-size: @font-size-sm;
+        color: $text-secondary;
+        font-size: $font-size-sm;
     }
 
     .threshold-value {
-        font-size: @font-size-lg;
-        font-weight: @font-weight-semibold;
-        color: @accent-primary;
+        font-size: $font-size-lg;
+        font-weight: $font-weight-semibold;
+        color: $accent-primary;
     }
 
     .threshold-form-grid {
         display: grid;
         grid-template-columns: repeat(auto-fit, minmax(250px, 1fr));
-        gap: @space-6;
+        gap: $space-6;
     }
 
     .alert-list {
         display: flex;
         flex-direction: column;
-        gap: @space-2;
+        gap: $space-2;
     }
 
     .alert-item {
         display: flex;
         align-items: center;
-        gap: @space-4;
-        padding: @space-3 @space-4;
-        background: @bg-hover;
-        border-radius: @radius-md;
+        gap: $space-4;
+        padding: $space-3 $space-4;
+        background: $bg-hover;
+        border-radius: $radius-md;
 
         .badge {
             flex-shrink: 0;
@@ -61,13 +61,13 @@
 
         .alert-message {
             flex: 1;
-            font-size: @font-size-sm;
-            color: @text-primary;
+            font-size: $font-size-sm;
+            color: $text-primary;
         }
 
         .alert-time {
-            color: @text-tertiary;
-            font-size: @font-size-xs;
+            color: $text-tertiary;
+            font-size: $font-size-xs;
             white-space: nowrap;
         }
     }
@@ -75,18 +75,18 @@
     // Stat icon variants for monitoring
     .stat-icon {
         &.status {
-            background: fade(@success, 10%);
-            color: @success;
+            background: fade($success, 10%);
+            color: $success;
         }
 
         &.alerts {
-            background: fade(@danger, 10%);
-            color: @danger;
+            background: fade($danger, 10%);
+            color: $danger;
         }
 
         &.interval {
-            background: fade(@accent-primary-raw, 10%);
-            color: @accent-primary;
+            background: fade($accent-primary-raw, 10%);
+            color: $accent-primary;
         }
 
         &.notifications {
@@ -96,16 +96,16 @@
     }
 
     .text-success {
-        color: @success;
+        color: $success;
     }
 
     .text-muted {
-        color: @text-tertiary;
+        color: $text-tertiary;
     }
 
     .input-group {
         display: flex;
-        gap: @space-2;
+        gap: $space-2;
 
         input {
             flex: 1;
@@ -119,7 +119,7 @@
     .checkbox-label {
         display: flex;
         align-items: center;
-        gap: @space-2;
+        gap: $space-2;
         cursor: pointer;
 
         input[type="checkbox"] {
@@ -129,15 +129,15 @@
         }
 
         span {
-            font-size: @font-size-sm;
-            color: @text-primary;
+            font-size: $font-size-sm;
+            color: $text-primary;
         }
     }
 
     .form-help {
         display: block;
-        margin-top: @space-1;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        margin-top: $space-1;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
     }
 }
diff --git a/frontend/src/styles/pages/_security.less b/frontend/src/styles/pages/_security.scss
similarity index 54%
rename from frontend/src/styles/pages/_security.less
rename to frontend/src/styles/pages/_security.scss
index 0ad68cb1..289c6123 100644
--- a/frontend/src/styles/pages/_security.less
+++ b/frontend/src/styles/pages/_security.scss
@@ -5,29 +5,29 @@
 .security-page {
     .tabs-nav {
         display: flex;
-        gap: @space-2;
-        margin-bottom: @space-6;
-        border-bottom: 1px solid @border-subtle;
-        padding-bottom: @space-2;
+        gap: $space-2;
+        margin-bottom: $space-6;
+        border-bottom: 1px solid $border-subtle;
+        padding-bottom: $space-2;
         overflow-x: auto;
 
         .tab-btn {
-            padding: @space-2 @space-4;
+            padding: $space-2 $space-4;
             border: none;
             background: none;
-            color: @text-secondary;
+            color: $text-secondary;
             cursor: pointer;
-            border-radius: @radius-md;
+            border-radius: $radius-md;
             white-space: nowrap;
             transition: all 0.2s;
 
             &:hover {
-                background: @bg-hover;
-                color: @text-primary;
+                background: $bg-hover;
+                color: $text-primary;
             }
 
             &.active {
-                background: @accent-primary;
+                background: $accent-primary;
                 color: white;
             }
         }
@@ -39,37 +39,37 @@
     .stats-grid {
         display: grid;
         grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
-        gap: @space-4;
-        margin-bottom: @space-6;
+        gap: $space-4;
+        margin-bottom: $space-6;
     }
 
     .stat-card {
         display: flex;
         align-items: center;
-        gap: @space-4;
-        padding: @space-6;
-        background: @bg-card;
-        border-radius: @radius-lg;
-        border: 1px solid @border-subtle;
+        gap: $space-4;
+        padding: $space-6;
+        background: $bg-card;
+        border-radius: $radius-lg;
+        border: 1px solid $border-subtle;
 
         &.success {
-            border-color: fade(@success, 30%);
-            .stat-icon { color: @success; background: fade(@success, 15%); }
+            border-color: fade($success, 30%);
+            .stat-icon { color: $success; background: fade($success, 15%); }
         }
 
         &.warning {
-            border-color: fade(@warning, 30%);
-            .stat-icon { color: @warning; background: fade(@warning, 15%); }
+            border-color: fade($warning, 30%);
+            .stat-icon { color: $warning; background: fade($warning, 15%); }
         }
 
         &.danger {
-            border-color: fade(@danger, 30%);
-            .stat-icon { color: @danger; background: fade(@danger, 15%); }
+            border-color: fade($danger, 30%);
+            .stat-icon { color: $danger; background: fade($danger, 15%); }
         }
 
         &.info {
-            border-color: fade(@accent-primary-raw, 30%);
-            .stat-icon { color: @accent-primary; background: fade(@accent-primary-raw, 15%); }
+            border-color: fade($accent-primary-raw, 30%);
+            .stat-icon { color: $accent-primary; background: fade($accent-primary-raw, 15%); }
         }
     }
 
@@ -79,8 +79,8 @@
         display: flex;
         align-items: center;
         justify-content: center;
-        background: @bg-hover;
-        border-radius: @radius-md;
+        background: $bg-hover;
+        border-radius: $radius-md;
         flex-shrink: 0;
     }
 
@@ -89,20 +89,20 @@
         flex-direction: column;
 
         .stat-value {
-            font-size: @font-size-xl;
+            font-size: $font-size-xl;
             font-weight: 700;
         }
 
         .stat-label {
-            color: @text-secondary;
-            font-size: @font-size-sm;
+            color: $text-secondary;
+            font-size: $font-size-sm;
         }
     }
 
     .security-grid {
         display: grid;
         grid-template-columns: repeat(auto-fit, minmax(300px, 1fr));
-        gap: @space-4;
+        gap: $space-4;
     }
 }
 
@@ -111,10 +111,10 @@
     .scan-options {
         display: grid;
         grid-template-columns: repeat(3, 1fr);
-        gap: @space-4;
-        margin-bottom: @space-4;
+        gap: $space-4;
+        margin-bottom: $space-4;
 
-        @media (max-width: @breakpoint-md) {
+        @media (max-width: $breakpoint-md) {
             grid-template-columns: 1fr;
         }
     }
@@ -124,28 +124,28 @@
         flex-direction: column;
         align-items: center;
         text-align: center;
-        padding: @space-6 @space-4;
-        background: @bg-card;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-lg;
+        padding: $space-6 $space-4;
+        background: $bg-card;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-lg;
         cursor: pointer;
-        .transition(all);
+        @include transition(all);
 
         &:hover {
-            border-color: @accent-primary;
-            background: @bg-elevated;
+            border-color: $accent-primary;
+            background: $bg-elevated;
         }
 
         h4 {
-            margin: 0 0 @space-1;
-            font-size: @font-size-md;
-            font-weight: @font-weight-semibold;
+            margin: 0 0 $space-1;
+            font-size: $font-size-md;
+            font-weight: $font-weight-semibold;
         }
 
         .scan-desc {
-            color: @text-secondary;
-            font-size: @font-size-sm;
-            margin-bottom: @space-4;
+            color: $text-secondary;
+            font-size: $font-size-sm;
+            margin-bottom: $space-4;
         }
 
         .btn {
@@ -159,24 +159,24 @@
         display: flex;
         align-items: center;
         justify-content: center;
-        border-radius: @radius-md;
-        background: fade(@accent-primary-raw, 10%);
-        color: @accent-primary;
-        margin-bottom: @space-3;
+        border-radius: $radius-md;
+        background: fade($accent-primary-raw, 10%);
+        color: $accent-primary;
+        margin-bottom: $space-3;
     }
 
     .scan-card--custom {
         cursor: default;
 
         &:hover {
-            border-color: @border-subtle;
-            background: @bg-card;
+            border-color: $border-subtle;
+            background: $bg-card;
         }
     }
 
     .scan-custom-input {
         display: flex;
-        gap: @space-2;
+        gap: $space-2;
         width: 100%;
         margin-top: auto;
 
@@ -189,23 +189,23 @@
     .scan-toolbar {
         display: flex;
         justify-content: flex-end;
-        margin-bottom: @space-4;
+        margin-bottom: $space-4;
 
         .btn {
             display: flex;
             align-items: center;
-            gap: @space-2;
+            gap: $space-2;
         }
     }
 
     .scan-progress {
-        margin-bottom: @space-4;
-        border-color: @accent-primary;
+        margin-bottom: $space-4;
+        border-color: $accent-primary;
 
         .progress-info {
             display: flex;
             align-items: center;
-            gap: @space-4;
+            gap: $space-4;
 
             .spinner {
                 width: 32px;
@@ -216,7 +216,7 @@
                 margin: 0;
 
                 &:not(:last-child) {
-                    margin-bottom: @space-1;
+                    margin-bottom: $space-1;
                 }
             }
         }
@@ -227,8 +227,8 @@
         overflow: hidden;
         text-overflow: ellipsis;
         white-space: nowrap;
-        font-family: @font-mono;
-        font-size: @font-size-sm;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
     }
 }
 
@@ -238,17 +238,17 @@
         display: flex;
         flex-direction: column;
         align-items: center;
-        padding: @space-8;
+        padding: $space-8;
         text-align: center;
 
         svg {
-            color: @success;
-            margin-bottom: @space-4;
+            color: $success;
+            margin-bottom: $space-4;
         }
 
         p {
-            font-size: @font-size-lg;
-            margin-bottom: @space-1;
+            font-size: $font-size-lg;
+            margin-bottom: $space-1;
         }
     }
 }
@@ -256,21 +256,21 @@
 // Integrity Tab
 .integrity-tab {
     .description {
-        color: @text-secondary;
-        margin-bottom: @space-6;
+        color: $text-secondary;
+        margin-bottom: $space-6;
     }
 
     .integrity-actions {
         display: flex;
-        gap: @space-4;
+        gap: $space-4;
     }
 
     .change-section {
-        margin-bottom: @space-6;
+        margin-bottom: $space-6;
 
         h4 {
-            margin-bottom: @space-2;
-            color: @warning;
+            margin-bottom: $space-2;
+            color: $warning;
         }
     }
 
@@ -278,16 +278,16 @@
         list-style: none;
         padding: 0;
         margin: 0;
-        background: @bg-hover;
-        border-radius: @radius-md;
+        background: $bg-hover;
+        border-radius: $radius-md;
         max-height: 300px;
         overflow-y: auto;
 
         li {
-            padding: @space-2 @space-4;
-            font-family: @font-mono;
-            font-size: @font-size-sm;
-            border-bottom: 1px solid @border-subtle;
+            padding: $space-2 $space-4;
+            font-family: $font-mono;
+            font-size: $font-size-sm;
+            border-bottom: 1px solid $border-subtle;
 
             &:last-child {
                 border-bottom: none;
@@ -299,34 +299,34 @@
 // Events Tab
 .events-tab {
     .card-warning {
-        border-color: @warning;
+        border-color: $warning;
     }
 
     .failed-login-summary {
         display: flex;
         align-items: baseline;
-        gap: @space-2;
+        gap: $space-2;
 
         .count {
-            font-size: @font-size-2xl;
+            font-size: $font-size-2xl;
             font-weight: 700;
 
             &.danger {
-                color: @danger;
+                color: $danger;
             }
         }
 
         .label {
-            color: @text-secondary;
+            color: $text-secondary;
         }
     }
 
     .recent-failures {
-        margin-top: @space-4;
+        margin-top: $space-4;
 
         summary {
             cursor: pointer;
-            color: @accent-primary;
+            color: $accent-primary;
 
             &:hover {
                 text-decoration: underline;
@@ -334,11 +334,11 @@
         }
 
         pre {
-            margin-top: @space-2;
-            padding: @space-4;
-            background: @bg-hover;
-            border-radius: @radius-md;
-            font-size: @font-size-xs;
+            margin-top: $space-2;
+            padding: $space-4;
+            background: $bg-hover;
+            border-radius: $radius-md;
+            font-size: $font-size-xs;
             max-height: 200px;
             overflow: auto;
         }
@@ -347,32 +347,32 @@
     .events-list {
         display: flex;
         flex-direction: column;
-        gap: @space-2;
+        gap: $space-2;
     }
 
     .event-item {
         display: flex;
         align-items: flex-start;
-        gap: @space-4;
-        padding: @space-4;
-        background: @bg-hover;
-        border-radius: @radius-md;
-        border-left: 3px solid @border-subtle;
+        gap: $space-4;
+        padding: $space-4;
+        background: $bg-hover;
+        border-radius: $radius-md;
+        border-left: 3px solid $border-subtle;
 
         &.malware {
-            border-left-color: @danger;
-            .event-icon { color: @danger; }
+            border-left-color: $danger;
+            .event-icon { color: $danger; }
         }
 
         &.integrity {
-            border-left-color: @warning;
-            .event-icon { color: @warning; }
+            border-left-color: $warning;
+            .event-icon { color: $warning; }
         }
     }
 
     .event-icon {
         flex-shrink: 0;
-        color: @text-secondary;
+        color: $text-secondary;
     }
 
     .event-content {
@@ -381,12 +381,12 @@
 
         .event-message {
             display: block;
-            margin-bottom: @space-1;
+            margin-bottom: $space-1;
         }
 
         .event-time {
-            font-size: @font-size-sm;
-            color: @text-tertiary;
+            font-size: $font-size-sm;
+            color: $text-tertiary;
         }
     }
 }
@@ -394,44 +394,44 @@
 // Settings Tab
 .settings-tab {
     .card {
-        margin-bottom: @space-6;
+        margin-bottom: $space-6;
     }
 
     .form-actions {
-        margin-top: @space-6;
+        margin-top: $space-6;
     }
 }
 
 // Shared Components
 .not-installed {
     text-align: center;
-    padding: @space-6;
+    padding: $space-6;
 
     p {
-        margin-bottom: @space-4;
-        color: @text-secondary;
+        margin-bottom: $space-4;
+        color: $text-secondary;
     }
 }
 
 .info-list {
     display: flex;
     flex-direction: column;
-    gap: @space-2;
+    gap: $space-2;
 }
 
 .info-item {
     display: flex;
     justify-content: space-between;
     align-items: center;
-    padding: @space-2 0;
-    border-bottom: 1px solid @border-subtle;
+    padding: $space-2 0;
+    border-bottom: 1px solid $border-subtle;
 
     &:last-child {
         border-bottom: none;
     }
 
     .info-label {
-        color: @text-secondary;
+        color: $text-secondary;
     }
 
     .info-value {
@@ -440,109 +440,109 @@
 }
 
 .help-text {
-    color: @text-secondary;
-    font-size: @font-size-sm;
+    color: $text-secondary;
+    font-size: $font-size-sm;
 }
 
 .loading-sm {
-    color: @text-tertiary;
-    font-size: @font-size-sm;
-    padding: @space-4;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
+    padding: $space-4;
 }
 
 // Firewall Tab
 .firewall-tab {
     .firewall-header {
-        margin-bottom: @space-6;
+        margin-bottom: $space-6;
     }
 
     .firewall-status-row {
         display: flex;
         justify-content: space-between;
         align-items: center;
-        padding: @space-4;
-        background: @bg-card;
-        border-radius: @radius-lg;
-        border: 1px solid @border-subtle;
+        padding: $space-4;
+        background: $bg-card;
+        border-radius: $radius-lg;
+        border: 1px solid $border-subtle;
     }
 
     .status-indicator {
         display: flex;
         align-items: center;
-        gap: @space-2;
+        gap: $space-2;
         font-weight: 600;
 
         &.active {
-            color: @success;
+            color: $success;
         }
 
         &.inactive {
-            color: @danger;
+            color: $danger;
         }
 
         .firewall-type {
-            color: @text-tertiary;
+            color: $text-tertiary;
             font-weight: 400;
         }
     }
 
     .firewall-actions {
         display: flex;
-        gap: @space-2;
+        gap: $space-2;
     }
 
     .firewall-stats {
         display: flex;
-        gap: @space-4;
-        margin-bottom: @space-6;
+        gap: $space-4;
+        margin-bottom: $space-6;
     }
 
     .stat-mini {
         display: flex;
         flex-direction: column;
         align-items: center;
-        padding: @space-4 @space-6;
-        background: @bg-card;
-        border-radius: @radius-md;
-        border: 1px solid @border-subtle;
+        padding: $space-4 $space-6;
+        background: $bg-card;
+        border-radius: $radius-md;
+        border: 1px solid $border-subtle;
         min-width: 100px;
 
         .stat-value {
-            font-size: @font-size-xl;
+            font-size: $font-size-xl;
             font-weight: 700;
         }
 
         .stat-label {
-            color: @text-tertiary;
-            font-size: @font-size-sm;
+            color: $text-tertiary;
+            font-size: $font-size-sm;
         }
     }
 
     .subtabs {
         display: flex;
-        gap: @space-1;
-        margin-bottom: @space-4;
-        border-bottom: 1px solid @border-subtle;
-        padding-bottom: @space-2;
+        gap: $space-1;
+        margin-bottom: $space-4;
+        border-bottom: 1px solid $border-subtle;
+        padding-bottom: $space-2;
 
         .subtab {
-            padding: @space-2 @space-3;
+            padding: $space-2 $space-3;
             border: none;
             background: none;
-            color: @text-secondary;
+            color: $text-secondary;
             cursor: pointer;
-            border-radius: @radius-sm;
-            font-size: @font-size-sm;
+            border-radius: $radius-sm;
+            font-size: $font-size-sm;
             transition: all 0.2s;
 
             &:hover {
-                background: @bg-hover;
-                color: @text-primary;
+                background: $bg-hover;
+                color: $text-primary;
             }
 
             &.active {
-                background: @bg-hover;
-                color: @accent-primary;
+                background: $bg-hover;
+                color: $accent-primary;
             }
         }
     }
@@ -550,16 +550,16 @@
     .quick-ports-grid {
         display: grid;
         grid-template-columns: repeat(auto-fill, minmax(180px, 1fr));
-        gap: @space-3;
+        gap: $space-3;
     }
 
     .quick-port-card {
         display: flex;
         justify-content: space-between;
         align-items: center;
-        padding: @space-3 @space-4;
-        background: @bg-hover;
-        border-radius: @radius-md;
+        padding: $space-3 $space-4;
+        background: $bg-hover;
+        border-radius: $radius-md;
 
         .port-info {
             display: flex;
@@ -570,9 +570,9 @@
             }
 
             .port-number {
-                color: @text-tertiary;
-                font-size: @font-size-sm;
-                font-family: @font-mono;
+                color: $text-tertiary;
+                font-size: $font-size-sm;
+                font-family: $font-mono;
             }
         }
     }
@@ -580,38 +580,38 @@
     .blocked-list {
         display: flex;
         flex-direction: column;
-        gap: @space-2;
+        gap: $space-2;
     }
 
     .blocked-item {
         display: flex;
         justify-content: space-between;
         align-items: center;
-        padding: @space-3 @space-4;
-        background: @bg-hover;
-        border-radius: @radius-md;
+        padding: $space-3 $space-4;
+        background: $bg-hover;
+        border-radius: $radius-md;
 
         .blocked-ip {
-            font-family: @font-mono;
+            font-family: $font-mono;
             font-weight: 500;
         }
     }
 
     .empty-state-sm {
         text-align: center;
-        padding: @space-6;
-        color: @text-secondary;
+        padding: $space-6;
+        color: $text-secondary;
     }
 
     .install-info {
-        margin-top: @space-4;
-        padding: @space-4;
-        background: @bg-hover;
-        border-radius: @radius-md;
+        margin-top: $space-4;
+        padding: $space-4;
+        background: $bg-hover;
+        border-radius: $radius-md;
 
         p {
             margin: 0;
-            font-size: @font-size-sm;
+            font-size: $font-size-sm;
         }
     }
 }
@@ -631,8 +631,8 @@
     }
 
     &::-webkit-scrollbar-thumb {
-        background: @border-subtle;
-        border-radius: @radius-sm;
+        background: $border-subtle;
+        border-radius: $radius-sm;
     }
 }
 
@@ -640,14 +640,14 @@
 .fail2ban-tab {
     .card-actions {
         display: flex;
-        gap: @space-2;
+        gap: $space-2;
     }
 }
 
 // SSH Keys Tab
 .ssh-keys-tab {
     .fingerprint {
-        font-size: @font-size-xs;
+        font-size: $font-size-xs;
         word-break: break-all;
     }
 
@@ -656,8 +656,8 @@
     }
 
     textarea {
-        font-family: @font-mono;
-        font-size: @font-size-sm;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
     }
 }
 
@@ -666,49 +666,49 @@
     .ip-lists-grid {
         display: grid;
         grid-template-columns: repeat(auto-fit, minmax(400px, 1fr));
-        gap: @space-6;
+        gap: $space-6;
     }
 
     .ip-list {
         display: flex;
         flex-direction: column;
-        gap: @space-2;
+        gap: $space-2;
     }
 
     .ip-list-item {
         display: flex;
         justify-content: space-between;
         align-items: center;
-        padding: @space-3 @space-4;
-        background: @bg-hover;
-        border-radius: @radius-md;
+        padding: $space-3 $space-4;
+        background: $bg-hover;
+        border-radius: $radius-md;
     }
 
     .ip-info {
         display: flex;
         align-items: center;
-        gap: @space-3;
+        gap: $space-3;
 
         code {
             font-weight: 500;
         }
 
         .ip-allowed {
-            color: @success;
+            color: $success;
         }
 
         .ip-blocked {
-            color: @danger;
+            color: $danger;
         }
 
         .ip-comment {
-            color: @text-secondary;
-            font-size: @font-size-sm;
+            color: $text-secondary;
+            font-size: $font-size-sm;
         }
 
         .ip-date {
-            color: @text-tertiary;
-            font-size: @font-size-xs;
+            color: $text-tertiary;
+            font-size: $font-size-xs;
         }
     }
 }
@@ -719,8 +719,8 @@
         display: flex;
         flex-direction: column;
         align-items: center;
-        padding: @space-8;
-        gap: @space-4;
+        padding: $space-8;
+        gap: $space-4;
 
         .spinner {
             width: 40px;
@@ -731,16 +731,16 @@
     .audit-results {
         display: flex;
         flex-direction: column;
-        gap: @space-6;
+        gap: $space-6;
     }
 
     .audit-score {
         display: flex;
         flex-direction: column;
         align-items: center;
-        padding: @space-6;
-        background: @bg-hover;
-        border-radius: @radius-lg;
+        padding: $space-6;
+        background: $bg-hover;
+        border-radius: $radius-lg;
         text-align: center;
 
         .score-value {
@@ -749,54 +749,54 @@
         }
 
         .score-label {
-            color: @text-secondary;
+            color: $text-secondary;
         }
 
         &.score-excellent {
-            border: 2px solid @success;
-            .score-value { color: @success; }
+            border: 2px solid $success;
+            .score-value { color: $success; }
         }
 
         &.score-good {
-            border: 2px solid @accent-primary;
-            .score-value { color: @accent-primary; }
+            border: 2px solid $accent-primary;
+            .score-value { color: $accent-primary; }
         }
 
         &.score-fair {
-            border: 2px solid @warning;
-            .score-value { color: @warning; }
+            border: 2px solid $warning;
+            .score-value { color: $warning; }
         }
 
         &.score-poor {
-            border: 2px solid @danger;
-            .score-value { color: @danger; }
+            border: 2px solid $danger;
+            .score-value { color: $danger; }
         }
     }
 
     .audit-timestamp {
         text-align: center;
-        color: @text-tertiary;
-        font-size: @font-size-sm;
+        color: $text-tertiary;
+        font-size: $font-size-sm;
     }
 
     .audit-section {
         h4 {
-            margin-bottom: @space-3;
-            padding-bottom: @space-2;
-            border-bottom: 1px solid @border-subtle;
+            margin-bottom: $space-3;
+            padding-bottom: $space-2;
+            border-bottom: 1px solid $border-subtle;
         }
 
         &.recommendations {
-            background: fade(@accent-primary-raw, 10%);
-            padding: @space-4;
-            border-radius: @radius-md;
+            background: fade($accent-primary-raw, 10%);
+            padding: $space-4;
+            border-radius: $radius-md;
 
             ul {
                 margin: 0;
-                padding-left: @space-6;
+                padding-left: $space-6;
 
                 li {
-                    margin-bottom: @space-2;
+                    margin-bottom: $space-2;
 
                     &:last-child {
                         margin-bottom: 0;
@@ -809,20 +809,20 @@
     .findings-list {
         display: flex;
         flex-direction: column;
-        gap: @space-2;
+        gap: $space-2;
     }
 
     .finding-item {
         display: flex;
         align-items: center;
-        gap: @space-3;
-        padding: @space-2 @space-3;
-        background: @bg-hover;
-        border-radius: @radius-sm;
+        gap: $space-3;
+        padding: $space-2 $space-3;
+        background: $bg-hover;
+        border-radius: $radius-sm;
 
         .finding-message {
             flex: 1;
-            font-size: @font-size-sm;
+            font-size: $font-size-sm;
         }
     }
 }
@@ -830,11 +830,11 @@
 // Vulnerability Tab
 .vulnerability-tab {
     .scan-section {
-        margin-bottom: @space-6;
+        margin-bottom: $space-6;
 
         h4 {
-            margin-bottom: @space-3;
-            color: @text-secondary;
+            margin-bottom: $space-3;
+            color: $text-secondary;
         }
     }
 
@@ -842,26 +842,26 @@
         list-style: none;
         padding: 0;
         margin: 0;
-        background: @bg-hover;
-        border-radius: @radius-md;
+        background: $bg-hover;
+        border-radius: $radius-md;
         max-height: 300px;
         overflow-y: auto;
 
         li {
-            padding: @space-2 @space-4;
-            font-size: @font-size-sm;
-            border-bottom: 1px solid @border-subtle;
+            padding: $space-2 $space-4;
+            font-size: $font-size-sm;
+            border-bottom: 1px solid $border-subtle;
 
             &:last-child {
                 border-bottom: none;
             }
 
             &.warning {
-                border-left: 3px solid @warning;
+                border-left: 3px solid $warning;
             }
 
             &.suggestion {
-                border-left: 3px solid @accent-primary;
+                border-left: 3px solid $accent-primary;
             }
         }
     }
@@ -871,13 +871,13 @@
 .auto-updates-tab {
     .auto-updates-actions {
         display: flex;
-        gap: @space-4;
+        gap: $space-4;
     }
 
     .help-text {
-        background: @bg-hover;
-        padding: @space-4;
-        border-radius: @radius-md;
+        background: $bg-hover;
+        padding: $space-4;
+        border-radius: $radius-md;
 
         p {
             margin: 0;
@@ -890,26 +890,26 @@
     display: flex;
     flex-direction: column;
     align-items: center;
-    padding: @space-8;
+    padding: $space-8;
     text-align: center;
 
     svg {
-        color: @text-tertiary;
-        margin-bottom: @space-4;
+        color: $text-tertiary;
+        margin-bottom: $space-4;
     }
 
     h3 {
-        margin-bottom: @space-2;
+        margin-bottom: $space-2;
     }
 
     p {
-        color: @text-secondary;
-        margin-bottom: @space-6;
+        color: $text-secondary;
+        margin-bottom: $space-6;
     }
 }
 
 .empty-state-sm {
     text-align: center;
-    padding: @space-6;
-    color: @text-secondary;
+    padding: $space-6;
+    color: $text-secondary;
 }
diff --git a/frontend/src/styles/pages/_server-templates.scss b/frontend/src/styles/pages/_server-templates.scss
new file mode 100644
index 00000000..32366237
--- /dev/null
+++ b/frontend/src/styles/pages/_server-templates.scss
@@ -0,0 +1,133 @@
+// Server Templates page styles
+
+.server-templates-page {
+    .compliance-bar {
+        margin: $spacing-lg 0;
+        padding: $spacing-lg;
+        background: $card-bg;
+        border-radius: $radius-lg;
+        border: 1px solid $border-color;
+
+        &__stats {
+            display: flex;
+            gap: $spacing-xl;
+            margin-bottom: $spacing-md;
+        }
+
+        &__progress {
+            height: 8px;
+            background: $border-color;
+            border-radius: 4px;
+            overflow: hidden;
+
+            .progress-fill {
+                height: 100%;
+                background: $success-color;
+                border-radius: 4px;
+                transition: width 0.3s ease;
+            }
+        }
+    }
+
+    .stat-item {
+        display: flex;
+        flex-direction: column;
+
+        &__value {
+            font-size: 1.5rem;
+            font-weight: 700;
+        }
+
+        &__label {
+            font-size: 0.8rem;
+            color: $text-muted;
+            text-transform: uppercase;
+        }
+
+        &--success .stat-item__value { color: $success-color; }
+        &--danger .stat-item__value { color: $danger-color; }
+        &--muted .stat-item__value { color: $text-muted; }
+    }
+
+    .templates-grid {
+        display: grid;
+        grid-template-columns: repeat(auto-fill, minmax(340px, 1fr));
+        gap: $spacing-lg;
+        margin-top: $spacing-lg;
+    }
+
+    .template-card {
+        padding: $spacing-lg;
+        display: flex;
+        flex-direction: column;
+        gap: $spacing-sm;
+        cursor: pointer;
+        transition: border-color 0.15s;
+
+        &:hover {
+            border-color: $primary-color;
+        }
+
+        &__header {
+            display: flex;
+            justify-content: space-between;
+            align-items: center;
+
+            h3 { margin: 0; }
+        }
+
+        &__desc {
+            color: $text-secondary;
+            font-size: 0.9rem;
+            margin: 0;
+        }
+
+        &__meta {
+            display: flex;
+            gap: $spacing-md;
+            font-size: 0.85rem;
+            color: $text-muted;
+        }
+
+        &__spec {
+            display: flex;
+            flex-wrap: wrap;
+            gap: $spacing-xs;
+
+            span {
+                font-size: 0.8rem;
+                padding: 2px 8px;
+                background: $hover-bg;
+                border-radius: $radius-sm;
+            }
+        }
+
+        &__actions {
+            display: flex;
+            gap: $spacing-sm;
+            margin-top: $spacing-sm;
+            padding-top: $spacing-sm;
+            border-top: 1px solid $border-color;
+        }
+    }
+
+    .server-select-list {
+        display: flex;
+        flex-direction: column;
+        gap: $spacing-xs;
+        max-height: 300px;
+        overflow-y: auto;
+    }
+
+    .server-select-item {
+        display: flex;
+        align-items: center;
+        gap: $spacing-sm;
+        padding: $spacing-sm $spacing-md;
+        border-radius: $radius-md;
+        cursor: pointer;
+        transition: background-color 0.15s;
+
+        &:hover { background: $hover-bg; }
+    }
+}
diff --git a/frontend/src/styles/pages/_servers.less b/frontend/src/styles/pages/_servers.less
deleted file mode 100644
index 79cf2c08..00000000
--- a/frontend/src/styles/pages/_servers.less
+++ /dev/null
@@ -1,1573 +0,0 @@
-// ============================================
-// SERVERS PAGE
-// ============================================
-
-// Page Layout
-.servers-page {
-    padding: 0;
-}
-
-// Stats Row
-.servers-stats {
-    display: grid;
-    grid-template-columns: repeat(4, 1fr);
-    gap: @space-4;
-    margin-bottom: @space-6;
-
-    @media (max-width: @breakpoint-lg) {
-        grid-template-columns: repeat(2, 1fr);
-    }
-
-    @media (max-width: @breakpoint-sm) {
-        grid-template-columns: 1fr;
-    }
-}
-
-.stat-card {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    padding: @space-5;
-    display: flex;
-    align-items: center;
-    gap: @space-4;
-}
-
-.stat-icon {
-    width: 48px;
-    height: 48px;
-    border-radius: @radius-md;
-    display: flex;
-    align-items: center;
-    justify-content: center;
-
-    svg {
-        width: 24px;
-        height: 24px;
-    }
-
-    &.total {
-        background: @accent-glow;
-        color: @accent-primary;
-    }
-
-    &.online {
-        background: @success-bg;
-        color: @success;
-    }
-
-    &.offline {
-        background: @danger-bg;
-        color: @danger;
-    }
-
-    &.connecting {
-        background: @warning-bg;
-        color: @warning;
-    }
-}
-
-.stat-content {
-    .stat-value {
-        font-family: @font-mono;
-        font-size: @font-size-2xl;
-        font-weight: @font-weight-bold;
-        color: @text-primary;
-    }
-
-    .stat-label {
-        font-size: @font-size-sm;
-        color: @text-tertiary;
-    }
-}
-
-// Toolbar
-.servers-toolbar {
-    display: flex;
-    gap: @space-4;
-    margin-bottom: @space-6;
-
-    @media (max-width: @breakpoint-sm) {
-        flex-direction: column;
-    }
-}
-
-.search-box {
-    position: relative;
-    flex: 1;
-
-    svg {
-        position: absolute;
-        left: @space-3;
-        top: 50%;
-        transform: translateY(-50%);
-        color: @text-tertiary;
-    }
-
-    input {
-        width: 100%;
-        background: @bg-card;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-md;
-        padding: @space-3 @space-3 @space-3 @space-10;
-        color: @text-primary;
-        font-size: @font-size-sm;
-
-        &::placeholder {
-            color: @text-tertiary;
-        }
-
-        &:focus {
-            outline: none;
-            border-color: @accent-primary;
-        }
-    }
-}
-
-.group-filter {
-    select {
-        background: @bg-card;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-md;
-        padding: @space-3 @space-4;
-        color: @text-primary;
-        font-size: @font-size-sm;
-        min-width: 160px;
-
-        &:focus {
-            outline: none;
-            border-color: @accent-primary;
-        }
-    }
-}
-
-// Servers Grid
-.servers-grid {
-    display: grid;
-    grid-template-columns: repeat(auto-fill, minmax(340px, 1fr));
-    gap: @space-5;
-}
-
-// Server Card
-.server-card {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    overflow: hidden;
-    transition: border-color @transition-base, box-shadow @transition-base;
-
-    &:hover {
-        border-color: @border-active;
-    }
-
-    &.online {
-        &:hover {
-            border-color: @success;
-            box-shadow: 0 0 0 1px @success-border;
-        }
-    }
-
-    &.offline {
-        opacity: 0.8;
-    }
-}
-
-.server-card-header {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-    padding: @space-4;
-    border-bottom: 1px solid @border-subtle;
-}
-
-.server-status-indicator {
-    width: 10px;
-    height: 10px;
-    border-radius: 50%;
-    flex-shrink: 0;
-}
-
-.server-info {
-    flex: 1;
-    min-width: 0;
-
-    .server-name {
-        font-size: @font-size-base;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-        margin: 0;
-        white-space: nowrap;
-        overflow: hidden;
-        text-overflow: ellipsis;
-    }
-
-    .server-hostname {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-        font-family: @font-mono;
-    }
-}
-
-.server-card-body {
-    padding: @space-4;
-}
-
-.server-meta {
-    display: grid;
-    grid-template-columns: repeat(2, 1fr);
-    gap: @space-3;
-    margin-bottom: @space-4;
-}
-
-.meta-item {
-    display: flex;
-    flex-direction: column;
-    gap: @space-1;
-
-    .meta-label {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-        text-transform: uppercase;
-        letter-spacing: 0.05em;
-    }
-
-    .meta-value {
-        font-size: @font-size-sm;
-        color: @text-secondary;
-    }
-}
-
-// Mini metrics bars
-.server-metrics-mini {
-    display: flex;
-    flex-direction: column;
-    gap: @space-2;
-    margin-bottom: @space-4;
-}
-
-.metric-bar {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-
-    .metric-label {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-        width: 32px;
-    }
-
-    .bar-track {
-        flex: 1;
-        height: 4px;
-        background: @bg-secondary;
-        border-radius: @radius-full;
-        overflow: hidden;
-    }
-
-    .bar-fill {
-        height: 100%;
-        border-radius: @radius-full;
-        transition: width @transition-base;
-
-        &.cpu {
-            background: @accent-primary;
-        }
-
-        &.memory {
-            background: @success;
-        }
-
-        &.disk {
-            background: @warning;
-        }
-    }
-
-    .metric-value {
-        font-size: @font-size-xs;
-        font-family: @font-mono;
-        color: @text-tertiary;
-        width: 32px;
-        text-align: right;
-    }
-}
-
-.server-group-badge {
-    display: inline-flex;
-    align-items: center;
-    gap: @space-1;
-    background: @bg-hover;
-    color: @text-secondary;
-    font-size: @font-size-xs;
-    padding: @space-1 @space-2;
-    border-radius: @radius-sm;
-}
-
-.server-card-footer {
-    display: flex;
-    gap: @space-2;
-    padding: @space-3 @space-4;
-    background: @bg-hover;
-    border-top: 1px solid @border-subtle;
-
-    .btn {
-        flex: 1;
-        justify-content: center;
-    }
-
-    .btn-sm {
-        padding: @space-2 @space-3;
-        font-size: @font-size-xs;
-    }
-}
-
-// Empty state
-.empty-state {
-    text-align: center;
-    padding: @space-16 @space-6;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-
-    .empty-icon {
-        width: 64px;
-        height: 64px;
-        color: @text-tertiary;
-        margin-bottom: @space-4;
-    }
-
-    h3 {
-        font-size: @font-size-lg;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-        margin: 0 0 @space-2;
-    }
-
-    p {
-        color: @text-secondary;
-        margin: 0 0 @space-6;
-    }
-}
-
-// ============================================
-// SERVER DETAIL PAGE
-// ============================================
-
-.server-detail-page {
-    padding: 0;
-}
-
-.page-breadcrumb {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    font-size: @font-size-sm;
-    margin-bottom: @space-3;
-
-    a {
-        color: @text-tertiary;
-        text-decoration: none;
-
-        &:hover {
-            color: @text-primary;
-        }
-    }
-
-    .breadcrumb-separator {
-        color: @text-tertiary;
-    }
-
-    span:last-child {
-        color: @text-secondary;
-    }
-}
-
-.server-title {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-
-    h1 {
-        margin: 0;
-    }
-}
-
-.status-dot {
-    width: 12px;
-    height: 12px;
-    border-radius: 50%;
-
-    &.large {
-        width: 14px;
-        height: 14px;
-    }
-}
-
-.server-detail-tabs {
-    display: flex;
-    gap: @space-1;
-    margin-bottom: @space-6;
-    border-bottom: 1px solid @border-subtle;
-    padding-bottom: 0;
-}
-
-.tab-btn {
-    background: transparent;
-    border: none;
-    color: @text-tertiary;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    padding: @space-3 @space-4;
-    cursor: pointer;
-    border-bottom: 2px solid transparent;
-    margin-bottom: -1px;
-    transition: all @transition-base;
-
-    &:hover {
-        color: @text-primary;
-    }
-
-    &.active {
-        color: @text-primary;
-        border-bottom-color: @accent-primary;
-    }
-}
-
-// Overview Tab
-.overview-grid {
-    display: grid;
-    grid-template-columns: repeat(2, 1fr);
-    gap: @space-5;
-
-    @media (max-width: @breakpoint-lg) {
-        grid-template-columns: 1fr;
-    }
-}
-
-.info-card {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-5;
-
-    h3 {
-        font-size: @font-size-sm;
-        font-weight: @font-weight-semibold;
-        color: @text-tertiary;
-        text-transform: uppercase;
-        letter-spacing: 0.05em;
-        margin: 0 0 @space-4;
-    }
-}
-
-.info-list {
-    display: flex;
-    flex-direction: column;
-    gap: @space-3;
-}
-
-.info-item {
-    display: flex;
-    justify-content: space-between;
-    align-items: center;
-
-    .info-label {
-        font-size: @font-size-sm;
-        color: @text-tertiary;
-    }
-
-    .info-value {
-        font-size: @font-size-sm;
-        color: @text-primary;
-
-        &.mono {
-            font-family: @font-mono;
-            font-size: @font-size-xs;
-        }
-    }
-}
-
-.status-badge {
-    display: inline-flex;
-    align-items: center;
-    gap: @space-1;
-    padding: @space-1 @space-2;
-    border-radius: @radius-sm;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-medium;
-    text-transform: capitalize;
-
-    &.online {
-        background: @success-bg;
-        color: @success;
-    }
-
-    &.offline {
-        background: @danger-bg;
-        color: @danger;
-    }
-
-    &.connecting {
-        background: @warning-bg;
-        color: @warning;
-    }
-
-    &.pending {
-        background: @bg-secondary;
-        color: @text-tertiary;
-    }
-}
-
-// Resource Meters
-.metrics-card {
-    grid-column: span 2;
-
-    @media (max-width: @breakpoint-lg) {
-        grid-column: span 1;
-    }
-}
-
-.resource-meters {
-    display: grid;
-    grid-template-columns: repeat(3, 1fr);
-    gap: @space-6;
-
-    @media (max-width: @breakpoint-md) {
-        grid-template-columns: 1fr;
-    }
-}
-
-.resource-meter {
-    .resource-header {
-        display: flex;
-        justify-content: space-between;
-        margin-bottom: @space-2;
-
-        .resource-label {
-            font-size: @font-size-sm;
-            color: @text-secondary;
-        }
-
-        .resource-value {
-            font-family: @font-mono;
-            font-size: @font-size-sm;
-            color: @text-primary;
-        }
-    }
-
-    .resource-bar {
-        height: 8px;
-        background: @bg-secondary;
-        border-radius: @radius-full;
-        overflow: hidden;
-
-        .resource-fill {
-            height: 100%;
-            border-radius: @radius-full;
-            transition: width @transition-base;
-        }
-    }
-}
-
-.offline-card {
-    grid-column: span 2;
-
-    @media (max-width: @breakpoint-lg) {
-        grid-column: span 1;
-    }
-}
-
-.offline-message {
-    text-align: center;
-    padding: @space-6;
-
-    svg {
-        color: @text-tertiary;
-        margin-bottom: @space-4;
-    }
-
-    h4 {
-        font-size: @font-size-lg;
-        color: @text-primary;
-        margin: 0 0 @space-2;
-    }
-
-    p {
-        color: @text-secondary;
-        margin: 0;
-    }
-}
-
-.offline-notice {
-    text-align: center;
-    padding: @space-12;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-
-    svg {
-        color: @text-tertiary;
-        margin-bottom: @space-4;
-    }
-
-    h4 {
-        font-size: @font-size-lg;
-        color: @text-primary;
-        margin: 0 0 @space-2;
-    }
-
-    p {
-        color: @text-secondary;
-        margin: 0;
-    }
-}
-
-// Docker Tab
-.docker-tab {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    overflow: hidden;
-}
-
-.docker-sub-tabs {
-    display: flex;
-    border-bottom: 1px solid @border-subtle;
-    padding: 0 @space-4;
-}
-
-.sub-tab {
-    background: transparent;
-    border: none;
-    color: @text-tertiary;
-    font-size: @font-size-sm;
-    padding: @space-4;
-    cursor: pointer;
-    border-bottom: 2px solid transparent;
-    margin-bottom: -1px;
-
-    &:hover {
-        color: @text-primary;
-    }
-
-    &.active {
-        color: @text-primary;
-        border-bottom-color: @accent-primary;
-    }
-}
-
-.containers-list,
-.images-list {
-    padding: @space-4;
-}
-
-.data-table {
-    width: 100%;
-    border-collapse: collapse;
-
-    th {
-        text-align: left;
-        font-size: @font-size-xs;
-        font-weight: @font-weight-semibold;
-        color: @text-tertiary;
-        text-transform: uppercase;
-        letter-spacing: 0.05em;
-        padding: @space-3;
-        border-bottom: 1px solid @border-subtle;
-    }
-
-    td {
-        padding: @space-3;
-        font-size: @font-size-sm;
-        color: @text-secondary;
-        border-bottom: 1px solid @border-subtle;
-    }
-
-    tr:last-child td {
-        border-bottom: none;
-    }
-
-    .container-name {
-        display: block;
-        color: @text-primary;
-        font-weight: @font-weight-medium;
-    }
-
-    .container-id {
-        display: block;
-        font-family: @font-mono;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-    }
-
-    .mono {
-        font-family: @font-mono;
-        font-size: @font-size-xs;
-    }
-}
-
-.status-pill {
-    display: inline-flex;
-    align-items: center;
-    gap: @space-1;
-    padding: @space-1 @space-2;
-    border-radius: @radius-sm;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-medium;
-
-    &.running {
-        background: @success-bg;
-        color: @success;
-    }
-
-    &.stopped {
-        background: @bg-secondary;
-        color: @text-tertiary;
-    }
-}
-
-.actions-cell {
-    display: flex;
-    gap: @space-1;
-    justify-content: flex-end;
-}
-
-.btn-icon {
-    background: transparent;
-    border: none;
-    color: @text-tertiary;
-    cursor: pointer;
-    padding: @space-2;
-    border-radius: @radius-sm;
-    display: flex;
-    align-items: center;
-    justify-content: center;
-
-    &:hover {
-        color: @text-primary;
-        background: @bg-hover;
-    }
-
-    &.success {
-        color: @success;
-
-        &:hover {
-            background: @success-bg;
-        }
-    }
-
-    &.danger {
-        color: @danger;
-
-        &:hover {
-            background: @danger-bg;
-        }
-    }
-}
-
-.empty-list {
-    text-align: center;
-    padding: @space-8;
-    color: @text-tertiary;
-}
-
-// Metrics Tab
-.metrics-tab {
-    padding: 0;
-}
-
-.metrics-live-stats {
-    margin-top: @space-6;
-}
-
-.live-stat-card {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-5;
-
-    h4 {
-        font-size: @font-size-xs;
-        font-weight: @font-weight-semibold;
-        color: @text-tertiary;
-        text-transform: uppercase;
-        letter-spacing: 0.05em;
-        margin: 0 0 @space-4;
-    }
-}
-
-.live-stats-grid {
-    display: grid;
-    grid-template-columns: repeat(6, 1fr);
-    gap: @space-4;
-
-    @media (max-width: @breakpoint-lg) {
-        grid-template-columns: repeat(3, 1fr);
-    }
-
-    @media (max-width: @breakpoint-sm) {
-        grid-template-columns: repeat(2, 1fr);
-    }
-}
-
-.live-stat {
-    text-align: center;
-
-    .live-stat-label {
-        display: block;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-        margin-bottom: @space-1;
-    }
-
-    .live-stat-value {
-        display: block;
-        font-size: @font-size-md;
-        font-weight: @font-weight-semibold;
-        font-family: @font-mono;
-        color: @text-primary;
-    }
-}
-
-.metrics-grid {
-    display: grid;
-    grid-template-columns: repeat(3, 1fr);
-    gap: @space-5;
-
-    @media (max-width: @breakpoint-lg) {
-        grid-template-columns: repeat(2, 1fr);
-    }
-
-    @media (max-width: @breakpoint-md) {
-        grid-template-columns: 1fr;
-    }
-}
-
-.metric-card {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-5;
-
-    &.large {
-        display: flex;
-        flex-direction: column;
-        align-items: center;
-    }
-
-    h3 {
-        font-size: @font-size-sm;
-        font-weight: @font-weight-semibold;
-        color: @text-tertiary;
-        text-transform: uppercase;
-        letter-spacing: 0.05em;
-        margin: 0 0 @space-4;
-        text-align: center;
-    }
-}
-
-.metric-gauge {
-    display: flex;
-    justify-content: center;
-    margin-bottom: @space-4;
-}
-
-.circular-gauge {
-    width: 120px;
-    height: 120px;
-
-    .gauge-bg {
-        fill: none;
-        stroke: @bg-secondary;
-        stroke-width: 8;
-    }
-
-    .gauge-fill {
-        fill: none;
-        stroke-width: 8;
-        stroke-linecap: round;
-        transform: rotate(-90deg);
-        transform-origin: center;
-    }
-
-    .gauge-text {
-        font-family: @font-mono;
-        font-size: 20px;
-        font-weight: @font-weight-bold;
-        fill: @text-primary;
-        text-anchor: middle;
-        dominant-baseline: middle;
-    }
-}
-
-.metric-details {
-    width: 100%;
-}
-
-.detail-item {
-    display: flex;
-    justify-content: space-between;
-    padding: @space-2 0;
-    font-size: @font-size-sm;
-    border-top: 1px solid @border-subtle;
-
-    &:first-child {
-        border-top: none;
-    }
-
-    span:first-child {
-        color: @text-tertiary;
-    }
-
-    span:last-child {
-        color: @text-primary;
-        font-family: @font-mono;
-    }
-}
-
-.network-stats,
-.docker-stats {
-    display: flex;
-    flex-direction: column;
-    gap: @space-4;
-}
-
-.net-stat,
-.docker-stat {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-
-    svg {
-        color: @text-tertiary;
-    }
-
-    span:first-of-type {
-        color: @text-tertiary;
-        font-size: @font-size-sm;
-        flex: 1;
-    }
-
-    .value {
-        font-family: @font-mono;
-        font-size: @font-size-sm;
-        color: @text-primary;
-    }
-}
-
-// Settings Tab
-.settings-tab {
-    max-width: none;
-}
-
-.settings-grid {
-    display: grid;
-    grid-template-columns: 1fr 1fr;
-    gap: @space-6;
-    margin-bottom: @space-6;
-    align-items: start;
-
-    @media (max-width: @breakpoint-lg) {
-        grid-template-columns: 1fr;
-    }
-
-    .form-section {
-        margin-bottom: 0;
-    }
-}
-
-.settings-form {
-    margin-bottom: 0;
-    background: transparent;
-    border: none;
-    border-radius: 0;
-    padding: 0;
-
-    .form-section .btn[type="submit"] {
-        margin-top: @space-4;
-    }
-}
-
-.security-grid {
-    display: grid;
-    grid-template-columns: 1fr 1fr;
-    gap: @space-6;
-    margin-bottom: @space-6;
-    align-items: start;
-
-    @media (max-width: @breakpoint-lg) {
-        grid-template-columns: 1fr;
-    }
-
-    .form-section {
-        margin-bottom: 0;
-    }
-}
-
-// Security section styles
-.security-info-bar {
-    display: flex;
-    gap: @space-6;
-    padding: @space-4;
-    background: @bg-elevated;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    margin-bottom: @space-5;
-}
-
-.security-info-item {
-    .security-info-label {
-        display: block;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-        margin-bottom: @space-1;
-    }
-
-    .security-info-value {
-        font-size: @font-size-sm;
-        color: @text-primary;
-
-        code {
-            font-family: @font-mono;
-            background: @bg-body;
-            padding: 2px @space-2;
-            border-radius: @radius-sm;
-            font-size: @font-size-xs;
-        }
-    }
-}
-
-.subsection {
-    h4 {
-        font-size: @font-size-sm;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-        margin: 0 0 @space-2;
-    }
-}
-
-.ip-list {
-    margin-bottom: @space-3;
-}
-
-.ip-empty {
-    font-size: @font-size-sm;
-    color: @text-tertiary;
-    padding: @space-4;
-    text-align: center;
-    background: @bg-elevated;
-    border: 1px dashed @border-subtle;
-    border-radius: @radius-md;
-}
-
-.ip-item {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-    padding: @space-2 @space-3;
-    background: @bg-elevated;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    margin-bottom: @space-2;
-
-    code {
-        flex: 1;
-        font-family: @font-mono;
-        font-size: @font-size-sm;
-        color: @text-primary;
-    }
-
-    .badge-success {
-        font-size: @font-size-xs;
-        padding: 2px @space-2;
-        background: @success-bg;
-        color: @success;
-        border-radius: @radius-sm;
-    }
-}
-
-.ip-add-form {
-    display: flex;
-    gap: @space-2;
-
-    input {
-        flex: 1;
-        background: @bg-elevated;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-md;
-        padding: @space-2 @space-3;
-        color: @text-primary;
-        font-size: @font-size-sm;
-
-        &::placeholder {
-            color: @text-tertiary;
-        }
-
-        &:focus {
-            border-color: @accent-primary;
-            outline: none;
-        }
-    }
-}
-
-.security-warning {
-    margin-top: @space-3;
-    padding: @space-3 @space-4;
-    background: fade(@warning, 10%);
-    border: 1px solid fade(@warning, 25%);
-    border-radius: @radius-md;
-    font-size: @font-size-xs;
-    color: @warning;
-}
-
-.security-notice {
-    margin-top: @space-3;
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-}
-
-.key-rotation-actions {
-    display: flex;
-    align-items: center;
-    gap: @space-4;
-}
-
-.key-rotation-hint {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-}
-
-// Security Alerts
-.alerts-list {
-    display: flex;
-    flex-direction: column;
-    gap: @space-3;
-}
-
-.alert-item {
-    padding: @space-4;
-    background: @bg-elevated;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    border-left: 3px solid @text-tertiary;
-
-    &.severity-critical { border-left-color: @danger; }
-    &.severity-high { border-left-color: @warning; }
-    &.severity-medium { border-left-color: @accent-primary; }
-    &.severity-low { border-left-color: @text-tertiary; }
-}
-
-.alert-item-header {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-    margin-bottom: @space-2;
-
-    .alert-type {
-        flex: 1;
-        font-size: @font-size-sm;
-        font-weight: @font-weight-medium;
-        color: @text-primary;
-        text-transform: capitalize;
-    }
-
-    .alert-time {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-    }
-}
-
-.severity-badge {
-    font-size: @font-size-xs;
-    font-weight: @font-weight-semibold;
-    text-transform: uppercase;
-    padding: 2px @space-2;
-    border-radius: @radius-sm;
-
-    &.critical { background: fade(@danger, 15%); color: @danger; }
-    &.high { background: fade(@warning, 15%); color: @warning; }
-    &.medium { background: fade(@accent-primary-raw, 15%); color: @accent-primary; }
-    &.low { background: @bg-hover; color: @text-tertiary; }
-}
-
-.alert-item-details {
-    display: flex;
-    gap: @space-4;
-    font-size: @font-size-xs;
-    color: @text-secondary;
-    margin-bottom: @space-3;
-}
-
-.alert-item-actions {
-    display: flex;
-    gap: @space-2;
-}
-
-.form-section {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-6;
-    margin-bottom: @space-6;
-
-    h3 {
-        font-size: @font-size-base;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-        margin: 0 0 @space-4;
-    }
-
-    .section-description {
-        color: @text-secondary;
-        font-size: @font-size-sm;
-        margin-bottom: @space-4;
-    }
-
-    &.danger-zone {
-        border-color: @danger-border;
-
-        h3 {
-            color: @danger;
-        }
-    }
-}
-
-.form-row {
-    display: grid;
-    grid-template-columns: repeat(2, 1fr);
-    gap: @space-4;
-
-    @media (max-width: @breakpoint-sm) {
-        grid-template-columns: 1fr;
-    }
-}
-
-// ============================================
-// AGENT REGISTRATION SECTION
-// ============================================
-
-.token-status {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    font-size: @font-size-sm;
-    color: @text-secondary;
-    margin-bottom: @space-5;
-}
-
-.token-status-dot {
-    width: 8px;
-    height: 8px;
-    border-radius: @radius-full;
-    flex-shrink: 0;
-
-    &.active {
-        background: @success;
-        box-shadow: 0 0 6px fade(@success, 40%);
-    }
-}
-
-.install-active {
-    display: flex;
-    flex-direction: column;
-    gap: @space-4;
-}
-
-.install-script-block {
-    background: @bg-elevated;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    overflow: hidden;
-}
-
-.install-script-header {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-    padding: @space-3 @space-4;
-    background: @bg-hover;
-    border-bottom: 1px solid @border-subtle;
-
-    > svg {
-        color: @text-tertiary;
-        flex-shrink: 0;
-    }
-
-    > span {
-        flex: 1;
-        font-size: @font-size-sm;
-        font-weight: @font-weight-medium;
-        color: @text-primary;
-    }
-}
-
-.install-script-code {
-    padding: @space-4 @space-5;
-    margin: 0;
-    font-family: @font-mono;
-    font-size: @font-size-xs;
-    line-height: @line-height-relaxed;
-    color: @text-secondary;
-    background: @bg-body;
-    overflow-x: auto;
-    white-space: pre-wrap;
-    word-break: break-all;
-}
-
-.install-inactive {
-    .section-description {
-        margin-bottom: @space-4;
-    }
-}
-
-// ============================================
-// ADD SERVER MODAL
-// ============================================
-
-.permissions-grid {
-    display: grid;
-    grid-template-columns: repeat(2, 1fr);
-    gap: @space-2;
-
-    @media (max-width: @breakpoint-sm) {
-        grid-template-columns: 1fr;
-    }
-}
-
-.permission-checkbox {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    font-size: @font-size-sm;
-    color: @text-secondary;
-    cursor: pointer;
-
-    input[type="checkbox"] {
-        width: 16px;
-        height: 16px;
-        accent-color: @accent-primary;
-    }
-
-    &:hover {
-        color: @text-primary;
-    }
-}
-
-.install-instructions {
-    padding: @space-6;
-}
-
-.success-banner {
-    display: flex;
-    align-items: flex-start;
-    gap: @space-4;
-    background: @success-bg;
-    border: 1px solid @success-border;
-    color: @success;
-    padding: @space-5;
-    border-radius: @radius-lg;
-    margin-bottom: @space-6;
-
-    svg {
-        flex-shrink: 0;
-        width: 22px;
-        height: 22px;
-        margin-top: 1px;
-    }
-
-    strong {
-        display: block;
-        font-size: @font-size-sm;
-        font-weight: @font-weight-semibold;
-        margin-bottom: @space-1;
-    }
-
-    .success-subtitle {
-        font-size: @font-size-xs;
-        color: @text-secondary;
-        margin: 0;
-        line-height: @line-height-normal;
-    }
-}
-
-.install-tabs {
-    display: flex;
-    flex-direction: column;
-    gap: @space-4;
-}
-
-.install-tab {
-    background: @bg-elevated;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    overflow: hidden;
-}
-
-.install-tab-header {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-    padding: @space-3 @space-4;
-    background: @bg-hover;
-    border-bottom: 1px solid @border-subtle;
-
-    > svg {
-        color: @text-tertiary;
-        flex-shrink: 0;
-    }
-}
-
-.install-tab-title {
-    flex: 1;
-    min-width: 0;
-
-    > span:first-child {
-        display: block;
-        font-size: @font-size-sm;
-        font-weight: @font-weight-medium;
-        color: @text-primary;
-    }
-}
-
-.install-tab-description {
-    display: block;
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-    font-weight: @font-weight-normal;
-    margin-top: 1px;
-}
-
-.install-script {
-    padding: @space-4 @space-5;
-    margin: 0;
-    font-family: @font-mono;
-    font-size: @font-size-xs;
-    line-height: @line-height-relaxed;
-    color: @text-secondary;
-    background: @bg-body;
-    overflow-x: auto;
-    white-space: pre-wrap;
-    word-break: break-all;
-}
-
-.install-info {
-    margin-top: @space-6;
-    padding: @space-5;
-    background: @bg-elevated;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-
-    h4 {
-        font-size: @font-size-sm;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-        margin: 0 0 @space-3;
-    }
-
-    ol {
-        margin: 0 0 @space-4;
-        padding-left: @space-5;
-        color: @text-secondary;
-        font-size: @font-size-sm;
-        line-height: @line-height-relaxed;
-    }
-
-    li {
-        margin-bottom: @space-2;
-    }
-
-    .text-muted {
-        color: @text-tertiary;
-        font-size: @font-size-xs;
-    }
-}
-
-// ============================================
-// MANAGE GROUPS MODAL
-// ============================================
-
-.group-form {
-    display: flex;
-    gap: @space-3;
-    margin-bottom: @space-5;
-
-    input {
-        flex: 1;
-        background: @bg-elevated;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-md;
-        padding: @space-3;
-        color: @text-primary;
-        font-size: @font-size-sm;
-
-        &::placeholder {
-            color: @text-tertiary;
-        }
-
-        &:focus {
-            outline: none;
-            border-color: @accent-primary;
-        }
-    }
-}
-
-.groups-list {
-    display: flex;
-    flex-direction: column;
-    gap: @space-2;
-    max-height: 300px;
-    overflow-y: auto;
-}
-
-.group-item {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-    padding: @space-3;
-    background: @bg-elevated;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-
-    input {
-        flex: 1;
-        background: @bg-card;
-        border: 1px solid @accent-primary;
-        border-radius: @radius-sm;
-        padding: @space-2;
-        color: @text-primary;
-        font-size: @font-size-sm;
-
-        &:focus {
-            outline: none;
-        }
-    }
-
-    .group-name {
-        flex: 1;
-        display: flex;
-        align-items: center;
-        gap: @space-2;
-        font-size: @font-size-sm;
-        color: @text-primary;
-
-        svg {
-            color: @text-tertiary;
-        }
-    }
-
-    .group-count {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-    }
-
-    .group-actions {
-        display: flex;
-        gap: @space-1;
-    }
-}
-
-.empty-groups {
-    text-align: center;
-    padding: @space-6;
-    color: @text-tertiary;
-    font-size: @font-size-sm;
-}
diff --git a/frontend/src/styles/pages/_servers.scss b/frontend/src/styles/pages/_servers.scss
new file mode 100644
index 00000000..e4e16d4e
--- /dev/null
+++ b/frontend/src/styles/pages/_servers.scss
@@ -0,0 +1,1573 @@
+// ============================================
+// SERVERS PAGE
+// ============================================
+
+// Page Layout
+.servers-page {
+    padding: 0;
+}
+
+// Stats Row
+.servers-stats {
+    display: grid;
+    grid-template-columns: repeat(4, 1fr);
+    gap: $space-4;
+    margin-bottom: $space-6;
+
+    @media (max-width: $breakpoint-lg) {
+        grid-template-columns: repeat(2, 1fr);
+    }
+
+    @media (max-width: $breakpoint-sm) {
+        grid-template-columns: 1fr;
+    }
+}
+
+.stat-card {
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    padding: $space-5;
+    display: flex;
+    align-items: center;
+    gap: $space-4;
+}
+
+.stat-icon {
+    width: 48px;
+    height: 48px;
+    border-radius: $radius-md;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+
+    svg {
+        width: 24px;
+        height: 24px;
+    }
+
+    &.total {
+        background: $accent-glow;
+        color: $accent-primary;
+    }
+
+    &.online {
+        background: $success-bg;
+        color: $success;
+    }
+
+    &.offline {
+        background: $danger-bg;
+        color: $danger;
+    }
+
+    &.connecting {
+        background: $warning-bg;
+        color: $warning;
+    }
+}
+
+.stat-content {
+    .stat-value {
+        font-family: $font-mono;
+        font-size: $font-size-2xl;
+        font-weight: $font-weight-bold;
+        color: $text-primary;
+    }
+
+    .stat-label {
+        font-size: $font-size-sm;
+        color: $text-tertiary;
+    }
+}
+
+// Toolbar
+.servers-toolbar {
+    display: flex;
+    gap: $space-4;
+    margin-bottom: $space-6;
+
+    @media (max-width: $breakpoint-sm) {
+        flex-direction: column;
+    }
+}
+
+.search-box {
+    position: relative;
+    flex: 1;
+
+    svg {
+        position: absolute;
+        left: $space-3;
+        top: 50%;
+        transform: translateY(-50%);
+        color: $text-tertiary;
+    }
+
+    input {
+        width: 100%;
+        background: $bg-card;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-md;
+        padding: $space-3 $space-3 $space-3 $space-10;
+        color: $text-primary;
+        font-size: $font-size-sm;
+
+        &::placeholder {
+            color: $text-tertiary;
+        }
+
+        &:focus {
+            outline: none;
+            border-color: $accent-primary;
+        }
+    }
+}
+
+.group-filter {
+    select {
+        background: $bg-card;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-md;
+        padding: $space-3 $space-4;
+        color: $text-primary;
+        font-size: $font-size-sm;
+        min-width: 160px;
+
+        &:focus {
+            outline: none;
+            border-color: $accent-primary;
+        }
+    }
+}
+
+// Servers Grid
+.servers-grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fill, minmax(340px, 1fr));
+    gap: $space-5;
+}
+
+// Server Card
+.server-card {
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    overflow: hidden;
+    transition: border-color $transition-base, box-shadow $transition-base;
+
+    &:hover {
+        border-color: $border-active;
+    }
+
+    &.online {
+        &:hover {
+            border-color: $success;
+            box-shadow: 0 0 0 1px $success-border;
+        }
+    }
+
+    &.offline {
+        opacity: 0.8;
+    }
+}
+
+.server-card-header {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+    padding: $space-4;
+    border-bottom: 1px solid $border-subtle;
+}
+
+.server-status-indicator {
+    width: 10px;
+    height: 10px;
+    border-radius: 50%;
+    flex-shrink: 0;
+}
+
+.server-info {
+    flex: 1;
+    min-width: 0;
+
+    .server-name {
+        font-size: $font-size-base;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin: 0;
+        white-space: nowrap;
+        overflow: hidden;
+        text-overflow: ellipsis;
+    }
+
+    .server-hostname {
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        font-family: $font-mono;
+    }
+}
+
+.server-card-body {
+    padding: $space-4;
+}
+
+.server-meta {
+    display: grid;
+    grid-template-columns: repeat(2, 1fr);
+    gap: $space-3;
+    margin-bottom: $space-4;
+}
+
+.meta-item {
+    display: flex;
+    flex-direction: column;
+    gap: $space-1;
+
+    .meta-label {
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        text-transform: uppercase;
+        letter-spacing: 0.05em;
+    }
+
+    .meta-value {
+        font-size: $font-size-sm;
+        color: $text-secondary;
+    }
+}
+
+// Mini metrics bars
+.server-metrics-mini {
+    display: flex;
+    flex-direction: column;
+    gap: $space-2;
+    margin-bottom: $space-4;
+}
+
+.metric-bar {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+
+    .metric-label {
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        width: 32px;
+    }
+
+    .bar-track {
+        flex: 1;
+        height: 4px;
+        background: $bg-secondary;
+        border-radius: $radius-full;
+        overflow: hidden;
+    }
+
+    .bar-fill {
+        height: 100%;
+        border-radius: $radius-full;
+        transition: width $transition-base;
+
+        &.cpu {
+            background: $accent-primary;
+        }
+
+        &.memory {
+            background: $success;
+        }
+
+        &.disk {
+            background: $warning;
+        }
+    }
+
+    .metric-value {
+        font-size: $font-size-xs;
+        font-family: $font-mono;
+        color: $text-tertiary;
+        width: 32px;
+        text-align: right;
+    }
+}
+
+.server-group-badge {
+    display: inline-flex;
+    align-items: center;
+    gap: $space-1;
+    background: $bg-hover;
+    color: $text-secondary;
+    font-size: $font-size-xs;
+    padding: $space-1 $space-2;
+    border-radius: $radius-sm;
+}
+
+.server-card-footer {
+    display: flex;
+    gap: $space-2;
+    padding: $space-3 $space-4;
+    background: $bg-hover;
+    border-top: 1px solid $border-subtle;
+
+    .btn {
+        flex: 1;
+        justify-content: center;
+    }
+
+    .btn-sm {
+        padding: $space-2 $space-3;
+        font-size: $font-size-xs;
+    }
+}
+
+// Empty state
+.empty-state {
+    text-align: center;
+    padding: $space-16 $space-6;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+
+    .empty-icon {
+        width: 64px;
+        height: 64px;
+        color: $text-tertiary;
+        margin-bottom: $space-4;
+    }
+
+    h3 {
+        font-size: $font-size-lg;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin: 0 0 $space-2;
+    }
+
+    p {
+        color: $text-secondary;
+        margin: 0 0 $space-6;
+    }
+}
+
+// ============================================
+// SERVER DETAIL PAGE
+// ============================================
+
+.server-detail-page {
+    padding: 0;
+}
+
+.page-breadcrumb {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    font-size: $font-size-sm;
+    margin-bottom: $space-3;
+
+    a {
+        color: $text-tertiary;
+        text-decoration: none;
+
+        &:hover {
+            color: $text-primary;
+        }
+    }
+
+    .breadcrumb-separator {
+        color: $text-tertiary;
+    }
+
+    span:last-child {
+        color: $text-secondary;
+    }
+}
+
+.server-title {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+
+    h1 {
+        margin: 0;
+    }
+}
+
+.status-dot {
+    width: 12px;
+    height: 12px;
+    border-radius: 50%;
+
+    &.large {
+        width: 14px;
+        height: 14px;
+    }
+}
+
+.server-detail-tabs {
+    display: flex;
+    gap: $space-1;
+    margin-bottom: $space-6;
+    border-bottom: 1px solid $border-subtle;
+    padding-bottom: 0;
+}
+
+.tab-btn {
+    background: transparent;
+    border: none;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    padding: $space-3 $space-4;
+    cursor: pointer;
+    border-bottom: 2px solid transparent;
+    margin-bottom: -1px;
+    transition: all $transition-base;
+
+    &:hover {
+        color: $text-primary;
+    }
+
+    &.active {
+        color: $text-primary;
+        border-bottom-color: $accent-primary;
+    }
+}
+
+// Overview Tab
+.overview-grid {
+    display: grid;
+    grid-template-columns: repeat(2, 1fr);
+    gap: $space-5;
+
+    @media (max-width: $breakpoint-lg) {
+        grid-template-columns: 1fr;
+    }
+}
+
+.info-card {
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-5;
+
+    h3 {
+        font-size: $font-size-sm;
+        font-weight: $font-weight-semibold;
+        color: $text-tertiary;
+        text-transform: uppercase;
+        letter-spacing: 0.05em;
+        margin: 0 0 $space-4;
+    }
+}
+
+.info-list {
+    display: flex;
+    flex-direction: column;
+    gap: $space-3;
+}
+
+.info-item {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+
+    .info-label {
+        font-size: $font-size-sm;
+        color: $text-tertiary;
+    }
+
+    .info-value {
+        font-size: $font-size-sm;
+        color: $text-primary;
+
+        &.mono {
+            font-family: $font-mono;
+            font-size: $font-size-xs;
+        }
+    }
+}
+
+.status-badge {
+    display: inline-flex;
+    align-items: center;
+    gap: $space-1;
+    padding: $space-1 $space-2;
+    border-radius: $radius-sm;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-medium;
+    text-transform: capitalize;
+
+    &.online {
+        background: $success-bg;
+        color: $success;
+    }
+
+    &.offline {
+        background: $danger-bg;
+        color: $danger;
+    }
+
+    &.connecting {
+        background: $warning-bg;
+        color: $warning;
+    }
+
+    &.pending {
+        background: $bg-secondary;
+        color: $text-tertiary;
+    }
+}
+
+// Resource Meters
+.metrics-card {
+    grid-column: span 2;
+
+    @media (max-width: $breakpoint-lg) {
+        grid-column: span 1;
+    }
+}
+
+.resource-meters {
+    display: grid;
+    grid-template-columns: repeat(3, 1fr);
+    gap: $space-6;
+
+    @media (max-width: $breakpoint-md) {
+        grid-template-columns: 1fr;
+    }
+}
+
+.resource-meter {
+    .resource-header {
+        display: flex;
+        justify-content: space-between;
+        margin-bottom: $space-2;
+
+        .resource-label {
+            font-size: $font-size-sm;
+            color: $text-secondary;
+        }
+
+        .resource-value {
+            font-family: $font-mono;
+            font-size: $font-size-sm;
+            color: $text-primary;
+        }
+    }
+
+    .resource-bar {
+        height: 8px;
+        background: $bg-secondary;
+        border-radius: $radius-full;
+        overflow: hidden;
+
+        .resource-fill {
+            height: 100%;
+            border-radius: $radius-full;
+            transition: width $transition-base;
+        }
+    }
+}
+
+.offline-card {
+    grid-column: span 2;
+
+    @media (max-width: $breakpoint-lg) {
+        grid-column: span 1;
+    }
+}
+
+.offline-message {
+    text-align: center;
+    padding: $space-6;
+
+    svg {
+        color: $text-tertiary;
+        margin-bottom: $space-4;
+    }
+
+    h4 {
+        font-size: $font-size-lg;
+        color: $text-primary;
+        margin: 0 0 $space-2;
+    }
+
+    p {
+        color: $text-secondary;
+        margin: 0;
+    }
+}
+
+.offline-notice {
+    text-align: center;
+    padding: $space-12;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+
+    svg {
+        color: $text-tertiary;
+        margin-bottom: $space-4;
+    }
+
+    h4 {
+        font-size: $font-size-lg;
+        color: $text-primary;
+        margin: 0 0 $space-2;
+    }
+
+    p {
+        color: $text-secondary;
+        margin: 0;
+    }
+}
+
+// Docker Tab
+.docker-tab {
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    overflow: hidden;
+}
+
+.docker-sub-tabs {
+    display: flex;
+    border-bottom: 1px solid $border-subtle;
+    padding: 0 $space-4;
+}
+
+.sub-tab {
+    background: transparent;
+    border: none;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
+    padding: $space-4;
+    cursor: pointer;
+    border-bottom: 2px solid transparent;
+    margin-bottom: -1px;
+
+    &:hover {
+        color: $text-primary;
+    }
+
+    &.active {
+        color: $text-primary;
+        border-bottom-color: $accent-primary;
+    }
+}
+
+.containers-list,
+.images-list {
+    padding: $space-4;
+}
+
+.data-table {
+    width: 100%;
+    border-collapse: collapse;
+
+    th {
+        text-align: left;
+        font-size: $font-size-xs;
+        font-weight: $font-weight-semibold;
+        color: $text-tertiary;
+        text-transform: uppercase;
+        letter-spacing: 0.05em;
+        padding: $space-3;
+        border-bottom: 1px solid $border-subtle;
+    }
+
+    td {
+        padding: $space-3;
+        font-size: $font-size-sm;
+        color: $text-secondary;
+        border-bottom: 1px solid $border-subtle;
+    }
+
+    tr:last-child td {
+        border-bottom: none;
+    }
+
+    .container-name {
+        display: block;
+        color: $text-primary;
+        font-weight: $font-weight-medium;
+    }
+
+    .container-id {
+        display: block;
+        font-family: $font-mono;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+    }
+
+    .mono {
+        font-family: $font-mono;
+        font-size: $font-size-xs;
+    }
+}
+
+.status-pill {
+    display: inline-flex;
+    align-items: center;
+    gap: $space-1;
+    padding: $space-1 $space-2;
+    border-radius: $radius-sm;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-medium;
+
+    &.running {
+        background: $success-bg;
+        color: $success;
+    }
+
+    &.stopped {
+        background: $bg-secondary;
+        color: $text-tertiary;
+    }
+}
+
+.actions-cell {
+    display: flex;
+    gap: $space-1;
+    justify-content: flex-end;
+}
+
+.btn-icon {
+    background: transparent;
+    border: none;
+    color: $text-tertiary;
+    cursor: pointer;
+    padding: $space-2;
+    border-radius: $radius-sm;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+
+    &:hover {
+        color: $text-primary;
+        background: $bg-hover;
+    }
+
+    &.success {
+        color: $success;
+
+        &:hover {
+            background: $success-bg;
+        }
+    }
+
+    &.danger {
+        color: $danger;
+
+        &:hover {
+            background: $danger-bg;
+        }
+    }
+}
+
+.empty-list {
+    text-align: center;
+    padding: $space-8;
+    color: $text-tertiary;
+}
+
+// Metrics Tab
+.metrics-tab {
+    padding: 0;
+}
+
+.metrics-live-stats {
+    margin-top: $space-6;
+}
+
+.live-stat-card {
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-5;
+
+    h4 {
+        font-size: $font-size-xs;
+        font-weight: $font-weight-semibold;
+        color: $text-tertiary;
+        text-transform: uppercase;
+        letter-spacing: 0.05em;
+        margin: 0 0 $space-4;
+    }
+}
+
+.live-stats-grid {
+    display: grid;
+    grid-template-columns: repeat(6, 1fr);
+    gap: $space-4;
+
+    @media (max-width: $breakpoint-lg) {
+        grid-template-columns: repeat(3, 1fr);
+    }
+
+    @media (max-width: $breakpoint-sm) {
+        grid-template-columns: repeat(2, 1fr);
+    }
+}
+
+.live-stat {
+    text-align: center;
+
+    .live-stat-label {
+        display: block;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        margin-bottom: $space-1;
+    }
+
+    .live-stat-value {
+        display: block;
+        font-size: $font-size-md;
+        font-weight: $font-weight-semibold;
+        font-family: $font-mono;
+        color: $text-primary;
+    }
+}
+
+.metrics-grid {
+    display: grid;
+    grid-template-columns: repeat(3, 1fr);
+    gap: $space-5;
+
+    @media (max-width: $breakpoint-lg) {
+        grid-template-columns: repeat(2, 1fr);
+    }
+
+    @media (max-width: $breakpoint-md) {
+        grid-template-columns: 1fr;
+    }
+}
+
+.metric-card {
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-5;
+
+    &.large {
+        display: flex;
+        flex-direction: column;
+        align-items: center;
+    }
+
+    h3 {
+        font-size: $font-size-sm;
+        font-weight: $font-weight-semibold;
+        color: $text-tertiary;
+        text-transform: uppercase;
+        letter-spacing: 0.05em;
+        margin: 0 0 $space-4;
+        text-align: center;
+    }
+}
+
+.metric-gauge {
+    display: flex;
+    justify-content: center;
+    margin-bottom: $space-4;
+}
+
+.circular-gauge {
+    width: 120px;
+    height: 120px;
+
+    .gauge-bg {
+        fill: none;
+        stroke: $bg-secondary;
+        stroke-width: 8;
+    }
+
+    .gauge-fill {
+        fill: none;
+        stroke-width: 8;
+        stroke-linecap: round;
+        transform: rotate(-90deg);
+        transform-origin: center;
+    }
+
+    .gauge-text {
+        font-family: $font-mono;
+        font-size: 20px;
+        font-weight: $font-weight-bold;
+        fill: $text-primary;
+        text-anchor: middle;
+        dominant-baseline: middle;
+    }
+}
+
+.metric-details {
+    width: 100%;
+}
+
+.detail-item {
+    display: flex;
+    justify-content: space-between;
+    padding: $space-2 0;
+    font-size: $font-size-sm;
+    border-top: 1px solid $border-subtle;
+
+    &:first-child {
+        border-top: none;
+    }
+
+    span:first-child {
+        color: $text-tertiary;
+    }
+
+    span:last-child {
+        color: $text-primary;
+        font-family: $font-mono;
+    }
+}
+
+.network-stats,
+.docker-stats {
+    display: flex;
+    flex-direction: column;
+    gap: $space-4;
+}
+
+.net-stat,
+.docker-stat {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+
+    svg {
+        color: $text-tertiary;
+    }
+
+    span:first-of-type {
+        color: $text-tertiary;
+        font-size: $font-size-sm;
+        flex: 1;
+    }
+
+    .value {
+        font-family: $font-mono;
+        font-size: $font-size-sm;
+        color: $text-primary;
+    }
+}
+
+// Settings Tab
+.settings-tab {
+    max-width: none;
+}
+
+.settings-grid {
+    display: grid;
+    grid-template-columns: 1fr 1fr;
+    gap: $space-6;
+    margin-bottom: $space-6;
+    align-items: start;
+
+    @media (max-width: $breakpoint-lg) {
+        grid-template-columns: 1fr;
+    }
+
+    .form-section {
+        margin-bottom: 0;
+    }
+}
+
+.settings-form {
+    margin-bottom: 0;
+    background: transparent;
+    border: none;
+    border-radius: 0;
+    padding: 0;
+
+    .form-section .btn[type="submit"] {
+        margin-top: $space-4;
+    }
+}
+
+.security-grid {
+    display: grid;
+    grid-template-columns: 1fr 1fr;
+    gap: $space-6;
+    margin-bottom: $space-6;
+    align-items: start;
+
+    @media (max-width: $breakpoint-lg) {
+        grid-template-columns: 1fr;
+    }
+
+    .form-section {
+        margin-bottom: 0;
+    }
+}
+
+// Security section styles
+.security-info-bar {
+    display: flex;
+    gap: $space-6;
+    padding: $space-4;
+    background: $bg-elevated;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    margin-bottom: $space-5;
+}
+
+.security-info-item {
+    .security-info-label {
+        display: block;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        margin-bottom: $space-1;
+    }
+
+    .security-info-value {
+        font-size: $font-size-sm;
+        color: $text-primary;
+
+        code {
+            font-family: $font-mono;
+            background: $bg-body;
+            padding: 2px $space-2;
+            border-radius: $radius-sm;
+            font-size: $font-size-xs;
+        }
+    }
+}
+
+.subsection {
+    h4 {
+        font-size: $font-size-sm;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin: 0 0 $space-2;
+    }
+}
+
+.ip-list {
+    margin-bottom: $space-3;
+}
+
+.ip-empty {
+    font-size: $font-size-sm;
+    color: $text-tertiary;
+    padding: $space-4;
+    text-align: center;
+    background: $bg-elevated;
+    border: 1px dashed $border-subtle;
+    border-radius: $radius-md;
+}
+
+.ip-item {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+    padding: $space-2 $space-3;
+    background: $bg-elevated;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    margin-bottom: $space-2;
+
+    code {
+        flex: 1;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
+        color: $text-primary;
+    }
+
+    .badge-success {
+        font-size: $font-size-xs;
+        padding: 2px $space-2;
+        background: $success-bg;
+        color: $success;
+        border-radius: $radius-sm;
+    }
+}
+
+.ip-add-form {
+    display: flex;
+    gap: $space-2;
+
+    input {
+        flex: 1;
+        background: $bg-elevated;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-md;
+        padding: $space-2 $space-3;
+        color: $text-primary;
+        font-size: $font-size-sm;
+
+        &::placeholder {
+            color: $text-tertiary;
+        }
+
+        &:focus {
+            border-color: $accent-primary;
+            outline: none;
+        }
+    }
+}
+
+.security-warning {
+    margin-top: $space-3;
+    padding: $space-3 $space-4;
+    background: fade($warning, 10%);
+    border: 1px solid fade($warning, 25%);
+    border-radius: $radius-md;
+    font-size: $font-size-xs;
+    color: $warning;
+}
+
+.security-notice {
+    margin-top: $space-3;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+}
+
+.key-rotation-actions {
+    display: flex;
+    align-items: center;
+    gap: $space-4;
+}
+
+.key-rotation-hint {
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+}
+
+// Security Alerts
+.alerts-list {
+    display: flex;
+    flex-direction: column;
+    gap: $space-3;
+}
+
+.alert-item {
+    padding: $space-4;
+    background: $bg-elevated;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    border-left: 3px solid $text-tertiary;
+
+    &.severity-critical { border-left-color: $danger; }
+    &.severity-high { border-left-color: $warning; }
+    &.severity-medium { border-left-color: $accent-primary; }
+    &.severity-low { border-left-color: $text-tertiary; }
+}
+
+.alert-item-header {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+    margin-bottom: $space-2;
+
+    .alert-type {
+        flex: 1;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
+        color: $text-primary;
+        text-transform: capitalize;
+    }
+
+    .alert-time {
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+    }
+}
+
+.severity-badge {
+    font-size: $font-size-xs;
+    font-weight: $font-weight-semibold;
+    text-transform: uppercase;
+    padding: 2px $space-2;
+    border-radius: $radius-sm;
+
+    &.critical { background: fade($danger, 15%); color: $danger; }
+    &.high { background: fade($warning, 15%); color: $warning; }
+    &.medium { background: fade($accent-primary-raw, 15%); color: $accent-primary; }
+    &.low { background: $bg-hover; color: $text-tertiary; }
+}
+
+.alert-item-details {
+    display: flex;
+    gap: $space-4;
+    font-size: $font-size-xs;
+    color: $text-secondary;
+    margin-bottom: $space-3;
+}
+
+.alert-item-actions {
+    display: flex;
+    gap: $space-2;
+}
+
+.form-section {
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-6;
+    margin-bottom: $space-6;
+
+    h3 {
+        font-size: $font-size-base;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin: 0 0 $space-4;
+    }
+
+    .section-description {
+        color: $text-secondary;
+        font-size: $font-size-sm;
+        margin-bottom: $space-4;
+    }
+
+    &.danger-zone {
+        border-color: $danger-border;
+
+        h3 {
+            color: $danger;
+        }
+    }
+}
+
+.form-row {
+    display: grid;
+    grid-template-columns: repeat(2, 1fr);
+    gap: $space-4;
+
+    @media (max-width: $breakpoint-sm) {
+        grid-template-columns: 1fr;
+    }
+}
+
+// ============================================
+// AGENT REGISTRATION SECTION
+// ============================================
+
+.token-status {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    font-size: $font-size-sm;
+    color: $text-secondary;
+    margin-bottom: $space-5;
+}
+
+.token-status-dot {
+    width: 8px;
+    height: 8px;
+    border-radius: $radius-full;
+    flex-shrink: 0;
+
+    &.active {
+        background: $success;
+        box-shadow: 0 0 6px fade($success, 40%);
+    }
+}
+
+.install-active {
+    display: flex;
+    flex-direction: column;
+    gap: $space-4;
+}
+
+.install-script-block {
+    background: $bg-elevated;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    overflow: hidden;
+}
+
+.install-script-header {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+    padding: $space-3 $space-4;
+    background: $bg-hover;
+    border-bottom: 1px solid $border-subtle;
+
+    > svg {
+        color: $text-tertiary;
+        flex-shrink: 0;
+    }
+
+    > span {
+        flex: 1;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
+        color: $text-primary;
+    }
+}
+
+.install-script-code {
+    padding: $space-4 $space-5;
+    margin: 0;
+    font-family: $font-mono;
+    font-size: $font-size-xs;
+    line-height: $line-height-relaxed;
+    color: $text-secondary;
+    background: $bg-body;
+    overflow-x: auto;
+    white-space: pre-wrap;
+    word-break: break-all;
+}
+
+.install-inactive {
+    .section-description {
+        margin-bottom: $space-4;
+    }
+}
+
+// ============================================
+// ADD SERVER MODAL
+// ============================================
+
+.permissions-grid {
+    display: grid;
+    grid-template-columns: repeat(2, 1fr);
+    gap: $space-2;
+
+    @media (max-width: $breakpoint-sm) {
+        grid-template-columns: 1fr;
+    }
+}
+
+.permission-checkbox {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    font-size: $font-size-sm;
+    color: $text-secondary;
+    cursor: pointer;
+
+    input[type="checkbox"] {
+        width: 16px;
+        height: 16px;
+        accent-color: $accent-primary;
+    }
+
+    &:hover {
+        color: $text-primary;
+    }
+}
+
+.install-instructions {
+    padding: $space-6;
+}
+
+.success-banner {
+    display: flex;
+    align-items: flex-start;
+    gap: $space-4;
+    background: $success-bg;
+    border: 1px solid $success-border;
+    color: $success;
+    padding: $space-5;
+    border-radius: $radius-lg;
+    margin-bottom: $space-6;
+
+    svg {
+        flex-shrink: 0;
+        width: 22px;
+        height: 22px;
+        margin-top: 1px;
+    }
+
+    strong {
+        display: block;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-semibold;
+        margin-bottom: $space-1;
+    }
+
+    .success-subtitle {
+        font-size: $font-size-xs;
+        color: $text-secondary;
+        margin: 0;
+        line-height: $line-height-normal;
+    }
+}
+
+.install-tabs {
+    display: flex;
+    flex-direction: column;
+    gap: $space-4;
+}
+
+.install-tab {
+    background: $bg-elevated;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    overflow: hidden;
+}
+
+.install-tab-header {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+    padding: $space-3 $space-4;
+    background: $bg-hover;
+    border-bottom: 1px solid $border-subtle;
+
+    > svg {
+        color: $text-tertiary;
+        flex-shrink: 0;
+    }
+}
+
+.install-tab-title {
+    flex: 1;
+    min-width: 0;
+
+    > span:first-child {
+        display: block;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
+        color: $text-primary;
+    }
+}
+
+.install-tab-description {
+    display: block;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+    font-weight: $font-weight-normal;
+    margin-top: 1px;
+}
+
+.install-script {
+    padding: $space-4 $space-5;
+    margin: 0;
+    font-family: $font-mono;
+    font-size: $font-size-xs;
+    line-height: $line-height-relaxed;
+    color: $text-secondary;
+    background: $bg-body;
+    overflow-x: auto;
+    white-space: pre-wrap;
+    word-break: break-all;
+}
+
+.install-info {
+    margin-top: $space-6;
+    padding: $space-5;
+    background: $bg-elevated;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+
+    h4 {
+        font-size: $font-size-sm;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin: 0 0 $space-3;
+    }
+
+    ol {
+        margin: 0 0 $space-4;
+        padding-left: $space-5;
+        color: $text-secondary;
+        font-size: $font-size-sm;
+        line-height: $line-height-relaxed;
+    }
+
+    li {
+        margin-bottom: $space-2;
+    }
+
+    .text-muted {
+        color: $text-tertiary;
+        font-size: $font-size-xs;
+    }
+}
+
+// ============================================
+// MANAGE GROUPS MODAL
+// ============================================
+
+.group-form {
+    display: flex;
+    gap: $space-3;
+    margin-bottom: $space-5;
+
+    input {
+        flex: 1;
+        background: $bg-elevated;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-md;
+        padding: $space-3;
+        color: $text-primary;
+        font-size: $font-size-sm;
+
+        &::placeholder {
+            color: $text-tertiary;
+        }
+
+        &:focus {
+            outline: none;
+            border-color: $accent-primary;
+        }
+    }
+}
+
+.groups-list {
+    display: flex;
+    flex-direction: column;
+    gap: $space-2;
+    max-height: 300px;
+    overflow-y: auto;
+}
+
+.group-item {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+    padding: $space-3;
+    background: $bg-elevated;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+
+    input {
+        flex: 1;
+        background: $bg-card;
+        border: 1px solid $accent-primary;
+        border-radius: $radius-sm;
+        padding: $space-2;
+        color: $text-primary;
+        font-size: $font-size-sm;
+
+        &:focus {
+            outline: none;
+        }
+    }
+
+    .group-name {
+        flex: 1;
+        display: flex;
+        align-items: center;
+        gap: $space-2;
+        font-size: $font-size-sm;
+        color: $text-primary;
+
+        svg {
+            color: $text-tertiary;
+        }
+    }
+
+    .group-count {
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+    }
+
+    .group-actions {
+        display: flex;
+        gap: $space-1;
+    }
+}
+
+.empty-groups {
+    text-align: center;
+    padding: $space-6;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
+}
diff --git a/frontend/src/styles/pages/_service-detail.less b/frontend/src/styles/pages/_service-detail.scss
similarity index 50%
rename from frontend/src/styles/pages/_service-detail.less
rename to frontend/src/styles/pages/_service-detail.scss
index ef33c8f2..db227384 100644
--- a/frontend/src/styles/pages/_service-detail.less
+++ b/frontend/src/styles/pages/_service-detail.scss
@@ -7,27 +7,27 @@
     &__breadcrumb {
         display: flex;
         align-items: center;
-        gap: @space-2;
-        margin-bottom: @space-5;
-        font-size: @font-size-sm;
+        gap: $space-2;
+        margin-bottom: $space-5;
+        font-size: $font-size-sm;
 
         a {
-            color: @text-tertiary;
+            color: $text-tertiary;
             text-decoration: none;
 
             &:hover {
-                color: @text-primary;
+                color: $text-primary;
             }
         }
     }
 
     &__breadcrumb-sep {
-        color: @text-tertiary;
+        color: $text-tertiary;
     }
 
     &__breadcrumb-current {
-        color: @text-secondary;
-        font-weight: @font-weight-medium;
+        color: $text-secondary;
+        font-weight: $font-weight-medium;
     }
 
     // Header
@@ -35,21 +35,21 @@
         display: flex;
         justify-content: space-between;
         align-items: flex-start;
-        gap: @space-4;
-        margin-bottom: @space-4;
+        gap: $space-4;
+        margin-bottom: $space-4;
     }
 
     &__header-left {
         display: flex;
         align-items: flex-start;
-        gap: @space-4;
+        gap: $space-4;
         min-width: 0;
     }
 
     &__icon {
         width: 48px;
         height: 48px;
-        border-radius: @radius-xl;
+        border-radius: $radius-xl;
         display: flex;
         align-items: center;
         justify-content: center;
@@ -63,13 +63,13 @@
     &__title-row {
         display: flex;
         align-items: center;
-        gap: @space-3;
+        gap: $space-3;
         flex-wrap: wrap;
 
         h1 {
-            font-size: @font-size-2xl;
-            font-weight: @font-weight-bold;
-            color: @text-primary;
+            font-size: $font-size-2xl;
+            font-weight: $font-weight-bold;
+            color: $text-primary;
             margin: 0;
             white-space: nowrap;
         }
@@ -78,31 +78,31 @@
     &__status {
         display: inline-flex;
         align-items: center;
-        gap: @space-1;
-        font-size: @font-size-sm;
-        font-weight: @font-weight-medium;
-        padding: 2px @space-3;
-        border-radius: @radius-full;
+        gap: $space-1;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
+        padding: 2px $space-3;
+        border-radius: $radius-full;
 
         &--live {
-            color: @success;
-            background: @success-bg;
+            color: $success;
+            background: $success-bg;
         }
 
         &--stopped {
-            color: @text-tertiary;
-            background: @bg-secondary;
+            color: $text-tertiary;
+            background: $bg-secondary;
         }
 
         &--deploying,
         &--building {
-            color: @warning;
-            background: @warning-bg;
+            color: $warning;
+            background: $warning-bg;
         }
 
         &--failed {
-            color: @danger;
-            background: @danger-bg;
+            color: $danger;
+            background: $danger-bg;
         }
     }
 
@@ -123,35 +123,35 @@
     }
 
     &__type-badge {
-        font-size: @font-size-xs;
-        font-weight: @font-weight-medium;
-        padding: 2px @space-2;
-        border-radius: @radius-full;
+        font-size: $font-size-xs;
+        font-weight: $font-weight-medium;
+        padding: 2px $space-2;
+        border-radius: $radius-full;
         border: 1px solid;
     }
 
     &__subtitle {
         display: flex;
         align-items: center;
-        gap: @space-2;
-        margin-top: @space-1;
-        font-size: @font-size-sm;
-        color: @text-tertiary;
+        gap: $space-2;
+        margin-top: $space-1;
+        font-size: $font-size-sm;
+        color: $text-tertiary;
 
         .mono {
-            font-family: @font-mono;
+            font-family: $font-mono;
         }
     }
 
     &__sep {
-        color: @text-tertiary;
+        color: $text-tertiary;
     }
 
     // Header Actions
     &__header-actions {
         display: flex;
         align-items: center;
-        gap: @space-2;
+        gap: $space-2;
         flex-shrink: 0;
     }
 
@@ -164,13 +164,13 @@
         position: absolute;
         top: calc(100% + 4px);
         left: 0;
-        background: @bg-elevated;
-        border: 1px solid @border-default;
-        border-radius: @radius-lg;
-        padding: @space-1;
+        background: $bg-elevated;
+        border: 1px solid $border-default;
+        border-radius: $radius-lg;
+        padding: $space-1;
         min-width: 200px;
-        z-index: @z-dropdown;
-        box-shadow: @shadow-lg;
+        z-index: $z-dropdown;
+        box-shadow: $shadow-lg;
 
         &--right {
             left: auto;
@@ -180,20 +180,20 @@
         button, a {
             display: flex;
             align-items: center;
-            gap: @space-2;
+            gap: $space-2;
             width: 100%;
-            padding: @space-2 @space-3;
+            padding: $space-2 $space-3;
             background: none;
             border: none;
-            color: @text-secondary;
-            font-size: @font-size-sm;
+            color: $text-secondary;
+            font-size: $font-size-sm;
             cursor: pointer;
-            border-radius: @radius-md;
+            border-radius: $radius-md;
             text-decoration: none;
 
             &:hover {
-                background: @bg-hover;
-                color: @text-primary;
+                background: $bg-hover;
+                color: $text-primary;
             }
 
             &:disabled {
@@ -205,83 +205,83 @@
 
     &__dropdown-divider {
         height: 1px;
-        background: @border-subtle;
-        margin: @space-1 0;
+        background: $border-subtle;
+        margin: $space-1 0;
     }
 
     &__dropdown-danger {
-        color: @danger !important;
+        color: $danger !important;
 
         &:hover {
-            background: @danger-bg !important;
-            color: @danger !important;
+            background: $danger-bg !important;
+            color: $danger !important;
         }
     }
 
     // Repo Bar
     &__repo-bar {
-        margin-bottom: @space-5;
+        margin-bottom: $space-5;
     }
 
     &__repo-pill {
         display: inline-flex;
         align-items: center;
-        gap: @space-2;
-        padding: @space-2 @space-3;
-        background: @bg-card;
-        border: 1px solid @border-default;
-        border-radius: @radius-full;
-        font-size: @font-size-sm;
-        color: @text-secondary;
+        gap: $space-2;
+        padding: $space-2 $space-3;
+        background: $bg-card;
+        border: 1px solid $border-default;
+        border-radius: $radius-full;
+        font-size: $font-size-sm;
+        color: $text-secondary;
         cursor: pointer;
-        transition: border-color @transition-fast;
+        transition: border-color $transition-fast;
 
         &:hover {
-            border-color: @accent-primary;
+            border-color: $accent-primary;
         }
     }
 
     &__repo-url {
-        font-family: @font-mono;
-        font-size: @font-size-xs;
+        font-family: $font-mono;
+        font-size: $font-size-xs;
     }
 
     &__repo-arrow {
-        color: @text-tertiary;
+        color: $text-tertiary;
     }
 
     &__repo-branch {
-        font-family: @font-mono;
-        font-size: @font-size-xs;
-        color: @accent-primary;
-        font-weight: @font-weight-medium;
+        font-family: $font-mono;
+        font-size: $font-size-xs;
+        color: $accent-primary;
+        font-weight: $font-weight-medium;
     }
 
     &__auto-deploy-badge {
-        font-size: @font-size-xs;
-        padding: 0 @space-1;
-        background: @success-bg;
-        color: @success;
-        border-radius: @radius-sm;
-        font-weight: @font-weight-medium;
+        font-size: $font-size-xs;
+        padding: 0 $space-1;
+        background: $success-bg;
+        color: $success;
+        border-radius: $radius-sm;
+        font-weight: $font-weight-medium;
     }
 
     &__connect-repo {
         display: inline-flex;
         align-items: center;
-        gap: @space-2;
-        padding: @space-2 @space-3;
+        gap: $space-2;
+        padding: $space-2 $space-3;
         background: none;
-        border: 1px dashed @border-default;
-        border-radius: @radius-full;
-        font-size: @font-size-sm;
-        color: @text-tertiary;
+        border: 1px dashed $border-default;
+        border-radius: $radius-full;
+        font-size: $font-size-sm;
+        color: $text-tertiary;
         cursor: pointer;
-        transition: all @transition-fast;
+        transition: all $transition-fast;
 
         &:hover {
-            border-color: @accent-primary;
-            color: @accent-primary;
+            border-color: $accent-primary;
+            color: $accent-primary;
         }
     }
 
@@ -289,30 +289,30 @@
     &__tabs {
         display: flex;
         gap: 0;
-        border-bottom: 1px solid @border-default;
-        margin-bottom: @space-6;
+        border-bottom: 1px solid $border-default;
+        margin-bottom: $space-6;
         overflow-x: auto;
     }
 
     &__tab {
-        padding: @space-3 @space-4;
+        padding: $space-3 $space-4;
         background: none;
         border: none;
         border-bottom: 2px solid transparent;
-        color: @text-tertiary;
-        font-size: @font-size-sm;
-        font-weight: @font-weight-medium;
+        color: $text-tertiary;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
         cursor: pointer;
         white-space: nowrap;
-        transition: all @transition-fast;
+        transition: all $transition-fast;
 
         &:hover {
-            color: @text-secondary;
+            color: $text-secondary;
         }
 
         &--active {
-            color: @text-primary;
-            border-bottom-color: @accent-primary;
+            color: $text-primary;
+            border-bottom-color: $accent-primary;
         }
     }
 
@@ -332,11 +332,11 @@
         display: flex;
         justify-content: space-between;
         align-items: center;
-        margin-bottom: @space-5;
+        margin-bottom: $space-5;
 
         h3 {
             margin: 0;
-            color: @text-primary;
+            color: $text-primary;
         }
     }
 
@@ -347,24 +347,24 @@
 
     &__event {
         display: flex;
-        gap: @space-4;
-        padding: @space-4;
-        border: 1px solid @border-default;
-        border-radius: @radius-lg;
-        background: @bg-card;
+        gap: $space-4;
+        padding: $space-4;
+        border: 1px solid $border-default;
+        border-radius: $radius-lg;
+        background: $bg-card;
         cursor: pointer;
-        transition: background @transition-fast;
+        transition: background $transition-fast;
 
         & + & {
-            margin-top: @space-2;
+            margin-top: $space-2;
         }
 
         &:hover {
-            background: @bg-hover;
+            background: $bg-hover;
         }
 
         &--expanded {
-            background: @bg-elevated;
+            background: $bg-elevated;
         }
     }
 
@@ -385,28 +385,28 @@
         display: flex;
         justify-content: space-between;
         align-items: flex-start;
-        gap: @space-3;
+        gap: $space-3;
     }
 
     &__event-commit {
         display: flex;
         align-items: center;
-        gap: @space-2;
+        gap: $space-2;
     }
 
     &__event-sha {
-        font-family: @font-mono;
-        font-size: @font-size-xs;
-        color: @accent-primary;
-        background: @accent-glow;
-        padding: 1px @space-2;
-        border-radius: @radius-sm;
+        font-family: $font-mono;
+        font-size: $font-size-xs;
+        color: $accent-primary;
+        background: $accent-glow;
+        padding: 1px $space-2;
+        border-radius: $radius-sm;
     }
 
     &__event-message {
-        font-size: @font-size-sm;
-        color: @text-primary;
-        font-weight: @font-weight-medium;
+        font-size: $font-size-sm;
+        color: $text-primary;
+        font-weight: $font-weight-medium;
         white-space: nowrap;
         overflow: hidden;
         text-overflow: ellipsis;
@@ -415,32 +415,32 @@
     &__event-meta {
         display: flex;
         align-items: center;
-        gap: @space-3;
-        margin-top: @space-1;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        gap: $space-3;
+        margin-top: $space-1;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
     }
 
     &__event-badge {
-        font-size: @font-size-xs;
-        font-weight: @font-weight-medium;
-        padding: 1px @space-2;
-        border-radius: @radius-sm;
+        font-size: $font-size-xs;
+        font-weight: $font-weight-medium;
+        padding: 1px $space-2;
+        border-radius: $radius-sm;
     }
 
     &__event-logs {
-        margin-top: @space-3;
-        padding: @space-3;
-        background: @bg-body;
-        border-radius: @radius-md;
+        margin-top: $space-3;
+        padding: $space-3;
+        background: $bg-body;
+        border-radius: $radius-md;
         max-height: 300px;
         overflow-y: auto;
 
         pre {
             margin: 0;
-            font-family: @font-mono;
-            font-size: @font-size-xs;
-            color: @text-secondary;
+            font-family: $font-mono;
+            font-size: $font-size-xs;
+            color: $text-secondary;
             white-space: pre-wrap;
             word-break: break-all;
         }
@@ -448,12 +448,12 @@
 
     &__empty {
         text-align: center;
-        padding: @space-12 @space-8;
-        color: @text-tertiary;
+        padding: $space-12 $space-8;
+        color: $text-tertiary;
 
         h3 {
-            color: @text-secondary;
-            margin-bottom: @space-2;
+            color: $text-secondary;
+            margin-bottom: $space-2;
         }
     }
 }
@@ -461,8 +461,8 @@
 // Shell Tab
 .shell-tab {
     &__container {
-        border: 1px solid @border-default;
-        border-radius: @radius-lg;
+        border: 1px solid $border-default;
+        border-radius: $radius-lg;
         overflow: hidden;
     }
 
@@ -470,17 +470,17 @@
         display: flex;
         justify-content: space-between;
         align-items: center;
-        padding: @space-3 @space-4;
-        background: @bg-elevated;
-        border-bottom: 1px solid @border-default;
+        padding: $space-3 $space-4;
+        background: $bg-elevated;
+        border-bottom: 1px solid $border-default;
     }
 
     &__terminal {
         background: #0d1117;
-        padding: @space-4;
+        padding: $space-4;
         min-height: 400px;
-        font-family: @font-mono;
-        font-size: @font-size-sm;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
         color: #e6edf3;
         overflow-y: auto;
         max-height: 600px;
@@ -503,16 +503,16 @@
     &__input-row {
         display: flex;
         align-items: center;
-        gap: @space-2;
-        padding: @space-3 @space-4;
-        background: @bg-card;
-        border-top: 1px solid @border-default;
+        gap: $space-2;
+        padding: $space-3 $space-4;
+        background: $bg-card;
+        border-top: 1px solid $border-default;
     }
 
     &__prompt {
-        color: @accent-primary;
-        font-family: @font-mono;
-        font-size: @font-size-sm;
+        color: $accent-primary;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
         flex-shrink: 0;
     }
 
@@ -520,9 +520,9 @@
         flex: 1;
         background: none;
         border: none;
-        color: @text-primary;
-        font-family: @font-mono;
-        font-size: @font-size-sm;
+        color: $text-primary;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
         outline: none;
     }
 }
@@ -532,52 +532,52 @@
     &__grid {
         display: grid;
         grid-template-columns: repeat(auto-fill, minmax(300px, 1fr));
-        gap: @space-4;
+        gap: $space-4;
     }
 
     &__card {
-        background: @bg-card;
-        border: 1px solid @border-default;
-        border-radius: @radius-lg;
-        padding: @space-5;
+        background: $bg-card;
+        border: 1px solid $border-default;
+        border-radius: $radius-lg;
+        padding: $space-5;
     }
 
     &__card-header {
         display: flex;
         justify-content: space-between;
         align-items: center;
-        margin-bottom: @space-3;
+        margin-bottom: $space-3;
 
         h4 {
             margin: 0;
-            color: @text-primary;
-            font-size: @font-size-base;
+            color: $text-primary;
+            font-size: $font-size-base;
         }
 
         span {
-            font-size: @font-size-xl;
-            font-weight: @font-weight-bold;
-            color: @text-primary;
+            font-size: $font-size-xl;
+            font-weight: $font-weight-bold;
+            color: $text-primary;
         }
     }
 
     &__bar {
         height: 8px;
-        background: @bg-secondary;
-        border-radius: @radius-full;
+        background: $bg-secondary;
+        border-radius: $radius-full;
         overflow: hidden;
     }
 
     &__bar-fill {
         height: 100%;
-        border-radius: @radius-full;
-        transition: width @transition-slow;
+        border-radius: $radius-full;
+        transition: width $transition-slow;
     }
 
     &__info {
-        margin-top: @space-2;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        margin-top: $space-2;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
     }
 }
 
@@ -586,36 +586,36 @@
     &__form {
         display: flex;
         flex-direction: column;
-        gap: @space-4;
+        gap: $space-4;
     }
 
     &__field {
         label {
             display: block;
-            font-size: @font-size-sm;
-            font-weight: @font-weight-medium;
-            color: @text-secondary;
-            margin-bottom: @space-1;
+            font-size: $font-size-sm;
+            font-weight: $font-weight-medium;
+            color: $text-secondary;
+            margin-bottom: $space-1;
         }
 
         input, select, textarea {
             width: 100%;
-            padding: @space-2 @space-3;
-            background: @bg-card;
-            border: 1px solid @border-default;
-            border-radius: @radius-md;
-            color: @text-primary;
-            font-size: @font-size-sm;
+            padding: $space-2 $space-3;
+            background: $bg-card;
+            border: 1px solid $border-default;
+            border-radius: $radius-md;
+            color: $text-primary;
+            font-size: $font-size-sm;
 
             &:focus {
                 outline: none;
-                border-color: @accent-primary;
+                border-color: $accent-primary;
             }
         }
 
         textarea {
-            font-family: @font-mono;
-            font-size: @font-size-xs;
+            font-family: $font-mono;
+            font-size: $font-size-xs;
             min-height: 80px;
             resize: vertical;
         }
@@ -625,20 +625,20 @@
         display: flex;
         align-items: center;
         justify-content: space-between;
-        padding: @space-3;
-        background: @bg-card;
-        border: 1px solid @border-default;
-        border-radius: @radius-md;
+        padding: $space-3;
+        background: $bg-card;
+        border: 1px solid $border-default;
+        border-radius: $radius-md;
     }
 
     &__toggle-label {
-        font-size: @font-size-sm;
-        color: @text-secondary;
+        font-size: $font-size-sm;
+        color: $text-secondary;
 
         span {
             display: block;
-            font-size: @font-size-xs;
-            color: @text-tertiary;
+            font-size: $font-size-xs;
+            color: $text-tertiary;
             margin-top: 2px;
         }
     }
@@ -646,29 +646,29 @@
     &__actions {
         display: flex;
         justify-content: flex-end;
-        gap: @space-2;
-        margin-top: @space-4;
-        padding-top: @space-4;
-        border-top: 1px solid @border-subtle;
+        gap: $space-2;
+        margin-top: $space-4;
+        padding-top: $space-4;
+        border-top: 1px solid $border-subtle;
     }
 }
 
 // Settings Tab within service detail
 .svc-settings {
     &__section {
-        margin-bottom: @space-6;
+        margin-bottom: $space-6;
     }
 
     &__section-title {
-        font-size: @font-size-md;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-        margin-bottom: @space-4;
+        font-size: $font-size-md;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin-bottom: $space-4;
     }
 }
 
 // Icon-only button
 .btn-icon {
-    padding: @space-2 !important;
+    padding: $space-2 !important;
     min-width: auto !important;
 }
diff --git a/frontend/src/styles/pages/_services.less b/frontend/src/styles/pages/_services.scss
similarity index 56%
rename from frontend/src/styles/pages/_services.less
rename to frontend/src/styles/pages/_services.scss
index 4ea17ace..0aaca24c 100644
--- a/frontend/src/styles/pages/_services.less
+++ b/frontend/src/styles/pages/_services.scss
@@ -7,45 +7,45 @@
         display: flex;
         justify-content: space-between;
         align-items: flex-start;
-        margin-bottom: @space-6;
+        margin-bottom: $space-6;
 
         h1 {
-            font-size: @font-size-2xl;
-            font-weight: @font-weight-bold;
-            color: @text-primary;
+            font-size: $font-size-2xl;
+            font-weight: $font-weight-bold;
+            color: $text-primary;
             margin: 0;
         }
     }
 
     &__subtitle {
-        color: @text-tertiary;
-        font-size: @font-size-sm;
-        margin-top: @space-1;
+        color: $text-tertiary;
+        font-size: $font-size-sm;
+        margin-top: $space-1;
     }
 
     &__filters {
         display: flex;
-        gap: @space-3;
-        margin-bottom: @space-5;
+        gap: $space-3;
+        margin-bottom: $space-5;
     }
 
     &__search {
         flex: 1;
         display: flex;
         align-items: center;
-        gap: @space-2;
-        background: @bg-card;
-        border: 1px solid @border-default;
-        border-radius: @radius-lg;
-        padding: 0 @space-3;
-        transition: border-color @transition-fast;
+        gap: $space-2;
+        background: $bg-card;
+        border: 1px solid $border-default;
+        border-radius: $radius-lg;
+        padding: 0 $space-3;
+        transition: border-color $transition-fast;
 
         &:focus-within {
-            border-color: @accent-primary;
+            border-color: $accent-primary;
         }
 
         svg {
-            color: @text-tertiary;
+            color: $text-tertiary;
             flex-shrink: 0;
         }
 
@@ -53,38 +53,38 @@
             flex: 1;
             background: none;
             border: none;
-            padding: @space-2 0;
-            color: @text-primary;
-            font-size: @font-size-sm;
+            padding: $space-2 0;
+            color: $text-primary;
+            font-size: $font-size-sm;
             outline: none;
 
             &::placeholder {
-                color: @text-tertiary;
+                color: $text-tertiary;
             }
         }
     }
 
     &__filter-select {
-        background: @bg-card;
-        border: 1px solid @border-default;
-        border-radius: @radius-lg;
-        padding: @space-2 @space-3;
-        color: @text-secondary;
-        font-size: @font-size-sm;
+        background: $bg-card;
+        border: 1px solid $border-default;
+        border-radius: $radius-lg;
+        padding: $space-2 $space-3;
+        color: $text-secondary;
+        font-size: $font-size-sm;
         outline: none;
         cursor: pointer;
         min-width: 120px;
 
         &:focus {
-            border-color: @accent-primary;
+            border-color: $accent-primary;
         }
     }
 
     &__list {
         display: flex;
         flex-direction: column;
-        border: 1px solid @border-default;
-        border-radius: @radius-lg;
+        border: 1px solid $border-default;
+        border-radius: $radius-lg;
         overflow: hidden;
     }
 
@@ -92,24 +92,24 @@
         display: flex;
         align-items: center;
         justify-content: space-between;
-        padding: @space-4 @space-5;
-        background: @bg-card;
+        padding: $space-4 $space-5;
+        background: $bg-card;
         cursor: pointer;
-        transition: background @transition-fast;
+        transition: background $transition-fast;
 
         &:hover {
-            background: @bg-hover;
+            background: $bg-hover;
         }
 
         & + & {
-            border-top: 1px solid @border-subtle;
+            border-top: 1px solid $border-subtle;
         }
     }
 
     &__row-main {
         display: flex;
         align-items: center;
-        gap: @space-3;
+        gap: $space-3;
         min-width: 0;
         flex: 1;
     }
@@ -117,7 +117,7 @@
     &__type-icon {
         width: 36px;
         height: 36px;
-        border-radius: @radius-lg;
+        border-radius: $radius-lg;
         display: flex;
         align-items: center;
         justify-content: center;
@@ -129,9 +129,9 @@
     }
 
     &__row-name {
-        font-weight: @font-weight-medium;
-        color: @text-primary;
-        font-size: @font-size-base;
+        font-weight: $font-weight-medium;
+        color: $text-primary;
+        font-size: $font-size-base;
         white-space: nowrap;
         overflow: hidden;
         text-overflow: ellipsis;
@@ -140,55 +140,55 @@
     &__row-meta {
         display: flex;
         align-items: center;
-        gap: @space-2;
+        gap: $space-2;
         margin-top: 2px;
     }
 
     &__type-badge {
-        font-size: @font-size-xs;
-        font-weight: @font-weight-medium;
-        padding: 1px @space-2;
-        border-radius: @radius-full;
+        font-size: $font-size-xs;
+        font-weight: $font-weight-medium;
+        padding: 1px $space-2;
+        border-radius: $radius-full;
         border: 1px solid;
         line-height: 1.4;
     }
 
     &__domain {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-        font-family: @font-mono;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        font-family: $font-mono;
     }
 
     &__row-right {
         display: flex;
         align-items: center;
-        gap: @space-4;
+        gap: $space-4;
         flex-shrink: 0;
     }
 
     &__status {
         display: flex;
         align-items: center;
-        gap: @space-2;
-        font-size: @font-size-sm;
-        font-weight: @font-weight-medium;
+        gap: $space-2;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
         white-space: nowrap;
 
         &--live {
-            color: @success;
+            color: $success;
         }
 
         &--stopped {
-            color: @text-tertiary;
+            color: $text-tertiary;
         }
 
         &--deploying,
         &--building {
-            color: @warning;
+            color: $warning;
         }
 
         &--failed {
-            color: @danger;
+            color: $danger;
         }
     }
 
@@ -212,13 +212,13 @@
     &__repo-pill {
         display: flex;
         align-items: center;
-        gap: @space-1;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-        background: @bg-secondary;
-        padding: 2px @space-2;
-        border-radius: @radius-full;
-        font-family: @font-mono;
+        gap: $space-1;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        background: $bg-secondary;
+        padding: 2px $space-2;
+        border-radius: $radius-full;
+        font-family: $font-mono;
         max-width: 180px;
         overflow: hidden;
         text-overflow: ellipsis;
@@ -230,33 +230,33 @@
     }
 
     &__last-deploy {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
         white-space: nowrap;
     }
 
     &__actions {
         display: flex;
-        gap: @space-1;
+        gap: $space-1;
     }
 
     &__empty {
         text-align: center;
-        padding: @space-16 @space-8;
+        padding: $space-16 $space-8;
 
         h3 {
-            color: @text-primary;
-            margin: @space-4 0 @space-2;
+            color: $text-primary;
+            margin: $space-4 0 $space-2;
         }
 
         p {
-            color: @text-tertiary;
-            margin-bottom: @space-5;
+            color: $text-tertiary;
+            margin-bottom: $space-5;
         }
     }
 
     &__empty-icon {
-        color: @text-tertiary;
+        color: $text-tertiary;
         opacity: 0.5;
     }
 }
diff --git a/frontend/src/styles/pages/_settings.less b/frontend/src/styles/pages/_settings.less
deleted file mode 100644
index ef920641..00000000
--- a/frontend/src/styles/pages/_settings.less
+++ /dev/null
@@ -1,1497 +0,0 @@
-// ============================================
-// SETTINGS PAGE STYLES
-// ============================================
-
-.settings-page {
-    .page-header {
-        margin-bottom: @space-6;
-
-        h1 {
-            font-size: @font-size-2xl;
-            font-weight: @font-weight-semibold;
-            margin: 0 0 @space-1 0;
-        }
-
-        .page-subtitle {
-            color: @text-secondary;
-            margin: 0;
-        }
-    }
-}
-
-.settings-layout {
-    display: grid;
-    grid-template-columns: 240px 1fr;
-    gap: @space-6;
-    min-height: calc(100vh - 200px);
-
-    @media (max-width: @breakpoint-lg) {
-        grid-template-columns: 1fr;
-    }
-}
-
-// Settings Navigation
-.settings-nav {
-    display: flex;
-    flex-direction: column;
-    gap: @space-1;
-    position: sticky;
-    top: @space-6;
-    max-height: calc(100vh - @space-12);
-    overflow-y: auto;
-
-    // Custom scrollbar for nav
-    &::-webkit-scrollbar {
-        width: 4px;
-    }
-
-    &::-webkit-scrollbar-track {
-        background: transparent;
-    }
-
-    &::-webkit-scrollbar-thumb {
-        background: @border-active;
-        border-radius: @radius-full;
-    }
-
-    @media (max-width: @breakpoint-lg) {
-        flex-direction: row;
-        flex-wrap: wrap;
-        position: static;
-        max-height: none;
-        overflow-y: visible;
-        background: @bg-card;
-        padding: @space-2;
-        border-radius: @radius-lg;
-    }
-}
-
-.settings-nav-item {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-    padding: @space-3 @space-4;
-    background: transparent;
-    border: none;
-    border-radius: @radius-md;
-    color: @text-secondary;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    cursor: pointer;
-    transition: all @transition-fast;
-    text-align: left;
-    width: 100%;
-
-    svg {
-        width: 18px;
-        height: 18px;
-        stroke: currentColor;
-        fill: none;
-        stroke-width: 2;
-        flex-shrink: 0;
-    }
-
-    &:hover {
-        background: @bg-hover;
-        color: @text-primary;
-    }
-
-    &.active {
-        background: @accent-primary;
-        color: white;
-
-        svg {
-            stroke: white;
-        }
-    }
-
-    @media (max-width: @breakpoint-lg) {
-        width: auto;
-        padding: @space-2 @space-3;
-    }
-}
-
-// Settings Content Area
-.settings-content {
-    min-width: 0;
-}
-
-// Settings Section
-.settings-section {
-    display: flex;
-    flex-direction: column;
-    gap: @space-5;
-
-    .section-header {
-        margin-bottom: @space-2;
-
-        h2 {
-            font-size: @font-size-lg;
-            font-weight: @font-weight-semibold;
-            margin: 0 0 @space-1 0;
-        }
-
-        p {
-            color: @text-secondary;
-            margin: 0;
-            font-size: @font-size-sm;
-        }
-    }
-
-    h3 {
-        font-size: @font-size-base;
-        font-weight: @font-weight-semibold;
-        margin: 0 0 @space-3 0;
-        color: @text-primary;
-    }
-}
-
-// Settings Cards
-.settings-card {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-5;
-
-    h3 {
-        margin-bottom: @space-2;
-    }
-
-    > p {
-        color: @text-secondary;
-        font-size: @font-size-sm;
-        margin: 0 0 @space-4 0;
-    }
-}
-
-// Settings Form
-.settings-form {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-5;
-
-    .form-group {
-        margin-bottom: @space-4;
-
-        &:last-of-type {
-            margin-bottom: 0;
-        }
-
-        label {
-            display: block;
-            font-size: @font-size-sm;
-            font-weight: @font-weight-medium;
-            color: @text-secondary;
-            margin-bottom: @space-2;
-        }
-
-        input:not([type="checkbox"]):not([type="radio"]), select, textarea {
-            width: 100%;
-            padding: @space-3;
-            background: @bg-hover;
-            border: 1px solid @border-subtle;
-            border-radius: @radius-md;
-            color: @text-primary;
-            font-size: @font-size-sm;
-            transition: border-color @transition-fast;
-
-            &:focus {
-                outline: none;
-                border-color: @accent-primary;
-            }
-
-            &:disabled,
-            &.input-disabled {
-                opacity: 0.6;
-                cursor: not-allowed;
-                background: @bg-body;
-            }
-        }
-
-        .form-help {
-            display: block;
-            margin-top: @space-1;
-            font-size: @font-size-xs;
-            color: @text-tertiary;
-        }
-    }
-
-    .form-actions {
-        margin-top: @space-5;
-        padding-top: @space-5;
-        border-top: 1px solid @border-subtle;
-        display: flex;
-        gap: @space-2;
-    }
-}
-
-// Alert Messages
-.alert {
-    padding: @space-3 @space-4;
-    border-radius: @radius-md;
-    font-size: @font-size-sm;
-    margin-bottom: @space-4;
-
-    &.alert-success {
-        background: @success-bg;
-        border: 1px solid @success-border;
-        color: @success;
-    }
-
-    &.alert-danger {
-        background: @danger-bg;
-        border: 1px solid @danger-border;
-        color: @danger;
-    }
-
-    &.alert-warning {
-        background: @warning-bg;
-        border: 1px solid @warning-border;
-        color: @warning;
-    }
-}
-
-// Session Items
-.session-item {
-    display: flex;
-    justify-content: space-between;
-    align-items: center;
-    padding: @space-4;
-    background: @bg-hover;
-    border-radius: @radius-md;
-    margin-top: @space-3;
-
-    .session-info {
-        display: flex;
-        align-items: center;
-        gap: @space-3;
-
-        svg {
-            stroke: @text-secondary;
-            fill: none;
-            stroke-width: 2;
-        }
-
-        .session-device {
-            display: block;
-            font-weight: @font-weight-medium;
-            color: @text-primary;
-        }
-
-        .session-details {
-            display: block;
-            font-size: @font-size-xs;
-            color: @text-tertiary;
-        }
-    }
-}
-
-// Theme Options
-.theme-options {
-    display: grid;
-    grid-template-columns: repeat(3, 1fr);
-    gap: @space-3;
-
-    @media (max-width: @breakpoint-md) {
-        grid-template-columns: 1fr;
-    }
-}
-
-.theme-option {
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    gap: @space-3;
-    padding: @space-4;
-    background: transparent;
-    border: 2px solid @border-subtle;
-    border-radius: @radius-lg;
-    cursor: pointer;
-    transition: all @transition-fast;
-
-    &:hover {
-        border-color: @border-active;
-    }
-
-    &.active {
-        border-color: @accent-primary;
-        background: fade(@accent-primary-raw, 5%);
-    }
-
-    span {
-        font-size: @font-size-sm;
-        font-weight: @font-weight-medium;
-        color: @text-primary;
-    }
-}
-
-.theme-preview {
-    width: 100%;
-    height: 80px;
-    border-radius: @radius-md;
-    display: flex;
-    overflow: hidden;
-
-    .preview-sidebar {
-        width: 25%;
-        background: #18181b;
-    }
-
-    .preview-content {
-        flex: 1;
-        padding: @space-2;
-        display: flex;
-        flex-direction: column;
-        gap: @space-1;
-    }
-
-    .preview-card {
-        flex: 1;
-        border-radius: @radius-sm;
-    }
-
-    &.dark {
-        border: 1px solid @border-subtle;
-
-        .preview-sidebar {
-            background: #0f0f11;
-        }
-
-        .preview-content {
-            background: #09090b;
-        }
-
-        .preview-card {
-            background: #18181b;
-        }
-    }
-
-    &.light {
-        border: 1px solid #e5e5e5;
-
-        .preview-sidebar {
-            background: #f5f5f5;
-        }
-
-        .preview-content {
-            background: #ffffff;
-        }
-
-        .preview-card {
-            background: #f5f5f5;
-        }
-    }
-
-    &.system {
-        border: 1px solid @border-subtle;
-        background: linear-gradient(135deg, #09090b 50%, #ffffff 50%);
-
-        .preview-sidebar {
-            background: linear-gradient(180deg, #0f0f11 50%, #f5f5f5 50%);
-        }
-
-        .preview-content {
-            background: transparent;
-        }
-
-        .preview-card {
-            background: linear-gradient(135deg, #18181b 50%, #f5f5f5 50%);
-        }
-    }
-}
-
-// Density Options
-.density-options {
-    display: flex;
-    gap: @space-4;
-}
-
-.radio-option {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    cursor: pointer;
-
-    input[type="radio"] {
-        width: 18px;
-        height: 18px;
-        accent-color: @accent-primary;
-        cursor: pointer;
-    }
-
-    span {
-        font-size: @font-size-sm;
-        color: @text-primary;
-    }
-}
-
-// Notification Options
-.notification-options {
-    display: flex;
-    flex-direction: column;
-    gap: @space-3;
-}
-
-.notification-item {
-    display: flex;
-    justify-content: space-between;
-    align-items: center;
-    padding: @space-4;
-    background: @bg-hover;
-    border-radius: @radius-md;
-    gap: @space-4;
-
-    .notification-info {
-        flex: 1;
-
-        .notification-title {
-            display: block;
-            font-weight: @font-weight-medium;
-            color: @text-primary;
-            margin-bottom: @space-1;
-        }
-
-        .notification-desc {
-            display: block;
-            font-size: @font-size-xs;
-            color: @text-tertiary;
-        }
-    }
-}
-
-// Toggle Switch
-.toggle-switch {
-    position: relative;
-    display: inline-block;
-    width: 44px;
-    height: 24px;
-    flex-shrink: 0;
-
-    input {
-        opacity: 0;
-        width: 0;
-        height: 0;
-
-        &:checked + .toggle-slider {
-            background: @accent-primary;
-
-            &::before {
-                transform: translateX(20px);
-            }
-        }
-
-        &:focus + .toggle-slider {
-            box-shadow: 0 0 0 2px fade(@accent-primary-raw, 30%);
-        }
-    }
-
-    .toggle-slider {
-        position: absolute;
-        cursor: pointer;
-        top: 0;
-        left: 0;
-        right: 0;
-        bottom: 0;
-        background: @border-active;
-        border-radius: 24px;
-        transition: all @transition-fast;
-
-        &::before {
-            content: '';
-            position: absolute;
-            height: 18px;
-            width: 18px;
-            left: 3px;
-            bottom: 3px;
-            background: white;
-            border-radius: 50%;
-            transition: transform @transition-fast;
-        }
-    }
-}
-
-// Toggle Label (checkbox + text inline)
-.toggle-label {
-    display: flex !important;
-    align-items: center;
-    gap: @space-3;
-    cursor: pointer;
-
-    input[type="checkbox"] {
-        width: 18px;
-        height: 18px;
-        accent-color: @accent-primary;
-        cursor: pointer;
-        flex-shrink: 0;
-    }
-
-    span {
-        font-size: @font-size-sm;
-        font-weight: @font-weight-medium;
-        color: @text-primary;
-    }
-}
-
-// System Info Grid
-.system-info-grid {
-    display: grid;
-    grid-template-columns: repeat(2, 1fr);
-    gap: @space-4;
-
-    @media (max-width: @breakpoint-md) {
-        grid-template-columns: 1fr;
-    }
-}
-
-.info-list {
-    display: flex;
-    flex-direction: column;
-    gap: @space-2;
-
-    .info-item {
-        display: flex;
-        justify-content: space-between;
-        align-items: center;
-        padding: @space-2 0;
-        border-bottom: 1px solid @border-subtle;
-
-        &:last-child {
-            border-bottom: none;
-        }
-
-        .info-label {
-            font-size: @font-size-sm;
-            color: @text-tertiary;
-        }
-
-        .info-value {
-            font-size: @font-size-sm;
-            font-weight: @font-weight-medium;
-            color: @text-primary;
-        }
-    }
-}
-
-// Timezone Selector
-.timezone-selector {
-    display: flex;
-    gap: @space-3;
-    align-items: center;
-
-    select {
-        flex: 1;
-        max-width: 300px;
-    }
-
-    .btn {
-        flex-shrink: 0;
-    }
-}
-
-.timezone-message {
-    margin-top: @space-2;
-    padding: @space-2 @space-3;
-    border-radius: @radius-md;
-    font-size: @font-size-sm;
-
-    &.success {
-        background: fade(@success, 15%);
-        color: @success;
-    }
-
-    &.error {
-        background: fade(@danger, 15%);
-        color: @danger;
-    }
-}
-
-// About Section
-.about-card {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-8;
-    text-align: center;
-
-    .about-logo {
-        width: 80px;
-        height: 80px;
-        margin: 0 auto @space-4;
-        background: linear-gradient(135deg, @accent-primary 0%, @accent-hover 100%);
-        border-radius: @radius-xl;
-        display: flex;
-        align-items: center;
-        justify-content: center;
-
-        svg {
-            stroke: white;
-        }
-    }
-
-    h3 {
-        font-size: @font-size-xl;
-        margin-bottom: @space-1;
-    }
-
-    .version {
-        color: @text-tertiary;
-        font-size: @font-size-sm;
-        margin-bottom: @space-4;
-    }
-
-    .description {
-        color: @text-secondary;
-        font-size: @font-size-sm;
-        line-height: @line-height-relaxed;
-        max-width: 500px;
-        margin: 0 auto;
-    }
-
-    .update-check {
-        margin-top: @space-4;
-        padding-top: @space-4;
-        border-top: 1px solid @border-subtle;
-
-        .btn-sm {
-            font-size: @font-size-xs;
-            padding: @space-2 @space-3;
-            display: inline-flex;
-            align-items: center;
-            gap: @space-1;
-
-            .spinning {
-                animation: spin 1s linear infinite;
-            }
-        }
-
-        .update-status {
-            display: flex;
-            align-items: center;
-            justify-content: center;
-            gap: @space-2;
-            font-size: @font-size-sm;
-
-            &.current {
-                color: @success;
-            }
-
-            &.available {
-                color: @warning;
-                flex-wrap: wrap;
-
-                .btn {
-                    margin-left: @space-2;
-                    display: inline-flex;
-                    align-items: center;
-                    gap: @space-1;
-                }
-            }
-
-            &.error {
-                color: @danger;
-
-                .btn-link {
-                    background: none;
-                    border: none;
-                    color: @accent-primary;
-                    cursor: pointer;
-                    text-decoration: underline;
-                    font-size: @font-size-sm;
-                    padding: 0;
-                    margin-left: @space-2;
-
-                    &:hover {
-                        color: @accent-hover;
-                    }
-                }
-            }
-        }
-    }
-}
-
-@keyframes spin {
-    from { transform: rotate(0deg); }
-    to { transform: rotate(360deg); }
-}
-
-// Star Prompt Card
-.star-prompt-card {
-    position: relative;
-    background: linear-gradient(135deg, @accent-glow 0%, fade(@accent-primary-raw, 8%) 100%);
-    border: 1px solid fade(@accent-primary-raw, 30%);
-    border-radius: @radius-lg;
-    padding: @space-6;
-    display: flex;
-    align-items: flex-start;
-    gap: @space-4;
-
-    .dismiss-btn {
-        position: absolute;
-        top: @space-3;
-        right: @space-3;
-        background: none;
-        border: none;
-        color: @text-tertiary;
-        cursor: pointer;
-        padding: @space-1;
-        border-radius: @radius-sm;
-        transition: all @transition-fast;
-
-        &:hover {
-            background: @bg-hover;
-            color: @text-primary;
-        }
-    }
-
-    .star-icon {
-        flex-shrink: 0;
-        width: 48px;
-        height: 48px;
-        background: linear-gradient(135deg, @warning 0%, darken(@warning, 10%) 100%);
-        border-radius: @radius-lg;
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        color: white;
-    }
-
-    .star-content {
-        flex: 1;
-        padding-right: @space-6;
-
-        h4 {
-            margin: 0 0 @space-2;
-            font-size: @font-size-md;
-            font-weight: @font-weight-semibold;
-        }
-
-        p {
-            margin: 0 0 @space-4;
-            font-size: @font-size-sm;
-            color: @text-secondary;
-            line-height: @line-height-relaxed;
-        }
-
-        .btn {
-            display: inline-flex;
-            align-items: center;
-            gap: @space-2;
-        }
-    }
-
-    @media (max-width: @breakpoint-sm) {
-        flex-direction: column;
-        text-align: center;
-
-        .star-content {
-            padding-right: 0;
-        }
-    }
-}
-
-// Feature List
-.feature-list {
-    list-style: none;
-    padding: 0;
-    margin: 0;
-    display: grid;
-    grid-template-columns: repeat(2, 1fr);
-    gap: @space-2;
-
-    @media (max-width: @breakpoint-md) {
-        grid-template-columns: 1fr;
-    }
-
-    li {
-        display: flex;
-        align-items: center;
-        gap: @space-2;
-        padding: @space-2;
-        font-size: @font-size-sm;
-        color: @text-secondary;
-
-        svg {
-            stroke: @success;
-            fill: none;
-            stroke-width: 2;
-            flex-shrink: 0;
-        }
-    }
-}
-
-// Link List
-.link-list {
-    display: flex;
-    flex-direction: column;
-    gap: @space-2;
-}
-
-.link-item {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-    padding: @space-3 @space-4;
-    background: @bg-hover;
-    border-radius: @radius-md;
-    color: @text-secondary;
-    text-decoration: none;
-    font-size: @font-size-sm;
-    transition: all @transition-fast;
-
-    svg {
-        stroke: currentColor;
-        fill: none;
-        stroke-width: 2;
-        flex-shrink: 0;
-    }
-
-    &:hover {
-        background: @accent-primary;
-        color: white;
-    }
-}
-
-// License Text
-.license-text {
-    color: @text-secondary;
-    font-size: @font-size-sm;
-    margin: 0;
-}
-
-// Loading State
-.loading {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    padding: @space-12;
-    color: @text-secondary;
-    font-size: @font-size-sm;
-}
-
-// Settings Row (for app settings tab)
-.settings-row {
-    display: flex;
-    justify-content: space-between;
-    align-items: flex-start;
-    padding: @space-4;
-    background: @bg-hover;
-    border-radius: @radius-md;
-    gap: @space-4;
-
-    &:not(:last-child) {
-        margin-bottom: @space-3;
-    }
-
-    &.settings-linked-warning {
-        background: fade(@warning, 10%);
-        border: 1px solid fade(@warning, 20%);
-    }
-}
-
-.settings-label {
-    flex: 1;
-
-    > span:first-child {
-        display: block;
-        font-weight: @font-weight-medium;
-        color: @text-primary;
-        margin-bottom: @space-1;
-    }
-
-    .settings-hint {
-        display: block;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-    }
-}
-
-.settings-control {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    flex-shrink: 0;
-}
-
-.settings-select {
-    min-width: 160px;
-    padding: @space-2 @space-3;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    color: @text-primary;
-    font-size: @font-size-sm;
-    cursor: pointer;
-    transition: border-color @transition-fast;
-
-    &:hover {
-        border-color: @border-default;
-    }
-
-    &:focus {
-        outline: none;
-        border-color: @accent-primary;
-    }
-
-    &:disabled {
-        opacity: 0.6;
-        cursor: not-allowed;
-    }
-}
-
-.settings-saving {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-    font-style: italic;
-}
-
-// ============================================
-// ICON REFERENCE (Developer Mode)
-// ============================================
-
-.icon-reference-grid {
-    display: grid;
-    grid-template-columns: repeat(auto-fill, minmax(120px, 1fr));
-    gap: @space-2;
-    margin-top: @space-3;
-}
-
-.icon-reference-item {
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    gap: @space-1;
-    padding: @space-3 @space-2;
-    border: 1px solid @border-default;
-    border-radius: @radius-md;
-    background: @bg-card;
-    cursor: pointer;
-    transition: all 0.15s ease;
-
-    &:hover {
-        border-color: @accent-primary;
-        background: @bg-hover;
-    }
-
-    &.copied {
-        border-color: @success;
-        background: @success-bg;
-    }
-
-    svg {
-        color: @text-primary;
-        opacity: 0.8;
-    }
-
-    .icon-reference-name {
-        font-size: @font-size-xs;
-        color: @text-secondary;
-        text-align: center;
-        word-break: break-word;
-        line-height: 1.2;
-    }
-
-    &.copied .icon-reference-name {
-        color: @success;
-        font-weight: @font-weight-medium;
-    }
-}
-
-// ============================================
-// ACCENT COLOR PRESETS
-// ============================================
-
-.accent-presets {
-    display: grid;
-    grid-template-columns: repeat(4, 1fr);
-    gap: @space-2;
-    margin-bottom: @space-4;
-
-    @media (max-width: @breakpoint-sm) {
-        grid-template-columns: repeat(2, 1fr);
-    }
-}
-
-.accent-preset {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    padding: @space-2 @space-3;
-    background: transparent;
-    border: 2px solid @border-subtle;
-    border-radius: @radius-md;
-    cursor: pointer;
-    transition: all @transition-fast;
-
-    &:hover {
-        border-color: @border-active;
-    }
-
-    &.active {
-        border-color: @accent-primary;
-        background: @bg-hover;
-    }
-}
-
-.accent-swatch {
-    width: 20px;
-    height: 20px;
-    border-radius: @radius-full;
-    flex-shrink: 0;
-}
-
-.accent-label {
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    color: @text-primary;
-}
-
-.accent-custom {
-    padding-top: @space-3;
-    border-top: 1px solid @border-subtle;
-}
-
-.accent-custom-label {
-    display: block;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    color: @text-secondary;
-    margin-bottom: @space-2;
-}
-
-.accent-custom-row {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-}
-
-.accent-custom-input {
-    width: 40px;
-    height: 32px;
-    padding: 0;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    background: transparent;
-    cursor: pointer;
-
-    &::-webkit-color-swatch-wrapper {
-        padding: 2px;
-    }
-
-    &::-webkit-color-swatch {
-        border: none;
-        border-radius: @radius-sm;
-    }
-}
-
-.accent-custom-hex {
-    font-family: @font-mono;
-    font-size: @font-size-sm;
-    color: @text-secondary;
-}
-
-// ============================================
-// DASHBOARD WIDGET CONFIG
-// ============================================
-
-.widget-list {
-    display: flex;
-    flex-direction: column;
-    gap: @space-2;
-}
-
-.widget-item {
-    display: flex;
-    justify-content: space-between;
-    align-items: center;
-    padding: @space-3 @space-4;
-    background: @bg-hover;
-    border-radius: @radius-md;
-    transition: opacity @transition-fast;
-
-    &--hidden {
-        opacity: 0.5;
-    }
-}
-
-.widget-item__info {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-}
-
-.widget-item__label {
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    color: @text-primary;
-}
-
-.widget-item__controls {
-    display: flex;
-    gap: @space-1;
-}
-
-.widget-move-btn {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    width: 28px;
-    height: 28px;
-    background: transparent;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-sm;
-    color: @text-secondary;
-    cursor: pointer;
-    transition: all @transition-fast;
-
-    &:hover:not(:disabled) {
-        background: @bg-card;
-        color: @text-primary;
-        border-color: @border-active;
-    }
-
-    &:disabled {
-        opacity: 0.3;
-        cursor: not-allowed;
-    }
-}
-
-// ============================================
-// WHITE LABEL / CUSTOM BRANDING
-// ============================================
-
-.whitelabel-modes {
-    display: grid;
-    grid-template-columns: repeat(3, 1fr);
-    gap: @space-3;
-    margin-top: @space-4;
-
-    @media (max-width: @breakpoint-md) {
-        grid-template-columns: 1fr;
-    }
-}
-
-.whitelabel-mode {
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    gap: @space-2;
-    padding: @space-4;
-    background: transparent;
-    border: 2px solid @border-subtle;
-    border-radius: @radius-lg;
-    cursor: pointer;
-    transition: all @transition-fast;
-    text-align: center;
-    color: @text-secondary;
-
-    svg {
-        opacity: 0.7;
-    }
-
-    &:hover {
-        border-color: @border-active;
-    }
-
-    &.active {
-        border-color: @accent-primary;
-        background: fade(@accent-primary-raw, 5%);
-        color: @text-primary;
-
-        svg {
-            color: @accent-primary;
-            opacity: 1;
-        }
-    }
-
-    .whitelabel-mode__label {
-        font-size: @font-size-sm;
-        font-weight: @font-weight-medium;
-        color: @text-primary;
-    }
-
-    .whitelabel-mode__desc {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-    }
-}
-
-.whitelabel-fields {
-    margin-top: @space-4;
-    display: flex;
-    flex-direction: column;
-    gap: @space-4;
-
-    .form-group {
-        label {
-            display: block;
-            font-size: @font-size-sm;
-            font-weight: @font-weight-medium;
-            color: @text-secondary;
-            margin-bottom: @space-2;
-        }
-
-        input[type="text"] {
-            width: 100%;
-            max-width: 320px;
-            padding: @space-3;
-            background: @bg-hover;
-            border: 1px solid @border-subtle;
-            border-radius: @radius-md;
-            color: @text-primary;
-            font-size: @font-size-sm;
-            transition: border-color @transition-fast;
-
-            &:focus {
-                outline: none;
-                border-color: @accent-primary;
-            }
-        }
-    }
-}
-
-.whitelabel-upload {
-    border: 2px dashed @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-5;
-    cursor: pointer;
-    transition: all @transition-fast;
-    text-align: center;
-
-    &:hover {
-        border-color: @accent-primary;
-        background: fade(@accent-primary-raw, 3%);
-    }
-
-    .whitelabel-upload__placeholder {
-        display: flex;
-        flex-direction: column;
-        align-items: center;
-        gap: @space-2;
-        color: @text-tertiary;
-
-        svg {
-            opacity: 0.5;
-        }
-
-        span {
-            font-size: @font-size-sm;
-        }
-    }
-
-    .whitelabel-upload__hint {
-        font-size: @font-size-xs !important;
-        color: @text-tertiary;
-        opacity: 0.7;
-    }
-}
-
-.whitelabel-logo-preview {
-    display: flex;
-    align-items: center;
-    gap: @space-4;
-    justify-content: center;
-
-    img {
-        width: 48px;
-        height: 48px;
-        object-fit: contain;
-        border-radius: @radius-md;
-        border: 1px solid @border-subtle;
-        background: @bg-hover;
-        padding: @space-1;
-    }
-}
-
-.whitelabel-preview {
-    margin-top: @space-4;
-
-    .whitelabel-preview__label {
-        display: block;
-        font-size: @font-size-xs;
-        font-weight: @font-weight-semibold;
-        color: @text-tertiary;
-        text-transform: uppercase;
-        letter-spacing: 0.06em;
-        margin-bottom: @space-2;
-    }
-
-    .whitelabel-preview__box {
-        display: flex;
-        align-items: center;
-        gap: 10px;
-        height: 70px;
-        padding: 0 @space-4;
-        background: @bg-body;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-lg;
-    }
-}
-
-.whitelabel-star-prompt {
-    margin-top: @space-4;
-    background: linear-gradient(135deg, @accent-glow 0%, fade(@accent-primary-raw, 8%) 100%);
-    border: 1px solid fade(@accent-primary-raw, 30%);
-    border-radius: @radius-lg;
-    padding: @space-5;
-    display: flex;
-    align-items: flex-start;
-    gap: @space-4;
-
-    .star-icon {
-        flex-shrink: 0;
-        width: 44px;
-        height: 44px;
-        background: linear-gradient(135deg, @warning 0%, darken(@warning, 10%) 100%);
-        border-radius: @radius-lg;
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        color: white;
-    }
-
-    .star-content {
-        flex: 1;
-
-        h4 {
-            margin: 0 0 @space-2;
-            font-size: @font-size-md;
-            font-weight: @font-weight-semibold;
-        }
-
-        p {
-            margin: 0 0 @space-3;
-            font-size: @font-size-sm;
-            color: @text-secondary;
-            line-height: @line-height-relaxed;
-        }
-
-        .btn {
-            display: inline-flex;
-            align-items: center;
-            gap: @space-2;
-        }
-    }
-
-    @media (max-width: @breakpoint-sm) {
-        flex-direction: column;
-    }
-}
-
-// ============================================
-// SSO CONFIG & LINKED ACCOUNTS
-// ============================================
-
-.sso-config {
-    display: flex;
-    flex-direction: column;
-    gap: @space-5;
-}
-
-.sso-provider-config {
-    border: 1px solid @border-subtle;
-
-    &--enabled {
-        border-color: @accent-primary;
-    }
-
-    .sso-provider-config__header {
-        display: flex;
-        align-items: center;
-        justify-content: space-between;
-        cursor: pointer;
-        padding: @space-4;
-
-        &:hover {
-            background: @bg-hover;
-        }
-    }
-
-    .sso-provider-config__title {
-        display: flex;
-        align-items: center;
-        gap: @space-3;
-
-        h3 {
-            margin: 0;
-        }
-    }
-
-    .sso-provider-config__status {
-        font-size: @font-size-xs;
-        padding: @space-1 @space-2;
-        border-radius: @radius-full;
-        font-weight: @font-weight-medium;
-
-        &--active {
-            background: fade(@color-success, 15%);
-            color: @color-success;
-        }
-    }
-
-    .sso-provider-config__body {
-        padding: @space-1 @space-4 @space-4;
-        border-top: 1px solid @border-subtle;
-        display: flex;
-        flex-direction: column;
-        gap: @space-4;
-    }
-
-    .sso-provider-config__actions {
-        display: flex;
-        gap: @space-3;
-        padding-top: @space-2;
-    }
-}
-
-// Linked accounts (Security tab)
-.linked-accounts-list {
-    display: flex;
-    flex-direction: column;
-    gap: @space-3;
-    margin: @space-4 0;
-}
-
-.linked-account {
-    display: flex;
-    align-items: center;
-    justify-content: space-between;
-    padding: @space-3;
-    background: @bg-secondary;
-    border-radius: @radius-lg;
-    border: 1px solid @border-subtle;
-
-    .linked-account__info {
-        display: flex;
-        align-items: center;
-        gap: @space-3;
-
-        div {
-            display: flex;
-            flex-direction: column;
-        }
-    }
-
-    .linked-account__provider {
-        font-weight: @font-weight-medium;
-        text-transform: capitalize;
-    }
-
-    .linked-account__email {
-        font-size: @font-size-sm;
-        color: @text-secondary;
-    }
-}
-
-.linked-accounts-available {
-    display: flex;
-    gap: @space-3;
-    margin-top: @space-3;
-    flex-wrap: wrap;
-
-    .btn {
-        display: flex;
-        align-items: center;
-        gap: @space-2;
-    }
-}
diff --git a/frontend/src/styles/pages/_settings.scss b/frontend/src/styles/pages/_settings.scss
new file mode 100644
index 00000000..ad17aa1e
--- /dev/null
+++ b/frontend/src/styles/pages/_settings.scss
@@ -0,0 +1,1862 @@
+// ============================================
+// SETTINGS PAGE STYLES
+// ============================================
+
+.settings-page {
+    .page-header {
+        margin-bottom: $space-6;
+
+        h1 {
+            font-size: $font-size-2xl;
+            font-weight: $font-weight-semibold;
+            margin: 0 0 $space-1 0;
+        }
+
+        .page-subtitle {
+            color: $text-secondary;
+            margin: 0;
+        }
+    }
+}
+
+.settings-layout {
+    display: grid;
+    grid-template-columns: 240px 1fr;
+    gap: $space-6;
+    min-height: calc(100vh - 200px);
+
+    @media (max-width: $breakpoint-lg) {
+        grid-template-columns: 1fr;
+    }
+}
+
+// Settings Navigation
+.settings-nav {
+    display: flex;
+    flex-direction: column;
+    gap: $space-1;
+    position: sticky;
+    top: $space-6;
+    max-height: calc(100vh - $space-12);
+    overflow-y: auto;
+
+    // Custom scrollbar for nav
+    &::-webkit-scrollbar {
+        width: 4px;
+    }
+
+    &::-webkit-scrollbar-track {
+        background: transparent;
+    }
+
+    &::-webkit-scrollbar-thumb {
+        background: $border-active;
+        border-radius: $radius-full;
+    }
+
+    @media (max-width: $breakpoint-lg) {
+        flex-direction: row;
+        flex-wrap: wrap;
+        position: static;
+        max-height: none;
+        overflow-y: visible;
+        background: $bg-card;
+        padding: $space-2;
+        border-radius: $radius-lg;
+    }
+}
+
+.settings-nav-item {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+    padding: $space-3 $space-4;
+    background: transparent;
+    border: none;
+    border-radius: $radius-md;
+    color: $text-secondary;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    cursor: pointer;
+    transition: all $transition-fast;
+    text-align: left;
+    width: 100%;
+
+    svg {
+        width: 18px;
+        height: 18px;
+        stroke: currentColor;
+        fill: none;
+        stroke-width: 2;
+        flex-shrink: 0;
+    }
+
+    &:hover {
+        background: $bg-hover;
+        color: $text-primary;
+    }
+
+    &.active {
+        background: $accent-primary;
+        color: white;
+
+        svg {
+            stroke: white;
+        }
+    }
+
+    @media (max-width: $breakpoint-lg) {
+        width: auto;
+        padding: $space-2 $space-3;
+    }
+}
+
+// Nav spacer pushes About to the bottom of the sticky sidebar
+.settings-nav-spacer {
+    flex: 1;
+    min-height: $space-4;
+}
+
+// Settings Content Area
+.settings-content {
+    min-width: 0;
+}
+
+// Settings Section
+.settings-section {
+    display: flex;
+    flex-direction: column;
+    gap: $space-5;
+
+    .section-header {
+        margin-bottom: $space-2;
+
+        h2 {
+            font-size: $font-size-lg;
+            font-weight: $font-weight-semibold;
+            margin: 0 0 $space-1 0;
+        }
+
+        p {
+            color: $text-secondary;
+            margin: 0;
+            font-size: $font-size-sm;
+        }
+    }
+
+    h3 {
+        font-size: $font-size-base;
+        font-weight: $font-weight-semibold;
+        margin: 0 0 $space-3 0;
+        color: $text-primary;
+    }
+}
+
+// Settings Cards
+.settings-card {
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-5;
+
+    h3 {
+        margin: 0;
+    }
+
+    > p {
+        color: $text-secondary;
+        font-size: $font-size-sm;
+        margin: 0 0 $space-4 0;
+    }
+}
+
+.settings-card__header {
+    display: flex;
+    align-items: flex-start;
+    justify-content: space-between;
+    gap: $space-4;
+    margin-bottom: $space-5;
+}
+
+.settings-card__header-left {
+    display: flex;
+    align-items: flex-start;
+    gap: $space-3;
+
+    > svg {
+        flex-shrink: 0;
+        color: $text-tertiary;
+        margin-top: 2px;
+    }
+
+    h3 {
+        font-size: $font-size-base;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin: 0;
+    }
+
+    p {
+        color: $text-secondary;
+        font-size: $font-size-sm;
+        margin: $space-1 0 0 0;
+    }
+}
+
+.settings-card__empty {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: $space-3;
+    padding: $space-8 $space-4;
+    color: $text-tertiary;
+    text-align: center;
+
+    > svg {
+        opacity: 0.4;
+    }
+
+    p {
+        margin: 0;
+        font-size: $font-size-sm;
+        color: $text-tertiary;
+    }
+}
+
+.settings-card__loading {
+    padding: $space-6;
+    text-align: center;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
+}
+
+.settings-card__footer {
+    display: flex;
+    gap: $space-2;
+    margin-top: $space-5;
+    padding-top: $space-4;
+    border-top: 1px solid $border-subtle;
+}
+
+// Settings Form
+.settings-form {
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-5;
+
+    .form-group {
+        margin-bottom: $space-4;
+
+        &:last-of-type {
+            margin-bottom: 0;
+        }
+
+        label {
+            display: block;
+            font-size: $font-size-sm;
+            font-weight: $font-weight-medium;
+            color: $text-secondary;
+            margin-bottom: $space-2;
+        }
+
+        input:not([type="checkbox"]):not([type="radio"]), select, textarea {
+            width: 100%;
+            padding: $space-3;
+            background: $bg-hover;
+            border: 1px solid $border-subtle;
+            border-radius: $radius-md;
+            color: $text-primary;
+            font-size: $font-size-sm;
+            transition: border-color $transition-fast;
+
+            &:focus {
+                outline: none;
+                border-color: $accent-primary;
+            }
+
+            &:disabled,
+            &.input-disabled {
+                opacity: 0.6;
+                cursor: not-allowed;
+                background: $bg-body;
+            }
+        }
+
+        .form-help {
+            display: block;
+            margin-top: $space-1;
+            font-size: $font-size-xs;
+            color: $text-tertiary;
+        }
+    }
+
+    .form-actions {
+        margin-top: $space-5;
+        padding-top: $space-5;
+        border-top: 1px solid $border-subtle;
+        display: flex;
+        gap: $space-2;
+    }
+}
+
+// Alert Messages
+.alert {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    padding: $space-3 $space-4;
+    border-radius: $radius-md;
+    font-size: $font-size-sm;
+    margin-bottom: $space-4;
+
+    &.alert-success,
+    &.alert--success {
+        background: $success-bg;
+        border: 1px solid $success-border;
+        color: $success;
+    }
+
+    &.alert-danger,
+    &.alert--danger,
+    &.alert--error {
+        background: $danger-bg;
+        border: 1px solid $danger-border;
+        color: $danger;
+    }
+
+    &.alert-warning,
+    &.alert--warning {
+        background: $warning-bg;
+        border: 1px solid $warning-border;
+        color: $warning;
+    }
+}
+
+// Session Items
+.session-item {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    padding: $space-4;
+    background: $bg-hover;
+    border-radius: $radius-md;
+    margin-top: $space-3;
+
+    .session-info {
+        display: flex;
+        align-items: center;
+        gap: $space-3;
+
+        svg {
+            stroke: $text-secondary;
+            fill: none;
+            stroke-width: 2;
+        }
+
+        .session-device {
+            display: block;
+            font-weight: $font-weight-medium;
+            color: $text-primary;
+        }
+
+        .session-details {
+            display: block;
+            font-size: $font-size-xs;
+            color: $text-tertiary;
+        }
+    }
+}
+
+// Theme Options
+.theme-options {
+    display: grid;
+    grid-template-columns: repeat(3, 1fr);
+    gap: $space-3;
+
+    @media (max-width: $breakpoint-md) {
+        grid-template-columns: 1fr;
+    }
+}
+
+.theme-option {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: $space-3;
+    padding: $space-4;
+    background: transparent;
+    border: 2px solid $border-subtle;
+    border-radius: $radius-lg;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    &:hover {
+        border-color: $border-active;
+    }
+
+    &.active {
+        border-color: $accent-primary;
+        background: fade($accent-primary-raw, 5%);
+    }
+
+    span {
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
+        color: $text-primary;
+    }
+}
+
+.theme-preview {
+    width: 100%;
+    height: 80px;
+    border-radius: $radius-md;
+    display: flex;
+    overflow: hidden;
+
+    .preview-sidebar {
+        width: 25%;
+        background: #18181b;
+    }
+
+    .preview-content {
+        flex: 1;
+        padding: $space-2;
+        display: flex;
+        flex-direction: column;
+        gap: $space-1;
+    }
+
+    .preview-card {
+        flex: 1;
+        border-radius: $radius-sm;
+    }
+
+    &.dark {
+        border: 1px solid $border-subtle;
+
+        .preview-sidebar {
+            background: #0f0f11;
+        }
+
+        .preview-content {
+            background: #09090b;
+        }
+
+        .preview-card {
+            background: #18181b;
+        }
+    }
+
+    &.light {
+        border: 1px solid #e5e5e5;
+
+        .preview-sidebar {
+            background: #f5f5f5;
+        }
+
+        .preview-content {
+            background: #ffffff;
+        }
+
+        .preview-card {
+            background: #f5f5f5;
+        }
+    }
+
+    &.system {
+        border: 1px solid $border-subtle;
+        background: linear-gradient(135deg, #09090b 50%, #ffffff 50%);
+
+        .preview-sidebar {
+            background: linear-gradient(180deg, #0f0f11 50%, #f5f5f5 50%);
+        }
+
+        .preview-content {
+            background: transparent;
+        }
+
+        .preview-card {
+            background: linear-gradient(135deg, #18181b 50%, #f5f5f5 50%);
+        }
+    }
+}
+
+// Density Options
+.density-options {
+    display: flex;
+    gap: $space-4;
+}
+
+.radio-option {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    cursor: pointer;
+
+    input[type="radio"] {
+        width: 18px;
+        height: 18px;
+        accent-color: $accent-primary;
+        cursor: pointer;
+    }
+
+    span {
+        font-size: $font-size-sm;
+        color: $text-primary;
+    }
+}
+
+// Notification Options
+.notification-options {
+    display: flex;
+    flex-direction: column;
+    gap: $space-3;
+}
+
+.notification-item {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    padding: $space-4;
+    background: $bg-hover;
+    border-radius: $radius-md;
+    gap: $space-4;
+
+    .notification-info {
+        flex: 1;
+
+        .notification-title {
+            display: block;
+            font-weight: $font-weight-medium;
+            color: $text-primary;
+            margin-bottom: $space-1;
+        }
+
+        .notification-desc {
+            display: block;
+            font-size: $font-size-xs;
+            color: $text-tertiary;
+        }
+    }
+}
+
+// Toggle Switch
+.toggle-switch {
+    position: relative;
+    display: inline-block;
+    width: 44px;
+    height: 24px;
+    flex-shrink: 0;
+
+    input {
+        opacity: 0;
+        width: 0;
+        height: 0;
+
+        &:checked + .toggle-slider {
+            background: $accent-primary;
+
+            &::before {
+                transform: translateX(20px);
+            }
+        }
+
+        &:focus + .toggle-slider {
+            box-shadow: 0 0 0 2px fade($accent-primary-raw, 30%);
+        }
+    }
+
+    .toggle-slider {
+        position: absolute;
+        cursor: pointer;
+        top: 0;
+        left: 0;
+        right: 0;
+        bottom: 0;
+        background: $border-active;
+        border-radius: 24px;
+        transition: all $transition-fast;
+
+        &::before {
+            content: '';
+            position: absolute;
+            height: 18px;
+            width: 18px;
+            left: 3px;
+            bottom: 3px;
+            background: white;
+            border-radius: 50%;
+            transition: transform $transition-fast;
+        }
+    }
+}
+
+// Div-based toggle (used in SidebarSettings)
+// Mirrors the input-based .toggle-switch above but driven by .on class
+.toggle-switch:not(:has(input)) {
+    width: 44px;
+    height: 24px;
+    background: $border-active;
+    border-radius: 24px;
+    cursor: pointer;
+    transition: background $transition-fast;
+    flex-shrink: 0;
+
+    &.on {
+        background: $accent-primary;
+
+        .toggle-knob {
+            transform: translateX(20px);
+        }
+    }
+
+    .toggle-knob {
+        position: absolute;
+        height: 18px;
+        width: 18px;
+        left: 3px;
+        top: 3px;
+        background: white;
+        border-radius: 50%;
+        transition: transform $transition-fast;
+        box-shadow: 0 1px 3px rgba(0, 0, 0, 0.15);
+    }
+}
+
+// Toggle Label (checkbox + text inline)
+.toggle-label {
+    display: flex !important;
+    align-items: center;
+    gap: $space-3;
+    cursor: pointer;
+
+    input[type="checkbox"] {
+        width: 18px;
+        height: 18px;
+        accent-color: $accent-primary;
+        cursor: pointer;
+        flex-shrink: 0;
+    }
+
+    span {
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
+        color: $text-primary;
+    }
+}
+
+// System Info Grid
+.system-info-grid {
+    display: grid;
+    grid-template-columns: repeat(2, 1fr);
+    gap: $space-4;
+
+    @media (max-width: $breakpoint-md) {
+        grid-template-columns: 1fr;
+    }
+}
+
+.info-list {
+    display: flex;
+    flex-direction: column;
+    gap: $space-2;
+
+    .info-item {
+        display: flex;
+        justify-content: space-between;
+        align-items: center;
+        padding: $space-2 0;
+        border-bottom: 1px solid $border-subtle;
+
+        &:last-child {
+            border-bottom: none;
+        }
+
+        .info-label {
+            font-size: $font-size-sm;
+            color: $text-tertiary;
+        }
+
+        .info-value {
+            font-size: $font-size-sm;
+            font-weight: $font-weight-medium;
+            color: $text-primary;
+        }
+    }
+}
+
+// Timezone Selector
+.timezone-selector {
+    display: flex;
+    gap: $space-3;
+    align-items: center;
+
+    select {
+        flex: 1;
+        max-width: 300px;
+    }
+
+    .btn {
+        flex-shrink: 0;
+    }
+}
+
+.timezone-message {
+    margin-top: $space-2;
+    padding: $space-2 $space-3;
+    border-radius: $radius-md;
+    font-size: $font-size-sm;
+
+    &.success {
+        background: fade($success, 15%);
+        color: $success;
+    }
+
+    &.error {
+        background: fade($danger, 15%);
+        color: $danger;
+    }
+}
+
+// About Section
+.about-card {
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-8;
+    text-align: center;
+
+    .about-logo {
+        width: 80px;
+        height: 80px;
+        margin: 0 auto $space-4;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+    }
+
+    h3 {
+        font-size: $font-size-xl;
+        margin-bottom: $space-1;
+    }
+
+    .version {
+        color: $text-tertiary;
+        font-size: $font-size-sm;
+        margin-bottom: $space-4;
+    }
+
+    .description {
+        color: $text-secondary;
+        font-size: $font-size-sm;
+        line-height: $line-height-relaxed;
+        max-width: 500px;
+        margin: 0 auto;
+    }
+
+    .update-check {
+        margin-top: $space-4;
+        padding-top: $space-4;
+        border-top: 1px solid $border-subtle;
+
+        .btn-sm {
+            font-size: $font-size-xs;
+            padding: $space-2 $space-3;
+            display: inline-flex;
+            align-items: center;
+            gap: $space-1;
+
+            .spinning {
+                animation: spin 1s linear infinite;
+            }
+        }
+
+        .update-status {
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            gap: $space-2;
+            font-size: $font-size-sm;
+
+            &.current {
+                color: $success;
+            }
+
+            &.available {
+                color: $warning;
+                flex-wrap: wrap;
+
+                .btn {
+                    margin-left: $space-2;
+                    display: inline-flex;
+                    align-items: center;
+                    gap: $space-1;
+                }
+            }
+
+            &.error {
+                color: $danger;
+
+                .btn-link {
+                    background: none;
+                    border: none;
+                    color: $accent-primary;
+                    cursor: pointer;
+                    text-decoration: underline;
+                    font-size: $font-size-sm;
+                    padding: 0;
+                    margin-left: $space-2;
+
+                    &:hover {
+                        color: $accent-hover;
+                    }
+                }
+            }
+        }
+    }
+}
+
+@keyframes spin {
+    from { transform: rotate(0deg); }
+    to { transform: rotate(360deg); }
+}
+
+// Star Prompt Card
+.star-prompt-card {
+    position: relative;
+    background: linear-gradient(135deg, $accent-glow 0%, fade($accent-primary-raw, 8%) 100%);
+    border: 1px solid fade($accent-primary-raw, 30%);
+    border-radius: $radius-lg;
+    padding: $space-6;
+    display: flex;
+    align-items: flex-start;
+    gap: $space-4;
+
+    .dismiss-btn {
+        position: absolute;
+        top: $space-3;
+        right: $space-3;
+        background: none;
+        border: none;
+        color: $text-tertiary;
+        cursor: pointer;
+        padding: $space-1;
+        border-radius: $radius-sm;
+        transition: all $transition-fast;
+
+        &:hover {
+            background: $bg-hover;
+            color: $text-primary;
+        }
+    }
+
+    .star-icon {
+        flex-shrink: 0;
+        width: 48px;
+        height: 48px;
+        background: linear-gradient(135deg, $warning 0%, darken($warning, 10%) 100%);
+        border-radius: $radius-lg;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        color: white;
+    }
+
+    .star-content {
+        flex: 1;
+        padding-right: $space-6;
+
+        h4 {
+            margin: 0 0 $space-2;
+            font-size: $font-size-md;
+            font-weight: $font-weight-semibold;
+        }
+
+        p {
+            margin: 0 0 $space-4;
+            font-size: $font-size-sm;
+            color: $text-secondary;
+            line-height: $line-height-relaxed;
+        }
+
+        .btn {
+            display: inline-flex;
+            align-items: center;
+            gap: $space-2;
+        }
+    }
+
+    @media (max-width: $breakpoint-sm) {
+        flex-direction: column;
+        text-align: center;
+
+        .star-content {
+            padding-right: 0;
+        }
+    }
+}
+
+// Feature List
+.feature-list {
+    list-style: none;
+    padding: 0;
+    margin: 0;
+    display: grid;
+    grid-template-columns: repeat(2, 1fr);
+    gap: $space-2;
+
+    @media (max-width: $breakpoint-md) {
+        grid-template-columns: 1fr;
+    }
+
+    li {
+        display: flex;
+        align-items: center;
+        gap: $space-2;
+        padding: $space-2;
+        font-size: $font-size-sm;
+        color: $text-secondary;
+
+        svg {
+            stroke: $success;
+            fill: none;
+            stroke-width: 2;
+            flex-shrink: 0;
+        }
+    }
+}
+
+// Link List
+.link-list {
+    display: flex;
+    flex-direction: column;
+    gap: $space-2;
+}
+
+.link-item {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+    padding: $space-3 $space-4;
+    background: $bg-hover;
+    border-radius: $radius-md;
+    color: $text-secondary;
+    text-decoration: none;
+    font-size: $font-size-sm;
+    transition: all $transition-fast;
+
+    svg {
+        stroke: currentColor;
+        fill: none;
+        stroke-width: 2;
+        flex-shrink: 0;
+    }
+
+    &:hover {
+        background: $accent-primary;
+        color: white;
+    }
+}
+
+// License Text
+.license-text {
+    color: $text-secondary;
+    font-size: $font-size-sm;
+    margin: 0;
+}
+
+// Loading State
+.loading {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    padding: $space-12;
+    color: $text-secondary;
+    font-size: $font-size-sm;
+}
+
+// Settings Row (for app settings tab)
+.settings-row {
+    display: flex;
+    justify-content: space-between;
+    align-items: flex-start;
+    padding: $space-4;
+    background: $bg-hover;
+    border-radius: $radius-md;
+    gap: $space-4;
+
+    &:not(:last-child) {
+        margin-bottom: $space-3;
+    }
+
+    &.settings-linked-warning {
+        background: fade($warning, 10%);
+        border: 1px solid fade($warning, 20%);
+    }
+}
+
+.settings-label {
+    flex: 1;
+
+    > span:first-child {
+        display: block;
+        font-weight: $font-weight-medium;
+        color: $text-primary;
+        margin-bottom: $space-1;
+    }
+
+    .settings-hint {
+        display: block;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+    }
+}
+
+.settings-control {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    flex-shrink: 0;
+}
+
+.settings-select {
+    min-width: 160px;
+    padding: $space-2 $space-3;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    color: $text-primary;
+    font-size: $font-size-sm;
+    cursor: pointer;
+    transition: border-color $transition-fast;
+
+    &:hover {
+        border-color: $border-default;
+    }
+
+    &:focus {
+        outline: none;
+        border-color: $accent-primary;
+    }
+
+    &:disabled {
+        opacity: 0.6;
+        cursor: not-allowed;
+    }
+}
+
+.settings-saving {
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+    font-style: italic;
+}
+
+// ============================================
+// ICON REFERENCE (Developer Mode)
+// ============================================
+
+.icon-reference-grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fill, minmax(120px, 1fr));
+    gap: $space-2;
+    margin-top: $space-3;
+}
+
+.icon-reference-item {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: $space-1;
+    padding: $space-3 $space-2;
+    border: 1px solid $border-default;
+    border-radius: $radius-md;
+    background: $bg-card;
+    cursor: pointer;
+    transition: all 0.15s ease;
+
+    &:hover {
+        border-color: $accent-primary;
+        background: $bg-hover;
+    }
+
+    &.copied {
+        border-color: $success;
+        background: $success-bg;
+    }
+
+    svg {
+        color: $text-primary;
+        opacity: 0.8;
+    }
+
+    .icon-reference-name {
+        font-size: $font-size-xs;
+        color: $text-secondary;
+        text-align: center;
+        word-break: break-word;
+        line-height: 1.2;
+    }
+
+    &.copied .icon-reference-name {
+        color: $success;
+        font-weight: $font-weight-medium;
+    }
+}
+
+// ============================================
+// ACCENT COLOR PRESETS
+// ============================================
+
+.accent-presets {
+    display: grid;
+    grid-template-columns: repeat(4, 1fr);
+    gap: $space-2;
+    margin-bottom: $space-4;
+
+    @media (max-width: $breakpoint-sm) {
+        grid-template-columns: repeat(2, 1fr);
+    }
+}
+
+.accent-preset {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    padding: $space-2 $space-3;
+    background: transparent;
+    border: 2px solid $border-subtle;
+    border-radius: $radius-md;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    &:hover {
+        border-color: $border-active;
+    }
+
+    &.active {
+        border-color: $accent-primary;
+        background: $bg-hover;
+    }
+}
+
+.accent-swatch {
+    width: 20px;
+    height: 20px;
+    border-radius: $radius-full;
+    flex-shrink: 0;
+}
+
+.accent-label {
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    color: $text-primary;
+}
+
+.accent-custom {
+    padding-top: $space-3;
+    border-top: 1px solid $border-subtle;
+}
+
+.accent-custom-label {
+    display: block;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    color: $text-secondary;
+    margin-bottom: $space-2;
+}
+
+.accent-custom-row {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+}
+
+.accent-custom-input {
+    width: 40px;
+    height: 32px;
+    padding: 0;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    background: transparent;
+    cursor: pointer;
+
+    &::-webkit-color-swatch-wrapper {
+        padding: 2px;
+    }
+
+    &::-webkit-color-swatch {
+        border: none;
+        border-radius: $radius-sm;
+    }
+}
+
+.accent-custom-hex {
+    font-family: $font-mono;
+    font-size: $font-size-sm;
+    color: $text-secondary;
+}
+
+// ============================================
+// DASHBOARD WIDGET CONFIG
+// ============================================
+
+.widget-list {
+    display: flex;
+    flex-direction: column;
+    gap: $space-2;
+}
+
+.widget-item {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    padding: $space-3 $space-4;
+    background: $bg-hover;
+    border-radius: $radius-md;
+    transition: opacity $transition-fast;
+
+    &--hidden {
+        opacity: 0.5;
+    }
+}
+
+.widget-item__info {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+}
+
+.widget-item__label {
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    color: $text-primary;
+}
+
+.widget-item__controls {
+    display: flex;
+    gap: $space-1;
+}
+
+.widget-move-btn {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    width: 28px;
+    height: 28px;
+    background: transparent;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-sm;
+    color: $text-secondary;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    &:hover:not(:disabled) {
+        background: $bg-card;
+        color: $text-primary;
+        border-color: $border-active;
+    }
+
+    &:disabled {
+        opacity: 0.3;
+        cursor: not-allowed;
+    }
+}
+
+// ============================================
+// WHITE LABEL / CUSTOM BRANDING
+// ============================================
+
+.whitelabel-modes {
+    display: grid;
+    grid-template-columns: repeat(3, 1fr);
+    gap: $space-3;
+    margin-top: $space-4;
+
+    @media (max-width: $breakpoint-md) {
+        grid-template-columns: 1fr;
+    }
+}
+
+.whitelabel-mode {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: $space-2;
+    padding: $space-4;
+    background: transparent;
+    border: 2px solid $border-subtle;
+    border-radius: $radius-lg;
+    cursor: pointer;
+    transition: all $transition-fast;
+    text-align: center;
+    color: $text-secondary;
+
+    svg {
+        opacity: 0.7;
+    }
+
+    &:hover {
+        border-color: $border-active;
+    }
+
+    &.active {
+        border-color: $accent-primary;
+        background: fade($accent-primary-raw, 5%);
+        color: $text-primary;
+
+        svg {
+            color: $accent-primary;
+            opacity: 1;
+        }
+    }
+
+    .whitelabel-mode__label {
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
+        color: $text-primary;
+    }
+
+    .whitelabel-mode__desc {
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+    }
+}
+
+.whitelabel-fields {
+    margin-top: $space-4;
+    display: flex;
+    flex-direction: column;
+    gap: $space-4;
+
+    .form-group {
+        label {
+            display: block;
+            font-size: $font-size-sm;
+            font-weight: $font-weight-medium;
+            color: $text-secondary;
+            margin-bottom: $space-2;
+        }
+
+        input[type="text"] {
+            width: 100%;
+            max-width: 320px;
+            padding: $space-3;
+            background: $bg-hover;
+            border: 1px solid $border-subtle;
+            border-radius: $radius-md;
+            color: $text-primary;
+            font-size: $font-size-sm;
+            transition: border-color $transition-fast;
+
+            &:focus {
+                outline: none;
+                border-color: $accent-primary;
+            }
+        }
+    }
+}
+
+.whitelabel-upload {
+    border: 2px dashed $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-5;
+    cursor: pointer;
+    transition: all $transition-fast;
+    text-align: center;
+
+    &:hover {
+        border-color: $accent-primary;
+        background: fade($accent-primary-raw, 3%);
+    }
+
+    .whitelabel-upload__placeholder {
+        display: flex;
+        flex-direction: column;
+        align-items: center;
+        gap: $space-2;
+        color: $text-tertiary;
+
+        svg {
+            opacity: 0.5;
+        }
+
+        span {
+            font-size: $font-size-sm;
+        }
+    }
+
+    .whitelabel-upload__hint {
+        font-size: $font-size-xs !important;
+        color: $text-tertiary;
+        opacity: 0.7;
+    }
+}
+
+.whitelabel-logo-preview {
+    display: flex;
+    align-items: center;
+    gap: $space-4;
+    justify-content: center;
+
+    img {
+        width: 48px;
+        height: 48px;
+        object-fit: contain;
+        border-radius: $radius-md;
+        border: 1px solid $border-subtle;
+        background: $bg-hover;
+        padding: $space-1;
+    }
+}
+
+.whitelabel-preview {
+    margin-top: $space-4;
+
+    .whitelabel-preview__label {
+        display: block;
+        font-size: $font-size-xs;
+        font-weight: $font-weight-semibold;
+        color: $text-tertiary;
+        text-transform: uppercase;
+        letter-spacing: 0.06em;
+        margin-bottom: $space-2;
+    }
+
+    .whitelabel-preview__box {
+        display: flex;
+        align-items: center;
+        gap: 10px;
+        height: 70px;
+        padding: 0 $space-4;
+        background: $bg-body;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-lg;
+    }
+}
+
+.whitelabel-star-prompt {
+    margin-top: $space-4;
+    background: linear-gradient(135deg, $accent-glow 0%, fade($accent-primary-raw, 8%) 100%);
+    border: 1px solid fade($accent-primary-raw, 30%);
+    border-radius: $radius-lg;
+    padding: $space-5;
+    display: flex;
+    align-items: flex-start;
+    gap: $space-4;
+
+    .star-icon {
+        flex-shrink: 0;
+        width: 44px;
+        height: 44px;
+        background: linear-gradient(135deg, $warning 0%, darken($warning, 10%) 100%);
+        border-radius: $radius-lg;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        color: white;
+    }
+
+    .star-content {
+        flex: 1;
+
+        h4 {
+            margin: 0 0 $space-2;
+            font-size: $font-size-md;
+            font-weight: $font-weight-semibold;
+        }
+
+        p {
+            margin: 0 0 $space-3;
+            font-size: $font-size-sm;
+            color: $text-secondary;
+            line-height: $line-height-relaxed;
+        }
+
+        .btn {
+            display: inline-flex;
+            align-items: center;
+            gap: $space-2;
+        }
+    }
+
+    @media (max-width: $breakpoint-sm) {
+        flex-direction: column;
+    }
+}
+
+// ============================================
+// SSO CONFIG & LINKED ACCOUNTS
+// ============================================
+
+.sso-config {
+    display: flex;
+    flex-direction: column;
+    gap: $space-5;
+}
+
+.sso-general-form {
+    display: flex;
+    flex-direction: column;
+    gap: $space-4;
+
+    .form-group {
+        label {
+            display: block;
+            font-size: $font-size-sm;
+            font-weight: $font-weight-medium;
+            color: $text-secondary;
+            margin-bottom: $space-2;
+        }
+
+        select,
+        input[type="text"] {
+            width: 100%;
+            padding: $space-3;
+            background: $bg-hover;
+            border: 1px solid $border-subtle;
+            border-radius: $radius-md;
+            color: $text-primary;
+            font-size: $font-size-sm;
+
+            &:focus {
+                outline: none;
+                border-color: $accent-primary;
+            }
+        }
+    }
+}
+
+.sso-provider-config {
+    border: 1px solid $border-subtle;
+
+    &--enabled {
+        border-color: $accent-primary;
+    }
+
+    .sso-provider-config__header {
+        display: flex;
+        align-items: center;
+        justify-content: space-between;
+        cursor: pointer;
+        padding: $space-4;
+
+        &:hover {
+            background: $bg-hover;
+        }
+    }
+
+    .sso-provider-config__title {
+        display: flex;
+        align-items: center;
+        gap: $space-3;
+
+        h3 {
+            margin: 0;
+        }
+    }
+
+    .sso-provider-config__status {
+        font-size: $font-size-xs;
+        padding: $space-1 $space-2;
+        border-radius: $radius-full;
+        font-weight: $font-weight-medium;
+
+        &--active {
+            background: fade($color-success, 15%);
+            color: $color-success;
+        }
+    }
+
+    .sso-provider-config__body {
+        padding: $space-4;
+        border-top: 1px solid $border-subtle;
+        display: flex;
+        flex-direction: column;
+        gap: $space-4;
+
+        .form-group {
+            label {
+                display: block;
+                font-size: $font-size-sm;
+                font-weight: $font-weight-medium;
+                color: $text-secondary;
+                margin-bottom: $space-2;
+            }
+
+            input,
+            textarea {
+                width: 100%;
+                padding: $space-3;
+                background: $bg-hover;
+                border: 1px solid $border-subtle;
+                border-radius: $radius-md;
+                color: $text-primary;
+                font-size: $font-size-sm;
+                font-family: $font-mono;
+
+                &:focus {
+                    outline: none;
+                    border-color: $accent-primary;
+                }
+            }
+
+            textarea {
+                resize: vertical;
+                font-family: $font-mono;
+            }
+        }
+    }
+
+    .sso-provider-config__actions {
+        display: flex;
+        gap: $space-3;
+        padding-top: $space-2;
+    }
+}
+
+// Linked accounts (Security tab)
+.linked-accounts-list {
+    display: flex;
+    flex-direction: column;
+    gap: $space-3;
+    margin: $space-4 0;
+}
+
+.linked-account {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    padding: $space-3;
+    background: $bg-secondary;
+    border-radius: $radius-lg;
+    border: 1px solid $border-subtle;
+
+    .linked-account__info {
+        display: flex;
+        align-items: center;
+        gap: $space-3;
+
+        div {
+            display: flex;
+            flex-direction: column;
+        }
+    }
+
+    .linked-account__provider {
+        font-weight: $font-weight-medium;
+        text-transform: capitalize;
+    }
+
+    .linked-account__email {
+        font-size: $font-size-sm;
+        color: $text-secondary;
+    }
+}
+
+.linked-accounts-available {
+    display: flex;
+    gap: $space-3;
+    margin-top: $space-3;
+    flex-wrap: wrap;
+
+    .btn {
+        display: flex;
+        align-items: center;
+        gap: $space-2;
+    }
+}
+
+// ============================================
+// SIDEBAR SETTINGS
+// ============================================
+
+.sidebar-settings {
+    display: flex;
+    flex-direction: column;
+    gap: $space-8;
+
+    .settings-section-desc {
+        color: $text-secondary;
+        font-size: $font-size-sm;
+        margin: 0;
+        line-height: $line-height-normal;
+    }
+
+    .settings-section-header {
+        display: flex;
+        align-items: center;
+        justify-content: space-between;
+        margin-bottom: $space-1;
+
+        h3 { margin-bottom: 0; }
+    }
+}
+
+.sidebar-item-count {
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+    background: $bg-secondary;
+    padding: $space-1 $space-2;
+    border-radius: $radius-full;
+    font-weight: $font-weight-medium;
+}
+
+// Preset cards
+.sidebar-presets {
+    display: grid;
+    grid-template-columns: repeat(auto-fill, minmax(240px, 1fr));
+    gap: $space-3;
+    margin-top: $space-2;
+}
+
+.sidebar-preset-card {
+    display: flex;
+    align-items: flex-start;
+    gap: $space-3;
+    padding: $space-4;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    cursor: pointer;
+    transition: all $transition-fast;
+    text-align: left;
+    width: 100%;
+    position: relative;
+
+    &:hover {
+        border-color: $border-hover;
+        background: $bg-hover;
+    }
+
+    &.active {
+        border-color: $accent-primary;
+        background: $bg-card;
+        box-shadow: 0 0 0 1px $accent-primary;
+    }
+
+    .preset-card-icon {
+        flex-shrink: 0;
+        width: 36px;
+        height: 36px;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        background: $bg-secondary;
+        border-radius: $radius-md;
+        color: $text-secondary;
+
+        svg {
+            stroke-width: 1.5;
+        }
+    }
+
+    &.active .preset-card-icon {
+        background: fade($accent-primary-raw, 15%);
+        color: $accent-primary;
+    }
+
+    .preset-card-info {
+        display: flex;
+        flex-direction: column;
+        gap: $space-1;
+        min-width: 0;
+        flex: 1;
+    }
+
+    .preset-card-label {
+        font-size: $font-size-sm;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+    }
+
+    .preset-card-desc {
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        line-height: $line-height-normal;
+    }
+
+    .preset-card-check {
+        position: absolute;
+        top: $space-3;
+        right: $space-3;
+        color: $accent-primary;
+    }
+}
+
+// Items toggle list
+.sidebar-items-list {
+    display: flex;
+    flex-direction: column;
+    gap: $space-5;
+    margin-top: $space-2;
+}
+
+.sidebar-items-group {
+    display: flex;
+    flex-direction: column;
+    gap: 0;
+}
+
+.sidebar-items-group-label {
+    font-size: $font-size-xs;
+    font-weight: $font-weight-semibold;
+    color: $text-tertiary;
+    text-transform: uppercase;
+    letter-spacing: 0.05em;
+    padding: 0 0 $space-2 0;
+    border-bottom: 1px solid $border-subtle;
+    margin-bottom: $space-1;
+}
+
+.sidebar-item-toggle {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    padding: $space-3 $space-2;
+    border-radius: $radius-md;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    &:hover {
+        background: $bg-hover;
+    }
+
+    &.hidden-item {
+        .sidebar-item-toggle-info {
+            opacity: 0.5;
+        }
+    }
+}
+
+.sidebar-item-toggle-info {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+    transition: opacity $transition-fast;
+
+    span {
+        font-size: $font-size-sm;
+        color: $text-primary;
+        font-weight: $font-weight-medium;
+    }
+}
+
+.sidebar-item-toggle-icon {
+    width: 18px;
+    height: 18px;
+    stroke: $text-secondary;
+    fill: none;
+    stroke-width: 2;
+    flex-shrink: 0;
+}
+
+// Actions bar
+.sidebar-settings-actions {
+    display: flex;
+    align-items: center;
+    justify-content: flex-end;
+    gap: $space-3;
+    padding-top: $space-5;
+    border-top: 1px solid $border-subtle;
+}
diff --git a/frontend/src/styles/pages/_setup-wizard.less b/frontend/src/styles/pages/_setup-wizard.less
deleted file mode 100644
index b5a8b148..00000000
--- a/frontend/src/styles/pages/_setup-wizard.less
+++ /dev/null
@@ -1,459 +0,0 @@
-// ============================================
-// SETUP WIZARD (Onboarding)
-// ============================================
-
-.setup-wizard {
-    min-height: 100vh;
-    .flex-center();
-    padding: @space-5;
-    background: @bg-body;
-}
-
-.wizard-card {
-    width: 100%;
-    max-width: 700px;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-2xl;
-    padding: @space-10;
-}
-
-// --------------------------------------------
-// Header (logo + title)
-// --------------------------------------------
-.wizard-header {
-    text-align: center;
-    margin-bottom: @space-8;
-
-    .wizard-logo {
-        width: 48px;
-        height: 48px;
-        margin: 0 auto @space-4;
-    }
-
-    h1 {
-        font-size: @font-size-2xl;
-        font-weight: @font-weight-bold;
-        margin-bottom: @space-2;
-    }
-
-    p {
-        color: @text-secondary;
-    }
-}
-
-// --------------------------------------------
-// Progress bar
-// --------------------------------------------
-.wizard-progress {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    gap: @space-3;
-    margin-bottom: @space-8;
-}
-
-.wizard-progress-step {
-    .flex-center();
-    width: 32px;
-    height: 32px;
-    border-radius: @radius-full;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-semibold;
-    border: 2px solid @border-default;
-    color: @text-tertiary;
-    background: transparent;
-    .transition();
-
-    &.active {
-        border-color: @accent-primary;
-        background: @accent-primary;
-        color: #fff;
-    }
-
-    &.completed {
-        border-color: @accent-primary;
-        background: fade(@accent-primary-raw, 15%);
-        color: @accent-primary;
-    }
-}
-
-.wizard-progress-line {
-    width: 40px;
-    height: 2px;
-    background: @border-default;
-    .transition(background);
-
-    &.active {
-        background: @accent-primary;
-    }
-}
-
-// --------------------------------------------
-// Step content
-// --------------------------------------------
-.wizard-step {
-    animation: wizardFadeIn 0.3s ease;
-}
-
-@keyframes wizardFadeIn {
-    from {
-        opacity: 0;
-        transform: translateY(8px);
-    }
-    to {
-        opacity: 1;
-        transform: translateY(0);
-    }
-}
-
-.wizard-step-title {
-    font-size: @font-size-lg;
-    font-weight: @font-weight-semibold;
-    margin-bottom: @space-2;
-}
-
-.wizard-step-description {
-    color: @text-secondary;
-    font-size: @font-size-base;
-    margin-bottom: @space-6;
-}
-
-// --------------------------------------------
-// Option grid (Step 2 — use cases)
-// --------------------------------------------
-.option-grid {
-    display: grid;
-    grid-template-columns: 1fr 1fr;
-    gap: @space-4;
-    margin-bottom: @space-6;
-
-    @media (max-width: @breakpoint-sm) {
-        grid-template-columns: 1fr;
-    }
-}
-
-.option-card {
-    display: flex;
-    flex-direction: column;
-    gap: @space-3;
-    padding: @space-5;
-    background: @bg-elevated;
-    border: 2px solid @border-default;
-    border-radius: @radius-xl;
-    cursor: pointer;
-    .transition();
-    position: relative;
-
-    &:hover {
-        border-color: @border-active;
-    }
-
-    &.selected {
-        border-color: @accent-primary;
-        background: fade(@accent-primary-raw, 8%);
-    }
-
-    .option-card-icon {
-        .icon-box(40px);
-        background: @bg-secondary;
-        color: @text-secondary;
-        border-radius: @radius-lg;
-    }
-
-    .option-card-label {
-        font-weight: @font-weight-semibold;
-        font-size: @font-size-base;
-    }
-
-    .option-card-desc {
-        font-size: @font-size-sm;
-        color: @text-secondary;
-        line-height: @line-height-normal;
-    }
-
-    .option-card-check {
-        position: absolute;
-        top: @space-3;
-        right: @space-3;
-        width: 22px;
-        height: 22px;
-        border-radius: @radius-full;
-        .flex-center();
-        background: @accent-primary;
-        color: #fff;
-        opacity: 0;
-        transform: scale(0.5);
-        .transition();
-    }
-
-    &.selected .option-card-check {
-        opacity: 1;
-        transform: scale(1);
-    }
-}
-
-// --------------------------------------------
-// Tier grid (Step 3)
-// --------------------------------------------
-.tier-grid {
-    display: grid;
-    grid-template-columns: repeat(3, 1fr);
-    gap: @space-4;
-    margin-bottom: @space-6;
-
-    @media (max-width: @breakpoint-md) {
-        grid-template-columns: 1fr;
-    }
-}
-
-.tier-card {
-    display: flex;
-    flex-direction: column;
-    padding: @space-5;
-    background: @bg-elevated;
-    border: 2px solid @border-default;
-    border-radius: @radius-xl;
-    .transition();
-
-    &.detected {
-        border-color: @accent-primary;
-        background: fade(@accent-primary-raw, 8%);
-    }
-
-    .tier-card-header {
-        display: flex;
-        align-items: center;
-        justify-content: space-between;
-        margin-bottom: @space-4;
-    }
-
-    .tier-card-name {
-        font-weight: @font-weight-bold;
-        font-size: @font-size-md;
-    }
-
-    .tier-card-badge {
-        font-size: @font-size-xs;
-        padding: 2px 8px;
-        background: @accent-primary;
-        color: #fff;
-        border-radius: @radius-full;
-        font-weight: @font-weight-medium;
-    }
-
-    .tier-card-specs {
-        font-size: @font-size-sm;
-        color: @text-secondary;
-        margin-bottom: @space-4;
-        padding-bottom: @space-4;
-        border-bottom: 1px solid @border-default;
-    }
-
-    .tier-features {
-        display: flex;
-        flex-direction: column;
-        gap: @space-2;
-        flex: 1;
-    }
-
-    .tier-feature {
-        display: flex;
-        align-items: center;
-        gap: @space-2;
-        font-size: @font-size-sm;
-
-        .feature-icon {
-            flex-shrink: 0;
-            width: 16px;
-            height: 16px;
-        }
-
-        &.available .feature-icon {
-            color: @success;
-        }
-
-        &.unavailable {
-            color: @text-tertiary;
-
-            .feature-icon {
-                color: @text-tertiary;
-            }
-        }
-    }
-}
-
-.tier-warning {
-    display: flex;
-    align-items: flex-start;
-    gap: @space-3;
-    padding: @space-4;
-    background: @warning-bg;
-    border: 1px solid @warning-border;
-    border-radius: @radius-lg;
-    margin-bottom: @space-6;
-
-    .tier-warning-icon {
-        flex-shrink: 0;
-        color: @warning;
-    }
-
-    .tier-warning-text {
-        font-size: @font-size-sm;
-        color: @text-secondary;
-        line-height: @line-height-normal;
-    }
-}
-
-// --------------------------------------------
-// Summary panel (Step 4)
-// --------------------------------------------
-.summary-panel {
-    background: @bg-elevated;
-    border: 1px solid @border-default;
-    border-radius: @radius-xl;
-    padding: @space-6;
-    margin-bottom: @space-6;
-}
-
-.summary-section {
-    &:not(:last-child) {
-        margin-bottom: @space-5;
-        padding-bottom: @space-5;
-        border-bottom: 1px solid @border-default;
-    }
-}
-
-.summary-section-title {
-    font-size: @font-size-sm;
-    font-weight: @font-weight-semibold;
-    color: @text-tertiary;
-    text-transform: uppercase;
-    letter-spacing: 0.05em;
-    margin-bottom: @space-3;
-}
-
-.summary-row {
-    display: flex;
-    justify-content: space-between;
-    align-items: center;
-    padding: @space-2 0;
-
-    .summary-label {
-        color: @text-secondary;
-        font-size: @font-size-sm;
-    }
-
-    .summary-value {
-        font-weight: @font-weight-medium;
-        font-size: @font-size-sm;
-    }
-}
-
-.summary-tags {
-    display: flex;
-    flex-wrap: wrap;
-    gap: @space-2;
-}
-
-.summary-tag {
-    display: inline-flex;
-    align-items: center;
-    padding: @space-1 @space-3;
-    background: fade(@accent-primary-raw, 12%);
-    color: @accent-primary;
-    border-radius: @radius-full;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-}
-
-.recommendation-chips {
-    display: flex;
-    flex-wrap: wrap;
-    gap: @space-2;
-}
-
-.recommendation-chip {
-    display: inline-flex;
-    align-items: center;
-    gap: @space-2;
-    padding: @space-2 @space-4;
-    background: @bg-secondary;
-    border: 1px solid @border-default;
-    border-radius: @radius-lg;
-    font-size: @font-size-sm;
-    color: @text-primary;
-}
-
-// --------------------------------------------
-// Navigation buttons
-// --------------------------------------------
-.wizard-nav {
-    display: flex;
-    justify-content: space-between;
-    align-items: center;
-    margin-top: @space-8;
-    padding-top: @space-6;
-    border-top: 1px solid @border-default;
-}
-
-.btn-wizard-prev {
-    .button-base();
-    color: @text-secondary;
-    border-color: @border-default;
-    background: transparent;
-
-    &:hover {
-        background: @bg-hover;
-        color: @text-primary;
-    }
-}
-
-.btn-wizard-next {
-    .button-base();
-    background: @accent-primary;
-    color: #fff;
-    margin-left: auto;
-
-    &:hover {
-        background: @accent-hover;
-    }
-
-    &:disabled {
-        opacity: 0.6;
-        cursor: not-allowed;
-    }
-}
-
-// --------------------------------------------
-// Setup info banner (reused in step 1)
-// --------------------------------------------
-.wizard-info-banner {
-    display: flex;
-    gap: @space-4;
-    padding: @space-4;
-    background: fade(@accent-primary-raw, 10%);
-    border-radius: @radius-md;
-    margin-bottom: @space-6;
-
-    .wizard-info-icon {
-        flex-shrink: 0;
-        color: @accent-primary;
-    }
-
-    p {
-        margin: 0;
-        font-size: @font-size-sm;
-        color: @text-secondary;
-        line-height: @line-height-normal;
-    }
-}
-
-// --------------------------------------------
-// Loading state
-// --------------------------------------------
-.wizard-loading {
-    .flex-center();
-    padding: @space-10;
-    color: @text-secondary;
-}
diff --git a/frontend/src/styles/pages/_setup-wizard.scss b/frontend/src/styles/pages/_setup-wizard.scss
new file mode 100644
index 00000000..b5b0f70a
--- /dev/null
+++ b/frontend/src/styles/pages/_setup-wizard.scss
@@ -0,0 +1,459 @@
+// ============================================
+// SETUP WIZARD (Onboarding)
+// ============================================
+
+.setup-wizard {
+    min-height: 100vh;
+    @include flex-center();
+    padding: $space-5;
+    background: $bg-body;
+}
+
+.wizard-card {
+    width: 100%;
+    max-width: 700px;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-2xl;
+    padding: $space-10;
+}
+
+// --------------------------------------------
+// Header (logo + title)
+// --------------------------------------------
+.wizard-header {
+    text-align: center;
+    margin-bottom: $space-8;
+
+    .wizard-logo {
+        width: 48px;
+        height: 48px;
+        margin: 0 auto $space-4;
+    }
+
+    h1 {
+        font-size: $font-size-2xl;
+        font-weight: $font-weight-bold;
+        margin-bottom: $space-2;
+    }
+
+    p {
+        color: $text-secondary;
+    }
+}
+
+// --------------------------------------------
+// Progress bar
+// --------------------------------------------
+.wizard-progress {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    gap: $space-3;
+    margin-bottom: $space-8;
+}
+
+.wizard-progress-step {
+    @include flex-center();
+    width: 32px;
+    height: 32px;
+    border-radius: $radius-full;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-semibold;
+    border: 2px solid $border-default;
+    color: $text-tertiary;
+    background: transparent;
+    @include transition();
+
+    &.active {
+        border-color: $accent-primary;
+        background: $accent-primary;
+        color: #fff;
+    }
+
+    &.completed {
+        border-color: $accent-primary;
+        background: fade($accent-primary-raw, 15%);
+        color: $accent-primary;
+    }
+}
+
+.wizard-progress-line {
+    width: 40px;
+    height: 2px;
+    background: $border-default;
+    @include transition(background);
+
+    &.active {
+        background: $accent-primary;
+    }
+}
+
+// --------------------------------------------
+// Step content
+// --------------------------------------------
+.wizard-step {
+    animation: wizardFadeIn 0.3s ease;
+}
+
+@keyframes wizardFadeIn {
+    from {
+        opacity: 0;
+        transform: translateY(8px);
+    }
+    to {
+        opacity: 1;
+        transform: translateY(0);
+    }
+}
+
+.wizard-step-title {
+    font-size: $font-size-lg;
+    font-weight: $font-weight-semibold;
+    margin-bottom: $space-2;
+}
+
+.wizard-step-description {
+    color: $text-secondary;
+    font-size: $font-size-base;
+    margin-bottom: $space-6;
+}
+
+// --------------------------------------------
+// Option grid (Step 2 — use cases)
+// --------------------------------------------
+.option-grid {
+    display: grid;
+    grid-template-columns: 1fr 1fr;
+    gap: $space-4;
+    margin-bottom: $space-6;
+
+    @media (max-width: $breakpoint-sm) {
+        grid-template-columns: 1fr;
+    }
+}
+
+.option-card {
+    display: flex;
+    flex-direction: column;
+    gap: $space-3;
+    padding: $space-5;
+    background: $bg-elevated;
+    border: 2px solid $border-default;
+    border-radius: $radius-xl;
+    cursor: pointer;
+    @include transition();
+    position: relative;
+
+    &:hover {
+        border-color: $border-active;
+    }
+
+    &.selected {
+        border-color: $accent-primary;
+        background: fade($accent-primary-raw, 8%);
+    }
+
+    .option-card-icon {
+        @include icon-box(40px);
+        background: $bg-secondary;
+        color: $text-secondary;
+        border-radius: $radius-lg;
+    }
+
+    .option-card-label {
+        font-weight: $font-weight-semibold;
+        font-size: $font-size-base;
+    }
+
+    .option-card-desc {
+        font-size: $font-size-sm;
+        color: $text-secondary;
+        line-height: $line-height-normal;
+    }
+
+    .option-card-check {
+        position: absolute;
+        top: $space-3;
+        right: $space-3;
+        width: 22px;
+        height: 22px;
+        border-radius: $radius-full;
+        @include flex-center();
+        background: $accent-primary;
+        color: #fff;
+        opacity: 0;
+        transform: scale(0.5);
+        @include transition();
+    }
+
+    &.selected .option-card-check {
+        opacity: 1;
+        transform: scale(1);
+    }
+}
+
+// --------------------------------------------
+// Tier grid (Step 3)
+// --------------------------------------------
+.tier-grid {
+    display: grid;
+    grid-template-columns: repeat(3, 1fr);
+    gap: $space-4;
+    margin-bottom: $space-6;
+
+    @media (max-width: $breakpoint-md) {
+        grid-template-columns: 1fr;
+    }
+}
+
+.tier-card {
+    display: flex;
+    flex-direction: column;
+    padding: $space-5;
+    background: $bg-elevated;
+    border: 2px solid $border-default;
+    border-radius: $radius-xl;
+    @include transition();
+
+    &.detected {
+        border-color: $accent-primary;
+        background: fade($accent-primary-raw, 8%);
+    }
+
+    .tier-card-header {
+        display: flex;
+        align-items: center;
+        justify-content: space-between;
+        margin-bottom: $space-4;
+    }
+
+    .tier-card-name {
+        font-weight: $font-weight-bold;
+        font-size: $font-size-md;
+    }
+
+    .tier-card-badge {
+        font-size: $font-size-xs;
+        padding: 2px 8px;
+        background: $accent-primary;
+        color: #fff;
+        border-radius: $radius-full;
+        font-weight: $font-weight-medium;
+    }
+
+    .tier-card-specs {
+        font-size: $font-size-sm;
+        color: $text-secondary;
+        margin-bottom: $space-4;
+        padding-bottom: $space-4;
+        border-bottom: 1px solid $border-default;
+    }
+
+    .tier-features {
+        display: flex;
+        flex-direction: column;
+        gap: $space-2;
+        flex: 1;
+    }
+
+    .tier-feature {
+        display: flex;
+        align-items: center;
+        gap: $space-2;
+        font-size: $font-size-sm;
+
+        .feature-icon {
+            flex-shrink: 0;
+            width: 16px;
+            height: 16px;
+        }
+
+        &.available .feature-icon {
+            color: $success;
+        }
+
+        &.unavailable {
+            color: $text-tertiary;
+
+            .feature-icon {
+                color: $text-tertiary;
+            }
+        }
+    }
+}
+
+.tier-warning {
+    display: flex;
+    align-items: flex-start;
+    gap: $space-3;
+    padding: $space-4;
+    background: $warning-bg;
+    border: 1px solid $warning-border;
+    border-radius: $radius-lg;
+    margin-bottom: $space-6;
+
+    .tier-warning-icon {
+        flex-shrink: 0;
+        color: $warning;
+    }
+
+    .tier-warning-text {
+        font-size: $font-size-sm;
+        color: $text-secondary;
+        line-height: $line-height-normal;
+    }
+}
+
+// --------------------------------------------
+// Summary panel (Step 4)
+// --------------------------------------------
+.summary-panel {
+    background: $bg-elevated;
+    border: 1px solid $border-default;
+    border-radius: $radius-xl;
+    padding: $space-6;
+    margin-bottom: $space-6;
+}
+
+.summary-section {
+    &:not(:last-child) {
+        margin-bottom: $space-5;
+        padding-bottom: $space-5;
+        border-bottom: 1px solid $border-default;
+    }
+}
+
+.summary-section-title {
+    font-size: $font-size-sm;
+    font-weight: $font-weight-semibold;
+    color: $text-tertiary;
+    text-transform: uppercase;
+    letter-spacing: 0.05em;
+    margin-bottom: $space-3;
+}
+
+.summary-row {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    padding: $space-2 0;
+
+    .summary-label {
+        color: $text-secondary;
+        font-size: $font-size-sm;
+    }
+
+    .summary-value {
+        font-weight: $font-weight-medium;
+        font-size: $font-size-sm;
+    }
+}
+
+.summary-tags {
+    display: flex;
+    flex-wrap: wrap;
+    gap: $space-2;
+}
+
+.summary-tag {
+    display: inline-flex;
+    align-items: center;
+    padding: $space-1 $space-3;
+    background: fade($accent-primary-raw, 12%);
+    color: $accent-primary;
+    border-radius: $radius-full;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+}
+
+.recommendation-chips {
+    display: flex;
+    flex-wrap: wrap;
+    gap: $space-2;
+}
+
+.recommendation-chip {
+    display: inline-flex;
+    align-items: center;
+    gap: $space-2;
+    padding: $space-2 $space-4;
+    background: $bg-secondary;
+    border: 1px solid $border-default;
+    border-radius: $radius-lg;
+    font-size: $font-size-sm;
+    color: $text-primary;
+}
+
+// --------------------------------------------
+// Navigation buttons
+// --------------------------------------------
+.wizard-nav {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    margin-top: $space-8;
+    padding-top: $space-6;
+    border-top: 1px solid $border-default;
+}
+
+.btn-wizard-prev {
+    @include button-base();
+    color: $text-secondary;
+    border-color: $border-default;
+    background: transparent;
+
+    &:hover {
+        background: $bg-hover;
+        color: $text-primary;
+    }
+}
+
+.btn-wizard-next {
+    @include button-base();
+    background: $accent-primary;
+    color: #fff;
+    margin-left: auto;
+
+    &:hover {
+        background: $accent-hover;
+    }
+
+    &:disabled {
+        opacity: 0.6;
+        cursor: not-allowed;
+    }
+}
+
+// --------------------------------------------
+// Setup info banner (reused in step 1)
+// --------------------------------------------
+.wizard-info-banner {
+    display: flex;
+    gap: $space-4;
+    padding: $space-4;
+    background: fade($accent-primary-raw, 10%);
+    border-radius: $radius-md;
+    margin-bottom: $space-6;
+
+    .wizard-info-icon {
+        flex-shrink: 0;
+        color: $accent-primary;
+    }
+
+    p {
+        margin: 0;
+        font-size: $font-size-sm;
+        color: $text-secondary;
+        line-height: $line-height-normal;
+    }
+}
+
+// --------------------------------------------
+// Loading state
+// --------------------------------------------
+.wizard-loading {
+    @include flex-center();
+    padding: $space-10;
+    color: $text-secondary;
+}
diff --git a/frontend/src/styles/pages/_ssl.less b/frontend/src/styles/pages/_ssl.scss
similarity index 53%
rename from frontend/src/styles/pages/_ssl.less
rename to frontend/src/styles/pages/_ssl.scss
index a8e378b2..2df09223 100644
--- a/frontend/src/styles/pages/_ssl.less
+++ b/frontend/src/styles/pages/_ssl.scss
@@ -3,47 +3,47 @@
 // ============================================
 
 .ssl-page {
-    // Reuses .ssl-status-bar, .ssl-status-item, etc. from _domains.less
+    // Reuses .ssl-status-bar, .ssl-status-item, etc. from _domains.scss
 }
 
 // Warning icon color variant
 .ssl-status-icon {
     &.warning {
-        background: @warning-bg;
-        color: @warning;
+        background: $warning-bg;
+        color: $warning;
     }
 }
 
 // Certificate list
 .ssl-cert-list {
-    .flex-column-gap(@space-3);
+    @include flex-column-gap($space-3);
 }
 
 .ssl-cert-item {
-    .list-item-base();
-    gap: @space-4;
+    @include list-item-base();
+    gap: $space-4;
 
-    @media (max-width: @breakpoint-md) {
+    @media (max-width: $breakpoint-md) {
         flex-wrap: wrap;
     }
 }
 
 .ssl-cert-item-info {
-    .flex-start();
-    gap: @space-4;
+    @include flex-start();
+    gap: $space-4;
     flex: 1;
     min-width: 0;
 }
 
 .ssl-cert-item-icon {
-    .icon-box();
-    background: @success-bg;
-    border-radius: @radius-lg;
-    color: @success;
+    @include icon-box();
+    background: $success-bg;
+    border-radius: $radius-lg;
+    color: $success;
 
     &.expiring {
-        background: @warning-bg;
-        color: @warning;
+        background: $warning-bg;
+        color: $warning;
     }
 }
 
@@ -51,30 +51,30 @@
     min-width: 0;
 
     h3 {
-        font-size: @font-size-base;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-        margin-bottom: @space-1;
+        font-size: $font-size-base;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin-bottom: $space-1;
     }
 }
 
 .ssl-cert-item-meta {
-    .flex-start();
-    gap: @space-4;
-    font-size: @font-size-sm;
-    color: @text-tertiary;
+    @include flex-start();
+    gap: $space-4;
+    font-size: $font-size-sm;
+    color: $text-tertiary;
     flex-wrap: wrap;
 
     span {
-        .flex-start();
-        gap: @space-1;
+        @include flex-start();
+        gap: $space-1;
 
         &.valid {
-            color: @success;
+            color: $success;
         }
 
         &.expiring {
-            color: @warning;
+            color: $warning;
         }
     }
 }
@@ -85,28 +85,28 @@
 
 .ssl-cert-item-actions {
     display: flex;
-    gap: @space-2;
+    gap: $space-2;
     flex-shrink: 0;
 }
 
 // Warning banner for expiring certs
 .ssl-warning-banner {
-    .flex-start();
-    gap: @space-3;
-    padding: @space-4 @space-5;
-    background: @warning-bg;
-    border: 1px solid @warning-border;
-    border-radius: @radius-xl;
-    margin-top: @space-6;
-    color: @warning;
+    @include flex-start();
+    gap: $space-3;
+    padding: $space-4 $space-5;
+    background: $warning-bg;
+    border: 1px solid $warning-border;
+    border-radius: $radius-xl;
+    margin-top: $space-6;
+    color: $warning;
 
     div {
         flex: 1;
-        font-size: @font-size-sm;
-        color: @text-secondary;
+        font-size: $font-size-sm;
+        color: $text-secondary;
 
         strong {
-            color: @warning;
+            color: $warning;
         }
     }
 
@@ -127,8 +127,8 @@
 
 // Skeleton loading
 .skeleton-box {
-    background: @bg-hover;
-    border-radius: @radius-md;
+    background: $bg-hover;
+    border-radius: $radius-md;
     animation: ssl-skeleton-pulse 1.5s ease-in-out infinite;
 }
 
diff --git a/frontend/src/styles/pages/_status-pages.scss b/frontend/src/styles/pages/_status-pages.scss
new file mode 100644
index 00000000..9073ce53
--- /dev/null
+++ b/frontend/src/styles/pages/_status-pages.scss
@@ -0,0 +1,111 @@
+// Status Pages styles
+
+.status-pages-page {
+    .status-layout {
+        display: grid;
+        grid-template-columns: 280px 1fr;
+        gap: $spacing-lg;
+        margin-top: $spacing-lg;
+
+        @media (max-width: 900px) {
+            grid-template-columns: 1fr;
+        }
+    }
+
+    .status-pages-list {
+        display: flex;
+        flex-direction: column;
+        gap: $spacing-xs;
+    }
+
+    .status-page-item {
+        padding: $spacing-md;
+        background: $card-bg;
+        border: 1px solid $border-color;
+        border-radius: $radius-md;
+        cursor: pointer;
+        display: flex;
+        flex-direction: column;
+        gap: 2px;
+        transition: border-color 0.15s;
+
+        &:hover, &.active { border-color: $primary-color; }
+    }
+
+    .status-detail-panel {
+        background: $card-bg;
+        border: 1px solid $border-color;
+        border-radius: $radius-lg;
+        padding: $spacing-lg;
+
+        &__header {
+            display: flex;
+            align-items: baseline;
+            gap: $spacing-sm;
+            margin-bottom: $spacing-md;
+            h2 { margin: 0; }
+        }
+    }
+
+    .status-actions-bar {
+        display: flex;
+        justify-content: flex-end;
+        margin: $spacing-md 0;
+    }
+
+    .components-list {
+        display: flex;
+        flex-direction: column;
+        gap: $spacing-xs;
+    }
+
+    .component-row {
+        display: flex;
+        justify-content: space-between;
+        align-items: center;
+        padding: $spacing-md;
+        border: 1px solid $border-color;
+        border-radius: $radius-md;
+
+        &__info {
+            display: flex;
+            align-items: center;
+            gap: $spacing-sm;
+        }
+
+        &__stats {
+            display: flex;
+            gap: $spacing-md;
+            font-size: 0.85rem;
+            color: $text-muted;
+        }
+
+        &__actions {
+            display: flex;
+            gap: $spacing-xs;
+        }
+    }
+
+    .incidents-list {
+        display: flex;
+        flex-direction: column;
+        gap: $spacing-md;
+    }
+
+    .incident-row {
+        padding: $spacing-md;
+        border: 1px solid $border-color;
+        border-radius: $radius-md;
+        display: flex;
+        flex-direction: column;
+        gap: $spacing-xs;
+
+        &__header {
+            display: flex;
+            justify-content: space-between;
+            align-items: center;
+        }
+
+        p { margin: 0; font-size: 0.9rem; color: $text-secondary; }
+    }
+}
diff --git a/frontend/src/styles/pages/_templates.less b/frontend/src/styles/pages/_templates.less
deleted file mode 100644
index b6dcf059..00000000
--- a/frontend/src/styles/pages/_templates.less
+++ /dev/null
@@ -1,667 +0,0 @@
-// ============================================
-// TEMPLATES PAGE STYLES
-// ============================================
-
-.templates-page {
-    .page-description {
-        color: @text-secondary;
-        margin-top: @space-2;
-    }
-
-    .empty-state {
-        grid-column: 1 / -1;
-        display: flex;
-        flex-direction: column;
-        align-items: center;
-        justify-content: center;
-        gap: @space-4;
-        padding: @space-12;
-        color: @text-tertiary;
-
-        svg {
-            opacity: 0.5;
-        }
-
-        p {
-            margin: 0;
-            font-size: @font-size-lg;
-        }
-    }
-}
-
-// Filters
-.templates-filters {
-    display: flex;
-    flex-direction: column;
-    gap: @space-4;
-    margin-bottom: @space-4;
-}
-
-.search-box {
-    position: relative;
-    max-width: 400px;
-
-    .search-icon {
-        position: absolute;
-        left: @space-3;
-        top: 50%;
-        transform: translateY(-50%);
-        color: @text-tertiary;
-        pointer-events: none;
-    }
-
-    input {
-        width: 100%;
-        padding: @space-3 @space-4;
-        padding-left: @space-10;
-        padding-right: @space-10;
-        background: @bg-card;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-md;
-        color: @text-primary;
-        font-size: @font-size-base;
-
-        &:focus {
-            outline: none;
-            border-color: @accent-primary;
-            box-shadow: 0 0 0 3px @accent-glow;
-        }
-
-        &::placeholder {
-            color: @text-tertiary;
-        }
-    }
-
-    .search-clear {
-        position: absolute;
-        right: @space-2;
-        top: 50%;
-        transform: translateY(-50%);
-        padding: @space-1;
-        background: transparent;
-        border: none;
-        color: @text-tertiary;
-        cursor: pointer;
-        border-radius: @radius-sm;
-        display: flex;
-        align-items: center;
-        justify-content: center;
-
-        &:hover {
-            color: @text-primary;
-            background: @bg-hover;
-        }
-    }
-}
-
-.category-filters {
-    display: flex;
-    flex-wrap: wrap;
-    gap: @space-2;
-}
-
-.category-btn {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    padding: @space-2 @space-3;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    color: @text-secondary;
-    font-size: @font-size-sm;
-    cursor: pointer;
-    transition: all @transition-fast;
-    text-transform: capitalize;
-
-    &:hover {
-        background: @bg-hover;
-        border-color: @border-default;
-        color: @text-primary;
-    }
-
-    &.active {
-        background: @accent-glow;
-        border-color: @accent-primary;
-        color: @accent-primary;
-    }
-}
-
-// Active Filters
-.active-filters {
-    display: flex;
-    align-items: center;
-    flex-wrap: wrap;
-    gap: @space-2;
-    margin-bottom: @space-4;
-}
-
-.filter-chip {
-    display: inline-flex;
-    align-items: center;
-    gap: @space-2;
-    padding: @space-1 @space-2;
-    padding-right: @space-1;
-    background: @accent-glow;
-    border: 1px solid @accent-primary;
-    border-radius: @radius-full;
-    font-size: @font-size-sm;
-    color: @accent-primary;
-
-    svg:first-child {
-        flex-shrink: 0;
-    }
-
-    button {
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        padding: @space-1;
-        margin-left: @space-1;
-        background: transparent;
-        border: none;
-        border-radius: @radius-full;
-        color: @accent-primary;
-        cursor: pointer;
-        transition: all @transition-fast;
-
-        &:hover {
-            background: @accent-primary;
-            color: white;
-        }
-    }
-}
-
-.clear-all-btn {
-    padding: @space-1 @space-3;
-    background: transparent;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-full;
-    font-size: @font-size-sm;
-    color: @text-secondary;
-    cursor: pointer;
-    transition: all @transition-fast;
-
-    &:hover {
-        background: @bg-hover;
-        border-color: @border-default;
-        color: @text-primary;
-    }
-}
-
-// Results Header
-.templates-results-header {
-    display: flex;
-    align-items: center;
-    justify-content: space-between;
-    margin-bottom: @space-4;
-    padding-bottom: @space-3;
-    border-bottom: 1px solid @border-subtle;
-}
-
-.results-count {
-    font-size: @font-size-sm;
-    color: @text-secondary;
-}
-
-.sort-dropdown {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    position: relative;
-
-    label {
-        font-size: @font-size-sm;
-        color: @text-tertiary;
-    }
-
-    select {
-        appearance: none;
-        padding: @space-2 @space-8 @space-2 @space-3;
-        background: @bg-card;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-md;
-        font-size: @font-size-sm;
-        color: @text-primary;
-        cursor: pointer;
-
-        &:focus {
-            outline: none;
-            border-color: @accent-primary;
-        }
-    }
-
-    .dropdown-icon {
-        position: absolute;
-        right: @space-2;
-        pointer-events: none;
-        color: @text-tertiary;
-    }
-}
-
-// Templates Grid
-.templates-grid {
-    display: grid;
-    grid-template-columns: repeat(auto-fill, minmax(320px, 1fr));
-    gap: @space-5;
-}
-
-.template-card {
-    position: relative;
-    display: flex;
-    gap: @space-4;
-    padding: @space-5;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    cursor: pointer;
-    transition: all @transition-fast;
-
-    &:hover {
-        border-color: @accent-primary;
-        box-shadow: @shadow-md;
-        transform: translateY(-2px);
-    }
-}
-
-.featured-badge {
-    position: absolute;
-    top: @space-3;
-    right: @space-3;
-    display: inline-flex;
-    align-items: center;
-    gap: @space-1;
-    padding: @space-1 @space-2;
-    background: linear-gradient(135deg, #f59e0b, #d97706);
-    border-radius: @radius-sm;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-medium;
-    color: white;
-
-    svg {
-        fill: currentColor;
-    }
-}
-
-.template-icon {
-    width: 64px;
-    height: 64px;
-    flex-shrink: 0;
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    background: @bg-hover;
-    border-radius: @radius-md;
-    overflow: hidden;
-    color: @accent-primary;
-
-    img {
-        width: 100%;
-        height: 100%;
-        object-fit: contain;
-        padding: @space-2;
-    }
-
-    svg {
-        flex-shrink: 0;
-    }
-}
-
-.template-icon-placeholder {
-    font-size: @font-size-2xl;
-    font-weight: @font-weight-bold;
-    color: @accent-primary;
-}
-
-.template-icon-large {
-    width: 80px;
-    height: 80px;
-    flex-shrink: 0;
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    background: @bg-hover;
-    border-radius: @radius-lg;
-    overflow: hidden;
-    color: @accent-primary;
-
-    img {
-        width: 100%;
-        height: 100%;
-        object-fit: contain;
-        padding: @space-2;
-    }
-
-    .template-icon-placeholder {
-        font-size: @font-size-3xl;
-    }
-}
-
-.template-info {
-    flex: 1;
-    min-width: 0;
-
-    h3 {
-        margin: 0 0 @space-2 0;
-        font-size: @font-size-lg;
-        font-weight: @font-weight-semibold;
-    }
-}
-
-.template-description {
-    margin: 0 0 @space-3 0;
-    color: @text-secondary;
-    font-size: @font-size-sm;
-    line-height: @line-height-relaxed;
-    display: -webkit-box;
-    -webkit-line-clamp: 2;
-    -webkit-box-orient: vertical;
-    overflow: hidden;
-}
-
-.template-full-description {
-    margin-bottom: @space-4;
-    color: @text-secondary;
-    line-height: @line-height-relaxed;
-}
-
-.template-meta {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    flex-wrap: wrap;
-}
-
-.template-version {
-    font-size: @font-size-xs;
-    font-weight: @font-weight-medium;
-    color: @accent-primary;
-    padding: @space-1 @space-2;
-    background: @accent-glow;
-    border-radius: @radius-sm;
-}
-
-.template-link-indicator {
-    display: inline-flex;
-    align-items: center;
-    justify-content: center;
-    width: 24px;
-    height: 24px;
-    background: @bg-hover;
-    border-radius: @radius-sm;
-    color: @text-tertiary;
-
-    &:hover {
-        color: @accent-primary;
-    }
-}
-
-.template-categories {
-    display: flex;
-    flex-wrap: wrap;
-    gap: @space-1;
-}
-
-.category-badge {
-    display: inline-flex;
-    align-items: center;
-    gap: @space-1;
-    padding: @space-1 @space-2;
-    font-size: @font-size-xs;
-    color: @text-secondary;
-    background: @bg-hover;
-    border-radius: @radius-sm;
-    text-transform: capitalize;
-}
-
-// Template Detail Modal
-.template-detail-header {
-    display: flex;
-    align-items: center;
-    gap: @space-4;
-
-    h2 {
-        margin: 0;
-    }
-}
-
-.template-links {
-    display: flex;
-    gap: @space-2;
-    margin-bottom: @space-6;
-
-    .btn {
-        display: inline-flex;
-        align-items: center;
-        gap: @space-2;
-    }
-}
-
-.template-details-grid {
-    display: flex;
-    flex-direction: column;
-    gap: @space-6;
-}
-
-.detail-section {
-    h4 {
-        display: flex;
-        align-items: center;
-        gap: @space-2;
-        margin: 0 0 @space-3 0;
-        font-size: @font-size-sm;
-        font-weight: @font-weight-semibold;
-        color: @text-secondary;
-        text-transform: uppercase;
-        letter-spacing: 0.05em;
-
-        svg {
-            flex-shrink: 0;
-        }
-
-        .copy-btn {
-            margin-left: auto;
-            padding: @space-1;
-            background: transparent;
-            border: none;
-            color: @text-tertiary;
-            cursor: pointer;
-            border-radius: @radius-sm;
-            display: flex;
-            align-items: center;
-            transition: all @transition-fast;
-
-            &:hover {
-                color: @accent-primary;
-                background: @bg-hover;
-            }
-        }
-    }
-}
-
-// Requirements
-.requirements-list {
-    display: flex;
-    flex-wrap: wrap;
-    gap: @space-3;
-}
-
-.requirement-item {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    padding: @space-2 @space-3;
-    background: @bg-hover;
-    border-radius: @radius-md;
-
-    .requirement-label {
-        font-size: @font-size-sm;
-        color: @text-tertiary;
-    }
-
-    .requirement-value {
-        font-size: @font-size-sm;
-        font-weight: @font-weight-medium;
-        color: @text-primary;
-        font-family: @font-mono;
-    }
-}
-
-// Variables
-.variables-list {
-    display: flex;
-    flex-direction: column;
-    gap: @space-3;
-}
-
-.variable-item {
-    display: flex;
-    flex-direction: column;
-    gap: @space-1;
-    padding: @space-3;
-    background: @bg-hover;
-    border-radius: @radius-md;
-    border-left: 3px solid transparent;
-
-    &.required {
-        border-left-color: @accent-primary;
-    }
-
-    .variable-header {
-        display: flex;
-        align-items: center;
-        gap: @space-2;
-    }
-}
-
-.variable-name {
-    font-family: @font-mono;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    color: @accent-primary;
-}
-
-.required-badge {
-    font-size: @font-size-xs;
-    padding: 2px @space-2;
-    background: @accent-primary;
-    color: white;
-    border-radius: @radius-sm;
-    font-weight: @font-weight-medium;
-}
-
-.auto-badge {
-    font-size: @font-size-xs;
-    padding: 2px @space-2;
-    background: @success-bg;
-    color: @success;
-    border-radius: @radius-sm;
-    font-weight: @font-weight-medium;
-}
-
-.variable-description {
-    font-size: @font-size-sm;
-    color: @text-secondary;
-}
-
-.variable-default {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-    font-family: @font-mono;
-}
-
-// Ports
-.ports-list {
-    display: flex;
-    flex-wrap: wrap;
-    gap: @space-2;
-}
-
-.port-item {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    padding: @space-2 @space-3;
-    background: @bg-hover;
-    border-radius: @radius-md;
-}
-
-.port-number {
-    font-family: @font-mono;
-    font-weight: @font-weight-medium;
-    color: @text-primary;
-}
-
-.port-protocol {
-    font-size: @font-size-xs;
-    padding: @space-1;
-    background: @bg-card;
-    border-radius: @radius-sm;
-    color: @text-secondary;
-    text-transform: uppercase;
-}
-
-.port-description {
-    font-size: @font-size-sm;
-    color: @text-secondary;
-}
-
-// Compose Preview
-.compose-preview {
-    padding: @space-4;
-    background: @bg-elevated;
-    border-radius: @radius-md;
-    border: 1px solid @border-subtle;
-
-    code {
-        font-family: @font-mono;
-        font-size: @font-size-sm;
-        color: @text-secondary;
-    }
-}
-
-// Install Modal
-.install-modal {
-    h4 {
-        margin: @space-4 0 @space-3 0;
-        font-size: @font-size-base;
-        font-weight: @font-weight-semibold;
-        padding-top: @space-4;
-        border-top: 1px solid @border-subtle;
-    }
-}
-
-// Responsive
-@media (max-width: @breakpoint-md) {
-    .templates-grid {
-        grid-template-columns: 1fr;
-    }
-
-    .templates-results-header {
-        flex-direction: column;
-        align-items: flex-start;
-        gap: @space-3;
-    }
-
-    .sort-dropdown {
-        width: 100%;
-
-        select {
-            flex: 1;
-        }
-    }
-
-    .template-card {
-        flex-direction: column;
-    }
-
-    .template-icon {
-        width: 48px;
-        height: 48px;
-    }
-
-    .featured-badge {
-        top: @space-2;
-        right: @space-2;
-    }
-}
diff --git a/frontend/src/styles/pages/_templates.scss b/frontend/src/styles/pages/_templates.scss
new file mode 100644
index 00000000..a5b3dadf
--- /dev/null
+++ b/frontend/src/styles/pages/_templates.scss
@@ -0,0 +1,667 @@
+// ============================================
+// TEMPLATES PAGE STYLES
+// ============================================
+
+.templates-page {
+    .page-description {
+        color: $text-secondary;
+        margin-top: $space-2;
+    }
+
+    .empty-state {
+        grid-column: 1 / -1;
+        display: flex;
+        flex-direction: column;
+        align-items: center;
+        justify-content: center;
+        gap: $space-4;
+        padding: $space-12;
+        color: $text-tertiary;
+
+        svg {
+            opacity: 0.5;
+        }
+
+        p {
+            margin: 0;
+            font-size: $font-size-lg;
+        }
+    }
+}
+
+// Filters
+.templates-filters {
+    display: flex;
+    flex-direction: column;
+    gap: $space-4;
+    margin-bottom: $space-4;
+}
+
+.search-box {
+    position: relative;
+    max-width: 400px;
+
+    .search-icon {
+        position: absolute;
+        left: $space-3;
+        top: 50%;
+        transform: translateY(-50%);
+        color: $text-tertiary;
+        pointer-events: none;
+    }
+
+    input {
+        width: 100%;
+        padding: $space-3 $space-4;
+        padding-left: $space-10;
+        padding-right: $space-10;
+        background: $bg-card;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-md;
+        color: $text-primary;
+        font-size: $font-size-base;
+
+        &:focus {
+            outline: none;
+            border-color: $accent-primary;
+            box-shadow: 0 0 0 3px $accent-glow;
+        }
+
+        &::placeholder {
+            color: $text-tertiary;
+        }
+    }
+
+    .search-clear {
+        position: absolute;
+        right: $space-2;
+        top: 50%;
+        transform: translateY(-50%);
+        padding: $space-1;
+        background: transparent;
+        border: none;
+        color: $text-tertiary;
+        cursor: pointer;
+        border-radius: $radius-sm;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+
+        &:hover {
+            color: $text-primary;
+            background: $bg-hover;
+        }
+    }
+}
+
+.category-filters {
+    display: flex;
+    flex-wrap: wrap;
+    gap: $space-2;
+}
+
+.category-btn {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    padding: $space-2 $space-3;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    color: $text-secondary;
+    font-size: $font-size-sm;
+    cursor: pointer;
+    transition: all $transition-fast;
+    text-transform: capitalize;
+
+    &:hover {
+        background: $bg-hover;
+        border-color: $border-default;
+        color: $text-primary;
+    }
+
+    &.active {
+        background: $accent-glow;
+        border-color: $accent-primary;
+        color: $accent-primary;
+    }
+}
+
+// Active Filters
+.active-filters {
+    display: flex;
+    align-items: center;
+    flex-wrap: wrap;
+    gap: $space-2;
+    margin-bottom: $space-4;
+}
+
+.filter-chip {
+    display: inline-flex;
+    align-items: center;
+    gap: $space-2;
+    padding: $space-1 $space-2;
+    padding-right: $space-1;
+    background: $accent-glow;
+    border: 1px solid $accent-primary;
+    border-radius: $radius-full;
+    font-size: $font-size-sm;
+    color: $accent-primary;
+
+    svg:first-child {
+        flex-shrink: 0;
+    }
+
+    button {
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        padding: $space-1;
+        margin-left: $space-1;
+        background: transparent;
+        border: none;
+        border-radius: $radius-full;
+        color: $accent-primary;
+        cursor: pointer;
+        transition: all $transition-fast;
+
+        &:hover {
+            background: $accent-primary;
+            color: white;
+        }
+    }
+}
+
+.clear-all-btn {
+    padding: $space-1 $space-3;
+    background: transparent;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-full;
+    font-size: $font-size-sm;
+    color: $text-secondary;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    &:hover {
+        background: $bg-hover;
+        border-color: $border-default;
+        color: $text-primary;
+    }
+}
+
+// Results Header
+.templates-results-header {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    margin-bottom: $space-4;
+    padding-bottom: $space-3;
+    border-bottom: 1px solid $border-subtle;
+}
+
+.results-count {
+    font-size: $font-size-sm;
+    color: $text-secondary;
+}
+
+.sort-dropdown {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    position: relative;
+
+    label {
+        font-size: $font-size-sm;
+        color: $text-tertiary;
+    }
+
+    select {
+        appearance: none;
+        padding: $space-2 $space-8 $space-2 $space-3;
+        background: $bg-card;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-md;
+        font-size: $font-size-sm;
+        color: $text-primary;
+        cursor: pointer;
+
+        &:focus {
+            outline: none;
+            border-color: $accent-primary;
+        }
+    }
+
+    .dropdown-icon {
+        position: absolute;
+        right: $space-2;
+        pointer-events: none;
+        color: $text-tertiary;
+    }
+}
+
+// Templates Grid
+.templates-grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fill, minmax(320px, 1fr));
+    gap: $space-5;
+}
+
+.template-card {
+    position: relative;
+    display: flex;
+    gap: $space-4;
+    padding: $space-5;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    &:hover {
+        border-color: $accent-primary;
+        box-shadow: $shadow-md;
+        transform: translateY(-2px);
+    }
+}
+
+.featured-badge {
+    position: absolute;
+    top: $space-3;
+    right: $space-3;
+    display: inline-flex;
+    align-items: center;
+    gap: $space-1;
+    padding: $space-1 $space-2;
+    background: linear-gradient(135deg, $color-star, #d97706);
+    border-radius: $radius-sm;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-medium;
+    color: white;
+
+    svg {
+        fill: currentColor;
+    }
+}
+
+.template-icon {
+    width: 64px;
+    height: 64px;
+    flex-shrink: 0;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    background: $bg-hover;
+    border-radius: $radius-md;
+    overflow: hidden;
+    color: $accent-primary;
+
+    img {
+        width: 100%;
+        height: 100%;
+        object-fit: contain;
+        padding: $space-2;
+    }
+
+    svg {
+        flex-shrink: 0;
+    }
+}
+
+.template-icon-placeholder {
+    font-size: $font-size-2xl;
+    font-weight: $font-weight-bold;
+    color: $accent-primary;
+}
+
+.template-icon-large {
+    width: 80px;
+    height: 80px;
+    flex-shrink: 0;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    background: $bg-hover;
+    border-radius: $radius-lg;
+    overflow: hidden;
+    color: $accent-primary;
+
+    img {
+        width: 100%;
+        height: 100%;
+        object-fit: contain;
+        padding: $space-2;
+    }
+
+    .template-icon-placeholder {
+        font-size: $font-size-3xl;
+    }
+}
+
+.template-info {
+    flex: 1;
+    min-width: 0;
+
+    h3 {
+        margin: 0 0 $space-2 0;
+        font-size: $font-size-lg;
+        font-weight: $font-weight-semibold;
+    }
+}
+
+.template-description {
+    margin: 0 0 $space-3 0;
+    color: $text-secondary;
+    font-size: $font-size-sm;
+    line-height: $line-height-relaxed;
+    display: -webkit-box;
+    -webkit-line-clamp: 2;
+    -webkit-box-orient: vertical;
+    overflow: hidden;
+}
+
+.template-full-description {
+    margin-bottom: $space-4;
+    color: $text-secondary;
+    line-height: $line-height-relaxed;
+}
+
+.template-meta {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    flex-wrap: wrap;
+}
+
+.template-version {
+    font-size: $font-size-xs;
+    font-weight: $font-weight-medium;
+    color: $accent-primary;
+    padding: $space-1 $space-2;
+    background: $accent-glow;
+    border-radius: $radius-sm;
+}
+
+.template-link-indicator {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    width: 24px;
+    height: 24px;
+    background: $bg-hover;
+    border-radius: $radius-sm;
+    color: $text-tertiary;
+
+    &:hover {
+        color: $accent-primary;
+    }
+}
+
+.template-categories {
+    display: flex;
+    flex-wrap: wrap;
+    gap: $space-1;
+}
+
+.category-badge {
+    display: inline-flex;
+    align-items: center;
+    gap: $space-1;
+    padding: $space-1 $space-2;
+    font-size: $font-size-xs;
+    color: $text-secondary;
+    background: $bg-hover;
+    border-radius: $radius-sm;
+    text-transform: capitalize;
+}
+
+// Template Detail Modal
+.template-detail-header {
+    display: flex;
+    align-items: center;
+    gap: $space-4;
+
+    h2 {
+        margin: 0;
+    }
+}
+
+.template-links {
+    display: flex;
+    gap: $space-2;
+    margin-bottom: $space-6;
+
+    .btn {
+        display: inline-flex;
+        align-items: center;
+        gap: $space-2;
+    }
+}
+
+.template-details-grid {
+    display: flex;
+    flex-direction: column;
+    gap: $space-6;
+}
+
+.detail-section {
+    h4 {
+        display: flex;
+        align-items: center;
+        gap: $space-2;
+        margin: 0 0 $space-3 0;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-semibold;
+        color: $text-secondary;
+        text-transform: uppercase;
+        letter-spacing: 0.05em;
+
+        svg {
+            flex-shrink: 0;
+        }
+
+        .copy-btn {
+            margin-left: auto;
+            padding: $space-1;
+            background: transparent;
+            border: none;
+            color: $text-tertiary;
+            cursor: pointer;
+            border-radius: $radius-sm;
+            display: flex;
+            align-items: center;
+            transition: all $transition-fast;
+
+            &:hover {
+                color: $accent-primary;
+                background: $bg-hover;
+            }
+        }
+    }
+}
+
+// Requirements
+.requirements-list {
+    display: flex;
+    flex-wrap: wrap;
+    gap: $space-3;
+}
+
+.requirement-item {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    padding: $space-2 $space-3;
+    background: $bg-hover;
+    border-radius: $radius-md;
+
+    .requirement-label {
+        font-size: $font-size-sm;
+        color: $text-tertiary;
+    }
+
+    .requirement-value {
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
+        color: $text-primary;
+        font-family: $font-mono;
+    }
+}
+
+// Variables
+.variables-list {
+    display: flex;
+    flex-direction: column;
+    gap: $space-3;
+}
+
+.variable-item {
+    display: flex;
+    flex-direction: column;
+    gap: $space-1;
+    padding: $space-3;
+    background: $bg-hover;
+    border-radius: $radius-md;
+    border-left: 3px solid transparent;
+
+    &.required {
+        border-left-color: $accent-primary;
+    }
+
+    .variable-header {
+        display: flex;
+        align-items: center;
+        gap: $space-2;
+    }
+}
+
+.variable-name {
+    font-family: $font-mono;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    color: $accent-primary;
+}
+
+.required-badge {
+    font-size: $font-size-xs;
+    padding: 2px $space-2;
+    background: $accent-primary;
+    color: white;
+    border-radius: $radius-sm;
+    font-weight: $font-weight-medium;
+}
+
+.auto-badge {
+    font-size: $font-size-xs;
+    padding: 2px $space-2;
+    background: $success-bg;
+    color: $success;
+    border-radius: $radius-sm;
+    font-weight: $font-weight-medium;
+}
+
+.variable-description {
+    font-size: $font-size-sm;
+    color: $text-secondary;
+}
+
+.variable-default {
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+    font-family: $font-mono;
+}
+
+// Ports
+.ports-list {
+    display: flex;
+    flex-wrap: wrap;
+    gap: $space-2;
+}
+
+.port-item {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    padding: $space-2 $space-3;
+    background: $bg-hover;
+    border-radius: $radius-md;
+}
+
+.port-number {
+    font-family: $font-mono;
+    font-weight: $font-weight-medium;
+    color: $text-primary;
+}
+
+.port-protocol {
+    font-size: $font-size-xs;
+    padding: $space-1;
+    background: $bg-card;
+    border-radius: $radius-sm;
+    color: $text-secondary;
+    text-transform: uppercase;
+}
+
+.port-description {
+    font-size: $font-size-sm;
+    color: $text-secondary;
+}
+
+// Compose Preview
+.compose-preview {
+    padding: $space-4;
+    background: $bg-elevated;
+    border-radius: $radius-md;
+    border: 1px solid $border-subtle;
+
+    code {
+        font-family: $font-mono;
+        font-size: $font-size-sm;
+        color: $text-secondary;
+    }
+}
+
+// Install Modal
+.install-modal {
+    h4 {
+        margin: $space-4 0 $space-3 0;
+        font-size: $font-size-base;
+        font-weight: $font-weight-semibold;
+        padding-top: $space-4;
+        border-top: 1px solid $border-subtle;
+    }
+}
+
+// Responsive
+@media (max-width: $breakpoint-md) {
+    .templates-grid {
+        grid-template-columns: 1fr;
+    }
+
+    .templates-results-header {
+        flex-direction: column;
+        align-items: flex-start;
+        gap: $space-3;
+    }
+
+    .sort-dropdown {
+        width: 100%;
+
+        select {
+            flex: 1;
+        }
+    }
+
+    .template-card {
+        flex-direction: column;
+    }
+
+    .template-icon {
+        width: 48px;
+        height: 48px;
+    }
+
+    .featured-badge {
+        top: $space-2;
+        right: $space-2;
+    }
+}
diff --git a/frontend/src/styles/pages/_terminal.less b/frontend/src/styles/pages/_terminal.scss
similarity index 78%
rename from frontend/src/styles/pages/_terminal.less
rename to frontend/src/styles/pages/_terminal.scss
index 81611122..22583363 100644
--- a/frontend/src/styles/pages/_terminal.less
+++ b/frontend/src/styles/pages/_terminal.scss
@@ -5,7 +5,7 @@
         .tab {
             display: flex;
             align-items: center;
-            gap: @space-2;
+            gap: $space-2;
 
             svg {
                 stroke: currentColor;
@@ -28,10 +28,10 @@
 .logs-layout {
     display: grid;
     grid-template-columns: 300px 1fr;
-    gap: @space-6;
+    gap: $space-6;
     height: 100%;
 
-    @media (max-width: @breakpoint-lg) {
+    @media (max-width: $breakpoint-lg) {
         grid-template-columns: 1fr;
         grid-template-rows: auto 1fr;
     }
@@ -40,7 +40,7 @@
 .logs-sidebar {
     background: var(--bg-secondary);
     border: 1px solid var(--border-color);
-    border-radius: @radius-lg;
+    border-radius: $radius-lg;
     display: flex;
     flex-direction: column;
     overflow: hidden;
@@ -49,11 +49,11 @@
         display: flex;
         align-items: center;
         justify-content: space-between;
-        padding: @space-4;
+        padding: $space-4;
         border-bottom: 1px solid var(--border-color);
 
         h3 {
-            font-size: @font-size-sm;
+            font-size: $font-size-sm;
             font-weight: 600;
             margin: 0;
         }
@@ -63,22 +63,22 @@
 .log-files-list {
     flex: 1;
     overflow-y: auto;
-    padding: @space-2;
+    padding: $space-2;
 
     .empty-hint {
-        padding: @space-6;
+        padding: $space-6;
         text-align: center;
         color: var(--text-tertiary);
-        font-size: @font-size-sm;
+        font-size: $font-size-sm;
     }
 }
 
 .log-file-item {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    padding: @space-2 @space-4;
-    border-radius: @radius-md;
+    gap: $space-2;
+    padding: $space-2 $space-4;
+    border-radius: $radius-md;
     cursor: pointer;
     transition: all 0.15s ease;
 
@@ -104,7 +104,7 @@
     .log-icon {
         width: 32px;
         height: 32px;
-        border-radius: @radius-sm;
+        border-radius: $radius-sm;
         display: flex;
         align-items: center;
         justify-content: center;
@@ -118,15 +118,15 @@
         }
 
         &.error {
-            color: @danger;
+            color: $danger;
         }
 
         &.access {
-            color: @success;
+            color: $success;
         }
 
         &.nginx {
-            color: @accent-primary;
+            color: $accent-primary;
         }
 
         &.database {
@@ -143,7 +143,7 @@
     }
 
     .log-file-name {
-        font-size: @font-size-sm;
+        font-size: $font-size-sm;
         font-weight: 500;
         white-space: nowrap;
         overflow: hidden;
@@ -151,7 +151,7 @@
     }
 
     .log-file-path {
-        font-size: @font-size-xs;
+        font-size: $font-size-xs;
         color: var(--text-tertiary);
         white-space: nowrap;
         overflow: hidden;
@@ -159,7 +159,7 @@
     }
 
     .log-file-size {
-        font-size: @font-size-xs;
+        font-size: $font-size-xs;
         color: var(--text-tertiary);
         flex-shrink: 0;
     }
@@ -168,7 +168,7 @@
 .logs-viewer {
     background: var(--bg-secondary);
     border: 1px solid var(--border-color);
-    border-radius: @radius-lg;
+    border-radius: $radius-lg;
     display: flex;
     flex-direction: column;
     overflow: hidden;
@@ -178,8 +178,8 @@
     display: flex;
     align-items: center;
     justify-content: space-between;
-    gap: @space-4;
-    padding: @space-2 @space-4;
+    gap: $space-4;
+    padding: $space-2 $space-4;
     border-bottom: 1px solid var(--border-color);
     flex-wrap: wrap;
 
@@ -187,18 +187,18 @@
     .toolbar-right {
         display: flex;
         align-items: center;
-        gap: @space-2;
+        gap: $space-2;
     }
 }
 
 .search-input {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    padding: @space-1 @space-2;
+    gap: $space-2;
+    padding: $space-1 $space-2;
     background: var(--bg-tertiary);
     border: 1px solid var(--border-color);
-    border-radius: @radius-md;
+    border-radius: $radius-md;
 
     svg {
         stroke: var(--text-tertiary);
@@ -211,7 +211,7 @@
         border: none;
         background: none;
         padding: 0;
-        font-size: @font-size-sm;
+        font-size: $font-size-sm;
         width: 180px;
 
         &:focus {
@@ -221,20 +221,20 @@
 }
 
 .lines-select {
-    padding: @space-1 @space-2;
+    padding: $space-1 $space-2;
     border: 1px solid var(--border-color);
-    border-radius: @radius-sm;
+    border-radius: $radius-sm;
     background: var(--bg-tertiary);
     color: var(--text-primary);
-    font-size: @font-size-sm;
+    font-size: $font-size-sm;
 }
 
 .auto-refresh-toggle {
     display: flex;
     align-items: center;
-    gap: @space-1;
+    gap: $space-1;
     cursor: pointer;
-    font-size: @font-size-sm;
+    font-size: $font-size-sm;
     color: var(--text-secondary);
 
     input {
@@ -250,8 +250,8 @@
 
     pre {
         margin: 0;
-        font-family: @font-mono;
-        font-size: @font-size-sm;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
         line-height: 1.4;
         color: var(--text-code);
         white-space: pre-wrap;
@@ -271,12 +271,12 @@
             stroke: currentColor;
             fill: none;
             stroke-width: 1.5;
-            margin-bottom: @space-4;
+            margin-bottom: $space-4;
             opacity: 0.5;
         }
 
         p {
-            font-size: @font-size-sm;
+            font-size: $font-size-sm;
         }
     }
 }
@@ -288,7 +288,7 @@
 .journal-container {
     display: flex;
     flex-direction: column;
-    gap: @space-6;
+    gap: $space-6;
     height: calc(100vh - 280px);
     min-height: 500px;
 }
@@ -296,27 +296,27 @@
 .journal-controls {
     display: flex;
     align-items: flex-end;
-    gap: @space-6;
+    gap: $space-6;
     flex-wrap: wrap;
 
     .control-group {
         display: flex;
         flex-direction: column;
-        gap: @space-1;
+        gap: $space-1;
 
         label {
-            font-size: @font-size-xs;
+            font-size: $font-size-xs;
             font-weight: 500;
             color: var(--text-secondary);
         }
 
         input,
         select {
-            padding: @space-1 @space-2;
+            padding: $space-1 $space-2;
             border: 1px solid var(--border-color);
-            border-radius: @radius-sm;
+            border-radius: $radius-sm;
             background: var(--bg-secondary);
-            font-size: @font-size-sm;
+            font-size: $font-size-sm;
         }
 
         input {
@@ -328,21 +328,21 @@
 .input-with-suggestions {
     display: flex;
     flex-direction: column;
-    gap: @space-2;
+    gap: $space-2;
 }
 
 .quick-units {
     display: flex;
     flex-wrap: wrap;
-    gap: @space-1;
+    gap: $space-1;
 }
 
 .unit-chip {
-    padding: 2px @space-2;
+    padding: 2px $space-2;
     border: 1px solid var(--border-color);
-    border-radius: @radius-full;
+    border-radius: $radius-full;
     background: var(--bg-secondary);
-    font-size: @font-size-xs;
+    font-size: $font-size-xs;
     cursor: pointer;
     transition: all 0.15s ease;
 
@@ -361,14 +361,14 @@
 .journal-source-notice {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    padding: @space-2 @space-4;
+    gap: $space-2;
+    padding: $space-2 $space-4;
     background: var(--bg-secondary);
     border: 1px solid var(--border-color);
-    border-radius: @radius-md;
-    font-size: @font-size-xs;
+    border-radius: $radius-md;
+    font-size: $font-size-xs;
     color: var(--text-secondary);
-    margin-top: -@space-4;
+    margin-top: -$space-4;
 
     svg { stroke: currentColor; fill: none; stroke-width: 2; flex-shrink: 0; }
     strong { color: var(--text-primary); }
@@ -377,14 +377,14 @@
 .journal-viewer {
     flex: 1;
     background: var(--bg-code);
-    border-radius: @radius-lg;
+    border-radius: $radius-lg;
     overflow: auto;
     padding: 1rem;
 
     pre {
         margin: 0;
-        font-family: @font-mono;
-        font-size: @font-size-sm;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
         line-height: 1.4;
         color: var(--text-code);
         white-space: pre-wrap;
@@ -400,29 +400,29 @@
 .processes-container {
     display: flex;
     flex-direction: column;
-    gap: @space-6;
+    gap: $space-6;
 }
 
 .processes-toolbar {
     display: flex;
     align-items: center;
     justify-content: space-between;
-    gap: @space-4;
+    gap: $space-4;
     flex-wrap: wrap;
 
     .toolbar-left,
     .toolbar-right {
         display: flex;
         align-items: center;
-        gap: @space-2;
+        gap: $space-2;
     }
 
     select {
-        padding: @space-1 @space-2;
+        padding: $space-1 $space-2;
         border: 1px solid var(--border-color);
-        border-radius: @radius-sm;
+        border-radius: $radius-sm;
         background: var(--bg-secondary);
-        font-size: @font-size-sm;
+        font-size: $font-size-sm;
     }
 }
 
@@ -430,7 +430,7 @@
     overflow-x: auto;
     background: var(--bg-secondary);
     border: 1px solid var(--border-color);
-    border-radius: @radius-lg;
+    border-radius: $radius-lg;
 }
 
 .processes-table {
@@ -441,10 +441,10 @@
 
     // Column widths: PID | Name | User | CPU% | Mem% | Memory | Status | Actions
     th, td {
-        padding: @space-2 @space-3;
+        padding: $space-2 $space-3;
         text-align: left;
         vertical-align: middle;
-        font-size: @font-size-sm;
+        font-size: $font-size-sm;
     }
 
     th {
@@ -452,9 +452,9 @@
         top: 0;
         background: var(--bg-secondary);
         z-index: 1;
-        font-weight: @font-weight-semibold;
-        color: @text-secondary;
-        font-size: @font-size-xs;
+        font-weight: $font-weight-semibold;
+        color: $text-secondary;
+        font-size: $font-size-xs;
         text-transform: uppercase;
         letter-spacing: 0.03em;
         border-bottom: 1px solid var(--border-color);
@@ -488,8 +488,8 @@
     }
 
     .mono {
-        font-family: @font-mono;
-        font-size: @font-size-xs;
+        font-family: $font-mono;
+        font-size: $font-size-xs;
     }
 
     .process-name {
@@ -510,7 +510,7 @@
             opacity: 0.4;
 
             &.cpu {
-                background: @accent-primary;
+                background: $accent-primary;
             }
 
             &.memory {
@@ -520,14 +520,14 @@
 
         span {
             position: relative;
-            font-size: @font-size-xs;
-            font-family: @font-mono;
+            font-size: $font-size-xs;
+            font-family: $font-mono;
         }
     }
 
     .action-buttons {
         display: flex;
-        gap: @space-1;
+        gap: $space-1;
     }
 }
 
@@ -545,72 +545,72 @@
 .process-details-panel {
     background: var(--bg-secondary);
     border: 1px solid var(--border-color);
-    border-radius: @radius-lg;
+    border-radius: $radius-lg;
     overflow: hidden;
 
     .panel-header {
         display: flex;
         align-items: center;
         justify-content: space-between;
-        padding: @space-4;
+        padding: $space-4;
         border-bottom: 1px solid var(--border-color);
 
         h3 {
-            font-size: @font-size-md;
+            font-size: $font-size-md;
             font-weight: 600;
             margin: 0;
         }
     }
 
     .panel-body {
-        padding: @space-4;
+        padding: $space-4;
     }
 
     .details-grid {
         display: grid;
         grid-template-columns: repeat(auto-fill, minmax(180px, 1fr));
-        gap: @space-4;
+        gap: $space-4;
     }
 
     .detail-item {
         display: flex;
         flex-direction: column;
-        gap: @space-1;
+        gap: $space-1;
 
         .detail-label {
-            font-size: @font-size-xs;
+            font-size: $font-size-xs;
             color: var(--text-tertiary);
         }
 
         .detail-value {
-            font-size: @font-size-sm;
+            font-size: $font-size-sm;
             font-weight: 500;
 
             &.mono {
-                font-family: @font-mono;
+                font-family: $font-mono;
             }
         }
     }
 
     .command-line {
-        margin-top: @space-4;
-        padding-top: @space-4;
+        margin-top: $space-4;
+        padding-top: $space-4;
         border-top: 1px solid var(--border-color);
 
         .detail-label {
             display: block;
-            font-size: @font-size-xs;
+            font-size: $font-size-xs;
             color: var(--text-tertiary);
-            margin-bottom: @space-1;
+            margin-bottom: $space-1;
         }
 
         code {
             display: block;
-            padding: @space-2;
+            padding: $space-2;
             background: var(--bg-tertiary);
-            border-radius: @radius-sm;
-            font-family: @font-mono;
-            font-size: @font-size-xs;
+            border-radius: $radius-sm;
+            font-family: $font-mono;
+            font-size: $font-size-xs;
             word-break: break-all;
         }
     }
@@ -623,13 +623,13 @@
 .services-container {
     display: flex;
     flex-direction: column;
-    gap: @space-6;
+    gap: $space-6;
 }
 
 .services-toolbar {
     display: flex;
     align-items: center;
-    gap: @space-2;
+    gap: $space-2;
 
     .btn svg {
         stroke: currentColor;
@@ -641,28 +641,28 @@
 .services-grid {
     display: grid;
     grid-template-columns: repeat(auto-fill, minmax(320px, 1fr));
-    gap: @space-4;
+    gap: $space-4;
 }
 
 .service-card {
     background: var(--bg-secondary);
     border: 1px solid var(--border-color);
-    border-radius: @radius-lg;
-    padding: @space-4;
+    border-radius: $radius-lg;
+    padding: $space-4;
     display: flex;
     flex-direction: column;
-    gap: @space-2;
+    gap: $space-2;
 
     .service-header {
         display: flex;
         align-items: center;
         justify-content: space-between;
-        gap: @space-4;
+        gap: $space-4;
 
         .service-info {
             display: flex;
             align-items: center;
-            gap: @space-2;
+            gap: $space-2;
 
             .status-dot {
                 width: 8px;
@@ -671,15 +671,15 @@
                 flex-shrink: 0;
 
                 &.success {
-                    background: @success;
+                    background: $success;
                 }
 
                 &.danger {
-                    background: @danger;
+                    background: $danger;
                 }
 
                 &.warning {
-                    background: @warning;
+                    background: $warning;
                 }
 
                 &.secondary {
@@ -688,7 +688,7 @@
             }
 
             h4 {
-                font-size: @font-size-sm;
+                font-size: $font-size-sm;
                 font-weight: 600;
                 margin: 0;
             }
@@ -696,15 +696,15 @@
     }
 
     .service-description {
-        font-size: @font-size-xs;
+        font-size: $font-size-xs;
         color: var(--text-secondary);
         margin: 0;
     }
 
     .service-meta {
         display: flex;
-        gap: @space-4;
-        font-size: @font-size-xs;
+        gap: $space-4;
+        font-size: $font-size-xs;
         color: var(--text-tertiary);
 
         .meta-label {
@@ -714,9 +714,9 @@
 
     .service-actions {
         display: flex;
-        gap: @space-1;
-        margin-top: @space-2;
-        padding-top: @space-2;
+        gap: $space-1;
+        margin-top: $space-2;
+        padding-top: $space-2;
         border-top: 1px solid var(--border-color);
     }
 }
@@ -731,13 +731,13 @@
     max-height: 500px;
     overflow: auto;
     background: var(--bg-code);
-    border-radius: @radius-md;
+    border-radius: $radius-md;
     padding: 1rem;
 
     pre {
         margin: 0;
-        font-family: @font-mono;
-        font-size: @font-size-sm;
+        font-family: $font-mono;
+        font-size: $font-size-sm;
         line-height: 1.4;
         color: var(--text-code);
         white-space: pre-wrap;
diff --git a/frontend/src/styles/pages/_wordpress-pipeline.less b/frontend/src/styles/pages/_wordpress-pipeline.scss
similarity index 52%
rename from frontend/src/styles/pages/_wordpress-pipeline.less
rename to frontend/src/styles/pages/_wordpress-pipeline.scss
index 1e0bbe8b..172a0cc6 100644
--- a/frontend/src/styles/pages/_wordpress-pipeline.less
+++ b/frontend/src/styles/pages/_wordpress-pipeline.scss
@@ -12,24 +12,24 @@
 
 // Projects Page
 .wp-projects-page {
-    padding: @space-4;
+    padding: $space-4;
 
     .page-header {
-        margin-bottom: @space-6;
+        margin-bottom: $space-6;
     }
 
     .page-header-content {
         h1 {
-            font-size: @font-size-xl;
-            font-weight: @font-weight-bold;
-            color: @text-primary;
-            margin: 0 0 @space-1;
+            font-size: $font-size-xl;
+            font-weight: $font-weight-bold;
+            color: $text-primary;
+            margin: 0 0 $space-1;
         }
     }
 
     .page-description {
-        font-size: @font-size-sm;
-        color: @text-tertiary;
+        font-size: $font-size-sm;
+        color: $text-tertiary;
         margin: 0;
     }
 
@@ -38,26 +38,26 @@
         flex-direction: column;
         align-items: center;
         justify-content: center;
-        padding: 60px @space-6;
-        background: @bg-card;
-        border-radius: @radius-xl;
+        padding: 60px $space-6;
+        background: $bg-card;
+        border-radius: $radius-xl;
         text-align: center;
 
         .empty-icon {
-            color: @text-tertiary;
-            margin-bottom: @space-4;
+            color: $text-tertiary;
+            margin-bottom: $space-4;
         }
 
         h2 {
-            font-size: @font-size-lg;
-            font-weight: @font-weight-semibold;
-            color: @text-primary;
-            margin: 0 0 @space-2;
+            font-size: $font-size-lg;
+            font-weight: $font-weight-semibold;
+            color: $text-primary;
+            margin: 0 0 $space-2;
         }
 
         p {
-            font-size: @font-size-sm;
-            color: @text-secondary;
+            font-size: $font-size-sm;
+            color: $text-secondary;
             max-width: 460px;
             margin: 0;
         }
@@ -67,18 +67,18 @@
 .wp-projects-grid {
     display: grid;
     grid-template-columns: repeat(auto-fill, minmax(360px, 1fr));
-    gap: @space-4;
+    gap: $space-4;
 }
 
 .wp-project-card {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
     cursor: pointer;
     transition: all 0.15s ease;
 
     &:hover {
-        border-color: @border-hover;
+        border-color: $border-hover;
         box-shadow: 0 4px 12px rgba(0, 0, 0, 0.08);
     }
 }
@@ -86,9 +86,9 @@
 .wp-project-card-header {
     display: flex;
     align-items: center;
-    gap: @space-3;
-    padding: @space-4;
-    border-bottom: 1px solid @border-subtle;
+    gap: $space-3;
+    padding: $space-4;
+    border-bottom: 1px solid $border-subtle;
 }
 
 .wp-project-info {
@@ -97,26 +97,26 @@
 }
 
 .wp-project-name {
-    font-size: @font-size-base;
-    font-weight: @font-weight-semibold;
-    color: @text-primary;
+    font-size: $font-size-base;
+    font-weight: $font-weight-semibold;
+    color: $text-primary;
     margin: 0;
 }
 
 .wp-project-domain {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-    font-family: @font-family-mono;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+    font-family: $font-family-mono;
 }
 
 .wp-project-card-body {
-    padding: @space-4;
+    padding: $space-4;
 }
 
 .wp-project-meta {
     display: flex;
     flex-wrap: wrap;
-    gap: @space-3;
+    gap: $space-3;
     align-items: center;
 }
 
@@ -124,33 +124,33 @@
     display: flex;
     align-items: center;
     gap: 4px;
-    font-size: @font-size-sm;
-    color: @text-secondary;
+    font-size: $font-size-sm;
+    color: $text-secondary;
 
     svg {
-        color: @text-tertiary;
+        color: $text-tertiary;
     }
 }
 
 .wp-project-env-badges {
     display: flex;
-    gap: @space-1;
+    gap: $space-1;
 }
 
 .wp-project-card-footer {
     display: flex;
     align-items: center;
     justify-content: space-between;
-    padding: @space-3 @space-4;
-    border-top: 1px solid @border-subtle;
-    background: @bg-tertiary;
-    border-radius: 0 0 @radius-lg @radius-lg;
+    padding: $space-3 $space-4;
+    border-top: 1px solid $border-subtle;
+    background: $bg-tertiary;
+    border-radius: 0 0 $radius-lg $radius-lg;
 }
 
 .wp-project-card-cta {
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    color: @color-primary;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    color: $color-primary;
 }
 
 // ============================================
@@ -159,31 +159,31 @@
 
 .wp-project-page {
     .wp-icon {
-        background: linear-gradient(135deg, #21759b 0%, #1a5f7f 100%) !important;
+        background: linear-gradient(135deg, $color-wordpress 0%, #1a5f7f 100%) !important;
     }
 }
 
 // Pipeline Tab
 .pipeline-tab {
-    padding: @space-4 0;
+    padding: $space-4 0;
 }
 
 .pipeline-operation-banner {
     display: flex;
     align-items: center;
-    gap: @space-3;
-    padding: @space-3 @space-4;
-    background: fade(@color-info, 10%);
-    border: 1px solid fade(@color-info, 25%);
-    border-radius: @radius-md;
-    margin-bottom: @space-4;
-    font-size: @font-size-sm;
-    color: @color-info;
+    gap: $space-3;
+    padding: $space-3 $space-4;
+    background: fade($color-info, 10%);
+    border: 1px solid fade($color-info, 25%);
+    border-radius: $radius-md;
+    margin-bottom: $space-4;
+    font-size: $font-size-sm;
+    color: $color-info;
 }
 
 // Pipeline View
 .pipeline-view {
-    margin-bottom: @space-6;
+    margin-bottom: $space-6;
 }
 
 .pipeline-row {
@@ -191,23 +191,23 @@
     align-items: stretch;
     gap: 0;
     overflow-x: auto;
-    padding-bottom: @space-2;
+    padding-bottom: $space-2;
 }
 
 .pipeline-card {
     flex: 1;
     min-width: 220px;
     max-width: 320px;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
     display: flex;
     flex-direction: column;
     position: relative;
 
     &.production {
-        border-color: fade(@color-danger, 30%);
-        border-left: 3px solid @color-danger;
+        border-color: fade($color-danger, 30%);
+        border-left: 3px solid $color-danger;
     }
 
     &.locked {
@@ -216,7 +216,7 @@
 
     &.empty {
         border-style: dashed;
-        border-color: @border-subtle;
+        border-color: $border-subtle;
         display: flex;
         align-items: center;
         justify-content: center;
@@ -226,11 +226,11 @@
 
 .pipeline-empty-content {
     text-align: center;
-    color: @text-tertiary;
+    color: $text-tertiary;
 
     p {
-        margin: @space-2 0 0;
-        font-size: @font-size-sm;
+        margin: $space-2 0 0;
+        font-size: $font-size-sm;
     }
 }
 
@@ -238,23 +238,23 @@
     display: flex;
     justify-content: space-between;
     align-items: center;
-    padding: @space-3 @space-4;
-    border-bottom: 1px solid @border-subtle;
+    padding: $space-3 $space-4;
+    border-bottom: 1px solid $border-subtle;
 }
 
 .env-status-badge-group {
     display: flex;
     align-items: center;
-    gap: @space-2;
+    gap: $space-2;
 }
 
 .env-locked-badge {
     display: flex;
     align-items: center;
     padding: 2px 4px;
-    background: fade(@color-warning, 15%);
-    color: @color-warning;
-    border-radius: @radius-sm;
+    background: fade($color-warning, 15%);
+    color: $color-warning;
+    border-radius: $radius-sm;
 }
 
 .pipeline-card-menu-wrapper {
@@ -269,38 +269,38 @@
     position: absolute;
     right: 0;
     top: 100%;
-    background: @bg-elevated;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
+    background: $bg-elevated;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
     box-shadow: 0 8px 24px rgba(0, 0, 0, 0.2);
     z-index: 100;
     min-width: 140px;
-    padding: @space-1;
+    padding: $space-1;
 
     button {
         display: flex;
         align-items: center;
-        gap: @space-2;
+        gap: $space-2;
         width: 100%;
-        padding: @space-2 @space-3;
+        padding: $space-2 $space-3;
         border: none;
         background: none;
-        color: @text-secondary;
-        font-size: @font-size-sm;
+        color: $text-secondary;
+        font-size: $font-size-sm;
         cursor: pointer;
-        border-radius: @radius-sm;
+        border-radius: $radius-sm;
         text-align: left;
 
         &:hover {
-            background: @bg-hover;
-            color: @text-primary;
+            background: $bg-hover;
+            color: $text-primary;
         }
 
         &.danger {
-            color: @color-danger;
+            color: $color-danger;
 
             &:hover {
-                background: fade(@color-danger, 10%);
+                background: fade($color-danger, 10%);
             }
         }
     }
@@ -308,22 +308,22 @@
 
 .pipeline-card-body {
     flex: 1;
-    padding: @space-4;
+    padding: $space-4;
 }
 
 .pipeline-card-name {
-    font-size: @font-size-base;
-    font-weight: @font-weight-semibold;
-    color: @text-primary;
-    margin: 0 0 @space-2;
+    font-size: $font-size-base;
+    font-weight: $font-weight-semibold;
+    color: $text-primary;
+    margin: 0 0 $space-2;
 }
 
 .pipeline-card-domain {
     display: block;
-    font-size: @font-size-xs;
-    font-family: @font-family-mono;
-    color: @color-primary;
-    margin-bottom: @space-2;
+    font-size: $font-size-xs;
+    font-family: $font-family-mono;
+    color: $color-primary;
+    margin-bottom: $space-2;
     text-decoration: none;
 
     &:hover {
@@ -334,32 +334,32 @@
 .pipeline-card-meta {
     display: flex;
     flex-wrap: wrap;
-    gap: @space-2;
+    gap: $space-2;
 }
 
 .pipeline-meta-item {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
 }
 
 .pipeline-card-footer {
     display: flex;
-    gap: @space-2;
-    padding: @space-2 @space-3;
-    border-top: 1px solid @border-subtle;
-    background: @bg-tertiary;
-    border-radius: 0 0 @radius-lg @radius-lg;
+    gap: $space-2;
+    padding: $space-2 $space-3;
+    border-top: 1px solid $border-subtle;
+    background: $bg-tertiary;
+    border-radius: 0 0 $radius-lg $radius-lg;
 }
 
 .pipeline-card-lock-banner {
     display: flex;
     align-items: center;
-    gap: @space-1;
-    padding: @space-2 @space-3;
-    background: fade(@color-warning, 10%);
-    font-size: @font-size-xs;
-    color: @color-warning;
-    border-radius: 0 0 @radius-lg @radius-lg;
+    gap: $space-1;
+    padding: $space-2 $space-3;
+    background: fade($color-warning, 10%);
+    font-size: $font-size-xs;
+    color: $color-warning;
+    border-radius: 0 0 $radius-lg $radius-lg;
 }
 
 // Pipeline Arrows
@@ -368,7 +368,7 @@
     align-items: center;
     justify-content: center;
     min-width: 80px;
-    padding: 0 @space-2;
+    padding: 0 $space-2;
 
     &.disabled {
         opacity: 0.3;
@@ -381,18 +381,18 @@
     flex-direction: column;
     align-items: center;
     gap: 4px;
-    padding: @space-2 @space-3;
-    border: 1px solid @border-subtle;
-    background: @bg-card;
-    border-radius: @radius-md;
+    padding: $space-2 $space-3;
+    border: 1px solid $border-subtle;
+    background: $bg-card;
+    border-radius: $radius-md;
     cursor: pointer;
-    color: @text-secondary;
+    color: $text-secondary;
     transition: all 0.15s ease;
 
     &:hover:not(:disabled) {
-        border-color: @color-primary;
-        color: @color-primary;
-        background: fade(@accent-primary-raw, 5%);
+        border-color: $color-primary;
+        color: $color-primary;
+        background: fade($accent-primary-raw, 5%);
     }
 
     &:disabled {
@@ -403,7 +403,7 @@
 
 .pipeline-arrow-label {
     font-size: 10px;
-    font-weight: @font-weight-medium;
+    font-weight: $font-weight-medium;
     text-transform: uppercase;
     letter-spacing: 0.5px;
 }
@@ -412,7 +412,7 @@
 .pipeline-sync-row {
     display: flex;
     gap: 0;
-    margin-top: @space-2;
+    margin-top: $space-2;
 
     .pipeline-sync-action {
         flex: 1;
@@ -425,25 +425,25 @@
 
 // Multidev Section
 .pipeline-multidev-section {
-    margin-top: @space-6;
-    padding-top: @space-4;
-    border-top: 1px solid @border-subtle;
+    margin-top: $space-6;
+    padding-top: $space-4;
+    border-top: 1px solid $border-subtle;
 }
 
 .pipeline-section-header {
     display: flex;
     justify-content: space-between;
     align-items: center;
-    margin-bottom: @space-3;
+    margin-bottom: $space-3;
 }
 
 .pipeline-section-title {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-semibold;
-    color: @text-secondary;
+    gap: $space-2;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-semibold;
+    color: $text-secondary;
     text-transform: uppercase;
     letter-spacing: 0.5px;
     margin: 0;
@@ -456,11 +456,11 @@
     min-width: 20px;
     height: 20px;
     padding: 0 6px;
-    background: fade(@accent-primary-raw, 12%);
-    color: @color-primary;
+    background: fade($accent-primary-raw, 12%);
+    color: $color-primary;
     border-radius: 10px;
     font-size: 11px;
-    font-weight: @font-weight-bold;
+    font-weight: $font-weight-bold;
     text-transform: none;
     letter-spacing: 0;
 }
@@ -468,7 +468,7 @@
 .pipeline-multidev-grid {
     display: grid;
     grid-template-columns: repeat(auto-fill, minmax(280px, 1fr));
-    gap: @space-3;
+    gap: $space-3;
 }
 
 .pipeline-multidev-empty {
@@ -476,39 +476,39 @@
     flex-direction: column;
     align-items: center;
     justify-content: center;
-    padding: @space-8 @space-4;
-    background: @bg-card;
-    border: 1px dashed @border-subtle;
-    border-radius: @radius-lg;
+    padding: $space-8 $space-4;
+    background: $bg-card;
+    border: 1px dashed $border-subtle;
+    border-radius: $radius-lg;
     text-align: center;
 
     > svg {
-        color: @text-tertiary;
-        margin-bottom: @space-3;
+        color: $text-tertiary;
+        margin-bottom: $space-3;
     }
 
     p {
-        font-size: @font-size-base;
-        font-weight: @font-weight-medium;
-        color: @text-secondary;
-        margin: 0 0 @space-1;
+        font-size: $font-size-base;
+        font-weight: $font-weight-medium;
+        color: $text-secondary;
+        margin: 0 0 $space-1;
     }
 
     > span {
-        font-size: @font-size-sm;
-        color: @text-tertiary;
-        margin-bottom: @space-4;
+        font-size: $font-size-sm;
+        color: $text-tertiary;
+        margin-bottom: $space-4;
     }
 }
 
 .multidev-card {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
     transition: border-color 0.15s ease;
 
     &:hover {
-        border-color: @border-hover;
+        border-color: $border-hover;
     }
 
     &.locked {
@@ -520,18 +520,18 @@
     display: flex;
     justify-content: space-between;
     align-items: center;
-    padding: @space-3 @space-4;
-    border-bottom: 1px solid @border-subtle;
+    padding: $space-3 $space-4;
+    border-bottom: 1px solid $border-subtle;
 }
 
 .multidev-card-header-left {
     display: flex;
     align-items: center;
-    gap: @space-2;
+    gap: $space-2;
 }
 
 .multidev-lock-icon {
-    color: @color-warning;
+    color: $color-warning;
 }
 
 .multidev-card-menu-wrapper {
@@ -539,36 +539,36 @@
 }
 
 .multidev-card-body {
-    padding: @space-3 @space-4;
+    padding: $space-3 $space-4;
 }
 
 .multidev-card-name {
-    font-size: @font-size-sm;
-    font-weight: @font-weight-semibold;
-    color: @text-primary;
-    margin: 0 0 @space-2;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-semibold;
+    color: $text-primary;
+    margin: 0 0 $space-2;
 }
 
 .multidev-branch {
     display: inline-flex;
     align-items: center;
     gap: 4px;
-    font-size: @font-size-xs;
-    font-family: @font-family-mono;
-    color: @text-tertiary;
-    background: @bg-tertiary;
+    font-size: $font-size-xs;
+    font-family: $font-family-mono;
+    color: $text-tertiary;
+    background: $bg-tertiary;
     padding: 2px 8px;
-    border-radius: @radius-sm;
-    margin-bottom: @space-2;
+    border-radius: $radius-sm;
+    margin-bottom: $space-2;
 }
 
 .multidev-domain {
     display: block;
-    font-size: @font-size-xs;
-    font-family: @font-family-mono;
-    color: @color-primary;
+    font-size: $font-size-xs;
+    font-family: $font-family-mono;
+    color: $color-primary;
     text-decoration: none;
-    margin-bottom: @space-2;
+    margin-bottom: $space-2;
 
     &:hover {
         text-decoration: underline;
@@ -578,26 +578,26 @@
 .multidev-card-meta {
     display: flex;
     flex-wrap: wrap;
-    gap: @space-2;
+    gap: $space-2;
 }
 
 .multidev-meta-item {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
 }
 
 .multidev-card-footer {
     display: flex;
-    gap: @space-2;
-    padding: @space-2 @space-3;
-    border-top: 1px solid @border-subtle;
-    background: @bg-tertiary;
-    border-radius: 0 0 @radius-lg @radius-lg;
+    gap: $space-2;
+    padding: $space-2 $space-3;
+    border-top: 1px solid $border-subtle;
+    background: $bg-tertiary;
+    border-radius: 0 0 $radius-lg $radius-lg;
 }
 
 .wp-env-badge.env-multidev {
-    background: fade(@accent-primary-raw, 12%);
-    color: @color-primary;
+    background: fade($accent-primary-raw, 12%);
+    color: $color-primary;
 }
 
 // ============================================
@@ -607,52 +607,52 @@
 .branch-selected {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    padding: @space-3;
-    background: fade(@accent-primary-raw, 8%);
-    border: 1px solid fade(@accent-primary-raw, 25%);
-    border-radius: @radius-md;
+    gap: $space-2;
+    padding: $space-3;
+    background: fade($accent-primary-raw, 8%);
+    border: 1px solid fade($accent-primary-raw, 25%);
+    border-radius: $radius-md;
 
     svg {
-        color: @color-primary;
+        color: $color-primary;
         flex-shrink: 0;
     }
 }
 
 .branch-selected-name {
     flex: 1;
-    font-family: @font-family-mono;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    color: @text-primary;
+    font-family: $font-family-mono;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    color: $text-primary;
 }
 
 .branch-picker-loading {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    padding: @space-4;
+    gap: $space-2;
+    padding: $space-4;
     justify-content: center;
-    color: @text-tertiary;
-    font-size: @font-size-sm;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
 }
 
 .branch-picker {
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
     overflow: hidden;
 }
 
 .branch-picker-search {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    padding: @space-2 @space-3;
-    border-bottom: 1px solid @border-subtle;
-    background: @bg-tertiary;
+    gap: $space-2;
+    padding: $space-2 $space-3;
+    border-bottom: 1px solid $border-subtle;
+    background: $bg-tertiary;
 
     svg {
-        color: @text-tertiary;
+        color: $text-tertiary;
         flex-shrink: 0;
     }
 
@@ -660,13 +660,13 @@
         flex: 1;
         border: none;
         background: none;
-        font-size: @font-size-sm;
-        color: @text-primary;
+        font-size: $font-size-sm;
+        color: $text-primary;
         outline: none;
         padding: 0;
 
         &::placeholder {
-            color: @text-tertiary;
+            color: $text-tertiary;
         }
     }
 }
@@ -681,10 +681,10 @@
     flex-direction: column;
     gap: 2px;
     width: 100%;
-    padding: @space-2 @space-3;
+    padding: $space-2 $space-3;
     border: none;
-    border-bottom: 1px solid @border-subtle;
-    background: @bg-card;
+    border-bottom: 1px solid $border-subtle;
+    background: $bg-card;
     cursor: pointer;
     text-align: left;
     transition: background 0.1s ease;
@@ -694,7 +694,7 @@
     }
 
     &:hover:not(:disabled) {
-        background: @bg-hover;
+        background: $bg-hover;
     }
 
     &:disabled {
@@ -703,57 +703,57 @@
     }
 
     &.has-env {
-        background: fade(@text-tertiary-raw, 3%);
+        background: fade($text-tertiary-raw, 3%);
     }
 }
 
 .branch-picker-item-main {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    font-size: @font-size-sm;
-    color: @text-primary;
+    gap: $space-2;
+    font-size: $font-size-sm;
+    color: $text-primary;
 
     svg {
-        color: @text-tertiary;
+        color: $text-tertiary;
         flex-shrink: 0;
     }
 }
 
 .branch-name {
-    font-family: @font-family-mono;
-    font-weight: @font-weight-medium;
+    font-family: $font-family-mono;
+    font-weight: $font-weight-medium;
 }
 
 .branch-tag {
     font-size: 10px;
-    font-weight: @font-weight-medium;
+    font-weight: $font-weight-medium;
     padding: 1px 6px;
-    border-radius: @radius-sm;
-    background: fade(@text-tertiary-raw, 10%);
-    color: @text-tertiary;
+    border-radius: $radius-sm;
+    background: fade($text-tertiary-raw, 10%);
+    color: $text-tertiary;
 
     &.env {
-        background: fade(@accent-primary-raw, 10%);
-        color: @color-primary;
+        background: fade($accent-primary-raw, 10%);
+        color: $color-primary;
     }
 }
 
 .branch-picker-item-meta {
     display: flex;
     align-items: center;
-    gap: @space-2;
+    gap: $space-2;
     padding-left: 20px;
 
     .branch-sha {
-        font-family: @font-family-mono;
+        font-family: $font-family-mono;
         font-size: 11px;
-        color: @text-tertiary;
+        color: $text-tertiary;
     }
 
     .branch-msg {
         font-size: 11px;
-        color: @text-tertiary;
+        color: $text-tertiary;
         overflow: hidden;
         text-overflow: ellipsis;
         white-space: nowrap;
@@ -761,18 +761,18 @@
 }
 
 .branch-picker-empty {
-    padding: @space-4;
+    padding: $space-4;
     text-align: center;
-    font-size: @font-size-sm;
-    color: @text-tertiary;
+    font-size: $font-size-sm;
+    color: $text-tertiary;
 }
 
 .branch-picker-custom {
     width: 100%;
-    border-top: 1px solid @border-subtle;
-    border-radius: 0 0 @radius-md @radius-md;
+    border-top: 1px solid $border-subtle;
+    border-radius: 0 0 $radius-md $radius-md;
     justify-content: center;
-    color: @color-primary !important;
+    color: $color-primary !important;
 }
 
 // ============================================
@@ -784,11 +784,11 @@
     display: flex;
     align-items: center;
     justify-content: center;
-    gap: @space-3;
-    padding: @space-4;
-    background: @bg-tertiary;
-    border-radius: @radius-md;
-    margin-bottom: @space-4;
+    gap: $space-3;
+    padding: $space-4;
+    background: $bg-tertiary;
+    border-radius: $radius-md;
+    margin-bottom: $space-4;
 }
 
 .promote-env-pill {
@@ -796,36 +796,36 @@
     flex-direction: column;
     align-items: center;
     gap: 4px;
-    padding: @space-3 @space-4;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
+    padding: $space-3 $space-4;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
     min-width: 120px;
 
     .promote-env-type {
-        font-size: @font-size-xs;
-        font-weight: @font-weight-bold;
+        font-size: $font-size-xs;
+        font-weight: $font-weight-bold;
         text-transform: uppercase;
         letter-spacing: 0.5px;
     }
 
     .promote-env-name {
-        font-size: @font-size-sm;
-        color: @text-secondary;
+        font-size: $font-size-sm;
+        color: $text-secondary;
         max-width: 150px;
         overflow: hidden;
         text-overflow: ellipsis;
         white-space: nowrap;
     }
 
-    &.production .promote-env-type { color: @color-danger; }
-    &.staging .promote-env-type { color: @color-warning; }
-    &.development .promote-env-type { color: @color-info; }
-    &.multidev .promote-env-type { color: @color-primary; }
+    &.production .promote-env-type { color: $color-danger; }
+    &.staging .promote-env-type { color: $color-warning; }
+    &.development .promote-env-type { color: $color-info; }
+    &.multidev .promote-env-type { color: $color-primary; }
 }
 
 .promote-arrow {
-    color: @text-tertiary;
+    color: $text-tertiary;
     flex-shrink: 0;
 }
 
@@ -833,27 +833,27 @@
 .sync-warning {
     display: flex;
     align-items: flex-start;
-    gap: @space-3;
-    padding: @space-3 @space-4;
-    background: fade(@color-warning, 8%);
-    border: 1px solid fade(@color-warning, 20%);
-    border-radius: @radius-md;
-    margin-top: @space-4;
-    font-size: @font-size-sm;
-    color: @text-secondary;
+    gap: $space-3;
+    padding: $space-3 $space-4;
+    background: fade($color-warning, 8%);
+    border: 1px solid fade($color-warning, 20%);
+    border-radius: $radius-md;
+    margin-top: $space-4;
+    font-size: $font-size-sm;
+    color: $text-secondary;
 
     > svg {
-        color: @color-warning;
+        color: $color-warning;
         flex-shrink: 0;
         margin-top: 2px;
     }
 
     strong {
-        color: @text-primary;
+        color: $text-primary;
     }
 
     p {
-        margin: @space-1 0 0;
+        margin: $space-1 0 0;
     }
 }
 
@@ -861,27 +861,27 @@
 .radio-group {
     display: flex;
     flex-direction: column;
-    gap: @space-2;
+    gap: $space-2;
 }
 
 .radio-label {
     display: flex;
     align-items: flex-start;
-    gap: @space-3;
-    padding: @space-3;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
+    gap: $space-3;
+    padding: $space-3;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
     cursor: pointer;
     transition: all 0.15s ease;
 
     &:hover {
-        border-color: @border-hover;
-        background: @bg-hover;
+        border-color: $border-hover;
+        background: $bg-hover;
     }
 
     &:has(input:checked) {
-        border-color: @color-primary;
-        background: fade(@accent-primary-raw, 5%);
+        border-color: $color-primary;
+        background: fade($accent-primary-raw, 5%);
     }
 
     input[type="radio"] {
@@ -896,20 +896,20 @@
     gap: 2px;
 
     strong {
-        font-size: @font-size-sm;
-        color: @text-primary;
+        font-size: $font-size-sm;
+        color: $text-primary;
     }
 
     span {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
     }
 }
 
 .checkbox-group {
     display: flex;
     flex-direction: column;
-    gap: @space-2;
+    gap: $space-2;
 }
 
 // ============================================
@@ -920,36 +920,36 @@
     display: flex;
     flex-direction: column;
     gap: 1px;
-    background: @border-subtle;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
+    background: $border-subtle;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
     overflow: hidden;
 
     &.compact .activity-item {
-        padding: @space-2 @space-3;
+        padding: $space-2 $space-3;
     }
 }
 
 .activity-feed-empty {
-    padding: @space-6;
+    padding: $space-6;
     text-align: center;
-    color: @text-tertiary;
-    font-size: @font-size-sm;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
 }
 
 .activity-item {
     display: flex;
     align-items: center;
-    gap: @space-3;
-    padding: @space-3 @space-4;
-    background: @bg-card;
+    gap: $space-3;
+    padding: $space-3 $space-4;
+    background: $bg-card;
 }
 
 .activity-item-skeleton {
     display: flex;
     align-items: center;
-    gap: @space-3;
-    padding: @space-3 @space-4;
+    gap: $space-3;
+    padding: $space-3 $space-4;
 }
 
 .activity-icon {
@@ -962,28 +962,28 @@
     flex-shrink: 0;
 
     &.success {
-        background: fade(@color-success, 12%);
-        color: @color-success;
+        background: fade($color-success, 12%);
+        color: $color-success;
     }
     &.danger {
-        background: fade(@color-danger, 12%);
-        color: @color-danger;
+        background: fade($color-danger, 12%);
+        color: $color-danger;
     }
     &.warning {
-        background: fade(@color-warning, 12%);
-        color: @color-warning;
+        background: fade($color-warning, 12%);
+        color: $color-warning;
     }
     &.info {
-        background: fade(@color-info, 12%);
-        color: @color-info;
+        background: fade($color-info, 12%);
+        color: $color-info;
     }
     &.primary {
-        background: fade(@accent-primary-raw, 12%);
-        color: @color-primary;
+        background: fade($accent-primary-raw, 12%);
+        color: $color-primary;
     }
     &.default {
-        background: fade(@text-tertiary-raw, 12%);
-        color: @text-tertiary;
+        background: fade($text-tertiary-raw, 12%);
+        color: $text-tertiary;
     }
 }
 
@@ -993,8 +993,8 @@
 }
 
 .activity-description {
-    font-size: @font-size-sm;
-    color: @text-primary;
+    font-size: $font-size-sm;
+    color: $text-primary;
     display: block;
     white-space: nowrap;
     overflow: hidden;
@@ -1002,8 +1002,8 @@
 }
 
 .activity-error {
-    font-size: @font-size-xs;
-    color: @color-danger;
+    font-size: $font-size-xs;
+    color: $color-danger;
     display: block;
     margin-top: 2px;
 }
@@ -1011,36 +1011,36 @@
 .activity-meta {
     display: flex;
     align-items: center;
-    gap: @space-2;
+    gap: $space-2;
     flex-shrink: 0;
 }
 
 .activity-time {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
     white-space: nowrap;
 }
 
 .activity-status-badge {
     font-size: 10px;
-    font-weight: @font-weight-medium;
+    font-weight: $font-weight-medium;
     padding: 2px 6px;
-    border-radius: @radius-sm;
+    border-radius: $radius-sm;
 
     &.failed {
-        background: fade(@color-danger, 12%);
-        color: @color-danger;
+        background: fade($color-danger, 12%);
+        color: $color-danger;
     }
 
     &.running {
-        background: fade(@color-info, 12%);
-        color: @color-info;
+        background: fade($color-info, 12%);
+        color: $color-info;
     }
 }
 
 .activity-load-more {
-    background: @bg-card;
-    padding: @space-3;
+    background: $bg-card;
+    padding: $space-3;
     text-align: center;
     width: 100%;
     justify-content: center;
@@ -1048,7 +1048,7 @@
 
 // Pipeline Activity Preview
 .pipeline-activity-preview {
-    margin-top: @space-6;
+    margin-top: $space-6;
 }
 
 // ============================================
@@ -1064,10 +1064,10 @@
     height: 400px;
     z-index: 200;
     box-shadow: -4px -4px 24px rgba(0, 0, 0, 0.3);
-    border-radius: @radius-lg @radius-lg 0 0;
+    border-radius: $radius-lg $radius-lg 0 0;
     overflow: hidden;
 
-    @media (max-width: 768px) {
+    @media (max-width: $breakpoint-md) {
         width: 100%;
     }
 }
@@ -1076,66 +1076,66 @@
     display: flex;
     flex-direction: column;
     height: 100%;
-    background: @bg-body;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg @radius-lg 0 0;
+    background: $bg-body;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg $radius-lg 0 0;
 }
 
 .container-logs-header {
     display: flex;
     align-items: center;
     justify-content: space-between;
-    padding: @space-3 @space-4;
-    border-bottom: 1px solid @border-subtle;
-    background: @bg-elevated;
+    padding: $space-3 $space-4;
+    border-bottom: 1px solid $border-subtle;
+    background: $bg-elevated;
 }
 
 .container-logs-title {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-semibold;
-    color: @text-primary;
+    gap: $space-2;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-semibold;
+    color: $text-primary;
 }
 
 .container-logs-controls {
     display: flex;
     align-items: center;
-    gap: @space-2;
+    gap: $space-2;
 }
 
 .logs-service-select,
 .logs-lines-select {
     padding: 4px 8px;
-    font-size: @font-size-xs;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-sm;
-    background: @bg-card;
-    color: @text-primary;
+    font-size: $font-size-xs;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-sm;
+    background: $bg-card;
+    color: $text-primary;
 }
 
 .container-logs-body {
     flex: 1;
     overflow-y: auto;
-    background: @bg-body;
+    background: $bg-body;
 }
 
 .logs-loading,
 .logs-empty {
-    padding: @space-6;
+    padding: $space-6;
     text-align: center;
-    color: @text-tertiary;
-    font-size: @font-size-sm;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
 }
 
 .logs-content {
     margin: 0;
-    padding: @space-3;
-    font-family: @font-family-mono;
+    padding: $space-3;
+    font-family: $font-family-mono;
     font-size: 12px;
     line-height: 1.6;
-    color: @text-secondary;
+    color: $text-secondary;
     white-space: pre-wrap;
     word-break: break-all;
 }
@@ -1144,7 +1144,7 @@
     padding: 1px 0;
 
     &:hover {
-        background: fade(@text-primary-raw, 5%);
+        background: fade($text-primary-raw, 5%);
     }
 }
 
@@ -1156,11 +1156,11 @@
     display: flex;
     align-items: center;
     justify-content: center;
-    gap: @space-3;
-    padding: @space-4;
-    background: @bg-tertiary;
-    margin: 0 -@space-5;
-    padding: @space-4 @space-5;
+    gap: $space-3;
+    padding: $space-4;
+    background: $bg-tertiary;
+    margin: 0 -$space-5;
+    padding: $space-4 $space-5;
 }
 
 .compare-env-pill {
@@ -1168,41 +1168,41 @@
     flex-direction: column;
     align-items: center;
     gap: 4px;
-    padding: @space-3 @space-4;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
+    padding: $space-3 $space-4;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
     min-width: 120px;
 
     .compare-env-type {
-        font-size: @font-size-xs;
-        font-weight: @font-weight-bold;
+        font-size: $font-size-xs;
+        font-weight: $font-weight-bold;
         text-transform: uppercase;
         letter-spacing: 0.5px;
     }
 
     .compare-env-name {
-        font-size: @font-size-sm;
-        color: @text-secondary;
+        font-size: $font-size-sm;
+        color: $text-secondary;
         max-width: 150px;
         overflow: hidden;
         text-overflow: ellipsis;
         white-space: nowrap;
     }
 
-    &.production .compare-env-type { color: @color-danger; }
-    &.staging .compare-env-type { color: @color-warning; }
-    &.development .compare-env-type { color: @color-info; }
-    &.multidev .compare-env-type { color: @color-primary; }
+    &.production .compare-env-type { color: $color-danger; }
+    &.staging .compare-env-type { color: $color-warning; }
+    &.development .compare-env-type { color: $color-info; }
+    &.multidev .compare-env-type { color: $color-primary; }
 }
 
 .compare-vs-icon {
-    color: @text-tertiary;
+    color: $text-tertiary;
     flex-shrink: 0;
 }
 
 .compare-body {
-    padding: @space-4 0;
+    padding: $space-4 0;
     max-height: 60vh;
     overflow-y: auto;
 }
@@ -1211,24 +1211,24 @@
     display: flex;
     flex-direction: column;
     align-items: center;
-    gap: @space-3;
-    padding: @space-8;
-    color: @text-tertiary;
-    font-size: @font-size-sm;
+    gap: $space-3;
+    padding: $space-8;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
 }
 
 .compare-error {
     text-align: center;
-    padding: @space-6;
+    padding: $space-6;
 
     p {
-        color: @color-danger;
-        margin: 0 0 @space-3;
+        color: $color-danger;
+        margin: 0 0 $space-3;
     }
 }
 
 .compare-section {
-    margin-bottom: @space-4;
+    margin-bottom: $space-4;
 
     &:last-child {
         margin-bottom: 0;
@@ -1239,37 +1239,37 @@
     display: flex;
     align-items: center;
     justify-content: space-between;
-    padding: @space-2 @space-3;
-    background: @bg-tertiary;
-    border-radius: @radius-md;
-    margin-bottom: @space-2;
+    padding: $space-2 $space-3;
+    background: $bg-tertiary;
+    border-radius: $radius-md;
+    margin-bottom: $space-2;
 
     h4 {
         margin: 0;
-        font-size: @font-size-sm;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
     }
 }
 
 .compare-section-summary {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
 }
 
 .compare-table {
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
     overflow: hidden;
 }
 
 .compare-row {
     display: grid;
     grid-template-columns: 1fr 1fr 1fr;
-    gap: @space-2;
-    padding: @space-2 @space-3;
-    border-bottom: 1px solid @border-subtle;
-    font-size: @font-size-sm;
+    gap: $space-2;
+    padding: $space-2 $space-3;
+    border-bottom: 1px solid $border-subtle;
+    font-size: $font-size-sm;
     align-items: center;
 
     &:last-child {
@@ -1277,25 +1277,25 @@
     }
 
     &.match {
-        .compare-row-icon { color: @color-success; }
+        .compare-row-icon { color: $color-success; }
     }
 
     &.different {
-        background: fade(@color-danger, 5%);
-        .compare-row-icon { color: @color-danger; }
+        background: fade($color-danger, 5%);
+        .compare-row-icon { color: $color-danger; }
         .compare-row-value-a,
         .compare-row-value-b {
-            font-weight: @font-weight-medium;
+            font-weight: $font-weight-medium;
         }
     }
 
     &.only-a {
-        .compare-row-icon { color: @color-warning; }
+        .compare-row-icon { color: $color-warning; }
         .compare-row-value-b { opacity: 0.4; }
     }
 
     &.only-b {
-        .compare-row-icon { color: @color-warning; }
+        .compare-row-icon { color: $color-warning; }
         .compare-row-value-a { opacity: 0.4; }
     }
 }
@@ -1303,9 +1303,9 @@
 .compare-row-label {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    font-weight: @font-weight-medium;
-    color: @text-primary;
+    gap: $space-2;
+    font-weight: $font-weight-medium;
+    color: $text-primary;
 }
 
 .compare-row-icon {
@@ -1314,41 +1314,41 @@
 
 .compare-row-value-a,
 .compare-row-value-b {
-    font-size: @font-size-xs;
-    color: @text-secondary;
-    font-family: @font-family-mono;
+    font-size: $font-size-xs;
+    color: $text-secondary;
+    font-family: $font-family-mono;
     overflow: hidden;
     text-overflow: ellipsis;
     white-space: nowrap;
 }
 
 .compare-na {
-    color: @text-tertiary;
+    color: $text-tertiary;
     font-style: italic;
 }
 
 .compare-empty-row {
-    padding: @space-4;
+    padding: $space-4;
     text-align: center;
-    font-size: @font-size-sm;
-    color: @text-tertiary;
+    font-size: $font-size-sm;
+    color: $text-tertiary;
 }
 
 // Pipeline Compare Row
 .pipeline-compare-row {
     display: flex;
-    gap: @space-3;
+    gap: $space-3;
     justify-content: center;
-    margin-top: @space-2;
-    padding: @space-2 0;
+    margin-top: $space-2;
+    padding: $space-2 0;
 }
 
 .pipeline-compare-btn {
-    color: @text-tertiary !important;
-    font-size: @font-size-xs !important;
+    color: $text-tertiary !important;
+    font-size: $font-size-xs !important;
 
     &:hover {
-        color: @color-primary !important;
+        color: $color-primary !important;
     }
 }
 
@@ -1357,7 +1357,7 @@
 // ============================================
 
 .sanitization-profiles-body {
-    padding: @space-4 0;
+    padding: $space-4 0;
     max-height: 60vh;
     overflow-y: auto;
 }
@@ -1366,30 +1366,30 @@
     display: flex;
     align-items: center;
     justify-content: center;
-    padding: @space-8;
+    padding: $space-8;
 }
 
 .sanitization-profile-list {
     display: flex;
     flex-direction: column;
-    gap: @space-3;
-    margin-bottom: @space-4;
+    gap: $space-3;
+    margin-bottom: $space-4;
 }
 
 .sanitization-profile-card {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    padding: @space-3 @space-4;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    padding: $space-3 $space-4;
     transition: border-color 0.15s ease;
 
     &:hover {
-        border-color: @border-hover;
+        border-color: $border-hover;
     }
 
     &.default {
-        border-color: fade(@accent-primary-raw, 30%);
-        border-left: 3px solid @color-primary;
+        border-color: fade($accent-primary-raw, 30%);
+        border-left: 3px solid $color-primary;
     }
 }
 
@@ -1397,48 +1397,48 @@
     display: flex;
     align-items: center;
     justify-content: space-between;
-    margin-bottom: @space-2;
+    margin-bottom: $space-2;
 }
 
 .sanitization-profile-card-title {
     display: flex;
     align-items: center;
-    gap: @space-2;
+    gap: $space-2;
 
     h5 {
         margin: 0;
-        font-size: @font-size-sm;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
     }
 }
 
 .sanitization-tag {
     font-size: 10px;
-    font-weight: @font-weight-medium;
+    font-weight: $font-weight-medium;
     padding: 1px 6px;
-    border-radius: @radius-sm;
+    border-radius: $radius-sm;
 
     &.builtin {
-        background: fade(@text-tertiary-raw, 10%);
-        color: @text-tertiary;
+        background: fade($text-tertiary-raw, 10%);
+        color: $text-tertiary;
     }
 
     &.default {
-        background: fade(@accent-primary-raw, 12%);
-        color: @color-primary;
+        background: fade($accent-primary-raw, 12%);
+        color: $color-primary;
     }
 }
 
 .sanitization-profile-card-actions {
     display: flex;
-    gap: @space-1;
+    gap: $space-1;
 }
 
 .sanitization-profile-desc {
-    font-size: @font-size-xs;
-    color: @text-secondary;
-    margin: 0 0 @space-2;
+    font-size: $font-size-xs;
+    color: $text-secondary;
+    margin: 0 0 $space-2;
 }
 
 .sanitization-rule-tags {
@@ -1450,9 +1450,9 @@
 .sanitization-rule-tag {
     font-size: 10px;
     padding: 2px 8px;
-    background: @bg-tertiary;
-    border-radius: @radius-sm;
-    color: @text-tertiary;
+    background: $bg-tertiary;
+    border-radius: $radius-sm;
+    color: $text-tertiary;
 
     &.empty {
         font-style: italic;
@@ -1466,24 +1466,24 @@
 
 // Profile Editor
 .sanitization-editor {
-    background: @bg-tertiary;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    padding: @space-4;
-    margin-top: @space-3;
+    background: $bg-tertiary;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    padding: $space-4;
+    margin-top: $space-3;
 
     h4 {
-        margin: 0 0 @space-3;
-        font-size: @font-size-sm;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
+        margin: 0 0 $space-3;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
     }
 
     .form-group {
-        margin-bottom: @space-3;
+        margin-bottom: $space-3;
 
         &:last-of-type {
-            margin-bottom: @space-4;
+            margin-bottom: $space-4;
         }
     }
 }
@@ -1491,9 +1491,9 @@
 .sanitization-editor-actions {
     display: flex;
     justify-content: flex-end;
-    gap: @space-2;
-    padding-top: @space-3;
-    border-top: 1px solid @border-subtle;
+    gap: $space-2;
+    padding-top: $space-3;
+    border-top: 1px solid $border-subtle;
 }
 
 // ============================================
@@ -1505,14 +1505,14 @@
 // ============================================
 
 .pipeline-card-checkbox {
-    margin-right: @space-1;
+    margin-right: $space-1;
     accent-color: var(--color-primary, #3b82f6);
 }
 
 .pipeline-card-menu-divider {
     height: 1px;
-    background: @border-subtle;
-    margin: @space-1 0;
+    background: $border-subtle;
+    margin: $space-1 0;
 }
 
 // ============================================
@@ -1524,24 +1524,24 @@
 }
 
 .resource-limits-env-name {
-    font-size: @font-size-sm;
-    font-weight: @font-weight-semibold;
-    color: @text-primary;
-    padding-bottom: @space-3;
-    border-bottom: 1px solid @border-subtle;
-    margin-bottom: @space-3;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-semibold;
+    color: $text-primary;
+    padding-bottom: $space-3;
+    border-bottom: 1px solid $border-subtle;
+    margin-bottom: $space-3;
 }
 
 .resource-limits-presets {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    margin-bottom: @space-4;
+    gap: $space-2;
+    margin-bottom: $space-4;
 }
 
 .resource-limits-presets-label {
-    font-size: @font-size-sm;
-    color: @text-secondary;
+    font-size: $font-size-sm;
+    color: $text-secondary;
 }
 
 .resource-preset-btn {
@@ -1549,16 +1549,16 @@
 }
 
 .resource-limits-section {
-    margin-bottom: @space-4;
+    margin-bottom: $space-4;
 
     h4 {
         display: flex;
         align-items: center;
-        gap: @space-2;
-        font-size: @font-size-sm;
-        font-weight: @font-weight-semibold;
-        color: @text-secondary;
-        margin: 0 0 @space-3;
+        gap: $space-2;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-semibold;
+        color: $text-secondary;
+        margin: 0 0 $space-3;
     }
 }
 
@@ -1566,36 +1566,36 @@
     display: flex;
     align-items: center;
     justify-content: space-between;
-    padding: @space-2 0;
+    padding: $space-2 0;
 
     label {
-        font-size: @font-size-sm;
-        color: @text-primary;
+        font-size: $font-size-sm;
+        color: $text-primary;
     }
 
     select {
         width: 120px;
-        padding: @space-1 @space-2;
-        font-size: @font-size-sm;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-sm;
-        background: @bg-card;
-        color: @text-primary;
+        padding: $space-1 $space-2;
+        font-size: $font-size-sm;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-sm;
+        background: $bg-card;
+        color: $text-primary;
     }
 }
 
 .resource-limits-warning {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    padding: @space-3;
-    background: fade(@color-warning, 8%);
-    border: 1px solid fade(@color-warning, 20%);
-    border-radius: @radius-md;
-    margin-top: @space-3;
-    margin-bottom: @space-3;
-    font-size: @font-size-xs;
-    color: @color-warning;
+    gap: $space-2;
+    padding: $space-3;
+    background: fade($color-warning, 8%);
+    border: 1px solid fade($color-warning, 20%);
+    border-radius: $radius-md;
+    margin-top: $space-3;
+    margin-bottom: $space-3;
+    font-size: $font-size-xs;
+    color: $color-warning;
 }
 
 // ============================================
@@ -1607,30 +1607,30 @@
 }
 
 .basic-auth-body {
-    padding: @space-4 0;
+    padding: $space-4 0;
 }
 
 .basic-auth-env-name {
-    font-size: @font-size-sm;
-    font-weight: @font-weight-semibold;
-    color: @text-primary;
-    padding-bottom: @space-3;
-    border-bottom: 1px solid @border-subtle;
-    margin-bottom: @space-3;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-semibold;
+    color: $text-primary;
+    padding-bottom: $space-3;
+    border-bottom: 1px solid $border-subtle;
+    margin-bottom: $space-3;
 }
 
 .basic-auth-loading {
     display: flex;
     align-items: center;
-    gap: @space-2;
+    gap: $space-2;
     justify-content: center;
-    padding: @space-4;
-    color: @text-tertiary;
-    font-size: @font-size-sm;
+    padding: $space-4;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
 }
 
 .basic-auth-toggle {
-    margin-bottom: @space-4;
+    margin-bottom: $space-4;
 }
 
 .basic-auth-toggle-label {
@@ -1640,16 +1640,16 @@
     cursor: pointer;
 
     span {
-        font-size: @font-size-sm;
-        font-weight: @font-weight-medium;
-        color: @text-primary;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
+        color: $text-primary;
     }
 }
 
 .basic-auth-description {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-    margin: @space-1 0 0;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+    margin: $space-1 0 0;
 }
 
 .toggle-switch {
@@ -1658,7 +1658,7 @@
     height: 24px;
     border: none;
     border-radius: 12px;
-    background: @bg-tertiary;
+    background: $bg-tertiary;
     cursor: pointer;
     transition: background 0.2s ease;
     padding: 0;
@@ -1684,38 +1684,38 @@
 }
 
 .basic-auth-current {
-    padding: @space-3;
-    background: @bg-tertiary;
-    border-radius: @radius-md;
+    padding: $space-3;
+    background: $bg-tertiary;
+    border-radius: $radius-md;
 }
 
 .basic-auth-credentials {
     display: flex;
     flex-direction: column;
-    gap: @space-3;
+    gap: $space-3;
 }
 
 .basic-auth-credential-warning {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    padding: @space-2 @space-3;
-    background: fade(@color-warning, 10%);
-    border: 1px solid fade(@color-warning, 20%);
-    border-radius: @radius-md;
-    font-size: @font-size-xs;
-    color: @color-warning;
+    gap: $space-2;
+    padding: $space-2 $space-3;
+    background: fade($color-warning, 10%);
+    border: 1px solid fade($color-warning, 20%);
+    border-radius: $radius-md;
+    font-size: $font-size-xs;
+    color: $color-warning;
 }
 
 .basic-auth-field {
     display: flex;
     flex-direction: column;
-    gap: @space-1;
+    gap: $space-1;
 
     label {
-        font-size: @font-size-xs;
-        font-weight: @font-weight-medium;
-        color: @text-tertiary;
+        font-size: $font-size-xs;
+        font-weight: $font-weight-medium;
+        color: $text-tertiary;
         text-transform: uppercase;
         letter-spacing: 0.5px;
     }
@@ -1724,23 +1724,23 @@
 .basic-auth-value {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    padding: @space-2 @space-3;
-    background: @bg-tertiary;
-    border-radius: @radius-sm;
+    gap: $space-2;
+    padding: $space-2 $space-3;
+    background: $bg-tertiary;
+    border-radius: $radius-sm;
 
     code {
         flex: 1;
-        font-family: @font-family-mono;
-        font-size: @font-size-sm;
-        color: @text-primary;
+        font-family: $font-family-mono;
+        font-size: $font-size-sm;
+        color: $text-primary;
     }
 }
 
 .basic-auth-hint {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-    margin-top: @space-2;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+    margin-top: $space-2;
 }
 
 // ============================================
@@ -1757,14 +1757,14 @@
 .wpcli-quick-actions {
     display: flex;
     flex-wrap: wrap;
-    gap: @space-1;
-    padding: @space-2 @space-4;
-    border-bottom: 1px solid @border-subtle;
-    background: @bg-tertiary;
+    gap: $space-1;
+    padding: $space-2 $space-4;
+    border-bottom: 1px solid $border-subtle;
+    background: $bg-tertiary;
 }
 
 .wpcli-history {
-    border-bottom: 1px solid @border-subtle;
+    border-bottom: 1px solid $border-subtle;
     max-height: 200px;
     overflow-y: auto;
 }
@@ -1772,50 +1772,50 @@
 .wpcli-history-item {
     display: block;
     width: 100%;
-    padding: @space-2 @space-4;
+    padding: $space-2 $space-4;
     border: none;
     background: none;
     text-align: left;
     cursor: pointer;
-    border-bottom: 1px solid @border-subtle;
+    border-bottom: 1px solid $border-subtle;
 
     &:last-child {
         border-bottom: none;
     }
 
     &:hover {
-        background: @bg-hover;
+        background: $bg-hover;
     }
 
     code {
-        font-family: @font-family-mono;
-        font-size: @font-size-xs;
-        color: @text-primary;
+        font-family: $font-family-mono;
+        font-size: $font-size-xs;
+        color: $text-primary;
     }
 }
 
 .wpcli-output {
     flex: 1;
     overflow-y: auto;
-    padding: @space-3;
-    background: @bg-body;
-    font-family: @font-family-mono;
+    padding: $space-3;
+    background: $bg-body;
+    font-family: $font-family-mono;
     font-size: 12px;
     line-height: 1.6;
 }
 
 .wpcli-output-empty {
-    color: @text-tertiary;
+    color: $text-tertiary;
     text-align: center;
-    padding: @space-6;
-    font-size: @font-size-sm;
+    padding: $space-6;
+    font-size: $font-size-sm;
 }
 
 .wpcli-output-command {
     display: flex;
-    gap: @space-2;
-    color: @color-primary;
-    margin-top: @space-2;
+    gap: $space-2;
+    color: $color-primary;
+    margin-top: $space-2;
 
     &:first-child {
         margin-top: 0;
@@ -1824,54 +1824,54 @@
 
 .wpcli-output-text {
     margin: 0;
-    color: @text-secondary;
+    color: $text-secondary;
     white-space: pre-wrap;
     word-break: break-all;
 }
 
 .wpcli-output-error {
     margin: 0;
-    color: @color-danger;
+    color: $color-danger;
     white-space: pre-wrap;
     word-break: break-all;
 }
 
 .wpcli-prompt {
-    color: @color-success;
-    font-weight: @font-weight-bold;
+    color: $color-success;
+    font-weight: $font-weight-bold;
     user-select: none;
 }
 
 .wpcli-executing {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    padding: @space-2 0;
-    color: @text-tertiary;
-    font-size: @font-size-xs;
+    gap: $space-2;
+    padding: $space-2 0;
+    color: $text-tertiary;
+    font-size: $font-size-xs;
 }
 
 .wpcli-input-row {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    padding: @space-2 @space-3;
-    border-top: 1px solid @border-subtle;
-    background: @bg-elevated;
+    gap: $space-2;
+    padding: $space-2 $space-3;
+    border-top: 1px solid $border-subtle;
+    background: $bg-elevated;
 }
 
 .wpcli-input {
     flex: 1;
     border: none;
     background: none;
-    font-family: @font-family-mono;
-    font-size: @font-size-sm;
-    color: @text-primary;
+    font-family: $font-family-mono;
+    font-size: $font-size-sm;
+    color: $text-primary;
     outline: none;
-    padding: @space-1 0;
+    padding: $space-1 0;
 
     &::placeholder {
-        color: @text-tertiary;
+        color: $text-tertiary;
     }
 }
 
@@ -1880,118 +1880,118 @@
 // ============================================
 
 .health-status-panel {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-4;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-4;
 }
 
 .health-panel-loading {
     display: flex;
     align-items: center;
     justify-content: center;
-    gap: @space-2;
-    padding: @space-6;
-    color: @text-tertiary;
-    font-size: @font-size-sm;
+    gap: $space-2;
+    padding: $space-6;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
 }
 
 .health-panel-header {
     display: flex;
     justify-content: space-between;
     align-items: center;
-    margin-bottom: @space-4;
+    margin-bottom: $space-4;
 
     h4 {
         display: flex;
         align-items: center;
-        gap: @space-2;
+        gap: $space-2;
         margin: 0;
-        font-size: @font-size-base;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
+        font-size: $font-size-base;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
     }
 }
 
 .health-panel-grid {
     display: flex;
     flex-direction: column;
-    gap: @space-3;
+    gap: $space-3;
 }
 
 .health-panel-env {
-    padding: @space-3;
-    background: @bg-tertiary;
-    border-radius: @radius-md;
+    padding: $space-3;
+    background: $bg-tertiary;
+    border-radius: $radius-md;
 }
 
 .health-panel-env-header {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    margin-bottom: @space-2;
+    gap: $space-2;
+    margin-bottom: $space-2;
 }
 
 .health-panel-env-name {
     flex: 1;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-semibold;
-    color: @text-primary;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-semibold;
+    color: $text-primary;
 }
 
 .health-panel-overall {
-    font-size: @font-size-xs;
-    font-weight: @font-weight-medium;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-medium;
     padding: 2px 8px;
-    border-radius: @radius-sm;
+    border-radius: $radius-sm;
 
     &.health-healthy {
-        background: fade(@color-success, 12%);
-        color: @color-success;
+        background: fade($color-success, 12%);
+        color: $color-success;
     }
     &.health-degraded {
-        background: fade(@color-warning, 12%);
-        color: @color-warning;
+        background: fade($color-warning, 12%);
+        color: $color-warning;
     }
     &.health-unhealthy {
-        background: fade(@color-danger, 12%);
-        color: @color-danger;
+        background: fade($color-danger, 12%);
+        color: $color-danger;
     }
     &.health-unknown {
-        background: fade(@text-tertiary-raw, 12%);
-        color: @text-tertiary;
+        background: fade($text-tertiary-raw, 12%);
+        color: $text-tertiary;
     }
 }
 
 .health-panel-checks {
     display: flex;
     flex-direction: column;
-    gap: @space-1;
+    gap: $space-1;
 }
 
 .health-panel-check {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    padding: @space-1 0;
-    font-size: @font-size-xs;
+    gap: $space-2;
+    padding: $space-1 0;
+    font-size: $font-size-xs;
 }
 
 .health-panel-check-name {
-    font-weight: @font-weight-medium;
-    color: @text-secondary;
+    font-weight: $font-weight-medium;
+    color: $text-secondary;
     min-width: 80px;
 }
 
 .health-panel-check-msg {
-    color: @text-tertiary;
+    color: $text-tertiary;
 }
 
 .health-panel-empty {
     text-align: center;
-    padding: @space-6;
-    color: @text-tertiary;
-    font-size: @font-size-sm;
+    padding: $space-6;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
 }
 
 .health-dot {
@@ -2006,33 +2006,33 @@
     display: inline-flex;
     align-items: center;
     gap: 4px;
-    font-size: @font-size-xs;
-    color: @text-tertiary;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
 }
 
 .disk-usage-compact-text {
-    font-family: @font-family-mono;
+    font-family: $font-family-mono;
 }
 
 .disk-usage-bar-container {
-    padding: @space-3;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
+    padding: $space-3;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
 }
 
 .disk-usage-header {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    margin-bottom: @space-2;
-    font-size: @font-size-sm;
-    color: @text-primary;
+    gap: $space-2;
+    margin-bottom: $space-2;
+    font-size: $font-size-sm;
+    color: $text-primary;
 }
 
 .disk-usage-total {
-    font-weight: @font-weight-semibold;
-    font-family: @font-family-mono;
+    font-weight: $font-weight-semibold;
+    font-family: $font-family-mono;
 }
 
 .disk-usage-bar {
@@ -2040,7 +2040,7 @@
     height: 8px;
     border-radius: 4px;
     overflow: hidden;
-    background: @bg-tertiary;
+    background: $bg-tertiary;
 }
 
 .disk-usage-segment {
@@ -2048,33 +2048,33 @@
     transition: width 0.3s ease;
 
     &.wordpress {
-        &.green { background: @color-success; }
-        &.yellow { background: @color-warning; }
-        &.red { background: @color-danger; }
+        &.green { background: $color-success; }
+        &.yellow { background: $color-warning; }
+        &.red { background: $color-danger; }
     }
 
     &.mysql {
-        background: @color-info;
+        background: $color-info;
     }
 
     &.snapshots {
-        background: fade(@text-tertiary-raw, 30%);
+        background: fade($text-tertiary-raw, 30%);
     }
 }
 
 .disk-usage-legend {
     display: flex;
     flex-wrap: wrap;
-    gap: @space-3;
-    margin-top: @space-2;
+    gap: $space-3;
+    margin-top: $space-2;
 }
 
 .disk-usage-legend-item {
     display: flex;
     align-items: center;
     gap: 4px;
-    font-size: @font-size-xs;
-    color: @text-tertiary;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
 }
 
 .disk-usage-legend-dot {
@@ -2082,9 +2082,9 @@
     height: 8px;
     border-radius: 2px;
 
-    &.wordpress { background: @color-success; }
-    &.mysql { background: @color-info; }
-    &.snapshots { background: fade(@text-tertiary-raw, 30%); }
+    &.wordpress { background: $color-success; }
+    &.mysql { background: $color-info; }
+    &.snapshots { background: fade($text-tertiary-raw, 30%); }
 }
 
 // ============================================
@@ -2099,27 +2099,27 @@
     display: flex;
     align-items: center;
     justify-content: center;
-    gap: @space-2;
-    padding: @space-6;
-    color: @text-tertiary;
-    font-size: @font-size-sm;
+    gap: $space-2;
+    padding: $space-6;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
 }
 
 .auto-sync-body {
-    padding: @space-4 0;
+    padding: $space-4 0;
 }
 
 .auto-sync-env-name {
-    font-size: @font-size-sm;
-    font-weight: @font-weight-semibold;
-    color: @text-primary;
-    padding-bottom: @space-3;
-    border-bottom: 1px solid @border-subtle;
-    margin-bottom: @space-3;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-semibold;
+    color: $text-primary;
+    padding-bottom: $space-3;
+    border-bottom: 1px solid $border-subtle;
+    margin-bottom: $space-3;
 }
 
 .auto-sync-toggle {
-    margin-bottom: @space-4;
+    margin-bottom: $space-4;
 }
 
 .auto-sync-toggle-label {
@@ -2129,45 +2129,45 @@
     cursor: pointer;
 
     span {
-        font-size: @font-size-sm;
-        font-weight: @font-weight-medium;
-        color: @text-primary;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
+        color: $text-primary;
     }
 }
 
 .auto-sync-description {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-    margin: @space-1 0 0;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+    margin: $space-1 0 0;
 }
 
 .auto-sync-presets {
     display: flex;
     flex-direction: column;
-    gap: @space-2;
+    gap: $space-2;
 }
 
 .auto-sync-cron-display {
-    font-family: @font-family-mono;
-    font-size: @font-size-xs;
-    color: @text-tertiary;
+    font-family: $font-family-mono;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
 }
 
 .auto-sync-cron-input {
-    font-family: @font-family-mono;
+    font-family: $font-family-mono;
 }
 
 .auto-sync-next-runs {
-    margin-top: @space-4;
-    padding: @space-3;
-    background: @bg-tertiary;
-    border-radius: @radius-md;
+    margin-top: $space-4;
+    padding: $space-3;
+    background: $bg-tertiary;
+    border-radius: $radius-md;
 
     h5 {
-        margin: 0 0 @space-2;
-        font-size: @font-size-xs;
-        font-weight: @font-weight-semibold;
-        color: @text-secondary;
+        margin: 0 0 $space-2;
+        font-size: $font-size-xs;
+        font-weight: $font-weight-semibold;
+        color: $text-secondary;
         text-transform: uppercase;
         letter-spacing: 0.5px;
     }
@@ -2181,13 +2181,13 @@
     li {
         display: flex;
         align-items: center;
-        gap: @space-2;
-        padding: @space-1 0;
-        font-size: @font-size-xs;
-        color: @text-secondary;
+        gap: $space-2;
+        padding: $space-1 0;
+        font-size: $font-size-xs;
+        color: $text-secondary;
 
         svg {
-            color: @text-tertiary;
+            color: $text-tertiary;
         }
     }
 }
@@ -2199,20 +2199,20 @@
 .bulk-actions-bar {
     display: flex;
     align-items: center;
-    gap: @space-3;
-    padding: @space-3 @space-4;
-    background: fade(@accent-primary-raw, 8%);
-    border: 1px solid fade(@accent-primary-raw, 20%);
-    border-radius: @radius-md;
-    margin-bottom: @space-4;
+    gap: $space-3;
+    padding: $space-3 $space-4;
+    background: fade($accent-primary-raw, 8%);
+    border: 1px solid fade($accent-primary-raw, 20%);
+    border-radius: $radius-md;
+    margin-bottom: $space-4;
 }
 
 .bulk-actions-info {
     display: flex;
     align-items: center;
-    gap: @space-1;
-    font-size: @font-size-sm;
-    color: @text-secondary;
+    gap: $space-1;
+    font-size: $font-size-sm;
+    color: $text-secondary;
 }
 
 .bulk-actions-count {
@@ -2222,34 +2222,34 @@
     min-width: 24px;
     height: 24px;
     padding: 0 6px;
-    background: @color-primary;
+    background: $color-primary;
     color: white;
     border-radius: 12px;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-bold;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-bold;
 }
 
 .bulk-actions-buttons {
     display: flex;
-    gap: @space-1;
+    gap: $space-1;
     flex: 1;
 }
 
 .bulk-actions-clear {
-    color: @text-tertiary !important;
+    color: $text-tertiary !important;
 }
 
 .bulk-actions-confirm {
     display: flex;
     align-items: center;
-    gap: @space-3;
+    gap: $space-3;
     width: 100%;
 
     span {
         flex: 1;
-        font-size: @font-size-sm;
-        color: @text-primary;
-        font-weight: @font-weight-medium;
+        font-size: $font-size-sm;
+        color: $text-primary;
+        font-weight: $font-weight-medium;
     }
 }
 
@@ -2261,32 +2261,32 @@
     flex: 1;
     display: flex;
     flex-direction: column;
-    gap: @space-2;
+    gap: $space-2;
 }
 
 .operation-progress {
     display: flex;
     flex-direction: column;
-    gap: @space-1;
+    gap: $space-1;
 }
 
 .operation-progress-bar {
     height: 4px;
-    background: fade(@color-info, 20%);
+    background: fade($color-info, 20%);
     border-radius: 2px;
     overflow: hidden;
 }
 
 .operation-progress-fill {
     height: 100%;
-    background: @color-info;
+    background: $color-info;
     border-radius: 2px;
     transition: width 0.3s ease;
 }
 
 .operation-progress-step {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
 }
 
 // ============================================
@@ -2294,7 +2294,7 @@
 // ============================================
 
 .health-tab {
-    padding: @space-4 0;
+    padding: $space-4 0;
 }
 
 // ============================================
@@ -2313,7 +2313,7 @@
 
     .pipeline-arrow {
         min-width: auto;
-        padding: @space-2 0;
+        padding: $space-2 0;
 
         .pipeline-arrow-btn {
             flex-direction: row;
diff --git a/frontend/src/styles/pages/_wordpress.less b/frontend/src/styles/pages/_wordpress.scss
similarity index 50%
rename from frontend/src/styles/pages/_wordpress.less
rename to frontend/src/styles/pages/_wordpress.scss
index c062bd72..9dcad5fe 100644
--- a/frontend/src/styles/pages/_wordpress.less
+++ b/frontend/src/styles/pages/_wordpress.scss
@@ -8,23 +8,23 @@
 
     .empty-state-large {
         .empty-icon svg {
-            stroke: #21759b;
+            stroke: $color-wordpress;
         }
     }
 
     .status-card.success {
-        border-left-color: @color-success;
+        border-left-color: $color-success;
 
         .status-icon {
-            color: @color-success;
+            color: $color-success;
         }
     }
 
     .status-card.danger {
-        border-left-color: @color-danger;
+        border-left-color: $color-danger;
 
         .status-icon {
-            color: @color-danger;
+            color: $color-danger;
         }
     }
 }
@@ -35,27 +35,27 @@
         display: flex;
         justify-content: space-between;
         align-items: flex-start;
-        margin-bottom: @space-6;
-        padding: @space-4 @space-4 0;
+        margin-bottom: $space-6;
+        padding: $space-4 $space-4 0;
         flex-wrap: wrap;
-        gap: @space-4;
+        gap: $space-4;
 
         .page-header-content {
             h1 {
-                font-size: @font-size-2xl;
-                font-weight: @font-weight-semibold;
-                margin: 0 0 @space-1 0;
+                font-size: $font-size-2xl;
+                font-weight: $font-weight-semibold;
+                margin: 0 0 $space-1 0;
             }
 
             .page-description {
-                color: @text-secondary;
+                color: $text-secondary;
                 margin: 0;
             }
         }
 
         .page-header-actions {
             display: flex;
-            gap: @space-2;
+            gap: $space-2;
         }
     }
 
@@ -64,77 +64,77 @@
         flex-direction: column;
         align-items: center;
         justify-content: center;
-        padding: 60px @space-6;
-        background: @bg-card;
-        border-radius: @radius-xl;
+        padding: 60px $space-6;
+        background: $bg-card;
+        border-radius: $radius-xl;
         text-align: center;
-        margin: 0 @space-4;
+        margin: 0 $space-4;
 
         .empty-icon {
-            color: @text-tertiary;
-            margin-bottom: @space-6;
+            color: $text-tertiary;
+            margin-bottom: $space-6;
 
             svg {
-                stroke: #21759b;
+                stroke: $color-wordpress;
             }
         }
 
         h2 {
-            margin: 0 0 @space-3 0;
-            font-size: @font-size-2xl;
-            font-weight: @font-weight-semibold;
+            margin: 0 0 $space-3 0;
+            font-size: $font-size-2xl;
+            font-weight: $font-weight-semibold;
         }
 
         p {
-            margin: 0 0 @space-6 0;
-            color: @text-secondary;
+            margin: 0 0 $space-6 0;
+            color: $text-secondary;
             max-width: 460px;
         }
     }
 
     .install-warning {
         display: flex;
-        gap: @space-3;
-        padding: @space-4;
-        background: fade(@color-warning, 8%);
-        border: 1px solid fade(@color-warning, 20%);
-        border-radius: @radius-md;
-        margin-bottom: @space-4;
+        gap: $space-3;
+        padding: $space-4;
+        background: fade($color-warning, 8%);
+        border: 1px solid fade($color-warning, 20%);
+        border-radius: $radius-md;
+        margin-bottom: $space-4;
 
         > svg {
             flex-shrink: 0;
-            color: @color-warning;
+            color: $color-warning;
             margin-top: 2px;
         }
 
         strong {
             display: block;
-            margin-bottom: @space-2;
+            margin-bottom: $space-2;
         }
 
         ul {
             margin: 0;
-            padding-left: @space-4;
-            color: @text-secondary;
-            font-size: @font-size-sm;
+            padding-left: $space-4;
+            color: $text-secondary;
+            font-size: $font-size-sm;
 
             li {
-                margin-bottom: @space-1;
+                margin-bottom: $space-1;
             }
         }
     }
 
     .form-hint {
         display: block;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-        margin-top: @space-1;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        margin-top: $space-1;
     }
 
     .docker-empty {
         .wp-empty-icon {
-            color: @text-tertiary;
-            margin-bottom: @space-4;
+            color: $text-tertiary;
+            margin-bottom: $space-4;
 
             svg {
                 stroke: currentColor;
@@ -147,20 +147,20 @@
 .wp-sites-grid {
     display: grid;
     grid-template-columns: repeat(auto-fill, minmax(340px, 1fr));
-    gap: @space-4;
-    padding: @space-4;
+    gap: $space-4;
+    padding: $space-4;
 }
 
 // Site Card
 .wp-site-card {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
     cursor: pointer;
     transition: all 0.15s ease;
 
     &:hover {
-        border-color: @border-hover;
+        border-color: $border-hover;
         box-shadow: 0 4px 12px rgba(0, 0, 0, 0.08);
     }
 }
@@ -168,16 +168,16 @@
 .wp-site-card-header {
     display: flex;
     align-items: center;
-    gap: @space-3;
-    padding: @space-4;
-    border-bottom: 1px solid @border-subtle;
+    gap: $space-3;
+    padding: $space-4;
+    border-bottom: 1px solid $border-subtle;
 }
 
 .wp-site-icon {
     width: 40px;
     height: 40px;
-    background: linear-gradient(135deg, #21759b 0%, #1a5f7f 100%);
-    border-radius: @radius-md;
+    background: linear-gradient(135deg, $color-wordpress 0%, #1a5f7f 100%);
+    border-radius: $radius-md;
     display: flex;
     align-items: center;
     justify-content: center;
@@ -191,9 +191,9 @@
 }
 
 .wp-site-name {
-    font-size: @font-size-base;
-    font-weight: @font-weight-semibold;
-    color: @text-primary;
+    font-size: $font-size-base;
+    font-weight: $font-weight-semibold;
+    color: $text-primary;
     margin: 0;
     white-space: nowrap;
     overflow: hidden;
@@ -201,9 +201,9 @@
 }
 
 .wp-site-url {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-    font-family: @font-family-mono;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+    font-family: $font-family-mono;
     white-space: nowrap;
     overflow: hidden;
     text-overflow: ellipsis;
@@ -214,10 +214,10 @@
     display: flex;
     align-items: center;
     gap: 6px;
-    font-size: @font-size-xs;
+    font-size: $font-size-xs;
     padding: 4px 10px;
-    border-radius: @radius-full;
-    font-weight: @font-weight-medium;
+    border-radius: $radius-full;
+    font-weight: $font-weight-medium;
 
     .status-dot {
         width: 6px;
@@ -226,87 +226,87 @@
     }
 
     &.running {
-        background: fade(@color-success, 12%);
-        color: @color-success;
+        background: fade($color-success, 12%);
+        color: $color-success;
 
         .status-dot {
-            background: @color-success;
+            background: $color-success;
         }
     }
 
     &.stopped {
-        background: fade(@text-tertiary-raw, 12%);
-        color: @text-tertiary;
+        background: fade($text-tertiary-raw, 12%);
+        color: $text-tertiary;
 
         .status-dot {
-            background: @text-tertiary;
+            background: $text-tertiary;
         }
     }
 }
 
 .wp-site-card-body {
-    padding: @space-4;
+    padding: $space-4;
 }
 
 .wp-site-meta {
     display: grid;
     grid-template-columns: repeat(2, 1fr);
-    gap: @space-3;
+    gap: $space-3;
 }
 
 .wp-site-meta-item {
     .meta-label {
         display: block;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
         margin-bottom: 2px;
     }
 
     .meta-value {
-        font-size: @font-size-sm;
-        color: @text-primary;
-        font-weight: @font-weight-medium;
+        font-size: $font-size-sm;
+        color: $text-primary;
+        font-weight: $font-weight-medium;
 
         &.git-connected {
-            color: @color-success;
+            color: $color-success;
         }
     }
 }
 
 .wp-site-badge {
     display: inline-block;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-medium;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-medium;
     padding: 2px 8px;
-    border-radius: @radius-sm;
-    margin-top: @space-3;
+    border-radius: $radius-sm;
+    margin-top: $space-3;
 
     &.production {
-        background: fade(@color-danger, 12%);
-        color: @color-danger;
+        background: fade($color-danger, 12%);
+        color: $color-danger;
     }
 
     &.development {
-        background: fade(@color-info, 12%);
-        color: @color-info;
+        background: fade($color-info, 12%);
+        color: $color-info;
     }
 }
 
 .wp-site-card-links {
     display: flex;
-    gap: @space-3;
-    margin-top: @space-3;
-    padding-top: @space-3;
-    border-top: 1px solid @border-subtle;
+    gap: $space-3;
+    margin-top: $space-3;
+    padding-top: $space-3;
+    border-top: 1px solid $border-subtle;
 }
 
 .wp-site-link {
     display: inline-flex;
     align-items: center;
     gap: 6px;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-medium;
-    color: @color-primary;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-medium;
+    color: $color-primary;
     text-decoration: none;
 
     &:hover {
@@ -316,11 +316,11 @@
 
 .wp-site-card-footer {
     display: flex;
-    gap: @space-2;
-    padding: @space-3 @space-4;
-    border-top: 1px solid @border-subtle;
-    background: @bg-tertiary;
-    border-radius: 0 0 @radius-lg @radius-lg;
+    gap: $space-2;
+    padding: $space-3 $space-4;
+    border-top: 1px solid $border-subtle;
+    background: $bg-tertiary;
+    border-radius: 0 0 $radius-lg $radius-lg;
 
     .btn {
         flex: 1;
@@ -328,10 +328,10 @@
 
         &.btn-danger {
             flex: 0;
-            color: @color-danger;
+            color: $color-danger;
 
             &:hover {
-                background: fade(@color-danger, 10%);
+                background: fade($color-danger, 10%);
             }
         }
     }
@@ -340,7 +340,7 @@
 // WordPress Detail Page
 .wp-detail-page {
     .wp-icon {
-        background: linear-gradient(135deg, #21759b 0%, #1a5f7f 100%) !important;
+        background: linear-gradient(135deg, $color-wordpress 0%, #1a5f7f 100%) !important;
     }
 }
 
@@ -348,42 +348,42 @@
 .environments-grid {
     display: grid;
     grid-template-columns: repeat(auto-fill, minmax(300px, 1fr));
-    gap: @space-4;
-    margin-top: @space-4;
+    gap: $space-4;
+    margin-top: $space-4;
 }
 
 .wp-env-card {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
 
     &.production {
-        border-color: fade(@color-danger, 30%);
-        border-left: 3px solid @color-danger;
+        border-color: fade($color-danger, 30%);
+        border-left: 3px solid $color-danger;
     }
 
     &.stale {
-        border-color: fade(@color-warning, 40%);
-        background: fade(@color-warning, 3%);
+        border-color: fade($color-warning, 40%);
+        background: fade($color-warning, 3%);
     }
 }
 
 .wp-env-status-group {
     display: flex;
     align-items: center;
-    gap: @space-2;
+    gap: $space-2;
 }
 
 .wp-env-stale-badge {
     display: flex;
     align-items: center;
     gap: 4px;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-medium;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-medium;
     padding: 2px 8px;
-    border-radius: @radius-sm;
-    background: fade(@color-warning, 15%);
-    color: @color-warning;
+    border-radius: $radius-sm;
+    background: fade($color-warning, 15%);
+    color: $color-warning;
 
     svg {
         flex-shrink: 0;
@@ -391,51 +391,51 @@
 }
 
 .text-warning {
-    color: @color-warning !important;
+    color: $color-warning !important;
 }
 
 .wp-env-header {
     display: flex;
     justify-content: space-between;
     align-items: center;
-    padding: @space-4;
-    border-bottom: 1px solid @border-subtle;
+    padding: $space-4;
+    border-bottom: 1px solid $border-subtle;
 }
 
 .wp-env-info {
     display: flex;
     align-items: center;
-    gap: @space-3;
+    gap: $space-3;
 }
 
 .wp-env-badge {
-    font-size: @font-size-xs;
-    font-weight: @font-weight-bold;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-bold;
     padding: 2px 8px;
-    border-radius: @radius-sm;
+    border-radius: $radius-sm;
     text-transform: uppercase;
     letter-spacing: 0.5px;
 
     &.env-production {
-        background: fade(@color-danger, 12%);
-        color: @color-danger;
+        background: fade($color-danger, 12%);
+        color: $color-danger;
     }
 
     &.env-staging {
-        background: fade(@color-warning, 12%);
-        color: @color-warning;
+        background: fade($color-warning, 12%);
+        color: $color-warning;
     }
 
     &.env-development {
-        background: fade(@color-info, 12%);
-        color: @color-info;
+        background: fade($color-info, 12%);
+        color: $color-info;
     }
 }
 
 .wp-env-name {
-    font-size: @font-size-base;
-    font-weight: @font-weight-semibold;
-    color: @text-primary;
+    font-size: $font-size-base;
+    font-weight: $font-weight-semibold;
+    color: $text-primary;
     margin: 0;
 }
 
@@ -443,8 +443,8 @@
     display: flex;
     align-items: center;
     gap: 6px;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-medium;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-medium;
 
     .status-dot {
         width: 6px;
@@ -453,33 +453,33 @@
     }
 
     &.running {
-        color: @color-success;
+        color: $color-success;
 
         .status-dot {
-            background: @color-success;
+            background: $color-success;
         }
     }
 
     &.stopped {
-        color: @text-tertiary;
+        color: $text-tertiary;
 
         .status-dot {
-            background: @text-tertiary;
+            background: $text-tertiary;
         }
     }
 }
 
 .wp-env-body {
-    padding: @space-4;
+    padding: $space-4;
 }
 
 .wp-env-url {
-    margin-bottom: @space-3;
+    margin-bottom: $space-3;
 
     a {
-        font-size: @font-size-sm;
-        color: @color-primary;
-        font-family: @font-family-mono;
+        font-size: $font-size-sm;
+        color: $color-primary;
+        font-family: $font-family-mono;
 
         &:hover {
             text-decoration: underline;
@@ -490,7 +490,7 @@
 .wp-env-meta {
     display: grid;
     grid-template-columns: repeat(2, 1fr);
-    gap: @space-2;
+    gap: $space-2;
 }
 
 .wp-env-meta-item {
@@ -498,28 +498,28 @@
         display: flex;
         align-items: center;
         gap: 4px;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
         margin-bottom: 2px;
     }
 
     .meta-value {
-        font-size: @font-size-sm;
-        color: @text-primary;
+        font-size: $font-size-sm;
+        color: $text-primary;
 
         &.mono {
-            font-family: @font-family-mono;
+            font-family: $font-family-mono;
         }
     }
 }
 
 .wp-env-footer {
     display: flex;
-    gap: @space-2;
-    padding: @space-3 @space-4;
-    border-top: 1px solid @border-subtle;
-    background: @bg-tertiary;
-    border-radius: 0 0 @radius-lg @radius-lg;
+    gap: $space-2;
+    padding: $space-3 $space-4;
+    border-top: 1px solid $border-subtle;
+    background: $bg-tertiary;
+    border-radius: 0 0 $radius-lg $radius-lg;
 }
 
 // Snapshot Table
@@ -531,51 +531,51 @@
     }
 
     .snapshot-name {
-        font-weight: @font-weight-medium;
-        color: @text-primary;
+        font-weight: $font-weight-medium;
+        color: $text-primary;
     }
 
     .snapshot-tag {
         display: inline-flex;
         align-items: center;
         gap: 4px;
-        font-size: @font-size-xs;
-        color: @color-info;
-        background: fade(@color-info, 10%);
+        font-size: $font-size-xs;
+        color: $color-info;
+        background: fade($color-info, 10%);
         padding: 2px 6px;
-        border-radius: @radius-sm;
+        border-radius: $radius-sm;
         width: fit-content;
     }
 
     .snapshot-desc {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
     }
 
     .compressed-badge {
         display: inline-block;
         font-size: 10px;
-        background: fade(@color-success, 10%);
-        color: @color-success;
+        background: fade($color-success, 10%);
+        color: $color-success;
         padding: 1px 4px;
         border-radius: 3px;
-        margin-left: @space-2;
+        margin-left: $space-2;
     }
 
     .git-context {
         display: flex;
         align-items: center;
         gap: 6px;
-        color: @text-secondary;
+        color: $text-secondary;
 
         svg {
-            color: @text-tertiary;
+            color: $text-tertiary;
         }
 
         .commit-msg {
-            font-size: @font-size-xs;
-            color: @text-tertiary;
-            margin-left: @space-2;
+            font-size: $font-size-xs;
+            color: $text-tertiary;
+            margin-left: $space-2;
         }
     }
 }
@@ -585,74 +585,74 @@
     max-width: 600px;
 
     h4 {
-        margin: 0 0 @space-2;
+        margin: 0 0 $space-2;
     }
 
     .hint {
-        color: @text-tertiary;
-        margin-bottom: @space-4;
+        color: $text-tertiary;
+        margin-bottom: $space-4;
     }
 }
 
 .git-connected-card {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-5;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-5;
     max-width: 600px;
 }
 
 .git-connected-header {
     display: flex;
     align-items: flex-start;
-    gap: @space-4;
-    margin-bottom: @space-4;
+    gap: $space-4;
+    margin-bottom: $space-4;
 
     > svg {
-        color: @color-success;
+        color: $color-success;
         flex-shrink: 0;
     }
 
     h4 {
-        margin: 0 0 @space-1;
-        font-size: @font-size-base;
+        margin: 0 0 $space-1;
+        font-size: $font-size-base;
     }
 }
 
 .git-repo-url {
-    font-size: @font-size-sm;
-    font-family: @font-family-mono;
-    color: @text-secondary;
+    font-size: $font-size-sm;
+    font-family: $font-family-mono;
+    color: $text-secondary;
 
     &:hover {
-        color: @color-primary;
+        color: $color-primary;
     }
 }
 
 .git-connected-meta {
     display: grid;
     grid-template-columns: repeat(2, 1fr);
-    gap: @space-3;
-    padding: @space-4;
-    background: @bg-tertiary;
-    border-radius: @radius-md;
-    margin-bottom: @space-4;
+    gap: $space-3;
+    padding: $space-4;
+    background: $bg-tertiary;
+    border-radius: $radius-md;
+    margin-bottom: $space-4;
 }
 
 .git-meta-item {
     .meta-label {
         display: block;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
         margin-bottom: 2px;
     }
 
     .meta-value {
-        font-size: @font-size-sm;
-        color: @text-primary;
+        font-size: $font-size-sm;
+        color: $text-primary;
 
         &.mono {
-            font-family: @font-family-mono;
+            font-family: $font-family-mono;
         }
     }
 }
@@ -666,36 +666,36 @@
 .commit-list {
     display: flex;
     flex-direction: column;
-    gap: @space-1;
+    gap: $space-1;
     max-width: 800px;
 }
 
 .commit-item {
     display: flex;
     align-items: flex-start;
-    gap: @space-3;
-    padding: @space-3 @space-4;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
+    gap: $space-3;
+    padding: $space-3 $space-4;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
     transition: all 0.15s ease;
 
     &:hover {
-        border-color: @border-hover;
+        border-color: $border-hover;
     }
 
     &.current {
-        border-color: fade(@color-success, 40%);
-        background: fade(@color-success, 4%);
+        border-color: fade($color-success, 40%);
+        background: fade($color-success, 4%);
     }
 }
 
 .commit-icon {
-    color: @text-tertiary;
+    color: $text-tertiary;
     margin-top: 2px;
 
     .current-icon {
-        color: @color-success;
+        color: $color-success;
     }
 }
 
@@ -707,33 +707,33 @@
 .commit-header {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    margin-bottom: @space-1;
+    gap: $space-2;
+    margin-bottom: $space-1;
 }
 
 .commit-sha {
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    color: @text-secondary;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    color: $text-secondary;
 }
 
 .current-badge {
-    font-size: @font-size-xs;
-    background: @color-success;
+    font-size: $font-size-xs;
+    background: $color-success;
     color: #fff;
     padding: 1px 6px;
-    border-radius: @radius-sm;
+    border-radius: $radius-sm;
 }
 
 .commit-date {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
     margin-left: auto;
 }
 
 .commit-message {
-    font-size: @font-size-sm;
-    color: @text-primary;
+    font-size: $font-size-sm;
+    color: $text-primary;
     margin: 0;
     white-space: nowrap;
     overflow: hidden;
@@ -741,96 +741,96 @@
 }
 
 .commit-author {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
 }
 
 .commit-actions {
     display: flex;
-    gap: @space-2;
+    gap: $space-2;
     flex-shrink: 0;
 }
 
 .commit-message-preview {
     font-style: italic;
-    color: @text-secondary;
-    padding: @space-3;
-    background: @bg-tertiary;
-    border-radius: @radius-md;
-    margin: @space-3 0;
+    color: $text-secondary;
+    padding: $space-3;
+    background: $bg-tertiary;
+    border-radius: $radius-md;
+    margin: $space-3 0;
 }
 
 // Git Commits Section
 .git-commits-section {
-    margin-top: @space-6;
-    padding-top: @space-6;
-    border-top: 1px solid @border-subtle;
+    margin-top: $space-6;
+    padding-top: $space-6;
+    border-top: 1px solid $border-subtle;
 }
 
 // Quick Actions
 .quick-actions-grid {
     display: grid;
     grid-template-columns: repeat(2, 1fr);
-    gap: @space-2;
+    gap: $space-2;
 }
 
 .quick-action-btn {
     display: flex;
     align-items: center;
     justify-content: center;
-    gap: @space-2;
-    padding: @space-3;
-    background: @bg-tertiary;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    color: @text-secondary;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
+    gap: $space-2;
+    padding: $space-3;
+    background: $bg-tertiary;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    color: $text-secondary;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
     text-decoration: none;
     transition: all 0.15s ease;
 
     &:hover {
-        background: @bg-hover;
-        border-color: @border-hover;
-        color: @text-primary;
+        background: $bg-hover;
+        border-color: $border-hover;
+        color: $text-primary;
     }
 }
 
 // Hint Box
 .hint-box {
-    padding: @space-4;
-    background: @bg-tertiary;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    margin-top: @space-4;
+    padding: $space-4;
+    background: $bg-tertiary;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    margin-top: $space-4;
 
     p {
         margin: 0;
-        color: @text-secondary;
-        font-size: @font-size-sm;
+        color: $text-secondary;
+        font-size: $font-size-sm;
 
         &:not(:last-child) {
-            margin-bottom: @space-2;
+            margin-bottom: $space-2;
         }
     }
 }
 
 // Empty State Small
 .empty-state-small {
-    padding: @space-6;
+    padding: $space-6;
     text-align: center;
-    color: @text-tertiary;
+    color: $text-tertiary;
 
     p {
         margin: 0;
 
         &:not(:last-child) {
-            margin-bottom: @space-2;
+            margin-bottom: $space-2;
         }
     }
 
     .hint {
-        font-size: @font-size-sm;
+        font-size: $font-size-sm;
     }
 }
 
@@ -861,150 +861,154 @@
     }
 }
 
-.skeleton {
+@mixin skeleton() {
     background: linear-gradient(
         90deg,
-        @bg-tertiary 25%,
-        fade(@border-subtle-raw, 50%) 50%,
-        @bg-tertiary 75%
+        $bg-tertiary 25%,
+        fade($border-subtle-raw, 50%) 50%,
+        $bg-tertiary 75%
     );
     background-size: 200% 100%;
     animation: shimmer 1.5s infinite;
-    border-radius: @radius-md;
+    border-radius: $radius-md;
+}
+
+.skeleton {
+    @include skeleton();
 }
 
 // Skeleton Site Card
 .wp-site-card-skeleton {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
 }
 
 .wp-site-card-skeleton-header {
     display: flex;
     align-items: center;
-    gap: @space-3;
-    padding: @space-4;
-    border-bottom: 1px solid @border-subtle;
+    gap: $space-3;
+    padding: $space-4;
+    border-bottom: 1px solid $border-subtle;
 }
 
 .wp-site-card-skeleton-icon {
     width: 40px;
     height: 40px;
-    border-radius: @radius-md;
-    .skeleton();
+    border-radius: $radius-md;
+    @include skeleton();
 }
 
 .wp-site-card-skeleton-info {
     flex: 1;
     display: flex;
     flex-direction: column;
-    gap: @space-2;
+    gap: $space-2;
 }
 
 .wp-site-card-skeleton-name {
     width: 60%;
     height: 16px;
-    .skeleton();
+    @include skeleton();
 }
 
 .wp-site-card-skeleton-url {
     width: 80%;
     height: 12px;
-    .skeleton();
+    @include skeleton();
 }
 
 .wp-site-card-skeleton-status {
     width: 64px;
     height: 24px;
-    border-radius: @radius-full;
-    .skeleton();
+    border-radius: $radius-full;
+    @include skeleton();
 }
 
 .wp-site-card-skeleton-body {
-    padding: @space-4;
+    padding: $space-4;
     display: grid;
     grid-template-columns: repeat(2, 1fr);
-    gap: @space-3;
+    gap: $space-3;
 }
 
 .wp-site-card-skeleton-meta {
     display: flex;
     flex-direction: column;
-    gap: @space-1;
+    gap: $space-1;
 }
 
 .wp-site-card-skeleton-label {
     width: 50%;
     height: 10px;
-    .skeleton();
+    @include skeleton();
 }
 
 .wp-site-card-skeleton-value {
     width: 70%;
     height: 14px;
-    .skeleton();
+    @include skeleton();
 }
 
 .wp-site-card-skeleton-footer {
     display: flex;
-    gap: @space-2;
-    padding: @space-3 @space-4;
-    border-top: 1px solid @border-subtle;
-    background: @bg-tertiary;
-    border-radius: 0 0 @radius-lg @radius-lg;
+    gap: $space-2;
+    padding: $space-3 $space-4;
+    border-top: 1px solid $border-subtle;
+    background: $bg-tertiary;
+    border-radius: 0 0 $radius-lg $radius-lg;
 }
 
 .wp-site-card-skeleton-btn {
     flex: 1;
     height: 32px;
-    .skeleton();
+    @include skeleton();
 }
 
 // Skeleton Environment Card
 .wp-env-card-skeleton {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
 }
 
 .wp-env-card-skeleton-header {
     display: flex;
     justify-content: space-between;
     align-items: center;
-    padding: @space-4;
-    border-bottom: 1px solid @border-subtle;
+    padding: $space-4;
+    border-bottom: 1px solid $border-subtle;
 }
 
 .wp-env-card-skeleton-badge {
     width: 60px;
     height: 20px;
-    border-radius: @radius-sm;
-    .skeleton();
+    border-radius: $radius-sm;
+    @include skeleton();
 }
 
 .wp-env-card-skeleton-status {
     width: 64px;
     height: 20px;
-    border-radius: @radius-sm;
-    .skeleton();
+    border-radius: $radius-sm;
+    @include skeleton();
 }
 
 .wp-env-card-skeleton-body {
-    padding: @space-4;
+    padding: $space-4;
 }
 
 .wp-env-card-skeleton-url {
     width: 70%;
     height: 14px;
-    margin-bottom: @space-3;
-    .skeleton();
+    margin-bottom: $space-3;
+    @include skeleton();
 }
 
 .wp-env-card-skeleton-meta {
     display: grid;
     grid-template-columns: repeat(2, 1fr);
-    gap: @space-2;
+    gap: $space-2;
 }
 
 .wp-env-card-skeleton-meta-item {
@@ -1012,65 +1016,65 @@
         width: 40%;
         height: 10px;
         margin-bottom: 4px;
-        .skeleton();
+        @include skeleton();
     }
 
     .skeleton-value {
         width: 60%;
         height: 14px;
-        .skeleton();
+        @include skeleton();
     }
 }
 
 .wp-env-card-skeleton-footer {
     display: flex;
-    gap: @space-2;
-    padding: @space-3 @space-4;
-    border-top: 1px solid @border-subtle;
-    background: @bg-tertiary;
-    border-radius: 0 0 @radius-lg @radius-lg;
+    gap: $space-2;
+    padding: $space-3 $space-4;
+    border-top: 1px solid $border-subtle;
+    background: $bg-tertiary;
+    border-radius: 0 0 $radius-lg $radius-lg;
 }
 
 // Skeleton Stat Card
 .docker-stat-card-skeleton {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-4;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-4;
     display: flex;
     flex-direction: column;
-    gap: @space-2;
+    gap: $space-2;
 }
 
 .docker-stat-card-skeleton-label {
     width: 60%;
     height: 12px;
-    .skeleton();
+    @include skeleton();
 }
 
 .docker-stat-card-skeleton-value {
     width: 40%;
     height: 28px;
-    .skeleton();
+    @include skeleton();
 }
 
 .docker-stat-card-skeleton-meta {
     width: 80%;
     height: 12px;
-    .skeleton();
+    @include skeleton();
 }
 
 // Skeleton Table Row
 .skeleton-table-row {
     display: flex;
     align-items: center;
-    gap: @space-3;
-    padding: @space-3 @space-4;
-    border-bottom: 1px solid @border-subtle;
+    gap: $space-3;
+    padding: $space-3 $space-4;
+    border-bottom: 1px solid $border-subtle;
 
     .skeleton-cell {
         height: 16px;
-        .skeleton();
+        @include skeleton();
 
         &.cell-name { width: 25%; }
         &.cell-tag { width: 15%; }
@@ -1084,28 +1088,28 @@
 .tab-loading {
     display: flex;
     flex-direction: column;
-    gap: @space-4;
-    padding: @space-4;
+    gap: $space-4;
+    padding: $space-4;
 }
 
 .tab-loading-header {
     display: flex;
     justify-content: space-between;
     align-items: center;
-    margin-bottom: @space-2;
+    margin-bottom: $space-2;
 }
 
 .tab-loading-title {
     width: 120px;
     height: 24px;
-    .skeleton();
+    @include skeleton();
 }
 
 .tab-loading-btn {
     width: 140px;
     height: 36px;
-    border-radius: @radius-md;
-    .skeleton();
+    border-radius: $radius-md;
+    @include skeleton();
 }
 
 // ============================================
@@ -1118,46 +1122,46 @@
     flex-direction: column;
     align-items: center;
     justify-content: center;
-    padding: @space-8;
+    padding: $space-8;
     text-align: center;
     min-height: 200px;
 }
 
 .error-boundary-icon,
 .error-state-icon {
-    color: @color-danger;
-    margin-bottom: @space-4;
-    padding: @space-3;
-    background: fade(@color-danger, 10%);
+    color: $color-danger;
+    margin-bottom: $space-4;
+    padding: $space-3;
+    background: fade($color-danger, 10%);
     border-radius: 50%;
 }
 
 .error-boundary h3,
 .error-state-title {
-    font-size: @font-size-lg;
-    font-weight: @font-weight-semibold;
-    color: @text-primary;
-    margin: 0 0 @space-2;
+    font-size: $font-size-lg;
+    font-weight: $font-weight-semibold;
+    color: $text-primary;
+    margin: 0 0 $space-2;
 }
 
 .error-boundary-message,
 .error-state-message {
-    font-size: @font-size-sm;
-    color: @text-secondary;
-    margin: 0 0 @space-4;
+    font-size: $font-size-sm;
+    color: $text-secondary;
+    margin: 0 0 $space-4;
     max-width: 400px;
 }
 
 .error-state-compact {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    padding: @space-3 @space-4;
-    background: fade(@color-danger, 8%);
-    border: 1px solid fade(@color-danger, 20%);
-    border-radius: @radius-md;
-    color: @color-danger;
-    font-size: @font-size-sm;
+    gap: $space-2;
+    padding: $space-3 $space-4;
+    background: fade($color-danger, 8%);
+    border: 1px solid fade($color-danger, 20%);
+    border-radius: $radius-md;
+    color: $color-danger;
+    font-size: $font-size-sm;
 
     svg {
         flex-shrink: 0;
@@ -1177,20 +1181,20 @@
 // ============================================
 
 .confirm-dialog-details {
-    margin-top: @space-3;
-    padding: @space-3;
-    background: @bg-tertiary;
-    border-radius: @radius-md;
-    font-size: @font-size-sm;
-    color: @text-secondary;
+    margin-top: $space-3;
+    padding: $space-3;
+    background: $bg-tertiary;
+    border-radius: $radius-md;
+    font-size: $font-size-sm;
+    color: $text-secondary;
     text-align: left;
 
     ul {
         margin: 0;
-        padding-left: @space-4;
+        padding-left: $space-4;
 
         li {
-            margin-bottom: @space-1;
+            margin-bottom: $space-1;
 
             &:last-child {
                 margin-bottom: 0;
@@ -1199,14 +1203,14 @@
     }
 
     strong {
-        color: @text-primary;
+        color: $text-primary;
     }
 
     code {
-        background: @bg-code;
+        background: $bg-code;
         padding: 2px 6px;
         border-radius: 3px;
-        font-family: @font-family-mono;
+        font-family: $font-family-mono;
         font-size: 0.9em;
     }
 }
@@ -1215,69 +1219,69 @@
 .env-preview-url {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    padding: @space-3;
-    background: fade(@color-success, 8%);
-    border: 1px solid fade(@color-success, 20%);
-    border-radius: @radius-md;
-    margin-bottom: @space-4;
+    gap: $space-2;
+    padding: $space-3;
+    background: fade($color-success, 8%);
+    border: 1px solid fade($color-success, 20%);
+    border-radius: $radius-md;
+    margin-bottom: $space-4;
 
     .preview-label {
-        font-size: @font-size-xs;
-        color: @text-secondary;
+        font-size: $font-size-xs;
+        color: $text-secondary;
     }
 
     .preview-url {
-        font-family: @font-family-mono;
-        font-size: @font-size-sm;
-        color: @color-success;
-        font-weight: @font-weight-medium;
+        font-family: $font-family-mono;
+        font-size: $font-size-sm;
+        color: $color-success;
+        font-weight: $font-weight-medium;
     }
 }
 
 .form-hint-domain {
     code {
-        background: @bg-code;
+        background: $bg-code;
         padding: 2px 6px;
         border-radius: 3px;
-        font-family: @font-family-mono;
+        font-family: $font-family-mono;
         font-size: 0.9em;
     }
 }
 
 .confirm-dialog-input {
-    margin-top: @space-4;
+    margin-top: $space-4;
     text-align: left;
 
     label {
         display: block;
-        font-size: @font-size-sm;
-        color: @text-secondary;
-        margin-bottom: @space-2;
+        font-size: $font-size-sm;
+        color: $text-secondary;
+        margin-bottom: $space-2;
 
         strong {
-            color: @text-primary;
-            font-family: @font-family-mono;
+            color: $text-primary;
+            font-family: $font-family-mono;
         }
     }
 
     input {
         width: 100%;
-        padding: @space-3;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-md;
-        font-size: @font-size-base;
-        background: @bg-input;
-        color: @text-primary;
+        padding: $space-3;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-md;
+        font-size: $font-size-base;
+        background: $bg-input;
+        color: $text-primary;
 
         &:focus {
             outline: none;
-            border-color: @color-primary;
-            box-shadow: 0 0 0 3px fade(@accent-primary-raw, 15%);
+            border-color: $color-primary;
+            box-shadow: 0 0 0 3px fade($accent-primary-raw, 15%);
         }
 
         &::placeholder {
-            color: @text-tertiary;
+            color: $text-tertiary;
         }
     }
 }
@@ -1291,7 +1295,7 @@
     align-items: center;
     justify-content: center;
     min-height: 60vh;
-    padding: @space-6;
+    padding: $space-6;
 }
 
 .resource-gate-container {
@@ -1305,28 +1309,28 @@
     justify-content: center;
     width: 80px;
     height: 80px;
-    background: fade(@color-warning, 12%);
+    background: fade($color-warning, 12%);
     border-radius: 50%;
-    color: @color-warning;
-    margin-bottom: @space-5;
+    color: $color-warning;
+    margin-bottom: $space-5;
 }
 
 .resource-gate-title {
-    font-size: @font-size-xl;
-    font-weight: @font-weight-bold;
-    color: @text-primary;
-    margin: 0 0 @space-3;
+    font-size: $font-size-xl;
+    font-weight: $font-weight-bold;
+    color: $text-primary;
+    margin: 0 0 $space-3;
 }
 
 .resource-gate-description {
-    font-size: @font-size-base;
-    color: @text-secondary;
-    margin: 0 0 @space-6;
+    font-size: $font-size-base;
+    color: $text-secondary;
+    margin: 0 0 $space-6;
     line-height: 1.6;
 
     strong {
-        color: @color-warning;
-        font-weight: @font-weight-semibold;
+        color: $color-warning;
+        font-weight: $font-weight-semibold;
     }
 }
 
@@ -1334,17 +1338,17 @@
     display: flex;
     align-items: center;
     justify-content: center;
-    gap: @space-4;
-    margin-bottom: @space-6;
+    gap: $space-4;
+    margin-bottom: $space-6;
 
     @media (max-width: 600px) {
         flex-direction: column;
-        gap: @space-3;
+        gap: $space-3;
     }
 }
 
 .resource-gate-spec-arrow {
-    color: @text-tertiary;
+    color: $text-tertiary;
 
     @media (max-width: 600px) {
         transform: rotate(90deg);
@@ -1352,20 +1356,20 @@
 }
 
 .resource-gate-spec-card {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-4;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-4;
     min-width: 200px;
 
     &.current {
-        border-color: fade(@color-danger, 40%);
-        background: fade(@color-danger, 4%);
+        border-color: fade($color-danger, 40%);
+        background: fade($color-danger, 4%);
     }
 
     &.required {
-        border-color: fade(@color-success, 40%);
-        background: fade(@color-success, 4%);
+        border-color: fade($color-success, 40%);
+        background: fade($color-success, 4%);
     }
 }
 
@@ -1373,71 +1377,71 @@
     display: flex;
     align-items: center;
     justify-content: center;
-    gap: @space-2;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-semibold;
-    color: @text-primary;
-    margin-bottom: @space-3;
-    padding-bottom: @space-2;
-    border-bottom: 1px solid @border-subtle;
+    gap: $space-2;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-semibold;
+    color: $text-primary;
+    margin-bottom: $space-3;
+    padding-bottom: $space-2;
+    border-bottom: 1px solid $border-subtle;
 }
 
 .resource-gate-spec-items {
     display: flex;
     flex-direction: column;
-    gap: @space-2;
+    gap: $space-2;
 }
 
 .resource-gate-spec-item {
     display: flex;
     align-items: center;
-    gap: @space-2;
-    font-size: @font-size-sm;
+    gap: $space-2;
+    font-size: $font-size-sm;
 
     svg {
-        color: @text-tertiary;
+        color: $text-tertiary;
         flex-shrink: 0;
     }
 
     .spec-label {
-        color: @text-secondary;
+        color: $text-secondary;
         flex: 1;
     }
 
     .spec-value {
-        font-weight: @font-weight-semibold;
-        color: @color-success;
-        font-family: @font-family-mono;
+        font-weight: $font-weight-semibold;
+        color: $color-success;
+        font-family: $font-family-mono;
 
         &.insufficient {
-            color: @color-danger;
+            color: $color-danger;
         }
     }
 }
 
 .resource-gate-recommendation {
-    background: @bg-tertiary;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-4;
-    margin-bottom: @space-6;
+    background: $bg-tertiary;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-4;
+    margin-bottom: $space-6;
     text-align: left;
 
     h4 {
-        font-size: @font-size-sm;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-        margin: 0 0 @space-2;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+        margin: 0 0 $space-2;
     }
 
     p {
-        font-size: @font-size-sm;
-        color: @text-secondary;
+        font-size: $font-size-sm;
+        color: $text-secondary;
         margin: 0;
         line-height: 1.5;
 
         strong {
-            color: @text-primary;
+            color: $text-primary;
         }
     }
 }
@@ -1445,7 +1449,7 @@
 .resource-gate-tiers {
     display: grid;
     grid-template-columns: repeat(3, 1fr);
-    gap: @space-3;
+    gap: $space-3;
 
     @media (max-width: 600px) {
         grid-template-columns: 1fr;
@@ -1453,42 +1457,42 @@
 }
 
 .resource-gate-tier {
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    padding: @space-3;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    padding: $space-3;
     text-align: center;
 
     &.current {
-        border-color: @color-warning;
-        background: fade(@color-warning, 6%);
+        border-color: $color-warning;
+        background: fade($color-warning, 6%);
     }
 
     .tier-name {
-        font-size: @font-size-sm;
-        font-weight: @font-weight-bold;
-        color: @text-primary;
-        margin-bottom: @space-1;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-bold;
+        color: $text-primary;
+        margin-bottom: $space-1;
     }
 
     .tier-specs {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-        margin-bottom: @space-2;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        margin-bottom: $space-2;
     }
 
     .tier-wp {
-        font-size: @font-size-xs;
-        font-weight: @font-weight-medium;
-        color: @color-danger;
+        font-size: $font-size-xs;
+        font-weight: $font-weight-medium;
+        color: $color-danger;
         padding: 2px 8px;
-        background: fade(@color-danger, 10%);
-        border-radius: @radius-sm;
+        background: fade($color-danger, 10%);
+        border-radius: $radius-sm;
         display: inline-block;
 
         &.allowed {
-            color: @color-success;
-            background: fade(@color-success, 10%);
+            color: $color-success;
+            background: fade($color-success, 10%);
         }
     }
 }
diff --git a/frontend/src/styles/pages/_workflow.less b/frontend/src/styles/pages/_workflow.less
deleted file mode 100644
index a2892b44..00000000
--- a/frontend/src/styles/pages/_workflow.less
+++ /dev/null
@@ -1,1843 +0,0 @@
-// ============================================
-// WORKFLOW BUILDER PAGE STYLES
-// ============================================
-
-.workflow-page {
-    display: flex;
-    flex-direction: column;
-    height: calc(100vh - @space-6);
-    padding: @space-4;
-
-    &.fullscreen {
-        height: 100vh;
-        padding: 0;
-
-        .workflow-canvas {
-            border-radius: 0;
-            border: none;
-        }
-    }
-
-    .page-header {
-        flex-shrink: 0;
-        margin-bottom: @space-4;
-
-        h1 {
-            margin: 0 0 @space-1;
-            font-size: @font-size-xl;
-            font-weight: @font-weight-semibold;
-        }
-
-        .page-subtitle {
-            margin: 0;
-            color: @text-secondary;
-            font-size: @font-size-sm;
-        }
-    }
-}
-
-// ============================================
-// CANVAS CONTAINER
-// ============================================
-
-.workflow-canvas {
-    flex: 1;
-    background: @bg-body;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    overflow: hidden;
-    position: relative;
-
-    .react-flow {
-        background: @bg-body;
-    }
-
-    // React Flow Controls
-    .react-flow__controls {
-        background: @bg-card;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-md;
-        box-shadow: @shadow-lg;
-
-        button {
-            background: @bg-card;
-            border: none;
-            border-bottom: 1px solid @border-subtle;
-            color: @text-secondary;
-            width: 28px;
-            height: 28px;
-
-            &:hover {
-                background: @bg-hover;
-                color: @text-primary;
-            }
-
-            &:last-child {
-                border-bottom: none;
-            }
-
-            svg {
-                fill: currentColor;
-            }
-        }
-    }
-
-    // React Flow MiniMap
-    .react-flow__minimap {
-        background: @bg-card;
-        border: 1px solid @border-subtle;
-        border-radius: @radius-md;
-        box-shadow: @shadow-lg;
-    }
-
-    // React Flow Background
-    .react-flow__background {
-        background: @bg-body;
-    }
-}
-
-// ============================================
-// NODE STYLES
-// ============================================
-
-.workflow-node {
-    min-width: 180px;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    box-shadow: @shadow-md;
-    transition: all @transition-fast;
-
-    &:hover {
-        border-color: @border-active;
-        box-shadow: @shadow-lg;
-    }
-
-    &.selected {
-        border-color: @accent-primary;
-        box-shadow: 0 0 0 2px @accent-glow;
-    }
-}
-
-.workflow-node-header {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    padding: @space-2 @space-3;
-    border-bottom: 2px solid @accent-primary;
-    border-top-left-radius: @radius-lg;
-    border-top-right-radius: @radius-lg;
-}
-
-.workflow-node-icon {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    width: 28px;
-    height: 28px;
-    background: @accent-primary;
-    border-radius: @radius-md;
-    color: white;
-}
-
-.workflow-node-type {
-    font-size: @font-size-xs;
-    font-weight: @font-weight-semibold;
-    text-transform: uppercase;
-    letter-spacing: 0.5px;
-    color: @text-tertiary;
-}
-
-.workflow-node-body {
-    padding: @space-3;
-}
-
-.workflow-node-label {
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    color: @text-primary;
-    margin-bottom: @space-1;
-}
-
-.workflow-node-status {
-    display: inline-flex;
-    align-items: center;
-    gap: @space-1;
-    padding: @space-1 @space-2;
-    border-radius: @radius-full;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-medium;
-
-    &.status-running {
-        background: @success-bg;
-        color: @success;
-    }
-
-    &.status-stopped {
-        background: fade(@text-tertiary-raw, 10%);
-        color: @text-tertiary;
-    }
-
-    &.status-error {
-        background: @danger-bg;
-        color: @danger;
-    }
-}
-
-// ============================================
-// HANDLE STYLES
-// ============================================
-
-.workflow-handle {
-    width: 12px !important;
-    height: 12px !important;
-    background: @bg-card !important;
-    border: 2px solid @border-active !important;
-    transition: all @transition-fast;
-
-    &:hover {
-        background: @accent-primary !important;
-        border-color: @accent-primary !important;
-        transform: scale(1.2);
-    }
-}
-
-.workflow-handle-target {
-    left: -6px !important;
-}
-
-.workflow-handle-source {
-    right: -6px !important;
-}
-
-
-// ============================================
-// EDGE STYLES
-// ============================================
-
-.react-flow__edge-path {
-    stroke: @border-active;
-    stroke-width: 2;
-}
-
-.react-flow__edge.selected .react-flow__edge-path {
-    stroke: @accent-primary;
-}
-
-.react-flow__edge:hover .react-flow__edge-path {
-    stroke: @accent-primary;
-}
-
-// Animated edges
-.react-flow__edge.animated path {
-    stroke-dasharray: 5;
-    animation: flowAnimation 0.5s linear infinite;
-}
-
-@keyframes flowAnimation {
-    from {
-        stroke-dashoffset: 10;
-    }
-    to {
-        stroke-dashoffset: 0;
-    }
-}
-
-// ============================================
-// NODE PALETTE STYLES
-// ============================================
-
-.workflow-palette {
-    position: absolute;
-    top: @space-4;
-    left: @space-4;
-    z-index: 10;
-    display: flex;
-    flex-direction: column;
-    gap: @space-1;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-2;
-    box-shadow: @shadow-lg;
-    max-height: calc(100% - 120px);
-    overflow-y: auto;
-}
-
-.palette-section {
-    display: flex;
-    flex-direction: column;
-    gap: @space-1;
-
-    &:not(:last-child) {
-        padding-bottom: @space-2;
-        border-bottom: 1px solid @border-subtle;
-        margin-bottom: @space-1;
-    }
-}
-
-.palette-header {
-    font-size: @font-size-xs;
-    font-weight: @font-weight-semibold;
-    text-transform: uppercase;
-    letter-spacing: 0.5px;
-    color: @text-tertiary;
-    padding: @space-1 @space-2;
-}
-
-.palette-item {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    padding: @space-2 @space-3;
-    background: transparent;
-    border: 1px solid transparent;
-    border-radius: @radius-md;
-    color: @text-secondary;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    cursor: pointer;
-    transition: all @transition-fast;
-    white-space: nowrap;
-    text-align: left;
-
-    svg {
-        flex-shrink: 0;
-    }
-
-    &:hover {
-        background: @bg-hover;
-        color: @text-primary;
-    }
-
-    &.palette-item-docker:hover {
-        background: fade(#2496ed, 15%);
-        color: #2496ed;
-        border-color: fade(#2496ed, 30%);
-    }
-
-    &.palette-item-database:hover {
-        background: fade(@warning, 15%);
-        color: @warning;
-        border-color: fade(@warning, 30%);
-    }
-
-    &.palette-item-domain:hover {
-        background: fade(@success, 15%);
-        color: @success;
-        border-color: fade(@success, 30%);
-    }
-
-    &.palette-item-service:hover {
-        background: fade(@accent-primary-raw, 15%);
-        color: @accent-primary;
-        border-color: fade(@accent-primary-raw, 30%);
-    }
-}
-
-// ============================================
-// NODE TYPE-SPECIFIC STYLES
-// ============================================
-
-// Docker App Node
-.workflow-node-docker {
-    .node-header-docker {
-        border-color: #2496ed;
-    }
-
-    .node-icon-docker {
-        background: #2496ed;
-    }
-}
-
-// Database Node
-.workflow-node-database {
-    .node-header-database {
-        border-color: @warning;
-    }
-
-    .node-icon-database {
-        background: @warning;
-    }
-}
-
-// Domain Node
-.workflow-node-domain {
-    .node-header-domain {
-        border-color: @success;
-    }
-
-    .node-icon-domain {
-        background: @success;
-    }
-
-    .node-label-domain {
-        font-size: @font-size-base;
-        font-weight: @font-weight-semibold;
-        font-family: @font-mono;
-    }
-}
-
-// Service Node
-.workflow-node-service {
-    .node-header-service {
-        border-color: @accent-primary;
-    }
-
-    .node-icon-service {
-        background: @accent-primary;
-    }
-}
-
-// ============================================
-// NODE DETAIL STYLES
-// ============================================
-
-.node-detail {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    margin-top: @space-2;
-    font-size: @font-size-xs;
-
-    .node-detail-label {
-        color: @text-tertiary;
-    }
-
-    .node-detail-value {
-        color: @text-secondary;
-        font-family: @font-mono;
-    }
-}
-
-.node-detail-image .node-detail-value {
-    max-width: 120px;
-    overflow: hidden;
-    text-overflow: ellipsis;
-    white-space: nowrap;
-}
-
-.node-detail-memory,
-.node-detail-size {
-    color: @text-tertiary;
-
-    svg {
-        opacity: 0.7;
-    }
-}
-
-.node-description {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-    margin-top: @space-1;
-}
-
-// ============================================
-// PORT PILLS
-// ============================================
-
-.node-ports {
-    display: flex;
-    flex-wrap: wrap;
-    gap: @space-1;
-    margin-top: @space-2;
-}
-
-.node-port-pill {
-    display: inline-flex;
-    align-items: center;
-    padding: 2px @space-2;
-    background: fade(@accent-primary-raw, 15%);
-    border: 1px solid fade(@accent-primary-raw, 30%);
-    border-radius: @radius-full;
-    font-size: @font-size-xs;
-    font-family: @font-mono;
-    color: @accent-primary;
-}
-
-// ============================================
-// TYPE BADGES
-// ============================================
-
-.node-type-badge {
-    display: inline-flex;
-    align-items: center;
-    padding: 2px @space-2;
-    border-radius: @radius-sm;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-semibold;
-    color: white;
-    margin-top: @space-1;
-}
-
-// ============================================
-// SSL & DNS BADGES
-// ============================================
-
-.node-badges {
-    display: flex;
-    flex-wrap: wrap;
-    gap: @space-2;
-    margin-top: @space-2;
-}
-
-.node-ssl-badge {
-    display: inline-flex;
-    align-items: center;
-    gap: @space-1;
-    padding: 2px @space-2;
-    border: 1px solid;
-    border-radius: @radius-sm;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-medium;
-}
-
-.node-dns-badge {
-    display: inline-flex;
-    align-items: center;
-    gap: @space-1;
-    padding: 2px @space-2;
-    border-radius: @radius-sm;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-medium;
-
-    &.dns-propagated {
-        background: @success-bg;
-        color: @success;
-    }
-
-    &.dns-pending {
-        background: fade(@warning, 15%);
-        color: @warning;
-    }
-}
-
-// ============================================
-// STATUS DOT (ANIMATED)
-// ============================================
-
-.node-status-dot {
-    width: 8px;
-    height: 8px;
-    border-radius: 50%;
-    margin-left: auto;
-
-    &.status-running {
-        background: @success;
-        box-shadow: 0 0 0 2px fade(@success, 30%);
-        animation: pulseRunning 2s ease-in-out infinite;
-    }
-
-    &.status-stopped {
-        background: @text-tertiary;
-    }
-
-    &.status-error {
-        background: @danger;
-        box-shadow: 0 0 0 2px fade(@danger, 30%);
-        animation: pulseError 1s ease-in-out infinite;
-    }
-}
-
-@keyframes pulseRunning {
-    0%, 100% {
-        box-shadow: 0 0 0 2px fade(@success, 30%);
-    }
-    50% {
-        box-shadow: 0 0 0 4px fade(@success, 15%);
-    }
-}
-
-@keyframes pulseError {
-    0%, 100% {
-        box-shadow: 0 0 0 2px fade(@danger, 30%);
-    }
-    50% {
-        box-shadow: 0 0 0 4px fade(@danger, 15%);
-    }
-}
-
-// ============================================
-// DATABASE HANDLE (BOTTOM)
-// ============================================
-
-.workflow-handle-database {
-    bottom: -6px !important;
-    left: 50% !important;
-    transform: translateX(-50%);
-}
-
-// ============================================
-// CONFIGURATION PANEL
-// ============================================
-
-.config-panel {
-    position: absolute;
-    top: 0;
-    right: 0;
-    width: 320px;
-    height: 100%;
-    background: @bg-card;
-    border-left: 1px solid @border-subtle;
-    box-shadow: @shadow-lg;
-    z-index: 20;
-    display: flex;
-    flex-direction: column;
-    transform: translateX(100%);
-    opacity: 0;
-    transition: transform 0.25s ease-out, opacity 0.2s ease-out;
-    pointer-events: none;
-
-    &.open {
-        transform: translateX(0);
-        opacity: 1;
-        pointer-events: auto;
-    }
-}
-
-.config-panel-header {
-    display: flex;
-    align-items: center;
-    justify-content: space-between;
-    padding: @space-4;
-    border-bottom: 2px solid @accent-primary;
-    flex-shrink: 0;
-}
-
-.config-panel-title {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-
-    h3 {
-        margin: 0;
-        font-size: @font-size-base;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-    }
-}
-
-.config-panel-icon {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    width: 32px;
-    height: 32px;
-    border-radius: @radius-md;
-    color: white;
-}
-
-.config-panel-close {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    width: 28px;
-    height: 28px;
-    background: transparent;
-    border: none;
-    border-radius: @radius-sm;
-    color: @text-tertiary;
-    cursor: pointer;
-    transition: all @transition-fast;
-
-    &:hover {
-        background: @bg-hover;
-        color: @text-primary;
-    }
-}
-
-.config-panel-body {
-    flex: 1;
-    overflow-y: auto;
-    padding: @space-4;
-    .custom-scrollbar();
-
-    .form-group {
-        margin-bottom: @space-4;
-
-        label {
-            display: block;
-            font-size: @font-size-sm;
-            font-weight: @font-weight-medium;
-            color: @text-secondary;
-            margin-bottom: @space-2;
-        }
-
-        input,
-        select,
-        textarea {
-            width: 100%;
-            padding: @space-2 @space-3;
-            background: @bg-body;
-            border: 1px solid @border-subtle;
-            border-radius: @radius-md;
-            color: @text-primary;
-            font-size: @font-size-sm;
-            transition: border-color @transition-fast;
-
-            &:focus {
-                outline: none;
-                border-color: @accent-primary;
-            }
-
-            &::placeholder {
-                color: @text-tertiary;
-            }
-        }
-
-        select {
-            cursor: pointer;
-            appearance: none;
-            background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' viewBox='0 0 12 12'%3E%3Cpath fill='%2371717a' d='M6 8L1 3h10z'/%3E%3C/svg%3E");
-            background-repeat: no-repeat;
-            background-position: right @space-3 center;
-            padding-right: @space-8;
-        }
-
-        textarea {
-            resize: vertical;
-            min-height: 80px;
-            font-family: inherit;
-        }
-
-        .input-readonly {
-            background: @bg-hover;
-            cursor: not-allowed;
-            color: @text-tertiary;
-        }
-    }
-
-    .form-row {
-        display: grid;
-        grid-template-columns: 1fr 1fr;
-        gap: @space-3;
-    }
-
-    .form-hint {
-        display: block;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-        margin-top: @space-1;
-    }
-}
-
-.config-panel-footer {
-    padding: @space-4;
-    border-top: 1px solid @border-subtle;
-    flex-shrink: 0;
-}
-
-// ============================================
-// PORT LIST (Docker Config Panel)
-// ============================================
-
-.port-list {
-    display: flex;
-    flex-direction: column;
-    gap: @space-2;
-}
-
-.port-item {
-    display: flex;
-    gap: @space-2;
-
-    input {
-        flex: 1;
-    }
-}
-
-.btn-icon {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    width: 32px;
-    height: 32px;
-    padding: 0;
-    border-radius: @radius-md;
-    flex-shrink: 0;
-}
-
-.btn-danger-ghost {
-    background: transparent;
-    border: 1px solid transparent;
-    color: @text-tertiary;
-    cursor: pointer;
-    transition: all @transition-fast;
-
-    &:hover {
-        background: @danger-bg;
-        border-color: @danger-border;
-        color: @danger;
-    }
-}
-
-// ============================================
-// CONNECTION ERROR TOAST
-// ============================================
-
-.connection-error-toast {
-    position: absolute;
-    top: @space-4;
-    left: 50%;
-    transform: translateX(-50%);
-    z-index: 30;
-    padding: @space-2 @space-4;
-    background: @danger-bg;
-    border: 1px solid @danger-border;
-    border-radius: @radius-md;
-    color: @danger;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    box-shadow: @shadow-lg;
-    animation: slideDown 0.2s ease-out;
-}
-
-@keyframes slideDown {
-    from {
-        opacity: 0;
-        transform: translateX(-50%) translateY(-10px);
-    }
-    to {
-        opacity: 1;
-        transform: translateX(-50%) translateY(0);
-    }
-}
-
-// ============================================
-// EDGE LABEL STYLES
-// ============================================
-
-.edge-label {
-    display: flex;
-    align-items: center;
-    gap: @space-1;
-    padding: 2px @space-2;
-    border-radius: @radius-sm;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-medium;
-    color: white;
-    white-space: nowrap;
-    transition: all @transition-fast;
-    opacity: 0;
-
-    .react-flow__edge:hover &,
-    &.edge-label-selected {
-        opacity: 1;
-    }
-
-    &.edge-label-selected {
-        color: @bg-body;
-    }
-}
-
-.edge-label-text {
-    line-height: 1;
-}
-
-.edge-delete-btn {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    width: 16px;
-    height: 16px;
-    padding: 0;
-    margin-left: @space-1;
-    background: @danger;
-    border: none;
-    border-radius: @radius-sm;
-    color: white;
-    cursor: pointer;
-    transition: all @transition-fast;
-
-    &:hover {
-        background: darken(@danger, 10%);
-    }
-}
-
-// ============================================
-// HANDLE HOVER STATES
-// ============================================
-
-.workflow-handle {
-    transition: all @transition-fast;
-
-    &:hover {
-        transform: scale(1.3);
-    }
-}
-
-// Connecting state - show valid handles
-.react-flow__handle-connecting {
-    &.react-flow__handle-valid {
-        background: @success !important;
-        box-shadow: 0 0 6px fade(@success, 60%);
-    }
-
-    &:not(.react-flow__handle-valid) {
-        background: @danger !important;
-        box-shadow: 0 0 6px fade(@danger, 60%);
-    }
-}
-
-// ============================================
-// EDGE SELECTION STATES
-// ============================================
-
-.react-flow__edge {
-    cursor: pointer;
-
-    &.selected .react-flow__edge-path {
-        stroke: white !important;
-        stroke-width: 2 !important;
-    }
-}
-
-// ============================================
-// WORKFLOW TOOLBAR (SAVE/LOAD)
-// ============================================
-
-.workflow-toolbar {
-    position: absolute;
-    top: @space-4;
-    right: @space-4;
-    z-index: 15;
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    padding: @space-2 @space-3;
-    box-shadow: @shadow-lg;
-}
-
-.toolbar-left {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-}
-
-.toolbar-right {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-}
-
-.workflow-name-input {
-    width: 180px;
-    padding: @space-2 @space-3;
-    background: @bg-body;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    color: @text-primary;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    transition: border-color @transition-fast;
-
-    &:focus {
-        outline: none;
-        border-color: @accent-primary;
-    }
-
-    &::placeholder {
-        color: @text-tertiary;
-    }
-}
-
-.workflow-id-badge {
-    padding: @space-1 @space-2;
-    background: @bg-hover;
-    border-radius: @radius-sm;
-    font-size: @font-size-xs;
-    font-family: @font-mono;
-    color: @text-tertiary;
-}
-
-.toolbar-btn {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    padding: @space-2 @space-3;
-    background: transparent;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    color: @text-secondary;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    cursor: pointer;
-    transition: all @transition-fast;
-    white-space: nowrap;
-
-    svg {
-        flex-shrink: 0;
-    }
-
-    &:hover {
-        background: @bg-hover;
-        border-color: @border-active;
-        color: @text-primary;
-    }
-
-    &:disabled {
-        opacity: 0.5;
-        cursor: not-allowed;
-    }
-}
-
-.toolbar-btn-primary {
-    background: @accent-primary;
-    border-color: @accent-primary;
-    color: white;
-
-    &:hover {
-        background: darken(@accent-primary-raw, 5%);
-        border-color: darken(@accent-primary-raw, 5%);
-        color: white;
-    }
-}
-
-.toolbar-message {
-    position: absolute;
-    top: 100%;
-    right: 0;
-    margin-top: @space-2;
-    padding: @space-2 @space-3;
-    background: @success-bg;
-    border: 1px solid @success-border;
-    border-radius: @radius-md;
-    color: @success;
-    font-size: @font-size-xs;
-    font-weight: @font-weight-medium;
-    white-space: nowrap;
-    animation: slideDown 0.2s ease-out;
-}
-
-// ============================================
-// WORKFLOW LIST MODAL
-// ============================================
-
-.workflow-modal-overlay {
-    position: fixed;
-    top: 0;
-    left: 0;
-    right: 0;
-    bottom: 0;
-    background: fade(@bg-body-raw, 80%);
-    backdrop-filter: blur(4px);
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    z-index: 100;
-    animation: fadeIn 0.15s ease-out;
-}
-
-@keyframes fadeIn {
-    from {
-        opacity: 0;
-    }
-    to {
-        opacity: 1;
-    }
-}
-
-.workflow-modal {
-    width: 500px;
-    max-width: 90vw;
-    max-height: 80vh;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-xl;
-    box-shadow: @shadow-lg;
-    display: flex;
-    flex-direction: column;
-    animation: scaleIn 0.2s ease-out;
-}
-
-@keyframes scaleIn {
-    from {
-        opacity: 0;
-        transform: scale(0.95);
-    }
-    to {
-        opacity: 1;
-        transform: scale(1);
-    }
-}
-
-.workflow-modal-header {
-    display: flex;
-    align-items: center;
-    justify-content: space-between;
-    padding: @space-4 @space-5;
-    border-bottom: 1px solid @border-subtle;
-
-    h2 {
-        margin: 0;
-        font-size: @font-size-lg;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-    }
-}
-
-.modal-close-btn {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    width: 32px;
-    height: 32px;
-    background: transparent;
-    border: none;
-    border-radius: @radius-md;
-    color: @text-tertiary;
-    cursor: pointer;
-    transition: all @transition-fast;
-
-    &:hover {
-        background: @bg-hover;
-        color: @text-primary;
-    }
-}
-
-.workflow-modal-content {
-    flex: 1;
-    overflow-y: auto;
-    padding: @space-4;
-    .custom-scrollbar();
-}
-
-.workflow-list-loading {
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    gap: @space-3;
-    padding: @space-8;
-    color: @text-tertiary;
-
-    .spin {
-        animation: spin 1s linear infinite;
-    }
-}
-
-@keyframes spin {
-    from {
-        transform: rotate(0deg);
-    }
-    to {
-        transform: rotate(360deg);
-    }
-}
-
-.workflow-list-error {
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    gap: @space-3;
-    padding: @space-8;
-    color: @danger;
-
-    button {
-        padding: @space-2 @space-4;
-        background: @danger;
-        border: none;
-        border-radius: @radius-md;
-        color: white;
-        font-size: @font-size-sm;
-        font-weight: @font-weight-medium;
-        cursor: pointer;
-        transition: background @transition-fast;
-
-        &:hover {
-            background: darken(@danger, 10%);
-        }
-    }
-}
-
-.workflow-list-empty {
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    gap: @space-2;
-    padding: @space-8;
-    color: @text-tertiary;
-
-    p {
-        margin: 0;
-        font-size: @font-size-base;
-        font-weight: @font-weight-medium;
-        color: @text-secondary;
-    }
-
-    span {
-        font-size: @font-size-sm;
-    }
-}
-
-.workflow-list {
-    display: flex;
-    flex-direction: column;
-    gap: @space-2;
-}
-
-.workflow-list-item {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-    padding: @space-3 @space-4;
-    background: @bg-body;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-lg;
-    cursor: pointer;
-    transition: all @transition-fast;
-
-    &:hover {
-        border-color: @accent-primary;
-        background: fade(@accent-primary-raw, 5%);
-    }
-}
-
-.workflow-item-main {
-    flex: 1;
-    min-width: 0;
-}
-
-.workflow-item-name {
-    font-size: @font-size-sm;
-    font-weight: @font-weight-semibold;
-    color: @text-primary;
-    overflow: hidden;
-    text-overflow: ellipsis;
-    white-space: nowrap;
-}
-
-.workflow-item-desc {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-    overflow: hidden;
-    text-overflow: ellipsis;
-    white-space: nowrap;
-    margin-top: 2px;
-}
-
-.workflow-item-meta {
-    display: flex;
-    flex-direction: column;
-    gap: @space-1;
-    flex-shrink: 0;
-}
-
-.workflow-item-stats {
-    display: flex;
-    gap: @space-3;
-
-    .stat {
-        display: flex;
-        align-items: center;
-        gap: @space-1;
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-    }
-}
-
-.workflow-item-date {
-    display: flex;
-    align-items: center;
-    gap: @space-1;
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-}
-
-.workflow-item-delete {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    width: 32px;
-    height: 32px;
-    background: transparent;
-    border: 1px solid transparent;
-    border-radius: @radius-md;
-    color: @text-tertiary;
-    cursor: pointer;
-    transition: all @transition-fast;
-    flex-shrink: 0;
-
-    &:hover {
-        background: @danger-bg;
-        border-color: @danger-border;
-        color: @danger;
-    }
-
-    &:disabled {
-        opacity: 0.5;
-        cursor: not-allowed;
-    }
-
-    .spin {
-        animation: spin 1s linear infinite;
-    }
-}
-
-// ============================================
-// DEPLOY BUTTON
-// ============================================
-
-.toolbar-btn-deploy {
-    background: @success;
-    border-color: @success;
-    color: white;
-
-    &:hover:not(:disabled) {
-        background: darken(@success, 5%);
-        border-color: darken(@success, 5%);
-        color: white;
-    }
-
-    &:disabled {
-        opacity: 0.5;
-        cursor: not-allowed;
-    }
-}
-
-// ============================================
-// DEPLOYMENT PROGRESS MODAL
-// ============================================
-
-.deployment-modal-overlay {
-    position: fixed;
-    top: 0;
-    left: 0;
-    right: 0;
-    bottom: 0;
-    background: fade(@bg-body-raw, 80%);
-    backdrop-filter: blur(4px);
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    z-index: 100;
-    animation: fadeIn 0.15s ease-out;
-}
-
-.deployment-modal {
-    width: 520px;
-    max-width: 90vw;
-    max-height: 80vh;
-    background: @bg-card;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-xl;
-    box-shadow: @shadow-lg;
-    display: flex;
-    flex-direction: column;
-    animation: scaleIn 0.2s ease-out;
-}
-
-.deployment-modal-header {
-    display: flex;
-    align-items: center;
-    justify-content: space-between;
-    padding: @space-4 @space-5;
-    border-bottom: 1px solid @border-subtle;
-
-    h2 {
-        margin: 0;
-        font-size: @font-size-lg;
-        font-weight: @font-weight-semibold;
-        color: @text-primary;
-    }
-}
-
-.deployment-modal-content {
-    flex: 1;
-    overflow-y: auto;
-    padding: @space-4;
-    .custom-scrollbar();
-}
-
-.deployment-modal-footer {
-    padding: @space-4;
-    border-top: 1px solid @border-subtle;
-    display: flex;
-    justify-content: flex-end;
-
-    .btn-primary {
-        padding: @space-2 @space-5;
-        background: @accent-primary;
-        border: none;
-        border-radius: @radius-md;
-        color: white;
-        font-size: @font-size-sm;
-        font-weight: @font-weight-medium;
-        cursor: pointer;
-        transition: background @transition-fast;
-
-        &:hover {
-            background: darken(@accent-primary-raw, 5%);
-        }
-    }
-}
-
-.deployment-loading {
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    gap: @space-3;
-    padding: @space-8;
-    color: @text-tertiary;
-
-    .spin {
-        animation: spin 1s linear infinite;
-    }
-
-    p {
-        margin: 0;
-        font-size: @font-size-base;
-        font-weight: @font-weight-medium;
-        color: @text-secondary;
-    }
-
-    span {
-        font-size: @font-size-sm;
-    }
-}
-
-.deployment-summary {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-    padding: @space-3 @space-4;
-    border-radius: @radius-md;
-    margin-bottom: @space-4;
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-
-    &.success {
-        background: @success-bg;
-        border: 1px solid @success-border;
-        color: @success;
-    }
-
-    &.has-errors {
-        background: @danger-bg;
-        border: 1px solid @danger-border;
-        color: @danger;
-    }
-}
-
-.deployment-results {
-    display: flex;
-    flex-direction: column;
-    gap: @space-2;
-}
-
-.deployment-result-item {
-    display: flex;
-    align-items: center;
-    gap: @space-3;
-    padding: @space-3 @space-4;
-    background: @bg-body;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    transition: all @transition-fast;
-
-    &.success {
-        border-color: fade(@success, 30%);
-    }
-
-    &.error {
-        border-color: fade(@danger, 30%);
-        background: fade(@danger, 5%);
-    }
-
-    &.pending {
-        opacity: 0.6;
-    }
-}
-
-.result-icon {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    width: 32px;
-    height: 32px;
-    border-radius: @radius-md;
-    color: white;
-    flex-shrink: 0;
-}
-
-.result-info {
-    flex: 1;
-    min-width: 0;
-}
-
-.result-name {
-    font-size: @font-size-sm;
-    font-weight: @font-weight-medium;
-    color: @text-primary;
-    overflow: hidden;
-    text-overflow: ellipsis;
-    white-space: nowrap;
-}
-
-.result-type {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-}
-
-.result-status {
-    display: flex;
-    align-items: center;
-    flex-shrink: 0;
-
-    .spin {
-        animation: spin 1s linear infinite;
-        color: @text-tertiary;
-    }
-
-    .status-success {
-        color: @success;
-    }
-
-    .status-error {
-        color: @danger;
-    }
-
-    .status-pending {
-        font-size: @font-size-xs;
-        color: @text-tertiary;
-    }
-}
-
-.result-link {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    width: 28px;
-    height: 28px;
-    background: transparent;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-sm;
-    color: @text-tertiary;
-    text-decoration: none;
-    transition: all @transition-fast;
-    flex-shrink: 0;
-
-    &:hover {
-        background: @bg-hover;
-        border-color: @accent-primary;
-        color: @accent-primary;
-    }
-}
-
-.deployment-errors {
-    margin-top: @space-4;
-    padding: @space-3;
-    background: @danger-bg;
-    border: 1px solid @danger-border;
-    border-radius: @radius-md;
-
-    h4 {
-        margin: 0 0 @space-2;
-        font-size: @font-size-sm;
-        font-weight: @font-weight-semibold;
-        color: @danger;
-    }
-}
-
-.error-item {
-    display: flex;
-    align-items: flex-start;
-    gap: @space-2;
-    padding: @space-2 0;
-    font-size: @font-size-xs;
-    color: @danger;
-
-    svg {
-        flex-shrink: 0;
-        margin-top: 2px;
-    }
-
-    &:not(:last-child) {
-        border-bottom: 1px solid fade(@danger, 20%);
-    }
-}
-
-// ============================================
-// DEPLOYED NODE INDICATOR
-// ============================================
-
-.workflow-node.deployed {
-    border-color: @success;
-
-    &::after {
-        content: '';
-        position: absolute;
-        top: -4px;
-        right: -4px;
-        width: 12px;
-        height: 12px;
-        background: @success;
-        border: 2px solid @bg-card;
-        border-radius: 50%;
-    }
-}
-
-// ============================================
-// REAL APP NODE INDICATOR
-// ============================================
-
-.workflow-node.is-real {
-    border-color: @accent-primary;
-
-    .workflow-node-header {
-        background: fade(@accent-primary-raw, 15%);
-    }
-}
-
-// ============================================
-// PALETTE SUBMENU
-// ============================================
-
-.palette-submenu {
-    display: flex;
-    flex-direction: column;
-    gap: @space-1;
-    margin-left: @space-3;
-    margin-bottom: @space-2;
-    padding-left: @space-2;
-    border-left: 2px solid @border-subtle;
-}
-
-.palette-subitem {
-    display: flex;
-    align-items: center;
-    justify-content: space-between;
-    gap: @space-2;
-    padding: @space-2;
-    background: @bg-body;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-sm;
-    color: @text-secondary;
-    font-size: @font-size-xs;
-    cursor: pointer;
-    transition: all @transition-fast;
-
-    &:hover {
-        background: @bg-hover;
-        border-color: @accent-primary;
-        color: @text-primary;
-    }
-
-    .status-badge {
-        font-size: 10px;
-        padding: 1px 6px;
-    }
-}
-
-.palette-empty {
-    padding: @space-2;
-    color: @text-tertiary;
-    font-size: @font-size-xs;
-    font-style: italic;
-}
-
-.palette-section-info {
-    margin-top: auto;
-    padding-top: @space-3;
-    border-top: 1px solid @border-subtle;
-}
-
-.palette-hint {
-    font-size: @font-size-xs;
-    color: @text-tertiary;
-    line-height: 1.4;
-}
-
-// ============================================
-// DOMAIN PILLS IN NODE
-// ============================================
-
-.node-domains {
-    display: flex;
-    flex-wrap: wrap;
-    gap: @space-1;
-    margin-top: @space-2;
-}
-
-.node-domain-pill {
-    display: inline-flex;
-    align-items: center;
-    gap: 4px;
-    padding: 2px @space-2;
-    background: fade(@success, 15%);
-    border: 1px solid fade(@success, 30%);
-    border-radius: @radius-full;
-    font-size: 10px;
-    color: @success;
-
-    svg {
-        opacity: 0.7;
-    }
-}
-
-.node-domain-more {
-    font-size: 10px;
-    color: @text-tertiary;
-    padding: 2px @space-1;
-}
-
-// ============================================
-// PRIVATE URL IN NODE
-// ============================================
-
-@color-info: #22d3ee;
-
-.node-detail-private-url {
-    display: flex;
-    align-items: center;
-    gap: @space-1;
-    margin-top: @space-2;
-    padding: @space-1 @space-2;
-    background: fade(@color-info, 10%);
-    border-radius: @radius-sm;
-
-    svg {
-        color: @color-info;
-        flex-shrink: 0;
-    }
-
-    .node-detail-value {
-        font-size: 10px;
-        color: @color-info;
-        overflow: hidden;
-        text-overflow: ellipsis;
-        white-space: nowrap;
-    }
-}
-
-// ============================================
-// SERVER OVERVIEW BUTTON
-// ============================================
-
-.toolbar-btn-overview {
-    background: fade(@color-info, 15%) !important;
-    border-color: fade(@color-info, 30%) !important;
-    color: @color-info !important;
-
-    &:hover:not(:disabled) {
-        background: fade(@color-info, 25%) !important;
-        border-color: @color-info !important;
-    }
-}
-
-// ============================================
-// CONFIG PANEL ENHANCEMENTS
-// ============================================
-
-.form-value {
-    padding: @space-2 @space-3;
-    background: @bg-body;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    font-size: @font-size-sm;
-    color: @text-primary;
-
-    &.status-badge {
-        display: inline-flex;
-        padding: @space-1 @space-2;
-        border-radius: @radius-sm;
-        font-size: @font-size-xs;
-        font-weight: @font-weight-medium;
-        text-transform: capitalize;
-    }
-
-    &.status-running {
-        background: @success-bg;
-        border-color: @success-border;
-        color: @success;
-    }
-
-    &.status-stopped {
-        background: @bg-body;
-        border-color: @border-subtle;
-        color: @text-tertiary;
-    }
-
-    &.status-error {
-        background: @danger-bg;
-        border-color: @danger-border;
-        color: @danger;
-    }
-}
-
-.form-value-link {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    cursor: pointer;
-    color: @accent-primary;
-
-    &:hover {
-        text-decoration: underline;
-    }
-
-    svg:last-child {
-        opacity: 0.5;
-        margin-left: auto;
-    }
-}
-
-.form-domains {
-    display: flex;
-    flex-direction: column;
-    gap: @space-2;
-}
-
-.form-domain-item {
-    display: flex;
-    align-items: center;
-    gap: @space-2;
-    padding: @space-2;
-    background: @bg-body;
-    border: 1px solid @border-subtle;
-    border-radius: @radius-md;
-    font-size: @font-size-sm;
-
-    svg {
-        color: @success;
-    }
-
-    .ssl-badge {
-        margin-left: auto;
-        padding: 2px 6px;
-        background: @success-bg;
-        border-radius: @radius-sm;
-        font-size: 10px;
-        font-weight: @font-weight-medium;
-        color: @success;
-    }
-}
-
-.action-buttons {
-    display: flex;
-    gap: @space-2;
-    flex-wrap: wrap;
-
-    .btn {
-        flex: 1;
-        min-width: 70px;
-    }
-}
-
-.action-message {
-    margin-top: @space-2;
-    padding: @space-2;
-    background: @success-bg;
-    border: 1px solid @success-border;
-    border-radius: @radius-sm;
-    font-size: @font-size-xs;
-    color: @success;
-    text-align: center;
-}
-
-.btn-block {
-    width: 100%;
-    justify-content: center;
-}
diff --git a/frontend/src/styles/pages/_workflow.scss b/frontend/src/styles/pages/_workflow.scss
new file mode 100644
index 00000000..1ebe2ebd
--- /dev/null
+++ b/frontend/src/styles/pages/_workflow.scss
@@ -0,0 +1,2244 @@
+// ============================================
+// WORKFLOW BUILDER PAGE STYLES
+// ============================================
+
+.workflow-page {
+    display: flex;
+    flex-direction: column;
+    height: calc(100vh - $space-6);
+    padding: $space-4;
+
+    &.fullscreen {
+        height: 100vh;
+        padding: 0;
+
+        .workflow-canvas {
+            border-radius: 0;
+            border: none;
+        }
+    }
+
+    .page-header {
+        flex-shrink: 0;
+        margin-bottom: $space-4;
+
+        h1 {
+            margin: 0 0 $space-1;
+            font-size: $font-size-xl;
+            font-weight: $font-weight-semibold;
+        }
+
+        .page-subtitle {
+            margin: 0;
+            color: $text-secondary;
+            font-size: $font-size-sm;
+        }
+    }
+}
+
+// ============================================
+// CANVAS CONTAINER
+// ============================================
+
+.workflow-canvas {
+    flex: 1;
+    background: $bg-body;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    overflow: hidden;
+    position: relative;
+
+    .react-flow {
+        background: $bg-body;
+    }
+
+    // React Flow Controls
+    .react-flow__controls {
+        background: $bg-card;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-md;
+        box-shadow: $shadow-lg;
+
+        button {
+            background: $bg-card;
+            border: none;
+            border-bottom: 1px solid $border-subtle;
+            color: $text-secondary;
+            width: 28px;
+            height: 28px;
+
+            &:hover {
+                background: $bg-hover;
+                color: $text-primary;
+            }
+
+            &:last-child {
+                border-bottom: none;
+            }
+
+            svg {
+                fill: currentColor;
+            }
+        }
+    }
+
+    // React Flow MiniMap
+    .react-flow__minimap {
+        background: $bg-card;
+        border: 1px solid $border-subtle;
+        border-radius: $radius-md;
+        box-shadow: $shadow-lg;
+    }
+
+    // React Flow Background
+    .react-flow__background {
+        background: $bg-body;
+    }
+}
+
+// ============================================
+// NODE STYLES
+// ============================================
+
+.workflow-node {
+    min-width: 180px;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    box-shadow: $shadow-md;
+    transition: all $transition-fast;
+
+    &:hover {
+        border-color: $border-active;
+        box-shadow: $shadow-lg;
+    }
+
+    &.selected {
+        border-color: $accent-primary;
+        box-shadow: 0 0 0 2px $accent-glow;
+    }
+}
+
+.workflow-node-header {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    padding: $space-2 $space-3;
+    border-bottom: 2px solid $accent-primary;
+    border-top-left-radius: $radius-lg;
+    border-top-right-radius: $radius-lg;
+}
+
+.workflow-node-icon {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    width: 28px;
+    height: 28px;
+    background: $accent-primary;
+    border-radius: $radius-md;
+    color: white;
+}
+
+.workflow-node-type {
+    font-size: $font-size-xs;
+    font-weight: $font-weight-semibold;
+    text-transform: uppercase;
+    letter-spacing: 0.5px;
+    color: $text-tertiary;
+}
+
+.workflow-node-body {
+    padding: $space-3;
+}
+
+.workflow-node-label {
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    color: $text-primary;
+    margin-bottom: $space-1;
+}
+
+.workflow-node-status {
+    display: inline-flex;
+    align-items: center;
+    gap: $space-1;
+    padding: $space-1 $space-2;
+    border-radius: $radius-full;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-medium;
+
+    &.status-running {
+        background: $success-bg;
+        color: $success;
+    }
+
+    &.status-stopped {
+        background: fade($text-tertiary-raw, 10%);
+        color: $text-tertiary;
+    }
+
+    &.status-error {
+        background: $danger-bg;
+        color: $danger;
+    }
+}
+
+// ============================================
+// COMPACT NODE VARIANTS (Trigger, Script, Logic, Notification)
+// ============================================
+
+// Shared compact node layout
+.node-trigger,
+.node-script,
+.node-logic,
+.node-notification {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+    padding: $space-3;
+    min-width: 180px;
+    position: relative;
+
+    &.node-selected {
+        border-color: $accent-primary;
+        box-shadow: 0 0 0 2px $accent-glow;
+    }
+}
+
+.node-icon {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    width: 32px;
+    height: 32px;
+    min-width: 32px;
+    background: $bg-elevated;
+    border-radius: $radius-md;
+    color: $text-secondary;
+}
+
+.node-content {
+    flex: 1;
+    min-width: 0;
+}
+
+.node-label {
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    color: $text-primary;
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+}
+
+.node-sublabel {
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+    margin-top: 2px;
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+}
+
+// Node icon color variants
+.node-icon-manual { color: #3b82f6; }
+.node-icon-cron { color: #a855f7; }
+.node-icon-webhook { color: #10b981; }
+.node-icon-event { color: #f59e0b; }
+.node-icon-bash { color: $text-secondary; }
+.node-icon-python { color: #93c5fd; }
+.node-icon-logic { color: #f97316; }
+.node-icon-discord { color: #818cf8; }
+.node-icon-slack { color: #ec4899; }
+.node-icon-email { color: #3b82f6; }
+
+// Node status glow variants
+.node-status-active { border-color: #3b82f6; box-shadow: 0 0 10px rgba(59, 130, 246, 0.3); }
+.node-status-success { border-color: $success; box-shadow: 0 0 10px rgba(34, 197, 94, 0.3); }
+.node-status-error { border-color: $danger; box-shadow: 0 0 10px rgba(239, 68, 68, 0.3); }
+.node-status-inactive { border-color: $border-subtle; }
+
+// Logic If/Else branching outputs
+.node-outputs {
+    display: flex;
+    justify-content: space-around;
+    width: 100%;
+    margin-top: $space-2;
+    padding-top: $space-2;
+    border-top: 1px solid $border-subtle;
+}
+
+.node-output-branch {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+}
+
+.node-branch-label {
+    font-size: 10px;
+    font-weight: 700;
+    margin-bottom: $space-1;
+
+    &.node-branch-true { color: $success; }
+    &.node-branch-false { color: $danger; }
+}
+
+// Compact handle styles
+.handle-input,
+.handle-output {
+    width: 10px !important;
+    height: 10px !important;
+    background: $bg-card !important;
+    border: 2px solid $border-active !important;
+    transition: all $transition-fast;
+
+    &:hover {
+        background: $accent-primary !important;
+        border-color: $accent-primary !important;
+        transform: scale(1.2);
+    }
+}
+
+.handle-true {
+    border-color: $success !important;
+    &:hover { background: $success !important; }
+}
+
+.handle-false {
+    border-color: $danger !important;
+    &:hover { background: $danger !important; }
+}
+
+// ============================================
+// HANDLE STYLES
+// ============================================
+
+.workflow-handle {
+    width: 12px !important;
+    height: 12px !important;
+    background: $bg-card !important;
+    border: 2px solid $border-active !important;
+    transition: all $transition-fast;
+
+    &:hover {
+        background: $accent-primary !important;
+        border-color: $accent-primary !important;
+        transform: scale(1.2);
+    }
+}
+
+.workflow-handle-target {
+    left: -6px !important;
+}
+
+.workflow-handle-source {
+    right: -6px !important;
+}
+
+
+// ============================================
+// EDGE STYLES
+// ============================================
+
+.react-flow__edge-path {
+    stroke: $border-active;
+    stroke-width: 2;
+}
+
+.react-flow__edge.selected .react-flow__edge-path {
+    stroke: $accent-primary;
+}
+
+.react-flow__edge:hover .react-flow__edge-path {
+    stroke: $accent-primary;
+}
+
+// Animated edges
+.react-flow__edge.animated path {
+    stroke-dasharray: 5;
+    animation: flowAnimation 0.5s linear infinite;
+}
+
+@keyframes flowAnimation {
+    from {
+        stroke-dashoffset: 10;
+    }
+    to {
+        stroke-dashoffset: 0;
+    }
+}
+
+// ============================================
+// NODE PALETTE STYLES
+// ============================================
+
+.workflow-palette {
+    position: absolute;
+    top: $space-4;
+    left: $space-4;
+    z-index: 10;
+    display: flex;
+    flex-direction: column;
+    gap: $space-1;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-2;
+    box-shadow: $shadow-lg;
+    max-height: calc(100% - 120px);
+    overflow-y: auto;
+}
+
+.palette-section {
+    display: flex;
+    flex-direction: column;
+    gap: $space-1;
+
+    &:not(:last-child) {
+        padding-bottom: $space-2;
+        border-bottom: 1px solid $border-subtle;
+        margin-bottom: $space-1;
+    }
+}
+
+.palette-header {
+    font-size: $font-size-xs;
+    font-weight: $font-weight-semibold;
+    text-transform: uppercase;
+    letter-spacing: 0.5px;
+    color: $text-tertiary;
+    padding: $space-1 $space-2;
+}
+
+.palette-item {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    padding: $space-2 $space-3;
+    background: transparent;
+    border: 1px solid transparent;
+    border-radius: $radius-md;
+    color: $text-secondary;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    cursor: pointer;
+    transition: all $transition-fast;
+    white-space: nowrap;
+    text-align: left;
+
+    svg {
+        flex-shrink: 0;
+    }
+
+    &:hover {
+        background: $bg-hover;
+        color: $text-primary;
+    }
+
+    &.palette-item-docker:hover {
+        background: fade(#2496ed, 15%);
+        color: #2496ed;
+        border-color: fade(#2496ed, 30%);
+    }
+
+    &.palette-item-database:hover {
+        background: fade($warning, 15%);
+        color: $warning;
+        border-color: fade($warning, 30%);
+    }
+
+    &.palette-item-domain:hover {
+        background: fade($success, 15%);
+        color: $success;
+        border-color: fade($success, 30%);
+    }
+
+    &.palette-item-service:hover {
+        background: fade($accent-primary-raw, 15%);
+        color: $accent-primary;
+        border-color: fade($accent-primary-raw, 30%);
+    }
+}
+
+// ============================================
+// NODE TYPE-SPECIFIC STYLES
+// ============================================
+
+// Docker App Node
+.workflow-node-docker {
+    .node-header-docker {
+        border-color: #2496ed;
+    }
+
+    .node-icon-docker {
+        background: #2496ed;
+    }
+}
+
+// Database Node
+.workflow-node-database {
+    .node-header-database {
+        border-color: $warning;
+    }
+
+    .node-icon-database {
+        background: $warning;
+    }
+}
+
+// Domain Node
+.workflow-node-domain {
+    .node-header-domain {
+        border-color: $success;
+    }
+
+    .node-icon-domain {
+        background: $success;
+    }
+
+    .node-label-domain {
+        font-size: $font-size-base;
+        font-weight: $font-weight-semibold;
+        font-family: $font-mono;
+    }
+}
+
+// Service Node
+.workflow-node-service {
+    .node-header-service {
+        border-color: $accent-primary;
+    }
+
+    .node-icon-service {
+        background: $accent-primary;
+    }
+}
+
+// ============================================
+// NODE DETAIL STYLES
+// ============================================
+
+.node-detail {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    margin-top: $space-2;
+    font-size: $font-size-xs;
+
+    .node-detail-label {
+        color: $text-tertiary;
+    }
+
+    .node-detail-value {
+        color: $text-secondary;
+        font-family: $font-mono;
+    }
+}
+
+.node-detail-image .node-detail-value {
+    max-width: 120px;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+.node-detail-memory,
+.node-detail-size {
+    color: $text-tertiary;
+
+    svg {
+        opacity: 0.7;
+    }
+}
+
+.node-description {
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+    margin-top: $space-1;
+}
+
+// ============================================
+// PORT PILLS
+// ============================================
+
+.node-ports {
+    display: flex;
+    flex-wrap: wrap;
+    gap: $space-1;
+    margin-top: $space-2;
+}
+
+.node-port-pill {
+    display: inline-flex;
+    align-items: center;
+    padding: 2px $space-2;
+    background: fade($accent-primary-raw, 15%);
+    border: 1px solid fade($accent-primary-raw, 30%);
+    border-radius: $radius-full;
+    font-size: $font-size-xs;
+    font-family: $font-mono;
+    color: $accent-primary;
+}
+
+// ============================================
+// TYPE BADGES
+// ============================================
+
+.node-type-badge {
+    display: inline-flex;
+    align-items: center;
+    padding: 2px $space-2;
+    border-radius: $radius-sm;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-semibold;
+    color: white;
+    margin-top: $space-1;
+}
+
+// ============================================
+// SSL & DNS BADGES
+// ============================================
+
+.node-badges {
+    display: flex;
+    flex-wrap: wrap;
+    gap: $space-2;
+    margin-top: $space-2;
+}
+
+.node-ssl-badge {
+    display: inline-flex;
+    align-items: center;
+    gap: $space-1;
+    padding: 2px $space-2;
+    border: 1px solid;
+    border-radius: $radius-sm;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-medium;
+}
+
+.node-dns-badge {
+    display: inline-flex;
+    align-items: center;
+    gap: $space-1;
+    padding: 2px $space-2;
+    border-radius: $radius-sm;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-medium;
+
+    &.dns-propagated {
+        background: $success-bg;
+        color: $success;
+    }
+
+    &.dns-pending {
+        background: fade($warning, 15%);
+        color: $warning;
+    }
+}
+
+// ============================================
+// STATUS DOT (ANIMATED)
+// ============================================
+
+.node-status-dot {
+    width: 8px;
+    height: 8px;
+    border-radius: 50%;
+    margin-left: auto;
+
+    &.status-running {
+        background: $success;
+        box-shadow: 0 0 0 2px fade($success, 30%);
+        animation: pulseRunning 2s ease-in-out infinite;
+    }
+
+    &.status-stopped {
+        background: $text-tertiary;
+    }
+
+    &.status-error {
+        background: $danger;
+        box-shadow: 0 0 0 2px fade($danger, 30%);
+        animation: pulseError 1s ease-in-out infinite;
+    }
+}
+
+@keyframes pulseRunning {
+    0%, 100% {
+        box-shadow: 0 0 0 2px fade($success, 30%);
+    }
+    50% {
+        box-shadow: 0 0 0 4px fade($success, 15%);
+    }
+}
+
+@keyframes pulseError {
+    0%, 100% {
+        box-shadow: 0 0 0 2px fade($danger, 30%);
+    }
+    50% {
+        box-shadow: 0 0 0 4px fade($danger, 15%);
+    }
+}
+
+// ============================================
+// DATABASE HANDLE (BOTTOM)
+// ============================================
+
+.workflow-handle-database {
+    bottom: -6px !important;
+    left: 50% !important;
+    transform: translateX(-50%);
+}
+
+// ============================================
+// CONFIGURATION PANEL
+// ============================================
+
+.config-panel {
+    position: absolute;
+    top: 0;
+    right: 0;
+    width: 320px;
+    height: 100%;
+    background: $bg-card;
+    border-left: 1px solid $border-subtle;
+    box-shadow: $shadow-lg;
+    z-index: 20;
+    display: flex;
+    flex-direction: column;
+    transform: translateX(100%);
+    opacity: 0;
+    transition: transform 0.25s ease-out, opacity 0.2s ease-out;
+    pointer-events: none;
+
+    &.open {
+        transform: translateX(0);
+        opacity: 1;
+        pointer-events: auto;
+    }
+}
+
+.config-panel-header {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    padding: $space-4;
+    border-bottom: 2px solid $accent-primary;
+    flex-shrink: 0;
+}
+
+.config-panel-title {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+
+    h3 {
+        margin: 0;
+        font-size: $font-size-base;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+    }
+}
+
+.config-panel-icon {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    width: 32px;
+    height: 32px;
+    border-radius: $radius-md;
+    color: white;
+}
+
+.config-panel-close {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    width: 28px;
+    height: 28px;
+    background: transparent;
+    border: none;
+    border-radius: $radius-sm;
+    color: $text-tertiary;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    &:hover {
+        background: $bg-hover;
+        color: $text-primary;
+    }
+}
+
+.config-panel-body {
+    flex: 1;
+    overflow-y: auto;
+    padding: $space-4;
+    @include custom-scrollbar();
+
+    .form-group {
+        margin-bottom: $space-4;
+
+        label {
+            display: block;
+            font-size: $font-size-sm;
+            font-weight: $font-weight-medium;
+            color: $text-secondary;
+            margin-bottom: $space-2;
+        }
+
+        input,
+        select,
+        textarea {
+            width: 100%;
+            padding: $space-2 $space-3;
+            background: $bg-body;
+            border: 1px solid $border-subtle;
+            border-radius: $radius-md;
+            color: $text-primary;
+            font-size: $font-size-sm;
+            transition: border-color $transition-fast;
+
+            &:focus {
+                outline: none;
+                border-color: $accent-primary;
+            }
+
+            &::placeholder {
+                color: $text-tertiary;
+            }
+        }
+
+        select {
+            cursor: pointer;
+            appearance: none;
+            background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='12' height='12' viewBox='0 0 12 12'%3E%3Cpath fill='%2371717a' d='M6 8L1 3h10z'/%3E%3C/svg%3E");
+            background-repeat: no-repeat;
+            background-position: right $space-3 center;
+            padding-right: $space-8;
+        }
+
+        textarea {
+            resize: vertical;
+            min-height: 80px;
+            font-family: inherit;
+        }
+
+        .input-readonly {
+            background: $bg-hover;
+            cursor: not-allowed;
+            color: $text-tertiary;
+        }
+    }
+
+    .form-row {
+        display: grid;
+        grid-template-columns: 1fr 1fr;
+        gap: $space-3;
+    }
+
+    .form-hint {
+        display: block;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        margin-top: $space-1;
+    }
+}
+
+.config-panel-footer {
+    padding: $space-4;
+    border-top: 1px solid $border-subtle;
+    flex-shrink: 0;
+}
+
+// ============================================
+// PORT LIST (Docker Config Panel)
+// ============================================
+
+// ============================================
+// CONFIG PANEL ELEMENTS
+// ============================================
+
+// Trigger type selector grid
+.trigger-type-grid {
+    display: grid;
+    grid-template-columns: 1fr 1fr;
+    gap: $space-2;
+}
+
+.trigger-type-btn {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: $space-1;
+    padding: $space-3;
+    background: $bg-body;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    color: $text-tertiary;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    &:hover {
+        border-color: $border-active;
+        color: $text-secondary;
+    }
+
+    &.active {
+        background: rgba($accent-primary-raw, 0.1);
+        border-color: $accent-primary;
+        color: $accent-primary;
+    }
+
+    .trigger-type-name {
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
+    }
+
+    .trigger-type-desc {
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+        text-align: center;
+        line-height: $line-height-tight;
+    }
+}
+
+// Notification channel selector
+.channel-grid {
+    display: grid;
+    grid-template-columns: 1fr 1fr 1fr;
+    gap: $space-2;
+}
+
+.channel-btn {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: $space-1;
+    padding: $space-2;
+    background: $bg-body;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    color: $text-tertiary;
+    font-size: $font-size-xs;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    &:hover {
+        border-color: $border-active;
+        color: $text-secondary;
+    }
+
+    &.active {
+        background: rgba($accent-primary-raw, 0.1);
+        border-color: $accent-primary;
+        color: $accent-primary;
+    }
+}
+
+// Language toggle
+.lang-toggle {
+    display: flex;
+    gap: $space-2;
+}
+
+.lang-btn {
+    flex: 1;
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    gap: $space-2;
+    padding: $space-2;
+    background: $bg-body;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    color: $text-tertiary;
+    font-size: $font-size-sm;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    &:hover { border-color: $border-active; color: $text-secondary; }
+    &.active { background: rgba($accent-primary-raw, 0.1); border-color: $accent-primary; color: $accent-primary; }
+}
+
+// Script editor textarea
+.script-editor {
+    min-height: 240px;
+    font-size: $font-size-xs;
+    line-height: 1.6;
+    tab-size: 4;
+}
+
+// Toggle switch
+.toggle-label {
+    display: flex !important;
+    align-items: center;
+    justify-content: space-between;
+}
+
+.toggle-switch {
+    position: relative;
+    width: 36px;
+    height: 20px;
+    background: $bg-tertiary;
+    border: none;
+    border-radius: $radius-full;
+    cursor: pointer;
+    transition: background $transition-fast;
+
+    &.active { background: $success; }
+
+    .toggle-knob {
+        position: absolute;
+        top: 2px;
+        left: 2px;
+        width: 16px;
+        height: 16px;
+        background: white;
+        border-radius: 50%;
+        transition: transform $transition-fast;
+    }
+
+    &.active .toggle-knob {
+        transform: translateX(16px);
+    }
+}
+
+// Input with action button (e.g. copy)
+.input-with-action {
+    display: flex;
+    gap: $space-2;
+
+    input { flex: 1; }
+}
+
+.input-action-btn {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    padding: $space-2 $space-3;
+    background: $bg-body;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    color: $text-secondary;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    &:hover { background: $bg-hover; color: $text-primary; }
+}
+
+// Info boxes in panels
+.panel-info-box {
+    padding: $space-3;
+    background: rgba($accent-primary-raw, 0.08);
+    border: 1px solid rgba($accent-primary-raw, 0.2);
+    border-radius: $radius-md;
+    font-size: $font-size-xs;
+    color: $text-secondary;
+    line-height: 1.6;
+    margin-top: $space-3;
+
+    code {
+        background: rgba(0, 0, 0, 0.3);
+        padding: 1px 4px;
+        border-radius: 3px;
+        font-size: $font-size-xs;
+        color: $accent-primary;
+    }
+
+    &.panel-info-warning {
+        background: rgba($warning, 0.08);
+        border-color: rgba($warning, 0.2);
+
+        code { color: $warning; }
+    }
+}
+
+// Delete node button
+.btn-delete-node {
+    width: 100%;
+    padding: $space-2 $space-4;
+    background: transparent;
+    border: 1px solid $danger;
+    border-radius: $radius-md;
+    color: $danger;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    &:hover {
+        background: $danger;
+        color: white;
+    }
+}
+
+// Branch legend (If/Else panel)
+.branch-legend {
+    display: flex;
+    flex-direction: column;
+    gap: $space-2;
+    margin-top: $space-4;
+}
+
+.branch-legend-item {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    font-size: $font-size-xs;
+    color: $text-secondary;
+}
+
+.branch-dot {
+    width: 8px;
+    height: 8px;
+    border-radius: 50%;
+
+    &.branch-dot-true { background: $success; }
+    &.branch-dot-false { background: $danger; }
+}
+
+// 3-col form row
+.form-row-3 {
+    display: grid;
+    grid-template-columns: 1fr 1fr 1fr;
+    gap: $space-3;
+}
+
+// Font mono utility
+.font-mono {
+    font-family: $font-mono !important;
+}
+
+// ============================================
+// PORT LIST (Docker Config Panel)
+// ============================================
+
+.port-list {
+    display: flex;
+    flex-direction: column;
+    gap: $space-2;
+}
+
+.port-item {
+    display: flex;
+    gap: $space-2;
+
+    input {
+        flex: 1;
+    }
+}
+
+.btn-icon {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    width: 32px;
+    height: 32px;
+    padding: 0;
+    border-radius: $radius-md;
+    flex-shrink: 0;
+}
+
+.btn-danger-ghost {
+    background: transparent;
+    border: 1px solid transparent;
+    color: $text-tertiary;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    &:hover {
+        background: $danger-bg;
+        border-color: $danger-border;
+        color: $danger;
+    }
+}
+
+// ============================================
+// CONNECTION ERROR TOAST
+// ============================================
+
+.connection-error-toast {
+    position: absolute;
+    top: $space-4;
+    left: 50%;
+    transform: translateX(-50%);
+    z-index: 30;
+    padding: $space-2 $space-4;
+    background: $danger-bg;
+    border: 1px solid $danger-border;
+    border-radius: $radius-md;
+    color: $danger;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    box-shadow: $shadow-lg;
+    animation: slideDown 0.2s ease-out;
+}
+
+@keyframes slideDown {
+    from {
+        opacity: 0;
+        transform: translateX(-50%) translateY(-10px);
+    }
+    to {
+        opacity: 1;
+        transform: translateX(-50%) translateY(0);
+    }
+}
+
+// ============================================
+// EDGE LABEL STYLES
+// ============================================
+
+.edge-label {
+    display: flex;
+    align-items: center;
+    gap: $space-1;
+    padding: 2px $space-2;
+    border-radius: $radius-sm;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-medium;
+    color: white;
+    white-space: nowrap;
+    transition: all $transition-fast;
+    opacity: 0;
+
+    .react-flow__edge:hover &,
+    &.edge-label-selected {
+        opacity: 1;
+    }
+
+    &.edge-label-selected {
+        color: $bg-body;
+    }
+}
+
+.edge-label-text {
+    line-height: 1;
+}
+
+.edge-delete-btn {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    width: 16px;
+    height: 16px;
+    padding: 0;
+    margin-left: $space-1;
+    background: $danger;
+    border: none;
+    border-radius: $radius-sm;
+    color: white;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    &:hover {
+        background: darken($danger, 10%);
+    }
+}
+
+// ============================================
+// HANDLE HOVER STATES
+// ============================================
+
+.workflow-handle {
+    transition: all $transition-fast;
+
+    &:hover {
+        transform: scale(1.3);
+    }
+}
+
+// Connecting state - show valid handles
+.react-flow__handle-connecting {
+    &.react-flow__handle-valid {
+        background: $success !important;
+        box-shadow: 0 0 6px fade($success, 60%);
+    }
+
+    &:not(.react-flow__handle-valid) {
+        background: $danger !important;
+        box-shadow: 0 0 6px fade($danger, 60%);
+    }
+}
+
+// ============================================
+// EDGE SELECTION STATES
+// ============================================
+
+.react-flow__edge {
+    cursor: pointer;
+
+    &.selected .react-flow__edge-path {
+        stroke: white !important;
+        stroke-width: 2 !important;
+    }
+}
+
+// ============================================
+// WORKFLOW TOOLBAR (SAVE/LOAD)
+// ============================================
+
+.workflow-toolbar {
+    position: absolute;
+    top: $space-4;
+    right: $space-4;
+    z-index: 15;
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    padding: $space-2 $space-3;
+    box-shadow: $shadow-lg;
+}
+
+.toolbar-left {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+}
+
+.toolbar-right {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+}
+
+.workflow-name-input {
+    width: 180px;
+    padding: $space-2 $space-3;
+    background: $bg-body;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    color: $text-primary;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    transition: border-color $transition-fast;
+
+    &:focus {
+        outline: none;
+        border-color: $accent-primary;
+    }
+
+    &::placeholder {
+        color: $text-tertiary;
+    }
+}
+
+.workflow-id-badge {
+    padding: $space-1 $space-2;
+    background: $bg-hover;
+    border-radius: $radius-sm;
+    font-size: $font-size-xs;
+    font-family: $font-mono;
+    color: $text-tertiary;
+}
+
+.toolbar-btn {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    padding: $space-2 $space-3;
+    background: transparent;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    color: $text-secondary;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    cursor: pointer;
+    transition: all $transition-fast;
+    white-space: nowrap;
+
+    svg {
+        flex-shrink: 0;
+    }
+
+    &:hover {
+        background: $bg-hover;
+        border-color: $border-active;
+        color: $text-primary;
+    }
+
+    &:disabled {
+        opacity: 0.5;
+        cursor: not-allowed;
+    }
+}
+
+.toolbar-btn-primary {
+    background: $accent-primary;
+    border-color: $accent-primary;
+    color: white;
+
+    &:hover {
+        background: darken($accent-primary-raw, 5%);
+        border-color: darken($accent-primary-raw, 5%);
+        color: white;
+    }
+}
+
+.toolbar-btn-execute {
+    color: $success;
+
+    &:hover {
+        background: rgba($success, 0.1);
+        border-color: $success;
+    }
+}
+
+.toolbar-divider {
+    width: 1px;
+    height: 24px;
+    background: $border-subtle;
+    margin: 0 $space-1;
+}
+
+.toolbar-message {
+    position: absolute;
+    top: 100%;
+    right: 0;
+    margin-top: $space-2;
+    padding: $space-2 $space-3;
+    background: $success-bg;
+    border: 1px solid $success-border;
+    border-radius: $radius-md;
+    color: $success;
+    font-size: $font-size-xs;
+    font-weight: $font-weight-medium;
+    white-space: nowrap;
+    animation: slideDown 0.2s ease-out;
+}
+
+// ============================================
+// WORKFLOW LIST MODAL
+// ============================================
+
+.workflow-modal-overlay {
+    position: fixed;
+    top: 0;
+    left: 0;
+    right: 0;
+    bottom: 0;
+    background: fade($bg-body-raw, 80%);
+    backdrop-filter: blur(4px);
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    z-index: 100;
+    animation: fadeIn 0.15s ease-out;
+}
+
+@keyframes fadeIn {
+    from {
+        opacity: 0;
+    }
+    to {
+        opacity: 1;
+    }
+}
+
+.workflow-modal {
+    width: 500px;
+    max-width: 90vw;
+    max-height: 80vh;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-xl;
+    box-shadow: $shadow-lg;
+    display: flex;
+    flex-direction: column;
+    animation: scaleIn 0.2s ease-out;
+}
+
+@keyframes scaleIn {
+    from {
+        opacity: 0;
+        transform: scale(0.95);
+    }
+    to {
+        opacity: 1;
+        transform: scale(1);
+    }
+}
+
+.workflow-modal-header {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    padding: $space-4 $space-5;
+    border-bottom: 1px solid $border-subtle;
+
+    h2 {
+        margin: 0;
+        font-size: $font-size-lg;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+    }
+}
+
+.modal-close-btn {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    width: 32px;
+    height: 32px;
+    background: transparent;
+    border: none;
+    border-radius: $radius-md;
+    color: $text-tertiary;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    &:hover {
+        background: $bg-hover;
+        color: $text-primary;
+    }
+}
+
+.workflow-modal-content {
+    flex: 1;
+    overflow-y: auto;
+    padding: $space-4;
+    @include custom-scrollbar();
+}
+
+.workflow-list-loading {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: $space-3;
+    padding: $space-8;
+    color: $text-tertiary;
+
+    .spin {
+        animation: spin 1s linear infinite;
+    }
+}
+
+@keyframes spin {
+    from {
+        transform: rotate(0deg);
+    }
+    to {
+        transform: rotate(360deg);
+    }
+}
+
+.workflow-list-error {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: $space-3;
+    padding: $space-8;
+    color: $danger;
+
+    button {
+        padding: $space-2 $space-4;
+        background: $danger;
+        border: none;
+        border-radius: $radius-md;
+        color: white;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
+        cursor: pointer;
+        transition: background $transition-fast;
+
+        &:hover {
+            background: darken($danger, 10%);
+        }
+    }
+}
+
+.workflow-list-empty {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: $space-2;
+    padding: $space-8;
+    color: $text-tertiary;
+
+    p {
+        margin: 0;
+        font-size: $font-size-base;
+        font-weight: $font-weight-medium;
+        color: $text-secondary;
+    }
+
+    span {
+        font-size: $font-size-sm;
+    }
+}
+
+.workflow-list {
+    display: flex;
+    flex-direction: column;
+    gap: $space-2;
+}
+
+.workflow-list-item {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+    padding: $space-3 $space-4;
+    background: $bg-body;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-lg;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    &:hover {
+        border-color: $accent-primary;
+        background: fade($accent-primary-raw, 5%);
+    }
+}
+
+.workflow-item-main {
+    flex: 1;
+    min-width: 0;
+}
+
+.workflow-item-name {
+    font-size: $font-size-sm;
+    font-weight: $font-weight-semibold;
+    color: $text-primary;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+.workflow-item-desc {
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+    margin-top: 2px;
+}
+
+.workflow-item-meta {
+    display: flex;
+    flex-direction: column;
+    gap: $space-1;
+    flex-shrink: 0;
+}
+
+.workflow-item-stats {
+    display: flex;
+    gap: $space-3;
+
+    .stat {
+        display: flex;
+        align-items: center;
+        gap: $space-1;
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+    }
+}
+
+.workflow-item-date {
+    display: flex;
+    align-items: center;
+    gap: $space-1;
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+}
+
+.workflow-item-delete {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    width: 32px;
+    height: 32px;
+    background: transparent;
+    border: 1px solid transparent;
+    border-radius: $radius-md;
+    color: $text-tertiary;
+    cursor: pointer;
+    transition: all $transition-fast;
+    flex-shrink: 0;
+
+    &:hover {
+        background: $danger-bg;
+        border-color: $danger-border;
+        color: $danger;
+    }
+
+    &:disabled {
+        opacity: 0.5;
+        cursor: not-allowed;
+    }
+
+    .spin {
+        animation: spin 1s linear infinite;
+    }
+}
+
+// ============================================
+// DEPLOY BUTTON
+// ============================================
+
+.toolbar-btn-deploy {
+    background: $success;
+    border-color: $success;
+    color: white;
+
+    &:hover:not(:disabled) {
+        background: darken($success, 5%);
+        border-color: darken($success, 5%);
+        color: white;
+    }
+
+    &:disabled {
+        opacity: 0.5;
+        cursor: not-allowed;
+    }
+}
+
+// ============================================
+// DEPLOYMENT PROGRESS MODAL
+// ============================================
+
+.deployment-modal-overlay {
+    position: fixed;
+    top: 0;
+    left: 0;
+    right: 0;
+    bottom: 0;
+    background: fade($bg-body-raw, 80%);
+    backdrop-filter: blur(4px);
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    z-index: 100;
+    animation: fadeIn 0.15s ease-out;
+}
+
+.deployment-modal {
+    width: 520px;
+    max-width: 90vw;
+    max-height: 80vh;
+    background: $bg-card;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-xl;
+    box-shadow: $shadow-lg;
+    display: flex;
+    flex-direction: column;
+    animation: scaleIn 0.2s ease-out;
+}
+
+.deployment-modal-header {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    padding: $space-4 $space-5;
+    border-bottom: 1px solid $border-subtle;
+
+    h2 {
+        margin: 0;
+        font-size: $font-size-lg;
+        font-weight: $font-weight-semibold;
+        color: $text-primary;
+    }
+}
+
+.deployment-modal-content {
+    flex: 1;
+    overflow-y: auto;
+    padding: $space-4;
+    @include custom-scrollbar();
+}
+
+.deployment-modal-footer {
+    padding: $space-4;
+    border-top: 1px solid $border-subtle;
+    display: flex;
+    justify-content: flex-end;
+
+    .btn-primary {
+        padding: $space-2 $space-5;
+        background: $accent-primary;
+        border: none;
+        border-radius: $radius-md;
+        color: white;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-medium;
+        cursor: pointer;
+        transition: background $transition-fast;
+
+        &:hover {
+            background: darken($accent-primary-raw, 5%);
+        }
+    }
+}
+
+.deployment-loading {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: $space-3;
+    padding: $space-8;
+    color: $text-tertiary;
+
+    .spin {
+        animation: spin 1s linear infinite;
+    }
+
+    p {
+        margin: 0;
+        font-size: $font-size-base;
+        font-weight: $font-weight-medium;
+        color: $text-secondary;
+    }
+
+    span {
+        font-size: $font-size-sm;
+    }
+}
+
+.deployment-summary {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+    padding: $space-3 $space-4;
+    border-radius: $radius-md;
+    margin-bottom: $space-4;
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+
+    &.success {
+        background: $success-bg;
+        border: 1px solid $success-border;
+        color: $success;
+    }
+
+    &.has-errors {
+        background: $danger-bg;
+        border: 1px solid $danger-border;
+        color: $danger;
+    }
+}
+
+.deployment-results {
+    display: flex;
+    flex-direction: column;
+    gap: $space-2;
+}
+
+.deployment-result-item {
+    display: flex;
+    align-items: center;
+    gap: $space-3;
+    padding: $space-3 $space-4;
+    background: $bg-body;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    transition: all $transition-fast;
+
+    &.success {
+        border-color: fade($success, 30%);
+    }
+
+    &.error {
+        border-color: fade($danger, 30%);
+        background: fade($danger, 5%);
+    }
+
+    &.pending {
+        opacity: 0.6;
+    }
+}
+
+.result-icon {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    width: 32px;
+    height: 32px;
+    border-radius: $radius-md;
+    color: white;
+    flex-shrink: 0;
+}
+
+.result-info {
+    flex: 1;
+    min-width: 0;
+}
+
+.result-name {
+    font-size: $font-size-sm;
+    font-weight: $font-weight-medium;
+    color: $text-primary;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
+
+.result-type {
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+}
+
+.result-status {
+    display: flex;
+    align-items: center;
+    flex-shrink: 0;
+
+    .spin {
+        animation: spin 1s linear infinite;
+        color: $text-tertiary;
+    }
+
+    .status-success {
+        color: $success;
+    }
+
+    .status-error {
+        color: $danger;
+    }
+
+    .status-pending {
+        font-size: $font-size-xs;
+        color: $text-tertiary;
+    }
+}
+
+.result-link {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    width: 28px;
+    height: 28px;
+    background: transparent;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-sm;
+    color: $text-tertiary;
+    text-decoration: none;
+    transition: all $transition-fast;
+    flex-shrink: 0;
+
+    &:hover {
+        background: $bg-hover;
+        border-color: $accent-primary;
+        color: $accent-primary;
+    }
+}
+
+.deployment-errors {
+    margin-top: $space-4;
+    padding: $space-3;
+    background: $danger-bg;
+    border: 1px solid $danger-border;
+    border-radius: $radius-md;
+
+    h4 {
+        margin: 0 0 $space-2;
+        font-size: $font-size-sm;
+        font-weight: $font-weight-semibold;
+        color: $danger;
+    }
+}
+
+.error-item {
+    display: flex;
+    align-items: flex-start;
+    gap: $space-2;
+    padding: $space-2 0;
+    font-size: $font-size-xs;
+    color: $danger;
+
+    svg {
+        flex-shrink: 0;
+        margin-top: 2px;
+    }
+
+    &:not(:last-child) {
+        border-bottom: 1px solid fade($danger, 20%);
+    }
+}
+
+// ============================================
+// DEPLOYED NODE INDICATOR
+// ============================================
+
+.workflow-node.deployed {
+    border-color: $success;
+
+    &::after {
+        content: '';
+        position: absolute;
+        top: -4px;
+        right: -4px;
+        width: 12px;
+        height: 12px;
+        background: $success;
+        border: 2px solid $bg-card;
+        border-radius: 50%;
+    }
+}
+
+// ============================================
+// REAL APP NODE INDICATOR
+// ============================================
+
+.workflow-node.is-real {
+    border-color: $accent-primary;
+
+    .workflow-node-header {
+        background: fade($accent-primary-raw, 15%);
+    }
+}
+
+// ============================================
+// PALETTE SUBMENU
+// ============================================
+
+.palette-submenu {
+    display: flex;
+    flex-direction: column;
+    gap: $space-1;
+    margin-left: $space-3;
+    margin-bottom: $space-2;
+    padding-left: $space-2;
+    border-left: 2px solid $border-subtle;
+}
+
+.palette-subitem {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    gap: $space-2;
+    padding: $space-2;
+    background: $bg-body;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-sm;
+    color: $text-secondary;
+    font-size: $font-size-xs;
+    cursor: pointer;
+    transition: all $transition-fast;
+
+    &:hover {
+        background: $bg-hover;
+        border-color: $accent-primary;
+        color: $text-primary;
+    }
+
+    .status-badge {
+        font-size: 10px;
+        padding: 1px 6px;
+    }
+}
+
+.palette-empty {
+    padding: $space-2;
+    color: $text-tertiary;
+    font-size: $font-size-xs;
+    font-style: italic;
+}
+
+.palette-section-info {
+    margin-top: auto;
+    padding-top: $space-3;
+    border-top: 1px solid $border-subtle;
+}
+
+.palette-hint {
+    font-size: $font-size-xs;
+    color: $text-tertiary;
+    line-height: 1.4;
+}
+
+// ============================================
+// DOMAIN PILLS IN NODE
+// ============================================
+
+.node-domains {
+    display: flex;
+    flex-wrap: wrap;
+    gap: $space-1;
+    margin-top: $space-2;
+}
+
+.node-domain-pill {
+    display: inline-flex;
+    align-items: center;
+    gap: 4px;
+    padding: 2px $space-2;
+    background: fade($success, 15%);
+    border: 1px solid fade($success, 30%);
+    border-radius: $radius-full;
+    font-size: 10px;
+    color: $success;
+
+    svg {
+        opacity: 0.7;
+    }
+}
+
+.node-domain-more {
+    font-size: 10px;
+    color: $text-tertiary;
+    padding: 2px $space-1;
+}
+
+// ============================================
+// PRIVATE URL IN NODE
+// ============================================
+
+$color-info: #22d3ee;
+
+.node-detail-private-url {
+    display: flex;
+    align-items: center;
+    gap: $space-1;
+    margin-top: $space-2;
+    padding: $space-1 $space-2;
+    background: fade($color-info, 10%);
+    border-radius: $radius-sm;
+
+    svg {
+        color: $color-info;
+        flex-shrink: 0;
+    }
+
+    .node-detail-value {
+        font-size: 10px;
+        color: $color-info;
+        overflow: hidden;
+        text-overflow: ellipsis;
+        white-space: nowrap;
+    }
+}
+
+// ============================================
+// SERVER OVERVIEW BUTTON
+// ============================================
+
+.toolbar-btn-overview {
+    background: fade($color-info, 15%) !important;
+    border-color: fade($color-info, 30%) !important;
+    color: $color-info !important;
+
+    &:hover:not(:disabled) {
+        background: fade($color-info, 25%) !important;
+        border-color: $color-info !important;
+    }
+}
+
+// ============================================
+// CONFIG PANEL ENHANCEMENTS
+// ============================================
+
+.form-value {
+    padding: $space-2 $space-3;
+    background: $bg-body;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    font-size: $font-size-sm;
+    color: $text-primary;
+
+    &.status-badge {
+        display: inline-flex;
+        padding: $space-1 $space-2;
+        border-radius: $radius-sm;
+        font-size: $font-size-xs;
+        font-weight: $font-weight-medium;
+        text-transform: capitalize;
+    }
+
+    &.status-running {
+        background: $success-bg;
+        border-color: $success-border;
+        color: $success;
+    }
+
+    &.status-stopped {
+        background: $bg-body;
+        border-color: $border-subtle;
+        color: $text-tertiary;
+    }
+
+    &.status-error {
+        background: $danger-bg;
+        border-color: $danger-border;
+        color: $danger;
+    }
+}
+
+.form-value-link {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    cursor: pointer;
+    color: $accent-primary;
+
+    &:hover {
+        text-decoration: underline;
+    }
+
+    svg:last-child {
+        opacity: 0.5;
+        margin-left: auto;
+    }
+}
+
+.form-domains {
+    display: flex;
+    flex-direction: column;
+    gap: $space-2;
+}
+
+.form-domain-item {
+    display: flex;
+    align-items: center;
+    gap: $space-2;
+    padding: $space-2;
+    background: $bg-body;
+    border: 1px solid $border-subtle;
+    border-radius: $radius-md;
+    font-size: $font-size-sm;
+
+    svg {
+        color: $success;
+    }
+
+    .ssl-badge {
+        margin-left: auto;
+        padding: 2px 6px;
+        background: $success-bg;
+        border-radius: $radius-sm;
+        font-size: 10px;
+        font-weight: $font-weight-medium;
+        color: $success;
+    }
+}
+
+.action-buttons {
+    display: flex;
+    gap: $space-2;
+    flex-wrap: wrap;
+
+    .btn {
+        flex: 1;
+        min-width: 70px;
+    }
+}
+
+.action-message {
+    margin-top: $space-2;
+    padding: $space-2;
+    background: $success-bg;
+    border: 1px solid $success-border;
+    border-radius: $radius-sm;
+    font-size: $font-size-xs;
+    color: $success;
+    text-align: center;
+}
+
+.btn-block {
+    width: 100%;
+    justify-content: center;
+}
diff --git a/frontend/src/styles/pages/_workspaces.scss b/frontend/src/styles/pages/_workspaces.scss
new file mode 100644
index 00000000..24258f71
--- /dev/null
+++ b/frontend/src/styles/pages/_workspaces.scss
@@ -0,0 +1,105 @@
+// Workspaces page styles
+
+.workspaces-page {
+    .workspaces-grid {
+        display: grid;
+        grid-template-columns: repeat(auto-fill, minmax(340px, 1fr));
+        gap: $spacing-lg;
+        margin-top: $spacing-lg;
+    }
+
+    .workspace-card {
+        padding: $spacing-lg;
+        display: flex;
+        flex-direction: column;
+        gap: $spacing-sm;
+
+        &__header {
+            display: flex;
+            justify-content: space-between;
+            align-items: center;
+        }
+
+        &__title {
+            display: flex;
+            align-items: center;
+            gap: $spacing-sm;
+
+            h3 { margin: 0; }
+        }
+
+        &__color {
+            width: 12px;
+            height: 12px;
+            border-radius: 50%;
+            display: inline-block;
+        }
+
+        &__desc {
+            color: $text-secondary;
+            font-size: 0.9rem;
+            margin: 0;
+        }
+
+        &__meta {
+            display: flex;
+            gap: $spacing-md;
+            font-size: 0.85rem;
+            color: $text-muted;
+        }
+
+        &__quotas {
+            display: flex;
+            gap: $spacing-sm;
+            font-size: 0.8rem;
+
+            span {
+                padding: 2px 8px;
+                background: $hover-bg;
+                border-radius: $radius-sm;
+            }
+        }
+
+        &__actions {
+            display: flex;
+            gap: $spacing-sm;
+            margin-top: $spacing-sm;
+            padding-top: $spacing-sm;
+            border-top: 1px solid $border-color;
+        }
+    }
+
+    .members-list {
+        display: flex;
+        flex-direction: column;
+        gap: $spacing-sm;
+    }
+
+    .member-row {
+        display: flex;
+        justify-content: space-between;
+        align-items: center;
+        padding: $spacing-sm 0;
+        border-bottom: 1px solid $border-color;
+
+        &:last-child { border-bottom: none; }
+    }
+
+    .form-row {
+        display: grid;
+        grid-template-columns: 1fr 1fr;
+        gap: $spacing-md;
+    }
+
+    .server-select-list {
+        max-height: 200px;
+        overflow-y: auto;
+    }
+
+    .server-select-item {
+        padding: $spacing-sm $spacing-md;
+        cursor: pointer;
+        border-radius: $radius-md;
+        &:hover { background: $hover-bg; }
+    }
+}
diff --git a/frontend/src/utils/connectionRules.js b/frontend/src/utils/connectionRules.js
index abf34631..0f40fffc 100644
--- a/frontend/src/utils/connectionRules.js
+++ b/frontend/src/utils/connectionRules.js
@@ -10,6 +10,14 @@
  */
 
 // Connection rules matrix: [sourceType][sourceHandle] → [targetType][targetHandle]
+const automationTargets = {
+    dockerApp: ['input'],
+    service: ['input'],
+    script: ['input'],
+    notification: ['input'],
+    logic_if: ['input']
+};
+
 const connectionRules = {
     domain: {
         output: {
@@ -33,6 +41,19 @@ const connectionRules = {
             service: ['input']
         }
     },
+    trigger: {
+        output: automationTargets
+    },
+    script: {
+        output: automationTargets
+    },
+    notification: {
+        output: automationTargets
+    },
+    logic_if: {
+        true: automationTargets,
+        false: automationTargets
+    },
     database: {
         // Database has no source handles, cannot connect to anything
     }
@@ -46,7 +67,14 @@ export const connectionLabels = {
     'dockerApp-database': 'Uses DB',
     'service-dockerApp': 'Provides',
     'service-database': 'Uses',
-    'service-service': 'Connects to'
+    'service-service': 'Connects to',
+    'trigger-script': 'Triggers',
+    'trigger-notification': 'Triggers',
+    'trigger-dockerApp': 'Starts',
+    'script-script': 'Next',
+    'script-notification': 'Then notify',
+    'logic_if-script': 'If so',
+    'logic_if-notification': 'If so notify'
 };
 
 // Colors for connection types
@@ -178,7 +206,11 @@ const formatNodeType = (type) => {
         dockerApp: 'Docker App',
         database: 'Database',
         domain: 'Domain',
-        service: 'Service'
+        service: 'Service',
+        trigger: 'Trigger',
+        script: 'Script',
+        notification: 'Notification',
+        logic_if: 'Logic'
     };
     return labels[type] || type;
 };
diff --git a/frontend/vite.config.js b/frontend/vite.config.js
index f75e81b4..f5ca9ad8 100644
--- a/frontend/vite.config.js
+++ b/frontend/vite.config.js
@@ -12,7 +12,18 @@ export default defineConfig({
             interval: 1000,
         },
     },
+    css: {
+        preprocessorOptions: {
+            scss: {
+                // Silence Dart Sass deprecation warnings for @import and slash-div
+                // These are expected during migration from LESS and will be addressed
+                // when moving to @use/@forward module system
+                silenceDeprecations: ['import', 'slash-div', 'legacy-js-api', 'global-builtin', 'color-functions', 'strict-unary'],
+            },
+        },
+    },
     build: {
+        sourcemap: false,
         rollupOptions: {
             output: {
                 manualChunks: {
diff --git a/install.sh b/install.sh
index 7a60fb0f..4aa94a26 100644
--- a/install.sh
+++ b/install.sh
@@ -28,6 +28,13 @@ VENV_DIR="$INSTALL_DIR/venv"
 LOG_DIR="/var/log/serverkit"
 DATA_DIR="/var/lib/serverkit"
 
+# Python constraints
+PYTHON_MIN="3.11"
+PYTHON_MAX="3.12"
+PYTHON_BIN=""
+
+SAFE_MODE=false
+
 print_header() {
     echo -e "${BLUE}"
     echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
@@ -41,6 +48,46 @@ print_error() { echo -e "${RED}✗ $1${NC}"; }
 print_warning() { echo -e "${YELLOW}! $1${NC}"; }
 print_info() { echo -e "${BLUE}→ $1${NC}"; }
 
+version_ge() { printf '%s\n%s' "$2" "$1" | sort -C -V; }
+version_le() { printf '%s\n%s' "$1" "$2" | sort -C -V; }
+
+# Detect supported Python (3.11-3.12)
+detect_python() {
+    if command -v python3 &>/dev/null; then
+        PY_VER=$(python3 -c 'import sys;print(".".join(map(str,sys.version_info[:2])))')
+        if version_ge "$PY_VER" "$PYTHON_MIN" && version_le "$PY_VER" "$PYTHON_MAX"; then
+            PYTHON_BIN="python3"
+            print_success "Using system Python $PY_VER"
+            return
+        fi
+    fi
+    print_warning "System Python not in supported range ($PYTHON_MIN-$PYTHON_MAX)"
+}
+
+# Check RAM and enable safe mode for small VPS
+check_ram() {
+    RAM=$(free -m | awk '/Mem:/ {print $2}')
+    if [ "$RAM" -le 700 ]; then
+        SAFE_MODE=true
+        print_warning "Low RAM detected (${RAM}MB) → enabling VPS Safe Mode"
+    fi
+}
+
+# Create swap if system has very little
+setup_swap() {
+    SWAP_TOTAL=$(free -m | awk '/^Swap:/ {print $2}')
+    if [ "$SWAP_TOTAL" -lt 512 ]; then
+        print_info "Creating swap space (1GB)..."
+        if [ ! -f /swapfile ]; then
+            fallocate -l 1G /swapfile 2>/dev/null || dd if=/dev/zero of=/swapfile bs=1M count=1024 status=none
+            chmod 600 /swapfile
+            mkswap /swapfile >/dev/null
+        fi
+        swapon /swapfile 2>/dev/null || true
+        print_success "Swap enabled"
+    fi
+}
+
 print_header
 
 # Check if running as root
@@ -49,7 +96,11 @@ if [ "$EUID" -ne 0 ]; then
     exit 1
 fi
 
-# Check OS
+# Enable low-RAM protections early (needs root for swap)
+check_ram
+setup_swap
+
+# Detect OS family
 OS_FAMILY="unknown"
 if [ -f /etc/os-release ]; then
     . /etc/os-release
@@ -58,7 +109,7 @@ if [ -f /etc/os-release ]; then
     elif [ "$ID" = "fedora" ]; then
         OS_FAMILY="fedora"
     else
-        print_warning "This script is designed for Ubuntu/Debian/Fedora. Proceed with caution."
+        print_warning "Unsupported OS ($ID). This script is designed for Ubuntu/Debian/Fedora."
     fi
 else
     print_warning "Cannot detect OS. Proceeding with caution."
@@ -76,14 +127,12 @@ if [ "$OS_FAMILY" = "debian" ] || [ "$OS_FAMILY" = "unknown" ]; then
 
     # Also configure needrestart.conf if it exists for future apt operations
     if [ -f /etc/needrestart/needrestart.conf ]; then
-        # Set needrestart to auto-restart mode
         sed -i "s/#\$nrconf{restart} = 'i';/\$nrconf{restart} = 'a';/" /etc/needrestart/needrestart.conf 2>/dev/null || true
     fi
 
-    # Update package list
     apt-get update
 
-    # Install Python and required packages
+
     apt-get install -y \
         python3 \
         python3-pip \
@@ -96,14 +145,26 @@ if [ "$OS_FAMILY" = "debian" ] || [ "$OS_FAMILY" = "unknown" ]; then
         libssl-dev \
         iproute2 \
         procps
+
+    detect_python
+
+    # If system Python is out of supported range, install 3.12
+    if [ -z "$PYTHON_BIN" ]; then
+        print_info "Installing Python 3.12..."
+        apt-get install -y \
+            python3.12 \
+            python3.12-venv \
+            python3.12-dev
+        PYTHON_BIN="python3.12"
+    fi
+
 elif [ "$OS_FAMILY" = "fedora" ]; then
-    # Update package list
     dnf update -y
-    
-    # Install Python and required packages
+
     dnf install -y \
         python3 \
         python3-pip \
+        python3-devel \
         git \
         curl \
         gcc \
@@ -114,6 +175,16 @@ elif [ "$OS_FAMILY" = "fedora" ]; then
         python3-devel \
         iproute \
         procps-ng
+
+    detect_python
+
+    if [ -z "$PYTHON_BIN" ]; then
+        print_info "Installing Python 3.12..."
+        dnf install -y \
+            python3.12 \
+            python3.12-devel
+        PYTHON_BIN="python3.12"
+    fi
 fi
 
 print_success "System dependencies installed"
@@ -191,13 +262,17 @@ fi
 
 # Set up Python virtual environment
 print_info "Setting up Python virtual environment..."
-python3 -m venv "$VENV_DIR"
+$PYTHON_BIN -m venv "$VENV_DIR"
 source "$VENV_DIR/bin/activate"
 
 # Install Python dependencies
 print_info "Installing Python dependencies..."
 pip install --upgrade pip
-pip install -r "$INSTALL_DIR/backend/requirements.txt"
+if [ "$SAFE_MODE" = true ]; then
+    pip install --no-cache-dir -r "$INSTALL_DIR/backend/requirements.txt"
+else
+    pip install -r "$INSTALL_DIR/backend/requirements.txt"
+fi
 pip install gunicorn gevent gevent-websocket
 
 print_success "Python dependencies installed"
@@ -277,7 +352,7 @@ rm -f /etc/nginx/sites-enabled/default
 mkdir -p /etc/nginx/sites-available
 mkdir -p /etc/nginx/sites-enabled
 
-# Ensure nginx.conf includes sites-enabled
+# Ensure nginx.conf includes sites-enabled (Fedora uses conf.d by default)
 if ! grep -q "sites-enabled" /etc/nginx/nginx.conf; then
     sed -i '/http {/a \    include /etc/nginx/sites-enabled/*;' /etc/nginx/nginx.conf
 fi
@@ -289,7 +364,7 @@ ln -sf /etc/nginx/sites-available/serverkit.conf /etc/nginx/sites-enabled/
 # Copy site template
 cp "$INSTALL_DIR/nginx/sites-available/example.conf.template" /etc/nginx/sites-available/
 
-# Configure SELinux to allow nginx reverse proxying
+# Configure SELinux to allow nginx reverse proxying (Fedora)
 if [ "$OS_FAMILY" = "fedora" ] && command -v setsebool &> /dev/null; then
     setsebool -P httpd_can_network_connect 1 2>/dev/null || true
 fi
@@ -302,16 +377,7 @@ docker network prune -f 2>/dev/null || true
 docker container prune -f 2>/dev/null || true
 
 # Ensure swap exists for low-RAM VPS servers (Vite build needs ~512MB+)
-SWAP_TOTAL=$(free -m | awk '/^Swap:/ {print $2}')
-if [ "$SWAP_TOTAL" -lt 512 ]; then
-    print_info "Creating swap space for build..."
-    if [ ! -f /swapfile ]; then
-        fallocate -l 1G /swapfile 2>/dev/null || dd if=/dev/zero of=/swapfile bs=1M count=1024 status=none
-        chmod 600 /swapfile
-        mkswap /swapfile >/dev/null
-    fi
-    swapon /swapfile 2>/dev/null || true
-fi
+setup_swap
 
 # Build frontend on host (avoids Docker memory overhead on low-RAM VPS)
 print_info "Building frontend..."
@@ -379,7 +445,7 @@ if [ "$BACKEND_OK" = true ] && [ "$FRONTEND_OK" = true ]; then
     echo ""
     echo "Service Management:"
     echo "  Backend (systemd):     systemctl [start|stop|restart] serverkit"
-    echo "  Frontend (Docker):     docker compose -C $INSTALL_DIR [up|down]"
+    echo "  Frontend (Docker):     docker compose --project-directory $INSTALL_DIR [up|down]"
     echo ""
     echo "For all commands:        serverkit help"
     echo ""
@@ -390,6 +456,6 @@ else
     echo ""
     echo "Troubleshooting:"
     echo "  Backend logs:   journalctl -u serverkit -f"
-    echo "  Frontend logs:  docker compose -C $INSTALL_DIR logs -f"
+    echo "  Frontend logs:  docker compose --project-directory $INSTALL_DIR logs -f"
     echo ""
 fi
diff --git a/quick-start.sh b/quick-start.sh
new file mode 100644
index 00000000..230df9d5
--- /dev/null
+++ b/quick-start.sh
@@ -0,0 +1,81 @@
+#!/usr/bin/env bash
+#
+# ServerKit - All-in-One Local Quick Start
+#
+# This script automates:
+# 1. System dependency checks
+# 2. Python venv & dependency setup
+# 3. Frontend npm installation
+# 4. Environment configuration (.env)
+# 5. Launching both Backend & Frontend
+#
+
+set -euo pipefail
+
+# Colors
+CYAN='\033[0;36m'
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+YELLOW='\033[1;33m'
+NC='\033[0m'
+
+echo -e "${CYAN}🚀 Starting ServerKit Local Setup...${NC}"
+
+# 1. Check for required system tools
+check_tool() {
+    if ! command -v "$1" &>/dev/null; then
+        echo -e "${RED}✗ $1 is not installed.${NC}"
+        echo -e "${YELLOW}Please run: sudo apt update && sudo apt install -y $2${NC}"
+        exit 1
+    fi
+}
+
+check_tool "python3" "python3 python3-venv python3-pip"
+check_tool "node" "nodejs"
+check_tool "npm" "npm"
+
+# 2. Setup Backend
+echo -e "\n${CYAN}📦 Setting up Backend...${NC}"
+if [ ! -d "venv" ]; then
+    echo "Creating virtual environment..."
+    python3 -m venv venv
+fi
+
+source venv/bin/activate
+echo "Installing Python dependencies..."
+pip install -r backend/requirements.txt --quiet
+pip install gunicorn gevent gevent-websocket --quiet
+
+# 3. Setup Frontend
+echo -e "\n${CYAN}📦 Setting up Frontend...${NC}"
+cd frontend
+if [ ! -d "node_modules" ]; then
+    echo "Installing Node modules (this may take a minute)..."
+    npm install --silent
+else
+    echo "Node modules already installed."
+fi
+cd ..
+
+# 4. Configuration
+echo -e "\n${CYAN}⚙️  Configuring Environment...${NC}"
+if [ ! -f ".env" ]; then
+    echo "Creating .env from .env.example..."
+    cp .env.example .env
+    # Generate random secrets for dev
+    sed -i "s/SECRET_KEY=.*/SECRET_KEY=$(openssl rand -hex 16)/" .env
+    sed -i "s/JWT_SECRET_KEY=.*/JWT_SECRET_KEY=$(openssl rand -hex 16)/" .env
+else
+    echo ".env file already exists."
+fi
+
+# 5. Launch
+echo -e "\n${GREEN}✅ Setup Complete!${NC}"
+echo -e "Starting ServerKit..."
+echo -e "  - ${CYAN}Frontend:${NC} http://localhost:5173"
+echo -e "  - ${CYAN}Backend:${NC}  http://localhost:5000"
+echo -e "\n${YELLOW}Press Ctrl+C to stop both servers.${NC}\n"
+
+# Run dev.sh to handle the dual-process execution
+chmod +x dev.sh
+./dev.sh
diff --git a/uninstall.sh b/uninstall.sh
new file mode 100644
index 00000000..c2440d2b
--- /dev/null
+++ b/uninstall.sh
@@ -0,0 +1,176 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+########################################
+# ServerKit Uninstaller
+########################################
+
+INSTALL_DIR="/opt/serverkit"
+DATA_DIR="/var/lib/serverkit"
+LOG_DIR="/var/log/serverkit"
+LOG_FILE="/var/log/serverkit-uninstall.log"
+
+mkdir -p /var/log
+exec > >(tee -a "$LOG_FILE") 2>&1
+
+########################################
+# Colors
+########################################
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+########################################
+# UI helpers
+########################################
+
+print_header() {
+    echo -e "${BLUE}"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo "  ServerKit Uninstaller"
+    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    echo -e "${NC}"
+}
+
+print_success() { echo -e "${GREEN}✓ $1${NC}"; }
+print_error() { echo -e "${RED}✗ $1${NC}"; }
+print_warning() { echo -e "${YELLOW}! $1${NC}"; }
+print_info() { echo -e "${BLUE}→ $1${NC}"; }
+
+########################################
+# Root check
+########################################
+
+if [[ $EUID -ne 0 ]]; then
+    print_error "Please run as root (sudo)"
+    exit 1
+fi
+
+print_header
+
+########################################
+# Confirm uninstall
+########################################
+
+echo
+read -p "Remove ServerKit completely? (y/N): " confirm
+
+if [[ "$confirm" != "y" && "$confirm" != "Y" ]]; then
+    print_warning "Uninstall cancelled"
+    exit 0
+fi
+
+########################################
+# Stop services
+########################################
+
+print_info "Stopping ServerKit service"
+
+systemctl stop serverkit 2>/dev/null || true
+systemctl disable serverkit 2>/dev/null || true
+
+print_success "Backend service stopped"
+
+########################################
+# Stop containers
+########################################
+
+print_info "Stopping Docker containers"
+
+if command -v docker &>/dev/null && [ -d "$INSTALL_DIR" ]; then
+    docker compose --project-directory "$INSTALL_DIR" down --remove-orphans 2>/dev/null || true
+else
+    print_warning "Docker or install directory not found, skipping container cleanup"
+fi
+
+print_success "Containers removed"
+
+########################################
+# Remove systemd service
+########################################
+
+print_info "Removing systemd service"
+
+rm -f /etc/systemd/system/serverkit.service
+
+systemctl daemon-reload
+
+print_success "Systemd service removed"
+
+########################################
+# Remove nginx config
+########################################
+
+print_info "Removing nginx configuration"
+
+rm -f /etc/nginx/sites-enabled/serverkit.conf 2>/dev/null || true
+rm -f /etc/nginx/sites-available/serverkit.conf 2>/dev/null || true
+
+systemctl reload nginx 2>/dev/null || true
+
+print_success "Nginx config removed"
+
+########################################
+# Remove files
+########################################
+
+print_info "Removing installation files"
+
+rm -rf "$INSTALL_DIR"
+
+print_success "Installation directory removed"
+
+########################################
+# Remove data
+########################################
+
+print_info "Removing data directory"
+
+rm -rf "$DATA_DIR"
+rm -rf /etc/serverkit
+rm -rf /var/serverkit
+
+print_success "Data directories removed"
+
+########################################
+# Remove logs
+########################################
+
+print_info "Removing logs"
+
+rm -rf "$LOG_DIR"
+
+print_success "Log directory removed"
+
+########################################
+# Remove CLI
+########################################
+
+print_info "Removing CLI command"
+
+rm -f /usr/local/bin/serverkit
+
+print_success "CLI removed"
+
+########################################
+# Track uninstall
+########################################
+
+curl -s "https://serverkit.ai/track/uninstall" >/dev/null 2>&1 || true
+
+########################################
+# Finish
+########################################
+
+echo
+echo -e "${GREEN}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
+echo -e "${GREEN}  ServerKit removed successfully${NC}"
+echo -e "${GREEN}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
+
+echo
+echo "Uninstall log:"
+echo "$LOG_FILE"
+echo