build: harden .dockerignore (secrets/, data/)

The host-side docker-compose mounts secrets/ and data/ read-only at
runtime, but the build context still slurped them in. Add secrets/,
data/, and general SSH key patterns (*.pem, *.key, id_rsa*,
id_ed25519*, known_hosts, .ssh/) so private material can never be
baked into the image even by accident.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

.dockerignore

@@ -10,3 +10,13 @@ dist
 .vite
 coverage
 /tmp
+
+# Secrets and runtime data
+secrets/
+data/
+*.pem
+*.key
+id_rsa*
+id_ed25519*
+known_hosts
+.ssh/

apps/web/src/api/types.ts

@@ -233,7 +233,7 @@ export interface GitMeta {
 
 // v1.9: 'settings' is an ephemeral pane kind — never persisted, always
 // singleton per workspace. The pane hook filters it out before writing to
-// localStorage and dedupes on insertion via openOrFocusSettingsPane().
+// localStorage and dedupes on insertion via toggleSettingsPane().
 export type WorkspacePaneKind = 'chat' | 'terminal' | 'agent' | 'empty' | 'settings';
 
 export interface WorkspacePane {

apps/web/src/components/SessionLandingPage.tsx

@@ -3,7 +3,6 @@ import { Archive, MessageSquare, Send, ChevronDown, ChevronRight, RotateCcw, Tra
 import type { Chat } from '@/api/types';
 import { Button } from '@/components/ui/button';
 import { Textarea } from '@/components/ui/textarea';
-import { Input } from '@/components/ui/input';
 import {
   ContextMenu,
   ContextMenuContent,
@@ -165,7 +164,6 @@ export function SessionLandingPage({
   const [renameValue, setRenameValue] = useState('');
   const [archiveConfirm, setArchiveConfirm] = useState<Chat | null>(null);
   const [deleteConfirm, setDeleteConfirm] = useState<Chat | null>(null);
-  const [deleteInput, setDeleteInput] = useState('');
 
   const openChats = chats
     .filter((c) => c.status === 'open')
@@ -193,9 +191,6 @@ export function SessionLandingPage({
     setRenamingId(null);
   }
 
-  const deleteExpected = deleteConfirm?.name ?? '';
-  const deleteEnabled = deleteConfirm !== null && deleteInput === deleteExpected && deleteExpected.length > 0;
-
   // TODO: Landing page chat counts are a snapshot at mount. New messages in
   // visible chats won't update the per-row stats until next mount/navigation.
   return (
@@ -217,7 +212,7 @@ export function SessionLandingPage({
                     onCancelRename={() => setRenamingId(null)}
                     onContextStartRename={() => startRename(chat)}
                     onContextArchive={() => setArchiveConfirm(chat)}
-                    onContextDelete={() => { setDeleteConfirm(chat); setDeleteInput(''); }}
+                    onContextDelete={() => setDeleteConfirm(chat)}
                     showContextMenu
                     actions={
                       <>
@@ -242,7 +237,6 @@ export function SessionLandingPage({
                           onClick={(e) => {
                             e.stopPropagation();
                             setDeleteConfirm(chat);
-                            setDeleteInput('');
                           }}
                         >
                           <Trash2 size={14} />
@@ -352,36 +346,25 @@ export function SessionLandingPage({
         </DialogContent>
       </Dialog>
 
-      <Dialog open={deleteConfirm !== null} onOpenChange={(open) => { if (!open) { setDeleteConfirm(null); setDeleteInput(''); } }}>
+      <Dialog open={deleteConfirm !== null} onOpenChange={(open) => { if (!open) setDeleteConfirm(null); }}>
         <DialogContent>
           <DialogHeader>
             <DialogTitle>Delete chat?</DialogTitle>
             <DialogDescription>
-              Type the chat name to confirm:
-              {' '}
-              <span className="font-mono font-medium text-foreground">{deleteExpected || '(unnamed — cannot type-confirm)'}</span>
+              Permanently delete{' '}
+              <span className="font-mono font-medium text-foreground">{deleteConfirm?.name || '(unnamed)'}</span>
+              {' '}and all its messages. This cannot be undone.
             </DialogDescription>
           </DialogHeader>
-          <Input
-            value={deleteInput}
-            onChange={(e) => setDeleteInput(e.target.value)}
-            placeholder={deleteExpected}
-            disabled={!deleteExpected}
-          />
-          <div className="text-xs text-muted-foreground">
-            This will permanently delete this chat and all its messages. This cannot be undone.
-          </div>
           <div className="flex gap-2 justify-end pt-2">
-            <Button variant="outline" onClick={() => { setDeleteConfirm(null); setDeleteInput(''); }}>
+            <Button variant="outline" onClick={() => setDeleteConfirm(null)}>
               Cancel
             </Button>
             <Button
               variant="destructive"
-              disabled={!deleteEnabled}
               onClick={() => {
-                if (deleteConfirm && deleteEnabled) void onDeleteChat(deleteConfirm.id);
+                if (deleteConfirm) void onDeleteChat(deleteConfirm.id);
                 setDeleteConfirm(null);
-                setDeleteInput('');
               }}
             >
               Delete

apps/web/src/components/Workspace.tsx

@@ -81,14 +81,27 @@ export function Workspace({
   const [maximized, setMaximized] = useState(false);
   const settingsIdx = panes.findIndex((p) => p.kind === 'settings');
 
+  // Esc semantics: maximized → restore; otherwise → close settings pane (only
+  // when it's the active pane). Bail when the user is typing in a field or
+  // inside an open dialog so we don't eat their cancel keystroke.
   useEffect(() => {
-    if (!maximized) return;
+    if (settingsIdx < 0) return;
     function onKey(e: KeyboardEvent) {
-      if (e.key === 'Escape') setMaximized(false);
+      if (e.key !== 'Escape') return;
+      const t = e.target;
+      if (t instanceof HTMLElement) {
+        if (t.tagName === 'INPUT' || t.tagName === 'TEXTAREA' || t.isContentEditable) return;
+        if (t.closest('[role="dialog"]')) return;
+      }
+      if (maximized) {
+        setMaximized(false);
+      } else if (activePaneIdx === settingsIdx) {
+        removePane(settingsIdx);
+      }
     }
     window.addEventListener('keydown', onKey);
     return () => window.removeEventListener('keydown', onKey);
-  }, [maximized]);
+  }, [maximized, settingsIdx, activePaneIdx, removePane]);
 
   // If the settings pane was closed (no longer in panes) while maximized,
   // clear the maximize state so the grid renders normally.
@@ -210,6 +223,7 @@ export function Workspace({
                   project={project}
                   maximized={maximized}
                   onToggleMaximize={() => setMaximized((v) => !v)}
+                  onClose={() => removePane(idx)}
                   isMobile={isMobile}
                 />
               ) : pane.kind === 'chat' && pane.chatId ? (

apps/web/src/components/panes/SettingsPane.tsx

@@ -1,5 +1,5 @@
 import { useEffect, useState } from 'react';
-import { Archive, Maximize2, Minimize2 } from 'lucide-react';
+import { Archive, Maximize2, Minimize2, X } from 'lucide-react';
 import { toast } from 'sonner';
 import { api } from '@/api/client';
 import type { Project, Session } from '@/api/types';
@@ -24,6 +24,7 @@ interface Props {
   project: Project;
   maximized: boolean;
   onToggleMaximize: () => void;
+  onClose: () => void;
   isMobile: boolean;
 }
 
@@ -65,7 +66,7 @@ function Switch({
   );
 }
 
-export function SettingsPane({ session, project, maximized, onToggleMaximize, isMobile }: Props) {
+export function SettingsPane({ session, project, maximized, onToggleMaximize, onClose, isMobile }: Props) {
   const [activeSection, setActiveSection] = useState<Section>('session');
 
   return (
@@ -99,6 +100,15 @@ export function SettingsPane({ session, project, maximized, onToggleMaximize, is
             {maximized ? <Minimize2 size={14} /> : <Maximize2 size={14} />}
           </button>
         )}
+        <button
+          type="button"
+          onClick={onClose}
+          className="inline-flex items-center justify-center p-1 rounded text-muted-foreground hover:bg-muted hover:text-foreground max-md:min-h-[44px] max-md:min-w-[44px]"
+          aria-label="Close settings"
+          title="Close (Esc)"
+        >
+          <X size={14} />
+        </button>
       </div>
 
       <div className="flex-1 overflow-y-auto">

apps/web/src/hooks/sessionEvents.ts

@@ -62,10 +62,10 @@ export interface OpenChatInActivePaneEvent {
   chat_id: string;
 }
 
-// v1.9: client-side event fired by the sidebar Settings button when a
-// session is currently mounted. Session.tsx subscribes and calls
-// panesHook.openOrFocusSettingsPane(). Sidebar handles the no-session case
-// by navigating to /settings (themes page) directly.
+// Client-side event fired by the sidebar Settings button when a session is
+// currently mounted. Session.tsx subscribes and calls
+// panesHook.toggleSettingsPane() (open on first click, close on second).
+// Sidebar handles the no-session case by navigating to /settings directly.
 export interface OpenSettingsPaneEvent {
   type: 'open_settings_pane';
 }

apps/web/src/hooks/useSidebar.ts

@@ -152,8 +152,8 @@ function applyEvent(prev: SidebarResponse, event: import('./sessionEvents').Sess
       // Consumed by Workspace; sidebar has no business with pane state.
       return prev;
     case 'open_settings_pane':
-      // v1.9: consumed by Session.tsx (calls openOrFocusSettingsPane on its
-      // panesHook). Sidebar data is untouched.
+      // Consumed by Session.tsx (calls toggleSettingsPane on its panesHook).
+      // Sidebar data is untouched.
       return prev;
     case 'session_archived': {
       let changed = false;

apps/web/src/hooks/useWorkspacePanes.ts

@@ -73,10 +73,10 @@ export interface UseWorkspacePanesResult {
   closeAllTabs: (paneIdx: number) => void;
   showLandingPage: (paneIdx: number) => void;
   addSplitPane: (kind: 'chat' | 'terminal' | 'agent') => void;
-  // v1.9: idempotent open-or-focus for the settings pane singleton. Appends
-  // a new settings pane if none exists, otherwise just focuses the existing
-  // one. Always succeeds — settings panes don't count toward MAX_PANES.
-  openOrFocusSettingsPane: () => void;
+  // Open-on-first-click, close-on-second-click. Singleton — settings panes
+  // don't count toward MAX_PANES. Closing the only remaining pane (edge case)
+  // falls back to an empty pane to preserve the "always one pane" invariant.
+  toggleSettingsPane: () => void;
   removePane: (idx: number) => void;
   removeChatFromPanes: (chatId: string) => void;
   initializeFirstChatIfEmpty: (chatId: string) => void;
@@ -254,22 +254,35 @@ export function useWorkspacePanes(sessionId: string): UseWorkspacePanesResult {
     });
   }, []);
 
-  const openOrFocusSettingsPane = useCallback(() => {
+  const toggleSettingsPane = useCallback(() => {
     setPanes((prev) => {
       const existingIdx = prev.findIndex((p) => p.kind === 'settings');
-      if (existingIdx >= 0) {
-        setActivePaneIdx(existingIdx);
-        return prev;
+      if (existingIdx < 0) {
+        const next = [...prev, settingsPane()];
+        setActivePaneIdx(next.length - 1);
+        return next;
       }
-      const next = [...prev, settingsPane()];
-      setActivePaneIdx(next.length - 1);
+      if (prev.length <= 1) {
+        setActivePaneIdx(0);
+        return [emptyPane()];
+      }
+      const next = prev.filter((_, i) => i !== existingIdx);
+      setActivePaneIdx((ai) => Math.min(ai, next.length - 1));
       return next;
     });
   }, []);
 
   const removePane = useCallback((idx: number) => {
     setPanes((prev) => {
-      if (prev.length <= 1) return prev;
+      if (prev.length <= 1) {
+        // Settings is the only kind that can be the last pane and still need
+        // closing (X / Esc / sidebar toggle). Fall back to empty.
+        if (prev[idx]?.kind === 'settings') {
+          setActivePaneIdx(0);
+          return [emptyPane()];
+        }
+        return prev;
+      }
       const next = prev.filter((_, i) => i !== idx);
       setActivePaneIdx((ai) => Math.min(ai, next.length - 1));
       return next;
@@ -359,7 +372,6 @@ export function useWorkspacePanes(sessionId: string): UseWorkspacePanesResult {
     setActivePaneIdx,
     activePaneIdxRef,
     openChatInPane,
-    openOrFocusSettingsPane,
     switchTab,
     removeTab,
     closeOtherTabs,
@@ -367,6 +379,7 @@ export function useWorkspacePanes(sessionId: string): UseWorkspacePanesResult {
     closeAllTabs,
     showLandingPage,
     addSplitPane,
+    toggleSettingsPane,
     removePane,
     removeChatFromPanes,
     initializeFirstChatIfEmpty,

apps/web/src/pages/Session.tsx

@@ -134,11 +134,10 @@ function SessionInner({ sessionId }: { sessionId: string }) {
         void api.projects.get(project.id).then(setProject).catch(() => {});
         return;
       }
-      // v1.9: sidebar Settings button broadcasts this when a session is
-      // mounted; we own the workspace pane state, so we open/focus the
-      // singleton settings pane here.
+      // Sidebar Settings button broadcasts this when a session is mounted;
+      // toggleSettingsPane opens on first click, closes on second.
       if (event.type === 'open_settings_pane') {
-        panesHook.openOrFocusSettingsPane();
+        panesHook.toggleSettingsPane();
       }
     });
   }, [sessionId, editingName, navigate, project, panesHook]);

boocode_roadmap.md

@@ -1,341 +1,201 @@
-# BooCode v1.x — Roadmap
+# BooCode — Roadmap
 
-Last updated: 2026-05-16
+Last updated: 2026-05-17
 
 ## Overview
 
-BooCode is a standalone code-chat tool at `/opt/boocode/`. Read-only by design — pick a project, chat with a local LLM that has file-inspection tools, get streaming responses over WebSocket.
+BooCode is a standalone code-chat tool at `/opt/boocode/`. Read-only by design in v1.x — pick a project, chat with a local LLM that has file-inspection tools, get streaming responses over WebSocket.
 
 Live at `https://code.indifferentketchup.com` (Caddy → Authelia → Tailscale → `100.114.205.53:9500`).
 
 **Architectural commitments:**
 
-- No embeddings. The model uses file-view tools (`view_file`, `list_dir`, `grep`, `find_files`) + sidecar analyzers (codecontext, codesight). Walked away from the RAG pipeline May 2026.
+- No embeddings. File-view tools + sidecar analyzers replace RAG.
 - Read-only in v1.x. Write tools land in BooCoder (separate container, post-v1.x).
 - One Postgres (`boocode_db`), one frontend SPA, container-per-service for new capabilities.
 
-External code lifted from / referenced in: see `boocode_code_review.md` for full inventory.
+## Current state
 
------
+- **main:** v1.8.1 (`b09d0ff` was last known tip prior to v1.8.2).
+- **Just merged / committed to main:** v1.8.2 — tool-loop fixes (read-only loop cap raised, "tool loop depth exceeded" error surfaced with continue button, `max_tool_calls` AGENTS.md frontmatter, `messages.metadata` column).
+- **In flight RIGHT NOW:** **v1.x-themes** branch — Claude Code implementing 18-theme system. See "Active work" below.
+
+## Active work
+
+### v1.x-themes — Theme system (in flight)
+
+**Spec source:** locked in this session. Anchors below derived from `/mnt/user-data/uploads/boocode-theme-previews.html` (16 themes extracted) + spec §3 family rules for the two missing (`fuchsia-noir`, `midnight-sapphire`).
+
+**18 themes, grouped:**
+
+| Family | IDs |
+|---|---|
+| Neutral dark | obsidian (default), gunmetal |
+| Brown / warm | espresso, volcanic-brown |
+| Orange / amber | copper, gold |
+| Red | oxblood, crimson |
+| Purple | elderflower, plum |
+| Pink / magenta | steel-pink, fuchsia-noir |
+| Green | matrix, sage |
+| Blue | cobalt, midnight-sapphire |
+| Light-only | ivory, chalk |
+
+**Dark anchors (bg, card, border, muted-fg, accent):**
+
+```
+obsidian          #0c0c0e #15151a #1f1f23 #6b6b75 #8b5cf6
+gunmetal          #0d1117 #161b22 #21262d #7d8590 #388bfd
+espresso          #1c1410 #241a14 #2e2218 #8a7058 #c8a880
+volcanic-brown    #140906 #1e0e0a #2e1610 #7a4030 #cc4a1a
+copper            #100800 #1c1408 #2e1f0a #8a6040 #b87333
+gold              #0e0800 #1a1200 #2a1f00 #a07c30 #d4af37
+oxblood           #0a0303 #180606 #2a0808 #7a3028 #8b1a1a
+crimson           #0e0404 #1a0808 #2e0a0a #8a3030 #dc143c
+elderflower       #100818 #1c1024 #2c1830 #8a78a0 #b89cd8
+plum              #0c0814 #180e20 #241830 #7a4878 #8e4585
+steel-pink        #0e0408 #1a080e #2e0c1a #9a4070 #cc33aa
+fuchsia-noir      #0a0610 #14081a #2a0c2e #8a3878 #ff1493
+matrix            #000a00 #031403 #0a200a #208030 #00ff41
+sage              #0a0e08 #141a10 #1e2e1a #7a8870 #9caf88
+cobalt            #020817 #061434 #0c2244 #3060a0 #0047ab
+midnight-sapphire #02050e #060c1f #0e1a36 #4a6088 #1e3a8a
+ivory             #fdfcf8 #f5f2e8 #e8e4d8 #8a8478 #3a3328   (light-only)
+chalk             #fafaf7 #f0f0ec #e5e5e0 #75756e #2a2a28   (light-only)
+```
+
+**Light-variant derivation (for the 16 dark themes):**
+- Lightest anchor → background
+- Accent darkens ~15% (HSL L − 15pp)
+- Foreground = near-black tinted toward family hue
+- Surfaces / borders scale up symmetrically
+
+**Fallback:** `ivory` or `chalk` + dark mode → `obsidian` dark.
+
+**Token map (shadcn nova set):**
+```
+background        ← anchor 1
+card / popover    ← anchor 2
+border / muted    ← anchor 3
+muted-foreground  ← anchor 4
+primary / accent  ← anchor 5
+foreground        ← derived: anchor-5 hue, ~92% L, ~25% S
+--destructive     ← red family, unchanged across themes
+--ring            ← per-theme accent
+--radius          ← 0.5rem locked
+fonts             ← Inter + JetBrains Mono locked
+```
+
+**Wiring locked:**
+- Schema: `settings.theme_id TEXT NOT NULL DEFAULT 'obsidian'`, `settings.theme_mode TEXT NOT NULL DEFAULT 'dark' CHECK IN ('dark','light','system')`
+- API: GET `/api/settings` extended, PATCH whitelists 18 theme ids → 400 otherwise
+- CSS: `apps/web/src/styles/themes/*.css` (18 + `_tokens.css`), imported from `globals.css` (NOT `index.css`)
+- `.theme-<id>` + `.theme-<id>.dark` composed on `<html>`
+- `apps/web/src/lib/theme.ts` (new): `THEMES` const, `applyTheme(id, mode)`, `useTheme()` hook. matchMedia subscribed only when `mode === 'system'`
+- `apps/web/src/App.tsx`: `useTheme()` at top
+- Settings page: card grid, mode toggle (radio: Dark/Light/System). No header dropdown.
+- shadcn primitives: `card`, `radio-group` installed via `pnpm dlx shadcn@latest add`. `button`, `label` already present.
+- FOUC mitigation: localStorage cache + inline `<script>` in `index.html` sets `<html>` class before React hydrates
+
+**Out of scope (v1):**
+- Custom user palettes (no color picker)
+- Per-project / per-session themes
+- Shiki syntax-highlighting themes
+- Header quick-switcher
+
+**Verify after Claude Code hands back:**
+- `fuchsia-noir` and `midnight-sapphire` visual check — derived, not from preview. Swap hexes if they read wrong.
+- Light variants of the 16 dark themes — algorithmic. Spot-check 3-4 across families (warm/cool/dark/saturated).
+- FOUC on hard reload, theme-switch persistence, system-mode matchMedia teardown.
 
 ## Batch summary
 
-|Batch                                     |Theme                                                                              |Status     |Branch / Notes                         |
-|------------------------------------------|-----------------------------------------------------------------------------------|-----------|---------------------------------------|
-|1                                         |Markdown, Copy + Regen, tok/s + ctx, AI naming                                     |✅ Done     |`v1.1-batch1` merged                   |
-|2                                         |Sidebar restructure                                                                |✅ Done     |`v1.1-batch2` merged                   |
-|3                                         |Pane system, FileBrowserPane + Shiki, cross-tab                                    |✅ Done     |`v1.1-batch3` merged                   |
-|3.5                                       |Chip infrastructure, `@file`, line-select                                          |✅ Done     |merged                                 |
-|4 (v1.2)                                  |Chats inside sessions, right-rail, `/compact`, archive, force-send                 |✅ Done     |merged                                 |
-|4.1–4.4                                   |Project archive, sidebar context, Gitea API, bootstrap                             |✅ Done     |merged                                 |
-|v1.5 cleanup                              |resolveProjectPath, BOOTSTRAP_ROOT, vitest pin                                     |✅ Done     |merged                                 |
-|v1.6 mobile                               |Drawer, single-pane, long-press, IME-safe, pull-to-refresh, swipe-close            |✅ Done     |merged                                 |
-|v1.6.1                                    |RightRail mobile wrapper fix                                                       |✅ Done     |merged                                 |
-|Tool-loop bump                            |MAX_TOOL_LOOP_DEPTH 5→15                                                           |✅ Done     |merged                                 |
-|v1.6.2                                    |Workspace + Session+Project headers + ChatTabBar new-chat + RightRail mobile drawer|🔄 In flight|`v1.6.2-mobile-ui-fixes`               |
-|**v1.8 mobile tabs**                      |**Bottom-sheet pane switcher + cross-tab `pane_status` WS sync + StatusDot on tabs**|**Next up**|`v1.8-mobile-tabs`; hand-rolled sheet  |
-|9 (REORDERED, DECOUPLED)                  |Agents (Tier 2): `AGENTS.md`, per-agent temp/tools, picker in ChatInput toolbar    |✅ Implemented, uncommitted|six builtins; on `main` awaiting commit|
-|5                                         |Fork message, delete message, header polish                                        |Planned    |                                       |
-|6                                         |Drag-drop file + paste-as-attachment                                               |Planned    |thin extension of 3.5 chips            |
-|7                                         |Settings drawer: system prompt, web search toggle, agent entry                     |Planned    |adds SettingsDrawer agent entry (Batch 9 deferred half) |
-|8                                         |Web search backend: SearXNG `web_search` + `web_fetch`                             |Planned    |                                       |
-|10                                        |BooTerm: separate container, xterm.js + node-pty + tmux                            |Planned    |                                       |
-|11 — Architect: codebase map              |codecontext sidecar + MCP tool wiring                                              |Planned    |from nmakod/codecontext                |
-|11b — Architect: repo health              |call graph, circular deps, dead code                                               |Planned    |from spirituslab/codesight             |
-|12 — Tool approval + plan/act mode        |Read-only invariant, per-tool gating                                               |Planned    |from cline                             |
-|13 — Append-only event log                |Replace messages-table semantics                                                   |Planned    |from OpenHands V1                      |
-|14 — BooCoder: pending changes            |Sandboxed edit queue, atomic apply                                                 |Post-v1.x  |from plandex                           |
-|15 — BooCoder runtime isolation           |Per-session Docker sandbox                                                         |Post-v1.x  |from OpenHands                         |
-|16 — Multi-provider LLM                   |Optional litellm-style abstraction                                                 |Optional   |from pi-ai                             |
-|17 — Workflow graphs                      |Multi-agent coordination                                                           |Far future |from microsoft/agent-framework concepts|
-
-**Old Batch 12 (codebase indexer w/ Harrier embeddings) — REMOVED.** Replaced by Batch 11/11b sidecar approach. See `boocode_code_review.md` decisions log.
-
-**Batch 9 reordered ahead of 5–8, 10.** Picker mounts in `ChatInput.tsx` toolbar only. SettingsDrawer agent entry rolled into Batch 7 when it lands. No UI dependency on Batches 5/6/7, so it can ship anytime after v1.6.2.
-
------
-
-## Batch details (planned / new)
-
-### Batch 9 — Agents (Tier 2, DECOUPLED)
-
-**Spec:** `boocode_batch9.md` with the deltas below.
-
-**Status:** Next up after v1.6.2 merges. Decoupled from Batch 7.
-
-**Deltas from `boocode_batch9.md`:**
-
-1. Builtin defaults in `agents.ts` OMIT the `model` field. Resolution order makes `session.model` win when `agent.model` is null. Spec line 30 example is misleading — do not hardcode any model in builtins.
-2. Builtin defaults are the six agents shipped in `/opt/boocode/AGENTS.md`: **Code Reviewer, Debugger, Refactorer, Architect, Security Auditor, Prompt Builder.** If project root `AGENTS.md` exists, only its agents show. If absent, show the six builtins.
-3. AgentPicker mounts in `ChatInput.tsx` toolbar between ModelPicker and the `+` button. **No `SettingsDrawer.tsx` or `Header.tsx` changes in this batch.**
-4. SettingsDrawer agent entry + Header active-agent badge moved to Batch 7.
-
-**Files to create:**
-
-- `apps/server/src/services/agents.ts` — parser, six builtin defaults, mtime-keyed cache.
-- `apps/server/src/routes/agents.ts` — `GET /api/projects/:id/agents`.
-- `apps/web/src/components/AgentPicker.tsx` — dropdown, matches ModelPicker pattern.
-
-**Files to modify:**
-
-- `apps/server/src/schema.sql` — `ALTER TABLE sessions ADD COLUMN IF NOT EXISTS agent_id TEXT;`
-- `apps/server/src/services/inference.ts` — resolution order: `effective_system_prompt`, `effective_model`, `effective_temperature`, `effective_tools` from session + agent + project. Filter tools array against agent whitelist before sending to llama-swap.
-- `apps/server/src/routes/sessions.ts` — PATCH accepts `agent_id`.
-- `apps/server/src/types/api.ts` — Agent type, extend Session with `agent_id`.
-- `apps/web/src/api/client.ts`, `apps/web/src/api/types.ts` — Agent type, `api.agents.list(projectId)`.
-- `apps/web/src/components/ChatInput.tsx` — mount AgentPicker.
-
-**Testing plan (manual, before locking temps):**
-
-- Drop `/opt/boocode/AGENTS.md` (six agents, no `model` field on any).
-- For each of the 7 keeper models, switch session model and run the same target prompt against each agent. Log tok/s, instruction-following quality.
-- Adjust per-agent temperature in `AGENTS.md` based on results.
-- A/B candidates: qwen3.6-35b-a3b-mxfp4 (daily), qwopus3.6-35b-a3b-q4 (reasoning), qwopus3.5-27b-q4, qwen3.6-27b-ud-q4-xl, nemotron-3-nano-30b, gemma-4-26b-a4b-mxfp4, qwen3-coder-30b-apex.
-
-**Dependencies:** v1.6.2 merged.
-
------
-
-### Batch 11 — Architect: codebase map (REVISED)
-
-**Inspiration / lift:** `nmakod/codecontext` (MIT, Go binary).
-
-**What it gives BooCode:** an architect-grade codebase overview without embeddings. Codecontext parses the repo with tree-sitter, extracts symbols, builds import/dependency relationships, and exposes the result via an MCP server with 8 tools. The model gets a structural map of any codebase on demand.
-
-**Why this replaces the original Batch 11 (aider PageRank port):** codecontext is a finished binary in our stack language (Go), with watch mode, incremental updates, framework detection, and git-co-change-based semantic neighborhoods (no embeddings). The aider port would be reimplementing what codecontext already ships.
-
-**Scope:**
-
-- Add `codecontext` sidecar container to `docker-compose.yml`. Mount the project root read-only. One sidecar per BooCode instance — projects are addressed by absolute path.
-- Wire each codecontext MCP tool into BooCode’s `inference/tools.ts` as a native tool the model can call:
- - `repo_overview(project_id)` → codecontext `get_codebase_overview`
- - `repo_file_analysis(project_id, path)` → `get_file_analysis`
- - `repo_symbol_info(project_id, symbol)` → `get_symbol_info`
- - `repo_search_symbols(project_id, query)` → `search_symbols`
- - `repo_dependencies(project_id, path)` → `get_dependencies`
- - `repo_semantic_neighborhoods(project_id, path)` → `get_semantic_neighborhoods` (git co-change)
- - `repo_framework_analysis(project_id)` → `get_framework_analysis`
-- `path_guard.ts` extension: incorporate `continuedev/continue` `DEFAULT_SECURITY_IGNORE_FILETYPES` so codecontext can’t surface `.env`, `.pem`, keys, etc.
-- Fallback grammars: drop `Aider-AI/aider`‘s `aider/queries/tree-sitter-*.scm` files for any language codecontext doesn’t cover. Use them via an in-process tree-sitter wrapper *only if* a project needs an unsupported language. Defer wrapper build until that’s an actual gap.
-
-**Where it goes:** new `apps/server/src/architect/` directory. No new tables — codecontext maintains its own state on disk. New env: `CODECONTEXT_URL=http://codecontext:8765` (MCP endpoint).
-
-**Decisions to make at recon time:**
-
-- Bundle the binary directly in the BooCode Dockerfile, or run codecontext as its own service? Sidecar is cleaner. Bundle is one less container.
-- How does the model discover codecontext tools — register them statically in the tools registry, or proxy MCP `tools/list` at startup?
-
-**Dependencies:** none. Can ship before Batches 5–10.
-
------
-
-### Batch 11b — Architect: repo health (NEW)
-
-**Inspiration / lift:** `spirituslab/codesight` (MIT-ish, TS/Node).
-
-**What it gives BooCode:** complement to Batch 11. Where codecontext answers “what is this codebase,” repo health answers “what’s wrong with this codebase.” Call graph, circular dependency detection, dead code flagging.
-
-**Scope:**
-
-- Port codesight’s `analyze.mjs` analyzer core into `apps/server/src/architect/repo_health.ts`. Drop the VS Code extension shell. Keep:
- - Symbol extraction (already overlaps codecontext — call codecontext where possible, only redo what’s needed for graph edges).
- - Call graph builder (function-to-function edges).
- - Circular dependency detector.
- - Dead code detector (exported symbols never imported or called).
-- New tool: `repo_health(project_id)` returning `{ circular_dependencies: [...], dead_code: [...] }`. Output respects codesight’s documented false-positive caveats (customElements.define, framework entry points, dynamic imports) — surface those in the tool description so the model doesn’t trust dead-code flags blindly.
-- Cache results in `boocode_db` keyed by `(project_id, file_hashes)`. Invalidate on file change via file-index hash check.
-
-**Decisions:**
-
-- Build it in-process (Node) vs spawn a CLI? In-process is simpler. Spawn matches codecontext sidecar pattern but adds latency.
-
-**Dependencies:** Batch 11 merged (so we can reuse codecontext’s parse output where possible). Can be deferred until after Batches 5–10.
-
------
-
-### Batch 12 — Tool approval gating + plan/act mode
-
-**Inspiration / lift:** `cline/cline` (Apache-2.0).
-
-**What it gives BooCode:** per-session control over which tools the model can call. Lays the groundwork for BooCoder by building the gating mechanism before there are any write tools to gate.
-
-**Scope:**
-
-- New column `sessions.tool_approval_mode TEXT` — values: `read_only` (v1.x default), `plan`, `act_auto`, `act_approve`.
-- New column `sessions.approved_tools JSONB` — per-session whitelist for `act_approve` mode.
-- Tool registry refactor: tools tagged `read_only` or `write`. In `read_only` mode (v1.x), write tools never appear in the model’s tools array. In `plan` mode, same — write tools hidden, model produces a plan only. `act_*` modes unlock writes (post-v1.x).
-- UI: mode picker in SettingsDrawer (Batch 7 dependency). Inline indicator in chat header.
-
-**Dependencies:** Batch 7 (SettingsDrawer).
-
------
-
-### Batch 13 — Append-only event log
-
-**Inspiration / lift:** `OpenHands/OpenHands` V1 (MIT).
-
-**What it gives BooCode:** replaces the ad-hoc `messages` table semantics with a typed event stream. Unlocks rewind, time-travel, and clean handoff semantics for multi-agent flows.
-
-**Scope:**
-
-- New `session_events` table: `(id, session_id, ts, kind, payload JSONB, parent_id)`. Event kinds: `user_message`, `assistant_message`, `tool_call`, `tool_result`, `pane_action`, `mode_change`, `system`.
-- Existing `messages` table becomes a derived view over `session_events` for backward compatibility, then deprecated over a release.
-- Inference loop emits events instead of mutating message rows.
-- Frontend `useSessionStream` reducer rewritten to consume events.
-
-**Migration is non-trivial.** Plan in a dedicated batch with explicit cutover window.
-
-**Dependencies:** Batches 5 (fork/delete) and 7 (settings) merged. Must not be in flight with other backend work.
-
------
-
-### Batch 14 — BooCoder: pending changes
-
-**Inspiration / lift:** `plandex-ai/plandex` (MIT).
-
-**What it gives BooCode:** safe write tools. Edits queue in a virtual layer; nothing touches the filesystem until explicit `/apply`.
-
-**Scope:**
-
-- New container `boocoder` at `100.114.205.53:9502`. Owns write tools (`edit_file`, `create_file`, `delete_file`, `apply_pending`, `rewind`).
-- New table `pending_changes (id, session_id, file_path, diff TEXT, status, created_at)`. Status: `pending`, `applied`, `rejected`.
-- Tools execute against the pending-changes layer, not the filesystem. `apply_pending` is the only path that touches disk. `rewind` rolls back a `pending`-id back to disk state.
-- BooCode chat container stays read-only (`/opt:/opt:ro`). BooCoder mounts `/opt/repos:/opt/repos:rw` and uses git worktree pattern from paseo for isolation.
-- Frontend: new pane kind `pending_diff` shows the queued diff inline with Approve/Reject per chunk.
-
-**Dependencies:** Batches 12 (gating) + 13 (events). Don’t start until both are live.
-
------
-
-### Batch 15 — BooCoder runtime isolation
-
-**Inspiration / lift:** `OpenHands/OpenHands` (MIT).
-
-**What it gives BooCode:** per-session Docker sandbox for BooCoder writes. Closes the `/opt:ro` mount risk identified in v1.x open items.
-
-**Scope:**
-
-- Per-session container spawned by BooCoder on first write. Container has only the project’s path mounted, not `/opt`.
-- Container lifecycle: spawn on first write call, idle-timeout after 30 min, recreate on resume.
-- Action execution server pattern: HTTP API inside the container, BooCoder calls in. Standard OpenHands runtime contract.
-
-**Dependencies:** Batch 14.
-
------
-
-### Batch 16 — Multi-provider LLM abstraction
-
-**Inspiration / lift:** `earendil-works/pi` `pi-ai` (MIT).
-
-**What it gives BooCode:** optional non-llama-swap inference paths (Anthropic, OpenAI, Mistral direct). Currently we have one provider (llama-swap) and the existing `streamCompletion` is hardcoded to OpenAI-compatible at that endpoint.
-
-**Scope:**
-
-- Provider abstraction: `interface LLMProvider { stream(req): AsyncIterator<Frame> }`.
-- Built-in: llama-swap (current), Anthropic, OpenAI (Codex-style).
-- Per-session `provider_id` column.
-
-**Status:** **Optional. Skip unless a concrete need surfaces.** llama-swap covers daily driver work.
-
------
-
-### Batch 17 — Workflow graphs
-
-**Inspiration / lift:** `microsoft/agent-framework` (MIT) — concepts only.
-
-**What it gives BooCode:** multi-agent coordination. Architect → Coder → Reviewer → Verifier handoffs orchestrated by a YAML-defined workflow.
-
-**Status:** **Far future.** Read agent-framework’s `docs/decisions/` ADRs. Don’t port code — Azure/.NET-heavy.
-
-**Dependencies:** Batches 12 (modes), 13 (events). Realistically a v2.x topic.
-
------
+| Version | Theme | Status |
+|---|---|---|
+| v1.0 | Initial scaffold, read-only tools, WS streaming | ✅ Merged |
+| v1.1-batch1 | Markdown, Copy + Regen, tok/s + ctx, AI naming | ✅ Merged |
+| v1.1-batch2 | Sidebar restructure | ✅ Merged |
+| v1.1-batch3 | Pane system, FileBrowserPane + Shiki, cross-tab | ✅ Merged |
+| v1.1-batch3.5 | Chip infra, `@file`, line-select | ✅ Merged |
+| v1.2 | Chats inside sessions, right-rail, `/compact`, archive, force-send | ✅ Merged |
+| v1.2-project-ux | Project archive, sidebar context, Gitea API, bootstrap | ✅ Merged |
+| v1.3 | Tab-close + chat-archive | ✅ Merged |
+| v1.4 | Fork message, delete message, header polish (was original Batch 5) | ✅ Merged |
+| v1.5 | resolveProjectPath, BOOTSTRAP_ROOT, vitest pin | ✅ Merged |
+| v1.5.1 | Bootstrap hotfix (git in container, SSH keypair, known_hosts) | ✅ Merged (`4a9f207`) |
+| v1.6 | Mobile pass: drawer, single-pane, long-press, IME-safe, pull-to-refresh, swipe-close | ✅ Merged |
+| v1.6.1 | RightRail mobile wrapper fix | ✅ Merged |
+| Tool-loop bump | MAX_TOOL_LOOP_DEPTH 5→15 | ✅ Merged |
+| v1.6.2 | Workspace + Session+Project headers, ChatTabBar new-chat, RightRail mobile drawer | ✅ Merged |
+| v1.7 | Drag-drop file + paste-as-attachment (was Batch 6) | ✅ Merged |
+| v1.8 | Settings drawer + `git_status` added to ALL_TOOL_NAMES (was Batch 7) | ✅ Merged |
+| v1.8.1 | WS reconnect toast tuning (silent/gray/red thresholds), pane status indicators | ✅ Merged |
+| v1.8.2 | Tool-loop fixes: read-only cap raised, "depth exceeded" error + continue, `max_tool_calls` frontmatter, `messages.metadata` | ✅ Merged |
+| **v1.x-themes** | **18 themes, settings page, dark/light/system, FOUC mitigation** | **🔄 Claude Code in flight** |
+| v1.8.3 | Tool call UI compaction: collapse-by-default, group consecutive same-tool, result preview cap | Planned (small, frontend-only) |
+| v1.9 | Settings pane (system prompt per project + session, web search toggle, `+` button) | Planned (spec locked, was on branch `v1.9-settings-pane`) |
+| v1.10 | Web search backend: SearXNG `web_search` + `web_fetch` | Planned |
+| v1.11 | Agents Tier 2: `AGENTS.md`, per-agent temp/tools whitelist, AgentPicker in ChatInput | Planned |
+| v1.12 | BooTerm: separate container, xterm.js + node-pty + tmux | Planned |
+| v1.13 | Architect: codecontext sidecar (MCP, tree-sitter, no embeddings) | Planned |
+| v1.13b | Architect: repo health (call graph, circular deps, dead code) | Planned |
+| v1.14 | Tool approval + plan/act mode (cline-style) | Planned |
+| Post-v1.x | Append-only event log (OpenHands V1) | Planned |
+| Post-v1.x | BooCoder pending-changes (plandex) | Planned |
+| Post-v1.x | BooCoder runtime isolation (per-session Docker sandbox) | Planned |
+| Optional | Multi-provider LLM abstraction (pi-ai) | Skip unless need surfaces |
+| Far future | Workflow graphs (microsoft/agent-framework concepts) | v2.x topic |
+
+## Flagged follow-ups (not in a batch yet)
+
+- Agents in `/data/AGENTS.md` don't list `git_status` in their `tools:` blocks. Out of scope until pre-BooCoder cleanup pass.
+- v1.9 dispatch had item (g): verify `useUserEvents` broadcasts `project_updated` on PATCH `/projects/:id`. Add if missing.
+- v1.8.2 follow-up: confirm `messages.metadata` migration ran clean in prod DB after deploy.
 
 ## Order of operations
 
-Two tracks. Pick one to drive next.
+1. **v1.x-themes** finishes (Claude Code in flight). Audit + smoke test. Merge.
+2. **v1.8.3** — tool call UI compaction. Small frontend batch, addresses current pain.
+3. **v1.9** — settings pane. Branch already named `v1.9-settings-pane`. Spec locked.
+4. **v1.10** — web search backend.
+5. **v1.11** — agents.
+6. **v1.12** — BooTerm.
 
-**Track A — Finish v1.x mobile + polish then agents:**
-
-- v1.6.2 ships (in flight)
-- **Batch 9 (agents)** — decoupled, can land next; no UI dependency on 5/6/7
-- Batches 5, 6, 7, 8 in order. Each is small, frontend-heavy, no architecture risk. Batch 7 absorbs SettingsDrawer agent entry.
-
-**Track B — Begin architect capabilities in parallel:**
-
-- Batch 11 (codecontext sidecar) — biggest single capability jump. Frontend stays the same; new tools appear to the model.
-- Batch 11b (repo health) — follow-up.
-- Batch 12 (gating) — sets up everything post-v1.x.
-
-Recommendation: ship v1.6.2, then **Batch 9 (agents)** next so the test bed exists before Track A continues. Then Track A through Batch 7. Batch 11 can run in parallel with Batches 8–10 since 11 has no UI dependency.
-
------
+Track B (architect, no UI dep, can run parallel anytime): v1.13 → v1.13b → v1.14.
 
 ## Architecture target state
 
-### Containers
+| Container | Port | Mount | Purpose | Status |
+|---|---|---|---|---|
+| `boocode` | `100.114.205.53:9500` | `/opt:/opt:ro` | Chat + read-only tools + SPA | Live |
+| `boocode_db` | `127.0.0.1:5500` | `boocode_pgdata` volume | Postgres 16-alpine | Live |
+| `codecontext` | `100.114.205.53:8765` (internal) | project root :ro | MCP server for architect tools | v1.13 |
+| `booterm` | `100.114.205.53:9501` | `/opt/repos:/opt/repos:rw` | Terminals (tmux + node-pty) | v1.12 |
+| `boocoder` | `100.114.205.53:9502` | per-session sandbox | Write tools | Post-v1.x |
 
-|Container    |Port                            |Mount                     |Purpose                       |Status  |
-|-------------|--------------------------------|--------------------------|------------------------------|--------|
-|`boocode`    |`100.114.205.53:9500`           |`/opt:/opt:ro`            |Chat + read-only tools + SPA  |Live    |
-|`boocode_db` |`127.0.0.1:5500`                |`boocode_pgdata` volume   |Postgres 16-alpine            |Live    |
-|`codecontext`|`100.114.205.53:8765` (internal)|project root :ro          |MCP server for architect tools|Batch 11|
-|`booterm`    |`100.114.205.53:9501`           |`/opt/repos:/opt/repos:rw`|Terminals (tmux + node-pty)   |Batch 10|
-|`boocoder`   |`100.114.205.53:9502`           |per-session sandbox       |Write tools                   |Batch 14|
+## Schema additions ahead
 
-### Schema additions
-
-**Batch 9:** `sessions.agent_id TEXT` (nullable; references AGENTS.md by slug).
-**Batch 11:** none (codecontext stateless on disk).
-**Batch 11b:** `repo_health_cache (project_id, file_hashes_sig, payload JSONB, created_at)`.
-**Batch 12:** `sessions.tool_approval_mode`, `sessions.approved_tools`.
-**Batch 13:** `session_events`; deprecate `messages` long-tail.
-**Batch 14:** `pending_changes`.
-
------
-
-## Lift sources (summary)
-
-Full inventory in `boocode_code_review.md`. Headline items:
-
-|Source                                |Used for                                |Where                |
-|--------------------------------------|----------------------------------------|---------------------|
-|nmakod/codecontext (MIT, Go)          |Architect: codebase map sidecar         |Batch 11             |
-|spirituslab/codesight (MIT-ish, TS)   |Architect: repo health analyzer         |Batch 11b            |
-|Aider-AI/aider (Apache-2.0)           |Fallback `.scm` grammars (60+ languages)|Batch 11 (fallback)  |
-|continuedev/continue (Apache-2.0)     |DEFAULT_SECURITY_IGNORE_FILETYPES       |Batch 11 prep        |
-|cline/cline (Apache-2.0)              |Plan/Act mode pattern                   |Batch 12             |
-|plandex-ai/plandex (MIT)              |Pending-changes data model              |Batch 14             |
-|OpenHands/OpenHands (MIT)             |Event log + sandbox runtime             |Batches 13, 15       |
-|aimasteracc/tree-sitter-analyzer (MIT)|Outline-first response patterns         |Reference            |
-|earendil-works/pi (MIT)               |Multi-provider LLM                      |Batch 16 (optional)  |
-|rshah515/claude-code-subagents (MIT)  |Reference for builtin agent prompts     |Batch 9 (six builtins)|
-|microsoft/agent-framework (MIT)       |Workflow concepts                       |Batch 17 (far future)|
-
------
+- v1.x-themes (current): `settings.theme_id`, `settings.theme_mode`
+- v1.9: `projects.default_system_prompt`, `projects.default_web_search_enabled`, `sessions.web_search_enabled`
+- v1.11: `sessions.agent_id`
+- v1.13b: `repo_health_cache (project_id, file_hashes_sig, payload JSONB, created_at)`
+- v1.14: `sessions.tool_approval_mode`, `sessions.approved_tools`
+- Post-v1.x: `session_events`; deprecate `messages` long-tail
+- Post-v1.x: `pending_changes`
 
 ## Decisions log
 
-- **Embeddings dropped from BooCode.** Replaced RAG with file-view tools + sidecar analyzers.
-- **Original Batch 11 (aider PageRank port) replaced** by codecontext sidecar approach.
-- **Original Batch 12 (codebase indexer w/ Harrier) removed** entirely. No embedding infrastructure in BooCode v1.x.
-- **Globstar parked** — not an architect tool, future verify-before-commit candidate only.
-- **codeprysm rejected** — embedding-based; node/edge taxonomy noted as reference if we ever build our own graph.
-- **Batch 9 decoupled from Batch 7 (2026-05-16).** AgentPicker mounts in `ChatInput.tsx` toolbar only. SettingsDrawer agent entry and Header active-agent badge moved to Batch 7. Builtin defaults shipped: six agents (Code Reviewer, Debugger, Refactorer, Architect, Security Auditor, Prompt Builder) with no `model` field — session model wins by default.
-
-## Follow-ups (post-ship docs / cleanup)
-
-- **After v1.8.2 ships:** Add explicit `max_tool_calls: 30` to all 6 agents in `/data/AGENTS.md` and `/opt/boocode/AGENTS.md`. Purely for documentation/discoverability — defaults handle behavior identically (all 6 agents use only read-only tools, default is already 30).
-
------
+- Embeddings dropped from BooCode. File-view tools + sidecar analyzers replace RAG.
+- Old Batch 11 (aider PageRank port) → replaced by codecontext sidecar (v1.13).
+- Old Batch 12 (Harrier indexer) → removed entirely.
+- Batch 9 reordered ahead of 5–8, decoupled from Batch 7 (2026-05-16). Subsequently superseded — settings pane (v1.9) and themes (v1.x-themes) jumped ahead. Agents now slated as v1.11.
+- Theme work split into its own version (v1.x-themes) rather than blocked behind v1.9 (2026-05-17). Branched off main after v1.8.2 committed.
 
 ## Workflow
 
 Each batch:
-
-1. Verify previous batch merged.
-2. Dispatch via Paseo to Claude Code at `/opt/boocode`.
-3. Claude Code recon → blocking questions → implement → hand back.
+1. Verify previous merged.
+2. Dispatch via Paseo to Claude Code at `/opt/boocode` (or OpenCode for smaller batches).
+3. Recon → blocking questions → implement → hand back.
 4. Compliance review in separate Claude chat.
 5. Deploy: `docker compose up --build -d`.
 6. Smoke test.