From a3d3437b1d6c1f303e3081dd7e4319869b170efa Mon Sep 17 00:00:00 2001
From: Thomas Marchand <thomas.marchand@tuta.io>
Date: Sun, 4 Jan 2026 13:04:05 -0800
Subject: [PATCH] OpenCode workspace host + MCP sync + iOS fixes (#27)

* Add multi-user auth and per-user control sessions

* Add mission store abstraction and auth UX polish

* Fix unused warnings in tooling

* Fix Bugbot review issues

- Prevent username enumeration by using generic error message
- Add pagination support to InMemoryMissionStore::list_missions
- Improve config error when JWT_SECRET missing but DASHBOARD_PASSWORD set

* Trim stored username in comparison for consistency

* Fix mission cleanup to also remove orphaned tree data

* Refactor Open Agent as OpenCode workspace host

* Remove chromiumoxide and pin @types/react

* Pin idna_adapter for MSRV compatibility

* Add host-mcp bin target

* Use isolated Playwright MCP sessions

* Allow Playwright MCP as root

* Fix iOS dashboard warnings

* Add autoFocus to username field in multi-user login mode

Mirrors the iOS implementation behavior where username field is focused
when multi-user auth mode is active.

* Fix Bugbot review issues

- Add conditional ellipsis for tool descriptions (only when > 32 chars)
- Add serde(default) to JWT usr field for backward compatibility

* Fix empty user ID fallback in multi-user auth

Add effective_user_id helper that falls back to username when id is empty,
preventing session sharing and token verification issues.

* Fix parallel mission history preservation

Load existing mission history into runner before starting parallel
execution to prevent losing conversation context.

* Fix desktop stream controls layout overflow on iPad

- Add frame(maxWidth: .infinity) constraints to ensure controls stay
  within bounds on wide displays
- Add alignment: .leading to VStacks for consistent layout
- Add Spacer() to buttons row to prevent spreading
- Increase label width to 55 for consistent FPS/Quality alignment
- Add alignment: .trailing to value text frames

* Fix queued user messages not persisted to mission history

When a user message was queued (sent while another task was running),
it was not being added to the history or persisted to the database.
This caused queued messages to be lost from mission history.

Added the same persistence logic used for initial messages to the
queued message handling code path.
---
 .claude/CLAUDE.md                             |  186 ++-
 AGENTS.md                                     |  400 +++++
 Cargo.toml                                    |    7 +-
 README.md                                     |   21 +-
 dashboard/README.md                           |    2 +-
 dashboard/bun.lock                            |    2 +-
 dashboard/package.json                        |    2 +-
 dashboard/src/app/modules/page.tsx            |   90 +-
 dashboard/src/components/auth-gate.tsx        |   47 +-
 dashboard/src/lib/api.ts                      |   14 +-
 dashboard/src/lib/auth.ts                     |   14 +
 .../OpenAgentDashboard/ContentView.swift      |   67 +-
 .../Services/APIService.swift                 |   19 +-
 .../Services/DesktopStreamService.swift       |   13 +-
 .../ToolUI/ToolUIDataTableView.swift          |    2 -
 .../Views/Control/ControlView.swift           |   36 +-
 .../Views/Desktop/DesktopStreamView.swift     |   23 +-
 .../Views/Terminal/TerminalView.swift         |    4 +-
 ios_dashboard/README.md                       |    2 +
 opencode.json                                 |    7 +-
 src/agents/context.rs                         |    2 +-
 src/agents/tuning.rs                          |    2 +-
 src/api/auth.rs                               |  144 +-
 src/api/control.rs                            | 1435 +++++++++++------
 src/api/desktop_stream.rs                     |   15 +-
 src/api/fs.rs                                 |    3 +
 src/api/mcp.rs                                |   38 +-
 src/api/mission_runner.rs                     |   63 +-
 src/api/providers.rs                          |   13 +-
 src/api/routes.rs                             |  317 ++--
 src/api/types.rs                              |    5 +
 src/bin/host_mcp.rs                           |  277 ++++
 src/config.rs                                 |  106 +-
 src/lib.rs                                    |    1 +
 src/mcp/config.rs                             |   21 +-
 src/mcp/mod.rs                                |    2 +-
 src/mcp/registry.rs                           |  116 +-
 src/memory/embed.rs                           |    4 +
 src/opencode/mod.rs                           |   14 +-
 src/tools/browser.rs                          |    2 +
 src/tools/file_ops.rs                         |    5 -
 src/tools/github.rs                           |    9 +-
 src/tools/mission.rs                          |    6 +-
 src/tools/mod.rs                              |   51 +-
 src/tools/web.rs                              |    3 +-
 src/workspace.rs                              |  179 ++
 46 files changed, 2877 insertions(+), 914 deletions(-)
 create mode 100644 AGENTS.md
 create mode 100644 src/bin/host_mcp.rs
 create mode 100644 src/workspace.rs

diff --git a/.claude/CLAUDE.md b/.claude/CLAUDE.md
index 0485485..fa41024 100644
--- a/.claude/CLAUDE.md
+++ b/.claude/CLAUDE.md
@@ -9,8 +9,8 @@ Minimal autonomous coding agent in Rust with **full machine access** (not sandbo
 | Backend (Rust) | `src/` | HTTP API + OpenCode integration |
 | Dashboard (Next.js) | `dashboard/` | Web UI (uses **Bun**, not npm) |
 | iOS Dashboard | `ios_dashboard/` | Native iOS app (Swift/SwiftUI) |
-| MCP configs | `.open_agent/mcp/config.json` | Model Context Protocol servers |
-| Providers | `.open_agent/providers.json` | Provider configuration |
+| MCP configs | `.openagent/mcp/config.json` | Model Context Protocol servers |
+| Providers | `.openagent/providers.json` | Provider configuration |
 
 ## Commands
 
@@ -35,7 +35,7 @@ bun run build                   # Production build
 # - bun run <script> (not npm run <script>)
 
 # Deployment
-ssh root@95.216.112.253 'cd /root/open_agent && git pull && cargo build --release && cp target/release/open_agent /usr/local/bin/ && cp target/release/desktop-mcp /usr/local/bin/ && systemctl restart open_agent'
+ssh root@95.216.112.253 'cd /root/open_agent && git pull && cargo build --release && cp target/release/open_agent /usr/local/bin/ && cp target/release/desktop-mcp /usr/local/bin/ && cp target/release/host-mcp /usr/local/bin/ && systemctl restart open_agent'
 ```
 
 ## Architecture
@@ -50,23 +50,84 @@ Dashboard → Open Agent API → OpenCode Server → Anthropic API (Claude Max)
 
 ```
 src/
-├── agents/           # Agent system
-│   └── opencode.rs   # OpenCodeAgent (delegates to OpenCode server)
-├── budget/           # Cost tracking, pricing
-│   ├── benchmarks.rs # Model capability scores
-│   ├── pricing.rs    # Model pricing
-│   └── resolver.rs   # Model family auto-upgrade system
-├── memory/           # Supabase + pgvector persistence
-│   ├── supabase.rs   # Database client
-│   ├── context.rs    # ContextBuilder, SessionContext
-│   ├── retriever.rs  # Semantic search
-│   └── writer.rs     # Event recording
-├── mcp/              # MCP server registry + config
-├── opencode/         # OpenCode client
-├── tools/            # Desktop MCP tools
-├── task/             # Task types + verification
-├── config.rs         # Config + env vars
-└── api/              # HTTP routes (axum)
+├── agents/              # Agent system
+│   ├── mod.rs           # Agent trait, OrchestratorAgent trait, LeafCapability enum
+│   ├── opencode.rs      # OpenCodeAgent (delegates to OpenCode server)
+│   ├── context.rs       # AgentContext with LLM, tools, memory
+│   ├── improvements.rs  # Blocker detection, tool failure tracking, smart truncation
+│   ├── tree.rs          # AgentRef, AgentTree for hierarchy
+│   ├── tuning.rs        # TuningParams for agent behavior
+│   └── types.rs         # AgentError, AgentId, AgentResult, AgentType, Complexity
+├── api/                 # HTTP routes (axum)
+│   ├── mod.rs           # Endpoint registry
+│   ├── routes.rs        # Core handlers, AppState, serve()
+│   ├── auth.rs          # JWT authentication
+│   ├── control.rs       # Global interactive control session (SSE streaming)
+│   ├── console.rs       # WebSocket console
+│   ├── desktop_stream.rs # WebSocket desktop stream (VNC-style)
+│   ├── fs.rs            # Remote file explorer (list, upload, download, mkdir, rm)
+│   ├── mcp.rs           # MCP server management endpoints
+│   ├── mission_runner.rs # Background mission execution
+│   ├── providers.rs     # Provider/model listing
+│   ├── ssh_util.rs      # SSH utilities for remote connections
+│   └── types.rs         # Request/response types
+├── budget/              # Cost tracking, pricing, model selection
+│   ├── mod.rs           # Budget type, SharedBenchmarkRegistry, SharedModelResolver
+│   ├── benchmarks.rs    # Model capability scores from benchmarks
+│   ├── pricing.rs       # Model pricing (cents per token)
+│   ├── resolver.rs      # Model family auto-upgrade system
+│   ├── allocation.rs    # Budget allocation strategies
+│   ├── compatibility.rs # Model compatibility checks
+│   ├── learned.rs       # Self-improving model selection from task outcomes
+│   ├── budget.rs        # Budget tracking implementation
+│   └── retry.rs         # Retry strategies with backoff
+├── llm/                 # LLM client abstraction
+│   ├── mod.rs           # OpenRouterClient, ToolDefinition, FunctionDefinition
+│   ├── openrouter.rs    # OpenRouter API client
+│   └── error.rs         # LLM-specific errors
+├── mcp/                 # Model Context Protocol server registry
+│   ├── mod.rs           # McpRegistry
+│   ├── config.rs        # MCP configuration loading
+│   ├── registry.rs      # Server discovery and management
+│   └── types.rs         # MCP message types
+├── memory/              # Supabase + pgvector persistence
+│   ├── mod.rs           # MemorySystem, init_memory()
+│   ├── supabase.rs      # Database client, learned stats queries
+│   ├── context.rs       # ContextBuilder, SessionContext
+│   ├── retriever.rs     # Semantic search, run/event retrieval
+│   ├── writer.rs        # Event recording, run management
+│   ├── embed.rs         # Embedding generation
+│   └── types.rs         # Memory event types
+├── opencode/            # OpenCode client
+│   └── mod.rs           # OpenCode server communication
+├── task/                # Task types + verification
+│   ├── mod.rs           # Task exports
+│   ├── task.rs          # Task struct, TaskAnalysis
+│   ├── subtask.rs       # Subtask breakdown
+│   ├── deliverables.rs  # Expected deliverables
+│   └── verification.rs  # VerificationCriteria enum
+├── tools/               # Tool system (agent's "hands and eyes")
+│   ├── mod.rs           # Tool trait, ToolRegistry, PathResolution
+│   ├── file_ops.rs      # read_file, write_file, delete_file
+│   ├── directory.rs     # list_directory, search_files
+│   ├── index.rs         # index_files, search_file_index (performance optimization)
+│   ├── terminal.rs      # run_command (shell execution)
+│   ├── search.rs        # grep_search
+│   ├── web.rs           # web_search, fetch_url
+│   ├── git.rs           # git_status, git_diff, git_commit, git_log
+│   ├── github.rs        # github_clone, github_list_repos, github_get_file, github_search_code
+│   ├── browser.rs       # Browser automation (conditional on BROWSER_ENABLED)
+│   ├── desktop.rs       # Desktop automation via i3/Xvfb (conditional on DESKTOP_ENABLED)
+│   ├── composite.rs     # High-level workflows: analyze_codebase, deep_search, prepare_project, debug_error
+│   ├── ui.rs            # Frontend tool UI schemas (ui_optionList, ui_dataTable)
+│   ├── storage.rs       # upload_image (Supabase storage)
+│   ├── memory.rs        # search_memory, store_fact (shared memory tools)
+│   └── mission.rs       # complete_mission (agent task completion)
+├── bin/
+│   └── desktop_mcp.rs   # Standalone MCP server for desktop tools
+├── config.rs            # Config struct, environment variable loading
+├── lib.rs               # Library exports
+└── main.rs              # Server entry point
 ```
 
 ## OpenCode Configuration
@@ -83,14 +144,20 @@ OPENCODE_PERMISSIVE=true
 **Desktop Tools with OpenCode:**
 To enable desktop tools (i3, Xvfb, screenshots):
 
-1. Build the MCP server: `cargo build --release --bin desktop-mcp`
-2. Ensure `opencode.json` is in the project root with the desktop MCP config
+1. Build the MCP servers: `cargo build --release --bin desktop-mcp --bin host-mcp`
+2. Workspace `opencode.json` files are generated automatically under `workspaces/`
+   from `.openagent/mcp/config.json` (override by editing MCP configs via the UI).
 3. OpenCode will automatically load the tools from the MCP server
 
 The `opencode.json` configures MCP servers for desktop and browser automation:
 ```json
 {
   "mcp": {
+    "host": {
+      "type": "local",
+      "command": ["./target/release/host-mcp"],
+      "enabled": true
+    },
     "desktop": {
       "type": "local",
       "command": ["./target/release/desktop-mcp"],
@@ -118,16 +185,80 @@ Use Claude models via your Claude Max subscription:
 
 ## API Endpoints
 
+### Core Task Endpoints
 | Method | Path | Purpose |
 |--------|------|---------|
 | `POST` | `/api/task` | Submit task |
 | `GET` | `/api/task/{id}` | Get status |
 | `GET` | `/api/task/{id}/stream` | SSE progress |
-| `GET` | `/api/health` | Health check |
+| `POST` | `/api/task/{id}/stop` | Cancel task |
+| `GET` | `/api/tasks` | List all tasks |
+
+### Control Session (Global Interactive)
+| Method | Path | Purpose |
+|--------|------|---------|
 | `POST` | `/api/control/message` | Send message to agent |
+| `POST` | `/api/control/tool_result` | Submit tool result |
 | `GET` | `/api/control/stream` | SSE event stream |
-| `GET` | `/api/models` | List available models |
-| `GET` | `/api/providers` | List available providers |
+| `POST` | `/api/control/cancel` | Cancel current operation |
+| `GET` | `/api/control/tree` | Get state tree snapshot |
+| `GET` | `/api/control/progress` | Get progress snapshot |
+
+### Mission Management
+| Method | Path | Purpose |
+|--------|------|---------|
+| `GET` | `/api/control/missions` | List missions |
+| `POST` | `/api/control/missions` | Create mission |
+| `GET` | `/api/control/missions/current` | Get current mission |
+| `GET` | `/api/control/missions/{id}` | Get mission details |
+| `POST` | `/api/control/missions/{id}/load` | Load mission |
+| `POST` | `/api/control/missions/{id}/cancel` | Cancel mission |
+| `POST` | `/api/control/missions/{id}/resume` | Resume mission |
+| `DELETE` | `/api/control/missions/{id}` | Delete mission |
+
+### Memory Endpoints
+| Method | Path | Purpose |
+|--------|------|---------|
+| `GET` | `/api/runs` | List archived runs |
+| `GET` | `/api/runs/{id}` | Get run details |
+| `GET` | `/api/runs/{id}/events` | Get run events |
+| `GET` | `/api/memory/search` | Search memory |
+
+### File System (Remote Explorer)
+| Method | Path | Purpose |
+|--------|------|---------|
+| `GET` | `/api/fs/list` | List directory |
+| `GET` | `/api/fs/download` | Download file |
+| `POST` | `/api/fs/upload` | Upload file |
+| `POST` | `/api/fs/mkdir` | Create directory |
+| `POST` | `/api/fs/rm` | Remove file/dir |
+
+### MCP & Tools Management
+| Method | Path | Purpose |
+|--------|------|---------|
+| `GET` | `/api/mcp` | List MCP servers |
+| `POST` | `/api/mcp` | Add MCP server |
+| `DELETE` | `/api/mcp/{id}` | Remove MCP |
+| `POST` | `/api/mcp/{id}/enable` | Enable MCP |
+| `POST` | `/api/mcp/{id}/disable` | Disable MCP |
+| `GET` | `/api/tools` | List all tools |
+| `POST` | `/api/tools/{name}/toggle` | Toggle tool |
+
+### Model Management
+| Method | Path | Purpose |
+|--------|------|---------|
+| `GET` | `/api/providers` | List providers |
+| `GET` | `/api/models` | List models |
+| `POST` | `/api/models/refresh` | Refresh model data |
+| `GET` | `/api/models/families` | List model families |
+| `GET` | `/api/models/performance` | Get learned performance stats |
+
+### System
+| Method | Path | Purpose |
+|--------|------|---------|
+| `GET` | `/api/health` | Health check |
+| `GET` | `/api/stats` | System statistics |
+| `POST` | `/api/auth/login` | Authenticate |
 
 ## Environment Variables
 
@@ -152,6 +283,8 @@ Use Claude models via your Claude Max subscription:
 | `SUPABASE_URL` | - | Supabase project URL |
 | `SUPABASE_SERVICE_ROLE_KEY` | - | Service role key |
 | `OPENROUTER_API_KEY` | - | Only needed for memory embeddings |
+| `BROWSER_ENABLED` | `false` | Enable browser automation tools |
+| `DESKTOP_ENABLED` | `false` | Enable desktop automation tools |
 
 ## Secrets
 
@@ -227,6 +360,7 @@ pub fn do_thing() -> Result<T, MyError> {
 | Dashboard URL | `https://agent.thomas.md` |
 | Binary | `/usr/local/bin/open_agent` |
 | Desktop MCP | `/usr/local/bin/desktop-mcp` |
+| Host MCP | `/usr/local/bin/host-mcp` |
 | Env file | `/etc/open_agent/open_agent.env` |
 | Service | `systemctl status open_agent` |
 
@@ -241,4 +375,4 @@ pub fn do_thing() -> Result<T, MyError> {
 
 ### After Significant Changes
 - Update `.cursor/rules/` if architecture changes
-- Update `CLAUDE.md` for new env vars or commands
+- Update `AGENTS.md` (root) and `.claude/CLAUDE.md` for new env vars or commands
diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 0000000..eb896d0
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,400 @@
+# Open Agent
+
+Minimal autonomous coding agent in Rust with **full machine access** (not sandboxed).
+
+## Quick Reference
+
+| Component | Location | Purpose |
+|-----------|----------|---------|
+| Backend (Rust) | `src/` | HTTP API + OpenCode integration |
+| Dashboard (Next.js) | `dashboard/` | Web UI (uses **Bun**, not npm) |
+| iOS Dashboard | `ios_dashboard/` | Native iOS app (Swift/SwiftUI) |
+| MCP configs | `.openagent/mcp/config.json` | Model Context Protocol servers |
+| Providers | `.openagent/providers.json` | Provider configuration |
+
+## Commands
+
+```bash
+# Backend
+cargo build --release           # Build
+cargo run --release             # Run server (port 3000)
+RUST_LOG=debug cargo run        # Debug mode
+cargo test                      # Run tests
+cargo fmt                       # Format code
+cargo clippy                    # Lint
+
+# Dashboard (uses Bun, NOT npm/yarn/pnpm)
+cd dashboard
+bun install                     # Install deps (NEVER use npm install)
+bun dev                         # Dev server (port 3001)
+bun run build                   # Production build
+
+# IMPORTANT: Always use bun for dashboard, never npm
+# - bun install (not npm install)
+# - bun add <pkg> (not npm install <pkg>)
+# - bun run <script> (not npm run <script>)
+
+# Deployment
+ssh root@95.216.112.253 'cd /root/open_agent && git pull && cargo build --release && cp target/release/open_agent /usr/local/bin/ && cp target/release/desktop-mcp /usr/local/bin/ && cp target/release/host-mcp /usr/local/bin/ && systemctl restart open_agent'
+```
+
+## Architecture
+
+Open Agent uses OpenCode as its execution backend, enabling Claude Max subscription usage.
+
+```
+Dashboard → Open Agent API → OpenCode Server → Anthropic API (Claude Max)
+```
+
+### Module Map
+
+```
+src/
+├── agents/              # Agent system
+│   ├── mod.rs           # Agent trait, OrchestratorAgent trait, LeafCapability enum
+│   ├── opencode.rs      # OpenCodeAgent (delegates to OpenCode server)
+│   ├── context.rs       # AgentContext with LLM, tools, memory
+│   ├── improvements.rs  # Blocker detection, tool failure tracking, smart truncation
+│   ├── tree.rs          # AgentRef, AgentTree for hierarchy
+│   ├── tuning.rs        # TuningParams for agent behavior
+│   └── types.rs         # AgentError, AgentId, AgentResult, AgentType, Complexity
+├── api/                 # HTTP routes (axum)
+│   ├── mod.rs           # Endpoint registry
+│   ├── routes.rs        # Core handlers, AppState, serve()
+│   ├── auth.rs          # JWT authentication
+│   ├── control.rs       # Global interactive control session (SSE streaming)
+│   ├── console.rs       # WebSocket console
+│   ├── desktop_stream.rs # WebSocket desktop stream (VNC-style)
+│   ├── fs.rs            # Remote file explorer (list, upload, download, mkdir, rm)
+│   ├── mcp.rs           # MCP server management endpoints
+│   ├── mission_runner.rs # Background mission execution
+│   ├── providers.rs     # Provider/model listing
+│   ├── ssh_util.rs      # SSH utilities for remote connections
+│   └── types.rs         # Request/response types
+├── budget/              # Cost tracking, pricing, model selection
+│   ├── mod.rs           # Budget type, SharedBenchmarkRegistry, SharedModelResolver
+│   ├── benchmarks.rs    # Model capability scores from benchmarks
+│   ├── pricing.rs       # Model pricing (cents per token)
+│   ├── resolver.rs      # Model family auto-upgrade system
+│   ├── allocation.rs    # Budget allocation strategies
+│   ├── compatibility.rs # Model compatibility checks
+│   ├── learned.rs       # Self-improving model selection from task outcomes
+│   ├── budget.rs        # Budget tracking implementation
+│   └── retry.rs         # Retry strategies with backoff
+├── llm/                 # LLM client abstraction
+│   ├── mod.rs           # OpenRouterClient, ToolDefinition, FunctionDefinition
+│   ├── openrouter.rs    # OpenRouter API client
+│   └── error.rs         # LLM-specific errors
+├── mcp/                 # Model Context Protocol server registry
+│   ├── mod.rs           # McpRegistry
+│   ├── config.rs        # MCP configuration loading
+│   ├── registry.rs      # Server discovery and management
+│   └── types.rs         # MCP message types
+├── memory/              # Supabase + pgvector persistence
+│   ├── mod.rs           # MemorySystem, init_memory()
+│   ├── supabase.rs      # Database client, learned stats queries
+│   ├── context.rs       # ContextBuilder, SessionContext
+│   ├── retriever.rs     # Semantic search, run/event retrieval
+│   ├── writer.rs        # Event recording, run management
+│   ├── embed.rs         # Embedding generation
+│   └── types.rs         # Memory event types
+├── opencode/            # OpenCode client
+│   └── mod.rs           # OpenCode server communication
+├── task/                # Task types + verification
+│   ├── mod.rs           # Task exports
+│   ├── task.rs          # Task struct, TaskAnalysis
+│   ├── subtask.rs       # Subtask breakdown
+│   ├── deliverables.rs  # Expected deliverables
+│   └── verification.rs  # VerificationCriteria enum
+├── tools/               # Tool system (agent's "hands and eyes")
+│   ├── mod.rs           # Tool trait, ToolRegistry, PathResolution
+│   ├── file_ops.rs      # read_file, write_file, delete_file
+│   ├── directory.rs     # list_directory, search_files
+│   ├── index.rs         # index_files, search_file_index (performance optimization)
+│   ├── terminal.rs      # run_command (shell execution)
+│   ├── search.rs        # grep_search
+│   ├── web.rs           # web_search, fetch_url
+│   ├── git.rs           # git_status, git_diff, git_commit, git_log
+│   ├── github.rs        # github_clone, github_list_repos, github_get_file, github_search_code
+│   ├── browser.rs       # Browser automation (conditional on BROWSER_ENABLED)
+│   ├── desktop.rs       # Desktop automation via i3/Xvfb (conditional on DESKTOP_ENABLED)
+│   ├── composite.rs     # High-level workflows: analyze_codebase, deep_search, prepare_project, debug_error
+│   ├── ui.rs            # Frontend tool UI schemas (ui_optionList, ui_dataTable)
+│   ├── storage.rs       # upload_image (Supabase storage)
+│   ├── memory.rs        # search_memory, store_fact (shared memory tools)
+│   └── mission.rs       # complete_mission (agent task completion)
+├── bin/
+│   └── desktop_mcp.rs   # Standalone MCP server for desktop tools
+├── config.rs            # Config struct, environment variable loading
+├── lib.rs               # Library exports
+└── main.rs              # Server entry point
+```
+
+## OpenCode Configuration
+
+OpenCode is required for task execution. It connects to an OpenCode server that handles LLM interactions.
+
+```bash
+# Optional configuration (defaults shown)
+OPENCODE_BASE_URL=http://127.0.0.1:4096
+OPENCODE_AGENT=build
+OPENCODE_PERMISSIVE=true
+```
+
+**Desktop Tools with OpenCode:**
+To enable desktop tools (i3, Xvfb, screenshots):
+
+1. Build the MCP servers: `cargo build --release --bin desktop-mcp --bin host-mcp`
+2. Workspace `opencode.json` files are generated automatically under `workspaces/`
+   from `.openagent/mcp/config.json` (override by editing MCP configs via the UI).
+3. OpenCode will automatically load the tools from the MCP server
+
+The `opencode.json` configures MCP servers for desktop and browser automation:
+```json
+{
+  "mcp": {
+    "host": {
+      "type": "local",
+      "command": ["./target/release/host-mcp"],
+      "enabled": true
+    },
+    "desktop": {
+      "type": "local",
+      "command": ["./target/release/desktop-mcp"],
+      "enabled": true
+    },
+    "playwright": {
+      "type": "local",
+      "command": ["npx", "@playwright/mcp@latest", "--isolated", "--no-sandbox"],
+      "enabled": true
+    }
+  }
+}
+```
+
+Use `--isolated` for Playwright so multiple sessions can run in parallel without profile conflicts, and `--no-sandbox` when running as root.
+
+**Available MCP Tools:**
+- **Desktop tools** (i3/Xvfb): `desktop_start_session`, `desktop_screenshot`, `desktop_click`, `desktop_type`, `desktop_i3_command`, etc.
+- **Playwright tools**: `browser_navigate`, `browser_snapshot`, `browser_click`, `browser_type`, `browser_screenshot`, etc.
+
+## Model Preferences
+
+Use Claude models via your Claude Max subscription:
+- `claude-opus-4-5-20251101` - Most capable, recommended
+- `claude-sonnet-4-20250514` - Good balance of speed/capability (default)
+- `claude-3-5-haiku-20241022` - Fastest, most economical
+
+## API Endpoints
+
+### Core Task Endpoints
+| Method | Path | Purpose |
+|--------|------|---------|
+| `POST` | `/api/task` | Submit task |
+| `GET` | `/api/task/{id}` | Get status |
+| `GET` | `/api/task/{id}/stream` | SSE progress |
+| `POST` | `/api/task/{id}/stop` | Cancel task |
+| `GET` | `/api/tasks` | List all tasks |
+
+### Control Session (Global Interactive)
+| Method | Path | Purpose |
+|--------|------|---------|
+| `POST` | `/api/control/message` | Send message to agent |
+| `POST` | `/api/control/tool_result` | Submit tool result |
+| `GET` | `/api/control/stream` | SSE event stream |
+| `POST` | `/api/control/cancel` | Cancel current operation |
+| `GET` | `/api/control/tree` | Get state tree snapshot |
+| `GET` | `/api/control/progress` | Get progress snapshot |
+
+### Mission Management
+| Method | Path | Purpose |
+|--------|------|---------|
+| `GET` | `/api/control/missions` | List missions |
+| `POST` | `/api/control/missions` | Create mission |
+| `GET` | `/api/control/missions/current` | Get current mission |
+| `GET` | `/api/control/missions/{id}` | Get mission details |
+| `GET` | `/api/control/missions/{id}/tree` | Get mission tree |
+| `POST` | `/api/control/missions/{id}/load` | Load mission |
+| `POST` | `/api/control/missions/{id}/status` | Set mission status |
+| `POST` | `/api/control/missions/{id}/cancel` | Cancel mission |
+| `POST` | `/api/control/missions/{id}/resume` | Resume mission |
+| `POST` | `/api/control/missions/{id}/parallel` | Start parallel execution |
+| `DELETE` | `/api/control/missions/{id}` | Delete mission |
+| `POST` | `/api/control/missions/cleanup` | Cleanup empty missions |
+| `GET` | `/api/control/running` | List running missions |
+| `GET` | `/api/control/parallel/config` | Get parallel config |
+
+### Memory Endpoints
+| Method | Path | Purpose |
+|--------|------|---------|
+| `GET` | `/api/runs` | List archived runs |
+| `GET` | `/api/runs/{id}` | Get run details |
+| `GET` | `/api/runs/{id}/events` | Get run events |
+| `GET` | `/api/runs/{id}/tasks` | Get run tasks |
+| `GET` | `/api/memory/search` | Search memory |
+
+### File System (Remote Explorer)
+| Method | Path | Purpose |
+|--------|------|---------|
+| `GET` | `/api/fs/list` | List directory |
+| `GET` | `/api/fs/download` | Download file |
+| `POST` | `/api/fs/upload` | Upload file |
+| `POST` | `/api/fs/upload-chunk` | Chunked upload |
+| `POST` | `/api/fs/upload-finalize` | Finalize upload |
+| `POST` | `/api/fs/download-url` | Download from URL |
+| `POST` | `/api/fs/mkdir` | Create directory |
+| `POST` | `/api/fs/rm` | Remove file/dir |
+
+### MCP Management
+| Method | Path | Purpose |
+|--------|------|---------|
+| `GET` | `/api/mcp` | List MCP servers |
+| `POST` | `/api/mcp` | Add MCP server |
+| `POST` | `/api/mcp/refresh` | Refresh all MCPs |
+| `GET` | `/api/mcp/{id}` | Get MCP details |
+| `DELETE` | `/api/mcp/{id}` | Remove MCP |
+| `POST` | `/api/mcp/{id}/enable` | Enable MCP |
+| `POST` | `/api/mcp/{id}/disable` | Disable MCP |
+| `POST` | `/api/mcp/{id}/refresh` | Refresh MCP |
+| `GET` | `/api/tools` | List all tools |
+| `POST` | `/api/tools/{name}/toggle` | Toggle tool |
+
+### Model Management
+| Method | Path | Purpose |
+|--------|------|---------|
+| `GET` | `/api/providers` | List providers |
+| `GET` | `/api/models` | List models |
+| `POST` | `/api/models/refresh` | Refresh model data |
+| `GET` | `/api/models/families` | List model families |
+| `GET` | `/api/models/performance` | Get learned performance stats |
+
+### System
+| Method | Path | Purpose |
+|--------|------|---------|
+| `GET` | `/api/health` | Health check |
+| `GET` | `/api/stats` | System statistics |
+| `POST` | `/api/auth/login` | Authenticate |
+| `GET` | `/api/console/ws` | WebSocket console |
+| `GET` | `/api/desktop/stream` | WebSocket desktop stream |
+
+## Environment Variables
+
+### Production Auth
+| Variable | Description |
+|----------|-------------|
+| `DEV_MODE` | `true` bypasses auth |
+| `DASHBOARD_PASSWORD` | Password for dashboard login |
+| `JWT_SECRET` | HMAC secret for JWT signing |
+
+### Optional
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `DEFAULT_MODEL` | `claude-sonnet-4-20250514` | Default LLM model |
+| `OPENCODE_BASE_URL` | `http://127.0.0.1:4096` | OpenCode server URL |
+| `OPENCODE_AGENT` | - | OpenCode agent name |
+| `OPENCODE_PERMISSIVE` | `true` | Auto-allow OpenCode permissions |
+| `WORKING_DIR` | `/root` (prod), `.` (dev) | Working directory |
+| `HOST` | `127.0.0.1` | Bind address |
+| `PORT` | `3000` | Server port |
+| `MAX_ITERATIONS` | `50` | Max agent loop iterations |
+| `SUPABASE_URL` | - | Supabase project URL |
+| `SUPABASE_SERVICE_ROLE_KEY` | - | Service role key |
+| `OPENROUTER_API_KEY` | - | Only needed for memory embeddings |
+| `BROWSER_ENABLED` | `false` | Enable browser automation tools |
+| `DESKTOP_ENABLED` | `false` | Enable desktop automation tools |
+
+## Secrets
+
+Use `secrets.json` (gitignored) for local development. Template: `secrets.json.example`
+
+```bash
+# Read secrets
+jq -r '.openrouter.api_key' secrets.json
+```
+
+**Rules:**
+- Never paste secret values into code, comments, or docs
+- Read secrets from environment variables at runtime
+
+## Code Conventions
+
+### Rust - Provability-First Design
+
+Code should be written as if we want to **formally prove it correct later**. This means:
+
+1. **Never panic** - always return `Result<T, E>`
+2. **Exhaustive matches** - no `_` catch-all patterns in enums (forces handling new variants)
+3. **Document invariants** as `/// Precondition:` and `/// Postcondition:` comments
+4. **Pure functions** - separate pure logic from IO where possible
+5. **Algebraic types** - prefer enums with exhaustive matching over stringly-typed data
+6. Costs are in **cents (u64)** - never use floats for money
+
+```rust
+// Use thiserror for error types
+#[derive(Debug, Error)]
+pub enum MyError {
+    #[error("description: {0}")]
+    Variant(String),
+}
+
+// Propagate with ?
+pub fn do_thing() -> Result<T, MyError> {
+    let x = fallible_op()?;
+    Ok(x)
+}
+```
+
+### Adding a New Tool
+
+1. Add to `src/tools/` (new file or extend existing)
+2. Implement `Tool` trait: `name()`, `description()`, `parameters_schema()`, `execute()`
+3. Register in `src/tools/mod.rs` → `ToolRegistry::with_options()`
+4. Tool parameters use serde_json schema format
+5. Document pre/postconditions for provability
+
+### Dashboard (Next.js + Bun)
+- Package manager: **Bun** (not npm/yarn/pnpm)
+- Icons: **Lucide React** (`lucide-react`)
+- API base: `process.env.NEXT_PUBLIC_API_URL ?? 'http://127.0.0.1:3000'`
+- Auth: JWT stored in `sessionStorage`
+
+### Design System - "Quiet Luxury + Liquid Glass"
+- **Dark-first** aesthetic (dark mode is default)
+- No pure black - use deep charcoal (#121214)
+- Elevation via color, not shadows
+- Use `white/[opacity]` for text (e.g., `text-white/80`)
+- Accent color: indigo-500 (#6366F1)
+- Borders: very subtle (0.06-0.08 opacity)
+- No bounce animations, use `ease-out`
+
+## Production
+
+| Property | Value |
+|----------|-------|
+| Host | `95.216.112.253` |
+| SSH | `ssh -i ~/.ssh/cursor root@95.216.112.253` |
+| Backend URL | `https://agent-backend.thomas.md` |
+| Dashboard URL | `https://agent.thomas.md` |
+| Binary | `/usr/local/bin/open_agent` |
+| Desktop MCP | `/usr/local/bin/desktop-mcp` |
+| Host MCP | `/usr/local/bin/host-mcp` |
+| Env file | `/etc/open_agent/open_agent.env` |
+| Service | `systemctl status open_agent` |
+
+**SSH Key:** Use `~/.ssh/cursor` key for production server access.
+
+## Adding New Components
+
+### New API Endpoint
+1. Add handler in `src/api/`
+2. Register route in `src/api/routes.rs`
+3. Update this doc
+
+### New Tool
+1. Implement `Tool` trait in `src/tools/`
+2. Register in `ToolRegistry::with_options()` in `src/tools/mod.rs`
+3. Update this doc
+
+### After Significant Changes
+- Update `.cursor/rules/` if architecture changes
+- Update `AGENTS.md` and `.claude/CLAUDE.md` for new env vars or commands
diff --git a/Cargo.toml b/Cargo.toml
index 6574b23..546a022 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -53,7 +53,8 @@ base64 = "0.22"
 bytes = "1"
 portable-pty = "0.9"
 tokio-util = { version = "0.7", features = ["io"] }
-chromiumoxide = { version = "0.8.0", features = ["tokio-runtime"] }
+# Keep MSRV-compatible idna_adapter for the production builder (rustc 1.75).
+idna_adapter = "=1.1.0"
 
 [[bin]]
 name = "open_agent"
@@ -63,5 +64,9 @@ path = "src/main.rs"
 name = "desktop-mcp"
 path = "src/bin/desktop_mcp.rs"
 
+[[bin]]
+name = "host-mcp"
+path = "src/bin/host_mcp.rs"
+
 [dev-dependencies]
 tokio-test = "0.4"
diff --git a/README.md b/README.md
index b7cbc21..5f7a0db 100644
--- a/README.md
+++ b/README.md
@@ -45,13 +45,12 @@ cargo run --release
 
 The server starts on `http://127.0.0.1:3000` by default.
 
-### OpenCode Backend (External Agent)
+### OpenCode Backend (Required)
 
-Open Agent can delegate execution to an OpenCode server instead of using its built-in agent loop.
+Open Agent delegates execution to an OpenCode server. OpenCode must be running and reachable.
 
 ```bash
 # Point to a running OpenCode server
-export AGENT_BACKEND="opencode"
 export OPENCODE_BASE_URL="http://127.0.0.1:4096"
 
 # Optional: choose OpenCode agent (build/plan/etc)
@@ -142,6 +141,20 @@ curl http://localhost:3000/api/health
 | `HOST` | `127.0.0.1` | Server bind address |
 | `PORT` | `3000` | Server port |
 | `MAX_ITERATIONS` | `50` | Max agent loop iterations |
+| `OPEN_AGENT_USERS` | (optional) | JSON array of multi-user accounts (enables multi-user auth) |
+| `DASHBOARD_PASSWORD` | (optional) | Single-tenant dashboard password (legacy auth) |
+| `JWT_SECRET` | (required for auth) | HMAC secret for JWT signing |
+
+### Multi-user Auth
+
+Provide `OPEN_AGENT_USERS` to enable multi-user login:
+
+```bash
+export JWT_SECRET="your-secret"
+export OPEN_AGENT_USERS='[{"id":"alice","username":"alice","password":"..."}]'
+```
+
+When multi-user auth is enabled, the memory system is disabled to avoid cross-user leakage.
 
 ## Architecture
 
@@ -204,7 +217,7 @@ export OPENROUTER_API_KEY="sk-or-v1-..."
 cargo run --release --bin calibrate -- --workspace ./.open_agent_calibration --model openai/gpt-4.1-mini --write-tuning
 ```
 
-This writes a tuning file at `./.open_agent_calibration/.open_agent/tuning.json`. Move/copy it to your real workspace as `./.open_agent/tuning.json` to enable it.
+This writes a tuning file at `./.open_agent_calibration/.openagent/tuning.json`. Move/copy it to your real workspace as `./.openagent/tuning.json` to enable it.
 
 ## License
 
diff --git a/dashboard/README.md b/dashboard/README.md
index 4ef2418..b686ed5 100644
--- a/dashboard/README.md
+++ b/dashboard/README.md
@@ -20,4 +20,4 @@ Configure the backend URL via:
 
 ## Auth
 
-If the backend reports `auth_required=true` from `GET /api/health`, the dashboard will prompt for a password and store a JWT in `sessionStorage`.
+If the backend reports `auth_required=true` from `GET /api/health`, the dashboard will prompt for credentials and store a JWT in `sessionStorage`. In multi-user mode (`auth_mode=multi_user`), it asks for username + password.
diff --git a/dashboard/bun.lock b/dashboard/bun.lock
index a3648a7..7378a56 100644
--- a/dashboard/bun.lock
+++ b/dashboard/bun.lock
@@ -26,7 +26,7 @@
       "devDependencies": {
         "@tailwindcss/postcss": "^4",
         "@types/node": "^20",
-        "@types/react": "^19",
+        "@types/react": "19.2.7",
         "@types/react-dom": "^19",
         "eslint": "^9",
         "eslint-config-next": "16.0.10",
diff --git a/dashboard/package.json b/dashboard/package.json
index eae7770..0770fd1 100644
--- a/dashboard/package.json
+++ b/dashboard/package.json
@@ -31,7 +31,7 @@
   "devDependencies": {
     "@tailwindcss/postcss": "^4",
     "@types/node": "^20",
-    "@types/react": "^19",
+    "@types/react": "19.2.7",
     "@types/react-dom": "^19",
     "eslint": "^9",
     "eslint-config-next": "16.0.10",
diff --git a/dashboard/src/app/modules/page.tsx b/dashboard/src/app/modules/page.tsx
index ea6c1f0..6fd85ee 100644
--- a/dashboard/src/app/modules/page.tsx
+++ b/dashboard/src/app/modules/page.tsx
@@ -12,7 +12,6 @@ import {
   disableMcp,
   refreshMcp,
   refreshAllMcps,
-  toggleTool,
   type McpServerState,
   type McpStatus,
   type ToolInfo,
@@ -31,7 +30,6 @@ import {
   Power,
   ChevronLeft,
   Plug,
-  Wrench,
   Settings,
   Search,
 } from "lucide-react";
@@ -684,60 +682,25 @@ function ConfigureMcpModal({
   );
 }
 
-function ToolsTab({
-  tools,
-  onToggle,
-}: {
-  tools: ToolInfo[];
-  onToggle: (name: string, enabled: boolean) => void;
-}) {
-  const builtinTools = tools.filter((t) => t.source === "builtin");
+function ToolsTab({ tools }: { tools: ToolInfo[] }) {
   const mcpTools = tools.filter(
     (t) => typeof t.source === "object" && "mcp" in t.source
   );
 
   return (
     <div className="space-y-6">
-      {/* Built-in tools */}
-      <div>
-        <h3 className="mb-3 text-sm font-medium text-white">
-          Built-in Tools ({builtinTools.length})
-        </h3>
-        <div className="grid gap-3 sm:grid-cols-2 lg:grid-cols-3">
-          {builtinTools.map((tool) => (
-            <div
-              key={tool.name}
-              className="flex items-center justify-between rounded-xl bg-white/[0.02] border border-white/[0.04] hover:bg-white/[0.04] hover:border-white/[0.08] p-4 transition-colors"
-            >
-              <div className="flex items-center gap-3">
-                <div className="flex h-9 w-9 items-center justify-center rounded-lg bg-white/[0.04]">
-                  <Wrench className="h-4 w-4 text-white/40" />
-                </div>
-                <div className="min-w-0">
-                  <p className="text-sm font-medium text-white">{tool.name}</p>
-                  <p
-                    className="truncate text-xs text-white/40 max-w-[150px]"
-                    title={tool.description}
-                  >
-                    {tool.description.slice(0, 35)}...
-                  </p>
-                </div>
-              </div>
-              <Toggle
-                checked={tool.enabled}
-                onChange={() => onToggle(tool.name, !tool.enabled)}
-              />
-            </div>
-          ))}
-        </div>
+      <div className="rounded-xl border border-white/[0.06] bg-white/[0.02] p-4 text-sm text-white/60">
+        Tools are provided by MCP servers and surfaced to OpenCode. Enable or
+        disable an MCP in the Installed tab to control availability.
       </div>
 
-      {/* MCP tools */}
-      {mcpTools.length > 0 && (
-        <div>
-          <h3 className="mb-3 text-sm font-medium text-white">
-            MCP Tools ({mcpTools.length})
-          </h3>
+      <div>
+        <h3 className="mb-3 text-sm font-medium text-white">
+          MCP Tools ({mcpTools.length})
+        </h3>
+        {mcpTools.length === 0 ? (
+          <p className="text-sm text-white/40">No MCP tools discovered yet.</p>
+        ) : (
           <div className="grid gap-3 sm:grid-cols-2 lg:grid-cols-3">
             {mcpTools.map((tool) => (
               <div
@@ -756,19 +719,23 @@ function ToolsTab({
                       from{" "}
                       {typeof tool.source === "object" && "mcp" in tool.source
                         ? tool.source.mcp.name
-                        : "builtin"}
+                        : "unknown"}
+                    </p>
+                    <p
+                      className="truncate text-[11px] text-white/30 max-w-[150px]"
+                      title={tool.description}
+                    >
+                      {tool.description.length > 32
+                        ? `${tool.description.slice(0, 32)}...`
+                        : tool.description}
                     </p>
                   </div>
                 </div>
-                <Toggle
-                  checked={tool.enabled}
-                  onChange={() => onToggle(tool.name, !tool.enabled)}
-                />
               </div>
             ))}
           </div>
-        </div>
-      )}
+        )}
+      </div>
     </div>
   );
 }
@@ -911,17 +878,6 @@ export default function ModulesPage() {
     }
   };
 
-  const handleToggleTool = async (name: string, enabled: boolean) => {
-    try {
-      await toggleTool(name, enabled);
-      toast.success(`${enabled ? "Enabled" : "Disabled"} ${name}`);
-      await fetchData();
-    } catch (error) {
-      console.error("Failed to toggle tool:", error);
-      toast.error(`Failed to toggle ${name}`);
-    }
-  };
-
   const handleRefreshAll = async () => {
     setRefreshing(true);
     try {
@@ -1050,7 +1006,7 @@ export default function ModulesPage() {
           </div>
         )
       ) : (
-        <ToolsTab tools={filteredTools} onToggle={handleToggleTool} />
+        <ToolsTab tools={filteredTools} />
       )}
 
       {/* Detail panel (overlay) */}
diff --git a/dashboard/src/components/auth-gate.tsx b/dashboard/src/components/auth-gate.tsx
index 6e92058..7091979 100644
--- a/dashboard/src/components/auth-gate.tsx
+++ b/dashboard/src/components/auth-gate.tsx
@@ -2,13 +2,15 @@
 
 import { useEffect, useMemo, useState } from 'react';
 import { login, getHealth } from '@/lib/api';
-import { clearJwt, getValidJwt, setJwt, signalAuthSuccess } from '@/lib/auth';
+import { clearJwt, getStoredUsername, getValidJwt, setJwt, setStoredUsername, signalAuthSuccess } from '@/lib/auth';
 import { Lock } from 'lucide-react';
 
 export function AuthGate({ children }: { children: React.ReactNode }) {
   const [ready, setReady] = useState(false);
   const [authRequired, setAuthRequired] = useState(false);
   const [isAuthed, setIsAuthed] = useState(true);
+  const [authMode, setAuthMode] = useState<'disabled' | 'single_tenant' | 'multi_user'>('single_tenant');
+  const [username, setUsername] = useState(getStoredUsername() ?? '');
   const [password, setPassword] = useState('');
   const [error, setError] = useState<string | null>(null);
   const [isSubmitting, setIsSubmitting] = useState(false);
@@ -23,6 +25,9 @@ export function AuthGate({ children }: { children: React.ReactNode }) {
         if (!mounted) return;
 
         setAuthRequired(Boolean(health.auth_required));
+        if (health.auth_mode) {
+          setAuthMode(health.auth_mode);
+        }
         if (!health.auth_required) {
           setIsAuthed(true);
         } else {
@@ -54,16 +59,27 @@ export function AuthGate({ children }: { children: React.ReactNode }) {
 
   const onSubmit = async (e: React.FormEvent) => {
     e.preventDefault();
+    if (authMode === 'multi_user' && !username.trim()) {
+      setError('Username is required');
+      return;
+    }
     setIsSubmitting(true);
     setError(null);
     try {
-      const res = await login(password);
+      const res = await login(password, authMode === 'multi_user' ? username : undefined);
       setJwt(res.token, res.exp);
+      if (authMode === 'multi_user') {
+        setStoredUsername(username);
+      }
       setIsAuthed(true);
       setPassword('');
       signalAuthSuccess();
-    } catch {
-      setError('Invalid password');
+    } catch (err) {
+      if (err instanceof Error) {
+        setError(err.message);
+      } else {
+        setError(authMode === 'multi_user' ? 'Invalid username or password' : 'Invalid password');
+      }
     } finally {
       setIsSubmitting(false);
     }
@@ -89,19 +105,36 @@ export function AuthGate({ children }: { children: React.ReactNode }) {
               <div>
                 <h2 className="text-lg font-semibold text-white">Authenticate</h2>
                 <p className="text-xs text-white/50">
-                  Enter the dashboard password to continue
+                  {authMode === 'multi_user'
+                    ? 'Sign in with your username and password'
+                    : 'Enter the dashboard password to continue'}
                 </p>
               </div>
             </div>
 
             <form onSubmit={onSubmit} className="space-y-4">
+              {authMode === 'multi_user' && (
+                <div>
+                  <input
+                    type="text"
+                    value={username}
+                    onChange={(e) => setUsername(e.target.value)}
+                    placeholder="Username"
+                    autoCapitalize="none"
+                    autoCorrect="off"
+                    autoFocus={authMode === 'multi_user'}
+                    spellCheck={false}
+                    className="w-full rounded-lg border border-white/[0.06] bg-white/[0.02] px-4 py-3 text-sm text-white placeholder-white/30 focus:border-indigo-500/50 focus:outline-none transition-colors"
+                  />
+                </div>
+              )}
               <div>
                 <input
                   type="password"
                   value={password}
                   onChange={(e) => setPassword(e.target.value)}
                   placeholder="Password"
-                  autoFocus
+                  autoFocus={authMode !== 'multi_user'}
                   className="w-full rounded-lg border border-white/[0.06] bg-white/[0.02] px-4 py-3 text-sm text-white placeholder-white/30 focus:border-indigo-500/50 focus:outline-none transition-colors"
                 />
               </div>
@@ -114,7 +147,7 @@ export function AuthGate({ children }: { children: React.ReactNode }) {
 
               <button
                 type="submit"
-                disabled={!password || isSubmitting}
+                disabled={!password || (authMode === 'multi_user' && !username.trim()) || isSubmitting}
                 className="w-full rounded-lg bg-indigo-500 hover:bg-indigo-600 px-4 py-3 text-sm font-medium text-white transition-colors disabled:opacity-50 disabled:cursor-not-allowed"
               >
                 {isSubmitting ? 'Signing in…' : 'Sign in'}
diff --git a/dashboard/src/lib/api.ts b/dashboard/src/lib/api.ts
index 93c05ef..b334e72 100644
--- a/dashboard/src/lib/api.ts
+++ b/dashboard/src/lib/api.ts
@@ -38,6 +38,7 @@ export interface HealthResponse {
   version: string;
   dev_mode: boolean;
   auth_required: boolean;
+  auth_mode: "disabled" | "single_tenant" | "multi_user";
   max_iterations: number;
 }
 
@@ -84,13 +85,20 @@ export async function getHealth(): Promise<HealthResponse> {
   return res.json();
 }
 
-export async function login(password: string): Promise<LoginResponse> {
+export async function login(password: string, username?: string): Promise<LoginResponse> {
+  const payload: { password: string; username?: string } = { password };
+  if (username && username.trim().length > 0) {
+    payload.username = username.trim();
+  }
   const res = await fetch(apiUrl("/api/auth/login"), {
     method: "POST",
     headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ password }),
+    body: JSON.stringify(payload),
   });
-  if (!res.ok) throw new Error("Failed to login");
+  if (!res.ok) {
+    const text = await res.text().catch(() => "");
+    throw new Error(text || "Failed to login");
+  }
   return res.json();
 }
 
diff --git a/dashboard/src/lib/auth.ts b/dashboard/src/lib/auth.ts
index 9fcdfef..539b9dd 100644
--- a/dashboard/src/lib/auth.ts
+++ b/dashboard/src/lib/auth.ts
@@ -1,5 +1,6 @@
 const TOKEN_KEY = 'openagent.jwt';
 const EXP_KEY = 'openagent.jwt_exp';
+const USERNAME_KEY = 'openagent.username';
 
 export function getStoredJwt(): { token: string; exp: number } | null {
   if (typeof window === 'undefined') return null;
@@ -34,6 +35,19 @@ export function setJwt(token: string, exp: number): void {
   localStorage.setItem(EXP_KEY, String(exp));
 }
 
+export function getStoredUsername(): string | null {
+  if (typeof window === 'undefined') return null;
+  const username = localStorage.getItem(USERNAME_KEY);
+  return username && username.trim().length > 0 ? username : null;
+}
+
+export function setStoredUsername(username: string): void {
+  if (typeof window === 'undefined') return;
+  const trimmed = username.trim();
+  if (trimmed.length === 0) return;
+  localStorage.setItem(USERNAME_KEY, trimmed);
+}
+
 export function clearJwt(): void {
   if (typeof window === 'undefined') return;
   localStorage.removeItem(TOKEN_KEY);
diff --git a/ios_dashboard/OpenAgentDashboard/ContentView.swift b/ios_dashboard/OpenAgentDashboard/ContentView.swift
index e48bf6d..399547e 100644
--- a/ios_dashboard/OpenAgentDashboard/ContentView.swift
+++ b/ios_dashboard/OpenAgentDashboard/ContentView.swift
@@ -52,11 +52,13 @@ struct ContentView: View {
 struct LoginView: View {
     let onLogin: () -> Void
     
+    @State private var username = ""
     @State private var password = ""
     @State private var isLoading = false
     @State private var errorMessage: String?
     @State private var serverURL: String
     
+    @FocusState private var isUsernameFocused: Bool
     @FocusState private var isPasswordFocused: Bool
     
     private let api = APIService.shared
@@ -64,6 +66,7 @@ struct LoginView: View {
     init(onLogin: @escaping () -> Void) {
         self.onLogin = onLogin
         _serverURL = State(initialValue: APIService.shared.baseURL)
+        _username = State(initialValue: UserDefaults.standard.string(forKey: "last_username") ?? "")
     }
     
     var body: some View {
@@ -134,6 +137,28 @@ struct LoginView: View {
                                             .stroke(Theme.border, lineWidth: 1)
                                     )
                             }
+
+                            if api.authMode == .multiUser {
+                                VStack(alignment: .leading, spacing: 8) {
+                                    Text("Username")
+                                        .font(.caption.weight(.medium))
+                                        .foregroundStyle(Theme.textSecondary)
+
+                                    TextField("Enter username", text: $username)
+                                        .textFieldStyle(.plain)
+                                        .textInputAutocapitalization(.never)
+                                        .autocorrectionDisabled()
+                                        .focused($isUsernameFocused)
+                                        .padding(.horizontal, 16)
+                                        .padding(.vertical, 14)
+                                        .background(Color.white.opacity(0.05))
+                                        .clipShape(RoundedRectangle(cornerRadius: 12, style: .continuous))
+                                        .overlay(
+                                            RoundedRectangle(cornerRadius: 12, style: .continuous)
+                                                .stroke(isUsernameFocused ? Theme.accent.opacity(0.5) : Theme.border, lineWidth: 1)
+                                        )
+                                }
+                            }
                             
                             // Password field
                             VStack(alignment: .leading, spacing: 8) {
@@ -174,13 +199,27 @@ struct LoginView: View {
                                 "Sign In",
                                 icon: "arrow.right",
                                 isLoading: isLoading,
-                                isDisabled: password.isEmpty
+                                isDisabled: password.isEmpty || (api.authMode == .multiUser && username.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty)
                             ) {
                                 login()
                             }
                         }
                     }
                     .padding(.horizontal, 24)
+                    .onAppear {
+                        if api.authMode == .multiUser {
+                            isUsernameFocused = true
+                        } else {
+                            isPasswordFocused = true
+                        }
+                    }
+                    .onChange(of: api.authMode) { _, newMode in
+                        if newMode == .multiUser {
+                            isUsernameFocused = true
+                        } else {
+                            isPasswordFocused = true
+                        }
+                    }
                     
                     Spacer()
                 }
@@ -199,11 +238,33 @@ struct LoginView: View {
         
         Task {
             do {
-                let _ = try await api.login(password: password)
+                let usernameValue = api.authMode == .multiUser ? username : nil
+                let _ = try await api.login(password: password, username: usernameValue)
+                if api.authMode == .multiUser {
+                    let trimmed = username.trimmingCharacters(in: .whitespacesAndNewlines)
+                    if !trimmed.isEmpty {
+                        UserDefaults.standard.set(trimmed, forKey: "last_username")
+                    }
+                }
                 HapticService.success()
                 onLogin()
             } catch {
-                errorMessage = error.localizedDescription
+                if let apiError = error as? APIError {
+                    switch apiError {
+                    case .httpError(let code, _):
+                        if code == 401 {
+                            errorMessage = api.authMode == .multiUser ? "Invalid username or password" : "Invalid password"
+                        } else {
+                            errorMessage = apiError.errorDescription
+                        }
+                    case .unauthorized:
+                        errorMessage = api.authMode == .multiUser ? "Invalid username or password" : "Invalid password"
+                    default:
+                        errorMessage = apiError.errorDescription
+                    }
+                } else {
+                    errorMessage = error.localizedDescription
+                }
                 HapticService.error()
             }
             isLoading = false
diff --git a/ios_dashboard/OpenAgentDashboard/Services/APIService.swift b/ios_dashboard/OpenAgentDashboard/Services/APIService.swift
index eb12b21..7e76d4a 100644
--- a/ios_dashboard/OpenAgentDashboard/Services/APIService.swift
+++ b/ios_dashboard/OpenAgentDashboard/Services/APIService.swift
@@ -30,13 +30,21 @@ final class APIService {
     }
     
     var authRequired: Bool = false
+    var authMode: AuthMode = .singleTenant
+
+    enum AuthMode: String {
+        case disabled = "disabled"
+        case singleTenant = "single_tenant"
+        case multiUser = "multi_user"
+    }
     
     
     // MARK: - Authentication
     
-    func login(password: String) async throws -> Bool {
+    func login(password: String, username: String? = nil) async throws -> Bool {
         struct LoginRequest: Encodable {
             let password: String
+            let username: String?
         }
         
         struct LoginResponse: Decodable {
@@ -44,7 +52,7 @@ final class APIService {
             let exp: Int
         }
         
-        let response: LoginResponse = try await post("/api/auth/login", body: LoginRequest(password: password), authenticated: false)
+        let response: LoginResponse = try await post("/api/auth/login", body: LoginRequest(password: password, username: username), authenticated: false)
         jwtToken = response.token
         return true
     }
@@ -57,15 +65,22 @@ final class APIService {
         struct HealthResponse: Decodable {
             let status: String
             let authRequired: Bool
+            let authMode: String?
             
             enum CodingKeys: String, CodingKey {
                 case status
                 case authRequired = "auth_required"
+                case authMode = "auth_mode"
             }
         }
         
         let response: HealthResponse = try await get("/api/health", authenticated: false)
         authRequired = response.authRequired
+        if let modeRaw = response.authMode, let mode = AuthMode(rawValue: modeRaw) {
+            authMode = mode
+        } else {
+            authMode = authRequired ? .singleTenant : .disabled
+        }
         return response.status == "ok"
     }
     
diff --git a/ios_dashboard/OpenAgentDashboard/Services/DesktopStreamService.swift b/ios_dashboard/OpenAgentDashboard/Services/DesktopStreamService.swift
index b4d7729..6a5a6a0 100644
--- a/ios_dashboard/OpenAgentDashboard/Services/DesktopStreamService.swift
+++ b/ios_dashboard/OpenAgentDashboard/Services/DesktopStreamService.swift
@@ -338,10 +338,17 @@ final class DesktopStreamService: NSObject {
         guard let sample = sampleBuffer else { return }
 
         // Enqueue to layer
-        if layer.status == .failed {
-            layer.flush()
+        if #available(iOS 18.0, *) {
+            if layer.sampleBufferRenderer.status == .failed {
+                layer.sampleBufferRenderer.flush()
+            }
+            layer.sampleBufferRenderer.enqueue(sample)
+        } else {
+            if layer.status == .failed {
+                layer.flush()
+            }
+            layer.enqueue(sample)
         }
-        layer.enqueue(sample)
     }
 }
 
diff --git a/ios_dashboard/OpenAgentDashboard/Views/Components/ToolUI/ToolUIDataTableView.swift b/ios_dashboard/OpenAgentDashboard/Views/Components/ToolUI/ToolUIDataTableView.swift
index d0181d5..861c4b4 100644
--- a/ios_dashboard/OpenAgentDashboard/Views/Components/ToolUI/ToolUIDataTableView.swift
+++ b/ios_dashboard/OpenAgentDashboard/Views/Components/ToolUI/ToolUIDataTableView.swift
@@ -154,8 +154,6 @@ struct ToolUIDataTableView: View {
 }
 
 #Preview {
-    let sampleTable = ToolUIDataTable.Column(id: "model", label: "Model", width: nil)
-    
     VStack {
         // Preview would go here
         Text("Data Table Preview")
diff --git a/ios_dashboard/OpenAgentDashboard/Views/Control/ControlView.swift b/ios_dashboard/OpenAgentDashboard/Views/Control/ControlView.swift
index 5407d17..a327899 100644
--- a/ios_dashboard/OpenAgentDashboard/Views/Control/ControlView.swift
+++ b/ios_dashboard/OpenAgentDashboard/Views/Control/ControlView.swift
@@ -860,7 +860,7 @@ struct ControlView: View {
                 // Track successful (non-error) events separately from all events
                 let receivedSuccessfulEvent = OSAllocatedUnfairLock(initialState: false)
 
-                let streamCompleted = await withCheckedContinuation { continuation in
+                _ = await withCheckedContinuation { continuation in
                     let innerTask = api.streamControl { eventType, data in
                         // Only count non-error events as successful for backoff reset
                         if eventType != "error" {
@@ -1488,6 +1488,7 @@ private struct ThinkingBubble: View {
     @State private var isExpanded: Bool = true
     @State private var elapsedSeconds: Int = 0
     @State private var hasAutoCollapsed = false
+    @State private var timerTask: Task<Void, Never>?
     
     var body: some View {
         VStack(alignment: .leading, spacing: 8) {
@@ -1549,7 +1550,20 @@ private struct ThinkingBubble: View {
         .onAppear {
             startTimer()
         }
+        .onDisappear {
+            timerTask?.cancel()
+            timerTask = nil
+        }
         .onChange(of: message.thinkingDone) { _, done in
+            if done {
+                timerTask?.cancel()
+                timerTask = nil
+
+                if let startTime = message.thinkingStartTime {
+                    elapsedSeconds = Int(Date().timeIntervalSince(startTime))
+                }
+            }
+
             if done && !hasAutoCollapsed {
                 // Don't auto-collapse for extended thinking (> 30 seconds)
                 // User may want to review what the agent was thinking about
@@ -1580,6 +1594,9 @@ private struct ThinkingBubble: View {
     }
     
     private func startTimer() {
+        timerTask?.cancel()
+        timerTask = nil
+
         guard !message.thinkingDone else {
             // Calculate elapsed from start time
             if let startTime = message.thinkingStartTime {
@@ -1587,15 +1604,16 @@ private struct ThinkingBubble: View {
             }
             return
         }
-        
+
         // Update every second while thinking
-        Timer.scheduledTimer(withTimeInterval: 1.0, repeats: true) { timer in
-            if message.thinkingDone {
-                timer.invalidate()
-            } else if let startTime = message.thinkingStartTime {
-                elapsedSeconds = Int(Date().timeIntervalSince(startTime))
-            } else {
-                elapsedSeconds += 1
+        timerTask = Task { @MainActor in
+            while !Task.isCancelled {
+                if let startTime = message.thinkingStartTime {
+                    elapsedSeconds = Int(Date().timeIntervalSince(startTime))
+                } else {
+                    elapsedSeconds += 1
+                }
+                try? await Task.sleep(nanoseconds: 1_000_000_000)
             }
         }
     }
diff --git a/ios_dashboard/OpenAgentDashboard/Views/Desktop/DesktopStreamView.swift b/ios_dashboard/OpenAgentDashboard/Views/Desktop/DesktopStreamView.swift
index e9a724c..0a4be2d 100644
--- a/ios_dashboard/OpenAgentDashboard/Views/Desktop/DesktopStreamView.swift
+++ b/ios_dashboard/OpenAgentDashboard/Views/Desktop/DesktopStreamView.swift
@@ -191,7 +191,7 @@ struct DesktopStreamView: View {
     // MARK: - Controls
 
     private var controlsView: some View {
-        VStack(spacing: 16) {
+        VStack(alignment: .leading, spacing: 16) {
             // Play/Pause, PiP, and reconnect buttons
             HStack(spacing: 16) {
                 // Play/Pause
@@ -242,16 +242,19 @@ struct DesktopStreamView: View {
                     .disabled(!streamService.isConnected || !streamService.isPipReady)
                     .opacity(streamService.isConnected && streamService.isPipReady ? 1 : 0.5)
                 }
+
+                Spacer()
             }
+            .frame(maxWidth: .infinity)
 
             // Quality and FPS sliders
-            VStack(spacing: 12) {
+            VStack(alignment: .leading, spacing: 12) {
                 // FPS slider
-                HStack {
+                HStack(spacing: 8) {
                     Text("FPS")
                         .font(.caption.weight(.medium))
                         .foregroundStyle(Theme.textMuted)
-                        .frame(width: 50, alignment: .leading)
+                        .frame(width: 55, alignment: .leading)
 
                     Slider(value: Binding(
                         get: { Double(streamService.fps) },
@@ -262,15 +265,16 @@ struct DesktopStreamView: View {
                     Text("\(streamService.fps)")
                         .font(.caption.monospaced())
                         .foregroundStyle(Theme.textSecondary)
-                        .frame(width: 30)
+                        .frame(width: 30, alignment: .trailing)
                 }
+                .frame(maxWidth: .infinity)
 
                 // Quality slider
-                HStack {
+                HStack(spacing: 8) {
                     Text("Quality")
                         .font(.caption.weight(.medium))
                         .foregroundStyle(Theme.textMuted)
-                        .frame(width: 50, alignment: .leading)
+                        .frame(width: 55, alignment: .leading)
 
                     Slider(value: Binding(
                         get: { Double(streamService.quality) },
@@ -281,12 +285,15 @@ struct DesktopStreamView: View {
                     Text("\(streamService.quality)%")
                         .font(.caption.monospaced())
                         .foregroundStyle(Theme.textSecondary)
-                        .frame(width: 40)
+                        .frame(width: 40, alignment: .trailing)
                 }
+                .frame(maxWidth: .infinity)
             }
+            .frame(maxWidth: .infinity)
             .padding(.horizontal, 8)
         }
         .padding(16)
+        .frame(maxWidth: .infinity)
         .background(.ultraThinMaterial)
     }
 }
diff --git a/ios_dashboard/OpenAgentDashboard/Views/Terminal/TerminalView.swift b/ios_dashboard/OpenAgentDashboard/Views/Terminal/TerminalView.swift
index 6e48ac9..300a94c 100644
--- a/ios_dashboard/OpenAgentDashboard/Views/Terminal/TerminalView.swift
+++ b/ios_dashboard/OpenAgentDashboard/Views/Terminal/TerminalView.swift
@@ -291,7 +291,9 @@ struct TerminalView: View {
                     break
                 }
                 // Continue receiving
-                receiveMessages()
+                Task { @MainActor in
+                    receiveMessages()
+                }
                 
             case .failure(let error):
                 Task { @MainActor in
diff --git a/ios_dashboard/README.md b/ios_dashboard/README.md
index 02017dd..94dcba5 100644
--- a/ios_dashboard/README.md
+++ b/ios_dashboard/README.md
@@ -72,6 +72,8 @@ The app connects to the Open Agent backend. Configure the server URL:
 - Default: `https://agent-backend.thomas.md`
 - Can be changed in the login screen
 
+In multi-user mode, the login screen also asks for a username.
+
 ## Project Structure
 
 ```
diff --git a/opencode.json b/opencode.json
index fc8ca81..30f5a59 100644
--- a/opencode.json
+++ b/opencode.json
@@ -1,6 +1,11 @@
 {
   "$schema": "https://opencode.ai/config.json",
   "mcp": {
+    "host": {
+      "type": "local",
+      "command": ["./target/release/host-mcp"],
+      "enabled": true
+    },
     "desktop": {
       "type": "local",
       "command": ["./target/release/desktop-mcp"],
@@ -11,7 +16,7 @@
     },
     "playwright": {
       "type": "local",
-      "command": ["npx", "@playwright/mcp@latest"],
+      "command": ["npx", "@playwright/mcp@latest", "--isolated", "--no-sandbox"],
       "enabled": true
     }
   }
diff --git a/src/agents/context.rs b/src/agents/context.rs
index 6c9a8a4..9853a9a 100644
--- a/src/agents/context.rs
+++ b/src/agents/context.rs
@@ -155,7 +155,7 @@ impl AgentContext {
         Self {
             config: self.config.clone(),
             llm: Arc::clone(&self.llm),
-            tools: ToolRegistry::new(), // Fresh tools for isolation
+            tools: ToolRegistry::empty(), // No built-in tools in OpenCode-only mode
             pricing: Arc::clone(&self.pricing),
             working_dir: self.working_dir.clone(),
             max_split_depth: self.max_split_depth.saturating_sub(1),
diff --git a/src/agents/tuning.rs b/src/agents/tuning.rs
index 0655d06..d1cd2e8 100644
--- a/src/agents/tuning.rs
+++ b/src/agents/tuning.rs
@@ -20,7 +20,7 @@ impl TuningParams {
 
     /// Save tuning parameters to the working directory.
     pub async fn save_to_working_dir(&self, working_dir: &Path) -> anyhow::Result<PathBuf> {
-        let dir = working_dir.join(".open_agent");
+        let dir = working_dir.join(".openagent");
         tokio::fs::create_dir_all(&dir).await?;
         let path = dir.join("tuning.json");
         let content = serde_json::to_string_pretty(self)?;
diff --git a/src/api/auth.rs b/src/api/auth.rs
index 3e9dcdf..bed5714 100644
--- a/src/api/auth.rs
+++ b/src/api/auth.rs
@@ -21,18 +21,27 @@ use jsonwebtoken::{DecodingKey, EncodingKey, Header, Validation};
 
 use super::routes::AppState;
 use super::types::{LoginRequest, LoginResponse};
-use crate::config::Config;
+use crate::config::{AuthMode, Config, UserAccount};
 
 #[derive(Debug, serde::Serialize, serde::Deserialize)]
 struct Claims {
     /// Subject (we only need a stable sentinel)
     sub: String,
+    /// Username (for display/auditing)
+    #[serde(default)]
+    usr: String,
     /// Issued-at unix seconds
     iat: i64,
     /// Expiration unix seconds
     exp: i64,
 }
 
+#[derive(Debug, Clone)]
+pub struct AuthUser {
+    pub id: String,
+    pub username: String,
+}
+
 fn constant_time_eq(a: &str, b: &str) -> bool {
     let a_bytes = a.as_bytes();
     let b_bytes = b.as_bytes();
@@ -46,11 +55,12 @@ fn constant_time_eq(a: &str, b: &str) -> bool {
     diff == 0
 }
 
-fn issue_jwt(secret: &str, ttl_days: i64) -> anyhow::Result<(String, i64)> {
+fn issue_jwt(secret: &str, ttl_days: i64, user: &AuthUser) -> anyhow::Result<(String, i64)> {
     let now = Utc::now();
     let exp = now + Duration::days(ttl_days.max(1));
     let claims = Claims {
-        sub: "open_agent_dashboard".to_string(),
+        sub: user.id.clone(),
+        usr: user.username.clone(),
         iat: now.timestamp(),
         exp: exp.timestamp(),
     };
@@ -84,24 +94,82 @@ pub fn verify_token_for_config(token: &str, config: &Config) -> bool {
         Some(s) => s,
         None => return false,
     };
-    verify_jwt(token, secret).is_ok()
+    let Ok(claims) = verify_jwt(token, secret) else {
+        return false;
+    };
+    match config.auth.auth_mode(config.dev_mode) {
+        AuthMode::MultiUser => user_for_claims(&claims, &config.auth.users).is_some(),
+        AuthMode::SingleTenant => true,
+        AuthMode::Disabled => true,
+    }
 }
 
 pub async fn login(
     State(state): State<std::sync::Arc<AppState>>,
     Json(req): Json<LoginRequest>,
 ) -> Result<Json<LoginResponse>, (StatusCode, String)> {
-    // If dev_mode is enabled, we still allow login, but it won't be required.
-    let expected = state
-        .config
-        .auth
-        .dashboard_password
-        .as_deref()
-        .unwrap_or("");
+    let auth_mode = state.config.auth.auth_mode(state.config.dev_mode);
+    let user = match auth_mode {
+        AuthMode::MultiUser => {
+            let username = req.username.as_deref().unwrap_or("").trim();
+            if username.is_empty() {
+                return Err((StatusCode::UNAUTHORIZED, "Username required".to_string()));
+            }
+            // Find user and verify password. Use a single generic error message
+            // for both invalid username and invalid password to prevent username enumeration.
+            let account = state
+                .config
+                .auth
+                .users
+                .iter()
+                .find(|u| u.username.trim() == username);
 
-    if expected.is_empty() || !constant_time_eq(req.password.trim(), expected) {
-        return Err((StatusCode::UNAUTHORIZED, "Invalid password".to_string()));
-    }
+            let valid = match account {
+                Some(acc) => {
+                    !acc.password.trim().is_empty()
+                        && constant_time_eq(req.password.trim(), acc.password.trim())
+                }
+                None => {
+                    // Perform a dummy comparison to prevent timing attacks
+                    let _ = constant_time_eq(req.password.trim(), "dummy_password_for_timing");
+                    false
+                }
+            };
+
+            if !valid {
+                return Err((
+                    StatusCode::UNAUTHORIZED,
+                    "Invalid username or password".to_string(),
+                ));
+            }
+
+            let account = account.unwrap();
+            let effective_id = effective_user_id(account);
+
+            AuthUser {
+                id: effective_id,
+                username: account.username.clone(),
+            }
+        }
+        AuthMode::SingleTenant | AuthMode::Disabled => {
+            // If dev_mode is enabled, we still allow login, but it won't be required.
+            let expected = state
+                .config
+                .auth
+                .dashboard_password
+                .as_deref()
+                .unwrap_or("");
+
+            if expected.is_empty() || !constant_time_eq(req.password.trim(), expected) {
+                return Err((StatusCode::UNAUTHORIZED, "Invalid password".to_string()));
+            }
+
+            AuthUser {
+                id: "default".to_string(),
+                username: "default".to_string(),
+            }
+        }
+    };
 
     let secret = state.config.auth.jwt_secret.as_deref().ok_or_else(|| {
         (
@@ -110,7 +178,7 @@ pub async fn login(
         )
     })?;
 
-    let (token, exp) = issue_jwt(secret, state.config.auth.jwt_ttl_days)
+    let (token, exp) = issue_jwt(secret, state.config.auth.jwt_ttl_days, &user)
         .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
 
     Ok(Json(LoginResponse { token, exp }))
@@ -118,11 +186,15 @@ pub async fn login(
 
 pub async fn require_auth(
     State(state): State<std::sync::Arc<AppState>>,
-    req: Request<Body>,
+    mut req: Request<Body>,
     next: Next,
 ) -> Response {
     // Dev mode => no auth checks.
     if state.config.dev_mode {
+        req.extensions_mut().insert(AuthUser {
+            id: "dev".to_string(),
+            username: "dev".to_string(),
+        });
         return next.run(req).await;
     }
 
@@ -154,7 +226,45 @@ pub async fn require_auth(
     }
 
     match verify_jwt(token, secret) {
-        Ok(_claims) => next.run(req).await,
+        Ok(claims) => {
+            let user = match state.config.auth.auth_mode(state.config.dev_mode) {
+                AuthMode::MultiUser => match user_for_claims(&claims, &state.config.auth.users) {
+                    Some(u) => u,
+                    None => {
+                        return (StatusCode::UNAUTHORIZED, "Invalid user").into_response();
+                    }
+                },
+                AuthMode::SingleTenant => AuthUser {
+                    id: claims.sub,
+                    username: claims.usr,
+                },
+                AuthMode::Disabled => AuthUser {
+                    id: "default".to_string(),
+                    username: "default".to_string(),
+                },
+            };
+            req.extensions_mut().insert(user);
+            next.run(req).await
+        }
         Err(_) => (StatusCode::UNAUTHORIZED, "Invalid or expired token").into_response(),
     }
 }
+
+/// Returns the effective user ID (id if non-empty, otherwise username).
+fn effective_user_id(user: &UserAccount) -> String {
+    if user.id.is_empty() {
+        user.username.clone()
+    } else {
+        user.id.clone()
+    }
+}
+
+fn user_for_claims(claims: &Claims, users: &[UserAccount]) -> Option<AuthUser> {
+    users
+        .iter()
+        .find(|u| effective_user_id(u) == claims.sub)
+        .map(|u| AuthUser {
+            id: effective_user_id(u),
+            username: u.username.clone(),
+        })
+}
diff --git a/src/api/control.rs b/src/api/control.rs
index 62f542d..1a92160 100644
--- a/src/api/control.rs
+++ b/src/api/control.rs
@@ -11,12 +11,14 @@ use std::collections::{HashMap, VecDeque};
 use std::convert::Infallible;
 use std::sync::Arc;
 
+use async_trait::async_trait;
 use axum::{
-    extract::{Path, State},
+    extract::{Extension, Path, State},
     http::StatusCode,
     response::sse::{Event, Sse},
     Json,
 };
+use chrono::Utc;
 use futures::stream::Stream;
 use serde::{Deserialize, Serialize};
 use tokio::sync::{broadcast, mpsc, oneshot, Mutex, RwLock};
@@ -25,13 +27,15 @@ use uuid::Uuid;
 
 use crate::agents::{AgentContext, AgentRef, TerminalReason};
 use crate::budget::{Budget, ModelPricing};
-use crate::config::Config;
+use crate::config::{AuthMode, Config};
 use crate::llm::OpenRouterClient;
 use crate::mcp::McpRegistry;
 use crate::memory::{ContextBuilder, MemorySystem, MissionMessage};
 use crate::task::VerificationCriteria;
 use crate::tools::ToolRegistry;
+use crate::workspace;
 
+use super::auth::AuthUser;
 use super::routes::AppState;
 
 /// Message posted by a user to the control session.
@@ -378,6 +382,421 @@ pub struct SetMissionStatusRequest {
     pub status: MissionStatus,
 }
 
+fn now_string() -> String {
+    Utc::now().to_rfc3339()
+}
+
+#[async_trait]
+trait MissionStore: Send + Sync {
+    fn is_persistent(&self) -> bool;
+    async fn list_missions(&self, limit: usize, offset: usize) -> Result<Vec<Mission>, String>;
+    async fn get_mission(&self, id: Uuid) -> Result<Option<Mission>, String>;
+    async fn create_mission(
+        &self,
+        title: Option<&str>,
+        model_override: Option<&str>,
+    ) -> Result<Mission, String>;
+    async fn update_mission_status(&self, id: Uuid, status: MissionStatus) -> Result<(), String>;
+    async fn update_mission_history(
+        &self,
+        id: Uuid,
+        history: &[MissionHistoryEntry],
+    ) -> Result<(), String>;
+    async fn update_mission_title(&self, id: Uuid, title: &str) -> Result<(), String>;
+    async fn update_mission_tree(&self, id: Uuid, tree: &AgentTreeNode) -> Result<(), String>;
+    async fn get_mission_tree(&self, id: Uuid) -> Result<Option<AgentTreeNode>, String>;
+    async fn delete_mission(&self, id: Uuid) -> Result<bool, String>;
+    async fn delete_empty_untitled_missions_excluding(
+        &self,
+        exclude: &[Uuid],
+    ) -> Result<usize, String>;
+    async fn get_stale_active_missions(&self, stale_hours: u64) -> Result<Vec<Mission>, String>;
+    async fn insert_mission_summary(
+        &self,
+        mission_id: Uuid,
+        summary: &str,
+        key_files: &[String],
+        success: bool,
+    ) -> Result<(), String>;
+}
+
+#[derive(Clone)]
+struct InMemoryMissionStore {
+    missions: Arc<RwLock<HashMap<Uuid, Mission>>>,
+    trees: Arc<RwLock<HashMap<Uuid, AgentTreeNode>>>,
+}
+
+impl InMemoryMissionStore {
+    fn new() -> Self {
+        Self {
+            missions: Arc::new(RwLock::new(HashMap::new())),
+            trees: Arc::new(RwLock::new(HashMap::new())),
+        }
+    }
+}
+
+#[async_trait]
+impl MissionStore for InMemoryMissionStore {
+    fn is_persistent(&self) -> bool {
+        false
+    }
+
+    async fn list_missions(&self, limit: usize, offset: usize) -> Result<Vec<Mission>, String> {
+        let mut missions: Vec<Mission> = self.missions.read().await.values().cloned().collect();
+        missions.sort_by(|a, b| b.updated_at.cmp(&a.updated_at));
+        let missions = missions.into_iter().skip(offset).take(limit).collect();
+        Ok(missions)
+    }
+
+    async fn get_mission(&self, id: Uuid) -> Result<Option<Mission>, String> {
+        Ok(self.missions.read().await.get(&id).cloned())
+    }
+
+    async fn create_mission(
+        &self,
+        title: Option<&str>,
+        model_override: Option<&str>,
+    ) -> Result<Mission, String> {
+        let now = now_string();
+        let mission = Mission {
+            id: Uuid::new_v4(),
+            status: MissionStatus::Active,
+            title: title.map(|s| s.to_string()),
+            model_override: model_override.map(|s| s.to_string()),
+            history: vec![],
+            created_at: now.clone(),
+            updated_at: now,
+            interrupted_at: None,
+            resumable: false,
+        };
+        self.missions
+            .write()
+            .await
+            .insert(mission.id, mission.clone());
+        Ok(mission)
+    }
+
+    async fn update_mission_status(&self, id: Uuid, status: MissionStatus) -> Result<(), String> {
+        let mut missions = self.missions.write().await;
+        let mission = missions
+            .get_mut(&id)
+            .ok_or_else(|| format!("Mission {} not found", id))?;
+        mission.status = status;
+        let now = now_string();
+        mission.updated_at = now.clone();
+        if matches!(status, MissionStatus::Interrupted | MissionStatus::Blocked) {
+            mission.interrupted_at = Some(now);
+            mission.resumable = true;
+        } else {
+            mission.interrupted_at = None;
+            mission.resumable = false;
+        }
+        Ok(())
+    }
+
+    async fn update_mission_history(
+        &self,
+        id: Uuid,
+        history: &[MissionHistoryEntry],
+    ) -> Result<(), String> {
+        let mut missions = self.missions.write().await;
+        let mission = missions
+            .get_mut(&id)
+            .ok_or_else(|| format!("Mission {} not found", id))?;
+        mission.history = history.to_vec();
+        mission.updated_at = now_string();
+        Ok(())
+    }
+
+    async fn update_mission_title(&self, id: Uuid, title: &str) -> Result<(), String> {
+        let mut missions = self.missions.write().await;
+        let mission = missions
+            .get_mut(&id)
+            .ok_or_else(|| format!("Mission {} not found", id))?;
+        mission.title = Some(title.to_string());
+        mission.updated_at = now_string();
+        Ok(())
+    }
+
+    async fn update_mission_tree(&self, id: Uuid, tree: &AgentTreeNode) -> Result<(), String> {
+        self.trees.write().await.insert(id, tree.clone());
+        Ok(())
+    }
+
+    async fn get_mission_tree(&self, id: Uuid) -> Result<Option<AgentTreeNode>, String> {
+        Ok(self.trees.read().await.get(&id).cloned())
+    }
+
+    async fn delete_mission(&self, id: Uuid) -> Result<bool, String> {
+        let removed = self.missions.write().await.remove(&id).is_some();
+        self.trees.write().await.remove(&id);
+        Ok(removed)
+    }
+
+    async fn delete_empty_untitled_missions_excluding(
+        &self,
+        exclude: &[Uuid],
+    ) -> Result<usize, String> {
+        let mut missions = self.missions.write().await;
+
+        // Collect IDs of missions to delete
+        let to_delete: Vec<Uuid> = missions
+            .iter()
+            .filter(|(id, mission)| {
+                if exclude.contains(id) {
+                    return false;
+                }
+                let title = mission.title.clone().unwrap_or_default();
+                let title_empty = title.trim().is_empty() || title == "Untitled Mission";
+                let history_empty = mission.history.is_empty();
+                let active = mission.status == MissionStatus::Active;
+                active && history_empty && title_empty
+            })
+            .map(|(id, _)| *id)
+            .collect();
+
+        // Remove missions
+        for id in &to_delete {
+            missions.remove(id);
+        }
+        drop(missions);
+
+        // Also clean up orphaned tree data
+        let mut trees = self.trees.write().await;
+        for id in &to_delete {
+            trees.remove(id);
+        }
+
+        Ok(to_delete.len())
+    }
+
+    async fn get_stale_active_missions(&self, stale_hours: u64) -> Result<Vec<Mission>, String> {
+        if stale_hours == 0 {
+            return Ok(Vec::new());
+        }
+        let cutoff = Utc::now() - chrono::Duration::hours(stale_hours as i64);
+        let missions: Vec<Mission> = self
+            .missions
+            .read()
+            .await
+            .values()
+            .filter(|m| m.status == MissionStatus::Active)
+            .filter(|m| {
+                chrono::DateTime::parse_from_rfc3339(&m.updated_at)
+                    .map(|t| t < cutoff)
+                    .unwrap_or(false)
+            })
+            .cloned()
+            .collect();
+        Ok(missions)
+    }
+
+    async fn insert_mission_summary(
+        &self,
+        _mission_id: Uuid,
+        _summary: &str,
+        _key_files: &[String],
+        _success: bool,
+    ) -> Result<(), String> {
+        Ok(())
+    }
+}
+
+#[derive(Clone)]
+struct SupabaseMissionStore {
+    memory: MemorySystem,
+}
+
+impl SupabaseMissionStore {
+    fn new(memory: MemorySystem) -> Self {
+        Self { memory }
+    }
+
+    fn mission_from_db(db_mission: crate::memory::DbMission) -> Mission {
+        let history: Vec<MissionHistoryEntry> =
+            serde_json::from_value(db_mission.history.clone()).unwrap_or_default();
+        let status = match db_mission.status.as_str() {
+            "completed" => MissionStatus::Completed,
+            "failed" => MissionStatus::Failed,
+            "interrupted" => MissionStatus::Interrupted,
+            "blocked" => MissionStatus::Blocked,
+            "not_feasible" => MissionStatus::NotFeasible,
+            _ => MissionStatus::Active,
+        };
+        Mission {
+            id: db_mission.id,
+            status,
+            title: db_mission.title,
+            model_override: db_mission.model_override,
+            history,
+            created_at: db_mission.created_at.clone(),
+            updated_at: db_mission.updated_at.clone(),
+            interrupted_at: if matches!(status, MissionStatus::Interrupted | MissionStatus::Blocked)
+            {
+                Some(db_mission.updated_at)
+            } else {
+                None
+            },
+            resumable: matches!(status, MissionStatus::Interrupted | MissionStatus::Blocked),
+        }
+    }
+}
+
+#[async_trait]
+impl MissionStore for SupabaseMissionStore {
+    fn is_persistent(&self) -> bool {
+        true
+    }
+
+    async fn list_missions(&self, limit: usize, offset: usize) -> Result<Vec<Mission>, String> {
+        let missions = self
+            .memory
+            .supabase
+            .list_missions(limit, offset)
+            .await
+            .map_err(|e| e.to_string())?;
+        Ok(missions
+            .into_iter()
+            .map(SupabaseMissionStore::mission_from_db)
+            .collect())
+    }
+
+    async fn get_mission(&self, id: Uuid) -> Result<Option<Mission>, String> {
+        let mission = self
+            .memory
+            .supabase
+            .get_mission(id)
+            .await
+            .map_err(|e| e.to_string())?;
+        Ok(mission.map(SupabaseMissionStore::mission_from_db))
+    }
+
+    async fn create_mission(
+        &self,
+        title: Option<&str>,
+        model_override: Option<&str>,
+    ) -> Result<Mission, String> {
+        let mission = self
+            .memory
+            .supabase
+            .create_mission(title, model_override)
+            .await
+            .map_err(|e| e.to_string())?;
+        Ok(SupabaseMissionStore::mission_from_db(mission))
+    }
+
+    async fn update_mission_status(&self, id: Uuid, status: MissionStatus) -> Result<(), String> {
+        self.memory
+            .supabase
+            .update_mission_status(id, &status.to_string())
+            .await
+            .map_err(|e| e.to_string())
+    }
+
+    async fn update_mission_history(
+        &self,
+        id: Uuid,
+        history: &[MissionHistoryEntry],
+    ) -> Result<(), String> {
+        let messages: Vec<MissionMessage> = history
+            .iter()
+            .map(|entry| MissionMessage {
+                role: entry.role.clone(),
+                content: entry.content.clone(),
+            })
+            .collect();
+        self.memory
+            .supabase
+            .update_mission_history(id, &messages)
+            .await
+            .map_err(|e| e.to_string())
+    }
+
+    async fn update_mission_title(&self, id: Uuid, title: &str) -> Result<(), String> {
+        self.memory
+            .supabase
+            .update_mission_title(id, title)
+            .await
+            .map_err(|e| e.to_string())
+    }
+
+    async fn update_mission_tree(&self, id: Uuid, tree: &AgentTreeNode) -> Result<(), String> {
+        let tree_json = serde_json::to_value(tree).map_err(|e| e.to_string())?;
+        self.memory
+            .supabase
+            .update_mission_tree(id, &tree_json)
+            .await
+            .map_err(|e| e.to_string())
+    }
+
+    async fn get_mission_tree(&self, id: Uuid) -> Result<Option<AgentTreeNode>, String> {
+        let mission = self
+            .memory
+            .supabase
+            .get_mission(id)
+            .await
+            .map_err(|e| e.to_string())?;
+        Ok(mission
+            .and_then(|m| m.final_tree)
+            .and_then(|v| serde_json::from_value(v).ok()))
+    }
+
+    async fn delete_mission(&self, id: Uuid) -> Result<bool, String> {
+        self.memory
+            .supabase
+            .delete_mission(id)
+            .await
+            .map_err(|e| e.to_string())
+    }
+
+    async fn delete_empty_untitled_missions_excluding(
+        &self,
+        exclude: &[Uuid],
+    ) -> Result<usize, String> {
+        self.memory
+            .supabase
+            .delete_empty_untitled_missions_excluding(exclude)
+            .await
+            .map_err(|e| e.to_string())
+    }
+
+    async fn get_stale_active_missions(&self, stale_hours: u64) -> Result<Vec<Mission>, String> {
+        let missions = self
+            .memory
+            .supabase
+            .get_stale_active_missions(stale_hours)
+            .await
+            .map_err(|e| e.to_string())?;
+        Ok(missions
+            .into_iter()
+            .map(SupabaseMissionStore::mission_from_db)
+            .collect())
+    }
+
+    async fn insert_mission_summary(
+        &self,
+        mission_id: Uuid,
+        summary: &str,
+        key_files: &[String],
+        success: bool,
+    ) -> Result<(), String> {
+        let embedding = self.memory.embedder.embed(summary).await.ok();
+        self.memory
+            .supabase
+            .insert_mission_summary(
+                mission_id,
+                summary,
+                key_files,
+                &[],
+                success,
+                embedding.as_deref(),
+            )
+            .await
+            .map_err(|e| e.to_string())?;
+        Ok(())
+    }
+}
+
 /// Shared tool hub used to await frontend tool results.
 #[derive(Debug)]
 pub struct FrontendToolHub {
@@ -427,6 +846,77 @@ pub struct ControlState {
     pub running_missions: Arc<RwLock<Vec<super::mission_runner::RunningMissionInfo>>>,
     /// Max parallel missions allowed
     pub max_parallel: usize,
+    /// Mission persistence (in-memory or Supabase-backed)
+    mission_store: Arc<dyn MissionStore>,
+}
+
+/// Control session manager for per-user sessions.
+#[derive(Clone)]
+pub struct ControlHub {
+    sessions: Arc<RwLock<HashMap<String, ControlState>>>,
+    config: Config,
+    root_agent: AgentRef,
+    memory: Option<MemorySystem>,
+    benchmarks: crate::budget::SharedBenchmarkRegistry,
+    resolver: crate::budget::SharedModelResolver,
+    mcp: Arc<McpRegistry>,
+}
+
+impl ControlHub {
+    pub fn new(
+        config: Config,
+        root_agent: AgentRef,
+        memory: Option<MemorySystem>,
+        benchmarks: crate::budget::SharedBenchmarkRegistry,
+        resolver: crate::budget::SharedModelResolver,
+        mcp: Arc<McpRegistry>,
+    ) -> Self {
+        Self {
+            sessions: Arc::new(RwLock::new(HashMap::new())),
+            config,
+            root_agent,
+            memory,
+            benchmarks,
+            resolver,
+            mcp,
+        }
+    }
+
+    pub async fn get_or_spawn(&self, user: &AuthUser) -> ControlState {
+        if let Some(existing) = self.sessions.read().await.get(&user.id).cloned() {
+            return existing;
+        }
+        let mut sessions = self.sessions.write().await;
+        if let Some(existing) = sessions.get(&user.id).cloned() {
+            return existing;
+        }
+        let use_in_memory = matches!(
+            self.config.auth.auth_mode(self.config.dev_mode),
+            AuthMode::MultiUser
+        ) || self.memory.is_none();
+        let mission_store: Arc<dyn MissionStore> = if use_in_memory {
+            Arc::new(InMemoryMissionStore::new())
+        } else if let Some(memory) = self.memory.clone() {
+            Arc::new(SupabaseMissionStore::new(memory))
+        } else {
+            Arc::new(InMemoryMissionStore::new())
+        };
+        let state = spawn_control_session(
+            self.config.clone(),
+            Arc::clone(&self.root_agent),
+            self.memory.clone(),
+            Arc::clone(&self.benchmarks),
+            Arc::clone(&self.resolver),
+            Arc::clone(&self.mcp),
+            mission_store,
+        );
+        sessions.insert(user.id.clone(), state.clone());
+        state
+    }
+
+    pub async fn all_sessions(&self) -> Vec<ControlState> {
+        self.sessions.read().await.values().cloned().collect()
+    }
 }
 
 /// Execution progress for showing "Subtask X of Y"
@@ -466,9 +956,14 @@ async fn set_and_emit_status(
     });
 }
 
+async fn control_for_user(state: &Arc<AppState>, user: &AuthUser) -> ControlState {
+    state.control.get_or_spawn(user).await
+}
+
 /// Enqueue a user message for the global control session.
 pub async fn post_message(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
     Json(req): Json<ControlMessageRequest>,
 ) -> Result<Json<ControlMessageResponse>, (StatusCode, String)> {
     let content = req.content.trim().to_string();
@@ -478,8 +973,8 @@ pub async fn post_message(
 
     let id = Uuid::new_v4();
     let queued = true;
-    state
-        .control
+    let control = control_for_user(&state, &user).await;
+    control
         .cmd_tx
         .send(ControlCommand::UserMessage {
             id,
@@ -500,6 +995,7 @@ pub async fn post_message(
 /// Submit a frontend tool result to resume the running agent.
 pub async fn post_tool_result(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
     Json(req): Json<ControlToolResultRequest>,
 ) -> Result<Json<serde_json::Value>, (StatusCode, String)> {
     if req.tool_call_id.trim().is_empty() {
@@ -512,8 +1008,8 @@ pub async fn post_tool_result(
         return Err((StatusCode::BAD_REQUEST, "name is required".to_string()));
     }
 
-    state
-        .control
+    let control = control_for_user(&state, &user).await;
+    control
         .cmd_tx
         .send(ControlCommand::ToolResult {
             tool_call_id: req.tool_call_id,
@@ -534,9 +1030,10 @@ pub async fn post_tool_result(
 /// Cancel the currently running control session task.
 pub async fn post_cancel(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
 ) -> Result<Json<serde_json::Value>, (StatusCode, String)> {
-    state
-        .control
+    let control = control_for_user(&state, &user).await;
+    control
         .cmd_tx
         .send(ControlCommand::Cancel)
         .await
@@ -554,102 +1051,33 @@ pub async fn post_cancel(
 /// List all missions.
 pub async fn list_missions(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
 ) -> Result<Json<Vec<Mission>>, (StatusCode, String)> {
-    let mem = state.memory.as_ref().ok_or_else(|| {
-        (
-            StatusCode::SERVICE_UNAVAILABLE,
-            "Memory not configured".to_string(),
-        )
-    })?;
-
-    let db_missions = mem
-        .supabase
+    let control = control_for_user(&state, &user).await;
+    let missions = control
+        .mission_store
         .list_missions(50, 0)
         .await
-        .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
-
-    let missions: Vec<Mission> = db_missions
-        .into_iter()
-        .map(|m| {
-            let history: Vec<MissionHistoryEntry> =
-                serde_json::from_value(m.history.clone()).unwrap_or_default();
-            let status = match m.status.as_str() {
-                "completed" => MissionStatus::Completed,
-                "failed" => MissionStatus::Failed,
-                "interrupted" => MissionStatus::Interrupted,
-                "blocked" => MissionStatus::Blocked,
-                "not_feasible" => MissionStatus::NotFeasible,
-                _ => MissionStatus::Active,
-            };
-            Mission {
-                id: m.id,
-                status,
-                title: m.title,
-                model_override: m.model_override,
-                history,
-                created_at: m.created_at.clone(),
-                updated_at: m.updated_at.clone(),
-                interrupted_at: if matches!(
-                    status,
-                    MissionStatus::Interrupted | MissionStatus::Blocked
-                ) {
-                    Some(m.updated_at)
-                } else {
-                    None
-                },
-                resumable: matches!(status, MissionStatus::Interrupted | MissionStatus::Blocked),
-            }
-        })
-        .collect();
-
+        .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e))?;
     Ok(Json(missions))
 }
 
 /// Get a specific mission.
 pub async fn get_mission(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
     Path(id): Path<Uuid>,
 ) -> Result<Json<Mission>, (StatusCode, String)> {
-    let mem = state.memory.as_ref().ok_or_else(|| {
-        (
-            StatusCode::SERVICE_UNAVAILABLE,
-            "Memory not configured".to_string(),
-        )
-    })?;
-
-    let db_mission = mem
-        .supabase
+    let control = control_for_user(&state, &user).await;
+    match control
+        .mission_store
         .get_mission(id)
         .await
-        .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?
-        .ok_or_else(|| (StatusCode::NOT_FOUND, format!("Mission {} not found", id)))?;
-
-    let history: Vec<MissionHistoryEntry> =
-        serde_json::from_value(db_mission.history.clone()).unwrap_or_default();
-    let status = match db_mission.status.as_str() {
-        "completed" => MissionStatus::Completed,
-        "failed" => MissionStatus::Failed,
-        "interrupted" => MissionStatus::Interrupted,
-        "blocked" => MissionStatus::Blocked,
-        "not_feasible" => MissionStatus::NotFeasible,
-        _ => MissionStatus::Active,
-    };
-
-    Ok(Json(Mission {
-        id: db_mission.id,
-        status,
-        title: db_mission.title,
-        model_override: db_mission.model_override,
-        history,
-        created_at: db_mission.created_at.clone(),
-        updated_at: db_mission.updated_at.clone(),
-        interrupted_at: if matches!(status, MissionStatus::Interrupted | MissionStatus::Blocked) {
-            Some(db_mission.updated_at)
-        } else {
-            None
-        },
-        resumable: matches!(status, MissionStatus::Interrupted | MissionStatus::Blocked),
-    }))
+        .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e))?
+    {
+        Some(mission) => Ok(Json(mission)),
+        None => Err((StatusCode::NOT_FOUND, format!("Mission {} not found", id))),
+    }
 }
 
 /// Create a new mission and switch to it.
@@ -662,6 +1090,7 @@ pub struct CreateMissionRequest {
 
 pub async fn create_mission(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
     body: Option<Json<CreateMissionRequest>>,
 ) -> Result<Json<Mission>, (StatusCode, String)> {
     let (tx, rx) = oneshot::channel();
@@ -670,8 +1099,8 @@ pub async fn create_mission(
         .map(|b| (b.title.clone(), b.model_override.clone()))
         .unwrap_or((None, None));
 
-    state
-        .control
+    let control = control_for_user(&state, &user).await;
+    control
         .cmd_tx
         .send(ControlCommand::CreateMission {
             title,
@@ -700,12 +1129,13 @@ pub async fn create_mission(
 /// Load/switch to a mission.
 pub async fn load_mission(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
     Path(id): Path<Uuid>,
 ) -> Result<Json<Mission>, (StatusCode, String)> {
     let (tx, rx) = oneshot::channel();
 
-    state
-        .control
+    let control = control_for_user(&state, &user).await;
+    control
         .cmd_tx
         .send(ControlCommand::LoadMission { id, respond: tx })
         .await
@@ -730,13 +1160,14 @@ pub async fn load_mission(
 /// Set mission status (completed/failed).
 pub async fn set_mission_status(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
     Path(id): Path<Uuid>,
     Json(req): Json<SetMissionStatusRequest>,
 ) -> Result<Json<serde_json::Value>, (StatusCode, String)> {
     let (tx, rx) = oneshot::channel();
 
-    state
-        .control
+    let control = control_for_user(&state, &user).await;
+    control
         .cmd_tx
         .send(ControlCommand::SetMissionStatus {
             id,
@@ -765,55 +1196,19 @@ pub async fn set_mission_status(
 /// Get the current mission (if any).
 pub async fn get_current_mission(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
 ) -> Result<Json<Option<Mission>>, (StatusCode, String)> {
-    let current_id = state.control.current_mission.read().await.clone();
+    let control = control_for_user(&state, &user).await;
+    let current_id = control.current_mission.read().await.clone();
 
     match current_id {
         Some(id) => {
-            let mem = state.memory.as_ref().ok_or_else(|| {
-                (
-                    StatusCode::SERVICE_UNAVAILABLE,
-                    "Memory not configured".to_string(),
-                )
-            })?;
-
-            let db_mission = mem
-                .supabase
+            let mission = control
+                .mission_store
                 .get_mission(id)
                 .await
-                .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
-
-            match db_mission {
-                Some(m) => {
-                    let history: Vec<MissionHistoryEntry> =
-                        serde_json::from_value(m.history.clone()).unwrap_or_default();
-                    let status = match m.status.as_str() {
-                        "completed" => MissionStatus::Completed,
-                        "failed" => MissionStatus::Failed,
-                        "interrupted" => MissionStatus::Interrupted,
-                        _ => MissionStatus::Active,
-                    };
-                    Ok(Json(Some(Mission {
-                        id: m.id,
-                        status,
-                        title: m.title,
-                        model_override: m.model_override,
-                        history,
-                        created_at: m.created_at.clone(),
-                        updated_at: m.updated_at.clone(),
-                        interrupted_at: if status == MissionStatus::Interrupted {
-                            Some(m.updated_at)
-                        } else {
-                            None
-                        },
-                        resumable: matches!(
-                            status,
-                            MissionStatus::Interrupted | MissionStatus::Blocked
-                        ),
-                    })))
-                }
-                None => Ok(Json(None)),
-            }
+                .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e))?;
+            Ok(Json(mission))
         }
         None => Ok(Json(None)),
     }
@@ -821,8 +1216,12 @@ pub async fn get_current_mission(
 
 /// Get current agent tree snapshot (for refresh resilience).
 /// Returns the last emitted tree state, or null if no tree is active.
-pub async fn get_tree(State(state): State<Arc<AppState>>) -> Json<Option<AgentTreeNode>> {
-    let tree = state.control.current_tree.read().await.clone();
+pub async fn get_tree(
+    State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
+) -> Json<Option<AgentTreeNode>> {
+    let control = control_for_user(&state, &user).await;
+    let tree = control.current_tree.read().await.clone();
     Json(tree)
 }
 
@@ -831,44 +1230,45 @@ pub async fn get_tree(State(state): State<Arc<AppState>>) -> Json<Option<AgentTr
 /// For completed missions, returns the saved final_tree from the database.
 pub async fn get_mission_tree(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
     Path(mission_id): Path<Uuid>,
 ) -> Result<Json<Option<AgentTreeNode>>, (StatusCode, String)> {
+    let control = control_for_user(&state, &user).await;
     // Check if this is the current active mission
-    let current_id = state.control.current_mission.read().await.clone();
+    let current_id = control.current_mission.read().await.clone();
     if current_id == Some(mission_id) {
         // Return live tree from memory
-        let tree = state.control.current_tree.read().await.clone();
+        let tree = control.current_tree.read().await.clone();
+        return Ok(Json(tree));
+    }
+    let tree = control
+        .mission_store
+        .get_mission_tree(mission_id)
+        .await
+        .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e))?;
+    if tree.is_some() {
         return Ok(Json(tree));
     }
 
-    // Otherwise, fetch from database
-    let mem = state.memory.as_ref().ok_or_else(|| {
-        (
-            StatusCode::SERVICE_UNAVAILABLE,
-            "Memory not configured".to_string(),
-        )
-    })?;
-
-    let db_mission = mem
-        .supabase
+    let mission_exists = control
+        .mission_store
         .get_mission(mission_id)
         .await
-        .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
-
-    match db_mission {
-        Some(m) => {
-            // Parse final_tree from JSON if it exists
-            let tree: Option<AgentTreeNode> =
-                m.final_tree.and_then(|v| serde_json::from_value(v).ok());
-            Ok(Json(tree))
-        }
-        None => Err((StatusCode::NOT_FOUND, "Mission not found".to_string())),
+        .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e))?;
+    if mission_exists.is_some() {
+        Ok(Json(None))
+    } else {
+        Err((StatusCode::NOT_FOUND, "Mission not found".to_string()))
     }
 }
 
 /// Get current execution progress (for progress indicator).
-pub async fn get_progress(State(state): State<Arc<AppState>>) -> Json<ExecutionProgress> {
-    let progress = state.control.progress.read().await.clone();
+pub async fn get_progress(
+    State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
+) -> Json<ExecutionProgress> {
+    let control = control_for_user(&state, &user).await;
+    let progress = control.progress.read().await.clone();
     Json(progress)
 }
 
@@ -877,11 +1277,12 @@ pub async fn get_progress(State(state): State<Arc<AppState>>) -> Json<ExecutionP
 /// List currently running missions.
 pub async fn list_running_missions(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
 ) -> Result<Json<Vec<super::mission_runner::RunningMissionInfo>>, (StatusCode, String)> {
     let (tx, rx) = oneshot::channel();
 
-    state
-        .control
+    let control = control_for_user(&state, &user).await;
+    control
         .cmd_tx
         .send(ControlCommand::ListRunning { respond: tx })
         .await
@@ -914,13 +1315,14 @@ pub struct StartParallelRequest {
 /// Start a mission in parallel (if capacity allows).
 pub async fn start_mission_parallel(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
     Path(mission_id): Path<Uuid>,
     Json(req): Json<StartParallelRequest>,
 ) -> Result<Json<serde_json::Value>, (StatusCode, String)> {
     let (tx, rx) = oneshot::channel();
 
-    state
-        .control
+    let control = control_for_user(&state, &user).await;
+    control
         .cmd_tx
         .send(ControlCommand::StartParallel {
             mission_id,
@@ -950,12 +1352,13 @@ pub async fn start_mission_parallel(
 /// Cancel a specific mission.
 pub async fn cancel_mission(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
     Path(mission_id): Path<Uuid>,
 ) -> Result<Json<serde_json::Value>, (StatusCode, String)> {
     let (tx, rx) = oneshot::channel();
 
-    state
-        .control
+    let control = control_for_user(&state, &user).await;
+    control
         .cmd_tx
         .send(ControlCommand::CancelMission {
             mission_id,
@@ -992,14 +1395,15 @@ pub struct ResumeMissionRequest {
 /// This reconstructs context from history and work directory, then restarts execution.
 pub async fn resume_mission(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
     Path(mission_id): Path<Uuid>,
     body: Option<Json<ResumeMissionRequest>>,
 ) -> Result<Json<Mission>, (StatusCode, String)> {
     let clean_workspace = body.map(|b| b.clean_workspace).unwrap_or(false);
     let (tx, rx) = oneshot::channel();
 
-    state
-        .control
+    let control = control_for_user(&state, &user).await;
+    control
         .cmd_tx
         .send(ControlCommand::ResumeMission {
             mission_id,
@@ -1028,12 +1432,13 @@ pub async fn resume_mission(
 /// Get parallel execution configuration.
 pub async fn get_parallel_config(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
 ) -> Result<Json<serde_json::Value>, (StatusCode, String)> {
     // Query actual running count from the control actor
     // (the running state is tracked in the actor loop, not in shared state)
     let (tx, rx) = oneshot::channel();
-    state
-        .control
+    let control = control_for_user(&state, &user).await;
+    control
         .cmd_tx
         .send(ControlCommand::ListRunning { respond: tx })
         .await
@@ -1052,7 +1457,7 @@ pub async fn get_parallel_config(
     })?;
 
     Ok(Json(serde_json::json!({
-        "max_parallel_missions": state.control.max_parallel,
+        "max_parallel_missions": control.max_parallel,
         "running_count": running.len(),
     })))
 }
@@ -1061,13 +1466,14 @@ pub async fn get_parallel_config(
 /// Only allows deleting missions that are not currently running.
 pub async fn delete_mission(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
     Path(mission_id): Path<Uuid>,
 ) -> Result<Json<serde_json::Value>, (StatusCode, String)> {
     // Check if mission is currently running by querying the control actor
     // (the actual running state is tracked in the actor loop, not in shared state)
     let (tx, rx) = oneshot::channel();
-    state
-        .control
+    let control = control_for_user(&state, &user).await;
+    control
         .cmd_tx
         .send(ControlCommand::ListRunning { respond: tx })
         .await
@@ -1092,20 +1498,11 @@ pub async fn delete_mission(
         ));
     }
 
-    // Get memory system
-    let mem = state.memory.as_ref().ok_or_else(|| {
-        (
-            StatusCode::SERVICE_UNAVAILABLE,
-            "Memory system not available".to_string(),
-        )
-    })?;
-
-    // Delete the mission
-    let deleted = mem
-        .supabase
+    let deleted = control
+        .mission_store
         .delete_mission(mission_id)
         .await
-        .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
+        .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e))?;
 
     if deleted {
         Ok(Json(serde_json::json!({
@@ -1122,12 +1519,13 @@ pub async fn delete_mission(
 /// Note: This excludes any currently running missions to prevent data loss.
 pub async fn cleanup_empty_missions(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
 ) -> Result<Json<serde_json::Value>, (StatusCode, String)> {
     // Get currently running mission IDs to exclude from cleanup
     // (a newly-started mission may have empty history in DB while actively running)
     let (tx, rx) = oneshot::channel();
-    state
-        .control
+    let control = control_for_user(&state, &user).await;
+    control
         .cmd_tx
         .send(ControlCommand::ListRunning { respond: tx })
         .await
@@ -1147,20 +1545,11 @@ pub async fn cleanup_empty_missions(
 
     let running_ids: Vec<Uuid> = running.iter().map(|m| m.mission_id).collect();
 
-    // Get memory system
-    let mem = state.memory.as_ref().ok_or_else(|| {
-        (
-            StatusCode::SERVICE_UNAVAILABLE,
-            "Memory system not available".to_string(),
-        )
-    })?;
-
-    // Delete empty untitled missions, excluding running ones
-    let count = mem
-        .supabase
+    let count = control
+        .mission_store
         .delete_empty_untitled_missions_excluding(&running_ids)
         .await
-        .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
+        .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e))?;
 
     Ok(Json(serde_json::json!({
         "ok": true,
@@ -1171,11 +1560,13 @@ pub async fn cleanup_empty_missions(
 /// Stream control session events via SSE.
 pub async fn stream(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
 ) -> Result<Sse<impl Stream<Item = Result<Event, Infallible>>>, (StatusCode, String)> {
-    let mut rx = state.control.events_tx.subscribe();
+    let control = control_for_user(&state, &user).await;
+    let mut rx = control.events_tx.subscribe();
 
     // Emit an initial status snapshot immediately.
-    let initial = state.control.status.read().await.clone();
+    let initial = control.status.read().await.clone();
 
     let stream = async_stream::stream! {
         let init_ev = Event::default()
@@ -1223,13 +1614,14 @@ pub async fn stream(
 }
 
 /// Spawn the global control session actor.
-pub fn spawn_control_session(
+fn spawn_control_session(
     config: Config,
     root_agent: AgentRef,
     memory: Option<MemorySystem>,
     benchmarks: crate::budget::SharedBenchmarkRegistry,
     resolver: crate::budget::SharedModelResolver,
     mcp: Arc<McpRegistry>,
+    mission_store: Arc<dyn MissionStore>,
 ) -> ControlState {
     let (cmd_tx, cmd_rx) = mpsc::channel::<ControlCommand>(256);
     let (events_tx, _events_rx) = broadcast::channel::<AgentEvent>(1024);
@@ -1259,6 +1651,7 @@ pub fn spawn_control_session(
         progress: Arc::clone(&progress),
         running_missions: Arc::clone(&running_missions),
         max_parallel,
+        mission_store: Arc::clone(&mission_store),
     };
 
     // Spawn the main control actor
@@ -1278,17 +1671,16 @@ pub fn spawn_control_session(
         current_mission,
         current_tree,
         progress,
+        mission_store,
     ));
 
     // Spawn background stale mission cleanup task (if enabled)
-    if config.stale_mission_hours > 0 {
-        if let Some(mem) = memory {
-            tokio::spawn(stale_mission_cleanup_loop(
-                mem,
-                config.stale_mission_hours,
-                events_tx,
-            ));
-        }
+    if config.stale_mission_hours > 0 && state.mission_store.is_persistent() {
+        tokio::spawn(stale_mission_cleanup_loop(
+            Arc::clone(&state.mission_store),
+            config.stale_mission_hours,
+            events_tx,
+        ));
     }
 
     state
@@ -1296,7 +1688,7 @@ pub fn spawn_control_session(
 
 /// Background task that periodically closes stale missions.
 async fn stale_mission_cleanup_loop(
-    memory: MemorySystem,
+    mission_store: Arc<dyn MissionStore>,
     stale_hours: u64,
     events_tx: broadcast::Sender<AgentEvent>,
 ) {
@@ -1311,7 +1703,7 @@ async fn stale_mission_cleanup_loop(
     loop {
         tokio::time::sleep(check_interval).await;
 
-        match memory.supabase.get_stale_active_missions(stale_hours).await {
+        match mission_store.get_stale_active_missions(stale_hours).await {
             Ok(stale_missions) => {
                 for mission in stale_missions {
                     tracing::info!(
@@ -1321,9 +1713,8 @@ async fn stale_mission_cleanup_loop(
                         mission.updated_at
                     );
 
-                    if let Err(e) = memory
-                        .supabase
-                        .update_mission_status(mission.id, "completed")
+                    if let Err(e) = mission_store
+                        .update_mission_status(mission.id, MissionStatus::Completed)
                         .await
                     {
                         tracing::warn!("Failed to auto-close stale mission {}: {}", mission.id, e);
@@ -1363,6 +1754,7 @@ async fn control_actor_loop(
     current_mission: Arc<RwLock<Option<Uuid>>>,
     current_tree: Arc<RwLock<Option<AgentTreeNode>>>,
     progress: Arc<RwLock<ExecutionProgress>>,
+    mission_store: Arc<dyn MissionStore>,
 ) {
     // Queue stores (id, content, model_override) for the current/primary mission
     let mut queue: VecDeque<(Uuid, String, Option<String>)> = VecDeque::new();
@@ -1403,20 +1795,20 @@ async fn control_actor_loop(
 
     // Helper to persist history to current mission
     async fn persist_mission_history(
-        memory: &Option<MemorySystem>,
+        mission_store: &Arc<dyn MissionStore>,
         current_mission: &Arc<RwLock<Option<Uuid>>>,
         history: &[(String, String)],
     ) {
         let mission_id = current_mission.read().await.clone();
-        if let (Some(mem), Some(mid)) = (memory, mission_id) {
-            let messages: Vec<MissionMessage> = history
+        if let Some(mid) = mission_id {
+            let entries: Vec<MissionHistoryEntry> = history
                 .iter()
-                .map(|(role, content)| MissionMessage {
+                .map(|(role, content)| MissionHistoryEntry {
                     role: role.clone(),
                     content: content.clone(),
                 })
                 .collect();
-            if let Err(e) = mem.supabase.update_mission_history(mid, &messages).await {
+            if let Err(e) = mission_store.update_mission_history(mid, &entries).await {
                 tracing::warn!("Failed to persist mission history: {}", e);
             }
 
@@ -1424,14 +1816,24 @@ async fn control_actor_loop(
             if history.len() == 2 {
                 if let Some((role, content)) = history.first() {
                     if role == "user" {
-                        let title = if content.len() > 100 {
-                            let safe_end = crate::memory::safe_truncate_index(content, 100);
-                            format!("{}...", &content[..safe_end])
-                        } else {
-                            content.clone()
-                        };
-                        if let Err(e) = mem.supabase.update_mission_title(mid, &title).await {
-                            tracing::warn!("Failed to update mission title: {}", e);
+                        let should_update = mission_store
+                            .get_mission(mid)
+                            .await
+                            .ok()
+                            .flatten()
+                            .and_then(|m| m.title)
+                            .map(|t| t.trim().is_empty())
+                            .unwrap_or(true);
+                        if should_update {
+                            let title = if content.len() > 100 {
+                                let safe_end = crate::memory::safe_truncate_index(content, 100);
+                                format!("{}...", &content[..safe_end])
+                            } else {
+                                content.clone()
+                            };
+                            if let Err(e) = mission_store.update_mission_title(mid, &title).await {
+                                tracing::warn!("Failed to update mission title: {}", e);
+                            }
                         }
                     }
                 }
@@ -1440,89 +1842,41 @@ async fn control_actor_loop(
     }
 
     // Helper to load a mission and return a Mission struct
-    async fn load_mission_from_db(
-        memory: &Option<MemorySystem>,
+    async fn load_mission_record(
+        mission_store: &Arc<dyn MissionStore>,
         id: Uuid,
     ) -> Result<Mission, String> {
-        let mem = memory.as_ref().ok_or("Memory not configured")?;
-        let db_mission = mem
-            .supabase
+        mission_store
             .get_mission(id)
-            .await
-            .map_err(|e| e.to_string())?
-            .ok_or_else(|| format!("Mission {} not found", id))?;
-
-        let history: Vec<MissionHistoryEntry> =
-            serde_json::from_value(db_mission.history.clone()).unwrap_or_default();
-        let status = match db_mission.status.as_str() {
-            "completed" => MissionStatus::Completed,
-            "failed" => MissionStatus::Failed,
-            "interrupted" => MissionStatus::Interrupted,
-            "blocked" => MissionStatus::Blocked,
-            "not_feasible" => MissionStatus::NotFeasible,
-            _ => MissionStatus::Active,
-        };
-
-        Ok(Mission {
-            id: db_mission.id,
-            status,
-            title: db_mission.title,
-            model_override: db_mission.model_override,
-            history,
-            created_at: db_mission.created_at.clone(),
-            updated_at: db_mission.updated_at.clone(),
-            interrupted_at: if matches!(status, MissionStatus::Interrupted | MissionStatus::Blocked)
-            {
-                Some(db_mission.updated_at)
-            } else {
-                None
-            },
-            resumable: matches!(status, MissionStatus::Interrupted | MissionStatus::Blocked),
-        })
+            .await?
+            .ok_or_else(|| format!("Mission {} not found", id))
     }
 
     // Helper to create a new mission
     async fn create_new_mission(
-        memory: &Option<MemorySystem>,
+        mission_store: &Arc<dyn MissionStore>,
         model_override: Option<&str>,
     ) -> Result<Mission, String> {
-        create_new_mission_with_title(memory, None, model_override).await
+        create_new_mission_with_title(mission_store, None, model_override).await
     }
 
     // Helper to create a new mission with title
     async fn create_new_mission_with_title(
-        memory: &Option<MemorySystem>,
+        mission_store: &Arc<dyn MissionStore>,
         title: Option<&str>,
         model_override: Option<&str>,
     ) -> Result<Mission, String> {
-        let mem = memory.as_ref().ok_or("Memory not configured")?;
-        let db_mission = mem
-            .supabase
-            .create_mission(title, model_override)
-            .await
-            .map_err(|e| e.to_string())?;
-
-        Ok(Mission {
-            id: db_mission.id,
-            status: MissionStatus::Active,
-            title: db_mission.title,
-            model_override: db_mission.model_override,
-            history: vec![],
-            created_at: db_mission.created_at,
-            updated_at: db_mission.updated_at,
-            interrupted_at: None,
-            resumable: false,
-        })
+        mission_store.create_mission(title, model_override).await
     }
 
     // Helper to build resume context for an interrupted or blocked mission
     async fn resume_mission_impl(
-        memory: &Option<MemorySystem>,
+        mission_store: &Arc<dyn MissionStore>,
         config: &Config,
         mission_id: Uuid,
         clean_workspace: bool,
     ) -> Result<(Mission, String), String> {
-        let mission = load_mission_from_db(memory, mission_id).await?;
+        let mission = load_mission_record(mission_store, mission_id).await?;
 
         // Check if mission can be resumed (interrupted or blocked)
         if !matches!(
@@ -1536,11 +1890,7 @@ async fn control_actor_loop(
         }
 
         // Clean workspace if requested
-        let short_id = &mission_id.to_string()[..8];
-        let mission_dir = config
-            .working_dir
-            .join("work")
-            .join(format!("mission-{}", short_id));
+        let mission_dir = workspace::mission_workspace_dir(&config.working_dir, mission_id);
 
         if clean_workspace && mission_dir.exists() {
             tracing::info!(
@@ -1618,6 +1968,7 @@ async fn control_actor_loop(
                         if dir_name == "venv"
                             || dir_name == ".venv"
                             || dir_name == ".open_agent"
+                            || dir_name == ".openagent"
                             || dir_name == "temp"
                         {
                             continue;
@@ -1682,7 +2033,9 @@ async fn control_actor_loop(
                         {
                             let mission_id = current_mission.read().await.clone();
                             if mission_id.is_none() {
-                                if let Ok(new_mission) = create_new_mission(&memory, model.as_deref()).await {
+                                if let Ok(new_mission) =
+                                    create_new_mission(&mission_store, model.as_deref()).await
+                                {
                                     *current_mission.write().await = Some(new_mission.id);
                                     tracing::info!("Auto-created mission: {} (model: {:?})", new_mission.id, model);
                                 }
@@ -1696,7 +2049,9 @@ async fn control_actor_loop(
                             // Get current mission's model_override
                             let mission_id = current_mission.read().await.clone();
                             if let Some(mid) = mission_id {
-                                if let Ok(mission) = load_mission_from_db(&memory, mid).await {
+                                if let Ok(mission) =
+                                    load_mission_record(&mission_store, mid).await
+                                {
                                     mission.model_override
                                 } else {
                                     None
@@ -1719,20 +2074,10 @@ async fn control_actor_loop(
                                 let current_mid = current_mission.read().await.clone();
                                 let _ = events_tx.send(AgentEvent::UserMessage { id: mid, content: msg.clone(), mission_id: current_mid });
 
-                                // Immediately persist user message to database so it's visible when loading mission
+                                // Immediately persist user message so it's visible when loading mission
                                 history.push(("user".to_string(), msg.clone()));
-                                if let (Some(mem), Some(mission_id)) = (&memory, current_mid) {
-                                    let messages: Vec<MissionMessage> = history
-                                        .iter()
-                                        .map(|(role, content)| MissionMessage {
-                                            role: role.clone(),
-                                            content: content.clone(),
-                                        })
-                                        .collect();
-                                    if let Err(e) = mem.supabase.update_mission_history(mission_id, &messages).await {
-                                        tracing::warn!("Failed to persist user message: {}", e);
-                                    }
-                                }
+                                persist_mission_history(&mission_store, &current_mission, &history)
+                                    .await;
 
                                 let cfg = config.clone();
                                 let agent = Arc::clone(&root_agent);
@@ -1801,10 +2146,19 @@ async fn control_actor_loop(
                     }
                     ControlCommand::LoadMission { id, respond } => {
                         // First persist current mission history
-                        persist_mission_history(&memory, &current_mission, &history).await;
+                        persist_mission_history(
+                            &mission_store,
+                            &current_mission,
+                            &history,
+                        )
+                        .await;
 
                         // Load the new mission
-                        match load_mission_from_db(&memory, id).await {
+                        match load_mission_record(
+                            &mission_store,
+                            id,
+                        )
+                        .await {
                             Ok(mission) => {
                                 // Update history from loaded mission
                                 history = mission.history.iter()
@@ -1820,10 +2174,20 @@ async fn control_actor_loop(
                     }
                     ControlCommand::CreateMission { title, model_override, respond } => {
                         // First persist current mission history
-                        persist_mission_history(&memory, &current_mission, &history).await;
+                        persist_mission_history(
+                            &mission_store,
+                            &current_mission,
+                            &history,
+                        )
+                        .await;
 
                         // Create a new mission with optional title and model override
-                        match create_new_mission_with_title(&memory, title.as_deref(), model_override.as_deref()).await {
+                        match create_new_mission_with_title(
+                            &mission_store,
+                            title.as_deref(),
+                            model_override.as_deref(),
+                        )
+                        .await {
                             Ok(mission) => {
                                 history.clear();
                                 *current_mission.write().await = Some(mission.id);
@@ -1835,32 +2199,27 @@ async fn control_actor_loop(
                         }
                     }
                     ControlCommand::SetMissionStatus { id, status: new_status, respond } => {
-                        if let Some(mem) = &memory {
-                            // Save the final tree before updating status (if this is the current mission)
-                            let current_id = current_mission.read().await.clone();
-                            if current_id == Some(id) {
-                                if let Some(tree) = current_tree.read().await.clone() {
-                                    if let Ok(tree_json) = serde_json::to_value(&tree) {
-                                        if let Err(e) = mem.supabase.update_mission_tree(id, &tree_json).await {
-                                            tracing::warn!("Failed to save mission tree: {}", e);
-                                        }
-                                    }
+                        let current_id = current_mission.read().await.clone();
+                        if current_id == Some(id) {
+                            if let Some(tree) = current_tree.read().await.clone() {
+                                if let Err(e) = mission_store.update_mission_tree(id, &tree).await
+                                {
+                                    tracing::warn!("Failed to save mission tree: {}", e);
                                 }
                             }
-
-                            let result = mem.supabase.update_mission_status(id, &new_status.to_string()).await
-                                .map_err(|e| e.to_string());
-                            if result.is_ok() {
-                                let _ = events_tx.send(AgentEvent::MissionStatusChanged {
-                                    mission_id: id,
-                                    status: new_status,
-                                    summary: None,
-                                });
-                            }
-                            let _ = respond.send(result);
-                        } else {
-                            let _ = respond.send(Err("Memory not configured".to_string()));
                         }
+
+                        let result = mission_store
+                            .update_mission_status(id, new_status)
+                            .await;
+                        if result.is_ok() {
+                            let _ = events_tx.send(AgentEvent::MissionStatusChanged {
+                                mission_id: id,
+                                status: new_status,
+                                summary: None,
+                            });
+                        }
+                        let _ = respond.send(result);
                     }
                     ControlCommand::StartParallel { mission_id, content, model, respond } => {
                         tracing::info!("StartParallel requested for mission {} with model {:?}", mission_id, model);
@@ -1882,9 +2241,13 @@ async fn control_actor_loop(
                                 mission_id
                             )));
                         } else {
-                            // Load mission to get DB model_override as fallback
-                            let db_model = match load_mission_from_db(&memory, mission_id).await {
-                                Ok(m) => m.model_override,
+                            // Load mission to get DB model_override and existing history
+                            let mission = match load_mission_record(
+                                &mission_store,
+                                mission_id,
+                            )
+                            .await {
+                                Ok(m) => m,
                                 Err(e) => {
                                     let _ = respond.send(Err(format!("Failed to load mission: {}", e)));
                                     continue;
@@ -1892,7 +2255,7 @@ async fn control_actor_loop(
                             };
 
                             // Request model takes priority over DB model
-                            let model_override = model.or(db_model);
+                            let model_override = model.or(mission.model_override);
 
                             // Create a new MissionRunner
                             let mut runner = super::mission_runner::MissionRunner::new(
@@ -1900,6 +2263,11 @@ async fn control_actor_loop(
                                 model_override.clone(),
                             );
 
+                            // Load existing history into runner to preserve conversation context
+                            for entry in &mission.history {
+                                runner.history.push((entry.role.clone(), entry.content.clone()));
+                            }
+
                             // Queue the initial message
                             runner.queue_message(Uuid::new_v4(), content, model_override);
 
@@ -1988,10 +2356,21 @@ async fn control_actor_loop(
                     }
                     ControlCommand::ResumeMission { mission_id, clean_workspace, respond } => {
                         // Resume an interrupted mission by building resume context
-                        match resume_mission_impl(&memory, &config, mission_id, clean_workspace).await {
+                        match resume_mission_impl(
+                            &mission_store,
+                            &config,
+                            mission_id,
+                            clean_workspace,
+                        )
+                        .await {
                             Ok((mission, resume_prompt)) => {
                                 // First persist current mission history (if any)
-                                persist_mission_history(&memory, &current_mission, &history).await;
+                                persist_mission_history(
+                                    &mission_store,
+                                    &current_mission,
+                                    &history,
+                                )
+                                .await;
 
                                 // Load the mission's history into current state
                                 history = mission.history.iter()
@@ -2000,8 +2379,11 @@ async fn control_actor_loop(
                                 *current_mission.write().await = Some(mission_id);
 
                                 // Update mission status back to active
-                                if let Some(mem) = &memory {
-                                    let _ = mem.supabase.update_mission_status(mission_id, "active").await;
+                                if let Err(e) = mission_store
+                                    .update_mission_status(mission_id, MissionStatus::Active)
+                                    .await
+                                {
+                                    tracing::warn!("Failed to resume mission {}: {}", mission_id, e);
                                 }
 
                                 // Queue the resume prompt as a message
@@ -2090,16 +2472,23 @@ async fn control_actor_loop(
                                 // (i.e., user didn't create a new mission while this one was running)
                                 let current_mid = current_mission.read().await.clone();
                                 if current_mid == Some(mission_id) {
-                                    persist_mission_history(&memory, &current_mission, &history).await;
+                                    persist_mission_history(
+                                        &mission_store,
+                                        &current_mission,
+                                        &history,
+                                    )
+                                    .await;
                                 }
                                 // Note: If missions differ, don't persist - the local history
                                 // belongs to current_mission, not running_mission_id
 
-                                if let Some(mem) = &memory {
-                                    if let Ok(()) = mem.supabase.update_mission_status(mission_id, "interrupted").await {
-                                        interrupted_ids.push(mission_id);
-                                        tracing::info!("Marked mission {} as interrupted", mission_id);
-                                    }
+                                if mission_store
+                                    .update_mission_status(mission_id, MissionStatus::Interrupted)
+                                    .await
+                                    .is_ok()
+                                {
+                                    interrupted_ids.push(mission_id);
+                                    tracing::info!("Marked mission {} as interrupted", mission_id);
                                 }
 
                                 // Cancel execution
@@ -2112,19 +2501,31 @@ async fn control_actor_loop(
                         // Handle parallel missions
                         for (mission_id, runner) in parallel_runners.iter_mut() {
                             // Persist history for parallel mission
-                            if let Some(mem) = &memory {
-                                let messages: Vec<MissionMessage> = runner.history.iter()
-                                    .map(|(role, content)| MissionMessage {
-                                        role: role.clone(),
-                                        content: content.clone(),
-                                    })
-                                    .collect();
-                                let _ = mem.supabase.update_mission_history(*mission_id, &messages).await;
-
-                                if let Ok(()) = mem.supabase.update_mission_status(*mission_id, "interrupted").await {
-                                    interrupted_ids.push(*mission_id);
-                                    tracing::info!("Marked parallel mission {} as interrupted", mission_id);
-                                }
+                            let entries: Vec<MissionHistoryEntry> = runner
+                                .history
+                                .iter()
+                                .map(|(role, content)| MissionHistoryEntry {
+                                    role: role.clone(),
+                                    content: content.clone(),
+                                })
+                                .collect();
+                            if let Err(e) = mission_store
+                                .update_mission_history(*mission_id, &entries)
+                                .await
+                            {
+                                tracing::warn!(
+                                    "Failed to persist parallel mission history {}: {}",
+                                    mission_id,
+                                    e
+                                );
+                            }
+                            if mission_store
+                                .update_mission_status(*mission_id, MissionStatus::Interrupted)
+                                .await
+                                .is_ok()
+                            {
+                                interrupted_ids.push(*mission_id);
+                                tracing::info!("Marked parallel mission {} as interrupted", mission_id);
                             }
 
                             runner.cancel();
@@ -2148,54 +2549,46 @@ async fn control_actor_loop(
                                     crate::tools::mission::MissionStatusValue::NotFeasible => MissionStatus::NotFeasible,
                                 };
                                 let success = matches!(status, crate::tools::mission::MissionStatusValue::Completed);
+                                // Save the final tree before updating status
+                                if let Some(tree) = current_tree.read().await.clone() {
+                                    if let Err(e) = mission_store.update_mission_tree(id, &tree).await {
+                                        tracing::warn!("Failed to save mission tree: {}", e);
+                                    } else {
+                                        tracing::info!("Saved final tree for mission {}", id);
+                                    }
+                                }
 
-                                if let Some(mem) = &memory {
-                                    // Save the final tree before updating status
-                                    if let Some(tree) = current_tree.read().await.clone() {
-                                        if let Ok(tree_json) = serde_json::to_value(&tree) {
-                                            if let Err(e) = mem.supabase.update_mission_tree(id, &tree_json).await {
-                                                tracing::warn!("Failed to save mission tree: {}", e);
-                                            } else {
-                                                tracing::info!("Saved final tree for mission {}", id);
-                                            }
+                                if mission_store
+                                    .update_mission_status(id, new_status)
+                                    .await
+                                    .is_ok()
+                                {
+                                    // Generate and store mission summary
+                                    if let Some(ref summary_text) = summary {
+                                        // Extract key files from conversation (look for paths in assistant messages)
+                                        let key_files: Vec<String> = history
+                                            .iter()
+                                            .filter(|(role, _)| role == "assistant")
+                                            .flat_map(|(_, content)| extract_file_paths(content))
+                                            .take(10)
+                                            .collect();
+
+                                        if let Err(e) = mission_store
+                                            .insert_mission_summary(id, summary_text, &key_files, success)
+                                            .await
+                                        {
+                                            tracing::warn!("Failed to store mission summary: {}", e);
+                                        } else {
+                                            tracing::info!("Stored mission summary for {}", id);
                                         }
                                     }
 
-                                    if let Ok(()) = mem.supabase.update_mission_status(id, &new_status.to_string()).await {
-                                        // Generate and store mission summary
-                                        if let Some(ref summary_text) = summary {
-                                            // Extract key files from conversation (look for paths in assistant messages)
-                                            let key_files: Vec<String> = history.iter()
-                                                .filter(|(role, _)| role == "assistant")
-                                                .flat_map(|(_, content)| extract_file_paths(content))
-                                                .take(10)
-                                                .collect();
-
-                                            // Generate embedding for the summary
-                                            let embedding = mem.embedder.embed(summary_text).await.ok();
-
-                                            // Store mission summary
-                                            if let Err(e) = mem.supabase.insert_mission_summary(
-                                                id,
-                                                summary_text,
-                                                &key_files,
-                                                &[], // tools_used - could track this
-                                                success,
-                                                embedding.as_deref(),
-                                            ).await {
-                                                tracing::warn!("Failed to store mission summary: {}", e);
-                                            } else {
-                                                tracing::info!("Stored mission summary for {}", id);
-                                            }
-                                        }
-
-                                        let _ = events_tx.send(AgentEvent::MissionStatusChanged {
-                                            mission_id: id,
-                                            status: new_status,
-                                            summary,
-                                        });
-                                        tracing::info!("Mission {} marked as {} by agent", id, new_status);
-                                    }
+                                    let _ = events_tx.send(AgentEvent::MissionStatusChanged {
+                                        mission_id: id,
+                                        status: new_status,
+                                        summary,
+                                    });
+                                    tracing::info!("Mission {} marked as {} by agent", id, new_status);
                                 }
                             }
                         }
@@ -2233,40 +2626,51 @@ async fn control_actor_loop(
                             // using the local `history` variable, because CreateMission may have
                             // cleared `history` while this task was running. This prevents data loss.
                             // Note: User message was already persisted before execution started.
-                            if let (Some(mem), Some(mid)) = (&memory, completed_mission_id) {
-                                // Fetch existing history from DB (should already contain user message)
-                                let existing_history: Vec<MissionHistoryEntry> = match mem.supabase.get_mission(mid).await {
+                            if let Some(mid) = completed_mission_id {
+                                match mission_store.get_mission(mid).await {
                                     Ok(Some(mission)) => {
-                                        serde_json::from_value(mission.history).unwrap_or_default()
+                                        let mut entries = mission.history.clone();
+                                        entries.push(MissionHistoryEntry {
+                                            role: "assistant".to_string(),
+                                            content: agent_result.output.clone(),
+                                        });
+                                        if let Err(e) =
+                                            mission_store.update_mission_history(mid, &entries).await
+                                        {
+                                            tracing::warn!("Failed to persist mission history: {}", e);
+                                        }
+
+                                        let title_empty = mission
+                                            .title
+                                            .as_ref()
+                                            .map(|s| s.trim().is_empty())
+                                            .unwrap_or(true);
+                                        if title_empty && entries.len() == 2 && entries[0].role == "user"
+                                        {
+                                            // Use safe_truncate_index for UTF-8 safe truncation
+                                            let title = if user_msg.len() > 100 {
+                                                let safe_end =
+                                                    crate::memory::safe_truncate_index(&user_msg, 100);
+                                                format!("{}...", &user_msg[..safe_end])
+                                            } else {
+                                                user_msg.clone()
+                                            };
+                                            if let Err(e) =
+                                                mission_store.update_mission_title(mid, &title).await
+                                            {
+                                                tracing::warn!("Failed to update mission title: {}", e);
+                                            }
+                                        }
                                     }
-                                    _ => Vec::new(),
-                                };
-
-                                // Append assistant message to existing history (user was already persisted)
-                                let mut messages: Vec<MissionMessage> = existing_history
-                                    .iter()
-                                    .map(|e| MissionMessage {
-                                        role: e.role.clone(),
-                                        content: e.content.clone(),
-                                    })
-                                    .collect();
-                                messages.push(MissionMessage { role: "assistant".to_string(), content: agent_result.output.clone() });
-
-                                if let Err(e) = mem.supabase.update_mission_history(mid, &messages).await {
-                                    tracing::warn!("Failed to persist mission history: {}", e);
-                                }
-
-                                // Update title from first user message if not set (check for user-only history)
-                                if existing_history.len() == 1 && existing_history[0].role == "user" {
-                                    // Use safe_truncate_index for UTF-8 safe truncation, matching persist_mission_history
-                                    let title = if user_msg.len() > 100 {
-                                        let safe_end = crate::memory::safe_truncate_index(&user_msg, 100);
-                                        format!("{}...", &user_msg[..safe_end])
-                                    } else {
-                                        user_msg.clone()
-                                    };
-                                    if let Err(e) = mem.supabase.update_mission_title(mid, &title).await {
-                                        tracing::warn!("Failed to update mission title: {}", e);
+                                    Ok(None) => {
+                                        tracing::warn!("Mission {} not found for history append", mid);
+                                    }
+                                    Err(e) => {
+                                        tracing::warn!(
+                                            "Failed to load mission {} for history append: {}",
+                                            mid,
+                                            e
+                                        );
                                     }
                                 }
                             }
@@ -2281,53 +2685,52 @@ async fn control_actor_loop(
                             // - Explicit complete_mission calls (which update DB status)
                             // - Parallel missions (each has its own DB status)
                             if agent_result.terminal_reason.is_some() {
-                                if let Some(mem) = &memory {
-                                    // Use completed_mission_id (the actual mission that just finished)
-                                    // instead of current_mission (which can change when user creates a new mission)
-                                    if let Some(mission_id) = completed_mission_id {
-                                        // Check current mission status from DB - only auto-complete if still "active"
-                                        let current_status = mem.supabase.get_mission(mission_id).await
-                                            .ok()
-                                            .flatten()
-                                            .map(|m| m.status);
-
-                                        if current_status.as_deref() == Some("active") {
-                                            // Determine status based on terminal reason
-                                            let (status, new_status) = match agent_result.terminal_reason {
-                                                Some(TerminalReason::Completed) => {
-                                                    ("completed", MissionStatus::Completed)
+                                // Use completed_mission_id (the actual mission that just finished)
+                                // instead of current_mission (which can change when user creates a new mission)
+                                if let Some(mission_id) = completed_mission_id {
+                                    match mission_store.get_mission(mission_id).await {
+                                        Ok(Some(mission)) => {
+                                            if mission.status == MissionStatus::Active {
+                                                let new_status = match agent_result.terminal_reason {
+                                                    Some(TerminalReason::Completed) => MissionStatus::Completed,
+                                                    Some(TerminalReason::MaxIterations) => MissionStatus::Blocked,
+                                                    _ if agent_result.success => MissionStatus::Completed,
+                                                    _ => MissionStatus::Failed,
+                                                };
+                                                tracing::info!(
+                                                    "Auto-completing mission {} with status '{:?}' (terminal_reason: {:?})",
+                                                    mission_id, new_status, agent_result.terminal_reason
+                                                );
+                                                if let Err(e) = mission_store
+                                                    .update_mission_status(mission_id, new_status)
+                                                    .await
+                                                {
+                                                    tracing::warn!("Failed to auto-complete mission: {}", e);
+                                                } else {
+                                                    let _ = events_tx.send(AgentEvent::MissionStatusChanged {
+                                                        mission_id,
+                                                        status: new_status,
+                                                        summary: Some(format!(
+                                                            "Auto-completed: {}",
+                                                            agent_result.output.chars().take(100).collect::<String>()
+                                                        )),
+                                                    });
                                                 }
-                                                // MaxIterations -> blocked (resumable) instead of failed
-                                                Some(TerminalReason::MaxIterations) => {
-                                                    ("blocked", MissionStatus::Blocked)
-                                                }
-                                                _ if agent_result.success => {
-                                                    ("completed", MissionStatus::Completed)
-                                                }
-                                                _ => {
-                                                    ("failed", MissionStatus::Failed)
-                                                }
-                                            };
-
-                                            tracing::info!(
-                                                "Auto-completing mission {} with status '{}' (terminal_reason: {:?})",
-                                                mission_id, status, agent_result.terminal_reason
-                                            );
-                                            if let Err(e) = mem.supabase.update_mission_status(mission_id, status).await {
-                                                tracing::warn!("Failed to auto-complete mission: {}", e);
                                             } else {
-                                                // Emit status change event
-                                                let _ = events_tx.send(AgentEvent::MissionStatusChanged {
-                                                    mission_id,
-                                                    status: new_status,
-                                                    summary: Some(format!("Auto-completed: {}",
-                                                        agent_result.output.chars().take(100).collect::<String>())),
-                                                });
+                                                tracing::debug!(
+                                                    "Skipping auto-complete: mission {} already has status {:?}",
+                                                    mission_id, mission.status
+                                                );
                                             }
-                                        } else {
-                                            tracing::debug!(
-                                                "Skipping auto-complete: mission {} already has status {:?}",
-                                                mission_id, current_status
+                                        }
+                                        Ok(None) => {
+                                            tracing::warn!("Mission {} not found for auto-complete", mission_id);
+                                        }
+                                        Err(e) => {
+                                            tracing::warn!(
+                                                "Failed to load mission {} for auto-complete: {}",
+                                                mission_id,
+                                                e
                                             );
                                         }
                                     }
@@ -2357,6 +2760,12 @@ async fn control_actor_loop(
                     set_and_emit_status(&status, &events_tx, ControlRunState::Running, queue.len()).await;
                     let current_mid = current_mission.read().await.clone();
                     let _ = events_tx.send(AgentEvent::UserMessage { id: mid, content: msg.clone(), mission_id: current_mid });
+
+                    // Immediately persist user message so it's visible when loading mission
+                    history.push(("user".to_string(), msg.clone()));
+                    persist_mission_history(&mission_store, &current_mission, &history)
+                        .await;
+
                     let cfg = config.clone();
                     let agent = Arc::clone(&root_agent);
                     let mem = memory.clone();
@@ -2413,7 +2822,7 @@ async fn control_actor_loop(
 
                 for (mission_id, runner) in parallel_runners.iter_mut() {
                     if runner.check_finished() {
-                        if let Some((msg_id, user_msg, result)) = runner.poll_completion().await {
+                        if let Some((msg_id, _user_msg, result)) = runner.poll_completion().await {
                             tracing::info!(
                                 "Parallel mission {} completed (success: {}, cost: {} cents)",
                                 mission_id, result.success, result.cost_cents
@@ -2430,16 +2839,22 @@ async fn control_actor_loop(
                             });
 
                             // Persist history for this mission
-                            if let Some(mem) = &memory {
-                                let messages: Vec<MissionMessage> = runner.history.iter()
-                                    .map(|(role, content)| MissionMessage {
-                                        role: role.clone(),
-                                        content: content.clone(),
-                                    })
-                                    .collect();
-                                if let Err(e) = mem.supabase.update_mission_history(*mission_id, &messages).await {
-                                    tracing::warn!("Failed to persist parallel mission history: {}", e);
-                                }
+                            let entries: Vec<MissionHistoryEntry> = runner
+                                .history
+                                .iter()
+                                .map(|(role, content)| MissionHistoryEntry {
+                                    role: role.clone(),
+                                    content: content.clone(),
+                                })
+                                .collect();
+                            if let Err(e) = mission_store
+                                .update_mission_history(*mission_id, &entries)
+                                .await
+                            {
+                                tracing::warn!(
+                                    "Failed to persist parallel mission history: {}",
+                                    e
+                                );
                             }
 
                             // If runner has no more queued messages, mark for cleanup
@@ -2480,9 +2895,22 @@ async fn run_single_control_turn(
     progress_snapshot: Arc<RwLock<ExecutionProgress>>,
     mission_id: Option<Uuid>,
 ) -> crate::agents::AgentResult {
+    // Ensure a workspace directory for this mission (if applicable).
+    let working_dir_path = if let Some(mid) = mission_id {
+        match workspace::prepare_mission_workspace(&config, &mcp, mid).await {
+            Ok(dir) => dir,
+            Err(e) => {
+                tracing::warn!("Failed to prepare mission workspace: {}", e);
+                config.working_dir.clone()
+            }
+        }
+    } else {
+        config.working_dir.clone()
+    };
+
     // Build a task prompt that includes conversation context with size limits.
     // Uses ContextBuilder with config-driven limits to prevent context overflow.
-    let working_dir = config.working_dir.to_string_lossy().to_string();
+    let working_dir = working_dir_path.to_string_lossy().to_string();
     let context_builder = ContextBuilder::new(&config.context, &working_dir);
     let history_for_prompt = match history.last() {
         Some((role, content)) if role == "user" && content == &user_message => {
@@ -2517,18 +2945,13 @@ async fn run_single_control_turn(
     // Context for agent execution.
     let llm = Arc::new(OpenRouterClient::new(config.api_key.clone()));
 
-    // Create shared memory reference for memory tools
-    let shared_memory: Option<crate::tools::memory::SharedMemory> = memory
-        .as_ref()
-        .map(|m| Arc::new(tokio::sync::RwLock::new(Some(m.clone()))));
-
-    let tools = ToolRegistry::with_options(mission_control.clone(), shared_memory);
+    let tools = ToolRegistry::empty();
     let mut ctx = AgentContext::with_memory(
         config.clone(),
         llm,
         tools,
         pricing,
-        config.working_dir.clone(),
+        working_dir_path,
         memory,
     );
     ctx.mission_control = mission_control;
diff --git a/src/api/desktop_stream.rs b/src/api/desktop_stream.rs
index b480c1f..a017216 100644
--- a/src/api/desktop_stream.rs
+++ b/src/api/desktop_stream.rs
@@ -95,7 +95,7 @@ enum ClientCommand {
 }
 
 /// Handle the WebSocket connection for desktop streaming
-async fn handle_desktop_stream(mut socket: WebSocket, params: StreamParams) {
+async fn handle_desktop_stream(socket: WebSocket, params: StreamParams) {
     let x11_display = params.display;
     let fps = params.fps.unwrap_or(10).clamp(1, 30);
     let quality = params.quality.unwrap_or(70).clamp(10, 100);
@@ -131,9 +131,8 @@ async fn handle_desktop_stream(mut socket: WebSocket, params: StreamParams) {
 
     // Streaming state
     let mut paused = false;
-    let mut current_fps = fps;
     let mut current_quality = quality;
-    let mut frame_interval = Duration::from_millis(1000 / current_fps as u64);
+    let mut frame_interval = Duration::from_millis(1000 / fps as u64);
 
     // Main streaming loop
     let mut stream_task = tokio::spawn(async move {
@@ -152,11 +151,13 @@ async fn handle_desktop_stream(mut socket: WebSocket, params: StreamParams) {
                         tracing::debug!("Stream resumed");
                     }
                     ClientCommand::SetFps { fps: new_fps } => {
-                        current_fps = new_fps.clamp(1, 30);
-                        frame_interval = Duration::from_millis(1000 / current_fps as u64);
-                        tracing::debug!(fps = current_fps, "FPS changed");
+                        let clamped = new_fps.clamp(1, 30);
+                        frame_interval = Duration::from_millis(1000 / clamped as u64);
+                        tracing::debug!(fps = clamped, "FPS changed");
                     }
-                    ClientCommand::SetQuality { quality: new_quality } => {
+                    ClientCommand::SetQuality {
+                        quality: new_quality,
+                    } => {
                         current_quality = new_quality.clamp(10, 100);
                         tracing::debug!(quality = current_quality, "Quality changed");
                     }
diff --git a/src/api/fs.rs b/src/api/fs.rs
index fead95f..46fe013 100644
--- a/src/api/fs.rs
+++ b/src/api/fs.rs
@@ -500,6 +500,9 @@ pub async fn upload_chunk(
     Query(q): Query<ChunkUploadQuery>,
     mut multipart: Multipart,
 ) -> Result<Json<serde_json::Value>, (StatusCode, String)> {
+    if q.path.trim().is_empty() {
+        return Err((StatusCode::BAD_REQUEST, "Invalid path".to_string()));
+    }
     // Sanitize upload_id to prevent path traversal attacks
     let safe_upload_id = sanitize_path_component(&q.upload_id);
     if safe_upload_id.is_empty() {
diff --git a/src/api/mcp.rs b/src/api/mcp.rs
index 016b988..ce34fcf 100644
--- a/src/api/mcp.rs
+++ b/src/api/mcp.rs
@@ -11,6 +11,7 @@ use serde::{Deserialize, Serialize};
 use uuid::Uuid;
 
 use crate::mcp::{AddMcpRequest, McpServerState};
+use crate::workspace;
 
 use super::routes::AppState;
 
@@ -40,12 +41,13 @@ pub async fn add_mcp(
     State(state): State<Arc<AppState>>,
     Json(req): Json<AddMcpRequest>,
 ) -> Result<Json<McpServerState>, (StatusCode, String)> {
-    state
+    let added = state
         .mcp
         .add(req)
         .await
-        .map(Json)
-        .map_err(|e| (StatusCode::BAD_REQUEST, e.to_string()))
+        .map_err(|e| (StatusCode::BAD_REQUEST, e.to_string()))?;
+    let _ = workspace::sync_all_workspaces(&state.config, &state.mcp).await;
+    Ok(Json(added))
 }
 
 /// Remove an MCP server.
@@ -57,8 +59,9 @@ pub async fn remove_mcp(
         .mcp
         .remove(id)
         .await
-        .map(|_| Json(serde_json::json!({ "success": true })))
-        .map_err(|e| (StatusCode::NOT_FOUND, e.to_string()))
+        .map_err(|e| (StatusCode::NOT_FOUND, e.to_string()))?;
+    let _ = workspace::sync_all_workspaces(&state.config, &state.mcp).await;
+    Ok(Json(serde_json::json!({ "success": true })))
 }
 
 /// Enable an MCP server.
@@ -66,12 +69,13 @@ pub async fn enable_mcp(
     State(state): State<Arc<AppState>>,
     Path(id): Path<Uuid>,
 ) -> Result<Json<McpServerState>, (StatusCode, String)> {
-    state
+    let updated = state
         .mcp
         .enable(id)
         .await
-        .map(Json)
-        .map_err(|e| (StatusCode::NOT_FOUND, e.to_string()))
+        .map_err(|e| (StatusCode::NOT_FOUND, e.to_string()))?;
+    let _ = workspace::sync_all_workspaces(&state.config, &state.mcp).await;
+    Ok(Json(updated))
 }
 
 /// Disable an MCP server.
@@ -79,12 +83,13 @@ pub async fn disable_mcp(
     State(state): State<Arc<AppState>>,
     Path(id): Path<Uuid>,
 ) -> Result<Json<McpServerState>, (StatusCode, String)> {
-    state
+    let updated = state
         .mcp
         .disable(id)
         .await
-        .map(Json)
-        .map_err(|e| (StatusCode::NOT_FOUND, e.to_string()))
+        .map_err(|e| (StatusCode::NOT_FOUND, e.to_string()))?;
+    let _ = workspace::sync_all_workspaces(&state.config, &state.mcp).await;
+    Ok(Json(updated))
 }
 
 /// Refresh an MCP server (reconnect and discover tools).
@@ -146,17 +151,6 @@ pub enum ToolSource {
 pub async fn list_tools(State(state): State<Arc<AppState>>) -> Json<Vec<ToolInfo>> {
     let mut tools = Vec::new();
 
-    // Add built-in tools from the ToolRegistry
-    let builtin_tools = crate::tools::ToolRegistry::new().list_tools();
-    for t in builtin_tools {
-        tools.push(ToolInfo {
-            name: t.name.clone(),
-            description: t.description.clone(),
-            source: ToolSource::Builtin,
-            enabled: state.mcp.is_tool_enabled(&t.name).await,
-        });
-    }
-
     // Add MCP tools
     let mcp_tools = state.mcp.list_tools().await;
     let mcp_states = state.mcp.list().await;
diff --git a/src/api/mission_runner.rs b/src/api/mission_runner.rs
index 7d97b1f..8add0eb 100644
--- a/src/api/mission_runner.rs
+++ b/src/api/mission_runner.rs
@@ -11,7 +11,6 @@
 //! - Working directory (isolated per mission)
 
 use std::collections::VecDeque;
-use std::path::PathBuf;
 use std::sync::Arc;
 use std::time::Instant;
 
@@ -27,6 +26,7 @@ use crate::mcp::McpRegistry;
 use crate::memory::{ContextBuilder, MemorySystem};
 use crate::task::{extract_deliverables, DeliverableSet, VerificationCriteria};
 use crate::tools::ToolRegistry;
+use crate::workspace;
 
 use super::control::{
     AgentEvent, AgentTreeNode, ControlStatus, ExecutionProgress, FrontendToolHub,
@@ -108,25 +108,6 @@ pub struct MissionRunner {
     pub explicitly_completed: bool,
 }
 
-/// Compute the working directory path for a mission.
-/// Format: /root/work/mission-{first 8 chars of UUID}/
-pub fn mission_working_dir(base_work_dir: &std::path::Path, mission_id: Uuid) -> PathBuf {
-    let short_id = &mission_id.to_string()[..8];
-    base_work_dir.join(format!("mission-{}", short_id))
-}
-
-/// Ensure the mission working directory exists with proper structure.
-/// Creates: mission-xxx/, mission-xxx/output/, mission-xxx/temp/
-pub fn ensure_mission_dir(
-    base_work_dir: &std::path::Path,
-    mission_id: Uuid,
-) -> std::io::Result<PathBuf> {
-    let dir = mission_working_dir(base_work_dir, mission_id);
-    std::fs::create_dir_all(dir.join("output"))?;
-    std::fs::create_dir_all(dir.join("temp"))?;
-    Ok(dir)
-}
-
 impl MissionRunner {
     /// Create a new mission runner.
     pub fn new(mission_id: Uuid, model_override: Option<String>) -> Self {
@@ -436,7 +417,7 @@ async fn run_mission_turn(
     convo.push_str("User:\n");
     convo.push_str(&user_message);
     convo.push_str(&deliverable_reminder);
-    convo.push_str("\n\nInstructions:\n- Continue the conversation helpfully.\n- You may use tools to gather information or make changes.\n- When appropriate, use Tool UI tools (ui_*) for structured output or to ask for user selections.\n- For large data processing tasks (>10KB), use run_command to execute Python scripts rather than processing inline.\n- USE information already provided in the message - do not ask for URLs, paths, or details that were already given.\n- When you have fully completed the user's goal or determined it cannot be completed, use the complete_mission tool to mark the mission status.");
+    convo.push_str("\n\nInstructions:\n- Continue the conversation helpfully.\n- Use available tools to gather information or make changes.\n- For large data processing tasks (>10KB), prefer executing scripts rather than inline processing.\n- USE information already provided in the message - do not ask for URLs, paths, or details that were already given.\n- When you have fully completed the user's goal or determined it cannot be completed, state that clearly in your final response.");
     convo.push_str(multi_step_instructions);
     convo.push_str("\n");
 
@@ -458,30 +439,24 @@ async fn run_mission_turn(
     // Create LLM client
     let llm = Arc::new(OpenRouterClient::new(config.api_key.clone()));
 
-    // Ensure mission working directory exists
-    // This creates /root/work/mission-{short_id}/ with output/ and temp/ subdirs
-    let base_work_dir = config.working_dir.join("work");
-    let mission_work_dir = match ensure_mission_dir(&base_work_dir, mission_id) {
-        Ok(dir) => {
-            tracing::info!(
-                "Mission {} working directory: {}",
-                mission_id,
-                dir.display()
-            );
-            dir
-        }
-        Err(e) => {
-            tracing::warn!("Failed to create mission directory, using default: {}", e);
-            config.working_dir.clone()
-        }
-    };
+    // Ensure mission workspace exists and is configured for OpenCode.
+    let mission_work_dir =
+        match workspace::prepare_mission_workspace(&config, &mcp, mission_id).await {
+            Ok(dir) => {
+                tracing::info!(
+                    "Mission {} workspace directory: {}",
+                    mission_id,
+                    dir.display()
+                );
+                dir
+            }
+            Err(e) => {
+                tracing::warn!("Failed to prepare mission workspace, using default: {}", e);
+                config.working_dir.clone()
+            }
+        };
 
-    // Create shared memory reference for memory tools
-    let shared_memory: Option<crate::tools::memory::SharedMemory> = memory
-        .as_ref()
-        .map(|m| Arc::new(tokio::sync::RwLock::new(Some(m.clone()))));
-
-    let tools = ToolRegistry::with_options(mission_control.clone(), shared_memory);
+    let tools = ToolRegistry::empty();
     let mut ctx = AgentContext::with_memory(
         config.clone(),
         llm,
diff --git a/src/api/providers.rs b/src/api/providers.rs
index a87e9b7..194bd0b 100644
--- a/src/api/providers.rs
+++ b/src/api/providers.rs
@@ -51,9 +51,13 @@ pub struct ProvidersConfig {
 
 /// Load providers configuration from file.
 fn load_providers_config(working_dir: &str) -> ProvidersConfig {
-    let config_path = format!("{}/.open_agent/providers.json", working_dir);
+    let config_path = format!("{}/.openagent/providers.json", working_dir);
+    let legacy_path = format!("{}/.open_agent/providers.json", working_dir);
 
-    match std::fs::read_to_string(&config_path) {
+    let contents =
+        std::fs::read_to_string(&config_path).or_else(|_| std::fs::read_to_string(&legacy_path));
+
+    match contents {
         Ok(contents) => match serde_json::from_str(&contents) {
             Ok(config) => config,
             Err(e) => {
@@ -63,8 +67,9 @@ fn load_providers_config(working_dir: &str) -> ProvidersConfig {
         },
         Err(_) => {
             tracing::info!(
-                "No providers.json found at {}. Using defaults.",
-                config_path
+                "No providers.json found at {} or {}. Using defaults.",
+                config_path,
+                legacy_path
             );
             default_providers_config()
         }
diff --git a/src/api/routes.rs b/src/api/routes.rs
index c0f3464..50d7480 100644
--- a/src/api/routes.rs
+++ b/src/api/routes.rs
@@ -6,7 +6,7 @@ use tokio::sync::RwLock;
 
 use axum::middleware;
 use axum::{
-    extract::{DefaultBodyLimit, Path, Query, State},
+    extract::{DefaultBodyLimit, Extension, Path, Query, State},
     http::StatusCode,
     response::{
         sse::{Event, Sse},
@@ -23,13 +23,14 @@ use uuid::Uuid;
 
 use crate::agents::{AgentContext, AgentRef, OpenCodeAgent};
 use crate::budget::ModelPricing;
-use crate::config::Config;
+use crate::config::{AuthMode, Config};
 use crate::llm::OpenRouterClient;
 use crate::mcp::McpRegistry;
 use crate::memory::{self, MemorySystem};
 use crate::tools::ToolRegistry;
+use crate::workspace;
 
-use super::auth;
+use super::auth::{self, AuthUser};
 use super::console;
 use super::control;
 use super::desktop_stream;
@@ -40,13 +41,13 @@ use super::types::*;
 /// Shared application state.
 pub struct AppState {
     pub config: Config,
-    pub tasks: RwLock<HashMap<Uuid, TaskState>>,
+    pub tasks: RwLock<HashMap<String, HashMap<Uuid, TaskState>>>,
     /// The agent used for task execution
     pub root_agent: AgentRef,
     /// Memory system (optional)
     pub memory: Option<MemorySystem>,
     /// Global interactive control session
-    pub control: control::ControlState,
+    pub control: control::ControlHub,
     /// MCP server registry
     pub mcp: Arc<McpRegistry>,
     /// Benchmark registry for task-aware model selection
@@ -60,8 +61,14 @@ pub async fn serve(config: Config) -> anyhow::Result<()> {
     // Always use OpenCode backend
     let root_agent: AgentRef = Arc::new(OpenCodeAgent::new(config.clone()));
 
-    // Initialize memory system (optional - needs Supabase config)
-    let memory = memory::init_memory(&config.memory, &config.api_key).await;
+    // Initialize memory system (optional - needs Supabase config).
+    // Disable memory in multi-user mode to avoid cross-user leakage.
+    let memory = if matches!(config.auth.auth_mode(config.dev_mode), AuthMode::MultiUser) {
+        tracing::warn!("Multi-user auth enabled: disabling memory system");
+        None
+    } else {
+        memory::init_memory(&config.memory, &config.api_key).await
+    };
 
     // Initialize MCP registry
     let mcp = Arc::new(McpRegistry::new(&config.working_dir).await);
@@ -80,7 +87,7 @@ pub async fn serve(config: Config) -> anyhow::Result<()> {
     let resolver = crate::budget::load_resolver(&config.working_dir.to_string_lossy());
 
     // Spawn the single global control session actor.
-    let control_state = control::spawn_control_session(
+    let control_state = control::ControlHub::new(
         config.clone(),
         Arc::clone(&root_agent),
         memory.clone(),
@@ -265,33 +272,43 @@ async fn shutdown_signal(state: Arc<AppState>) {
 
     tracing::info!("Shutdown signal received, marking running missions as interrupted...");
 
-    // Send graceful shutdown command to control session
-    let (tx, rx) = tokio::sync::oneshot::channel();
-    if let Err(e) = state
-        .control
-        .cmd_tx
-        .send(control::ControlCommand::GracefulShutdown { respond: tx })
-        .await
-    {
-        tracing::error!("Failed to send shutdown command: {}", e);
+    // Send graceful shutdown command to all control sessions
+    let sessions = state.control.all_sessions().await;
+    if sessions.is_empty() {
+        tracing::info!("No active control sessions to shut down");
         return;
     }
 
-    match rx.await {
-        Ok(interrupted_ids) => {
-            if interrupted_ids.is_empty() {
-                tracing::info!("No running missions to interrupt");
-            } else {
-                tracing::info!(
-                    "Marked {} missions as interrupted: {:?}",
-                    interrupted_ids.len(),
-                    interrupted_ids
-                );
+    let mut all_interrupted: Vec<Uuid> = Vec::new();
+    for control in sessions {
+        let (tx, rx) = tokio::sync::oneshot::channel();
+        if let Err(e) = control
+            .cmd_tx
+            .send(control::ControlCommand::GracefulShutdown { respond: tx })
+            .await
+        {
+            tracing::error!("Failed to send shutdown command: {}", e);
+            continue;
+        }
+
+        match rx.await {
+            Ok(mut interrupted_ids) => {
+                all_interrupted.append(&mut interrupted_ids);
+            }
+            Err(e) => {
+                tracing::error!("Failed to receive shutdown response: {}", e);
             }
         }
-        Err(e) => {
-            tracing::error!("Failed to receive shutdown response: {}", e);
-        }
+    }
+
+    if all_interrupted.is_empty() {
+        tracing::info!("No running missions to interrupt");
+    } else {
+        tracing::info!(
+            "Marked {} missions as interrupted: {:?}",
+            all_interrupted.len(),
+            all_interrupted
+        );
     }
 
     tracing::info!("Graceful shutdown complete");
@@ -299,32 +316,51 @@ async fn shutdown_signal(state: Arc<AppState>) {
 
 /// Health check endpoint.
 async fn health(State(state): State<Arc<AppState>>) -> Json<HealthResponse> {
+    let auth_mode = match state.config.auth.auth_mode(state.config.dev_mode) {
+        AuthMode::Disabled => "disabled",
+        AuthMode::SingleTenant => "single_tenant",
+        AuthMode::MultiUser => "multi_user",
+    };
     Json(HealthResponse {
         status: "ok".to_string(),
         version: env!("CARGO_PKG_VERSION").to_string(),
         dev_mode: state.config.dev_mode,
         auth_required: state.config.auth.auth_required(state.config.dev_mode),
+        auth_mode: auth_mode.to_string(),
         max_iterations: state.config.max_iterations,
     })
 }
 
 /// Get system statistics.
-async fn get_stats(State(state): State<Arc<AppState>>) -> Json<StatsResponse> {
+async fn get_stats(
+    State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
+) -> Json<StatsResponse> {
     let tasks = state.tasks.read().await;
+    let user_tasks = tasks.get(&user.id);
 
-    let total_tasks = tasks.len();
-    let active_tasks = tasks
-        .values()
-        .filter(|t| t.status == TaskStatus::Running)
-        .count();
-    let completed_tasks = tasks
-        .values()
-        .filter(|t| t.status == TaskStatus::Completed)
-        .count();
-    let failed_tasks = tasks
-        .values()
-        .filter(|t| t.status == TaskStatus::Failed)
-        .count();
+    let total_tasks = user_tasks.map(|t| t.len()).unwrap_or(0);
+    let active_tasks = user_tasks
+        .map(|t| {
+            t.values()
+                .filter(|s| s.status == TaskStatus::Running)
+                .count()
+        })
+        .unwrap_or(0);
+    let completed_tasks = user_tasks
+        .map(|t| {
+            t.values()
+                .filter(|s| s.status == TaskStatus::Completed)
+                .count()
+        })
+        .unwrap_or(0);
+    let failed_tasks = user_tasks
+        .map(|t| {
+            t.values()
+                .filter(|s| s.status == TaskStatus::Failed)
+                .count()
+        })
+        .unwrap_or(0);
 
     // Calculate total cost from runs in database
     let total_cost_cents = if let Some(mem) = &state.memory {
@@ -351,9 +387,15 @@ async fn get_stats(State(state): State<Arc<AppState>>) -> Json<StatsResponse> {
 }
 
 /// List all tasks.
-async fn list_tasks(State(state): State<Arc<AppState>>) -> Json<Vec<TaskState>> {
+async fn list_tasks(
+    State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
+) -> Json<Vec<TaskState>> {
     let tasks = state.tasks.read().await;
-    let mut task_list: Vec<_> = tasks.values().cloned().collect();
+    let mut task_list: Vec<_> = tasks
+        .get(&user.id)
+        .map(|t| t.values().cloned().collect())
+        .unwrap_or_default();
     // Sort by most recent first (by ID since UUIDs are time-ordered)
     task_list.sort_by(|a, b| b.id.cmp(&a.id));
     Json(task_list)
@@ -362,11 +404,13 @@ async fn list_tasks(State(state): State<Arc<AppState>>) -> Json<Vec<TaskState>>
 /// Stop a running task.
 async fn stop_task(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
     Path(id): Path<Uuid>,
 ) -> Result<Json<serde_json::Value>, (StatusCode, String)> {
     let mut tasks = state.tasks.write().await;
+    let user_tasks = tasks.entry(user.id).or_default();
 
-    if let Some(task) = tasks.get_mut(&id) {
+    if let Some(task) = user_tasks.get_mut(&id) {
         if task.status == TaskStatus::Running {
             task.status = TaskStatus::Cancelled;
             task.result = Some("Task was cancelled by user".to_string());
@@ -388,6 +432,7 @@ async fn stop_task(
 /// Create a new task.
 async fn create_task(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
     Json(req): Json<CreateTaskRequest>,
 ) -> Result<Json<CreateTaskResponse>, (StatusCode, String)> {
     let id = Uuid::new_v4();
@@ -408,19 +453,27 @@ async fn create_task(
     // Store task
     {
         let mut tasks = state.tasks.write().await;
-        tasks.insert(id, task_state);
+        tasks
+            .entry(user.id.clone())
+            .or_default()
+            .insert(id, task_state);
     }
 
     // Spawn background task to run the agent
     let state_clone = Arc::clone(&state);
     let task_description = req.task.clone();
-    let working_dir = req
-        .working_dir
-        .map(std::path::PathBuf::from)
-        .unwrap_or_else(|| state.config.working_dir.clone());
+    let working_dir = req.working_dir.map(std::path::PathBuf::from);
 
     tokio::spawn(async move {
-        run_agent_task(state_clone, id, task_description, model, working_dir).await;
+        run_agent_task(
+            state_clone,
+            user.id,
+            id,
+            task_description,
+            model,
+            working_dir,
+        )
+        .await;
     });
 
     Ok(Json(CreateTaskResponse {
@@ -432,16 +485,19 @@ async fn create_task(
 /// Run the agent for a task (background).
 async fn run_agent_task(
     state: Arc<AppState>,
+    user_id: String,
     task_id: Uuid,
     task_description: String,
     requested_model: String,
-    working_dir: std::path::PathBuf,
+    working_dir: Option<std::path::PathBuf>,
 ) {
     // Update status to running
     {
         let mut tasks = state.tasks.write().await;
-        if let Some(task_state) = tasks.get_mut(&task_id) {
-            task_state.status = TaskStatus::Running;
+        if let Some(user_tasks) = tasks.get_mut(&user_id) {
+            if let Some(task_state) = user_tasks.get_mut(&task_id) {
+                task_state.status = TaskStatus::Running;
+            }
         }
     }
 
@@ -455,9 +511,11 @@ async fn run_agent_task(
         Ok(t) => t,
         Err(e) => {
             let mut tasks = state.tasks.write().await;
-            if let Some(task_state) = tasks.get_mut(&task_id) {
-                task_state.status = TaskStatus::Failed;
-                task_state.result = Some(format!("Failed to create task: {}", e));
+            if let Some(user_tasks) = tasks.get_mut(&user_id) {
+                if let Some(task_state) = user_tasks.get_mut(&task_id) {
+                    task_state.status = TaskStatus::Failed;
+                    task_state.result = Some(format!("Failed to create task: {}", e));
+                }
             }
             return;
         }
@@ -468,9 +526,28 @@ async fn run_agent_task(
         task.analysis_mut().requested_model = Some(requested_model);
     }
 
+    // Prepare workspace for this task (or use a provided custom dir)
+    let working_dir = if let Some(dir) = working_dir {
+        match workspace::prepare_custom_workspace(&state.config, &state.mcp, dir).await {
+            Ok(path) => path,
+            Err(e) => {
+                tracing::warn!("Failed to prepare custom workspace: {}", e);
+                state.config.working_dir.clone()
+            }
+        }
+    } else {
+        match workspace::prepare_task_workspace(&state.config, &state.mcp, task_id).await {
+            Ok(path) => path,
+            Err(e) => {
+                tracing::warn!("Failed to prepare task workspace: {}", e);
+                state.config.working_dir.clone()
+            }
+        }
+    };
+
     // Create context with the specified working directory and memory
     let llm = Arc::new(OpenRouterClient::new(state.config.api_key.clone()));
-    let tools = ToolRegistry::new();
+    let tools = ToolRegistry::empty();
     let pricing = Arc::new(ModelPricing::new());
 
     let mut ctx = AgentContext::with_memory(
@@ -605,47 +682,50 @@ async fn run_agent_task(
     // Update task with result
     {
         let mut tasks = state.tasks.write().await;
-        if let Some(task_state) = tasks.get_mut(&task_id) {
-            // Extract iterations and tools from result data
-            // Note: RootAgent wraps executor data under "execution" field
-            if let Some(data) = &result.data {
-                // Try to get execution data (may be nested under "execution" from RootAgent)
-                let exec_data = data.get("execution").unwrap_or(data);
+        if let Some(user_tasks) = tasks.get_mut(&user_id) {
+            if let Some(task_state) = user_tasks.get_mut(&task_id) {
+                // Extract iterations and tools from result data
+                // Note: RootAgent wraps executor data under "execution" field
+                if let Some(data) = &result.data {
+                    // Try to get execution data (may be nested under "execution" from RootAgent)
+                    let exec_data = data.get("execution").unwrap_or(data);
 
-                // Update iterations count from execution signals
-                if let Some(signals) = exec_data.get("execution_signals") {
-                    if let Some(iterations) = signals.get("iterations").and_then(|v| v.as_u64()) {
-                        task_state.iterations = iterations as usize;
+                    // Update iterations count from execution signals
+                    if let Some(signals) = exec_data.get("execution_signals") {
+                        if let Some(iterations) = signals.get("iterations").and_then(|v| v.as_u64())
+                        {
+                            task_state.iterations = iterations as usize;
+                        }
                     }
-                }
 
-                // Add log entries for tools used
-                if let Some(tools_used) = exec_data.get("tools_used") {
-                    if let Some(arr) = tools_used.as_array() {
-                        for tool in arr {
-                            task_state.log.push(TaskLogEntry {
-                                timestamp: "0".to_string(),
-                                entry_type: LogEntryType::ToolCall,
-                                content: tool.as_str().unwrap_or("").to_string(),
-                            });
+                    // Add log entries for tools used
+                    if let Some(tools_used) = exec_data.get("tools_used") {
+                        if let Some(arr) = tools_used.as_array() {
+                            for tool in arr {
+                                task_state.log.push(TaskLogEntry {
+                                    timestamp: "0".to_string(),
+                                    entry_type: LogEntryType::ToolCall,
+                                    content: tool.as_str().unwrap_or("").to_string(),
+                                });
+                            }
                         }
                     }
                 }
-            }
 
-            // Add final response log
-            task_state.log.push(TaskLogEntry {
-                timestamp: "0".to_string(),
-                entry_type: LogEntryType::Response,
-                content: result.output.clone(),
-            });
+                // Add final response log
+                task_state.log.push(TaskLogEntry {
+                    timestamp: "0".to_string(),
+                    entry_type: LogEntryType::Response,
+                    content: result.output.clone(),
+                });
 
-            if result.success {
-                task_state.status = TaskStatus::Completed;
-                task_state.result = Some(result.output);
-            } else {
-                task_state.status = TaskStatus::Failed;
-                task_state.result = Some(format!("Error: {}", result.output));
+                if result.success {
+                    task_state.status = TaskStatus::Completed;
+                    task_state.result = Some(result.output);
+                } else {
+                    task_state.status = TaskStatus::Failed;
+                    task_state.result = Some(format!("Error: {}", result.output));
+                }
             }
         }
     }
@@ -654,13 +734,13 @@ async fn run_agent_task(
 /// Get task status and result.
 async fn get_task(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
     Path(id): Path<Uuid>,
 ) -> Result<Json<TaskState>, (StatusCode, String)> {
     let tasks = state.tasks.read().await;
-
     tasks
-        .get(&id)
-        .cloned()
+        .get(&user.id)
+        .and_then(|t| t.get(&id).cloned())
         .map(Json)
         .ok_or_else(|| (StatusCode::NOT_FOUND, format!("Task {} not found", id)))
 }
@@ -668,13 +748,18 @@ async fn get_task(
 /// Stream task progress via SSE.
 async fn stream_task(
     State(state): State<Arc<AppState>>,
+    Extension(user): Extension<AuthUser>,
     Path(id): Path<Uuid>,
 ) -> Result<Sse<impl Stream<Item = Result<Event, std::convert::Infallible>>>, (StatusCode, String)>
 {
     // Check task exists
     {
         let tasks = state.tasks.read().await;
-        if !tasks.contains_key(&id) {
+        if !tasks
+            .get(&user.id)
+            .map(|t| t.contains_key(&id))
+            .unwrap_or(false)
+        {
             return Err((StatusCode::NOT_FOUND, format!("Task {} not found", id)));
         }
     }
@@ -686,7 +771,8 @@ async fn stream_task(
         loop {
             let (status, log_entries, result) = {
                 let tasks = state.tasks.read().await;
-                if let Some(task) = tasks.get(&id) {
+                let user_tasks = tasks.get(&user.id);
+                if let Some(task) = user_tasks.and_then(|t| t.get(&id)) {
                     (task.status.clone(), task.log.clone(), task.result.clone())
                 } else {
                     break;
@@ -738,6 +824,17 @@ async fn list_runs(
     State(state): State<Arc<AppState>>,
     Query(params): Query<ListRunsQuery>,
 ) -> Result<Json<serde_json::Value>, (StatusCode, String)> {
+    let limit = params.limit.unwrap_or(20);
+    let offset = params.offset.unwrap_or(0);
+
+    if state.memory.is_none() {
+        return Ok(Json(serde_json::json!({
+            "runs": [],
+            "limit": limit,
+            "offset": offset
+        })));
+    }
+
     let mem = state.memory.as_ref().ok_or_else(|| {
         (
             StatusCode::SERVICE_UNAVAILABLE,
@@ -745,9 +842,6 @@ async fn list_runs(
         )
     })?;
 
-    let limit = params.limit.unwrap_or(20);
-    let offset = params.offset.unwrap_or(0);
-
     let runs = mem
         .retriever
         .list_runs(limit, offset)
@@ -766,6 +860,9 @@ async fn get_run(
     State(state): State<Arc<AppState>>,
     Path(id): Path<Uuid>,
 ) -> Result<Json<serde_json::Value>, (StatusCode, String)> {
+    if state.memory.is_none() {
+        return Err((StatusCode::NOT_FOUND, "Run not found".to_string()));
+    }
     let mem = state.memory.as_ref().ok_or_else(|| {
         (
             StatusCode::SERVICE_UNAVAILABLE,
@@ -789,6 +886,12 @@ async fn get_run_events(
     Path(id): Path<Uuid>,
     Query(params): Query<ListRunsQuery>,
 ) -> Result<Json<serde_json::Value>, (StatusCode, String)> {
+    if state.memory.is_none() {
+        return Ok(Json(serde_json::json!({
+            "run_id": id,
+            "events": []
+        })));
+    }
     let mem = state.memory.as_ref().ok_or_else(|| {
         (
             StatusCode::SERVICE_UNAVAILABLE,
@@ -813,6 +916,12 @@ async fn get_run_tasks(
     State(state): State<Arc<AppState>>,
     Path(id): Path<Uuid>,
 ) -> Result<Json<serde_json::Value>, (StatusCode, String)> {
+    if state.memory.is_none() {
+        return Ok(Json(serde_json::json!({
+            "run_id": id,
+            "tasks": []
+        })));
+    }
     let mem = state.memory.as_ref().ok_or_else(|| {
         (
             StatusCode::SERVICE_UNAVAILABLE,
@@ -845,6 +954,12 @@ async fn search_memory(
     State(state): State<Arc<AppState>>,
     Query(params): Query<SearchMemoryQuery>,
 ) -> Result<Json<serde_json::Value>, (StatusCode, String)> {
+    if state.memory.is_none() {
+        return Ok(Json(serde_json::json!({
+            "query": params.q,
+            "results": []
+        })));
+    }
     let mem = state.memory.as_ref().ok_or_else(|| {
         (
             StatusCode::SERVICE_UNAVAILABLE,
diff --git a/src/api/types.rs b/src/api/types.rs
index 824ef32..a192cdd 100644
--- a/src/api/types.rs
+++ b/src/api/types.rs
@@ -146,6 +146,9 @@ pub struct HealthResponse {
     /// Whether auth is required for API requests (dev_mode=false)
     pub auth_required: bool,
 
+    /// Authentication mode ("disabled", "single_tenant", "multi_user")
+    pub auth_mode: String,
+
     /// Maximum iterations per agent (from MAX_ITERATIONS env var)
     pub max_iterations: usize,
 }
@@ -153,6 +156,8 @@ pub struct HealthResponse {
 /// Login request for dashboard auth.
 #[derive(Debug, Clone, Deserialize)]
 pub struct LoginRequest {
+    #[serde(default)]
+    pub username: Option<String>,
     pub password: String,
 }
 
diff --git a/src/bin/host_mcp.rs b/src/bin/host_mcp.rs
new file mode 100644
index 0000000..01c81df
--- /dev/null
+++ b/src/bin/host_mcp.rs
@@ -0,0 +1,277 @@
+//! MCP Server for core host tools (filesystem + command execution).
+//!
+//! Exposes a minimal set of Open Agent tools to OpenCode via MCP.
+//! Communicates over stdio using JSON-RPC 2.0.
+
+use std::collections::HashMap;
+use std::io::{BufRead, BufReader, Write};
+use std::path::{Path, PathBuf};
+use std::sync::Arc;
+
+use serde::{Deserialize, Serialize};
+use serde_json::{json, Value};
+
+use open_agent::tools;
+use open_agent::tools::Tool;
+
+// =============================================================================
+// JSON-RPC Types
+// =============================================================================
+
+#[derive(Debug, Deserialize)]
+struct JsonRpcRequest {
+    #[allow(dead_code)]
+    jsonrpc: String,
+    #[serde(default)]
+    id: Value,
+    method: String,
+    #[serde(default)]
+    params: Value,
+}
+
+#[derive(Debug, Serialize)]
+struct JsonRpcResponse {
+    jsonrpc: String,
+    id: Value,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    result: Option<Value>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    error: Option<JsonRpcError>,
+}
+
+#[derive(Debug, Serialize)]
+struct JsonRpcError {
+    code: i32,
+    message: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    data: Option<Value>,
+}
+
+impl JsonRpcResponse {
+    fn success(id: Value, result: Value) -> Self {
+        Self {
+            jsonrpc: "2.0".to_string(),
+            id,
+            result: Some(result),
+            error: None,
+        }
+    }
+
+    fn error(id: Value, code: i32, message: impl Into<String>) -> Self {
+        Self {
+            jsonrpc: "2.0".to_string(),
+            id,
+            result: None,
+            error: Some(JsonRpcError {
+                code,
+                message: message.into(),
+                data: None,
+            }),
+        }
+    }
+}
+
+// =============================================================================
+// MCP Types
+// =============================================================================
+
+#[derive(Debug, Serialize)]
+struct ToolDefinition {
+    name: String,
+    description: String,
+    #[serde(rename = "inputSchema")]
+    input_schema: Value,
+}
+
+#[derive(Debug, Serialize)]
+struct ToolResult {
+    content: Vec<ToolContent>,
+    #[serde(rename = "isError")]
+    is_error: bool,
+}
+
+#[derive(Debug, Serialize)]
+#[serde(tag = "type")]
+enum ToolContent {
+    #[serde(rename = "text")]
+    Text { text: String },
+}
+
+// =============================================================================
+// Tool Registry
+// =============================================================================
+
+fn working_dir() -> PathBuf {
+    std::env::var("OPEN_AGENT_WORKSPACE")
+        .map(PathBuf::from)
+        .unwrap_or_else(|_| std::env::current_dir().unwrap_or_else(|_| PathBuf::from(".")))
+}
+
+fn tool_set() -> HashMap<String, Arc<dyn Tool>> {
+    let mut tools: HashMap<String, Arc<dyn Tool>> = HashMap::new();
+
+    tools.insert("read_file".to_string(), Arc::new(tools::ReadFile));
+    tools.insert(
+        "write_file".to_string(),
+        Arc::new(tools::WriteFile),
+    );
+    tools.insert(
+        "delete_file".to_string(),
+        Arc::new(tools::DeleteFile),
+    );
+    tools.insert(
+        "list_directory".to_string(),
+        Arc::new(tools::ListDirectory),
+    );
+    tools.insert(
+        "search_files".to_string(),
+        Arc::new(tools::SearchFiles),
+    );
+    tools.insert("grep_search".to_string(), Arc::new(tools::GrepSearch));
+    tools.insert("run_command".to_string(), Arc::new(tools::RunCommand));
+    tools.insert("git_status".to_string(), Arc::new(tools::GitStatus));
+    tools.insert("git_diff".to_string(), Arc::new(tools::GitDiff));
+    tools.insert("git_commit".to_string(), Arc::new(tools::GitCommit));
+    tools.insert("git_log".to_string(), Arc::new(tools::GitLog));
+    tools.insert("web_search".to_string(), Arc::new(tools::WebSearch));
+    tools.insert("fetch_url".to_string(), Arc::new(tools::FetchUrl));
+
+    tools
+}
+
+fn tool_definitions(tools: &HashMap<String, Arc<dyn Tool>>) -> Vec<ToolDefinition> {
+    let mut defs = Vec::new();
+    for tool in tools.values() {
+        defs.push(ToolDefinition {
+            name: tool.name().to_string(),
+            description: tool.description().to_string(),
+            input_schema: tool.parameters_schema(),
+        });
+    }
+    defs.sort_by(|a, b| a.name.cmp(&b.name));
+    defs
+}
+
+fn execute_tool(
+    runtime: &tokio::runtime::Runtime,
+    tools: &HashMap<String, Arc<dyn Tool>>,
+    name: &str,
+    args: &Value,
+    working_dir: &Path,
+) -> ToolResult {
+    let Some(tool) = tools.get(name) else {
+        return ToolResult {
+            content: vec![ToolContent::Text {
+                text: format!("Unknown tool: {}", name),
+            }],
+            is_error: true,
+        };
+    };
+
+    let result = runtime.block_on(tool.execute(args.clone(), working_dir));
+    match result {
+        Ok(text) => ToolResult {
+            content: vec![ToolContent::Text { text }],
+            is_error: false,
+        },
+        Err(e) => ToolResult {
+            content: vec![ToolContent::Text {
+                text: format!("Tool error: {}", e),
+            }],
+            is_error: true,
+        },
+    }
+}
+
+fn handle_request(
+    request: &JsonRpcRequest,
+    runtime: &tokio::runtime::Runtime,
+    tools: &HashMap<String, Arc<dyn Tool>>,
+    working_dir: &Path,
+) -> Option<JsonRpcResponse> {
+    match request.method.as_str() {
+        "initialize" => Some(JsonRpcResponse::success(
+            request.id.clone(),
+            json!({
+                "protocolVersion": "2024-11-05",
+                "serverInfo": {
+                    "name": "host-mcp",
+                    "version": env!("CARGO_PKG_VERSION"),
+                },
+                "capabilities": {
+                    "tools": {
+                        "listChanged": false
+                    }
+                }
+            }),
+        )),
+        "notifications/initialized" | "initialized" => None,
+        "tools/list" => {
+            let defs = tool_definitions(tools);
+            Some(JsonRpcResponse::success(request.id.clone(), json!({ "tools": defs })))
+        }
+        "tools/call" => {
+            let name = request
+                .params
+                .get("name")
+                .and_then(|v| v.as_str())
+                .unwrap_or("");
+            let args = request
+                .params
+                .get("arguments")
+                .cloned()
+                .unwrap_or(json!({}));
+            let result = execute_tool(runtime, tools, name, &args, working_dir);
+            Some(JsonRpcResponse::success(request.id.clone(), json!(result)))
+        }
+        _ => Some(JsonRpcResponse::error(
+            request.id.clone(),
+            -32601,
+            format!("Method not found: {}", request.method),
+        )),
+    }
+}
+
+fn main() {
+    eprintln!("[host-mcp] Starting MCP server for host tools...");
+
+    let runtime = tokio::runtime::Builder::new_multi_thread()
+        .enable_all()
+        .build()
+        .expect("Failed to start tokio runtime");
+
+    let tools = tool_set();
+    let workspace = working_dir();
+
+    let stdin = std::io::stdin();
+    let mut stdout = std::io::stdout();
+    let reader = BufReader::new(stdin.lock());
+
+    for line in reader.lines() {
+        let line = match line {
+            Ok(l) => l,
+            Err(_) => break,
+        };
+
+        if line.trim().is_empty() {
+            continue;
+        }
+
+        let request: JsonRpcRequest = match serde_json::from_str(&line) {
+            Ok(req) => req,
+            Err(e) => {
+                let response = JsonRpcResponse::error(Value::Null, -32700, e.to_string());
+                let _ = writeln!(stdout, "{}", serde_json::to_string(&response).unwrap());
+                let _ = stdout.flush();
+                continue;
+            }
+        };
+
+        if let Some(response) = handle_request(&request, &runtime, &tools, &workspace) {
+            if let Ok(resp) = serde_json::to_string(&response) {
+                let _ = writeln!(stdout, "{}", resp);
+                let _ = stdout.flush();
+            }
+        }
+    }
+}
diff --git a/src/config.rs b/src/config.rs
index 4acf7fc..cb0774c 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -10,6 +10,7 @@
 //! - `OPENCODE_BASE_URL` - Optional. Base URL for OpenCode server. Defaults to `http://127.0.0.1:4096`.
 //! - `OPENCODE_AGENT` - Optional. OpenCode agent name (e.g., `build`, `plan`).
 //! - `OPENCODE_PERMISSIVE` - Optional. If true, auto-allows all permissions for OpenCode sessions (default: true).
+//! - `OPEN_AGENT_USERS` - Optional. JSON array of user accounts for multi-user auth.
 //! - `CONSOLE_SSH_HOST` - Optional. Host for dashboard console/file explorer SSH (default: 127.0.0.1).
 //! - `CONSOLE_SSH_PORT` - Optional. SSH port (default: 22).
 //! - `CONSOLE_SSH_USER` - Optional. SSH user (default: root).
@@ -25,6 +26,7 @@
 //! and search anywhere on the machine. The `WORKING_DIR` is just the default for relative paths.
 
 use base64::Engine;
+use serde::Deserialize;
 use std::path::PathBuf;
 use thiserror::Error;
 
@@ -306,7 +308,7 @@ impl ConsoleSshConfig {
     }
 }
 
-/// API auth configuration (single-tenant).
+/// API auth configuration.
 #[derive(Debug, Clone)]
 pub struct AuthConfig {
     /// Password required by the dashboard to obtain a JWT.
@@ -317,6 +319,9 @@ pub struct AuthConfig {
 
     /// JWT validity in days.
     pub jwt_ttl_days: i64,
+
+    /// Multi-user accounts (if set, overrides dashboard_password auth).
+    pub users: Vec<UserAccount>,
 }
 
 impl Default for AuthConfig {
@@ -325,14 +330,50 @@ impl Default for AuthConfig {
             dashboard_password: None,
             jwt_secret: None,
             jwt_ttl_days: 30,
+            users: Vec::new(),
         }
     }
 }
 
+/// Authentication mode for the server.
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum AuthMode {
+    Disabled,
+    SingleTenant,
+    MultiUser,
+}
+
+/// User account for multi-user auth.
+#[derive(Debug, Clone, Deserialize)]
+pub struct UserAccount {
+    /// Stable identifier for the user (defaults to username).
+    #[serde(default)]
+    pub id: String,
+    pub username: String,
+    pub password: String,
+}
+
 impl AuthConfig {
     /// Whether auth is required for API requests.
     pub fn auth_required(&self, dev_mode: bool) -> bool {
-        !dev_mode && self.dashboard_password.is_some() && self.jwt_secret.is_some()
+        matches!(
+            self.auth_mode(dev_mode),
+            AuthMode::SingleTenant | AuthMode::MultiUser
+        )
+    }
+
+    /// Determine the current auth mode.
+    pub fn auth_mode(&self, dev_mode: bool) -> AuthMode {
+        if dev_mode {
+            return AuthMode::Disabled;
+        }
+        if !self.users.is_empty() {
+            return AuthMode::MultiUser;
+        }
+        if self.dashboard_password.is_some() && self.jwt_secret.is_some() {
+            return AuthMode::SingleTenant;
+        }
+        AuthMode::Disabled
     }
 }
 
@@ -413,6 +454,25 @@ impl Config {
             // In debug builds, default to dev_mode=true; in release, default to false.
             .unwrap_or(cfg!(debug_assertions));
 
+        let users = std::env::var("OPEN_AGENT_USERS")
+            .ok()
+            .filter(|raw| !raw.trim().is_empty())
+            .map(|raw| {
+                serde_json::from_str::<Vec<UserAccount>>(&raw).map_err(|e| {
+                    ConfigError::InvalidValue("OPEN_AGENT_USERS".to_string(), e.to_string())
+                })
+            })
+            .transpose()?
+            .unwrap_or_default()
+            .into_iter()
+            .map(|mut user| {
+                if user.id.trim().is_empty() {
+                    user.id = user.username.clone();
+                }
+                user
+            })
+            .collect::<Vec<_>>();
+
         let auth = AuthConfig {
             dashboard_password: std::env::var("DASHBOARD_PASSWORD").ok(),
             jwt_secret: std::env::var("JWT_SECRET").ok(),
@@ -425,15 +485,47 @@ impl Config {
                 })
                 .transpose()?
                 .unwrap_or(30),
+            users,
         };
 
         // In non-dev mode, require auth secrets to be set.
         if !dev_mode {
-            if auth.dashboard_password.is_none() {
-                return Err(ConfigError::MissingEnvVar("DASHBOARD_PASSWORD".to_string()));
-            }
-            if auth.jwt_secret.is_none() {
-                return Err(ConfigError::MissingEnvVar("JWT_SECRET".to_string()));
+            match auth.auth_mode(dev_mode) {
+                AuthMode::MultiUser => {
+                    if auth.users.is_empty() {
+                        return Err(ConfigError::MissingEnvVar("OPEN_AGENT_USERS".to_string()));
+                    }
+                    if auth.jwt_secret.is_none() {
+                        return Err(ConfigError::MissingEnvVar("JWT_SECRET".to_string()));
+                    }
+                    if auth
+                        .users
+                        .iter()
+                        .any(|u| u.username.trim().is_empty() || u.password.trim().is_empty())
+                    {
+                        return Err(ConfigError::InvalidValue(
+                            "OPEN_AGENT_USERS".to_string(),
+                            "username/password must be non-empty".to_string(),
+                        ));
+                    }
+                }
+                AuthMode::SingleTenant => {
+                    if auth.dashboard_password.is_none() {
+                        return Err(ConfigError::MissingEnvVar("DASHBOARD_PASSWORD".to_string()));
+                    }
+                    if auth.jwt_secret.is_none() {
+                        return Err(ConfigError::MissingEnvVar("JWT_SECRET".to_string()));
+                    }
+                }
+                AuthMode::Disabled => {
+                    // Provide a more specific error message when partial config exists
+                    if auth.dashboard_password.is_some() && auth.jwt_secret.is_none() {
+                        return Err(ConfigError::MissingEnvVar("JWT_SECRET".to_string()));
+                    }
+                    return Err(ConfigError::MissingEnvVar(
+                        "DASHBOARD_PASSWORD or OPEN_AGENT_USERS".to_string(),
+                    ));
+                }
             }
         }
 
diff --git a/src/lib.rs b/src/lib.rs
index 31bc373..700d4fd 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -43,6 +43,7 @@ pub mod memory;
 pub mod opencode;
 pub mod task;
 pub mod tools;
+pub mod workspace;
 
 pub use config::Config;
 pub use config::MemoryConfig;
diff --git a/src/mcp/config.rs b/src/mcp/config.rs
index bd59d02..3f85733 100644
--- a/src/mcp/config.rs
+++ b/src/mcp/config.rs
@@ -18,14 +18,25 @@ pub struct McpConfigStore {
 impl McpConfigStore {
     /// Create a new config store, loading from disk if available.
     pub async fn new(working_dir: &Path) -> Self {
-        let config_dir = working_dir.join(".open_agent").join("mcp");
+        let config_dir = working_dir.join(".openagent").join("mcp");
         let config_path = config_dir.join("config.json");
+        let legacy_path = working_dir
+            .join(".open_agent")
+            .join("mcp")
+            .join("config.json");
 
         let configs = if config_path.exists() {
-            match tokio::fs::read_to_string(&config_path).await {
-                Ok(content) => serde_json::from_str(&content).unwrap_or_default(),
-                Err(_) => Vec::new(),
-            }
+            tokio::fs::read_to_string(&config_path)
+                .await
+                .ok()
+                .and_then(|content| serde_json::from_str(&content).ok())
+                .unwrap_or_default()
+        } else if legacy_path.exists() {
+            tokio::fs::read_to_string(&legacy_path)
+                .await
+                .ok()
+                .and_then(|content| serde_json::from_str(&content).ok())
+                .unwrap_or_default()
         } else {
             Vec::new()
         };
diff --git a/src/mcp/mod.rs b/src/mcp/mod.rs
index bdf26ef..2b65c63 100644
--- a/src/mcp/mod.rs
+++ b/src/mcp/mod.rs
@@ -1,7 +1,7 @@
 //! MCP (Model Context Protocol) management module.
 //!
 //! Allows dynamic addition/removal of MCP servers and their tools without restarting.
-//! Configurations are persisted to `{working_dir}/.open_agent/mcp/config.json`.
+//! Configurations are persisted to `{working_dir}/.openagent/mcp/config.json`.
 
 mod config;
 mod registry;
diff --git a/src/mcp/registry.rs b/src/mcp/registry.rs
index 6b9a047..748ad85 100644
--- a/src/mcp/registry.rs
+++ b/src/mcp/registry.rs
@@ -62,7 +62,8 @@ impl McpRegistry {
         let config_store = Arc::new(McpConfigStore::new(working_dir).await);
 
         // Initialize states from configs
-        let configs = config_store.list().await;
+        let mut configs = config_store.list().await;
+        configs = Self::ensure_defaults(&config_store, configs, working_dir).await;
         let mut states = HashMap::new();
         for config in configs {
             states.insert(config.id, McpServerState::from_config(config));
@@ -85,6 +86,119 @@ impl McpRegistry {
         }
     }
 
+    /// Return the raw MCP configs (for workspace opencode.json generation).
+    pub async fn list_configs(&self) -> Vec<McpServerConfig> {
+        self.config_store.list().await
+    }
+
+    fn default_configs(working_dir: &Path) -> Vec<McpServerConfig> {
+        let mut desktop_env = HashMap::new();
+        if let Ok(res) = std::env::var("DESKTOP_RESOLUTION") {
+            if !res.trim().is_empty() {
+                desktop_env.insert("DESKTOP_RESOLUTION".to_string(), res);
+            }
+        } else {
+            desktop_env.insert("DESKTOP_RESOLUTION".to_string(), "1920x1080".to_string());
+        }
+
+        let repo_desktop = working_dir
+            .join("target")
+            .join("release")
+            .join("desktop-mcp");
+        let desktop_command = if repo_desktop.exists() {
+            repo_desktop.to_string_lossy().to_string()
+        } else {
+            "desktop-mcp".to_string()
+        };
+        let desktop = McpServerConfig::new_stdio(
+            "desktop".to_string(),
+            desktop_command,
+            Vec::new(),
+            desktop_env,
+        );
+        let repo_host = working_dir.join("target").join("release").join("host-mcp");
+        let host_command = if repo_host.exists() {
+            repo_host.to_string_lossy().to_string()
+        } else {
+            "host-mcp".to_string()
+        };
+        let host = McpServerConfig::new_stdio(
+            "host".to_string(),
+            host_command,
+            Vec::new(),
+            HashMap::new(),
+        );
+        let playwright = McpServerConfig::new_stdio(
+            "playwright".to_string(),
+            "npx".to_string(),
+            vec![
+                "@playwright/mcp@latest".to_string(),
+                "--isolated".to_string(),
+                "--no-sandbox".to_string(),
+            ],
+            HashMap::new(),
+        );
+        vec![host, desktop, playwright]
+    }
+
+    async fn ensure_defaults(
+        config_store: &McpConfigStore,
+        mut configs: Vec<McpServerConfig>,
+        working_dir: &Path,
+    ) -> Vec<McpServerConfig> {
+        let defaults = Self::default_configs(working_dir);
+        for config in defaults {
+            if configs.iter().any(|c| c.name == config.name) {
+                continue;
+            }
+            match config_store.add(config.clone()).await {
+                Ok(saved) => configs.push(saved),
+                Err(e) => tracing::warn!("Failed to add default MCP {}: {}", config.name, e),
+            }
+        }
+        // Ensure Playwright MCP runs in isolated mode and without sandboxing
+        // so it can launch browsers under root.
+        for config in configs.iter_mut() {
+            if config.name != "playwright" {
+                continue;
+            }
+
+            let missing_flags: Vec<&str> = match &config.transport {
+                McpTransport::Stdio { args, .. } => ["--isolated", "--no-sandbox"]
+                    .iter()
+                    .copied()
+                    .filter(|flag| !args.iter().any(|arg| arg == *flag))
+                    .collect(),
+                McpTransport::Http { .. } => Vec::new(),
+            };
+
+            if missing_flags.is_empty() {
+                continue;
+            }
+
+            if let McpTransport::Stdio { args, .. } = &mut config.transport {
+                for flag in &missing_flags {
+                    args.push((*flag).to_string());
+                }
+            }
+
+            let id = config.id;
+            let _ = config_store
+                .update(id, |c| {
+                    if let McpTransport::Stdio { args, .. } = &mut c.transport {
+                        for flag in ["--isolated", "--no-sandbox"] {
+                            if !args.iter().any(|arg| arg == flag) {
+                                args.push(flag.to_string());
+                            }
+                        }
+                    }
+                })
+                .await;
+        }
+
+        configs
+    }
+
     /// Get the next request ID for JSON-RPC
     fn next_request_id(&self) -> u64 {
         self.request_id.fetch_add(1, Ordering::SeqCst)
diff --git a/src/memory/embed.rs b/src/memory/embed.rs
index 97b8c90..c435a32 100644
--- a/src/memory/embed.rs
+++ b/src/memory/embed.rs
@@ -112,6 +112,7 @@ struct EmbeddingRequest {
 #[derive(Debug, Deserialize)]
 struct EmbeddingResponse {
     data: Vec<EmbeddingData>,
+    #[allow(dead_code)]
     #[serde(default)]
     usage: Option<EmbeddingUsage>,
 }
@@ -123,7 +124,10 @@ struct EmbeddingData {
 }
 
 #[derive(Debug, Deserialize)]
+#[allow(dead_code)]
 struct EmbeddingUsage {
+    #[allow(dead_code)]
     prompt_tokens: u32,
+    #[allow(dead_code)]
     total_tokens: u32,
 }
diff --git a/src/opencode/mod.rs b/src/opencode/mod.rs
index f88dd78..69d2a9c 100644
--- a/src/opencode/mod.rs
+++ b/src/opencode/mod.rs
@@ -4,10 +4,10 @@
 //! OpenCode server, with real-time event streaming.
 
 use anyhow::Context;
-use std::collections::HashMap;
 use futures::StreamExt;
 use serde::Deserialize;
 use serde_json::json;
+use std::collections::HashMap;
 use tokio::sync::mpsc;
 
 #[derive(Clone)]
@@ -140,11 +140,8 @@ impl OpenCodeClient {
                                 let event_str = buffer[..pos].to_string();
                                 buffer = buffer[pos + 2..].to_string();
 
-                                if let Some(event) = parse_sse_event(
-                                    &event_str,
-                                    &session_id_clone,
-                                    &mut sse_state,
-                                )
+                                if let Some(event) =
+                                    parse_sse_event(&event_str, &session_id_clone, &mut sse_state)
                                 {
                                     let is_complete =
                                         matches!(event, OpenCodeEvent::MessageComplete { .. });
@@ -345,10 +342,7 @@ fn looks_like_user_prompt(content: &str) -> bool {
         || trimmed.contains("\nInstructions:\n")
 }
 
-fn handle_part_update(
-    props: &serde_json::Value,
-    state: &mut SseState,
-) -> Option<OpenCodeEvent> {
+fn handle_part_update(props: &serde_json::Value, state: &mut SseState) -> Option<OpenCodeEvent> {
     let part = props.get("part")?;
     let part_type = part.get("type").and_then(|v| v.as_str())?;
     if !matches!(part_type, "text" | "reasoning" | "thinking") {
diff --git a/src/tools/browser.rs b/src/tools/browser.rs
index 7a6edfa..0c686f3 100644
--- a/src/tools/browser.rs
+++ b/src/tools/browser.rs
@@ -108,6 +108,7 @@ impl ProxyConfig {
     }
 
     /// Create the proxy extension directory with configured credentials
+    #[allow(dead_code)]
     fn create_extension(&self) -> anyhow::Result<PathBuf> {
         let ext_dir = std::env::temp_dir().join("open_agent_proxy_ext");
         std::fs::create_dir_all(&ext_dir)?;
@@ -422,6 +423,7 @@ async fn start_gost_forwarder(proxy: &ProxyConfig) -> anyhow::Result<()> {
 }
 
 /// Start a virtual X11 display using Xvfb
+#[allow(dead_code)]
 async fn start_virtual_display() -> anyhow::Result<String> {
     use std::sync::atomic::{AtomicU32, Ordering};
     use tokio::process::Command;
diff --git a/src/tools/file_ops.rs b/src/tools/file_ops.rs
index a46519a..c72dbff 100644
--- a/src/tools/file_ops.rs
+++ b/src/tools/file_ops.rs
@@ -68,11 +68,6 @@ impl Tool for ReadFile {
             Ok(text) => text,
             Err(_) => {
                 // Binary file detected - don't try to display content
-                let ext = resolution
-                    .resolved
-                    .extension()
-                    .map(|e| e.to_string_lossy().to_lowercase())
-                    .unwrap_or_default();
                 return Ok(format!(
                     "Binary file detected: {} ({} bytes)\n\n\
                     Cannot display binary content directly. For this file type:\n\
diff --git a/src/tools/github.rs b/src/tools/github.rs
index a299a1d..7d2e96e 100644
--- a/src/tools/github.rs
+++ b/src/tools/github.rs
@@ -359,9 +359,14 @@ For private repos, set GH_TOKEN env var with a Personal Access Token."
                 ""
             };
 
+            let url_line = repo
+                .url
+                .as_deref()
+                .map(|u| format!("  URL: {}\n", u))
+                .unwrap_or_default();
             output.push_str(&format!(
-                "- **{}**{} ({}, ⭐{})\n  {}\n",
-                repo.name, archived, lang, stars, desc
+                "- **{}**{} ({}, ⭐{})\n  {}\n{}",
+                repo.name, archived, lang, stars, desc, url_line
             ));
         }
 
diff --git a/src/tools/mission.rs b/src/tools/mission.rs
index 543040a..dfbba23 100644
--- a/src/tools/mission.rs
+++ b/src/tools/mission.rs
@@ -132,10 +132,12 @@ IMPORTANT: Use 'blocked' or 'not_feasible' instead of producing fake/placeholder
             "failed" => MissionStatusValue::Failed,
             "blocked" => MissionStatusValue::Blocked,
             "not_feasible" => MissionStatusValue::NotFeasible,
-            other => return Err(anyhow::anyhow!(
+            other => {
+                return Err(anyhow::anyhow!(
                 "Invalid status '{}'. Must be 'completed', 'failed', 'blocked', or 'not_feasible'.",
                 other
-            )),
+            ))
+            }
         };
 
         let Some(control) = &self.control else {
diff --git a/src/tools/mod.rs b/src/tools/mod.rs
index 786d958..35d588d 100644
--- a/src/tools/mod.rs
+++ b/src/tools/mod.rs
@@ -12,7 +12,6 @@
 //! This encourages agents to stay within their assigned workspace while preserving
 //! flexibility for tasks that require broader access.
 
-mod browser;
 mod composite;
 mod desktop;
 mod directory;
@@ -28,6 +27,13 @@ mod terminal;
 mod ui;
 mod web;
 
+pub use directory::{ListDirectory, SearchFiles};
+pub use file_ops::{DeleteFile, ReadFile, WriteFile};
+pub use git::{GitCommit, GitDiff, GitLog, GitStatus};
+pub use search::GrepSearch;
+pub use terminal::RunCommand;
+pub use web::{FetchUrl, WebSearch};
+
 use std::collections::HashMap;
 use std::path::{Path, PathBuf};
 use std::sync::Arc;
@@ -155,6 +161,13 @@ impl ToolRegistry {
         Self::with_options(None, None)
     }
 
+    /// Create an empty registry (no built-in tools).
+    pub fn empty() -> Self {
+        Self {
+            tools: HashMap::new(),
+        }
+    }
+
     /// Create a new registry with all default tools and optional mission control.
     pub fn with_mission_control(mission_control: Option<mission::MissionControl>) -> Self {
         Self::with_options(mission_control, None)
@@ -238,42 +251,6 @@ impl ToolRegistry {
         );
         tools.insert("debug_error".to_string(), Arc::new(composite::DebugError));
 
-        // Browser automation (conditional on BROWSER_ENABLED)
-        let browser_enabled = std::env::var("BROWSER_ENABLED").unwrap_or_default();
-        tracing::info!("BROWSER_ENABLED env var = '{}'", browser_enabled);
-        if browser_enabled.to_lowercase() == "true" || browser_enabled == "1" {
-            tracing::info!("Registering browser automation tools");
-            tools.insert(
-                "browser_navigate".to_string(),
-                Arc::new(browser::BrowserNavigate),
-            );
-            tools.insert(
-                "browser_screenshot".to_string(),
-                Arc::new(browser::BrowserScreenshot),
-            );
-            tools.insert(
-                "browser_get_content".to_string(),
-                Arc::new(browser::BrowserGetContent),
-            );
-            tools.insert("browser_click".to_string(), Arc::new(browser::BrowserClick));
-            tools.insert("browser_type".to_string(), Arc::new(browser::BrowserType));
-            tools.insert(
-                "browser_evaluate".to_string(),
-                Arc::new(browser::BrowserEvaluate),
-            );
-            tools.insert("browser_wait".to_string(), Arc::new(browser::BrowserWait));
-            tools.insert("browser_close".to_string(), Arc::new(browser::BrowserClose));
-            tools.insert(
-                "browser_list_elements".to_string(),
-                Arc::new(browser::BrowserListElements),
-            );
-            tracing::info!(
-                "Registry {}: Added 9 browser tools, total now: {}",
-                registry_id,
-                tools.len()
-            );
-        }
-
         // Desktop automation (conditional on DESKTOP_ENABLED)
         if std::env::var("DESKTOP_ENABLED")
             .map(|v| v.to_lowercase() == "true" || v == "1")
diff --git a/src/tools/web.rs b/src/tools/web.rs
index cf1bb4d..c1c7f61 100644
--- a/src/tools/web.rs
+++ b/src/tools/web.rs
@@ -138,10 +138,11 @@ async fn search_tavily(api_key: &str, query: &str, max_results: u32) -> anyhow::
     // Format individual results
     for (i, result) in tavily_response.results.iter().enumerate() {
         output.push_str(&format!(
-            "### {}. {}\n**URL:** {}\n\n{}\n\n",
+            "### {}. {}\n**URL:** {}\n**Score:** {:.2}\n\n{}\n\n",
             i + 1,
             result.title,
             result.url,
+            result.score,
             result.content
         ));
     }
diff --git a/src/workspace.rs b/src/workspace.rs
new file mode 100644
index 0000000..d7ba3c3
--- /dev/null
+++ b/src/workspace.rs
@@ -0,0 +1,179 @@
+//! Workspace management for OpenCode sessions.
+//!
+//! Open Agent acts as a workspace host for OpenCode. This module creates
+//! per-task/mission workspace directories and writes `opencode.json`
+//! with the currently configured MCP servers.
+
+use std::path::{Path, PathBuf};
+
+use serde_json::json;
+use uuid::Uuid;
+
+use crate::config::Config;
+use crate::mcp::{McpRegistry, McpServerConfig, McpTransport};
+
+fn sanitize_key(name: &str) -> String {
+    name.chars()
+        .filter(|c| c.is_alphanumeric() || *c == '_' || *c == '-')
+        .collect::<String>()
+        .to_lowercase()
+        .replace('-', "_")
+}
+
+fn unique_key(base: &str, used: &mut std::collections::HashSet<String>) -> String {
+    if !used.contains(base) {
+        used.insert(base.to_string());
+        return base.to_string();
+    }
+    let mut i = 2;
+    loop {
+        let candidate = format!("{}_{}", base, i);
+        if !used.contains(&candidate) {
+            used.insert(candidate.clone());
+            return candidate;
+        }
+        i += 1;
+    }
+}
+
+/// Root directory for Open Agent config data (versioned with repo).
+pub fn config_root(working_dir: &Path) -> PathBuf {
+    working_dir.join(".openagent")
+}
+
+/// Root directory for workspace folders.
+pub fn workspaces_root(working_dir: &Path) -> PathBuf {
+    working_dir.join("workspaces")
+}
+
+/// Workspace directory for a mission.
+pub fn mission_workspace_dir(working_dir: &Path, mission_id: Uuid) -> PathBuf {
+    let short_id = &mission_id.to_string()[..8];
+    workspaces_root(working_dir).join(format!("mission-{}", short_id))
+}
+
+/// Workspace directory for a task.
+pub fn task_workspace_dir(working_dir: &Path, task_id: Uuid) -> PathBuf {
+    let short_id = &task_id.to_string()[..8];
+    workspaces_root(working_dir).join(format!("task-{}", short_id))
+}
+
+fn opencode_entry_from_mcp(config: &McpServerConfig, workspace_dir: &Path) -> serde_json::Value {
+    match &config.transport {
+        McpTransport::Http { endpoint } => json!({
+            "type": "http",
+            "endpoint": endpoint,
+            "enabled": config.enabled,
+        }),
+        McpTransport::Stdio { command, args, env } => {
+            let mut entry = serde_json::Map::new();
+            entry.insert("type".to_string(), json!("local"));
+            let mut cmd = vec![command.clone()];
+            cmd.extend(args.clone());
+            entry.insert("command".to_string(), json!(cmd));
+            entry.insert("enabled".to_string(), json!(config.enabled));
+            let mut merged_env = env.clone();
+            merged_env
+                .entry("OPEN_AGENT_WORKSPACE".to_string())
+                .or_insert_with(|| workspace_dir.to_string_lossy().to_string());
+            if !merged_env.is_empty() {
+                entry.insert("environment".to_string(), json!(merged_env));
+            }
+            serde_json::Value::Object(entry)
+        }
+    }
+}
+
+async fn write_opencode_config(
+    workspace_dir: &Path,
+    mcp_configs: Vec<McpServerConfig>,
+) -> anyhow::Result<()> {
+    let mut mcp_map = serde_json::Map::new();
+    let mut used = std::collections::HashSet::new();
+
+    for config in mcp_configs.into_iter().filter(|c| c.enabled) {
+        let base = sanitize_key(&config.name);
+        let key = unique_key(&base, &mut used);
+        mcp_map.insert(key, opencode_entry_from_mcp(&config, workspace_dir));
+    }
+
+    let config_json = json!({
+        "$schema": "https://opencode.ai/config.json",
+        "mcp": mcp_map,
+    });
+
+    let config_path = workspace_dir.join("opencode.json");
+    tokio::fs::write(config_path, serde_json::to_string_pretty(&config_json)?).await?;
+    Ok(())
+}
+
+async fn prepare_workspace_dir(path: &Path) -> anyhow::Result<PathBuf> {
+    tokio::fs::create_dir_all(path.join("output")).await?;
+    tokio::fs::create_dir_all(path.join("temp")).await?;
+    Ok(path.to_path_buf())
+}
+
+/// Prepare a custom workspace directory and write `opencode.json`.
+pub async fn prepare_custom_workspace(
+    _config: &Config,
+    mcp: &McpRegistry,
+    workspace_dir: PathBuf,
+) -> anyhow::Result<PathBuf> {
+    prepare_workspace_dir(&workspace_dir).await?;
+    let mcp_configs = mcp.list_configs().await;
+    write_opencode_config(&workspace_dir, mcp_configs).await?;
+    Ok(workspace_dir)
+}
+
+/// Prepare a workspace directory for a mission and write `opencode.json`.
+pub async fn prepare_mission_workspace(
+    config: &Config,
+    mcp: &McpRegistry,
+    mission_id: Uuid,
+) -> anyhow::Result<PathBuf> {
+    let dir = mission_workspace_dir(&config.working_dir, mission_id);
+    prepare_workspace_dir(&dir).await?;
+    let mcp_configs = mcp.list_configs().await;
+    write_opencode_config(&dir, mcp_configs).await?;
+    Ok(dir)
+}
+
+/// Prepare a workspace directory for a task and write `opencode.json`.
+pub async fn prepare_task_workspace(
+    config: &Config,
+    mcp: &McpRegistry,
+    task_id: Uuid,
+) -> anyhow::Result<PathBuf> {
+    let dir = task_workspace_dir(&config.working_dir, task_id);
+    prepare_workspace_dir(&dir).await?;
+    let mcp_configs = mcp.list_configs().await;
+    write_opencode_config(&dir, mcp_configs).await?;
+    Ok(dir)
+}
+
+/// Regenerate `opencode.json` for all workspace directories.
+pub async fn sync_all_workspaces(config: &Config, mcp: &McpRegistry) -> anyhow::Result<usize> {
+    let root = workspaces_root(&config.working_dir);
+    if !root.exists() {
+        return Ok(0);
+    }
+
+    let mut count = 0;
+    let mcp_configs = mcp.list_configs().await;
+
+    let mut entries = tokio::fs::read_dir(&root).await?;
+    while let Some(entry) = entries.next_entry().await? {
+        let path = entry.path();
+        if !path.is_dir() {
+            continue;
+        }
+        if write_opencode_config(&path, mcp_configs.clone())
+            .await
+            .is_ok()
+        {
+            count += 1;
+        }
+    }
+
+    Ok(count)
+}