Upload folder using huggingface_hub

TASKS.md

@@ -20,9 +20,9 @@ Legend:
 - [ ] Standardize API error schema across endpoints (single shape for UI).
 
 ## P2 — UI/UX, settings, admin, landing
-- [~] Landing + route split (`/` landing, `/login`, `/app`) and UI redirects updated.
-- [ ] Split `static/dashboard.html` into JS/CSS modules.
-- [ ] Theme tokens shared across login + dashboard (single source of truth).
+- [x] Landing + route split (`/` landing, `/login`, `/app`) and UI redirects updated.
+- [x] Split `static/dashboard.html` into JS/CSS files (`static/dashboard.js`, `static/dashboard.css`).
+- [~] Theme tokens shared across login + dashboard (single source of truth via `static/theme.css`).
 - [ ] Separate Settings vs Admin dashboard (dedicated pages/sections + RBAC).
 
 ## P2 — Provider auth parity (Codex/Gemini/Claude)
@@ -41,7 +41,7 @@ Legend:
 - [ ] Stop/reconnect improvements (resume stream after transient disconnects).
 
 ## P2/P3 — MCP registry
-- [ ] First-class MCP registry storage (per-user + templates).
+- [~] First-class MCP registry storage (per-user persistence via backend).
 - [ ] “Test connection”, “list tools”, tool allow/deny UI.
 - [ ] Import/export `mcp.json` via UI with validation.
 
@@ -61,4 +61,3 @@ Legend:
 - [x] Add `.env.example`.
 - [x] Add `docs/ARCHITECTURE.md`, `docs/SECURITY_DEPLOYMENT.md`, `docs/TROUBLESHOOTING.md`.
 - [x] Add lint/tests + CI (`ruff`, `pytest`, `.github/workflows/ci.yml`).
-

app/routes/base.py

@@ -38,6 +38,16 @@ async def read_app():
     return FileResponse(str(_STATIC / "dashboard.html"))
 
 
+@router.get("/settings")
+async def read_settings():
+    return FileResponse(str(_STATIC / "dashboard.html"))
+
+
+@router.get("/admin")
+async def read_admin():
+    return FileResponse(str(_STATIC / "dashboard.html"))
+
+
 @router.get("/health")
 async def health_check():
     return {"status": "ok"}

app/routes/user.py

@@ -0,0 +1,86 @@
+from __future__ import annotations
+
+import json
+from typing import Any, Optional
+
+from fastapi import APIRouter, HTTPException, Request
+from pydantic import BaseModel
+
+from app.auth import require_user_from_request
+from app.settings import feature_enabled
+from app.storage import user_data_dir
+
+router = APIRouter()
+
+
+def _is_admin(user: dict[str, Any]) -> bool:
+    # Minimal heuristic; can be replaced with Supabase custom claims / RLS-backed roles later.
+    meta = user.get("user_metadata") or {}
+    if isinstance(meta, dict) and meta.get("is_admin") is True:
+        return True
+    return False
+
+
+@router.get("/api/me")
+async def me(http_request: Request):
+    user = await require_user_from_request(http_request)
+    return {
+        "id": user.get("id"),
+        "email": user.get("email"),
+        "isAdmin": _is_admin(user),
+        "features": {
+            "terminal": feature_enabled("terminal"),
+            "codex": feature_enabled("codex"),
+            "mcp": feature_enabled("mcp"),
+            "indexing": feature_enabled("indexing"),
+        },
+    }
+
+
+class McpRegistry(BaseModel):
+    version: int = 1
+    servers: list[dict[str, Any]] = []
+
+
+def _registry_path(user_id: str) -> str:
+    return str(user_data_dir(user_id) / "mcp-registry.json")
+
+
+@router.get("/api/user/mcp-registry")
+async def get_mcp_registry(http_request: Request):
+    user = await require_user_from_request(http_request)
+    path = _registry_path(str(user.get("id") or ""))
+    try:
+        with open(path, "r", encoding="utf-8") as f:
+            return json.load(f)
+    except FileNotFoundError:
+        return {"version": 1, "servers": []}
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+@router.put("/api/user/mcp-registry")
+async def put_mcp_registry(body: McpRegistry, http_request: Request):
+    user = await require_user_from_request(http_request)
+    path = _registry_path(str(user.get("id") or ""))
+
+    # Light validation: ensure each server has an id and url.
+    servers = []
+    for s in body.servers or []:
+        if not isinstance(s, dict):
+            continue
+        sid = str(s.get("id") or s.get("name") or "").strip()
+        url = str(s.get("url") or "").strip()
+        if not sid or not url:
+            continue
+        servers.append(s)
+
+    payload = {"version": int(body.version or 1), "servers": servers}
+    try:
+        with open(path, "w", encoding="utf-8") as f:
+            json.dump(payload, f, indent=2, ensure_ascii=False)
+            f.write("\n")
+        return {"ok": True, "count": len(servers)}
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+

app/server.py

@@ -14,6 +14,7 @@ from app.routes.chat import router as chat_router
 from app.routes.codex import router as codex_router
 from app.routes.mcp import router as mcp_router
 from app.routes.terminal import router as terminal_router
+from app.routes.user import router as user_router
 
 _ROOT = Path(__file__).resolve().parent.parent
 
@@ -73,5 +74,6 @@ def create_app() -> FastAPI:
     app.include_router(codex_router)
     app.include_router(mcp_router)
     app.include_router(terminal_router)
+    app.include_router(user_router)
 
     return app

app/storage.py

@@ -0,0 +1,33 @@
+from __future__ import annotations
+
+import os
+from pathlib import Path
+
+
+def _writable_dir(path: Path) -> bool:
+    try:
+        path.mkdir(parents=True, exist_ok=True)
+        test = path / ".write_test"
+        test.write_text("ok", encoding="utf-8")
+        test.unlink(missing_ok=True)
+        return True
+    except Exception:
+        return False
+
+
+def user_data_dir(user_id: str) -> Path:
+    """
+    Returns a per-user writable directory for server-side persistence.
+
+    Prefers `/data` (HF Spaces) and falls back to `~/.autonomy-labs`.
+    """
+    user_id = (user_id or "").strip() or "unknown"
+
+    preferred = Path("/data") / "autonomy-labs" / "users" / user_id
+    if preferred.parent.exists() and _writable_dir(preferred):
+        return preferred
+
+    fallback = Path(os.path.expanduser("~")) / ".autonomy-labs" / "users" / user_id
+    fallback.mkdir(parents=True, exist_ok=True)
+    return fallback
+

docs/ARCHITECTURE.md

@@ -17,7 +17,9 @@
   - `codex.py`: `/api/codex*` and Codex login helpers
   - `mcp.py`: `/api/mcp/*`
   - `terminal.py`: `/ws/terminal`
+  - `user.py`: `/api/me` and per-user persisted config (e.g., MCP registry)
 - `app/auth.py`: Supabase access-token verification (server-side) with small TTL cache.
+- `app/storage.py`: per-user server-side persistence directory selection (`/data` preferred).
 
 ## Frontend layout
 
@@ -31,4 +33,3 @@ The following capabilities are high-risk and gated:
 - MCP tool calls
 
 Auth is enforced server-side via Supabase access tokens. Feature flags can disable them entirely.
-

static/dashboard.css

@@ -0,0 +1,370 @@
+/* Common background utility overrides for light mode */
+[data-theme="light"] .bg-gray-900 { background-color: var(--panel-bg-2) !important; }
+[data-theme="light"] .bg-gray-800 { background-color: var(--panel-bg) !important; }
+[data-theme="light"] .bg-black { background-color: #0b1220 !important; }
+[data-theme="light"] #terminal-view { background-color: var(--panel-bg-2) !important; }
+[data-theme="light"] .border-gray-700 { border-color: var(--border) !important; }
+[data-theme="light"] .border-gray-600 { border-color: var(--border) !important; }
+
+/* Text utility overrides for light mode */
+[data-theme="light"] .text-white { color: var(--app-fg) !important; }
+[data-theme="light"] .text-gray-300 { color: rgba(15, 23, 42, 0.92) !important; }
+[data-theme="light"] .text-gray-400 { color: rgba(15, 23, 42, 0.78) !important; }
+[data-theme="light"] .text-gray-500 { color: rgba(15, 23, 42, 0.66) !important; }
+[data-theme="light"] .text-gray-200 { color: rgba(15, 23, 42, 0.96) !important; }
+
+[data-theme="light"] a { color: #1d4ed8; }
+[data-theme="light"] .prose a { color: #1d4ed8; }
+
+/* Inputs in light mode */
+[data-theme="light"] input,
+[data-theme="light"] textarea,
+[data-theme="light"] select {
+    background-color: #ffffff !important;
+    color: var(--app-fg) !important;
+    border-color: var(--border) !important;
+}
+
+/* Chat bubbles in light mode */
+[data-theme="light"] .user-message {
+    background-color: rgba(37, 99, 235, 0.10);
+    border-color: rgba(37, 99, 235, 0.22);
+    color: rgba(2, 6, 23, 0.9);
+}
+[data-theme="light"] .ai-message {
+    background-color: rgba(15, 23, 42, 0.04);
+    border-color: rgba(15, 23, 42, 0.10);
+    color: rgba(2, 6, 23, 0.9);
+}
+
+/* Notes preview readability in light mode */
+[data-theme="light"] #notes-preview {
+    color: rgba(2, 6, 23, 0.92);
+}
+
+/* Dashboard cards/surfaces in light mode (Tailwind arbitrary opacity classes) */
+[data-theme="light"] .bg-gray-800\\/60 { background-color: rgba(255, 255, 255, 0.92) !important; }
+[data-theme="light"] .bg-gray-900\\/40 { background-color: rgba(15, 23, 42, 0.03) !important; }
+[data-theme="light"] .bg-gray-900\\/30 { background-color: rgba(15, 23, 42, 0.03) !important; }
+
+[data-theme="light"] .shadow-xl { box-shadow: 0 18px 45px rgba(2, 6, 23, 0.08) !important; }
+.view-section {
+    transition: opacity 0.2s;
+}
+
+::-webkit-scrollbar {
+    width: 8px;
+    height: 8px;
+}
+
+::-webkit-scrollbar-track {
+    bg: #1f2937;
+}
+
+::-webkit-scrollbar-thumb {
+    background: #4b5563;
+    border-radius: 4px;
+}
+
+::-webkit-scrollbar-thumb:hover {
+    background: #6b7280;
+}
+
+.katex {
+    font-size: 1.1em;
+}
+
+.chat-message pre {
+    margin: 0;
+    padding: 0.5rem;
+    background: #1a1b26;
+    border-radius: 0.5rem;
+    position: relative;
+    overflow-x: auto;
+}
+
+/* Ensure code is always readable (prose/prose-invert can override colors). */
+.chat-message pre code {
+    color: #e5e7eb !important;
+    background: transparent !important;
+    font-size: 0.9em;
+}
+
+.chat-message code {
+    color: #e5e7eb !important;
+}
+
+.chat-message :not(pre) > code {
+    color: #e5e7eb;
+    background: rgba(255, 255, 255, 0.08);
+    border: 1px solid rgba(255, 255, 255, 0.12);
+    padding: 0.1rem 0.3rem;
+    border-radius: 0.35rem;
+}
+
+/* Tailwind typography adds backticks via pseudo-elements; disable to avoid confusion. */
+.chat-message.prose code::before,
+.chat-message.prose code::after {
+    content: "" !important;
+}
+
+.chat-message pre code .hljs-comment,
+.chat-message pre code .hljs-quote {
+    color: #9ca3af;
+}
+
+.copy-btn {
+    position: absolute;
+    top: 5px;
+    right: 5px;
+    background: #374151;
+    color: white;
+    border-radius: 4px;
+    padding: 2px 6px;
+    font-size: 0.75rem;
+    opacity: 0;
+    transition: opacity 0.2s;
+}
+
+.chat-message pre:hover .copy-btn {
+    opacity: 1;
+}
+
+.run-btn {
+    position: absolute;
+    top: 5px;
+    right: 56px;
+    background: #2563eb;
+    color: white;
+    border-radius: 4px;
+    padding: 2px 6px;
+    font-size: 0.75rem;
+    opacity: 0;
+    transition: opacity 0.2s;
+}
+
+.chat-message pre:hover .run-btn {
+    opacity: 1;
+}
+
+.xterm-viewport {
+    overflow-y: hidden !important;
+}
+
+/* Ubuntu-ish terminal look */
+.xterm, .xterm * {
+    font-family: "Ubuntu Mono", ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;
+}
+
+/* Terminal chrome (borders + subtle depth) */
+#terminals-container > div,
+#agent-terminals-container > div {
+    border: 1px solid rgba(148, 163, 184, 0.18);
+    border-radius: 12px;
+    box-shadow: 0 10px 30px rgba(0, 0, 0, 0.25);
+    background: #300a24;
+}
+
+[data-theme="light"] #terminals-container > div {
+    border-color: rgba(2, 6, 23, 0.12);
+    box-shadow: 0 10px 30px rgba(2, 6, 23, 0.10);
+}
+
+/* Make the xterm area blend with the chrome */
+#terminals-container .xterm,
+#agent-terminals-container .xterm {
+    padding: 10px;
+}
+
+/* Nicer scrollbars inside terminals */
+#terminals-container .xterm-viewport::-webkit-scrollbar,
+#agent-terminals-container .xterm-viewport::-webkit-scrollbar {
+    width: 10px;
+}
+#terminals-container .xterm-viewport::-webkit-scrollbar-thumb,
+#agent-terminals-container .xterm-viewport::-webkit-scrollbar-thumb {
+    background: rgba(148, 163, 184, 0.25);
+    border-radius: 10px;
+    border: 2px solid rgba(0, 0, 0, 0);
+    background-clip: padding-box;
+}
+
+/* Resizable terminal viewport wrapper */
+.terminal-resizable {
+    resize: both;
+    overflow: auto;
+    min-width: 320px;
+    min-height: 200px;
+    max-width: 100%;
+    max-height: 100%;
+    position: relative;
+}
+
+/* Terminal split layouts (Terminal tab only) */
+.terminal-grid {
+    display: grid;
+    gap: 10px;
+    padding: 10px;
+}
+.terminal-grid.single { grid-template-columns: 1fr; grid-template-rows: 1fr; }
+.terminal-grid.vsplit { grid-template-columns: 1fr 1fr; grid-template-rows: 1fr; }
+.terminal-grid.hsplit { grid-template-columns: 1fr; grid-template-rows: 1fr 1fr; }
+.terminal-grid.quad { grid-template-columns: 1fr 1fr; grid-template-rows: 1fr 1fr; }
+.terminal-pane {
+    position: relative;
+    min-height: 0;
+    min-width: 0;
+}
+
+/* Agent split panes (chat | terminal) */
+.split-root {
+    display: flex;
+    flex: 1 1 auto;
+    min-height: 0;
+    min-width: 0;
+}
+
+.split-pane {
+    min-width: 0;
+    min-height: 0;
+    display: flex;
+    flex-direction: column;
+}
+
+.split-divider {
+    width: 10px;
+    cursor: col-resize;
+    background: linear-gradient(to bottom, rgba(148, 163, 184, 0.15), rgba(148, 163, 184, 0.05));
+    border-left: 1px solid rgba(148, 163, 184, 0.15);
+    border-right: 1px solid rgba(148, 163, 184, 0.15);
+    flex: 0 0 auto;
+    user-select: none;
+    touch-action: none;
+}
+
+.split-divider::after {
+    content: "";
+    position: absolute;
+    width: 4px;
+    height: 42px;
+    left: 50%;
+    top: 50%;
+    transform: translate(-50%, -50%);
+    border-radius: 6px;
+    background: rgba(148, 163, 184, 0.25);
+}
+
+.split-divider {
+    position: relative;
+}
+
+.agent-terminal-chrome {
+    background: radial-gradient(1200px 600px at 20% 0%, rgba(114, 159, 207, 0.18), transparent 60%),
+                radial-gradient(1000px 500px at 80% 100%, rgba(173, 127, 168, 0.12), transparent 55%),
+                #0b1220;
+}
+
+.agent-pane-surface {
+    background: rgba(15, 23, 42, 0.35);
+}
+
+.agent-toolbar {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+    gap: 8px;
+    padding: 10px 12px;
+    border-bottom: 1px solid rgba(75, 85, 99, 0.7);
+    background: rgba(17, 24, 39, 0.75);
+    backdrop-filter: blur(6px);
+}
+
+.agent-toolbar .hint {
+    font-size: 12px;
+    color: rgba(203, 213, 225, 0.75);
+}
+
+.attachment-strip {
+    display: flex;
+    gap: 8px;
+    flex-wrap: wrap;
+}
+
+.attachment-thumb {
+    width: 88px;
+    height: 64px;
+    border-radius: 10px;
+    overflow: hidden;
+    position: relative;
+    border: 1px solid rgba(148, 163, 184, 0.25);
+    background: rgba(15, 23, 42, 0.35);
+}
+
+.attachment-thumb img {
+    width: 100%;
+    height: 100%;
+    object-fit: cover;
+    display: block;
+}
+
+.attachment-thumb button {
+    position: absolute;
+    top: 4px;
+    right: 4px;
+    width: 20px;
+    height: 20px;
+    border-radius: 999px;
+    border: 0;
+    background: rgba(15, 23, 42, 0.75);
+    color: #e5e7eb;
+    cursor: pointer;
+    line-height: 20px;
+    font-size: 12px;
+}
+
+/* Unified Settings drawer */
+.settings-overlay {
+    position: absolute;
+    inset: 0;
+    background: rgba(2, 6, 23, 0.6);
+    backdrop-filter: blur(2px);
+    z-index: 50;
+}
+
+.settings-drawer {
+    position: absolute;
+    top: 0;
+    right: 0;
+    height: 100%;
+    width: min(420px, 92vw);
+    background: rgba(17, 24, 39, 0.98);
+    border-left: 1px solid rgba(75, 85, 99, 0.7);
+    z-index: 60;
+    box-shadow: -20px 0 50px rgba(0, 0, 0, 0.35);
+}
+
+.settings-hidden {
+    display: none;
+}
+
+.chat-message {
+    max-width: 80%;
+    padding: 10px;
+    margin: 5px;
+    border-radius: 10px;
+    word-wrap: break-word;
+}
+
+.user-message {
+    background-color: rgba(96, 165, 250, 0.22);
+    border: 1px solid rgba(96, 165, 250, 0.35);
+    align-self: flex-end;
+    color: #e6f0ff;
+}
+
+.ai-message {
+    background-color: rgba(148, 163, 184, 0.12);
+    border: 1px solid rgba(148, 163, 184, 0.22);
+    align-self: flex-start;
+    color: #f1f5f9;
+}

static/index.html

@@ -7,9 +7,10 @@
     <title>Login - autonomy-labs</title>
     <script src="https://cdn.tailwindcss.com"></script>
     <script src="https://cdn.jsdelivr.net/npm/@supabase/supabase-js@2"></script>
+    <link rel="stylesheet" href="/static/theme.css">
 </head>
 
-<body class="bg-gray-900 text-white flex items-center justify-center min-h-screen">
+<body class="text-white flex items-center justify-center min-h-screen">
     <div class="w-full max-w-md p-8 space-y-6 bg-gray-800 rounded-lg shadow-lg">
         <h1 class="text-3xl font-bold text-center text-blue-500">autonomy-labs Login</h1>
 
@@ -37,99 +38,7 @@
             </div>
         </form>
     </div>
-
-    <script>
-        let supabase;
-
-        async function initSupabase() {
-            try {
-                const res = await fetch('/config');
-                const config = await res.json();
-                if (!config.supabase_url || !config.supabase_key) {
-                    throw new Error('Supabase configuration missing');
-                }
-                supabase = window.supabase.createClient(config.supabase_url, config.supabase_key);
-
-                // Register toggle (default disabled)
-                const allowSignup = localStorage.getItem('auth_allow_signup_v1') === '1';
-                const registerBtn = document.getElementById('register-btn');
-                if (!allowSignup && registerBtn) {
-                    registerBtn.style.display = 'none';
-                }
-
-                // Check if already logged in
-                const { data: { session } } = await supabase.auth.getSession();
-                if (session) {
-                    window.location.href = '/app';
-                }
-            } catch (error) {
-                console.error('Error initializing Supabase:', error);
-                showAlert('Error initializing application configuration', 'error');
-            }
-        }
-
-        function showAlert(message, type = 'error') {
-            const alert = document.getElementById('alert');
-            alert.textContent = message;
-            alert.classList.remove('hidden');
-            if (type === 'success') {
-                alert.classList.remove('text-red-500');
-                alert.classList.add('text-green-500');
-            } else {
-                alert.classList.remove('text-green-500');
-                alert.classList.add('text-red-500');
-            }
-        }
-
-        async function handleAuth(type) {
-            const email = document.getElementById('email').value;
-            const password = document.getElementById('password').value;
-
-            if (!supabase) {
-                showAlert('Supabase not initialized');
-                return;
-            }
-
-            try {
-                let result;
-                if (type === 'login') {
-                    result = await supabase.auth.signInWithPassword({ email, password });
-                } else {
-                    result = await supabase.auth.signUp({ email, password });
-                }
-
-                if (result.error) throw result.error;
-
-                if (type === 'register') {
-                    if (result.data && result.data.session) {
-                        // Email verification is disabled, user is logged in
-                        window.location.href = '/app';
-                    } else {
-                        showAlert('Registration successful! Please check your email to verify (if enabled) or try logging in.', 'success');
-                    }
-                } else {
-                    window.location.href = '/app';
-                }
-            } catch (error) {
-                showAlert(error.message);
-            }
-        }
-
-        document.getElementById('auth-form').addEventListener('submit', (e) => {
-            e.preventDefault();
-            handleAuth('login');
-        });
-
-        document.getElementById('register-btn').addEventListener('click', () => {
-            if (localStorage.getItem('auth_allow_signup_v1') === '1') {
-                handleAuth('register');
-            } else {
-                showAlert('Registration is disabled by the administrator.');
-            }
-        });
-
-        initSupabase();
-    </script>
+    <script src="/static/login.js"></script>
 </body>
 
 </html>

static/landing.html

@@ -6,6 +6,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
   <title>autonomy-labs</title>
   <script src="https://cdn.tailwindcss.com?plugins=typography"></script>
+  <link rel="stylesheet" href="/static/theme.css">
 </head>
 
 <body class="min-h-screen bg-gradient-to-b from-gray-950 via-gray-900 to-gray-950 text-white">

static/login.js

@@ -0,0 +1,90 @@
+let supabase;
+
+        async function initSupabase() {
+            try {
+                const res = await fetch('/config');
+                const config = await res.json();
+                if (!config.supabase_url || !config.supabase_key) {
+                    throw new Error('Supabase configuration missing');
+                }
+                supabase = window.supabase.createClient(config.supabase_url, config.supabase_key);
+
+                // Register toggle (default disabled)
+                const allowSignup = localStorage.getItem('auth_allow_signup_v1') === '1';
+                const registerBtn = document.getElementById('register-btn');
+                if (!allowSignup && registerBtn) {
+                    registerBtn.style.display = 'none';
+                }
+
+                // Check if already logged in
+                const { data: { session } } = await supabase.auth.getSession();
+                if (session) {
+                    window.location.href = '/app';
+                }
+            } catch (error) {
+                console.error('Error initializing Supabase:', error);
+                showAlert('Error initializing application configuration', 'error');
+            }
+        }
+
+        function showAlert(message, type = 'error') {
+            const alert = document.getElementById('alert');
+            alert.textContent = message;
+            alert.classList.remove('hidden');
+            if (type === 'success') {
+                alert.classList.remove('text-red-500');
+                alert.classList.add('text-green-500');
+            } else {
+                alert.classList.remove('text-green-500');
+                alert.classList.add('text-red-500');
+            }
+        }
+
+        async function handleAuth(type) {
+            const email = document.getElementById('email').value;
+            const password = document.getElementById('password').value;
+
+            if (!supabase) {
+                showAlert('Supabase not initialized');
+                return;
+            }
+
+            try {
+                let result;
+                if (type === 'login') {
+                    result = await supabase.auth.signInWithPassword({ email, password });
+                } else {
+                    result = await supabase.auth.signUp({ email, password });
+                }
+
+                if (result.error) throw result.error;
+
+                if (type === 'register') {
+                    if (result.data && result.data.session) {
+                        // Email verification is disabled, user is logged in
+                        window.location.href = '/app';
+                    } else {
+                        showAlert('Registration successful! Please check your email to verify (if enabled) or try logging in.', 'success');
+                    }
+                } else {
+                    window.location.href = '/app';
+                }
+            } catch (error) {
+                showAlert(error.message);
+            }
+        }
+
+        document.getElementById('auth-form').addEventListener('submit', (e) => {
+            e.preventDefault();
+            handleAuth('login');
+        });
+
+        document.getElementById('register-btn').addEventListener('click', () => {
+            if (localStorage.getItem('auth_allow_signup_v1') === '1') {
+                handleAuth('register');
+            } else {
+                showAlert('Registration is disabled by the administrator.');
+            }
+        });
+
+        initSupabase();

static/theme.css

@@ -0,0 +1,73 @@
+:root {
+  --app-bg: #111827;
+  --app-fg: #ffffff;
+  --panel-bg: #1f2937;
+  --panel-bg-2: #111827;
+  --border: rgba(75, 85, 99, 0.7);
+  --muted: rgba(203, 213, 225, 0.75);
+}
+
+[data-theme="light"] {
+  --app-bg: #f6f7fb;
+  --app-fg: #0b1220;
+  --panel-bg: #ffffff;
+  --panel-bg-2: #f3f5fa;
+  --border: rgba(2, 6, 23, 0.12);
+  --muted: rgba(30, 41, 59, 0.72);
+}
+
+html,
+body {
+  background: var(--app-bg);
+  color: var(--app-fg);
+}
+
+nav,
+footer {
+  background: var(--panel-bg) !important;
+  border-color: var(--border) !important;
+}
+
+[data-theme="light"] .bg-gray-900 {
+  background-color: var(--panel-bg-2) !important;
+}
+[data-theme="light"] .bg-gray-800 {
+  background-color: var(--panel-bg) !important;
+}
+[data-theme="light"] .bg-black {
+  background-color: #0b1220 !important;
+}
+[data-theme="light"] .border-gray-700,
+[data-theme="light"] .border-gray-600 {
+  border-color: var(--border) !important;
+}
+
+[data-theme="light"] .text-white {
+  color: var(--app-fg) !important;
+}
+[data-theme="light"] .text-gray-300 {
+  color: rgba(15, 23, 42, 0.92) !important;
+}
+[data-theme="light"] .text-gray-400 {
+  color: rgba(15, 23, 42, 0.78) !important;
+}
+[data-theme="light"] .text-gray-500 {
+  color: rgba(15, 23, 42, 0.66) !important;
+}
+[data-theme="light"] .text-gray-200 {
+  color: rgba(15, 23, 42, 0.96) !important;
+}
+
+[data-theme="light"] a,
+[data-theme="light"] .prose a {
+  color: #1d4ed8;
+}
+
+[data-theme="light"] input,
+[data-theme="light"] textarea,
+[data-theme="light"] select {
+  background-color: #ffffff !important;
+  color: var(--app-fg) !important;
+  border-color: var(--border) !important;
+}
+