diff --git "a/static/index.html" "b/static/index.html"
--- "a/static/index.html"
+++ "b/static/index.html"
@@ -1,1448 +1,1570 @@
-<!DOCTYPE html>
+<!DOCTYPE html>
 <html lang="en">
 <head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>AdaptiveAuth Framework Test Interface</title>
-    <style>
-        body {
-            font-family: Arial, sans-serif;
-            max-width: 1200px;
-            margin: 0 auto;
-            padding: 20px;
-            background-color: #f5f5f5;
-        }
-        .container {
-            background-color: white;
-            padding: 30px;
-            border-radius: 10px;
-            box-shadow: 0 0 10px rgba(0,0,0,0.1);
-            margin-bottom: 20px;
-        }
-        h1, h2 {
-            color: #2c3e50;
-        }
-        .form-group {
-            margin-bottom: 15px;
-        }
-        label {
-            display: block;
-            margin-bottom: 5px;
-            font-weight: bold;
-        }
-        input, select, button {
-            width: 100%;
-            padding: 10px;
-            border: 1px solid #ddd;
-            border-radius: 5px;
-            box-sizing: border-box;
-        }
-        button {
-            background-color: #3498db;
-            color: white;
-            cursor: pointer;
-            font-size: 16px;
-            margin-top: 10px;
-        }
-        button:hover {
-            background-color: #2980b9;
-        }
-        .response {
-            margin-top: 20px;
-            padding: 15px;
-            border-radius: 5px;
-            background-color: #ecf0f1;
-            white-space: pre-wrap;
-            word-wrap: break-word;
-        }
-        .success {
-            background-color: #d4edda;
-            color: #155724;
-            border: 1px solid #c3e6cb;
-        }
-        .error {
-            background-color: #f8d7da;
-            color: #721c24;
-            border: 1px solid #f5c6cb;
-        }
-        .section {
-            border: 1px solid #ddd;
-            border-radius: 5px;
-            padding: 20px;
-            margin-bottom: 20px;
-        }
-        .token-display {
-            background-color: #fff3cd;
-            border: 1px solid #ffeaa7;
-            padding: 10px;
-            border-radius: 5px;
-            margin: 10px 0;
-            word-break: break-all;
-        }
-        .nav-tabs {
-            display: flex;
-            margin-bottom: 20px;
-            border-bottom: 1px solid #ddd;
-        }
-        .tab {
-            padding: 10px 20px;
-            cursor: pointer;
-            background-color: #eee;
-            border: 1px solid #ddd;
-            border-bottom: none;
-            border-radius: 5px 5px 0 0;
-            margin-right: 5px;
-        }
-        .tab.active {
-            background-color: white;
-            border-bottom: 1px solid white;
-            margin-bottom: -1px;
-        }
-        .tab-content {
-            display: none;
-        }
-        .tab-content.active {
-            display: block;
-        }
-        .feature-grid {
-            display: grid;
-            grid-template-columns: repeat(auto-fit, minmax(300px, 1fr));
-            gap: 15px;
-            margin-top: 15px;
-        }
-        .feature-card {
-            background: #f8f9fa;
-            border: 1px solid #dee2e6;
-            border-radius: 8px;
-            padding: 15px;
-        }
-        .feature-card h3 {
-            margin-top: 0;
-            color: #495057;
-            font-size: 16px;
-        }
-        .btn-group {
-            display: flex;
-            gap: 10px;
-            flex-wrap: wrap;
-        }
-        .btn-group button {
-            flex: 1;
-            min-width: 120px;
-            margin-top: 5px;
-        }
-        .btn-success {
-            background-color: #28a745;
-        }
-        .btn-success:hover {
-            background-color: #218838;
-        }
-        .btn-warning {
-            background-color: #ffc107;
-            color: #212529;
-        }
-        .btn-warning:hover {
-            background-color: #e0a800;
-        }
-        .btn-danger {
-            background-color: #dc3545;
-        }
-        .btn-danger:hover {
-            background-color: #c82333;
-        }
-        .btn-info {
-            background-color: #17a2b8;
-        }
-        .btn-info:hover {
-            background-color: #138496;
-        }
-        .status-indicator {
-            display: inline-block;
-            width: 10px;
-            height: 10px;
-            border-radius: 50%;
-            margin-right: 5px;
-        }
-        .status-online {
-            background-color: #28a745;
-        }
-        .status-offline {
-            background-color: #dc3545;
-        }
-        pre {
-            background: #f4f4f4;
-            padding: 10px;
-            border-radius: 5px;
-            overflow-x: auto;
-        }
-    </style>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>AdaptiveAuth - Framework Demo</title>
+<style>
+*,*::before,*::after{box-sizing:border-box;margin:0;padding:0}
+:root{
+  --c-bg:#0d0f14;--c-surface:#13161e;--c-card:#181c26;--c-border:#252a38;
+  --c-text:#dde3ee;--c-muted:#6b7694;--c-primary:#4f6ef7;--c-success:#22c55e;
+  --c-warn:#e8a020;--c-danger:#e04545;--c-info:#3ba8cc;--r:6px
+}
+body{font-family:'Segoe UI',system-ui,-apple-system,sans-serif;background:var(--c-bg);color:var(--c-text);line-height:1.6;min-height:100vh;font-size:14px}
+.badge{display:inline-block;padding:2px 9px;border-radius:3px;font-size:11px;font-weight:700;letter-spacing:.5px;text-transform:uppercase}
+.badge-success{background:#14532d40;color:var(--c-success);border:1px solid #14532d}.badge-challenge{background:#45200340;color:var(--c-warn);border:1px solid #6b3500}.badge-blocked{background:#7f1d1d40;color:#fca5a5;border:1px solid #7f1d1d}
+.tag{display:inline-block;padding:2px 7px;border-radius:3px;font-size:11px;background:var(--c-border);color:var(--c-muted);margin:2px;font-weight:500}
+.flex{display:flex}.gap-2{gap:8px}.gap-4{gap:16px}.items-center{align-items:center}
+.mt-2{margin-top:8px}.mt-4{margin-top:16px}.mb-2{margin-bottom:8px}.mb-4{margin-bottom:16px}
+
+/* Topbar — flat, no gradient */
+.topbar{background:var(--c-surface);border-bottom:1px solid var(--c-border);padding:0 28px;display:flex;align-items:center;justify-content:space-between;height:52px;position:sticky;top:0;z-index:100}
+.topbar-logo{font-size:17px;font-weight:700;color:var(--c-primary);letter-spacing:-.2px}
+.topbar-logo span{color:var(--c-text);font-weight:400}
+.topbar-status{display:flex;align-items:center;gap:8px;font-size:12px;color:var(--c-muted)}
+.dot{width:7px;height:7px;border-radius:50%;background:var(--c-danger)}.dot.online{background:var(--c-success)}
+
+/* Layout */
+.container{max-width:1260px;margin:0 auto;padding:24px 28px}
+.main-tabs{display:flex;gap:0;border-bottom:1px solid var(--c-border);margin-bottom:24px;overflow-x:auto}
+.main-tabs button{background:none;border:none;border-bottom:2px solid transparent;color:var(--c-muted);padding:10px 20px;font-size:13px;font-weight:600;cursor:pointer;white-space:nowrap;transition:color .15s,border-color .15s}
+.main-tabs button.active{color:var(--c-primary);border-bottom-color:var(--c-primary)}
+.main-tabs button:hover:not(.active){color:var(--c-text)}
+.tab-panel{display:none}.tab-panel.active{display:block}
+
+/* Cards */
+.card{background:var(--c-card);border:1px solid var(--c-border);border-radius:var(--r);padding:18px 20px;margin-bottom:14px}
+.card-header{font-size:11px;font-weight:700;text-transform:uppercase;letter-spacing:.8px;color:var(--c-muted);margin-bottom:14px;display:flex;align-items:center;gap:8px;padding-bottom:10px;border-bottom:1px solid var(--c-border)}
+
+/* Grids */
+.grid-2{display:grid;grid-template-columns:1fr 1fr;gap:14px}
+.grid-3{display:grid;grid-template-columns:repeat(3,1fr);gap:14px}
+.grid-4{display:grid;grid-template-columns:repeat(4,1fr);gap:10px}
+@media(max-width:900px){.grid-4,.grid-3{grid-template-columns:1fr 1fr}}
+@media(max-width:600px){.grid-2,.grid-3,.grid-4{grid-template-columns:1fr}}
+
+/* Buttons */
+button,.btn{display:inline-flex;align-items:center;justify-content:center;gap:5px;padding:8px 16px;border:1px solid transparent;border-radius:var(--r);font-size:13px;font-weight:600;cursor:pointer;transition:filter .12s,transform .08s;white-space:nowrap}
+button:active{transform:scale(.97)}
+button:disabled{opacity:.4;cursor:not-allowed}
+.btn-primary{background:#2d3fcc;color:#e8ecff;border-color:#3d50df}
+.btn-success{background:#1a6b3a;color:#d1fae5;border-color:#226b45}
+.btn-warn{background:#7a4810;color:#fde7b0;border-color:#8f5515}
+.btn-danger{background:#7a1f1f;color:#fecaca;border-color:#902828}
+.btn-ghost{background:transparent;color:var(--c-text);border-color:var(--c-border)}
+.btn-sm{padding:4px 10px;font-size:12px}
+.btn-full{width:100%}
+button:hover:not(:disabled){filter:brightness(1.12)}
+
+/* Forms */
+.form-group{margin-bottom:13px}
+label{display:block;font-size:11px;font-weight:600;color:var(--c-muted);margin-bottom:4px;text-transform:uppercase;letter-spacing:.5px}
+input,select{width:100%;background:var(--c-surface);border:1px solid var(--c-border);border-radius:var(--r);color:var(--c-text);padding:8px 11px;font-size:13px;transition:border-color .15s}
+input:focus,select:focus{outline:none;border-color:var(--c-primary)}
+input::placeholder{color:var(--c-muted)}
+
+/* Response boxes */
+.resp{margin-top:10px;padding:12px 14px;border-radius:var(--r);font-size:12px;font-family:'Consolas',monospace;background:var(--c-surface);border:1px solid var(--c-border);white-space:pre-wrap;word-break:break-all;display:none;max-height:280px;overflow-y:auto;line-height:1.6}
+.resp.show{display:block}
+
+/* Risk gauge */
+.gauge-wrap{text-align:center;padding:8px 0}
+.gauge-arc{position:relative;width:160px;height:92px;margin:0 auto}
+.gauge-arc svg{overflow:visible}
+.gauge-val{position:absolute;bottom:-4px;left:50%;transform:translateX(-50%);font-size:30px;font-weight:800;letter-spacing:-.5px}
+.gauge-label{margin-top:4px;font-size:12px;font-weight:700;text-transform:uppercase;letter-spacing:.8px;color:var(--c-muted)}
+
+/* Security level bar */
+.level-bar{display:flex;gap:3px;margin-top:8px}
+.level-seg{flex:1;height:6px;border-radius:3px;background:var(--c-border);transition:background .4s}
+.level-seg.active-0{background:#22c55e}.level-seg.active-1{background:#84cc16}.level-seg.active-2{background:#e8a020}.level-seg.active-3{background:#f97316}.level-seg.active-4{background:#e04545}
+
+/* Step progress */
+.steps{display:flex;gap:6px;margin-bottom:18px;overflow-x:auto}
+.step-item{flex:1;min-width:130px;background:var(--c-surface);border:1px solid var(--c-border);border-radius:var(--r);padding:10px 12px;cursor:pointer;transition:border-color .15s;text-align:center}
+.step-item.done{border-color:var(--c-success)}.step-item.active{border-color:var(--c-primary)}
+.step-num{width:26px;height:26px;border-radius:50%;background:var(--c-border);color:var(--c-muted);display:inline-flex;align-items:center;justify-content:center;font-size:12px;font-weight:700;margin-bottom:5px}
+.step-item.done .step-num{background:var(--c-success);color:#fff}.step-item.active .step-num{background:var(--c-primary);color:#fff}
+
+/* Decision panel */
+.decision-panel{background:var(--c-surface);border:1px solid var(--c-border);border-radius:var(--r);overflow:hidden}
+.decision-header{padding:12px 16px;font-size:16px;font-weight:800;text-align:center;letter-spacing:.5px}
+.decision-header.success{background:#0d2e1a;color:var(--c-success);border-bottom:1px solid #1a4d2c}
+.decision-header.challenge{background:#2d1e07;color:var(--c-warn);border-bottom:1px solid #5a3b0e}
+.decision-header.blocked{background:#2a0e0e;color:var(--c-danger);border-bottom:1px solid #5a1e1e}
+.decision-body{padding:14px}
+
+/* Risk factor bars */
+.factor-row{margin-bottom:7px}
+.factor-label{font-size:12px;color:var(--c-muted);margin-bottom:3px}
+.factor-bar-wrap{height:8px;background:var(--c-border);border-radius:3px;overflow:hidden}
+.factor-bar{height:100%;border-radius:3px;transition:width .7s ease}
+
+/* Anomaly feed */
+.anomaly-item{background:#1a0d0d;border:1px solid #3d1818;border-radius:var(--r);padding:10px 13px;margin-bottom:6px;display:flex;align-items:center;gap:10px;animation:slideIn .25s ease}
+@keyframes slideIn{from{opacity:0;transform:translateY(-6px)}to{opacity:1;transform:translateY(0)}}
+.anomaly-type{font-weight:700;font-size:13px;color:var(--c-danger)}.anomaly-meta{font-size:11px;color:var(--c-muted);margin-top:2px}
+
+/* Token bar */
+.token-bar{background:var(--c-surface);border:1px solid var(--c-border);border-radius:var(--r);padding:10px 14px;margin-bottom:18px;display:flex;align-items:center;gap:10px;font-size:12px}
+.token-val{flex:1;font-family:'Consolas',monospace;color:var(--c-info);overflow:hidden;text-overflow:ellipsis;white-space:nowrap;font-size:12px}
+
+/* Stat boxes */
+.stat-box{background:var(--c-surface);border:1px solid var(--c-border);border-radius:var(--r);padding:16px;text-align:center}
+.stat-num{font-size:30px;font-weight:800;line-height:1;letter-spacing:-.5px}
+.stat-label{font-size:10px;color:var(--c-muted);margin-top:5px;text-transform:uppercase;letter-spacing:.6px}
+
+/* Attack log */
+.attack-log{background:#0a0b10;border:1px solid #3d1818;border-radius:var(--r);padding:10px 12px;font-family:'Consolas',monospace;font-size:12px;color:#e04545;height:200px;overflow-y:auto;margin-top:10px}
+.attack-log .line{margin:2px 0}.detected{color:#d4a017;font-weight:700}.att-blocked{color:#fca5a5;font-weight:700}
+
+/* Monitoring */
+@keyframes pulse{0%,100%{opacity:1}50%{opacity:.3}}
+.monitor-pulse{animation:pulse 1.4s ease-in-out infinite}
+.monitor-badge{display:inline-flex;align-items:center;gap:5px;padding:2px 9px;border-radius:3px;font-size:11px;font-weight:700;text-transform:uppercase;letter-spacing:.4px;transition:all .25s}
+.monitor-badge.mon-on{background:#2a0e0e;color:#f87171;border:1px solid #5a1e1e}
+.monitor-badge.mon-off{background:var(--c-border);color:var(--c-muted);border:1px solid transparent}
+.monitor-log{background:#0a0b10;border:1px solid var(--c-border);border-radius:var(--r);padding:10px 12px;font-family:'Consolas',monospace;font-size:11.5px;height:145px;overflow-y:auto;margin-top:10px;line-height:1.7}
+.monitor-log .ml-ok{color:#22c55e}.monitor-log .ml-threat{color:#e04545;font-weight:700}.monitor-log .ml-warn{color:#e8a020}.monitor-log .ml-info{color:#3ba8cc}
+.monitor-stats{display:flex;flex-wrap:wrap;gap:8px;padding:10px 14px;background:var(--c-surface);border:1px solid var(--c-border);border-radius:var(--r);font-size:12px;margin-bottom:10px}
+.ms-item{display:flex;flex-direction:column;align-items:center;min-width:58px}
+.ms-val{font-size:19px;font-weight:800;line-height:1;letter-spacing:-.3px}
+.ms-lbl{font-size:10px;color:var(--c-muted);text-transform:uppercase;letter-spacing:.4px;margin-top:2px}
+
+/* Compare layout */
+.compare{display:grid;grid-template-columns:1fr 1fr;gap:10px;margin-top:12px}
+.compare-side{border:1px solid var(--c-border);border-radius:var(--r);padding:13px}
+.compare-title{font-size:11px;font-weight:700;text-transform:uppercase;letter-spacing:.6px;margin-bottom:8px}
+
+/* Callouts */
+.callout{padding:10px 13px;border-radius:var(--r);font-size:13px;line-height:1.6;margin-bottom:13px;border-left:3px solid}
+.callout-info{background:#08192b;border-color:var(--c-info);color:#a5d8f3}
+.callout-warn{background:#1e1400;border-color:var(--c-warn);color:#f5d48a}
+.callout-success{background:#0a1e12;border-color:var(--c-success);color:#a3e6bf}
+.callout-danger{background:#1e0a0a;border-color:var(--c-danger);color:#f5a5a5}
+
+/* Hero — no gradient text */
+.hero{padding:28px 0 20px;border-bottom:1px solid var(--c-border);margin-bottom:24px}
+.hero h1{font-size:22px;font-weight:700;color:var(--c-text);margin-bottom:4px;letter-spacing:-.3px}
+.hero h1 span{color:var(--c-primary)}
+.hero p{color:var(--c-muted);font-size:13px;margin-top:4px}
+
+/* Scrollbars */
+::-webkit-scrollbar{width:5px;height:5px}::-webkit-scrollbar-track{background:var(--c-surface)}::-webkit-scrollbar-thumb{background:var(--c-border);border-radius:3px}
+
+/* Code */
+code{background:#0d1117;border:1px solid var(--c-border);border-radius:3px;padding:1px 6px;font-size:11.5px;color:#60a5fa;font-family:'Consolas',monospace}
+
+/* Email status pills */
+.pill{display:inline-flex;align-items:center;gap:5px;padding:3px 10px;border-radius:3px;font-size:11px;font-weight:700;text-transform:uppercase;letter-spacing:.4px}
+.pill-ok{background:#0a1e12;color:var(--c-success);border:1px solid #226b45}
+.pill-err{background:#1e0a0a;color:var(--c-danger);border:1px solid #902828}
+.pill-warn{background:#1e1400;color:var(--c-warn);border:1px solid #8f5515}
+</style>
 </head>
 <body>
-    <div class="container">
-        <h1>AdaptiveAuth Framework - Complete Testing Suite</h1>
-        <p>Test all framework features: JWT Auth, 2FA, Risk Assessment, Session Monitoring & Admin Dashboard</p>
-        
-        <!-- Server Status -->
-        <div class="section">
-            <h2>Server Status</h2>
-            <div id="serverStatus">
-                <span class="status-indicator status-offline"></span>
-                <span>Checking server...</span>
-            </div>
-            <button onclick="checkServerStatus()" style="width: auto; margin-top: 10px;">Refresh Status</button>
+<div class="topbar">
+  <div class="topbar-logo">&#x26A1; AdaptiveAuth</div>
+  <div class="topbar-status">
+    <span class="dot" id="statusDot"></span>
+    <span id="statusText">Checking&hellip;</span>
+    <button class="btn btn-ghost btn-sm" onclick="ping()" style="margin-left:8px;">Refresh</button>
+  </div>
+</div>
+
+<div class="container">
+  <div class="hero">
+    <h1>Adaptive Authentication Framework</h1>
+    <p>Production-ready risk-based auth &mdash; JWT &bull; 2FA &bull; Behavioral Analysis &bull; Anomaly Detection</p>
+  </div>
+
+  <!-- Token bar -->
+  <div class="token-bar">
+    <span style="color:var(--c-muted);font-weight:700;font-size:12px;white-space:nowrap;">JWT TOKEN</span>
+    <span class="token-val" id="tokenPreview">No token &mdash; log in first</span>
+    <button class="btn btn-ghost btn-sm" onclick="copyToken()">Copy</button>
+    <button class="btn btn-danger btn-sm" onclick="clearToken()">Clear</button>
+  </div>
+
+  <!-- Main tabs -->
+  <div class="main-tabs">
+    <button class="active" onclick="switchTab('demo1',this)">&#x1F52C; Scenario 1: Behavior</button>
+    <button onclick="switchTab('demo2',this)">&#x1F6A8; Scenario 2: Attacks</button>
+    <button onclick="switchTab('api',this)">&#x1F527; API Testing</button>
+    <button onclick="switchTab('admin',this)">&#x1F6E1;&#xFE0F; Admin Dashboard</button>
+    <button onclick="switchTab('intel',this)">&#x1F9E0; Intelligence</button>
+  </div>
+
+  <!-- ====== SCENARIO 1 ====== -->
+  <div id="tab-demo1" class="tab-panel active">
+    <div class="callout callout-info">
+      <strong>Scenario 1 &mdash; User Behaviour Anomaly Detection</strong><br>
+      The demo user has <strong>30 days of normal login history</strong> from New York on Windows Chrome (Mon&ndash;Fri, 8AM&ndash;5PM).
+      We show how the framework reacts when the <em>same password</em> is used from a completely different context.
+    </div>
+
+    <div class="steps">
+      <div class="step-item" id="s1step0"><div class="step-num">0</div><div style="font-size:12px;font-weight:700;">Setup</div><div style="font-size:11px;color:var(--c-muted);">Create demo user</div></div>
+      <div class="step-item" id="s1step1"><div class="step-num">1</div><div style="font-size:12px;font-weight:700;">Normal Login</div><div style="font-size:11px;color:var(--c-muted);">Known context</div></div>
+      <div class="step-item" id="s1step2"><div class="step-num">2</div><div style="font-size:12px;font-weight:700;">Suspicious Login</div><div style="font-size:11px;color:var(--c-muted);">Unknown context</div></div>
+      <div class="step-item" id="s1step3"><div class="step-num">3</div><div style="font-size:12px;font-weight:700;">Verify Challenge</div><div style="font-size:11px;color:var(--c-muted);">Step-up auth</div></div>
+    </div>
+
+    <div class="card">
+      <div class="card-header"><span>&#x2699;&#xFE0F;</span> Step 0 &ndash; Setup Demo Environment</div>
+      <p style="font-size:13px;color:var(--c-muted);margin-bottom:14px;">Creates the demo user with a realistic 30-day behavioral profile (15 logins from a trusted IP, device, and time window).</p>
+      <div style="display:flex;gap:10px;flex-wrap:wrap;">
+        <button class="btn btn-primary" onclick="setupDemo(false)">&#x1F527; Setup Demo</button>
+        <button class="btn btn-warn" onclick="setupDemo(true)">&#x1F504; Reset &amp; Re-setup</button>
+        <button class="btn btn-ghost" onclick="checkDemoState()">&#x1F4CA; Check State</button>
+      </div>
+      <div id="setupResp" class="resp"></div>
+    </div>
+
+    <div class="compare">
+      <div class="compare-side">
+        <div class="compare-title" style="color:var(--c-success);">&#x2705; Normal Context</div>
+        <div style="font-size:13px;">
+          <div style="margin:3px 0;"><span class="tag">IP</span> 203.0.113.10 (known)</div>
+          <div style="margin:3px 0;"><span class="tag">Location</span> New York, US</div>
+          <div style="margin:3px 0;"><span class="tag">Device</span> Windows Chrome</div>
+          <div style="margin:3px 0;"><span class="tag">Time</span> Business hours</div>
+          <div style="margin:3px 0;"><span class="tag">History</span> 15 logins seen</div>
         </div>
-        
-        <div class="section">
-            <h2>Authentication Token</h2>
-            <div class="form-group">
-                <label for="authToken">Current JWT Token:</label>
-                <input type="text" id="authToken" placeholder="Paste your JWT token here...">
-                <button onclick="saveToken()">Save Token</button>
-                <button onclick="clearToken()" class="btn-danger" style="width: auto; margin-left: 10px;">Clear</button>
+        <button class="btn btn-success btn-full mt-4" onclick="doNormalLogin()">&#x25B6; Run Normal Login</button>
+        <div id="normalLoginResp" class="resp"></div>
+      </div>
+      <div class="compare-side">
+        <div class="compare-title" style="color:var(--c-danger);">&#x1F6A9; Suspicious Context</div>
+        <div style="font-size:13px;">
+          <div style="margin:3px 0;"><span class="tag">IP</span> 198.51.100.55 (new!)</div>
+          <div style="margin:3px 0;"><span class="tag">Location</span> Moscow, Russia</div>
+          <div style="margin:3px 0;"><span class="tag">Device</span> iPhone Safari (new!)</div>
+          <div style="margin:3px 0;"><span class="tag">Time</span> Same password</div>
+          <div style="margin:3px 0;"><span class="tag">History</span> 0 logins from here</div>
+        </div>
+        <button class="btn btn-danger btn-full mt-4" onclick="doSuspiciousLogin()">&#x25B6; Run Suspicious Login</button>
+        <div id="suspLoginResp" class="resp"></div>
+      </div>
+    </div>
+
+    <div class="card" id="riskVizCard" style="display:none;">
+      <div class="card-header"><span>&#x1F4CA;</span> Risk Assessment Result</div>
+      <div class="grid-2">
+        <div>
+          <div class="gauge-wrap">
+            <div class="gauge-arc">
+              <svg width="160" height="90" viewBox="0 0 160 90">
+                <path d="M 10,80 A 70,70 0 0,1 150,80" fill="none" stroke="#2e3347" stroke-width="12" stroke-linecap="round"/>
+                <path id="gaugeArc" d="M 10,80 A 70,70 0 0,1 150,80" fill="none" stroke="#6366f1" stroke-width="12" stroke-linecap="round" stroke-dasharray="220" stroke-dashoffset="220" style="transition:stroke-dashoffset .8s ease,stroke .5s;"/>
+              </svg>
+              <div class="gauge-val" id="gaugeNum" style="color:var(--c-primary);">0</div>
             </div>
-            <div id="tokenDisplay" class="token-display" style="display:none;"></div>
-            <div id="tokenInfo" style="margin-top: 10px; font-size: 14px; color: #666;"></div>
+            <div class="gauge-label" id="gaugeLabel">Risk Score</div>
+          </div>
         </div>
-        
-        <div class="nav-tabs">
-            <div class="tab active" onclick="showTab('register')">1. Register</div>
-            <div class="tab" onclick="showTab('login')">2. Login</div>
-            <div class="tab" onclick="showTab('adaptive')">3. Adaptive</div>
-            <div class="tab" onclick="showTab('demo')">4. Risk Demo</div>
-            <div class="tab" onclick="showTab('user')">5. User</div>
-            <div class="tab" onclick="showTab('2fa')">6. 2FA</div>
-            <div class="tab" onclick="showTab('protected')">7. Protected</div>
-            <div class="tab" onclick="showTab('risk')">8. Risk</div>
-            <div class="tab" onclick="showTab('admin')">9. Admin</div>
+        <div>
+          <div style="font-size:12px;color:var(--c-muted);margin-bottom:4px;">Security Level</div>
+          <div class="level-bar" id="levelBar">
+            <div class="level-seg" id="lseg0"></div><div class="level-seg" id="lseg1"></div><div class="level-seg" id="lseg2"></div><div class="level-seg" id="lseg3"></div><div class="level-seg" id="lseg4"></div>
+          </div>
+          <div style="display:flex;justify-content:space-between;font-size:10px;color:var(--c-muted);margin-top:3px;"><span>0 Trusted</span><span>4 Blocked</span></div>
+          <div style="margin-top:12px;" id="decisionBox"></div>
         </div>
-        
-        <!-- Registration Tab -->
-        <div id="registerTab" class="tab-content active">
-            <div class="section">
-                <h2>User Registration</h2>
-                <div class="form-group">
-                    <label for="regEmail">Email:</label>
-                    <input type="email" id="regEmail" placeholder="user@example.com">
-                </div>
-                <div class="form-group">
-                    <label for="regPassword">Password:</label>
-                    <input type="password" id="regPassword" placeholder="Enter password">
-                </div>
-                <div class="form-group">
-                    <label for="regFullName">Full Name (optional):</label>
-                    <input type="text" id="regFullName" placeholder="John Doe">
-                </div>
-                <button onclick="registerUser()">Register User</button>
-                <div id="registerResponse" class="response"></div>
-            </div>
+      </div>
+      <div style="margin-top:16px;">
+        <div style="font-size:12px;color:var(--c-muted);font-weight:700;text-transform:uppercase;letter-spacing:.5px;margin-bottom:8px;">Risk Factor Breakdown</div>
+        <div id="factorBars"></div>
+      </div>
+      <div id="triggeredRules" style="margin-top:12px;"></div>
+    </div>
+
+    <div class="card" id="challengeCard" style="display:none;">
+      <div class="card-header"><span>&#x1F510;</span> Step 3 &ndash; Complete Step-up Challenge</div>
+      <div class="callout callout-warn">
+        The framework triggered a challenge because of the suspicious context.
+        In a live deployment this sends a real email. In the demo, use code <strong>000000</strong>.
+      </div>
+      <div style="display:grid;grid-template-columns:1fr 1fr;gap:12px;">
+        <div>
+          <div class="form-group"><label>Challenge ID</label><input id="challengeId" type="text" placeholder="Auto-filled from step 2" readonly></div>
+          <div class="form-group"><label>Verification Code</label><input id="challengeCode" type="text" placeholder="Enter code (000000 for demo)"></div>
+          <button class="btn btn-primary btn-full" onclick="doCompleteChallenge()">&#x2705; Verify &amp; Complete Login</button>
         </div>
-        
-        <!-- Login Tab -->
-        <div id="loginTab" class="tab-content">
-            <div class="section">
-                <h2>User Login</h2>
-                <div class="form-group">
-                    <label for="loginEmail">Email:</label>
-                    <input type="email" id="loginEmail" placeholder="user@example.com">
-                </div>
-                <div class="form-group">
-                    <label for="loginPassword">Password:</label>
-                    <input type="password" id="loginPassword" placeholder="Enter password">
-                </div>
-                <button onclick="loginUser()">Login User</button>
-                <div id="loginResponse" class="response"></div>
-            </div>
+        <div style="font-size:13px;color:var(--c-muted);">
+          <p><strong>Why was this required?</strong></p>
+          <ul style="margin-top:8px;padding-left:18px;line-height:2;">
+            <li>Unknown IP address</li><li>New device fingerprint</li><li>Geographic location changed</li><li>Security Level &ge; 2 &rarr; challenge required</li>
+          </ul>
         </div>
-        
-        <!-- Adaptive Login Tab -->
-        <div id="adaptiveTab" class="tab-content">
-            <div class="section">
-                <h2>Adaptive Login (Risk-Based)</h2>
-                <div class="form-group">
-                    <label for="adaptiveEmail">Email:</label>
-                    <input type="email" id="adaptiveEmail" placeholder="user@example.com">
-                </div>
-                <div class="form-group">
-                    <label for="adaptivePassword">Password:</label>
-                    <input type="password" id="adaptivePassword" placeholder="Enter password">
-                </div>
-                <div class="form-group">
-                    <label for="deviceInfo">Device Info (optional):</label>
-                    <input type="text" id="deviceInfo" placeholder="Device fingerprint">
-                </div>
-                <button onclick="adaptiveLogin()">Adaptive Login</button>
-                <div id="adaptiveResponse" class="response"></div>
-            </div>
+      </div>
+      <div id="challengeResp" class="resp"></div>
+    </div>
+  </div><!-- /demo1 -->
+
+  <!-- ====== SCENARIO 2 ====== -->
+  <div id="tab-demo2" class="tab-panel">
+    <div class="callout callout-danger">
+      <strong>Scenario 2 &mdash; Attack &amp; Anomaly Detection</strong><br>
+      We simulate a brute-force attack from an attacker IP, watch the <code>AnomalyDetector</code> fire in real time,
+      then show how a <em>legitimate user</em> is treated vs the <em>attacker with the correct password</em>.
+    </div>
+
+    <div class="steps">
+      <div class="step-item" id="s2step1"><div class="step-num">1</div><div style="font-size:12px;font-weight:700;">Brute Force</div><div style="font-size:11px;color:var(--c-muted);">Inject failed logins</div></div>
+      <div class="step-item" id="s2step2"><div class="step-num">2</div><div style="font-size:12px;font-weight:700;">Legit User</div><div style="font-size:11px;color:var(--c-muted);">Normal login during attack</div></div>
+      <div class="step-item" id="s2step3"><div class="step-num">3</div><div style="font-size:12px;font-weight:700;">Attacker Unmasked</div><div style="font-size:11px;color:var(--c-muted);">Correct password, still blocked</div></div>
+    </div>
+
+    <div class="grid-2">
+      <div>
+        <div class="card">
+          <div class="card-header"><span>&#x1F4A3;</span> Step 1 &ndash; Simulate Brute Force Attack</div>
+          <p style="font-size:13px;color:var(--c-muted);margin-bottom:12px;">Injects failed login attempts from attacker IP <code>192.0.2.100</code> (Beijing, China), then triggers the AnomalyDetector.</p>
+          <div class="form-group"><label>Number of attempts</label><input id="attackAttempts" type="number" value="12" min="5" max="25"></div>
+          <button class="btn btn-danger btn-full" onclick="doSimulateAttack()">&#x1F4A5; Launch Attack Simulation</button>
+          <div class="attack-log" id="attackLog" style="display:none;"></div>
+          <div id="attackResp" class="resp"></div>
         </div>
-        
-        <!-- Risk Demo Tab -->
-        <div id="demoTab" class="tab-content">
-            <div class="section">
-                <h2>Security Levels Demo</h2>
-                <p style="background: #e7f3ff; padding: 15px; border-radius: 5px; border-left: 4px solid #2196F3;">
-                    <strong>Problem Statement:</strong> "Dynamically adjust security requirements based on risk assessment"
-                </p>
-                
-                <div class="feature-grid">
-                    <div class="feature-card" style="border-left: 4px solid #4CAF50;">
-                        <h3>Level 0-1: Trusted Device</h3>
-                        <p>Same device, same IP, same browser = Low risk</p>
-                        <div class="form-group">
-                            <input type="email" id="demo1Email" placeholder="Email" value="demo@test.com">
-                        </div>
-                        <div class="form-group">
-                            <input type="password" id="demo1Password" placeholder="Password" value="Demo@123!">
-                        </div>
-                        <button onclick="demoLevel1()" class="btn-success">Test Level 0-1</button>
-                        <div id="demo1Response" class="response"></div>
-                    </div>
-                    
-                    <div class="feature-card" style="border-left: 4px solid #FF9800;">
-                        <h3>Level 2: New Browser/Device</h3>
-                        <p>Different device fingerprint = Medium risk</p>
-                        <div class="form-group">
-                            <input type="email" id="demo2Email" placeholder="Email" value="demo@test.com">
-                        </div>
-                        <div class="form-group">
-                            <input type="password" id="demo2Password" placeholder="Password" value="Demo@123!">
-                        </div>
-                        <div class="form-group">
-                            <input type="text" id="demo2Device" placeholder="Device Fingerprint" value="new-unknown-device-xyz">
-                        </div>
-                        <button onclick="demoLevel2()" class="btn-warning">Test Level 2</button>
-                        <div id="demo2Response" class="response"></div>
-                    </div>
-                    
-                    <div class="feature-card" style="border-left: 4px solid #f44336;">
-                        <h3>Level 4: Brute Force Attack</h3>
-                        <p>Multiple failed attempts = Blocked</p>
-                        <div class="form-group">
-                            <input type="email" id="demo4Email" placeholder="Email" value="demo@test.com">
-                        </div>
-                        <button onclick="demoBruteForce()" class="btn-danger">Simulate 5 Failed Attempts</button>
-                        <div id="demo4Response" class="response"></div>
-                        <div id="bruteForceProgress" style="margin-top: 10px;"></div>
-                    </div>
-                    
-                    <div class="feature-card" style="border-left: 4px solid #9C27B0;">
-                        <h3>Risk Score Analysis</h3>
-                        <p>View how risk factors are calculated</p>
-                        <button onclick="showRiskBreakdown()" class="btn-info">Show Risk Factors</button>
-                        <div id="riskBreakdownResponse" class="response"></div>
-                    </div>
-                </div>
-                
-                <div style="margin-top: 20px; padding: 15px; background: #f5f5f5; border-radius: 5px;">
-                    <h3>Security Levels Explained:</h3>
-                    <table style="width: 100%; border-collapse: collapse;">
-                        <tr style="background: #4CAF50; color: white;">
-                            <td style="padding: 10px; border: 1px solid #ddd;"><strong>Level 0</strong></td>
-                            <td style="padding: 10px; border: 1px solid #ddd;">Trusted (Known device + IP + browser)</td>
-                            <td style="padding: 10px; border: 1px solid #ddd;">Password only</td>
-                        </tr>
-                        <tr style="background: #8BC34A; color: white;">
-                            <td style="padding: 10px; border: 1px solid #ddd;"><strong>Level 1</strong></td>
-                            <td style="padding: 10px; border: 1px solid #ddd;">Unknown browser</td>
-                            <td style="padding: 10px; border: 1px solid #ddd;">Password required</td>
-                        </tr>
-                        <tr style="background: #FF9800; color: white;">
-                            <td style="padding: 10px; border: 1px solid #ddd;"><strong>Level 2</strong></td>
-                            <td style="padding: 10px; border: 1px solid #ddd;">Unknown IP</td>
-                            <td style="padding: 10px; border: 1px solid #ddd;">Email verification</td>
-                        </tr>
-                        <tr style="background: #FF5722; color: white;">
-                            <td style="padding: 10px; border: 1px solid #ddd;"><strong>Level 3</strong></td>
-                            <td style="padding: 10px; border: 1px solid #ddd;">Unknown device</td>
-                            <td style="padding: 10px; border: 1px solid #ddd;">2FA required</td>
-                        </tr>
-                        <tr style="background: #f44336; color: white;">
-                            <td style="padding: 10px; border: 1px solid #ddd;"><strong>Level 4</strong></td>
-                            <td style="padding: 10px; border: 1px solid #ddd;">Suspicious pattern</td>
-                            <td style="padding: 10px; border: 1px solid #ddd;">BLOCKED</td>
-                        </tr>
-                    </table>
-                </div>
-            </div>
+        <div class="card">
+          <div class="card-header" style="justify-content:space-between;">
+            <span>&#x1F6A8; Live Anomaly Feed &amp; Monitoring</span>
+            <span id="monitorBadge" class="monitor-badge mon-off">&#x23F8; Idle</span>
+          </div>
+          <!-- Controls -->
+          <div style="display:flex;gap:8px;flex-wrap:wrap;margin-bottom:12px;align-items:center;">
+            <button id="monitorBtn" class="btn btn-success btn-sm" onclick="toggleMonitoring()">&#x25B6; Start Monitoring</button>
+            <button class="btn btn-ghost btn-sm" onclick="refreshAnomalies()">&#x1F504; Refresh Feed</button>
+            <button class="btn btn-danger btn-sm" onclick="clearAnomalies()">&#x1F5D1; Clear</button>
+            <span style="font-size:11px;color:var(--c-muted);">Runs a full scan cycle every 2 s when active</span>
+          </div>
+          <!-- Stats strip (shown while monitoring active) -->
+          <div class="monitor-stats" id="monitorStats" style="display:none;">
+            <div class="ms-item"><div class="ms-val" id="msThreatVal" style="color:var(--c-danger);">—</div><div class="ms-lbl">Threat</div></div>
+            <div class="ms-item"><div class="ms-val" id="msAnomalyVal" style="color:var(--c-warn);">—</div><div class="ms-lbl">Anomalies</div></div>
+            <div class="ms-item"><div class="ms-val" id="msFailedVal" style="color:var(--c-danger);">—</div><div class="ms-lbl">Failed/1h</div></div>
+            <div class="ms-item"><div class="ms-val" id="msSessionVal" style="color:var(--c-info);">—</div><div class="ms-lbl">Sessions</div></div>
+            <div class="ms-item"><div class="ms-val" id="msSuspVal" style="color:var(--c-warn);">—</div><div class="ms-lbl">Suspicious</div></div>
+            <div class="ms-item" style="margin-left:auto;"><div class="ms-val" id="msCycleVal" style="font-size:11px;color:var(--c-muted);">—</div><div class="ms-lbl">Last cycle</div></div>
+          </div>
+          <!-- Monitoring log -->
+          <div class="monitor-log" id="monitorLog" style="display:none;"></div>
+          <!-- Anomaly feed -->
+          <div id="anomalyFeed"><p style="color:var(--c-muted);font-size:13px;">No anomalies yet. Run the attack simulation above.</p></div>
         </div>
-        
-        <!-- User Profile Tab -->
-        <div id="userTab" class="tab-content">
-            <div class="section">
-                <h2>User Profile Management</h2>
-                <div class="feature-grid">
-                    <div class="feature-card">
-                        <h3>Get My Profile</h3>
-                        <p>Retrieve current user profile information</p>
-                        <button onclick="getMyProfile()" class="btn-info">Get Profile</button>
-                        <div id="profileResponse" class="response"></div>
-                    </div>
-                    <div class="feature-card">
-                        <h3>Update Profile</h3>
-                        <div class="form-group">
-                            <label>Full Name:</label>
-                            <input type="text" id="updateFullName" placeholder="New full name">
-                        </div>
-                        <button onclick="updateProfile()" class="btn-success">Update Profile</button>
-                        <div id="updateProfileResponse" class="response"></div>
-                    </div>
-                    <div class="feature-card">
-                        <h3>Change Password</h3>
-                        <div class="form-group">
-                            <label>Current Password:</label>
-                            <input type="password" id="currentPassword" placeholder="Current password">
-                        </div>
-                        <div class="form-group">
-                            <label>New Password:</label>
-                            <input type="password" id="newPassword" placeholder="New password (8+ chars)">
-                        </div>
-                        <button onclick="changePassword()" class="btn-warning">Change Password</button>
-                        <div id="changePasswordResponse" class="response"></div>
-                    </div>
-                    <div class="feature-card">
-                        <h3>Sessions</h3>
-                        <button onclick="getMySessions()" class="btn-info">Get Active Sessions</button>
-                        <button onclick="logoutAllSessions()" class="btn-danger" style="margin-top: 5px;">Logout All Sessions</button>
-                        <div id="sessionsResponse" class="response"></div>
-                    </div>
-                </div>
-            </div>
+      </div>
+      <div>
+        <div class="card">
+          <div class="card-header"><span>&#x1F464;</span> Step 2 &ndash; Legitimate User Logs In</div>
+          <p style="font-size:13px;color:var(--c-muted);margin-bottom:12px;">Same account. Logs in from <strong>New York (trusted IP, trusted device)</strong> while the attack is in progress.</p>
+          <button class="btn btn-success btn-full" onclick="doLegitLogin()">&#x25B6; Login as Legitimate User</button>
+          <div id="legitResp" class="resp"></div>
         </div>
-        
-        <!-- Protected Access Tab -->
-        <div id="protectedTab" class="tab-content">
-            <div class="section">
-                <h2>Protected Endpoints</h2>
-                <div class="feature-grid">
-                    <div class="feature-card">
-                        <h3>Basic Protected</h3>
-                        <p>Test basic JWT authentication</p>
-                        <button onclick="accessProtected()" class="btn-success">Test Protected</button>
-                        <div id="protectedResponse" class="response"></div>
-                    </div>
-                    <div class="feature-card">
-                        <h3>Admin Only</h3>
-                        <p>Test admin role access (requires admin token)</p>
-                        <button onclick="accessAdminProtected()" class="btn-warning">Test Admin Access</button>
-                        <div id="adminProtectedResponse" class="response"></div>
-                    </div>
-                </div>
-            </div>
+        <div class="card">
+          <div class="card-header"><span>&#x1F916;</span> Step 3 &ndash; Attacker Uses Correct Password</div>
+          <p style="font-size:13px;color:var(--c-muted);margin-bottom:12px;">The attacker somehow obtained the real password. See what happens.<br><strong>Spoiler:</strong> correct password alone is not enough.</p>
+          <button class="btn btn-warn btn-full" onclick="doAttackerLogin()">&#x1F511; Attacker Login Attempt</button>
+          <div id="attackerLoginResp" class="resp"></div>
         </div>
-        
-        <!-- 2FA Tab -->
-        <div id="2faTab" class="tab-content">
-            <div class="section">
-                <h2>Two-Factor Authentication (TOTP)</h2>
-                <div class="feature-grid">
-                    <div class="feature-card">
-                        <h3>Enable 2FA</h3>
-                        <p>Generate QR code and setup 2FA</p>
-                        <button onclick="enable2FA()" class="btn-success">Enable 2FA</button>
-                        <div id="enable2faResponse" class="response"></div>
-                        <div id="qrCodeDisplay" style="margin-top: 10px; text-align: center;"></div>
-                    </div>
-                    <div class="feature-card">
-                        <h3>Verify 2FA</h3>
-                        <div class="form-group">
-                            <label>TOTP Code:</label>
-                            <input type="text" id="totpCode" placeholder="Enter 6-digit code">
-                        </div>
-                        <button onclick="verify2FA()" class="btn-info">Verify Code</button>
-                        <div id="verify2faResponse" class="response"></div>
-                    </div>
-                    <div class="feature-card">
-                        <h3>Disable 2FA</h3>
-                        <p>Remove two-factor authentication</p>
-                        <button onclick="disable2FA()" class="btn-danger">Disable 2FA</button>
-                        <div id="disable2faResponse" class="response"></div>
-                    </div>
-                    <div class="feature-card">
-                        <h3>2FA Status</h3>
-                        <button onclick="get2FAStatus()" class="btn-info">Check Status</button>
-                        <div id="status2faResponse" class="response"></div>
-                    </div>
-                </div>
-            </div>
+        <div class="card">
+          <div class="card-header"><span>&#x2696;&#xFE0F;</span> Side-by-side Comparison</div>
+          <div id="compareBox" style="font-size:13px;color:var(--c-muted);">Run steps 2 and 3 to see the comparison.</div>
         </div>
-        
-        <!-- Admin Tab -->
-        <div id="adminTab" class="tab-content">
-            <div class="section">
-                <h2>Admin Dashboard</h2>
-                <p style="color: #856404; background: #fff3cd; padding: 10px; border-radius: 5px;">
-                    These functions require admin privileges. Login with admin credentials.
-                </p>
-                <div class="feature-grid">
-                    <div class="feature-card">
-                        <h3>User Management</h3>
-                        <button onclick="getUsers()" class="btn-info">Get All Users</button>
-                        <button onclick="getUserByEmail()" class="btn-info" style="margin-top: 5px;">Find User by Email</button>
-                        <div class="form-group" style="margin-top: 10px;">
-                            <input type="email" id="adminSearchEmail" placeholder="user@example.com">
-                        </div>
-                        <div id="usersResponse" class="response"></div>
-                    </div>
-                    <div class="feature-card">
-                        <h3>System Statistics</h3>
-                        <button onclick="getStats()" class="btn-success">Get Statistics</button>
-                        <button onclick="getSystemHealth()" class="btn-info" style="margin-top: 5px;">System Health</button>
-                        <div id="statsResponse" class="response"></div>
-                    </div>
-                    <div class="feature-card">
-                        <h3>Risk Events</h3>
-                        <button onclick="getRiskEvents()" class="btn-warning">View Risk Events</button>
-                        <button onclick="getAnomalies()" class="btn-warning" style="margin-top: 5px;">View Anomalies</button>
-                        <div id="riskEventsResponse" class="response"></div>
-                    </div>
-                    <div class="feature-card">
-                        <h3>User Actions</h3>
-                        <div class="form-group">
-                            <input type="email" id="adminUserEmail" placeholder="User email">
-                        </div>
-                        <div class="btn-group">
-                            <button onclick="activateUser()" class="btn-success" style="flex: 1;">Activate</button>
-                            <button onclick="deactivateUser()" class="btn-danger" style="flex: 1;">Deactivate</button>
-                        </div>
-                        <div id="userActionResponse" class="response"></div>
-                    </div>
-                </div>
-            </div>
+      </div>
+    </div>
+  </div><!-- /demo2 -->
+
+  <!-- ====== API TESTING ====== -->
+  <div id="tab-api" class="tab-panel">
+    <div class="grid-2">
+      <div class="card">
+        <div class="card-header"><span>&#x1F4DD;</span> Register</div>
+        <div class="form-group"><label>Email</label><input id="regEmail" type="email" placeholder="user@example.com"></div>
+        <div class="form-group"><label>Password</label><input id="regPassword" type="password" placeholder="Min 8 chars, upper, lower, digit"></div>
+        <div class="form-group"><label>Full Name</label><input id="regName" type="text" placeholder="Optional"></div>
+        <button class="btn btn-primary btn-full" onclick="apiRegister()">Register</button>
+        <div id="regResp" class="resp"></div>
+      </div>
+      <div class="card">
+        <div class="card-header"><span>&#x1F511;</span> Login</div>
+        <div class="form-group"><label>Email</label><input id="loginEmail" type="email" placeholder="user@example.com"></div>
+        <div class="form-group"><label>Password</label><input id="loginPassword" type="password" placeholder="Password"></div>
+        <div style="display:flex;gap:8px;">
+          <button class="btn btn-primary" style="flex:1;" onclick="apiLogin()">Login</button>
+          <button class="btn btn-ghost" style="flex:1;" onclick="apiAdaptiveLogin()">Adaptive Login</button>
         </div>
-        
-        <!-- Risk Assessment Tab -->
-        <div id="riskTab" class="tab-content">
-            <div class="section">
-                <h2>Risk Assessment & Security</h2>
-                <div class="feature-grid">
-                    <div class="feature-card">
-                        <h3>Assess Risk</h3>
-                        <div class="form-group">
-                            <label>Email:</label>
-                            <input type="email" id="riskEmail" placeholder="user@example.com">
-                        </div>
-                        <div class="form-group">
-                            <label>IP Address:</label>
-                            <input type="text" id="ipAddress" placeholder="192.168.1.1">
-                        </div>
-                        <div class="form-group">
-                            <label>Device Fingerprint:</label>
-                            <input type="text" id="deviceFingerprint" placeholder="device-fingerprint">
-                        </div>
-                        <button onclick="assessRisk()" class="btn-warning">Assess Risk</button>
-                        <div id="riskResponse" class="response"></div>
-                    </div>
-                    <div class="feature-card">
-                        <h3>Behavior Analysis</h3>
-                        <button onclick="getBehaviorProfile()" class="btn-info">Get Behavior Profile</button>
-                        <button onclick="getLoginPatterns()" class="btn-info" style="margin-top: 5px;">Login Patterns</button>
-                        <div id="behaviorResponse" class="response"></div>
-                    </div>
-                    <div class="feature-card">
-                        <h3>Security Level</h3>
-                        <button onclick="getSecurityLevel()" class="btn-success">Check Security Level</button>
-                        <div id="securityLevelResponse" class="response"></div>
-                    </div>
-                    <div class="feature-card">
-                        <h3>Device Trust</h3>
-                        <button onclick="getTrustedDevices()" class="btn-info">Trusted Devices</button>
-                        <button onclick="addTrustedDevice()" class="btn-success" style="margin-top: 5px;">Add Trusted Device</button>
-                        <div id="deviceTrustResponse" class="response"></div>
-                    </div>
-                </div>
+        <div id="loginResp" class="resp"></div>
+      </div>
+      <div class="card">
+        <div class="card-header"><span>&#x1F510;</span> Two-Factor Auth (TOTP)</div>
+        <div style="display:flex;flex-wrap:wrap;gap:8px;margin-bottom:10px;">
+          <button class="btn btn-primary btn-sm" onclick="api2faEnable()">Enable 2FA</button>
+          <button class="btn btn-ghost btn-sm" onclick="api2faStatus()">Status</button>
+          <button class="btn btn-danger btn-sm" onclick="api2faDisable()">Disable</button>
+        </div>
+        <div id="qrWrap" style="text-align:center;margin:10px 0;"></div>
+        <div class="form-group"><label>TOTP Code</label><input id="totpCode" type="text" placeholder="6-digit code from authenticator"></div>
+        <button class="btn btn-success btn-full" onclick="api2faVerify()">Verify &amp; Activate</button>
+        <div id="tfaResp" class="resp"></div>
+      </div>
+      <div class="card">
+        <div class="card-header"><span>&#x1F464;</span> My Profile</div>
+        <div style="display:flex;flex-wrap:wrap;gap:8px;margin-bottom:10px;">
+          <button class="btn btn-ghost btn-sm" onclick="apiGetProfile()">Profile</button>
+          <button class="btn btn-ghost btn-sm" onclick="apiGetSecurity()">Security</button>
+          <button class="btn btn-ghost btn-sm" onclick="apiGetDevices()">Devices</button>
+          <button class="btn btn-ghost btn-sm" onclick="apiGetSessions()">Sessions</button>
+          <button class="btn btn-danger btn-sm" onclick="apiRevokeAll()">Revoke All</button>
+        </div>
+        <div id="profileResp" class="resp"></div>
+      </div>
+      <div class="card">
+        <div class="card-header"><span>&#x1F512;</span> Password Management</div>
+        <div class="form-group"><label>Current Password</label><input id="curPwd" type="password"></div>
+        <div class="form-group"><label>New Password</label><input id="newPwd" type="password"></div>
+        <button class="btn btn-warn btn-full" onclick="apiChangePwd()">Change Password</button>
+        <hr style="border-color:var(--c-border);margin:14px 0;">
+        <div class="form-group"><label>Email for Reset Link</label><input id="resetEmail" type="email"></div>
+        <button class="btn btn-ghost btn-full" onclick="apiForgotPwd()">Send Reset Email</button>
+        <div id="pwdResp" class="resp"></div>
+      </div>
+      <div class="card">
+        <div class="card-header"><span>&#x1F6E1;&#xFE0F;</span> Protected Endpoints</div>
+        <p style="font-size:13px;color:var(--c-muted);margin-bottom:12px;">Test JWT-protected routes. Must have a valid token saved.</p>
+        <div style="display:flex;flex-wrap:wrap;gap:8px;">
+          <button class="btn btn-success btn-sm" onclick="apiProtected()">Test /protected</button>
+          <button class="btn btn-warn btn-sm" onclick="apiAdminOnly()">Test /admin-only</button>
+          <button class="btn btn-ghost btn-sm" onclick="apiRiskProfile()">Risk Profile</button>
+          <button class="btn btn-ghost btn-sm" onclick="apiLogout()">Logout</button>
+        </div>
+        <div id="protResp" class="resp"></div>
+      </div>
+    </div>
+  </div><!-- /api -->
+
+  <!-- ====== ADMIN ====== -->
+  <div id="tab-admin" class="tab-panel">
+    <div class="callout callout-warn">
+      Admin endpoints require an admin JWT token. Login with <code>demo.admin@adaptive.demo</code> / <code>Admin@Demo456!</code> first.
+    </div>
+    <div class="card">
+      <div class="card-header"><span>&#x1F511;</span> Quick Admin Login</div>
+      <div style="display:flex;gap:10px;align-items:center;flex-wrap:wrap;">
+        <span style="font-size:13px;">credentials: <code>demo.admin@adaptive.demo</code> / <code>Admin@Demo456!</code></span>
+        <button class="btn btn-primary btn-sm" onclick="quickAdminLogin()">Login as Admin</button>
+      </div>
+      <div id="adminLoginResp" class="resp"></div>
+    </div>
+    <button class="btn btn-ghost" style="margin-bottom:12px;" onclick="loadAdminStats()">&#x1F504; Load Statistics</button>
+    <div class="grid-4 mb-4" id="statsGrid">
+      <div class="stat-box"><div class="stat-num" style="color:var(--c-info);">&mdash;</div><div class="stat-label">Total Users</div></div>
+      <div class="stat-box"><div class="stat-num" style="color:var(--c-success);">&mdash;</div><div class="stat-label">Active Sessions</div></div>
+      <div class="stat-box"><div class="stat-num" style="color:var(--c-danger);">&mdash;</div><div class="stat-label">High Risk Today</div></div>
+      <div class="stat-box"><div class="stat-num" style="color:var(--c-warn);">&mdash;</div><div class="stat-label">Failed Logins</div></div>
+    </div>
+    <div class="card" id="emailStatusCard">
+      <div class="card-header" style="justify-content:space-between;">
+        <span style="display:flex;align-items:center;gap:8px;">&#x2709;&#xFE0F; Email Service Status</span>
+        <button class="btn btn-ghost btn-sm" onclick="checkEmailStatus()">&#x1F504; Refresh</button>
+      </div>
+      <div id="emailStatusBody" style="font-size:13px;color:var(--c-muted);">Click Refresh to check email configuration.</div>
+    </div>
+    <div class="grid-2">
+      <div class="card">
+        <div class="card-header"><span>&#x1F465;</span> User Management</div>
+        <div style="display:flex;gap:8px;flex-wrap:wrap;margin-bottom:10px;">
+          <button class="btn btn-ghost btn-sm" onclick="adminGetUsers()">List Users</button>
+          <button class="btn btn-ghost btn-sm" onclick="adminGetSessions()">List Sessions</button>
+        </div>
+        <div class="form-group"><label>User ID</label><input id="adminUserId" type="number" placeholder="User ID"></div>
+        <div style="display:flex;gap:8px;">
+          <button class="btn btn-success btn-sm" style="flex:1;" onclick="adminUnblock()">Unblock</button>
+          <button class="btn btn-danger btn-sm" style="flex:1;" onclick="adminBlock()">Block</button>
+        </div>
+        <div id="adminUserResp" class="resp"></div>
+      </div>
+      <div class="card">
+        <div class="card-header"><span>&#x26A0;&#xFE0F;</span> Risk Events &amp; Anomalies</div>
+        <div style="display:flex;gap:8px;flex-wrap:wrap;margin-bottom:10px;">
+          <button class="btn btn-warn btn-sm" onclick="adminGetRiskEvents()">Risk Events</button>
+          <button class="btn btn-danger btn-sm" onclick="adminGetAnomalies()">Active Anomalies</button>
+          <button class="btn btn-ghost btn-sm" onclick="adminRiskOverview()">Overview</button>
+        </div>
+        <div id="adminRiskResp" class="resp"></div>
+      </div>
+    </div>
+    <div class="card">
+      <div class="card-header"><span>&#x1F4C8;</span> Risk Statistics</div>
+      <div style="display:flex;gap:8px;margin-bottom:10px;">
+        <button class="btn btn-ghost btn-sm" onclick="adminRiskStatsPeriod('day')">Day</button>
+        <button class="btn btn-ghost btn-sm" onclick="adminRiskStatsPeriod('week')">Week</button>
+        <button class="btn btn-ghost btn-sm" onclick="adminRiskStatsPeriod('month')">Month</button>
+      </div>
+      <div id="statsResp" class="resp"></div>
+    </div>
+  </div><!-- /admin -->
+
+  <!-- ====== INTELLIGENCE ====== -->
+  <div id="tab-intel" class="tab-panel">
+    <div class="callout callout-info">
+      <strong>&#x1F9E0; Session Intelligence &mdash; 8 Advanced Security Features</strong><br>
+      Continuous Verification &bull; Behavioral Intelligence &bull; Dynamic Trust Score &bull;
+      Micro-Challenges &bull; Explainability &bull; AI Anomaly Detection &bull; Impossible Travel &bull; Privacy-First Design.
+    </div>
+
+    <!-- Quick login -->
+    <div class="card" style="margin-bottom:10px;">
+      <div class="card-header"><span>&#x1F511;</span> Session Authentication</div>
+      <div style="display:flex;align-items:center;gap:10px;flex-wrap:wrap;">
+        <span style="font-size:13px;color:var(--c-muted);">Protected features require a JWT token.</span>
+        <button class="btn btn-primary btn-sm" onclick="intelQuickLogin()">&#x26A1; Quick Login (demo user)</button>
+        <div id="intelLoginStatus" style="font-size:12px;"></div>
+      </div>
+    </div>
+
+    <!-- Trust Score + Continuous Verify -->
+    <div class="card">
+      <div class="card-header"><span>&#x1F6E1;&#xFE0F;</span> Dynamic Trust Score &amp; Continuous Verification</div>
+      <div style="display:flex;gap:20px;align-items:flex-start;flex-wrap:wrap;">
+        <div style="text-align:center;min-width:155px;">
+          <svg width="155" height="95" viewBox="-5 -5 165 105">
+            <path d="M 10 80 A 65 65 0 0 1 140 80" stroke="#1e293b" stroke-width="16" fill="none"/>
+            <path id="trustArc" d="M 10 80 A 65 65 0 0 1 140 80" stroke="#22c55e" stroke-width="16" fill="none"
+                  stroke-dasharray="204" stroke-dashoffset="204" stroke-linecap="round"
+                  style="transition:stroke-dashoffset .6s,stroke .6s;"/>
+            <text id="trustNum" x="75" y="77" text-anchor="middle" font-size="28" font-weight="700" fill="#f1f5f9">--</text>
+            <text x="75" y="93" text-anchor="middle" font-size="10" fill="#64748b">/ 100</text>
+          </svg>
+          <div id="trustLabel" style="font-size:11px;font-weight:700;color:var(--c-muted);">LOADING&#8230;</div>
+        </div>
+        <div style="flex:1;min-width:180px;">
+          <div style="display:flex;gap:6px;flex-wrap:wrap;margin-bottom:8px;">
+            <button class="btn btn-ghost btn-sm" onclick="intelGetTrust()">&#x1F504; Refresh</button>
+            <button class="btn btn-ghost btn-sm" onclick="intelContinuousVerify()">&#x2714; Verify Now</button>
+            <button class="btn btn-warn btn-sm" onclick="intelDropTrust()">&#x1F53D; Drop to 25</button>
+          </div>
+          <div id="trustHistoryWrap" style="max-height:130px;overflow-y:auto;font-size:11px;"></div>
+        </div>
+      </div>
+      <div id="trustResp" class="resp"></div>
+    </div>
+
+    <!-- Privacy-First Behavior Monitor -->
+    <div class="card">
+      <div class="card-header"><span>&#x1F512;</span> Privacy-First Behavioral Intelligence</div>
+      <div class="callout callout-info" style="font-size:12px;padding:8px 12px;margin-bottom:10px;">
+        <strong>&#x1F512; Privacy-First:</strong> Keystroke timings, mouse coords and scroll deltas are processed
+        <em>entirely in-browser</em>. Only the aggregated 0&ndash;1 scores are sent to the server.
+      </div>
+      <div style="display:flex;gap:8px;margin-bottom:12px;flex-wrap:wrap;">
+        <button class="btn btn-success btn-sm" id="behaviorCollectBtn" onclick="toggleBehaviorCollector()">&#x25B6; Start Collecting</button>
+        <button class="btn btn-primary btn-sm" onclick="intelSendBehavior()">&#x1F4E4; Send Signals</button>
+        <span id="collectStatus" style="font-size:12px;color:var(--c-muted);align-self:center;"></span>
+      </div>
+      <div style="display:grid;gap:10px;">
+        <div>
+          <div style="display:flex;justify-content:space-between;font-size:12px;margin-bottom:3px;">
+            <span>&#x2328;&#xFE0F; Typing Entropy <span style="color:var(--c-muted);">(1.0&nbsp;= human-like rhythm)</span></span>
+            <span id="teVal">--</span>
+          </div>
+          <div style="height:8px;background:#1e293b;border-radius:4px;overflow:hidden;">
+            <div id="teBar" style="height:100%;width:0%;background:#22c55e;transition:width .5s,background .5s;border-radius:4px;"></div>
+          </div>
+        </div>
+        <div>
+          <div style="display:flex;justify-content:space-between;font-size:12px;margin-bottom:3px;">
+            <span>&#x1F5B1;&#xFE0F; Mouse Linearity <span style="color:var(--c-muted);">(1.0&nbsp;= curved/natural)</span></span>
+            <span id="mlVal">--</span>
+          </div>
+          <div style="height:8px;background:#1e293b;border-radius:4px;overflow:hidden;">
+            <div id="mlBar" style="height:100%;width:0%;background:#22c55e;transition:width .5s,background .5s;border-radius:4px;"></div>
+          </div>
+        </div>
+        <div>
+          <div style="display:flex;justify-content:space-between;font-size:12px;margin-bottom:3px;">
+            <span>&#x1F4DC; Scroll Variance <span style="color:var(--c-muted);">(0.5&nbsp;= organic human rhythm)</span></span>
+            <span id="svVal">--</span>
+          </div>
+          <div style="height:8px;background:#1e293b;border-radius:4px;overflow:hidden;">
+            <div id="svBar" style="height:100%;width:0%;background:#22c55e;transition:width .5s,background .5s;border-radius:4px;"></div>
+          </div>
+        </div>
+      </div>
+      <div id="behaviorResp" class="resp" style="margin-top:10px;"></div>
+    </div>
+
+    <!-- Impossible Travel + AI Anomaly (2-col) -->
+    <div style="display:grid;grid-template-columns:1fr 1fr;gap:14px;margin-bottom:14px;">
+      <!-- Impossible Travel -->
+      <div class="card" style="margin:0;">
+        <div class="card-header"><span>&#x2708;&#xFE0F;</span> Impossible Travel Detector</div>
+        <div style="display:grid;gap:8px;">
+          <div style="display:grid;grid-template-columns:1fr 1fr;gap:6px;">
+            <div>
+              <label style="font-size:11px;color:var(--c-muted);">FROM city</label>
+              <select id="travelFrom" class="form-input" style="margin-top:3px;width:100%;"></select>
             </div>
+            <div>
+              <label style="font-size:11px;color:var(--c-muted);">TO city</label>
+              <select id="travelTo" class="form-input" style="margin-top:3px;width:100%;"></select>
+            </div>
+          </div>
+          <div>
+            <label style="font-size:11px;color:var(--c-muted);">Time gap (hours)</label>
+            <input id="travelHours" class="form-input" type="number" value="2" min="0.01" step="0.5" style="width:100%;margin-top:3px;">
+          </div>
+          <button class="btn btn-primary btn-sm" onclick="intelCheckTravel()">&#x1F4CF; Calculate Travel Risk</button>
+        </div>
+        <div id="travelResult" style="margin-top:10px;font-size:13px;"></div>
+      </div>
+
+      <!-- AI Anomaly Scorer -->
+      <div class="card" style="margin:0;">
+        <div class="card-header"><span>&#x1F916;</span> AI Anomaly Scorer</div>
+        <div style="display:grid;gap:6px;font-size:12px;">
+          <div style="display:grid;grid-template-columns:1fr auto;gap:6px;align-items:center;">
+            <span>Typing entropy</span>
+            <input id="aiTyping" type="number" class="form-input" value="0.70" min="0" max="1" step="0.05" style="width:72px;text-align:right;padding:3px 6px;">
+          </div>
+          <div style="display:grid;grid-template-columns:1fr auto;gap:6px;align-items:center;">
+            <span>Mouse linearity</span>
+            <input id="aiMouse" type="number" class="form-input" value="0.62" min="0" max="1" step="0.05" style="width:72px;text-align:right;padding:3px 6px;">
+          </div>
+          <div style="display:grid;grid-template-columns:1fr auto;gap:6px;align-items:center;">
+            <span>Scroll variance</span>
+            <input id="aiScroll" type="number" class="form-input" value="0.48" min="0" max="1" step="0.05" style="width:72px;text-align:right;padding:3px 6px;">
+          </div>
+          <div style="display:grid;grid-template-columns:1fr auto;gap:6px;align-items:center;">
+            <span>Hour norm. <span style="color:var(--c-muted);">(0=midnight, 1=noon)</span></span>
+            <input id="aiHour" type="number" class="form-input" value="0.55" min="0" max="1" step="0.05" style="width:72px;text-align:right;padding:3px 6px;">
+          </div>
+          <div style="display:grid;grid-template-columns:1fr auto;gap:6px;align-items:center;">
+            <span>Failed attempts <span style="color:var(--c-muted);">(÷20)</span></span>
+            <input id="aiFailed" type="number" class="form-input" value="0.00" min="0" max="1" step="0.05" style="width:72px;text-align:right;padding:3px 6px;">
+          </div>
+          <button class="btn btn-primary btn-sm" onclick="intelScoreAnomaly()">&#x1F9E0; Score with AI</button>
+        </div>
+        <div id="anomalyResult" style="margin-top:10px;"></div>
+      </div>
+    </div>
+
+    <!-- Micro-Challenges -->
+    <div class="card">
+      <div class="card-header"><span>&#x1F9E9;</span> Low-Friction Micro-Challenges</div>
+      <p style="font-size:13px;color:var(--c-muted);margin-bottom:10px;">
+        Challenges fire <em>only when trust drops below 40</em> &mdash; never interrupts a trusted session.
+      </p>
+      <div style="display:flex;gap:8px;flex-wrap:wrap;margin-bottom:10px;">
+        <button class="btn btn-warn btn-sm" onclick="intelDropTrust()">&#x1F53D; Drop Trust to 25</button>
+        <button class="btn btn-primary btn-sm" onclick="intelGenerateChallenge()">&#x1F9E9; Generate Challenge</button>
+      </div>
+      <div id="challengePanel" style="display:none;" class="callout callout-info">
+        <div style="font-size:16px;font-weight:700;margin-bottom:10px;" id="challengeQuestion">&#8230;</div>
+        <div style="display:flex;gap:8px;align-items:center;">
+          <input id="challengeAnswer" class="form-input" type="text" placeholder="Your answer&#8230;" style="width:160px;">
+          <button class="btn btn-success btn-sm" onclick="intelVerifyChallenge()">&#x2714; Verify</button>
+        </div>
+        <div id="challengeResultMsg" style="font-size:12px;margin-top:8px;"></div>
+      </div>
+      <div id="challengeResp" class="resp"></div>
+    </div>
+
+    <!-- Explainability (demo — no auth) -->
+    <div class="card">
+      <div class="card-header"><span>&#x1F4CA;</span> Explainable Risk Transparency</div>
+      <p style="font-size:13px;color:var(--c-muted);margin-bottom:10px;">
+        Submit factor scores and see exactly which signals contributed and why &mdash; with model weights.
+      </p>
+      <div style="display:grid;grid-template-columns:repeat(3,1fr);gap:8px;margin-bottom:10px;font-size:12px;">
+        <div>
+          <label style="color:var(--c-muted);">&#x1F30D; Location (0&ndash;100)</label>
+          <input id="expLocation" type="number" class="form-input" value="85" min="0" max="100" style="width:100%;margin-top:4px;">
+        </div>
+        <div>
+          <label style="color:var(--c-muted);">&#x1F4BB; Device</label>
+          <input id="expDevice" type="number" class="form-input" value="15" min="0" max="100" style="width:100%;margin-top:4px;">
+        </div>
+        <div>
+          <label style="color:var(--c-muted);">&#x1F550; Time</label>
+          <input id="expTime" type="number" class="form-input" value="10" min="0" max="100" style="width:100%;margin-top:4px;">
         </div>
+        <div>
+          <label style="color:var(--c-muted);">&#x26A1; Velocity</label>
+          <input id="expVelocity" type="number" class="form-input" value="5" min="0" max="100" style="width:100%;margin-top:4px;">
+        </div>
+        <div>
+          <label style="color:var(--c-muted);">&#x1F9E0; Behavior</label>
+          <input id="expBehavior" type="number" class="form-input" value="20" min="0" max="100" style="width:100%;margin-top:4px;">
+        </div>
+        <div>
+          <label style="color:var(--c-muted);">Security level (0&ndash;4)</label>
+          <input id="expLevel" type="number" class="form-input" value="2" min="0" max="4" style="width:100%;margin-top:4px;">
+        </div>
+      </div>
+      <button class="btn btn-primary btn-sm" onclick="intelExplain()">&#x1F50D; Generate Explanation</button>
+      <div id="explainResult" style="margin-top:12px;"></div>
     </div>
 
-    <script>
-        const API_BASE = `${window.location.origin}/api/v1`;
-        const AUTH_API_BASE = `${window.location.origin}/api/v1/auth`;
-
-        // Tab switching functionality
-        function showTab(tabName) {
-            // Hide all tab contents
-            document.querySelectorAll('.tab-content').forEach(tab => {
-                tab.classList.remove('active');
-            });
-            
-            // Remove active class from all tabs
-            document.querySelectorAll('.tab').forEach(tab => {
-                tab.classList.remove('active');
-            });
-            
-            // Show selected tab content
-            document.getElementById(tabName + 'Tab').classList.add('active');
-            
-            // Activate selected tab
-            event.target.classList.add('active');
-        }
-
-        // Save token to localStorage
-        function saveToken() {
-            const token = document.getElementById('authToken').value;
-            localStorage.setItem('authToken', token);
-            document.getElementById('tokenDisplay').textContent = 'Token saved: ' + token.substring(0, 30) + '...';
-            document.getElementById('tokenDisplay').style.display = 'block';
-        }
-
-        // Load token from localStorage
-        function loadToken() {
-            const token = localStorage.getItem('authToken');
-            if (token) {
-                document.getElementById('authToken').value = token;
-                document.getElementById('tokenDisplay').textContent = 'Current token: ' + token.substring(0, 30) + '...';
-                document.getElementById('tokenDisplay').style.display = 'block';
-            }
-        }
-
-        // Get token from localStorage
-        function getToken() {
-            return localStorage.getItem('authToken');
-        }
-
-        // Helper function to make API requests
-        async function apiRequest(url, method = 'GET', data = null, useAuth = true) {
-            const options = {
-                method: method,
-                headers: {
-                    'Content-Type': 'application/json',
-                }
-            };
-
-            if (useAuth) {
-                const token = getToken();
-                if (token) {
-                    options.headers['Authorization'] = `Bearer ${token}`;
-                }
-            }
-
-            if (data) {
-                options.body = JSON.stringify(data);
-            }
-
-            try {
-                const response = await fetch(url, options);
-                const result = await response.json();
-                
-                if (!response.ok) {
-                    throw new Error(result.detail || `HTTP error! status: ${response.status}`);
-                }
-                
-                return { success: true, data: result };
-            } catch (error) {
-                return { success: false, error: error.message };
-            }
-        }
-
-        // User registration
-        async function registerUser() {
-            const email = document.getElementById('regEmail').value;
-            const password = document.getElementById('regPassword').value;
-            const fullName = document.getElementById('regFullName').value;
-
-            if (!email || !password) {
-                alert('Please enter both email and password');
-                return;
-            }
-            
-            if (password.length < 8) {
-                alert('Password must be at least 8 characters long');
-                return;
-            }
-            
-            // Password validation requirements
-            const hasUpperCase = /[A-Z]/.test(password);
-            const hasLowerCase = /[a-z]/.test(password);
-            const hasNumbers = /\d/.test(password);
-            const hasSpecialChar = /[!@#$%^&*(),.?":{}|<>]/.test(password);
-            
-            if (!hasUpperCase) {
-                alert('Password must contain at least one uppercase letter');
-                return;
-            }
-            
-            if (!hasLowerCase) {
-                alert('Password must contain at least one lowercase letter');
-                return;
-            }
-            
-            if (!hasNumbers) {
-                alert('Password must contain at least one digit');
-                return;
-            }
-            
-            if (!hasSpecialChar) {
-                alert('Password must contain at least one special character');
-                return;
-            }
-            
-            // Basic email validation
-            const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-            if (!emailRegex.test(email)) {
-                alert('Please enter a valid email address');
-                return;
-            }
-
-            const userData = {
-                email: email,
-                password: password
-            };
-
-            if (fullName) {
-                userData.full_name = fullName;
-            }
-
-            const result = await apiRequest(`${AUTH_API_BASE}/register`, 'POST', userData, false);
-            displayResponse('registerResponse', result);
-        }
-
-        // User login
-        async function loginUser() {
-            const email = document.getElementById('loginEmail').value;
-            const password = document.getElementById('loginPassword').value;
-
-            if (!email || !password) {
-                alert('Please enter both email and password');
-                return;
-            }
-            
-            // Basic email validation
-            const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-            if (!emailRegex.test(email)) {
-                alert('Please enter a valid email address');
-                return;
-            }
-            
-            // For login, just check if password is provided (validation happens on server)
-            if (password.length < 1) {
-                alert('Password cannot be empty');
-                return;
-            }
-
-            const loginData = {
-                email: email,
-                password: password
-            };
-
-            const result = await apiRequest(`${AUTH_API_BASE}/login`, 'POST', loginData, false);
-            
-            if (result.success) {
-                // Save the token
-                localStorage.setItem('authToken', result.data.access_token);
-                document.getElementById('authToken').value = result.data.access_token;
-                document.getElementById('tokenDisplay').textContent = 'Token saved: ' + result.data.access_token.substring(0, 30) + '...';
-                document.getElementById('tokenDisplay').style.display = 'block';
-            }
-            
-            displayResponse('loginResponse', result);
-        }
-
-        // Adaptive login
-        async function adaptiveLogin() {
-            const email = document.getElementById('adaptiveEmail').value;
-            const password = document.getElementById('adaptivePassword').value;
-            const deviceInfo = document.getElementById('deviceInfo').value;
-
-            if (!email || !password) {
-                alert('Please enter both email and password');
-                return;
-            }
-
-            const loginData = {
-                email: email,
-                password: password
-            };
-
-            if (deviceInfo) {
-                loginData.device_info = deviceInfo;
-            }
-
-            const result = await apiRequest(`${AUTH_API_BASE}/adaptive-login`, 'POST', loginData, false);
-            
-            if (result.success) {
-                // Save the token if provided
-                if (result.data.access_token) {
-                    localStorage.setItem('authToken', result.data.access_token);
-                    document.getElementById('authToken').value = result.data.access_token;
-                    document.getElementById('tokenDisplay').textContent = 'Token saved: ' + result.data.access_token.substring(0, 30) + '...';
-                    document.getElementById('tokenDisplay').style.display = 'block';
-                }
-            }
-            
-            displayResponse('adaptiveResponse', result);
-        }
-
-        // ============ RISK DEMO FUNCTIONS ============
-        
-        // Demo Level 0-1: Trusted device login
-        async function demoLevel1() {
-            const email = document.getElementById('demo1Email').value;
-            const password = document.getElementById('demo1Password').value;
-
-            if (!email || !password) {
-                alert('Please enter email and password');
-                return;
-            }
-
-            const loginData = { email, password };
-            const result = await apiRequest(`${AUTH_API_BASE}/adaptive-login`, 'POST', loginData, false);
-            
-            // Format the response to highlight security level
-            if (result.success && result.data) {
-                const data = result.data;
-                const formatted = {
-                    'Result': 'SUCCESS - Level 0-1 (Trusted Device)',
-                    'Security Level': data.security_level || 1,
-                    'Risk Level': data.risk_level || 'low',
-                    'Risk Score': data.risk_score || 'N/A',
-                    'Message': data.message || 'Login successful with minimal verification',
-                    'Token': data.access_token ? 'Generated ' : 'N/A'
-                };
-                displayResponse('demo1Response', { success: true, data: formatted });
-                
-                if (data.access_token) {
-                    localStorage.setItem('authToken', data.access_token);
-                    document.getElementById('authToken').value = data.access_token;
-                }
-            } else {
-                displayResponse('demo1Response', result);
-            }
-        }
-
-        // Demo Level 2: New device/browser
-        async function demoLevel2() {
-            const email = document.getElementById('demo2Email').value;
-            const password = document.getElementById('demo2Password').value;
-            const deviceFingerprint = document.getElementById('demo2Device').value;
-
-            if (!email || !password) {
-                alert('Please enter email and password');
-                return;
-            }
-
-            const loginData = { 
-                email, 
-                password,
-                device_info: deviceFingerprint || 'unknown-device-' + Date.now()
-            };
-            
-            const result = await apiRequest(`${AUTH_API_BASE}/adaptive-login`, 'POST', loginData, false);
-            
-            if (result.success && result.data) {
-                const data = result.data;
-                const formatted = {
-                    'Result': 'ELEVATED SECURITY - Level 2-3',
-                    'Security Level': data.security_level || 2,
-                    'Risk Level': data.risk_level || 'medium',
-                    'Risk Score': data.risk_score || 'N/A',
-                    'Challenge Required': data.challenge_type || data.required_action || 'email_verify',
-                    'Message': data.message || 'New device detected - additional verification required',
-                    'Risk Factors': data.risk_factors || 'Unknown device fingerprint'
-                };
-                displayResponse('demo2Response', { success: true, data: formatted });
-            } else {
-                displayResponse('demo2Response', result);
-            }
-        }
-
-        // Demo Level 4: Brute force simulation
-        async function demoBruteForce() {
-            const email = document.getElementById('demo4Email').value;
-            const progressDiv = document.getElementById('bruteForceProgress');
-            
-            if (!email) {
-                alert('Please enter an email');
-                return;
-            }
-
-            progressDiv.innerHTML = '<strong>Simulating brute force attack...</strong><br>';
-            
-            const wrongPasswords = ['wrong1', 'wrong2', 'wrong3', 'wrong4', 'wrong5'];
-            let lastResult = null;
-            
-            for (let i = 0; i < wrongPasswords.length; i++) {
-                const loginData = { email, password: wrongPasswords[i] };
-                
-                progressDiv.innerHTML += `Attempt ${i + 1}: Password "${wrongPasswords[i]}" - `;
-                
-                const result = await apiRequest(`${AUTH_API_BASE}/login`, 'POST', loginData, false);
-                
-                if (result.success) {
-                    progressDiv.innerHTML += '<span style="color: green;">Success</span><br>';
-                } else {
-                    progressDiv.innerHTML += '<span style="color: red;">Failed</span><br>';
-                }
-                
-                lastResult = result;
-                
-                // Small delay between attempts
-                await new Promise(resolve => setTimeout(resolve, 300));
-            }
-            
-            const formatted = {
-                'Result': 'LEVEL 4 - ATTACK DETECTED',
-                'Pattern': 'Brute Force Attack',
-                'Failed Attempts': wrongPasswords.length,
-                'Response': lastResult.success ? 'Still allowed' : 'BLOCKED or Rate Limited',
-                'Detection': 'AnomalyDetector flagged suspicious pattern',
-                'Note': 'Check Admin Tab > View Anomalies for detection log'
-            };
-            
-            displayResponse('demo4Response', { success: false, data: formatted });
-        }
-
-        // Show risk factors breakdown
-        async function showRiskBreakdown() {
-            const riskFactors = {
-                'Risk Calculation Formula': '============================',
-                'Device Factor (30%)': 'Checks device fingerprint against known devices',
-                'Location Factor (25%)': 'Checks IP address and geolocation',
-                'Time Factor (15%)': 'Compares login time with typical patterns',
-                'Velocity Factor (15%)': 'Checks for rapid/repeated attempts',
-                'Behavior Factor (15%)': 'Analyzes overall user behavior anomalies',
-                '============================': '',
-                'Total Score': '0-100 (weighted sum of all factors)',
-                'Security Level Decision': [
-                    'Score 0-25: Level 0 (Trusted)',
-                    'Score 25-50: Level 1 (Password only)',
-                    'Score 50-70: Level 2 (Email verify)',
-                    'Score 70-85: Level 3 (2FA required)',
-                    'Score 85-100: Level 4 (Blocked)'
-                ]
-            };
-            
-            displayResponse('riskBreakdownResponse', { success: true, data: riskFactors });
-        }
-
-        // ============ END RISK DEMO FUNCTIONS ============
-
-        // Access protected resource
-        async function accessProtected() {
-            const result = await apiRequest(`${API_BASE}/protected`);
-            displayResponse('protectedResponse', result);
-        }
-
-        // Enable 2FA
-        async function enable2FA() {
-            const result = await apiRequest(`${AUTH_API_BASE}/enable-2fa`, 'POST');
-            if (result.success && result.data.qr_code) {
-                document.getElementById('qrCodeDisplay').innerHTML = `<img src="${result.data.qr_code}" alt="QR Code" style="max-width: 200px;">`;
-            }
-            displayResponse('enable2faResponse', result);
-        }
-
-        // Verify 2FA
-        async function verify2FA() {
-            const code = document.getElementById('totpCode').value;
-            
-            if (!code) {
-                alert('Please enter a TOTP code');
-                return;
-            }
-
-            const verifyData = {
-                otp: code
-            };
-
-            const result = await apiRequest(`${AUTH_API_BASE}/verify-2fa`, 'POST', verifyData);
-            displayResponse('verify2faResponse', result);
-        }
-
-        // Disable 2FA
-        async function disable2FA() {
-            const password = prompt('Enter your password to disable 2FA:');
-            if (!password) return;
-            const result = await apiRequest(`${AUTH_API_BASE}/disable-2fa?password=${encodeURIComponent(password)}`, 'POST');
-            displayResponse('disable2faResponse', result);
-        }
-
-        // Get users (admin)
-        async function getUsers() {
-            const result = await apiRequest(`${API_BASE}/admin/users`);
-            displayResponse('usersResponse', result);
-        }
-
-        // Get statistics (admin)
-        async function getStats() {
-            const result = await apiRequest(`${API_BASE}/admin/statistics`);
-            displayResponse('statsResponse', result);
-        }
-
-        // Assess risk
-        async function assessRisk() {
-            const email = document.getElementById('riskEmail').value;
-            const ipAddress = document.getElementById('ipAddress').value;
-            const deviceFingerprint = document.getElementById('deviceFingerprint').value;
-
-            const riskData = {};
-            if (email) riskData.email = email;
-            if (ipAddress) riskData.ip_address = ipAddress;
-            if (deviceFingerprint) riskData.device_fingerprint = deviceFingerprint;
-
-            const result = await apiRequest(`${AUTH_API_BASE}/adaptive/assess`, 'POST', riskData);
-            displayResponse('riskResponse', result);
-        }
-
-        // Display response in designated div
-        function displayResponse(elementId, result) {
-            const responseDiv = document.getElementById(elementId);
-            
-            if (result.success) {
-                responseDiv.className = 'response success';
-                responseDiv.innerHTML = formatSuccessResponse(result.data);
-            } else {
-                responseDiv.className = 'response error';
-                responseDiv.innerHTML = formatErrorResponse(result.error);
-            }
-        }
-
-        // Professional response formatter
-        function formatSuccessResponse(data) {
-            if (!data) return '<div class="result-card"><span class="badge badge-success">SUCCESS</span></div>';
-            
-            let html = '<div class="result-container">';
-            
-            // Check if it's an adaptive login response
-            if (data.status !== undefined || data.security_level !== undefined || data.risk_level !== undefined) {
-                html += formatAdaptiveLoginResponse(data);
-            } 
-            // Check if it's a user profile response
-            else if (data.email && (data.full_name || data.role)) {
-                html += formatUserProfileResponse(data);
-            }
-            // Check if it's a 2FA response
-            else if (data.qr_code || data.secret || data.tfa_enabled !== undefined) {
-                html += format2FAResponse(data);
-            }
-            // Check if it's sessions list
-            else if (Array.isArray(data)) {
-                html += formatArrayResponse(data);
-            }
-            // Check if it's admin stats
-            else if (data.total_users !== undefined || data.active_sessions !== undefined) {
-                html += formatStatsResponse(data);
-            }
-            // Default: show as formatted cards
-            else {
-                html += formatGenericResponse(data);
-            }
-            
-            html += '</div>';
-            return html;
-        }
-
-        // Adaptive Login Response (Most Important!)
-        function formatAdaptiveLoginResponse(data) {
-            const securityLevel = data.security_level ?? 'N/A';
-            const riskLevel = data.risk_level || 'unknown';
-            const status = data.status || 'success';
-            
-            // Security level colors
-            const levelColors = {
-                0: { bg: '#4CAF50', label: 'TRUSTED', icon: '✓' },
-                1: { bg: '#8BC34A', label: 'LOW RISK', icon: '✓' },
-                2: { bg: '#FF9800', label: 'MEDIUM', icon: '⚠' },
-                3: { bg: '#FF5722', label: 'HIGH RISK', icon: '⚠' },
-                4: { bg: '#f44336', label: 'BLOCKED', icon: '✕' }
-            };
-            
-            const levelInfo = levelColors[securityLevel] || levelColors[1];
-            
-            // Risk level badge color
-            const riskColors = {
-                'low': '#4CAF50',
-                'medium': '#FF9800',
-                'high': '#FF5722',
-                'critical': '#f44336'
-            };
-            const riskColor = riskColors[riskLevel.toLowerCase()] || '#666';
-            
-            let html = `
-                <div class="result-header" style="background: ${levelInfo.bg}; color: white; padding: 15px; border-radius: 8px 8px 0 0; text-align: center;">
-                    <div style="font-size: 40px;">${levelInfo.icon}</div>
-                    <div style="font-size: 24px; font-weight: bold;">${status.toUpperCase()}</div>
-                    <div style="font-size: 14px; opacity: 0.9;">Security Level ${securityLevel} - ${levelInfo.label}</div>
-                </div>
-                
-                <div class="result-body" style="padding: 15px; background: #f8f9fa; border-radius: 0 0 8px 8px;">
-                    <div style="display: grid; grid-template-columns: repeat(auto-fit, minmax(150px, 1fr)); gap: 10px; margin-bottom: 15px;">
-                        <div class="stat-box" style="background: white; padding: 12px; border-radius: 5px; text-align: center; border-left: 4px solid ${levelInfo.bg};">
-                            <div style="font-size: 12px; color: #666;">SECURITY LEVEL</div>
-                            <div style="font-size: 28px; font-weight: bold; color: ${levelInfo.bg};">${securityLevel}</div>
-                        </div>
-                        <div class="stat-box" style="background: white; padding: 12px; border-radius: 5px; text-align: center; border-left: 4px solid ${riskColor};">
-                            <div style="font-size: 12px; color: #666;">RISK LEVEL</div>
-                            <div style="font-size: 18px; font-weight: bold; color: ${riskColor}; text-transform: uppercase;">${riskLevel}</div>
-                        </div>`;
-            
-            if (data.risk_score !== undefined) {
-                html += `
-                        <div class="stat-box" style="background: white; padding: 12px; border-radius: 5px; text-align: center; border-left: 4px solid #2196F3;">
-                            <div style="font-size: 12px; color: #666;">RISK SCORE</div>
-                            <div style="font-size: 28px; font-weight: bold; color: #2196F3;">${data.risk_score}</div>
-                        </div>`;
-            }
-            
-            html += '</div>';
-            
-            // Challenge info if required
-            if (data.challenge_type) {
-                html += `
-                    <div style="background: #fff3cd; padding: 10px; border-radius: 5px; margin: 10px 0; border-left: 4px solid #ffc107;">
-                        <strong>⚠ Challenge Required:</strong> ${data.challenge_type.replace('_', ' ').toUpperCase()}
-                    </div>`;
-            }
-            
-            // User info
-            if (data.user_info) {
-                html += `
-                    <div style="background: white; padding: 10px; border-radius: 5px; margin-top: 10px;">
-                        <div style="font-weight: bold; margin-bottom: 5px;">👤 User Info</div>
-                        <div style="font-size: 14px;">
-                            <span style="color: #666;">Email:</span> ${data.user_info.email}<br>
-                            <span style="color: #666;">Name:</span> ${data.user_info.full_name || 'N/A'}<br>
-                            <span style="color: #666;">Role:</span> <span class="badge" style="background: #6c757d; color: white; padding: 2px 8px; border-radius: 3px;">${data.user_info.role}</span>
-                        </div>
-                    </div>`;
-            }
-            
-            // Token (truncated)
-            if (data.access_token) {
-                html += `
-                    <div style="background: #e7f3ff; padding: 10px; border-radius: 5px; margin-top: 10px;">
-                        <div style="font-weight: bold; margin-bottom: 5px;">🔑 JWT Token Generated</div>
-                        <div style="font-size: 12px; font-family: monospace; word-break: break-all; color: #0066cc;">
-                            ${data.access_token.substring(0, 50)}...
-                        </div>
-                    </div>`;
-            }
-            
-            // Message
-            if (data.message) {
-                html += `
-                    <div style="background: #d1ecf1; padding: 10px; border-radius: 5px; margin-top: 10px;">
-                        <strong>ℹ️ Message:</strong> ${data.message}
-                    </div>`;
-            }
-            
-            html += '</div>';
-            return html;
-        }
-
-        // User Profile Response
-        function formatUserProfileResponse(data) {
-            return `
-                <div style="text-align: center; padding: 20px;">
-                    <div style="width: 80px; height: 80px; background: #3498db; border-radius: 50%; margin: 0 auto 15px; display: flex; align-items: center; justify-content: center;">
-                        <span style="font-size: 36px; color: white;">${(data.email || 'U')[0].toUpperCase()}</span>
-                    </div>
-                    <h3 style="margin: 0;">${data.full_name || 'User'}</h3>
-                    <p style="color: #666; margin: 5px 0;">${data.email}</p>
-                    <span class="badge" style="background: ${data.role === 'admin' ? '#dc3545' : '#6c757d'}; color: white; padding: 5px 15px; border-radius: 15px;">
-                        ${(data.role || 'user').toUpperCase()}
-                    </span>
-                </div>
-                <div style="display: grid; grid-template-columns: 1fr 1fr; gap: 10px; margin-top: 15px;">
-                    <div style="background: #f8f9fa; padding: 10px; border-radius: 5px; text-align: center;">
-                        <div style="font-size: 12px; color: #666;">2FA STATUS</div>
-                        <div style="font-size: 16px; font-weight: bold; color: ${data.tfa_enabled ? '#28a745' : '#dc3545'};">
-                            ${data.tfa_enabled ? '✓ ENABLED' : '✕ DISABLED'}
-                        </div>
-                    </div>
-                    <div style="background: #f8f9fa; padding: 10px; border-radius: 5px; text-align: center;">
-                        <div style="font-size: 12px; color: #666;">ACCOUNT STATUS</div>
-                        <div style="font-size: 16px; font-weight: bold; color: ${data.is_active !== false ? '#28a745' : '#dc3545'};">
-                            ${data.is_active !== false ? '✓ ACTIVE' : '✕ INACTIVE'}
-                        </div>
-                    </div>
-                </div>`;
-        }
-
-        // 2FA Response
-        function format2FAResponse(data) {
-            let html = '<div style="text-align: center;">';
-            
-            if (data.qr_code) {
-                html += `
-                    <div style="background: #d4edda; padding: 15px; border-radius: 8px; margin-bottom: 15px;">
-                        <div style="font-size: 24px;">🔐</div>
-                        <div style="font-weight: bold;">2FA Setup Ready!</div>
-                        <div style="font-size: 14px; color: #666;">Scan this QR code with your authenticator app</div>
-                    </div>
-                    <img src="${data.qr_code}" alt="QR Code" style="max-width: 200px; border: 2px solid #ddd; border-radius: 8px;">`;
-            }
-            
-            if (data.secret) {
-                html += `
-                    <div style="background: #fff3cd; padding: 10px; border-radius: 5px; margin-top: 15px;">
-                        <div style="font-size: 12px; color: #666;">Manual Entry Code:</div>
-                        <div style="font-family: monospace; font-weight: bold; letter-spacing: 2px;">${data.secret}</div>
-                    </div>`;
-            }
-            
-            if (data.tfa_enabled !== undefined) {
-                html += `
-                    <div style="font-size: 48px; margin: 20px 0;">${data.tfa_enabled ? '✅' : '❌'}</div>
-                    <div style="font-size: 20px; font-weight: bold;">
-                        2FA ${data.tfa_enabled ? 'ENABLED' : 'DISABLED'}
-                    </div>`;
-            }
-            
-            if (data.message) {
-                html += `<div style="margin-top: 10px; color: #666;">${data.message}</div>`;
-            }
-            
-            html += '</div>';
-            return html;
-        }
-
-        // Array Response (sessions, users list)
-        function formatArrayResponse(data) {
-            if (data.length === 0) {
-                return '<div style="text-align: center; padding: 20px; color: #666;">No data found</div>';
-            }
-            
-            let html = `<div style="font-weight: bold; margin-bottom: 10px;">Found ${data.length} items:</div>`;
-            
-            data.forEach((item, index) => {
-                html += `<div style="background: #f8f9fa; padding: 10px; border-radius: 5px; margin-bottom: 8px; border-left: 4px solid #3498db;">`;
-                html += `<strong>#${index + 1}</strong><br>`;
-                Object.keys(item).forEach(key => {
-                    let value = item[key];
-                    if (typeof value === 'object') value = JSON.stringify(value);
-                    if (key.includes('token')) value = value.substring(0, 20) + '...';
-                    html += `<span style="color: #666;">${key}:</span> ${value}<br>`;
-                });
-                html += '</div>';
-            });
-            
-            return html;
-        }
-
-        // Stats Response
-        function formatStatsResponse(data) {
-            let html = '<div style="display: grid; grid-template-columns: repeat(auto-fit, minmax(120px, 1fr)); gap: 10px;">';
-            
-            const statIcons = {
-                'total_users': '👥',
-                'active_sessions': '🔗',
-                'total_risk_events': '⚠️',
-                'total_logins': '🔑',
-                'failed_logins': '❌'
-            };
-            
-            Object.keys(data).forEach(key => {
-                const icon = statIcons[key] || '📊';
-                html += `
-                    <div style="background: #f8f9fa; padding: 15px; border-radius: 8px; text-align: center;">
-                        <div style="font-size: 24px;">${icon}</div>
-                        <div style="font-size: 24px; font-weight: bold; color: #2c3e50;">${data[key]}</div>
-                        <div style="font-size: 11px; color: #666; text-transform: uppercase;">${key.replace(/_/g, ' ')}</div>
-                    </div>`;
-            });
-            
-            html += '</div>';
-            return html;
-        }
-
-        // Generic Response
-        function formatGenericResponse(data) {
-            let html = '';
-            
-            Object.keys(data).forEach(key => {
-                let value = data[key];
-                let displayValue = value;
-                
-                if (typeof value === 'object' && value !== null) {
-                    if (Array.isArray(value)) {
-                        displayValue = value.join(', ');
-                    } else {
-                        displayValue = JSON.stringify(value, null, 2);
-                    }
-                }
-                
-                // Truncate long values
-                if (typeof displayValue === 'string' && displayValue.length > 100) {
-                    displayValue = displayValue.substring(0, 100) + '...';
-                }
-                
-                html += `
-                    <div style="background: #f8f9fa; padding: 8px 12px; border-radius: 5px; margin-bottom: 5px; display: flex; justify-content: space-between;">
-                        <span style="font-weight: bold; color: #495057;">${key.replace(/_/g, ' ').toUpperCase()}</span>
-                        <span style="color: #212529;">${displayValue}</span>
-                    </div>`;
-            });
-            
-            return html;
-        }
-
-        // Error Response
-        function formatErrorResponse(error) {
-            return `
-                <div style="text-align: center; padding: 20px;">
-                    <div style="font-size: 48px;">❌</div>
-                    <div style="font-size: 20px; font-weight: bold; color: #dc3545; margin: 10px 0;">ERROR</div>
-                    <div style="background: #f8d7da; padding: 15px; border-radius: 5px; color: #721c24;">
-                        ${typeof error === 'object' ? JSON.stringify(error, null, 2) : error}
-                    </div>
-                </div>`;
-        }
-
-        // Clear token
-        function clearToken() {
-            localStorage.removeItem('authToken');
-            document.getElementById('authToken').value = '';
-            document.getElementById('tokenDisplay').style.display = 'none';
-            document.getElementById('tokenInfo').textContent = '';
-            alert('Token cleared!');
-        }
-
-        // Check server status
-        async function checkServerStatus() {
-            const statusDiv = document.getElementById('serverStatus');
-            try {
-                const response = await fetch(`${API_BASE.replace('/api/v1', '')}/health`);
-                if (response.ok) {
-                    statusDiv.innerHTML = '<span class="status-indicator status-online"></span><span>Server Online</span>';
-                } else {
-                    statusDiv.innerHTML = '<span class="status-indicator status-offline"></span><span>Server Error</span>';
-                }
-            } catch (error) {
-                statusDiv.innerHTML = '<span class="status-indicator status-offline"></span><span>Server Offline</span>';
-            }
-        }
-
-        // User Profile Functions
-        async function getMyProfile() {
-            const result = await apiRequest(`${API_BASE}/user/profile`);
-            displayResponse('profileResponse', result);
-        }
-
-        async function updateProfile() {
-            const fullName = document.getElementById('updateFullName').value;
-            if (!fullName) {
-                alert('Please enter a full name');
-                return;
-            }
-            const result = await apiRequest(`${API_BASE}/user/profile`, 'PUT', { full_name: fullName });
-            displayResponse('updateProfileResponse', result);
-        }
-
-        async function changePassword() {
-            const currentPassword = document.getElementById('currentPassword').value;
-            const newPassword = document.getElementById('newPassword').value;
-            if (!currentPassword || !newPassword) {
-                alert('Please enter both current and new password');
-                return;
-            }
-            const result = await apiRequest(`${API_BASE}/user/change-password`, 'POST', {
-                current_password: currentPassword,
-                new_password: newPassword,
-                confirm_password: newPassword
-            });
-            displayResponse('changePasswordResponse', result);
-        }
-
-        async function getMySessions() {
-            const result = await apiRequest(`${API_BASE}/user/sessions`);
-            displayResponse('sessionsResponse', result);
-        }
-
-        async function logoutAllSessions() {
-            if (!confirm('Are you sure you want to logout from all sessions?')) return;
-            const result = await apiRequest(`${API_BASE}/user/sessions/revoke`, 'POST', { revoke_all: true });
-            displayResponse('sessionsResponse', result);
-        }
-
-        // 2FA Functions
-        async function get2FAStatus() {
-            const result = await apiRequest(`${API_BASE}/user/security`);
-            displayResponse('status2faResponse', result);
-        }
-
-        // Admin Functions
-        async function getUserByEmail() {
-            const email = document.getElementById('adminSearchEmail').value;
-            if (!email) {
-                alert('Please enter an email');
-                return;
-            }
-            // Note: Admin endpoint uses user_id, not email - this is a simplified version
-            const result = await apiRequest(`${API_BASE}/admin/users`);
-            displayResponse('usersResponse', result);
-        }
-
-        async function getSystemHealth() {
-            const result = await apiRequest(`${API_BASE.replace('/api/v1', '')}/health`, 'GET', null, false);
-            displayResponse('statsResponse', result);
-        }
-
-        async function getRiskEvents() {
-            const result = await apiRequest(`${API_BASE}/admin/risk-events`);
-            displayResponse('riskEventsResponse', result);
-        }
-
-        async function getAnomalies() {
-            const result = await apiRequest(`${API_BASE}/admin/anomalies`);
-            displayResponse('riskEventsResponse', result);
-        }
-
-        async function activateUser() {
-            const userIdInput = document.getElementById('adminUserEmail').value;
-            if (!userIdInput) {
-                alert('Please enter user ID');
-                return;
-            }
-            const result = await apiRequest(`${API_BASE}/admin/users/${userIdInput}/unblock`, 'POST');
-            displayResponse('userActionResponse', result);
-        }
-
-        async function deactivateUser() {
-            const userIdInput = document.getElementById('adminUserEmail').value;
-            if (!userIdInput) {
-                alert('Please enter user ID');
-                return;
-            }
-            if (!confirm('Are you sure you want to block this user?')) return;
-            const result = await apiRequest(`${API_BASE}/admin/users/${userIdInput}/block`, 'POST');
-            displayResponse('userActionResponse', result);
-        }
-
-        // Risk & Security Functions
-        async function getBehaviorProfile() {
-            const result = await apiRequest(`${API_BASE}/user/risk-profile`);
-            displayResponse('behaviorResponse', result);
-        }
-
-        async function getLoginPatterns() {
-            const result = await apiRequest(`${API_BASE}/risk/login-patterns`);
-            displayResponse('behaviorResponse', result);
-        }
-
-        async function getSecurityLevel() {
-            const result = await apiRequest(`${API_BASE}/user/security`);
-            displayResponse('securityLevelResponse', result);
-        }
-
-        async function getTrustedDevices() {
-            const result = await apiRequest(`${API_BASE}/user/devices`);
-            displayResponse('deviceTrustResponse', result);
-        }
-
-        async function addTrustedDevice() {
-            alert('Device will be automatically added on next login');
-            displayResponse('deviceTrustResponse', { success: true, data: { message: 'Device trust is managed automatically' }});
-        }
-
-        async function accessAdminProtected() {
-            const result = await apiRequest(`${API_BASE}/admin-only`);
-            displayResponse('adminProtectedResponse', result);
-        }
-
-        // Load token on page load
-        window.onload = function() {
-            loadToken();
-            checkServerStatus();
-        };
-    </script>
+    <!-- Session Audit Trail (authed) -->
+    <div class="card">
+      <div class="card-header"><span>&#x1F4CB;</span> Session Audit Trail <span style="color:var(--c-muted);font-size:12px;">(requires login)</span></div>
+      <button class="btn btn-ghost btn-sm" onclick="intelSessionExplain()" style="margin-bottom:8px;">&#x1F4C4; Fetch My Session Events</button>
+      <div id="sessionExplainResp" class="resp"></div>
+    </div>
+  </div><!-- /intel -->
+</div><!-- /container -->
+
+<script>
+const API   = location.origin + '/api/v1';
+const AUTH  = API + '/auth';
+const DEMO  = API + '/demo';
+const ADMIN = API + '/admin';
+const USER  = API + '/user';
+const RISK  = API + '/risk';
+
+function getToken()  { return localStorage.getItem('token') || ''; }
+function saveToken(t){ localStorage.setItem('token', t); refreshTokenBar(); }
+function clearToken(){ localStorage.removeItem('token'); refreshTokenBar(); }
+function copyToken() {
+  const t = getToken();
+  if (!t) { alert('No token to copy.'); return; }
+  navigator.clipboard.writeText(t).then(() => alert('Token copied!')).catch(() => alert(t.substring(0, 80) + '...'));
+}
+function refreshTokenBar() {
+  const t = getToken();
+  document.getElementById('tokenPreview').textContent = t ? (t.substring(0, 60) + '...') : 'No token — log in first';
+}
+
+async function req(url, method, body, auth) {
+  if (method === undefined) method = 'GET';
+  if (auth === undefined) auth = true;
+  const headers = { 'Content-Type': 'application/json' };
+  if (auth && getToken()) headers['Authorization'] = 'Bearer ' + getToken();
+  try {
+    const r = await fetch(url, { method: method, headers: headers, body: body ? JSON.stringify(body) : undefined });
+    const data = await r.json().catch(function() { return {}; });
+    return { ok: r.ok, status: r.status, data: data };
+  } catch(e) {
+    return { ok: false, status: 0, data: { detail: e.message } };
+  }
+}
+
+function showResp(id, r, extractToken) {
+  const el = document.getElementById(id);
+  el.classList.add('show');
+  if (extractToken && r.ok) {
+    const t = r.data && (r.data.access_token || (r.data.framework_decision && r.data.framework_decision.access_token));
+    if (t) saveToken(t);
+  }
+  el.style.color = r.ok ? 'var(--c-success)' : 'var(--c-danger)';
+  el.textContent = JSON.stringify(r.data, null, 2);
+}
+
+function setStep(prefix, step, state) {
+  if (!state) state = 'active';
+  for (var i = 0; i <= 4; i++) {
+    var el = document.getElementById(prefix + 'step' + i);
+    if (!el) continue;
+    el.classList.remove('active', 'done');
+    if (i < step) el.classList.add('done');
+    else if (i === step) el.classList.add(state);
+  }
+}
+
+async function ping() {
+  const dot = document.getElementById('statusDot');
+  const text = document.getElementById('statusText');
+  dot.className = 'dot'; text.textContent = 'Checking...';
+  try {
+    const r = await fetch(location.origin + '/health');
+    if (r.ok) { dot.className = 'dot online'; text.textContent = 'Server online'; }
+    else { dot.className = 'dot'; text.textContent = 'Server error (' + r.status + ')'; }
+  } catch(e) {
+    dot.className = 'dot'; text.textContent = 'Server offline';
+  }
+}
+
+function switchTab(id, btn) {
+  document.querySelectorAll('.tab-panel').forEach(function(p) { p.classList.remove('active'); });
+  document.querySelectorAll('.main-tabs button').forEach(function(b) { b.classList.remove('active'); });
+  document.getElementById('tab-' + id).classList.add('active');
+  btn.classList.add('active');
+  if (id === 'demo2') refreshAnomalies();
+  if (id === 'admin') { loadAdminStats(); checkEmailStatus(); }
+  if (id === 'intel') intelInitTab();
+}
+
+/* ---- SCENARIO 1 ---- */
+async function setupDemo(reset) {
+  setStep('s1', 0, 'active');
+  const r = await req(DEMO + '/setup?reset=' + (reset ? 'true' : 'false'), 'POST', null, false);
+  showResp('setupResp', r);
+  if (r.ok) setStep('s1', 0, 'done');
+}
+
+async function checkDemoState() {
+  const r = await req(DEMO + '/state', 'GET', null, false);
+  showResp('setupResp', r);
+}
+
+async function doNormalLogin() {
+  setStep('s1', 1, 'active');
+  const r = await req(DEMO + '/scenario1/normal-login', 'POST', null, false);
+  showResp('normalLoginResp', r, true);
+  if (r.ok && r.data && r.data.framework_decision && r.data.framework_decision.status === 'success') {
+    setStep('s1', 1, 'done');
+    showRiskViz(r.data.framework_decision, r.data.what_the_framework_checked);
+    document.getElementById('challengeCard').style.display = 'none';
+    document.getElementById('riskVizCard').style.display = 'block';
+  }
+}
+
+async function doSuspiciousLogin() {
+  setStep('s1', 2, 'active');
+  const r = await req(DEMO + '/scenario1/suspicious-login', 'POST', null, false);
+  showResp('suspLoginResp', r);
+  if (r.ok && r.data) {
+    setStep('s1', 2, 'done');
+    var decision = r.data.framework_decision || {};
+    showRiskViz(decision, r.data.anomalies_triggered);
+    if (decision.status === 'challenge_required' && decision.challenge_id) {
+      document.getElementById('challengeId').value = decision.challenge_id;
+      document.getElementById('challengeCard').style.display = 'block';
+      setStep('s1', 3, 'active');
+    } else {
+      document.getElementById('challengeCard').style.display = 'none';
+    }
+    document.getElementById('riskVizCard').style.display = 'block';
+  }
+}
+
+async function doCompleteChallenge() {
+  var id = document.getElementById('challengeId').value.trim();
+  var code = document.getElementById('challengeCode').value.trim();
+  if (!id || !code) { alert('Enter challenge ID and code.'); return; }
+  const r = await req(DEMO + '/scenario1/complete-challenge?challenge_id=' + encodeURIComponent(id) + '&code=' + encodeURIComponent(code), 'POST', null, false);
+  showResp('challengeResp', r, true);
+  if (r.ok && r.data && r.data.result && r.data.result.status === 'success') {
+    setStep('s1', 3, 'done');
+  }
+}
+
+function showRiskViz(decision, notes) {
+  document.getElementById('riskVizCard').style.display = 'block';
+  var score = decision.risk_score || 0;
+  var level = decision.security_level !== undefined ? decision.security_level : 0;
+  var rl = (decision.risk_level || 'low').toLowerCase();
+  var status = decision.status || 'success';
+  var ARC_LEN = 220;
+  var offset = ARC_LEN - (score / 100) * ARC_LEN;
+  var colours = { low: '#22c55e', medium: '#f59e0b', high: '#f97316', critical: '#ef4444' };
+  var colour = colours[rl] || '#6366f1';
+  var arc = document.getElementById('gaugeArc');
+  arc.setAttribute('stroke-dashoffset', offset);
+  arc.setAttribute('stroke', colour);
+  document.getElementById('gaugeNum').textContent = Math.round(score);
+  document.getElementById('gaugeNum').style.color = colour;
+  document.getElementById('gaugeLabel').textContent = rl.toUpperCase() + ' RISK';
+  document.getElementById('gaugeLabel').style.color = colour;
+  var labels = ['active-0','active-1','active-2','active-3','active-4'];
+  for (var i = 0; i < 5; i++) {
+    var seg = document.getElementById('lseg' + i);
+    seg.className = 'level-seg';
+    if (i <= level) seg.classList.add(labels[i]);
+  }
+  var dbox = document.getElementById('decisionBox');
+  var statusLabels = { success: 'ACCESS GRANTED', challenge_required: 'CHALLENGE REQUIRED', blocked: 'BLOCKED' };
+  var statusClass  = { success: 'success', challenge_required: 'challenge', blocked: 'blocked' };
+  var icons = { success: '&#x2705;', challenge_required: '&#x26A0;', blocked: '&#x1F6AB;' };
+  dbox.innerHTML = '<div class="decision-panel"><div class="decision-header ' + (statusClass[status] || 'success') + '">' +
+    (icons[status] || '') + ' ' + (statusLabels[status] || status.toUpperCase()) + '</div>' +
+    '<div class="decision-body" style="font-size:13px;">' +
+    '<div style="margin-bottom:6px;">Security Level: <strong>' + level + '</strong> / 4</div>' +
+    (decision.challenge_type ? '<div>Challenge: <strong>' + decision.challenge_type.toUpperCase() + '</strong></div>' : '') +
+    (decision.message ? '<div style="margin-top:6px;color:var(--c-muted);">' + decision.message + '</div>' : '') +
+    '</div></div>';
+  var factors = decision.risk_factors || {};
+  var factorEl = document.getElementById('factorBars');
+  var fkeys = ['device','location','time','velocity','behavior'];
+  var fnames = { device:'Device', location:'Location', time:'Time Pattern', velocity:'Velocity', behavior:'Behavior' };
+  var fweight = { device:'0.21%', location:'97.68%', time:'0.02%', velocity:'2.08%', behavior:'0.01%' };
+  factorEl.innerHTML = fkeys.map(function(k) {
+    var val = factors[k] || 0;
+    var fc = val > 70 ? '#ef4444' : val > 40 ? '#f59e0b' : '#22c55e';
+    return '<div class="factor-row">' +
+      '<div class="factor-label">' + fnames[k] + ' <span style="float:right;color:var(--c-muted);">' + val.toFixed(1) + ' / 100 &nbsp;(weight: ' + fweight[k] + ')</span></div>' +
+      '<div class="factor-bar-wrap"><div class="factor-bar" style="width:' + val + '%;background:' + fc + ';"></div></div>' +
+      '</div>';
+  }).join('');
+  if (notes && notes.length) {
+    document.getElementById('triggeredRules').innerHTML = '<div style="font-size:12px;color:var(--c-muted);font-weight:700;text-transform:uppercase;letter-spacing:.5px;margin-bottom:6px;">What the Framework Saw</div>' +
+      notes.map(function(n) { return '<div style="font-size:13px;padding:4px 0;border-bottom:1px solid var(--c-border);">' + n + '</div>'; }).join('');
+  } else {
+    document.getElementById('triggeredRules').innerHTML = '';
+  }
+}
+
+/* ---- SCENARIO 2 ---- */
+var legitResult = null;
+var attackerResult = null;
+
+async function doSimulateAttack() {
+  setStep('s2', 1, 'active');
+  var n = parseInt(document.getElementById('attackAttempts').value) || 12;
+  var log = document.getElementById('attackLog');
+  log.style.display = 'block';
+  log.innerHTML = '';
+  for (var i = 1; i <= n; i++) {
+    await new Promise(function(res) { setTimeout(res, 70); });
+    log.innerHTML += '<div class="line">[' + new Date().toLocaleTimeString() + '] ATTEMPT ' + i + '/' + n + ' pw:****' + i + ' &rarr; <span style="color:#f97316;">FAILED</span></div>';
+    log.scrollTop = log.scrollHeight;
+  }
+  const r = await req(DEMO + '/scenario2/simulate-attack?num_attempts=' + n, 'POST', null, false);
+  if (r.ok && r.data) {
+    var cnt = (r.data.anomalies_detected && r.data.anomalies_detected.length) || 0;
+    var aip = (r.data.attack_details && r.data.attack_details.attacker_ip) || '192.0.2.100';
+    log.innerHTML += '<div class="detected">[FRAMEWORK] AnomalyDetector fired: ' + cnt + ' pattern(s) detected.</div>';
+    log.innerHTML += '<div class="att-blocked">[FRAMEWORK] IP ' + aip + ' flagged as CRITICAL. All requests BLOCKED.</div>';
+    setStep('s2', 1, 'done');
+  }
+  showResp('attackResp', r);
+  await refreshAnomalies();
+}
+
+async function doLegitLogin() {
+  setStep('s2', 2, 'active');
+  const r = await req(DEMO + '/scenario2/legitimate-user', 'POST', null, false);
+  legitResult = r.data;
+  showResp('legitResp', r, true);
+  if (r.ok) setStep('s2', 2, 'done');
+  renderCompare();
+}
+
+async function doAttackerLogin() {
+  setStep('s2', 3, 'active');
+  const r = await req(DEMO + '/scenario2/attacker-login-attempt', 'POST', null, false);
+  attackerResult = r.data;
+  showResp('attackerLoginResp', r);
+  if (r.ok) setStep('s2', 3, 'done');
+  renderCompare();
+}
+
+function renderCompare() {
+  if (!legitResult && !attackerResult) return;
+  var ld = (legitResult && legitResult.framework_decision) || {};
+  var ad = (attackerResult && attackerResult.framework_decision) || {};
+  var col = function(s) { return s === 'success' ? 'var(--c-success)' : s === 'challenge_required' ? 'var(--c-warn)' : 'var(--c-danger)'; };
+  var icon = function(s) { return s === 'success' ? '&#x2705;' : s === 'challenge_required' ? '&#x26A0;&#xFE0F;' : '&#x1F6AB;'; };
+  document.getElementById('compareBox').innerHTML = '<div class="compare">' +
+    '<div class="compare-side"><div class="compare-title" style="color:var(--c-success);">Legitimate User</div>' +
+    (legitResult ? '<div style="font-size:22px;text-align:center;margin:8px 0;color:' + col(ld.status) + ';">' + icon(ld.status) + '</div>' +
+      '<div style="text-align:center;font-weight:700;color:' + col(ld.status) + ';">' + (ld.status||'').toUpperCase() + '</div>' +
+      '<div style="font-size:12px;color:var(--c-muted);margin-top:6px;">Risk: ' + (ld.risk_level||'—') + ' | Level: ' + (ld.security_level !== undefined ? ld.security_level : '—') + '</div>' +
+      '<div style="font-size:12px;margin-top:4px;">' + (legitResult.key_insight||'') + '</div>'
+    : '<p style="color:var(--c-muted);">Run step 2</p>') + '</div>' +
+    '<div class="compare-side"><div class="compare-title" style="color:var(--c-danger);">Attacker (correct password)</div>' +
+    (attackerResult ? '<div style="font-size:22px;text-align:center;margin:8px 0;color:' + col(ad.status) + ';">' + icon(ad.status) + '</div>' +
+      '<div style="text-align:center;font-weight:700;color:' + col(ad.status) + ';">' + (ad.status||'').toUpperCase() + '</div>' +
+      '<div style="font-size:12px;color:var(--c-muted);margin-top:6px;">Risk: ' + (ad.risk_level||'—') + ' | Level: ' + (ad.security_level !== undefined ? ad.security_level : '—') + '</div>' +
+      '<div style="font-size:12px;margin-top:4px;">' + (attackerResult.key_insight||'') + '</div>'
+    : '<p style="color:var(--c-muted);">Run step 3</p>') + '</div>' +
+    '</div>';
+}
+
+async function refreshAnomalies() {
+  const r = await req(DEMO + '/scenario2/anomalies', 'GET', null, false);
+  var feed = document.getElementById('anomalyFeed');
+  if (!r.ok || !r.data || !r.data.active_anomalies || !r.data.active_anomalies.length) {
+    feed.innerHTML = '<p style="color:var(--c-muted);font-size:13px;">No active anomalies.</p>';
+    return;
+  }
+  feed.innerHTML = r.data.active_anomalies.map(function(a) {
+    return '<div class="anomaly-item"><div style="font-size:22px;">&#x1F6A8;</div><div style="flex:1;">' +
+      '<div class="anomaly-type">' + a.type + '</div>' +
+      '<div class="anomaly-meta">IP: <code>' + (a.ip||'—') + '</code> &nbsp;|&nbsp; Confidence: <strong>' + (a.confidence||'—') + '</strong>' +
+      ' &nbsp;|&nbsp; <span class="badge badge-blocked">' + (a.severity||'—') + '</span>' +
+      ' &nbsp;|&nbsp; ' + new Date(a.first_detected).toLocaleTimeString() + '</div></div></div>';
+  }).join('');
+}
+
+async function clearAnomalies() {
+  await req(DEMO + '/scenario2/clear-anomalies', 'DELETE', null, false);
+  await refreshAnomalies();
+  monitorLog('info', 'All anomalies cleared.');
+}
+
+/* ---- CONTINUOUS MONITORING ---- */
+var monitorInterval = null;
+var monitorCycleCount = 0;
+
+function toggleMonitoring() {
+  if (monitorInterval) { stopMonitoring(); } else { startMonitoring(); }
+}
+
+function startMonitoring() {
+  var btn = document.getElementById('monitorBtn');
+  var badge = document.getElementById('monitorBadge');
+  document.getElementById('monitorStats').style.display = 'flex';
+  document.getElementById('monitorLog').style.display = 'block';
+  btn.textContent = '\u23F9 Stop Monitoring';
+  btn.className = 'btn btn-danger btn-sm';
+  badge.className = 'monitor-badge mon-on monitor-pulse';
+  badge.innerHTML = '&#x25CF; Live';
+  monitorCycleCount = 0;
+  monitorLog('info', 'Continuous monitoring started. Scanning every 2 s...');
+  runMonitoringCycle();
+  monitorInterval = setInterval(runMonitoringCycle, 2000);
+}
+
+function stopMonitoring() {
+  clearInterval(monitorInterval);
+  monitorInterval = null;
+  var btn = document.getElementById('monitorBtn');
+  var badge = document.getElementById('monitorBadge');
+  btn.textContent = '\u25B6 Start Monitoring';
+  btn.className = 'btn btn-success btn-sm';
+  badge.className = 'monitor-badge mon-off';
+  badge.innerHTML = '&#x23F8; Idle';
+  monitorLog('info', 'Monitoring stopped after ' + monitorCycleCount + ' cycles.');
+}
+
+async function runMonitoringCycle() {
+  monitorCycleCount++;
+  var r = await req(DEMO + '/scenario2/run-monitoring-cycle', 'POST', null, false);
+  if (!r.ok) {
+    monitorLog('warn', 'Cycle ' + monitorCycleCount + ' failed: ' + (r.data && r.data.detail ? r.data.detail : 'server error'));
+    return;
+  }
+  var d = r.data;
+  var cycleTime = new Date(d.cycle_at).toLocaleTimeString();
+
+  // Update stats strip
+  var threatEl = document.getElementById('msThreatVal');
+  var threat = d.threat_level || 'NORMAL';
+  threatEl.textContent = threat;
+  threatEl.style.color = threat === 'NORMAL' ? 'var(--c-success)' : threat === 'CRITICAL' ? 'var(--c-danger)' : 'var(--c-warn)';
+  document.getElementById('msAnomalyVal').textContent = d.scan.total_active_anomalies;
+  document.getElementById('msFailedVal').textContent = d.scan.recent_failed_logins_1h;
+  document.getElementById('msSessionVal').textContent = d.sessions.active;
+  document.getElementById('msSuspVal').textContent = d.sessions.suspicious;
+  document.getElementById('msCycleVal').textContent = cycleTime;
+
+  // Monitoring log line
+  var anomCnt = d.scan.total_active_anomalies;
+  var cls = anomCnt > 0 ? 'ml-threat' : 'ml-ok';
+  var icon = anomCnt > 0 ? '\u26A0' : '\u2713';
+  var bfFlag  = d.scan.brute_force_active         ? ' | BruteForce:ACTIVE'         : '';
+  var csFlag  = d.scan.credential_stuffing_active  ? ' | CredStuffing:ACTIVE'       : '';
+  monitorLog(anomCnt > 0 ? 'threat' : 'ok',
+    '[' + cycleTime + '] #' + monitorCycleCount + ' ' + icon +
+    '  Threat:' + threat +
+    '  Anomalies:' + anomCnt +
+    '  Failed/1h:' + d.scan.recent_failed_logins_1h +
+    bfFlag + csFlag
+  );
+
+  // Also refresh the visual anomaly feed every 3rd cycle
+  if (monitorCycleCount % 3 === 0) { await refreshAnomalies(); }
+}
+
+function monitorLog(type, msg) {
+  var log = document.getElementById('monitorLog');
+  if (!log) return;
+  var cls = { ok: 'ml-ok', threat: 'ml-threat', warn: 'ml-warn', info: 'ml-info' }[type] || 'ml-info';
+  var line = document.createElement('div');
+  line.className = cls;
+  line.textContent = msg;
+  log.appendChild(line);
+  log.scrollTop = log.scrollHeight;
+  // Keep log at max 200 lines
+  while (log.childNodes.length > 200) { log.removeChild(log.firstChild); }
+}
+
+/* ---- API TESTING ---- */
+async function apiRegister() {
+  var body = { email: document.getElementById('regEmail').value, password: document.getElementById('regPassword').value };
+  var name = document.getElementById('regName').value;
+  if (name) body.full_name = name;
+  if (!body.email || !body.password) { alert('Email and password required.'); return; }
+  showResp('regResp', await req(AUTH + '/register', 'POST', body, false));
+}
+
+async function apiLogin() {
+  var body = { email: document.getElementById('loginEmail').value, password: document.getElementById('loginPassword').value };
+  if (!body.email || !body.password) { alert('Email and password required.'); return; }
+  showResp('loginResp', await req(AUTH + '/login', 'POST', body, false), true);
+}
+
+async function apiAdaptiveLogin() {
+  var body = { email: document.getElementById('loginEmail').value, password: document.getElementById('loginPassword').value };
+  if (!body.email || !body.password) { alert('Email and password required.'); return; }
+  showResp('loginResp', await req(AUTH + '/adaptive-login', 'POST', body, false), true);
+}
+
+async function api2faEnable() {
+  const r = await req(AUTH + '/enable-2fa', 'POST');
+  if (r.ok && r.data && r.data.qr_code) {
+    document.getElementById('qrWrap').innerHTML = '<img src="' + r.data.qr_code + '" style="max-width:180px;border:2px solid var(--c-border);border-radius:8px;">';
+  }
+  showResp('tfaResp', r);
+}
+
+async function api2faVerify() {
+  var code = document.getElementById('totpCode').value.trim();
+  if (!code) { alert('Enter TOTP code.'); return; }
+  showResp('tfaResp', await req(AUTH + '/verify-2fa', 'POST', { otp: code }));
+}
+
+async function api2faDisable() {
+  var pwd = prompt('Enter your password to disable 2FA:');
+  if (!pwd) return;
+  showResp('tfaResp', await req(AUTH + '/disable-2fa?password=' + encodeURIComponent(pwd), 'POST'));
+}
+
+async function api2faStatus() { showResp('tfaResp', await req(USER + '/security')); }
+
+async function apiGetProfile()  { showResp('profileResp', await req(USER + '/profile')); }
+async function apiGetSecurity() { showResp('profileResp', await req(USER + '/security')); }
+async function apiGetDevices()  { showResp('profileResp', await req(USER + '/devices')); }
+async function apiGetSessions() { showResp('profileResp', await req(USER + '/sessions')); }
+async function apiRevokeAll()   { showResp('profileResp', await req(USER + '/sessions/revoke', 'POST', { session_ids: [], revoke_all: true })); }
+async function apiRiskProfile() { showResp('protResp', await req(USER + '/risk-profile')); }
+
+async function apiChangePwd() {
+  var cur = document.getElementById('curPwd').value;
+  var nw  = document.getElementById('newPwd').value;
+  showResp('pwdResp', await req(USER + '/change-password', 'POST', { current_password: cur, new_password: nw, confirm_password: nw }));
+}
+
+async function apiForgotPwd() {
+  var email = document.getElementById('resetEmail').value;
+  if (!email) { alert('Enter email.'); return; }
+  showResp('pwdResp', await req(AUTH + '/forgot-password', 'POST', { email: email }, false));
+}
+
+async function apiProtected()  { showResp('protResp', await req(API + '/protected')); }
+async function apiAdminOnly()  { showResp('protResp', await req(API + '/admin-only')); }
+async function apiLogout()     { const r = await req(AUTH + '/logout', 'POST'); clearToken(); showResp('protResp', r); }
+
+/* ═══════════════════════════════════════════════════════════
+   SESSION INTELLIGENCE TAB — 8 Advanced Security Features
+   ═══════════════════════════════════════════════════════════ */
+const INTEL = API + '/session-intel';
+
+// ── Behavior collection state ─────────────────────────────
+var _bhCollecting = false;
+var _bhKeyTimes   = [];
+var _bhMousePts   = [];
+var _bhScrollDs   = [];
+var _bhLastKey    = 0;
+var _bhLastMouse  = 0;
+var _currentChallengeId = null;
+
+function toggleBehaviorCollector() {
+  if (_bhCollecting) { stopBehaviorCollector(); } else { startBehaviorCollector(); }
+}
+function startBehaviorCollector() {
+  _bhCollecting = true;
+  _bhKeyTimes = []; _bhMousePts = []; _bhScrollDs = []; _bhLastKey = 0; _bhLastMouse = 0;
+  document.addEventListener('keydown',   _bhOnKey);
+  document.addEventListener('mousemove', _bhOnMouse);
+  document.addEventListener('scroll',    _bhOnScroll, true);
+  var btn = document.getElementById('behaviorCollectBtn');
+  btn.textContent = '\u23F9 Stop Collecting';
+  btn.className = 'btn btn-danger btn-sm';
+  document.getElementById('collectStatus').textContent = 'Collecting\u2026 (type, move mouse, scroll)';
+  _bhRenderBars(0.5, 0.5, 0.5);
+}
+function stopBehaviorCollector() {
+  _bhCollecting = false;
+  document.removeEventListener('keydown',   _bhOnKey);
+  document.removeEventListener('mousemove', _bhOnMouse);
+  document.removeEventListener('scroll',    _bhOnScroll, true);
+  var btn = document.getElementById('behaviorCollectBtn');
+  btn.textContent = '\u25B6 Start Collecting';
+  btn.className = 'btn btn-success btn-sm';
+  var s = _bhComputeScores();
+  _bhRenderBars(s.te, s.ml, s.sv);
+  document.getElementById('collectStatus').textContent =
+    'Done \u2014 Keys:' + _bhKeyTimes.length + '  MousePts:' + _bhMousePts.length + '  Scrolls:' + _bhScrollDs.length;
+}
+function _bhOnKey(e) {
+  var now = performance.now();
+  if (_bhLastKey > 0) _bhKeyTimes.push(now - _bhLastKey);
+  _bhLastKey = now;
+}
+function _bhOnMouse(e) {
+  var now = performance.now();
+  if (now - _bhLastMouse < 50) return;
+  _bhLastMouse = now;
+  _bhMousePts.push([e.clientX, e.clientY]);
+}
+function _bhOnScroll(e) {
+  var delta = e.target && e.target.scrollTop !== undefined ? Math.abs(e.target.scrollTop) : window.scrollY;
+  _bhScrollDs.push(delta);
+}
+function _bhComputeScores() {
+  // 1. Typing entropy — coefficient of variation of inter-key delays
+  var te = 0.5;
+  if (_bhKeyTimes.length >= 3) {
+    var mean = _bhKeyTimes.reduce(function(a,b){return a+b;},0) / _bhKeyTimes.length;
+    var std  = Math.sqrt(_bhKeyTimes.reduce(function(s,v){return s+(v-mean)*(v-mean);},0) / _bhKeyTimes.length);
+    var cv   = std / (mean + 1e-6);
+    te = cv < 0.05 ? 0.10 : cv < 0.20 ? 0.30 + cv*1.5 : cv < 0.90 ? 0.50 + (cv-0.20)*0.7 : Math.max(0.10, 1.0-(cv-0.90)*0.8);
+    te = Math.max(0, Math.min(1, te));
+  }
+  // 2. Mouse linearity — straight/curved path ratio
+  var ml = 0.6;
+  if (_bhMousePts.length >= 3) {
+    var totalD = 0;
+    for (var i=1;i<_bhMousePts.length;i++){
+      var dx=_bhMousePts[i][0]-_bhMousePts[i-1][0], dy=_bhMousePts[i][1]-_bhMousePts[i-1][1];
+      totalD += Math.sqrt(dx*dx+dy*dy);
+    }
+    var dxA=_bhMousePts[_bhMousePts.length-1][0]-_bhMousePts[0][0];
+    var dyA=_bhMousePts[_bhMousePts.length-1][1]-_bhMousePts[0][1];
+    var straightD = Math.sqrt(dxA*dxA+dyA*dyA);
+    var ratio = totalD > 0 ? straightD/totalD : 0;
+    ml = Math.max(0, Math.min(1, 1.0 - Math.abs(ratio-0.6)*1.5));
+  }
+  // 3. Scroll variance — normalised std of scroll deltas
+  var sv = 0.5;
+  if (_bhScrollDs.length >= 2) {
+    var sm = _bhScrollDs.reduce(function(a,b){return a+b;},0)/_bhScrollDs.length;
+    var ss = Math.sqrt(_bhScrollDs.reduce(function(s,v){return s+Math.pow(v-sm,2);},0)/_bhScrollDs.length);
+    sv = Math.min(1, ss/200);
+  }
+  var lr = Math.max(0, 1.0 - (0.40*te + 0.35*ml + 0.25*sv));
+  return { te:te, ml:ml, sv:sv, lr:lr };
+}
+function _bhRenderBars(te, ml, sv) {
+  function bCol(v){ return v>0.7?'#22c55e':v>0.4?'#f59e0b':'#ef4444'; }
+  document.getElementById('teVal').textContent = te.toFixed(2);
+  document.getElementById('mlVal').textContent = ml.toFixed(2);
+  document.getElementById('svVal').textContent = sv.toFixed(2);
+  var teEl = document.getElementById('teBar'); teEl.style.width = (te*100)+'%'; teEl.style.background = bCol(te);
+  var mlEl = document.getElementById('mlBar'); mlEl.style.width = (ml*100)+'%'; mlEl.style.background = bCol(ml);
+  var svEl = document.getElementById('svBar'); svEl.style.width = (sv*100)+'%'; svEl.style.background = bCol(sv);
+}
+
+// ── Trust gauge ───────────────────────────────────────────
+function updateTrustGauge(score, label, color) {
+  var ARC = 204;
+  var offset = ARC - (score/100)*ARC;
+  var arc = document.getElementById('trustArc');
+  arc.setAttribute('stroke-dashoffset', offset);
+  arc.setAttribute('stroke', color || '#22c55e');
+  document.getElementById('trustNum').textContent = Math.round(score);
+  document.getElementById('trustNum').setAttribute('fill', color || '#f1f5f9');
+  document.getElementById('trustLabel').textContent = (label||'trusted').toUpperCase();
+  document.getElementById('trustLabel').style.color = color || 'var(--c-muted)';
+}
+function renderTrustHistory(events) {
+  var wrap = document.getElementById('trustHistoryWrap');
+  if (!events || !events.length) { wrap.innerHTML = '<p style="color:var(--c-muted);">No events yet.</p>'; return; }
+  wrap.innerHTML = '<div style="color:var(--c-muted);font-size:10px;text-transform:uppercase;font-weight:700;margin-bottom:4px;">Recent Trust Events</div>' +
+    events.slice(-20).reverse().map(function(e){
+      var sign = e.delta>=0?'+':'';
+      var col  = e.delta>=0?'var(--c-success)':'var(--c-danger)';
+      return '<div style="display:flex;justify-content:space-between;border-bottom:1px solid var(--c-border);padding:2px 0;font-size:11px;">' +
+        '<span style="color:var(--c-muted);">' + e.event_type + '</span>' +
+        '<span style="color:'+col+';">' + sign + e.delta.toFixed(1) + ' \u2192 ' + e.score.toFixed(0) + '</span></div>';
+    }).join('');
+}
+
+async function intelGetTrust() {
+  if (!getToken()) { alert('Login first.'); return; }
+  var r = await req(INTEL + '/trust-score');
+  showResp('trustResp', r);
+  if (r.ok && r.data) {
+    updateTrustGauge(r.data.trust_score, r.data.label, r.data.color);
+    renderTrustHistory(r.data.history || []);
+  }
+}
+async function intelContinuousVerify() {
+  if (!getToken()) { alert('Login first.'); return; }
+  var r = await req(INTEL + '/continuous-verify', 'POST', {});
+  showResp('trustResp', r);
+  if (r.ok && r.data) updateTrustGauge(r.data.trust_score, r.data.label, r.data.color);
+}
+async function intelDropTrust() {
+  if (!getToken()) { alert('Login first (use Quick Login above).'); return; }
+  var r = await req(INTEL + '/simulate-trust-drop', 'POST', { target_score: 25, reason: 'Manual demo drop' });
+  showResp('trustResp', r);
+  if (r.ok && r.data) {
+    updateTrustGauge(r.data.new_trust, r.data.trust_label, r.data.trust_color);
+    if (r.data.challenge_recommended) {
+      document.getElementById('trustResp').textContent +=
+        '\n\n\u26A0 Trust is now ' + r.data.new_trust.toFixed(0) + '/100 \u2014 scroll to Micro-Challenges and click Generate!';
+    }
+  }
+}
+
+// ── Behavior Signals ──────────────────────────────────────
+async function intelSendBehavior() {
+  if (!getToken()) { alert('Login first.'); return; }
+  var s = _bhComputeScores();
+  _bhRenderBars(s.te, s.ml, s.sv);
+  var r = await req(INTEL + '/behavior-signal', 'POST', {
+    typing_entropy:  s.te,
+    mouse_linearity: s.ml,
+    scroll_variance: s.sv,
+    local_risk_score: s.lr,
+  });
+  showResp('behaviorResp', r);
+  if (r.ok && r.data && r.data.trust) {
+    updateTrustGauge(r.data.trust.score, r.data.trust.label, r.data.trust.color);
+    if (r.data.micro_challenge_recommended) {
+      document.getElementById('behaviorResp').textContent +=
+        '\n\n\u26A0 Trust below 40 \u2014 micro-challenge recommended!';
+    }
+  }
+}
+
+// ── Impossible Travel (public demo) ──────────────────────
+async function intelLoadCities() {
+  var r = await req(INTEL + '/demo/city-list', 'GET', null, false);
+  if (!r.ok || !r.data) return;
+  var cities = r.data.cities || [];
+  ['travelFrom','travelTo'].forEach(function(id){
+    var sel = document.getElementById(id);
+    sel.innerHTML = '';
+    cities.forEach(function(c){
+      var opt = document.createElement('option');
+      opt.value = c.name;
+      opt.textContent = c.name;
+      sel.appendChild(opt);
+    });
+    if (id === 'travelFrom') sel.value = 'New York';
+    if (id === 'travelTo')   sel.value = 'Moscow';
+  });
+}
+async function intelCheckTravel() {
+  var fromCity = document.getElementById('travelFrom').value;
+  var toCity   = document.getElementById('travelTo').value;
+  var hours    = parseFloat(document.getElementById('travelHours').value);
+  var r = await req(INTEL + '/demo/impossible-travel', 'POST',
+    { from_city:fromCity, to_city:toCity, time_gap_hours:hours, from_country:'', to_country:'' }, false);
+  var el = document.getElementById('travelResult');
+  if (!r.ok || !r.data) { el.textContent = 'Error: '+ JSON.stringify(r.data); return; }
+  var d = r.data;
+  var cmap = { impossible:'#ef4444', suspicious:'#f97316', plausible:'#22c55e', same_area:'#22c55e', coords_unknown:'#94a3b8' };
+  var imap = { impossible:'\uD83D\uDEA8', suspicious:'\u26A0\uFE0F', plausible:'\u2705', same_area:'\u2705', coords_unknown:'\u2753' };
+  var col = cmap[d.verdict]||'#94a3b8', icon = imap[d.verdict]||'\u2753';
+  el.innerHTML = '<div style="background:'+col+'22;border:1px solid '+col+';border-radius:8px;padding:10px;">' +
+    '<div style="font-weight:700;font-size:15px;color:'+col+';margin-bottom:6px;">' + icon + ' ' + (d.verdict||'').toUpperCase().replace('_',' ') + '</div>' +
+    '<div style="font-size:13px;">' + d.message + '</div>' +
+    '<div style="display:grid;grid-template-columns:1fr 1fr 1fr;gap:6px;margin-top:8px;font-size:12px;">' +
+      '<div><strong>' + (d.distance_km||0) + ' km</strong><br><span style="color:var(--c-muted);">Distance</span></div>' +
+      '<div><strong>' + Math.round(d.speed_kmh||0) + ' km/h</strong><br><span style="color:var(--c-muted);">Speed</span></div>' +
+      '<div><strong>' + Math.round(d.time_gap_minutes||0) + ' min</strong><br><span style="color:var(--c-muted);">Gap</span></div>' +
+    '</div>' +
+    (d.trust_delta < 0 ? '<div style="color:#f97316;font-size:12px;margin-top:6px;">\u26A0 Trust impact: ' + d.trust_delta + ' pts</div>' : '') +
+    '</div>';
+}
+
+// ── AI Anomaly Scorer (public demo) ──────────────────────
+async function intelScoreAnomaly() {
+  var r = await req(INTEL + '/demo/anomaly-score', 'POST', {
+    typing_entropy:       parseFloat(document.getElementById('aiTyping').value),
+    mouse_linearity:      parseFloat(document.getElementById('aiMouse').value),
+    scroll_variance:      parseFloat(document.getElementById('aiScroll').value),
+    hour_normalized:      parseFloat(document.getElementById('aiHour').value),
+    failed_attempts_norm: parseFloat(document.getElementById('aiFailed').value),
+  }, false);
+  var el = document.getElementById('anomalyResult');
+  if (!r.ok || !r.data) { el.textContent = JSON.stringify(r.data); return; }
+  var d = r.data;
+  el.innerHTML =
+    '<div style="background:'+d.color+'22;border:1px solid '+d.color+';border-radius:8px;padding:10px;">' +
+    '<div style="display:flex;justify-content:space-between;align-items:center;margin-bottom:8px;">' +
+      '<div style="font-weight:700;font-size:20px;color:'+d.color+';">' + d.anomaly_score.toFixed(1) + ' / 100</div>' +
+      '<div style="font-size:12px;font-weight:700;background:'+d.color+';color:#0f172a;padding:2px 10px;border-radius:4px;">' + d.classification + '</div>' +
+    '</div>' +
+    '<div style="font-size:11px;color:var(--c-muted);margin-bottom:8px;">Confidence: '+(d.confidence*100).toFixed(0)+'% \u00B7 Statistical Isolation Forest</div>' +
+    Object.entries(d.per_feature||{}).map(function(kv){
+      var fn=kv[0], fs=kv[1], fc=fs>60?'#ef4444':fs>30?'#f59e0b':'#22c55e';
+      return '<div style="margin-bottom:5px;"><div style="display:flex;justify-content:space-between;font-size:11px;">' +
+        '<span>'+fn+'</span><span style="color:'+fc+';">'+fs.toFixed(1)+'</span></div>' +
+        '<div style="height:5px;background:#1e293b;border-radius:2px;overflow:hidden;">' +
+        '<div style="height:100%;width:'+fs+'%;background:'+fc+';border-radius:2px;"></div></div></div>';
+    }).join('') + '</div>';
+}
+
+// ── Micro-Challenges ──────────────────────────────────────
+async function intelGenerateChallenge() {
+  if (!getToken()) {
+    // Demo mode without DB persistence
+    var a = Math.floor(Math.random()*9)+2, b = Math.floor(Math.random()*9)+2;
+    _currentChallengeId = 'demo-no-auth';
+    document.getElementById('challengePanel').style.display = 'block';
+    document.getElementById('challengeQuestion').textContent = 'What is ' + a + ' \u00D7 ' + b + ' ?';
+    document.getElementById('challengeAnswer').value = '';
+    document.getElementById('challengeResultMsg').textContent = '(Demo mode \u2014 login to persist trust changes)';
+    return;
+  }
+  var r = await req(INTEL + '/micro-challenge/generate', 'POST', {});
+  showResp('challengeResp', r);
+  if (r.ok && r.data && r.data.challenge) {
+    _currentChallengeId = r.data.challenge.challenge_id;
+    document.getElementById('challengePanel').style.display = 'block';
+    document.getElementById('challengeQuestion').textContent = r.data.challenge.question;
+    document.getElementById('challengeAnswer').value = '';
+    document.getElementById('challengeResultMsg').textContent = '';
+    if (!r.data.challenge_needed) {
+      document.getElementById('challengeResultMsg').textContent =
+        '\u2139\uFE0F Trust is healthy \u2014 showing challenge anyway for demo purposes.';
+    }
+  }
+}
+async function intelVerifyChallenge() {
+  var answer = document.getElementById('challengeAnswer').value.trim();
+  if (!answer) { alert('Enter your answer.'); return; }
+  if (!_currentChallengeId || _currentChallengeId === 'demo-no-auth') {
+    document.getElementById('challengeResultMsg').textContent = '\u2705 Submitted (login to update real trust score).';
+    document.getElementById('challengePanel').style.display = 'none';
+    return;
+  }
+  var r = await req(INTEL + '/micro-challenge/verify', 'POST', { challenge_id:_currentChallengeId, response:answer });
+  showResp('challengeResp', r);
+  if (r.ok && r.data) {
+    document.getElementById('challengeResultMsg').textContent = r.data.reason;
+    if (r.data.correct) {
+      document.getElementById('challengePanel').style.display = 'none';
+      updateTrustGauge(r.data.new_trust, r.data.trust_label, r.data.trust_color);
+    } else {
+      document.getElementById('challengeAnswer').value = '';
+    }
+  }
+}
+
+// ── Explainability (public demo) ─────────────────────────
+async function intelExplain() {
+  var r = await req(INTEL + '/demo/explain', 'POST', {
+    location_score:  parseFloat(document.getElementById('expLocation').value),
+    device_score:    parseFloat(document.getElementById('expDevice').value),
+    time_score:      parseFloat(document.getElementById('expTime').value),
+    velocity_score:  parseFloat(document.getElementById('expVelocity').value),
+    behavior_score:  parseFloat(document.getElementById('expBehavior').value),
+    security_level:  parseInt(document.getElementById('expLevel').value),
+    risk_level:      'medium',
+  }, false);
+  var el = document.getElementById('explainResult');
+  if (!r.ok || !r.data) { el.textContent = JSON.stringify(r.data); return; }
+  var d = r.data;
+  el.innerHTML =
+    '<div style="font-size:12px;color:var(--c-muted);margin-bottom:6px;">' +
+      '\uD83D\uDD0D Audit ID: <code>' + d.audit_id + '</code>&nbsp;&nbsp;|&nbsp;&nbsp;Confidence: ' +
+      (d.confidence*100).toFixed(0) + '%&nbsp;&nbsp;|&nbsp;&nbsp;Action: <em>' + d.action + '</em>' +
+    '</div>' +
+    '<div style="font-size:13px;margin-bottom:10px;padding:8px;background:var(--c-surface);border-radius:6px;">' + d.summary + '</div>' +
+    (d.factors||[]).map(function(f){
+      var col = f.status==='anomalous'?'#ef4444':'#22c55e';
+      var bar = Math.min(100, Math.max(0, Math.abs(f.contribution)*4));
+      return '<div style="margin-bottom:8px;">' +
+        '<div style="display:flex;justify-content:space-between;font-size:12px;">' +
+          '<span>' + f.icon + ' <strong>' + f.factor + '</strong>' +
+          ' <span style="color:var(--c-muted);">w:' + f.model_weight + '</span></span>' +
+          '<span style="color:'+col+';">' + (f.contribution>=0?'+':'') + f.contribution.toFixed(1) + '</span>' +
+        '</div>' +
+        '<div style="height:6px;background:#1e293b;border-radius:3px;overflow:hidden;margin-top:3px;">' +
+          '<div style="height:100%;width:'+bar+'%;background:'+col+';border-radius:3px;"></div></div>' +
+        '<div style="font-size:11px;color:var(--c-muted);">' + f.detail + '</div>' +
+      '</div>';
+    }).join('');
+}
+
+// ── Session Audit Trail (authed) ─────────────────────────
+async function intelSessionExplain() {
+  if (!getToken()) { alert('Login first.'); return; }
+  showResp('sessionExplainResp', await req(INTEL + '/explain'));
+}
+
+// ── Quick Login ───────────────────────────────────────────
+async function intelQuickLogin() {
+  var r = await req(AUTH + '/login', 'POST',
+    { email:'demo.user@adaptive.demo', password:'DemoUser@123!' }, false);
+  var el = document.getElementById('intelLoginStatus');
+  if (r.ok && r.data && r.data.access_token) {
+    saveToken(r.data.access_token);
+    el.textContent = '\u2705 Logged in as demo.user@adaptive.demo';
+    el.style.color = 'var(--c-success)';
+    await intelGetTrust();
+  } else {
+    el.textContent = '\u274C Login failed \u2014 run Setup in Scenario 1 first.';
+    el.style.color = 'var(--c-danger)';
+  }
+}
+
+// ── Tab init ──────────────────────────────────────────────
+async function intelInitTab() {
+  await intelLoadCities();
+  if (getToken()) await intelGetTrust();
+}
+
+/* ═════════════════════════════════════════════════════════ */
+
+/* ---- ADMIN ---- */
+async function quickAdminLogin() {
+  showResp('adminLoginResp', await req(AUTH + '/login', 'POST', { email: 'demo.admin@adaptive.demo', password: 'Admin@Demo456!' }, false), true);
+}
+
+async function checkEmailStatus() {
+  var body = document.getElementById('emailStatusBody');
+  body.textContent = 'Checking…';
+  var r = await req(ADMIN + '/email-status');
+  if (!r.ok || !r.data) {
+    body.innerHTML = '<span style="color:var(--c-danger);">Failed to fetch — are you logged in as admin?</span>';
+    return;
+  }
+  var d = r.data;
+  var configured = d.configured;
+  var statusPill = configured
+    ? '<span class="pill pill-ok">&#x2714; Configured</span>'
+    : '<span class="pill pill-err">&#x2718; Not Configured</span>';
+  var fields = d.fields || {};
+  var rows = Object.entries(fields).map(function(kv) {
+    var k = kv[0], v = kv[1];
+    var pill = v ? '<span class="pill pill-ok">Set</span>' : '<span class="pill pill-err">Missing</span>';
+    return '<div style="display:flex;justify-content:space-between;align-items:center;padding:5px 0;border-bottom:1px solid var(--c-border);font-size:12px;"><span style="font-family:\'Consolas\',monospace;color:var(--c-text);">ADAPTIVEAUTH_' + k + '</span>' + pill + '</div>';
+  }).join('');
+  var instructions = configured ? '' : '<div class="callout callout-warn" style="margin-top:12px;font-size:12px;"><strong>Setup:</strong> Create a <code>.env</code> file in the project root with the missing fields above.<br><br><code>' + (d.setup_instructions||'') + '</code></div>';
+  body.innerHTML = '<div style="margin-bottom:12px;">' + statusPill +
+    (d.mail_port ? ' &nbsp;<span style="font-size:12px;color:var(--c-muted);">Port: ' + d.mail_port + ' &nbsp;STARTTLS: ' + (d.starttls ? 'Yes' : 'No') + '</span>' : '') +
+    '</div>' + rows + instructions;
+}
+
+async function loadAdminStats() {
+  const r = await req(ADMIN + '/statistics');
+  if (!r.ok || !r.data) return;
+  var d = r.data;
+  document.getElementById('statsGrid').innerHTML =
+    '<div class="stat-box"><div class="stat-num" style="color:var(--c-info);">' + (d.total_users !== undefined ? d.total_users : '—') + '</div><div class="stat-label">Total Users</div></div>' +
+    '<div class="stat-box"><div class="stat-num" style="color:var(--c-success);">' + (d.active_sessions !== undefined ? d.active_sessions : '—') + '</div><div class="stat-label">Active Sessions</div></div>' +
+    '<div class="stat-box"><div class="stat-num" style="color:var(--c-danger);">' + (d.high_risk_events_today !== undefined ? d.high_risk_events_today : '—') + '</div><div class="stat-label">High Risk Today</div></div>' +
+    '<div class="stat-box"><div class="stat-num" style="color:var(--c-warn);">' + (d.failed_logins_today !== undefined ? d.failed_logins_today : '—') + '</div><div class="stat-label">Failed Logins</div></div>';
+}
+
+async function adminGetUsers()      { showResp('adminUserResp', await req(ADMIN + '/users')); }
+async function adminGetSessions()   { showResp('adminUserResp', await req(ADMIN + '/sessions')); }
+async function adminBlock()         { var uid = document.getElementById('adminUserId').value; if (!uid) { alert('Enter user ID.'); return; } showResp('adminUserResp', await req(ADMIN + '/users/' + uid + '/block', 'POST')); }
+async function adminUnblock()       { var uid = document.getElementById('adminUserId').value; if (!uid) { alert('Enter user ID.'); return; } showResp('adminUserResp', await req(ADMIN + '/users/' + uid + '/unblock', 'POST')); }
+async function adminGetRiskEvents() { showResp('adminRiskResp', await req(ADMIN + '/risk-events')); }
+async function adminGetAnomalies()  { showResp('adminRiskResp', await req(ADMIN + '/anomalies')); }
+async function adminRiskOverview()  { showResp('adminRiskResp', await req(RISK + '/overview')); }
+async function adminRiskStatsPeriod(p) { showResp('statsResp', await req(ADMIN + '/risk-statistics?period=' + p)); }
+
+window.addEventListener('load', function() {
+  refreshTokenBar();
+  ping();
+  // Background passive refresh (only when monitoring is NOT active)
+  setInterval(function() {
+    if (document.getElementById('tab-demo2').classList.contains('active') && !monitorInterval) {
+      refreshAnomalies();
+    }
+  }, 10000);
+});
+</script>
 </body>
-</html>
\ No newline at end of file
+</html>