commit d69342b2e9a0f6d795276e75aadd12757dcc540c
Author: Josh <josh@macawls.dev>
Date:   Fri Jan 9 00:16:46 2026 +0200

    init

diff --git a/.air.toml b/.air.toml
new file mode 100644
index 0000000..47b189c
--- /dev/null
+++ b/.air.toml
@@ -0,0 +1,24 @@
+root = "."
+tmp_dir = "tmp"
+
+[build]
+cmd = "go build -o ./tmp/writekit ."
+full_bin = "./tmp/writekit"
+include_ext = ["go", "html", "css", "js"]
+exclude_dir = ["tmp", "node_modules", "studio/node_modules", ".git"]
+exclude_regex = ["_test\\.go"]
+delay = 500
+poll = true
+poll_interval = 1000
+
+[log]
+time = false
+
+[color]
+main = "magenta"
+watcher = "cyan"
+build = "yellow"
+runner = "green"
+
+[misc]
+clean_on_exit = true
diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..43544e1
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,79 @@
+# =============================================================================
+# CORE (Required)
+# =============================================================================
+
+# PostgreSQL connection string
+DATABASE_URL=postgres://writekit:writekit@localhost:5432/writekit?sslmode=disable
+
+# Base domain for the platform (without protocol)
+DOMAIN=writekit.localhost
+
+# Full URL for OAuth callbacks and links
+BASE_URL=http://writekit.localhost
+
+# Session cookie encryption key (min 32 characters)
+SESSION_SECRET=change-this-to-a-random-32-char-string
+
+# =============================================================================
+# OAUTH (At least one required for login)
+# =============================================================================
+
+GITHUB_CLIENT_ID=
+GITHUB_CLIENT_SECRET=
+
+GOOGLE_CLIENT_ID=
+GOOGLE_CLIENT_SECRET=
+
+DISCORD_CLIENT_ID=
+DISCORD_CLIENT_SECRET=
+
+# =============================================================================
+# STORAGE (Optional - for image uploads)
+# =============================================================================
+
+R2_ACCOUNT_ID=
+R2_ACCESS_KEY_ID=
+R2_SECRET_ACCESS_KEY=
+R2_BUCKET=
+R2_PUBLIC_URL=
+# Custom endpoint (for MinIO/local dev, leave empty for R2)
+R2_ENDPOINT=
+
+# =============================================================================
+# ANALYTICS (Optional - for Cloudflare analytics)
+# =============================================================================
+
+# Cloudflare API token with Analytics read permission
+CLOUDFLARE_API_TOKEN=
+
+# Cloudflare Zone ID for your domain
+CLOUDFLARE_ZONE_ID=
+
+# =============================================================================
+# BILLING (Optional - for paid memberships)
+# =============================================================================
+
+# LemonSqueezy - https://app.lemonsqueezy.com/settings/api
+LEMON_API_KEY=
+LEMON_STORE_ID=
+LEMON_WEBHOOK_SECRET=
+
+# Wise (for payouts) - https://wise.com/settings/api-tokens
+WISE_API_KEY=
+WISE_PROFILE_ID=
+
+# Minimum balance before payout (in cents, default: 1000 = $10)
+PAYOUT_THRESHOLD_CENTS=1000
+
+# =============================================================================
+# SERVER (Optional)
+# =============================================================================
+
+# Server port (default: 8080)
+PORT=8080
+
+# SQLite data directory for tenant databases (default: ./data)
+DATA_DIR=./data
+
+# Environment: prod, staging, or dev (affects some behaviors)
+ENV=dev
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..6474fa2
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,13 @@
+writekit
+writekit.exe
+studio/dist/
+*.db
+*.db-wal
+*.db-shm
+.env
+node_modules/
+.idea/
+.vscode/
+*.swp
+
+tmp
diff --git a/.woodpecker.yml b/.woodpecker.yml
new file mode 100644
index 0000000..7a5b594
--- /dev/null
+++ b/.woodpecker.yml
@@ -0,0 +1,43 @@
+when:
+  branch: [main, dev]
+  event: push
+
+steps:
+  - name: test
+    image: golang:1.24-alpine
+    commands:
+      - go test ./...
+
+  - name: build
+    image: docker:27-cli
+    environment:
+      - DOCKER_HOST=unix:///var/run/docker.sock
+    commands:
+      - docker build -t 10.0.0.3:5000/writekit:${CI_COMMIT_BRANCH} .
+      - docker push 10.0.0.3:5000/writekit:${CI_COMMIT_BRANCH}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+
+  - name: deploy-staging
+    image: alpine
+    when:
+      branch: dev
+    commands:
+      - apk add --no-cache openssh-client
+      - mkdir -p ~/.ssh
+      - cp /mnt/ssh/deploy_key ~/.ssh/id_ed25519
+      - cp /mnt/ssh/known_hosts ~/.ssh/known_hosts
+      - chmod 600 ~/.ssh/id_ed25519
+      - ssh deploy@10.0.0.2 "cd /opt/writekit && docker compose pull writekit-staging && docker compose up -d writekit-staging"
+
+  - name: deploy-prod
+    image: alpine
+    when:
+      branch: main
+    commands:
+      - apk add --no-cache openssh-client
+      - mkdir -p ~/.ssh
+      - cp /mnt/ssh/deploy_key ~/.ssh/id_ed25519
+      - cp /mnt/ssh/known_hosts ~/.ssh/known_hosts
+      - chmod 600 ~/.ssh/id_ed25519
+      - ssh deploy@10.0.0.2 "cd /opt/writekit && docker compose pull writekit-prod && docker compose up -d writekit-prod"
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..b4bb6ed
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,22 @@
+FROM node:22-alpine AS studio
+WORKDIR /app/studio
+COPY studio/package*.json ./
+RUN npm ci
+COPY studio/ ./
+RUN npm run build
+
+FROM golang:1.23-alpine AS builder
+WORKDIR /app
+COPY go.mod go.sum ./
+RUN go mod download
+COPY . .
+COPY --from=studio /app/studio/dist ./studio/dist
+RUN CGO_ENABLED=0 go build -o writekit .
+
+FROM alpine:3.21
+RUN apk add --no-cache ca-certificates
+WORKDIR /app
+COPY --from=builder /app/writekit .
+COPY --from=builder /app/internal/db/migrations ./internal/db/migrations
+EXPOSE 8080
+CMD ["./writekit"]
diff --git a/MONETIZATION.md b/MONETIZATION.md
new file mode 100644
index 0000000..007b343
--- /dev/null
+++ b/MONETIZATION.md
@@ -0,0 +1,121 @@
+# WriteKit Monetization
+
+## Tiers
+
+| Tier | Price | Billing |
+|------|-------|---------|
+| Free | $0 | - |
+| Pro | $5/mo or $49/year | Lemon Squeezy |
+
+## Feature Matrix
+
+| Feature | Free | Pro |
+|---------|------|-----|
+| Subdomain (you.writekit.dev) | Yes | Yes |
+| Custom domain | No | Yes |
+| "Powered by WriteKit" badge | Required | Hidden |
+| Analytics retention | 7 days | 90 days |
+| API requests | 100/hour | 1000/hour |
+| Webhooks | 3 endpoints | 10 endpoints |
+| Webhook deliveries | 100/day | 1000/day |
+| Plugins | 3 max | 10 max |
+| Plugin executions | 1000/day | 10000/day |
+| Posts | Unlimited | Unlimited |
+| Assets | Unlimited | Unlimited |
+| Comments/Reactions | Unlimited | Unlimited |
+
+## Upgrade Triggers
+
+1. **Custom domain** - Primary trigger, most valuable to users
+2. **Remove badge** - Secondary, vanity upgrade
+3. **Analytics depth** - 7 days feels limiting for serious bloggers
+4. **Rate limits** - For power users/headless CMS use case
+
+## Positioning
+
+**Tagline:** "Your blog, your domain, your data."
+
+**Key messages:**
+- No paywalls, no algorithms, no surprises
+- 70% cheaper than Ghost ($5 vs $18/mo)
+- Own your content, export anytime
+- API-first, developer-friendly
+
+## Implementation
+
+### Backend Config
+
+```go
+// internal/config/tiers.go
+type Tier string
+
+const (
+    TierFree Tier = "free"
+    TierPro  Tier = "pro"
+)
+
+type TierConfig struct {
+    Price              int           // cents/month
+    AnnualPrice        int           // cents/year
+    CustomDomain       bool
+    BadgeRequired      bool
+    AnalyticsRetention int           // days
+    APIRateLimit       int           // requests/hour
+    MaxWebhooks        int
+    WebhookDeliveries  int           // per day
+    MaxPlugins         int
+    PluginExecutions   int           // per day
+}
+
+var Tiers = map[Tier]TierConfig{
+    TierFree: {
+        Price:              0,
+        AnnualPrice:        0,
+        CustomDomain:       false,
+        BadgeRequired:      true,
+        AnalyticsRetention: 7,
+        APIRateLimit:       100,
+        MaxWebhooks:        3,
+        WebhookDeliveries:  100,
+        MaxPlugins:         3,
+        PluginExecutions:   1000,
+    },
+    TierPro: {
+        Price:              500,  // $5
+        AnnualPrice:        4900, // $49
+        CustomDomain:       true,
+        BadgeRequired:      false,
+        AnalyticsRetention: 90,
+        APIRateLimit:       1000,
+        MaxWebhooks:        10,
+        WebhookDeliveries:  1000,
+        MaxPlugins:         10,
+        PluginExecutions:   10000,
+    },
+}
+```
+
+### Database
+
+Add to `tenants` table:
+```sql
+tier TEXT NOT NULL DEFAULT 'free'
+```
+
+### Frontend
+
+Update `BillingPage.tsx` with:
+- Current plan display
+- Feature comparison
+- Upgrade button → Lemon Squeezy checkout
+
+### Enforcement Points
+
+| Feature | File | Check |
+|---------|------|-------|
+| Custom domain | `server/domain.go` | Block if tier != pro |
+| Badge | Blog templates | Show if tier == free |
+| Analytics | `tenant/analytics.go` | Filter by retention days |
+| API rate limit | `server/middleware.go` | Rate limiter per tier |
+| Webhooks count | `tenant/webhooks.go` | Check on create |
+| Plugins count | `tenant/plugins.go` | Check on create |
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..ae20054
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,22 @@
+.PHONY: dev build test clean studio
+
+dev:
+	go run ./cmd/writekit
+
+build: studio
+	go build -o writekit ./cmd/writekit
+
+test:
+	go test ./...
+
+clean:
+	rm -f writekit
+	rm -rf dist/studio
+
+studio:
+	cd studio && bun install && bun run build
+	mkdir -p dist/studio
+	cp -r studio/dist/* dist/studio/
+
+docker:
+	docker build -t writekit:local .
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..c77669c
--- /dev/null
+++ b/README.md
@@ -0,0 +1,61 @@
+# WriteKit - Local Development
+
+## Prerequisites
+- Docker & Docker Compose
+- GitHub OAuth App (for login)
+
+## Setup GitHub OAuth
+1. Go to https://github.com/settings/developers
+2. New OAuth App:
+   - Name: `WriteKit Local`
+   - Homepage: `http://writekit.lvh.me`
+   - Callback: `http://writekit.lvh.me/auth/github/callback`
+3. Copy Client ID and Secret
+
+## Run
+```bash
+# Set OAuth credentials
+export GITHUB_CLIENT_ID=your_client_id
+export GITHUB_CLIENT_SECRET=your_client_secret
+
+# Start
+docker compose up --build
+```
+
+Or create `.env` file:
+```
+GITHUB_CLIENT_ID=your_client_id
+GITHUB_CLIENT_SECRET=your_client_secret
+```
+
+## Access
+- **Platform**: http://writekit.lvh.me
+- **Traefik dashboard**: http://localhost:8080
+- **MinIO console**: http://localhost:9001 (minioadmin/minioadmin)
+
+## Create a demo
+```bash
+curl -X POST http://writekit.lvh.me/api/demo
+```
+Returns subdomain like `demo-abc123.writekit.lvh.me` - works automatically, no hosts file needed.
+
+## Environment Variables
+
+### Required
+| Variable | Description |
+|----------|-------------|
+| `DATABASE_URL` | PostgreSQL connection string |
+| `DOMAIN` | Base domain |
+| `BASE_URL` | Full URL for OAuth callbacks |
+| `SESSION_SECRET` | Cookie encryption (32+ chars) |
+| `GITHUB_CLIENT_ID` | GitHub OAuth client ID |
+| `GITHUB_CLIENT_SECRET` | GitHub OAuth secret |
+
+### Optional
+| Variable | Description |
+|----------|-------------|
+| `GOOGLE_CLIENT_ID/SECRET` | Google OAuth |
+| `DISCORD_CLIENT_ID/SECRET` | Discord OAuth |
+| `R2_*` | Cloudflare R2 storage |
+| `IMAGINARY_URL` | Image processing service |
+| `CLOUDFLARE_API_TOKEN/ZONE_ID` | Analytics |
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..f236df9
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,119 @@
+services:
+  traefik:
+    image: traefik:v3.2
+    command:
+      - --api.insecure=true
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --entrypoints.web.address=:80
+    ports:
+      - "80:80"
+      - "8888:8080"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+
+  postgres:
+    image: postgres:16-alpine
+    environment:
+      POSTGRES_USER: writekit
+      POSTGRES_PASSWORD: writekit
+      POSTGRES_DB: writekit
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U writekit"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  imaginary:
+    image: h2non/imaginary:latest
+    command: -enable-url-source=false -max-allowed-size=15728640
+
+  minio:
+    image: minio/minio:latest
+    command: server /data --console-address ":9001"
+    environment:
+      MINIO_ROOT_USER: minioadmin
+      MINIO_ROOT_PASSWORD: minioadmin
+    ports:
+      - "9000:9000"
+      - "9001:9001"
+    volumes:
+      - minio_data:/data
+
+  minio-init:
+    image: minio/mc:latest
+    depends_on:
+      - minio
+    entrypoint: >
+      /bin/sh -c "
+      sleep 2;
+      mc alias set local http://minio:9000 minioadmin minioadmin;
+      mc mb local/writekit --ignore-existing;
+      mc anonymous set download local/writekit;
+      exit 0;
+      "
+
+  vite:
+    image: node:20-alpine
+    working_dir: /app/studio
+    environment:
+      - CHOKIDAR_USEPOLLING=true
+      - CHOKIDAR_INTERVAL=100
+    command: sh -c "npm install && npm run dev -- --host"
+    volumes:
+      - ./studio:/app/studio
+      - vite_node_modules:/app/studio/node_modules
+
+  app:
+    image: cosmtrek/air
+    working_dir: /app
+    depends_on:
+      postgres:
+        condition: service_healthy
+    environment:
+      air_wd: /app
+      ENV: local
+      VITE_URL: http://vite:5173
+      DATABASE_URL: postgres://writekit:writekit@postgres:5432/writekit?sslmode=disable
+      DOMAIN: writekit.lvh.me
+      BASE_URL: http://writekit.lvh.me
+      DATA_DIR: /data
+      SESSION_SECRET: dev-secret-change-in-prod-must-be-32-chars
+      IMAGINARY_URL: http://imaginary:9000
+      R2_ACCOUNT_ID: local
+      R2_ACCESS_KEY_ID: minioadmin
+      R2_SECRET_ACCESS_KEY: minioadmin
+      R2_BUCKET: writekit
+      R2_PUBLIC_URL: http://localhost:9000/writekit
+      R2_ENDPOINT: http://minio:9000
+      GITHUB_CLIENT_ID: ${GITHUB_CLIENT_ID:-}
+      GITHUB_CLIENT_SECRET: ${GITHUB_CLIENT_SECRET:-}
+      JARVIS_URL: http://jarvis:8090
+    volumes:
+      - .:/app
+      - app_data:/data
+      - go_mod:/go/pkg/mod
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.app.rule=HostRegexp(`writekit.lvh.me`) || HostRegexp(`{subdomain:[a-z0-9-]+}.writekit.lvh.me`)
+      - traefik.http.routers.app.entrypoints=web
+      - traefik.http.services.app.loadbalancer.server.port=8080
+
+  jarvis:
+    build:
+      context: ../jarvis
+    ports:
+      - "8090:8090"
+      - "9999:9999"
+    environment:
+      PORT: "8090"
+      LSP_PORT: "9999"
+
+volumes:
+  postgres_data:
+  minio_data:
+  app_data:
+  go_mod:
+  vite_node_modules:
diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..74e7d3a
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,67 @@
+module github.com/writekitapp/writekit
+
+go 1.24.0
+
+toolchain go1.24.2
+
+require (
+	github.com/alecthomas/chroma/v2 v2.21.1
+	github.com/aws/aws-sdk-go-v2 v1.32.2
+	github.com/aws/aws-sdk-go-v2/config v1.28.0
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.41
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.65.0
+	github.com/extism/go-sdk v1.7.1
+	github.com/go-chi/chi/v5 v5.1.0
+	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0
+	github.com/google/uuid v1.6.0
+	github.com/gorilla/websocket v1.5.3
+	github.com/jackc/pgx/v5 v5.7.1
+	github.com/yuin/goldmark v1.7.13
+	github.com/yuin/goldmark-emoji v1.0.6
+	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
+	golang.org/x/image v0.34.0
+	modernc.org/sqlite v1.34.0
+)
+
+require (
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.6 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.19 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 // indirect
+	github.com/aws/smithy-go v1.22.0 // indirect
+	github.com/dlclark/regexp2 v1.11.5 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a // indirect
+	github.com/gobwas/glob v0.2.3 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
+	github.com/ianlancetaylor/demangle v0.0.0-20240805132620-81f5be970eca // indirect
+	github.com/jackc/pgpassfile v1.0.0 // indirect
+	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
+	github.com/jackc/puddle/v2 v2.2.2 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/ncruces/go-strftime v0.1.9 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
+	github.com/tetratelabs/wabin v0.0.0-20230304001439-f6f874872834 // indirect
+	github.com/tetratelabs/wazero v1.9.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
+	golang.org/x/crypto v0.27.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.25.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
+	modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6 // indirect
+	modernc.org/libc v1.55.3 // indirect
+	modernc.org/mathutil v1.6.0 // indirect
+	modernc.org/memory v1.8.0 // indirect
+	modernc.org/strutil v1.2.0 // indirect
+	modernc.org/token v1.1.0 // indirect
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..68013e5
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,160 @@
+github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0=
+github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=
+github.com/alecthomas/chroma/v2 v2.2.0/go.mod h1:vf4zrexSH54oEjJ7EdB65tGNHmH3pGZmVkgTP5RHvAs=
+github.com/alecthomas/chroma/v2 v2.21.1 h1:FaSDrp6N+3pphkNKU6HPCiYLgm8dbe5UXIXcoBhZSWA=
+github.com/alecthomas/chroma/v2 v2.21.1/go.mod h1:NqVhfBR0lte5Ouh3DcthuUCTUpDC9cxBOfyMbMQPs3o=
+github.com/alecthomas/repr v0.0.0-20220113201626-b1b626ac65ae/go.mod h1:2kn6fqh/zIyPLmm3ugklbEi5hg5wS435eygvNfaDQL8=
+github.com/alecthomas/repr v0.5.2 h1:SU73FTI9D1P5UNtvseffFSGmdNci/O6RsqzeXJtP0Qs=
+github.com/alecthomas/repr v0.5.2/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=
+github.com/aws/aws-sdk-go-v2 v1.32.2 h1:AkNLZEyYMLnx/Q/mSKkcMqwNFXMAvFto9bNsHqcTduI=
+github.com/aws/aws-sdk-go-v2 v1.32.2/go.mod h1:2SK5n0a2karNTv5tbP1SjsX0uhttou00v/HpXKM1ZUo=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.6 h1:pT3hpW0cOHRJx8Y0DfJUEQuqPild8jRGmSFmBgvydr0=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.6/go.mod h1:j/I2++U0xX+cr44QjHay4Cvxj6FUbnxrgmqN3H1jTZA=
+github.com/aws/aws-sdk-go-v2/config v1.28.0 h1:FosVYWcqEtWNxHn8gB/Vs6jOlNwSoyOCA/g/sxyySOQ=
+github.com/aws/aws-sdk-go-v2/config v1.28.0/go.mod h1:pYhbtvg1siOOg8h5an77rXle9tVG8T+BWLWAo7cOukc=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.41 h1:7gXo+Axmp+R4Z+AK8YFQO0ZV3L0gizGINCOWxSLY9W8=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.41/go.mod h1:u4Eb8d3394YLubphT4jLEwN1rLNq2wFOlT6OuxFwPzU=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17 h1:TMH3f/SCAWdNtXXVPPu5D6wrr4G5hI1rAxbcocKfC7Q=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17/go.mod h1:1ZRXLdTpzdJb9fwTMXiLipENRxkGMTn1sfKexGllQCw=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 h1:UAsR3xA31QGf79WzpG/ixT9FZvQlh5HY1NRqSHBNOCk=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21/go.mod h1:JNr43NFf5L9YaG3eKTm7HQzls9J+A9YYcGI5Quh1r2Y=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 h1:6jZVETqmYCadGFvrYEQfC5fAQmlo80CeL5psbno6r0s=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21/go.mod h1:1SR0GbLlnN3QUmYaflZNiH1ql+1qrSiB2vwcJ+4UM60=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.19 h1:FKdiFzTxlTRO71p0C7VrLbkkdW8qfMKF5+ej6bTmkT0=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.19/go.mod h1:abO3pCj7WLQPTllnSeYImqFfkGrmJV0JovWo/gqT5N0=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 h1:TToQNkvGguu209puTojY/ozlqy2d/SFNcoLIqTFi42g=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0/go.mod h1:0jp+ltwkf+SwG2fm/PKo8t4y8pJSgOCO4D8Lz3k0aHQ=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.0 h1:FQNWhRuSq8QwW74GtU0MrveNhZbqvHsA4dkA9w8fTDQ=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.0/go.mod h1:j/zZ3zmWfGCK91K73YsfHP53BSTLSjL/y6YN39XbBLM=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 h1:s7NA1SOw8q/5c0wr8477yOPp0z+uBaXBnLE0XYb0POA=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2/go.mod h1:fnjjWyAW/Pj5HYOxl9LJqWtEwS7W2qgcRLWP+uWbss0=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.0 h1:1NKXS8XfhMM0bg5wVYa/eOH8AM2f6JijugbKEyQFTIg=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.0/go.mod h1:ph931DUfVfgrhZR7py9olSvHCiRpvaGxNvlWBcXxFds=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.65.0 h1:2dSm7frMrw2tdJ0QvyccQNJyPGaP24dyDgZ6h1QJMGU=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.65.0/go.mod h1:4XSVpw66upN8wND3JZA29eXl2NOZvfFVq7DIP6xvfuQ=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.2 h1:bSYXVyUzoTHoKalBmwaZxs97HU9DWWI3ehHSAMa7xOk=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.2/go.mod h1:skMqY7JElusiOUjMJMOv1jJsP7YUg7DrhgqZZWuzu1U=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2 h1:AhmO1fHINP9vFYUE0LHzCWg/LfUWUF+zFPEcY9QXb7o=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2/go.mod h1:o8aQygT2+MVP0NaV6kbdE1YnnIM8RRVQzoeUH45GOdI=
+github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 h1:CiS7i0+FUe+/YY1GvIBLLrR/XNGZ4CtM1Ll0XavNuVo=
+github.com/aws/aws-sdk-go-v2/service/sts v1.32.2/go.mod h1:HtaiBI8CjYoNVde8arShXb94UbQQi9L4EMr6D+xGBwo=
+github.com/aws/smithy-go v1.22.0 h1:uunKnWlcoL3zO7q+gG2Pk53joueEOsnNB28QdMsmiMM=
+github.com/aws/smithy-go v1.22.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
+github.com/dlclark/regexp2 v1.7.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
+github.com/dlclark/regexp2 v1.11.5 h1:Q/sSnsKerHeCkc/jSTNq1oCm7KiVgUMZRDUoRu0JQZQ=
+github.com/dlclark/regexp2 v1.11.5/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a h1:UwSIFv5g5lIvbGgtf3tVwC7Ky9rmMFBp0RMs+6f6YqE=
+github.com/dylibso/observe-sdk/go v0.0.0-20240819160327-2d926c5d788a/go.mod h1:C8DzXehI4zAbrdlbtOByKX6pfivJTBiV9Jjqv56Yd9Q=
+github.com/extism/go-sdk v1.7.1 h1:lWJos6uY+tRFdlIHR+SJjwFDApY7OypS/2nMhiVQ9Sw=
+github.com/extism/go-sdk v1.7.1/go.mod h1:IT+Xdg5AZM9hVtpFUA+uZCJMge/hbvshl8bwzLtFyKA=
+github.com/go-chi/chi/v5 v5.1.0 h1:acVI1TYaD+hhedDJ3r54HyA6sExp3HfXq7QWEEY/xMw=
+github.com/go-chi/chi/v5 v5.1.0/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
+github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
+github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 h1:DACJavvAHhabrF08vX0COfcOBJRhZ8lUbR+ZWIs0Y5g=
+github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
+github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd h1:gbpYu9NMq8jhDVbvlGkMFWCjLFlqqEZjEmObmhUy6Vo=
+github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
+github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
+github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
+github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
+github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
+github.com/ianlancetaylor/demangle v0.0.0-20240805132620-81f5be970eca h1:T54Ema1DU8ngI+aef9ZhAhNGQhcRTrWxVeG07F+c/Rw=
+github.com/ianlancetaylor/demangle v0.0.0-20240805132620-81f5be970eca/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw=
+github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
+github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
+github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
+github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
+github.com/jackc/pgx/v5 v5.7.1 h1:x7SYsPBYDkHDksogeSmZZ5xzThcTgRz++I5E+ePFUcs=
+github.com/jackc/pgx/v5 v5.7.1/go.mod h1:e7O26IywZZ+naJtWWos6i6fvWK+29etgITqrqHLfoZA=
+github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=
+github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
+github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
+github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/tetratelabs/wabin v0.0.0-20230304001439-f6f874872834 h1:ZF+QBjOI+tILZjBaFj3HgFonKXUcwgJ4djLb6i42S3Q=
+github.com/tetratelabs/wabin v0.0.0-20230304001439-f6f874872834/go.mod h1:m9ymHTgNSEjuxvw8E7WWe4Pl4hZQHXONY8wE6dMLaRk=
+github.com/tetratelabs/wazero v1.9.0 h1:IcZ56OuxrtaEz8UYNRHBrUa9bYeX9oVY93KspZZBf/I=
+github.com/tetratelabs/wazero v1.9.0/go.mod h1:TSbcXCfFP0L2FGkRPxHphadXPjo1T6W+CseNNY7EkjM=
+github.com/yuin/goldmark v1.4.15/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/yuin/goldmark v1.7.13 h1:GPddIs617DnBLFFVJFgpo1aBfe/4xcvMc3SB5t/D0pA=
+github.com/yuin/goldmark v1.7.13/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg=
+github.com/yuin/goldmark-emoji v1.0.6 h1:QWfF2FYaXwL74tfGOW5izeiZepUDroDJfWubQI9HTHs=
+github.com/yuin/goldmark-emoji v1.0.6/go.mod h1:ukxJDKFpdFb5x0a5HqbdlcKtebh086iJpI31LTKmWuA=
+github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc h1:+IAOyRda+RLrxa1WC7umKOZRsGq4QrFFMYApOeHzQwQ=
+github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc/go.mod h1:ovIvrum6DQJA4QsJSovrkC4saKHQVs7TvcaeO8AIl5I=
+go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
+go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
+golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
+golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
+golang.org/x/image v0.34.0 h1:33gCkyw9hmwbZJeZkct8XyR11yH889EQt/QH4VmXMn8=
+golang.org/x/image v0.34.0/go.mod h1:2RNFBZRB+vnwwFil8GkMdRvrJOFd1AzdZI6vOY+eJVU=
+golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
+golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
+golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
+golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+modernc.org/cc/v4 v4.21.4 h1:3Be/Rdo1fpr8GrQ7IVw9OHtplU4gWbb+wNgeoBMmGLQ=
+modernc.org/cc/v4 v4.21.4/go.mod h1:HM7VJTZbUCR3rV8EYBi9wxnJ0ZBRiGE5OeGXNA0IsLQ=
+modernc.org/ccgo/v4 v4.19.2 h1:lwQZgvboKD0jBwdaeVCTouxhxAyN6iawF3STraAal8Y=
+modernc.org/ccgo/v4 v4.19.2/go.mod h1:ysS3mxiMV38XGRTTcgo0DQTeTmAO4oCmJl1nX9VFI3s=
+modernc.org/fileutil v1.3.0 h1:gQ5SIzK3H9kdfai/5x41oQiKValumqNTDXMvKo62HvE=
+modernc.org/fileutil v1.3.0/go.mod h1:XatxS8fZi3pS8/hKG2GH/ArUogfxjpEKs3Ku3aK4JyQ=
+modernc.org/gc/v2 v2.4.1 h1:9cNzOqPyMJBvrUipmynX0ZohMhcxPtMccYgGOJdOiBw=
+modernc.org/gc/v2 v2.4.1/go.mod h1:wzN5dK1AzVGoH6XOzc3YZ+ey/jPgYHLuVckd62P0GYU=
+modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6 h1:5D53IMaUuA5InSeMu9eJtlQXS2NxAhyWQvkKEgXZhHI=
+modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6/go.mod h1:Qz0X07sNOR1jWYCrJMEnbW/X55x206Q7Vt4mz6/wHp4=
+modernc.org/libc v1.55.3 h1:AzcW1mhlPNrRtjS5sS+eW2ISCgSOLLNyFzRh/V3Qj/U=
+modernc.org/libc v1.55.3/go.mod h1:qFXepLhz+JjFThQ4kzwzOjA/y/artDeg+pcYnY+Q83w=
+modernc.org/mathutil v1.6.0 h1:fRe9+AmYlaej+64JsEEhoWuAYBkOtQiMEU7n/XgfYi4=
+modernc.org/mathutil v1.6.0/go.mod h1:Ui5Q9q1TR2gFm0AQRqQUaBWFLAhQpCwNcuhBOSedWPo=
+modernc.org/memory v1.8.0 h1:IqGTL6eFMaDZZhEWwcREgeMXYwmW83LYW8cROZYkg+E=
+modernc.org/memory v1.8.0/go.mod h1:XPZ936zp5OMKGWPqbD3JShgd/ZoQ7899TUuQqxY+peU=
+modernc.org/opt v0.1.3 h1:3XOZf2yznlhC+ibLltsDGzABUGVx8J6pnFMS3E4dcq4=
+modernc.org/opt v0.1.3/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0=
+modernc.org/sortutil v1.2.0 h1:jQiD3PfS2REGJNzNCMMaLSp/wdMNieTbKX920Cqdgqc=
+modernc.org/sortutil v1.2.0/go.mod h1:TKU2s7kJMf1AE84OoiGppNHJwvB753OYfNl2WRb++Ss=
+modernc.org/sqlite v1.34.0 h1:wnIcc4XIGoWVkM9qGKn2PARAmpXsQWGebuOVOBYZZVY=
+modernc.org/sqlite v1.34.0/go.mod h1:pXV2xHxhzXZsgT/RtTFAPY6JJDEvOTcTdwADQCCWD4k=
+modernc.org/strutil v1.2.0 h1:agBi9dp1I+eOnxXeiZawM8F4LawKv4NzGWSaLfyeNZA=
+modernc.org/strutil v1.2.0/go.mod h1:/mdcBmfOibveCTBxUl5B5l6W+TTH1FXPLHZE6bTosX0=
+modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
+modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
diff --git a/internal/auth/middleware.go b/internal/auth/middleware.go
new file mode 100644
index 0000000..f70e920
--- /dev/null
+++ b/internal/auth/middleware.go
@@ -0,0 +1,54 @@
+package auth
+
+import (
+	"context"
+	"net/http"
+	"strings"
+
+	"github.com/writekitapp/writekit/internal/db"
+)
+
+type ctxKey string
+
+const userIDKey ctxKey = "userID"
+
+func SessionMiddleware(database *db.DB) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			token := extractToken(r)
+			if token == "" {
+				http.Error(w, "unauthorized", http.StatusUnauthorized)
+				return
+			}
+
+			session, err := database.ValidateSession(r.Context(), token)
+			if err != nil || session == nil {
+				http.Error(w, "unauthorized", http.StatusUnauthorized)
+				return
+			}
+
+			ctx := context.WithValue(r.Context(), userIDKey, session.UserID)
+			next.ServeHTTP(w, r.WithContext(ctx))
+		})
+	}
+}
+
+func GetUserID(r *http.Request) string {
+	if id, ok := r.Context().Value(userIDKey).(string); ok {
+		return id
+	}
+	return ""
+}
+
+func extractToken(r *http.Request) string {
+	if cookie, err := r.Cookie("writekit_session"); err == nil && cookie.Value != "" {
+		return cookie.Value
+	}
+
+	auth := r.Header.Get("Authorization")
+	if strings.HasPrefix(auth, "Bearer ") {
+		return strings.TrimPrefix(auth, "Bearer ")
+	}
+
+	return r.URL.Query().Get("token")
+}
diff --git a/internal/auth/oauth.go b/internal/auth/oauth.go
new file mode 100644
index 0000000..890acae
--- /dev/null
+++ b/internal/auth/oauth.go
@@ -0,0 +1,535 @@
+package auth
+
+import (
+	"context"
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"log/slog"
+	"net/http"
+	"net/url"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/writekitapp/writekit/internal/db"
+)
+
+type Handler struct {
+	database      *db.DB
+	sessionSecret []byte
+	baseURL       string
+	providers     map[string]provider
+}
+
+type provider struct {
+	Name         string
+	ClientID     string
+	ClientSecret string
+	AuthURL      string
+	TokenURL     string
+	UserInfoURL  string
+	Scopes       []string
+}
+
+type oauthToken struct {
+	AccessToken string `json:"access_token"`
+}
+
+type oauthState struct {
+	Provider  string `json:"p"`
+	TenantID  string `json:"t,omitempty"`
+	Redirect  string `json:"r,omitempty"`
+	Callback  string `json:"c,omitempty"`
+	Timestamp int64  `json:"ts"`
+}
+
+type userInfo struct {
+	ID        string
+	Email     string
+	Name      string
+	AvatarURL string
+}
+
+func NewHandler(database *db.DB) *Handler {
+	baseURL := os.Getenv("BASE_URL")
+	if baseURL == "" {
+		baseURL = "https://writekit.dev"
+	}
+
+	secret := os.Getenv("SESSION_SECRET")
+	if secret == "" {
+		secret = "dev-secret-change-in-production"
+	}
+
+	h := &Handler{
+		database:      database,
+		sessionSecret: []byte(secret),
+		baseURL:       baseURL,
+		providers:     make(map[string]provider),
+	}
+
+	if id := os.Getenv("GOOGLE_CLIENT_ID"); id != "" {
+		h.providers["google"] = provider{
+			Name:         "Google",
+			ClientID:     id,
+			ClientSecret: os.Getenv("GOOGLE_CLIENT_SECRET"),
+			AuthURL:      "https://accounts.google.com/o/oauth2/v2/auth",
+			TokenURL:     "https://oauth2.googleapis.com/token",
+			UserInfoURL:  "https://www.googleapis.com/oauth2/v2/userinfo",
+			Scopes:       []string{"email", "profile"},
+		}
+	}
+
+	if id := os.Getenv("GITHUB_CLIENT_ID"); id != "" {
+		h.providers["github"] = provider{
+			Name:         "GitHub",
+			ClientID:     id,
+			ClientSecret: os.Getenv("GITHUB_CLIENT_SECRET"),
+			AuthURL:      "https://github.com/login/oauth/authorize",
+			TokenURL:     "https://github.com/login/oauth/access_token",
+			UserInfoURL:  "https://api.github.com/user",
+			Scopes:       []string{"user:email"},
+		}
+	}
+
+	if id := os.Getenv("DISCORD_CLIENT_ID"); id != "" {
+		h.providers["discord"] = provider{
+			Name:         "Discord",
+			ClientID:     id,
+			ClientSecret: os.Getenv("DISCORD_CLIENT_SECRET"),
+			AuthURL:      "https://discord.com/api/oauth2/authorize",
+			TokenURL:     "https://discord.com/api/oauth2/token",
+			UserInfoURL:  "https://discord.com/api/users/@me",
+			Scopes:       []string{"identify", "email"},
+		}
+	}
+
+	return h
+}
+
+func (h *Handler) Routes() chi.Router {
+	r := chi.NewRouter()
+	r.Get("/google", h.initiate)
+	r.Get("/github", h.initiate)
+	r.Get("/discord", h.initiate)
+	r.Get("/callback", h.callback)
+	r.Get("/validate", h.validate)
+	r.Get("/user", h.user)
+	r.Get("/providers", h.listProviders)
+	r.Post("/logout", h.logout)
+	return r
+}
+
+func (h *Handler) initiate(w http.ResponseWriter, r *http.Request) {
+	providerName := strings.TrimPrefix(r.URL.Path, "/auth/")
+	if _, ok := h.providers[providerName]; !ok {
+		http.Error(w, "unknown provider", http.StatusBadRequest)
+		return
+	}
+
+	p := h.providers[providerName]
+	state := oauthState{
+		Provider:  providerName,
+		TenantID:  r.URL.Query().Get("tenant"),
+		Redirect:  r.URL.Query().Get("redirect"),
+		Callback:  r.URL.Query().Get("callback"),
+		Timestamp: time.Now().Unix(),
+	}
+
+	stateStr, err := h.encodeState(state)
+	if err != nil {
+		slog.Error("encode state", "error", err)
+		http.Error(w, "internal error", http.StatusInternalServerError)
+		return
+	}
+
+	authURL := fmt.Sprintf("%s?client_id=%s&redirect_uri=%s&response_type=code&scope=%s&state=%s",
+		p.AuthURL,
+		url.QueryEscape(p.ClientID),
+		url.QueryEscape(h.baseURL+"/auth/callback"),
+		url.QueryEscape(strings.Join(p.Scopes, " ")),
+		url.QueryEscape(stateStr),
+	)
+
+	if providerName == "discord" {
+		authURL += "&prompt=consent"
+	}
+
+	http.Redirect(w, r, authURL, http.StatusTemporaryRedirect)
+}
+
+func (h *Handler) callback(w http.ResponseWriter, r *http.Request) {
+	code := r.URL.Query().Get("code")
+	stateStr := r.URL.Query().Get("state")
+
+	if code == "" || stateStr == "" {
+		http.Error(w, "missing code or state", http.StatusBadRequest)
+		return
+	}
+
+	state, err := h.decodeState(stateStr)
+	if err != nil {
+		slog.Error("decode state", "error", err)
+		http.Error(w, "invalid state", http.StatusBadRequest)
+		return
+	}
+
+	if time.Now().Unix()-state.Timestamp > 600 {
+		http.Error(w, "state expired", http.StatusBadRequest)
+		return
+	}
+
+	p, ok := h.providers[state.Provider]
+	if !ok {
+		http.Error(w, "unknown provider", http.StatusBadRequest)
+		return
+	}
+
+	token, err := h.exchangeCode(r.Context(), p, code)
+	if err != nil {
+		slog.Error("exchange code", "error", err)
+		http.Error(w, "auth failed", http.StatusInternalServerError)
+		return
+	}
+
+	info, err := h.getUserInfo(r.Context(), p, state.Provider, token)
+	if err != nil {
+		slog.Error("get user info", "error", err)
+		http.Error(w, "failed to get user info", http.StatusInternalServerError)
+		return
+	}
+
+	user, err := h.findOrCreateUser(r.Context(), state.Provider, info)
+	if err != nil {
+		slog.Error("find or create user", "error", err)
+		http.Error(w, "failed to create user", http.StatusInternalServerError)
+		return
+	}
+
+	session, err := h.database.CreateSession(r.Context(), user.ID)
+	if err != nil {
+		slog.Error("create session", "error", err)
+		http.Error(w, "failed to create session", http.StatusInternalServerError)
+		return
+	}
+
+	if state.Callback != "" {
+		callbackURL := state.Callback
+		if strings.Contains(callbackURL, "?") {
+			callbackURL += "&token=" + session.Token
+		} else {
+			callbackURL += "?token=" + session.Token
+		}
+		http.Redirect(w, r, callbackURL, http.StatusTemporaryRedirect)
+		return
+	}
+
+	redirect := state.Redirect
+	if redirect == "" || !strings.HasPrefix(redirect, "/") || strings.HasPrefix(redirect, "//") {
+		redirect = "/"
+	}
+
+	http.SetCookie(w, &http.Cookie{
+		Name:     "writekit_session",
+		Value:    session.Token,
+		Path:     "/",
+		Expires:  session.ExpiresAt,
+		HttpOnly: true,
+		SameSite: http.SameSiteLaxMode,
+		Secure:   !strings.Contains(h.baseURL, "localhost"),
+	})
+
+	http.Redirect(w, r, redirect, http.StatusTemporaryRedirect)
+}
+
+func (h *Handler) validate(w http.ResponseWriter, r *http.Request) {
+	token := r.URL.Query().Get("token")
+	if token == "" {
+		http.Error(w, "missing token", http.StatusBadRequest)
+		return
+	}
+
+	session, err := h.database.ValidateSession(r.Context(), token)
+	if err != nil {
+		http.Error(w, "internal error", http.StatusInternalServerError)
+		return
+	}
+	if session == nil {
+		http.Error(w, "invalid session", http.StatusUnauthorized)
+		return
+	}
+
+	w.WriteHeader(http.StatusOK)
+}
+
+func (h *Handler) user(w http.ResponseWriter, r *http.Request) {
+	token := r.URL.Query().Get("token")
+	if token == "" {
+		http.Error(w, "missing token", http.StatusBadRequest)
+		return
+	}
+
+	session, err := h.database.ValidateSession(r.Context(), token)
+	if err != nil || session == nil {
+		http.Error(w, "invalid session", http.StatusUnauthorized)
+		return
+	}
+
+	user, err := h.database.GetUserByID(r.Context(), session.UserID)
+	if err != nil || user == nil {
+		http.Error(w, "user not found", http.StatusNotFound)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(map[string]any{
+		"id":         user.ID,
+		"email":      user.Email,
+		"name":       user.Name,
+		"avatar_url": user.AvatarURL,
+	})
+}
+
+func (h *Handler) listProviders(w http.ResponseWriter, r *http.Request) {
+	providers := []map[string]string{}
+	if _, ok := h.providers["google"]; ok {
+		providers = append(providers, map[string]string{"id": "google", "name": "Google"})
+	}
+	if _, ok := h.providers["github"]; ok {
+		providers = append(providers, map[string]string{"id": "github", "name": "GitHub"})
+	}
+	if _, ok := h.providers["discord"]; ok {
+		providers = append(providers, map[string]string{"id": "discord", "name": "Discord"})
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(map[string]any{"providers": providers})
+}
+
+func (h *Handler) logout(w http.ResponseWriter, r *http.Request) {
+	cookie, err := r.Cookie("writekit_session")
+	if err == nil && cookie.Value != "" {
+		h.database.DeleteSession(r.Context(), cookie.Value)
+	}
+
+	http.SetCookie(w, &http.Cookie{
+		Name:     "writekit_session",
+		Value:    "",
+		Path:     "/",
+		MaxAge:   -1,
+		HttpOnly: true,
+		SameSite: http.SameSiteLaxMode,
+		Secure:   !strings.Contains(h.baseURL, "localhost"),
+	})
+
+	w.WriteHeader(http.StatusOK)
+}
+
+func (h *Handler) exchangeCode(ctx context.Context, p provider, code string) (*oauthToken, error) {
+	data := url.Values{}
+	data.Set("client_id", p.ClientID)
+	data.Set("client_secret", p.ClientSecret)
+	data.Set("code", code)
+	data.Set("redirect_uri", h.baseURL+"/auth/callback")
+	data.Set("grant_type", "authorization_code")
+
+	req, err := http.NewRequestWithContext(ctx, "POST", p.TokenURL, strings.NewReader(data.Encode()))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	req.Header.Set("Accept", "application/json")
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	body, _ := io.ReadAll(resp.Body)
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("token exchange failed: %s", body)
+	}
+
+	var token oauthToken
+	if err := json.Unmarshal(body, &token); err != nil {
+		return nil, err
+	}
+	return &token, nil
+}
+
+func (h *Handler) getUserInfo(ctx context.Context, p provider, providerName string, token *oauthToken) (*userInfo, error) {
+	req, err := http.NewRequestWithContext(ctx, "GET", p.UserInfoURL, nil)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Authorization", "Bearer "+token.AccessToken)
+	req.Header.Set("Accept", "application/json")
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	body, _ := io.ReadAll(resp.Body)
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("user info failed: %s", body)
+	}
+
+	var raw map[string]any
+	if err := json.Unmarshal(body, &raw); err != nil {
+		return nil, err
+	}
+
+	info := &userInfo{}
+
+	switch providerName {
+	case "google":
+		info.ID = getString(raw, "id")
+		info.Email = getString(raw, "email")
+		info.Name = getString(raw, "name")
+		info.AvatarURL = getString(raw, "picture")
+
+	case "github":
+		info.ID = fmt.Sprintf("%v", raw["id"])
+		info.Email = getString(raw, "email")
+		info.Name = getString(raw, "name")
+		if info.Name == "" {
+			info.Name = getString(raw, "login")
+		}
+		info.AvatarURL = getString(raw, "avatar_url")
+
+		if info.Email == "" {
+			info.Email, _ = h.getGitHubEmail(ctx, token)
+		}
+
+	case "discord":
+		info.ID = getString(raw, "id")
+		info.Email = getString(raw, "email")
+		info.Name = getString(raw, "global_name")
+		if info.Name == "" {
+			info.Name = getString(raw, "username")
+		}
+		if avatar := getString(raw, "avatar"); avatar != "" {
+			info.AvatarURL = fmt.Sprintf("https://cdn.discordapp.com/avatars/%s/%s.png", info.ID, avatar)
+		}
+	}
+
+	if info.Email == "" {
+		return nil, fmt.Errorf("no email from provider")
+	}
+	return info, nil
+}
+
+func (h *Handler) getGitHubEmail(ctx context.Context, token *oauthToken) (string, error) {
+	req, err := http.NewRequestWithContext(ctx, "GET", "https://api.github.com/user/emails", nil)
+	if err != nil {
+		return "", err
+	}
+	req.Header.Set("Authorization", "Bearer "+token.AccessToken)
+	req.Header.Set("Accept", "application/json")
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return "", err
+	}
+	defer resp.Body.Close()
+
+	var emails []struct {
+		Email    string `json:"email"`
+		Primary  bool   `json:"primary"`
+		Verified bool   `json:"verified"`
+	}
+	if err := json.NewDecoder(resp.Body).Decode(&emails); err != nil {
+		return "", err
+	}
+
+	for _, e := range emails {
+		if e.Primary && e.Verified {
+			return e.Email, nil
+		}
+	}
+	for _, e := range emails {
+		if e.Verified {
+			return e.Email, nil
+		}
+	}
+	return "", nil
+}
+
+func (h *Handler) findOrCreateUser(ctx context.Context, providerName string, info *userInfo) (*db.User, error) {
+	user, err := h.database.GetUserByIdentity(ctx, providerName, info.ID)
+	if err != nil {
+		return nil, err
+	}
+	if user != nil {
+		return user, nil
+	}
+
+	user, err = h.database.GetUserByEmail(ctx, info.Email)
+	if err != nil {
+		return nil, err
+	}
+	if user != nil {
+		h.database.AddUserIdentity(ctx, user.ID, providerName, info.ID, info.Email)
+		return user, nil
+	}
+
+	user, err = h.database.CreateUser(ctx, info.Email, info.Name, info.AvatarURL)
+	if err != nil {
+		return nil, err
+	}
+	h.database.AddUserIdentity(ctx, user.ID, providerName, info.ID, info.Email)
+	return user, nil
+}
+
+func (h *Handler) encodeState(state oauthState) (string, error) {
+	data, err := json.Marshal(state)
+	if err != nil {
+		return "", err
+	}
+	mac := hmac.New(sha256.New, h.sessionSecret)
+	mac.Write(data)
+	sig := mac.Sum(nil)
+	return base64.URLEncoding.EncodeToString(append(data, sig...)), nil
+}
+
+func (h *Handler) decodeState(s string) (*oauthState, error) {
+	payload, err := base64.URLEncoding.DecodeString(s)
+	if err != nil {
+		return nil, err
+	}
+	if len(payload) < 32 {
+		return nil, fmt.Errorf("invalid state")
+	}
+
+	data := payload[:len(payload)-32]
+	sig := payload[len(payload)-32:]
+
+	mac := hmac.New(sha256.New, h.sessionSecret)
+	mac.Write(data)
+	if !hmac.Equal(sig, mac.Sum(nil)) {
+		return nil, fmt.Errorf("invalid signature")
+	}
+
+	var state oauthState
+	if err := json.Unmarshal(data, &state); err != nil {
+		return nil, err
+	}
+	return &state, nil
+}
+
+func getString(m map[string]any, key string) string {
+	if v, ok := m[key]; ok {
+		if s, ok := v.(string); ok {
+			return s
+		}
+	}
+	return ""
+}
diff --git a/internal/billing/lemon.go b/internal/billing/lemon.go
new file mode 100644
index 0000000..0df1b95
--- /dev/null
+++ b/internal/billing/lemon.go
@@ -0,0 +1,234 @@
+package billing
+
+import (
+	"bytes"
+	"context"
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+)
+
+const lemonBaseURL = "https://api.lemonsqueezy.com/v1"
+
+type LemonClient struct {
+	apiKey        string
+	storeID       string
+	webhookSecret string
+	httpClient    *http.Client
+}
+
+func NewLemonClient() *LemonClient {
+	return &LemonClient{
+		apiKey:        os.Getenv("LEMON_API_KEY"),
+		storeID:       os.Getenv("LEMON_STORE_ID"),
+		webhookSecret: os.Getenv("LEMON_WEBHOOK_SECRET"),
+		httpClient:    &http.Client{},
+	}
+}
+
+func (c *LemonClient) IsConfigured() bool {
+	return c.apiKey != "" && c.storeID != ""
+}
+
+type CheckoutRequest struct {
+	StoreID         string            `json:"store_id"`
+	VariantID       string            `json:"variant_id"`
+	CustomPrice     *int              `json:"custom_price,omitempty"`
+	CheckoutOptions *CheckoutOptions  `json:"checkout_options,omitempty"`
+	CheckoutData    *CheckoutData     `json:"checkout_data,omitempty"`
+}
+
+type CheckoutOptions struct {
+	Embed bool `json:"embed,omitempty"`
+}
+
+type CheckoutData struct {
+	Email  string            `json:"email,omitempty"`
+	Name   string            `json:"name,omitempty"`
+	Custom map[string]string `json:"custom,omitempty"`
+}
+
+type CheckoutResponse struct {
+	Data struct {
+		ID         string `json:"id"`
+		Attributes struct {
+			URL string `json:"url"`
+		} `json:"attributes"`
+	} `json:"data"`
+}
+
+func (c *LemonClient) CreateCheckout(ctx context.Context, req *CheckoutRequest) (*CheckoutResponse, error) {
+	if req.StoreID == "" {
+		req.StoreID = c.storeID
+	}
+
+	payload := map[string]any{
+		"data": map[string]any{
+			"type":       "checkouts",
+			"attributes": req,
+			"relationships": map[string]any{
+				"store": map[string]any{
+					"data": map[string]any{"type": "stores", "id": req.StoreID},
+				},
+				"variant": map[string]any{
+					"data": map[string]any{"type": "variants", "id": req.VariantID},
+				},
+			},
+		},
+	}
+
+	body, err := json.Marshal(payload)
+	if err != nil {
+		return nil, err
+	}
+
+	httpReq, err := http.NewRequestWithContext(ctx, "POST", lemonBaseURL+"/checkouts", bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+
+	httpReq.Header.Set("Authorization", "Bearer "+c.apiKey)
+	httpReq.Header.Set("Content-Type", "application/vnd.api+json")
+	httpReq.Header.Set("Accept", "application/vnd.api+json")
+
+	resp, err := c.httpClient.Do(httpReq)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	if resp.StatusCode != http.StatusCreated && resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("checkout creation failed (status %d): %s", resp.StatusCode, string(respBody))
+	}
+
+	var checkoutResp CheckoutResponse
+	if err := json.Unmarshal(respBody, &checkoutResp); err != nil {
+		return nil, err
+	}
+
+	return &checkoutResp, nil
+}
+
+func (c *LemonClient) CreateSubscriptionCheckout(ctx context.Context, variantID, email, name string, custom map[string]string) (string, error) {
+	req := &CheckoutRequest{
+		VariantID: variantID,
+		CheckoutData: &CheckoutData{
+			Email:  email,
+			Name:   name,
+			Custom: custom,
+		},
+		CheckoutOptions: &CheckoutOptions{Embed: true},
+	}
+
+	resp, err := c.CreateCheckout(ctx, req)
+	if err != nil {
+		return "", err
+	}
+
+	return resp.Data.Attributes.URL, nil
+}
+
+func (c *LemonClient) CreateDonationCheckout(ctx context.Context, variantID string, amountCents int, email, name, message string, custom map[string]string) (string, error) {
+	if custom == nil {
+		custom = make(map[string]string)
+	}
+	if message != "" {
+		custom["message"] = message
+	}
+
+	req := &CheckoutRequest{
+		VariantID:   variantID,
+		CustomPrice: &amountCents,
+		CheckoutData: &CheckoutData{
+			Email:  email,
+			Name:   name,
+			Custom: custom,
+		},
+		CheckoutOptions: &CheckoutOptions{Embed: true},
+	}
+
+	resp, err := c.CreateCheckout(ctx, req)
+	if err != nil {
+		return "", err
+	}
+
+	return resp.Data.Attributes.URL, nil
+}
+
+func (c *LemonClient) VerifyWebhook(payload []byte, signature string) bool {
+	if c.webhookSecret == "" {
+		return false
+	}
+
+	mac := hmac.New(sha256.New, []byte(c.webhookSecret))
+	mac.Write(payload)
+	expectedSig := hex.EncodeToString(mac.Sum(nil))
+
+	return hmac.Equal([]byte(signature), []byte(expectedSig))
+}
+
+type WebhookEvent struct {
+	Meta struct {
+		EventName  string            `json:"event_name"`
+		CustomData map[string]string `json:"custom_data"`
+	} `json:"meta"`
+	Data json.RawMessage `json:"data"`
+}
+
+type SubscriptionData struct {
+	ID         string `json:"id"`
+	Attributes struct {
+		CustomerID  int    `json:"customer_id"`
+		VariantName string `json:"variant_name"`
+		UserName    string `json:"user_name"`
+		UserEmail   string `json:"user_email"`
+		Status      string `json:"status"`
+		RenewsAt    string `json:"renews_at"`
+		FirstSubscriptionItem struct {
+			Price int `json:"price"`
+		} `json:"first_subscription_item"`
+	} `json:"attributes"`
+}
+
+type OrderData struct {
+	ID         string `json:"id"`
+	Attributes struct {
+		UserName  string `json:"user_name"`
+		UserEmail string `json:"user_email"`
+		TotalUsd  int    `json:"total_usd"`
+	} `json:"attributes"`
+}
+
+func (c *LemonClient) ParseWebhookEvent(payload []byte) (*WebhookEvent, error) {
+	var event WebhookEvent
+	if err := json.Unmarshal(payload, &event); err != nil {
+		return nil, err
+	}
+	return &event, nil
+}
+
+func (e *WebhookEvent) GetSubscriptionData() (*SubscriptionData, error) {
+	var data SubscriptionData
+	if err := json.Unmarshal(e.Data, &data); err != nil {
+		return nil, err
+	}
+	return &data, nil
+}
+
+func (e *WebhookEvent) GetOrderData() (*OrderData, error) {
+	var data OrderData
+	if err := json.Unmarshal(e.Data, &data); err != nil {
+		return nil, err
+	}
+	return &data, nil
+}
diff --git a/internal/billing/payout.go b/internal/billing/payout.go
new file mode 100644
index 0000000..4361699
--- /dev/null
+++ b/internal/billing/payout.go
@@ -0,0 +1,126 @@
+package billing
+
+import (
+	"context"
+	"fmt"
+	"log/slog"
+	"os"
+	"strconv"
+	"time"
+)
+
+type PayoutWorker struct {
+	store          *Store
+	wise           *WiseClient
+	thresholdCents int
+	interval       time.Duration
+}
+
+func NewPayoutWorker(store *Store, wiseClient *WiseClient) *PayoutWorker {
+	threshold := 1000
+	if v := os.Getenv("PAYOUT_THRESHOLD_CENTS"); v != "" {
+		if t, err := strconv.Atoi(v); err == nil {
+			threshold = t
+		}
+	}
+
+	return &PayoutWorker{
+		store:          store,
+		wise:           wiseClient,
+		thresholdCents: threshold,
+		interval:       5 * time.Minute,
+	}
+}
+
+func (w *PayoutWorker) Start(ctx context.Context) {
+	if !w.wise.IsConfigured() {
+		slog.Warn("wise not configured, payouts disabled")
+		return
+	}
+
+	ticker := time.NewTicker(w.interval)
+	defer ticker.Stop()
+
+	slog.Info("payout worker started", "threshold_cents", w.thresholdCents, "interval", w.interval)
+
+	for {
+		select {
+		case <-ctx.Done():
+			slog.Info("payout worker stopped")
+			return
+		case <-ticker.C:
+			w.processPayouts(ctx)
+		}
+	}
+}
+
+func (w *PayoutWorker) processPayouts(ctx context.Context) {
+	balances, err := w.store.GetTenantsReadyForPayout(ctx, w.thresholdCents)
+	if err != nil {
+		slog.Error("failed to get tenants ready for payout", "error", err)
+		return
+	}
+
+	for _, balance := range balances {
+		if err := w.processPayout(ctx, balance.TenantID, balance.AvailableCents); err != nil {
+			slog.Error("failed to process payout",
+				"tenant_id", balance.TenantID,
+				"amount_cents", balance.AvailableCents,
+				"error", err,
+			)
+			continue
+		}
+	}
+}
+
+func (w *PayoutWorker) processPayout(ctx context.Context, tenantID string, amountCents int) error {
+	settings, err := w.store.GetPayoutSettings(ctx, tenantID)
+	if err != nil {
+		return fmt.Errorf("get payout settings: %w", err)
+	}
+	if settings == nil || settings.WiseRecipientID == "" {
+		return fmt.Errorf("payout not configured for tenant")
+	}
+
+	recipientID, err := strconv.ParseInt(settings.WiseRecipientID, 10, 64)
+	if err != nil {
+		return fmt.Errorf("invalid recipient ID: %w", err)
+	}
+
+	quote, err := w.wise.CreateQuote(ctx, "USD", settings.Currency, amountCents)
+	if err != nil {
+		return fmt.Errorf("create quote: %w", err)
+	}
+
+	reference := fmt.Sprintf("WK-%s-%d", tenantID[:8], time.Now().Unix())
+
+	transfer, err := w.wise.CreateTransfer(ctx, quote.ID, recipientID, reference)
+	if err != nil {
+		return fmt.Errorf("create transfer: %w", err)
+	}
+
+	payoutID, err := w.store.CreatePayout(ctx, tenantID, amountCents, settings.Currency, fmt.Sprintf("%d", transfer.ID), quote.ID, "pending")
+	if err != nil {
+		return fmt.Errorf("record payout: %w", err)
+	}
+
+	if err := w.wise.FundTransfer(ctx, transfer.ID); err != nil {
+		w.store.UpdatePayoutStatus(ctx, payoutID, "failed", nil, err.Error())
+		return fmt.Errorf("fund transfer: %w", err)
+	}
+
+	if err := w.store.DeductBalance(ctx, tenantID, amountCents); err != nil {
+		return fmt.Errorf("deduct balance: %w", err)
+	}
+
+	w.store.UpdatePayoutStatus(ctx, payoutID, "processing", nil, "")
+
+	slog.Info("payout initiated",
+		"tenant_id", tenantID,
+		"amount_cents", amountCents,
+		"transfer_id", transfer.ID,
+		"payout_id", payoutID,
+	)
+
+	return nil
+}
diff --git a/internal/billing/store.go b/internal/billing/store.go
new file mode 100644
index 0000000..0b64e15
--- /dev/null
+++ b/internal/billing/store.go
@@ -0,0 +1,333 @@
+package billing
+
+import (
+	"context"
+	"database/sql"
+	"time"
+
+	"github.com/jackc/pgx/v5/pgxpool"
+)
+
+type Store struct {
+	db *pgxpool.Pool
+}
+
+func NewStore(db *pgxpool.Pool) *Store {
+	return &Store{db: db}
+}
+
+type Tier struct {
+	ID             string
+	TenantID       string
+	Name           string
+	PriceCents     int
+	Description    string
+	LemonVariantID string
+	Active         bool
+	CreatedAt      time.Time
+}
+
+type Subscription struct {
+	ID                  string
+	TenantID            string
+	UserID              string
+	TierID              string
+	TierName            string
+	Status              string
+	LemonSubscriptionID string
+	LemonCustomerID     string
+	AmountCents         int
+	CurrentPeriodStart  time.Time
+	CurrentPeriodEnd    time.Time
+	CancelledAt         *time.Time
+	CreatedAt           time.Time
+}
+
+type Donation struct {
+	ID           string
+	TenantID     string
+	UserID       string
+	DonorEmail   string
+	DonorName    string
+	AmountCents  int
+	LemonOrderID string
+	Message      string
+	CreatedAt    time.Time
+}
+
+type Balance struct {
+	TenantID              string
+	AvailableCents        int
+	LifetimeEarningsCents int
+	LifetimePaidCents     int
+	UpdatedAt             time.Time
+}
+
+type PayoutSettings struct {
+	TenantID          string
+	WiseRecipientID   string
+	AccountHolderName string
+	Currency          string
+	PayoutEmail       string
+}
+
+func (s *Store) CreateTier(ctx context.Context, tier *Tier) error {
+	_, err := s.db.Exec(ctx, `
+		INSERT INTO membership_tiers (tenant_id, name, price_cents, description, lemon_variant_id, active)
+		VALUES ($1, $2, $3, $4, $5, $6)
+	`, tier.TenantID, tier.Name, tier.PriceCents, tier.Description, tier.LemonVariantID, tier.Active)
+	return err
+}
+
+func (s *Store) GetTiersByTenant(ctx context.Context, tenantID string) ([]Tier, error) {
+	rows, err := s.db.Query(ctx, `
+		SELECT id, tenant_id, name, price_cents, description, lemon_variant_id, active, created_at
+		FROM membership_tiers
+		WHERE tenant_id = $1 AND active = TRUE
+		ORDER BY price_cents ASC
+	`, tenantID)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var tiers []Tier
+	for rows.Next() {
+		var t Tier
+		if err := rows.Scan(&t.ID, &t.TenantID, &t.Name, &t.PriceCents, &t.Description, &t.LemonVariantID, &t.Active, &t.CreatedAt); err != nil {
+			return nil, err
+		}
+		tiers = append(tiers, t)
+	}
+	return tiers, rows.Err()
+}
+
+func (s *Store) CreateSubscription(ctx context.Context, sub *Subscription) error {
+	_, err := s.db.Exec(ctx, `
+		INSERT INTO subscriptions (tenant_id, user_id, tier_id, tier_name, status, lemon_subscription_id, lemon_customer_id, amount_cents, current_period_start, current_period_end)
+		VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)
+	`, sub.TenantID, sub.UserID, sub.TierID, sub.TierName, sub.Status, sub.LemonSubscriptionID, sub.LemonCustomerID, sub.AmountCents, sub.CurrentPeriodStart, sub.CurrentPeriodEnd)
+	return err
+}
+
+func (s *Store) GetSubscriptionByLemonID(ctx context.Context, lemonSubID string) (*Subscription, error) {
+	var sub Subscription
+	var userID, tierID sql.NullString
+	var cancelledAt sql.NullTime
+	var periodStart, periodEnd sql.NullTime
+
+	err := s.db.QueryRow(ctx, `
+		SELECT id, tenant_id, user_id, tier_id, tier_name, status, lemon_subscription_id, lemon_customer_id,
+		       amount_cents, current_period_start, current_period_end, cancelled_at, created_at
+		FROM subscriptions WHERE lemon_subscription_id = $1
+	`, lemonSubID).Scan(&sub.ID, &sub.TenantID, &userID, &tierID, &sub.TierName, &sub.Status,
+		&sub.LemonSubscriptionID, &sub.LemonCustomerID, &sub.AmountCents, &periodStart, &periodEnd,
+		&cancelledAt, &sub.CreatedAt)
+
+	if err == sql.ErrNoRows {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	sub.UserID = userID.String
+	sub.TierID = tierID.String
+	if periodStart.Valid {
+		sub.CurrentPeriodStart = periodStart.Time
+	}
+	if periodEnd.Valid {
+		sub.CurrentPeriodEnd = periodEnd.Time
+	}
+	if cancelledAt.Valid {
+		sub.CancelledAt = &cancelledAt.Time
+	}
+	return &sub, nil
+}
+
+func (s *Store) UpdateSubscriptionStatus(ctx context.Context, lemonSubID, status string, renewsAt *time.Time) error {
+	_, err := s.db.Exec(ctx, `
+		UPDATE subscriptions
+		SET status = $1, current_period_end = $2, updated_at = NOW()
+		WHERE lemon_subscription_id = $3
+	`, status, renewsAt, lemonSubID)
+	return err
+}
+
+func (s *Store) CancelSubscription(ctx context.Context, lemonSubID string) error {
+	_, err := s.db.Exec(ctx, `
+		UPDATE subscriptions
+		SET status = 'cancelled', cancelled_at = NOW(), updated_at = NOW()
+		WHERE lemon_subscription_id = $1
+	`, lemonSubID)
+	return err
+}
+
+func (s *Store) CreateDonation(ctx context.Context, donation *Donation) error {
+	err := s.db.QueryRow(ctx, `
+		INSERT INTO donations (tenant_id, user_id, donor_email, donor_name, amount_cents, lemon_order_id, message)
+		VALUES ($1, $2, $3, $4, $5, $6, $7)
+		RETURNING id
+	`, donation.TenantID, donation.UserID, donation.DonorEmail, donation.DonorName, donation.AmountCents, donation.LemonOrderID, donation.Message).Scan(&donation.ID)
+	return err
+}
+
+func (s *Store) AddEarnings(ctx context.Context, tenantID, sourceType, sourceID, description string, grossCents, platformFeeCents, processorFeeCents, netCents int) error {
+	tx, err := s.db.Begin(ctx)
+	if err != nil {
+		return err
+	}
+	defer tx.Rollback(ctx)
+
+	_, err = tx.Exec(ctx, `
+		INSERT INTO earnings (tenant_id, source_type, source_id, description, gross_cents, platform_fee_cents, processor_fee_cents, net_cents)
+		VALUES ($1, $2, $3, $4, $5, $6, $7, $8)
+	`, tenantID, sourceType, sourceID, description, grossCents, platformFeeCents, processorFeeCents, netCents)
+	if err != nil {
+		return err
+	}
+
+	_, err = tx.Exec(ctx, `
+		INSERT INTO balances (tenant_id, available_cents, lifetime_earnings_cents, updated_at)
+		VALUES ($1, $2, $2, NOW())
+		ON CONFLICT (tenant_id) DO UPDATE
+		SET available_cents = balances.available_cents + $2,
+		    lifetime_earnings_cents = balances.lifetime_earnings_cents + $2,
+		    updated_at = NOW()
+	`, tenantID, netCents)
+	if err != nil {
+		return err
+	}
+
+	return tx.Commit(ctx)
+}
+
+func (s *Store) GetBalance(ctx context.Context, tenantID string) (*Balance, error) {
+	var b Balance
+	err := s.db.QueryRow(ctx, `
+		SELECT tenant_id, available_cents, lifetime_earnings_cents, lifetime_paid_cents, updated_at
+		FROM balances WHERE tenant_id = $1
+	`, tenantID).Scan(&b.TenantID, &b.AvailableCents, &b.LifetimeEarningsCents, &b.LifetimePaidCents, &b.UpdatedAt)
+
+	if err == sql.ErrNoRows {
+		return &Balance{TenantID: tenantID}, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &b, nil
+}
+
+func (s *Store) GetTenantsReadyForPayout(ctx context.Context, thresholdCents int) ([]Balance, error) {
+	rows, err := s.db.Query(ctx, `
+		SELECT b.tenant_id, b.available_cents, b.lifetime_earnings_cents, b.lifetime_paid_cents, b.updated_at
+		FROM balances b
+		JOIN payout_settings ps ON b.tenant_id = ps.tenant_id
+		WHERE b.available_cents >= $1 AND ps.wise_recipient_id IS NOT NULL
+	`, thresholdCents)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var balances []Balance
+	for rows.Next() {
+		var b Balance
+		if err := rows.Scan(&b.TenantID, &b.AvailableCents, &b.LifetimeEarningsCents, &b.LifetimePaidCents, &b.UpdatedAt); err != nil {
+			return nil, err
+		}
+		balances = append(balances, b)
+	}
+	return balances, rows.Err()
+}
+
+func (s *Store) DeductBalance(ctx context.Context, tenantID string, amountCents int) error {
+	_, err := s.db.Exec(ctx, `
+		UPDATE balances
+		SET available_cents = available_cents - $1,
+		    lifetime_paid_cents = lifetime_paid_cents + $1,
+		    updated_at = NOW()
+		WHERE tenant_id = $2 AND available_cents >= $1
+	`, amountCents, tenantID)
+	return err
+}
+
+func (s *Store) CreatePayout(ctx context.Context, tenantID string, amountCents int, currency, wiseTransferID, wiseQuoteID, status string) (string, error) {
+	var id string
+	err := s.db.QueryRow(ctx, `
+		INSERT INTO payouts (tenant_id, amount_cents, currency, wise_transfer_id, wise_quote_id, status)
+		VALUES ($1, $2, $3, $4, $5, $6)
+		RETURNING id
+	`, tenantID, amountCents, currency, wiseTransferID, wiseQuoteID, status).Scan(&id)
+	return id, err
+}
+
+func (s *Store) UpdatePayoutStatus(ctx context.Context, payoutID, status string, completedAt *time.Time, failureReason string) error {
+	_, err := s.db.Exec(ctx, `
+		UPDATE payouts
+		SET status = $1, completed_at = $2, failure_reason = $3
+		WHERE id = $4
+	`, status, completedAt, failureReason, payoutID)
+	return err
+}
+
+func (s *Store) GetPayoutSettings(ctx context.Context, tenantID string) (*PayoutSettings, error) {
+	var ps PayoutSettings
+	var recipientID, holderName, currency, email sql.NullString
+
+	err := s.db.QueryRow(ctx, `
+		SELECT tenant_id, wise_recipient_id, account_holder_name, currency, payout_email
+		FROM payout_settings WHERE tenant_id = $1
+	`, tenantID).Scan(&ps.TenantID, &recipientID, &holderName, &currency, &email)
+
+	if err == sql.ErrNoRows {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	ps.WiseRecipientID = recipientID.String
+	ps.AccountHolderName = holderName.String
+	ps.Currency = currency.String
+	if ps.Currency == "" {
+		ps.Currency = "USD"
+	}
+	ps.PayoutEmail = email.String
+
+	return &ps, nil
+}
+
+func (s *Store) SavePayoutSettings(ctx context.Context, ps *PayoutSettings) error {
+	_, err := s.db.Exec(ctx, `
+		INSERT INTO payout_settings (tenant_id, wise_recipient_id, account_holder_name, currency, payout_email)
+		VALUES ($1, $2, $3, $4, $5)
+		ON CONFLICT (tenant_id) DO UPDATE
+		SET wise_recipient_id = $2,
+		    account_holder_name = $3,
+		    currency = $4,
+		    payout_email = $5,
+		    updated_at = NOW()
+	`, ps.TenantID, ps.WiseRecipientID, ps.AccountHolderName, ps.Currency, ps.PayoutEmail)
+	return err
+}
+
+type User struct {
+	ID    string
+	Email string
+	Name  string
+}
+
+func (s *Store) GetUserByID(ctx context.Context, id string) (*User, error) {
+	var u User
+	err := s.db.QueryRow(ctx,
+		`SELECT id, email, COALESCE(name, '') FROM users WHERE id = $1`,
+		id).Scan(&u.ID, &u.Email, &u.Name)
+	if err == sql.ErrNoRows {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &u, nil
+}
diff --git a/internal/billing/webhook.go b/internal/billing/webhook.go
new file mode 100644
index 0000000..a16533b
--- /dev/null
+++ b/internal/billing/webhook.go
@@ -0,0 +1,303 @@
+package billing
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"log/slog"
+	"net/http"
+	"strconv"
+	"time"
+)
+
+type MemberSyncer interface {
+	SyncMember(ctx context.Context, tenantID, userID, email, name, tier, status string, expiresAt *time.Time) error
+}
+
+type WebhookHandler struct {
+	store        *Store
+	lemon        *LemonClient
+	memberSyncer MemberSyncer
+}
+
+func NewWebhookHandler(store *Store, lemonClient *LemonClient, syncer MemberSyncer) *WebhookHandler {
+	return &WebhookHandler{
+		store:        store,
+		lemon:        lemonClient,
+		memberSyncer: syncer,
+	}
+}
+
+func (h *WebhookHandler) HandleWebhook(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	body, err := io.ReadAll(r.Body)
+	if err != nil {
+		slog.Error("failed to read webhook body", "error", err)
+		http.Error(w, "Failed to read body", http.StatusBadRequest)
+		return
+	}
+
+	signature := r.Header.Get("X-Signature")
+	if !h.lemon.VerifyWebhook(body, signature) {
+		slog.Warn("invalid webhook signature")
+		http.Error(w, "Invalid signature", http.StatusUnauthorized)
+		return
+	}
+
+	event, err := h.lemon.ParseWebhookEvent(body)
+	if err != nil {
+		slog.Error("failed to parse webhook event", "error", err)
+		http.Error(w, "Failed to parse event", http.StatusBadRequest)
+		return
+	}
+
+	ctx := r.Context()
+
+	switch event.Meta.EventName {
+	case "subscription_created":
+		err = h.handleSubscriptionCreated(ctx, event)
+	case "subscription_updated":
+		err = h.handleSubscriptionUpdated(ctx, event)
+	case "subscription_cancelled":
+		err = h.handleSubscriptionCancelled(ctx, event)
+	case "subscription_payment_success":
+		err = h.handleSubscriptionPayment(ctx, event)
+	case "order_created":
+		err = h.handleOrderCreated(ctx, event)
+	default:
+		slog.Debug("unhandled webhook event", "event", event.Meta.EventName)
+	}
+
+	if err != nil {
+		slog.Error("webhook handler error", "event", event.Meta.EventName, "error", err)
+		http.Error(w, "Handler error", http.StatusInternalServerError)
+		return
+	}
+
+	w.WriteHeader(http.StatusOK)
+}
+
+func (h *WebhookHandler) handleSubscriptionCreated(ctx context.Context, event *WebhookEvent) error {
+	data, err := event.GetSubscriptionData()
+	if err != nil {
+		return fmt.Errorf("parse subscription data: %w", err)
+	}
+
+	tenantID := event.Meta.CustomData["tenant_id"]
+	userID := event.Meta.CustomData["user_id"]
+	tierID := event.Meta.CustomData["tier_id"]
+
+	if tenantID == "" {
+		return fmt.Errorf("missing tenant_id in custom data")
+	}
+
+	sub := &Subscription{
+		TenantID:            tenantID,
+		UserID:              userID,
+		TierID:              tierID,
+		TierName:            data.Attributes.VariantName,
+		Status:              normalizeStatus(data.Attributes.Status),
+		LemonSubscriptionID: data.ID,
+		LemonCustomerID:     strconv.Itoa(data.Attributes.CustomerID),
+		AmountCents:         data.Attributes.FirstSubscriptionItem.Price,
+	}
+
+	if data.Attributes.RenewsAt != "" {
+		if t, err := time.Parse(time.RFC3339, data.Attributes.RenewsAt); err == nil {
+			sub.CurrentPeriodEnd = t
+		}
+	}
+	sub.CurrentPeriodStart = time.Now()
+
+	if err := h.store.CreateSubscription(ctx, sub); err != nil {
+		return fmt.Errorf("create subscription: %w", err)
+	}
+
+	if h.memberSyncer != nil && userID != "" {
+		user, _ := h.store.GetUserByID(ctx, userID)
+		email, name := "", ""
+		if user != nil {
+			email, name = user.Email, user.Name
+		}
+		if err := h.memberSyncer.SyncMember(ctx, tenantID, userID, email, name, sub.TierName, "active", &sub.CurrentPeriodEnd); err != nil {
+			slog.Error("sync member failed", "tenant_id", tenantID, "user_id", userID, "error", err)
+		}
+	}
+
+	slog.Info("subscription created",
+		"tenant_id", tenantID,
+		"lemon_id", data.ID,
+		"tier", data.Attributes.VariantName,
+	)
+
+	return nil
+}
+
+func (h *WebhookHandler) handleSubscriptionUpdated(ctx context.Context, event *WebhookEvent) error {
+	data, err := event.GetSubscriptionData()
+	if err != nil {
+		return fmt.Errorf("parse subscription data: %w", err)
+	}
+
+	var renewsAt *time.Time
+	if data.Attributes.RenewsAt != "" {
+		if t, err := time.Parse(time.RFC3339, data.Attributes.RenewsAt); err == nil {
+			renewsAt = &t
+		}
+	}
+
+	status := normalizeStatus(data.Attributes.Status)
+
+	if err := h.store.UpdateSubscriptionStatus(ctx, data.ID, status, renewsAt); err != nil {
+		return fmt.Errorf("update subscription: %w", err)
+	}
+
+	if h.memberSyncer != nil {
+		sub, _ := h.store.GetSubscriptionByLemonID(ctx, data.ID)
+		if sub != nil && sub.UserID != "" {
+			user, _ := h.store.GetUserByID(ctx, sub.UserID)
+			email, name := "", ""
+			if user != nil {
+				email, name = user.Email, user.Name
+			}
+			if err := h.memberSyncer.SyncMember(ctx, sub.TenantID, sub.UserID, email, name, sub.TierName, status, renewsAt); err != nil {
+				slog.Error("sync member failed", "tenant_id", sub.TenantID, "user_id", sub.UserID, "error", err)
+			}
+		}
+	}
+
+	slog.Info("subscription updated", "lemon_id", data.ID, "status", status)
+
+	return nil
+}
+
+func (h *WebhookHandler) handleSubscriptionCancelled(ctx context.Context, event *WebhookEvent) error {
+	data, err := event.GetSubscriptionData()
+	if err != nil {
+		return fmt.Errorf("parse subscription data: %w", err)
+	}
+
+	sub, _ := h.store.GetSubscriptionByLemonID(ctx, data.ID)
+
+	if err := h.store.CancelSubscription(ctx, data.ID); err != nil {
+		return fmt.Errorf("cancel subscription: %w", err)
+	}
+
+	if h.memberSyncer != nil && sub != nil && sub.UserID != "" {
+		user, _ := h.store.GetUserByID(ctx, sub.UserID)
+		email, name := "", ""
+		if user != nil {
+			email, name = user.Email, user.Name
+		}
+		if err := h.memberSyncer.SyncMember(ctx, sub.TenantID, sub.UserID, email, name, sub.TierName, "cancelled", nil); err != nil {
+			slog.Error("sync member failed", "tenant_id", sub.TenantID, "user_id", sub.UserID, "error", err)
+		}
+	}
+
+	slog.Info("subscription cancelled", "lemon_id", data.ID)
+
+	return nil
+}
+
+func (h *WebhookHandler) handleSubscriptionPayment(ctx context.Context, event *WebhookEvent) error {
+	data, err := event.GetSubscriptionData()
+	if err != nil {
+		return fmt.Errorf("parse subscription data: %w", err)
+	}
+
+	sub, err := h.store.GetSubscriptionByLemonID(ctx, data.ID)
+	if err != nil {
+		return fmt.Errorf("get subscription: %w", err)
+	}
+	if sub == nil {
+		return fmt.Errorf("subscription not found: %s", data.ID)
+	}
+
+	grossCents := data.Attributes.FirstSubscriptionItem.Price
+	platformFeeCents := grossCents * 5 / 100
+	processorFeeCents := grossCents * 5 / 100
+	netCents := grossCents - platformFeeCents - processorFeeCents
+
+	description := fmt.Sprintf("%s subscription - %s", sub.TierName, time.Now().Format("January 2006"))
+
+	if err := h.store.AddEarnings(ctx, sub.TenantID, "subscription_payment", sub.ID, description, grossCents, platformFeeCents, processorFeeCents, netCents); err != nil {
+		return fmt.Errorf("add earnings: %w", err)
+	}
+
+	slog.Info("subscription payment recorded",
+		"tenant_id", sub.TenantID,
+		"gross_cents", grossCents,
+		"net_cents", netCents,
+	)
+
+	return nil
+}
+
+func (h *WebhookHandler) handleOrderCreated(ctx context.Context, event *WebhookEvent) error {
+	data, err := event.GetOrderData()
+	if err != nil {
+		return fmt.Errorf("parse order data: %w", err)
+	}
+
+	tenantID := event.Meta.CustomData["tenant_id"]
+	userID := event.Meta.CustomData["user_id"]
+	message := event.Meta.CustomData["message"]
+
+	if tenantID == "" {
+		return fmt.Errorf("missing tenant_id in custom data")
+	}
+
+	if event.Meta.CustomData["type"] != "donation" {
+		return nil
+	}
+
+	donation := &Donation{
+		TenantID:     tenantID,
+		UserID:       userID,
+		DonorEmail:   data.Attributes.UserEmail,
+		DonorName:    data.Attributes.UserName,
+		AmountCents:  data.Attributes.TotalUsd,
+		LemonOrderID: data.ID,
+		Message:      message,
+	}
+
+	if err := h.store.CreateDonation(ctx, donation); err != nil {
+		return fmt.Errorf("create donation: %w", err)
+	}
+
+	grossCents := data.Attributes.TotalUsd
+	platformFeeCents := grossCents * 5 / 100
+	processorFeeCents := grossCents * 5 / 100
+	netCents := grossCents - platformFeeCents - processorFeeCents
+
+	description := fmt.Sprintf("Donation from %s", data.Attributes.UserName)
+
+	if err := h.store.AddEarnings(ctx, tenantID, "donation", donation.ID, description, grossCents, platformFeeCents, processorFeeCents, netCents); err != nil {
+		return fmt.Errorf("add earnings: %w", err)
+	}
+
+	slog.Info("donation recorded",
+		"tenant_id", tenantID,
+		"donor", data.Attributes.UserEmail,
+		"gross_cents", grossCents,
+	)
+
+	return nil
+}
+
+func normalizeStatus(lemonStatus string) string {
+	switch lemonStatus {
+	case "on_trial", "active":
+		return "active"
+	case "paused", "past_due", "unpaid":
+		return "past_due"
+	case "cancelled", "expired":
+		return "cancelled"
+	default:
+		return lemonStatus
+	}
+}
diff --git a/internal/billing/wise.go b/internal/billing/wise.go
new file mode 100644
index 0000000..c40a46f
--- /dev/null
+++ b/internal/billing/wise.go
@@ -0,0 +1,198 @@
+package billing
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+)
+
+const wiseBaseURL = "https://api.transferwise.com"
+
+type WiseClient struct {
+	apiKey    string
+	profileID string
+	client    *http.Client
+}
+
+func NewWiseClient() *WiseClient {
+	return &WiseClient{
+		apiKey:    os.Getenv("WISE_API_KEY"),
+		profileID: os.Getenv("WISE_PROFILE_ID"),
+		client:    &http.Client{},
+	}
+}
+
+func (c *WiseClient) IsConfigured() bool {
+	return c.apiKey != "" && c.profileID != ""
+}
+
+type Quote struct {
+	ID             string  `json:"id"`
+	SourceAmount   float64 `json:"sourceAmount"`
+	TargetAmount   float64 `json:"targetAmount"`
+	Rate           float64 `json:"rate"`
+	Fee            float64 `json:"fee"`
+	SourceCurrency string  `json:"sourceCurrency"`
+	TargetCurrency string  `json:"targetCurrency"`
+}
+
+type Transfer struct {
+	ID            int64   `json:"id"`
+	Status        string  `json:"status"`
+	SourceValue   float64 `json:"sourceValue"`
+	TargetValue   float64 `json:"targetValue"`
+}
+
+func (c *WiseClient) CreateQuote(ctx context.Context, sourceCurrency, targetCurrency string, sourceAmountCents int) (*Quote, error) {
+	payload := map[string]any{
+		"sourceCurrency": sourceCurrency,
+		"targetCurrency": targetCurrency,
+		"sourceAmount":   float64(sourceAmountCents) / 100,
+		"profile":        c.profileID,
+	}
+
+	body, err := json.Marshal(payload)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequestWithContext(ctx, "POST", wiseBaseURL+"/v3/quotes", bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+	c.setHeaders(req)
+
+	resp, err := c.client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("quote creation failed (status %d): %s", resp.StatusCode, string(respBody))
+	}
+
+	var quote Quote
+	if err := json.Unmarshal(respBody, &quote); err != nil {
+		return nil, err
+	}
+
+	return &quote, nil
+}
+
+func (c *WiseClient) CreateTransfer(ctx context.Context, quoteID string, recipientID int64, reference string) (*Transfer, error) {
+	payload := map[string]any{
+		"targetAccount":         recipientID,
+		"quoteUuid":             quoteID,
+		"customerTransactionId": reference,
+		"details":               map[string]any{"reference": reference},
+	}
+
+	body, err := json.Marshal(payload)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequestWithContext(ctx, "POST", wiseBaseURL+"/v1/transfers", bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+	c.setHeaders(req)
+
+	resp, err := c.client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated {
+		return nil, fmt.Errorf("transfer creation failed (status %d): %s", resp.StatusCode, string(respBody))
+	}
+
+	var transfer Transfer
+	if err := json.Unmarshal(respBody, &transfer); err != nil {
+		return nil, err
+	}
+
+	return &transfer, nil
+}
+
+func (c *WiseClient) FundTransfer(ctx context.Context, transferID int64) error {
+	url := fmt.Sprintf("%s/v3/profiles/%s/transfers/%d/payments", wiseBaseURL, c.profileID, transferID)
+
+	payload := map[string]any{"type": "BALANCE"}
+	body, err := json.Marshal(payload)
+	if err != nil {
+		return err
+	}
+
+	req, err := http.NewRequestWithContext(ctx, "POST", url, bytes.NewReader(body))
+	if err != nil {
+		return err
+	}
+	c.setHeaders(req)
+
+	resp, err := c.client.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusCreated {
+		respBody, _ := io.ReadAll(resp.Body)
+		return fmt.Errorf("funding failed (status %d): %s", resp.StatusCode, string(respBody))
+	}
+
+	return nil
+}
+
+func (c *WiseClient) GetTransferStatus(ctx context.Context, transferID int64) (string, error) {
+	url := fmt.Sprintf("%s/v1/transfers/%d", wiseBaseURL, transferID)
+
+	req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
+	if err != nil {
+		return "", err
+	}
+	c.setHeaders(req)
+
+	resp, err := c.client.Do(req)
+	if err != nil {
+		return "", err
+	}
+	defer resp.Body.Close()
+
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return "", fmt.Errorf("get transfer failed (status %d): %s", resp.StatusCode, string(respBody))
+	}
+
+	var transfer Transfer
+	if err := json.Unmarshal(respBody, &transfer); err != nil {
+		return "", err
+	}
+
+	return transfer.Status, nil
+}
+
+func (c *WiseClient) setHeaders(req *http.Request) {
+	req.Header.Set("Authorization", "Bearer "+c.apiKey)
+	req.Header.Set("Content-Type", "application/json")
+}
diff --git a/internal/build/assets/assets.go b/internal/build/assets/assets.go
new file mode 100644
index 0000000..a7eed10
--- /dev/null
+++ b/internal/build/assets/assets.go
@@ -0,0 +1,15 @@
+package assets
+
+import (
+	"embed"
+	"io/fs"
+	"net/http"
+)
+
+//go:embed css js
+var staticFS embed.FS
+
+func Handler() http.Handler {
+	sub, _ := fs.Sub(staticFS, ".")
+	return http.FileServer(http.FS(sub))
+}
diff --git a/internal/build/assets/css/style.css b/internal/build/assets/css/style.css
new file mode 100644
index 0000000..a52612e
--- /dev/null
+++ b/internal/build/assets/css/style.css
@@ -0,0 +1,778 @@
+/* WriteKit - Blog Stylesheet */
+
+*, *::before, *::after {
+  box-sizing: border-box;
+}
+
+:root {
+  --accent: #2563eb;
+  --font-body: system-ui, -apple-system, sans-serif;
+  --font-mono: 'SF Mono', 'Fira Code', 'Consolas', monospace;
+
+  --text: #18181b;
+  --text-muted: #71717a;
+  --bg: #ffffff;
+  --bg-secondary: #fafafa;
+  --border: #e4e4e7;
+
+  --content-width: 680px;
+  --spacing: 1.5rem;
+
+  /* Compactness defaults (cozy) */
+  --content-spacing: 1.75rem;
+  --paragraph-spacing: 1.25rem;
+  --heading-spacing: 2.5rem;
+  --line-height: 1.7;
+}
+
+/* Compactness: Compact */
+.compactness-compact {
+  --content-spacing: 1.25rem;
+  --paragraph-spacing: 0.875rem;
+  --heading-spacing: 1.75rem;
+  --line-height: 1.55;
+}
+
+/* Compactness: Cozy (default) */
+.compactness-cozy {
+  --content-spacing: 1.75rem;
+  --paragraph-spacing: 1.25rem;
+  --heading-spacing: 2.5rem;
+  --line-height: 1.7;
+}
+
+/* Compactness: Spacious */
+.compactness-spacious {
+  --content-spacing: 2.25rem;
+  --paragraph-spacing: 1.5rem;
+  --heading-spacing: 3rem;
+  --line-height: 1.85;
+}
+
+/* Layout: Minimal */
+.layout-minimal .site-header {
+  justify-content: center;
+}
+.layout-minimal .site-nav {
+  display: none;
+}
+.layout-minimal .site-footer {
+  border-top: none;
+  opacity: 0.7;
+}
+.layout-minimal .profile {
+  margin-bottom: 3.5rem;
+}
+
+/* Layout: Magazine */
+.layout-magazine .posts-list {
+  display: grid;
+  grid-template-columns: repeat(auto-fill, minmax(300px, 1fr));
+  gap: 1.25rem;
+}
+.layout-magazine .post-card {
+  padding: 1.5rem;
+  border: 1px solid var(--border);
+  background: var(--bg);
+  transition: border-color 0.2s, box-shadow 0.2s;
+}
+.layout-magazine .post-card:hover {
+  border-color: var(--accent);
+  box-shadow: 0 4px 12px rgba(0, 0, 0, 0.04);
+}
+.layout-magazine .post-card-title {
+  font-size: 1.0625rem;
+}
+.layout-magazine .post-card-description {
+  font-size: 0.875rem;
+  -webkit-line-clamp: 2;
+  display: -webkit-box;
+  -webkit-box-orient: vertical;
+  overflow: hidden;
+}
+
+html {
+  font-size: 16px;
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+}
+
+body {
+  margin: 0;
+  padding: 0;
+  font-family: var(--font-body);
+  color: var(--text);
+  background: var(--bg);
+  line-height: 1.6;
+}
+
+a {
+  color: var(--accent);
+  text-decoration: none;
+  transition: color 0.15s;
+}
+
+a:hover {
+  text-decoration: underline;
+  text-underline-offset: 2px;
+}
+
+/* Header */
+.site-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  max-width: var(--content-width);
+  margin: 0 auto;
+  padding: 2rem var(--spacing);
+}
+
+.site-name {
+  font-weight: 600;
+  font-size: 1rem;
+  color: var(--text);
+  letter-spacing: -0.01em;
+}
+
+.site-name:hover {
+  text-decoration: none;
+  color: var(--accent);
+}
+
+.site-nav {
+  display: flex;
+  gap: 1.5rem;
+}
+
+.site-nav a {
+  color: var(--text-muted);
+  font-size: 0.9375rem;
+  font-weight: 450;
+}
+
+.site-nav a:hover {
+  color: var(--text);
+  text-decoration: none;
+}
+
+/* Main */
+main {
+  max-width: var(--content-width);
+  margin: 0 auto;
+  padding: 0 var(--spacing) 3rem;
+}
+
+/* Footer */
+.site-footer {
+  max-width: var(--content-width);
+  margin: 0 auto;
+  padding: 2.5rem var(--spacing);
+  text-align: center;
+  color: var(--text-muted);
+  font-size: 0.8125rem;
+  border-top: 1px solid var(--border);
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  gap: 0.75rem;
+}
+
+.powered-by {
+  color: var(--text-muted);
+  text-decoration: none;
+  font-size: 0.75rem;
+  opacity: 0.7;
+  transition: opacity 0.2s;
+}
+
+.powered-by:hover {
+  opacity: 1;
+}
+
+/* Profile */
+.profile {
+  text-align: center;
+  margin-bottom: 3rem;
+}
+
+.profile-avatar {
+  width: 72px;
+  height: 72px;
+  border-radius: 50%;
+  margin-bottom: 1rem;
+}
+
+.profile-name {
+  font-size: 1.125rem;
+  font-weight: 600;
+  margin-bottom: 0.25rem;
+  letter-spacing: -0.01em;
+}
+
+.profile-bio {
+  color: var(--text-muted);
+  max-width: 380px;
+  margin: 0 auto;
+  font-size: 0.9375rem;
+  line-height: 1.6;
+}
+
+/* Post List */
+.posts-list {
+  display: flex;
+  flex-direction: column;
+  gap: var(--content-spacing);
+}
+
+.post-card a {
+  display: block;
+  color: inherit;
+}
+
+.post-card a:hover {
+  text-decoration: none;
+}
+
+.post-card-date {
+  font-size: 0.8125rem;
+  color: var(--text-muted);
+  font-variant-numeric: tabular-nums;
+}
+
+.post-card-title {
+  margin: 0.375rem 0 0;
+  font-size: 1.1875rem;
+  font-weight: 600;
+  letter-spacing: -0.015em;
+  line-height: 1.35;
+}
+
+.post-card a:hover .post-card-title {
+  color: var(--accent);
+}
+
+.post-card-description {
+  margin: 0.5rem 0 0;
+  color: var(--text-muted);
+  font-size: 0.9375rem;
+  line-height: 1.55;
+}
+
+.no-posts {
+  color: var(--text-muted);
+  text-align: center;
+  padding: 3rem 0;
+}
+
+/* Pagination */
+.pagination {
+  display: flex;
+  justify-content: space-between;
+  margin-top: 3rem;
+  padding-top: 1.5rem;
+  border-top: 1px solid var(--border);
+  font-size: 0.9375rem;
+}
+
+/* Post Header */
+.post-header {
+  margin-bottom: 2.5rem;
+}
+
+.post-date {
+  font-size: 0.8125rem;
+  color: var(--text-muted);
+  font-variant-numeric: tabular-nums;
+}
+
+.post-title {
+  margin: 0.5rem 0 0;
+  font-size: 2.25rem;
+  font-weight: 700;
+  line-height: 1.2;
+  letter-spacing: -0.025em;
+}
+
+.post-description {
+  font-size: 1.125rem;
+  color: var(--text-muted);
+  margin: 0.75rem 0 0;
+  line-height: 1.5;
+}
+
+.post-tags {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 0.5rem;
+  margin-top: 1.25rem;
+}
+
+.tag {
+  font-size: 0.8125rem;
+  color: var(--text-muted);
+  background: var(--bg-secondary);
+  padding: 0.25rem 0.625rem;
+  border-radius: 0.25rem;
+}
+
+.post-cover {
+  margin: 1.75rem 0 0;
+}
+
+.post-cover img {
+  width: 100%;
+  height: auto;
+  border-radius: 0.5rem;
+  aspect-ratio: 16 / 9;
+  object-fit: cover;
+}
+
+/* Prose */
+.prose {
+  line-height: var(--line-height);
+  font-size: 1.0625rem;
+}
+
+.prose > *:first-child {
+  margin-top: 0;
+}
+
+.prose h2 {
+  margin-top: var(--heading-spacing);
+  margin-bottom: var(--paragraph-spacing);
+  font-size: 1.5rem;
+  font-weight: 650;
+  letter-spacing: -0.02em;
+  line-height: 1.3;
+}
+
+.prose h3 {
+  margin-top: calc(var(--heading-spacing) * 0.8);
+  margin-bottom: calc(var(--paragraph-spacing) * 0.8);
+  font-size: 1.25rem;
+  font-weight: 600;
+  letter-spacing: -0.015em;
+  line-height: 1.35;
+}
+
+.prose h4 {
+  margin-top: calc(var(--heading-spacing) * 0.65);
+  margin-bottom: calc(var(--paragraph-spacing) * 0.65);
+  font-size: 1.0625rem;
+  font-weight: 600;
+  letter-spacing: -0.01em;
+}
+
+.prose p {
+  margin: var(--paragraph-spacing) 0;
+}
+
+.prose ul, .prose ol {
+  margin: var(--paragraph-spacing) 0;
+  padding-left: 1.375rem;
+}
+
+.prose li {
+  margin: calc(var(--paragraph-spacing) * 0.4) 0;
+  padding-left: 0.25rem;
+}
+
+.prose li::marker {
+  color: var(--text-muted);
+}
+
+.prose blockquote {
+  margin: var(--content-spacing) 0;
+  padding: 0 0 0 1.25rem;
+  border-left: 2px solid var(--border);
+  color: var(--text-muted);
+}
+
+.prose blockquote p {
+  margin: 0;
+}
+
+.prose pre {
+  margin: var(--content-spacing) 0;
+  padding: 1.125rem 1.25rem;
+  background: var(--bg-secondary);
+  border: 1px solid var(--border);
+  border-radius: 0.375rem;
+  overflow-x: auto;
+  font-family: var(--font-mono);
+  font-size: 0.875rem;
+  line-height: 1.6;
+}
+
+.prose code {
+  font-family: var(--font-mono);
+  font-size: 0.875em;
+  background: var(--bg-secondary);
+  padding: 0.175rem 0.375rem;
+  border-radius: 0.25rem;
+  font-variant-ligatures: none;
+}
+
+.prose pre code {
+  background: none;
+  padding: 0;
+  font-size: inherit;
+}
+
+.prose img {
+  max-width: 100%;
+  height: auto;
+  border-radius: 0.375rem;
+  margin: var(--content-spacing) 0;
+}
+
+.prose a {
+  text-decoration: underline;
+  text-underline-offset: 2px;
+  text-decoration-color: color-mix(in srgb, var(--accent) 40%, transparent);
+}
+
+.prose a:hover {
+  text-decoration-color: var(--accent);
+}
+
+.prose hr {
+  margin: var(--heading-spacing) 0;
+  border: none;
+  border-top: 1px solid var(--border);
+}
+
+.prose strong {
+  font-weight: 600;
+}
+
+.prose table {
+  width: 100%;
+  margin: var(--content-spacing) 0;
+  border-collapse: collapse;
+  font-size: 0.9375rem;
+}
+
+.prose th, .prose td {
+  padding: 0.625rem 0.75rem;
+  border: 1px solid var(--border);
+  text-align: left;
+}
+
+.prose th {
+  background: var(--bg-secondary);
+  font-weight: 600;
+}
+
+/* Reactions & Comments */
+.reactions, .comments {
+  margin-top: 3.5rem;
+  padding-top: 2rem;
+  border-top: 1px solid var(--border);
+}
+
+.comments-title {
+  margin: 0 0 1.25rem;
+  font-size: 1.125rem;
+  font-weight: 600;
+}
+
+.reaction-buttons {
+  display: flex;
+  gap: 0.5rem;
+  flex-wrap: wrap;
+}
+
+.reaction-btn {
+  display: flex;
+  align-items: center;
+  gap: 0.375rem;
+  padding: 0.5rem 0.875rem;
+  border: 1px solid var(--border);
+  border-radius: 2rem;
+  background: var(--bg);
+  cursor: pointer;
+  font-size: 1rem;
+  transition: all 0.15s;
+}
+
+.reaction-btn:hover {
+  background: var(--bg-secondary);
+  border-color: color-mix(in srgb, var(--accent) 50%, var(--border));
+}
+
+.reaction-btn.active {
+  background: var(--accent);
+  border-color: var(--accent);
+  color: white;
+}
+
+.reaction-btn .count {
+  font-size: 0.8125rem;
+  font-weight: 500;
+}
+
+/* Search */
+.search-trigger {
+  display: flex;
+  align-items: center;
+  gap: 0.5rem;
+  padding: 0.375rem 0.75rem;
+  border: 1px solid var(--border);
+  border-radius: 0.375rem;
+  background: var(--bg);
+  color: var(--text-muted);
+  cursor: pointer;
+  font-size: 0.875rem;
+  transition: border-color 0.15s;
+}
+
+.search-trigger:hover {
+  border-color: color-mix(in srgb, var(--accent) 50%, var(--border));
+}
+
+.search-trigger kbd {
+  padding: 0.125rem 0.375rem;
+  background: var(--bg-secondary);
+  border-radius: 0.25rem;
+  font-family: var(--font-mono);
+  font-size: 0.6875rem;
+}
+
+.search-modal {
+  display: none;
+  position: fixed;
+  inset: 0;
+  z-index: 100;
+}
+
+.search-modal.active {
+  display: block;
+}
+
+.search-modal-backdrop {
+  position: absolute;
+  inset: 0;
+  background: rgba(0, 0, 0, 0.4);
+  backdrop-filter: blur(2px);
+}
+
+.search-modal-content {
+  position: absolute;
+  top: 15%;
+  left: 50%;
+  transform: translateX(-50%);
+  width: 90%;
+  max-width: 520px;
+  background: var(--bg);
+  border-radius: 0.5rem;
+  box-shadow: 0 20px 40px -8px rgba(0, 0, 0, 0.2);
+  overflow: hidden;
+}
+
+#search-input {
+  width: 100%;
+  padding: 1rem 1.25rem;
+  border: none;
+  font-size: 1rem;
+  outline: none;
+  background: var(--bg);
+  color: var(--text);
+}
+
+#search-input::placeholder {
+  color: var(--text-muted);
+}
+
+.search-results {
+  max-height: 320px;
+  overflow-y: auto;
+  border-top: 1px solid var(--border);
+}
+
+.search-result {
+  border-bottom: 1px solid var(--border);
+}
+
+.search-result:last-child {
+  border-bottom: none;
+}
+
+.search-result a {
+  display: block;
+  padding: 0.875rem 1.25rem;
+  color: inherit;
+}
+
+.search-result a:hover {
+  text-decoration: none;
+}
+
+.search-result:hover, .search-result.focused {
+  background: var(--bg-secondary);
+}
+
+.search-result-title {
+  font-weight: 500;
+  font-size: 0.9375rem;
+}
+
+.search-result-snippet {
+  font-size: 0.8125rem;
+  color: var(--text-muted);
+  margin-top: 0.25rem;
+  line-height: 1.5;
+}
+
+.search-result mark {
+  background: color-mix(in srgb, var(--accent) 25%, transparent);
+  color: inherit;
+  border-radius: 0.125rem;
+  padding: 0 0.125rem;
+}
+
+.search-hint {
+  padding: 0.625rem 1.25rem;
+  font-size: 0.75rem;
+  color: var(--text-muted);
+  text-align: center;
+  border-top: 1px solid var(--border);
+}
+
+.search-hint kbd {
+  padding: 0.125rem 0.375rem;
+  background: var(--bg-secondary);
+  border-radius: 0.25rem;
+  font-family: var(--font-mono);
+}
+
+.search-no-results {
+  padding: 1.5rem 1.25rem;
+  text-align: center;
+  color: var(--text-muted);
+  font-size: 0.9375rem;
+}
+
+/* Comment Form */
+.comment-form textarea {
+  width: 100%;
+  padding: 0.875rem;
+  border: 1px solid var(--border);
+  border-radius: 0.375rem;
+  font-family: inherit;
+  font-size: 0.9375rem;
+  resize: vertical;
+  min-height: 100px;
+  background: var(--bg);
+  color: var(--text);
+  transition: border-color 0.15s;
+}
+
+.comment-form textarea:focus {
+  outline: none;
+  border-color: var(--accent);
+}
+
+.comment-form button {
+  margin-top: 0.75rem;
+  padding: 0.5rem 1rem;
+  background: var(--accent);
+  color: white;
+  border: none;
+  border-radius: 0.375rem;
+  cursor: pointer;
+  font-size: 0.875rem;
+  font-weight: 500;
+  transition: opacity 0.15s;
+}
+
+.comment-form button:hover {
+  opacity: 0.9;
+}
+
+/* Comments List */
+.comments-list {
+  margin-top: 1.5rem;
+}
+
+.comment {
+  padding: 1.25rem 0;
+  border-bottom: 1px solid var(--border);
+}
+
+.comment:first-child {
+  padding-top: 0;
+}
+
+.comment:last-child {
+  border-bottom: none;
+}
+
+.comment-header {
+  display: flex;
+  align-items: center;
+  gap: 0.625rem;
+  margin-bottom: 0.625rem;
+}
+
+.comment-avatar {
+  width: 28px;
+  height: 28px;
+  border-radius: 50%;
+}
+
+.comment-author {
+  font-weight: 500;
+  font-size: 0.9375rem;
+}
+
+.comment-date {
+  font-size: 0.8125rem;
+  color: var(--text-muted);
+}
+
+.comment-content {
+  font-size: 0.9375rem;
+  line-height: 1.6;
+}
+
+/* Auth Prompt */
+.auth-prompt {
+  padding: 1.25rem;
+  background: var(--bg-secondary);
+  border-radius: 0.375rem;
+  text-align: center;
+  font-size: 0.9375rem;
+  color: var(--text-muted);
+}
+
+.auth-prompt a {
+  font-weight: 500;
+}
+
+/* Mobile */
+@media (max-width: 640px) {
+  :root {
+    --spacing: 1.25rem;
+  }
+
+  .site-header {
+    padding: 1.5rem var(--spacing);
+  }
+
+  .post-title {
+    font-size: 1.75rem;
+  }
+
+  .prose {
+    font-size: 1rem;
+  }
+
+  .prose h2 {
+    font-size: 1.375rem;
+  }
+
+  .prose h3 {
+    font-size: 1.125rem;
+  }
+}
diff --git a/internal/build/assets/js/main.js b/internal/build/assets/js/main.js
new file mode 100644
index 0000000..3695c68
--- /dev/null
+++ b/internal/build/assets/js/main.js
@@ -0,0 +1,127 @@
+(function() {
+  'use strict';
+
+  // Live reload when studio saves settings
+  const channel = new BroadcastChannel('writekit-studio');
+  channel.onmessage = function(event) {
+    if (event.data.type === 'settings-changed') {
+      location.reload();
+    }
+  };
+
+  document.addEventListener('DOMContentLoaded', initSearch);
+
+  function initSearch() {
+    const trigger = document.getElementById('search-trigger');
+    const modal = document.getElementById('search-modal');
+    const backdrop = modal?.querySelector('.search-modal-backdrop');
+    const input = document.getElementById('search-input');
+    const results = document.getElementById('search-results');
+
+    if (!trigger || !modal || !input || !results) return;
+
+    let debounceTimer;
+
+    function open() {
+      modal.classList.add('active');
+      document.body.style.overflow = 'hidden';
+      input.value = '';
+      results.innerHTML = '';
+      setTimeout(() => input.focus(), 10);
+    }
+
+    function close() {
+      modal.classList.remove('active');
+      document.body.style.overflow = '';
+    }
+
+    trigger.addEventListener('click', open);
+    backdrop.addEventListener('click', close);
+
+    document.addEventListener('keydown', function(e) {
+      if (e.key === '/' && !modal.classList.contains('active') &&
+          !['INPUT', 'TEXTAREA'].includes(document.activeElement.tagName)) {
+        e.preventDefault();
+        open();
+      }
+      if (e.key === 'Escape' && modal.classList.contains('active')) {
+        close();
+      }
+    });
+
+    input.addEventListener('input', function() {
+      const query = this.value.trim();
+      clearTimeout(debounceTimer);
+
+      if (query.length < 2) {
+        results.innerHTML = '';
+        return;
+      }
+
+      debounceTimer = setTimeout(() => search(query), 150);
+    });
+
+    input.addEventListener('keydown', function(e) {
+      const items = results.querySelectorAll('.search-result');
+      const focused = results.querySelector('.search-result.focused');
+
+      if (e.key === 'ArrowDown') {
+        e.preventDefault();
+        if (!focused && items.length) {
+          items[0].classList.add('focused');
+        } else if (focused?.nextElementSibling) {
+          focused.classList.remove('focused');
+          focused.nextElementSibling.classList.add('focused');
+        }
+      } else if (e.key === 'ArrowUp') {
+        e.preventDefault();
+        if (focused?.previousElementSibling) {
+          focused.classList.remove('focused');
+          focused.previousElementSibling.classList.add('focused');
+        }
+      } else if (e.key === 'Enter' && focused) {
+        e.preventDefault();
+        const link = focused.querySelector('a');
+        if (link) window.location.href = link.href;
+      }
+    });
+
+    async function search(query) {
+      try {
+        const res = await fetch('/api/reader/search?q=' + encodeURIComponent(query));
+        const data = await res.json();
+
+        if (!data || data.length === 0) {
+          results.innerHTML = '<div class="search-no-results">No results found</div>';
+          return;
+        }
+
+        results.innerHTML = data.map(r => `
+          <div class="search-result">
+            <a href="${r.url}">
+              <div class="search-result-title">${highlight(r.title, query)}</div>
+              ${r.description ? `<div class="search-result-snippet">${highlight(r.description, query)}</div>` : ''}
+            </a>
+          </div>
+        `).join('');
+      } catch (e) {
+        results.innerHTML = '<div class="search-no-results">Search failed</div>';
+      }
+    }
+
+    function highlight(text, query) {
+      if (!text) return '';
+      const escaped = escapeHtml(text);
+      const tokens = query.split(/\s+/).filter(t => t.length > 0);
+      if (!tokens.length) return escaped;
+      const pattern = tokens.map(t => t.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')).join('|');
+      return escaped.replace(new RegExp(`(${pattern})`, 'gi'), '<mark>$1</mark>');
+    }
+
+    function escapeHtml(text) {
+      const div = document.createElement('div');
+      div.textContent = text;
+      return div.innerHTML;
+    }
+  }
+})();
diff --git a/internal/build/assets/js/post.js b/internal/build/assets/js/post.js
new file mode 100644
index 0000000..278358d
--- /dev/null
+++ b/internal/build/assets/js/post.js
@@ -0,0 +1,197 @@
+var WriteKit = (function() {
+  'use strict';
+
+  let config = {};
+  let user = null;
+
+  async function init(opts) {
+    config = opts;
+
+    try {
+      const res = await fetch('/api/reader/me');
+      const data = await res.json();
+      if (data.logged_in) {
+        user = data.user;
+      }
+    } catch (e) {}
+
+    if (config.reactions) initReactions();
+    if (config.comments) initComments();
+  }
+
+  async function initReactions() {
+    const container = document.querySelector('.reactions-container');
+    if (!container) return;
+
+    const res = await fetch(`/api/reader/posts/${config.slug}/reactions`);
+    const data = await res.json();
+
+    const counts = data.counts || {};
+    const userReactions = data.user || [];
+
+    if (config.reactionMode === 'upvote') {
+      const emoji = config.reactionEmojis[0] || '👍';
+      const count = counts[emoji] || 0;
+      const active = userReactions.includes(emoji);
+
+      container.innerHTML = `
+        <button class="reaction-btn ${active ? 'active' : ''}" data-emoji="${emoji}">
+          <span class="emoji">${emoji}</span>
+          <span class="count">${count}</span>
+        </button>
+      `;
+    } else {
+      container.innerHTML = config.reactionEmojis.map(emoji => {
+        const count = counts[emoji] || 0;
+        const active = userReactions.includes(emoji);
+        return `
+          <button class="reaction-btn ${active ? 'active' : ''}" data-emoji="${emoji}">
+            <span class="emoji">${emoji}</span>
+            <span class="count">${count}</span>
+          </button>
+        `;
+      }).join('');
+    }
+
+    container.querySelectorAll('.reaction-btn').forEach(btn => {
+      btn.addEventListener('click', () => toggleReaction(btn));
+    });
+  }
+
+  async function toggleReaction(btn) {
+    if (config.requireAuth && !user) {
+      showAuthPrompt('reactions');
+      return;
+    }
+
+    const emoji = btn.dataset.emoji;
+
+    try {
+      const res = await fetch(`/api/reader/posts/${config.slug}/reactions`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ emoji })
+      });
+
+      if (res.status === 401) {
+        showAuthPrompt('reactions');
+        return;
+      }
+
+      const data = await res.json();
+      const countEl = btn.querySelector('.count');
+      const current = parseInt(countEl.textContent) || 0;
+
+      if (data.added) {
+        btn.classList.add('active');
+        countEl.textContent = current + 1;
+      } else {
+        btn.classList.remove('active');
+        countEl.textContent = Math.max(0, current - 1);
+      }
+    } catch (e) {
+      console.error('Failed to toggle reaction', e);
+    }
+  }
+
+  async function initComments() {
+    const section = document.querySelector('.comments');
+    if (!section) return;
+
+    const list = section.querySelector('.comments-list');
+    const formContainer = section.querySelector('.comment-form-container');
+
+    const res = await fetch(`/api/reader/posts/${config.slug}/comments`);
+    const comments = await res.json();
+
+    if (comments && comments.length > 0) {
+      list.innerHTML = comments.map(renderComment).join('');
+    } else {
+      list.innerHTML = '<p class="no-comments">No comments yet. Be the first!</p>';
+    }
+
+    if (user) {
+      formContainer.innerHTML = `
+        <form class="comment-form">
+          <textarea placeholder="Write a comment..." rows="3" required></textarea>
+          <button type="submit">Post Comment</button>
+        </form>
+      `;
+      formContainer.querySelector('form').addEventListener('submit', submitComment);
+    } else {
+      formContainer.innerHTML = `
+        <div class="auth-prompt">
+          <a href="/api/reader/login/github?redirect=${encodeURIComponent(window.location.pathname)}">Sign in</a> to leave a comment
+        </div>
+      `;
+    }
+  }
+
+  function renderComment(comment) {
+    const date = new Date(comment.created_at).toLocaleDateString('en-US', {
+      year: 'numeric', month: 'short', day: 'numeric'
+    });
+
+    return `
+      <div class="comment" data-id="${comment.id}">
+        <div class="comment-header">
+          ${comment.avatar_url ? `<img src="${comment.avatar_url}" alt="" class="comment-avatar">` : ''}
+          <span class="comment-author">${escapeHtml(comment.name || 'Anonymous')}</span>
+          <span class="comment-date">${date}</span>
+        </div>
+        <div class="comment-content">${comment.content_html || escapeHtml(comment.content)}</div>
+      </div>
+    `;
+  }
+
+  async function submitComment(e) {
+    e.preventDefault();
+    const form = e.target;
+    const textarea = form.querySelector('textarea');
+    const content = textarea.value.trim();
+
+    if (!content) return;
+
+    const btn = form.querySelector('button');
+    btn.disabled = true;
+    btn.textContent = 'Posting...';
+
+    try {
+      const res = await fetch(`/api/reader/posts/${config.slug}/comments`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ content })
+      });
+
+      if (res.status === 401) {
+        showAuthPrompt('comments');
+        return;
+      }
+
+      const comment = await res.json();
+      const list = document.querySelector('.comments-list');
+      const noComments = list.querySelector('.no-comments');
+      if (noComments) noComments.remove();
+
+      list.insertAdjacentHTML('beforeend', renderComment(comment));
+      textarea.value = '';
+    } catch (e) {
+      console.error('Failed to post comment', e);
+    } finally {
+      btn.disabled = false;
+      btn.textContent = 'Post Comment';
+    }
+  }
+
+  function showAuthPrompt(feature) {
+    alert(`Please sign in to use ${feature}`);
+  }
+
+  function escapeHtml(text) {
+    const div = document.createElement('div');
+    div.textContent = text;
+    return div.innerHTML;
+  }
+
+  return { init };
+})();
diff --git a/internal/build/templates/base.html b/internal/build/templates/base.html
new file mode 100644
index 0000000..876a092
--- /dev/null
+++ b/internal/build/templates/base.html
@@ -0,0 +1,76 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>{{.Title}}</title>
+  <meta name="description" content="{{.Description}}">
+  <link rel="canonical" href="{{.CanonicalURL}}">
+
+  {{if .NoIndex}}<meta name="robots" content="noindex">{{end}}
+
+  <!-- Open Graph -->
+  <meta property="og:title" content="{{.Title}}">
+  <meta property="og:description" content="{{.Description}}">
+  <meta property="og:type" content="{{.OGType}}">
+  <meta property="og:url" content="{{.CanonicalURL}}">
+  {{if .OGImage}}<meta property="og:image" content="{{.OGImage}}">{{end}}
+  <meta property="og:site_name" content="{{.SiteName}}">
+
+  <!-- Twitter Card -->
+  <meta name="twitter:card" content="summary_large_image">
+  <meta name="twitter:title" content="{{.Title}}">
+  <meta name="twitter:description" content="{{.Description}}">
+  {{if .OGImage}}<meta name="twitter:image" content="{{.OGImage}}">{{end}}
+
+  <!-- Fonts -->
+  <link rel="preconnect" href="https://fonts.googleapis.com">
+  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+  {{if .FontURL}}<link rel="stylesheet" href="{{.FontURL}}">{{end}}
+
+  <link rel="stylesheet" href="/static/css/style.css">
+
+  <style>
+    :root {
+      --accent: {{with index .Settings "accent_color"}}{{.}}{{else}}#2563eb{{end}};
+      --font-body: {{or .FontFamily "system-ui, -apple-system, sans-serif"}};
+    }
+  </style>
+
+  {{if .StructuredData}}
+  <script type="application/ld+json">{{.StructuredData}}</script>
+  {{end}}
+</head>
+<body class="layout-{{with index .Settings "layout"}}{{.}}{{else}}default{{end}} compactness-{{with index .Settings "compactness"}}{{.}}{{else}}cozy{{end}}">
+  <header class="site-header">
+    <a href="/" class="site-name">{{.SiteName}}</a>
+    <nav class="site-nav">
+      <button type="button" id="search-trigger" class="search-trigger">
+        <span>Search</span>
+        <kbd>/</kbd>
+      </button>
+    </nav>
+  </header>
+
+  <main>
+    {{template "content" .}}
+  </main>
+
+  <footer class="site-footer">
+    <span>&copy; {{.Year}} {{.SiteName}}</span>
+    {{if .ShowBadge}}<a href="https://writekit.dev" class="powered-by" target="_blank" rel="noopener">Powered by WriteKit</a>{{end}}
+  </footer>
+
+  <div id="search-modal" class="search-modal">
+    <div class="search-modal-backdrop"></div>
+    <div class="search-modal-content">
+      <input type="text" id="search-input" placeholder="Search..." autocomplete="off">
+      <div id="search-results" class="search-results"></div>
+      <div class="search-hint">Press <kbd>ESC</kbd> to close</div>
+    </div>
+  </div>
+
+  <script src="/static/js/main.js"></script>
+  {{block "scripts" .}}{{end}}
+</body>
+</html>
diff --git a/internal/build/templates/blog.html b/internal/build/templates/blog.html
new file mode 100644
index 0000000..5ea0235
--- /dev/null
+++ b/internal/build/templates/blog.html
@@ -0,0 +1,34 @@
+{{define "content"}}
+<div class="blog">
+  <header class="blog-header">
+    <h1>Posts</h1>
+  </header>
+
+  <section class="posts-list">
+    {{range .Posts}}
+    <article class="post-card">
+      <a href="/posts/{{.Slug}}">
+        <h2 class="post-card-title">{{.Title}}</h2>
+        <time class="post-card-date" datetime="{{.Date.Format "2006-01-02"}}">{{.Date.Format "January 2, 2006"}}</time>
+        {{if .Description}}
+        <p class="post-card-description">{{.Description}}</p>
+        {{end}}
+      </a>
+    </article>
+    {{else}}
+    <p class="no-posts">No posts yet.</p>
+    {{end}}
+  </section>
+
+  {{if or .PrevPage .NextPage}}
+  <nav class="pagination">
+    {{if .PrevPage}}
+    <a href="{{.PrevPage}}" class="pagination-prev">&larr; Newer</a>
+    {{end}}
+    {{if .NextPage}}
+    <a href="{{.NextPage}}" class="pagination-next">Older &rarr;</a>
+    {{end}}
+  </nav>
+  {{end}}
+</div>
+{{end}}
diff --git a/internal/build/templates/home.html b/internal/build/templates/home.html
new file mode 100644
index 0000000..f03008b
--- /dev/null
+++ b/internal/build/templates/home.html
@@ -0,0 +1,34 @@
+{{define "content"}}
+<div class="home">
+  {{with index .Settings "author_bio"}}
+  <section class="profile">
+    {{with index $.Settings "author_avatar"}}
+    <img src="{{.}}" alt="{{$.SiteName}}" class="profile-avatar">
+    {{end}}
+    <p class="profile-bio">{{.}}</p>
+  </section>
+  {{end}}
+
+  <section class="posts-list">
+    {{range .Posts}}
+    <article class="post-card">
+      <a href="/posts/{{.Slug}}">
+        <h2 class="post-card-title">{{.Title}}</h2>
+        <time class="post-card-date" datetime="{{.Date.Format "2006-01-02"}}">{{.Date.Format "January 2, 2006"}}</time>
+        {{if .Description}}
+        <p class="post-card-description">{{.Description}}</p>
+        {{end}}
+      </a>
+    </article>
+    {{else}}
+    <p class="no-posts">No posts yet.</p>
+    {{end}}
+  </section>
+
+  {{if .HasMore}}
+  <nav class="pagination">
+    <a href="/posts" class="view-all">View all posts</a>
+  </nav>
+  {{end}}
+</div>
+{{end}}
diff --git a/internal/build/templates/post.html b/internal/build/templates/post.html
new file mode 100644
index 0000000..10f1791
--- /dev/null
+++ b/internal/build/templates/post.html
@@ -0,0 +1,57 @@
+{{define "content"}}
+<article class="post">
+  <header class="post-header">
+    <time class="post-date" datetime="{{.Post.Date.Format "2006-01-02"}}">{{.Post.Date.Format "January 2, 2006"}}</time>
+    <h1 class="post-title">{{.Post.Title}}</h1>
+    {{if .Post.Description}}
+    <p class="post-description">{{.Post.Description}}</p>
+    {{end}}
+    {{if .Post.Tags}}
+    <div class="post-tags">
+      {{range .Post.Tags}}
+      <a href="/tags/{{.}}" class="tag">#{{.}}</a>
+      {{end}}
+    </div>
+    {{end}}
+    {{if .Post.CoverImage}}
+    <figure class="post-cover">
+      <img src="{{.Post.CoverImage}}" alt="{{.Post.Title}}" loading="eager" />
+    </figure>
+    {{end}}
+  </header>
+
+  <div class="post-content prose">
+    {{.ContentHTML}}
+  </div>
+
+  {{if .InteractionConfig.ReactionsEnabled}}
+  <section id="reactions" class="reactions" data-slug="{{.Post.Slug}}">
+    <div class="reactions-container"></div>
+  </section>
+  {{end}}
+
+  {{if .InteractionConfig.CommentsEnabled}}
+  <section id="comments" class="comments" data-slug="{{.Post.Slug}}">
+    <h3 class="comments-title">Comments</h3>
+    <div class="comments-list"></div>
+    <div class="comment-form-container"></div>
+  </section>
+  {{end}}
+</article>
+{{end}}
+
+{{define "scripts"}}
+{{if or .InteractionConfig.ReactionsEnabled .InteractionConfig.CommentsEnabled}}
+<script src="/static/js/post.js"></script>
+<script>
+  WriteKit.init({
+    slug: "{{.Post.Slug}}",
+    reactions: {{.InteractionConfig.ReactionsEnabled}},
+    comments: {{.InteractionConfig.CommentsEnabled}},
+    reactionMode: "{{.InteractionConfig.ReactionMode}}",
+    reactionEmojis: "{{.InteractionConfig.ReactionEmojis}}".split(","),
+    requireAuth: {{.InteractionConfig.ReactionsRequireAuth}}
+  });
+</script>
+{{end}}
+{{end}}
diff --git a/internal/build/templates/templates.go b/internal/build/templates/templates.go
new file mode 100644
index 0000000..4e1183a
--- /dev/null
+++ b/internal/build/templates/templates.go
@@ -0,0 +1,139 @@
+package templates
+
+import (
+	"bytes"
+	"embed"
+	"encoding/json"
+	"html/template"
+	"time"
+)
+
+//go:embed *.html
+var templateFS embed.FS
+
+var funcMap = template.FuncMap{
+	"safeHTML": func(s string) template.HTML { return template.HTML(s) },
+	"json":     func(v any) string { b, _ := json.Marshal(v); return string(b) },
+	"or": func(a, b any) any {
+		if a != nil && a != "" {
+			return a
+		}
+		return b
+	},
+}
+
+var fontURLs = map[string]string{
+	"system":        "",
+	"inter":         "https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap",
+	"georgia":       "",
+	"merriweather":  "https://fonts.googleapis.com/css2?family=Merriweather:wght@400;700&display=swap",
+	"source-serif":  "https://fonts.googleapis.com/css2?family=Source+Serif+4:wght@400;600;700&display=swap",
+	"jetbrains-mono": "https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;500;700&display=swap",
+}
+
+var fontFamilies = map[string]string{
+	"system":        "system-ui, -apple-system, sans-serif",
+	"inter":         "'Inter', system-ui, sans-serif",
+	"georgia":       "Georgia, 'Times New Roman', serif",
+	"merriweather":  "'Merriweather', Georgia, serif",
+	"source-serif":  "'Source Serif 4', Georgia, serif",
+	"jetbrains-mono": "'JetBrains Mono', 'Fira Code', monospace",
+}
+
+func GetFontURL(fontKey string) string {
+	if url, ok := fontURLs[fontKey]; ok {
+		return url
+	}
+	return ""
+}
+
+func GetFontFamily(fontKey string) string {
+	if family, ok := fontFamilies[fontKey]; ok {
+		return family
+	}
+	return fontFamilies["system"]
+}
+
+var homeTemplate, blogTemplate, postTemplate *template.Template
+
+func init() {
+	homeTemplate = template.Must(template.New("").Funcs(funcMap).ParseFS(templateFS, "base.html", "home.html"))
+	blogTemplate = template.Must(template.New("").Funcs(funcMap).ParseFS(templateFS, "base.html", "blog.html"))
+	postTemplate = template.Must(template.New("").Funcs(funcMap).ParseFS(templateFS, "base.html", "post.html"))
+}
+
+type PageData struct {
+	Title          string
+	Description    string
+	CanonicalURL   string
+	OGType         string
+	OGImage        string
+	NoIndex        bool
+	SiteName       string
+	Year           int
+	FontURL        string
+	FontFamily     string
+	StructuredData template.JS
+	Settings       map[string]any
+	ShowBadge      bool
+}
+
+type HomeData struct {
+	PageData
+	Posts   []PostSummary
+	HasMore bool
+}
+
+type BlogData struct {
+	PageData
+	Posts    []PostSummary
+	PrevPage string
+	NextPage string
+}
+
+type PostData struct {
+	PageData
+	Post              PostDetail
+	ContentHTML       template.HTML
+	InteractionConfig map[string]any
+}
+
+type PostSummary struct {
+	Slug        string
+	Title       string
+	Description string
+	Date        time.Time
+}
+
+type PostDetail struct {
+	Slug        string
+	Title       string
+	Description string
+	CoverImage  string
+	Date        time.Time
+	Tags        []string
+}
+
+func RenderHome(data HomeData) ([]byte, error) {
+	var buf bytes.Buffer
+	if err := homeTemplate.ExecuteTemplate(&buf, "base.html", data); err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
+
+func RenderBlog(data BlogData) ([]byte, error) {
+	var buf bytes.Buffer
+	if err := blogTemplate.ExecuteTemplate(&buf, "base.html", data); err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
+
+func RenderPost(data PostData) ([]byte, error) {
+	var buf bytes.Buffer
+	if err := postTemplate.ExecuteTemplate(&buf, "base.html", data); err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
diff --git a/internal/cloudflare/analytics.go b/internal/cloudflare/analytics.go
new file mode 100644
index 0000000..4255ab8
--- /dev/null
+++ b/internal/cloudflare/analytics.go
@@ -0,0 +1,451 @@
+package cloudflare
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"sync"
+	"time"
+)
+
+type Client struct {
+	apiToken string
+	zoneID   string
+	client   *http.Client
+	cache    *analyticsCache
+}
+
+type analyticsCache struct {
+	mu      sync.RWMutex
+	data    map[string]*cachedResult
+	ttl     time.Duration
+}
+
+type cachedResult struct {
+	result    *ZoneAnalytics
+	expiresAt time.Time
+}
+
+func NewClient() *Client {
+	return &Client{
+		apiToken: os.Getenv("CLOUDFLARE_API_TOKEN"),
+		zoneID:   os.Getenv("CLOUDFLARE_ZONE_ID"),
+		client:   &http.Client{Timeout: 30 * time.Second},
+		cache: &analyticsCache{
+			data: make(map[string]*cachedResult),
+			ttl:  5 * time.Minute,
+		},
+	}
+}
+
+func (c *Client) IsConfigured() bool {
+	return c.apiToken != "" && c.zoneID != ""
+}
+
+type ZoneAnalytics struct {
+	TotalRequests   int64           `json:"totalRequests"`
+	TotalPageViews  int64           `json:"totalPageViews"`
+	UniqueVisitors  int64           `json:"uniqueVisitors"`
+	TotalBandwidth  int64           `json:"totalBandwidth"`
+	Daily           []DailyStats    `json:"daily"`
+	Browsers        []NamedCount    `json:"browsers"`
+	OS              []NamedCount    `json:"os"`
+	Devices         []NamedCount    `json:"devices"`
+	Countries       []NamedCount    `json:"countries"`
+	Paths           []PathStats     `json:"paths"`
+}
+
+type DailyStats struct {
+	Date       string `json:"date"`
+	Requests   int64  `json:"requests"`
+	PageViews  int64  `json:"pageViews"`
+	Visitors   int64  `json:"visitors"`
+	Bandwidth  int64  `json:"bandwidth"`
+}
+
+type NamedCount struct {
+	Name  string `json:"name"`
+	Count int64  `json:"count"`
+}
+
+type PathStats struct {
+	Path     string `json:"path"`
+	Requests int64  `json:"requests"`
+}
+
+type graphqlRequest struct {
+	Query     string         `json:"query"`
+	Variables map[string]any `json:"variables,omitempty"`
+}
+
+type graphqlResponse struct {
+	Data   json.RawMessage `json:"data"`
+	Errors []struct {
+		Message string `json:"message"`
+	} `json:"errors,omitempty"`
+}
+
+func (c *Client) GetAnalytics(ctx context.Context, days int, hostname string) (*ZoneAnalytics, error) {
+	if !c.IsConfigured() {
+		return nil, fmt.Errorf("cloudflare not configured")
+	}
+
+	cacheKey := fmt.Sprintf("%s:%d:%s", c.zoneID, days, hostname)
+	if cached := c.cache.get(cacheKey); cached != nil {
+		return cached, nil
+	}
+
+	since := time.Now().AddDate(0, 0, -days).Format("2006-01-02")
+	until := time.Now().Format("2006-01-02")
+
+	result := &ZoneAnalytics{}
+
+	dailyData, err := c.fetchDailyStats(ctx, since, until, hostname)
+	if err != nil {
+		return nil, err
+	}
+	result.Daily = dailyData
+
+	for _, d := range dailyData {
+		result.TotalRequests += d.Requests
+		result.TotalPageViews += d.PageViews
+		result.UniqueVisitors += d.Visitors
+		result.TotalBandwidth += d.Bandwidth
+	}
+
+	browsers, _ := c.fetchGroupedStats(ctx, since, until, hostname, "clientRequestHTTPHost", "userAgentBrowser")
+	result.Browsers = browsers
+
+	osStats, _ := c.fetchGroupedStats(ctx, since, until, hostname, "clientRequestHTTPHost", "userAgentOS")
+	result.OS = osStats
+
+	devices, _ := c.fetchGroupedStats(ctx, since, until, hostname, "clientRequestHTTPHost", "deviceType")
+	result.Devices = devices
+
+	countries, _ := c.fetchGroupedStats(ctx, since, until, hostname, "clientRequestHTTPHost", "clientCountryName")
+	result.Countries = countries
+
+	paths, _ := c.fetchPathStats(ctx, since, until, hostname)
+	result.Paths = paths
+
+	c.cache.set(cacheKey, result)
+
+	return result, nil
+}
+
+func (c *Client) fetchDailyStats(ctx context.Context, since, until, hostname string) ([]DailyStats, error) {
+	query := `
+		query ($zoneTag: String!, $since: Date!, $until: Date!, $hostname: String!) {
+			viewer {
+				zones(filter: { zoneTag: $zoneTag }) {
+					httpRequests1dGroups(
+						filter: { date_geq: $since, date_leq: $until, clientRequestHTTPHost: $hostname }
+						orderBy: [date_ASC]
+						limit: 100
+					) {
+						dimensions {
+							date
+						}
+						sum {
+							requests
+							pageViews
+							bytes
+						}
+						uniq {
+							uniques
+						}
+					}
+				}
+			}
+		}
+	`
+
+	vars := map[string]any{
+		"zoneTag":  c.zoneID,
+		"since":    since,
+		"until":    until,
+		"hostname": hostname,
+	}
+
+	resp, err := c.doQuery(ctx, query, vars)
+	if err != nil {
+		return nil, err
+	}
+
+	var data struct {
+		Viewer struct {
+			Zones []struct {
+				HttpRequests1dGroups []struct {
+					Dimensions struct {
+						Date string `json:"date"`
+					} `json:"dimensions"`
+					Sum struct {
+						Requests  int64 `json:"requests"`
+						PageViews int64 `json:"pageViews"`
+						Bytes     int64 `json:"bytes"`
+					} `json:"sum"`
+					Uniq struct {
+						Uniques int64 `json:"uniques"`
+					} `json:"uniq"`
+				} `json:"httpRequests1dGroups"`
+			} `json:"zones"`
+		} `json:"viewer"`
+	}
+
+	if err := json.Unmarshal(resp, &data); err != nil {
+		return nil, fmt.Errorf("parse response: %w", err)
+	}
+
+	var results []DailyStats
+	if len(data.Viewer.Zones) > 0 {
+		for _, g := range data.Viewer.Zones[0].HttpRequests1dGroups {
+			results = append(results, DailyStats{
+				Date:      g.Dimensions.Date,
+				Requests:  g.Sum.Requests,
+				PageViews: g.Sum.PageViews,
+				Visitors:  g.Uniq.Uniques,
+				Bandwidth: g.Sum.Bytes,
+			})
+		}
+	}
+
+	return results, nil
+}
+
+func (c *Client) fetchGroupedStats(ctx context.Context, since, until, hostname, hostField, groupBy string) ([]NamedCount, error) {
+	query := fmt.Sprintf(`
+		query ($zoneTag: String!, $since: Date!, $until: Date!, $hostname: String!) {
+			viewer {
+				zones(filter: { zoneTag: $zoneTag }) {
+					httpRequests1dGroups(
+						filter: { date_geq: $since, date_leq: $until, %s: $hostname }
+						orderBy: [sum_requests_DESC]
+						limit: 10
+					) {
+						dimensions {
+							%s
+						}
+						sum {
+							requests
+						}
+					}
+				}
+			}
+		}
+	`, hostField, groupBy)
+
+	vars := map[string]any{
+		"zoneTag":  c.zoneID,
+		"since":    since,
+		"until":    until,
+		"hostname": hostname,
+	}
+
+	resp, err := c.doQuery(ctx, query, vars)
+	if err != nil {
+		return nil, err
+	}
+
+	var data struct {
+		Viewer struct {
+			Zones []struct {
+				HttpRequests1dGroups []struct {
+					Dimensions map[string]string `json:"dimensions"`
+					Sum        struct {
+						Requests int64 `json:"requests"`
+					} `json:"sum"`
+				} `json:"httpRequests1dGroups"`
+			} `json:"zones"`
+		} `json:"viewer"`
+	}
+
+	if err := json.Unmarshal(resp, &data); err != nil {
+		return nil, fmt.Errorf("parse response: %w", err)
+	}
+
+	var results []NamedCount
+	if len(data.Viewer.Zones) > 0 {
+		for _, g := range data.Viewer.Zones[0].HttpRequests1dGroups {
+			name := g.Dimensions[groupBy]
+			if name == "" {
+				name = "Unknown"
+			}
+			results = append(results, NamedCount{
+				Name:  name,
+				Count: g.Sum.Requests,
+			})
+		}
+	}
+
+	return results, nil
+}
+
+func (c *Client) fetchPathStats(ctx context.Context, since, until, hostname string) ([]PathStats, error) {
+	query := `
+		query ($zoneTag: String!, $since: Date!, $until: Date!, $hostname: String!) {
+			viewer {
+				zones(filter: { zoneTag: $zoneTag }) {
+					httpRequests1dGroups(
+						filter: { date_geq: $since, date_leq: $until, clientRequestHTTPHost: $hostname }
+						orderBy: [sum_requests_DESC]
+						limit: 20
+					) {
+						dimensions {
+							clientRequestPath
+						}
+						sum {
+							requests
+						}
+					}
+				}
+			}
+		}
+	`
+
+	vars := map[string]any{
+		"zoneTag":  c.zoneID,
+		"since":    since,
+		"until":    until,
+		"hostname": hostname,
+	}
+
+	resp, err := c.doQuery(ctx, query, vars)
+	if err != nil {
+		return nil, err
+	}
+
+	var data struct {
+		Viewer struct {
+			Zones []struct {
+				HttpRequests1dGroups []struct {
+					Dimensions struct {
+						Path string `json:"clientRequestPath"`
+					} `json:"dimensions"`
+					Sum struct {
+						Requests int64 `json:"requests"`
+					} `json:"sum"`
+				} `json:"httpRequests1dGroups"`
+			} `json:"zones"`
+		} `json:"viewer"`
+	}
+
+	if err := json.Unmarshal(resp, &data); err != nil {
+		return nil, fmt.Errorf("parse response: %w", err)
+	}
+
+	var results []PathStats
+	if len(data.Viewer.Zones) > 0 {
+		for _, g := range data.Viewer.Zones[0].HttpRequests1dGroups {
+			results = append(results, PathStats{
+				Path:     g.Dimensions.Path,
+				Requests: g.Sum.Requests,
+			})
+		}
+	}
+
+	return results, nil
+}
+
+func (c *Client) doQuery(ctx context.Context, query string, vars map[string]any) (json.RawMessage, error) {
+	reqBody := graphqlRequest{
+		Query:     query,
+		Variables: vars,
+	}
+
+	body, err := json.Marshal(reqBody)
+	if err != nil {
+		return nil, err
+	}
+
+	req, err := http.NewRequestWithContext(ctx, "POST", "https://api.cloudflare.com/client/v4/graphql", bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer "+c.apiToken)
+
+	resp, err := c.client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("cloudflare API error: %s", string(respBody))
+	}
+
+	var gqlResp graphqlResponse
+	if err := json.Unmarshal(respBody, &gqlResp); err != nil {
+		return nil, err
+	}
+
+	if len(gqlResp.Errors) > 0 {
+		return nil, fmt.Errorf("graphql error: %s", gqlResp.Errors[0].Message)
+	}
+
+	return gqlResp.Data, nil
+}
+
+func (c *analyticsCache) get(key string) *ZoneAnalytics {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+
+	if cached, ok := c.data[key]; ok && time.Now().Before(cached.expiresAt) {
+		return cached.result
+	}
+	return nil
+}
+
+func (c *analyticsCache) set(key string, result *ZoneAnalytics) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	c.data[key] = &cachedResult{
+		result:    result,
+		expiresAt: time.Now().Add(c.ttl),
+	}
+}
+
+func (c *Client) PurgeURLs(ctx context.Context, urls []string) error {
+	if !c.IsConfigured() || len(urls) == 0 {
+		return nil
+	}
+
+	body, err := json.Marshal(map[string][]string{"files": urls})
+	if err != nil {
+		return err
+	}
+
+	req, err := http.NewRequestWithContext(ctx, "POST",
+		fmt.Sprintf("https://api.cloudflare.com/client/v4/zones/%s/purge_cache", c.zoneID),
+		bytes.NewReader(body))
+	if err != nil {
+		return err
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer "+c.apiToken)
+
+	resp, err := c.client.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		respBody, _ := io.ReadAll(resp.Body)
+		return fmt.Errorf("cloudflare purge failed: %s", string(respBody))
+	}
+
+	return nil
+}
diff --git a/internal/config/tiers.go b/internal/config/tiers.go
new file mode 100644
index 0000000..cb96efa
--- /dev/null
+++ b/internal/config/tiers.go
@@ -0,0 +1,100 @@
+package config
+
+type Tier string
+
+const (
+	TierFree Tier = "free"
+	TierPro  Tier = "pro"
+)
+
+type TierConfig struct {
+	Name               string `json:"name"`
+	Description        string `json:"description"`
+	MonthlyPrice       int    `json:"monthly_price"`
+	AnnualPrice        int    `json:"annual_price"`
+	CustomDomain       bool   `json:"custom_domain"`
+	BadgeRequired      bool   `json:"badge_required"`
+	AnalyticsRetention int    `json:"analytics_retention"`
+	APIRateLimit       int    `json:"api_rate_limit"`
+	MaxWebhooks        int    `json:"max_webhooks"`
+	WebhookDeliveries  int    `json:"webhook_deliveries"`
+	MaxPlugins         int    `json:"max_plugins"`
+	PluginExecutions   int    `json:"plugin_executions"`
+}
+
+var Tiers = map[Tier]TierConfig{
+	TierFree: {
+		Name:               "Free",
+		Description:        "For getting started",
+		MonthlyPrice:       0,
+		AnnualPrice:        0,
+		CustomDomain:       false,
+		BadgeRequired:      true,
+		AnalyticsRetention: 7,
+		APIRateLimit:       100,
+		MaxWebhooks:        3,
+		WebhookDeliveries:  100,
+		MaxPlugins:         3,
+		PluginExecutions:   1000,
+	},
+	TierPro: {
+		Name:               "Pro",
+		Description:        "For serious bloggers",
+		MonthlyPrice:       500,
+		AnnualPrice:        4900,
+		CustomDomain:       true,
+		BadgeRequired:      false,
+		AnalyticsRetention: 90,
+		APIRateLimit:       1000,
+		MaxWebhooks:        10,
+		WebhookDeliveries:  1000,
+		MaxPlugins:         10,
+		PluginExecutions:   10000,
+	},
+}
+
+func GetTier(premium bool) Tier {
+	if premium {
+		return TierPro
+	}
+	return TierFree
+}
+
+func GetConfig(tier Tier) TierConfig {
+	if cfg, ok := Tiers[tier]; ok {
+		return cfg
+	}
+	return Tiers[TierFree]
+}
+
+type TierInfo struct {
+	Tier   Tier       `json:"tier"`
+	Config TierConfig `json:"config"`
+}
+
+func GetTierInfo(premium bool) TierInfo {
+	tier := GetTier(premium)
+	return TierInfo{
+		Tier:   tier,
+		Config: GetConfig(tier),
+	}
+}
+
+type Usage struct {
+	Webhooks int `json:"webhooks"`
+	Plugins  int `json:"plugins"`
+}
+
+type AllTiersResponse struct {
+	CurrentTier Tier                `json:"current_tier"`
+	Tiers       map[Tier]TierConfig `json:"tiers"`
+	Usage       Usage               `json:"usage"`
+}
+
+func GetAllTiers(premium bool, usage Usage) AllTiersResponse {
+	return AllTiersResponse{
+		CurrentTier: GetTier(premium),
+		Tiers:       Tiers,
+		Usage:       usage,
+	}
+}
diff --git a/internal/db/db.go b/internal/db/db.go
new file mode 100644
index 0000000..83809aa
--- /dev/null
+++ b/internal/db/db.go
@@ -0,0 +1,81 @@
+package db
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"sort"
+
+	"github.com/jackc/pgx/v5/pgxpool"
+)
+
+const defaultDSN = "postgres://writekit:writekit@localhost:5432/writekit?sslmode=disable"
+
+type DB struct {
+	pool *pgxpool.Pool
+}
+
+func Connect(migrationsDir string) (*DB, error) {
+	dsn := os.Getenv("DATABASE_URL")
+	if dsn == "" {
+		dsn = defaultDSN
+	}
+
+	pool, err := pgxpool.New(context.Background(), dsn)
+	if err != nil {
+		return nil, fmt.Errorf("connect: %w", err)
+	}
+
+	if err := pool.Ping(context.Background()); err != nil {
+		pool.Close()
+		return nil, fmt.Errorf("ping: %w", err)
+	}
+
+	db := &DB{pool: pool}
+
+	if err := db.RunMigrations(migrationsDir); err != nil {
+		pool.Close()
+		return nil, fmt.Errorf("migrations: %w", err)
+	}
+
+	return db, nil
+}
+
+func (db *DB) RunMigrations(dir string) error {
+	entries, err := os.ReadDir(dir)
+	if err != nil {
+		return fmt.Errorf("read migrations dir: %w", err)
+	}
+
+	var files []string
+	for _, entry := range entries {
+		if entry.IsDir() || filepath.Ext(entry.Name()) != ".sql" {
+			continue
+		}
+		files = append(files, entry.Name())
+	}
+	sort.Strings(files)
+
+	for _, name := range files {
+		content, err := os.ReadFile(filepath.Join(dir, name))
+		if err != nil {
+			return fmt.Errorf("read %s: %w", name, err)
+		}
+
+		if _, err := db.pool.Exec(context.Background(), string(content)); err != nil {
+			return fmt.Errorf("run %s: %w", name, err)
+		}
+	}
+
+	return nil
+}
+
+func (db *DB) Close() {
+	db.pool.Close()
+}
+
+func (db *DB) Pool() *pgxpool.Pool {
+	return db.pool
+}
+
diff --git a/internal/db/demos.go b/internal/db/demos.go
new file mode 100644
index 0000000..7ecbdf0
--- /dev/null
+++ b/internal/db/demos.go
@@ -0,0 +1,109 @@
+package db
+
+import (
+	"context"
+	"crypto/rand"
+	"encoding/hex"
+	"os"
+	"strconv"
+	"time"
+
+	"github.com/jackc/pgx/v5"
+)
+
+func getDemoDuration() time.Duration {
+	if mins := os.Getenv("DEMO_DURATION_MINUTES"); mins != "" {
+		if m, err := strconv.Atoi(mins); err == nil && m > 0 {
+			return time.Duration(m) * time.Minute
+		}
+	}
+	if os.Getenv("ENV") != "prod" {
+		return 100 * 365 * 24 * time.Hour // infinite in local/dev
+	}
+	return 15 * time.Minute
+}
+
+func (db *DB) GetDemoBySubdomain(ctx context.Context, subdomain string) (*Demo, error) {
+	var d Demo
+	err := db.pool.QueryRow(ctx,
+		`SELECT id, subdomain, expires_at FROM demos WHERE subdomain = $1 AND expires_at > NOW()`,
+		subdomain).Scan(&d.ID, &d.Subdomain, &d.ExpiresAt)
+	if err == pgx.ErrNoRows {
+		return nil, nil
+	}
+	return &d, err
+}
+
+func (db *DB) GetDemoByID(ctx context.Context, id string) (*Demo, error) {
+	var d Demo
+	err := db.pool.QueryRow(ctx,
+		`SELECT id, subdomain, expires_at FROM demos WHERE id = $1 AND expires_at > NOW()`,
+		id).Scan(&d.ID, &d.Subdomain, &d.ExpiresAt)
+	if err == pgx.ErrNoRows {
+		return nil, nil
+	}
+	return &d, err
+}
+
+func (db *DB) CreateDemo(ctx context.Context) (*Demo, error) {
+	subdomain := "demo-" + randomHex(4)
+	expiresAt := time.Now().Add(getDemoDuration())
+
+	var d Demo
+	err := db.pool.QueryRow(ctx,
+		`INSERT INTO demos (subdomain, expires_at) VALUES ($1, $2) RETURNING id, subdomain, expires_at`,
+		subdomain, expiresAt).Scan(&d.ID, &d.Subdomain, &d.ExpiresAt)
+	if err != nil {
+		return nil, err
+	}
+	return &d, nil
+}
+
+type ExpiredDemo struct {
+	ID        string
+	Subdomain string
+}
+
+func (db *DB) CleanupExpiredDemos(ctx context.Context) ([]ExpiredDemo, error) {
+	rows, err := db.pool.Query(ctx,
+		`DELETE FROM demos WHERE expires_at < NOW() RETURNING id, subdomain`)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var demos []ExpiredDemo
+	for rows.Next() {
+		var d ExpiredDemo
+		if err := rows.Scan(&d.ID, &d.Subdomain); err != nil {
+			return nil, err
+		}
+		demos = append(demos, d)
+	}
+	return demos, rows.Err()
+}
+
+func (db *DB) ListActiveDemos(ctx context.Context) ([]Demo, error) {
+	rows, err := db.pool.Query(ctx,
+		`SELECT id, subdomain, expires_at FROM demos WHERE expires_at > NOW()`)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var demos []Demo
+	for rows.Next() {
+		var d Demo
+		if err := rows.Scan(&d.ID, &d.Subdomain, &d.ExpiresAt); err != nil {
+			return nil, err
+		}
+		demos = append(demos, d)
+	}
+	return demos, rows.Err()
+}
+
+func randomHex(n int) string {
+	b := make([]byte, n)
+	rand.Read(b)
+	return hex.EncodeToString(b)
+}
diff --git a/internal/db/migrations/001_initial.sql b/internal/db/migrations/001_initial.sql
new file mode 100644
index 0000000..94f3bc3
--- /dev/null
+++ b/internal/db/migrations/001_initial.sql
@@ -0,0 +1,185 @@
+-- Users (provider-agnostic)
+CREATE TABLE IF NOT EXISTS users (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    email VARCHAR(255) UNIQUE NOT NULL,
+    name VARCHAR(255),
+    avatar_url TEXT,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- OAuth identities
+CREATE TABLE IF NOT EXISTS user_identities (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    provider VARCHAR(50) NOT NULL,
+    provider_id VARCHAR(255) NOT NULL,
+    provider_email VARCHAR(255),
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    UNIQUE(provider, provider_id)
+);
+
+-- Sessions
+CREATE TABLE IF NOT EXISTS sessions (
+    token VARCHAR(64) PRIMARY KEY,
+    user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    expires_at TIMESTAMP WITH TIME ZONE NOT NULL
+);
+
+-- Tenants (blog instances)
+CREATE TABLE IF NOT EXISTS tenants (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    owner_id UUID REFERENCES users(id) ON DELETE SET NULL,
+    subdomain VARCHAR(63) UNIQUE NOT NULL,
+    custom_domain VARCHAR(255),
+    premium BOOLEAN DEFAULT FALSE,
+    members_enabled BOOLEAN DEFAULT FALSE,
+    donations_enabled BOOLEAN DEFAULT FALSE,
+    auth_google_enabled BOOLEAN DEFAULT TRUE,
+    auth_github_enabled BOOLEAN DEFAULT TRUE,
+    auth_discord_enabled BOOLEAN DEFAULT TRUE,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- Demos (temporary blogs)
+CREATE TABLE IF NOT EXISTS demos (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    subdomain VARCHAR(63) UNIQUE NOT NULL,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    expires_at TIMESTAMP WITH TIME ZONE NOT NULL
+);
+
+-- Reserved subdomains
+CREATE TABLE IF NOT EXISTS reserved_subdomains (
+    subdomain VARCHAR(63) PRIMARY KEY,
+    reason VARCHAR(255)
+);
+
+-- Membership tiers
+CREATE TABLE IF NOT EXISTS membership_tiers (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id UUID NOT NULL REFERENCES tenants(id) ON DELETE CASCADE,
+    name VARCHAR(100) NOT NULL,
+    price_cents INTEGER NOT NULL,
+    description TEXT,
+    benefits TEXT[],
+    lemon_variant_id VARCHAR(64),
+    active BOOLEAN DEFAULT TRUE,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- Subscriptions
+CREATE TABLE IF NOT EXISTS subscriptions (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id UUID NOT NULL REFERENCES tenants(id) ON DELETE CASCADE,
+    user_id UUID REFERENCES users(id) ON DELETE SET NULL,
+    tier_id UUID REFERENCES membership_tiers(id) ON DELETE SET NULL,
+    tier_name VARCHAR(100) NOT NULL,
+    status VARCHAR(20) NOT NULL,
+    lemon_subscription_id VARCHAR(64) UNIQUE,
+    lemon_customer_id VARCHAR(64),
+    amount_cents INTEGER NOT NULL,
+    current_period_start TIMESTAMP WITH TIME ZONE,
+    current_period_end TIMESTAMP WITH TIME ZONE,
+    cancelled_at TIMESTAMP WITH TIME ZONE,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- Donations
+CREATE TABLE IF NOT EXISTS donations (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id UUID NOT NULL REFERENCES tenants(id) ON DELETE CASCADE,
+    user_id UUID REFERENCES users(id) ON DELETE SET NULL,
+    donor_email VARCHAR(255),
+    donor_name VARCHAR(255),
+    amount_cents INTEGER NOT NULL,
+    lemon_order_id VARCHAR(64) UNIQUE,
+    message TEXT,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- Earnings ledger
+CREATE TABLE IF NOT EXISTS earnings (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id UUID NOT NULL REFERENCES tenants(id) ON DELETE CASCADE,
+    source_type VARCHAR(20) NOT NULL,
+    source_id UUID NOT NULL,
+    description TEXT,
+    gross_cents INTEGER NOT NULL,
+    platform_fee_cents INTEGER NOT NULL,
+    processor_fee_cents INTEGER NOT NULL,
+    net_cents INTEGER NOT NULL,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- Balances
+CREATE TABLE IF NOT EXISTS balances (
+    tenant_id UUID PRIMARY KEY REFERENCES tenants(id) ON DELETE CASCADE,
+    available_cents INTEGER DEFAULT 0,
+    lifetime_earnings_cents INTEGER DEFAULT 0,
+    lifetime_paid_cents INTEGER DEFAULT 0,
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- Payouts
+CREATE TABLE IF NOT EXISTS payouts (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    tenant_id UUID NOT NULL REFERENCES tenants(id) ON DELETE CASCADE,
+    amount_cents INTEGER NOT NULL,
+    currency VARCHAR(3) DEFAULT 'USD',
+    wise_transfer_id VARCHAR(64),
+    wise_quote_id VARCHAR(64),
+    status VARCHAR(20) NOT NULL,
+    failure_reason TEXT,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    completed_at TIMESTAMP WITH TIME ZONE
+);
+
+-- Payout settings
+CREATE TABLE IF NOT EXISTS payout_settings (
+    tenant_id UUID PRIMARY KEY REFERENCES tenants(id) ON DELETE CASCADE,
+    wise_recipient_id VARCHAR(64),
+    account_holder_name VARCHAR(255),
+    currency VARCHAR(3) DEFAULT 'USD',
+    payout_email VARCHAR(255),
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+    updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+-- Indexes
+CREATE INDEX IF NOT EXISTS idx_identities_lookup ON user_identities(provider, provider_id);
+CREATE INDEX IF NOT EXISTS idx_identities_user ON user_identities(user_id);
+CREATE INDEX IF NOT EXISTS idx_sessions_expires ON sessions(expires_at);
+CREATE INDEX IF NOT EXISTS idx_sessions_user ON sessions(user_id);
+CREATE INDEX IF NOT EXISTS idx_tenants_owner ON tenants(owner_id);
+CREATE INDEX IF NOT EXISTS idx_tenants_subdomain ON tenants(subdomain);
+CREATE INDEX IF NOT EXISTS idx_demos_expires ON demos(expires_at);
+CREATE INDEX IF NOT EXISTS idx_demos_subdomain ON demos(subdomain);
+CREATE INDEX IF NOT EXISTS idx_tiers_tenant ON membership_tiers(tenant_id) WHERE active = TRUE;
+CREATE INDEX IF NOT EXISTS idx_subscriptions_tenant ON subscriptions(tenant_id);
+CREATE INDEX IF NOT EXISTS idx_subscriptions_user ON subscriptions(user_id);
+CREATE INDEX IF NOT EXISTS idx_subscriptions_lemon ON subscriptions(lemon_subscription_id);
+CREATE INDEX IF NOT EXISTS idx_donations_tenant ON donations(tenant_id);
+CREATE INDEX IF NOT EXISTS idx_earnings_tenant ON earnings(tenant_id);
+CREATE INDEX IF NOT EXISTS idx_payouts_tenant ON payouts(tenant_id);
+
+-- Reserved subdomains
+INSERT INTO reserved_subdomains (subdomain, reason) VALUES
+    ('www', 'system'),
+    ('api', 'system'),
+    ('app', 'system'),
+    ('admin', 'system'),
+    ('staging', 'system'),
+    ('demo', 'system'),
+    ('test', 'system'),
+    ('mail', 'system'),
+    ('smtp', 'system'),
+    ('ftp', 'system'),
+    ('ssh', 'system'),
+    ('traefik', 'system'),
+    ('ops', 'system'),
+    ('source', 'system'),
+    ('ci', 'system')
+ON CONFLICT (subdomain) DO NOTHING;
diff --git a/internal/db/models.go b/internal/db/models.go
new file mode 100644
index 0000000..2dc522b
--- /dev/null
+++ b/internal/db/models.go
@@ -0,0 +1,34 @@
+package db
+
+import "time"
+
+type User struct {
+	ID        string
+	Email     string
+	Name      string
+	AvatarURL string
+	CreatedAt time.Time
+}
+
+type Tenant struct {
+	ID               string
+	OwnerID          string
+	Subdomain        string
+	CustomDomain     string
+	Premium          bool
+	MembersEnabled   bool
+	DonationsEnabled bool
+	CreatedAt        time.Time
+}
+
+type Session struct {
+	Token     string
+	UserID    string
+	ExpiresAt time.Time
+}
+
+type Demo struct {
+	ID        string
+	Subdomain string
+	ExpiresAt time.Time
+}
diff --git a/internal/db/sessions.go b/internal/db/sessions.go
new file mode 100644
index 0000000..92e6987
--- /dev/null
+++ b/internal/db/sessions.go
@@ -0,0 +1,45 @@
+package db
+
+import (
+	"context"
+	"crypto/rand"
+	"encoding/hex"
+	"time"
+
+	"github.com/jackc/pgx/v5"
+)
+
+func (db *DB) CreateSession(ctx context.Context, userID string) (*Session, error) {
+	token := make([]byte, 32)
+	if _, err := rand.Read(token); err != nil {
+		return nil, err
+	}
+
+	s := &Session{
+		Token:     hex.EncodeToString(token),
+		UserID:    userID,
+		ExpiresAt: time.Now().Add(30 * 24 * time.Hour),
+	}
+
+	_, err := db.pool.Exec(ctx,
+		`INSERT INTO sessions (token, user_id, expires_at) VALUES ($1, $2, $3)`,
+		s.Token, s.UserID, s.ExpiresAt)
+	return s, err
+}
+
+func (db *DB) ValidateSession(ctx context.Context, token string) (*Session, error) {
+	var s Session
+	err := db.pool.QueryRow(ctx,
+		`SELECT token, user_id, expires_at FROM sessions
+		 WHERE token = $1 AND expires_at > NOW()`,
+		token).Scan(&s.Token, &s.UserID, &s.ExpiresAt)
+	if err == pgx.ErrNoRows {
+		return nil, nil
+	}
+	return &s, err
+}
+
+func (db *DB) DeleteSession(ctx context.Context, token string) error {
+	_, err := db.pool.Exec(ctx, `DELETE FROM sessions WHERE token = $1`, token)
+	return err
+}
diff --git a/internal/db/tenants.go b/internal/db/tenants.go
new file mode 100644
index 0000000..6215975
--- /dev/null
+++ b/internal/db/tenants.go
@@ -0,0 +1,147 @@
+package db
+
+import (
+	"context"
+
+	"github.com/jackc/pgx/v5"
+)
+
+func (db *DB) GetTenantBySubdomain(ctx context.Context, subdomain string) (*Tenant, error) {
+	var t Tenant
+	var ownerID, customDomain *string
+	err := db.pool.QueryRow(ctx,
+		`SELECT id, owner_id, subdomain, custom_domain, premium, members_enabled, donations_enabled, created_at
+		 FROM tenants WHERE subdomain = $1`,
+		subdomain).Scan(&t.ID, &ownerID, &t.Subdomain, &customDomain, &t.Premium,
+		&t.MembersEnabled, &t.DonationsEnabled, &t.CreatedAt)
+	if err == pgx.ErrNoRows {
+		return nil, nil
+	}
+	if ownerID != nil {
+		t.OwnerID = *ownerID
+	}
+	if customDomain != nil {
+		t.CustomDomain = *customDomain
+	}
+	return &t, err
+}
+
+func (db *DB) GetTenantByOwner(ctx context.Context, ownerID string) (*Tenant, error) {
+	var t Tenant
+	var owner, customDomain *string
+	err := db.pool.QueryRow(ctx,
+		`SELECT id, owner_id, subdomain, custom_domain, premium, members_enabled, donations_enabled, created_at
+		 FROM tenants WHERE owner_id = $1`,
+		ownerID).Scan(&t.ID, &owner, &t.Subdomain, &customDomain, &t.Premium,
+		&t.MembersEnabled, &t.DonationsEnabled, &t.CreatedAt)
+	if err == pgx.ErrNoRows {
+		return nil, nil
+	}
+	if owner != nil {
+		t.OwnerID = *owner
+	}
+	if customDomain != nil {
+		t.CustomDomain = *customDomain
+	}
+	return &t, err
+}
+
+func (db *DB) CreateTenant(ctx context.Context, ownerID, subdomain string) (*Tenant, error) {
+	var t Tenant
+	err := db.pool.QueryRow(ctx,
+		`INSERT INTO tenants (owner_id, subdomain)
+		 VALUES ($1, $2)
+		 RETURNING id, owner_id, subdomain, custom_domain, premium, members_enabled, donations_enabled, created_at`,
+		ownerID, subdomain).Scan(&t.ID, &t.OwnerID, &t.Subdomain, &t.CustomDomain, &t.Premium,
+		&t.MembersEnabled, &t.DonationsEnabled, &t.CreatedAt)
+	return &t, err
+}
+
+func (db *DB) GetTenantByID(ctx context.Context, id string) (*Tenant, error) {
+	var t Tenant
+	var ownerID, customDomain *string
+	err := db.pool.QueryRow(ctx,
+		`SELECT id, owner_id, subdomain, custom_domain, premium, members_enabled, donations_enabled, created_at
+		 FROM tenants WHERE id = $1`,
+		id).Scan(&t.ID, &ownerID, &t.Subdomain, &customDomain, &t.Premium,
+		&t.MembersEnabled, &t.DonationsEnabled, &t.CreatedAt)
+	if err == pgx.ErrNoRows {
+		return nil, nil
+	}
+	if ownerID != nil {
+		t.OwnerID = *ownerID
+	}
+	if customDomain != nil {
+		t.CustomDomain = *customDomain
+	}
+	return &t, err
+}
+
+func (db *DB) IsUserTenantOwner(ctx context.Context, userID, tenantID string) (bool, error) {
+	var exists bool
+	err := db.pool.QueryRow(ctx,
+		`SELECT EXISTS(SELECT 1 FROM tenants WHERE id = $1 AND owner_id = $2)`,
+		tenantID, userID).Scan(&exists)
+	return exists, err
+}
+
+func (db *DB) IsSubdomainAvailable(ctx context.Context, subdomain string) (bool, error) {
+	var exists bool
+
+	err := db.pool.QueryRow(ctx,
+		`SELECT EXISTS(SELECT 1 FROM reserved_subdomains WHERE subdomain = $1)`,
+		subdomain).Scan(&exists)
+	if err != nil {
+		return false, err
+	}
+	if exists {
+		return false, nil
+	}
+
+	err = db.pool.QueryRow(ctx,
+		`SELECT EXISTS(SELECT 1 FROM demos WHERE subdomain = $1 AND expires_at > NOW())`,
+		subdomain).Scan(&exists)
+	if err != nil {
+		return false, err
+	}
+	if exists {
+		return false, nil
+	}
+
+	err = db.pool.QueryRow(ctx,
+		`SELECT EXISTS(SELECT 1 FROM tenants WHERE subdomain = $1)`,
+		subdomain).Scan(&exists)
+	if err != nil {
+		return false, err
+	}
+
+	return !exists, nil
+}
+
+func (db *DB) ListTenants(ctx context.Context) ([]Tenant, error) {
+	rows, err := db.pool.Query(ctx,
+		`SELECT id, owner_id, subdomain, custom_domain, premium, members_enabled, donations_enabled, created_at
+		 FROM tenants`)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var tenants []Tenant
+	for rows.Next() {
+		var t Tenant
+		var ownerID, customDomain *string
+		if err := rows.Scan(&t.ID, &ownerID, &t.Subdomain, &customDomain, &t.Premium,
+			&t.MembersEnabled, &t.DonationsEnabled, &t.CreatedAt); err != nil {
+			return nil, err
+		}
+		if ownerID != nil {
+			t.OwnerID = *ownerID
+		}
+		if customDomain != nil {
+			t.CustomDomain = *customDomain
+		}
+		tenants = append(tenants, t)
+	}
+	return tenants, rows.Err()
+}
diff --git a/internal/db/users.go b/internal/db/users.go
new file mode 100644
index 0000000..d9ed170
--- /dev/null
+++ b/internal/db/users.go
@@ -0,0 +1,62 @@
+package db
+
+import (
+	"context"
+
+	"github.com/jackc/pgx/v5"
+)
+
+func (db *DB) GetUserByID(ctx context.Context, id string) (*User, error) {
+	var u User
+	err := db.pool.QueryRow(ctx,
+		`SELECT id, email, name, avatar_url, created_at FROM users WHERE id = $1`,
+		id).Scan(&u.ID, &u.Email, &u.Name, &u.AvatarURL, &u.CreatedAt)
+	if err == pgx.ErrNoRows {
+		return nil, nil
+	}
+	return &u, err
+}
+
+func (db *DB) GetUserByEmail(ctx context.Context, email string) (*User, error) {
+	var u User
+	err := db.pool.QueryRow(ctx,
+		`SELECT id, email, name, avatar_url, created_at FROM users WHERE email = $1`,
+		email).Scan(&u.ID, &u.Email, &u.Name, &u.AvatarURL, &u.CreatedAt)
+	if err == pgx.ErrNoRows {
+		return nil, nil
+	}
+	return &u, err
+}
+
+func (db *DB) GetUserByIdentity(ctx context.Context, provider, providerID string) (*User, error) {
+	var u User
+	err := db.pool.QueryRow(ctx,
+		`SELECT u.id, u.email, u.name, u.avatar_url, u.created_at
+		 FROM users u
+		 JOIN user_identities i ON i.user_id = u.id
+		 WHERE i.provider = $1 AND i.provider_id = $2`,
+		provider, providerID).Scan(&u.ID, &u.Email, &u.Name, &u.AvatarURL, &u.CreatedAt)
+	if err == pgx.ErrNoRows {
+		return nil, nil
+	}
+	return &u, err
+}
+
+func (db *DB) CreateUser(ctx context.Context, email, name, avatarURL string) (*User, error) {
+	var u User
+	err := db.pool.QueryRow(ctx,
+		`INSERT INTO users (email, name, avatar_url)
+		 VALUES ($1, $2, $3)
+		 RETURNING id, email, name, avatar_url, created_at`,
+		email, name, avatarURL).Scan(&u.ID, &u.Email, &u.Name, &u.AvatarURL, &u.CreatedAt)
+	return &u, err
+}
+
+func (db *DB) AddUserIdentity(ctx context.Context, userID, provider, providerID, providerEmail string) error {
+	_, err := db.pool.Exec(ctx,
+		`INSERT INTO user_identities (user_id, provider, provider_id, provider_email)
+		 VALUES ($1, $2, $3, $4)
+		 ON CONFLICT (provider, provider_id) DO NOTHING`,
+		userID, provider, providerID, providerEmail)
+	return err
+}
diff --git a/internal/imaginary/client.go b/internal/imaginary/client.go
new file mode 100644
index 0000000..394af08
--- /dev/null
+++ b/internal/imaginary/client.go
@@ -0,0 +1,77 @@
+package imaginary
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"mime/multipart"
+	"net/http"
+)
+
+type Client struct {
+	baseURL string
+	http    *http.Client
+}
+
+func New(baseURL string) *Client {
+	return &Client{
+		baseURL: baseURL,
+		http:    &http.Client{},
+	}
+}
+
+type ProcessOptions struct {
+	Width   int
+	Height  int
+	Quality int
+	Type    string
+}
+
+func (c *Client) Process(src io.Reader, filename string, opts ProcessOptions) ([]byte, error) {
+	var body bytes.Buffer
+	writer := multipart.NewWriter(&body)
+
+	part, err := writer.CreateFormFile("file", filename)
+	if err != nil {
+		return nil, err
+	}
+	if _, err := io.Copy(part, src); err != nil {
+		return nil, err
+	}
+	writer.Close()
+
+	if opts.Width == 0 {
+		opts.Width = 2000
+	}
+	if opts.Height == 0 {
+		opts.Height = 2000
+	}
+	if opts.Quality == 0 {
+		opts.Quality = 80
+	}
+	if opts.Type == "" {
+		opts.Type = "webp"
+	}
+
+	url := fmt.Sprintf("%s/resize?width=%d&height=%d&quality=%d&type=%s",
+		c.baseURL, opts.Width, opts.Height, opts.Quality, opts.Type)
+
+	req, err := http.NewRequest("POST", url, &body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", writer.FormDataContentType())
+
+	resp, err := c.http.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		errBody, _ := io.ReadAll(resp.Body)
+		return nil, fmt.Errorf("imaginary error %d: %s", resp.StatusCode, string(errBody))
+	}
+
+	return io.ReadAll(resp.Body)
+}
diff --git a/internal/markdown/markdown.go b/internal/markdown/markdown.go
new file mode 100644
index 0000000..77c0da3
--- /dev/null
+++ b/internal/markdown/markdown.go
@@ -0,0 +1,72 @@
+package markdown
+
+import (
+	"bytes"
+	"sync"
+
+	"github.com/yuin/goldmark"
+	emoji "github.com/yuin/goldmark-emoji"
+	highlighting "github.com/yuin/goldmark-highlighting/v2"
+	"github.com/yuin/goldmark/extension"
+	"github.com/yuin/goldmark/parser"
+	"github.com/yuin/goldmark/renderer/html"
+)
+
+var (
+	renderers   = make(map[string]goldmark.Markdown)
+	renderersMu sync.RWMutex
+)
+
+func getRenderer(codeTheme string) goldmark.Markdown {
+	if codeTheme == "" {
+		codeTheme = "github"
+	}
+
+	renderersMu.RLock()
+	if md, ok := renderers[codeTheme]; ok {
+		renderersMu.RUnlock()
+		return md
+	}
+	renderersMu.RUnlock()
+
+	renderersMu.Lock()
+	defer renderersMu.Unlock()
+
+	if md, ok := renderers[codeTheme]; ok {
+		return md
+	}
+
+	md := goldmark.New(
+		goldmark.WithExtensions(
+			extension.GFM,
+			extension.Typographer,
+			emoji.Emoji,
+			highlighting.NewHighlighting(
+				highlighting.WithStyle(codeTheme),
+			),
+		),
+		goldmark.WithParserOptions(
+			parser.WithAutoHeadingID(),
+		),
+		goldmark.WithRendererOptions(
+			html.WithHardWraps(),
+			html.WithXHTML(),
+			html.WithUnsafe(),
+		),
+	)
+	renderers[codeTheme] = md
+	return md
+}
+
+func Render(source string) (string, error) {
+	return RenderWithTheme(source, "github")
+}
+
+func RenderWithTheme(source, codeTheme string) (string, error) {
+	md := getRenderer(codeTheme)
+	var buf bytes.Buffer
+	if err := md.Convert([]byte(source), &buf); err != nil {
+		return "", err
+	}
+	return buf.String(), nil
+}
diff --git a/internal/markdown/themes.go b/internal/markdown/themes.go
new file mode 100644
index 0000000..90e73d7
--- /dev/null
+++ b/internal/markdown/themes.go
@@ -0,0 +1,152 @@
+package markdown
+
+import (
+	"strings"
+
+	"github.com/alecthomas/chroma/v2"
+	"github.com/alecthomas/chroma/v2/styles"
+)
+
+var chromaToHljs = map[chroma.TokenType]string{
+	chroma.Keyword:            "hljs-keyword",
+	chroma.KeywordConstant:    "hljs-keyword",
+	chroma.KeywordDeclaration: "hljs-keyword",
+	chroma.KeywordNamespace:   "hljs-keyword",
+	chroma.KeywordPseudo:      "hljs-keyword",
+	chroma.KeywordReserved:    "hljs-keyword",
+	chroma.KeywordType:        "hljs-type",
+
+	chroma.Name:              "hljs-variable",
+	chroma.NameBuiltin:       "hljs-built_in",
+	chroma.NameBuiltinPseudo: "hljs-built_in",
+	chroma.NameClass:         "hljs-title class_",
+	chroma.NameConstant:      "hljs-variable constant_",
+	chroma.NameDecorator:     "hljs-meta",
+	chroma.NameEntity:        "hljs-name",
+	chroma.NameException:     "hljs-title class_",
+	chroma.NameFunction:      "hljs-title function_",
+	chroma.NameFunctionMagic: "hljs-title function_",
+	chroma.NameLabel:         "hljs-symbol",
+	chroma.NameNamespace:     "hljs-title class_",
+	chroma.NameOther:         "hljs-variable",
+	chroma.NameProperty:      "hljs-property",
+	chroma.NameTag:           "hljs-tag",
+	chroma.NameVariable:      "hljs-variable",
+	chroma.NameVariableClass: "hljs-variable",
+	chroma.NameVariableGlobal: "hljs-variable",
+	chroma.NameVariableInstance: "hljs-variable",
+	chroma.NameVariableMagic: "hljs-variable",
+	chroma.NameAttribute:     "hljs-attr",
+
+	chroma.Literal:     "hljs-literal",
+	chroma.LiteralDate: "hljs-number",
+
+	chroma.String:          "hljs-string",
+	chroma.StringAffix:     "hljs-string",
+	chroma.StringBacktick:  "hljs-string",
+	chroma.StringChar:      "hljs-string",
+	chroma.StringDelimiter: "hljs-string",
+	chroma.StringDoc:       "hljs-string",
+	chroma.StringDouble:    "hljs-string",
+	chroma.StringEscape:    "hljs-char escape_",
+	chroma.StringHeredoc:   "hljs-string",
+	chroma.StringInterpol:  "hljs-subst",
+	chroma.StringOther:     "hljs-string",
+	chroma.StringRegex:     "hljs-regexp",
+	chroma.StringSingle:    "hljs-string",
+	chroma.StringSymbol:    "hljs-symbol",
+
+	chroma.Number:            "hljs-number",
+	chroma.NumberBin:         "hljs-number",
+	chroma.NumberFloat:       "hljs-number",
+	chroma.NumberHex:         "hljs-number",
+	chroma.NumberInteger:     "hljs-number",
+	chroma.NumberIntegerLong: "hljs-number",
+	chroma.NumberOct:         "hljs-number",
+
+	chroma.Operator:     "hljs-operator",
+	chroma.OperatorWord: "hljs-keyword",
+
+	chroma.Punctuation: "hljs-punctuation",
+
+	chroma.Comment:            "hljs-comment",
+	chroma.CommentHashbang:    "hljs-meta",
+	chroma.CommentMultiline:   "hljs-comment",
+	chroma.CommentPreproc:     "hljs-meta",
+	chroma.CommentPreprocFile: "hljs-meta",
+	chroma.CommentSingle:      "hljs-comment",
+	chroma.CommentSpecial:     "hljs-doctag",
+
+	chroma.Generic:           "hljs-code",
+	chroma.GenericDeleted:    "hljs-deletion",
+	chroma.GenericEmph:       "hljs-emphasis",
+	chroma.GenericError:      "hljs-strong",
+	chroma.GenericHeading:    "hljs-section",
+	chroma.GenericInserted:   "hljs-addition",
+	chroma.GenericOutput:     "hljs-code",
+	chroma.GenericPrompt:     "hljs-meta prompt_",
+	chroma.GenericStrong:     "hljs-strong",
+	chroma.GenericSubheading: "hljs-section",
+	chroma.GenericTraceback:  "hljs-code",
+	chroma.GenericUnderline:  "hljs-code",
+
+	chroma.Text:            "",
+	chroma.TextWhitespace:  "",
+}
+
+func GenerateHljsCSS(themeName string) (string, error) {
+	style := styles.Get(themeName)
+	if style == nil {
+		style = styles.Get("github")
+	}
+
+	var css strings.Builder
+	css.WriteString("/* Auto-generated from Chroma theme: " + themeName + " */\n")
+
+	bg := style.Get(chroma.Background)
+	if bg.Background.IsSet() {
+		css.WriteString(".prose pre { background: " + bg.Background.String() + "; }\n")
+	}
+	if bg.Colour.IsSet() {
+		css.WriteString(".prose pre code { color: " + bg.Colour.String() + "; }\n")
+	}
+
+	seen := make(map[string]bool)
+
+	for chromaToken, hljsClass := range chromaToHljs {
+		if hljsClass == "" {
+			continue
+		}
+
+		entry := style.Get(chromaToken)
+		if !entry.Colour.IsSet() && entry.Bold != chroma.Yes && entry.Italic != chroma.Yes {
+			continue
+		}
+
+		if seen[hljsClass] {
+			continue
+		}
+		seen[hljsClass] = true
+
+		selector := "." + strings.ReplaceAll(hljsClass, " ", ".")
+		css.WriteString(selector + " {")
+
+		if entry.Colour.IsSet() {
+			css.WriteString(" color: " + entry.Colour.String() + ";")
+		}
+		if entry.Bold == chroma.Yes {
+			css.WriteString(" font-weight: bold;")
+		}
+		if entry.Italic == chroma.Yes {
+			css.WriteString(" font-style: italic;")
+		}
+
+		css.WriteString(" }\n")
+	}
+
+	return css.String(), nil
+}
+
+func ListThemes() []string {
+	return styles.Names()
+}
diff --git a/internal/og/og.go b/internal/og/og.go
new file mode 100644
index 0000000..98e3037
--- /dev/null
+++ b/internal/og/og.go
@@ -0,0 +1,185 @@
+package og
+
+import (
+	"bytes"
+	"image"
+	"image/color"
+	"image/draw"
+	"image/png"
+
+	"github.com/golang/freetype"
+	"github.com/golang/freetype/truetype"
+	"golang.org/x/image/font"
+	"golang.org/x/image/font/gofont/goregular"
+	"golang.org/x/image/font/gofont/gobold"
+)
+
+const (
+	imgWidth  = 1200
+	imgHeight = 630
+)
+
+var (
+	regularFont *truetype.Font
+	boldFont    *truetype.Font
+)
+
+func init() {
+	var err error
+	regularFont, err = freetype.ParseFont(goregular.TTF)
+	if err != nil {
+		panic(err)
+	}
+	boldFont, err = freetype.ParseFont(gobold.TTF)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func parseHexColor(hex string) color.RGBA {
+	if len(hex) == 0 {
+		return color.RGBA{16, 185, 129, 255} // #10b981 emerald
+	}
+	if hex[0] == '#' {
+		hex = hex[1:]
+	}
+	if len(hex) != 6 {
+		return color.RGBA{16, 185, 129, 255} // #10b981 emerald
+	}
+
+	var r, g, b uint8
+	for i, c := range hex {
+		var v uint8
+		switch {
+		case c >= '0' && c <= '9':
+			v = uint8(c - '0')
+		case c >= 'a' && c <= 'f':
+			v = uint8(c - 'a' + 10)
+		case c >= 'A' && c <= 'F':
+			v = uint8(c - 'A' + 10)
+		}
+		switch i {
+		case 0:
+			r = v << 4
+		case 1:
+			r |= v
+		case 2:
+			g = v << 4
+		case 3:
+			g |= v
+		case 4:
+			b = v << 4
+		case 5:
+			b |= v
+		}
+	}
+	return color.RGBA{r, g, b, 255}
+}
+
+func Generate(title, siteName, accentColor string) ([]byte, error) {
+	accent := parseHexColor(accentColor)
+
+	img := image.NewRGBA(image.Rect(0, 0, imgWidth, imgHeight))
+
+	for y := 0; y < imgHeight; y++ {
+		ratio := float64(y) / float64(imgHeight)
+		r := uint8(float64(accent.R) * (1 - ratio*0.3))
+		g := uint8(float64(accent.G) * (1 - ratio*0.3))
+		b := uint8(float64(accent.B) * (1 - ratio*0.3))
+		for x := 0; x < imgWidth; x++ {
+			img.Set(x, y, color.RGBA{r, g, b, 255})
+		}
+	}
+
+	c := freetype.NewContext()
+	c.SetDPI(72)
+	c.SetClip(img.Bounds())
+	c.SetDst(img)
+	c.SetSrc(image.White)
+	c.SetHinting(font.HintingFull)
+
+	titleSize := 64.0
+	if len(title) > 50 {
+		titleSize = 48.0
+	}
+	if len(title) > 80 {
+		titleSize = 40.0
+	}
+
+	c.SetFont(boldFont)
+	c.SetFontSize(titleSize)
+
+	wrapped := wrapText(title, 28)
+	y := 200
+	for _, line := range wrapped {
+		pt := freetype.Pt(80, y)
+		c.DrawString(line, pt)
+		y += int(titleSize * 1.4)
+	}
+
+	c.SetFont(regularFont)
+	c.SetFontSize(28)
+	pt := freetype.Pt(80, imgHeight-80)
+	c.DrawString(siteName, pt)
+
+	var buf bytes.Buffer
+	if err := png.Encode(&buf, img); err != nil {
+		return nil, err
+	}
+
+	return buf.Bytes(), nil
+}
+
+func wrapText(text string, maxChars int) []string {
+	if len(text) <= maxChars {
+		return []string{text}
+	}
+
+	var lines []string
+	words := splitWords(text)
+	var current string
+
+	for _, word := range words {
+		if current == "" {
+			current = word
+		} else if len(current)+1+len(word) <= maxChars {
+			current += " " + word
+		} else {
+			lines = append(lines, current)
+			current = word
+		}
+	}
+	if current != "" {
+		lines = append(lines, current)
+	}
+
+	if len(lines) > 4 {
+		lines = lines[:4]
+		if len(lines[3]) > 3 {
+			lines[3] = lines[3][:len(lines[3])-3] + "..."
+		}
+	}
+
+	return lines
+}
+
+func splitWords(s string) []string {
+	var words []string
+	var current string
+	for _, r := range s {
+		if r == ' ' || r == '\t' || r == '\n' {
+			if current != "" {
+				words = append(words, current)
+				current = ""
+			}
+		} else {
+			current += string(r)
+		}
+	}
+	if current != "" {
+		words = append(words, current)
+	}
+	return words
+}
+
+var _ = draw.Draw
diff --git a/internal/server/api.go b/internal/server/api.go
new file mode 100644
index 0000000..59ce9a1
--- /dev/null
+++ b/internal/server/api.go
@@ -0,0 +1,208 @@
+package server
+
+import (
+	"net/http"
+	"strconv"
+	"strings"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/writekitapp/writekit/internal/auth"
+	"github.com/writekitapp/writekit/internal/tenant"
+)
+
+func (s *Server) publicAPIRoutes() chi.Router {
+	r := chi.NewRouter()
+	r.Use(s.apiKeyMiddleware)
+	r.Use(s.apiRateLimitMiddleware(s.rateLimiter))
+
+	r.Get("/posts", s.apiListPosts)
+	r.Post("/posts", s.apiCreatePost)
+	r.Get("/posts/{slug}", s.apiGetPost)
+	r.Put("/posts/{slug}", s.apiUpdatePost)
+	r.Delete("/posts/{slug}", s.apiDeletePost)
+
+	r.Get("/settings", s.apiGetSettings)
+
+	return r
+}
+
+func (s *Server) apiKeyMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		tenantID, ok := r.Context().Value(tenantIDKey).(string)
+		if !ok || tenantID == "" {
+			jsonError(w, http.StatusUnauthorized, "unauthorized")
+			return
+		}
+
+		key := extractAPIKey(r)
+		if key != "" {
+			db, err := s.tenantPool.Get(tenantID)
+			if err != nil {
+				jsonError(w, http.StatusInternalServerError, "database error")
+				return
+			}
+
+			q := tenant.NewQueries(db)
+			valid, err := q.ValidateAPIKey(r.Context(), key)
+			if err != nil {
+				jsonError(w, http.StatusInternalServerError, "validation error")
+				return
+			}
+			if valid {
+				next.ServeHTTP(w, r)
+				return
+			}
+			jsonError(w, http.StatusUnauthorized, "invalid API key")
+			return
+		}
+
+		if GetDemoInfo(r).IsDemo {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		userID := auth.GetUserID(r)
+		if userID == "" {
+			jsonError(w, http.StatusUnauthorized, "API key required")
+			return
+		}
+
+		isOwner, err := s.database.IsUserTenantOwner(r.Context(), userID, tenantID)
+		if err != nil || !isOwner {
+			jsonError(w, http.StatusUnauthorized, "API key required")
+			return
+		}
+
+		next.ServeHTTP(w, r)
+	})
+}
+
+func extractAPIKey(r *http.Request) string {
+	auth := r.Header.Get("Authorization")
+	if strings.HasPrefix(auth, "Bearer ") {
+		return strings.TrimPrefix(auth, "Bearer ")
+	}
+	return r.URL.Query().Get("api_key")
+}
+
+type paginatedPostsResponse struct {
+	Posts  []postResponse `json:"posts"`
+	Total  int            `json:"total"`
+	Limit  int            `json:"limit"`
+	Offset int            `json:"offset"`
+}
+
+func (s *Server) apiListPosts(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	limit, _ := strconv.Atoi(r.URL.Query().Get("limit"))
+	offset, _ := strconv.Atoi(r.URL.Query().Get("offset"))
+	tag := r.URL.Query().Get("tag")
+	includeContent := r.URL.Query().Get("include") == "content"
+
+	q := tenant.NewQueries(db)
+	result, err := q.ListPostsPaginated(r.Context(), tenant.ListPostsOptions{
+		Limit:  limit,
+		Offset: offset,
+		Tag:    tag,
+	})
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to list posts")
+		return
+	}
+
+	posts := make([]postResponse, len(result.Posts))
+	for i, p := range result.Posts {
+		posts[i] = postToResponse(&p, includeContent)
+	}
+
+	jsonResponse(w, http.StatusOK, paginatedPostsResponse{
+		Posts:  posts,
+		Total:  result.Total,
+		Limit:  limit,
+		Offset: offset,
+	})
+}
+
+func (s *Server) apiGetPost(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	slug := chi.URLParam(r, "slug")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	post, err := q.GetPost(r.Context(), slug)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to get post")
+		return
+	}
+	if post == nil {
+		jsonError(w, http.StatusNotFound, "post not found")
+		return
+	}
+
+	jsonResponse(w, http.StatusOK, postToResponse(post, true))
+}
+
+func (s *Server) apiCreatePost(w http.ResponseWriter, r *http.Request) {
+	s.createPost(w, r)
+}
+
+func (s *Server) apiUpdatePost(w http.ResponseWriter, r *http.Request) {
+	s.updatePost(w, r)
+}
+
+func (s *Server) apiDeletePost(w http.ResponseWriter, r *http.Request) {
+	s.deletePost(w, r)
+}
+
+var publicSettingsKeys = []string{
+	"site_name",
+	"site_description",
+	"author_name",
+	"author_role",
+	"author_bio",
+	"author_photo",
+	"twitter_handle",
+	"github_handle",
+	"linkedin_handle",
+	"email",
+	"accent_color",
+	"font",
+}
+
+func (s *Server) apiGetSettings(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	allSettings, err := q.GetSettings(r.Context())
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to get settings")
+		return
+	}
+
+	result := make(map[string]string)
+	for _, key := range publicSettingsKeys {
+		if val, ok := allSettings[key]; ok {
+			result[key] = val
+		}
+	}
+
+	jsonResponse(w, http.StatusOK, result)
+}
diff --git a/internal/server/blog.go b/internal/server/blog.go
new file mode 100644
index 0000000..8b873d5
--- /dev/null
+++ b/internal/server/blog.go
@@ -0,0 +1,703 @@
+package server
+
+import (
+	"bytes"
+	"context"
+	"crypto/md5"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"html/template"
+	"log/slog"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"os"
+	"time"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/writekitapp/writekit/internal/auth"
+	"github.com/writekitapp/writekit/internal/build/assets"
+	"github.com/writekitapp/writekit/internal/build/templates"
+	"github.com/writekitapp/writekit/internal/config"
+	"github.com/writekitapp/writekit/internal/markdown"
+	"github.com/writekitapp/writekit/internal/tenant"
+	"github.com/writekitapp/writekit/studio"
+)
+
+func (s *Server) serveBlog(w http.ResponseWriter, r *http.Request, subdomain string) {
+	var tenantID string
+	var demoInfo DemoInfo
+
+	tenantID, ok := s.tenantCache.Get(subdomain)
+	if !ok {
+		t, err := s.database.GetTenantBySubdomain(r.Context(), subdomain)
+		if err != nil || t == nil {
+			d, err := s.database.GetDemoBySubdomain(r.Context(), subdomain)
+			if err != nil || d == nil {
+				s.notFound(w, r)
+				return
+			}
+			tenantID = d.ID
+			demoInfo = DemoInfo{IsDemo: true, ExpiresAt: d.ExpiresAt}
+			s.tenantPool.MarkAsDemo(tenantID)
+			s.ensureDemoSeeded(tenantID)
+		} else {
+			tenantID = t.ID
+		}
+		s.tenantCache.Set(subdomain, tenantID)
+	} else {
+		d, _ := s.database.GetDemoBySubdomain(r.Context(), subdomain)
+		if d != nil {
+			demoInfo = DemoInfo{IsDemo: true, ExpiresAt: d.ExpiresAt}
+			s.tenantPool.MarkAsDemo(tenantID)
+		}
+	}
+
+	ctx := context.WithValue(r.Context(), tenantIDKey, tenantID)
+	ctx = context.WithValue(ctx, demoInfoKey, demoInfo)
+	r = r.WithContext(ctx)
+
+	mux := chi.NewRouter()
+
+	mux.Get("/", s.blogHome)
+	mux.Get("/posts", s.blogList)
+	mux.Get("/posts/{slug}", s.blogPost)
+
+	mux.Handle("/static/*", http.StripPrefix("/static/", assets.Handler()))
+
+	mux.Route("/api/studio", func(r chi.Router) {
+		r.Use(demoAwareSessionMiddleware(s.database))
+		r.Use(s.ownerMiddleware)
+		r.Mount("/", s.studioRoutes())
+	})
+
+	mux.Mount("/api/v1", s.publicAPIRoutes())
+	mux.Mount("/api/reader", s.readerRoutes())
+
+	mux.Get("/studio", s.serveStudio)
+	mux.Get("/studio/*", s.serveStudio)
+
+	mux.Get("/sitemap.xml", s.sitemap)
+	mux.Get("/robots.txt", s.robots)
+
+	mux.ServeHTTP(w, r)
+}
+
+func (s *Server) blogHome(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		slog.Error("blogHome: get tenant pool", "error", err, "tenantID", tenantID)
+		http.Error(w, "internal error", http.StatusInternalServerError)
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	s.recordPageView(q, r, "/", "")
+
+	if html, etag, err := q.GetPage(r.Context(), "/"); err == nil && html != nil {
+		s.servePreRendered(w, r, html, etag, "public, max-age=300")
+		return
+	}
+
+	posts, err := q.ListPosts(r.Context(), false)
+	if err != nil {
+		slog.Error("blogHome: list posts", "error", err)
+		http.Error(w, "internal error", http.StatusInternalServerError)
+		return
+	}
+
+	settings, _ := q.GetSettings(r.Context())
+	siteName := getSettingOr(settings, "site_name", "My Blog")
+	siteDesc := getSettingOr(settings, "site_description", "")
+	baseURL := getBaseURL(r.Host)
+
+	showBadge := true
+	if t, err := s.database.GetTenantByID(r.Context(), tenantID); err == nil && t != nil {
+		tierInfo := config.GetTierInfo(t.Premium)
+		showBadge = tierInfo.Config.BadgeRequired
+	}
+
+	postSummaries := make([]templates.PostSummary, 0, len(posts))
+	for _, p := range posts {
+		if len(postSummaries) >= 10 {
+			break
+		}
+		postSummaries = append(postSummaries, templates.PostSummary{
+			Slug:        p.Slug,
+			Title:       p.Title,
+			Description: p.Description,
+			Date:        timeOrZero(p.PublishedAt),
+		})
+	}
+
+	data := templates.HomeData{
+		PageData: templates.PageData{
+			Title:        siteName,
+			Description:  siteDesc,
+			CanonicalURL: baseURL + "/",
+			OGType:       "website",
+			SiteName:     siteName,
+			Year:         time.Now().Year(),
+			Settings:     settingsToMap(settings),
+			NoIndex:      GetDemoInfo(r).IsDemo,
+			ShowBadge:    showBadge,
+		},
+		Posts:   postSummaries,
+		HasMore: len(posts) > 10,
+	}
+
+	html, err := templates.RenderHome(data)
+	if err != nil {
+		slog.Error("blogHome: render template", "error", err)
+		http.Error(w, "render error", http.StatusInternalServerError)
+		return
+	}
+
+	s.servePreRendered(w, r, html, computeETag(html), "public, max-age=300")
+}
+
+func (s *Server) blogList(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		http.Error(w, "internal error", http.StatusInternalServerError)
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	s.recordPageView(q, r, "/posts", "")
+
+	if html, etag, err := q.GetPage(r.Context(), "/posts"); err == nil && html != nil {
+		s.servePreRendered(w, r, html, etag, "public, max-age=300")
+		return
+	}
+
+	posts, err := q.ListPosts(r.Context(), false)
+	if err != nil {
+		http.Error(w, "internal error", http.StatusInternalServerError)
+		return
+	}
+
+	settings, _ := q.GetSettings(r.Context())
+	siteName := getSettingOr(settings, "site_name", "My Blog")
+	baseURL := getBaseURL(r.Host)
+
+	showBadge := true
+	if t, err := s.database.GetTenantByID(r.Context(), tenantID); err == nil && t != nil {
+		tierInfo := config.GetTierInfo(t.Premium)
+		showBadge = tierInfo.Config.BadgeRequired
+	}
+
+	postSummaries := make([]templates.PostSummary, len(posts))
+	for i, p := range posts {
+		postSummaries[i] = templates.PostSummary{
+			Slug:        p.Slug,
+			Title:       p.Title,
+			Description: p.Description,
+			Date:        timeOrZero(p.PublishedAt),
+		}
+	}
+
+	data := templates.BlogData{
+		PageData: templates.PageData{
+			Title:        "Posts - " + siteName,
+			Description:  "All posts",
+			CanonicalURL: baseURL + "/posts",
+			OGType:       "website",
+			SiteName:     siteName,
+			Year:         time.Now().Year(),
+			Settings:     settingsToMap(settings),
+			NoIndex:      GetDemoInfo(r).IsDemo,
+			ShowBadge:    showBadge,
+		},
+		Posts: postSummaries,
+	}
+
+	html, err := templates.RenderBlog(data)
+	if err != nil {
+		http.Error(w, "render error", http.StatusInternalServerError)
+		return
+	}
+
+	s.servePreRendered(w, r, html, computeETag(html), "public, max-age=300")
+}
+
+func (s *Server) blogPost(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	slug := chi.URLParam(r, "slug")
+	isPreview := r.URL.Query().Get("preview") == "true"
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		http.Error(w, "internal error", http.StatusInternalServerError)
+		return
+	}
+
+	q := tenant.NewQueries(db)
+
+	if isPreview && !s.canPreview(r, tenantID) {
+		http.Error(w, "unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	if !isPreview {
+		path := "/posts/" + slug
+		s.recordPageView(q, r, path, slug)
+
+		if html, etag, err := q.GetPage(r.Context(), path); err == nil && html != nil {
+			s.servePreRendered(w, r, html, etag, "public, max-age=3600")
+			return
+		}
+	}
+
+	post, err := q.GetPost(r.Context(), slug)
+	if err != nil {
+		http.Error(w, "internal error", http.StatusInternalServerError)
+		return
+	}
+	if post == nil {
+		aliasPost, _ := q.GetPostByAlias(r.Context(), slug)
+		if aliasPost != nil && aliasPost.IsPublished {
+			http.Redirect(w, r, "/posts/"+aliasPost.Slug, http.StatusMovedPermanently)
+			return
+		}
+		http.NotFound(w, r)
+		return
+	}
+
+	if !post.IsPublished && !isPreview {
+		http.NotFound(w, r)
+		return
+	}
+
+	title := post.Title
+	description := post.Description
+	contentMD := post.ContentMD
+	tags := post.Tags
+	coverImage := post.CoverImage
+
+	if isPreview {
+		if draft, _ := q.GetDraft(r.Context(), post.ID); draft != nil {
+			title = draft.Title
+			description = draft.Description
+			contentMD = draft.ContentMD
+			tags = draft.Tags
+			coverImage = draft.CoverImage
+		}
+	}
+
+	settings, _ := q.GetSettings(r.Context())
+	siteName := getSettingOr(settings, "site_name", "My Blog")
+	baseURL := getBaseURL(r.Host)
+	codeTheme := getSettingOr(settings, "code_theme", "github")
+
+	showBadge := true
+	if t, err := s.database.GetTenantByID(r.Context(), tenantID); err == nil && t != nil {
+		tierInfo := config.GetTierInfo(t.Premium)
+		showBadge = tierInfo.Config.BadgeRequired
+	}
+
+	contentHTML := ""
+	if contentMD != "" {
+		contentHTML, _ = markdown.RenderWithTheme(contentMD, codeTheme)
+	}
+
+	interactionConfig := q.GetInteractionConfig(r.Context())
+	structuredData := buildArticleSchema(post, siteName, baseURL)
+
+	data := templates.PostData{
+		PageData: templates.PageData{
+			Title:          title + " - " + siteName,
+			Description:    description,
+			CanonicalURL:   baseURL + "/posts/" + post.Slug,
+			OGType:         "article",
+			OGImage:        coverImage,
+			SiteName:       siteName,
+			Year:           time.Now().Year(),
+			StructuredData: template.JS(structuredData),
+			Settings:       settingsToMap(settings),
+			NoIndex:        GetDemoInfo(r).IsDemo || isPreview,
+			ShowBadge:      showBadge,
+		},
+		Post: templates.PostDetail{
+			Slug:        post.Slug,
+			Title:       title,
+			Description: description,
+			CoverImage:  coverImage,
+			Date:        timeOrZero(post.PublishedAt),
+			Tags:        tags,
+		},
+		ContentHTML:       template.HTML(contentHTML),
+		InteractionConfig: interactionConfig,
+	}
+
+	html, err := templates.RenderPost(data)
+	if err != nil {
+		http.Error(w, "render error", http.StatusInternalServerError)
+		return
+	}
+
+	if isPreview {
+		previewScript := `<style>
+.preview-banner {
+  position: fixed;
+  bottom: 0;
+  left: 0;
+  right: 0;
+  background: linear-gradient(135deg, #7c3aed 0%, #6d28d9 100%);
+  color: #fff;
+  font-family: system-ui, -apple-system, sans-serif;
+  font-size: 13px;
+  z-index: 99999;
+  padding: 10px 16px;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  gap: 16px;
+  box-shadow: 0 -4px 20px rgba(0,0,0,0.15);
+}
+@media(min-width:640px) {
+  .preview-banner {
+    bottom: auto;
+    top: 0;
+    left: 50%;
+    right: auto;
+    transform: translateX(-50%);
+    border-radius: 0 0 8px 8px;
+    padding: 8px 20px;
+  }
+}
+.preview-badge {
+  display: inline-flex;
+  align-items: center;
+  gap: 6px;
+  font-weight: 600;
+  letter-spacing: 0.02em;
+}
+.preview-badge svg {
+  width: 14px;
+  height: 14px;
+}
+.preview-status {
+  opacity: 0.9;
+  font-size: 12px;
+}
+.preview-link {
+  background: rgba(255,255,255,0.2);
+  color: #fff;
+  padding: 4px 10px;
+  border-radius: 4px;
+  text-decoration: none;
+  font-weight: 500;
+  font-size: 12px;
+  transition: background 0.15s;
+}
+.preview-link:hover {
+  background: rgba(255,255,255,0.3);
+}
+.preview-rebuild {
+  position: fixed;
+  top: 16px;
+  right: 16px;
+  background: #18181b;
+  color: #fafafa;
+  padding: 8px 16px;
+  border-radius: 6px;
+  font-size: 13px;
+  font-family: system-ui, sans-serif;
+  z-index: 99998;
+  opacity: 0;
+  transition: opacity 0.15s;
+  pointer-events: none;
+}
+.preview-rebuild.visible { opacity: 1; }
+</style>
+<div class="preview-banner">
+  <span class="preview-badge">
+    <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+      <path d="M1 12s4-8 11-8 11 8 11 8-4 8-11 8-11-8-11-8z"/><circle cx="12" cy="12" r="3"/>
+    </svg>
+    Preview Mode
+  </span>
+  <span class="preview-status">Viewing as author</span>
+  <a class="preview-link" href="/studio/posts/` + post.Slug + `/edit">Back to Editor</a>
+</div>
+<div class="preview-rebuild" id="preview-rebuild">Rebuilding...</div>
+<script>
+(function() {
+  var channel = new BroadcastChannel('writekit-preview');
+  var slug = '` + post.Slug + `';
+  var rebuild = document.getElementById('preview-rebuild');
+  channel.onmessage = function(e) {
+    if (e.data.slug !== slug) return;
+    if (e.data.type === 'rebuilding') {
+      rebuild.classList.add('visible');
+      return;
+    }
+    if (e.data.type === 'content-update') {
+      var content = document.querySelector('.post-content');
+      if (content) content.innerHTML = e.data.html;
+      var title = document.querySelector('h1');
+      if (title) title.textContent = e.data.title;
+      var desc = document.querySelector('meta[name="description"]');
+      if (desc) desc.content = e.data.description;
+      rebuild.classList.remove('visible');
+    }
+  };
+})();
+</script>`
+		html = bytes.Replace(html, []byte("</body>"), []byte(previewScript+"</body>"), 1)
+		w.Header().Set("Cache-Control", "no-store")
+		w.Header().Set("Content-Type", "text/html; charset=utf-8")
+		w.Write(html)
+		return
+	}
+
+	s.servePreRendered(w, r, html, computeETag(html), "public, max-age=3600")
+}
+
+func (s *Server) canPreview(r *http.Request, tenantID string) bool {
+	if GetDemoInfo(r).IsDemo {
+		return true
+	}
+
+	userID := auth.GetUserID(r)
+	if userID == "" {
+		return false
+	}
+
+	isOwner, err := s.database.IsUserTenantOwner(r.Context(), userID, tenantID)
+	if err != nil {
+		return false
+	}
+	return isOwner
+}
+
+func (s *Server) serveStudio(w http.ResponseWriter, r *http.Request) {
+	if viteURL := os.Getenv("VITE_URL"); viteURL != "" && os.Getenv("ENV") == "local" {
+		target, err := url.Parse(viteURL)
+		if err != nil {
+			slog.Error("invalid VITE_URL", "error", err)
+			http.Error(w, "internal error", http.StatusInternalServerError)
+			return
+		}
+		proxy := httputil.NewSingleHostReverseProxy(target)
+		proxy.Director = func(req *http.Request) {
+			req.URL.Scheme = target.Scheme
+			req.URL.Host = target.Host
+			req.Host = target.Host
+		}
+		proxy.ServeHTTP(w, r)
+		return
+	}
+
+	path := chi.URLParam(r, "*")
+	if path == "" {
+		path = "index.html"
+	}
+
+	data, err := studio.Read(path)
+	if err != nil {
+		data, _ = studio.Read("index.html")
+	}
+
+	contentType := "text/html; charset=utf-8"
+	if len(path) > 3 {
+		switch path[len(path)-3:] {
+		case ".js":
+			contentType = "application/javascript"
+		case "css":
+			contentType = "text/css"
+		}
+	}
+
+	if contentType == "text/html; charset=utf-8" {
+		if demoInfo := GetDemoInfo(r); demoInfo.IsDemo {
+			data = s.injectDemoBanner(data, demoInfo.ExpiresAt)
+		}
+	}
+
+	w.Header().Set("Content-Type", contentType)
+	w.Header().Set("Cache-Control", "public, max-age=31536000, immutable")
+	if contentType == "text/html; charset=utf-8" {
+		w.Header().Set("Cache-Control", "no-cache")
+	}
+	w.Write(data)
+}
+
+func (s *Server) sitemap(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		http.Error(w, "internal error", http.StatusInternalServerError)
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	posts, _ := q.ListPosts(r.Context(), false)
+	baseURL := getBaseURL(r.Host)
+
+	w.Header().Set("Content-Type", "application/xml; charset=utf-8")
+	w.Header().Set("Cache-Control", "public, max-age=3600")
+
+	w.Write([]byte(`<?xml version="1.0" encoding="UTF-8"?>
+<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
+  <url><loc>` + baseURL + `/</loc></url>
+`))
+
+	for _, p := range posts {
+		lastmod := p.ModifiedAt.Format("2006-01-02")
+		if p.UpdatedAt != nil {
+			lastmod = p.UpdatedAt.Format("2006-01-02")
+		}
+		w.Write([]byte(fmt.Sprintf("  <url><loc>%s/posts/%s</loc><lastmod>%s</lastmod></url>\n",
+			baseURL, p.Slug, lastmod)))
+	}
+
+	w.Write([]byte("</urlset>"))
+}
+
+func (s *Server) robots(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
+	w.Header().Set("Cache-Control", "public, max-age=86400")
+
+	if GetDemoInfo(r).IsDemo {
+		w.Write([]byte("User-agent: *\nDisallow: /\n"))
+		return
+	}
+
+	baseURL := getBaseURL(r.Host)
+	fmt.Fprintf(w, "User-agent: *\nAllow: /\n\nSitemap: %s/sitemap.xml\n", baseURL)
+}
+
+func (s *Server) ownerMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		demoInfo := GetDemoInfo(r)
+		if demoInfo.IsDemo {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		userID := auth.GetUserID(r)
+		if userID == "" {
+			http.Error(w, "unauthorized", http.StatusUnauthorized)
+			return
+		}
+
+		tenantID, ok := r.Context().Value(tenantIDKey).(string)
+		if !ok || tenantID == "" {
+			http.Error(w, "unauthorized", http.StatusUnauthorized)
+			return
+		}
+
+		isOwner, err := s.database.IsUserTenantOwner(r.Context(), userID, tenantID)
+		if err != nil {
+			http.Error(w, "internal error", http.StatusInternalServerError)
+			return
+		}
+		if !isOwner {
+			http.Error(w, "forbidden", http.StatusForbidden)
+			return
+		}
+
+		next.ServeHTTP(w, r)
+	})
+}
+
+func getSettingOr(settings tenant.Settings, key, fallback string) string {
+	if v, ok := settings[key]; ok && v != "" {
+		return v
+	}
+	return fallback
+}
+
+func settingsToMap(settings tenant.Settings) map[string]any {
+	m := make(map[string]any)
+	for k, v := range settings {
+		m[k] = v
+	}
+	return m
+}
+
+func getBaseURL(host string) string {
+	scheme := "https"
+	if env := os.Getenv("ENV"); env != "prod" {
+		scheme = "http"
+	}
+	return fmt.Sprintf("%s://%s", scheme, host)
+}
+
+func computeETag(data []byte) string {
+	hash := md5.Sum(data)
+	return `"` + hex.EncodeToString(hash[:]) + `"`
+}
+
+func (s *Server) servePreRendered(w http.ResponseWriter, r *http.Request, html []byte, etag, cacheControl string) {
+	if demoInfo := GetDemoInfo(r); demoInfo.IsDemo {
+		html = s.injectDemoBanner(html, demoInfo.ExpiresAt)
+		etag = computeETag(html)
+	}
+
+	if match := r.Header.Get("If-None-Match"); match == etag {
+		w.WriteHeader(http.StatusNotModified)
+		return
+	}
+
+	w.Header().Set("Content-Type", "text/html; charset=utf-8")
+	w.Header().Set("Cache-Control", cacheControl)
+	w.Header().Set("ETag", etag)
+	w.Write(html)
+}
+
+func buildArticleSchema(post *tenant.Post, siteName, baseURL string) string {
+	publishedAt := timeOrZero(post.PublishedAt)
+	modifiedAt := publishedAt
+	if post.UpdatedAt != nil {
+		modifiedAt = *post.UpdatedAt
+	}
+
+	schema := map[string]any{
+		"@context":      "https://schema.org",
+		"@type":         "Article",
+		"headline":      post.Title,
+		"datePublished": publishedAt.Format(time.RFC3339),
+		"dateModified":  modifiedAt.Format(time.RFC3339),
+		"author": map[string]any{
+			"@type": "Person",
+			"name":  siteName,
+		},
+		"publisher": map[string]any{
+			"@type": "Organization",
+			"name":  siteName,
+		},
+		"mainEntityOfPage": map[string]any{
+			"@type": "WebPage",
+			"@id":   baseURL + "/posts/" + post.Slug,
+		},
+	}
+	if post.Description != "" {
+		schema["description"] = post.Description
+	}
+	b, _ := json.Marshal(schema)
+	return string(b)
+}
+
+func (s *Server) recordPageView(q *tenant.Queries, r *http.Request, path, postSlug string) {
+	referrer := r.Header.Get("Referer")
+	userAgent := r.Header.Get("User-Agent")
+	go func() {
+		q.RecordPageView(context.Background(), path, postSlug, referrer, userAgent)
+	}()
+}
+
+func timeOrZero(t *time.Time) time.Time {
+	if t == nil {
+		return time.Time{}
+	}
+	return *t
+}
diff --git a/internal/server/build.go b/internal/server/build.go
new file mode 100644
index 0000000..116d845
--- /dev/null
+++ b/internal/server/build.go
@@ -0,0 +1,176 @@
+package server
+
+import (
+	"context"
+	"database/sql"
+	"html/template"
+	"log/slog"
+	"sync"
+	"time"
+
+	"github.com/writekitapp/writekit/internal/build/templates"
+	"github.com/writekitapp/writekit/internal/markdown"
+	"github.com/writekitapp/writekit/internal/tenant"
+)
+
+type renderedPage struct {
+	path string
+	html []byte
+	etag string
+}
+
+func (s *Server) rebuildSite(ctx context.Context, tenantID string, db *sql.DB, host string) {
+	q := tenant.NewQueries(db)
+	settings, err := q.GetSettings(ctx)
+	if err != nil {
+		slog.Error("rebuildSite: get settings", "error", err, "tenantID", tenantID)
+		return
+	}
+
+	posts, err := q.ListPosts(ctx, false)
+	if err != nil {
+		slog.Error("rebuildSite: list posts", "error", err, "tenantID", tenantID)
+		return
+	}
+
+	baseURL := getBaseURL(host)
+	siteName := getSettingOr(settings, "site_name", "My Blog")
+	siteDesc := getSettingOr(settings, "site_description", "")
+	codeTheme := getSettingOr(settings, "code_theme", "github")
+	fontKey := getSettingOr(settings, "font", "system")
+	isDemo := getSettingOr(settings, "is_demo", "") == "true"
+
+	pageData := templates.PageData{
+		SiteName:   siteName,
+		Year:       time.Now().Year(),
+		FontURL:    templates.GetFontURL(fontKey),
+		FontFamily: templates.GetFontFamily(fontKey),
+		Settings:   settingsToMap(settings),
+		NoIndex:    isDemo,
+	}
+
+	var pages []renderedPage
+	var mu sync.Mutex
+	var wg sync.WaitGroup
+
+	addPage := func(path string, html []byte) {
+		mu.Lock()
+		pages = append(pages, renderedPage{path, html, computeETag(html)})
+		mu.Unlock()
+	}
+
+	postSummaries := make([]templates.PostSummary, len(posts))
+	for i, p := range posts {
+		postSummaries[i] = templates.PostSummary{
+			Slug:        p.Slug,
+			Title:       p.Title,
+			Description: p.Description,
+			Date:        timeOrZero(p.PublishedAt),
+		}
+	}
+
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+		homePosts := postSummaries
+		if len(homePosts) > 10 {
+			homePosts = homePosts[:10]
+		}
+		data := templates.HomeData{
+			PageData: pageData,
+			Posts:    homePosts,
+			HasMore:  len(postSummaries) > 10,
+		}
+		data.Title = siteName
+		data.Description = siteDesc
+		data.CanonicalURL = baseURL + "/"
+		data.OGType = "website"
+
+		html, err := templates.RenderHome(data)
+		if err != nil {
+			slog.Error("rebuildSite: render home", "error", err)
+			return
+		}
+		addPage("/", html)
+	}()
+
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+		data := templates.BlogData{
+			PageData: pageData,
+			Posts:    postSummaries,
+		}
+		data.Title = "Posts - " + siteName
+		data.Description = "All posts"
+		data.CanonicalURL = baseURL + "/posts"
+		data.OGType = "website"
+
+		html, err := templates.RenderBlog(data)
+		if err != nil {
+			slog.Error("rebuildSite: render blog", "error", err)
+			return
+		}
+		addPage("/posts", html)
+	}()
+
+	for _, p := range posts {
+		wg.Add(1)
+		go func(post tenant.Post) {
+			defer wg.Done()
+
+			contentHTML := post.ContentHTML
+			if contentHTML == "" && post.ContentMD != "" {
+				contentHTML, _ = markdown.RenderWithTheme(post.ContentMD, codeTheme)
+			}
+
+			interactionConfig := q.GetInteractionConfig(ctx)
+			structuredData := buildArticleSchema(&post, siteName, baseURL)
+
+			data := templates.PostData{
+				PageData: pageData,
+				Post: templates.PostDetail{
+					Slug:        post.Slug,
+					Title:       post.Title,
+					Description: post.Description,
+					Date:        timeOrZero(post.PublishedAt),
+					Tags:        post.Tags,
+				},
+				ContentHTML:       template.HTML(contentHTML),
+				InteractionConfig: interactionConfig,
+			}
+			data.Title = post.Title + " - " + siteName
+			data.Description = post.Description
+			data.CanonicalURL = baseURL + "/posts/" + post.Slug
+			data.OGType = "article"
+			data.StructuredData = template.JS(structuredData)
+
+			html, err := templates.RenderPost(data)
+			if err != nil {
+				slog.Error("rebuildSite: render post", "error", err, "slug", post.Slug)
+				return
+			}
+			addPage("/posts/"+post.Slug, html)
+		}(p)
+	}
+
+	wg.Wait()
+
+	for _, p := range pages {
+		if err := q.SetPage(ctx, p.path, p.html, p.etag); err != nil {
+			slog.Error("rebuildSite: save page", "error", err, "path", p.path)
+		}
+	}
+
+	if s.cloudflare.IsConfigured() {
+		urls := make([]string, len(pages))
+		for i, p := range pages {
+			urls[i] = baseURL + p.path
+		}
+		if err := s.cloudflare.PurgeURLs(ctx, urls); err != nil {
+			slog.Error("rebuildSite: purge cache", "error", err)
+		}
+	}
+
+	slog.Info("rebuildSite: complete", "tenantID", tenantID, "pages", len(pages))
+}
diff --git a/internal/server/demo.go b/internal/server/demo.go
new file mode 100644
index 0000000..8a4d855
--- /dev/null
+++ b/internal/server/demo.go
@@ -0,0 +1,208 @@
+package server
+
+import (
+	"bytes"
+	"math/rand"
+	"net/http"
+	"os"
+	"strconv"
+	"time"
+
+	"github.com/writekitapp/writekit/internal/auth"
+	"github.com/writekitapp/writekit/internal/db"
+	"github.com/writekitapp/writekit/internal/tenant"
+)
+
+type ctxKey string
+
+const (
+	tenantIDKey ctxKey = "tenantID"
+	demoInfoKey ctxKey = "demoInfo"
+)
+
+type DemoInfo struct {
+	IsDemo    bool
+	ExpiresAt time.Time
+}
+
+func GetDemoInfo(r *http.Request) DemoInfo {
+	if info, ok := r.Context().Value(demoInfoKey).(DemoInfo); ok {
+		return info
+	}
+	return DemoInfo{}
+}
+
+func demoAwareSessionMiddleware(database *db.DB) func(http.Handler) http.Handler {
+	sessionMW := auth.SessionMiddleware(database)
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if GetDemoInfo(r).IsDemo {
+				next.ServeHTTP(w, r)
+				return
+			}
+			sessionMW(next).ServeHTTP(w, r)
+		})
+	}
+}
+
+func (s *Server) injectDemoBanner(html []byte, expiresAt time.Time) []byte {
+	scheme := "https"
+	if os.Getenv("ENV") != "prod" {
+		scheme = "http"
+	}
+	redirectURL := scheme + "://" + s.domain
+	banner := demoBannerHTML(expiresAt, redirectURL)
+	return bytes.Replace(html, []byte("</body>"), append([]byte(banner), []byte("</body>")...), 1)
+}
+
+func demoBannerHTML(expiresAt time.Time, redirectURL string) string {
+	expiresUnix := expiresAt.Unix()
+	return `<div id="demo-banner"><div class="demo-inner"><span class="demo-timer"></span><a class="demo-cta" target="_blank" href="/studio">Open Studio</a></div></div>
+<style>
+#demo-banner{position:fixed;bottom:0;left:0;right:0;background:rgba(220,38,38,0.95);color:#fff;font-family:system-ui,-apple-system,sans-serif;font-size:13px;z-index:99999;backdrop-filter:blur(8px);padding:10px 16px}
+@media(min-width:640px){#demo-banner{bottom:auto;top:0;left:auto;right:16px;width:auto;padding:8px 16px}}
+.demo-inner{display:flex;align-items:center;justify-content:center;gap:12px}
+.demo-timer{font-variant-numeric:tabular-nums;font-weight:500}
+.demo-timer.urgent{color:#fecaca;animation:pulse 1s infinite}
+@keyframes pulse{0%,100%{opacity:1}50%{opacity:.6}}
+.demo-cta{background:#fff;color:#dc2626;padding:6px 12px;text-decoration:none;font-weight:600;font-size:12px;transition:transform .15s}
+.demo-cta:hover{transform:scale(1.05)}
+</style>
+<script>
+(function(){
+const exp=` + strconv.FormatInt(expiresUnix, 10) + `*1000;
+const timer=document.querySelector('.demo-timer');
+const cta=document.querySelector('.demo-cta');
+const update=()=>{
+const left=Math.max(0,exp-Date.now());
+const m=Math.floor(left/60000);
+const s=Math.floor((left%60000)/1000);
+timer.textContent=m+':'+(s<10?'0':'')+s+' remaining';
+if(left<30000)timer.classList.add('urgent');
+if(left<=0){
+timer.textContent='Demo expired';
+setTimeout(()=>{
+const sub=location.hostname.split('.')[0];
+location.href='` + redirectURL + `?expired=true&subdomain='+sub;
+},2000);
+return;
+}
+requestAnimationFrame(update);
+};
+update();
+if(location.pathname.startsWith('/studio'))cta.textContent='View Site',cta.href='/posts';
+})();
+</script>`
+}
+
+func generateFakeAnalytics(days int) *tenant.AnalyticsSummary {
+	if days <= 0 {
+		days = 30
+	}
+
+	baseViews := 25 + rand.Intn(20)
+	var totalViews, totalVisitors int64
+	viewsByDay := make([]tenant.DailyStats, days)
+
+	for i := 0; i < days; i++ {
+		date := time.Now().AddDate(0, 0, -days+i+1)
+		weekday := date.Weekday()
+
+		multiplier := 1.0
+		if weekday == time.Saturday || weekday == time.Sunday {
+			multiplier = 0.6
+		} else if weekday == time.Monday {
+			multiplier = 1.2
+		}
+
+		dailyViews := int64(float64(baseViews+rand.Intn(15)) * multiplier)
+		dailyVisitors := dailyViews * int64(65+rand.Intn(15)) / 100
+
+		totalViews += dailyViews
+		totalVisitors += dailyVisitors
+
+		viewsByDay[i] = tenant.DailyStats{
+			Date:     date.Format("2006-01-02"),
+			Views:    dailyViews,
+			Visitors: dailyVisitors,
+		}
+	}
+
+	return &tenant.AnalyticsSummary{
+		TotalViews:     totalViews,
+		TotalPageViews: totalViews,
+		UniqueVisitors: totalVisitors,
+		TotalBandwidth: totalViews * 45000,
+		ViewsChange:    float64(rand.Intn(300)-100) / 10,
+		ViewsByDay:     viewsByDay,
+		TopPages: []tenant.PageStats{
+			{Path: "/", Views: totalViews * 25 / 100},
+			{Path: "/posts/shipping-a-side-project", Views: totalViews * 22 / 100},
+			{Path: "/posts/debugging-production-like-a-detective", Views: totalViews * 18 / 100},
+			{Path: "/posts/sqlite-in-production", Views: totalViews * 15 / 100},
+			{Path: "/posts", Views: totalViews * 12 / 100},
+			{Path: "/posts/my-2024-reading-list", Views: totalViews * 8 / 100},
+		},
+		TopReferrers: []tenant.ReferrerStats{
+			{Referrer: "Google", Views: totalViews * 30 / 100},
+			{Referrer: "Twitter/X", Views: totalViews * 20 / 100},
+			{Referrer: "GitHub", Views: totalViews * 15 / 100},
+			{Referrer: "Hacker News", Views: totalViews * 12 / 100},
+			{Referrer: "LinkedIn", Views: totalViews * 10 / 100},
+			{Referrer: "YouTube", Views: totalViews * 8 / 100},
+			{Referrer: "Reddit", Views: totalViews * 5 / 100},
+		},
+		Browsers: []tenant.NamedStat{
+			{Name: "Chrome", Count: totalVisitors * 55 / 100},
+			{Name: "Safari", Count: totalVisitors * 25 / 100},
+			{Name: "Firefox", Count: totalVisitors * 12 / 100},
+			{Name: "Edge", Count: totalVisitors * 8 / 100},
+		},
+		OS: []tenant.NamedStat{
+			{Name: "macOS", Count: totalVisitors * 45 / 100},
+			{Name: "Windows", Count: totalVisitors * 30 / 100},
+			{Name: "iOS", Count: totalVisitors * 15 / 100},
+			{Name: "Linux", Count: totalVisitors * 7 / 100},
+			{Name: "Android", Count: totalVisitors * 3 / 100},
+		},
+		Devices: []tenant.NamedStat{
+			{Name: "Desktop", Count: totalVisitors * 70 / 100},
+			{Name: "Mobile", Count: totalVisitors * 25 / 100},
+			{Name: "Tablet", Count: totalVisitors * 5 / 100},
+		},
+		Countries: []tenant.NamedStat{
+			{Name: "United States", Count: totalVisitors * 40 / 100},
+			{Name: "United Kingdom", Count: totalVisitors * 12 / 100},
+			{Name: "Germany", Count: totalVisitors * 10 / 100},
+			{Name: "Canada", Count: totalVisitors * 8 / 100},
+			{Name: "France", Count: totalVisitors * 6 / 100},
+			{Name: "Australia", Count: totalVisitors * 5 / 100},
+		},
+	}
+}
+
+func generateFakePostAnalytics(days int) *tenant.AnalyticsSummary {
+	if days <= 0 {
+		days = 30
+	}
+
+	baseViews := 5 + rand.Intn(8)
+	var totalViews int64
+	viewsByDay := make([]tenant.DailyStats, days)
+
+	for i := 0; i < days; i++ {
+		date := time.Now().AddDate(0, 0, -days+i+1)
+		dailyViews := int64(baseViews + rand.Intn(6))
+		totalViews += dailyViews
+
+		viewsByDay[i] = tenant.DailyStats{
+			Date:  date.Format("2006-01-02"),
+			Views: dailyViews,
+		}
+	}
+
+	return &tenant.AnalyticsSummary{
+		TotalViews: totalViews,
+		ViewsByDay: viewsByDay,
+	}
+}
diff --git a/internal/server/platform.go b/internal/server/platform.go
new file mode 100644
index 0000000..78597d8
--- /dev/null
+++ b/internal/server/platform.go
@@ -0,0 +1,649 @@
+package server
+
+import (
+	"embed"
+	"encoding/json"
+	"fmt"
+	"io/fs"
+	"log/slog"
+	"net/http"
+	"os"
+	"regexp"
+	"strings"
+
+	"github.com/writekitapp/writekit/internal/auth"
+)
+
+//go:embed templates/*.html
+var templatesFS embed.FS
+
+//go:embed static/*
+var staticFS embed.FS
+
+var subdomainRegex = regexp.MustCompile(`^[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$|^[a-z0-9]$`)
+
+func (s *Server) platformHome(w http.ResponseWriter, r *http.Request) {
+	content, err := templatesFS.ReadFile("templates/index.html")
+	if err != nil {
+		slog.Error("read index template", "error", err)
+		http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+		return
+	}
+
+	html := string(content)
+	html = strings.ReplaceAll(html, "{{ACCENT}}", "#10b981")
+	html = strings.ReplaceAll(html, "{{VERSION}}", "v1.0.0")
+	html = strings.ReplaceAll(html, "{{COMMIT}}", "dev")
+	html = strings.ReplaceAll(html, "{{DEMO_MINUTES}}", "15")
+
+	w.Header().Set("Content-Type", "text/html")
+	w.Write([]byte(html))
+}
+
+func (s *Server) notFound(w http.ResponseWriter, r *http.Request) {
+	content, err := templatesFS.ReadFile("templates/404.html")
+	if err != nil {
+		http.NotFound(w, r)
+		return
+	}
+
+	w.Header().Set("Content-Type", "text/html")
+	w.WriteHeader(http.StatusNotFound)
+	w.Write(content)
+}
+
+func (s *Server) platformLogin(w http.ResponseWriter, r *http.Request) {
+	http.Redirect(w, r, "/signup", http.StatusFound)
+}
+
+func (s *Server) platformSignup(w http.ResponseWriter, r *http.Request) {
+	content, err := templatesFS.ReadFile("templates/signup.html")
+	if err != nil {
+		slog.Error("read signup template", "error", err)
+		http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+		return
+	}
+
+	html := string(content)
+	html = strings.ReplaceAll(html, "{{ACCENT}}", "#10b981")
+
+	w.Header().Set("Content-Type", "text/html")
+	w.Write([]byte(html))
+}
+
+func (s *Server) platformDashboard(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Content-Type", "text/html")
+	w.Write([]byte(`<!DOCTYPE html>
+<html>
+<head><title>Dashboard - WriteKit</title></head>
+<body>
+<h1>Dashboard</h1>
+<p>Create your blog or manage your existing one.</p>
+</body>
+</html>`))
+}
+
+func (s *Server) serveStaticAssets(w http.ResponseWriter, r *http.Request) {
+	sub, err := fs.Sub(staticFS, "static")
+	if err != nil {
+		http.NotFound(w, r)
+		return
+	}
+	http.StripPrefix("/assets/", http.FileServer(http.FS(sub))).ServeHTTP(w, r)
+}
+
+func (s *Server) checkSubdomain(w http.ResponseWriter, r *http.Request) {
+	subdomain := strings.ToLower(r.URL.Query().Get("subdomain"))
+	if subdomain == "" {
+		jsonError(w, http.StatusBadRequest, "subdomain required")
+		return
+	}
+
+	if !subdomainRegex.MatchString(subdomain) {
+		jsonResponse(w, http.StatusOK, map[string]any{
+			"available": false,
+			"reason":    "invalid format",
+		})
+		return
+	}
+
+	available, err := s.database.IsSubdomainAvailable(r.Context(), subdomain)
+	if err != nil {
+		slog.Error("check subdomain", "error", err)
+		jsonError(w, http.StatusInternalServerError, "internal error")
+		return
+	}
+
+	jsonResponse(w, http.StatusOK, map[string]any{"available": available})
+}
+
+func (s *Server) createTenant(w http.ResponseWriter, r *http.Request) {
+	userID := auth.GetUserID(r)
+
+	var req struct {
+		Subdomain string `json:"subdomain"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid request")
+		return
+	}
+
+	subdomain := strings.ToLower(req.Subdomain)
+	if !subdomainRegex.MatchString(subdomain) {
+		jsonError(w, http.StatusBadRequest, "invalid subdomain format")
+		return
+	}
+
+	existing, err := s.database.GetTenantByOwner(r.Context(), userID)
+	if err != nil {
+		slog.Error("check existing tenant", "error", err)
+		jsonError(w, http.StatusInternalServerError, "internal error")
+		return
+	}
+	if existing != nil {
+		jsonResponse(w, http.StatusConflict, map[string]any{
+			"error": "you already have a blog",
+			"url":   s.buildURL(existing.Subdomain),
+		})
+		return
+	}
+
+	available, err := s.database.IsSubdomainAvailable(r.Context(), subdomain)
+	if err != nil {
+		slog.Error("check availability", "error", err)
+		jsonError(w, http.StatusInternalServerError, "internal error")
+		return
+	}
+	if !available {
+		jsonError(w, http.StatusConflict, "subdomain not available")
+		return
+	}
+
+	tenant, err := s.database.CreateTenant(r.Context(), userID, subdomain)
+	if err != nil {
+		slog.Error("create tenant", "error", err)
+		jsonError(w, http.StatusInternalServerError, "failed to create tenant")
+		return
+	}
+
+	if _, err := s.tenantPool.Get(tenant.ID); err != nil {
+		slog.Error("init tenant db", "tenant_id", tenant.ID, "error", err)
+	}
+
+	user, _ := s.database.GetUserByID(r.Context(), userID)
+	if user != nil {
+		if tenantDB, err := s.tenantPool.Get(tenant.ID); err == nil {
+			tenantDB.Exec(`INSERT INTO site_settings (key, value) VALUES ('author_name', ?) ON CONFLICT DO NOTHING`, user.Name)
+			tenantDB.Exec(`INSERT INTO site_settings (key, value) VALUES ('author_avatar', ?) ON CONFLICT DO NOTHING`, user.AvatarURL)
+		}
+	}
+
+	slog.Info("tenant created", "subdomain", subdomain, "user_id", userID, "tenant_id", tenant.ID)
+
+	jsonResponse(w, http.StatusCreated, map[string]any{
+		"subdomain": subdomain,
+		"url":       s.buildURL(subdomain),
+		"tenant_id": tenant.ID,
+	})
+}
+
+func (s *Server) getTenant(w http.ResponseWriter, r *http.Request) {
+	userID := auth.GetUserID(r)
+
+	tenant, err := s.database.GetTenantByOwner(r.Context(), userID)
+	if err != nil {
+		slog.Error("get tenant", "error", err)
+		jsonError(w, http.StatusInternalServerError, "internal error")
+		return
+	}
+	if tenant == nil {
+		jsonResponse(w, http.StatusOK, map[string]any{"has_tenant": false})
+		return
+	}
+
+	jsonResponse(w, http.StatusOK, map[string]any{
+		"has_tenant": true,
+		"tenant": map[string]any{
+			"id":        tenant.ID,
+			"subdomain": tenant.Subdomain,
+			"url":       s.buildURL(tenant.Subdomain),
+			"premium":   tenant.Premium,
+		},
+	})
+}
+
+func jsonResponse(w http.ResponseWriter, status int, data any) {
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(status)
+	json.NewEncoder(w).Encode(data)
+}
+
+func jsonError(w http.ResponseWriter, status int, msg string) {
+	jsonResponse(w, status, map[string]string{"error": msg})
+}
+
+func (s *Server) buildURL(subdomain string) string {
+	scheme := "https"
+	if env := os.Getenv("ENV"); env != "prod" {
+		scheme = "http"
+	}
+	return fmt.Sprintf("%s://%s.%s", scheme, subdomain, s.domain)
+}
+
+func (s *Server) createDemo(w http.ResponseWriter, r *http.Request) {
+	origin := r.Header.Get("Origin")
+	referer := r.Header.Get("Referer")
+
+	validOrigins := []string{
+		"https://" + s.domain,
+		"https://www." + s.domain,
+	}
+	if env := os.Getenv("ENV"); env != "prod" {
+		validOrigins = append(validOrigins,
+			"http://"+s.domain,
+			"http://www."+s.domain,
+		)
+	}
+
+	isValidOrigin := func(o string) bool {
+		for _, v := range validOrigins {
+			if o == v {
+				return true
+			}
+		}
+		return false
+	}
+
+	isValidReferer := func(ref string) bool {
+		for _, v := range validOrigins {
+			if strings.HasPrefix(ref, v) {
+				return true
+			}
+		}
+		return false
+	}
+
+	if origin != "" && !isValidOrigin(origin) {
+		jsonError(w, http.StatusForbidden, "forbidden")
+		return
+	}
+	if origin == "" && referer != "" && !isValidReferer(referer) {
+		jsonError(w, http.StatusForbidden, "forbidden")
+		return
+	}
+
+	var req struct {
+		Name  string `json:"name"`
+		Color string `json:"color"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid request")
+		return
+	}
+
+	if req.Name == "" {
+		req.Name = "Demo User"
+	}
+	if req.Color == "" {
+		req.Color = "#10b981"
+	}
+
+	demo, err := s.database.CreateDemo(r.Context())
+	if err != nil {
+		slog.Error("create demo", "error", err)
+		jsonError(w, http.StatusInternalServerError, "failed to create demo")
+		return
+	}
+
+	s.tenantPool.MarkAsDemo(demo.ID)
+	if _, err := s.tenantPool.Get(demo.ID); err != nil {
+		slog.Error("init demo db", "demo_id", demo.ID, "error", err)
+	}
+
+	if err := s.seedDemoContent(demo.ID, req.Name, req.Color); err != nil {
+		slog.Error("seed demo content", "demo_id", demo.ID, "error", err)
+	}
+
+	slog.Info("demo created", "subdomain", demo.Subdomain, "demo_id", demo.ID, "expires_at", demo.ExpiresAt)
+
+	jsonResponse(w, http.StatusCreated, map[string]any{
+		"subdomain":  demo.Subdomain,
+		"url":        s.buildURL(demo.Subdomain),
+		"expires_at": demo.ExpiresAt.Format("2006-01-02T15:04:05Z"),
+	})
+}
+
+func (s *Server) seedDemoContent(demoID, authorName, accentColor string) error {
+	db, err := s.tenantPool.Get(demoID)
+	if err != nil {
+		return fmt.Errorf("get tenant pool: %w", err)
+	}
+
+	result, err := db.Exec(`INSERT INTO site_settings (key, value) VALUES
+		('site_name', ?),
+		('site_description', 'Thoughts on building software, developer tools, and the craft of engineering.'),
+		('accent_color', ?),
+		('author_name', ?),
+		('is_demo', 'true')
+		ON CONFLICT DO NOTHING`, authorName+"'s Blog", accentColor, authorName)
+	if err != nil {
+		return fmt.Errorf("insert settings: %w", err)
+	}
+	rows, _ := result.RowsAffected()
+	slog.Info("seed demo settings", "demo_id", demoID, "rows_affected", rows)
+
+	_, err = db.Exec(`INSERT INTO posts (id, slug, title, description, content_md, tags, cover_image, is_published, published_at, created_at, modified_at) VALUES
+		('demo-post-1', 'shipping-a-side-project',
+		'I Finally Shipped My Side Project',
+		'After mass years of abandoned repos, here is what finally worked.',
+		'I have mass abandoned side projects. We all do. But last month, I actually shipped one.
+
+Here''s what I did differently this time.
+
+## The Graveyard
+
+Before we get to what worked, let me be honest about what didn''t. My GitHub is full of:
+
+- [ ] A "better" todo app (mass of features planned, mass built)
+- [ ] A CLI tool I used once
+- [ ] Three different blog engines (ironic, I know)
+- [x] This project — finally shipped
+
+The pattern was always the same: mass enthusiasm for a week, mass silence forever.
+
+## What Changed
+
+This time, I set one rule: **ship in two weeks or kill it**.
+
+> "If you''re not embarrassed by the first version of your product, you''ve launched too late." — Reid Hoffman
+
+I printed that quote and stuck it on my monitor. Every time I wanted to add "just one more feature," I looked at it.
+
+## The Stack
+
+I kept it minimal:
+
+| Layer | Choice | Why |
+|-------|--------|-----|
+| Frontend | React | I know it well |
+| Backend | Go | Fast, simple deploys |
+| Database | SQLite | No ops overhead |
+| Hosting | Fly.io | $0 to start |
+
+~~I originally planned to use Kubernetes~~ — glad I didn''t. SQLite on a single server handles more traffic than I''ll ever get.
+
+## The Launch
+
+I posted on Twitter, mass likes. mass signups. Then... mass complaints about bugs I hadn''t tested for.
+
+But here''s the thing: **those bugs only exist because I shipped**. I fixed them in a day. If I''d waited for "perfect," I''d still be tweaking CSS.
+
+---
+
+Ship something this week. mass needs to be big. Your mass abandoned project could be mass person''s favorite tool.',
+		'["career","shipping"]',
+		'https://images.unsplash.com/photo-1517694712202-14dd9538aa97?w=1200&h=630&fit=crop',
+		1,
+		datetime('now', '-2 days'),
+		datetime('now', '-2 days'),
+		datetime('now', '-2 days')),
+
+		('demo-post-2', 'debugging-production-like-a-detective',
+		'Debugging Production Like a Detective',
+		'A systematic approach to finding bugs when console.log is not enough.',
+		'Last week, our API started returning 500 errors. Not always — just enough to be infuriating. Here''s how I tracked it down.
+
+## The Symptoms
+
+Users reported "random failures." The logs showed:
+
+` + "```" + `
+error: connection refused
+error: connection refused
+error: context deadline exceeded
+` + "```" + `
+
+Helpful, right?
+
+## Step 1: Gather Evidence
+
+First, I needed data. I added structured logging:
+
+` + "```go" + `
+slog.Error("request failed",
+    "endpoint", r.URL.Path,
+    "user_id", userID,
+    "duration_ms", time.Since(start).Milliseconds(),
+    "error", err,
+)
+` + "```" + `
+
+Within an hour, a pattern emerged:
+
+| Time | Endpoint | Duration | Result |
+|------|----------|----------|--------|
+| 14:01 | /api/posts | 45ms | OK |
+| 14:01 | /api/posts | 52ms | OK |
+| 14:02 | /api/posts | 30,004ms | FAIL |
+| 14:02 | /api/users | 48ms | OK |
+
+The failures were always *exactly* 30 seconds — our timeout value.
+
+## Step 2: Form a Hypothesis
+
+> The 30-second timeout suggested a connection hanging, not failing fast.
+
+I suspected connection pool exhaustion. Our pool was set to 10 connections. Under load, requests would wait for a free connection, then timeout.
+
+## Step 3: Test the Theory
+
+I checked the pool stats:
+
+` + "```sql" + `
+SELECT count(*) FROM pg_stat_activity
+WHERE application_name = ''myapp'';
+` + "```" + `
+
+Result: **10**. Exactly at the limit.
+
+## The Fix
+
+` + "```go" + `
+db.SetMaxOpenConns(25)      // was: 10
+db.SetMaxIdleConns(10)      // was: 2
+db.SetConnMaxLifetime(time.Hour)
+` + "```" + `
+
+Three lines. Two days of debugging. Zero more timeouts.
+
+---
+
+The lesson: **when debugging production, be a detective, not a guesser**. Gather evidence, form hypotheses, test them.',
+		'["debugging","golang","databases"]',
+		'https://images.unsplash.com/photo-1555066931-4365d14bab8c?w=1200&h=630&fit=crop',
+		1,
+		datetime('now', '-5 days'),
+		datetime('now', '-5 days'),
+		datetime('now', '-5 days')),
+
+		('demo-post-3', 'sqlite-in-production',
+		'Yes, You Can Use SQLite in Production',
+		'How to scale SQLite further than you think — and when to finally migrate.',
+		'Every time I mention SQLite in production, someone says "that doesn''t scale." Let me share some numbers.
+
+## The Reality
+
+SQLite handles:
+
+- **Millions** of reads per second
+- **Thousands** of writes per second (with WAL mode)
+- Databases up to **281 TB** (theoretical limit)
+
+For context, that''s more than most apps will ever need.
+
+## Configuration That Matters
+
+The defaults are conservative. For production, I use:
+
+` + "```sql" + `
+PRAGMA journal_mode = WAL;
+PRAGMA synchronous = NORMAL;
+PRAGMA cache_size = -64000;  -- 64MB cache
+PRAGMA busy_timeout = 5000;
+` + "```" + `
+
+This gives you:
+
+| Setting | Default | Production | Impact |
+|---------|---------|------------|--------|
+| journal_mode | DELETE | WAL | Concurrent reads during writes |
+| synchronous | FULL | NORMAL | 10x faster writes, still safe |
+| cache_size | -2000 | -64000 | Fewer disk reads |
+
+## When to Migrate
+
+SQLite is **not** right when you need:
+
+1. Multiple servers writing to the same database
+2. ~~Horizontal scaling~~ (though read replicas now exist via Litestream)
+3. Sub-millisecond writes under heavy contention
+
+If you''re running a single server — which is most apps — SQLite is great.
+
+> "I''ve never used a database that made me this happy." — every SQLite user, probably
+
+## Getting Started
+
+Here''s my standard setup:
+
+` + "```go" + `
+db, err := sql.Open("sqlite3", "file:app.db?_journal=WAL&_timeout=5000")
+if err != nil {
+    log.Fatal(err)
+}
+db.SetMaxOpenConns(1)  // SQLite writes are serialized anyway
+
+// Run migrations
+if _, err := db.Exec(schema); err != nil {
+    log.Fatal(err)
+}
+` + "```" + `
+
+---
+
+Stop overengineering. Start with SQLite. Migrate when you *actually* hit limits — you probably never will.',
+		'["sqlite","databases","architecture"]',
+		'https://images.unsplash.com/photo-1544383835-bda2bc66a55d?w=1200&h=630&fit=crop',
+		1,
+		datetime('now', '-8 days'),
+		datetime('now', '-8 days'),
+		datetime('now', '-8 days')),
+
+		('demo-post-4', 'my-2024-reading-list',
+		'My 2024 Reading List',
+		'',
+		'Here are the books that shaped my thinking this year.
+
+## Technical Books
+
+- **Designing Data-Intensive Applications** by Martin Kleppmann
+- **The Pragmatic Programmer** by David Thomas
+- **Staff Engineer** by Will Larson
+
+## Non-Technical
+
+- **The Mom Test** by Rob Fitzpatrick
+- **Building a Second Brain** by Tiago Forte
+
+More thoughts on each coming soon...',
+		'["books","learning"]',
+		'',
+		1,
+		datetime('now', '-12 days'),
+		datetime('now', '-12 days'),
+		datetime('now', '-12 days')),
+
+		('demo-draft-1', 'understanding-react-server-components',
+		'Understanding React Server Components',
+		'A deep dive into RSC architecture and when to use them.',
+		'React Server Components are confusing. Let me try to explain them.
+
+## The Problem RSC Solves
+
+Traditional React apps ship a lot of JavaScript to the browser. RSC lets you run components on the server and send only the HTML.
+
+## Key Concepts
+
+TODO: Add diagrams
+
+## When to Use RSC
+
+- Data fetching
+- Heavy dependencies
+- SEO-critical pages
+
+## When NOT to Use RSC
+
+- Interactive components
+- Client state
+- Event handlers
+
+Still writing this one...',
+		'["react","architecture"]',
+		'',
+		0,
+		NULL,
+		datetime('now', '-1 days'),
+		datetime('now', '-2 hours')),
+
+		('demo-draft-2', 'vim-tricks-i-use-daily',
+		'Vim Tricks I Use Daily',
+		'The shortcuts that actually stuck after 5 years of using Vim.',
+		'After mass years of Vim, these are the commands I use daily.
+
+## Navigation
+
+- Ctrl+d and Ctrl+u for half page down/up
+- zz to center current line
+
+## Editing
+
+Still collecting my favorites...',
+		'["vim","productivity"]',
+		'',
+		0,
+		NULL,
+		datetime('now', '-3 days'),
+		datetime('now', '-1 days'))
+		ON CONFLICT DO NOTHING`)
+	if err != nil {
+		return fmt.Errorf("insert posts: %w", err)
+	}
+	slog.Info("seed demo posts", "demo_id", demoID)
+
+	return nil
+}
+
+func (s *Server) ensureDemoSeeded(demoID string) {
+	db, err := s.tenantPool.Get(demoID)
+	if err != nil {
+		slog.Error("ensureDemoSeeded: get pool", "demo_id", demoID, "error", err)
+		return
+	}
+
+	var count int
+	err = db.QueryRow("SELECT COUNT(*) FROM posts").Scan(&count)
+	if err != nil {
+		slog.Error("ensureDemoSeeded: count posts", "demo_id", demoID, "error", err)
+		return
+	}
+
+	if count > 0 {
+		return
+	}
+
+	slog.Info("re-seeding demo content", "demo_id", demoID)
+	if err := s.seedDemoContent(demoID, "Demo User", "#10b981"); err != nil {
+		slog.Error("ensureDemoSeeded: seed failed", "demo_id", demoID, "error", err)
+	}
+}
diff --git a/internal/server/ratelimit.go b/internal/server/ratelimit.go
new file mode 100644
index 0000000..f58e6f8
--- /dev/null
+++ b/internal/server/ratelimit.go
@@ -0,0 +1,126 @@
+package server
+
+import (
+	"net/http"
+	"sync"
+	"time"
+
+	"github.com/writekitapp/writekit/internal/config"
+)
+
+type bucket struct {
+	tokens    float64
+	lastFill  time.Time
+	rateLimit int
+}
+
+type RateLimiter struct {
+	mu      sync.RWMutex
+	buckets map[string]*bucket
+}
+
+func NewRateLimiter() *RateLimiter {
+	rl := &RateLimiter{
+		buckets: make(map[string]*bucket),
+	}
+	go rl.cleanup()
+	return rl
+}
+
+func (rl *RateLimiter) Allow(tenantID string, limit int) bool {
+	rl.mu.Lock()
+	defer rl.mu.Unlock()
+
+	now := time.Now()
+	b, ok := rl.buckets[tenantID]
+	if !ok {
+		b = &bucket{
+			tokens:    float64(limit),
+			lastFill:  now,
+			rateLimit: limit,
+		}
+		rl.buckets[tenantID] = b
+	}
+
+	if b.rateLimit != limit {
+		b.rateLimit = limit
+		b.tokens = float64(limit)
+	}
+
+	elapsed := now.Sub(b.lastFill)
+	tokensToAdd := elapsed.Hours() * float64(limit)
+	b.tokens = min(b.tokens+tokensToAdd, float64(limit))
+	b.lastFill = now
+
+	if b.tokens >= 1 {
+		b.tokens--
+		return true
+	}
+	return false
+}
+
+func (rl *RateLimiter) cleanup() {
+	ticker := time.NewTicker(5 * time.Minute)
+	for range ticker.C {
+		rl.mu.Lock()
+		threshold := time.Now().Add(-1 * time.Hour)
+		for k, b := range rl.buckets {
+			if b.lastFill.Before(threshold) {
+				delete(rl.buckets, k)
+			}
+		}
+		rl.mu.Unlock()
+	}
+}
+
+func (s *Server) apiRateLimitMiddleware(rl *RateLimiter) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			tenantID, ok := r.Context().Value(tenantIDKey).(string)
+			if !ok || tenantID == "" {
+				next.ServeHTTP(w, r)
+				return
+			}
+
+			t, err := s.database.GetTenantByID(r.Context(), tenantID)
+			if err != nil {
+				next.ServeHTTP(w, r)
+				return
+			}
+
+			premium := t != nil && t.Premium
+			tierInfo := config.GetTierInfo(premium)
+			limit := tierInfo.Config.APIRateLimit
+
+			if !rl.Allow(tenantID, limit) {
+				w.Header().Set("X-RateLimit-Limit", itoa(limit))
+				w.Header().Set("X-RateLimit-Reset", "3600")
+				w.Header().Set("Retry-After", "60")
+				jsonError(w, http.StatusTooManyRequests, "rate limit exceeded")
+				return
+			}
+
+			w.Header().Set("X-RateLimit-Limit", itoa(limit))
+			next.ServeHTTP(w, r)
+		})
+	}
+}
+
+func itoa(n int) string {
+	if n == 0 {
+		return "0"
+	}
+	s := ""
+	for n > 0 {
+		s = string(rune('0'+n%10)) + s
+		n /= 10
+	}
+	return s
+}
+
+func min(a, b float64) float64 {
+	if a < b {
+		return a
+	}
+	return b
+}
diff --git a/internal/server/reader.go b/internal/server/reader.go
new file mode 100644
index 0000000..270579a
--- /dev/null
+++ b/internal/server/reader.go
@@ -0,0 +1,634 @@
+package server
+
+import (
+	"context"
+	"crypto/rand"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/writekitapp/writekit/internal/tenant"
+)
+
+func (s *Server) readerRoutes() chi.Router {
+	r := chi.NewRouter()
+
+	r.Get("/login/{provider}", s.readerLogin)
+	r.Get("/auth/callback", s.readerAuthCallback)
+	r.Get("/auth/providers", s.readerAuthProviders)
+
+	r.Group(func(r chi.Router) {
+		r.Use(s.readerAuthMiddleware)
+
+		r.Get("/config", s.getInteractionConfig)
+
+		r.Get("/posts/{slug}/comments", s.listComments)
+		r.Post("/posts/{slug}/comments", s.createComment)
+		r.Delete("/comments/{id}", s.deleteComment)
+
+		r.Get("/posts/{slug}/reactions", s.getReactions)
+		r.Post("/posts/{slug}/reactions", s.toggleReaction)
+
+		r.Get("/me", s.getReaderMe)
+		r.Post("/logout", s.readerLogout)
+
+		r.Get("/search", s.search)
+	})
+
+	return r
+}
+
+func (s *Server) getInteractionConfig(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	config := q.GetInteractionConfig(r.Context())
+
+	jsonResponse(w, http.StatusOK, config)
+}
+
+func (s *Server) listComments(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	slug := chi.URLParam(r, "slug")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	comments, err := q.ListComments(r.Context(), slug)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to list comments")
+		return
+	}
+
+	jsonResponse(w, http.StatusOK, comments)
+}
+
+func (s *Server) createComment(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	slug := chi.URLParam(r, "slug")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+
+	if q.GetSettingWithDefault(r.Context(), "comments_enabled") != "true" {
+		jsonError(w, http.StatusForbidden, "comments disabled")
+		return
+	}
+
+	var req struct {
+		Content  string `json:"content"`
+		ParentID *int64 `json:"parent_id"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid request")
+		return
+	}
+
+	if req.Content == "" {
+		jsonError(w, http.StatusBadRequest, "content required")
+		return
+	}
+
+	userID := getReaderUserID(r)
+	if userID == "" {
+		jsonError(w, http.StatusUnauthorized, "login required")
+		return
+	}
+
+	// Get user info for validation
+	user, _ := q.GetUserByID(r.Context(), userID)
+	authorName := "Anonymous"
+	authorEmail := ""
+	if user != nil {
+		authorName = user.Name
+		authorEmail = user.Email
+	}
+
+	// Validate comment via plugins
+	runner := s.getPluginRunner(tenantID, db)
+	allowed, reason, _ := runner.TriggerValidation(r.Context(), "comment.validate", map[string]any{
+		"content":     req.Content,
+		"authorName":  authorName,
+		"authorEmail": authorEmail,
+		"postSlug":    slug,
+	})
+	runner.Close()
+
+	if !allowed {
+		msg := "Comment rejected"
+		if reason != "" {
+			msg = reason
+		}
+		jsonError(w, http.StatusForbidden, msg)
+		return
+	}
+
+	comment := &tenant.Comment{
+		UserID:   userID,
+		PostSlug: slug,
+		Content:  req.Content,
+		ParentID: req.ParentID,
+	}
+
+	if err := q.CreateComment(r.Context(), comment); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to create comment")
+		return
+	}
+
+	// Trigger comment.created hook
+	go func() {
+		runner := s.getPluginRunner(tenantID, db)
+		defer runner.Close()
+
+		// Get post info
+		post, _ := q.GetPost(r.Context(), slug)
+		postData := map[string]any{"slug": slug, "title": slug, "url": "/" + slug}
+		if post != nil {
+			postData["title"] = post.Title
+		}
+
+		runner.TriggerHook(r.Context(), "comment.created", map[string]any{
+			"comment": map[string]any{
+				"id":          comment.ID,
+				"content":     comment.Content,
+				"authorName":  authorName,
+				"authorEmail": authorEmail,
+				"postSlug":    slug,
+				"createdAt":   comment.CreatedAt.Format(time.RFC3339),
+			},
+			"post": postData,
+		})
+	}()
+
+	jsonResponse(w, http.StatusCreated, comment)
+}
+
+func (s *Server) deleteComment(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	id := chi.URLParam(r, "id")
+
+	userID := getReaderUserID(r)
+	if userID == "" {
+		jsonError(w, http.StatusUnauthorized, "login required")
+		return
+	}
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+
+	var commentID int64
+	if _, err := json.Number(id).Int64(); err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid comment id")
+		return
+	}
+	commentID, _ = json.Number(id).Int64()
+
+	comment, err := q.GetComment(r.Context(), commentID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to get comment")
+		return
+	}
+	if comment == nil {
+		jsonError(w, http.StatusNotFound, "comment not found")
+		return
+	}
+
+	if comment.UserID != userID {
+		jsonError(w, http.StatusForbidden, "not your comment")
+		return
+	}
+
+	if err := q.DeleteComment(r.Context(), commentID); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to delete comment")
+		return
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}
+
+func (s *Server) getReactions(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	slug := chi.URLParam(r, "slug")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	counts, err := q.GetReactionCounts(r.Context(), slug)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to get reactions")
+		return
+	}
+
+	var userReactions []string
+	userID := getReaderUserID(r)
+	if userID != "" {
+		userReactions, _ = q.GetUserReactions(r.Context(), userID, slug)
+	} else if anonID := getAnonID(r); anonID != "" {
+		userReactions, _ = q.GetAnonReactions(r.Context(), anonID, slug)
+	}
+
+	jsonResponse(w, http.StatusOK, map[string]any{
+		"counts": counts,
+		"user":   userReactions,
+	})
+}
+
+func (s *Server) toggleReaction(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	slug := chi.URLParam(r, "slug")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+
+	if q.GetSettingWithDefault(r.Context(), "reactions_enabled") != "true" {
+		jsonError(w, http.StatusForbidden, "reactions disabled")
+		return
+	}
+
+	var req struct {
+		Emoji string `json:"emoji"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid request")
+		return
+	}
+
+	if req.Emoji == "" {
+		jsonError(w, http.StatusBadRequest, "emoji required")
+		return
+	}
+
+	userID := getReaderUserID(r)
+	anonID := ""
+	requireAuth := q.GetSettingWithDefault(r.Context(), "reactions_require_auth") == "true"
+
+	if userID == "" {
+		if requireAuth {
+			jsonError(w, http.StatusUnauthorized, "login required")
+			return
+		}
+		anonID = getOrCreateAnonID(w, r)
+	}
+
+	added, err := q.ToggleReaction(r.Context(), userID, anonID, slug, req.Emoji)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to toggle reaction")
+		return
+	}
+
+	jsonResponse(w, http.StatusOK, map[string]bool{"added": added})
+}
+
+func (s *Server) search(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	query := r.URL.Query().Get("q")
+
+	if query == "" {
+		jsonResponse(w, http.StatusOK, []any{})
+		return
+	}
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	results, err := q.Search(r.Context(), query, 20)
+	if err != nil {
+		jsonResponse(w, http.StatusOK, []any{})
+		return
+	}
+
+	jsonResponse(w, http.StatusOK, results)
+}
+
+func (s *Server) getReaderMe(w http.ResponseWriter, r *http.Request) {
+	userID := getReaderUserID(r)
+	if userID == "" {
+		jsonResponse(w, http.StatusOK, map[string]any{"logged_in": false})
+		return
+	}
+
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	user, err := q.GetUserByID(r.Context(), userID)
+	if err != nil || user == nil {
+		jsonResponse(w, http.StatusOK, map[string]any{"logged_in": false})
+		return
+	}
+
+	jsonResponse(w, http.StatusOK, map[string]any{
+		"logged_in": true,
+		"user": map[string]any{
+			"id":         user.ID,
+			"email":      user.Email,
+			"name":       user.Name,
+			"avatar_url": user.AvatarURL,
+		},
+	})
+}
+
+func (s *Server) readerLogout(w http.ResponseWriter, r *http.Request) {
+	token := extractReaderToken(r)
+	if token == "" {
+		w.WriteHeader(http.StatusNoContent)
+		return
+	}
+
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	db, err := s.tenantPool.Get(tenantID)
+	if err == nil {
+		q := tenant.NewQueries(db)
+		q.DeleteSession(r.Context(), token)
+	}
+
+	http.SetCookie(w, &http.Cookie{
+		Name:     "reader_session",
+		Value:    "",
+		Path:     "/",
+		MaxAge:   -1,
+		HttpOnly: true,
+		Secure:   true,
+		SameSite: http.SameSiteLaxMode,
+	})
+
+	w.WriteHeader(http.StatusNoContent)
+}
+
+func getReaderUserID(r *http.Request) string {
+	if id, ok := r.Context().Value(readerUserIDKey).(string); ok {
+		return id
+	}
+	return ""
+}
+
+type readerCtxKey string
+
+const readerUserIDKey readerCtxKey = "readerUserID"
+
+func (s *Server) readerAuthMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		token := extractReaderToken(r)
+		if token == "" {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		tenantID, ok := r.Context().Value(tenantIDKey).(string)
+		if !ok || tenantID == "" {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		db, err := s.tenantPool.Get(tenantID)
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		q := tenant.NewQueries(db)
+		session, err := q.ValidateSession(r.Context(), token)
+		if err != nil || session == nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		ctx := context.WithValue(r.Context(), readerUserIDKey, session.UserID)
+		next.ServeHTTP(w, r.WithContext(ctx))
+	})
+}
+
+func extractReaderToken(r *http.Request) string {
+	if cookie, err := r.Cookie("reader_session"); err == nil && cookie.Value != "" {
+		return cookie.Value
+	}
+
+	auth := r.Header.Get("Authorization")
+	if strings.HasPrefix(auth, "Bearer ") {
+		return strings.TrimPrefix(auth, "Bearer ")
+	}
+
+	return ""
+}
+
+func (s *Server) readerLogin(w http.ResponseWriter, r *http.Request) {
+	provider := chi.URLParam(r, "provider")
+	if provider != "google" && provider != "github" && provider != "discord" {
+		jsonError(w, http.StatusBadRequest, "invalid provider")
+		return
+	}
+
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	redirect := r.URL.Query().Get("redirect")
+
+	baseURL := os.Getenv("BASE_URL")
+	if baseURL == "" {
+		baseURL = "https://writekit.dev"
+	}
+
+	tenantInfo, err := s.database.GetTenantByID(r.Context(), tenantID)
+	if err != nil || tenantInfo == nil {
+		jsonError(w, http.StatusNotFound, "tenant not found")
+		return
+	}
+
+	domain := tenantInfo.CustomDomain
+	if domain == "" {
+		domain = tenantInfo.Subdomain + "." + s.domain
+	}
+	callbackURL := fmt.Sprintf("https://%s/api/reader/auth/callback", domain)
+	if redirect != "" {
+		callbackURL += "?redirect=" + redirect
+	}
+
+	authURL := fmt.Sprintf("%s/auth/%s?tenant=%s&callback=%s",
+		baseURL, provider, tenantID, callbackURL)
+
+	http.Redirect(w, r, authURL, http.StatusTemporaryRedirect)
+}
+
+func (s *Server) readerAuthCallback(w http.ResponseWriter, r *http.Request) {
+	token := r.URL.Query().Get("token")
+	redirect := r.URL.Query().Get("redirect")
+
+	if token == "" {
+		jsonError(w, http.StatusBadRequest, "missing token")
+		return
+	}
+
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	baseURL := os.Getenv("BASE_URL")
+	if baseURL == "" {
+		baseURL = "https://writekit.dev"
+	}
+
+	userURL := baseURL + "/auth/user?token=" + token
+	resp, err := http.Get(userURL)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "auth failed")
+		return
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		body, _ := io.ReadAll(resp.Body)
+		jsonError(w, http.StatusUnauthorized, "invalid token: "+string(body))
+		return
+	}
+
+	var platformUser struct {
+		ID        string `json:"id"`
+		Email     string `json:"email"`
+		Name      string `json:"name"`
+		AvatarURL string `json:"avatar_url"`
+	}
+	if err := json.NewDecoder(resp.Body).Decode(&platformUser); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to parse user")
+		return
+	}
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+
+	user, err := q.GetUserByID(r.Context(), platformUser.ID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+	if user == nil {
+		user = &tenant.User{
+			ID:        platformUser.ID,
+			Email:     platformUser.Email,
+			Name:      platformUser.Name,
+			AvatarURL: platformUser.AvatarURL,
+		}
+		if err := q.CreateUser(r.Context(), user); err != nil {
+			jsonError(w, http.StatusInternalServerError, "failed to create user")
+			return
+		}
+	}
+
+	session, err := q.CreateSession(r.Context(), user.ID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to create session")
+		return
+	}
+
+	tenantInfo, _ := s.database.GetTenantByID(r.Context(), tenantID)
+	secure := tenantInfo != nil && !strings.HasPrefix(tenantInfo.Subdomain, "localhost")
+
+	http.SetCookie(w, &http.Cookie{
+		Name:     "reader_session",
+		Value:    session.Token,
+		Path:     "/",
+		Expires:  session.ExpiresAt,
+		HttpOnly: true,
+		Secure:   secure,
+		SameSite: http.SameSiteLaxMode,
+	})
+
+	if redirect == "" || !strings.HasPrefix(redirect, "/") || strings.HasPrefix(redirect, "//") {
+		redirect = "/"
+	}
+
+	http.Redirect(w, r, redirect, http.StatusTemporaryRedirect)
+}
+
+func (s *Server) readerAuthProviders(w http.ResponseWriter, r *http.Request) {
+	baseURL := os.Getenv("BASE_URL")
+	if baseURL == "" {
+		baseURL = "https://writekit.dev"
+	}
+
+	resp, err := http.Get(baseURL + "/auth/providers")
+	if err != nil {
+		jsonResponse(w, http.StatusOK, map[string]any{"providers": []any{}})
+		return
+	}
+	defer resp.Body.Close()
+
+	var result map[string]any
+	if err := json.NewDecoder(resp.Body).Decode(&result); err != nil {
+		jsonResponse(w, http.StatusOK, map[string]any{"providers": []any{}})
+		return
+	}
+
+	jsonResponse(w, http.StatusOK, result)
+}
+
+func getOrCreateAnonID(w http.ResponseWriter, r *http.Request) string {
+	if cookie, err := r.Cookie("anon_id"); err == nil && cookie.Value != "" {
+		return cookie.Value
+	}
+
+	b := make([]byte, 16)
+	rand.Read(b)
+	anonID := hex.EncodeToString(b)
+
+	http.SetCookie(w, &http.Cookie{
+		Name:     "anon_id",
+		Value:    anonID,
+		Path:     "/",
+		MaxAge:   365 * 24 * 60 * 60,
+		HttpOnly: true,
+		SameSite: http.SameSiteLaxMode,
+	})
+
+	return anonID
+}
+
+func getAnonID(r *http.Request) string {
+	if cookie, err := r.Cookie("anon_id"); err == nil {
+		return cookie.Value
+	}
+	return ""
+}
diff --git a/internal/server/server.go b/internal/server/server.go
new file mode 100644
index 0000000..d35d1e6
--- /dev/null
+++ b/internal/server/server.go
@@ -0,0 +1,163 @@
+package server
+
+import (
+	"context"
+	"database/sql"
+	"log/slog"
+	"net/http"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/go-chi/chi/v5/middleware"
+	"github.com/writekitapp/writekit/internal/auth"
+	"github.com/writekitapp/writekit/internal/cloudflare"
+	"github.com/writekitapp/writekit/internal/db"
+	"github.com/writekitapp/writekit/internal/imaginary"
+	"github.com/writekitapp/writekit/internal/storage"
+	"github.com/writekitapp/writekit/internal/tenant"
+)
+
+type Server struct {
+	router      chi.Router
+	database    *db.DB
+	tenantPool  *tenant.Pool
+	tenantCache *tenant.Cache
+	storage     storage.Client
+	imaginary   *imaginary.Client
+	cloudflare  *cloudflare.Client
+	rateLimiter *RateLimiter
+	domain      string
+	jarvisURL   string
+	stopCleanup chan struct{}
+}
+
+func New(database *db.DB, pool *tenant.Pool, cache *tenant.Cache, storageClient storage.Client) *Server {
+	domain := os.Getenv("DOMAIN")
+	if domain == "" {
+		domain = "writekit.dev"
+	}
+
+	jarvisURL := os.Getenv("JARVIS_URL")
+	if jarvisURL == "" {
+		jarvisURL = "http://localhost:8090"
+	}
+
+	var imgClient *imaginary.Client
+	if url := os.Getenv("IMAGINARY_URL"); url != "" {
+		imgClient = imaginary.New(url)
+	}
+
+	cfClient := cloudflare.NewClient()
+
+	s := &Server{
+		router:      chi.NewRouter(),
+		database:    database,
+		tenantPool:  pool,
+		tenantCache: cache,
+		storage:     storageClient,
+		imaginary:   imgClient,
+		cloudflare:  cfClient,
+		rateLimiter: NewRateLimiter(),
+		domain:      domain,
+		jarvisURL:   jarvisURL,
+		stopCleanup: make(chan struct{}),
+	}
+
+	s.router.Use(middleware.Logger)
+	s.router.Use(middleware.Recoverer)
+	s.router.Use(middleware.Compress(5))
+
+	s.routes()
+	go s.cleanupDemos()
+
+	return s
+}
+
+func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	s.router.ServeHTTP(w, r)
+}
+
+func (s *Server) routes() {
+	s.router.HandleFunc("/*", s.route)
+}
+
+func (s *Server) route(w http.ResponseWriter, r *http.Request) {
+	host := r.Host
+	if idx := strings.Index(host, ":"); idx != -1 {
+		host = host[:idx]
+	}
+
+	if host == s.domain || host == "www."+s.domain {
+		s.servePlatform(w, r)
+		return
+	}
+
+	if strings.HasSuffix(host, "."+s.domain) {
+		subdomain := strings.TrimSuffix(host, "."+s.domain)
+		s.serveBlog(w, r, subdomain)
+		return
+	}
+
+	s.notFound(w, r)
+}
+
+func (s *Server) servePlatform(w http.ResponseWriter, r *http.Request) {
+	mux := chi.NewRouter()
+	mux.NotFound(s.notFound)
+
+	mux.Get("/", s.platformHome)
+	mux.Get("/login", s.platformLogin)
+	mux.Get("/signup", s.platformSignup)
+	mux.Get("/signup/complete", s.platformSignup)
+	mux.Get("/dashboard", s.platformDashboard)
+	mux.Handle("/assets/*", http.HandlerFunc(s.serveStaticAssets))
+
+	mux.Mount("/auth", auth.NewHandler(s.database).Routes())
+
+	mux.Route("/api", func(r chi.Router) {
+		r.Get("/tenant/check", s.checkSubdomain)
+		r.Post("/demo", s.createDemo)
+		r.Group(func(r chi.Router) {
+			r.Use(auth.SessionMiddleware(s.database))
+			r.Post("/tenant", s.createTenant)
+			r.Get("/tenant", s.getTenant)
+		})
+	})
+
+	mux.ServeHTTP(w, r)
+}
+
+func (s *Server) cleanupDemos() {
+	ticker := time.NewTicker(15 * time.Second)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-ticker.C:
+			expired, err := s.database.CleanupExpiredDemos(context.Background())
+			if err != nil {
+				slog.Error("cleanup expired demos", "error", err)
+				continue
+			}
+			for _, d := range expired {
+				s.tenantPool.Evict(d.ID)
+				s.tenantCache.Delete(d.Subdomain)
+				slog.Info("cleaned up expired demo", "demo_id", d.ID, "subdomain", d.Subdomain)
+			}
+		case <-s.stopCleanup:
+			return
+		}
+	}
+}
+
+func (s *Server) Close() {
+	close(s.stopCleanup)
+}
+
+// getPluginRunner returns a PluginRunner for the given tenant
+func (s *Server) getPluginRunner(tenantID string, db *sql.DB) *tenant.PluginRunner {
+	return tenant.NewPluginRunner(db, tenantID)
+}
+
diff --git a/internal/server/static/analytics-screenshot.png b/internal/server/static/analytics-screenshot.png
new file mode 100644
index 0000000..8156029
Binary files /dev/null and b/internal/server/static/analytics-screenshot.png differ
diff --git a/internal/server/static/apple-touch-icon.png b/internal/server/static/apple-touch-icon.png
new file mode 100644
index 0000000..6dad36d
Binary files /dev/null and b/internal/server/static/apple-touch-icon.png differ
diff --git a/internal/server/static/favicon-16x16.png b/internal/server/static/favicon-16x16.png
new file mode 100644
index 0000000..176525b
Binary files /dev/null and b/internal/server/static/favicon-16x16.png differ
diff --git a/internal/server/static/favicon-192x192.png b/internal/server/static/favicon-192x192.png
new file mode 100644
index 0000000..23ef4a7
Binary files /dev/null and b/internal/server/static/favicon-192x192.png differ
diff --git a/internal/server/static/favicon-32x32.png b/internal/server/static/favicon-32x32.png
new file mode 100644
index 0000000..090f94e
Binary files /dev/null and b/internal/server/static/favicon-32x32.png differ
diff --git a/internal/server/static/writekit-icon.ico b/internal/server/static/writekit-icon.ico
new file mode 100644
index 0000000..b49b243
Binary files /dev/null and b/internal/server/static/writekit-icon.ico differ
diff --git a/internal/server/static/writekit-icon.png b/internal/server/static/writekit-icon.png
new file mode 100644
index 0000000..6af7cc6
Binary files /dev/null and b/internal/server/static/writekit-icon.png differ
diff --git a/internal/server/static/writekit-icon.svg b/internal/server/static/writekit-icon.svg
new file mode 100644
index 0000000..386a0aa
--- /dev/null
+++ b/internal/server/static/writekit-icon.svg
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" width="512" height="512">
+  <defs>
+    <linearGradient id="writekit-gradient" x1="0%" y1="0%" x2="100%" y2="100%">
+      <stop offset="0%" style="stop-color:#10b981"/>
+      <stop offset="100%" style="stop-color:#06b6d4"/>
+    </linearGradient>
+  </defs>
+  
+  <!-- Background circle -->
+  <circle cx="256" cy="256" r="256" fill="url(#writekit-gradient)"/>
+  
+  <!-- Open book icon (scaled and centered) -->
+  <g transform="translate(96, 96) scale(13.33)">
+    <path 
+      fill="none" 
+      stroke="white" 
+      stroke-width="1.5" 
+      stroke-linecap="round" 
+      stroke-linejoin="round" 
+      d="M12 6.042A8.967 8.967 0 006 3.75c-1.052 0-2.062.18-3 .512v14.25A8.987 8.987 0 016 18c2.305 0 4.408.867 6 2.292m0-14.25a8.966 8.966 0 016-2.292c1.052 0 2.062.18 3 .512v14.25A8.987 8.987 0 0018 18a8.967 8.967 0 00-6 2.292m0-14.25v14.25"
+    />
+  </g>
+</svg>
diff --git a/internal/server/studio.go b/internal/server/studio.go
new file mode 100644
index 0000000..3ff11e2
--- /dev/null
+++ b/internal/server/studio.go
@@ -0,0 +1,2052 @@
+package server
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/go-chi/chi/v5"
+	"github.com/google/uuid"
+	"github.com/gorilla/websocket"
+	"github.com/writekitapp/writekit/internal/config"
+	"github.com/writekitapp/writekit/internal/db"
+	"github.com/writekitapp/writekit/internal/imaginary"
+	"github.com/writekitapp/writekit/internal/markdown"
+	"github.com/writekitapp/writekit/internal/tenant"
+)
+
+func renderContent(q *tenant.Queries, r *http.Request, content string) string {
+	settings, _ := q.GetSettings(r.Context())
+	codeTheme := "github"
+	if t, ok := settings["code_theme"]; ok && t != "" {
+		codeTheme = t
+	}
+	html, _ := markdown.RenderWithTheme(content, codeTheme)
+	return html
+}
+
+func (s *Server) studioRoutes() chi.Router {
+	r := chi.NewRouter()
+
+	r.Get("/posts", s.listPosts)
+	r.Post("/posts", s.createPost)
+	r.Get("/posts/{slug}", s.getPost)
+	r.Put("/posts/{slug}", s.updatePost)
+	r.Delete("/posts/{slug}", s.deletePost)
+
+	r.Post("/posts/{id}/publish", s.publishPost)
+	r.Post("/posts/{id}/unpublish", s.unpublishPost)
+	r.Get("/posts/{id}/draft", s.getDraft)
+	r.Put("/posts/{id}/draft", s.saveDraft)
+	r.Delete("/posts/{id}/draft", s.discardDraft)
+	r.Get("/posts/{id}/versions", s.listVersions)
+	r.Post("/posts/{id}/versions/{versionId}/restore", s.restoreVersion)
+	r.Post("/posts/{id}/render", s.renderPreview)
+
+	r.Get("/settings", s.getSettings)
+	r.Put("/settings", s.updateSettings)
+
+	r.Get("/interaction-config", s.getStudioInteractionConfig)
+	r.Put("/interaction-config", s.updateInteractionConfig)
+
+	r.Get("/assets", s.listAssets)
+	r.Post("/assets", s.uploadAsset)
+	r.Delete("/assets/{id}", s.deleteAsset)
+
+	r.Get("/api-keys", s.listAPIKeys)
+	r.Post("/api-keys", s.createAPIKey)
+	r.Delete("/api-keys/{key}", s.deleteAPIKey)
+
+	r.Get("/analytics", s.getAnalytics)
+	r.Get("/analytics/posts/{slug}", s.getPostAnalytics)
+
+	// Plugins
+	r.Get("/plugins", s.listPlugins)
+	r.Post("/plugins", s.savePlugin)
+	r.Delete("/plugins/{id}", s.deletePlugin)
+	r.Put("/plugins/{id}/toggle", s.togglePlugin)
+	r.Post("/plugins/compile", s.compilePlugin)
+
+	// Secrets
+	r.Get("/secrets", s.listSecrets)
+	r.Post("/secrets", s.createSecret)
+	r.Delete("/secrets/{key}", s.deleteSecret)
+
+	// Webhooks
+	r.Get("/webhooks", s.listWebhooks)
+	r.Post("/webhooks", s.createWebhook)
+	r.Put("/webhooks/{id}", s.updateWebhook)
+	r.Delete("/webhooks/{id}", s.deleteWebhook)
+	r.Post("/webhooks/{id}/test", s.testWebhook)
+	r.Get("/webhooks/{id}/deliveries", s.listWebhookDeliveries)
+
+	// Jarvis proxy (hooks/templates/lsp/sdk)
+	r.Get("/hooks", s.getHooks)
+	r.Get("/template", s.getTemplate)
+	r.Get("/sdk", s.getSDK)
+	r.Get("/lsp", s.proxyLSP)
+
+	// Code themes
+	r.Get("/code-theme.css", s.codeThemeCSS)
+	r.Get("/code-themes", s.listCodeThemes)
+
+	// Plugin testing
+	r.Post("/plugins/test", s.testPlugin)
+
+	// Billing
+	r.Get("/billing", s.getBilling)
+
+	return r
+}
+
+type postRequest struct {
+	Slug        string   `json:"slug"`
+	Title       string   `json:"title"`
+	Description string   `json:"description"`
+	Content     string   `json:"content"`
+	Date        string   `json:"date"`
+	Draft       bool     `json:"draft"`
+	MembersOnly bool     `json:"members_only"`
+	Tags        []string `json:"tags"`
+}
+
+type postContent struct {
+	Markdown string `json:"markdown"`
+	HTML     string `json:"html"`
+}
+
+type postResponse struct {
+	ID          string       `json:"id"`
+	Slug        string       `json:"slug"`
+	Title       string       `json:"title"`
+	Description string       `json:"description"`
+	CoverImage  string       `json:"cover_image"`
+	Content     *postContent `json:"content,omitempty"`
+	Date        string       `json:"date"`
+	Draft       bool         `json:"draft"`
+	MembersOnly bool         `json:"members_only"`
+	Tags        []string     `json:"tags"`
+	CreatedAt   string       `json:"created_at"`
+	UpdatedAt   string       `json:"updated_at"`
+}
+
+func postToResponse(p *tenant.Post, includeContent bool) postResponse {
+	dateStr := ""
+	if p.PublishedAt != nil {
+		dateStr = p.PublishedAt.Format("2006-01-02")
+	}
+	updatedStr := p.ModifiedAt.Format(time.RFC3339)
+	if p.UpdatedAt != nil {
+		updatedStr = p.UpdatedAt.Format(time.RFC3339)
+	}
+
+	resp := postResponse{
+		ID:          p.ID,
+		Slug:        p.Slug,
+		Title:       p.Title,
+		Description: p.Description,
+		CoverImage:  p.CoverImage,
+		Date:        dateStr,
+		Draft:       !p.IsPublished,
+		MembersOnly: p.MembersOnly,
+		Tags:        p.Tags,
+		CreatedAt:   p.CreatedAt.Format(time.RFC3339),
+		UpdatedAt:   updatedStr,
+	}
+	if includeContent {
+		resp.Content = &postContent{
+			Markdown: p.ContentMD,
+			HTML:     p.ContentHTML,
+		}
+	}
+	if resp.Tags == nil {
+		resp.Tags = []string{}
+	}
+	return resp
+}
+
+func (s *Server) listPosts(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	posts, err := q.ListPosts(r.Context(), true)
+	if err != nil {
+		log.Printf("listPosts error for tenant %s: %v", tenantID, err)
+		jsonError(w, http.StatusInternalServerError, "failed to list posts")
+		return
+	}
+
+	result := make([]postResponse, len(posts))
+	for i, p := range posts {
+		result[i] = postToResponse(&p, false)
+	}
+
+	jsonResponse(w, http.StatusOK, result)
+}
+
+func (s *Server) getPost(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	slug := chi.URLParam(r, "slug")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	post, err := q.GetPost(r.Context(), slug)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to get post")
+		return
+	}
+	if post == nil {
+		jsonError(w, http.StatusNotFound, "post not found")
+		return
+	}
+
+	jsonResponse(w, http.StatusOK, postToResponse(post, true))
+}
+
+func (s *Server) createPost(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	var req postRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid request")
+		return
+	}
+
+	if req.Title == "" {
+		jsonError(w, http.StatusBadRequest, "title required")
+		return
+	}
+
+	if req.Slug == "" {
+		req.Slug = slugify(req.Title)
+	}
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+
+	existing, _ := q.GetPost(r.Context(), req.Slug)
+	if existing != nil {
+		jsonError(w, http.StatusConflict, "post with this slug already exists")
+		return
+	}
+
+	var publishedAt *time.Time
+	if !req.Draft {
+		now := time.Now()
+		if req.Date != "" {
+			if parsed, err := time.Parse("2006-01-02", req.Date); err == nil {
+				now = parsed
+			}
+		}
+		publishedAt = &now
+	}
+
+	post := &tenant.Post{
+		Slug:        req.Slug,
+		Title:       req.Title,
+		Description: req.Description,
+		ContentMD:   req.Content,
+		ContentHTML: renderContent(q, r, req.Content),
+		IsPublished: !req.Draft,
+		MembersOnly: req.MembersOnly,
+		Tags:        req.Tags,
+		PublishedAt: publishedAt,
+	}
+
+	if err := q.CreatePost(r.Context(), post); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to create post")
+		return
+	}
+
+	if post.IsPublished {
+		s.rebuildSite(r.Context(), tenantID, db, r.Host)
+
+		go func() {
+			runner := s.getPluginRunner(tenantID, db)
+			defer runner.Close()
+			pubAt := ""
+			if post.PublishedAt != nil {
+				pubAt = post.PublishedAt.Format(time.RFC3339)
+			}
+			runner.TriggerHook(r.Context(), "post.published", map[string]any{
+				"post": map[string]any{
+					"slug":        post.Slug,
+					"title":       post.Title,
+					"url":         "/" + post.Slug,
+					"excerpt":     post.Description,
+					"publishedAt": pubAt,
+					"tags":        post.Tags,
+				},
+			})
+		}()
+	}
+
+	jsonResponse(w, http.StatusCreated, postToResponse(post, false))
+}
+
+func (s *Server) updatePost(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	slug := chi.URLParam(r, "slug")
+
+	var req postRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid request")
+		return
+	}
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+
+	post, err := q.GetPost(r.Context(), slug)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to get post")
+		return
+	}
+	if post == nil {
+		jsonError(w, http.StatusNotFound, "post not found")
+		return
+	}
+
+	wasUnpublished := !post.IsPublished
+	oldTitle := post.Title
+	oldTags := post.Tags
+	oldSlug := post.Slug
+
+	if req.Slug != "" && req.Slug != slug {
+		existing, _ := q.GetPost(r.Context(), req.Slug)
+		if existing != nil {
+			jsonError(w, http.StatusConflict, "post with this slug already exists")
+			return
+		}
+		if !contains(post.Aliases, oldSlug) {
+			post.Aliases = append(post.Aliases, oldSlug)
+		}
+		post.Slug = req.Slug
+	}
+
+	if req.Title != "" {
+		post.Title = req.Title
+	}
+	post.Description = req.Description
+	post.ContentMD = req.Content
+	post.IsPublished = !req.Draft
+	post.MembersOnly = req.MembersOnly
+	post.Tags = req.Tags
+
+	post.ContentHTML = renderContent(q, r, req.Content)
+
+	if !req.Draft && post.PublishedAt == nil {
+		now := time.Now()
+		if req.Date != "" {
+			if parsed, err := time.Parse("2006-01-02", req.Date); err == nil {
+				now = parsed
+			}
+		}
+		post.PublishedAt = &now
+	}
+
+	if err := q.UpdatePost(r.Context(), post); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to update post")
+		return
+	}
+
+	if post.IsPublished {
+		s.rebuildSite(r.Context(), tenantID, db, r.Host)
+
+		go func() {
+			runner := s.getPluginRunner(tenantID, db)
+			defer runner.Close()
+
+			pubAt := ""
+			if post.PublishedAt != nil {
+				pubAt = post.PublishedAt.Format(time.RFC3339)
+			}
+
+			if wasUnpublished {
+				runner.TriggerHook(r.Context(), "post.published", map[string]any{
+					"post": map[string]any{
+						"slug":        post.Slug,
+						"title":       post.Title,
+						"url":         "/" + post.Slug,
+						"excerpt":     post.Description,
+						"publishedAt": pubAt,
+						"tags":        post.Tags,
+					},
+				})
+			} else {
+				changes := map[string]any{}
+				if oldTitle != post.Title {
+					changes["title"] = map[string]any{"old": oldTitle, "new": post.Title}
+				}
+				changes["content"] = true
+
+				addedTags := []string{}
+				removedTags := []string{}
+				oldTagSet := make(map[string]bool)
+				for _, t := range oldTags {
+					oldTagSet[t] = true
+				}
+				for _, t := range post.Tags {
+					if !oldTagSet[t] {
+						addedTags = append(addedTags, t)
+					}
+					delete(oldTagSet, t)
+				}
+				for t := range oldTagSet {
+					removedTags = append(removedTags, t)
+				}
+				if len(addedTags) > 0 || len(removedTags) > 0 {
+					changes["tags"] = map[string]any{"added": addedTags, "removed": removedTags}
+				}
+
+				runner.TriggerHook(r.Context(), "post.updated", map[string]any{
+					"post": map[string]any{
+						"slug":        post.Slug,
+						"title":       post.Title,
+						"url":         "/" + post.Slug,
+						"excerpt":     post.Description,
+						"publishedAt": pubAt,
+						"updatedAt":   time.Now().Format(time.RFC3339),
+						"tags":        post.Tags,
+					},
+					"changes": changes,
+				})
+			}
+		}()
+
+		// Trigger webhooks for published posts
+		if wasUnpublished {
+			q.TriggerWebhooks(r.Context(), "post.published", map[string]any{
+				"post": postToResponse(post, false),
+			}, "https://"+r.Host)
+		} else {
+			q.TriggerWebhooks(r.Context(), "post.updated", map[string]any{
+				"post": postToResponse(post, false),
+			}, "https://"+r.Host)
+		}
+	}
+
+	jsonResponse(w, http.StatusOK, postToResponse(post, false))
+}
+
+func (s *Server) deletePost(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	slug := chi.URLParam(r, "slug")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+
+	post, err := q.GetPost(r.Context(), slug)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to get post")
+		return
+	}
+	if post == nil {
+		jsonError(w, http.StatusNotFound, "post not found")
+		return
+	}
+
+	wasPublished := post.IsPublished
+	postData := postToResponse(post, false)
+
+	if err := q.DeletePost(r.Context(), post.ID); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to delete post")
+		return
+	}
+
+	if wasPublished {
+		q.DeletePage(r.Context(), "/posts/"+slug)
+		s.rebuildSite(r.Context(), tenantID, db, r.Host)
+
+		// Trigger webhooks for deleted posts
+		q.TriggerWebhooks(r.Context(), "post.deleted", map[string]any{
+			"post": postData,
+		}, "https://"+r.Host)
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}
+
+func (s *Server) publishPost(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	postID := chi.URLParam(r, "id")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+
+	post, err := q.GetPostByID(r.Context(), postID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to get post")
+		return
+	}
+	if post == nil {
+		jsonError(w, http.StatusNotFound, "post not found")
+		return
+	}
+
+	if err := q.Publish(r.Context(), postID); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to publish")
+		return
+	}
+
+	post, _ = q.GetPostByID(r.Context(), postID)
+	s.rebuildSite(r.Context(), tenantID, db, r.Host)
+
+	// Trigger webhooks
+	q.TriggerWebhooks(r.Context(), "post.published", map[string]any{
+		"post": postToResponse(post, false),
+	}, "https://"+r.Host)
+
+	jsonResponse(w, http.StatusOK, postToResponse(post, false))
+}
+
+func (s *Server) unpublishPost(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	postID := chi.URLParam(r, "id")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+
+	post, err := q.GetPostByID(r.Context(), postID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to get post")
+		return
+	}
+	if post == nil {
+		jsonError(w, http.StatusNotFound, "post not found")
+		return
+	}
+
+	if err := q.Unpublish(r.Context(), postID); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to unpublish")
+		return
+	}
+
+	q.DeletePage(r.Context(), "/posts/"+post.Slug)
+	s.rebuildSite(r.Context(), tenantID, db, r.Host)
+
+	post, _ = q.GetPostByID(r.Context(), postID)
+	jsonResponse(w, http.StatusOK, postToResponse(post, false))
+}
+
+func (s *Server) getDraft(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	postID := chi.URLParam(r, "id")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	draft, err := q.GetDraft(r.Context(), postID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to get draft")
+		return
+	}
+
+	if draft == nil {
+		jsonResponse(w, http.StatusOK, nil)
+		return
+	}
+
+	jsonResponse(w, http.StatusOK, map[string]any{
+		"post_id":      draft.PostID,
+		"slug":         draft.Slug,
+		"title":        draft.Title,
+		"description":  draft.Description,
+		"tags":         draft.Tags,
+		"cover_image":  draft.CoverImage,
+		"members_only": draft.MembersOnly,
+		"content":      draft.ContentMD,
+		"modified_at":  draft.ModifiedAt.Format(time.RFC3339),
+	})
+}
+
+func (s *Server) saveDraft(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	postID := chi.URLParam(r, "id")
+
+	var req struct {
+		Slug        string   `json:"slug"`
+		Title       string   `json:"title"`
+		Description string   `json:"description"`
+		Tags        []string `json:"tags"`
+		CoverImage  string   `json:"cover_image"`
+		MembersOnly bool     `json:"members_only"`
+		Content     string   `json:"content"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid request")
+		return
+	}
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+
+	post, err := q.GetPostByID(r.Context(), postID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to get post")
+		return
+	}
+	if post == nil {
+		jsonError(w, http.StatusNotFound, "post not found")
+		return
+	}
+
+	draft := &tenant.PostDraft{
+		PostID:      postID,
+		Slug:        req.Slug,
+		Title:       req.Title,
+		Description: req.Description,
+		Tags:        req.Tags,
+		CoverImage:  req.CoverImage,
+		MembersOnly: req.MembersOnly,
+		ContentMD:   req.Content,
+		ContentHTML: renderContent(q, r, req.Content),
+	}
+
+	if draft.Slug == "" {
+		draft.Slug = post.Slug
+	}
+
+	if err := q.SaveDraft(r.Context(), draft); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to save draft")
+		return
+	}
+
+	jsonResponse(w, http.StatusOK, map[string]bool{"success": true})
+}
+
+func (s *Server) discardDraft(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	postID := chi.URLParam(r, "id")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+
+	if err := q.DeleteDraft(r.Context(), postID); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to discard draft")
+		return
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}
+
+func (s *Server) listVersions(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	postID := chi.URLParam(r, "id")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	versions, err := q.ListVersions(r.Context(), postID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to list versions")
+		return
+	}
+
+	result := make([]map[string]any, len(versions))
+	for i, v := range versions {
+		result[i] = map[string]any{
+			"id":         v.ID,
+			"title":      v.Title,
+			"created_at": v.CreatedAt.Format(time.RFC3339),
+		}
+	}
+
+	jsonResponse(w, http.StatusOK, result)
+}
+
+func (s *Server) restoreVersion(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	postID := chi.URLParam(r, "id")
+	versionIDStr := chi.URLParam(r, "versionId")
+
+	versionID, err := strconv.ParseInt(versionIDStr, 10, 64)
+	if err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid version id")
+		return
+	}
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+
+	if err := q.RestoreVersion(r.Context(), postID, versionID); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to restore version")
+		return
+	}
+
+	jsonResponse(w, http.StatusOK, map[string]bool{"success": true})
+}
+
+func (s *Server) renderPreview(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	var req struct {
+		Markdown string `json:"markdown"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid request")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	settings, _ := q.GetSettings(r.Context())
+	codeTheme := getSettingOr(settings, "code_theme", "github")
+
+	html, err := markdown.RenderWithTheme(req.Markdown, codeTheme)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "render failed")
+		return
+	}
+
+	jsonResponse(w, http.StatusOK, map[string]string{"html": html})
+}
+
+func (s *Server) getSettings(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	settings, err := q.GetSettings(r.Context())
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to get settings")
+		return
+	}
+
+	jsonResponse(w, http.StatusOK, settings)
+}
+
+func (s *Server) updateSettings(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	var settings map[string]string
+	if err := json.NewDecoder(r.Body).Decode(&settings); err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid request")
+		return
+	}
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	if err := q.SetSettings(r.Context(), settings); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to update settings")
+		return
+	}
+
+	s.rebuildSite(r.Context(), tenantID, db, r.Host)
+
+	jsonResponse(w, http.StatusOK, map[string]bool{"success": true})
+}
+
+func (s *Server) listAssets(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	assets, err := q.ListAssets(r.Context())
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to list assets")
+		return
+	}
+
+	jsonResponse(w, http.StatusOK, assets)
+}
+
+func (s *Server) uploadAsset(w http.ResponseWriter, r *http.Request) {
+	if s.storage == nil {
+		jsonError(w, http.StatusServiceUnavailable, "storage not configured")
+		return
+	}
+
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	if err := r.ParseMultipartForm(15 << 20); err != nil {
+		jsonError(w, http.StatusBadRequest, "file too large")
+		return
+	}
+
+	file, header, err := r.FormFile("file")
+	if err != nil {
+		jsonError(w, http.StatusBadRequest, "file required")
+		return
+	}
+	defer file.Close()
+
+	contentType := header.Header.Get("Content-Type")
+	isImage := strings.HasPrefix(contentType, "image/")
+
+	var uploadData []byte
+	var finalContentType string
+	var ext string
+
+	if isImage && s.imaginary != nil {
+		processed, err := s.imaginary.Process(file, header.Filename, imaginary.ProcessOptions{
+			Width:   2000,
+			Height:  2000,
+			Quality: 80,
+			Type:    "webp",
+		})
+		if err != nil {
+			jsonError(w, http.StatusInternalServerError, "image processing failed")
+			return
+		}
+		uploadData = processed
+		finalContentType = "image/webp"
+		ext = ".webp"
+	} else {
+		data, err := io.ReadAll(file)
+		if err != nil {
+			jsonError(w, http.StatusInternalServerError, "read failed")
+			return
+		}
+		uploadData = data
+		finalContentType = contentType
+		ext = ""
+		if idx := strings.LastIndex(header.Filename, "."); idx != -1 {
+			ext = header.Filename[idx:]
+		}
+	}
+
+	r2Key := fmt.Sprintf("%s/%s%s", tenantID, uuid.NewString(), ext)
+
+	if err := s.storage.Upload(r.Context(), r2Key, bytes.NewReader(uploadData), finalContentType); err != nil {
+		jsonError(w, http.StatusInternalServerError, "upload failed")
+		return
+	}
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	asset := &tenant.Asset{
+		Filename:    header.Filename,
+		R2Key:       r2Key,
+		ContentType: finalContentType,
+		Size:        int64(len(uploadData)),
+	}
+
+	q := tenant.NewQueries(db)
+	if err := q.CreateAsset(r.Context(), asset); err != nil {
+		s.storage.Delete(r.Context(), r2Key)
+		jsonError(w, http.StatusInternalServerError, "failed to save asset")
+		return
+	}
+
+	assetURL := s.storage.PublicURL(r2Key)
+
+	// Trigger asset.uploaded hook
+	go func() {
+		runner := s.getPluginRunner(tenantID, db)
+		defer runner.Close()
+		runner.TriggerHook(r.Context(), "asset.uploaded", map[string]any{
+			"id":          asset.ID,
+			"url":         assetURL,
+			"contentType": asset.ContentType,
+			"size":        asset.Size,
+		})
+	}()
+
+	jsonResponse(w, http.StatusCreated, map[string]any{
+		"id":           asset.ID,
+		"filename":     asset.Filename,
+		"url":          assetURL,
+		"content_type": asset.ContentType,
+		"size":         asset.Size,
+	})
+}
+
+func (s *Server) deleteAsset(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	assetID := chi.URLParam(r, "id")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+
+	asset, err := q.GetAsset(r.Context(), assetID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to get asset")
+		return
+	}
+	if asset == nil {
+		jsonError(w, http.StatusNotFound, "asset not found")
+		return
+	}
+
+	if s.storage != nil {
+		s.storage.Delete(r.Context(), asset.R2Key)
+	}
+
+	if err := q.DeleteAsset(r.Context(), assetID); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to delete asset")
+		return
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}
+
+func slugify(s string) string {
+	s = strings.ToLower(s)
+	s = strings.ReplaceAll(s, " ", "-")
+	var result strings.Builder
+	for _, r := range s {
+		if (r >= 'a' && r <= 'z') || (r >= '0' && r <= '9') || r == '-' {
+			result.WriteRune(r)
+		}
+	}
+	return result.String()
+}
+
+func (s *Server) listAPIKeys(w http.ResponseWriter, r *http.Request) {
+	if GetDemoInfo(r).IsDemo {
+		jsonResponse(w, http.StatusOK, []any{})
+		return
+	}
+
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	keys, err := q.ListAPIKeys(r.Context())
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to list API keys")
+		return
+	}
+
+	result := make([]map[string]any, len(keys))
+	for i, k := range keys {
+		result[i] = map[string]any{
+			"key":          maskKey(k.Key),
+			"name":         k.Name,
+			"created_at":   k.CreatedAt.Format(time.RFC3339),
+			"last_used_at": nil,
+		}
+		if k.LastUsedAt != nil {
+			result[i]["last_used_at"] = k.LastUsedAt.Format(time.RFC3339)
+		}
+	}
+
+	jsonResponse(w, http.StatusOK, result)
+}
+
+func (s *Server) createAPIKey(w http.ResponseWriter, r *http.Request) {
+	if GetDemoInfo(r).IsDemo {
+		jsonError(w, http.StatusForbidden, "API key generation is not available in demo mode")
+		return
+	}
+
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	var req struct {
+		Name string `json:"name"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid request")
+		return
+	}
+	if req.Name == "" {
+		jsonError(w, http.StatusBadRequest, "name required")
+		return
+	}
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	key, err := q.CreateAPIKey(r.Context(), req.Name)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to create API key")
+		return
+	}
+
+	jsonResponse(w, http.StatusCreated, map[string]any{
+		"key":        key.Key,
+		"name":       key.Name,
+		"created_at": key.CreatedAt.Format(time.RFC3339),
+	})
+}
+
+func (s *Server) deleteAPIKey(w http.ResponseWriter, r *http.Request) {
+	if GetDemoInfo(r).IsDemo {
+		jsonError(w, http.StatusForbidden, "API key management is not available in demo mode")
+		return
+	}
+
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	key := chi.URLParam(r, "key")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	if err := q.DeleteAPIKey(r.Context(), key); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to delete API key")
+		return
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}
+
+func (s *Server) getStudioInteractionConfig(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	config := q.GetInteractionConfig(r.Context())
+
+	jsonResponse(w, http.StatusOK, config)
+}
+
+func (s *Server) updateInteractionConfig(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	var req struct {
+		CommentsEnabled      *bool   `json:"comments_enabled"`
+		ReactionsEnabled     *bool   `json:"reactions_enabled"`
+		ReactionMode         *string `json:"reaction_mode"`
+		ReactionEmojis       *string `json:"reaction_emojis"`
+		UpvoteIcon           *string `json:"upvote_icon"`
+		ReactionsRequireAuth *bool   `json:"reactions_require_auth"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid request")
+		return
+	}
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	settings := make(tenant.Settings)
+
+	if req.CommentsEnabled != nil {
+		settings["comments_enabled"] = boolToStr(*req.CommentsEnabled)
+	}
+	if req.ReactionsEnabled != nil {
+		settings["reactions_enabled"] = boolToStr(*req.ReactionsEnabled)
+	}
+	if req.ReactionMode != nil {
+		settings["reaction_mode"] = *req.ReactionMode
+	}
+	if req.ReactionEmojis != nil {
+		settings["reaction_emojis"] = *req.ReactionEmojis
+	}
+	if req.UpvoteIcon != nil {
+		settings["upvote_icon"] = *req.UpvoteIcon
+	}
+	if req.ReactionsRequireAuth != nil {
+		settings["reactions_require_auth"] = boolToStr(*req.ReactionsRequireAuth)
+	}
+
+	if len(settings) > 0 {
+		if err := q.SetSettings(r.Context(), settings); err != nil {
+			jsonError(w, http.StatusInternalServerError, "failed to update settings")
+			return
+		}
+	}
+
+	config := q.GetInteractionConfig(r.Context())
+	jsonResponse(w, http.StatusOK, config)
+}
+
+func boolToStr(b bool) string {
+	if b {
+		return "true"
+	}
+	return "false"
+}
+
+func maskKey(key string) string {
+	if len(key) <= 8 {
+		return key
+	}
+	return key[:7] + "..." + key[len(key)-4:]
+}
+
+func (s *Server) getAnalytics(w http.ResponseWriter, r *http.Request) {
+	days := 30
+	if d := r.URL.Query().Get("days"); d != "" {
+		if parsed, err := strconv.Atoi(d); err == nil && parsed > 0 && parsed <= 365 {
+			days = parsed
+		}
+	}
+
+	if GetDemoInfo(r).IsDemo {
+		jsonResponse(w, http.StatusOK, generateFakeAnalytics(days))
+		return
+	}
+
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	tenantDB, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	t, err := s.database.GetTenantByID(r.Context(), tenantID)
+	if err != nil || t == nil {
+		d, _ := s.database.GetDemoByID(r.Context(), tenantID)
+		if d != nil {
+			t = &db.Tenant{Subdomain: d.Subdomain}
+		}
+	}
+
+	// Enforce tier analytics retention limit
+	tierInfo := config.GetTierInfo(t != nil && t.Premium)
+	if days > tierInfo.Config.AnalyticsRetention {
+		days = tierInfo.Config.AnalyticsRetention
+	}
+
+	hostname := ""
+	if t != nil {
+		hostname = t.Subdomain + "." + s.domain
+	}
+
+	result := &tenant.AnalyticsSummary{
+		ViewsByDay: []tenant.DailyStats{},
+		TopPages:   []tenant.PageStats{},
+		Browsers:   []tenant.NamedStat{},
+		OS:         []tenant.NamedStat{},
+		Devices:    []tenant.NamedStat{},
+		Countries:  []tenant.NamedStat{},
+	}
+
+	q := tenant.NewQueries(tenantDB)
+
+	if s.cloudflare.IsConfigured() && hostname != "" {
+		cfDays := days
+		if cfDays > 14 {
+			cfDays = 14
+		}
+
+		cfData, err := s.cloudflare.GetAnalytics(r.Context(), cfDays, hostname)
+		if err == nil && cfData != nil {
+			result.TotalViews = cfData.TotalRequests
+			result.TotalPageViews = cfData.TotalPageViews
+			result.UniqueVisitors = cfData.UniqueVisitors
+			result.TotalBandwidth = cfData.TotalBandwidth
+
+			for _, d := range cfData.Daily {
+				result.ViewsByDay = append(result.ViewsByDay, tenant.DailyStats{
+					Date:     d.Date,
+					Views:    d.PageViews,
+					Visitors: d.Visitors,
+				})
+			}
+
+			for _, p := range cfData.Paths {
+				result.TopPages = append(result.TopPages, tenant.PageStats{
+					Path:  p.Path,
+					Views: p.Requests,
+				})
+			}
+
+			for _, b := range cfData.Browsers {
+				result.Browsers = append(result.Browsers, tenant.NamedStat{Name: b.Name, Count: b.Count})
+			}
+			for _, o := range cfData.OS {
+				result.OS = append(result.OS, tenant.NamedStat{Name: o.Name, Count: o.Count})
+			}
+			for _, d := range cfData.Devices {
+				result.Devices = append(result.Devices, tenant.NamedStat{Name: d.Name, Count: d.Count})
+			}
+			for _, c := range cfData.Countries {
+				result.Countries = append(result.Countries, tenant.NamedStat{Name: c.Name, Count: c.Count})
+			}
+		}
+
+		if days > 14 {
+			archivedSince := time.Now().AddDate(0, 0, -days).Format("2006-01-02")
+			archivedUntil := time.Now().AddDate(0, 0, -15).Format("2006-01-02")
+			archived, err := q.GetArchivedAnalytics(r.Context(), archivedSince, archivedUntil)
+			if err == nil {
+				for _, a := range archived {
+					result.TotalViews += a.Requests
+					result.TotalPageViews += a.PageViews
+					result.UniqueVisitors += a.UniqueVisitors
+					result.TotalBandwidth += a.Bandwidth
+					result.ViewsByDay = append([]tenant.DailyStats{{
+						Date:     a.Date,
+						Views:    a.PageViews,
+						Visitors: a.UniqueVisitors,
+					}}, result.ViewsByDay...)
+				}
+			}
+		}
+	} else {
+		analytics, err := q.GetAnalytics(r.Context(), days)
+		if err == nil {
+			result = analytics
+		}
+	}
+
+	jsonResponse(w, http.StatusOK, result)
+}
+
+func (s *Server) getPostAnalytics(w http.ResponseWriter, r *http.Request) {
+	days := 30
+	if d := r.URL.Query().Get("days"); d != "" {
+		if parsed, err := strconv.Atoi(d); err == nil && parsed > 0 && parsed <= 365 {
+			days = parsed
+		}
+	}
+
+	if GetDemoInfo(r).IsDemo {
+		jsonResponse(w, http.StatusOK, generateFakePostAnalytics(days))
+		return
+	}
+
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	slug := chi.URLParam(r, "slug")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	analytics, err := q.GetPostAnalytics(r.Context(), slug, days)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to get post analytics")
+		return
+	}
+
+	jsonResponse(w, http.StatusOK, analytics)
+}
+
+// ═══════════════════════════════════════════════════════════════════════════
+// Plugins
+// ═══════════════════════════════════════════════════════════════════════════
+
+func (s *Server) listPlugins(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	plugins, err := q.ListPlugins(r.Context())
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to list plugins")
+		return
+	}
+
+	result := make([]map[string]any, len(plugins))
+	for i, p := range plugins {
+		result[i] = map[string]any{
+			"id":         p.ID,
+			"name":       p.Name,
+			"language":   p.Language,
+			"source":     p.Source,
+			"hooks":      p.Hooks,
+			"enabled":    p.Enabled,
+			"wasm_size":  p.WasmSize,
+			"created_at": p.CreatedAt.Format(time.RFC3339),
+			"updated_at": p.UpdatedAt.Format(time.RFC3339),
+		}
+	}
+
+	jsonResponse(w, http.StatusOK, result)
+}
+
+func (s *Server) savePlugin(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	var req struct {
+		ID       string   `json:"id"`
+		Name     string   `json:"name"`
+		Language string   `json:"language"`
+		Source   string   `json:"source"`
+		Hooks    []string `json:"hooks"`
+		Enabled  bool     `json:"enabled"`
+		Wasm     []byte   `json:"wasm"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid request")
+		return
+	}
+
+	if req.Name == "" {
+		jsonError(w, http.StatusBadRequest, "name required")
+		return
+	}
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	plugin := &tenant.Plugin{
+		ID:       req.ID,
+		Name:     req.Name,
+		Language: req.Language,
+		Source:   req.Source,
+		Hooks:    req.Hooks,
+		Enabled:  req.Enabled,
+		Wasm:     req.Wasm,
+	}
+
+	q := tenant.NewQueries(db)
+
+	// Check if exists
+	existing, _ := q.GetPlugin(r.Context(), req.ID)
+	if existing != nil {
+		err = q.UpdatePlugin(r.Context(), plugin)
+	} else {
+		// Check tier limit for new plugins
+		t, err := s.database.GetTenantByID(r.Context(), tenantID)
+		if err != nil {
+			jsonError(w, http.StatusInternalServerError, "database error")
+			return
+		}
+		tierInfo := config.GetTierInfo(t != nil && t.Premium)
+
+		count, err := q.CountPlugins(r.Context())
+		if err != nil {
+			jsonError(w, http.StatusInternalServerError, "database error")
+			return
+		}
+		if count >= tierInfo.Config.MaxPlugins {
+			jsonError(w, http.StatusForbidden, fmt.Sprintf("plugin limit reached (%d max on %s tier)", tierInfo.Config.MaxPlugins, tierInfo.Config.Name))
+			return
+		}
+
+		err = q.CreatePlugin(r.Context(), plugin)
+	}
+
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to save plugin")
+		return
+	}
+
+	jsonResponse(w, http.StatusOK, map[string]any{"id": plugin.ID})
+}
+
+func (s *Server) deletePlugin(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	id := chi.URLParam(r, "id")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	if err := q.DeletePlugin(r.Context(), id); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to delete plugin")
+		return
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}
+
+func (s *Server) togglePlugin(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	id := chi.URLParam(r, "id")
+
+	var req struct {
+		Enabled bool `json:"enabled"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid request")
+		return
+	}
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	if err := q.TogglePlugin(r.Context(), id, req.Enabled); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to toggle plugin")
+		return
+	}
+
+	jsonResponse(w, http.StatusOK, map[string]bool{"enabled": req.Enabled})
+}
+
+// ═══════════════════════════════════════════════════════════════════════════
+// Secrets
+// ═══════════════════════════════════════════════════════════════════════════
+
+func (s *Server) listSecrets(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	secrets, err := tenant.ListSecrets(db)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to list secrets")
+		return
+	}
+
+	result := make([]map[string]any, len(secrets))
+	for i, s := range secrets {
+		result[i] = map[string]any{
+			"key":        s.Key,
+			"created_at": s.CreatedAt.Format(time.RFC3339),
+		}
+	}
+
+	jsonResponse(w, http.StatusOK, result)
+}
+
+func (s *Server) createSecret(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	var req struct {
+		Key   string `json:"key"`
+		Value string `json:"value"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid request")
+		return
+	}
+
+	if req.Key == "" || req.Value == "" {
+		jsonError(w, http.StatusBadRequest, "key and value required")
+		return
+	}
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	if err := tenant.SetSecret(db, tenantID, req.Key, req.Value); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to create secret")
+		return
+	}
+
+	jsonResponse(w, http.StatusCreated, map[string]string{"key": req.Key})
+}
+
+func (s *Server) deleteSecret(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	key := chi.URLParam(r, "key")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	if err := tenant.DeleteSecret(db, key); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to delete secret")
+		return
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}
+
+// ═══════════════════════════════════════════════════════════════════════════
+// Jarvis Proxy (compile, hooks, template)
+// ═══════════════════════════════════════════════════════════════════════════
+
+func (s *Server) compilePlugin(w http.ResponseWriter, r *http.Request) {
+	resp, err := http.Post(s.jarvisURL+"/compile", "application/json", r.Body)
+	if err != nil {
+		jsonError(w, http.StatusBadGateway, "compiler unavailable")
+		return
+	}
+	defer resp.Body.Close()
+
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(resp.StatusCode)
+	io.Copy(w, resp.Body)
+}
+
+func (s *Server) getHooks(w http.ResponseWriter, r *http.Request) {
+	resp, err := http.Get(s.jarvisURL + "/hooks")
+	if err != nil {
+		jsonError(w, http.StatusBadGateway, "compiler unavailable")
+		return
+	}
+	defer resp.Body.Close()
+
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(resp.StatusCode)
+	io.Copy(w, resp.Body)
+}
+
+func (s *Server) getTemplate(w http.ResponseWriter, r *http.Request) {
+	url := s.jarvisURL + "/template?" + r.URL.RawQuery
+	resp, err := http.Get(url)
+	if err != nil {
+		jsonError(w, http.StatusBadGateway, "compiler unavailable")
+		return
+	}
+	defer resp.Body.Close()
+
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(resp.StatusCode)
+	io.Copy(w, resp.Body)
+}
+
+var wsUpgrader = websocket.Upgrader{
+	CheckOrigin: func(r *http.Request) bool {
+		return true
+	},
+}
+
+func (s *Server) getSDK(w http.ResponseWriter, r *http.Request) {
+	url := s.jarvisURL + "/sdk"
+	if r.URL.RawQuery != "" {
+		url += "?" + r.URL.RawQuery
+	}
+	resp, err := http.Get(url)
+	if err != nil {
+		jsonError(w, http.StatusBadGateway, "compiler unavailable")
+		return
+	}
+	defer resp.Body.Close()
+
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(resp.StatusCode)
+	io.Copy(w, resp.Body)
+}
+
+func (s *Server) testPlugin(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	var req struct {
+		Language string         `json:"language"`
+		Source   string         `json:"source"`
+		Hook     string         `json:"hook"`
+		TestData map[string]any `json:"test_data"`
+		Secrets  map[string]string `json:"secrets"` // Override secrets for testing
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid request")
+		return
+	}
+
+	if req.Source == "" {
+		jsonError(w, http.StatusBadRequest, "source required")
+		return
+	}
+	if req.Hook == "" {
+		req.Hook = "post.published"
+	}
+
+	// Step 1: Compile the plugin via Jarvis
+	compileReq := map[string]string{
+		"language": req.Language,
+		"source":   req.Source,
+	}
+	compileBody, _ := json.Marshal(compileReq)
+
+	resp, err := http.Post(s.jarvisURL+"/compile", "application/json", bytes.NewReader(compileBody))
+	if err != nil {
+		jsonError(w, http.StatusBadGateway, "compiler unavailable")
+		return
+	}
+	defer resp.Body.Close()
+
+	var compileResult struct {
+		Success bool     `json:"success"`
+		Wasm    []byte   `json:"wasm"`
+		Errors  []string `json:"errors"`
+		TimeMS  int64    `json:"time_ms"`
+	}
+	if err := json.NewDecoder(resp.Body).Decode(&compileResult); err != nil {
+		jsonError(w, http.StatusInternalServerError, "invalid compile response")
+		return
+	}
+
+	if !compileResult.Success {
+		jsonResponse(w, http.StatusOK, map[string]any{
+			"success":     false,
+			"phase":       "compile",
+			"errors":      compileResult.Errors,
+			"compile_ms":  compileResult.TimeMS,
+		})
+		return
+	}
+
+	// Step 2: Get secrets (use overrides if provided, otherwise fetch real ones)
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	secrets := req.Secrets
+	if secrets == nil {
+		secrets, _ = tenant.GetSecretsMap(db, tenantID)
+	}
+
+	// Step 3: Run the plugin with test data
+	runner := tenant.NewTestPluginRunner(db, tenantID, secrets)
+	result := runner.RunTest(r.Context(), compileResult.Wasm, req.Hook, req.TestData)
+
+	jsonResponse(w, http.StatusOK, map[string]any{
+		"success":    result.Success,
+		"phase":      "execute",
+		"output":     result.Output,
+		"logs":       result.Logs,
+		"error":      result.Error,
+		"compile_ms": compileResult.TimeMS,
+		"run_ms":     result.Duration,
+	})
+}
+
+func (s *Server) proxyLSP(w http.ResponseWriter, r *http.Request) {
+	language := r.URL.Query().Get("language")
+	if language == "" {
+		language = "typescript"
+	}
+
+	clientConn, err := wsUpgrader.Upgrade(w, r, nil)
+	if err != nil {
+		return
+	}
+	defer clientConn.Close()
+
+	jarvisWS := strings.Replace(s.jarvisURL, "http://", "ws://", 1)
+	jarvisWS = strings.Replace(jarvisWS, "https://", "wss://", 1)
+	jarvisURL := jarvisWS + "/lsp?language=" + url.QueryEscape(language)
+
+	serverConn, _, err := websocket.DefaultDialer.Dial(jarvisURL, nil)
+	if err != nil {
+		clientConn.WriteMessage(websocket.TextMessage, []byte(`{"error": "LSP server unavailable"}`))
+		return
+	}
+	defer serverConn.Close()
+
+	done := make(chan struct{})
+
+	go func() {
+		defer close(done)
+		for {
+			msgType, msg, err := serverConn.ReadMessage()
+			if err != nil {
+				return
+			}
+			if err := clientConn.WriteMessage(msgType, msg); err != nil {
+				return
+			}
+		}
+	}()
+
+	go func() {
+		for {
+			msgType, msg, err := clientConn.ReadMessage()
+			if err != nil {
+				return
+			}
+			if err := serverConn.WriteMessage(msgType, msg); err != nil {
+				return
+			}
+		}
+	}()
+
+	<-done
+}
+
+// ═══════════════════════════════════════════════════════════════════════════
+// Code Themes
+// ═══════════════════════════════════════════════════════════════════════════
+
+func (s *Server) codeThemeCSS(w http.ResponseWriter, r *http.Request) {
+	theme := r.URL.Query().Get("theme")
+	if theme == "" {
+		theme = "github"
+	}
+
+	css, err := markdown.GenerateHljsCSS(theme)
+	if err != nil {
+		http.Error(w, "invalid theme", http.StatusBadRequest)
+		return
+	}
+
+	w.Header().Set("Content-Type", "text/css")
+	w.Header().Set("Cache-Control", "public, max-age=31536000")
+	w.Write([]byte(css))
+}
+
+func (s *Server) listCodeThemes(w http.ResponseWriter, r *http.Request) {
+	themes := markdown.ListThemes()
+	jsonResponse(w, http.StatusOK, themes)
+}
+
+func contains(slice []string, item string) bool {
+	for _, s := range slice {
+		if s == item {
+			return true
+		}
+	}
+	return false
+}
+
+// ═══════════════════════════════════════════════════════════════════════════
+// Webhooks
+// ═══════════════════════════════════════════════════════════════════════════
+
+func (s *Server) listWebhooks(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	webhooks, err := q.ListWebhooks(r.Context())
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to list webhooks")
+		return
+	}
+
+	if webhooks == nil {
+		webhooks = []tenant.Webhook{}
+	}
+
+	jsonResponse(w, http.StatusOK, webhooks)
+}
+
+func (s *Server) createWebhook(w http.ResponseWriter, r *http.Request) {
+	if GetDemoInfo(r).IsDemo {
+		jsonError(w, http.StatusForbidden, "Webhook management is not available in demo mode")
+		return
+	}
+
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	var req struct {
+		Name   string   `json:"name"`
+		URL    string   `json:"url"`
+		Events []string `json:"events"`
+		Secret string   `json:"secret"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid request body")
+		return
+	}
+
+	if req.Name == "" || req.URL == "" || len(req.Events) == 0 {
+		jsonError(w, http.StatusBadRequest, "name, url, and events are required")
+		return
+	}
+
+	// Validate URL
+	if _, err := url.ParseRequestURI(req.URL); err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid URL")
+		return
+	}
+
+	// Check tier limit
+	t, err := s.database.GetTenantByID(r.Context(), tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+	tierInfo := config.GetTierInfo(t != nil && t.Premium)
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+
+	count, err := q.CountWebhooks(r.Context())
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+	if count >= tierInfo.Config.MaxWebhooks {
+		jsonError(w, http.StatusForbidden, fmt.Sprintf("webhook limit reached (%d max on %s tier)", tierInfo.Config.MaxWebhooks, tierInfo.Config.Name))
+		return
+	}
+
+	webhook, err := q.CreateWebhook(r.Context(), req.Name, req.URL, req.Events, req.Secret)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to create webhook")
+		return
+	}
+
+	jsonResponse(w, http.StatusCreated, webhook)
+}
+
+func (s *Server) updateWebhook(w http.ResponseWriter, r *http.Request) {
+	if GetDemoInfo(r).IsDemo {
+		jsonError(w, http.StatusForbidden, "Webhook management is not available in demo mode")
+		return
+	}
+
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	webhookID := chi.URLParam(r, "id")
+
+	var req struct {
+		Name    string   `json:"name"`
+		URL     string   `json:"url"`
+		Events  []string `json:"events"`
+		Secret  string   `json:"secret"`
+		Enabled bool     `json:"enabled"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		jsonError(w, http.StatusBadRequest, "invalid request body")
+		return
+	}
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	if err := q.UpdateWebhook(r.Context(), webhookID, req.Name, req.URL, req.Events, req.Secret, req.Enabled); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to update webhook")
+		return
+	}
+
+	webhook, _ := q.GetWebhook(r.Context(), webhookID)
+	jsonResponse(w, http.StatusOK, webhook)
+}
+
+func (s *Server) deleteWebhook(w http.ResponseWriter, r *http.Request) {
+	if GetDemoInfo(r).IsDemo {
+		jsonError(w, http.StatusForbidden, "Webhook management is not available in demo mode")
+		return
+	}
+
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	webhookID := chi.URLParam(r, "id")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	if err := q.DeleteWebhook(r.Context(), webhookID); err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to delete webhook")
+		return
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}
+
+func (s *Server) testWebhook(w http.ResponseWriter, r *http.Request) {
+	if GetDemoInfo(r).IsDemo {
+		jsonError(w, http.StatusForbidden, "Webhook testing is not available in demo mode")
+		return
+	}
+
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	webhookID := chi.URLParam(r, "id")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	webhook, err := q.GetWebhook(r.Context(), webhookID)
+	if err != nil || webhook == nil {
+		jsonError(w, http.StatusNotFound, "webhook not found")
+		return
+	}
+
+	// Trigger a test event
+	testData := map[string]any{
+		"post": map[string]any{
+			"id":          "test-id",
+			"slug":        "test-post",
+			"title":       "Test Post",
+			"description": "This is a test webhook delivery",
+			"url":         "https://example.com/posts/test-post",
+			"tags":        []string{"test"},
+		},
+	}
+
+	q.TriggerWebhooks(r.Context(), "post.test", testData, "")
+
+	jsonResponse(w, http.StatusOK, map[string]string{"status": "triggered"})
+}
+
+func (s *Server) listWebhookDeliveries(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+	webhookID := chi.URLParam(r, "id")
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	deliveries, err := q.ListWebhookDeliveries(r.Context(), webhookID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "failed to list deliveries")
+		return
+	}
+
+	if deliveries == nil {
+		deliveries = []tenant.WebhookDelivery{}
+	}
+
+	jsonResponse(w, http.StatusOK, deliveries)
+}
+
+func (s *Server) getBilling(w http.ResponseWriter, r *http.Request) {
+	tenantID := r.Context().Value(tenantIDKey).(string)
+
+	t, err := s.database.GetTenantByID(r.Context(), tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	premium := false
+	if t != nil {
+		premium = t.Premium
+	}
+
+	db, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		jsonError(w, http.StatusInternalServerError, "database error")
+		return
+	}
+
+	q := tenant.NewQueries(db)
+	webhookCount, _ := q.CountWebhooks(r.Context())
+	pluginCount, _ := q.CountPlugins(r.Context())
+
+	usage := config.Usage{
+		Webhooks: webhookCount,
+		Plugins:  pluginCount,
+	}
+
+	jsonResponse(w, http.StatusOK, config.GetAllTiers(premium, usage))
+}
diff --git a/internal/server/sync.go b/internal/server/sync.go
new file mode 100644
index 0000000..78e6418
--- /dev/null
+++ b/internal/server/sync.go
@@ -0,0 +1,113 @@
+package server
+
+import (
+	"context"
+	"log"
+	"time"
+
+	"github.com/writekitapp/writekit/internal/tenant"
+)
+
+func (s *Server) StartAnalyticsSync() {
+	if !s.cloudflare.IsConfigured() {
+		return
+	}
+
+	go s.runAnalyticsSync()
+}
+
+func (s *Server) runAnalyticsSync() {
+	ticker := time.NewTicker(24 * time.Hour)
+	defer ticker.Stop()
+
+	s.syncYesterdayAnalytics()
+
+	for range ticker.C {
+		s.syncYesterdayAnalytics()
+	}
+}
+
+func (s *Server) syncYesterdayAnalytics() {
+	ctx := context.Background()
+	yesterday := time.Now().AddDate(0, 0, -1).Format("2006-01-02")
+
+	tenants, err := s.database.ListTenants(ctx)
+	if err != nil {
+		log.Printf("analytics sync: list tenants: %v", err)
+		return
+	}
+
+	for _, t := range tenants {
+		s.syncTenantAnalytics(ctx, t.ID, t.Subdomain, yesterday)
+	}
+
+	demos, err := s.database.ListActiveDemos(ctx)
+	if err != nil {
+		log.Printf("analytics sync: list demos: %v", err)
+		return
+	}
+
+	for _, d := range demos {
+		s.syncTenantAnalytics(ctx, d.ID, d.Subdomain, yesterday)
+	}
+}
+
+func (s *Server) syncTenantAnalytics(ctx context.Context, tenantID, subdomain, date string) {
+	hostname := subdomain + "." + s.domain
+
+	tenantDB, err := s.tenantPool.Get(tenantID)
+	if err != nil {
+		log.Printf("analytics sync: get tenant db %s: %v", tenantID, err)
+		return
+	}
+
+	q := tenant.NewQueries(tenantDB)
+
+	has, err := q.HasArchivedDate(ctx, date)
+	if err != nil {
+		log.Printf("analytics sync: check archived %s: %v", tenantID, err)
+		return
+	}
+	if has {
+		return
+	}
+
+	cfData, err := s.cloudflare.GetAnalytics(ctx, 1, hostname)
+	if err != nil {
+		log.Printf("analytics sync: fetch cf data %s: %v", tenantID, err)
+		return
+	}
+
+	if cfData == nil || len(cfData.Daily) == 0 {
+		return
+	}
+
+	day := cfData.Daily[0]
+	archived := &tenant.ArchivedDay{
+		Date:           day.Date,
+		Requests:       day.Requests,
+		PageViews:      day.PageViews,
+		UniqueVisitors: day.Visitors,
+		Bandwidth:      day.Bandwidth,
+	}
+
+	for _, b := range cfData.Browsers {
+		archived.Browsers = append(archived.Browsers, tenant.NamedStat{Name: b.Name, Count: b.Count})
+	}
+	for _, o := range cfData.OS {
+		archived.OS = append(archived.OS, tenant.NamedStat{Name: o.Name, Count: o.Count})
+	}
+	for _, d := range cfData.Devices {
+		archived.Devices = append(archived.Devices, tenant.NamedStat{Name: d.Name, Count: d.Count})
+	}
+	for _, c := range cfData.Countries {
+		archived.Countries = append(archived.Countries, tenant.NamedStat{Name: c.Name, Count: c.Count})
+	}
+	for _, p := range cfData.Paths {
+		archived.Paths = append(archived.Paths, tenant.PageStats{Path: p.Path, Views: p.Requests})
+	}
+
+	if err := q.SaveDailyAnalytics(ctx, archived); err != nil {
+		log.Printf("analytics sync: save archived %s: %v", tenantID, err)
+	}
+}
diff --git a/internal/server/templates/404.html b/internal/server/templates/404.html
new file mode 100644
index 0000000..6ae8347
--- /dev/null
+++ b/internal/server/templates/404.html
@@ -0,0 +1,64 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <title>404 — WriteKit</title>
+  <link rel="icon" type="image/x-icon" href="/assets/writekit-icon.ico" />
+  <link rel="icon" type="image/svg+xml" href="/assets/writekit-icon.svg" />
+  <style>
+    *{margin:0;padding:0;box-sizing:border-box}
+    :root{--bg:#fafafa;--text:#0a0a0a;--muted:#737373;--border:#e5e5e5;--primary:#10b981}
+    body{font-family:system-ui,-apple-system,sans-serif;background:var(--bg);color:var(--text);line-height:1.6}
+    .mono{font-family:'SF Mono','Fira Code','Consolas',monospace}
+    .layout{display:grid;grid-template-columns:200px 1fr;min-height:100vh}
+    aside{padding:2rem 1.5rem;border-right:1px solid var(--border);position:sticky;top:0;height:100vh;display:flex;flex-direction:column}
+    .sidebar-logo{font-family:'SF Mono','Fira Code',monospace;font-weight:600;font-size:14px;letter-spacing:-0.02em;margin-bottom:0.25rem}
+    .sidebar-tagline{font-family:'SF Mono','Fira Code',monospace;font-size:10px;color:var(--muted);text-transform:uppercase;letter-spacing:0.05em;margin-bottom:2.5rem}
+    .sidebar-nav{display:flex;flex-direction:column;gap:0.25rem}
+    .sidebar-nav a{font-family:'SF Mono','Fira Code',monospace;font-size:12px;color:var(--muted);text-decoration:none;padding:0.5rem 0;transition:color 0.15s}
+    .sidebar-nav a:hover{color:var(--text)}
+    .sidebar-footer{margin-top:auto}
+    .env-badge{font-family:'SF Mono','Fira Code',monospace;display:inline-block;padding:0.35rem 0.75rem;border:1px solid var(--primary);font-size:10px;text-transform:uppercase;letter-spacing:0.05em;color:var(--primary)}
+    main{display:flex;align-items:center;justify-content:center;min-height:100vh;padding:2rem}
+    .error-content{text-align:center;max-width:400px}
+    .error-code{font-family:'SF Mono','Fira Code',monospace;font-size:120px;font-weight:600;letter-spacing:-0.05em;line-height:1;color:var(--border);margin-bottom:1rem}
+    .error-title{font-size:1.5rem;font-weight:500;letter-spacing:-0.02em;margin-bottom:0.75rem}
+    .error-message{font-family:'SF Mono','Fira Code',monospace;font-size:13px;color:var(--muted);margin-bottom:2rem;line-height:1.7}
+    .error-actions{display:flex;gap:1rem;justify-content:center;flex-wrap:wrap}
+    .btn-primary{padding:12px 24px;background:var(--text);color:var(--bg);text-decoration:none;font-family:'SF Mono','Fira Code',monospace;font-size:13px;transition:all 0.2s}
+    .btn-primary:hover{transform:translateY(-1px);box-shadow:0 4px 12px rgba(0,0,0,0.15)}
+    .btn-secondary{padding:12px 24px;background:transparent;color:var(--text);border:1px solid var(--border);text-decoration:none;font-family:'SF Mono','Fira Code',monospace;font-size:13px;transition:all 0.15s}
+    .btn-secondary:hover{border-color:var(--text)}
+    @media(max-width:900px){.layout{grid-template-columns:1fr}aside{display:none}}
+  </style>
+</head>
+<body>
+  <div class="layout">
+    <aside>
+      <div>
+        <div class="sidebar-logo">WriteKit</div>
+        <div class="sidebar-tagline">Blogging Platform</div>
+      </div>
+      <nav class="sidebar-nav">
+        <a href="/">Home</a>
+        <a href="/signup" style="color:var(--primary)">Create Blog →</a>
+      </nav>
+      <div class="sidebar-footer">
+        <div class="env-badge">ALPHA</div>
+      </div>
+    </aside>
+    <main>
+      <div class="error-content">
+        <div class="error-code">404</div>
+        <h1 class="error-title">Page not found</h1>
+        <p class="error-message">The page you're looking for doesn't exist or may have been moved.</p>
+        <div class="error-actions">
+          <a href="/" class="btn-primary">Go Home</a>
+          <a href="/signup" class="btn-secondary">Create a Blog</a>
+        </div>
+      </div>
+    </main>
+  </div>
+</body>
+</html>
diff --git a/internal/server/templates/expired.html b/internal/server/templates/expired.html
new file mode 100644
index 0000000..00d7079
--- /dev/null
+++ b/internal/server/templates/expired.html
@@ -0,0 +1,56 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8"/>
+<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+<title>Demo Expired — WriteKit</title>
+<link rel="icon" type="image/x-icon" href="/assets/writekit-icon.ico"/>
+<link rel="icon" type="image/svg+xml" href="/assets/writekit-icon.svg"/>
+<style>
+*{margin:0;padding:0;box-sizing:border-box}
+:root{--bg:#fafafa;--text:#0a0a0a;--muted:#737373;--border:#e5e5e5;--primary:#10b981}
+body{font-family:'SF Mono','Fira Code','Consolas',monospace;background:var(--bg);color:var(--text);min-height:100vh;display:flex;align-items:center;justify-content:center;padding:2rem}
+.container{max-width:480px;width:100%}
+.header{margin-bottom:3rem}
+.logo{font-weight:600;font-size:14px;letter-spacing:-0.02em;margin-bottom:0.5rem}
+.subdomain{font-size:12px;color:var(--muted)}
+.title{font-family:system-ui,-apple-system,sans-serif;font-size:2rem;font-weight:400;letter-spacing:-0.03em;margin-bottom:1rem}
+.description{color:var(--muted);line-height:1.6;margin-bottom:2.5rem}
+.section{margin-bottom:2rem}
+.signup-btn{display:block;width:100%;padding:1rem 1.5rem;background:linear-gradient(135deg,#10b981,#06b6d4);color:white;text-decoration:none;font-family:inherit;font-size:14px;font-weight:500;text-align:center;border:none;cursor:pointer;transition:transform 0.2s,box-shadow 0.2s}
+.signup-btn:hover{transform:translateY(-2px);box-shadow:0 8px 24px rgba(16,185,129,0.3)}
+.signup-note{font-size:11px;color:var(--muted);margin-top:0.75rem;text-align:center}
+.divider{display:flex;align-items:center;gap:1rem;margin:2rem 0;color:var(--muted);font-size:12px}
+.divider::before,.divider::after{content:'';flex:1;height:1px;background:var(--border)}
+.secondary-actions{display:flex;gap:1rem}
+.secondary-btn{flex:1;display:flex;align-items:center;justify-content:center;gap:0.5rem;padding:0.875rem 1rem;background:transparent;color:var(--text);text-decoration:none;font-family:inherit;font-size:13px;border:1px solid var(--border);transition:all 0.15s}
+.secondary-btn:hover{border-color:var(--text);background:var(--border)}
+.secondary-btn svg{width:16px;height:16px}
+</style>
+</head>
+<body>
+<div class="container">
+<div class="header">
+<div class="logo">WriteKit</div>
+<div class="subdomain">{{SUBDOMAIN_TEXT}}</div>
+</div>
+<h1 class="title">Demo Expired</h1>
+<p class="description">Your demo session has ended. Want to keep your blog? Sign up to make it permanent — it's free.</p>
+<div class="section">
+<a href="/signup" class="signup-btn">Keep My Blog — Sign Up Free</a>
+<p class="signup-note">No credit card required</p>
+</div>
+<div class="divider">or</div>
+<div class="secondary-actions">
+<a href="/discord" class="secondary-btn">
+<svg viewBox="0 0 24 24" fill="currentColor"><path d="M20.317 4.37a19.791 19.791 0 0 0-4.885-1.515.074.074 0 0 0-.079.037c-.21.375-.444.864-.608 1.25a18.27 18.27 0 0 0-5.487 0 12.64 12.64 0 0 0-.617-1.25.077.077 0 0 0-.079-.037A19.736 19.736 0 0 0 3.677 4.37a.07.07 0 0 0-.032.027C.533 9.046-.32 13.58.099 18.057a.082.082 0 0 0 .031.057 19.9 19.9 0 0 0 5.993 3.03.078.078 0 0 0 .084-.028 14.09 14.09 0 0 0 1.226-1.994.076.076 0 0 0-.041-.106 13.107 13.107 0 0 1-1.872-.892.077.077 0 0 1-.008-.128 10.2 10.2 0 0 0 .372-.292.074.074 0 0 1 .077-.01c3.928 1.793 8.18 1.793 12.062 0a.074.074 0 0 1 .078.01c.12.098.246.198.373.292a.077.077 0 0 1-.006.127 12.299 12.299 0 0 1-1.873.892.077.077 0 0 0-.041.107c.36.698.772 1.362 1.225 1.993a.076.076 0 0 0 .084.028 19.839 19.839 0 0 0 6.002-3.03.077.077 0 0 0 .032-.054c.5-5.177-.838-9.674-3.549-13.66a.061.061 0 0 0-.031-.03zM8.02 15.33c-1.183 0-2.157-1.085-2.157-2.419 0-1.333.956-2.419 2.157-2.419 1.21 0 2.176 1.096 2.157 2.42 0 1.333-.956 2.418-2.157 2.418zm7.975 0c-1.183 0-2.157-1.085-2.157-2.419 0-1.333.955-2.419 2.157-2.419 1.21 0 2.176 1.096 2.157 2.42 0 1.333-.946 2.418-2.157 2.418z"/></svg>
+Join Discord
+</a>
+<a href="/" class="secondary-btn">
+<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path stroke-linecap="round" stroke-linejoin="round" d="M4 4v5h.582m15.356 2A8.001 8.001 0 004.582 9m0 0H9m11 11v-5h-.581m0 0a8.003 8.003 0 01-15.357-2m15.357 2H15"/></svg>
+Try Again
+</a>
+</div>
+</div>
+</body>
+</html>
diff --git a/internal/server/templates/index.html b/internal/server/templates/index.html
new file mode 100644
index 0000000..9250a17
--- /dev/null
+++ b/internal/server/templates/index.html
@@ -0,0 +1,484 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <title>WriteKit — Full Blogging Platform. Lightweight. Yours.</title>
+  <link rel="icon" type="image/x-icon" href="/assets/writekit-icon.ico" />
+  <link rel="icon" type="image/svg+xml" href="/assets/writekit-icon.svg" />
+  <link rel="icon" type="image/png" sizes="32x32" href="/assets/favicon-32x32.png" />
+  <link rel="icon" type="image/png" sizes="16x16" href="/assets/favicon-16x16.png" />
+  <link rel="apple-touch-icon" sizes="180x180" href="/assets/apple-touch-icon.png" />
+  <style>
+    *{margin:0;padding:0;box-sizing:border-box}
+    :root{--bg:#fafafa;--text:#0a0a0a;--muted:#737373;--border:#e5e5e5;--accent:{{ACCENT}};--primary:#10b981}
+    body{font-family:system-ui,-apple-system,sans-serif;background:var(--bg);color:var(--text);line-height:1.6}
+    .mono{font-family:'SF Mono','Fira Code','Consolas',monospace}
+    .layout{display:grid;grid-template-columns:200px 1fr;min-height:100vh}
+    aside{padding:2rem 1.5rem;border-right:1px solid var(--border);position:sticky;top:0;height:100vh;display:flex;flex-direction:column}
+    .sidebar-logo{font-family:'SF Mono','Fira Code',monospace;font-weight:600;font-size:14px;letter-spacing:-0.02em;margin-bottom:0.25rem}
+    .sidebar-tagline{font-family:'SF Mono','Fira Code',monospace;font-size:10px;color:var(--muted);text-transform:uppercase;letter-spacing:0.05em;margin-bottom:2.5rem}
+    .sidebar-nav{display:flex;flex-direction:column;gap:0.25rem}
+    .sidebar-nav a{font-family:'SF Mono','Fira Code',monospace;font-size:12px;color:var(--muted);text-decoration:none;padding:0.5rem 0;transition:color 0.15s}
+    .sidebar-nav a:hover{color:var(--text)}
+    .sidebar-divider{height:1px;background:var(--border);margin:1rem 0}
+    .sidebar-label{font-family:'SF Mono','Fira Code',monospace;font-size:10px;color:var(--muted);text-transform:uppercase;letter-spacing:0.1em;margin-bottom:0.5rem}
+    .sidebar-footer{margin-top:auto}
+    .env-badge{font-family:'SF Mono','Fira Code',monospace;display:inline-block;padding:0.35rem 0.75rem;border:1px solid var(--accent);font-size:10px;text-transform:uppercase;letter-spacing:0.05em;color:var(--accent)}
+    .version-badge{font-family:'SF Mono','Fira Code',monospace;font-size:10px;color:var(--muted);opacity:0.5;margin-top:0.5rem;cursor:default;transition:opacity 0.15s}
+    .version-badge:hover{opacity:1}
+    main{min-width:0}
+    .hero{position:relative;padding:5rem 3rem 4rem;border-bottom:1px solid var(--border);overflow:hidden}
+    .hero-canvas{position:absolute;top:0;right:0;width:45%;height:100%;opacity:0.6;mask-image:linear-gradient(to left,black,transparent);-webkit-mask-image:linear-gradient(to left,black,transparent)}
+    .hero>*:not(.hero-canvas){position:relative;z-index:1}
+    .hero-label{font-family:'SF Mono','Fira Code',monospace;font-size:11px;color:var(--muted);text-transform:uppercase;letter-spacing:0.15em;margin-bottom:1.5rem}
+    .hero h1{font-family:system-ui,-apple-system,sans-serif;font-size:clamp(2rem,4vw,3rem);font-weight:500;letter-spacing:-0.03em;line-height:1.15;margin-bottom:1.5rem;max-width:600px}
+    .hero-sub{font-family:'SF Mono','Fira Code',monospace;font-size:13px;color:var(--muted);max-width:550px;line-height:1.7}
+    .hero-sub code{color:var(--text);background:var(--border);padding:0.15em 0.4em;font-size:0.95em}
+    .section{padding:4rem 3rem;border-bottom:1px solid var(--border)}
+    .section-label{font-family:'SF Mono','Fira Code',monospace;font-size:11px;color:var(--muted);text-transform:uppercase;letter-spacing:0.15em;margin-bottom:2rem}
+    .hero-cta{margin-top:2.5rem}
+    .hero-cta .demo-btn{width:auto;padding:14px 32px;font-size:14px}
+    .hero-cta .demo-note{text-align:left}
+    .section-features{border-top:1px solid var(--border);border-bottom:1px solid var(--border);margin-top:-1px}
+    .features-grid{display:grid;grid-template-columns:repeat(4,1fr);gap:1px;background:var(--border)}
+    .feature{background:var(--bg);padding:2rem}
+    .feature-num{font-family:'SF Mono','Fira Code',monospace;font-size:11px;color:var(--muted);margin-bottom:0.75rem}
+    .feature h3{font-size:1rem;font-weight:500;margin-bottom:0.5rem;letter-spacing:-0.01em}
+    .feature p{font-family:'SF Mono','Fira Code',monospace;font-size:11px;color:var(--muted);line-height:1.6}
+    .demo-btn{width:100%;margin-top:16px;padding:12px 24px;background:var(--text);color:var(--bg);border:none;font-family:'SF Mono','Fira Code',monospace;font-size:13px;cursor:pointer;transition:all 0.2s}
+    .demo-btn:hover:not(:disabled){transform:translateY(-1px);box-shadow:0 4px 12px rgba(0,0,0,0.15)}
+    .demo-btn:disabled{opacity:0.4;cursor:not-allowed}
+    .demo-note{margin-top:1rem;font-family:'SF Mono','Fira Code',monospace;font-size:11px;color:var(--muted);text-align:center}
+    .mission{max-width:650px}
+    .mission h2{font-size:1.5rem;font-weight:400;letter-spacing:-0.02em;line-height:1.5;margin-bottom:1.5rem}
+    .mission p{font-family:'SF Mono','Fira Code',monospace;font-size:13px;color:var(--muted);line-height:1.7}
+    .section-cta{text-align:center;padding:5rem 3rem;margin-top:-1px}
+    .cta-content h2{font-size:1.75rem;font-weight:500;letter-spacing:-0.02em;margin-bottom:0.75rem}
+    .cta-content p{font-family:'SF Mono','Fira Code',monospace;font-size:13px;color:var(--muted);margin-bottom:2rem}
+    .cta-buttons{display:flex;gap:1rem;justify-content:center;flex-wrap:wrap}
+    .cta-primary{padding:14px 32px;background:var(--text);color:var(--bg);text-decoration:none;font-family:'SF Mono','Fira Code',monospace;font-size:14px;transition:all 0.2s}
+    .cta-primary:hover{transform:translateY(-1px);box-shadow:0 4px 12px rgba(0,0,0,0.15)}
+    .cta-secondary{padding:14px 32px;background:transparent;color:var(--text);border:1px solid var(--border);font-family:'SF Mono','Fira Code',monospace;font-size:14px;cursor:pointer;transition:all 0.2s}
+    .cta-secondary:hover{border-color:var(--text)}
+    footer{padding:4rem 3rem;background:var(--text);color:var(--bg);margin-top:-1px}
+    .footer-content{display:flex;justify-content:space-between;align-items:flex-start;gap:3rem;max-width:900px}
+    .footer-brand{flex:1}
+    .footer-logo{font-family:'SF Mono','Fira Code',monospace;font-weight:600;font-size:16px;margin-bottom:0.5rem}
+    .footer-tagline{font-family:'SF Mono','Fira Code',monospace;font-size:12px;color:var(--muted);margin-bottom:1.5rem}
+    .footer-copy{font-family:'SF Mono','Fira Code',monospace;font-size:11px;color:var(--muted)}
+    .footer-links{display:flex;gap:3rem}
+    .footer-col h4{font-family:'SF Mono','Fira Code',monospace;font-size:11px;text-transform:uppercase;letter-spacing:0.1em;color:var(--muted);margin-bottom:1rem;font-weight:normal}
+    .footer-col a{display:flex;align-items:center;gap:0.5rem;font-family:'SF Mono','Fira Code',monospace;font-size:13px;color:var(--bg);text-decoration:none;padding:0.35rem 0;transition:opacity 0.15s}
+    .footer-col a:hover{opacity:0.7}
+    .footer-col a svg{width:16px;height:16px}
+    .demo-modal{display:none;position:fixed;inset:0;z-index:1000;align-items:center;justify-content:center}
+    .demo-modal.active{display:flex}
+    .demo-modal-backdrop{position:absolute;inset:0;background:rgba(0,0,0,0.5);backdrop-filter:blur(4px)}
+    .demo-modal-content{position:relative;background:white;border:1px solid var(--border);width:100%;max-width:420px;margin:1rem;box-shadow:0 25px 50px -12px rgba(0,0,0,0.25)}
+    .demo-step{display:none;padding:2rem}
+    .demo-step.active{display:block;animation:fadeIn 0.3s ease}
+    .demo-step-header{margin-bottom:1.5rem}
+    .demo-step-indicator{font-family:'SF Mono','Fira Code',monospace;font-size:11px;color:var(--muted);text-transform:uppercase;letter-spacing:0.1em;display:block;margin-bottom:0.75rem}
+    .demo-step-header h2{font-size:1.25rem;font-weight:500;margin-bottom:0.5rem}
+    .demo-step-header p{font-family:'SF Mono','Fira Code',monospace;font-size:12px;color:var(--muted)}
+    .demo-name-input{width:100%;padding:14px 16px;border:1px solid var(--border);font-family:inherit;font-size:15px;outline:none;transition:border-color 0.15s}
+    .demo-name-input:focus{border-color:var(--text)}
+    .demo-step-footer{display:flex;justify-content:flex-end;gap:0.75rem;margin-top:1.5rem}
+    .demo-next,.demo-launch{padding:12px 24px;background:var(--text);color:var(--bg);border:none;font-family:'SF Mono','Fira Code',monospace;font-size:13px;cursor:pointer;transition:all 0.2s}
+    .demo-next:hover:not(:disabled),.demo-launch:hover:not(:disabled){transform:translateY(-1px);box-shadow:0 4px 12px rgba(0,0,0,0.15)}
+    .demo-next:disabled,.demo-launch:disabled{opacity:0.4;cursor:not-allowed}
+    .demo-back{padding:12px 24px;background:transparent;color:var(--muted);border:1px solid var(--border);font-family:'SF Mono','Fira Code',monospace;font-size:13px;cursor:pointer;transition:all 0.15s}
+    .demo-back:hover{border-color:var(--text);color:var(--text)}
+    .demo-launch{background:linear-gradient(135deg,#10b981,#06b6d4)}
+    .demo-launch:hover:not(:disabled){box-shadow:0 8px 24px rgba(16,185,129,0.3)}
+    .color-picker{display:flex;gap:0.75rem;flex-wrap:wrap}
+    .color-swatch{width:48px;height:48px;border:2px solid transparent;cursor:pointer;transition:all 0.15s;position:relative}
+    .color-swatch:hover{transform:scale(1.1)}
+    .color-swatch.selected{border-color:var(--text)}
+    .color-swatch.selected::after{content:'✓';position:absolute;inset:0;display:flex;align-items:center;justify-content:center;color:white;font-size:18px;text-shadow:0 1px 2px rgba(0,0,0,0.3)}
+    .launch-progress{margin-top:1.5rem;padding:1rem;background:#f5f5f5;border:1px solid var(--border)}
+    .launch-progress.active{display:block;animation:fadeIn 0.3s ease}
+    .progress-step{display:flex;align-items:center;gap:0.75rem;padding:0.5rem 0;font-family:'SF Mono','Fira Code',monospace;font-size:12px;color:var(--muted)}
+    .progress-step.active{color:var(--text)}
+    .progress-step.done{color:var(--primary)}
+    .progress-dot{width:8px;height:8px;background:var(--border);transition:all 0.3s}
+    .progress-step.active .progress-dot{background:var(--text);animation:pulse 1s infinite}
+    .progress-step.done .progress-dot{background:var(--primary)}
+    .launch-success{text-align:center;padding:2rem}
+    .launch-success.active{display:block;animation:successPop 0.5s cubic-bezier(0.34,1.56,0.64,1)}
+    .success-icon{width:48px;height:48px;background:linear-gradient(135deg,#10b981,#06b6d4);display:flex;align-items:center;justify-content:center;margin:0 auto 1rem}
+    .success-icon svg{width:24px;height:24px;color:white}
+    .success-url{font-family:'SF Mono','Fira Code',monospace;font-size:14px;font-weight:500;margin-bottom:0.5rem}
+    .success-redirect{font-family:'SF Mono','Fira Code',monospace;font-size:12px;color:var(--muted)}
+    .demo-modal .launch-progress{display:block;margin-top:0;padding:0;background:transparent;border:none}
+    .demo-modal .launch-success{display:block;padding:1rem 0}
+    @keyframes fadeIn{from{opacity:0;transform:translateY(-10px)}to{opacity:1;transform:translateY(0)}}
+    @keyframes pulse{0%,100%{transform:scale(1)}50%{transform:scale(1.3)}}
+    @keyframes successPop{0%{transform:scale(0.8);opacity:0}100%{transform:scale(1);opacity:1}}
+    @media(max-width:1024px){.features-grid{grid-template-columns:repeat(2,1fr)}}
+    @media(max-width:900px){.layout{grid-template-columns:1fr}aside{position:relative;height:auto;border-right:none;border-bottom:1px solid var(--border);flex-direction:row;align-items:center;justify-content:space-between;padding:1rem 1.5rem}.sidebar-tagline{margin-bottom:0}.sidebar-nav,.sidebar-divider,.sidebar-label,.sidebar-footer{display:none}.hero,.section{padding:3rem 2rem}footer{padding:3rem 2rem}.footer-content{flex-direction:column}}
+    @media(max-width:768px){.features-grid{grid-template-columns:1fr}}
+    @media(max-width:480px){.hero,.section{padding:2rem 1.5rem}.footer-links{flex-direction:column;gap:2rem}}
+  </style>
+</head>
+<body>
+  <div class="layout">
+    <aside>
+      <div>
+        <div class="sidebar-logo">WriteKit</div>
+        <div class="sidebar-tagline">Blogging Platform</div>
+      </div>
+      <nav class="sidebar-nav">
+        <a href="#why">Why WriteKit</a>
+        <a href="#features">Features</a>
+        <a href="/signup" style="color:var(--primary)">Create Blog →</a>
+      </nav>
+      <div class="sidebar-divider"></div>
+      <div class="sidebar-label">Resources</div>
+      <nav class="sidebar-nav">
+        <a href="/docs">Documentation</a>
+        <a href="/discord">Discord</a>
+      </nav>
+      <div class="sidebar-footer">
+        <div class="env-badge">ALPHA</div>
+        <div class="version-badge" title="{{COMMIT}}">{{VERSION}}</div>
+      </div>
+    </aside>
+    <main>
+      <section class="hero">
+        <canvas class="hero-canvas" id="dither-canvas"></canvas>
+        <p class="hero-label">Blog Hosting for Developers / 2025</p>
+        <h1>Your Words,<br>Your Platform</h1>
+        <p class="hero-sub">Spin up a beautiful, fast blog in seconds. <code>SQLite</code>-powered, <code>markdown</code>-native, infinitely customizable.</p>
+        <div class="hero-cta">
+          <button class="demo-btn" id="try-demo">Try Demo</button>
+          <p class="demo-note">{{DEMO_MINUTES}} minute demo. <a href="/signup" style="color:var(--primary)">Create a real blog</a> instead.</p>
+        </div>
+      </section>
+      <section class="section" id="why">
+        <p class="section-label">Why WriteKit</p>
+        <div class="mission">
+          <h2>We built WriteKit because blogging platforms got complicated.</h2>
+          <p>Ghost is heavy. Hashnode is bloated. Medium doesn't care about developers. Hugo outputs static sites — great, until you want comments, logins and analytics without bolting on five services.<br><br>WriteKit is a fully featured platform for developers. Comments, reactions, search, analytics, monetization, API — everything works out of the box. Deploy in seconds, own your data forever.</p>
+        </div>
+      </section>
+      <section class="section-features" id="features">
+        <div class="features-grid">
+          <div class="feature"><p class="feature-num">01</p><h3>Comments & Reactions</h3><p>Threaded comments and emoji reactions. No Disqus, no third-party scripts.</p></div>
+          <div class="feature"><p class="feature-num">02</p><h3>Full-text Search</h3><p>SQLite FTS5 powers instant search. Fast, local, no external service.</p></div>
+          <div class="feature"><p class="feature-num">03</p><h3>Privacy-first Analytics</h3><p>Views, referrers, browsers — no cookies, no tracking pixels.</p></div>
+          <div class="feature"><p class="feature-num">04</p><h3>REST API</h3><p>Full programmatic access. Create posts, manage content, build integrations.</p></div>
+          <div class="feature"><p class="feature-num">05</p><h3>Markdown Native</h3><p>Write how you already write. YAML frontmatter, syntax highlighting.</p></div>
+          <div class="feature"><p class="feature-num">06</p><h3>Custom Domains</h3><p>Your domain or *.writekit.dev. SSL included automatically.</p></div>
+          <div class="feature"><p class="feature-num">07</p><h3>Own Your Data</h3><p>Export anytime. JSON, Markdown, full backup. No lock-in ever.</p></div>
+          <div class="feature"><p class="feature-num">08</p><h3>One-click Deploy</h3><p>No DevOps required. One button, your instance is live.</p></div>
+        </div>
+      </section>
+      <section class="section section-cta" id="cta">
+        <div class="cta-content">
+          <h2>Ready to start writing?</h2>
+          <p>Deploy your blog in seconds. No credit card required.</p>
+          <div class="cta-buttons">
+            <a href="/signup" class="cta-primary">Create Your Blog</a>
+            <button class="cta-secondary" id="try-demo-bottom">Try Demo First</button>
+          </div>
+        </div>
+      </section>
+      <div class="demo-modal" id="demo-modal">
+        <div class="demo-modal-backdrop"></div>
+        <div class="demo-modal-content">
+          <div class="demo-step active" data-step="1">
+            <div class="demo-step-header">
+              <span class="demo-step-indicator">1 / 2</span>
+              <h2>What's your name?</h2>
+              <p>We'll use this to personalize your blog.</p>
+            </div>
+            <input type="text" id="demo-name" class="demo-name-input" placeholder="Your name" autofocus autocomplete="off">
+            <div class="demo-step-footer">
+              <button class="demo-back" id="demo-skip">Skip</button>
+              <button class="demo-next" id="demo-next-1" disabled>Next →</button>
+            </div>
+          </div>
+          <div class="demo-step" data-step="2">
+            <div class="demo-step-header">
+              <span class="demo-step-indicator">2 / 2</span>
+              <h2>Pick a color</h2>
+              <p>Choose an accent color for your blog.</p>
+            </div>
+            <div class="color-picker">
+              <button class="color-swatch selected" data-color="#10b981" style="background:#10b981" title="Emerald"></button>
+              <button class="color-swatch" data-color="#3b82f6" style="background:#3b82f6" title="Blue"></button>
+              <button class="color-swatch" data-color="#8b5cf6" style="background:#8b5cf6" title="Purple"></button>
+              <button class="color-swatch" data-color="#f97316" style="background:#f97316" title="Orange"></button>
+              <button class="color-swatch" data-color="#ef4444" style="background:#ef4444" title="Rose"></button>
+              <button class="color-swatch" data-color="#64748b" style="background:#64748b" title="Slate"></button>
+            </div>
+            <div class="demo-step-footer">
+              <button class="demo-back" id="demo-back-2">← Back</button>
+              <button class="demo-launch" id="demo-launch">Launch Demo</button>
+            </div>
+          </div>
+          <div class="demo-step" data-step="3">
+            <div class="demo-step-header"><h2>Launching your demo...</h2></div>
+            <div class="launch-progress active">
+              <div class="progress-step" data-step="1"><span class="progress-dot"></span><span>Creating database...</span></div>
+              <div class="progress-step" data-step="2"><span class="progress-dot"></span><span>Configuring settings...</span></div>
+              <div class="progress-step" data-step="3"><span class="progress-dot"></span><span>Adding welcome post...</span></div>
+              <div class="progress-step" data-step="4"><span class="progress-dot"></span><span>Ready!</span></div>
+            </div>
+          </div>
+          <div class="demo-step" data-step="4">
+            <div class="launch-success active">
+              <div class="success-icon"><svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path stroke-linecap="round" stroke-linejoin="round" d="M5 13l4 4L19 7"/></svg></div>
+              <div class="success-url" id="success-url"></div>
+              <div class="success-redirect">Redirecting you now...</div>
+            </div>
+          </div>
+        </div>
+      </div>
+      <footer>
+        <div class="footer-content">
+          <div class="footer-brand">
+            <div class="footer-logo">WriteKit</div>
+            <div class="footer-tagline">Your Words, Your Platform</div>
+            <div class="footer-copy">&copy; 2025 WriteKit. All rights reserved.</div>
+          </div>
+          <div class="footer-links">
+            <div class="footer-col">
+              <h4>Product</h4>
+              <a href="#features">Features</a>
+              <a href="/signup">Create Blog</a>
+              <a href="/docs">Documentation</a>
+            </div>
+            <div class="footer-col">
+              <h4>Community</h4>
+              <a href="/discord"><svg viewBox="0 0 24 24" fill="currentColor"><path d="M20.317 4.37a19.791 19.791 0 0 0-4.885-1.515.074.074 0 0 0-.079.037c-.21.375-.444.864-.608 1.25a18.27 18.27 0 0 0-5.487 0 12.64 12.64 0 0 0-.617-1.25.077.077 0 0 0-.079-.037A19.736 19.736 0 0 0 3.677 4.37a.07.07 0 0 0-.032.027C.533 9.046-.32 13.58.099 18.057a.082.082 0 0 0 .031.057 19.9 19.9 0 0 0 5.993 3.03.078.078 0 0 0 .084-.028 14.09 14.09 0 0 0 1.226-1.994.076.076 0 0 0-.041-.106 13.107 13.107 0 0 1-1.872-.892.077.077 0 0 1-.008-.128 10.2 10.2 0 0 0 .372-.292.074.074 0 0 1 .077-.01c3.928 1.793 8.18 1.793 12.062 0a.074.074 0 0 1 .078.01c.12.098.246.198.373.292a.077.077 0 0 1-.006.127 12.299 12.299 0 0 1-1.873.892.077.077 0 0 0-.041.107c.36.698.772 1.362 1.225 1.993a.076.076 0 0 0 .084.028 19.839 19.839 0 0 0 6.002-3.03.077.077 0 0 0 .032-.054c.5-5.177-.838-9.674-3.549-13.66a.061.061 0 0 0-.031-.03zM8.02 15.33c-1.183 0-2.157-1.085-2.157-2.419 0-1.333.956-2.419 2.157-2.419 1.21 0 2.176 1.096 2.157 2.42 0 1.333-.956 2.418-2.157 2.418zm7.975 0c-1.183 0-2.157-1.085-2.157-2.419 0-1.333.955-2.419 2.157-2.419 1.21 0 2.176 1.096 2.157 2.42 0 1.333-.946 2.418-2.157 2.418z"/></svg>Discord</a>
+            </div>
+          </div>
+        </div>
+      </footer>
+    </main>
+  </div>
+  <script>
+    const $ = s => document.querySelector(s)
+    const $$ = s => document.querySelectorAll(s)
+    const sleep = ms => new Promise(r => setTimeout(r, ms))
+
+    const modal = $('#demo-modal')
+    const backdrop = modal.querySelector('.demo-modal-backdrop')
+    const nameInput = $('#demo-name')
+    const nextBtn = $('#demo-next-1')
+    const backBtn = $('#demo-back-2')
+    const launchBtn = $('#demo-launch')
+    const successUrl = $('#success-url')
+    const colorSwatches = $$('.color-swatch')
+
+    let demoName = ''
+    let demoColor = '#10b981'
+
+    const openDemoModal = () => {
+      modal.classList.add('active')
+      setTimeout(() => nameInput.focus(), 100)
+    }
+
+    const resetModal = () => {
+      nameInput.value = ''
+      demoName = ''
+      nextBtn.disabled = true
+      goToModalStep(1)
+      colorSwatches.forEach(s => s.classList.remove('selected'))
+      colorSwatches[0].classList.add('selected')
+      demoColor = '#10b981'
+    }
+
+    const goToModalStep = step => {
+      modal.querySelectorAll('.demo-step').forEach(el => el.classList.remove('active'))
+      modal.querySelector(`.demo-step[data-step="${step}"]`).classList.add('active')
+      if (step === 1) setTimeout(() => nameInput.focus(), 100)
+    }
+
+    const setProgressStep = n => {
+      modal.querySelectorAll('.progress-step').forEach(el => {
+        const step = parseInt(el.dataset.step)
+        el.classList.remove('active', 'done')
+        if (step < n) el.classList.add('done')
+        if (step === n) el.classList.add('active')
+      })
+    }
+
+    const launchDemo = async () => {
+      if (!demoName) return
+      launchBtn.disabled = true
+      launchBtn.textContent = 'Launching...'
+      goToModalStep(3)
+      setProgressStep(1)
+
+      try {
+        const res = await fetch('/api/demo', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ name: demoName, color: demoColor })
+        })
+        const data = await res.json()
+
+        if (res.ok && data.url) {
+          setProgressStep(2)
+          await sleep(150)
+          setProgressStep(3)
+          await sleep(150)
+          setProgressStep(4)
+          await sleep(150)
+          goToModalStep(4)
+          successUrl.textContent = data.url
+          await sleep(300)
+          location.href = data.url
+        } else {
+          goToModalStep(2)
+          launchBtn.disabled = false
+          launchBtn.textContent = 'Launch Demo'
+          alert(data.error || 'Failed to create demo')
+        }
+      } catch {
+        goToModalStep(2)
+        launchBtn.disabled = false
+        launchBtn.textContent = 'Launch Demo'
+        alert('Error creating demo')
+      }
+    }
+
+    $('#try-demo').addEventListener('click', openDemoModal)
+    $('#try-demo-bottom').addEventListener('click', openDemoModal)
+
+    backdrop.addEventListener('click', () => {
+      if (!launchBtn.disabled || modal.querySelector('.demo-step[data-step="1"].active') || modal.querySelector('.demo-step[data-step="2"].active')) {
+        modal.classList.remove('active')
+        resetModal()
+      }
+    })
+
+    document.addEventListener('keydown', e => {
+      if (e.key === 'Escape' && modal.classList.contains('active')) {
+        if (modal.querySelector('.demo-step[data-step="1"].active') || modal.querySelector('.demo-step[data-step="2"].active')) {
+          modal.classList.remove('active')
+          resetModal()
+        }
+      }
+      if (e.key === 'Enter' && modal.classList.contains('active')) {
+        if (modal.querySelector('.demo-step[data-step="1"].active') && !nextBtn.disabled) goToModalStep(2)
+        else if (modal.querySelector('.demo-step[data-step="2"].active')) launchDemo()
+      }
+    })
+
+    nameInput.addEventListener('input', () => {
+      demoName = nameInput.value.trim()
+      nextBtn.disabled = !demoName.length
+    })
+
+    nextBtn.addEventListener('click', () => goToModalStep(2))
+    backBtn.addEventListener('click', () => goToModalStep(1))
+    launchBtn.addEventListener('click', launchDemo)
+
+    $('#demo-skip').addEventListener('click', () => {
+      demoName = 'Demo User'
+      launchDemo()
+    })
+
+    colorSwatches.forEach(swatch => {
+      swatch.addEventListener('click', () => {
+        colorSwatches.forEach(s => s.classList.remove('selected'))
+        swatch.classList.add('selected')
+        demoColor = swatch.dataset.color
+      })
+    })
+
+    $$('a[href^="#"]').forEach(anchor => {
+      anchor.addEventListener('click', e => {
+        e.preventDefault()
+        document.querySelector(anchor.getAttribute('href'))?.scrollIntoView({ behavior: 'smooth' })
+      })
+    })
+
+    ;(() => {
+      const settings = { pixelSize: 8, gridSize: 4, speed: 0.05, colorShift: 0.6, colors: { bright: [0.063, 0.725, 0.506], mid: [0.047, 0.545, 0.38], dark: [0.031, 0.363, 0.253], bg: [0.2, 0.2, 0.2] } }
+      const canvas = $('#dither-canvas')
+      if (!canvas) return
+      const gl = canvas.getContext('webgl2')
+      if (!gl) return
+
+      const vs = `#version 300 es
+        in vec2 a_position;
+        out vec2 v_uv;
+        void main() { v_uv = a_position * 0.5 + 0.5; gl_Position = vec4(a_position, 0.0, 1.0); }`
+
+      const fs = `#version 300 es
+        precision highp float;
+        in vec2 v_uv;
+        out vec4 fragColor;
+        uniform vec2 u_resolution;
+        uniform float u_time, u_pixelSize, u_gridSize, u_speed, u_colorShift;
+        uniform vec3 u_color1, u_color2, u_color3, u_bgColor;
+        float bayer8(vec2 p) { ivec2 P = ivec2(mod(floor(p), 8.0)); int i = P.x + P.y * 8; int b[64] = int[64](0,32,8,40,2,34,10,42,48,16,56,24,50,18,58,26,12,44,4,36,14,46,6,38,60,28,52,20,62,30,54,22,3,35,11,43,1,33,9,41,51,19,59,27,49,17,57,25,15,47,7,39,13,45,5,37,63,31,55,23,61,29,53,21); return float(b[i]) / 64.0; }
+        float hash(vec2 p) { return fract(sin(dot(p, vec2(127.1, 311.7))) * 43758.5453); }
+        float noise(vec2 p) { vec2 i = floor(p), f = fract(p); f = f * f * (3.0 - 2.0 * f); return mix(mix(hash(i), hash(i + vec2(1.0, 0.0)), f.x), mix(hash(i + vec2(0.0, 1.0)), hash(i + vec2(1.0, 1.0)), f.x), f.y); }
+        float fbm(vec2 p) { float v = 0.0, a = 0.5; for (int i = 0; i < 5; i++) { v += a * noise(p); p *= 2.0; a *= 0.5; } return v; }
+        void main() {
+          vec2 pixelUV = floor(v_uv * u_resolution / u_pixelSize) * u_pixelSize / u_resolution;
+          vec2 p = pixelUV * 3.0; float t = u_time * u_speed;
+          float pattern = fbm(p + vec2(t * 0.5, t * 0.3)) * 0.5 + fbm(p * 1.5 - vec2(t * 0.4, -t * 0.2)) * 0.3 + fbm(p * 0.5 + vec2(-t * 0.3, t * 0.5)) * 0.2 + 0.1 * sin(p.x * 2.0 + t) * sin(p.y * 2.0 - t * 0.7);
+          float luma = clamp(smoothstep(0.1, 0.9, pow(pattern, 0.7)) + u_colorShift * sin(u_time * 0.3) * 0.3, 0.0, 1.0);
+          float threshold = bayer8(floor(v_uv * u_resolution / u_gridSize));
+          float level = luma * 3.0; int band = int(floor(level)); float frac = fract(level);
+          vec3 result = band >= 2 ? (frac > threshold ? u_color1 : u_color2) : band == 1 ? (frac > threshold ? u_color2 : u_color3) : (frac > threshold ? u_color3 : u_bgColor);
+          fragColor = vec4(result, 1.0);
+        }`
+
+      const createShader = (type, src) => { const s = gl.createShader(type); gl.shaderSource(s, src); gl.compileShader(s); return gl.getShaderParameter(s, gl.COMPILE_STATUS) ? s : null }
+      const vertexShader = createShader(gl.VERTEX_SHADER, vs)
+      const fragmentShader = createShader(gl.FRAGMENT_SHADER, fs)
+      const program = gl.createProgram()
+      gl.attachShader(program, vertexShader)
+      gl.attachShader(program, fragmentShader)
+      gl.linkProgram(program)
+      if (!gl.getProgramParameter(program, gl.LINK_STATUS)) return
+
+      const vao = gl.createVertexArray()
+      gl.bindVertexArray(vao)
+      const buf = gl.createBuffer()
+      gl.bindBuffer(gl.ARRAY_BUFFER, buf)
+      gl.bufferData(gl.ARRAY_BUFFER, new Float32Array([-1, -1, 1, -1, -1, 1, 1, 1]), gl.STATIC_DRAW)
+      const posLoc = gl.getAttribLocation(program, 'a_position')
+      gl.enableVertexAttribArray(posLoc)
+      gl.vertexAttribPointer(posLoc, 2, gl.FLOAT, false, 0, 0)
+
+      const u = { resolution: gl.getUniformLocation(program, 'u_resolution'), time: gl.getUniformLocation(program, 'u_time'), pixelSize: gl.getUniformLocation(program, 'u_pixelSize'), gridSize: gl.getUniformLocation(program, 'u_gridSize'), speed: gl.getUniformLocation(program, 'u_speed'), colorShift: gl.getUniformLocation(program, 'u_colorShift'), color1: gl.getUniformLocation(program, 'u_color1'), color2: gl.getUniformLocation(program, 'u_color2'), color3: gl.getUniformLocation(program, 'u_color3'), bgColor: gl.getUniformLocation(program, 'u_bgColor') }
+
+      gl.useProgram(program)
+      gl.uniform3fv(u.color1, settings.colors.bright)
+      gl.uniform3fv(u.color2, settings.colors.mid)
+      gl.uniform3fv(u.color3, settings.colors.dark)
+      gl.uniform3fv(u.bgColor, settings.colors.bg)
+
+      const resize = () => { const dpr = Math.min(devicePixelRatio, 2); canvas.width = canvas.offsetWidth * dpr; canvas.height = canvas.offsetHeight * dpr }
+      resize()
+      addEventListener('resize', resize)
+
+      const render = time => {
+        time *= 0.001
+        gl.viewport(0, 0, canvas.width, canvas.height)
+        gl.useProgram(program)
+        gl.bindVertexArray(vao)
+        gl.uniform2f(u.resolution, canvas.width, canvas.height)
+        gl.uniform1f(u.time, time)
+        gl.uniform1f(u.pixelSize, settings.pixelSize)
+        gl.uniform1f(u.gridSize, settings.gridSize)
+        gl.uniform1f(u.speed, settings.speed)
+        gl.uniform1f(u.colorShift, settings.colorShift)
+        gl.drawArrays(gl.TRIANGLE_STRIP, 0, 4)
+        requestAnimationFrame(render)
+      }
+      requestAnimationFrame(render)
+    })()
+  </script>
+</body>
+</html>
diff --git a/internal/server/templates/signup.html b/internal/server/templates/signup.html
new file mode 100644
index 0000000..335c2e2
--- /dev/null
+++ b/internal/server/templates/signup.html
@@ -0,0 +1,472 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8"/>
+<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+<title>Sign Up — WriteKit</title>
+<link rel="icon" type="image/x-icon" href="/assets/writekit-icon.ico"/>
+<link rel="icon" type="image/svg+xml" href="/assets/writekit-icon.svg"/>
+<style>
+*{margin:0;padding:0;box-sizing:border-box}
+:root{--bg:#0a0a0a;--bg-elevated:#111111;--bg-subtle:#1a1a1a;--text:#fafafa;--text-muted:#737373;--text-dim:#525252;--border:#262626;--border-focus:#404040;--accent:{{ACCENT}};--emerald:#10b981;--cyan:#06b6d4;--red:#ef4444}
+html,body{height:100%}
+body{font-family:'SF Mono','Fira Code','Consolas',monospace;background:var(--bg);color:var(--text);line-height:1.6;overflow:hidden}
+.layout{display:grid;grid-template-columns:280px 1fr;height:100vh}
+.sidebar{background:var(--bg);border-right:1px solid var(--border);padding:2.5rem 2rem;display:flex;flex-direction:column}
+.sidebar-header{margin-bottom:3rem}
+.logo{font-size:15px;font-weight:600;letter-spacing:-0.02em;margin-bottom:0.35rem}
+.tagline{font-size:10px;color:var(--text-muted);text-transform:uppercase;letter-spacing:0.1em}
+.sidebar-content{flex:1;display:flex;flex-direction:column;justify-content:center}
+.step-indicator{display:flex;flex-direction:column;gap:1rem}
+.step-item{display:flex;align-items:center;gap:1rem;font-size:12px;color:var(--text-dim);transition:all 0.4s ease}
+.step-item.active{color:var(--text)}
+.step-item.completed{color:var(--emerald)}
+.step-dot{width:8px;height:8px;border:1px solid var(--border);background:transparent;transition:all 0.4s ease}
+.step-item.active .step-dot{background:var(--text);border-color:var(--text);box-shadow:0 0 12px rgba(250,250,250,0.3)}
+.step-item.completed .step-dot{background:var(--emerald);border-color:var(--emerald)}
+.sidebar-footer{margin-top:auto}
+.env-badge{display:inline-block;padding:0.35rem 0.75rem;border:1px solid var(--accent);font-size:10px;text-transform:uppercase;letter-spacing:0.08em;color:var(--accent)}
+.main{display:flex;align-items:center;justify-content:center;padding:2rem;position:relative;overflow:hidden}
+.main::before{content:'';position:absolute;inset:0;background-image:linear-gradient(var(--border) 1px,transparent 1px),linear-gradient(90deg,var(--border) 1px,transparent 1px);background-size:60px 60px;opacity:0.3;mask-image:radial-gradient(ellipse at center,black 0%,transparent 70%)}
+.step-container{position:relative;width:100%;max-width:480px;z-index:1}
+.step{position:absolute;width:100%;opacity:0;visibility:hidden;transform:translateY(30px);transition:all 0.5s cubic-bezier(0.16,1,0.3,1)}
+.step.active{position:relative;opacity:1;visibility:visible;transform:translateY(0)}
+.step.exit-up{transform:translateY(-30px)}
+.step-header{margin-bottom:2.5rem}
+.step-label{font-size:11px;color:var(--text-dim);text-transform:uppercase;letter-spacing:0.15em;margin-bottom:1rem;display:flex;align-items:center;gap:0.5rem}
+.step-label::before{content:'>';color:var(--emerald)}
+.step-title{font-size:clamp(1.75rem,3vw,2.25rem);font-weight:500;letter-spacing:-0.03em;line-height:1.2;margin-bottom:0.75rem}
+.step-desc{font-size:13px;color:var(--text-muted);line-height:1.7}
+.auth-buttons{display:flex;flex-direction:column;gap:0.75rem}
+.auth-btn{display:flex;align-items:center;justify-content:center;gap:0.75rem;padding:1rem 1.5rem;border:1px solid var(--border);background:var(--bg-elevated);color:var(--text);font-family:inherit;font-size:13px;font-weight:500;cursor:pointer;transition:all 0.2s ease;text-decoration:none}
+.auth-btn:hover{border-color:var(--border-focus);background:var(--bg-subtle)}
+.auth-btn.primary{background:var(--text);color:var(--bg);border-color:var(--text)}
+.auth-btn.primary:hover{background:#e5e5e5;border-color:#e5e5e5;transform:translateY(-2px);box-shadow:0 8px 24px rgba(250,250,250,0.15)}
+.auth-btn svg{width:20px;height:20px;flex-shrink:0}
+.auth-divider{display:flex;align-items:center;gap:1rem;margin:0.5rem 0}
+.auth-divider::before,.auth-divider::after{content:'';flex:1;height:1px;background:var(--border)}
+.auth-divider span{font-size:11px;color:var(--text-dim);text-transform:uppercase;letter-spacing:0.1em}
+.user-greeting{display:flex;flex-direction:column}
+.user-avatar{width:64px;height:64px;border-radius:50%;margin-bottom:1.5rem;border:2px solid var(--border);display:none;object-fit:cover}
+.user-avatar.loaded{display:block;animation:avatarPop 0.5s cubic-bezier(0.34,1.56,0.64,1)}
+@keyframes avatarPop{0%{transform:scale(0);opacity:0}100%{transform:scale(1);opacity:1}}
+.subdomain-form{margin-bottom:1.5rem}
+.input-row{display:flex;align-items:stretch;border:1px solid var(--border);background:var(--bg-elevated);transition:all 0.2s ease}
+.input-row:focus-within{border-color:var(--border-focus)}
+.input-row.valid{border-color:var(--emerald)}
+.input-row.invalid{border-color:var(--red)}
+.subdomain-input{flex:1;padding:1rem 1.25rem;background:transparent;border:none;color:var(--text);font-family:inherit;font-size:15px;outline:none}
+.subdomain-input::placeholder{color:var(--text-dim)}
+.subdomain-suffix{padding:1rem 1.25rem;background:var(--bg-subtle);color:var(--text-muted);font-size:15px;display:flex;align-items:center;border-left:1px solid var(--border)}
+.input-status{height:1.5rem;margin-top:0.75rem;font-size:12px;display:flex;align-items:center;gap:0.5rem}
+.input-status.available{color:var(--emerald)}
+.input-status.unavailable{color:var(--red)}
+.input-status.checking{color:var(--text-muted)}
+.input-status .dot{width:6px;height:6px;background:currentColor;animation:pulse 1s infinite}
+@keyframes pulse{0%,100%{opacity:1}50%{opacity:0.4}}
+.btn-row{display:flex;gap:0.75rem}
+.btn{padding:1rem 2rem;font-family:inherit;font-size:13px;font-weight:500;cursor:pointer;transition:all 0.2s ease;border:1px solid var(--border);background:var(--bg-elevated);color:var(--text)}
+.btn:hover:not(:disabled){border-color:var(--border-focus);background:var(--bg-subtle)}
+.btn:disabled{opacity:0.4;cursor:not-allowed}
+.btn.primary{flex:1;background:linear-gradient(135deg,var(--emerald),var(--cyan));border:none;color:white}
+.btn.primary:hover:not(:disabled){transform:translateY(-2px);box-shadow:0 8px 24px rgba(16,185,129,0.3)}
+.btn.primary:disabled{background:var(--border);transform:none;box-shadow:none}
+.btn-back{width:48px;padding:1rem;display:flex;align-items:center;justify-content:center}
+.btn-back svg{width:16px;height:16px}
+.progress-steps{background:var(--bg-elevated);border:1px solid var(--border);padding:1.5rem}
+.progress-step{display:flex;align-items:center;gap:1rem;padding:0.75rem 0;font-size:13px;color:var(--text-dim);transition:all 0.4s ease}
+.progress-step.active{color:var(--text)}
+.progress-step.done{color:var(--emerald)}
+.progress-step .dot{width:8px;height:8px;background:var(--border);flex-shrink:0;transition:all 0.3s ease}
+.progress-step.active .dot{background:var(--text);animation:progressPulse 1s infinite}
+.progress-step.done .dot{background:var(--emerald)}
+@keyframes progressPulse{0%,100%{transform:scale(1);box-shadow:0 0 0 0 rgba(250,250,250,0.4)}50%{transform:scale(1.2);box-shadow:0 0 12px 2px rgba(250,250,250,0.2)}}
+.success-content{text-align:center}
+.success-icon{width:72px;height:72px;margin:0 auto 2rem;background:linear-gradient(135deg,var(--emerald),var(--cyan));display:flex;align-items:center;justify-content:center;animation:successPop 0.6s cubic-bezier(0.34,1.56,0.64,1)}
+@keyframes successPop{0%{transform:scale(0);opacity:0}50%{transform:scale(1.1)}100%{transform:scale(1);opacity:1}}
+.success-icon svg{width:32px;height:32px;color:white;animation:checkDraw 0.4s 0.3s ease-out both}
+@keyframes checkDraw{0%{stroke-dashoffset:24;opacity:0}100%{stroke-dashoffset:0;opacity:1}}
+.success-icon svg path{stroke-dasharray:24;stroke-dashoffset:24;animation:checkDraw 0.4s 0.3s ease-out forwards}
+.success-url{font-size:18px;font-weight:600;margin-bottom:0.5rem;background:linear-gradient(135deg,var(--emerald),var(--cyan));-webkit-background-clip:text;-webkit-text-fill-color:transparent;background-clip:text}
+.success-redirect{font-size:12px;color:var(--text-muted);display:flex;align-items:center;justify-content:center;gap:0.5rem}
+.success-redirect .dot{width:6px;height:6px;background:var(--text-muted);animation:pulse 1s infinite}
+.back-link{position:absolute;top:2rem;left:2rem;font-size:12px;color:var(--text-muted);text-decoration:none;display:flex;align-items:center;gap:0.5rem;transition:color 0.2s;z-index:10}
+.back-link:hover{color:var(--text)}
+.back-link svg{width:14px;height:14px}
+.keyboard-hint{position:absolute;bottom:2rem;left:50%;transform:translateX(-50%);font-size:11px;color:var(--text-dim);display:flex;align-items:center;gap:0.5rem}
+.key{padding:0.25rem 0.5rem;background:var(--bg-subtle);border:1px solid var(--border);font-size:10px}
+.color-picker{margin-bottom:2rem}
+.color-options{display:flex;gap:0.75rem;flex-wrap:wrap;margin-bottom:1.5rem}
+.color-option{width:48px;height:48px;border:2px solid transparent;background:var(--color);cursor:pointer;transition:all 0.2s ease;position:relative}
+.color-option:hover{transform:scale(1.1)}
+.color-option.selected{border-color:var(--text);box-shadow:0 0 0 2px var(--bg),0 0 0 4px var(--color)}
+.color-option.selected::after{content:'✓';position:absolute;inset:0;display:flex;align-items:center;justify-content:center;color:white;font-size:18px;text-shadow:0 1px 2px rgba(0,0,0,0.3)}
+.color-preview{display:flex;align-items:center;gap:1rem}
+.preview-label{font-size:11px;color:var(--text-dim);text-transform:uppercase;letter-spacing:0.1em}
+.preview-box{flex:1;height:8px;background:var(--bg-subtle);border:1px solid var(--border);overflow:hidden}
+.preview-accent{height:100%;width:60%;background:var(--emerald);transition:background 0.3s ease,width 0.3s ease}
+@media(max-width:900px){.layout{grid-template-columns:1fr}.sidebar{display:none}.main{padding:1.5rem}.back-link{position:relative;top:auto;left:auto;margin-bottom:2rem}.keyboard-hint{display:none}}
+@media(max-width:480px){.step-title{font-size:1.5rem}.auth-btn{padding:0.875rem 1.25rem}}
+</style>
+</head>
+<body>
+<div class="layout">
+<aside class="sidebar">
+<div class="sidebar-header">
+<div class="logo">WriteKit</div>
+<div class="tagline">Blogging Platform</div>
+</div>
+<div class="sidebar-content">
+<div class="step-indicator">
+<div class="step-item active" data-step="1"><span class="step-dot"></span><span>Sign in</span></div>
+<div class="step-item" data-step="2"><span class="step-dot"></span><span>Personalize</span></div>
+<div class="step-item" data-step="3"><span class="step-dot"></span><span>Choose subdomain</span></div>
+<div class="step-item" data-step="4"><span class="step-dot"></span><span>Launch</span></div>
+</div>
+</div>
+<div class="sidebar-footer">
+<div class="env-badge">ALPHA</div>
+</div>
+</aside>
+<main class="main">
+<a href="/" class="back-link">
+<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path stroke-linecap="round" stroke-linejoin="round" d="M10 19l-7-7m0 0l7-7m-7 7h18"/></svg>
+Back to home
+</a>
+<div class="step-container">
+<div class="step active" id="step-auth">
+<div class="step-header">
+<div class="step-label">Step 1</div>
+<h1 class="step-title">Start your blog</h1>
+<p class="step-desc">Sign in to create your WriteKit instance. Your blog will be ready in seconds.</p>
+</div>
+<div class="auth-buttons">
+<a href="/auth/github?callback=/signup/complete" class="auth-btn primary">
+<svg viewBox="0 0 24 24" fill="currentColor"><path d="M12 0c-6.626 0-12 5.373-12 12 0 5.302 3.438 9.8 8.207 11.387.599.111.793-.261.793-.577v-2.234c-3.338.726-4.033-1.416-4.033-1.416-.546-1.387-1.333-1.756-1.333-1.756-1.089-.745.083-.729.083-.729 1.205.084 1.839 1.237 1.839 1.237 1.07 1.834 2.807 1.304 3.492.997.107-.775.418-1.305.762-1.604-2.665-.305-5.467-1.334-5.467-5.931 0-1.311.469-2.381 1.236-3.221-.124-.303-.535-1.524.117-3.176 0 0 1.008-.322 3.301 1.23.957-.266 1.983-.399 3.003-.404 1.02.005 2.047.138 3.006.404 2.291-1.552 3.297-1.23 3.297-1.23.653 1.653.242 2.874.118 3.176.77.84 1.235 1.911 1.235 3.221 0 4.609-2.807 5.624-5.479 5.921.43.372.823 1.102.823 2.222v3.293c0 .319.192.694.801.576 4.765-1.589 8.199-6.086 8.199-11.386 0-6.627-5.373-12-12-12z"/></svg>
+Continue with GitHub
+</a>
+<div class="auth-divider"><span>or</span></div>
+<a href="/auth/google?callback=/signup/complete" class="auth-btn">
+<svg viewBox="0 0 24 24"><path fill="#4285F4" d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"/><path fill="#34A853" d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"/><path fill="#FBBC05" d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"/><path fill="#EA4335" d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"/></svg>
+Continue with Google
+</a>
+<a href="/auth/discord?callback=/signup/complete" class="auth-btn">
+<svg viewBox="0 0 24 24" fill="#5865F2"><path d="M20.317 4.37a19.791 19.791 0 0 0-4.885-1.515.074.074 0 0 0-.079.037c-.21.375-.444.864-.608 1.25a18.27 18.27 0 0 0-5.487 0 12.64 12.64 0 0 0-.617-1.25.077.077 0 0 0-.079-.037A19.736 19.736 0 0 0 3.677 4.37a.07.07 0 0 0-.032.027C.533 9.046-.32 13.58.099 18.057a.082.082 0 0 0 .031.057 19.9 19.9 0 0 0 5.993 3.03.078.078 0 0 0 .084-.028 14.09 14.09 0 0 0 1.226-1.994.076.076 0 0 0-.041-.106 13.107 13.107 0 0 1-1.872-.892.077.077 0 0 1-.008-.128 10.2 10.2 0 0 0 .372-.292.074.074 0 0 1 .077-.01c3.928 1.793 8.18 1.793 12.062 0a.074.074 0 0 1 .078.01c.12.098.246.198.373.292a.077.077 0 0 1-.006.127 12.299 12.299 0 0 1-1.873.892.077.077 0 0 0-.041.107c.36.698.772 1.362 1.225 1.993a.076.076 0 0 0 .084.028 19.839 19.839 0 0 0 6.002-3.03.077.077 0 0 0 .032-.054c.5-5.177-.838-9.674-3.549-13.66a.061.061 0 0 0-.031-.03zM8.02 15.33c-1.183 0-2.157-1.085-2.157-2.419 0-1.333.956-2.419 2.157-2.419 1.21 0 2.176 1.096 2.157 2.42 0 1.333-.956 2.418-2.157 2.418zm7.975 0c-1.183 0-2.157-1.085-2.157-2.419 0-1.333.955-2.419 2.157-2.419 1.21 0 2.176 1.096 2.157 2.42 0 1.333-.946 2.418-2.157 2.418z"/></svg>
+Continue with Discord
+</a>
+</div>
+</div>
+<div class="step" id="step-personalize">
+<div class="step-header">
+<div class="user-greeting">
+<img class="user-avatar" id="personalize-avatar" alt=""/>
+<div class="step-label">Step 2</div>
+<h1 class="step-title" id="personalize-title">Pick your style</h1>
+</div>
+<p class="step-desc">Choose an accent color for your blog. You can change this anytime in settings.</p>
+</div>
+<div class="color-picker">
+<div class="color-options">
+<button type="button" class="color-option" data-color="#10b981" style="--color:#10b981" title="Emerald"></button>
+<button type="button" class="color-option" data-color="#06b6d4" style="--color:#06b6d4" title="Cyan"></button>
+<button type="button" class="color-option" data-color="#8b5cf6" style="--color:#8b5cf6" title="Violet"></button>
+<button type="button" class="color-option" data-color="#ec4899" style="--color:#ec4899" title="Pink"></button>
+<button type="button" class="color-option" data-color="#f97316" style="--color:#f97316" title="Orange"></button>
+<button type="button" class="color-option" data-color="#eab308" style="--color:#eab308" title="Yellow"></button>
+<button type="button" class="color-option" data-color="#ef4444" style="--color:#ef4444" title="Red"></button>
+<button type="button" class="color-option" data-color="#64748b" style="--color:#64748b" title="Slate"></button>
+</div>
+<div class="color-preview">
+<span class="preview-label">Preview</span>
+<div class="preview-box" id="color-preview"><div class="preview-accent"></div></div>
+</div>
+</div>
+<div class="btn-row">
+<button class="btn btn-back" id="btn-personalize-back" type="button" title="Use different account">
+<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path stroke-linecap="round" stroke-linejoin="round" d="M10 19l-7-7m0 0l7-7m-7 7h18"/></svg>
+</button>
+<button class="btn primary" id="btn-personalize-next">Continue</button>
+</div>
+</div>
+<div class="step" id="step-subdomain">
+<div class="step-header">
+<div class="user-greeting" id="user-greeting">
+<img class="user-avatar" id="user-avatar" alt=""/>
+<div class="step-label">Step 3</div>
+<h1 class="step-title" id="greeting-title">Choose your subdomain</h1>
+</div>
+<p class="step-desc">Pick a memorable address for your blog. You can add a custom domain later.</p>
+</div>
+<div class="subdomain-form">
+<div class="input-row" id="input-row">
+<input type="text" class="subdomain-input" id="subdomain" placeholder="myblog" autocomplete="off" spellcheck="false" autofocus/>
+<span class="subdomain-suffix" id="domain-suffix">.writekit.dev</span>
+</div>
+<div class="input-status" id="status"></div>
+</div>
+<div class="btn-row">
+<button class="btn btn-back" id="btn-back" type="button">
+<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2"><path stroke-linecap="round" stroke-linejoin="round" d="M10 19l-7-7m0 0l7-7m-7 7h18"/></svg>
+</button>
+<button class="btn primary" id="btn-launch" disabled>Create my blog</button>
+</div>
+</div>
+<div class="step" id="step-provisioning">
+<div class="step-header">
+<div class="step-label">Step 4</div>
+<h1 class="step-title">Launching your blog</h1>
+<p class="step-desc">Setting everything up. This only takes a few seconds.</p>
+</div>
+<div class="progress-steps" id="progress-steps">
+<div class="progress-step" data-step="1"><span class="dot"></span><span>Reserving subdomain...</span></div>
+<div class="progress-step" data-step="2"><span class="dot"></span><span>Spinning up container...</span></div>
+<div class="progress-step" data-step="3"><span class="dot"></span><span>Configuring SSL...</span></div>
+<div class="progress-step" data-step="4"><span class="dot"></span><span>Almost ready...</span></div>
+</div>
+</div>
+<div class="step" id="step-success">
+<div class="success-content">
+<div class="success-icon">
+<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2.5"><path stroke-linecap="round" stroke-linejoin="round" d="M5 13l4 4L19 7"/></svg>
+</div>
+<div class="step-title">You're all set!</div>
+<div class="success-url" id="success-url"></div>
+<div class="success-redirect"><span class="dot"></span><span>Redirecting to your studio...</span></div>
+</div>
+</div>
+</div>
+<div class="keyboard-hint">Press <span class="key">Enter</span> to continue</div>
+</main>
+</div>
+<script>
+const $ = s => document.getElementById(s)
+const $$ = s => document.querySelectorAll(s)
+
+const steps = { auth: $('step-auth'), personalize: $('step-personalize'), subdomain: $('step-subdomain'), provisioning: $('step-provisioning'), success: $('step-success') }
+const stepIndicators = $$('.step-item')
+const subdomainInput = $('subdomain')
+const inputRow = $('input-row')
+const status = $('status')
+const btnLaunch = $('btn-launch')
+const btnBack = $('btn-back')
+const successUrl = $('success-url')
+const userAvatar = $('user-avatar')
+const greetingTitle = $('greeting-title')
+const personalizeAvatar = $('personalize-avatar')
+const personalizeTitle = $('personalize-title')
+const colorOptions = $$('.color-option')
+const previewAccent = document.querySelector('.preview-accent')
+const btnPersonalizeNext = $('btn-personalize-next')
+const btnPersonalizeBack = $('btn-personalize-back')
+
+let currentStep = 'auth'
+let currentSubdomain = ''
+let isAvailable = false
+let debounceTimer
+let currentUser = null
+let selectedColor = '#10b981'
+
+const sleep = ms => new Promise(r => setTimeout(r, ms))
+
+const fetchUserInfo = async token => {
+  try {
+    const res = await fetch(`/api/auth/user?token=${encodeURIComponent(token)}`)
+    if (!res.ok) {
+      sessionStorage.removeItem('signup_token')
+      return false
+    }
+    const user = await res.json()
+    currentUser = user
+    const firstName = user.name?.split(' ')[0] ?? ''
+    if (user.avatar_url) {
+      userAvatar.src = user.avatar_url
+      userAvatar.onload = () => userAvatar.classList.add('loaded')
+      personalizeAvatar.src = user.avatar_url
+      personalizeAvatar.onload = () => personalizeAvatar.classList.add('loaded')
+    }
+    if (firstName) {
+      greetingTitle.textContent = `Hey ${firstName}!`
+      personalizeTitle.textContent = `Pick your style, ${firstName}`
+    }
+    return true
+  } catch {
+    sessionStorage.removeItem('signup_token')
+    return false
+  }
+}
+
+const goToStep = stepName => {
+  const currentEl = steps[currentStep]
+  const nextEl = steps[stepName]
+  const stepOrder = ['auth', 'personalize', 'subdomain', 'provisioning', 'success']
+  const nextIndex = stepOrder.indexOf(stepName)
+
+  stepIndicators.forEach((indicator, i) => {
+    indicator.classList.remove('active', 'completed')
+    if (i < nextIndex) indicator.classList.add('completed')
+    else if (i === nextIndex) indicator.classList.add('active')
+  })
+
+  currentEl.classList.add('exit-up')
+  currentEl.classList.remove('active')
+
+  setTimeout(() => {
+    currentEl.classList.remove('exit-up')
+    nextEl.classList.add('active')
+    currentStep = stepName
+    if (stepName === 'subdomain') setTimeout(() => subdomainInput.focus(), 100)
+  }, 150)
+}
+
+const checkAvailability = async subdomain => {
+  if (subdomain !== currentSubdomain) return
+  try {
+    const res = await fetch(`/api/demo/check?subdomain=${encodeURIComponent(subdomain)}`)
+    const data = await res.json()
+    if (subdomain !== currentSubdomain) return
+    if (data.domain) $('domain-suffix').textContent = '.' + data.domain
+    if (data.available) {
+      status.textContent = `${subdomain}.${data.domain} is available`
+      status.className = 'input-status available'
+      inputRow.className = 'input-row valid'
+      btnLaunch.disabled = false
+      isAvailable = true
+    } else {
+      status.textContent = data.reason || 'Not available'
+      status.className = 'input-status unavailable'
+      inputRow.className = 'input-row invalid'
+      btnLaunch.disabled = true
+      isAvailable = false
+    }
+  } catch {
+    status.textContent = 'Error checking availability'
+    status.className = 'input-status unavailable'
+    btnLaunch.disabled = true
+    isAvailable = false
+  }
+}
+
+const animateProgress = async url => {
+  const progressSteps = $$('#progress-steps .progress-step')
+  let ready = false
+  let redirecting = false
+
+  const pollUrl = async () => {
+    const start = Date.now()
+    while (!ready && Date.now() - start < 30000) {
+      try {
+        const res = await fetch(url + '/health', { method: 'HEAD' })
+        if (res.ok || res.status === 307 || res.status === 302) ready = true
+      } catch { await sleep(300) }
+    }
+  }
+
+  const doRedirect = () => {
+    if (redirecting) return
+    redirecting = true
+    progressSteps.forEach(s => { s.classList.remove('active'); s.classList.add('done') })
+    successUrl.textContent = url.replace('https://', '')
+    goToStep('success')
+    const token = sessionStorage.getItem('signup_token')
+    setTimeout(() => { window.location.href = url + '/auth/callback?token=' + encodeURIComponent(token) + '&redirect=/studio' }, 400)
+  }
+
+  pollUrl().then(() => { if (ready) doRedirect() })
+
+  for (let i = 0; i < progressSteps.length; i++) {
+    if (ready) return doRedirect()
+    progressSteps[i].classList.add('active')
+    await sleep(300)
+    progressSteps[i].classList.remove('active')
+    progressSteps[i].classList.add('done')
+  }
+
+  while (!ready) await sleep(100)
+  doRedirect()
+}
+
+const launchBlog = async () => {
+  if (!isAvailable || !currentSubdomain) return
+  const token = sessionStorage.getItem('signup_token')
+  if (!token) { goToStep('auth'); return }
+
+  btnLaunch.disabled = true
+  goToStep('provisioning')
+
+  try {
+    const res = await fetch('/api/signup/tenant', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${token}` },
+      body: JSON.stringify({ subdomain: currentSubdomain, accent_color: selectedColor })
+    })
+    if (res.status === 401) { sessionStorage.removeItem('signup_token'); goToStep('auth'); return }
+    const data = await res.json()
+    if (res.ok && data.url) {
+      await animateProgress(data.url)
+    } else {
+      goToStep('subdomain')
+      status.textContent = data.error || 'Failed to create blog'
+      status.className = 'input-status unavailable'
+    }
+  } catch {
+    goToStep('subdomain')
+    status.textContent = 'Error creating blog'
+    status.className = 'input-status unavailable'
+  }
+}
+
+;(async () => {
+  const urlParams = new URLSearchParams(window.location.search)
+  const urlToken = urlParams.get('token')
+  const storedToken = sessionStorage.getItem('signup_token')
+
+  if (urlToken) {
+    sessionStorage.setItem('signup_token', urlToken)
+    window.history.replaceState({}, '', '/signup')
+    if (await fetchUserInfo(urlToken)) goToStep('personalize')
+  } else if (storedToken) {
+    if (await fetchUserInfo(storedToken)) goToStep('personalize')
+  }
+
+  colorOptions[0]?.classList.add('selected')
+})()
+
+subdomainInput.addEventListener('input', () => {
+  const value = subdomainInput.value.toLowerCase().replace(/[^a-z0-9-]/g, '')
+  if (value !== subdomainInput.value) subdomainInput.value = value
+  currentSubdomain = value
+
+  if (!value) {
+    status.textContent = ''
+    status.className = 'input-status'
+    inputRow.className = 'input-row'
+    btnLaunch.disabled = true
+    isAvailable = false
+    return
+  }
+
+  clearTimeout(debounceTimer)
+  status.innerHTML = '<span class="dot"></span> Checking...'
+  status.className = 'input-status checking'
+  inputRow.className = 'input-row'
+  btnLaunch.disabled = true
+  debounceTimer = setTimeout(() => checkAvailability(value), 300)
+})
+
+colorOptions.forEach(option => {
+  option.addEventListener('click', () => {
+    colorOptions.forEach(o => o.classList.remove('selected'))
+    option.classList.add('selected')
+    selectedColor = option.dataset.color
+    previewAccent.style.background = selectedColor
+  })
+})
+
+btnPersonalizeBack.addEventListener('click', () => { sessionStorage.removeItem('signup_token'); goToStep('auth') })
+btnPersonalizeNext.addEventListener('click', () => goToStep('subdomain'))
+btnBack.addEventListener('click', () => goToStep('personalize'))
+btnLaunch.addEventListener('click', launchBlog)
+document.addEventListener('keydown', e => { if (e.key === 'Enter' && currentStep === 'subdomain' && isAvailable) launchBlog() })
+</script>
+</body>
+</html>
diff --git a/internal/storage/s3.go b/internal/storage/s3.go
new file mode 100644
index 0000000..b32e397
--- /dev/null
+++ b/internal/storage/s3.go
@@ -0,0 +1,113 @@
+package storage
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"os"
+	"time"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/credentials"
+	"github.com/aws/aws-sdk-go-v2/service/s3"
+)
+
+type S3Client struct {
+	s3        *s3.Client
+	presign   *s3.PresignClient
+	bucket    string
+	publicURL string
+}
+
+type S3Config struct {
+	Endpoint  string
+	AccessKey string
+	SecretKey string
+	Bucket    string
+	PublicURL string
+	Region    string
+}
+
+func NewS3Client(cfg S3Config) (*S3Client, error) {
+	awsCfg, err := config.LoadDefaultConfig(context.Background(),
+		config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(cfg.AccessKey, cfg.SecretKey, "")),
+		config.WithRegion(cfg.Region),
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	client := s3.NewFromConfig(awsCfg, func(o *s3.Options) {
+		if cfg.Endpoint != "" {
+			o.BaseEndpoint = aws.String(cfg.Endpoint)
+		}
+	})
+
+	return &S3Client{
+		s3:        client,
+		presign:   s3.NewPresignClient(client),
+		bucket:    cfg.Bucket,
+		publicURL: cfg.PublicURL,
+	}, nil
+}
+
+func NewR2Client() (*S3Client, error) {
+	accountID := os.Getenv("R2_ACCOUNT_ID")
+	accessKey := os.Getenv("R2_ACCESS_KEY_ID")
+	secretKey := os.Getenv("R2_SECRET_ACCESS_KEY")
+	bucket := os.Getenv("R2_BUCKET")
+	publicURL := os.Getenv("R2_PUBLIC_URL")
+
+	if accountID == "" || accessKey == "" || secretKey == "" {
+		return nil, fmt.Errorf("R2 credentials not configured")
+	}
+
+	endpoint := os.Getenv("R2_ENDPOINT")
+	if endpoint == "" {
+		endpoint = fmt.Sprintf("https://%s.r2.cloudflarestorage.com", accountID)
+	}
+
+	return NewS3Client(S3Config{
+		Endpoint:  endpoint,
+		AccessKey: accessKey,
+		SecretKey: secretKey,
+		Bucket:    bucket,
+		PublicURL: publicURL,
+		Region:    "auto",
+	})
+}
+
+func (c *S3Client) Upload(ctx context.Context, key string, body io.Reader, contentType string) error {
+	_, err := c.s3.PutObject(ctx, &s3.PutObjectInput{
+		Bucket:      aws.String(c.bucket),
+		Key:         aws.String(key),
+		Body:        body,
+		ContentType: aws.String(contentType),
+	})
+	return err
+}
+
+func (c *S3Client) Delete(ctx context.Context, key string) error {
+	_, err := c.s3.DeleteObject(ctx, &s3.DeleteObjectInput{
+		Bucket: aws.String(c.bucket),
+		Key:    aws.String(key),
+	})
+	return err
+}
+
+func (c *S3Client) PresignUpload(ctx context.Context, key string, contentType string, expires time.Duration) (string, error) {
+	req, err := c.presign.PresignPutObject(ctx, &s3.PutObjectInput{
+		Bucket:      aws.String(c.bucket),
+		Key:         aws.String(key),
+		ContentType: aws.String(contentType),
+	}, s3.WithPresignExpires(expires))
+	if err != nil {
+		return "", err
+	}
+	return req.URL, nil
+}
+
+func (c *S3Client) PublicURL(key string) string {
+	return fmt.Sprintf("%s/%s", c.publicURL, key)
+}
diff --git a/internal/storage/storage.go b/internal/storage/storage.go
new file mode 100644
index 0000000..b00e29c
--- /dev/null
+++ b/internal/storage/storage.go
@@ -0,0 +1,14 @@
+package storage
+
+import (
+	"context"
+	"io"
+	"time"
+)
+
+type Client interface {
+	Upload(ctx context.Context, key string, body io.Reader, contentType string) error
+	Delete(ctx context.Context, key string) error
+	PresignUpload(ctx context.Context, key string, contentType string, expires time.Duration) (string, error)
+	PublicURL(key string) string
+}
diff --git a/internal/tenant/analytics.go b/internal/tenant/analytics.go
new file mode 100644
index 0000000..5bf1efc
--- /dev/null
+++ b/internal/tenant/analytics.go
@@ -0,0 +1,279 @@
+package tenant
+
+import (
+	"context"
+	"database/sql"
+	"encoding/json"
+	"time"
+)
+
+type PageView struct {
+	ID        int64
+	Path      string
+	PostSlug  string
+	Referrer  string
+	UserAgent string
+	CreatedAt time.Time
+}
+
+type AnalyticsSummary struct {
+	TotalViews      int64           `json:"total_views"`
+	TotalPageViews  int64           `json:"total_page_views"`
+	UniqueVisitors  int64           `json:"unique_visitors"`
+	TotalBandwidth  int64           `json:"total_bandwidth"`
+	ViewsChange     float64         `json:"views_change"`
+	TopPages        []PageStats     `json:"top_pages"`
+	TopReferrers    []ReferrerStats `json:"top_referrers"`
+	ViewsByDay      []DailyStats    `json:"views_by_day"`
+	Browsers        []NamedStat     `json:"browsers"`
+	OS              []NamedStat     `json:"os"`
+	Devices         []NamedStat     `json:"devices"`
+	Countries       []NamedStat     `json:"countries"`
+}
+
+type PageStats struct {
+	Path  string `json:"path"`
+	Views int64  `json:"views"`
+}
+
+type ReferrerStats struct {
+	Referrer string `json:"referrer"`
+	Views    int64  `json:"views"`
+}
+
+type DailyStats struct {
+	Date     string `json:"date"`
+	Views    int64  `json:"views"`
+	Visitors int64  `json:"visitors"`
+}
+
+type NamedStat struct {
+	Name  string `json:"name"`
+	Count int64  `json:"count"`
+}
+
+type ArchivedDay struct {
+	Date           string      `json:"date"`
+	Requests       int64       `json:"requests"`
+	PageViews      int64       `json:"page_views"`
+	UniqueVisitors int64       `json:"unique_visitors"`
+	Bandwidth      int64       `json:"bandwidth"`
+	Browsers       []NamedStat `json:"browsers"`
+	OS             []NamedStat `json:"os"`
+	Devices        []NamedStat `json:"devices"`
+	Countries      []NamedStat `json:"countries"`
+	Paths          []PageStats `json:"paths"`
+}
+
+func (q *Queries) RecordPageView(ctx context.Context, path, postSlug, referrer, userAgent string) error {
+	_, err := q.db.ExecContext(ctx, `INSERT INTO page_views (path, post_slug, referrer, user_agent, visitor_hash, utm_source, utm_medium, utm_campaign, device_type, browser, os, country)
+		VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+		path, nullStr(postSlug), nullStr(referrer), nullStr(userAgent), sql.NullString{}, sql.NullString{}, sql.NullString{}, sql.NullString{}, sql.NullString{}, sql.NullString{}, sql.NullString{}, sql.NullString{})
+	return err
+}
+
+func (q *Queries) GetAnalytics(ctx context.Context, days int) (*AnalyticsSummary, error) {
+	if days <= 0 {
+		days = 30
+	}
+
+	since := time.Now().AddDate(0, 0, -days).Format("2006-01-02")
+
+	var totalCount, uniqueCount int64
+	err := q.db.QueryRowContext(ctx, `SELECT COUNT(*), COUNT(DISTINCT visitor_hash) FROM page_views WHERE created_at >= ?`, since).
+		Scan(&totalCount, &uniqueCount)
+	if err != nil {
+		return nil, err
+	}
+
+	topPagesRows, err := q.db.QueryContext(ctx, `SELECT path, COUNT(*) as views FROM page_views WHERE created_at >= ? GROUP BY path ORDER BY views DESC LIMIT ?`, since, 10)
+	if err != nil {
+		return nil, err
+	}
+	defer topPagesRows.Close()
+
+	var topPages []PageStats
+	for topPagesRows.Next() {
+		var p PageStats
+		if err := topPagesRows.Scan(&p.Path, &p.Views); err != nil {
+			return nil, err
+		}
+		topPages = append(topPages, p)
+	}
+
+	topRefRows, err := q.db.QueryContext(ctx, `SELECT COALESCE(referrer, 'Direct') as referrer, COUNT(*) as views FROM page_views WHERE created_at >= ? AND referrer != '' GROUP BY referrer ORDER BY views DESC LIMIT ?`, since, 10)
+	if err != nil {
+		return nil, err
+	}
+	defer topRefRows.Close()
+
+	var topReferrers []ReferrerStats
+	for topRefRows.Next() {
+		var r ReferrerStats
+		if err := topRefRows.Scan(&r.Referrer, &r.Views); err != nil {
+			return nil, err
+		}
+		topReferrers = append(topReferrers, r)
+	}
+
+	viewsByDayRows, err := q.db.QueryContext(ctx, `SELECT DATE(created_at) as date, COUNT(*) as views FROM page_views WHERE created_at >= ? GROUP BY date ORDER BY date ASC`, since)
+	if err != nil {
+		return nil, err
+	}
+	defer viewsByDayRows.Close()
+
+	var viewsByDay []DailyStats
+	for viewsByDayRows.Next() {
+		var d DailyStats
+		var date any
+		if err := viewsByDayRows.Scan(&date, &d.Views); err != nil {
+			return nil, err
+		}
+		if s, ok := date.(string); ok {
+			d.Date = s
+		}
+		viewsByDay = append(viewsByDay, d)
+	}
+
+	return &AnalyticsSummary{
+		TotalViews:     totalCount,
+		TotalPageViews: totalCount,
+		UniqueVisitors: uniqueCount,
+		TopPages:       topPages,
+		TopReferrers:   topReferrers,
+		ViewsByDay:     viewsByDay,
+	}, nil
+}
+
+func (q *Queries) GetPostAnalytics(ctx context.Context, slug string, days int) (*AnalyticsSummary, error) {
+	if days <= 0 {
+		days = 30
+	}
+
+	since := time.Now().AddDate(0, 0, -days).Format("2006-01-02")
+
+	var totalViews int64
+	err := q.db.QueryRowContext(ctx, `SELECT COUNT(*) FROM page_views WHERE post_slug = ? AND created_at >= ?`, slug, since).Scan(&totalViews)
+	if err != nil {
+		return nil, err
+	}
+
+	viewsByDayRows, err := q.db.QueryContext(ctx, `SELECT DATE(created_at) as date, COUNT(*) as views FROM page_views WHERE post_slug = ? AND created_at >= ? GROUP BY date ORDER BY date ASC`, slug, since)
+	if err != nil {
+		return nil, err
+	}
+	defer viewsByDayRows.Close()
+
+	var viewsByDay []DailyStats
+	for viewsByDayRows.Next() {
+		var d DailyStats
+		var date any
+		if err := viewsByDayRows.Scan(&date, &d.Views); err != nil {
+			return nil, err
+		}
+		if s, ok := date.(string); ok {
+			d.Date = s
+		}
+		viewsByDay = append(viewsByDay, d)
+	}
+
+	refRows, err := q.db.QueryContext(ctx, `SELECT COALESCE(referrer, 'Direct') as referrer, COUNT(*) as views FROM page_views WHERE post_slug = ? AND created_at >= ? AND referrer != '' GROUP BY referrer ORDER BY views DESC LIMIT ?`, slug, since, 10)
+	if err != nil {
+		return nil, err
+	}
+	defer refRows.Close()
+
+	var topReferrers []ReferrerStats
+	for refRows.Next() {
+		var r ReferrerStats
+		if err := refRows.Scan(&r.Referrer, &r.Views); err != nil {
+			return nil, err
+		}
+		topReferrers = append(topReferrers, r)
+	}
+
+	return &AnalyticsSummary{
+		TotalViews:   totalViews,
+		TopReferrers: topReferrers,
+		ViewsByDay:   viewsByDay,
+	}, nil
+}
+
+func (q *Queries) SaveDailyAnalytics(ctx context.Context, day *ArchivedDay) error {
+	browsers, _ := json.Marshal(day.Browsers)
+	os, _ := json.Marshal(day.OS)
+	devices, _ := json.Marshal(day.Devices)
+	countries, _ := json.Marshal(day.Countries)
+	paths, _ := json.Marshal(day.Paths)
+
+	_, err := q.db.ExecContext(ctx, `INSERT INTO daily_analytics (date, requests, page_views, unique_visitors, bandwidth, browsers, os, devices, countries, paths)
+		VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+		ON CONFLICT(date) DO UPDATE SET
+			requests = excluded.requests, page_views = excluded.page_views, unique_visitors = excluded.unique_visitors,
+			bandwidth = excluded.bandwidth, browsers = excluded.browsers, os = excluded.os, devices = excluded.devices,
+			countries = excluded.countries, paths = excluded.paths`,
+		day.Date, day.Requests, day.PageViews, day.UniqueVisitors, day.Bandwidth,
+		nullStr(string(browsers)), nullStr(string(os)), nullStr(string(devices)), nullStr(string(countries)), nullStr(string(paths)))
+	return err
+}
+
+func (q *Queries) GetArchivedAnalytics(ctx context.Context, since, until string) ([]ArchivedDay, error) {
+	rows, err := q.db.QueryContext(ctx, `SELECT date, requests, page_views, unique_visitors, bandwidth, browsers, os, devices, countries, paths
+		FROM daily_analytics WHERE date >= ? AND date <= ? ORDER BY date ASC`, since, until)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var days []ArchivedDay
+	for rows.Next() {
+		var d ArchivedDay
+		var requests, pageViews, uniqueVisitors, bandwidth sql.NullInt64
+		var browsers, os, devices, countries, paths sql.NullString
+
+		if err := rows.Scan(&d.Date, &requests, &pageViews, &uniqueVisitors, &bandwidth, &browsers, &os, &devices, &countries, &paths); err != nil {
+			return nil, err
+		}
+
+		d.Requests = requests.Int64
+		d.PageViews = pageViews.Int64
+		d.UniqueVisitors = uniqueVisitors.Int64
+		d.Bandwidth = bandwidth.Int64
+
+		if browsers.Valid {
+			json.Unmarshal([]byte(browsers.String), &d.Browsers)
+		}
+		if os.Valid {
+			json.Unmarshal([]byte(os.String), &d.OS)
+		}
+		if devices.Valid {
+			json.Unmarshal([]byte(devices.String), &d.Devices)
+		}
+		if countries.Valid {
+			json.Unmarshal([]byte(countries.String), &d.Countries)
+		}
+		if paths.Valid {
+			json.Unmarshal([]byte(paths.String), &d.Paths)
+		}
+		days = append(days, d)
+	}
+	return days, rows.Err()
+}
+
+func (q *Queries) GetOldestArchivedDate(ctx context.Context) (string, error) {
+	var date any
+	err := q.db.QueryRowContext(ctx, `SELECT MIN(date) FROM daily_analytics`).Scan(&date)
+	if err != nil || date == nil {
+		return "", err
+	}
+	if s, ok := date.(string); ok {
+		return s, nil
+	}
+	return "", nil
+}
+
+func (q *Queries) HasArchivedDate(ctx context.Context, date string) (bool, error) {
+	var count int64
+	err := q.db.QueryRowContext(ctx, `SELECT COUNT(*) FROM daily_analytics WHERE date = ?`, date).Scan(&count)
+	return count > 0, err
+}
diff --git a/internal/tenant/apikeys.go b/internal/tenant/apikeys.go
new file mode 100644
index 0000000..bfd8ae6
--- /dev/null
+++ b/internal/tenant/apikeys.go
@@ -0,0 +1,94 @@
+package tenant
+
+import (
+	"context"
+	"crypto/rand"
+	"database/sql"
+	"encoding/hex"
+	"time"
+)
+
+func (q *Queries) ListAPIKeys(ctx context.Context) ([]APIKey, error) {
+	rows, err := q.db.QueryContext(ctx, `SELECT key, name, created_at, last_used_at FROM api_keys ORDER BY created_at DESC`)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var keys []APIKey
+	for rows.Next() {
+		k, err := scanAPIKey(rows)
+		if err != nil {
+			return nil, err
+		}
+		keys = append(keys, k)
+	}
+	return keys, rows.Err()
+}
+
+func (q *Queries) CreateAPIKey(ctx context.Context, name string) (*APIKey, error) {
+	key, err := generateAPIKey()
+	if err != nil {
+		return nil, err
+	}
+
+	now := time.Now().UTC().Format(time.RFC3339)
+	_, err = q.db.ExecContext(ctx, `INSERT INTO api_keys (key, name, created_at) VALUES (?, ?, ?)`, key, name, now)
+	if err != nil {
+		return nil, err
+	}
+
+	return &APIKey{
+		Key:       key,
+		Name:      name,
+		CreatedAt: time.Now().UTC(),
+	}, nil
+}
+
+func (q *Queries) ValidateAPIKey(ctx context.Context, key string) (bool, error) {
+	var dummy int64
+	err := q.db.QueryRowContext(ctx, `SELECT 1 FROM api_keys WHERE key = ?`, key).Scan(&dummy)
+	if err == sql.ErrNoRows {
+		return false, nil
+	}
+	if err != nil {
+		return false, nil
+	}
+
+	go func() {
+		now := time.Now().UTC().Format(time.RFC3339)
+		q.db.ExecContext(ctx, `UPDATE api_keys SET last_used_at = ? WHERE key = ?`, now, key)
+	}()
+
+	return true, nil
+}
+
+func (q *Queries) DeleteAPIKey(ctx context.Context, key string) error {
+	_, err := q.db.ExecContext(ctx, `DELETE FROM api_keys WHERE key = ?`, key)
+	return err
+}
+
+func scanAPIKey(s scanner) (APIKey, error) {
+	var k APIKey
+	var createdAt, lastUsedAt sql.NullString
+
+	err := s.Scan(&k.Key, &k.Name, &createdAt, &lastUsedAt)
+	if err != nil {
+		return k, err
+	}
+
+	k.CreatedAt = parseTime(createdAt.String)
+	if lastUsedAt.Valid {
+		t := parseTime(lastUsedAt.String)
+		k.LastUsedAt = &t
+	}
+	return k, nil
+}
+
+func generateAPIKey() (string, error) {
+	b := make([]byte, 24)
+	if _, err := rand.Read(b); err != nil {
+		return "", err
+	}
+	return "wk_" + hex.EncodeToString(b), nil
+}
diff --git a/internal/tenant/assets.go b/internal/tenant/assets.go
new file mode 100644
index 0000000..73f3db6
--- /dev/null
+++ b/internal/tenant/assets.go
@@ -0,0 +1,80 @@
+package tenant
+
+import (
+	"context"
+	"database/sql"
+	"time"
+
+	"github.com/google/uuid"
+)
+
+func (q *Queries) ListAssets(ctx context.Context) ([]Asset, error) {
+	rows, err := q.db.QueryContext(ctx, `SELECT id, filename, r2_key, content_type, size, width, height, created_at
+		FROM assets ORDER BY created_at DESC`)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var assets []Asset
+	for rows.Next() {
+		a, err := scanAsset(rows)
+		if err != nil {
+			return nil, err
+		}
+		assets = append(assets, a)
+	}
+	return assets, rows.Err()
+}
+
+func (q *Queries) GetAsset(ctx context.Context, id string) (*Asset, error) {
+	row := q.db.QueryRowContext(ctx, `SELECT id, filename, r2_key, content_type, size, width, height, created_at
+		FROM assets WHERE id = ?`, id)
+
+	a, err := scanAsset(row)
+	if err == sql.ErrNoRows {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &a, nil
+}
+
+func (q *Queries) CreateAsset(ctx context.Context, a *Asset) error {
+	if a.ID == "" {
+		a.ID = uuid.NewString()
+	}
+	now := time.Now().UTC().Format(time.RFC3339)
+	_, err := q.db.ExecContext(ctx, `INSERT INTO assets (id, filename, r2_key, content_type, size, width, height, created_at)
+		VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
+		a.ID, a.Filename, a.R2Key, nullStr(a.ContentType), nullInt64(a.Size), nullInt64(int64(a.Width)), nullInt64(int64(a.Height)), now)
+	return err
+}
+
+func (q *Queries) DeleteAsset(ctx context.Context, id string) error {
+	_, err := q.db.ExecContext(ctx, `DELETE FROM assets WHERE id = ?`, id)
+	return err
+}
+
+func scanAsset(s scanner) (Asset, error) {
+	var a Asset
+	var contentType, createdAt sql.NullString
+	var size, width, height sql.NullInt64
+
+	err := s.Scan(&a.ID, &a.Filename, &a.R2Key, &contentType, &size, &width, &height, &createdAt)
+	if err != nil {
+		return a, err
+	}
+
+	a.ContentType = contentType.String
+	a.Size = size.Int64
+	a.Width = int(width.Int64)
+	a.Height = int(height.Int64)
+	a.CreatedAt = parseTime(createdAt.String)
+	return a, nil
+}
+
+func nullInt64(v int64) sql.NullInt64 {
+	return sql.NullInt64{Int64: v, Valid: v != 0}
+}
diff --git a/internal/tenant/comments.go b/internal/tenant/comments.go
new file mode 100644
index 0000000..6e40ef5
--- /dev/null
+++ b/internal/tenant/comments.go
@@ -0,0 +1,70 @@
+package tenant
+
+import (
+	"context"
+	"database/sql"
+)
+
+func (q *Queries) ListComments(ctx context.Context, postSlug string) ([]Comment, error) {
+	rows, err := q.db.QueryContext(ctx, `SELECT id, user_id, post_slug, content, content_html, parent_id, created_at, updated_at
+		FROM comments WHERE post_slug = ? ORDER BY created_at ASC`, postSlug)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var comments []Comment
+	for rows.Next() {
+		c, err := scanComment(rows)
+		if err != nil {
+			return nil, err
+		}
+		comments = append(comments, c)
+	}
+	return comments, rows.Err()
+}
+
+func (q *Queries) GetComment(ctx context.Context, id int64) (*Comment, error) {
+	row := q.db.QueryRowContext(ctx, `SELECT id, user_id, post_slug, content, content_html, parent_id, created_at, updated_at
+		FROM comments WHERE id = ?`, id)
+
+	c, err := scanComment(row)
+	if err == sql.ErrNoRows {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &c, nil
+}
+
+func (q *Queries) CreateComment(ctx context.Context, c *Comment) error {
+	result, err := q.db.ExecContext(ctx, `INSERT INTO comments (user_id, post_slug, content, content_html, parent_id)
+		VALUES (?, ?, ?, ?, ?)`,
+		c.UserID, c.PostSlug, c.Content, nullStr(c.ContentHTML), c.ParentID)
+	if err != nil {
+		return err
+	}
+	c.ID, _ = result.LastInsertId()
+	return nil
+}
+
+func (q *Queries) DeleteComment(ctx context.Context, id int64) error {
+	_, err := q.db.ExecContext(ctx, `DELETE FROM comments WHERE id = ?`, id)
+	return err
+}
+
+func scanComment(s scanner) (Comment, error) {
+	var c Comment
+	var contentHTML, createdAt, updatedAt sql.NullString
+
+	err := s.Scan(&c.ID, &c.UserID, &c.PostSlug, &c.Content, &contentHTML, &c.ParentID, &createdAt, &updatedAt)
+	if err != nil {
+		return c, err
+	}
+
+	c.ContentHTML = contentHTML.String
+	c.CreatedAt = parseTime(createdAt.String)
+	c.UpdatedAt = parseTime(updatedAt.String)
+	return c, nil
+}
diff --git a/internal/tenant/members.go b/internal/tenant/members.go
new file mode 100644
index 0000000..4624941
--- /dev/null
+++ b/internal/tenant/members.go
@@ -0,0 +1,63 @@
+package tenant
+
+import (
+	"context"
+	"database/sql"
+	"time"
+)
+
+func (q *Queries) UpsertMember(ctx context.Context, m *Member) error {
+	_, err := q.db.ExecContext(ctx, `INSERT INTO members (user_id, email, name, tier, status, expires_at, synced_at)
+		VALUES (?, ?, ?, ?, ?, ?, CURRENT_TIMESTAMP)
+		ON CONFLICT(user_id) DO UPDATE SET
+			email = excluded.email, name = excluded.name, tier = excluded.tier,
+			status = excluded.status, expires_at = excluded.expires_at, synced_at = CURRENT_TIMESTAMP`,
+		m.UserID, m.Email, nullStr(m.Name), m.Tier, m.Status, timeToStr(m.ExpiresAt))
+	return err
+}
+
+func (q *Queries) GetMember(ctx context.Context, userID string) (*Member, error) {
+	row := q.db.QueryRowContext(ctx, `SELECT user_id, email, name, tier, status, expires_at, synced_at
+		FROM members WHERE user_id = ?`, userID)
+
+	m, err := scanMember(row)
+	if err == sql.ErrNoRows {
+		return nil, err
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &m, nil
+}
+
+func (q *Queries) IsMember(ctx context.Context, userID string) bool {
+	var count int64
+	err := q.db.QueryRowContext(ctx, `SELECT COUNT(*) FROM members
+		WHERE user_id = ? AND status = 'active'
+		AND (expires_at IS NULL OR expires_at > datetime('now'))`, userID).Scan(&count)
+	return err == nil && count > 0
+}
+
+func (q *Queries) DeleteMember(ctx context.Context, userID string) error {
+	_, err := q.db.ExecContext(ctx, `DELETE FROM members WHERE user_id = ?`, userID)
+	return err
+}
+
+func scanMember(s scanner) (Member, error) {
+	var m Member
+	var name, expiresAt, syncedAt sql.NullString
+
+	err := s.Scan(&m.UserID, &m.Email, &name, &m.Tier, &m.Status, &expiresAt, &syncedAt)
+	if err != nil {
+		return m, err
+	}
+
+	m.Name = name.String
+	m.SyncedAt = parseTime(syncedAt.String)
+	if expiresAt.Valid {
+		if t, err := time.Parse(time.RFC3339, expiresAt.String); err == nil {
+			m.ExpiresAt = &t
+		}
+	}
+	return m, nil
+}
diff --git a/internal/tenant/models.go b/internal/tenant/models.go
new file mode 100644
index 0000000..f19b067
--- /dev/null
+++ b/internal/tenant/models.go
@@ -0,0 +1,124 @@
+package tenant
+
+import "time"
+
+type Post struct {
+	ID          string
+	Slug        string
+	Title       string
+	Description string
+	Tags        []string
+	CoverImage  string
+	ContentMD   string
+	ContentHTML string
+	IsPublished bool
+	MembersOnly bool
+	PublishedAt *time.Time
+	UpdatedAt   *time.Time
+	Aliases     []string
+	CreatedAt   time.Time
+	ModifiedAt  time.Time
+}
+
+type PostDraft struct {
+	PostID      string
+	Slug        string
+	Title       string
+	Description string
+	Tags        []string
+	CoverImage  string
+	MembersOnly bool
+	ContentMD   string
+	ContentHTML string
+	ModifiedAt  time.Time
+}
+
+type PostVersion struct {
+	ID          int64
+	PostID      string
+	Slug        string
+	Title       string
+	Description string
+	Tags        []string
+	CoverImage  string
+	ContentMD   string
+	ContentHTML string
+	CreatedAt   time.Time
+}
+
+type Asset struct {
+	ID          string
+	Filename    string
+	R2Key       string
+	ContentType string
+	Size        int64
+	Width       int
+	Height      int
+	CreatedAt   time.Time
+}
+
+type Settings map[string]string
+
+type Member struct {
+	UserID    string
+	Email     string
+	Name      string
+	Tier      string
+	Status    string
+	ExpiresAt *time.Time
+	SyncedAt  time.Time
+}
+
+type Comment struct {
+	ID          int64
+	UserID      string
+	PostSlug    string
+	Content     string
+	ContentHTML string
+	ParentID    *int64
+	CreatedAt   time.Time
+	UpdatedAt   time.Time
+}
+
+type Reaction struct {
+	ID        int64
+	UserID    string
+	AnonID    string
+	PostSlug  string
+	Emoji     string
+	CreatedAt time.Time
+}
+
+type User struct {
+	ID        string
+	Email     string
+	Name      string
+	AvatarURL string
+	CreatedAt time.Time
+}
+
+type Session struct {
+	Token     string
+	UserID    string
+	ExpiresAt time.Time
+}
+
+type APIKey struct {
+	Key        string
+	Name       string
+	CreatedAt  time.Time
+	LastUsedAt *time.Time
+}
+
+type Plugin struct {
+	ID        string
+	Name      string
+	Language  string
+	Source    string
+	Wasm      []byte
+	WasmSize  int
+	Hooks     []string
+	Enabled   bool
+	CreatedAt time.Time
+	UpdatedAt time.Time
+}
diff --git a/internal/tenant/pages.go b/internal/tenant/pages.go
new file mode 100644
index 0000000..8a2a4b2
--- /dev/null
+++ b/internal/tenant/pages.go
@@ -0,0 +1,39 @@
+package tenant
+
+import (
+	"context"
+	"database/sql"
+	"time"
+)
+
+func (q *Queries) GetPage(ctx context.Context, path string) ([]byte, string, error) {
+	var html []byte
+	var etag sql.NullString
+	err := q.db.QueryRowContext(ctx, `SELECT html, etag FROM pages WHERE path = ?`, path).Scan(&html, &etag)
+	if err == sql.ErrNoRows {
+		return nil, "", nil
+	}
+	if err != nil {
+		return nil, "", err
+	}
+	return html, etag.String, nil
+}
+
+func (q *Queries) SetPage(ctx context.Context, path string, html []byte, etag string) error {
+	now := time.Now().UTC().Format(time.RFC3339)
+	_, err := q.db.ExecContext(ctx, `INSERT INTO pages (path, html, etag, built_at)
+		VALUES (?, ?, ?, ?)
+		ON CONFLICT(path) DO UPDATE SET html = excluded.html, etag = excluded.etag, built_at = excluded.built_at`,
+		path, html, nullStr(etag), now)
+	return err
+}
+
+func (q *Queries) DeleteAllPages(ctx context.Context) error {
+	_, err := q.db.ExecContext(ctx, `DELETE FROM pages`)
+	return err
+}
+
+func (q *Queries) DeletePage(ctx context.Context, path string) error {
+	_, err := q.db.ExecContext(ctx, `DELETE FROM pages WHERE path = ?`, path)
+	return err
+}
diff --git a/internal/tenant/plugins.go b/internal/tenant/plugins.go
new file mode 100644
index 0000000..d69f1ec
--- /dev/null
+++ b/internal/tenant/plugins.go
@@ -0,0 +1,136 @@
+package tenant
+
+import (
+	"context"
+	"database/sql"
+	"encoding/json"
+)
+
+func (q *Queries) CountPlugins(ctx context.Context) (int, error) {
+	var count int
+	err := q.db.QueryRowContext(ctx, `SELECT COUNT(*) FROM plugins`).Scan(&count)
+	return count, err
+}
+
+func (q *Queries) ListPlugins(ctx context.Context) ([]Plugin, error) {
+	rows, err := q.db.QueryContext(ctx, `SELECT id, name, language, source, hooks, enabled, LENGTH(wasm) as wasm_size, created_at, updated_at
+		FROM plugins ORDER BY name`)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var plugins []Plugin
+	for rows.Next() {
+		p, err := scanPluginList(rows)
+		if err != nil {
+			return nil, err
+		}
+		plugins = append(plugins, p)
+	}
+	return plugins, rows.Err()
+}
+
+func (q *Queries) GetPlugin(ctx context.Context, id string) (*Plugin, error) {
+	row := q.db.QueryRowContext(ctx, `SELECT id, name, language, source, wasm, hooks, enabled, created_at, updated_at
+		FROM plugins WHERE id = ?`, id)
+
+	p, err := scanPlugin(row)
+	if err == sql.ErrNoRows {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &p, nil
+}
+
+func (q *Queries) CreatePlugin(ctx context.Context, p *Plugin) error {
+	hooks, _ := json.Marshal(p.Hooks)
+	_, err := q.db.ExecContext(ctx, `INSERT INTO plugins (id, name, language, source, wasm, hooks, enabled)
+		VALUES (?, ?, ?, ?, ?, ?, ?)`,
+		p.ID, p.Name, p.Language, p.Source, p.Wasm, string(hooks), boolToInt(p.Enabled))
+	return err
+}
+
+func (q *Queries) UpdatePlugin(ctx context.Context, p *Plugin) error {
+	hooks, _ := json.Marshal(p.Hooks)
+	_, err := q.db.ExecContext(ctx, `UPDATE plugins SET
+		name = ?, language = ?, source = ?, wasm = ?, hooks = ?, enabled = ?, updated_at = CURRENT_TIMESTAMP
+		WHERE id = ?`,
+		p.Name, p.Language, p.Source, p.Wasm, string(hooks), boolToInt(p.Enabled), p.ID)
+	return err
+}
+
+func (q *Queries) DeletePlugin(ctx context.Context, id string) error {
+	_, err := q.db.ExecContext(ctx, `DELETE FROM plugins WHERE id = ?`, id)
+	return err
+}
+
+func (q *Queries) GetPluginsByHook(ctx context.Context, hook string) ([]Plugin, error) {
+	rows, err := q.db.QueryContext(ctx, `SELECT id, name, language, source, wasm, hooks, enabled, created_at, updated_at
+		FROM plugins WHERE enabled = 1 AND hooks LIKE ?`, "%"+hook+"%")
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var plugins []Plugin
+	for rows.Next() {
+		p, err := scanPlugin(rows)
+		if err != nil {
+			return nil, err
+		}
+		for _, h := range p.Hooks {
+			if h == hook {
+				plugins = append(plugins, p)
+				break
+			}
+		}
+	}
+	return plugins, rows.Err()
+}
+
+func (q *Queries) TogglePlugin(ctx context.Context, id string, enabled bool) error {
+	_, err := q.db.ExecContext(ctx, `UPDATE plugins SET enabled = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?`,
+		boolToInt(enabled), id)
+	return err
+}
+
+func scanPlugin(s scanner) (Plugin, error) {
+	var p Plugin
+	var hooks string
+	var enabled sql.NullInt64
+	var createdAt, updatedAt sql.NullString
+
+	err := s.Scan(&p.ID, &p.Name, &p.Language, &p.Source, &p.Wasm, &hooks, &enabled, &createdAt, &updatedAt)
+	if err != nil {
+		return p, err
+	}
+
+	p.Enabled = enabled.Int64 == 1
+	p.CreatedAt = parseTime(createdAt.String)
+	p.UpdatedAt = parseTime(updatedAt.String)
+	json.Unmarshal([]byte(hooks), &p.Hooks)
+	return p, nil
+}
+
+func scanPluginList(s scanner) (Plugin, error) {
+	var p Plugin
+	var hooks string
+	var enabled sql.NullInt64
+	var wasmSize sql.NullInt64
+	var createdAt, updatedAt sql.NullString
+
+	err := s.Scan(&p.ID, &p.Name, &p.Language, &p.Source, &hooks, &enabled, &wasmSize, &createdAt, &updatedAt)
+	if err != nil {
+		return p, err
+	}
+
+	p.Enabled = enabled.Int64 == 1
+	p.WasmSize = int(wasmSize.Int64)
+	p.CreatedAt = parseTime(createdAt.String)
+	p.UpdatedAt = parseTime(updatedAt.String)
+	json.Unmarshal([]byte(hooks), &p.Hooks)
+	return p, nil
+}
diff --git a/internal/tenant/pool.go b/internal/tenant/pool.go
new file mode 100644
index 0000000..ebe6b9f
--- /dev/null
+++ b/internal/tenant/pool.go
@@ -0,0 +1,176 @@
+package tenant
+
+import (
+	"container/list"
+	"database/sql"
+	"sync"
+	"time"
+)
+
+const (
+	maxOpenConns     = 500
+	cacheTTL         = 5 * time.Minute
+	cacheCleanupFreq = time.Minute
+)
+
+type conn struct {
+	db       *sql.DB
+	tenantID string
+}
+
+// Pool manages SQLite connections for tenants with LRU eviction.
+type Pool struct {
+	dataDir  string
+	mu       sync.Mutex
+	conns    map[string]*list.Element
+	lru      *list.List
+	inMemory map[string]bool
+}
+
+func NewPool(dataDir string) *Pool {
+	return &Pool{
+		dataDir:  dataDir,
+		conns:    make(map[string]*list.Element),
+		lru:      list.New(),
+		inMemory: make(map[string]bool),
+	}
+}
+
+func (p *Pool) MarkAsDemo(tenantID string) {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+	p.inMemory[tenantID] = true
+}
+
+func (p *Pool) Get(tenantID string) (*sql.DB, error) {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	if elem, ok := p.conns[tenantID]; ok {
+		p.lru.MoveToFront(elem)
+		return elem.Value.(*conn).db, nil
+	}
+
+	useInMemory := p.inMemory[tenantID]
+	db, err := openDB(p.dataDir, tenantID, useInMemory)
+	if err != nil {
+		return nil, err
+	}
+
+	for p.lru.Len() >= maxOpenConns {
+		p.evictOldest()
+	}
+
+	c := &conn{db: db, tenantID: tenantID}
+	elem := p.lru.PushFront(c)
+	p.conns[tenantID] = elem
+
+	return db, nil
+}
+
+func (p *Pool) evictOldest() {
+	elem := p.lru.Back()
+	if elem == nil {
+		return
+	}
+	c := elem.Value.(*conn)
+	c.db.Close()
+	delete(p.conns, c.tenantID)
+	delete(p.inMemory, c.tenantID)
+	p.lru.Remove(elem)
+}
+
+func (p *Pool) Evict(tenantID string) {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	if elem, ok := p.conns[tenantID]; ok {
+		c := elem.Value.(*conn)
+		c.db.Close()
+		delete(p.conns, tenantID)
+		p.lru.Remove(elem)
+	}
+	delete(p.inMemory, tenantID)
+}
+
+func (p *Pool) Close() {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
+	for p.lru.Len() > 0 {
+		p.evictOldest()
+	}
+}
+
+type cacheEntry struct {
+	tenantID  string
+	expiresAt time.Time
+}
+
+// Cache stores subdomain to tenant ID mappings.
+type Cache struct {
+	mu    sync.RWMutex
+	items map[string]cacheEntry
+	stop  chan struct{}
+}
+
+func NewCache() *Cache {
+	c := &Cache{
+		items: make(map[string]cacheEntry),
+		stop:  make(chan struct{}),
+	}
+	go c.cleanup()
+	return c
+}
+
+func (c *Cache) Get(subdomain string) (string, bool) {
+	c.mu.RLock()
+	defer c.mu.RUnlock()
+
+	entry, ok := c.items[subdomain]
+	if !ok || time.Now().After(entry.expiresAt) {
+		return "", false
+	}
+	return entry.tenantID, true
+}
+
+func (c *Cache) Set(subdomain, tenantID string) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	c.items[subdomain] = cacheEntry{
+		tenantID:  tenantID,
+		expiresAt: time.Now().Add(cacheTTL),
+	}
+}
+
+func (c *Cache) Delete(subdomain string) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	delete(c.items, subdomain)
+}
+
+func (c *Cache) cleanup() {
+	ticker := time.NewTicker(cacheCleanupFreq)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-ticker.C:
+			c.mu.Lock()
+			now := time.Now()
+			for k, v := range c.items {
+				if now.After(v.expiresAt) {
+					delete(c.items, k)
+				}
+			}
+			c.mu.Unlock()
+		case <-c.stop:
+			return
+		}
+	}
+}
+
+func (c *Cache) Close() {
+	close(c.stop)
+}
diff --git a/internal/tenant/posts.go b/internal/tenant/posts.go
new file mode 100644
index 0000000..18594d9
--- /dev/null
+++ b/internal/tenant/posts.go
@@ -0,0 +1,481 @@
+package tenant
+
+import (
+	"context"
+	"database/sql"
+	"encoding/json"
+	"time"
+
+	"github.com/google/uuid"
+)
+
+func (q *Queries) ListPosts(ctx context.Context, includeUnpublished bool) ([]Post, error) {
+	query := `SELECT id, slug, title, description, tags, cover_image, content_md, content_html,
+		is_published, members_only, published_at, updated_at, aliases, created_at, modified_at
+		FROM posts ORDER BY COALESCE(published_at, created_at) DESC`
+	if !includeUnpublished {
+		query = `SELECT id, slug, title, description, tags, cover_image, content_md, content_html,
+			is_published, members_only, published_at, updated_at, aliases, created_at, modified_at
+			FROM posts WHERE is_published = 1 ORDER BY COALESCE(published_at, created_at) DESC`
+	}
+
+	rows, err := q.db.QueryContext(ctx, query)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var posts []Post
+	for rows.Next() {
+		p, err := scanPost(rows)
+		if err != nil {
+			return nil, err
+		}
+		posts = append(posts, p)
+	}
+	return posts, rows.Err()
+}
+
+type ListPostsOptions struct {
+	Limit  int
+	Offset int
+	Tag    string
+}
+
+type ListPostsResult struct {
+	Posts []Post
+	Total int
+}
+
+func (q *Queries) ListPostsPaginated(ctx context.Context, opts ListPostsOptions) (*ListPostsResult, error) {
+	if opts.Limit <= 0 {
+		opts.Limit = 20
+	}
+	if opts.Limit > 100 {
+		opts.Limit = 100
+	}
+
+	var args []any
+	where := "WHERE is_published = 1"
+
+	if opts.Tag != "" {
+		where += " AND tags LIKE ?"
+		args = append(args, "%\""+opts.Tag+"\"%")
+	}
+
+	var total int
+	countQuery := "SELECT COUNT(*) FROM posts " + where
+	err := q.db.QueryRowContext(ctx, countQuery, args...).Scan(&total)
+	if err != nil {
+		return nil, err
+	}
+
+	query := `SELECT id, slug, title, description, tags, cover_image, content_md, content_html,
+		is_published, members_only, published_at, updated_at, aliases, created_at, modified_at
+		FROM posts ` + where + ` ORDER BY COALESCE(published_at, created_at) DESC LIMIT ? OFFSET ?`
+	args = append(args, opts.Limit, opts.Offset)
+
+	rows, err := q.db.QueryContext(ctx, query, args...)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var posts []Post
+	for rows.Next() {
+		p, err := scanPost(rows)
+		if err != nil {
+			return nil, err
+		}
+		posts = append(posts, p)
+	}
+
+	return &ListPostsResult{Posts: posts, Total: total}, rows.Err()
+}
+
+func (q *Queries) GetPost(ctx context.Context, slug string) (*Post, error) {
+	row := q.db.QueryRowContext(ctx, `SELECT id, slug, title, description, tags, cover_image, content_md, content_html,
+		is_published, members_only, published_at, updated_at, aliases, created_at, modified_at
+		FROM posts WHERE slug = ?`, slug)
+
+	p, err := scanPost(row)
+	if err == sql.ErrNoRows {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &p, nil
+}
+
+func (q *Queries) GetPostByID(ctx context.Context, id string) (*Post, error) {
+	row := q.db.QueryRowContext(ctx, `SELECT id, slug, title, description, tags, cover_image, content_md, content_html,
+		is_published, members_only, published_at, updated_at, aliases, created_at, modified_at
+		FROM posts WHERE id = ?`, id)
+
+	p, err := scanPost(row)
+	if err == sql.ErrNoRows {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &p, nil
+}
+
+func (q *Queries) GetPostByAlias(ctx context.Context, alias string) (*Post, error) {
+	pattern := "%\"" + alias + "\"%"
+	row := q.db.QueryRowContext(ctx, `SELECT id, slug, title, description, tags, cover_image, content_md, content_html,
+		is_published, members_only, published_at, updated_at, aliases, created_at, modified_at
+		FROM posts WHERE aliases LIKE ? LIMIT 1`, pattern)
+
+	p, err := scanPost(row)
+	if err == sql.ErrNoRows {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &p, nil
+}
+
+func (q *Queries) CreatePost(ctx context.Context, p *Post) error {
+	if p.ID == "" {
+		p.ID = uuid.NewString()
+	}
+	now := time.Now().UTC().Format(time.RFC3339)
+
+	_, err := q.db.ExecContext(ctx, `INSERT INTO posts (id, slug, title, description, tags, cover_image, content_md, content_html,
+		is_published, members_only, published_at, updated_at, aliases, created_at, modified_at)
+		VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+		p.ID, p.Slug, nullStr(p.Title), nullStr(p.Description), jsonStr(p.Tags), nullStr(p.CoverImage),
+		nullStr(p.ContentMD), nullStr(p.ContentHTML), boolToInt(p.IsPublished), boolToInt(p.MembersOnly),
+		timeToStr(p.PublishedAt), timeToStr(p.UpdatedAt), jsonStr(p.Aliases), now, now)
+	if err != nil {
+		return err
+	}
+
+	q.IndexPost(ctx, p)
+	return nil
+}
+
+func (q *Queries) UpdatePost(ctx context.Context, p *Post) error {
+	now := time.Now().UTC().Format(time.RFC3339)
+
+	_, err := q.db.ExecContext(ctx, `UPDATE posts SET
+		slug = ?, title = ?, description = ?, tags = ?, cover_image = ?, content_md = ?, content_html = ?,
+		is_published = ?, members_only = ?, published_at = ?, updated_at = ?, aliases = ?, modified_at = ?
+		WHERE id = ?`,
+		p.Slug, nullStr(p.Title), nullStr(p.Description), jsonStr(p.Tags), nullStr(p.CoverImage),
+		nullStr(p.ContentMD), nullStr(p.ContentHTML), boolToInt(p.IsPublished), boolToInt(p.MembersOnly),
+		timeToStr(p.PublishedAt), timeToStr(p.UpdatedAt), jsonStr(p.Aliases), now, p.ID)
+	if err != nil {
+		return err
+	}
+
+	q.IndexPost(ctx, p)
+	return nil
+}
+
+func (q *Queries) DeletePost(ctx context.Context, id string) error {
+	post, _ := q.GetPostByID(ctx, id)
+	_, err := q.db.ExecContext(ctx, `DELETE FROM posts WHERE id = ?`, id)
+	if err == nil && post != nil {
+		q.RemoveFromIndex(ctx, post.Slug, "post")
+	}
+	return err
+}
+
+func (q *Queries) GetDraft(ctx context.Context, postID string) (*PostDraft, error) {
+	row := q.db.QueryRowContext(ctx, `SELECT post_id, slug, title, description, tags, cover_image, members_only, content_md, content_html, modified_at
+		FROM post_drafts WHERE post_id = ?`, postID)
+
+	d, err := scanDraft(row)
+	if err == sql.ErrNoRows {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &d, nil
+}
+
+func (q *Queries) SaveDraft(ctx context.Context, d *PostDraft) error {
+	now := time.Now().UTC().Format(time.RFC3339)
+	_, err := q.db.ExecContext(ctx, `INSERT INTO post_drafts (post_id, slug, title, description, tags, cover_image, members_only, content_md, content_html, modified_at)
+		VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+		ON CONFLICT(post_id) DO UPDATE SET
+			slug = excluded.slug, title = excluded.title, description = excluded.description, tags = excluded.tags,
+			cover_image = excluded.cover_image, members_only = excluded.members_only, content_md = excluded.content_md,
+			content_html = excluded.content_html, modified_at = excluded.modified_at`,
+		d.PostID, d.Slug, nullStr(d.Title), nullStr(d.Description), jsonStr(d.Tags), nullStr(d.CoverImage),
+		boolToInt(d.MembersOnly), nullStr(d.ContentMD), nullStr(d.ContentHTML), now)
+	return err
+}
+
+func (q *Queries) DeleteDraft(ctx context.Context, postID string) error {
+	_, err := q.db.ExecContext(ctx, `DELETE FROM post_drafts WHERE post_id = ?`, postID)
+	return err
+}
+
+func (q *Queries) HasDraft(ctx context.Context, postID string) (bool, error) {
+	var count int64
+	err := q.db.QueryRowContext(ctx, `SELECT COUNT(*) FROM post_drafts WHERE post_id = ?`, postID).Scan(&count)
+	return count > 0, err
+}
+
+func (q *Queries) CreateVersion(ctx context.Context, p *Post) error {
+	now := time.Now().UTC().Format(time.RFC3339)
+	_, err := q.db.ExecContext(ctx, `INSERT INTO post_versions (post_id, slug, title, description, tags, cover_image, content_md, content_html, created_at)
+		VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+		p.ID, p.Slug, nullStr(p.Title), nullStr(p.Description), jsonStr(p.Tags), nullStr(p.CoverImage),
+		nullStr(p.ContentMD), nullStr(p.ContentHTML), now)
+	return err
+}
+
+func (q *Queries) ListVersions(ctx context.Context, postID string) ([]PostVersion, error) {
+	rows, err := q.db.QueryContext(ctx, `SELECT id, post_id, slug, title, description, tags, cover_image, content_md, content_html, created_at
+		FROM post_versions WHERE post_id = ? ORDER BY created_at DESC`, postID)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var versions []PostVersion
+	for rows.Next() {
+		v, err := scanVersion(rows)
+		if err != nil {
+			return nil, err
+		}
+		versions = append(versions, v)
+	}
+	return versions, rows.Err()
+}
+
+func (q *Queries) GetVersion(ctx context.Context, versionID int64) (*PostVersion, error) {
+	row := q.db.QueryRowContext(ctx, `SELECT id, post_id, slug, title, description, tags, cover_image, content_md, content_html, created_at
+		FROM post_versions WHERE id = ?`, versionID)
+
+	v, err := scanVersion(row)
+	if err == sql.ErrNoRows {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &v, nil
+}
+
+func (q *Queries) PruneVersions(ctx context.Context, postID string, keepCount int) error {
+	_, err := q.db.ExecContext(ctx, `DELETE FROM post_versions AS pv
+		WHERE pv.post_id = ?1 AND pv.id NOT IN (
+			SELECT sub.id FROM post_versions AS sub WHERE sub.post_id = ?1 ORDER BY sub.created_at DESC LIMIT ?2
+		)`, postID, keepCount)
+	return err
+}
+
+func (q *Queries) Publish(ctx context.Context, postID string) error {
+	post, err := q.GetPostByID(ctx, postID)
+	if err != nil || post == nil {
+		return err
+	}
+
+	draft, err := q.GetDraft(ctx, postID)
+	if err != nil {
+		return err
+	}
+
+	now := time.Now().UTC()
+
+	if draft != nil {
+		if draft.Slug != post.Slug {
+			if !contains(post.Aliases, post.Slug) {
+				post.Aliases = append(post.Aliases, post.Slug)
+			}
+		}
+		post.Slug = draft.Slug
+		post.Title = draft.Title
+		post.Description = draft.Description
+		post.Tags = draft.Tags
+		post.CoverImage = draft.CoverImage
+		post.MembersOnly = draft.MembersOnly
+		post.ContentMD = draft.ContentMD
+		post.ContentHTML = draft.ContentHTML
+	}
+
+	if post.PublishedAt == nil {
+		post.PublishedAt = &now
+	}
+	post.UpdatedAt = &now
+	post.IsPublished = true
+
+	if err := q.UpdatePost(ctx, post); err != nil {
+		return err
+	}
+	if err := q.CreateVersion(ctx, post); err != nil {
+		return err
+	}
+	if err := q.DeleteDraft(ctx, postID); err != nil {
+		return err
+	}
+	return q.PruneVersions(ctx, postID, 10)
+}
+
+func (q *Queries) Unpublish(ctx context.Context, postID string) error {
+	now := time.Now().UTC().Format(time.RFC3339)
+	_, err := q.db.ExecContext(ctx, `UPDATE posts SET is_published = 0, modified_at = ? WHERE id = ?`, now, postID)
+	return err
+}
+
+func (q *Queries) RestoreVersion(ctx context.Context, postID string, versionID int64) error {
+	version, err := q.GetVersion(ctx, versionID)
+	if err != nil || version == nil {
+		return err
+	}
+
+	return q.SaveDraft(ctx, &PostDraft{
+		PostID:      postID,
+		Slug:        version.Slug,
+		Title:       version.Title,
+		Description: version.Description,
+		Tags:        version.Tags,
+		CoverImage:  version.CoverImage,
+		ContentMD:   version.ContentMD,
+		ContentHTML: version.ContentHTML,
+	})
+}
+
+type scanner interface {
+	Scan(dest ...any) error
+}
+
+func scanPost(s scanner) (Post, error) {
+	var p Post
+	var title, desc, tags, cover, md, html, pubAt, updAt, aliases, createdAt, modAt sql.NullString
+	var isPub, memOnly sql.NullInt64
+
+	err := s.Scan(&p.ID, &p.Slug, &title, &desc, &tags, &cover, &md, &html,
+		&isPub, &memOnly, &pubAt, &updAt, &aliases, &createdAt, &modAt)
+	if err != nil {
+		return p, err
+	}
+
+	p.Title = title.String
+	p.Description = desc.String
+	p.Tags = parseJSON[[]string](tags.String)
+	p.CoverImage = cover.String
+	p.ContentMD = md.String
+	p.ContentHTML = html.String
+	p.IsPublished = isPub.Int64 == 1
+	p.MembersOnly = memOnly.Int64 == 1
+	p.PublishedAt = parseTimePtr(pubAt.String)
+	p.UpdatedAt = parseTimePtr(updAt.String)
+	p.Aliases = parseJSON[[]string](aliases.String)
+	p.CreatedAt = parseTime(createdAt.String)
+	p.ModifiedAt = parseTime(modAt.String)
+	return p, nil
+}
+
+func scanDraft(s scanner) (PostDraft, error) {
+	var d PostDraft
+	var title, desc, tags, cover, md, html, modAt sql.NullString
+	var memOnly sql.NullInt64
+
+	err := s.Scan(&d.PostID, &d.Slug, &title, &desc, &tags, &cover, &memOnly, &md, &html, &modAt)
+	if err != nil {
+		return d, err
+	}
+
+	d.Title = title.String
+	d.Description = desc.String
+	d.Tags = parseJSON[[]string](tags.String)
+	d.CoverImage = cover.String
+	d.MembersOnly = memOnly.Int64 == 1
+	d.ContentMD = md.String
+	d.ContentHTML = html.String
+	d.ModifiedAt = parseTime(modAt.String)
+	return d, nil
+}
+
+func scanVersion(s scanner) (PostVersion, error) {
+	var v PostVersion
+	var title, desc, tags, cover, md, html, createdAt sql.NullString
+
+	err := s.Scan(&v.ID, &v.PostID, &v.Slug, &title, &desc, &tags, &cover, &md, &html, &createdAt)
+	if err != nil {
+		return v, err
+	}
+
+	v.Title = title.String
+	v.Description = desc.String
+	v.Tags = parseJSON[[]string](tags.String)
+	v.CoverImage = cover.String
+	v.ContentMD = md.String
+	v.ContentHTML = html.String
+	v.CreatedAt = parseTime(createdAt.String)
+	return v, nil
+}
+
+func nullStr(s string) sql.NullString {
+	return sql.NullString{String: s, Valid: s != ""}
+}
+
+func boolToInt(b bool) int {
+	if b {
+		return 1
+	}
+	return 0
+}
+
+func jsonStr[T any](v T) sql.NullString {
+	b, _ := json.Marshal(v)
+	s := string(b)
+	if s == "null" || s == "[]" {
+		return sql.NullString{}
+	}
+	return sql.NullString{String: s, Valid: true}
+}
+
+func parseJSON[T any](s string) T {
+	var v T
+	if s != "" {
+		json.Unmarshal([]byte(s), &v)
+	}
+	return v
+}
+
+func parseTime(s string) time.Time {
+	if s == "" {
+		return time.Time{}
+	}
+	for _, layout := range []string{time.RFC3339, "2006-01-02", "2006-01-02 15:04:05"} {
+		if t, err := time.Parse(layout, s); err == nil {
+			return t
+		}
+	}
+	return time.Time{}
+}
+
+func parseTimePtr(s string) *time.Time {
+	t := parseTime(s)
+	if t.IsZero() {
+		return nil
+	}
+	return &t
+}
+
+func timeToStr(t *time.Time) sql.NullString {
+	if t == nil {
+		return sql.NullString{}
+	}
+	return sql.NullString{String: t.UTC().Format(time.RFC3339), Valid: true}
+}
+
+func contains(slice []string, item string) bool {
+	for _, s := range slice {
+		if s == item {
+			return true
+		}
+	}
+	return false
+}
diff --git a/internal/tenant/queries.go b/internal/tenant/queries.go
new file mode 100644
index 0000000..e836b83
--- /dev/null
+++ b/internal/tenant/queries.go
@@ -0,0 +1,24 @@
+package tenant
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DB interface {
+	ExecContext(ctx context.Context, query string, args ...any) (sql.Result, error)
+	QueryContext(ctx context.Context, query string, args ...any) (*sql.Rows, error)
+	QueryRowContext(ctx context.Context, query string, args ...any) *sql.Row
+}
+
+type Queries struct {
+	db DB
+}
+
+func NewQueries(db *sql.DB) *Queries {
+	return &Queries{db: db}
+}
+
+func (q *Queries) WithTx(tx *sql.Tx) *Queries {
+	return &Queries{db: tx}
+}
diff --git a/internal/tenant/reactions.go b/internal/tenant/reactions.go
new file mode 100644
index 0000000..40d5ba5
--- /dev/null
+++ b/internal/tenant/reactions.go
@@ -0,0 +1,159 @@
+package tenant
+
+import (
+	"context"
+	"database/sql"
+)
+
+func (q *Queries) ListReactions(ctx context.Context, postSlug string) ([]Reaction, error) {
+	rows, err := q.db.QueryContext(ctx, `SELECT id, user_id, anon_id, post_slug, emoji, created_at
+		FROM reactions WHERE post_slug = ?`, postSlug)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var reactions []Reaction
+	for rows.Next() {
+		r, err := scanReaction(rows)
+		if err != nil {
+			return nil, err
+		}
+		reactions = append(reactions, r)
+	}
+	return reactions, rows.Err()
+}
+
+func (q *Queries) GetReactionCounts(ctx context.Context, postSlug string) (map[string]int, error) {
+	rows, err := q.db.QueryContext(ctx, `SELECT emoji, COUNT(*) as count FROM reactions WHERE post_slug = ? GROUP BY emoji`, postSlug)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	counts := make(map[string]int)
+	for rows.Next() {
+		var emoji string
+		var count int64
+		if err := rows.Scan(&emoji, &count); err != nil {
+			return nil, err
+		}
+		counts[emoji] = int(count)
+	}
+	return counts, rows.Err()
+}
+
+func (q *Queries) ToggleReaction(ctx context.Context, userID, anonID, postSlug, emoji string) (bool, error) {
+	var exists bool
+
+	if userID != "" {
+		var dummy int64
+		err := q.db.QueryRowContext(ctx, `SELECT 1 FROM reactions WHERE user_id = ? AND post_slug = ? AND emoji = ?`,
+			userID, postSlug, emoji).Scan(&dummy)
+		exists = err == nil
+	} else if anonID != "" {
+		var dummy int64
+		err := q.db.QueryRowContext(ctx, `SELECT 1 FROM reactions WHERE anon_id = ? AND post_slug = ? AND emoji = ?`,
+			anonID, postSlug, emoji).Scan(&dummy)
+		exists = err == nil
+	} else {
+		return false, nil
+	}
+
+	if !exists {
+		if userID != "" {
+			_, err := q.db.ExecContext(ctx, `INSERT INTO reactions (user_id, post_slug, emoji) VALUES (?, ?, ?)`,
+				userID, postSlug, emoji)
+			return true, err
+		}
+		_, err := q.db.ExecContext(ctx, `INSERT INTO reactions (anon_id, post_slug, emoji) VALUES (?, ?, ?)`,
+			anonID, postSlug, emoji)
+		return true, err
+	}
+
+	if userID != "" {
+		_, err := q.db.ExecContext(ctx, `DELETE FROM reactions WHERE user_id = ? AND post_slug = ? AND emoji = ?`,
+			userID, postSlug, emoji)
+		return false, err
+	}
+	_, err := q.db.ExecContext(ctx, `DELETE FROM reactions WHERE anon_id = ? AND post_slug = ? AND emoji = ?`,
+		anonID, postSlug, emoji)
+	return false, err
+}
+
+func (q *Queries) GetUserReactions(ctx context.Context, userID, postSlug string) ([]string, error) {
+	rows, err := q.db.QueryContext(ctx, `SELECT emoji FROM reactions WHERE user_id = ? AND post_slug = ?`, userID, postSlug)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var emojis []string
+	for rows.Next() {
+		var emoji string
+		if err := rows.Scan(&emoji); err != nil {
+			return nil, err
+		}
+		emojis = append(emojis, emoji)
+	}
+	return emojis, rows.Err()
+}
+
+func (q *Queries) GetAnonReactions(ctx context.Context, anonID, postSlug string) ([]string, error) {
+	rows, err := q.db.QueryContext(ctx, `SELECT emoji FROM reactions WHERE anon_id = ? AND post_slug = ?`, anonID, postSlug)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var emojis []string
+	for rows.Next() {
+		var emoji string
+		if err := rows.Scan(&emoji); err != nil {
+			return nil, err
+		}
+		emojis = append(emojis, emoji)
+	}
+	return emojis, rows.Err()
+}
+
+func (q *Queries) HasUserReacted(ctx context.Context, userID, postSlug string) (bool, error) {
+	var dummy int64
+	err := q.db.QueryRowContext(ctx, `SELECT 1 FROM reactions WHERE user_id = ? AND post_slug = ? LIMIT 1`,
+		userID, postSlug).Scan(&dummy)
+	if err == sql.ErrNoRows {
+		return false, nil
+	}
+	if err != nil {
+		return false, nil
+	}
+	return true, nil
+}
+
+func (q *Queries) HasAnonReacted(ctx context.Context, anonID, postSlug string) (bool, error) {
+	var dummy int64
+	err := q.db.QueryRowContext(ctx, `SELECT 1 FROM reactions WHERE anon_id = ? AND post_slug = ? LIMIT 1`,
+		anonID, postSlug).Scan(&dummy)
+	if err == sql.ErrNoRows {
+		return false, nil
+	}
+	if err != nil {
+		return false, nil
+	}
+	return true, nil
+}
+
+func scanReaction(s scanner) (Reaction, error) {
+	var r Reaction
+	var userID, anonID, createdAt sql.NullString
+
+	err := s.Scan(&r.ID, &userID, &anonID, &r.PostSlug, &r.Emoji, &createdAt)
+	if err != nil {
+		return r, err
+	}
+
+	r.UserID = userID.String
+	r.AnonID = anonID.String
+	r.CreatedAt = parseTime(createdAt.String)
+	return r, nil
+}
diff --git a/internal/tenant/runner.go b/internal/tenant/runner.go
new file mode 100644
index 0000000..1662851
--- /dev/null
+++ b/internal/tenant/runner.go
@@ -0,0 +1,621 @@
+package tenant
+
+import (
+	"bytes"
+	"context"
+	"database/sql"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"sync"
+	"time"
+
+	extism "github.com/extism/go-sdk"
+)
+
+type PluginRunner struct {
+	db       *sql.DB
+	q        *Queries
+	tenantID string
+	cache    map[string]*extism.Plugin
+	mu       sync.RWMutex
+}
+
+func NewPluginRunner(db *sql.DB, tenantID string) *PluginRunner {
+	return &PluginRunner{
+		db:       db,
+		q:        NewQueries(db),
+		tenantID: tenantID,
+		cache:    make(map[string]*extism.Plugin),
+	}
+}
+
+type HookEvent struct {
+	Hook string         `json:"hook"`
+	Data map[string]any `json:"data"`
+}
+
+type PluginResult struct {
+	PluginID string `json:"plugin_id"`
+	Success  bool   `json:"success"`
+	Output   string `json:"output,omitempty"`
+	Error    string `json:"error,omitempty"`
+	Duration int64  `json:"duration_ms"`
+}
+
+// TriggerHook executes plugins for an event hook (fire-and-forget)
+func (r *PluginRunner) TriggerHook(ctx context.Context, hook string, data map[string]any) []PluginResult {
+	plugins, err := r.q.GetPluginsByHook(ctx, hook)
+	if err != nil || len(plugins) == 0 {
+		return nil
+	}
+
+	secrets, _ := GetSecretsMap(r.db, r.tenantID)
+
+	var results []PluginResult
+	for _, p := range plugins {
+		result := r.runPlugin(ctx, &p, hook, data, secrets)
+		results = append(results, result)
+	}
+	return results
+}
+
+// ValidationResult represents the result of a validation hook
+type ValidationResult struct {
+	Allowed bool   `json:"allowed"`
+	Reason  string `json:"reason,omitempty"`
+}
+
+// TriggerValidation executes a validation hook and returns whether the action is allowed
+// Returns (allowed, reason, error). If no plugins exist, allowed defaults to true.
+func (r *PluginRunner) TriggerValidation(ctx context.Context, hook string, data map[string]any) (bool, string, error) {
+	plugins, err := r.q.GetPluginsByHook(ctx, hook)
+	if err != nil {
+		return true, "", err // Default to allowed on error
+	}
+	if len(plugins) == 0 {
+		return true, "", nil // Default to allowed if no plugins
+	}
+
+	secrets, _ := GetSecretsMap(r.db, r.tenantID)
+
+	// Run first enabled plugin only (validation is exclusive)
+	for _, p := range plugins {
+		result := r.runPlugin(ctx, &p, hook, data, secrets)
+		if !result.Success {
+			// Plugin failed to run, default to allowed
+			continue
+		}
+
+		var validation ValidationResult
+		if err := json.Unmarshal([]byte(result.Output), &validation); err != nil {
+			continue // Invalid output, skip this plugin
+		}
+
+		if !validation.Allowed {
+			return false, validation.Reason, nil
+		}
+	}
+
+	return true, "", nil
+}
+
+// TriggerTransform executes a transform hook and returns the transformed data
+// If no plugins exist or all fail, returns the original data unchanged.
+func (r *PluginRunner) TriggerTransform(ctx context.Context, hook string, data map[string]any) (map[string]any, error) {
+	plugins, err := r.q.GetPluginsByHook(ctx, hook)
+	if err != nil || len(plugins) == 0 {
+		return data, nil
+	}
+
+	secrets, _ := GetSecretsMap(r.db, r.tenantID)
+	current := data
+
+	// Chain transforms - each plugin receives output of previous
+	for _, p := range plugins {
+		result := r.runPlugin(ctx, &p, hook, current, secrets)
+		if !result.Success {
+			continue // Skip failed plugins
+		}
+
+		var transformed map[string]any
+		if err := json.Unmarshal([]byte(result.Output), &transformed); err != nil {
+			continue // Invalid output, skip
+		}
+
+		current = transformed
+	}
+
+	return current, nil
+}
+
+func (r *PluginRunner) runPlugin(ctx context.Context, p *Plugin, hook string, data map[string]any, secrets map[string]string) PluginResult {
+	start := time.Now()
+	result := PluginResult{PluginID: p.ID}
+
+	plugin, err := r.getOrCreatePlugin(p, secrets)
+	if err != nil {
+		result.Error = err.Error()
+		result.Duration = time.Since(start).Milliseconds()
+		return result
+	}
+
+	input, _ := json.Marshal(data)
+
+	funcName := hookToFunction(hook)
+	_, output, err := plugin.Call(funcName, input)
+	if err != nil {
+		result.Error = err.Error()
+	} else {
+		result.Success = true
+		result.Output = string(output)
+	}
+
+	result.Duration = time.Since(start).Milliseconds()
+	return result
+}
+
+func (r *PluginRunner) getOrCreatePlugin(p *Plugin, secrets map[string]string) (*extism.Plugin, error) {
+	r.mu.RLock()
+	cached, ok := r.cache[p.ID]
+	r.mu.RUnlock()
+
+	if ok {
+		return cached, nil
+	}
+
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	if cached, ok = r.cache[p.ID]; ok {
+		return cached, nil
+	}
+
+	manifest := extism.Manifest{
+		Wasm: []extism.Wasm{
+			extism.WasmData{Data: p.Wasm},
+		},
+		AllowedHosts: []string{"*"},
+		Config:       secrets,
+	}
+
+	config := extism.PluginConfig{
+		EnableWasi: true,
+	}
+
+	plugin, err := extism.NewPlugin(context.Background(), manifest, config, r.hostFunctions())
+	if err != nil {
+		return nil, fmt.Errorf("create plugin: %w", err)
+	}
+
+	r.cache[p.ID] = plugin
+	return plugin, nil
+}
+
+func (r *PluginRunner) hostFunctions() []extism.HostFunction {
+	return []extism.HostFunction{
+		r.httpRequestHost(),
+		r.kvGetHost(),
+		r.kvSetHost(),
+		r.logHost(),
+	}
+}
+
+func (r *PluginRunner) httpRequestHost() extism.HostFunction {
+	return extism.NewHostFunctionWithStack(
+		"http_request",
+		func(ctx context.Context, p *extism.CurrentPlugin, stack []uint64) {
+			input, err := p.ReadBytes(stack[0])
+			if err != nil {
+				return
+			}
+
+			var req struct {
+				URL     string            `json:"url"`
+				Method  string            `json:"method"`
+				Headers map[string]string `json:"headers"`
+				Body    string            `json:"body"`
+			}
+			if err := json.Unmarshal(input, &req); err != nil {
+				return
+			}
+
+			if req.Method == "" {
+				req.Method = "GET"
+			}
+
+			httpReq, err := http.NewRequestWithContext(ctx, req.Method, req.URL, bytes.NewBufferString(req.Body))
+			if err != nil {
+				return
+			}
+
+			for k, v := range req.Headers {
+				httpReq.Header.Set(k, v)
+			}
+
+			client := &http.Client{Timeout: 30 * time.Second}
+			resp, err := client.Do(httpReq)
+			if err != nil {
+				errResp, _ := json.Marshal(map[string]any{"error": err.Error()})
+				offset, _ := p.WriteBytes(errResp)
+				stack[0] = offset
+				return
+			}
+			defer resp.Body.Close()
+
+			body, _ := io.ReadAll(resp.Body)
+
+			headers := make(map[string]string)
+			for k := range resp.Header {
+				headers[k] = resp.Header.Get(k)
+			}
+
+			result, _ := json.Marshal(map[string]any{
+				"status":  resp.StatusCode,
+				"headers": headers,
+				"body":    string(body),
+			})
+
+			offset, _ := p.WriteBytes(result)
+			stack[0] = offset
+		},
+		[]extism.ValueType{extism.ValueTypeI64},
+		[]extism.ValueType{extism.ValueTypeI64},
+	)
+}
+
+func (r *PluginRunner) kvGetHost() extism.HostFunction {
+	return extism.NewHostFunctionWithStack(
+		"kv_get",
+		func(ctx context.Context, p *extism.CurrentPlugin, stack []uint64) {
+			key, err := p.ReadString(stack[0])
+			if err != nil {
+				return
+			}
+
+			value, _ := GetSecret(r.db, r.tenantID, "kv:"+key)
+			offset, _ := p.WriteString(value)
+			stack[0] = offset
+		},
+		[]extism.ValueType{extism.ValueTypeI64},
+		[]extism.ValueType{extism.ValueTypeI64},
+	)
+}
+
+func (r *PluginRunner) kvSetHost() extism.HostFunction {
+	return extism.NewHostFunctionWithStack(
+		"kv_set",
+		func(ctx context.Context, p *extism.CurrentPlugin, stack []uint64) {
+			input, err := p.ReadBytes(stack[0])
+			if err != nil {
+				return
+			}
+
+			var kv struct {
+				Key   string `json:"key"`
+				Value string `json:"value"`
+			}
+			if err := json.Unmarshal(input, &kv); err != nil {
+				return
+			}
+
+			SetSecret(r.db, r.tenantID, "kv:"+kv.Key, kv.Value)
+			stack[0] = 0
+		},
+		[]extism.ValueType{extism.ValueTypeI64},
+		[]extism.ValueType{extism.ValueTypeI64},
+	)
+}
+
+func (r *PluginRunner) logHost() extism.HostFunction {
+	return extism.NewHostFunctionWithStack(
+		"log",
+		func(ctx context.Context, p *extism.CurrentPlugin, stack []uint64) {
+			msg, _ := p.ReadString(stack[0])
+			fmt.Printf("[plugin] %s\n", msg)
+			stack[0] = 0
+		},
+		[]extism.ValueType{extism.ValueTypeI64},
+		[]extism.ValueType{extism.ValueTypeI64},
+	)
+}
+
+func (r *PluginRunner) InvalidateCache(pluginID string) {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	if plugin, ok := r.cache[pluginID]; ok {
+		plugin.Close(context.Background())
+		delete(r.cache, pluginID)
+	}
+}
+
+func (r *PluginRunner) Close() {
+	r.mu.Lock()
+	defer r.mu.Unlock()
+
+	for _, plugin := range r.cache {
+		plugin.Close(context.Background())
+	}
+	r.cache = make(map[string]*extism.Plugin)
+}
+
+// HookPattern defines how a hook should be executed
+type HookPattern string
+
+const (
+	PatternEvent      HookPattern = "event"      // Fire-and-forget notifications
+	PatternValidation HookPattern = "validation" // Returns allowed/rejected decision
+	PatternTransform  HookPattern = "transform"  // Modifies and returns data
+)
+
+// HookInfo contains metadata about a hook
+type HookInfo struct {
+	Name        string
+	Pattern     HookPattern
+	Description string
+}
+
+// AvailableHooks lists all supported hooks with metadata
+var AvailableHooks = []HookInfo{
+	// Content hooks
+	{Name: "post.published", Pattern: PatternEvent, Description: "Triggered when a post is published"},
+	{Name: "post.updated", Pattern: PatternEvent, Description: "Triggered when a post is updated"},
+	{Name: "content.render", Pattern: PatternTransform, Description: "Transform HTML before display"},
+
+	// Engagement hooks
+	{Name: "comment.validate", Pattern: PatternValidation, Description: "Validate comment before creation"},
+	{Name: "comment.created", Pattern: PatternEvent, Description: "Triggered when a comment is created"},
+	{Name: "member.subscribed", Pattern: PatternEvent, Description: "Triggered when a member subscribes"},
+
+	// Utility hooks
+	{Name: "asset.uploaded", Pattern: PatternEvent, Description: "Triggered when an asset is uploaded"},
+	{Name: "analytics.sync", Pattern: PatternEvent, Description: "Triggered during analytics sync"},
+}
+
+// GetHookPattern returns the pattern for a given hook
+func GetHookPattern(hook string) HookPattern {
+	for _, h := range AvailableHooks {
+		if h.Name == hook {
+			return h.Pattern
+		}
+	}
+	return PatternEvent
+}
+
+// GetHookNames returns just the hook names (for API responses)
+func GetHookNames() []string {
+	names := make([]string, len(AvailableHooks))
+	for i, h := range AvailableHooks {
+		names[i] = h.Name
+	}
+	return names
+}
+
+// TestPluginRunner runs plugins for testing with log capture
+type TestPluginRunner struct {
+	db       *sql.DB
+	tenantID string
+	secrets  map[string]string
+	logs     []string
+}
+
+// TestResult contains the result of a plugin test run
+type TestResult struct {
+	Success  bool     `json:"success"`
+	Output   string   `json:"output,omitempty"`
+	Logs     []string `json:"logs"`
+	Error    string   `json:"error,omitempty"`
+	Duration int64    `json:"duration_ms"`
+}
+
+func NewTestPluginRunner(db *sql.DB, tenantID string, secrets map[string]string) *TestPluginRunner {
+	return &TestPluginRunner{
+		db:       db,
+		tenantID: tenantID,
+		secrets:  secrets,
+		logs:     []string{},
+	}
+}
+
+func (r *TestPluginRunner) RunTest(ctx context.Context, wasm []byte, hook string, data map[string]any) TestResult {
+	start := time.Now()
+	result := TestResult{Logs: []string{}}
+
+	manifest := extism.Manifest{
+		Wasm: []extism.Wasm{
+			extism.WasmData{Data: wasm},
+		},
+		AllowedHosts: []string{"*"},
+		Config:       r.secrets,
+	}
+
+	config := extism.PluginConfig{
+		EnableWasi: true,
+	}
+
+	plugin, err := extism.NewPlugin(ctx, manifest, config, r.testHostFunctions())
+	if err != nil {
+		result.Error = fmt.Sprintf("Failed to create plugin: %v", err)
+		result.Duration = time.Since(start).Milliseconds()
+		return result
+	}
+	defer plugin.Close(ctx)
+
+	input, _ := json.Marshal(data)
+	funcName := hookToFunction(hook)
+
+	_, output, err := plugin.Call(funcName, input)
+	if err != nil {
+		result.Error = err.Error()
+	} else {
+		result.Success = true
+		result.Output = string(output)
+	}
+
+	result.Logs = r.logs
+	result.Duration = time.Since(start).Milliseconds()
+	return result
+}
+
+func (r *TestPluginRunner) testHostFunctions() []extism.HostFunction {
+	return []extism.HostFunction{
+		r.testHttpRequestHost(),
+		r.testKvGetHost(),
+		r.testKvSetHost(),
+		r.testLogHost(),
+	}
+}
+
+func (r *TestPluginRunner) testHttpRequestHost() extism.HostFunction {
+	return extism.NewHostFunctionWithStack(
+		"http_request",
+		func(ctx context.Context, p *extism.CurrentPlugin, stack []uint64) {
+			input, err := p.ReadBytes(stack[0])
+			if err != nil {
+				return
+			}
+
+			var req struct {
+				URL     string            `json:"url"`
+				Method  string            `json:"method"`
+				Headers map[string]string `json:"headers"`
+				Body    string            `json:"body"`
+			}
+			if err := json.Unmarshal(input, &req); err != nil {
+				return
+			}
+
+			if req.Method == "" {
+				req.Method = "GET"
+			}
+
+			r.logs = append(r.logs, fmt.Sprintf("[HTTP] %s %s", req.Method, req.URL))
+
+			httpReq, err := http.NewRequestWithContext(ctx, req.Method, req.URL, bytes.NewBufferString(req.Body))
+			if err != nil {
+				errResp, _ := json.Marshal(map[string]any{"error": err.Error()})
+				offset, _ := p.WriteBytes(errResp)
+				stack[0] = offset
+				return
+			}
+
+			for k, v := range req.Headers {
+				httpReq.Header.Set(k, v)
+			}
+
+			client := &http.Client{Timeout: 30 * time.Second}
+			resp, err := client.Do(httpReq)
+			if err != nil {
+				r.logs = append(r.logs, fmt.Sprintf("[HTTP] Error: %v", err))
+				errResp, _ := json.Marshal(map[string]any{"error": err.Error()})
+				offset, _ := p.WriteBytes(errResp)
+				stack[0] = offset
+				return
+			}
+			defer resp.Body.Close()
+
+			body, _ := io.ReadAll(resp.Body)
+
+			r.logs = append(r.logs, fmt.Sprintf("[HTTP] Response: %d (%d bytes)", resp.StatusCode, len(body)))
+
+			headers := make(map[string]string)
+			for k := range resp.Header {
+				headers[k] = resp.Header.Get(k)
+			}
+
+			result, _ := json.Marshal(map[string]any{
+				"status":  resp.StatusCode,
+				"headers": headers,
+				"body":    string(body),
+			})
+
+			offset, _ := p.WriteBytes(result)
+			stack[0] = offset
+		},
+		[]extism.ValueType{extism.ValueTypeI64},
+		[]extism.ValueType{extism.ValueTypeI64},
+	)
+}
+
+func (r *TestPluginRunner) testKvGetHost() extism.HostFunction {
+	return extism.NewHostFunctionWithStack(
+		"kv_get",
+		func(ctx context.Context, p *extism.CurrentPlugin, stack []uint64) {
+			key, err := p.ReadString(stack[0])
+			if err != nil {
+				return
+			}
+
+			value, _ := GetSecret(r.db, r.tenantID, "kv:"+key)
+			r.logs = append(r.logs, fmt.Sprintf("[KV] GET %s", key))
+			offset, _ := p.WriteString(value)
+			stack[0] = offset
+		},
+		[]extism.ValueType{extism.ValueTypeI64},
+		[]extism.ValueType{extism.ValueTypeI64},
+	)
+}
+
+func (r *TestPluginRunner) testKvSetHost() extism.HostFunction {
+	return extism.NewHostFunctionWithStack(
+		"kv_set",
+		func(ctx context.Context, p *extism.CurrentPlugin, stack []uint64) {
+			input, err := p.ReadBytes(stack[0])
+			if err != nil {
+				return
+			}
+
+			var kv struct {
+				Key   string `json:"key"`
+				Value string `json:"value"`
+			}
+			if err := json.Unmarshal(input, &kv); err != nil {
+				return
+			}
+
+			r.logs = append(r.logs, fmt.Sprintf("[KV] SET %s = %s", kv.Key, kv.Value))
+			SetSecret(r.db, r.tenantID, "kv:"+kv.Key, kv.Value)
+			stack[0] = 0
+		},
+		[]extism.ValueType{extism.ValueTypeI64},
+		[]extism.ValueType{extism.ValueTypeI64},
+	)
+}
+
+func (r *TestPluginRunner) testLogHost() extism.HostFunction {
+	return extism.NewHostFunctionWithStack(
+		"log",
+		func(ctx context.Context, p *extism.CurrentPlugin, stack []uint64) {
+			msg, _ := p.ReadString(stack[0])
+			r.logs = append(r.logs, fmt.Sprintf("[LOG] %s", msg))
+			stack[0] = 0
+		},
+		[]extism.ValueType{extism.ValueTypeI64},
+		[]extism.ValueType{extism.ValueTypeI64},
+	)
+}
+
+func hookToFunction(hook string) string {
+	switch hook {
+	case "post.published":
+		return "on_post_published"
+	case "post.updated":
+		return "on_post_updated"
+	case "content.render":
+		return "render_content"
+	case "comment.validate":
+		return "validate_comment"
+	case "comment.created":
+		return "on_comment_created"
+	case "member.subscribed":
+		return "on_member_subscribed"
+	case "asset.uploaded":
+		return "on_asset_uploaded"
+	case "analytics.sync":
+		return "on_analytics_sync"
+	default:
+		return "run"
+	}
+}
diff --git a/internal/tenant/search.go b/internal/tenant/search.go
new file mode 100644
index 0000000..4da313d
--- /dev/null
+++ b/internal/tenant/search.go
@@ -0,0 +1,67 @@
+package tenant
+
+import (
+	"context"
+)
+
+type SearchResult struct {
+	Slug       string
+	Collection string
+	Title      string
+	Snippet    string
+	Type       string
+	URL        string
+	Date       string
+}
+
+func (q *Queries) Search(ctx context.Context, query string, limit int) ([]SearchResult, error) {
+	if limit <= 0 {
+		limit = 20
+	}
+
+	rows, err := q.db.QueryContext(ctx,
+		`SELECT slug, collection_slug, title, snippet(search_index, 4, '<mark>', '</mark>', '...', 32), type, url, date
+		FROM search_index
+		WHERE search_index MATCH ?
+		ORDER BY rank
+		LIMIT ?`, query, limit)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var results []SearchResult
+	for rows.Next() {
+		var r SearchResult
+		if err := rows.Scan(&r.Slug, &r.Collection, &r.Title, &r.Snippet, &r.Type, &r.URL, &r.Date); err != nil {
+			return nil, err
+		}
+		results = append(results, r)
+	}
+	return results, rows.Err()
+}
+
+func (q *Queries) IndexPost(ctx context.Context, p *Post) error {
+	q.db.ExecContext(ctx, `DELETE FROM search_index WHERE slug = ? AND type = 'post'`, p.Slug)
+
+	if !p.IsPublished {
+		return nil
+	}
+
+	dateStr := ""
+	if p.PublishedAt != nil {
+		dateStr = p.PublishedAt.Format("2006-01-02")
+	}
+
+	_, err := q.db.ExecContext(ctx,
+		`INSERT INTO search_index (slug, collection_slug, title, description, content, type, url, date)
+		VALUES (?, ?, ?, ?, ?, 'post', ?, ?)`,
+		p.Slug, "", p.Title, p.Description, p.ContentMD,
+		"/posts/"+p.Slug, dateStr)
+	return err
+}
+
+func (q *Queries) RemoveFromIndex(ctx context.Context, slug, itemType string) error {
+	_, err := q.db.ExecContext(ctx, `DELETE FROM search_index WHERE slug = ? AND type = ?`, slug, itemType)
+	return err
+}
diff --git a/internal/tenant/secrets.go b/internal/tenant/secrets.go
new file mode 100644
index 0000000..f1952fa
--- /dev/null
+++ b/internal/tenant/secrets.go
@@ -0,0 +1,202 @@
+package tenant
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"crypto/sha256"
+	"database/sql"
+	"encoding/hex"
+	"fmt"
+	"os"
+	"time"
+)
+
+type Secret struct {
+	Key       string
+	CreatedAt time.Time
+	UpdatedAt time.Time
+}
+
+var masterKey []byte
+
+func init() {
+	key := os.Getenv("SECRETS_MASTER_KEY")
+	if key == "" {
+		key = "writekit-dev-key-change-in-prod"
+	}
+	hash := sha256.Sum256([]byte(key))
+	masterKey = hash[:]
+}
+
+func deriveKey(tenantID string) []byte {
+	combined := append(masterKey, []byte(tenantID)...)
+	hash := sha256.Sum256(combined)
+	return hash[:]
+}
+
+func encrypt(plaintext []byte, tenantID string) (ciphertext, nonce []byte, err error) {
+	key := deriveKey(tenantID)
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	gcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	nonce = make([]byte, gcm.NonceSize())
+	if _, err := rand.Read(nonce); err != nil {
+		return nil, nil, err
+	}
+
+	ciphertext = gcm.Seal(nil, nonce, plaintext, nil)
+	return ciphertext, nonce, nil
+}
+
+func decrypt(ciphertext, nonce []byte, tenantID string) ([]byte, error) {
+	key := deriveKey(tenantID)
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	gcm, err := cipher.NewGCM(block)
+	if err != nil {
+		return nil, err
+	}
+
+	return gcm.Open(nil, nonce, ciphertext, nil)
+}
+
+func ensureSecretsTable(db *sql.DB) error {
+	_, err := db.Exec(`
+		CREATE TABLE IF NOT EXISTS secrets (
+			key TEXT PRIMARY KEY,
+			value BLOB NOT NULL,
+			nonce BLOB NOT NULL,
+			created_at TEXT DEFAULT CURRENT_TIMESTAMP,
+			updated_at TEXT DEFAULT CURRENT_TIMESTAMP
+		)
+	`)
+	return err
+}
+
+func SetSecret(db *sql.DB, tenantID, key, value string) error {
+	if err := ensureSecretsTable(db); err != nil {
+		return err
+	}
+
+	ciphertext, nonce, err := encrypt([]byte(value), tenantID)
+	if err != nil {
+		return fmt.Errorf("encrypt: %w", err)
+	}
+
+	_, err = db.Exec(`
+		INSERT INTO secrets (key, value, nonce, updated_at)
+		VALUES (?, ?, ?, CURRENT_TIMESTAMP)
+		ON CONFLICT(key) DO UPDATE SET
+			value = excluded.value,
+			nonce = excluded.nonce,
+			updated_at = CURRENT_TIMESTAMP
+	`, key, ciphertext, nonce)
+	return err
+}
+
+func GetSecret(db *sql.DB, tenantID, key string) (string, error) {
+	if err := ensureSecretsTable(db); err != nil {
+		return "", err
+	}
+
+	var ciphertext, nonce []byte
+	err := db.QueryRow(`SELECT value, nonce FROM secrets WHERE key = ?`, key).Scan(&ciphertext, &nonce)
+	if err == sql.ErrNoRows {
+		return "", nil
+	}
+	if err != nil {
+		return "", err
+	}
+
+	plaintext, err := decrypt(ciphertext, nonce, tenantID)
+	if err != nil {
+		return "", fmt.Errorf("decrypt: %w", err)
+	}
+
+	return string(plaintext), nil
+}
+
+func DeleteSecret(db *sql.DB, key string) error {
+	if err := ensureSecretsTable(db); err != nil {
+		return err
+	}
+
+	_, err := db.Exec(`DELETE FROM secrets WHERE key = ?`, key)
+	return err
+}
+
+func ListSecrets(db *sql.DB) ([]Secret, error) {
+	if err := ensureSecretsTable(db); err != nil {
+		return nil, err
+	}
+
+	rows, err := db.Query(`SELECT key, created_at, updated_at FROM secrets ORDER BY key`)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var secrets []Secret
+	for rows.Next() {
+		var s Secret
+		var createdAt, updatedAt string
+		if err := rows.Scan(&s.Key, &createdAt, &updatedAt); err != nil {
+			return nil, err
+		}
+		s.CreatedAt, _ = time.Parse(time.RFC3339, createdAt)
+		s.UpdatedAt, _ = time.Parse(time.RFC3339, updatedAt)
+		secrets = append(secrets, s)
+	}
+	return secrets, rows.Err()
+}
+
+func GetSecretsMap(db *sql.DB, tenantID string) (map[string]string, error) {
+	if err := ensureSecretsTable(db); err != nil {
+		return nil, err
+	}
+
+	rows, err := db.Query(`SELECT key, value, nonce FROM secrets`)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	secrets := make(map[string]string)
+	for rows.Next() {
+		var key string
+		var ciphertext, nonce []byte
+		if err := rows.Scan(&key, &ciphertext, &nonce); err != nil {
+			return nil, err
+		}
+		plaintext, err := decrypt(ciphertext, nonce, tenantID)
+		if err != nil {
+			continue
+		}
+		secrets[key] = string(plaintext)
+	}
+	return secrets, rows.Err()
+}
+
+func MaskSecret(value string) string {
+	if len(value) <= 8 {
+		return "••••••••"
+	}
+	return value[:4] + "••••" + value[len(value)-4:]
+}
+
+func GenerateSecretID() string {
+	b := make([]byte, 16)
+	rand.Read(b)
+	return hex.EncodeToString(b)
+}
diff --git a/internal/tenant/settings.go b/internal/tenant/settings.go
new file mode 100644
index 0000000..9ec0898
--- /dev/null
+++ b/internal/tenant/settings.go
@@ -0,0 +1,84 @@
+package tenant
+
+import (
+	"context"
+)
+
+func (q *Queries) GetSettings(ctx context.Context) (Settings, error) {
+	rows, err := q.db.QueryContext(ctx, `SELECT key, value FROM site_settings`)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	settings := make(Settings)
+	for rows.Next() {
+		var key, value string
+		if err := rows.Scan(&key, &value); err != nil {
+			return nil, err
+		}
+		settings[key] = value
+	}
+	return settings, rows.Err()
+}
+
+func (q *Queries) GetSetting(ctx context.Context, key string) (string, error) {
+	var value string
+	err := q.db.QueryRowContext(ctx, `SELECT value FROM site_settings WHERE key = ?`, key).Scan(&value)
+	if err != nil {
+		return "", err
+	}
+	return value, nil
+}
+
+func (q *Queries) SetSetting(ctx context.Context, key, value string) error {
+	_, err := q.db.ExecContext(ctx, `INSERT INTO site_settings (key, value, updated_at)
+		VALUES (?, ?, CURRENT_TIMESTAMP)
+		ON CONFLICT(key) DO UPDATE SET value = excluded.value, updated_at = CURRENT_TIMESTAMP`, key, value)
+	return err
+}
+
+func (q *Queries) SetSettings(ctx context.Context, settings Settings) error {
+	for key, value := range settings {
+		if err := q.SetSetting(ctx, key, value); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (q *Queries) DeleteSetting(ctx context.Context, key string) error {
+	_, err := q.db.ExecContext(ctx, `DELETE FROM site_settings WHERE key = ?`, key)
+	return err
+}
+
+var defaultSettings = map[string]string{
+	"comments_enabled":       "true",
+	"reactions_enabled":      "true",
+	"reaction_mode":          "upvote",
+	"reaction_emojis":        "👍,❤️,😂,😮,😢",
+	"upvote_icon":            "👍",
+	"reactions_require_auth": "false",
+}
+
+func (q *Queries) GetSettingWithDefault(ctx context.Context, key string) string {
+	value, err := q.GetSetting(ctx, key)
+	if err != nil || value == "" {
+		if def, ok := defaultSettings[key]; ok {
+			return def
+		}
+		return ""
+	}
+	return value
+}
+
+func (q *Queries) GetInteractionConfig(ctx context.Context) map[string]any {
+	return map[string]any{
+		"comments_enabled":       q.GetSettingWithDefault(ctx, "comments_enabled") == "true",
+		"reactions_enabled":      q.GetSettingWithDefault(ctx, "reactions_enabled") == "true",
+		"reaction_mode":          q.GetSettingWithDefault(ctx, "reaction_mode"),
+		"reaction_emojis":        q.GetSettingWithDefault(ctx, "reaction_emojis"),
+		"upvote_icon":            q.GetSettingWithDefault(ctx, "upvote_icon"),
+		"reactions_require_auth": q.GetSettingWithDefault(ctx, "reactions_require_auth") == "true",
+	}
+}
diff --git a/internal/tenant/sqlite.go b/internal/tenant/sqlite.go
new file mode 100644
index 0000000..cfc178f
--- /dev/null
+++ b/internal/tenant/sqlite.go
@@ -0,0 +1,273 @@
+package tenant
+
+import (
+	"database/sql"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	_ "modernc.org/sqlite"
+)
+
+func openDB(dataDir, tenantID string, inMemory bool) (*sql.DB, error) {
+	var dsn string
+	if inMemory {
+		// named in-memory DB with shared cache so all 'connections' share the same database
+		dsn = "file:" + tenantID + "?mode=memory&cache=shared&_pragma=busy_timeout(5000)"
+	} else {
+		dbPath := filepath.Join(dataDir, tenantID+".db")
+		if err := os.MkdirAll(dataDir, 0755); err != nil {
+			return nil, err
+		}
+		dsn = dbPath + "?_pragma=journal_mode(WAL)&_pragma=busy_timeout(5000)"
+	}
+
+	db, err := sql.Open("sqlite", dsn)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := initSchema(db); err != nil {
+		db.Close()
+		return nil, err
+	}
+
+	return db, nil
+}
+
+func initSchema(db *sql.DB) error {
+	schema := `
+	CREATE TABLE IF NOT EXISTS posts (
+		id TEXT PRIMARY KEY,
+		slug TEXT UNIQUE NOT NULL,
+		title TEXT,
+		description TEXT,
+		tags TEXT,
+		cover_image TEXT,
+		content_md TEXT,
+		content_html TEXT,
+		is_published INTEGER DEFAULT 0,
+		members_only INTEGER DEFAULT 0,
+		published_at TEXT,
+		updated_at TEXT,
+		aliases TEXT,
+		created_at TEXT DEFAULT CURRENT_TIMESTAMP,
+		modified_at TEXT DEFAULT CURRENT_TIMESTAMP
+	);
+	CREATE INDEX IF NOT EXISTS idx_posts_slug ON posts(slug);
+	CREATE INDEX IF NOT EXISTS idx_posts_published ON posts(published_at DESC) WHERE is_published = 1;
+
+	CREATE TABLE IF NOT EXISTS post_drafts (
+		post_id TEXT PRIMARY KEY REFERENCES posts(id) ON DELETE CASCADE,
+		slug TEXT NOT NULL,
+		title TEXT,
+		description TEXT,
+		tags TEXT,
+		cover_image TEXT,
+		members_only INTEGER DEFAULT 0,
+		content_md TEXT,
+		content_html TEXT,
+		modified_at TEXT DEFAULT CURRENT_TIMESTAMP
+	);
+
+	CREATE TABLE IF NOT EXISTS post_versions (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		post_id TEXT NOT NULL REFERENCES posts(id) ON DELETE CASCADE,
+		slug TEXT NOT NULL,
+		title TEXT,
+		description TEXT,
+		tags TEXT,
+		cover_image TEXT,
+		content_md TEXT,
+		content_html TEXT,
+		created_at TEXT DEFAULT CURRENT_TIMESTAMP
+	);
+	CREATE INDEX IF NOT EXISTS idx_post_versions_post ON post_versions(post_id);
+
+	CREATE TABLE IF NOT EXISTS pages (
+		path TEXT PRIMARY KEY,
+		html BLOB,
+		etag TEXT,
+		built_at TEXT
+	);
+
+	CREATE TABLE IF NOT EXISTS assets (
+		id TEXT PRIMARY KEY,
+		filename TEXT NOT NULL,
+		r2_key TEXT NOT NULL,
+		content_type TEXT,
+		size INTEGER,
+		width INTEGER,
+		height INTEGER,
+		created_at TEXT DEFAULT CURRENT_TIMESTAMP
+	);
+
+	CREATE TABLE IF NOT EXISTS site_settings (
+		key TEXT PRIMARY KEY,
+		value TEXT NOT NULL,
+		updated_at TEXT DEFAULT CURRENT_TIMESTAMP
+	);
+
+	CREATE TABLE IF NOT EXISTS users (
+		id TEXT PRIMARY KEY,
+		email TEXT NOT NULL,
+		name TEXT,
+		avatar_url TEXT,
+		created_at TEXT DEFAULT CURRENT_TIMESTAMP
+	);
+
+	CREATE TABLE IF NOT EXISTS sessions (
+		token TEXT PRIMARY KEY,
+		user_id TEXT NOT NULL REFERENCES users(id),
+		expires_at TEXT NOT NULL
+	);
+	CREATE INDEX IF NOT EXISTS idx_sessions_expires ON sessions(expires_at);
+
+	CREATE TABLE IF NOT EXISTS comments (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		user_id TEXT NOT NULL REFERENCES users(id),
+		post_slug TEXT NOT NULL,
+		content TEXT NOT NULL,
+		content_html TEXT,
+		parent_id INTEGER REFERENCES comments(id),
+		created_at TEXT DEFAULT CURRENT_TIMESTAMP,
+		updated_at TEXT DEFAULT CURRENT_TIMESTAMP
+	);
+	CREATE INDEX IF NOT EXISTS idx_comments_post ON comments(post_slug);
+	CREATE INDEX IF NOT EXISTS idx_comments_parent ON comments(parent_id);
+
+	CREATE TABLE IF NOT EXISTS reactions (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		user_id TEXT REFERENCES users(id),
+		anon_id TEXT,
+		post_slug TEXT NOT NULL,
+		emoji TEXT NOT NULL,
+		created_at TEXT DEFAULT CURRENT_TIMESTAMP,
+		UNIQUE(user_id, post_slug, emoji),
+		UNIQUE(anon_id, post_slug, emoji)
+	);
+	CREATE INDEX IF NOT EXISTS idx_reactions_post ON reactions(post_slug);
+
+	CREATE TABLE IF NOT EXISTS page_views (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		path TEXT NOT NULL,
+		post_slug TEXT,
+		referrer TEXT,
+		user_agent TEXT,
+		visitor_hash TEXT,
+		utm_source TEXT,
+		utm_medium TEXT,
+		utm_campaign TEXT,
+		device_type TEXT,
+		browser TEXT,
+		os TEXT,
+		country TEXT,
+		created_at TEXT DEFAULT CURRENT_TIMESTAMP
+	);
+	CREATE INDEX IF NOT EXISTS idx_page_views_path ON page_views(path);
+	CREATE INDEX IF NOT EXISTS idx_page_views_created ON page_views(created_at);
+	CREATE INDEX IF NOT EXISTS idx_page_views_visitor ON page_views(visitor_hash);
+
+	CREATE TABLE IF NOT EXISTS daily_analytics (
+		date TEXT PRIMARY KEY,
+		requests INTEGER DEFAULT 0,
+		page_views INTEGER DEFAULT 0,
+		unique_visitors INTEGER DEFAULT 0,
+		bandwidth INTEGER DEFAULT 0,
+		browsers TEXT,
+		os TEXT,
+		devices TEXT,
+		countries TEXT,
+		paths TEXT,
+		created_at TEXT DEFAULT CURRENT_TIMESTAMP
+	);
+
+	CREATE TABLE IF NOT EXISTS members (
+		user_id TEXT PRIMARY KEY REFERENCES users(id),
+		email TEXT NOT NULL,
+		name TEXT,
+		tier TEXT NOT NULL,
+		status TEXT NOT NULL,
+		expires_at TEXT,
+		synced_at TEXT DEFAULT CURRENT_TIMESTAMP
+	);
+
+	CREATE TABLE IF NOT EXISTS api_keys (
+		key TEXT PRIMARY KEY,
+		name TEXT NOT NULL,
+		created_at TEXT DEFAULT CURRENT_TIMESTAMP,
+		last_used_at TEXT
+	);
+
+	CREATE TABLE IF NOT EXISTS components (
+		id TEXT PRIMARY KEY,
+		name TEXT NOT NULL UNIQUE,
+		type TEXT NOT NULL,
+		source TEXT NOT NULL,
+		compiled TEXT,
+		client_directive TEXT DEFAULT 'load',
+		created_at TEXT DEFAULT CURRENT_TIMESTAMP,
+		updated_at TEXT DEFAULT CURRENT_TIMESTAMP
+	);
+
+	CREATE TABLE IF NOT EXISTS plugins (
+		id TEXT PRIMARY KEY,
+		name TEXT NOT NULL,
+		language TEXT NOT NULL,
+		source TEXT NOT NULL,
+		wasm BLOB,
+		hooks TEXT NOT NULL,
+		enabled INTEGER DEFAULT 1,
+		created_at TEXT DEFAULT CURRENT_TIMESTAMP,
+		updated_at TEXT DEFAULT CURRENT_TIMESTAMP
+	);
+
+	CREATE TABLE IF NOT EXISTS webhooks (
+		id TEXT PRIMARY KEY,
+		name TEXT NOT NULL,
+		url TEXT NOT NULL,
+		events TEXT NOT NULL,
+		secret TEXT,
+		enabled INTEGER DEFAULT 1,
+		created_at TEXT DEFAULT CURRENT_TIMESTAMP,
+		last_triggered_at TEXT,
+		last_status TEXT
+	);
+
+	CREATE TABLE IF NOT EXISTS webhook_deliveries (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		webhook_id TEXT NOT NULL REFERENCES webhooks(id) ON DELETE CASCADE,
+		event TEXT NOT NULL,
+		payload TEXT,
+		status TEXT NOT NULL,
+		response_code INTEGER,
+		response_body TEXT,
+		attempts INTEGER DEFAULT 1,
+		created_at TEXT DEFAULT CURRENT_TIMESTAMP
+	);
+	CREATE INDEX IF NOT EXISTS idx_webhook_deliveries_webhook ON webhook_deliveries(webhook_id, created_at DESC);
+	`
+
+	_, err := db.Exec(schema)
+	if err != nil {
+		return fmt.Errorf("init schema: %w", err)
+	}
+
+	_, err = db.Exec(`
+		CREATE VIRTUAL TABLE IF NOT EXISTS search_index USING fts5(
+			slug UNINDEXED,
+			collection_slug UNINDEXED,
+			title,
+			description,
+			content,
+			type UNINDEXED,
+			url UNINDEXED,
+			date UNINDEXED
+		)
+	`)
+	if err != nil {
+		return fmt.Errorf("init fts5: %w", err)
+	}
+
+	return nil
+}
diff --git a/internal/tenant/sync.go b/internal/tenant/sync.go
new file mode 100644
index 0000000..d7cbd31
--- /dev/null
+++ b/internal/tenant/sync.go
@@ -0,0 +1,31 @@
+package tenant
+
+import (
+	"context"
+	"time"
+)
+
+type MemberSyncer struct {
+	pool *Pool
+}
+
+func NewMemberSyncer(pool *Pool) *MemberSyncer {
+	return &MemberSyncer{pool: pool}
+}
+
+func (s *MemberSyncer) SyncMember(ctx context.Context, tenantID, userID, email, name, tier, status string, expiresAt *time.Time) error {
+	db, err := s.pool.Get(tenantID)
+	if err != nil {
+		return err
+	}
+
+	q := NewQueries(db)
+	return q.UpsertMember(ctx, &Member{
+		UserID:    userID,
+		Email:     email,
+		Name:      name,
+		Tier:      tier,
+		Status:    status,
+		ExpiresAt: expiresAt,
+	})
+}
diff --git a/internal/tenant/users.go b/internal/tenant/users.go
new file mode 100644
index 0000000..9aa87eb
--- /dev/null
+++ b/internal/tenant/users.go
@@ -0,0 +1,117 @@
+package tenant
+
+import (
+	"context"
+	"crypto/rand"
+	"database/sql"
+	"encoding/hex"
+	"time"
+
+	"github.com/google/uuid"
+)
+
+func (q *Queries) GetUserByID(ctx context.Context, id string) (*User, error) {
+	row := q.db.QueryRowContext(ctx, `SELECT id, email, name, avatar_url, created_at FROM users WHERE id = ?`, id)
+
+	u, err := scanUser(row)
+	if err == sql.ErrNoRows {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &u, nil
+}
+
+func (q *Queries) GetUserByEmail(ctx context.Context, email string) (*User, error) {
+	row := q.db.QueryRowContext(ctx, `SELECT id, email, name, avatar_url, created_at FROM users WHERE email = ?`, email)
+
+	u, err := scanUser(row)
+	if err == sql.ErrNoRows {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+	return &u, nil
+}
+
+func (q *Queries) CreateUser(ctx context.Context, u *User) error {
+	if u.ID == "" {
+		u.ID = uuid.NewString()
+	}
+	_, err := q.db.ExecContext(ctx, `INSERT INTO users (id, email, name, avatar_url) VALUES (?, ?, ?, ?)`,
+		u.ID, u.Email, nullStr(u.Name), nullStr(u.AvatarURL))
+	return err
+}
+
+func (q *Queries) ValidateSession(ctx context.Context, token string) (*Session, error) {
+	var s Session
+	var expiresAt string
+	err := q.db.QueryRowContext(ctx, `SELECT token, user_id, expires_at FROM sessions WHERE token = ?`, token).
+		Scan(&s.Token, &s.UserID, &expiresAt)
+	if err == sql.ErrNoRows {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	s.ExpiresAt, _ = time.Parse(time.RFC3339, expiresAt)
+	if time.Now().After(s.ExpiresAt) {
+		q.db.ExecContext(ctx, `DELETE FROM sessions WHERE token = ?`, token)
+		return nil, nil
+	}
+
+	return &s, nil
+}
+
+func (q *Queries) CreateSession(ctx context.Context, userID string) (*Session, error) {
+	token, err := generateToken()
+	if err != nil {
+		return nil, err
+	}
+
+	expires := time.Now().Add(30 * 24 * time.Hour)
+	expiresStr := expires.UTC().Format(time.RFC3339)
+
+	_, err = q.db.ExecContext(ctx, `INSERT INTO sessions (token, user_id, expires_at) VALUES (?, ?, ?)`,
+		token, userID, expiresStr)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Session{
+		Token:     token,
+		UserID:    userID,
+		ExpiresAt: expires,
+	}, nil
+}
+
+func (q *Queries) DeleteSession(ctx context.Context, token string) error {
+	_, err := q.db.ExecContext(ctx, `DELETE FROM sessions WHERE token = ?`, token)
+	return err
+}
+
+func scanUser(s scanner) (User, error) {
+	var u User
+	var name, avatarURL, createdAt sql.NullString
+
+	err := s.Scan(&u.ID, &u.Email, &name, &avatarURL, &createdAt)
+	if err != nil {
+		return u, err
+	}
+
+	u.Name = name.String
+	u.AvatarURL = avatarURL.String
+	u.CreatedAt = parseTime(createdAt.String)
+	return u, nil
+}
+
+func generateToken() (string, error) {
+	b := make([]byte, 32)
+	if _, err := rand.Read(b); err != nil {
+		return "", err
+	}
+	return hex.EncodeToString(b), nil
+}
diff --git a/internal/tenant/webhooks.go b/internal/tenant/webhooks.go
new file mode 100644
index 0000000..ae53f26
--- /dev/null
+++ b/internal/tenant/webhooks.go
@@ -0,0 +1,308 @@
+package tenant
+
+import (
+	"bytes"
+	"context"
+	"crypto/hmac"
+	"crypto/sha256"
+	"database/sql"
+	"encoding/hex"
+	"encoding/json"
+	"net/http"
+	"time"
+
+	"github.com/google/uuid"
+)
+
+type Webhook struct {
+	ID              string     `json:"id"`
+	Name            string     `json:"name"`
+	URL             string     `json:"url"`
+	Events          []string   `json:"events"`
+	Secret          string     `json:"secret,omitempty"`
+	Enabled         bool       `json:"enabled"`
+	CreatedAt       time.Time  `json:"created_at"`
+	LastTriggeredAt *time.Time `json:"last_triggered_at"`
+	LastStatus      *string    `json:"last_status"`
+}
+
+type WebhookDelivery struct {
+	ID           int64     `json:"id"`
+	WebhookID    string    `json:"webhook_id"`
+	Event        string    `json:"event"`
+	Payload      string    `json:"payload"`
+	Status       string    `json:"status"`
+	ResponseCode *int      `json:"response_code"`
+	ResponseBody *string   `json:"response_body"`
+	Attempts     int       `json:"attempts"`
+	CreatedAt    time.Time `json:"created_at"`
+}
+
+type WebhookPayload struct {
+	Event     string    `json:"event"`
+	Timestamp time.Time `json:"timestamp"`
+	Data      any       `json:"data"`
+}
+
+func (q *Queries) CountWebhooks(ctx context.Context) (int, error) {
+	var count int
+	err := q.db.QueryRowContext(ctx, `SELECT COUNT(*) FROM webhooks`).Scan(&count)
+	return count, err
+}
+
+func (q *Queries) CreateWebhook(ctx context.Context, name, url string, events []string, secret string) (*Webhook, error) {
+	id := uuid.New().String()
+	eventsJSON, _ := json.Marshal(events)
+
+	_, err := q.db.ExecContext(ctx, `
+		INSERT INTO webhooks (id, name, url, events, secret, enabled, created_at)
+		VALUES (?, ?, ?, ?, ?, 1, CURRENT_TIMESTAMP)
+	`, id, name, url, string(eventsJSON), secret)
+	if err != nil {
+		return nil, err
+	}
+
+	return q.GetWebhook(ctx, id)
+}
+
+func (q *Queries) GetWebhook(ctx context.Context, id string) (*Webhook, error) {
+	var w Webhook
+	var eventsJSON string
+	var lastTriggeredAt, lastStatus sql.NullString
+	var createdAtStr string
+
+	err := q.db.QueryRowContext(ctx, `
+		SELECT id, name, url, events, secret, enabled, created_at, last_triggered_at, last_status
+		FROM webhooks WHERE id = ?
+	`, id).Scan(&w.ID, &w.Name, &w.URL, &eventsJSON, &w.Secret, &w.Enabled, &createdAtStr, &lastTriggeredAt, &lastStatus)
+	if err == sql.ErrNoRows {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	json.Unmarshal([]byte(eventsJSON), &w.Events)
+	w.CreatedAt, _ = time.Parse(time.RFC3339, createdAtStr)
+	if lastTriggeredAt.Valid {
+		t, _ := time.Parse(time.RFC3339, lastTriggeredAt.String)
+		w.LastTriggeredAt = &t
+	}
+	if lastStatus.Valid {
+		w.LastStatus = &lastStatus.String
+	}
+
+	return &w, nil
+}
+
+func (q *Queries) ListWebhooks(ctx context.Context) ([]Webhook, error) {
+	rows, err := q.db.QueryContext(ctx, `
+		SELECT id, name, url, events, secret, enabled, created_at, last_triggered_at, last_status
+		FROM webhooks ORDER BY created_at DESC
+	`)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var webhooks []Webhook
+	for rows.Next() {
+		var w Webhook
+		var eventsJSON string
+		var lastTriggeredAt, lastStatus sql.NullString
+		var createdAtStr string
+
+		if err := rows.Scan(&w.ID, &w.Name, &w.URL, &eventsJSON, &w.Secret, &w.Enabled, &createdAtStr, &lastTriggeredAt, &lastStatus); err != nil {
+			return nil, err
+		}
+
+		json.Unmarshal([]byte(eventsJSON), &w.Events)
+		w.CreatedAt, _ = time.Parse(time.RFC3339, createdAtStr)
+		if lastTriggeredAt.Valid {
+			t, _ := time.Parse(time.RFC3339, lastTriggeredAt.String)
+			w.LastTriggeredAt = &t
+		}
+		if lastStatus.Valid {
+			w.LastStatus = &lastStatus.String
+		}
+
+		webhooks = append(webhooks, w)
+	}
+
+	return webhooks, rows.Err()
+}
+
+func (q *Queries) UpdateWebhook(ctx context.Context, id, name, url string, events []string, secret string, enabled bool) error {
+	eventsJSON, _ := json.Marshal(events)
+
+	_, err := q.db.ExecContext(ctx, `
+		UPDATE webhooks SET name = ?, url = ?, events = ?, secret = ?, enabled = ?
+		WHERE id = ?
+	`, name, url, string(eventsJSON), secret, enabled, id)
+	return err
+}
+
+func (q *Queries) DeleteWebhook(ctx context.Context, id string) error {
+	_, err := q.db.ExecContext(ctx, `DELETE FROM webhooks WHERE id = ?`, id)
+	return err
+}
+
+func (q *Queries) ListWebhooksByEvent(ctx context.Context, event string) ([]Webhook, error) {
+	webhooks, err := q.ListWebhooks(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	var result []Webhook
+	for _, w := range webhooks {
+		if !w.Enabled {
+			continue
+		}
+		for _, e := range w.Events {
+			if e == event {
+				result = append(result, w)
+				break
+			}
+		}
+	}
+	return result, nil
+}
+
+func (q *Queries) TriggerWebhooks(ctx context.Context, event string, data any, baseURL string) {
+	webhooks, err := q.ListWebhooksByEvent(ctx, event)
+	if err != nil || len(webhooks) == 0 {
+		return
+	}
+
+	payload := WebhookPayload{
+		Event:     event,
+		Timestamp: time.Now().UTC(),
+		Data:      data,
+	}
+	payloadJSON, _ := json.Marshal(payload)
+
+	for _, w := range webhooks {
+		go q.deliverWebhook(ctx, w, event, payloadJSON)
+	}
+}
+
+func (q *Queries) deliverWebhook(ctx context.Context, w Webhook, event string, payloadJSON []byte) {
+	client := &http.Client{Timeout: 10 * time.Second}
+
+	req, err := http.NewRequestWithContext(ctx, "POST", w.URL, bytes.NewReader(payloadJSON))
+	if err != nil {
+		q.logDelivery(ctx, w.ID, event, string(payloadJSON), "failed", nil, stringPtr(err.Error()))
+		return
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("User-Agent", "WriteKit-Webhook/1.0")
+
+	if w.Secret != "" {
+		mac := hmac.New(sha256.New, []byte(w.Secret))
+		mac.Write(payloadJSON)
+		signature := hex.EncodeToString(mac.Sum(nil))
+		req.Header.Set("X-WriteKit-Signature", signature)
+	}
+
+	resp, err := client.Do(req)
+	if err != nil {
+		q.logDelivery(ctx, w.ID, event, string(payloadJSON), "failed", nil, stringPtr(err.Error()))
+		q.updateWebhookStatus(ctx, w.ID, "failed")
+		return
+	}
+	defer resp.Body.Close()
+
+	var respBody string
+	buf := make([]byte, 1024)
+	n, _ := resp.Body.Read(buf)
+	respBody = string(buf[:n])
+
+	status := "success"
+	if resp.StatusCode >= 400 {
+		status = "failed"
+	}
+
+	q.logDelivery(ctx, w.ID, event, string(payloadJSON), status, &resp.StatusCode, &respBody)
+	q.updateWebhookStatus(ctx, w.ID, status)
+}
+
+func (q *Queries) logDelivery(ctx context.Context, webhookID, event, payload, status string, responseCode *int, responseBody *string) {
+	q.db.ExecContext(ctx, `
+		INSERT INTO webhook_deliveries (webhook_id, event, payload, status, response_code, response_body, created_at)
+		VALUES (?, ?, ?, ?, ?, ?, CURRENT_TIMESTAMP)
+	`, webhookID, event, truncate(payload, 1024), status, responseCode, truncate(ptrToString(responseBody), 1024))
+
+	// Cleanup old deliveries - keep last 50 per webhook
+	q.db.ExecContext(ctx, `
+		DELETE FROM webhook_deliveries
+		WHERE webhook_id = ? AND id NOT IN (
+			SELECT id FROM webhook_deliveries WHERE webhook_id = ?
+			ORDER BY created_at DESC LIMIT 50
+		)
+	`, webhookID, webhookID)
+}
+
+func (q *Queries) updateWebhookStatus(ctx context.Context, webhookID, status string) {
+	q.db.ExecContext(ctx, `
+		UPDATE webhooks SET last_triggered_at = CURRENT_TIMESTAMP, last_status = ?
+		WHERE id = ?
+	`, status, webhookID)
+}
+
+func (q *Queries) ListWebhookDeliveries(ctx context.Context, webhookID string) ([]WebhookDelivery, error) {
+	rows, err := q.db.QueryContext(ctx, `
+		SELECT id, webhook_id, event, payload, status, response_code, response_body, attempts, created_at
+		FROM webhook_deliveries
+		WHERE webhook_id = ?
+		ORDER BY created_at DESC
+		LIMIT 50
+	`, webhookID)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var deliveries []WebhookDelivery
+	for rows.Next() {
+		var d WebhookDelivery
+		var createdAtStr string
+		var respCode sql.NullInt64
+		var respBody sql.NullString
+
+		if err := rows.Scan(&d.ID, &d.WebhookID, &d.Event, &d.Payload, &d.Status, &respCode, &respBody, &d.Attempts, &createdAtStr); err != nil {
+			return nil, err
+		}
+
+		d.CreatedAt, _ = time.Parse(time.RFC3339, createdAtStr)
+		if respCode.Valid {
+			code := int(respCode.Int64)
+			d.ResponseCode = &code
+		}
+		if respBody.Valid {
+			d.ResponseBody = &respBody.String
+		}
+
+		deliveries = append(deliveries, d)
+	}
+
+	return deliveries, rows.Err()
+}
+
+func truncate(s string, max int) string {
+	if len(s) <= max {
+		return s
+	}
+	return s[:max]
+}
+
+func stringPtr(s string) *string {
+	return &s
+}
+
+func ptrToString(p *string) string {
+	if p == nil {
+		return ""
+	}
+	return *p
+}
diff --git a/main.go b/main.go
new file mode 100644
index 0000000..2d6b75f
--- /dev/null
+++ b/main.go
@@ -0,0 +1,50 @@
+package main
+
+import (
+	"log"
+	"net/http"
+	"os"
+
+	"github.com/writekitapp/writekit/internal/db"
+	"github.com/writekitapp/writekit/internal/server"
+	"github.com/writekitapp/writekit/internal/storage"
+	"github.com/writekitapp/writekit/internal/tenant"
+)
+
+func main() {
+	database, err := db.Connect("./internal/db/migrations")
+	if err != nil {
+		log.Fatalf("postgres: %v", err)
+	}
+	defer database.Close()
+
+	dataDir := os.Getenv("DATA_DIR")
+	if dataDir == "" {
+		dataDir = "./data"
+	}
+
+	pool := tenant.NewPool(dataDir)
+	defer pool.Close()
+
+	cache := tenant.NewCache()
+	defer cache.Close()
+
+	var storageClient storage.Client
+	if os.Getenv("R2_ACCOUNT_ID") != "" {
+		storageClient, err = storage.NewR2Client()
+		if err != nil {
+			log.Printf("storage: %v (continuing without storage)", err)
+		}
+	}
+
+	srv := server.New(database, pool, cache, storageClient)
+	srv.StartAnalyticsSync()
+
+	port := os.Getenv("PORT")
+	if port == "" {
+		port = "8080"
+	}
+
+	log.Printf("listening on :%s", port)
+	log.Fatal(http.ListenAndServe(":"+port, srv))
+}
diff --git a/studio/embed.go b/studio/embed.go
new file mode 100644
index 0000000..b4cf0fa
--- /dev/null
+++ b/studio/embed.go
@@ -0,0 +1,20 @@
+package studio
+
+import (
+	"embed"
+	"io/fs"
+	"net/http"
+	"path"
+)
+
+//go:embed dist/*
+var distFS embed.FS
+
+func Handler() http.Handler {
+	sub, _ := fs.Sub(distFS, "dist")
+	return http.FileServer(http.FS(sub))
+}
+
+func Read(name string) ([]byte, error) {
+	return distFS.ReadFile(path.Join("dist", name))
+}
diff --git a/studio/index.html b/studio/index.html
new file mode 100644
index 0000000..cd33dee
--- /dev/null
+++ b/studio/index.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>WriteKit Studio</title>
+    <style>
+      :root { --accent: #3b82f6; }
+      @media (prefers-color-scheme: dark) { html { color-scheme: dark; } }
+    </style>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>
diff --git a/studio/package-lock.json b/studio/package-lock.json
new file mode 100644
index 0000000..754f39e
--- /dev/null
+++ b/studio/package-lock.json
@@ -0,0 +1,3732 @@
+{
+  "name": "writekit-studio",
+  "version": "0.0.1",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "writekit-studio",
+      "version": "0.0.1",
+      "dependencies": {
+        "@iconify-json/logos": "^1.2.10",
+        "@iconify-json/lucide": "^1.2.82",
+        "@monaco-editor/react": "^4.7.0",
+        "@nanostores/query": "^0.3.4",
+        "@nanostores/react": "^1.0.0",
+        "@nanostores/router": "^1.0.0",
+        "@tiptap/extension-code-block-lowlight": "^3.15.1",
+        "@tiptap/extension-image": "^3.15.1",
+        "@tiptap/extension-link": "^3.15.1",
+        "@tiptap/extension-placeholder": "^3.15.1",
+        "@tiptap/extension-table": "^3.15.1",
+        "@tiptap/extension-task-item": "^3.15.1",
+        "@tiptap/extension-task-list": "^3.15.1",
+        "@tiptap/markdown": "^3.15.1",
+        "@tiptap/pm": "^3.15.1",
+        "@tiptap/react": "^3.15.1",
+        "@tiptap/starter-kit": "^3.15.1",
+        "@tiptap/suggestion": "^3.15.2",
+        "@unocss/reset": "^66.5.12",
+        "chart.js": "^4.5.1",
+        "lowlight": "^3.3.0",
+        "monaco-editor": "^0.55.1",
+        "nanostores": "^1.1.0",
+        "react": "^19.0.0",
+        "react-dom": "^19.0.0",
+        "tippy.js": "^6.3.7",
+        "unocss": "^66.5.12"
+      },
+      "devDependencies": {
+        "@iconify-json/simple-icons": "^1.2.65",
+        "@types/react": "^19.0.0",
+        "@types/react-dom": "^19.0.0",
+        "@vitejs/plugin-react": "^5.1.0",
+        "typescript": "^5.7.0",
+        "vite": "^7.3.0"
+      }
+    },
+    "node_modules/@antfu/install-pkg": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@antfu/install-pkg/-/install-pkg-1.1.0.tgz",
+      "integrity": "sha512-MGQsmw10ZyI+EJo45CdSER4zEb+p31LpDAFp2Z3gkSd1yqVZGi0Ebx++YTEMonJy4oChEMLsxZ64j8FH6sSqtQ==",
+      "license": "MIT",
+      "dependencies": {
+        "package-manager-detector": "^1.3.0",
+        "tinyexec": "^1.0.1"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@babel/code-frame": {
+      "version": "7.27.1",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.27.1.tgz",
+      "integrity": "sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg==",
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-validator-identifier": "^7.27.1",
+        "js-tokens": "^4.0.0",
+        "picocolors": "^1.1.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/compat-data": {
+      "version": "7.28.5",
+      "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.28.5.tgz",
+      "integrity": "sha512-6uFXyCayocRbqhZOB+6XcuZbkMNimwfVGFji8CTZnCzOHVGvDqzvitu1re2AU5LROliz7eQPhB8CpAMvnx9EjA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/core": {
+      "version": "7.28.5",
+      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.28.5.tgz",
+      "integrity": "sha512-e7jT4DxYvIDLk1ZHmU/m/mB19rex9sv0c2ftBtjSBv+kVM/902eh0fINUzD7UwLLNR+jU585GxUJ8/EBfAM5fw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/code-frame": "^7.27.1",
+        "@babel/generator": "^7.28.5",
+        "@babel/helper-compilation-targets": "^7.27.2",
+        "@babel/helper-module-transforms": "^7.28.3",
+        "@babel/helpers": "^7.28.4",
+        "@babel/parser": "^7.28.5",
+        "@babel/template": "^7.27.2",
+        "@babel/traverse": "^7.28.5",
+        "@babel/types": "^7.28.5",
+        "@jridgewell/remapping": "^2.3.5",
+        "convert-source-map": "^2.0.0",
+        "debug": "^4.1.0",
+        "gensync": "^1.0.0-beta.2",
+        "json5": "^2.2.3",
+        "semver": "^6.3.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/babel"
+      }
+    },
+    "node_modules/@babel/generator": {
+      "version": "7.28.5",
+      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.28.5.tgz",
+      "integrity": "sha512-3EwLFhZ38J4VyIP6WNtt2kUdW9dokXA9Cr4IVIFHuCpZ3H8/YFOl5JjZHisrn1fATPBmKKqXzDFvh9fUwHz6CQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@babel/parser": "^7.28.5",
+        "@babel/types": "^7.28.5",
+        "@jridgewell/gen-mapping": "^0.3.12",
+        "@jridgewell/trace-mapping": "^0.3.28",
+        "jsesc": "^3.0.2"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-compilation-targets": {
+      "version": "7.27.2",
+      "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.27.2.tgz",
+      "integrity": "sha512-2+1thGUUWWjLTYTHZWK1n8Yga0ijBz1XAhUXcKy81rd5g6yh7hGqMp45v7cadSbEHc9G3OTv45SyneRN3ps4DQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/compat-data": "^7.27.2",
+        "@babel/helper-validator-option": "^7.27.1",
+        "browserslist": "^4.24.0",
+        "lru-cache": "^5.1.1",
+        "semver": "^6.3.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-globals": {
+      "version": "7.28.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.28.0.tgz",
+      "integrity": "sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-module-imports": {
+      "version": "7.27.1",
+      "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.27.1.tgz",
+      "integrity": "sha512-0gSFWUPNXNopqtIPQvlD5WgXYI5GY2kP2cCvoT8kczjbfcfuIljTbcWrulD1CIPIX2gt1wghbDy08yE1p+/r3w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/traverse": "^7.27.1",
+        "@babel/types": "^7.27.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-module-transforms": {
+      "version": "7.28.3",
+      "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.28.3.tgz",
+      "integrity": "sha512-gytXUbs8k2sXS9PnQptz5o0QnpLL51SwASIORY6XaBKF88nsOT0Zw9szLqlSGQDP/4TljBAD5y98p2U1fqkdsw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-module-imports": "^7.27.1",
+        "@babel/helper-validator-identifier": "^7.27.1",
+        "@babel/traverse": "^7.28.3"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
+    "node_modules/@babel/helper-plugin-utils": {
+      "version": "7.27.1",
+      "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.27.1.tgz",
+      "integrity": "sha512-1gn1Up5YXka3YYAHGKpbideQ5Yjf1tDa9qYcgysz+cNCXukyLl6DjPXhD3VRwSb8c0J9tA4b2+rHEZtc6R0tlw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-string-parser": {
+      "version": "7.27.1",
+      "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
+      "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-validator-identifier": {
+      "version": "7.28.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz",
+      "integrity": "sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helper-validator-option": {
+      "version": "7.27.1",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.27.1.tgz",
+      "integrity": "sha512-YvjJow9FxbhFFKDSuFnVCe2WxXk1zWc22fFePVNEaWJEu8IrZVlda6N0uHwzZrUM1il7NC9Mlp4MaJYbYd9JSg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/helpers": {
+      "version": "7.28.4",
+      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.28.4.tgz",
+      "integrity": "sha512-HFN59MmQXGHVyYadKLVumYsA9dBFun/ldYxipEjzA4196jpLZd8UjEEBLkbEkvfYreDqJhZxYAWFPtrfhNpj4w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/template": "^7.27.2",
+        "@babel/types": "^7.28.4"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/parser": {
+      "version": "7.28.5",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.5.tgz",
+      "integrity": "sha512-KKBU1VGYR7ORr3At5HAtUQ+TV3SzRCXmA/8OdDZiLDBIZxVyzXuztPjfLd3BV1PRAQGCMWWSHYhL0F8d5uHBDQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@babel/types": "^7.28.5"
+      },
+      "bin": {
+        "parser": "bin/babel-parser.js"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-react-jsx-self": {
+      "version": "7.27.1",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx-self/-/plugin-transform-react-jsx-self-7.27.1.tgz",
+      "integrity": "sha512-6UzkCs+ejGdZ5mFFC/OCUrv028ab2fp1znZmCZjAOBKiBK2jXD1O+BPSfX8X2qjJ75fZBMSnQn3Rq2mrBJK2mw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.27.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/plugin-transform-react-jsx-source": {
+      "version": "7.27.1",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx-source/-/plugin-transform-react-jsx-source-7.27.1.tgz",
+      "integrity": "sha512-zbwoTsBruTeKB9hSq73ha66iFeJHuaFkUbwvqElnygoNbj/jHRsSeokowZFN3CZ64IvEqcmmkVe89OPXc7ldAw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-plugin-utils": "^7.27.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0-0"
+      }
+    },
+    "node_modules/@babel/template": {
+      "version": "7.27.2",
+      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.27.2.tgz",
+      "integrity": "sha512-LPDZ85aEJyYSd18/DkjNh4/y1ntkE5KwUHWTiqgRxruuZL2F1yuHligVHLvcHY2vMHXttKFpJn6LwfI7cw7ODw==",
+      "license": "MIT",
+      "dependencies": {
+        "@babel/code-frame": "^7.27.1",
+        "@babel/parser": "^7.27.2",
+        "@babel/types": "^7.27.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/traverse": {
+      "version": "7.28.5",
+      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.28.5.tgz",
+      "integrity": "sha512-TCCj4t55U90khlYkVV/0TfkJkAkUg3jZFA3Neb7unZT8CPok7iiRfaX0F+WnqWqt7OxhOn0uBKXCw4lbL8W0aQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/code-frame": "^7.27.1",
+        "@babel/generator": "^7.28.5",
+        "@babel/helper-globals": "^7.28.0",
+        "@babel/parser": "^7.28.5",
+        "@babel/template": "^7.27.2",
+        "@babel/types": "^7.28.5",
+        "debug": "^4.3.1"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@babel/types": {
+      "version": "7.28.5",
+      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.5.tgz",
+      "integrity": "sha512-qQ5m48eI/MFLQ5PxQj4PFaprjyCTLI37ElWMmNs0K8Lk3dVeOdNpB3ks8jc7yM5CDmVC73eMVk/trk3fgmrUpA==",
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-string-parser": "^7.27.1",
+        "@babel/helper-validator-identifier": "^7.28.5"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@esbuild/aix-ppc64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.2.tgz",
+      "integrity": "sha512-GZMB+a0mOMZs4MpDbj8RJp4cw+w1WV5NYD6xzgvzUJ5Ek2jerwfO2eADyI6ExDSUED+1X8aMbegahsJi+8mgpw==",
+      "cpu": [
+        "ppc64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "aix"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/android-arm": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.2.tgz",
+      "integrity": "sha512-DVNI8jlPa7Ujbr1yjU2PfUSRtAUZPG9I1RwW4F4xFB1Imiu2on0ADiI/c3td+KmDtVKNbi+nffGDQMfcIMkwIA==",
+      "cpu": [
+        "arm"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/android-arm64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.2.tgz",
+      "integrity": "sha512-pvz8ZZ7ot/RBphf8fv60ljmaoydPU12VuXHImtAs0XhLLw+EXBi2BLe3OYSBslR4rryHvweW5gmkKFwTiFy6KA==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/android-x64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.2.tgz",
+      "integrity": "sha512-z8Ank4Byh4TJJOh4wpz8g2vDy75zFL0TlZlkUkEwYXuPSgX8yzep596n6mT7905kA9uHZsf/o2OJZubl2l3M7A==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/darwin-arm64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.2.tgz",
+      "integrity": "sha512-davCD2Zc80nzDVRwXTcQP/28fiJbcOwvdolL0sOiOsbwBa72kegmVU0Wrh1MYrbuCL98Omp5dVhQFWRKR2ZAlg==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/darwin-x64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.2.tgz",
+      "integrity": "sha512-ZxtijOmlQCBWGwbVmwOF/UCzuGIbUkqB1faQRf5akQmxRJ1ujusWsb3CVfk/9iZKr2L5SMU5wPBi1UWbvL+VQA==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/freebsd-arm64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.2.tgz",
+      "integrity": "sha512-lS/9CN+rgqQ9czogxlMcBMGd+l8Q3Nj1MFQwBZJyoEKI50XGxwuzznYdwcav6lpOGv5BqaZXqvBSiB/kJ5op+g==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/freebsd-x64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.2.tgz",
+      "integrity": "sha512-tAfqtNYb4YgPnJlEFu4c212HYjQWSO/w/h/lQaBK7RbwGIkBOuNKQI9tqWzx7Wtp7bTPaGC6MJvWI608P3wXYA==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-arm": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.2.tgz",
+      "integrity": "sha512-vWfq4GaIMP9AIe4yj1ZUW18RDhx6EPQKjwe7n8BbIecFtCQG4CfHGaHuh7fdfq+y3LIA2vGS/o9ZBGVxIDi9hw==",
+      "cpu": [
+        "arm"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-arm64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.2.tgz",
+      "integrity": "sha512-hYxN8pr66NsCCiRFkHUAsxylNOcAQaxSSkHMMjcpx0si13t1LHFphxJZUiGwojB1a/Hd5OiPIqDdXONia6bhTw==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-ia32": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.2.tgz",
+      "integrity": "sha512-MJt5BRRSScPDwG2hLelYhAAKh9imjHK5+NE/tvnRLbIqUWa+0E9N4WNMjmp/kXXPHZGqPLxggwVhz7QP8CTR8w==",
+      "cpu": [
+        "ia32"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-loong64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.2.tgz",
+      "integrity": "sha512-lugyF1atnAT463aO6KPshVCJK5NgRnU4yb3FUumyVz+cGvZbontBgzeGFO1nF+dPueHD367a2ZXe1NtUkAjOtg==",
+      "cpu": [
+        "loong64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-mips64el": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.2.tgz",
+      "integrity": "sha512-nlP2I6ArEBewvJ2gjrrkESEZkB5mIoaTswuqNFRv/WYd+ATtUpe9Y09RnJvgvdag7he0OWgEZWhviS1OTOKixw==",
+      "cpu": [
+        "mips64el"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-ppc64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.2.tgz",
+      "integrity": "sha512-C92gnpey7tUQONqg1n6dKVbx3vphKtTHJaNG2Ok9lGwbZil6DrfyecMsp9CrmXGQJmZ7iiVXvvZH6Ml5hL6XdQ==",
+      "cpu": [
+        "ppc64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-riscv64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.2.tgz",
+      "integrity": "sha512-B5BOmojNtUyN8AXlK0QJyvjEZkWwy/FKvakkTDCziX95AowLZKR6aCDhG7LeF7uMCXEJqwa8Bejz5LTPYm8AvA==",
+      "cpu": [
+        "riscv64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-s390x": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.2.tgz",
+      "integrity": "sha512-p4bm9+wsPwup5Z8f4EpfN63qNagQ47Ua2znaqGH6bqLlmJ4bx97Y9JdqxgGZ6Y8xVTixUnEkoKSHcpRlDnNr5w==",
+      "cpu": [
+        "s390x"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/linux-x64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.2.tgz",
+      "integrity": "sha512-uwp2Tip5aPmH+NRUwTcfLb+W32WXjpFejTIOWZFw/v7/KnpCDKG66u4DLcurQpiYTiYwQ9B7KOeMJvLCu/OvbA==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/netbsd-arm64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.2.tgz",
+      "integrity": "sha512-Kj6DiBlwXrPsCRDeRvGAUb/LNrBASrfqAIok+xB0LxK8CHqxZ037viF13ugfsIpePH93mX7xfJp97cyDuTZ3cw==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/netbsd-x64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.2.tgz",
+      "integrity": "sha512-HwGDZ0VLVBY3Y+Nw0JexZy9o/nUAWq9MlV7cahpaXKW6TOzfVno3y3/M8Ga8u8Yr7GldLOov27xiCnqRZf0tCA==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openbsd-arm64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.2.tgz",
+      "integrity": "sha512-DNIHH2BPQ5551A7oSHD0CKbwIA/Ox7+78/AWkbS5QoRzaqlev2uFayfSxq68EkonB+IKjiuxBFoV8ESJy8bOHA==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openbsd-x64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.2.tgz",
+      "integrity": "sha512-/it7w9Nb7+0KFIzjalNJVR5bOzA9Vay+yIPLVHfIQYG/j+j9VTH84aNB8ExGKPU4AzfaEvN9/V4HV+F+vo8OEg==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/openharmony-arm64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.2.tgz",
+      "integrity": "sha512-LRBbCmiU51IXfeXk59csuX/aSaToeG7w48nMwA6049Y4J4+VbWALAuXcs+qcD04rHDuSCSRKdmY63sruDS5qag==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openharmony"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/sunos-x64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.2.tgz",
+      "integrity": "sha512-kMtx1yqJHTmqaqHPAzKCAkDaKsffmXkPHThSfRwZGyuqyIeBvf08KSsYXl+abf5HDAPMJIPnbBfXvP2ZC2TfHg==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "sunos"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/win32-arm64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.2.tgz",
+      "integrity": "sha512-Yaf78O/B3Kkh+nKABUF++bvJv5Ijoy9AN1ww904rOXZFLWVc5OLOfL56W+C8F9xn5JQZa3UX6m+IktJnIb1Jjg==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/win32-ia32": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.2.tgz",
+      "integrity": "sha512-Iuws0kxo4yusk7sw70Xa2E2imZU5HoixzxfGCdxwBdhiDgt9vX9VUCBhqcwY7/uh//78A1hMkkROMJq9l27oLQ==",
+      "cpu": [
+        "ia32"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@esbuild/win32-x64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.2.tgz",
+      "integrity": "sha512-sRdU18mcKf7F+YgheI/zGf5alZatMUTKj/jNS6l744f9u3WFu4v7twcUI9vu4mknF4Y9aDlblIie0IM+5xxaqQ==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/@floating-ui/core": {
+      "version": "1.7.3",
+      "resolved": "https://registry.npmjs.org/@floating-ui/core/-/core-1.7.3.tgz",
+      "integrity": "sha512-sGnvb5dmrJaKEZ+LDIpguvdX3bDlEllmv4/ClQ9awcmCZrlx5jQyyMWFM5kBI+EyNOCDDiKk8il0zeuX3Zlg/w==",
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "@floating-ui/utils": "^0.2.10"
+      }
+    },
+    "node_modules/@floating-ui/dom": {
+      "version": "1.7.4",
+      "resolved": "https://registry.npmjs.org/@floating-ui/dom/-/dom-1.7.4.tgz",
+      "integrity": "sha512-OOchDgh4F2CchOX94cRVqhvy7b3AFb+/rQXyswmzmGakRfkMgoWVjfnLWkRirfLEfuD4ysVW16eXzwt3jHIzKA==",
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "@floating-ui/core": "^1.7.3",
+        "@floating-ui/utils": "^0.2.10"
+      }
+    },
+    "node_modules/@floating-ui/utils": {
+      "version": "0.2.10",
+      "resolved": "https://registry.npmjs.org/@floating-ui/utils/-/utils-0.2.10.tgz",
+      "integrity": "sha512-aGTxbpbg8/b5JfU1HXSrbH3wXZuLPJcNEcZQFMxLs3oSzgtVu6nFPkbbGGUvBcUjKV2YyB9Wxxabo+HEH9tcRQ==",
+      "license": "MIT",
+      "optional": true
+    },
+    "node_modules/@iconify-json/logos": {
+      "version": "1.2.10",
+      "resolved": "https://registry.npmjs.org/@iconify-json/logos/-/logos-1.2.10.tgz",
+      "integrity": "sha512-qxaXKJ6fu8jzTMPQdHtNxlfx6tBQ0jXRbHZIYy5Ilh8Lx9US9FsAdzZWUR8MXV8PnWTKGDFO4ZZee9VwerCyMA==",
+      "license": "CC0-1.0",
+      "dependencies": {
+        "@iconify/types": "*"
+      }
+    },
+    "node_modules/@iconify-json/lucide": {
+      "version": "1.2.82",
+      "resolved": "https://registry.npmjs.org/@iconify-json/lucide/-/lucide-1.2.82.tgz",
+      "integrity": "sha512-fHZWegspOZonl5GNTvOkHsjnTMdSslFh3EzpzUtRyLxO8bOonqk2OTU3hCl0k4VXzViMjqpRK3X1sotnuBXkFA==",
+      "license": "ISC",
+      "dependencies": {
+        "@iconify/types": "*"
+      }
+    },
+    "node_modules/@iconify-json/simple-icons": {
+      "version": "1.2.65",
+      "resolved": "https://registry.npmjs.org/@iconify-json/simple-icons/-/simple-icons-1.2.65.tgz",
+      "integrity": "sha512-v/O0UeqrDz6ASuRVE5g2Puo5aWyej4M/CxX6WYDBARgswwxK0mp3VQbGgPFEAAUU9QN02IjTgjMuO021gpWf2w==",
+      "dev": true,
+      "license": "CC0-1.0",
+      "dependencies": {
+        "@iconify/types": "*"
+      }
+    },
+    "node_modules/@iconify/types": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/@iconify/types/-/types-2.0.0.tgz",
+      "integrity": "sha512-+wluvCrRhXrhyOmRDJ3q8mux9JkKy5SJ/v8ol2tu4FVjyYvtEzkc/3pK15ET6RKg4b4w4BmTk1+gsCUhf21Ykg==",
+      "license": "MIT"
+    },
+    "node_modules/@iconify/utils": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/@iconify/utils/-/utils-3.1.0.tgz",
+      "integrity": "sha512-Zlzem1ZXhI1iHeeERabLNzBHdOa4VhQbqAcOQaMKuTuyZCpwKbC2R4Dd0Zo3g9EAc+Y4fiarO8HIHRAth7+skw==",
+      "license": "MIT",
+      "dependencies": {
+        "@antfu/install-pkg": "^1.1.0",
+        "@iconify/types": "^2.0.0",
+        "mlly": "^1.8.0"
+      }
+    },
+    "node_modules/@jridgewell/gen-mapping": {
+      "version": "0.3.13",
+      "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz",
+      "integrity": "sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==",
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/sourcemap-codec": "^1.5.0",
+        "@jridgewell/trace-mapping": "^0.3.24"
+      }
+    },
+    "node_modules/@jridgewell/remapping": {
+      "version": "2.3.5",
+      "resolved": "https://registry.npmjs.org/@jridgewell/remapping/-/remapping-2.3.5.tgz",
+      "integrity": "sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/gen-mapping": "^0.3.5",
+        "@jridgewell/trace-mapping": "^0.3.24"
+      }
+    },
+    "node_modules/@jridgewell/resolve-uri": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz",
+      "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@jridgewell/sourcemap-codec": {
+      "version": "1.5.5",
+      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz",
+      "integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==",
+      "license": "MIT"
+    },
+    "node_modules/@jridgewell/trace-mapping": {
+      "version": "0.3.31",
+      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz",
+      "integrity": "sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==",
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/resolve-uri": "^3.1.0",
+        "@jridgewell/sourcemap-codec": "^1.4.14"
+      }
+    },
+    "node_modules/@kurkle/color": {
+      "version": "0.3.4",
+      "resolved": "https://registry.npmjs.org/@kurkle/color/-/color-0.3.4.tgz",
+      "integrity": "sha512-M5UknZPHRu3DEDWoipU6sE8PdkZ6Z/S+v4dD+Ke8IaNlpdSQah50lz1KtcFBa2vsdOnwbbnxJwVM4wty6udA5w==",
+      "license": "MIT"
+    },
+    "node_modules/@monaco-editor/loader": {
+      "version": "1.7.0",
+      "resolved": "https://registry.npmjs.org/@monaco-editor/loader/-/loader-1.7.0.tgz",
+      "integrity": "sha512-gIwR1HrJrrx+vfyOhYmCZ0/JcWqG5kbfG7+d3f/C1LXk2EvzAbHSg3MQ5lO2sMlo9izoAZ04shohfKLVT6crVA==",
+      "license": "MIT",
+      "dependencies": {
+        "state-local": "^1.0.6"
+      }
+    },
+    "node_modules/@monaco-editor/react": {
+      "version": "4.7.0",
+      "resolved": "https://registry.npmjs.org/@monaco-editor/react/-/react-4.7.0.tgz",
+      "integrity": "sha512-cyzXQCtO47ydzxpQtCGSQGOC8Gk3ZUeBXFAxD+CWXYFo5OqZyZUonFl0DwUlTyAfRHntBfw2p3w4s9R6oe1eCA==",
+      "license": "MIT",
+      "dependencies": {
+        "@monaco-editor/loader": "^1.5.0"
+      },
+      "peerDependencies": {
+        "monaco-editor": ">= 0.25.0 < 1",
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0"
+      }
+    },
+    "node_modules/@nanostores/query": {
+      "version": "0.3.4",
+      "resolved": "https://registry.npmjs.org/@nanostores/query/-/query-0.3.4.tgz",
+      "integrity": "sha512-Gw5HsKflUDefhcZpVwVoIfw2Hz2+8FsInpVQOQ45EWz2FijaJll5aQWSE5JbYUsU/uAnYuKm5NM5ZgBH9HhniQ==",
+      "license": "MIT",
+      "dependencies": {
+        "nanoevents": "^9.0.0"
+      },
+      "engines": {
+        "node": "^14.0.0 || ^16.0.0 || >=18.0.0"
+      },
+      "peerDependencies": {
+        "nanostores": ">=0.10"
+      }
+    },
+    "node_modules/@nanostores/react": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@nanostores/react/-/react-1.0.0.tgz",
+      "integrity": "sha512-eDduyNy+lbQJMg6XxZ/YssQqF6b4OXMFEZMYKPJCCmBevp1lg0g+4ZRi94qGHirMtsNfAWKNwsjOhC+q1gvC+A==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": "^20.0.0 || >=22.0.0"
+      },
+      "peerDependencies": {
+        "nanostores": "^0.9.0 || ^0.10.0 || ^0.11.0 || ^1.0.0",
+        "react": ">=18.0.0"
+      }
+    },
+    "node_modules/@nanostores/router": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@nanostores/router/-/router-1.0.0.tgz",
+      "integrity": "sha512-U1pT7u18Yk9yrir/im2sEo8bZcWWWMnOGFoqS2JOkN1vuAntUWNIeUC+8/Q6qPjgatIHGl9IEWB0U7+WdkjzMQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": "^20.0.0 || >=22.0.0"
+      },
+      "peerDependencies": {
+        "nanostores": "^0.9.0 || ^0.10.0 || ^0.11.0 || ^1.0.0"
+      }
+    },
+    "node_modules/@polka/url": {
+      "version": "1.0.0-next.29",
+      "resolved": "https://registry.npmjs.org/@polka/url/-/url-1.0.0-next.29.tgz",
+      "integrity": "sha512-wwQAWhWSuHaag8c4q/KN/vCoeOJYshAIvMQwD4GpSb3OiZklFfvAgmj0VCBBImRpuF/aFgIRzllXlVX93Jevww==",
+      "license": "MIT"
+    },
+    "node_modules/@popperjs/core": {
+      "version": "2.11.8",
+      "resolved": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz",
+      "integrity": "sha512-P1st0aksCrn9sGZhp8GMYwBnQsbvAWsZAX44oXNNvLHGqAOcoVxmjZiohstwQ7SqKnbR47akdNi+uleWD8+g6A==",
+      "license": "MIT",
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/popperjs"
+      }
+    },
+    "node_modules/@quansync/fs": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@quansync/fs/-/fs-1.0.0.tgz",
+      "integrity": "sha512-4TJ3DFtlf1L5LDMaM6CanJ/0lckGNtJcMjQ1NAV6zDmA0tEHKZtxNKin8EgPaVX1YzljbxckyT2tJrpQKAtngQ==",
+      "license": "MIT",
+      "dependencies": {
+        "quansync": "^1.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sxzz"
+      }
+    },
+    "node_modules/@remirror/core-constants": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@remirror/core-constants/-/core-constants-3.0.0.tgz",
+      "integrity": "sha512-42aWfPrimMfDKDi4YegyS7x+/0tlzaqwPQCULLanv3DMIlu96KTJR0fM5isWX2UViOqlGnX6YFgqWepcX+XMNg==",
+      "license": "MIT"
+    },
+    "node_modules/@rolldown/pluginutils": {
+      "version": "1.0.0-beta.53",
+      "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-beta.53.tgz",
+      "integrity": "sha512-vENRlFU4YbrwVqNDZ7fLvy+JR1CRkyr01jhSiDpE1u6py3OMzQfztQU2jxykW3ALNxO4kSlqIDeYyD0Y9RcQeQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@rollup/rollup-android-arm-eabi": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.54.0.tgz",
+      "integrity": "sha512-OywsdRHrFvCdvsewAInDKCNyR3laPA2mc9bRYJ6LBp5IyvF3fvXbbNR0bSzHlZVFtn6E0xw2oZlyjg4rKCVcng==",
+      "cpu": [
+        "arm"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ]
+    },
+    "node_modules/@rollup/rollup-android-arm64": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.54.0.tgz",
+      "integrity": "sha512-Skx39Uv+u7H224Af+bDgNinitlmHyQX1K/atIA32JP3JQw6hVODX5tkbi2zof/E69M1qH2UoN3Xdxgs90mmNYw==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ]
+    },
+    "node_modules/@rollup/rollup-darwin-arm64": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.54.0.tgz",
+      "integrity": "sha512-k43D4qta/+6Fq+nCDhhv9yP2HdeKeP56QrUUTW7E6PhZP1US6NDqpJj4MY0jBHlJivVJD5P8NxrjuobZBJTCRw==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ]
+    },
+    "node_modules/@rollup/rollup-darwin-x64": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.54.0.tgz",
+      "integrity": "sha512-cOo7biqwkpawslEfox5Vs8/qj83M/aZCSSNIWpVzfU2CYHa2G3P1UN5WF01RdTHSgCkri7XOlTdtk17BezlV3A==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ]
+    },
+    "node_modules/@rollup/rollup-freebsd-arm64": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.54.0.tgz",
+      "integrity": "sha512-miSvuFkmvFbgJ1BevMa4CPCFt5MPGw094knM64W9I0giUIMMmRYcGW/JWZDriaw/k1kOBtsWh1z6nIFV1vPNtA==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ]
+    },
+    "node_modules/@rollup/rollup-freebsd-x64": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.54.0.tgz",
+      "integrity": "sha512-KGXIs55+b/ZfZsq9aR026tmr/+7tq6VG6MsnrvF4H8VhwflTIuYh+LFUlIsRdQSgrgmtM3fVATzEAj4hBQlaqQ==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.54.0.tgz",
+      "integrity": "sha512-EHMUcDwhtdRGlXZsGSIuXSYwD5kOT9NVnx9sqzYiwAc91wfYOE1g1djOEDseZJKKqtHAHGwnGPQu3kytmfaXLQ==",
+      "cpu": [
+        "arm"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm-musleabihf": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.54.0.tgz",
+      "integrity": "sha512-+pBrqEjaakN2ySv5RVrj/qLytYhPKEUwk+e3SFU5jTLHIcAtqh2rLrd/OkbNuHJpsBgxsD8ccJt5ga/SeG0JmA==",
+      "cpu": [
+        "arm"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm64-gnu": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.54.0.tgz",
+      "integrity": "sha512-NSqc7rE9wuUaRBsBp5ckQ5CVz5aIRKCwsoa6WMF7G01sX3/qHUw/z4pv+D+ahL1EIKy6Enpcnz1RY8pf7bjwng==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-arm64-musl": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.54.0.tgz",
+      "integrity": "sha512-gr5vDbg3Bakga5kbdpqx81m2n9IX8M6gIMlQQIXiLTNeQW6CucvuInJ91EuCJ/JYvc+rcLLsDFcfAD1K7fMofg==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-loong64-gnu": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.54.0.tgz",
+      "integrity": "sha512-gsrtB1NA3ZYj2vq0Rzkylo9ylCtW/PhpLEivlgWe0bpgtX5+9j9EZa0wtZiCjgu6zmSeZWyI/e2YRX1URozpIw==",
+      "cpu": [
+        "loong64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-ppc64-gnu": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.54.0.tgz",
+      "integrity": "sha512-y3qNOfTBStmFNq+t4s7Tmc9hW2ENtPg8FeUD/VShI7rKxNW7O4fFeaYbMsd3tpFlIg1Q8IapFgy7Q9i2BqeBvA==",
+      "cpu": [
+        "ppc64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-riscv64-gnu": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.54.0.tgz",
+      "integrity": "sha512-89sepv7h2lIVPsFma8iwmccN7Yjjtgz0Rj/Ou6fEqg3HDhpCa+Et+YSufy27i6b0Wav69Qv4WBNl3Rs6pwhebQ==",
+      "cpu": [
+        "riscv64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-riscv64-musl": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.54.0.tgz",
+      "integrity": "sha512-ZcU77ieh0M2Q8Ur7D5X7KvK+UxbXeDHwiOt/CPSBTI1fBmeDMivW0dPkdqkT4rOgDjrDDBUed9x4EgraIKoR2A==",
+      "cpu": [
+        "riscv64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-s390x-gnu": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.54.0.tgz",
+      "integrity": "sha512-2AdWy5RdDF5+4YfG/YesGDDtbyJlC9LHmL6rZw6FurBJ5n4vFGupsOBGfwMRjBYH7qRQowT8D/U4LoSvVwOhSQ==",
+      "cpu": [
+        "s390x"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-x64-gnu": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.54.0.tgz",
+      "integrity": "sha512-WGt5J8Ij/rvyqpFexxk3ffKqqbLf9AqrTBbWDk7ApGUzaIs6V+s2s84kAxklFwmMF/vBNGrVdYgbblCOFFezMQ==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-x64-musl": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.54.0.tgz",
+      "integrity": "sha512-JzQmb38ATzHjxlPHuTH6tE7ojnMKM2kYNzt44LO/jJi8BpceEC8QuXYA908n8r3CNuG/B3BV8VR3Hi1rYtmPiw==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-openharmony-arm64": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.54.0.tgz",
+      "integrity": "sha512-huT3fd0iC7jigGh7n3q/+lfPcXxBi+om/Rs3yiFxjvSxbSB6aohDFXbWvlspaqjeOh+hx7DDHS+5Es5qRkWkZg==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openharmony"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-arm64-msvc": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.54.0.tgz",
+      "integrity": "sha512-c2V0W1bsKIKfbLMBu/WGBz6Yci8nJ/ZJdheE0EwB73N3MvHYKiKGs3mVilX4Gs70eGeDaMqEob25Tw2Gb9Nqyw==",
+      "cpu": [
+        "arm64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-ia32-msvc": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.54.0.tgz",
+      "integrity": "sha512-woEHgqQqDCkAzrDhvDipnSirm5vxUXtSKDYTVpZG3nUdW/VVB5VdCYA2iReSj/u3yCZzXID4kuKG7OynPnB3WQ==",
+      "cpu": [
+        "ia32"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-x64-gnu": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.54.0.tgz",
+      "integrity": "sha512-dzAc53LOuFvHwbCEOS0rPbXp6SIhAf2txMP5p6mGyOXXw5mWY8NGGbPMPrs4P1WItkfApDathBj/NzMLUZ9rtQ==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@rollup/rollup-win32-x64-msvc": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.54.0.tgz",
+      "integrity": "sha512-hYT5d3YNdSh3mbCU1gwQyPgQd3T2ne0A3KG8KSBdav5TiBg6eInVmV+TeR5uHufiIgSFg0XsOWGW5/RhNcSvPg==",
+      "cpu": [
+        "x64"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ]
+    },
+    "node_modules/@tiptap/core": {
+      "version": "3.15.2",
+      "resolved": "https://registry.npmjs.org/@tiptap/core/-/core-3.15.2.tgz",
+      "integrity": "sha512-daQFS0miVXnyyLtD0BuziTZimHLK8bwudC7N0Vpv/xSesuX/nqJzIIlmDu+mIw4ROx44fat8cGBD1I3FANA+Mg==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/pm": "^3.15.2"
+      }
+    },
+    "node_modules/@tiptap/extension-blockquote": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-blockquote/-/extension-blockquote-3.15.1.tgz",
+      "integrity": "sha512-/EgpLiXaROF0JaU+F8eV1igsKHiDFukoNBdy5yATQV1+O5DjS252OZeblCg6oVGDyXcLUjGfbsgM5tjQkrAjaQ==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-bold": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-bold/-/extension-bold-3.15.1.tgz",
+      "integrity": "sha512-iP8gnkPjY/V4JKKtgJunUyqbNobTEF4N2XiLqSjzlzZOTifBTF8I2zRzgIdk4ZYkMXY+w5RLXQ4FgHg9/EoJ/w==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-bubble-menu": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-bubble-menu/-/extension-bubble-menu-3.15.1.tgz",
+      "integrity": "sha512-3UdVQSBs79N9TUyq0R9dbMB91Y5L1F7pWBnLuIoAj/ty+LfF7YZEkY9q6Il3EqRbxVNEucjOfp4Nuss+ZKceKw==",
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "@floating-ui/dom": "^1.0.0"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1",
+        "@tiptap/pm": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-bullet-list": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-bullet-list/-/extension-bullet-list-3.15.1.tgz",
+      "integrity": "sha512-ZTVaJ/xaQCmLydT6B1hS7Jduq4cCDcotfyMX6+qy7jr+QGBek2ZMcDYNPrsgX84rZfKVSa7CLpyQQyGn3rzJCw==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/extension-list": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-code": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-code/-/extension-code-3.15.1.tgz",
+      "integrity": "sha512-cKcx1YT+PmuDgPlDTFiajY0jm3sgVbhSy1gpG3BJeochtGJkVAEBs/I6WFnDTrTk/mU/5XdFwMRD4HEuAOg5XA==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-code-block": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-code-block/-/extension-code-block-3.15.1.tgz",
+      "integrity": "sha512-KCUCZVaXmx5lgBbadPefjkyNybmL1fvSZuzgj0aPX8+3eSd3e1UaZ4YX210y7bGmKUceVHz7HARhkEyp/zlCTg==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1",
+        "@tiptap/pm": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-code-block-lowlight": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-code-block-lowlight/-/extension-code-block-lowlight-3.15.1.tgz",
+      "integrity": "sha512-CjgDA5zD64fwE1In+aHOI2oSpb3qtCU+pzos2oG3uUTjPr22Gl6OD1B0vrTXpyJZb6MQoZP88h+JlIGCxNoDZw==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1",
+        "@tiptap/extension-code-block": "^3.15.1",
+        "@tiptap/pm": "^3.15.1",
+        "highlight.js": "^11",
+        "lowlight": "^2 || ^3"
+      }
+    },
+    "node_modules/@tiptap/extension-document": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-document/-/extension-document-3.15.1.tgz",
+      "integrity": "sha512-iq7+S+8NFKSoJ/hMBmsKOYXOt4ipEppDewIs5T9BUBwnYJMIRZqkqxHP7iiM3z71igFUdmc1yFVqkkLZpkTU+A==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-dropcursor": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-dropcursor/-/extension-dropcursor-3.15.1.tgz",
+      "integrity": "sha512-M2AQL1OoR1+OMVCp3QjT/vn0iaWwkM9cYXV2/4Z8JxdXzlzR2xZr4AphydDeZlMFdsVFBgaBqasDNsBRLKiJCQ==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/extensions": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-floating-menu": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-floating-menu/-/extension-floating-menu-3.15.1.tgz",
+      "integrity": "sha512-JiHpIPubGu2P2ffR+QhJpaQaLg/+rGWcGZRcxn7hwjwPFl0TrL6QN/cCz/mmjTy//1PCEKOFvUSStxO6uSOApQ==",
+      "license": "MIT",
+      "optional": true,
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@floating-ui/dom": "^1.0.0",
+        "@tiptap/core": "^3.15.1",
+        "@tiptap/pm": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-gapcursor": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-gapcursor/-/extension-gapcursor-3.15.1.tgz",
+      "integrity": "sha512-T+jJJ7zXYPa86sWA8D+YJkweuFsXHYyhc6S6DMXknsPr1R/yE9wDNpQSRQ56QjaN91bm/g4GYnjBCI9dzvvO/Q==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/extensions": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-hard-break": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-hard-break/-/extension-hard-break-3.15.1.tgz",
+      "integrity": "sha512-fXtpI/bNyfe8yRBI92ru537p7t0SVod+vu5jYcgUOMnc/wS1nCtVYe9KBgntgg8D2bHcZA/Vf41Ft4hsOCFdlw==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-heading": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-heading/-/extension-heading-3.15.1.tgz",
+      "integrity": "sha512-p0RANqElYFQTyVKqGJKAoqCT7v4WcGD57OgG06zugESWZHYU8ngoFlok7zSnh27ZdXN8+RWZguXqH+ciZGXt5w==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-horizontal-rule": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-horizontal-rule/-/extension-horizontal-rule-3.15.1.tgz",
+      "integrity": "sha512-qm4PSJ0AT1tVynd29lWy/wVR3YwmBu59MP0AtPWd7Uv0jcprGGkDZiaSdxDcCWK1Xj7yvfUxZmV7Z/uu6zFdWQ==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1",
+        "@tiptap/pm": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-image": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-image/-/extension-image-3.15.1.tgz",
+      "integrity": "sha512-mR4d0iWhPWD8AaBbnGlWgCUWHoMdebOOKa2v8BZd+VvmXFj+2MOZmXmBhQWK77fjp43hzJY4F6dC5tbzR4PxBw==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-italic": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-italic/-/extension-italic-3.15.1.tgz",
+      "integrity": "sha512-MZoxmvqge02ZR897hz7i5npXK7PksjYqkjMOC8BTdH3rpU2X2ExbSBXIl1vYM1ClcgDyVE42Q/I5oG4fQY2wDg==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-link": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-link/-/extension-link-3.15.1.tgz",
+      "integrity": "sha512-BZtbpTo5xr4QpM+w8MNafqLaCklbt90Zzg+KMfXApWGv+v1anxAiTt6r1E7uOn5GaGpxvTi/64l1gubdcQCbfQ==",
+      "license": "MIT",
+      "dependencies": {
+        "linkifyjs": "^4.3.2"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1",
+        "@tiptap/pm": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-list": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-list/-/extension-list-3.15.1.tgz",
+      "integrity": "sha512-/uAv+eXMH6TcLocJbHtU4NshOqii8gNTm/rcetvftExdeSGYbGnZur8E+VV6JJIoQbngKJY4RQ5p6ybKpBplRQ==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1",
+        "@tiptap/pm": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-list-item": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-list-item/-/extension-list-item-3.15.1.tgz",
+      "integrity": "sha512-+7QQsKFOecNOE/E4g2J6v77oMLdk5ZR3ZnCIDTIz6pZz4Fx0/B0LusMwWMbDip/H67pbYpVMBM3WeYrYgsLcOg==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/extension-list": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-list-keymap": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-list-keymap/-/extension-list-keymap-3.15.1.tgz",
+      "integrity": "sha512-mtT7GjR84QrLyrtq3ZcxkHOngATHYaR5w0ZFFnZmwHBWYxLn0cRpvz78i8XScMJSW+PugdRLkxQOumGa9UtQYQ==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/extension-list": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-ordered-list": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-ordered-list/-/extension-ordered-list-3.15.1.tgz",
+      "integrity": "sha512-feY4Z/boXbeobsXf7cYWtSur7M0SWPluj86T4TJ9t61hoW/YxYBEVD14ZHqx20ggYSlFqxX5j25oHaX+ulcPQg==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/extension-list": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-paragraph": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-paragraph/-/extension-paragraph-3.15.1.tgz",
+      "integrity": "sha512-GGgNyzZ9hasse9iFpxKsUniaIel8Wk2VpMw2tbFfELjK6EM0XaiO+nmMivP55dwA8nRY/DjMm8PB3czgMJ73Lg==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-placeholder": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-placeholder/-/extension-placeholder-3.15.1.tgz",
+      "integrity": "sha512-3GWsNQnxwoIbujepg1heeSGr2pC7ADmtERZ1rzeb6t6CDJb+OdW4oS0cWQU1BWKFw4y202SRpa6A7tnCf3KwOQ==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/extensions": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-strike": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-strike/-/extension-strike-3.15.1.tgz",
+      "integrity": "sha512-um0P7xdIrw+8J/WUx3MYmkKk07e74OMkPc1hXKg6YU8yZGpBQXAWHwo8OM7WqfDrs7tMMMTK3zIzZkl5K/jkdw==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-table": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-table/-/extension-table-3.15.1.tgz",
+      "integrity": "sha512-iamQ9lpNlLq2wjvWDUM/q09MQUKqi7Mk4EqBpEC3TzNLVty2fPmtp5jNc51A0vK3GVPIOfGo8KMsOgmXPOsBMg==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1",
+        "@tiptap/pm": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-task-item": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-task-item/-/extension-task-item-3.15.1.tgz",
+      "integrity": "sha512-zLx4b27nK8DtlP2gj79UgGEcpLuKIFLkXDLMQBZF1t/HZqWRKJqIGK5d1Dd+7L3dJqaUJ3nqT09c46mZmHAxTw==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/extension-list": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-task-list": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-task-list/-/extension-task-list-3.15.1.tgz",
+      "integrity": "sha512-6Do7N5uSpYxGJDf+rcihEFOhGeGXVSL2/3CtcR2RBHkTcu1VqaH+7kYPdar9IlLnyoy1QX4l+dPhutI2PjUNVQ==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/extension-list": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-text": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-text/-/extension-text-3.15.1.tgz",
+      "integrity": "sha512-jwKD5xVGhriQ3ZoA2aMbLmat7FmmHkqv5O807vjnHhQmYqinsFVQ/hc2YsulMtqex9I5qWXji4CTtF7p04USRQ==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extension-underline": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extension-underline/-/extension-underline-3.15.1.tgz",
+      "integrity": "sha512-/gWo7CkCLD5wVOPJ0AlgNhqkdoOSOq1UjJmqNoPve5oBq/WXkz2/c0k+xCgDBisCJQPrR/fK1POWd5RKFl0rQg==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/extensions": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/extensions/-/extensions-3.15.1.tgz",
+      "integrity": "sha512-u+tXN6szdmiruNPr/Ltk7n++A44lJBiUhMHGw0KjtucJtlEIl6fG7xgabzvKzPPy+WQJCjWbQjMdYabXoo6tEw==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1",
+        "@tiptap/pm": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/markdown": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/markdown/-/markdown-3.15.1.tgz",
+      "integrity": "sha512-PREJVXYgRsWvfRUyBapNZ/PEoXUJLXCC2DJrCXNPhFNqZnq78b8odKqs5ovPFDaxjGiZtWwxPEEOtsgRVxMPkA==",
+      "license": "MIT",
+      "dependencies": {
+        "marked": "^15.0.12"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1",
+        "@tiptap/pm": "^3.15.1"
+      }
+    },
+    "node_modules/@tiptap/markdown/node_modules/marked": {
+      "version": "15.0.12",
+      "resolved": "https://registry.npmjs.org/marked/-/marked-15.0.12.tgz",
+      "integrity": "sha512-8dD6FusOQSrpv9Z1rdNMdlSgQOIP880DHqnohobOmYLElGEqAL/JvxvuxZO16r4HtjTlfPRDC1hbvxC9dPN2nA==",
+      "license": "MIT",
+      "bin": {
+        "marked": "bin/marked.js"
+      },
+      "engines": {
+        "node": ">= 18"
+      }
+    },
+    "node_modules/@tiptap/pm": {
+      "version": "3.15.2",
+      "resolved": "https://registry.npmjs.org/@tiptap/pm/-/pm-3.15.2.tgz",
+      "integrity": "sha512-O4ZQ++sY9jiAxeyHaNjJNewAuVMD2HWn1pGQZe1wMha6evmTvwPE31eLHDaraZ3xbB2BfCFPrNzgF9rg2Wxznw==",
+      "license": "MIT",
+      "dependencies": {
+        "prosemirror-changeset": "^2.3.0",
+        "prosemirror-collab": "^1.3.1",
+        "prosemirror-commands": "^1.6.2",
+        "prosemirror-dropcursor": "^1.8.1",
+        "prosemirror-gapcursor": "^1.3.2",
+        "prosemirror-history": "^1.4.1",
+        "prosemirror-inputrules": "^1.4.0",
+        "prosemirror-keymap": "^1.2.2",
+        "prosemirror-markdown": "^1.13.1",
+        "prosemirror-menu": "^1.2.4",
+        "prosemirror-model": "^1.24.1",
+        "prosemirror-schema-basic": "^1.2.3",
+        "prosemirror-schema-list": "^1.5.0",
+        "prosemirror-state": "^1.4.3",
+        "prosemirror-tables": "^1.6.4",
+        "prosemirror-trailing-node": "^3.0.0",
+        "prosemirror-transform": "^1.10.2",
+        "prosemirror-view": "^1.38.1"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      }
+    },
+    "node_modules/@tiptap/react": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/react/-/react-3.15.1.tgz",
+      "integrity": "sha512-c4s1kQ0/xzIxiIUxo+tgGqWjl94OnSXsQtVTbN66km4DiCZqG2VreuN3jR/FFRP3bcQODmcyPyozSY7wRRvfmA==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/use-sync-external-store": "^0.0.6",
+        "fast-equals": "^5.3.3",
+        "use-sync-external-store": "^1.4.0"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "optionalDependencies": {
+        "@tiptap/extension-bubble-menu": "^3.15.1",
+        "@tiptap/extension-floating-menu": "^3.15.1"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.1",
+        "@tiptap/pm": "^3.15.1",
+        "@types/react": "^17.0.0 || ^18.0.0 || ^19.0.0",
+        "@types/react-dom": "^17.0.0 || ^18.0.0 || ^19.0.0",
+        "react": "^17.0.0 || ^18.0.0 || ^19.0.0",
+        "react-dom": "^17.0.0 || ^18.0.0 || ^19.0.0"
+      }
+    },
+    "node_modules/@tiptap/starter-kit": {
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/@tiptap/starter-kit/-/starter-kit-3.15.1.tgz",
+      "integrity": "sha512-AGUCasz1sLJQH8WU4D9sR3WYMgQHwa72gf8ZoJOmhPOlfCWdAqOdzIWPEKD+luCKDD8tjsQskSboRWT791w+ig==",
+      "license": "MIT",
+      "dependencies": {
+        "@tiptap/core": "^3.15.1",
+        "@tiptap/extension-blockquote": "^3.15.1",
+        "@tiptap/extension-bold": "^3.15.1",
+        "@tiptap/extension-bullet-list": "^3.15.1",
+        "@tiptap/extension-code": "^3.15.1",
+        "@tiptap/extension-code-block": "^3.15.1",
+        "@tiptap/extension-document": "^3.15.1",
+        "@tiptap/extension-dropcursor": "^3.15.1",
+        "@tiptap/extension-gapcursor": "^3.15.1",
+        "@tiptap/extension-hard-break": "^3.15.1",
+        "@tiptap/extension-heading": "^3.15.1",
+        "@tiptap/extension-horizontal-rule": "^3.15.1",
+        "@tiptap/extension-italic": "^3.15.1",
+        "@tiptap/extension-link": "^3.15.1",
+        "@tiptap/extension-list": "^3.15.1",
+        "@tiptap/extension-list-item": "^3.15.1",
+        "@tiptap/extension-list-keymap": "^3.15.1",
+        "@tiptap/extension-ordered-list": "^3.15.1",
+        "@tiptap/extension-paragraph": "^3.15.1",
+        "@tiptap/extension-strike": "^3.15.1",
+        "@tiptap/extension-text": "^3.15.1",
+        "@tiptap/extension-underline": "^3.15.1",
+        "@tiptap/extensions": "^3.15.1",
+        "@tiptap/pm": "^3.15.1"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      }
+    },
+    "node_modules/@tiptap/suggestion": {
+      "version": "3.15.2",
+      "resolved": "https://registry.npmjs.org/@tiptap/suggestion/-/suggestion-3.15.2.tgz",
+      "integrity": "sha512-lhBVpC83DfT2gv8gdPkyU5bt1aBUa4yvmtYkOgyGCSUvXfAMf1+l0hqMEXhAb+iNQBC7+2Ozui7n+MpjsIknNA==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/ueberdosis"
+      },
+      "peerDependencies": {
+        "@tiptap/core": "^3.15.2",
+        "@tiptap/pm": "^3.15.2"
+      }
+    },
+    "node_modules/@types/babel__core": {
+      "version": "7.20.5",
+      "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz",
+      "integrity": "sha512-qoQprZvz5wQFJwMDqeseRXWv3rqMvhgpbXFfVyWhbx9X47POIA6i/+dXefEmZKoAgOaTdaIgNSMqMIU61yRyzA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/parser": "^7.20.7",
+        "@babel/types": "^7.20.7",
+        "@types/babel__generator": "*",
+        "@types/babel__template": "*",
+        "@types/babel__traverse": "*"
+      }
+    },
+    "node_modules/@types/babel__generator": {
+      "version": "7.27.0",
+      "resolved": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.27.0.tgz",
+      "integrity": "sha512-ufFd2Xi92OAVPYsy+P4n7/U7e68fex0+Ee8gSG9KX7eo084CWiQ4sdxktvdl0bOPupXtVJPY19zk6EwWqUQ8lg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/types": "^7.0.0"
+      }
+    },
+    "node_modules/@types/babel__template": {
+      "version": "7.4.4",
+      "resolved": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.4.tgz",
+      "integrity": "sha512-h/NUaSyG5EyxBIp8YRxo4RMe2/qQgvyowRwVMzhYhBCONbW8PUsg4lkFMrhgZhUe5z3L3MiLDuvyJ/CaPa2A8A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/parser": "^7.1.0",
+        "@babel/types": "^7.0.0"
+      }
+    },
+    "node_modules/@types/babel__traverse": {
+      "version": "7.28.0",
+      "resolved": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.28.0.tgz",
+      "integrity": "sha512-8PvcXf70gTDZBgt9ptxJ8elBeBjcLOAcOtoO/mPJjtji1+CdGbHgm77om1GrsPxsiE+uXIpNSK64UYaIwQXd4Q==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/types": "^7.28.2"
+      }
+    },
+    "node_modules/@types/estree": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz",
+      "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==",
+      "license": "MIT"
+    },
+    "node_modules/@types/hast": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/@types/hast/-/hast-3.0.4.tgz",
+      "integrity": "sha512-WPs+bbQw5aCj+x6laNGWLH3wviHtoCv/P3+otBhbOhJgG8qtpdAMlTCxLtsTWA7LH1Oh/bFCHsBn0TPS5m30EQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/unist": "*"
+      }
+    },
+    "node_modules/@types/linkify-it": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/@types/linkify-it/-/linkify-it-5.0.0.tgz",
+      "integrity": "sha512-sVDA58zAw4eWAffKOaQH5/5j3XeayukzDk+ewSsnv3p4yJEZHCCzMDiZM8e0OUrRvmpGZ85jf4yDHkHsgBNr9Q==",
+      "license": "MIT"
+    },
+    "node_modules/@types/markdown-it": {
+      "version": "14.1.2",
+      "resolved": "https://registry.npmjs.org/@types/markdown-it/-/markdown-it-14.1.2.tgz",
+      "integrity": "sha512-promo4eFwuiW+TfGxhi+0x3czqTYJkG8qB17ZUJiVF10Xm7NLVRSLUsfRTU/6h1e24VvRnXCx+hG7li58lkzog==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/linkify-it": "^5",
+        "@types/mdurl": "^2"
+      }
+    },
+    "node_modules/@types/mdurl": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/@types/mdurl/-/mdurl-2.0.0.tgz",
+      "integrity": "sha512-RGdgjQUZba5p6QEFAVx2OGb8rQDL/cPRG7GiedRzMcJ1tYnUANBncjbSB1NRGwbvjcPeikRABz2nshyPk1bhWg==",
+      "license": "MIT"
+    },
+    "node_modules/@types/react": {
+      "version": "19.2.7",
+      "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.7.tgz",
+      "integrity": "sha512-MWtvHrGZLFttgeEj28VXHxpmwYbor/ATPYbBfSFZEIRK0ecCFLl2Qo55z52Hss+UV9CRN7trSeq1zbgx7YDWWg==",
+      "license": "MIT",
+      "dependencies": {
+        "csstype": "^3.2.2"
+      }
+    },
+    "node_modules/@types/react-dom": {
+      "version": "19.2.3",
+      "resolved": "https://registry.npmjs.org/@types/react-dom/-/react-dom-19.2.3.tgz",
+      "integrity": "sha512-jp2L/eY6fn+KgVVQAOqYItbF0VY/YApe5Mz2F0aykSO8gx31bYCZyvSeYxCHKvzHG5eZjc+zyaS5BrBWya2+kQ==",
+      "license": "MIT",
+      "peerDependencies": {
+        "@types/react": "^19.2.0"
+      }
+    },
+    "node_modules/@types/trusted-types": {
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz",
+      "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==",
+      "license": "MIT",
+      "optional": true
+    },
+    "node_modules/@types/unist": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/@types/unist/-/unist-3.0.3.tgz",
+      "integrity": "sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q==",
+      "license": "MIT"
+    },
+    "node_modules/@types/use-sync-external-store": {
+      "version": "0.0.6",
+      "resolved": "https://registry.npmjs.org/@types/use-sync-external-store/-/use-sync-external-store-0.0.6.tgz",
+      "integrity": "sha512-zFDAD+tlpf2r4asuHEj0XH6pY6i0g5NeAHPn+15wk3BV6JA69eERFXC1gyGThDkVa1zCyKr5jox1+2LbV/AMLg==",
+      "license": "MIT"
+    },
+    "node_modules/@unocss/astro": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/astro/-/astro-66.5.12.tgz",
+      "integrity": "sha512-ynhlljsTGTHAcQHbpqxe3IXEDXjPm9IdeDWAhPet7UiGXhW230vEZ+1/OoARqLysVSVz4pPb81MDgS167Oo4Nw==",
+      "license": "MIT",
+      "dependencies": {
+        "@unocss/core": "66.5.12",
+        "@unocss/reset": "66.5.12",
+        "@unocss/vite": "66.5.12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      },
+      "peerDependencies": {
+        "vite": "^2.9.0 || ^3.0.0-0 || ^4.0.0 || ^5.0.0-0 || ^6.0.0-0 || ^7.0.0-0 || ^8.0.0-0"
+      },
+      "peerDependenciesMeta": {
+        "vite": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@unocss/cli": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/cli/-/cli-66.5.12.tgz",
+      "integrity": "sha512-aqjhYSiYneGfzXH6iYCY4StVN1QyeRKLhuBPkJO7gzad+1RNeqH2se1l4c5Fnvf+1rU9xRM8cw1CUSIn9UOxYQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/remapping": "^2.3.5",
+        "@unocss/config": "66.5.12",
+        "@unocss/core": "66.5.12",
+        "@unocss/preset-uno": "66.5.12",
+        "cac": "^6.7.14",
+        "chokidar": "^5.0.0",
+        "colorette": "^2.0.20",
+        "consola": "^3.4.2",
+        "magic-string": "^0.30.21",
+        "pathe": "^2.0.3",
+        "perfect-debounce": "^2.0.0",
+        "tinyglobby": "^0.2.15",
+        "unplugin-utils": "^0.3.1"
+      },
+      "bin": {
+        "unocss": "bin/unocss.mjs"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@unocss/config": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/config/-/config-66.5.12.tgz",
+      "integrity": "sha512-rgV7Jj1nBZsLgk/FIFMDzKVLzIZlbKT5T0SB+odo9xZUsN5xwZZMl7I8TfZj5VxQaYqFEgSpS/Y4QCWlZ+7scQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@unocss/core": "66.5.12",
+        "unconfig": "^7.4.2"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@unocss/core": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/core/-/core-66.5.12.tgz",
+      "integrity": "sha512-/m6su0OXcCYRwIMf8sobBjZTC25iBLUnQVcfyvHOJwLJzOMr8dtNmZbqTs7+Kouz40jlPF7pR+ufFrN+s5ZD7g==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@unocss/extractor-arbitrary-variants": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/extractor-arbitrary-variants/-/extractor-arbitrary-variants-66.5.12.tgz",
+      "integrity": "sha512-UGzHhLaaSu/YT0rmXtdoE1ttLvwWsI/RVTwNNy3QnL/y4Hvmo7T1MtG5Ri5btfqfDWPzrQLQiTvI8loGCD8lFQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@unocss/core": "66.5.12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@unocss/inspector": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/inspector/-/inspector-66.5.12.tgz",
+      "integrity": "sha512-X8Ygo842Yy0g46JNlgUGvqDhvr5BuVfFwMJeWSFJBYHzPKsZFxTU29aGxNDNDascTnNdWjZZqerPpG5esa+K2Q==",
+      "license": "MIT",
+      "dependencies": {
+        "@unocss/core": "66.5.12",
+        "@unocss/rule-utils": "66.5.12",
+        "colorette": "^2.0.20",
+        "gzip-size": "^6.0.0",
+        "sirv": "^3.0.2",
+        "vue-flow-layout": "^0.2.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@unocss/postcss": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/postcss/-/postcss-66.5.12.tgz",
+      "integrity": "sha512-fTGrn19I45jzoP9Jsxty9/PXix3PFftj3tgrIsYjZ0R4tpCffW0s7X/iEl3GwfR45kpe5NlQ5ghskd3CFHUp+Q==",
+      "license": "MIT",
+      "dependencies": {
+        "@unocss/config": "66.5.12",
+        "@unocss/core": "66.5.12",
+        "@unocss/rule-utils": "66.5.12",
+        "css-tree": "^3.1.0",
+        "postcss": "^8.5.6",
+        "tinyglobby": "^0.2.15"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      },
+      "peerDependencies": {
+        "postcss": "^8.4.21"
+      }
+    },
+    "node_modules/@unocss/preset-attributify": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/preset-attributify/-/preset-attributify-66.5.12.tgz",
+      "integrity": "sha512-9h/Zgiztzjp1Zf/c/DHAgm1bvzh5oLxAHhPMHmEFjNO335vEjd+PUZBzXXymKM+VoBlMz5DADpAVlTvq1N1aJA==",
+      "license": "MIT",
+      "dependencies": {
+        "@unocss/core": "66.5.12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@unocss/preset-icons": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/preset-icons/-/preset-icons-66.5.12.tgz",
+      "integrity": "sha512-3bgkN8tTrcOSGuBcJSDrtDfBt7WU3chFjfw7zo4ign+Z0L6qANB2O62AOdOMJOxKjlppJ6a8AceHthhPZP2PDA==",
+      "license": "MIT",
+      "dependencies": {
+        "@iconify/utils": "^3.1.0",
+        "@unocss/core": "66.5.12",
+        "ofetch": "^1.5.1"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@unocss/preset-mini": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/preset-mini/-/preset-mini-66.5.12.tgz",
+      "integrity": "sha512-JEyhb0vKIguaZnrGw0CXcgU6/9cWubVL8BTiLl26hsC+6vFHVSnaDHIWOJ8sTShzEQjPSxKDlAj/lGQCC2+88Q==",
+      "license": "MIT",
+      "dependencies": {
+        "@unocss/core": "66.5.12",
+        "@unocss/extractor-arbitrary-variants": "66.5.12",
+        "@unocss/rule-utils": "66.5.12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@unocss/preset-tagify": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/preset-tagify/-/preset-tagify-66.5.12.tgz",
+      "integrity": "sha512-gzQ+986lNxpqMeGxeYlDRpfrzcRt2DFjVpfmuNYD6daK4AFRbetQbhynnZyf8zwf++2YUDGf6xI9TfTTSG2QQA==",
+      "license": "MIT",
+      "dependencies": {
+        "@unocss/core": "66.5.12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@unocss/preset-typography": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/preset-typography/-/preset-typography-66.5.12.tgz",
+      "integrity": "sha512-ckOD1coTCLXhO3oDCINqm0W292dgtYWtUYeQneNARJz3jjdNqANFPOP/y9Kpfe7WGNegVySRlDizi/L6VSdqJQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@unocss/core": "66.5.12",
+        "@unocss/rule-utils": "66.5.12"
+      }
+    },
+    "node_modules/@unocss/preset-uno": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/preset-uno/-/preset-uno-66.5.12.tgz",
+      "integrity": "sha512-jTLhDeRqhTrCSbEgCQIg0K0PLFDtukG4eeOH5ff7Q4CtmkmsCUK0pqeXegi6ZCyatDwm72qc2WABMSqDMBdhtw==",
+      "license": "MIT",
+      "dependencies": {
+        "@unocss/core": "66.5.12",
+        "@unocss/preset-wind3": "66.5.12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@unocss/preset-web-fonts": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/preset-web-fonts/-/preset-web-fonts-66.5.12.tgz",
+      "integrity": "sha512-NSUf+H5X0jZ1PLWW6D5ldBERERpbH8VvkpJJhxNTCS54Lj5vJiZ1S06UYxBB57vuUOaHpQOGTbKUSc204LCqdw==",
+      "license": "MIT",
+      "dependencies": {
+        "@unocss/core": "66.5.12",
+        "ofetch": "^1.5.1"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@unocss/preset-wind": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/preset-wind/-/preset-wind-66.5.12.tgz",
+      "integrity": "sha512-wp1/8JqQriv1AqpxskKbZYD9TNqZLQ9VBr7nNN6OkiPXBE1egEwnyb/fY+sS7IpEgwi4N9uehwQgk0/xs84SWg==",
+      "license": "MIT",
+      "dependencies": {
+        "@unocss/core": "66.5.12",
+        "@unocss/preset-wind3": "66.5.12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@unocss/preset-wind3": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/preset-wind3/-/preset-wind3-66.5.12.tgz",
+      "integrity": "sha512-SUzX12aQcM1ikzfv4rqwd/xuXtK5GKvhV0/JjvtG/kDTMGaKv161F2ytduj+2pBHtpJO5fUmreCD5ycTUIkxhQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@unocss/core": "66.5.12",
+        "@unocss/preset-mini": "66.5.12",
+        "@unocss/rule-utils": "66.5.12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@unocss/preset-wind4": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/preset-wind4/-/preset-wind4-66.5.12.tgz",
+      "integrity": "sha512-JVddnLJ6NOk7hOXA0Y8SYbQEu+JpURbE9o/IHVCkRClVRkE81b9KgJf7WQa/8KIr1O20wRRFdt9QRH4m3pZJ/A==",
+      "license": "MIT",
+      "dependencies": {
+        "@unocss/core": "66.5.12",
+        "@unocss/extractor-arbitrary-variants": "66.5.12",
+        "@unocss/rule-utils": "66.5.12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@unocss/reset": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/reset/-/reset-66.5.12.tgz",
+      "integrity": "sha512-wGTMu1sXVdxnzAonzHk/yUsyDyGrr8OiXCDSC7pVNep6eXhhf0g85v/Gx9FoAjZRyCppm6ePDWXtWYS8zglfCQ==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@unocss/rule-utils": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/rule-utils/-/rule-utils-66.5.12.tgz",
+      "integrity": "sha512-2UQvdjS6nD3QHLEwcXlDhXFNiOUQDuOC+itX4tjqvnjP/hj5A99WEUHemb8WEHAlHAt7khe9591+BkHHo3BX/w==",
+      "license": "MIT",
+      "dependencies": {
+        "@unocss/core": "^66.5.12",
+        "magic-string": "^0.30.21"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@unocss/transformer-attributify-jsx": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/transformer-attributify-jsx/-/transformer-attributify-jsx-66.5.12.tgz",
+      "integrity": "sha512-h88voRNzSDDBf8In9A/wT0x7IlpRSnOnS62hBIcWk3Ci6w2+I/5eMFP+Rl1kY3zAz4hJ1/Ei6d9Rup3eS5037w==",
+      "license": "MIT",
+      "dependencies": {
+        "@babel/parser": "7.27.7",
+        "@babel/traverse": "7.27.7",
+        "@unocss/core": "66.5.12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@unocss/transformer-attributify-jsx/node_modules/@babel/parser": {
+      "version": "7.27.7",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.27.7.tgz",
+      "integrity": "sha512-qnzXzDXdr/po3bOTbTIQZ7+TxNKxpkN5IifVLXS+r7qwynkZfPyjZfE7hCXbo7IoO9TNcSyibgONsf2HauUd3Q==",
+      "license": "MIT",
+      "dependencies": {
+        "@babel/types": "^7.27.7"
+      },
+      "bin": {
+        "parser": "bin/babel-parser.js"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@unocss/transformer-attributify-jsx/node_modules/@babel/traverse": {
+      "version": "7.27.7",
+      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.27.7.tgz",
+      "integrity": "sha512-X6ZlfR/O/s5EQ/SnUSLzr+6kGnkg8HXGMzpgsMsrJVcfDtH1vIp6ctCN4eZ1LS5c0+te5Cb6Y514fASjMRJ1nw==",
+      "license": "MIT",
+      "dependencies": {
+        "@babel/code-frame": "^7.27.1",
+        "@babel/generator": "^7.27.5",
+        "@babel/parser": "^7.27.7",
+        "@babel/template": "^7.27.2",
+        "@babel/types": "^7.27.7",
+        "debug": "^4.3.1",
+        "globals": "^11.1.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@unocss/transformer-compile-class": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/transformer-compile-class/-/transformer-compile-class-66.5.12.tgz",
+      "integrity": "sha512-EV9LCrIfwUrevHOAhcQD/4HO5NdDzd1ALXNSDbaRxPjDVquWIRs/DujUmihyV2wqu2qEnkOumC+kyDPfZ7/u3w==",
+      "license": "MIT",
+      "dependencies": {
+        "@unocss/core": "66.5.12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@unocss/transformer-directives": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/transformer-directives/-/transformer-directives-66.5.12.tgz",
+      "integrity": "sha512-oRTqR2a5du6b1md549JUX8doXcXY0XNTkiar7R0HZInF4ic0BbjG+nflifd1UtTbI1TUOtcZLQHm+/4tQqM4MA==",
+      "license": "MIT",
+      "dependencies": {
+        "@unocss/core": "66.5.12",
+        "@unocss/rule-utils": "66.5.12",
+        "css-tree": "^3.1.0"
+      }
+    },
+    "node_modules/@unocss/transformer-variant-group": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/transformer-variant-group/-/transformer-variant-group-66.5.12.tgz",
+      "integrity": "sha512-iNHzliFCIVjbbmM9PVexqFhPa1t6C/6Ma3ZtkQRMq9KD2YsLvxdabvESEbjHA3iooR+bjPkiROC9whyRLWnyqQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@unocss/core": "66.5.12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/@unocss/vite": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/@unocss/vite/-/vite-66.5.12.tgz",
+      "integrity": "sha512-BSbUmUCLF3303Cu0y+gbhibXkXPpcR6lVFNN2g06EXTDNJEoS/1VKvZEUBU8RP8d1mLkv5mqN4FzdltZ+vA3uw==",
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/remapping": "^2.3.5",
+        "@unocss/config": "66.5.12",
+        "@unocss/core": "66.5.12",
+        "@unocss/inspector": "66.5.12",
+        "chokidar": "^5.0.0",
+        "magic-string": "^0.30.21",
+        "pathe": "^2.0.3",
+        "tinyglobby": "^0.2.15",
+        "unplugin-utils": "^0.3.1"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      },
+      "peerDependencies": {
+        "vite": "^2.9.0 || ^3.0.0-0 || ^4.0.0 || ^5.0.0-0 || ^6.0.0-0 || ^7.0.0-0 || ^8.0.0-0"
+      }
+    },
+    "node_modules/@vitejs/plugin-react": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/@vitejs/plugin-react/-/plugin-react-5.1.2.tgz",
+      "integrity": "sha512-EcA07pHJouywpzsoTUqNh5NwGayl2PPVEJKUSinGGSxFGYn+shYbqMGBg6FXDqgXum9Ou/ecb+411ssw8HImJQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@babel/core": "^7.28.5",
+        "@babel/plugin-transform-react-jsx-self": "^7.27.1",
+        "@babel/plugin-transform-react-jsx-source": "^7.27.1",
+        "@rolldown/pluginutils": "1.0.0-beta.53",
+        "@types/babel__core": "^7.20.5",
+        "react-refresh": "^0.18.0"
+      },
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      },
+      "peerDependencies": {
+        "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0"
+      }
+    },
+    "node_modules/acorn": {
+      "version": "8.15.0",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz",
+      "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
+      "license": "MIT",
+      "bin": {
+        "acorn": "bin/acorn"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/argparse": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
+      "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==",
+      "license": "Python-2.0"
+    },
+    "node_modules/baseline-browser-mapping": {
+      "version": "2.9.11",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.11.tgz",
+      "integrity": "sha512-Sg0xJUNDU1sJNGdfGWhVHX0kkZ+HWcvmVymJbj6NSgZZmW/8S9Y2HQ5euytnIgakgxN6papOAWiwDo1ctFDcoQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "baseline-browser-mapping": "dist/cli.js"
+      }
+    },
+    "node_modules/browserslist": {
+      "version": "4.28.1",
+      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.28.1.tgz",
+      "integrity": "sha512-ZC5Bd0LgJXgwGqUknZY/vkUQ04r8NXnJZ3yYi4vDmSiZmC/pdSN0NbNRPxZpbtO4uAfDUAFffO8IZoM3Gj8IkA==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/browserslist"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/browserslist"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "baseline-browser-mapping": "^2.9.0",
+        "caniuse-lite": "^1.0.30001759",
+        "electron-to-chromium": "^1.5.263",
+        "node-releases": "^2.0.27",
+        "update-browserslist-db": "^1.2.0"
+      },
+      "bin": {
+        "browserslist": "cli.js"
+      },
+      "engines": {
+        "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7"
+      }
+    },
+    "node_modules/cac": {
+      "version": "6.7.14",
+      "resolved": "https://registry.npmjs.org/cac/-/cac-6.7.14.tgz",
+      "integrity": "sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/caniuse-lite": {
+      "version": "1.0.30001762",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001762.tgz",
+      "integrity": "sha512-PxZwGNvH7Ak8WX5iXzoK1KPZttBXNPuaOvI2ZYU7NrlM+d9Ov+TUvlLOBNGzVXAntMSMMlJPd+jY6ovrVjSmUw==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/browserslist"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/caniuse-lite"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "CC-BY-4.0"
+    },
+    "node_modules/chart.js": {
+      "version": "4.5.1",
+      "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-4.5.1.tgz",
+      "integrity": "sha512-GIjfiT9dbmHRiYi6Nl2yFCq7kkwdkp1W/lp2J99rX0yo9tgJGn3lKQATztIjb5tVtevcBtIdICNWqlq5+E8/Pw==",
+      "license": "MIT",
+      "dependencies": {
+        "@kurkle/color": "^0.3.0"
+      },
+      "engines": {
+        "pnpm": ">=8"
+      }
+    },
+    "node_modules/chokidar": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-5.0.0.tgz",
+      "integrity": "sha512-TQMmc3w+5AxjpL8iIiwebF73dRDF4fBIieAqGn9RGCWaEVwQ6Fb2cGe31Yns0RRIzii5goJ1Y7xbMwo1TxMplw==",
+      "license": "MIT",
+      "dependencies": {
+        "readdirp": "^5.0.0"
+      },
+      "engines": {
+        "node": ">= 20.19.0"
+      },
+      "funding": {
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "node_modules/colorette": {
+      "version": "2.0.20",
+      "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.20.tgz",
+      "integrity": "sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==",
+      "license": "MIT"
+    },
+    "node_modules/confbox": {
+      "version": "0.1.8",
+      "resolved": "https://registry.npmjs.org/confbox/-/confbox-0.1.8.tgz",
+      "integrity": "sha512-RMtmw0iFkeR4YV+fUOSucriAQNb9g8zFR52MWCtl+cCZOFRNL6zeB395vPzFhEjjn4fMxXudmELnl/KF/WrK6w==",
+      "license": "MIT"
+    },
+    "node_modules/consola": {
+      "version": "3.4.2",
+      "resolved": "https://registry.npmjs.org/consola/-/consola-3.4.2.tgz",
+      "integrity": "sha512-5IKcdX0nnYavi6G7TtOhwkYzyjfJlatbjMjuLSfE2kYT5pMDOilZ4OvMhi637CcDICTmz3wARPoyhqyX1Y+XvA==",
+      "license": "MIT",
+      "engines": {
+        "node": "^14.18.0 || >=16.10.0"
+      }
+    },
+    "node_modules/convert-source-map": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz",
+      "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/crelt": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/crelt/-/crelt-1.0.6.tgz",
+      "integrity": "sha512-VQ2MBenTq1fWZUH9DJNGti7kKv6EeAuYr3cLwxUWhIu1baTaXh4Ib5W2CqHVqib4/MqbYGJqiL3Zb8GJZr3l4g==",
+      "license": "MIT"
+    },
+    "node_modules/css-tree": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-3.1.0.tgz",
+      "integrity": "sha512-0eW44TGN5SQXU1mWSkKwFstI/22X2bG1nYzZTYMAWjylYURhse752YgbE4Cx46AC+bAvI+/dYTPRk1LqSUnu6w==",
+      "license": "MIT",
+      "dependencies": {
+        "mdn-data": "2.12.2",
+        "source-map-js": "^1.0.1"
+      },
+      "engines": {
+        "node": "^10 || ^12.20.0 || ^14.13.0 || >=15.0.0"
+      }
+    },
+    "node_modules/csstype": {
+      "version": "3.2.3",
+      "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.2.3.tgz",
+      "integrity": "sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==",
+      "license": "MIT"
+    },
+    "node_modules/debug": {
+      "version": "4.4.3",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
+      "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+      "license": "MIT",
+      "dependencies": {
+        "ms": "^2.1.3"
+      },
+      "engines": {
+        "node": ">=6.0"
+      },
+      "peerDependenciesMeta": {
+        "supports-color": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/defu": {
+      "version": "6.1.4",
+      "resolved": "https://registry.npmjs.org/defu/-/defu-6.1.4.tgz",
+      "integrity": "sha512-mEQCMmwJu317oSz8CwdIOdwf3xMif1ttiM8LTufzc3g6kR+9Pe236twL8j3IYT1F7GfRgGcW6MWxzZjLIkuHIg==",
+      "license": "MIT"
+    },
+    "node_modules/dequal": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/dequal/-/dequal-2.0.3.tgz",
+      "integrity": "sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/destr": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/destr/-/destr-2.0.5.tgz",
+      "integrity": "sha512-ugFTXCtDZunbzasqBxrK93Ik/DRYsO6S/fedkWEMKqt04xZ4csmnmwGDBAb07QWNaGMAmnTIemsYZCksjATwsA==",
+      "license": "MIT"
+    },
+    "node_modules/devlop": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/devlop/-/devlop-1.1.0.tgz",
+      "integrity": "sha512-RWmIqhcFf1lRYBvNmr7qTNuyCt/7/ns2jbpp1+PalgE/rDQcBT0fioSMUpJ93irlUhC5hrg4cYqe6U+0ImW0rA==",
+      "license": "MIT",
+      "dependencies": {
+        "dequal": "^2.0.0"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/dompurify": {
+      "version": "3.2.7",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.2.7.tgz",
+      "integrity": "sha512-WhL/YuveyGXJaerVlMYGWhvQswa7myDG17P7Vu65EWC05o8vfeNbvNf4d/BOvH99+ZW+LlQsc1GDKMa1vNK6dw==",
+      "license": "(MPL-2.0 OR Apache-2.0)",
+      "optionalDependencies": {
+        "@types/trusted-types": "^2.0.7"
+      }
+    },
+    "node_modules/duplexer": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/duplexer/-/duplexer-0.1.2.tgz",
+      "integrity": "sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg==",
+      "license": "MIT"
+    },
+    "node_modules/electron-to-chromium": {
+      "version": "1.5.267",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.267.tgz",
+      "integrity": "sha512-0Drusm6MVRXSOJpGbaSVgcQsuB4hEkMpHXaVstcPmhu5LIedxs1xNK/nIxmQIU/RPC0+1/o0AVZfBTkTNJOdUw==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/entities": {
+      "version": "4.5.0",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz",
+      "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==",
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=0.12"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
+    "node_modules/esbuild": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.2.tgz",
+      "integrity": "sha512-HyNQImnsOC7X9PMNaCIeAm4ISCQXs5a5YasTXVliKv4uuBo1dKrG0A+uQS8M5eXjVMnLg3WgXaKvprHlFJQffw==",
+      "hasInstallScript": true,
+      "license": "MIT",
+      "bin": {
+        "esbuild": "bin/esbuild"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "optionalDependencies": {
+        "@esbuild/aix-ppc64": "0.27.2",
+        "@esbuild/android-arm": "0.27.2",
+        "@esbuild/android-arm64": "0.27.2",
+        "@esbuild/android-x64": "0.27.2",
+        "@esbuild/darwin-arm64": "0.27.2",
+        "@esbuild/darwin-x64": "0.27.2",
+        "@esbuild/freebsd-arm64": "0.27.2",
+        "@esbuild/freebsd-x64": "0.27.2",
+        "@esbuild/linux-arm": "0.27.2",
+        "@esbuild/linux-arm64": "0.27.2",
+        "@esbuild/linux-ia32": "0.27.2",
+        "@esbuild/linux-loong64": "0.27.2",
+        "@esbuild/linux-mips64el": "0.27.2",
+        "@esbuild/linux-ppc64": "0.27.2",
+        "@esbuild/linux-riscv64": "0.27.2",
+        "@esbuild/linux-s390x": "0.27.2",
+        "@esbuild/linux-x64": "0.27.2",
+        "@esbuild/netbsd-arm64": "0.27.2",
+        "@esbuild/netbsd-x64": "0.27.2",
+        "@esbuild/openbsd-arm64": "0.27.2",
+        "@esbuild/openbsd-x64": "0.27.2",
+        "@esbuild/openharmony-arm64": "0.27.2",
+        "@esbuild/sunos-x64": "0.27.2",
+        "@esbuild/win32-arm64": "0.27.2",
+        "@esbuild/win32-ia32": "0.27.2",
+        "@esbuild/win32-x64": "0.27.2"
+      }
+    },
+    "node_modules/escalade": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz",
+      "integrity": "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/escape-string-regexp": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz",
+      "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/fast-equals": {
+      "version": "5.4.0",
+      "resolved": "https://registry.npmjs.org/fast-equals/-/fast-equals-5.4.0.tgz",
+      "integrity": "sha512-jt2DW/aNFNwke7AUd+Z+e6pz39KO5rzdbbFCg2sGafS4mk13MI7Z8O5z9cADNn5lhGODIgLwug6TZO2ctf7kcw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/fdir": {
+      "version": "6.5.0",
+      "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz",
+      "integrity": "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "peerDependencies": {
+        "picomatch": "^3 || ^4"
+      },
+      "peerDependenciesMeta": {
+        "picomatch": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/fsevents": {
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
+      "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
+      "hasInstallScript": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
+    "node_modules/gensync": {
+      "version": "1.0.0-beta.2",
+      "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz",
+      "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/globals": {
+      "version": "11.12.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz",
+      "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/gzip-size": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/gzip-size/-/gzip-size-6.0.0.tgz",
+      "integrity": "sha512-ax7ZYomf6jqPTQ4+XCpUGyXKHk5WweS+e05MBO4/y3WJ5RkmPXNKvX+bx1behVILVwr6JSQvZAku021CHPXG3Q==",
+      "license": "MIT",
+      "dependencies": {
+        "duplexer": "^0.1.2"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/highlight.js": {
+      "version": "11.11.1",
+      "resolved": "https://registry.npmjs.org/highlight.js/-/highlight.js-11.11.1.tgz",
+      "integrity": "sha512-Xwwo44whKBVCYoliBQwaPvtd/2tYFkRQtXDWj1nackaV2JPXx3L0+Jvd8/qCJ2p+ML0/XVkJ2q+Mr+UVdpJK5w==",
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
+    "node_modules/jiti": {
+      "version": "2.6.1",
+      "resolved": "https://registry.npmjs.org/jiti/-/jiti-2.6.1.tgz",
+      "integrity": "sha512-ekilCSN1jwRvIbgeg/57YFh8qQDNbwDb9xT/qu2DAHbFFZUicIl4ygVaAvzveMhMVr3LnpSKTNnwt8PoOfmKhQ==",
+      "license": "MIT",
+      "bin": {
+        "jiti": "lib/jiti-cli.mjs"
+      }
+    },
+    "node_modules/js-tokens": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
+      "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
+      "license": "MIT"
+    },
+    "node_modules/jsesc": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-3.1.0.tgz",
+      "integrity": "sha512-/sM3dO2FOzXjKQhJuo0Q173wf2KOo8t4I8vHy6lF9poUp7bKT0/NHE8fPX23PwfhnykfqnC2xRxOnVw5XuGIaA==",
+      "license": "MIT",
+      "bin": {
+        "jsesc": "bin/jsesc"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/json5": {
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz",
+      "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "json5": "lib/cli.js"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/linkify-it": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-5.0.0.tgz",
+      "integrity": "sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==",
+      "license": "MIT",
+      "dependencies": {
+        "uc.micro": "^2.0.0"
+      }
+    },
+    "node_modules/linkifyjs": {
+      "version": "4.3.2",
+      "resolved": "https://registry.npmjs.org/linkifyjs/-/linkifyjs-4.3.2.tgz",
+      "integrity": "sha512-NT1CJtq3hHIreOianA8aSXn6Cw0JzYOuDQbOrSPe7gqFnCpKP++MQe3ODgO3oh2GJFORkAAdqredOa60z63GbA==",
+      "license": "MIT"
+    },
+    "node_modules/lowlight": {
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/lowlight/-/lowlight-3.3.0.tgz",
+      "integrity": "sha512-0JNhgFoPvP6U6lE/UdVsSq99tn6DhjjpAj5MxG49ewd2mOBVtwWYIT8ClyABhq198aXXODMU6Ox8DrGy/CpTZQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/hast": "^3.0.0",
+        "devlop": "^1.0.0",
+        "highlight.js": "~11.11.0"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/wooorm"
+      }
+    },
+    "node_modules/lru-cache": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
+      "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "yallist": "^3.0.2"
+      }
+    },
+    "node_modules/magic-string": {
+      "version": "0.30.21",
+      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.21.tgz",
+      "integrity": "sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@jridgewell/sourcemap-codec": "^1.5.5"
+      }
+    },
+    "node_modules/markdown-it": {
+      "version": "14.1.0",
+      "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.0.tgz",
+      "integrity": "sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==",
+      "license": "MIT",
+      "dependencies": {
+        "argparse": "^2.0.1",
+        "entities": "^4.4.0",
+        "linkify-it": "^5.0.0",
+        "mdurl": "^2.0.0",
+        "punycode.js": "^2.3.1",
+        "uc.micro": "^2.1.0"
+      },
+      "bin": {
+        "markdown-it": "bin/markdown-it.mjs"
+      }
+    },
+    "node_modules/marked": {
+      "version": "14.0.0",
+      "resolved": "https://registry.npmjs.org/marked/-/marked-14.0.0.tgz",
+      "integrity": "sha512-uIj4+faQ+MgHgwUW1l2PsPglZLOLOT1uErt06dAPtx2kjteLAkbsd/0FiYg/MGS+i7ZKLb7w2WClxHkzOOuryQ==",
+      "license": "MIT",
+      "bin": {
+        "marked": "bin/marked.js"
+      },
+      "engines": {
+        "node": ">= 18"
+      }
+    },
+    "node_modules/mdn-data": {
+      "version": "2.12.2",
+      "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.12.2.tgz",
+      "integrity": "sha512-IEn+pegP1aManZuckezWCO+XZQDplx1366JoVhTpMpBB1sPey/SbveZQUosKiKiGYjg1wH4pMlNgXbCiYgihQA==",
+      "license": "CC0-1.0"
+    },
+    "node_modules/mdurl": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-2.0.0.tgz",
+      "integrity": "sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==",
+      "license": "MIT"
+    },
+    "node_modules/mlly": {
+      "version": "1.8.0",
+      "resolved": "https://registry.npmjs.org/mlly/-/mlly-1.8.0.tgz",
+      "integrity": "sha512-l8D9ODSRWLe2KHJSifWGwBqpTZXIXTeo8mlKjY+E2HAakaTeNpqAyBZ8GSqLzHgw4XmHmC8whvpjJNMbFZN7/g==",
+      "license": "MIT",
+      "dependencies": {
+        "acorn": "^8.15.0",
+        "pathe": "^2.0.3",
+        "pkg-types": "^1.3.1",
+        "ufo": "^1.6.1"
+      }
+    },
+    "node_modules/monaco-editor": {
+      "version": "0.55.1",
+      "resolved": "https://registry.npmjs.org/monaco-editor/-/monaco-editor-0.55.1.tgz",
+      "integrity": "sha512-jz4x+TJNFHwHtwuV9vA9rMujcZRb0CEilTEwG2rRSpe/A7Jdkuj8xPKttCgOh+v/lkHy7HsZ64oj+q3xoAFl9A==",
+      "license": "MIT",
+      "dependencies": {
+        "dompurify": "3.2.7",
+        "marked": "14.0.0"
+      }
+    },
+    "node_modules/mrmime": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/mrmime/-/mrmime-2.0.1.tgz",
+      "integrity": "sha512-Y3wQdFg2Va6etvQ5I82yUhGdsKrcYox6p7FfL1LbK2J4V01F9TGlepTIhnK24t7koZibmg82KGglhA1XK5IsLQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "license": "MIT"
+    },
+    "node_modules/nanoevents": {
+      "version": "9.1.0",
+      "resolved": "https://registry.npmjs.org/nanoevents/-/nanoevents-9.1.0.tgz",
+      "integrity": "sha512-Jd0fILWG44a9luj8v5kED4WI+zfkkgwKyRQKItTtlPfEsh7Lznfi1kr8/iZ+XAIss4Qq5GqRB0qtWbaz9ceO/A==",
+      "license": "MIT",
+      "engines": {
+        "node": "^18.0.0 || >=20.0.0"
+      }
+    },
+    "node_modules/nanoid": {
+      "version": "3.3.11",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz",
+      "integrity": "sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "bin": {
+        "nanoid": "bin/nanoid.cjs"
+      },
+      "engines": {
+        "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1"
+      }
+    },
+    "node_modules/nanostores": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/nanostores/-/nanostores-1.1.0.tgz",
+      "integrity": "sha512-yJBmDJr18xy47dbNVlHcgdPrulSn1nhSE6Ns9vTG+Nx9VPT6iV1MD6aQFp/t52zpf82FhLLTXAXr30NuCnxvwA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": "^20.0.0 || >=22.0.0"
+      }
+    },
+    "node_modules/node-fetch-native": {
+      "version": "1.6.7",
+      "resolved": "https://registry.npmjs.org/node-fetch-native/-/node-fetch-native-1.6.7.tgz",
+      "integrity": "sha512-g9yhqoedzIUm0nTnTqAQvueMPVOuIY16bqgAJJC8XOOubYFNwz6IER9qs0Gq2Xd0+CecCKFjtdDTMA4u4xG06Q==",
+      "license": "MIT"
+    },
+    "node_modules/node-releases": {
+      "version": "2.0.27",
+      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.27.tgz",
+      "integrity": "sha512-nmh3lCkYZ3grZvqcCH+fjmQ7X+H0OeZgP40OierEaAptX4XofMh5kwNbWh7lBduUzCcV/8kZ+NDLCwm2iorIlA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/ofetch": {
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/ofetch/-/ofetch-1.5.1.tgz",
+      "integrity": "sha512-2W4oUZlVaqAPAil6FUg/difl6YhqhUR7x2eZY4bQCko22UXg3hptq9KLQdqFClV+Wu85UX7hNtdGTngi/1BxcA==",
+      "license": "MIT",
+      "dependencies": {
+        "destr": "^2.0.5",
+        "node-fetch-native": "^1.6.7",
+        "ufo": "^1.6.1"
+      }
+    },
+    "node_modules/orderedmap": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/orderedmap/-/orderedmap-2.1.1.tgz",
+      "integrity": "sha512-TvAWxi0nDe1j/rtMcWcIj94+Ffe6n7zhow33h40SKxmsmozs6dz/e+EajymfoFcHd7sxNn8yHM8839uixMOV6g==",
+      "license": "MIT"
+    },
+    "node_modules/package-manager-detector": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/package-manager-detector/-/package-manager-detector-1.6.0.tgz",
+      "integrity": "sha512-61A5ThoTiDG/C8s8UMZwSorAGwMJ0ERVGj2OjoW5pAalsNOg15+iQiPzrLJ4jhZ1HJzmC2PIHT2oEiH3R5fzNA==",
+      "license": "MIT"
+    },
+    "node_modules/pathe": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/pathe/-/pathe-2.0.3.tgz",
+      "integrity": "sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w==",
+      "license": "MIT"
+    },
+    "node_modules/perfect-debounce": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/perfect-debounce/-/perfect-debounce-2.0.0.tgz",
+      "integrity": "sha512-fkEH/OBiKrqqI/yIgjR92lMfs2K8105zt/VT6+7eTjNwisrsh47CeIED9z58zI7DfKdH3uHAn25ziRZn3kgAow==",
+      "license": "MIT"
+    },
+    "node_modules/picocolors": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz",
+      "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==",
+      "license": "ISC"
+    },
+    "node_modules/picomatch": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
+      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "node_modules/pkg-types": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/pkg-types/-/pkg-types-1.3.1.tgz",
+      "integrity": "sha512-/Jm5M4RvtBFVkKWRu2BLUTNP8/M2a+UwuAX+ae4770q1qVGtfjG+WTCupoZixokjmHiry8uI+dlY8KXYV5HVVQ==",
+      "license": "MIT",
+      "dependencies": {
+        "confbox": "^0.1.8",
+        "mlly": "^1.7.4",
+        "pathe": "^2.0.1"
+      }
+    },
+    "node_modules/postcss": {
+      "version": "8.5.6",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz",
+      "integrity": "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==",
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/postcss/"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/postcss"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "nanoid": "^3.3.11",
+        "picocolors": "^1.1.1",
+        "source-map-js": "^1.2.1"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14"
+      }
+    },
+    "node_modules/prosemirror-changeset": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/prosemirror-changeset/-/prosemirror-changeset-2.3.1.tgz",
+      "integrity": "sha512-j0kORIBm8ayJNl3zQvD1TTPHJX3g042et6y/KQhZhnPrruO8exkTgG8X+NRpj7kIyMMEx74Xb3DyMIBtO0IKkQ==",
+      "license": "MIT",
+      "dependencies": {
+        "prosemirror-transform": "^1.0.0"
+      }
+    },
+    "node_modules/prosemirror-collab": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/prosemirror-collab/-/prosemirror-collab-1.3.1.tgz",
+      "integrity": "sha512-4SnynYR9TTYaQVXd/ieUvsVV4PDMBzrq2xPUWutHivDuOshZXqQ5rGbZM84HEaXKbLdItse7weMGOUdDVcLKEQ==",
+      "license": "MIT",
+      "dependencies": {
+        "prosemirror-state": "^1.0.0"
+      }
+    },
+    "node_modules/prosemirror-commands": {
+      "version": "1.7.1",
+      "resolved": "https://registry.npmjs.org/prosemirror-commands/-/prosemirror-commands-1.7.1.tgz",
+      "integrity": "sha512-rT7qZnQtx5c0/y/KlYaGvtG411S97UaL6gdp6RIZ23DLHanMYLyfGBV5DtSnZdthQql7W+lEVbpSfwtO8T+L2w==",
+      "license": "MIT",
+      "dependencies": {
+        "prosemirror-model": "^1.0.0",
+        "prosemirror-state": "^1.0.0",
+        "prosemirror-transform": "^1.10.2"
+      }
+    },
+    "node_modules/prosemirror-dropcursor": {
+      "version": "1.8.2",
+      "resolved": "https://registry.npmjs.org/prosemirror-dropcursor/-/prosemirror-dropcursor-1.8.2.tgz",
+      "integrity": "sha512-CCk6Gyx9+Tt2sbYk5NK0nB1ukHi2ryaRgadV/LvyNuO3ena1payM2z6Cg0vO1ebK8cxbzo41ku2DE5Axj1Zuiw==",
+      "license": "MIT",
+      "dependencies": {
+        "prosemirror-state": "^1.0.0",
+        "prosemirror-transform": "^1.1.0",
+        "prosemirror-view": "^1.1.0"
+      }
+    },
+    "node_modules/prosemirror-gapcursor": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/prosemirror-gapcursor/-/prosemirror-gapcursor-1.4.0.tgz",
+      "integrity": "sha512-z00qvurSdCEWUIulij/isHaqu4uLS8r/Fi61IbjdIPJEonQgggbJsLnstW7Lgdk4zQ68/yr6B6bf7sJXowIgdQ==",
+      "license": "MIT",
+      "dependencies": {
+        "prosemirror-keymap": "^1.0.0",
+        "prosemirror-model": "^1.0.0",
+        "prosemirror-state": "^1.0.0",
+        "prosemirror-view": "^1.0.0"
+      }
+    },
+    "node_modules/prosemirror-history": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/prosemirror-history/-/prosemirror-history-1.5.0.tgz",
+      "integrity": "sha512-zlzTiH01eKA55UAf1MEjtssJeHnGxO0j4K4Dpx+gnmX9n+SHNlDqI2oO1Kv1iPN5B1dm5fsljCfqKF9nFL6HRg==",
+      "license": "MIT",
+      "dependencies": {
+        "prosemirror-state": "^1.2.2",
+        "prosemirror-transform": "^1.0.0",
+        "prosemirror-view": "^1.31.0",
+        "rope-sequence": "^1.3.0"
+      }
+    },
+    "node_modules/prosemirror-inputrules": {
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/prosemirror-inputrules/-/prosemirror-inputrules-1.5.1.tgz",
+      "integrity": "sha512-7wj4uMjKaXWAQ1CDgxNzNtR9AlsuwzHfdFH1ygEHA2KHF2DOEaXl1CJfNPAKCg9qNEh4rum975QLaCiQPyY6Fw==",
+      "license": "MIT",
+      "dependencies": {
+        "prosemirror-state": "^1.0.0",
+        "prosemirror-transform": "^1.0.0"
+      }
+    },
+    "node_modules/prosemirror-keymap": {
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/prosemirror-keymap/-/prosemirror-keymap-1.2.3.tgz",
+      "integrity": "sha512-4HucRlpiLd1IPQQXNqeo81BGtkY8Ai5smHhKW9jjPKRc2wQIxksg7Hl1tTI2IfT2B/LgX6bfYvXxEpJl7aKYKw==",
+      "license": "MIT",
+      "dependencies": {
+        "prosemirror-state": "^1.0.0",
+        "w3c-keyname": "^2.2.0"
+      }
+    },
+    "node_modules/prosemirror-markdown": {
+      "version": "1.13.2",
+      "resolved": "https://registry.npmjs.org/prosemirror-markdown/-/prosemirror-markdown-1.13.2.tgz",
+      "integrity": "sha512-FPD9rHPdA9fqzNmIIDhhnYQ6WgNoSWX9StUZ8LEKapaXU9i6XgykaHKhp6XMyXlOWetmaFgGDS/nu/w9/vUc5g==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/markdown-it": "^14.0.0",
+        "markdown-it": "^14.0.0",
+        "prosemirror-model": "^1.25.0"
+      }
+    },
+    "node_modules/prosemirror-menu": {
+      "version": "1.2.5",
+      "resolved": "https://registry.npmjs.org/prosemirror-menu/-/prosemirror-menu-1.2.5.tgz",
+      "integrity": "sha512-qwXzynnpBIeg1D7BAtjOusR+81xCp53j7iWu/IargiRZqRjGIlQuu1f3jFi+ehrHhWMLoyOQTSRx/IWZJqOYtQ==",
+      "license": "MIT",
+      "dependencies": {
+        "crelt": "^1.0.0",
+        "prosemirror-commands": "^1.0.0",
+        "prosemirror-history": "^1.0.0",
+        "prosemirror-state": "^1.0.0"
+      }
+    },
+    "node_modules/prosemirror-model": {
+      "version": "1.25.4",
+      "resolved": "https://registry.npmjs.org/prosemirror-model/-/prosemirror-model-1.25.4.tgz",
+      "integrity": "sha512-PIM7E43PBxKce8OQeezAs9j4TP+5yDpZVbuurd1h5phUxEKIu+G2a+EUZzIC5nS1mJktDJWzbqS23n1tsAf5QA==",
+      "license": "MIT",
+      "dependencies": {
+        "orderedmap": "^2.0.0"
+      }
+    },
+    "node_modules/prosemirror-schema-basic": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/prosemirror-schema-basic/-/prosemirror-schema-basic-1.2.4.tgz",
+      "integrity": "sha512-ELxP4TlX3yr2v5rM7Sb70SqStq5NvI15c0j9j/gjsrO5vaw+fnnpovCLEGIcpeGfifkuqJwl4fon6b+KdrODYQ==",
+      "license": "MIT",
+      "dependencies": {
+        "prosemirror-model": "^1.25.0"
+      }
+    },
+    "node_modules/prosemirror-schema-list": {
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/prosemirror-schema-list/-/prosemirror-schema-list-1.5.1.tgz",
+      "integrity": "sha512-927lFx/uwyQaGwJxLWCZRkjXG0p48KpMj6ueoYiu4JX05GGuGcgzAy62dfiV8eFZftgyBUvLx76RsMe20fJl+Q==",
+      "license": "MIT",
+      "dependencies": {
+        "prosemirror-model": "^1.0.0",
+        "prosemirror-state": "^1.0.0",
+        "prosemirror-transform": "^1.7.3"
+      }
+    },
+    "node_modules/prosemirror-state": {
+      "version": "1.4.4",
+      "resolved": "https://registry.npmjs.org/prosemirror-state/-/prosemirror-state-1.4.4.tgz",
+      "integrity": "sha512-6jiYHH2CIGbCfnxdHbXZ12gySFY/fz/ulZE333G6bPqIZ4F+TXo9ifiR86nAHpWnfoNjOb3o5ESi7J8Uz1jXHw==",
+      "license": "MIT",
+      "dependencies": {
+        "prosemirror-model": "^1.0.0",
+        "prosemirror-transform": "^1.0.0",
+        "prosemirror-view": "^1.27.0"
+      }
+    },
+    "node_modules/prosemirror-tables": {
+      "version": "1.8.5",
+      "resolved": "https://registry.npmjs.org/prosemirror-tables/-/prosemirror-tables-1.8.5.tgz",
+      "integrity": "sha512-V/0cDCsHKHe/tfWkeCmthNUcEp1IVO3p6vwN8XtwE9PZQLAZJigbw3QoraAdfJPir4NKJtNvOB8oYGKRl+t0Dw==",
+      "license": "MIT",
+      "dependencies": {
+        "prosemirror-keymap": "^1.2.3",
+        "prosemirror-model": "^1.25.4",
+        "prosemirror-state": "^1.4.4",
+        "prosemirror-transform": "^1.10.5",
+        "prosemirror-view": "^1.41.4"
+      }
+    },
+    "node_modules/prosemirror-trailing-node": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/prosemirror-trailing-node/-/prosemirror-trailing-node-3.0.0.tgz",
+      "integrity": "sha512-xiun5/3q0w5eRnGYfNlW1uU9W6x5MoFKWwq/0TIRgt09lv7Hcser2QYV8t4muXbEr+Fwo0geYn79Xs4GKywrRQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@remirror/core-constants": "3.0.0",
+        "escape-string-regexp": "^4.0.0"
+      },
+      "peerDependencies": {
+        "prosemirror-model": "^1.22.1",
+        "prosemirror-state": "^1.4.2",
+        "prosemirror-view": "^1.33.8"
+      }
+    },
+    "node_modules/prosemirror-transform": {
+      "version": "1.10.5",
+      "resolved": "https://registry.npmjs.org/prosemirror-transform/-/prosemirror-transform-1.10.5.tgz",
+      "integrity": "sha512-RPDQCxIDhIBb1o36xxwsaeAvivO8VLJcgBtzmOwQ64bMtsVFh5SSuJ6dWSxO1UsHTiTXPCgQm3PDJt7p6IOLbw==",
+      "license": "MIT",
+      "dependencies": {
+        "prosemirror-model": "^1.21.0"
+      }
+    },
+    "node_modules/prosemirror-view": {
+      "version": "1.41.4",
+      "resolved": "https://registry.npmjs.org/prosemirror-view/-/prosemirror-view-1.41.4.tgz",
+      "integrity": "sha512-WkKgnyjNncri03Gjaz3IFWvCAE94XoiEgvtr0/r2Xw7R8/IjK3sKLSiDoCHWcsXSAinVaKlGRZDvMCsF1kbzjA==",
+      "license": "MIT",
+      "dependencies": {
+        "prosemirror-model": "^1.20.0",
+        "prosemirror-state": "^1.0.0",
+        "prosemirror-transform": "^1.1.0"
+      }
+    },
+    "node_modules/punycode.js": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/punycode.js/-/punycode.js-2.3.1.tgz",
+      "integrity": "sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/quansync": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/quansync/-/quansync-1.0.0.tgz",
+      "integrity": "sha512-5xZacEEufv3HSTPQuchrvV6soaiACMFnq1H8wkVioctoH3TRha9Sz66lOxRwPK/qZj7HPiSveih9yAyh98gvqA==",
+      "funding": [
+        {
+          "type": "individual",
+          "url": "https://github.com/sponsors/antfu"
+        },
+        {
+          "type": "individual",
+          "url": "https://github.com/sponsors/sxzz"
+        }
+      ],
+      "license": "MIT"
+    },
+    "node_modules/react": {
+      "version": "19.2.3",
+      "resolved": "https://registry.npmjs.org/react/-/react-19.2.3.tgz",
+      "integrity": "sha512-Ku/hhYbVjOQnXDZFv2+RibmLFGwFdeeKHFcOTlrt7xplBnya5OGn/hIRDsqDiSUcfORsDC7MPxwork8jBwsIWA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/react-dom": {
+      "version": "19.2.3",
+      "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.2.3.tgz",
+      "integrity": "sha512-yELu4WmLPw5Mr/lmeEpox5rw3RETacE++JgHqQzd2dg+YbJuat3jH4ingc+WPZhxaoFzdv9y33G+F7Nl5O0GBg==",
+      "license": "MIT",
+      "dependencies": {
+        "scheduler": "^0.27.0"
+      },
+      "peerDependencies": {
+        "react": "^19.2.3"
+      }
+    },
+    "node_modules/react-refresh": {
+      "version": "0.18.0",
+      "resolved": "https://registry.npmjs.org/react-refresh/-/react-refresh-0.18.0.tgz",
+      "integrity": "sha512-QgT5//D3jfjJb6Gsjxv0Slpj23ip+HtOpnNgnb2S5zU3CB26G/IDPGoy4RJB42wzFE46DRsstbW6tKHoKbhAxw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/readdirp": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-5.0.0.tgz",
+      "integrity": "sha512-9u/XQ1pvrQtYyMpZe7DXKv2p5CNvyVwzUB6uhLAnQwHMSgKMBR62lc7AHljaeteeHXn11XTAaLLUVZYVZyuRBQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 20.19.0"
+      },
+      "funding": {
+        "type": "individual",
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
+    "node_modules/rollup": {
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.54.0.tgz",
+      "integrity": "sha512-3nk8Y3a9Ea8szgKhinMlGMhGMw89mqule3KWczxhIzqudyHdCIOHw8WJlj/r329fACjKLEh13ZSk7oE22kyeIw==",
+      "license": "MIT",
+      "dependencies": {
+        "@types/estree": "1.0.8"
+      },
+      "bin": {
+        "rollup": "dist/bin/rollup"
+      },
+      "engines": {
+        "node": ">=18.0.0",
+        "npm": ">=8.0.0"
+      },
+      "optionalDependencies": {
+        "@rollup/rollup-android-arm-eabi": "4.54.0",
+        "@rollup/rollup-android-arm64": "4.54.0",
+        "@rollup/rollup-darwin-arm64": "4.54.0",
+        "@rollup/rollup-darwin-x64": "4.54.0",
+        "@rollup/rollup-freebsd-arm64": "4.54.0",
+        "@rollup/rollup-freebsd-x64": "4.54.0",
+        "@rollup/rollup-linux-arm-gnueabihf": "4.54.0",
+        "@rollup/rollup-linux-arm-musleabihf": "4.54.0",
+        "@rollup/rollup-linux-arm64-gnu": "4.54.0",
+        "@rollup/rollup-linux-arm64-musl": "4.54.0",
+        "@rollup/rollup-linux-loong64-gnu": "4.54.0",
+        "@rollup/rollup-linux-ppc64-gnu": "4.54.0",
+        "@rollup/rollup-linux-riscv64-gnu": "4.54.0",
+        "@rollup/rollup-linux-riscv64-musl": "4.54.0",
+        "@rollup/rollup-linux-s390x-gnu": "4.54.0",
+        "@rollup/rollup-linux-x64-gnu": "4.54.0",
+        "@rollup/rollup-linux-x64-musl": "4.54.0",
+        "@rollup/rollup-openharmony-arm64": "4.54.0",
+        "@rollup/rollup-win32-arm64-msvc": "4.54.0",
+        "@rollup/rollup-win32-ia32-msvc": "4.54.0",
+        "@rollup/rollup-win32-x64-gnu": "4.54.0",
+        "@rollup/rollup-win32-x64-msvc": "4.54.0",
+        "fsevents": "~2.3.2"
+      }
+    },
+    "node_modules/rope-sequence": {
+      "version": "1.3.4",
+      "resolved": "https://registry.npmjs.org/rope-sequence/-/rope-sequence-1.3.4.tgz",
+      "integrity": "sha512-UT5EDe2cu2E/6O4igUr5PSFs23nvvukicWHx6GnOPlHAiiYbzNuCRQCuiUdHJQcqKalLKlrYJnjY0ySGsXNQXQ==",
+      "license": "MIT"
+    },
+    "node_modules/scheduler": {
+      "version": "0.27.0",
+      "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.27.0.tgz",
+      "integrity": "sha512-eNv+WrVbKu1f3vbYJT/xtiF5syA5HPIMtf9IgY/nKg0sWqzAUEvqY/xm7OcZc/qafLx/iO9FgOmeSAp4v5ti/Q==",
+      "license": "MIT"
+    },
+    "node_modules/semver": {
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
+      "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      }
+    },
+    "node_modules/sirv": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/sirv/-/sirv-3.0.2.tgz",
+      "integrity": "sha512-2wcC/oGxHis/BoHkkPwldgiPSYcpZK3JU28WoMVv55yHJgcZ8rlXvuG9iZggz+sU1d4bRgIGASwyWqjxu3FM0g==",
+      "license": "MIT",
+      "dependencies": {
+        "@polka/url": "^1.0.0-next.24",
+        "mrmime": "^2.0.0",
+        "totalist": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/source-map-js": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz",
+      "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==",
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/state-local": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/state-local/-/state-local-1.0.7.tgz",
+      "integrity": "sha512-HTEHMNieakEnoe33shBYcZ7NX83ACUjCu8c40iOGEZsngj9zRnkqS9j1pqQPXwobB0ZcVTk27REb7COQ0UR59w==",
+      "license": "MIT"
+    },
+    "node_modules/tinyexec": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-1.0.2.tgz",
+      "integrity": "sha512-W/KYk+NFhkmsYpuHq5JykngiOCnxeVL8v8dFnqxSD8qEEdRfXk1SDM6JzNqcERbcGYj9tMrDQBYV9cjgnunFIg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/tinyglobby": {
+      "version": "0.2.15",
+      "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.15.tgz",
+      "integrity": "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==",
+      "license": "MIT",
+      "dependencies": {
+        "fdir": "^6.5.0",
+        "picomatch": "^4.0.3"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/SuperchupuDev"
+      }
+    },
+    "node_modules/tippy.js": {
+      "version": "6.3.7",
+      "resolved": "https://registry.npmjs.org/tippy.js/-/tippy.js-6.3.7.tgz",
+      "integrity": "sha512-E1d3oP2emgJ9dRQZdf3Kkn0qJgI6ZLpyS5z6ZkY1DF3kaQaBsGZsndEpHwx+eC+tYM41HaSNvNtLx8tU57FzTQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@popperjs/core": "^2.9.0"
+      }
+    },
+    "node_modules/totalist": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/totalist/-/totalist-3.0.1.tgz",
+      "integrity": "sha512-sf4i37nQ2LBx4m3wB74y+ubopq6W/dIzXg0FDGjsYnZHVa1Da8FH853wlL2gtUhg+xJXjfk3kUZS3BRoQeoQBQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/typescript": {
+      "version": "5.9.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",
+      "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    },
+    "node_modules/uc.micro": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-2.1.0.tgz",
+      "integrity": "sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==",
+      "license": "MIT"
+    },
+    "node_modules/ufo": {
+      "version": "1.6.1",
+      "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.6.1.tgz",
+      "integrity": "sha512-9a4/uxlTWJ4+a5i0ooc1rU7C7YOw3wT+UGqdeNNHWnOF9qcMBgLRS+4IYUqbczewFx4mLEig6gawh7X6mFlEkA==",
+      "license": "MIT"
+    },
+    "node_modules/unconfig": {
+      "version": "7.4.2",
+      "resolved": "https://registry.npmjs.org/unconfig/-/unconfig-7.4.2.tgz",
+      "integrity": "sha512-nrMlWRQ1xdTjSnSUqvYqJzbTBFugoqHobQj58B2bc8qxHKBBHMNNsWQFP3Cd3/JZK907voM2geYPWqD4VK3MPQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@quansync/fs": "^1.0.0",
+        "defu": "^6.1.4",
+        "jiti": "^2.6.1",
+        "quansync": "^1.0.0",
+        "unconfig-core": "7.4.2"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/unconfig-core": {
+      "version": "7.4.2",
+      "resolved": "https://registry.npmjs.org/unconfig-core/-/unconfig-core-7.4.2.tgz",
+      "integrity": "sha512-VgPCvLWugINbXvMQDf8Jh0mlbvNjNC6eSUziHsBCMpxR05OPrNrvDnyatdMjRgcHaaNsCqz+wjNXxNw1kRLHUg==",
+      "license": "MIT",
+      "dependencies": {
+        "@quansync/fs": "^1.0.0",
+        "quansync": "^1.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      }
+    },
+    "node_modules/unocss": {
+      "version": "66.5.12",
+      "resolved": "https://registry.npmjs.org/unocss/-/unocss-66.5.12.tgz",
+      "integrity": "sha512-3WdSuM+SOjVpXDtffTuSvYTMuufpFzBehu2b4Tr7DcoIUxGouZn3mdxCLx3PiEuK0ih40Fo7Sjm+J4mccHfwLg==",
+      "license": "MIT",
+      "dependencies": {
+        "@unocss/astro": "66.5.12",
+        "@unocss/cli": "66.5.12",
+        "@unocss/core": "66.5.12",
+        "@unocss/postcss": "66.5.12",
+        "@unocss/preset-attributify": "66.5.12",
+        "@unocss/preset-icons": "66.5.12",
+        "@unocss/preset-mini": "66.5.12",
+        "@unocss/preset-tagify": "66.5.12",
+        "@unocss/preset-typography": "66.5.12",
+        "@unocss/preset-uno": "66.5.12",
+        "@unocss/preset-web-fonts": "66.5.12",
+        "@unocss/preset-wind": "66.5.12",
+        "@unocss/preset-wind3": "66.5.12",
+        "@unocss/preset-wind4": "66.5.12",
+        "@unocss/transformer-attributify-jsx": "66.5.12",
+        "@unocss/transformer-compile-class": "66.5.12",
+        "@unocss/transformer-directives": "66.5.12",
+        "@unocss/transformer-variant-group": "66.5.12",
+        "@unocss/vite": "66.5.12"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/antfu"
+      },
+      "peerDependencies": {
+        "@unocss/webpack": "66.5.12",
+        "vite": "^2.9.0 || ^3.0.0-0 || ^4.0.0 || ^5.0.0-0 || ^6.0.0-0 || ^7.0.0-0 || ^8.0.0-0"
+      },
+      "peerDependenciesMeta": {
+        "@unocss/webpack": {
+          "optional": true
+        },
+        "vite": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/unplugin-utils": {
+      "version": "0.3.1",
+      "resolved": "https://registry.npmjs.org/unplugin-utils/-/unplugin-utils-0.3.1.tgz",
+      "integrity": "sha512-5lWVjgi6vuHhJ526bI4nlCOmkCIF3nnfXkCMDeMJrtdvxTs6ZFCM8oNufGTsDbKv/tJ/xj8RpvXjRuPBZJuJog==",
+      "license": "MIT",
+      "dependencies": {
+        "pathe": "^2.0.3",
+        "picomatch": "^4.0.3"
+      },
+      "engines": {
+        "node": ">=20.19.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sxzz"
+      }
+    },
+    "node_modules/update-browserslist-db": {
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.2.3.tgz",
+      "integrity": "sha512-Js0m9cx+qOgDxo0eMiFGEueWztz+d4+M3rGlmKPT+T4IS/jP4ylw3Nwpu6cpTTP8R1MAC1kF4VbdLt3ARf209w==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/browserslist"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/browserslist"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "escalade": "^3.2.0",
+        "picocolors": "^1.1.1"
+      },
+      "bin": {
+        "update-browserslist-db": "cli.js"
+      },
+      "peerDependencies": {
+        "browserslist": ">= 4.21.0"
+      }
+    },
+    "node_modules/use-sync-external-store": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/use-sync-external-store/-/use-sync-external-store-1.6.0.tgz",
+      "integrity": "sha512-Pp6GSwGP/NrPIrxVFAIkOQeyw8lFenOHijQWkUTrDvrF4ALqylP2C/KCkeS9dpUM3KvYRQhna5vt7IL95+ZQ9w==",
+      "license": "MIT",
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0"
+      }
+    },
+    "node_modules/vite": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-7.3.0.tgz",
+      "integrity": "sha512-dZwN5L1VlUBewiP6H9s2+B3e3Jg96D0vzN+Ry73sOefebhYr9f94wwkMNN/9ouoU8pV1BqA1d1zGk8928cx0rg==",
+      "license": "MIT",
+      "dependencies": {
+        "esbuild": "^0.27.0",
+        "fdir": "^6.5.0",
+        "picomatch": "^4.0.3",
+        "postcss": "^8.5.6",
+        "rollup": "^4.43.0",
+        "tinyglobby": "^0.2.15"
+      },
+      "bin": {
+        "vite": "bin/vite.js"
+      },
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      },
+      "funding": {
+        "url": "https://github.com/vitejs/vite?sponsor=1"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.3"
+      },
+      "peerDependencies": {
+        "@types/node": "^20.19.0 || >=22.12.0",
+        "jiti": ">=1.21.0",
+        "less": "^4.0.0",
+        "lightningcss": "^1.21.0",
+        "sass": "^1.70.0",
+        "sass-embedded": "^1.70.0",
+        "stylus": ">=0.54.8",
+        "sugarss": "^5.0.0",
+        "terser": "^5.16.0",
+        "tsx": "^4.8.1",
+        "yaml": "^2.4.2"
+      },
+      "peerDependenciesMeta": {
+        "@types/node": {
+          "optional": true
+        },
+        "jiti": {
+          "optional": true
+        },
+        "less": {
+          "optional": true
+        },
+        "lightningcss": {
+          "optional": true
+        },
+        "sass": {
+          "optional": true
+        },
+        "sass-embedded": {
+          "optional": true
+        },
+        "stylus": {
+          "optional": true
+        },
+        "sugarss": {
+          "optional": true
+        },
+        "terser": {
+          "optional": true
+        },
+        "tsx": {
+          "optional": true
+        },
+        "yaml": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/vue-flow-layout": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/vue-flow-layout/-/vue-flow-layout-0.2.0.tgz",
+      "integrity": "sha512-zKgsWWkXq0xrus7H4Mc+uFs1ESrmdTXlO0YNbR6wMdPaFvosL3fMB8N7uTV308UhGy9UvTrGhIY7mVz9eN+L0Q==",
+      "license": "MIT"
+    },
+    "node_modules/w3c-keyname": {
+      "version": "2.2.8",
+      "resolved": "https://registry.npmjs.org/w3c-keyname/-/w3c-keyname-2.2.8.tgz",
+      "integrity": "sha512-dpojBhNsCNN7T82Tm7k26A6G9ML3NkhDsnw9n/eoxSRlVBB4CEtIQ/KTCLI2Fwf3ataSXRhYFkQi3SlnFwPvPQ==",
+      "license": "MIT"
+    },
+    "node_modules/yallist": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz",
+      "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==",
+      "dev": true,
+      "license": "ISC"
+    }
+  }
+}
diff --git a/studio/package.json b/studio/package.json
new file mode 100644
index 0000000..b6f8feb
--- /dev/null
+++ b/studio/package.json
@@ -0,0 +1,49 @@
+{
+  "name": "writekit-studio",
+  "private": true,
+  "version": "0.0.1",
+  "type": "module",
+  "scripts": {
+    "dev": "vite",
+    "build": "tsc --noEmit && vite build",
+    "preview": "vite preview",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@iconify-json/logos": "^1.2.10",
+    "@iconify-json/lucide": "^1.2.82",
+    "@monaco-editor/react": "^4.7.0",
+    "@nanostores/query": "^0.3.4",
+    "@nanostores/react": "^1.0.0",
+    "@nanostores/router": "^1.0.0",
+    "@tiptap/extension-code-block-lowlight": "^3.15.1",
+    "@tiptap/extension-image": "^3.15.1",
+    "@tiptap/extension-link": "^3.15.1",
+    "@tiptap/extension-placeholder": "^3.15.1",
+    "@tiptap/extension-table": "^3.15.1",
+    "@tiptap/extension-task-item": "^3.15.1",
+    "@tiptap/extension-task-list": "^3.15.1",
+    "@tiptap/markdown": "^3.15.1",
+    "@tiptap/pm": "^3.15.1",
+    "@tiptap/react": "^3.15.1",
+    "@tiptap/starter-kit": "^3.15.1",
+    "@tiptap/suggestion": "^3.15.2",
+    "@unocss/reset": "^66.5.12",
+    "chart.js": "^4.5.1",
+    "lowlight": "^3.3.0",
+    "monaco-editor": "^0.55.1",
+    "nanostores": "^1.1.0",
+    "react": "^19.0.0",
+    "react-dom": "^19.0.0",
+    "tippy.js": "^6.3.7",
+    "unocss": "^66.5.12"
+  },
+  "devDependencies": {
+    "@iconify-json/simple-icons": "^1.2.65",
+    "@types/react": "^19.0.0",
+    "@types/react-dom": "^19.0.0",
+    "@vitejs/plugin-react": "^5.1.0",
+    "typescript": "^5.7.0",
+    "vite": "^7.3.0"
+  }
+}
diff --git a/studio/src/App.tsx b/studio/src/App.tsx
new file mode 100644
index 0000000..6909294
--- /dev/null
+++ b/studio/src/App.tsx
@@ -0,0 +1,92 @@
+import { lazy, Suspense } from 'react'
+import { useStore } from '@nanostores/react'
+import { $router } from './stores/router'
+import { Sidebar, Header } from './components/layout'
+import { Toasts } from './components/ui'
+import { Icons } from './components/shared/Icons'
+import {
+  PostsPageSkeleton,
+  AnalyticsPageSkeleton,
+  SettingsPageSkeleton,
+  GeneralPageSkeleton,
+  DesignPageSkeleton,
+  EngagementPageSkeleton,
+  APIPageSkeleton,
+  BillingPageSkeleton,
+  HomePageSkeleton,
+} from './components/shared'
+
+const HomePage = lazy(() => import('./pages/HomePage'))
+const PostsPage = lazy(() => import('./pages/PostsPage'))
+const PostEditorPage = lazy(() => import('./pages/PostEditorPage'))
+const AnalyticsPage = lazy(() => import('./pages/AnalyticsPage'))
+const GeneralPage = lazy(() => import('./pages/GeneralPage'))
+const DesignPage = lazy(() => import('./pages/DesignPage'))
+const DomainPage = lazy(() => import('./pages/DomainPage'))
+const EngagementPage = lazy(() => import('./pages/EngagementPage'))
+const MonetizationPage = lazy(() => import('./pages/MonetizationPage'))
+const PluginsPage = lazy(() => import('./pages/PluginsPage'))
+const APIPage = lazy(() => import('./pages/APIPage'))
+const DataPage = lazy(() => import('./pages/DataPage'))
+const BillingPage = lazy(() => import('./pages/BillingPage'))
+
+const routes = {
+  home: { Component: HomePage, Skeleton: HomePageSkeleton },
+  postNew: { Component: PostEditorPage, Skeleton: SettingsPageSkeleton, fullWidth: true },
+  postEdit: { Component: PostEditorPage, Skeleton: SettingsPageSkeleton, fullWidth: true },
+  posts: { Component: PostsPage, Skeleton: PostsPageSkeleton },
+  analytics: { Component: AnalyticsPage, Skeleton: AnalyticsPageSkeleton },
+  general: { Component: GeneralPage, Skeleton: GeneralPageSkeleton },
+  design: { Component: DesignPage, Skeleton: DesignPageSkeleton },
+  domain: { Component: DomainPage, Skeleton: SettingsPageSkeleton },
+  engagement: { Component: EngagementPage, Skeleton: EngagementPageSkeleton },
+  monetization: { Component: MonetizationPage, Skeleton: SettingsPageSkeleton },
+  plugins: { Component: PluginsPage, Skeleton: SettingsPageSkeleton },
+  api: { Component: APIPage, Skeleton: APIPageSkeleton },
+  data: { Component: DataPage, Skeleton: SettingsPageSkeleton },
+  billing: { Component: BillingPage, Skeleton: BillingPageSkeleton },
+} as const
+
+function Router() {
+  const page = useStore($router)
+  const routeKey = page?.route ?? 'home'
+
+  const route = routes[routeKey as keyof typeof routes] || routes.home
+  const { Component: PageComponent, Skeleton } = route
+
+  return (
+    <Suspense fallback={<Skeleton />}>
+      <PageComponent />
+    </Suspense>
+  )
+}
+
+export default function App() {
+  const page = useStore($router)
+  const routeKey = page?.route ?? 'home'
+  const route = routes[routeKey as keyof typeof routes]
+  const isFullWidth = route && 'fullWidth' in route && route.fullWidth
+
+  return (
+    <div className="min-h-screen bg-bg text-text font-sans antialiased">
+      <Header className={isFullWidth ? 'hidden' : ''} />
+      <a
+        href="/"
+        target="_blank"
+        className={`fixed top-4 right-4 z-40 items-center gap-2 px-3 py-1.5 text-xs text-muted border border-border bg-surface hover:text-text hover:border-muted transition-colors ${isFullWidth ? 'hidden' : 'hidden lg:flex'}`}
+      >
+        <Icons.ExternalLink className="text-sm" />
+        <span>View Site</span>
+      </a>
+      <div className="flex">
+        <div className={`fixed left-0 top-0 h-screen ${isFullWidth ? 'hidden' : 'hidden lg:block'}`}>
+          <Sidebar />
+        </div>
+        <main className={isFullWidth ? 'flex-1' : 'flex-1 lg:ml-56 p-6 lg:p-10'}>
+          <Router />
+        </main>
+      </div>
+      <Toasts />
+    </div>
+  )
+}
diff --git a/studio/src/api.ts b/studio/src/api.ts
new file mode 100644
index 0000000..4dd28e2
--- /dev/null
+++ b/studio/src/api.ts
@@ -0,0 +1,77 @@
+import type { Post, Settings, InteractionConfig, Asset, APIKey, AnalyticsSummary } from './types'
+
+const BASE = '/api/studio'
+
+async function request<T>(path: string, options?: RequestInit): Promise<T> {
+  const res = await fetch(`${BASE}${path}`, {
+    ...options,
+    headers: {
+      'Content-Type': 'application/json',
+      ...options?.headers,
+    },
+  })
+  if (!res.ok) {
+    const error = await res.json().catch(() => ({ error: res.statusText }))
+    throw new Error(error.error || 'Request failed')
+  }
+  if (res.status === 204) return undefined as T
+  return res.json()
+}
+
+export const api = {
+  posts: {
+    list: () => request<Post[]>('/posts'),
+    get: (slug: string) => request<Post>(`/posts/${slug}`),
+    create: (data: Partial<Post>) => request<Post>('/posts', {
+      method: 'POST',
+      body: JSON.stringify(data),
+    }),
+    update: (slug: string, data: Partial<Post>) => request<Post>(`/posts/${slug}`, {
+      method: 'PUT',
+      body: JSON.stringify(data),
+    }),
+    delete: (slug: string) => request<void>(`/posts/${slug}`, { method: 'DELETE' }),
+  },
+
+  settings: {
+    get: () => request<Settings>('/settings'),
+    update: (data: Settings) => request<{ success: boolean }>('/settings', {
+      method: 'PUT',
+      body: JSON.stringify(data),
+    }),
+  },
+
+  interactions: {
+    get: () => request<InteractionConfig>('/interaction-config'),
+    update: (data: Partial<InteractionConfig>) => request<InteractionConfig>('/interaction-config', {
+      method: 'PUT',
+      body: JSON.stringify(data),
+    }),
+  },
+
+  assets: {
+    list: () => request<Asset[]>('/assets'),
+    upload: async (file: File): Promise<Asset> => {
+      const form = new FormData()
+      form.append('file', file)
+      const res = await fetch(`${BASE}/assets`, { method: 'POST', body: form })
+      if (!res.ok) throw new Error('Upload failed')
+      return res.json()
+    },
+    delete: (id: string) => request<void>(`/assets/${id}`, { method: 'DELETE' }),
+  },
+
+  apiKeys: {
+    list: () => request<APIKey[]>('/api-keys'),
+    create: (name: string) => request<APIKey>('/api-keys', {
+      method: 'POST',
+      body: JSON.stringify({ name }),
+    }),
+    delete: (key: string) => request<void>(`/api-keys/${key}`, { method: 'DELETE' }),
+  },
+
+  analytics: {
+    get: (days = 30) => request<AnalyticsSummary>(`/analytics?days=${days}`),
+    getPost: (slug: string, days = 30) => request<AnalyticsSummary>(`/analytics/posts/${slug}?days=${days}`),
+  },
+}
diff --git a/studio/src/components/editor/MetadataPanel.tsx b/studio/src/components/editor/MetadataPanel.tsx
new file mode 100644
index 0000000..65e4118
--- /dev/null
+++ b/studio/src/components/editor/MetadataPanel.tsx
@@ -0,0 +1,198 @@
+import { useState } from 'react'
+import { useStore } from '@nanostores/react'
+import { $editorPost, $versions, $isNewPost, restoreVersion } from '../../stores/editor'
+import { addToast } from '../../stores/app'
+import { Icons } from '../shared/Icons'
+import { Input, Textarea, Toggle } from '../ui'
+
+interface MetadataPanelProps {
+  onClose: () => void
+}
+
+export function MetadataPanel({ onClose }: MetadataPanelProps) {
+  const post = useStore($editorPost)
+  const versions = useStore($versions)
+  const isNew = useStore($isNewPost)
+  const [restoringId, setRestoringId] = useState<number | null>(null)
+
+  const handleTagsChange = (value: string) => {
+    const tags = value.split(',').map(t => t.trim()).filter(Boolean)
+    $editorPost.setKey('tags', tags)
+  }
+
+  const handleRestore = async (versionId: number) => {
+    if (!confirm('Restore this version? Your current draft will be replaced.')) return
+    setRestoringId(versionId)
+    const success = await restoreVersion(versionId)
+    setRestoringId(null)
+    if (success) {
+      addToast('Version restored', 'success')
+    } else {
+      addToast('Failed to restore version', 'error')
+    }
+  }
+
+  const formatDate = (dateStr: string) => {
+    const date = new Date(dateStr)
+    return date.toLocaleDateString('en-US', {
+      month: 'short',
+      day: 'numeric',
+      hour: 'numeric',
+      minute: '2-digit'
+    })
+  }
+
+  return (
+    <div className="w-80 flex-none border-l border-border bg-surface overflow-y-auto">
+      <div className="p-4 border-b border-border">
+        <div className="flex items-center justify-between">
+          <h3 className="font-medium">Post Settings</h3>
+          <button
+            onClick={onClose}
+            className="p-1 text-muted hover:text-text rounded"
+          >
+            <Icons.Close className="w-4 h-4" />
+          </button>
+        </div>
+      </div>
+
+      <div className="p-4 space-y-5">
+        {/* Slug */}
+        <div>
+          <label className="label">URL Slug</label>
+          <Input
+            value={post.slug}
+            onChange={v => $editorPost.setKey('slug', v.toLowerCase().replace(/[^a-z0-9-]/g, '-'))}
+            placeholder="my-post-title"
+          />
+          <p className="text-xs text-muted mt-1">/posts/{post.slug || 'my-post-title'}</p>
+        </div>
+
+        {/* Description */}
+        <div>
+          <label className="label">Description</label>
+          <Textarea
+            value={post.description}
+            onChange={v => $editorPost.setKey('description', v)}
+            placeholder="Brief summary for SEO and social shares..."
+            rows={3}
+          />
+        </div>
+
+        {/* Cover Image */}
+        <div>
+          <label className="label">Cover Image</label>
+          {post.cover_image ? (
+            <div className="space-y-2">
+              <div className="relative aspect-video bg-border/50 overflow-hidden rounded">
+                <img
+                  src={post.cover_image}
+                  alt="Cover"
+                  className="w-full h-full object-cover"
+                />
+                <button
+                  onClick={() => $editorPost.setKey('cover_image', '')}
+                  className="absolute top-2 right-2 p-1 bg-bg/80 hover:bg-bg rounded text-muted hover:text-text transition-colors"
+                  title="Remove cover"
+                >
+                  <Icons.Close className="w-4 h-4" />
+                </button>
+              </div>
+            </div>
+          ) : (
+            <Input
+              value={post.cover_image || ''}
+              onChange={v => $editorPost.setKey('cover_image', v)}
+              placeholder="https://example.com/image.jpg"
+            />
+          )}
+          <p className="text-xs text-muted mt-1">Used for social sharing and post headers</p>
+        </div>
+
+        {/* Date */}
+        <div>
+          <label className="label">Date</label>
+          <Input
+            type="date"
+            value={post.date}
+            onChange={v => $editorPost.setKey('date', v)}
+          />
+        </div>
+
+        {/* Tags */}
+        <div>
+          <label className="label">Tags</label>
+          <Input
+            value={post.tags.join(', ')}
+            onChange={handleTagsChange}
+            placeholder="react, typescript, tutorial"
+          />
+          <p className="text-xs text-muted mt-1">Comma-separated</p>
+        </div>
+
+        {/* Divider */}
+        <div className="border-t border-border pt-4">
+          <h4 className="text-xs font-medium text-muted uppercase tracking-wide mb-3">Publishing</h4>
+
+          {/* Draft Toggle */}
+          <div className="flex items-center justify-between py-2">
+            <div>
+              <div className="text-sm font-medium">Draft</div>
+              <div className="text-xs text-muted">Not visible to readers</div>
+            </div>
+            <Toggle
+              checked={post.draft}
+              onChange={v => $editorPost.setKey('draft', v)}
+            />
+          </div>
+
+          {/* Members Only Toggle */}
+          <div className="flex items-center justify-between py-2">
+            <div>
+              <div className="text-sm font-medium">Members only</div>
+              <div className="text-xs text-muted">Requires login to view</div>
+            </div>
+            <Toggle
+              checked={post.members_only}
+              onChange={v => $editorPost.setKey('members_only', v)}
+            />
+          </div>
+        </div>
+
+        {/* Version History */}
+        {!isNew && versions.length > 0 && (
+          <div className="border-t border-border pt-4">
+            <h4 className="text-xs font-medium text-muted uppercase tracking-wide mb-3">
+              <Icons.History className="w-3.5 h-3.5 inline-block mr-1.5 -mt-0.5" />
+              Version History
+            </h4>
+            <div className="space-y-2">
+              {versions.map((version) => (
+                <div
+                  key={version.id}
+                  className="flex items-center justify-between py-2 px-2 -mx-2 rounded hover:bg-bg"
+                >
+                  <div className="min-w-0">
+                    <div className="text-sm truncate">{version.title}</div>
+                    <div className="text-xs text-muted">{formatDate(version.created_at)}</div>
+                  </div>
+                  <button
+                    className="px-2 py-1 text-xs text-muted hover:text-text hover:bg-bg/50 rounded transition-colors disabled:opacity-50"
+                    onClick={() => handleRestore(version.id)}
+                    disabled={restoringId !== null}
+                  >
+                    {restoringId === version.id ? (
+                      <Icons.Loader className="w-3 h-3 animate-spin" />
+                    ) : (
+                      'Restore'
+                    )}
+                  </button>
+                </div>
+              ))}
+            </div>
+          </div>
+        )}
+      </div>
+    </div>
+  )
+}
diff --git a/studio/src/components/editor/PluginEditor.tsx b/studio/src/components/editor/PluginEditor.tsx
new file mode 100644
index 0000000..81c9b0c
--- /dev/null
+++ b/studio/src/components/editor/PluginEditor.tsx
@@ -0,0 +1,722 @@
+import { useEffect, useRef, useCallback, useState } from 'react'
+import Editor, { type Monaco } from '@monaco-editor/react'
+import type { editor, languages, IDisposable, Position } from 'monaco-editor'
+
+interface PluginEditorProps {
+  language: 'typescript' | 'go'
+  value: string
+  onChange: (value: string) => void
+  height?: string
+  secretKeys?: string[]
+  hook?: string
+}
+
+interface SDKFunction {
+  name: string
+  signature: string
+  insertText: string
+  documentation: string
+}
+
+interface SDKNamespace {
+  functions?: SDKFunction[]
+}
+
+interface SDKField {
+  name: string
+  type: string
+  doc?: string
+}
+
+interface SDKEventType {
+  fields: SDKField[]
+}
+
+interface SDKSchema {
+  Runner: SDKNamespace
+  events?: Record<string, SDKEventType>
+  nestedTypes?: Record<string, SDKField[]>
+}
+
+const LANGUAGE_MAP: Record<string, string> = {
+  typescript: 'typescript',
+  go: 'go',
+}
+
+// TypeScript SDK type definitions - well-formatted for hover display
+const getTypeScriptSDK = (secretKeys: string[]) => {
+  const secretsType = secretKeys.length > 0
+    ? `{\n${secretKeys.map(k => `    /** Secret: ${k} */\n    ${k}: string;`).join('\n')}\n  }`
+    : 'Record<string, string>'
+
+  return `
+/**
+ * Runner provides all plugin capabilities
+ */
+declare namespace Runner {
+  /** Log a message (visible in plugin logs) */
+  function log(message: string): void;
+
+  /** Make an HTTP request to external services */
+  function httpRequest(options: HttpRequestOptions): HttpResponse;
+
+  /** Access your configured secrets */
+  const secrets: ${secretsType};
+}
+
+/** Options for making HTTP requests */
+interface HttpRequestOptions {
+  /** The URL to request */
+  url: string;
+  /** HTTP method (default: GET) */
+  method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
+  /** HTTP headers to send */
+  headers?: Record<string, string>;
+  /** Request body (for POST/PUT/PATCH) */
+  body?: string;
+}
+
+/** Response from an HTTP request */
+interface HttpResponse {
+  /** HTTP status code */
+  status: number;
+  /** Response headers */
+  headers: Record<string, string>;
+  /** Response body as string */
+  body: string;
+}
+
+/** Result for validation hooks (comment.validate, etc.) */
+interface ValidationResult {
+  /** Whether the action is allowed */
+  allowed: boolean;
+  /** Reason for rejection (shown to user if allowed=false) */
+  reason?: string;
+}
+
+/** Blog post information */
+interface Post {
+  /** URL-safe identifier */
+  slug: string;
+  /** Post title */
+  title: string;
+  /** Full URL to the post */
+  url: string;
+  /** Short excerpt of the content */
+  excerpt: string;
+  /** ISO date when published */
+  publishedAt: string;
+  /** ISO date when last updated */
+  updatedAt?: string;
+  /** Post tags */
+  tags: string[];
+  /** Estimated reading time in minutes */
+  readingTime: number;
+}
+
+/** Author information */
+interface Author {
+  /** Author's display name */
+  name: string;
+  /** Author's email */
+  email: string;
+  /** URL to author's avatar image */
+  avatar?: string;
+}
+
+/** Blog information */
+interface Blog {
+  /** Blog name */
+  name: string;
+  /** Blog URL */
+  url: string;
+}
+
+/**
+ * Event fired when a post is published
+ * @example
+ * export function onPostPublished(event: PostPublishedEvent): void {
+ *   Runner.log(\`Published: \${event.post.title}\`);
+ * }
+ */
+interface PostPublishedEvent {
+  /** The published post */
+  post: Post;
+  /** The post author */
+  author: Author;
+  /** The blog where it was published */
+  blog: Blog;
+}
+
+/**
+ * Event fired when a post is updated
+ */
+interface PostUpdatedEvent {
+  /** The updated post */
+  post: Post;
+  /** The author who made the update */
+  author: Author;
+  /** What changed in this update */
+  changes: {
+    /** Title change (old and new values) */
+    title?: { old: string; new: string };
+    /** Whether content was modified */
+    content?: boolean;
+    /** Tags that were added or removed */
+    tags?: { added: string[]; removed: string[] };
+  };
+}
+
+/** Comment information */
+interface Comment {
+  /** Unique comment ID */
+  id: string;
+  /** Comment content (may contain markdown) */
+  content: string;
+  /** Commenter's display name */
+  authorName: string;
+  /** Commenter's email */
+  authorEmail: string;
+  /** Slug of the post being commented on */
+  postSlug: string;
+  /** Parent comment ID for replies */
+  parentId?: string;
+  /** ISO date when created */
+  createdAt: string;
+}
+
+/**
+ * Event fired when a comment is created
+ */
+interface CommentCreatedEvent {
+  /** The new comment */
+  comment: Comment;
+  /** The post being commented on */
+  post: {
+    slug: string;
+    title: string;
+    url: string;
+  };
+}
+
+/** Member/subscriber information */
+interface Member {
+  /** Member's email */
+  email: string;
+  /** Member's name (if provided) */
+  name?: string;
+  /** ISO date when subscribed */
+  subscribedAt: string;
+}
+
+/** Subscription tier information */
+interface Tier {
+  /** Tier name (e.g., "Free", "Premium") */
+  name: string;
+  /** Monthly price in cents (0 for free tier) */
+  price: number;
+}
+
+/**
+ * Event fired when a member subscribes
+ */
+interface MemberSubscribedEvent {
+  /** The new member */
+  member: Member;
+  /** The subscription tier they signed up for */
+  tier: Tier;
+}
+
+/**
+ * Event fired when an asset (image, file) is uploaded
+ */
+interface AssetUploadedEvent {
+  /** Unique asset ID */
+  id: string;
+  /** Public URL to access the asset */
+  url: string;
+  /** MIME type (e.g., "image/png") */
+  contentType: string;
+  /** File size in bytes */
+  size: number;
+  /** Image width in pixels (for images only) */
+  width?: number;
+  /** Image height in pixels (for images only) */
+  height?: number;
+}
+
+/**
+ * Event fired when analytics data is synced
+ */
+interface AnalyticsSyncEvent {
+  /** Time period for this analytics data */
+  period: {
+    /** ISO date for period start */
+    start: string;
+    /** ISO date for period end */
+    end: string;
+  };
+  /** Total pageviews in this period */
+  pageviews: number;
+  /** Unique visitors in this period */
+  visitors: number;
+  /** Top pages by view count */
+  topPages: Array<{
+    /** Page path (e.g., "/posts/my-post") */
+    path: string;
+    /** Number of views */
+    views: number;
+  }>;
+}
+
+/**
+ * Input for comment validation hook
+ * Return ValidationResult to allow or reject the comment
+ */
+interface CommentInput {
+  /** Comment content to validate */
+  content: string;
+  /** Commenter's name */
+  authorName: string;
+  /** Commenter's email */
+  authorEmail: string;
+  /** Post slug being commented on */
+  postSlug: string;
+  /** Parent comment ID (for replies) */
+  parentId?: string;
+}
+
+/**
+ * Input for content rendering hook
+ */
+interface ContentRenderInput {
+  /** HTML content to transform */
+  html: string;
+  /** Post metadata */
+  post: {
+    slug: string;
+    title: string;
+    tags: string[];
+  };
+}
+
+/**
+ * Output for content rendering hook
+ */
+interface ContentRenderOutput {
+  /** Transformed HTML content */
+  html: string;
+}
+`
+}
+
+const defineWriteKitTheme = (monaco: Monaco) => {
+  monaco.editor.defineTheme('writekit-dark', {
+    base: 'vs-dark',
+    inherit: false,
+    rules: [
+      // Base text - warm gray for readability
+      { token: '', foreground: 'c4c4c4' },
+
+      // Comments - muted, italic
+      { token: 'comment', foreground: '525252', fontStyle: 'italic' },
+      { token: 'comment.doc', foreground: '5c5c5c', fontStyle: 'italic' },
+
+      // Keywords - subtle off-white, not too bright
+      { token: 'keyword', foreground: 'd4d4d4' },
+      { token: 'keyword.control', foreground: 'd4d4d4' },
+      { token: 'keyword.operator', foreground: '9ca3af' },
+
+      // Strings - emerald accent (WriteKit brand)
+      { token: 'string', foreground: '34d399' },
+      { token: 'string.key', foreground: 'a3a3a3' },
+      { token: 'string.escape', foreground: '6ee7b7' },
+
+      // Numbers - muted amber for contrast
+      { token: 'number', foreground: 'fbbf24' },
+      { token: 'number.hex', foreground: 'f59e0b' },
+
+      // Types/Interfaces - cyan accent
+      { token: 'type', foreground: '22d3ee' },
+      { token: 'type.identifier', foreground: '22d3ee' },
+      { token: 'class', foreground: '22d3ee' },
+      { token: 'interface', foreground: '67e8f9' },
+      { token: 'namespace', foreground: '22d3ee' },
+
+      // Functions - clean white for emphasis
+      { token: 'function', foreground: 'f5f5f5' },
+      { token: 'function.declaration', foreground: 'ffffff' },
+      { token: 'method', foreground: 'f5f5f5' },
+
+      // Variables and parameters
+      { token: 'variable', foreground: 'c4c4c4' },
+      { token: 'variable.predefined', foreground: '67e8f9' },
+      { token: 'parameter', foreground: 'e5e5e5' },
+      { token: 'property', foreground: 'a3a3a3' },
+
+      // Constants - emerald like strings
+      { token: 'constant', foreground: '34d399' },
+      { token: 'constant.language', foreground: 'fb923c' },
+
+      // Operators and delimiters - subdued
+      { token: 'operator', foreground: '737373' },
+      { token: 'delimiter', foreground: '525252' },
+      { token: 'delimiter.bracket', foreground: '737373' },
+
+      // HTML/JSX
+      { token: 'tag', foreground: '22d3ee' },
+      { token: 'attribute.name', foreground: 'a3a3a3' },
+      { token: 'attribute.value', foreground: '34d399' },
+
+      // Regex
+      { token: 'regexp', foreground: 'f472b6' },
+    ],
+    colors: {
+      // Editor chrome - slightly lighter than pure dark
+      'editor.background': '#1c1c1e',
+      'editor.foreground': '#c4c4c4',
+
+      // Line highlighting - subtle
+      'editor.lineHighlightBackground': '#232326',
+      'editor.lineHighlightBorder': '#00000000',
+
+      // Selection - emerald tint
+      'editor.selectionBackground': '#10b98135',
+      'editor.inactiveSelectionBackground': '#10b98118',
+      'editor.selectionHighlightBackground': '#10b98115',
+
+      // Cursor - emerald brand color
+      'editorCursor.foreground': '#10b981',
+
+      // Line numbers - muted
+      'editorLineNumber.foreground': '#3f3f46',
+      'editorLineNumber.activeForeground': '#71717a',
+
+      // Indent guides
+      'editorIndentGuide.background1': '#27272a',
+      'editorIndentGuide.activeBackground1': '#3f3f46',
+
+      // Bracket matching
+      'editorBracketMatch.background': '#10b98125',
+      'editorBracketMatch.border': '#10b98170',
+
+      // Whitespace
+      'editorWhitespace.foreground': '#2e2e33',
+
+      // Scrollbar - subtle
+      'scrollbarSlider.background': '#3f3f4660',
+      'scrollbarSlider.hoverBackground': '#52525b80',
+      'scrollbarSlider.activeBackground': '#71717a80',
+
+      // Widgets (autocomplete, hover)
+      'editorWidget.background': '#1e1e21',
+      'editorWidget.border': '#3f3f46',
+      'editorSuggestWidget.background': '#1e1e21',
+      'editorSuggestWidget.border': '#3f3f46',
+      'editorSuggestWidget.selectedBackground': '#2a2a2e',
+      'editorSuggestWidget.highlightForeground': '#34d399',
+      'editorHoverWidget.background': '#1e1e21',
+      'editorHoverWidget.border': '#3f3f46',
+
+      // Input fields
+      'input.background': '#1e1e21',
+      'input.border': '#3f3f46',
+      'input.foreground': '#c4c4c4',
+
+      // Focus
+      'focusBorder': '#10b981',
+    },
+  })
+}
+
+export function PluginEditor({ language, value, onChange, height = '500px', secretKeys = [], hook = 'post.published' }: PluginEditorProps) {
+  const editorRef = useRef<editor.IStandaloneCodeEditor | null>(null)
+  const monacoRef = useRef<Monaco | null>(null)
+  const disposablesRef = useRef<IDisposable[]>([])
+  const [sdkSchema, setSdkSchema] = useState<SDKSchema | null>(null)
+
+  // Fetch SDK schema when language changes
+  useEffect(() => {
+    fetch(`/api/studio/sdk?language=${language}`)
+      .then(r => r.json())
+      .then(setSdkSchema)
+      .catch(() => {})
+  }, [language])
+
+  // Helper to get fields for a type from nested types or event fields
+  const getFieldsForType = useCallback((typeName: string): SDKField[] => {
+    if (!sdkSchema) return []
+    // Check nested types first
+    if (sdkSchema.nestedTypes?.[typeName]) {
+      return sdkSchema.nestedTypes[typeName]
+    }
+    return []
+  }, [sdkSchema])
+
+  // Track TypeScript lib disposable separately
+  const tsLibDisposableRef = useRef<IDisposable | null>(null)
+
+  // Update TypeScript SDK when secrets change
+  useEffect(() => {
+    const monaco = monacoRef.current
+    if (!monaco || language !== 'typescript') return
+
+    // Dispose previous SDK lib if it exists
+    if (tsLibDisposableRef.current) {
+      tsLibDisposableRef.current.dispose()
+    }
+
+    // Add updated SDK with new secrets
+    const sdk = getTypeScriptSDK(secretKeys)
+    tsLibDisposableRef.current = monaco.languages.typescript.typescriptDefaults.addExtraLib(
+      sdk,
+      'file:///node_modules/@writekit/sdk/index.d.ts'
+    )
+
+    return () => {
+      if (tsLibDisposableRef.current) {
+        tsLibDisposableRef.current.dispose()
+      }
+    }
+  }, [language, secretKeys])
+
+  // Register completion providers when SDK schema or language changes
+  useEffect(() => {
+    const monaco = monacoRef.current
+    if (!monaco || !sdkSchema) return
+
+    // Dispose previous providers
+    disposablesRef.current.forEach(d => d.dispose())
+    disposablesRef.current = []
+
+    // Register Go completion providers
+    if (language === 'go') {
+      const langId = LANGUAGE_MAP[language]
+
+      // Completion provider for Runner. and event.
+      const completionProvider = monaco.languages.registerCompletionItemProvider(langId, {
+        triggerCharacters: ['.'],
+        provideCompletionItems: (model: editor.ITextModel, position: Position) => {
+          const textBefore = model.getValueInRange({
+            startLineNumber: position.lineNumber,
+            startColumn: 1,
+            endLineNumber: position.lineNumber,
+            endColumn: position.column
+          })
+
+          const suggestions: languages.CompletionItem[] = []
+          const range = {
+            startLineNumber: position.lineNumber,
+            startColumn: position.column,
+            endLineNumber: position.lineNumber,
+            endColumn: position.column
+          }
+
+          // Runner. completions
+          if (textBefore.endsWith('Runner.')) {
+            // Add functions
+            sdkSchema.Runner.functions?.forEach(fn => {
+              suggestions.push({
+                label: fn.name,
+                kind: monaco.languages.CompletionItemKind.Method,
+                insertText: fn.insertText,
+                insertTextRules: monaco.languages.CompletionItemInsertTextRule.InsertAsSnippet,
+                documentation: { value: `**${fn.signature}**\n\n${fn.documentation}` },
+                detail: fn.signature,
+                range
+              })
+            })
+            // Add secrets namespace
+            suggestions.push({
+              label: 'Secrets',
+              kind: monaco.languages.CompletionItemKind.Module,
+              insertText: 'Secrets',
+              documentation: { value: 'Access your configured secrets' },
+              detail: 'namespace',
+              range
+            })
+          }
+
+          // Runner.Secrets. completions (dynamic based on user's secrets)
+          if (textBefore.endsWith('Runner.Secrets.')) {
+            secretKeys.forEach(key => {
+              // Convert to PascalCase for Go/C#
+              const secretName = key.split('_').map(s => s.charAt(0).toUpperCase() + s.slice(1).toLowerCase()).join('')
+              suggestions.push({
+                label: secretName,
+                kind: monaco.languages.CompletionItemKind.Constant,
+                insertText: secretName,
+                documentation: { value: `Secret: \`${key}\`` },
+                detail: 'string',
+                range
+              })
+            })
+          }
+
+          // event. completions (based on current hook)
+          if (textBefore.endsWith('event.')) {
+            const eventType = sdkSchema.events?.[hook]
+            if (eventType) {
+              eventType.fields.forEach(field => {
+                suggestions.push({
+                  label: field.name,
+                  kind: monaco.languages.CompletionItemKind.Field,
+                  insertText: field.name,
+                  documentation: { value: field.doc || `${field.type}` },
+                  detail: field.type,
+                  range
+                })
+              })
+            }
+          }
+
+          // Nested type completions (e.g., event.Post.)
+          // Match patterns like: event.Post. or event.Author.
+          const nestedMatch = textBefore.match(/event\.(\w+)\.$/)
+          if (nestedMatch) {
+            const parentField = nestedMatch[1]
+            // Find the type of this field from the event
+            const eventType = sdkSchema.events?.[hook]
+            const field = eventType?.fields.find(f => f.name === parentField)
+            if (field) {
+              // Get nested type fields
+              const nestedFields = getFieldsForType(field.type)
+              nestedFields.forEach(nestedField => {
+                suggestions.push({
+                  label: nestedField.name,
+                  kind: monaco.languages.CompletionItemKind.Field,
+                  insertText: nestedField.name,
+                  documentation: { value: nestedField.doc || `${nestedField.type}` },
+                  detail: nestedField.type,
+                  range
+                })
+              })
+            }
+          }
+
+          return { suggestions }
+        }
+      })
+
+      disposablesRef.current.push(completionProvider)
+
+      // Hover provider
+      const hoverProvider = monaco.languages.registerHoverProvider(langId, {
+        provideHover: (model: editor.ITextModel, position: Position) => {
+          const word = model.getWordAtPosition(position)
+          if (!word) return null
+
+          // Check Runner functions
+          const runnerFn = sdkSchema.Runner.functions?.find(f => f.name === word.word)
+          if (runnerFn) {
+            return {
+              contents: [
+                { value: `**Runner.${runnerFn.name}**` },
+                { value: `\`\`\`\n${runnerFn.signature}\n\`\`\`` },
+                { value: runnerFn.documentation }
+              ]
+            }
+          }
+
+          return null
+        }
+      })
+
+      disposablesRef.current.push(hoverProvider)
+    }
+
+    return () => {
+      disposablesRef.current.forEach(d => d.dispose())
+      disposablesRef.current = []
+    }
+  }, [language, sdkSchema, secretKeys, hook, getFieldsForType])
+
+  // Configure Monaco before editor mounts
+  const handleBeforeMount = useCallback((monaco: Monaco) => {
+    // Define theme for all languages
+    defineWriteKitTheme(monaco)
+
+    // TypeScript-specific configuration
+    if (language === 'typescript') {
+      // Configure TypeScript compiler options
+      // Don't set 'lib' explicitly - let Monaco use defaults which include all ES libs
+      // This ensures JSON, Array, Object, Math, etc. are available
+      monaco.languages.typescript.typescriptDefaults.setCompilerOptions({
+        target: monaco.languages.typescript.ScriptTarget.ES2020,
+        module: monaco.languages.typescript.ModuleKind.ESNext,
+        strict: true,
+        noEmit: true,
+        esModuleInterop: true,
+        skipLibCheck: true,
+        allowNonTsExtensions: true,
+      })
+
+      // Enable full diagnostics for hover info and error checking
+      monaco.languages.typescript.typescriptDefaults.setDiagnosticsOptions({
+        noSemanticValidation: false,
+        noSyntaxValidation: false,
+      })
+
+      // Eager model sync ensures types are available immediately
+      monaco.languages.typescript.typescriptDefaults.setEagerModelSync(true)
+
+      // Add WriteKit SDK types
+      const sdk = getTypeScriptSDK(secretKeys)
+      monaco.languages.typescript.typescriptDefaults.addExtraLib(
+        sdk,
+        'file:///node_modules/@writekit/sdk/index.d.ts'
+      )
+    }
+  }, [language, secretKeys])
+
+  const handleMount = useCallback((editor: editor.IStandaloneCodeEditor, monaco: Monaco) => {
+    editorRef.current = editor
+    monacoRef.current = monaco
+    // Theme is already defined in beforeMount, just apply it
+    monaco.editor.setTheme('writekit-dark')
+  }, [])
+
+  const isFullHeight = height === '100%'
+
+  return (
+    <div className={`overflow-hidden ${isFullHeight ? 'h-full' : 'border border-border'}`}>
+      <Editor
+        height={height}
+        language={LANGUAGE_MAP[language]}
+        value={value}
+        onChange={v => onChange(v || '')}
+        beforeMount={handleBeforeMount}
+        onMount={handleMount}
+        theme="vs-dark"
+        options={{
+          minimap: { enabled: false },
+          fontSize: 14,
+          fontFamily: '"JetBrains Mono", "SF Mono", Consolas, monospace',
+          lineNumbers: 'on',
+          scrollBeyondLastLine: false,
+          automaticLayout: true,
+          tabSize: language === 'go' ? 4 : 2,
+          padding: { top: 16, bottom: 16 },
+          renderLineHighlight: 'line',
+          renderLineHighlightOnlyWhenFocus: true,
+          overviewRulerLanes: 0,
+          hideCursorInOverviewRuler: true,
+          cursorBlinking: 'blink',
+          cursorSmoothCaretAnimation: 'off',
+          smoothScrolling: true,
+          suggestOnTriggerCharacters: true,
+          scrollbar: {
+            vertical: 'auto',
+            horizontal: 'auto',
+            verticalScrollbarSize: 10,
+            horizontalScrollbarSize: 10,
+            useShadows: false,
+          },
+          bracketPairColorization: {
+            enabled: true,
+          },
+        }}
+      />
+    </div>
+  )
+}
diff --git a/studio/src/components/editor/PostEditor.tsx b/studio/src/components/editor/PostEditor.tsx
new file mode 100644
index 0000000..1931b1f
--- /dev/null
+++ b/studio/src/components/editor/PostEditor.tsx
@@ -0,0 +1,354 @@
+import { useEditor, EditorContent } from '@tiptap/react'
+import { BubbleMenu } from '@tiptap/react/menus'
+import StarterKit from '@tiptap/starter-kit'
+import Link from '@tiptap/extension-link'
+import Image from '@tiptap/extension-image'
+import Placeholder from '@tiptap/extension-placeholder'
+import { Table, TableRow, TableCell, TableHeader } from '@tiptap/extension-table'
+import TaskList from '@tiptap/extension-task-list'
+import TaskItem from '@tiptap/extension-task-item'
+import CodeBlockLowlight from '@tiptap/extension-code-block-lowlight'
+import { Markdown } from '@tiptap/markdown'
+import { common, createLowlight } from 'lowlight'
+import { useEffect, useRef, useState, useCallback } from 'react'
+import { useStore } from '@nanostores/react'
+import { $editorPost, broadcastPreview } from '../../stores/editor'
+import { $settings } from '../../stores/settings'
+import { Icons } from '../shared/Icons'
+import { SlashCommands } from './SlashCommands'
+
+const lowlight = createLowlight(common)
+
+interface PostEditorProps {
+  onChange?: (markdown: string) => void
+}
+
+async function uploadImage(file: File): Promise<string | null> {
+  const formData = new FormData()
+  formData.append('file', file)
+
+  try {
+    const response = await fetch('/studio/assets', {
+      method: 'POST',
+      body: formData,
+    })
+
+    if (!response.ok) return null
+
+    const data = await response.json()
+    return data.url
+  } catch {
+    return null
+  }
+}
+
+export function PostEditor({ onChange }: PostEditorProps) {
+  const post = useStore($editorPost)
+  const settings = useStore($settings)
+  const isInitialMount = useRef(true)
+  const skipNextUpdate = useRef(false)
+  const wrapperRef = useRef<HTMLDivElement>(null)
+  const [linkUrl, setLinkUrl] = useState('')
+  const [showLinkInput, setShowLinkInput] = useState(false)
+  const [isDragging, setIsDragging] = useState(false)
+
+  const editor = useEditor({
+    extensions: [
+      StarterKit.configure({
+        codeBlock: false,
+        link: false,
+      }),
+      Link.configure({
+        openOnClick: false,
+        autolink: true,
+      }),
+      Image.configure({
+        allowBase64: true,
+        inline: false,
+      }),
+      Placeholder.configure({
+        placeholder: 'Start writing...',
+      }),
+      Table.configure({
+        resizable: true,
+      }),
+      TableRow,
+      TableCell,
+      TableHeader,
+      TaskList,
+      TaskItem.configure({
+        nested: true,
+      }),
+      CodeBlockLowlight.configure({
+        lowlight,
+      }),
+      Markdown,
+      SlashCommands,
+    ],
+    content: post.content || '',
+    contentType: 'markdown',
+    editorProps: {
+      attributes: {
+        class: 'prose max-w-none focus:outline-none min-h-[50vh] p-6',
+        style: 'font-size: 1.0625rem; line-height: 1.7;',
+      },
+      handleDrop: (_view, event, _slice, moved) => {
+        if (moved || !event.dataTransfer?.files.length) return false
+
+        const file = event.dataTransfer.files[0]
+        if (!file.type.startsWith('image/')) return false
+
+        event.preventDefault()
+        handleImageUpload(file)
+        return true
+      },
+      handlePaste: (_view, event) => {
+        const items = event.clipboardData?.items
+        if (!items) return false
+
+        for (const item of items) {
+          if (item.type.startsWith('image/')) {
+            event.preventDefault()
+            const file = item.getAsFile()
+            if (file) handleImageUpload(file)
+            return true
+          }
+        }
+        return false
+      },
+    },
+    onUpdate: ({ editor }) => {
+      if (skipNextUpdate.current) {
+        skipNextUpdate.current = false
+        return
+      }
+      const markdown = editor.getMarkdown()
+      onChange?.(markdown)
+      broadcastPreview(markdown)
+    },
+  })
+
+  const handleImageUpload = useCallback(async (file: File) => {
+    if (!editor) return
+
+    const url = await uploadImage(file)
+    if (url) {
+      editor.chain().focus().setImage({ src: url }).run()
+    }
+  }, [editor])
+
+  const handleDragOver = useCallback((e: React.DragEvent) => {
+    e.preventDefault()
+    if (e.dataTransfer.types.includes('Files')) {
+      setIsDragging(true)
+    }
+  }, [])
+
+  const handleDragLeave = useCallback((e: React.DragEvent) => {
+    if (e.currentTarget === e.target || !wrapperRef.current?.contains(e.relatedTarget as Node)) {
+      setIsDragging(false)
+    }
+  }, [])
+
+  const handleDrop = useCallback((e: React.DragEvent) => {
+    e.preventDefault()
+    setIsDragging(false)
+  }, [])
+
+  const handleWrapperClick = useCallback((e: React.MouseEvent) => {
+    if (e.target === wrapperRef.current && editor) {
+      editor.chain().focus().run()
+    }
+  }, [editor])
+
+  const setLink = useCallback(() => {
+    if (!editor) return
+
+    if (linkUrl === '') {
+      editor.chain().focus().extendMarkRange('link').unsetLink().run()
+    } else {
+      const url = linkUrl.startsWith('http') ? linkUrl : `https://${linkUrl}`
+      editor.chain().focus().extendMarkRange('link').setLink({ href: url }).run()
+    }
+    setShowLinkInput(false)
+    setLinkUrl('')
+  }, [editor, linkUrl])
+
+  const openLinkInput = useCallback(() => {
+    if (!editor) return
+    const previousUrl = editor.getAttributes('link').href || ''
+    setLinkUrl(previousUrl)
+    setShowLinkInput(true)
+  }, [editor])
+
+  useEffect(() => {
+    if (!editor) return
+
+    if (isInitialMount.current) {
+      isInitialMount.current = false
+      return
+    }
+
+    const currentContent = editor.getMarkdown()
+    if (currentContent !== post.content) {
+      skipNextUpdate.current = true
+      editor.commands.setContent(post.content || '', { contentType: 'markdown' })
+    }
+  }, [editor, post.content])
+
+  useEffect(() => {
+    const codeTheme = settings.code_theme || 'github'
+    const id = 'code-theme-css'
+    let link = document.getElementById(id) as HTMLLinkElement | null
+
+    if (!link) {
+      link = document.createElement('link')
+      link.id = id
+      link.rel = 'stylesheet'
+      document.head.appendChild(link)
+    }
+
+    link.href = `/api/studio/code-theme.css?theme=${codeTheme}`
+  }, [settings.code_theme])
+
+  if (!editor) return null
+
+  return (
+    <div
+      ref={wrapperRef}
+      className={`editor-wrapper h-full overflow-auto cursor-text relative ${isDragging ? 'bg-accent/5' : ''}`}
+      onClick={handleWrapperClick}
+      onDragOver={handleDragOver}
+      onDragLeave={handleDragLeave}
+      onDrop={handleDrop}
+    >
+      {isDragging && (
+        <div className="absolute inset-0 flex items-center justify-center pointer-events-none z-10">
+          <div className="px-4 py-2 bg-accent text-white text-sm font-medium rounded">
+            Drop image to upload
+          </div>
+        </div>
+      )}
+
+      <BubbleMenu
+        editor={editor}
+        className="flex items-center gap-0.5 p-1 bg-surface border border-border shadow-lg rounded"
+      >
+        {showLinkInput ? (
+          <div className="flex items-center gap-1 px-1">
+            <input
+              type="text"
+              value={linkUrl}
+              onChange={(e) => setLinkUrl(e.target.value)}
+              onKeyDown={(e) => {
+                if (e.key === 'Enter') {
+                  e.preventDefault()
+                  setLink()
+                }
+                if (e.key === 'Escape') {
+                  setShowLinkInput(false)
+                  setLinkUrl('')
+                }
+              }}
+              placeholder="Enter URL..."
+              className="w-48 px-2 py-1 text-xs bg-bg border border-border rounded focus:outline-none focus:border-accent"
+              autoFocus
+            />
+            <button
+              onClick={setLink}
+              className="p-1.5 text-accent hover:bg-accent/10 rounded"
+            >
+              <Icons.Check className="w-3.5 h-3.5" />
+            </button>
+            <button
+              onClick={() => {
+                setShowLinkInput(false)
+                setLinkUrl('')
+              }}
+              className="p-1.5 text-muted hover:bg-bg rounded"
+            >
+              <Icons.Close className="w-3.5 h-3.5" />
+            </button>
+          </div>
+        ) : (
+          <>
+            <ToolbarButton
+              onClick={() => editor.chain().focus().toggleBold().run()}
+              isActive={editor.isActive('bold')}
+              title="Bold (Ctrl+B)"
+            >
+              <Icons.Bold className="w-3.5 h-3.5" />
+            </ToolbarButton>
+            <ToolbarButton
+              onClick={() => editor.chain().focus().toggleItalic().run()}
+              isActive={editor.isActive('italic')}
+              title="Italic (Ctrl+I)"
+            >
+              <Icons.Italic className="w-3.5 h-3.5" />
+            </ToolbarButton>
+            <ToolbarButton
+              onClick={() => editor.chain().focus().toggleStrike().run()}
+              isActive={editor.isActive('strike')}
+              title="Strikethrough"
+            >
+              <Icons.Strikethrough className="w-3.5 h-3.5" />
+            </ToolbarButton>
+            <ToolbarButton
+              onClick={() => editor.chain().focus().toggleCode().run()}
+              isActive={editor.isActive('code')}
+              title="Inline Code (Ctrl+E)"
+            >
+              <Icons.CodeInline className="w-3.5 h-3.5" />
+            </ToolbarButton>
+
+            <div className="w-px h-4 bg-border mx-1" />
+
+            <ToolbarButton
+              onClick={openLinkInput}
+              isActive={editor.isActive('link')}
+              title="Add Link (Ctrl+K)"
+            >
+              <Icons.Link className="w-3.5 h-3.5" />
+            </ToolbarButton>
+            {editor.isActive('link') && (
+              <ToolbarButton
+                onClick={() => editor.chain().focus().unsetLink().run()}
+                title="Remove Link"
+              >
+                <Icons.LinkOff className="w-3.5 h-3.5" />
+              </ToolbarButton>
+            )}
+          </>
+        )}
+      </BubbleMenu>
+
+      <EditorContent editor={editor} />
+    </div>
+  )
+}
+
+function ToolbarButton({
+  onClick,
+  isActive,
+  title,
+  children,
+}: {
+  onClick: () => void
+  isActive?: boolean
+  title: string
+  children: React.ReactNode
+}) {
+  return (
+    <button
+      onClick={onClick}
+      title={title}
+      className={`p-1.5 rounded transition-colors ${
+        isActive
+          ? 'bg-accent/10 text-accent'
+          : 'text-muted hover:text-text hover:bg-bg'
+      }`}
+    >
+      {children}
+    </button>
+  )
+}
diff --git a/studio/src/components/editor/SlashCommands.tsx b/studio/src/components/editor/SlashCommands.tsx
new file mode 100644
index 0000000..4344633
--- /dev/null
+++ b/studio/src/components/editor/SlashCommands.tsx
@@ -0,0 +1,270 @@
+import { Extension } from '@tiptap/core'
+import { ReactRenderer } from '@tiptap/react'
+import Suggestion, { type SuggestionOptions } from '@tiptap/suggestion'
+import tippy, { type Instance as TippyInstance } from 'tippy.js'
+import {
+  forwardRef,
+  useEffect,
+  useImperativeHandle,
+  useState,
+  useCallback,
+} from 'react'
+import { Icons } from '../shared/Icons'
+
+interface CommandItem {
+  title: string
+  description: string
+  icon: React.ReactNode
+  command: (props: { editor: any; range: any }) => void
+}
+
+const commands: CommandItem[] = [
+  {
+    title: 'Heading 1',
+    description: 'Large section heading',
+    icon: <Icons.Heading1 className="w-4 h-4" />,
+    command: ({ editor, range }) => {
+      editor.chain().focus().deleteRange(range).setNode('heading', { level: 1 }).run()
+    },
+  },
+  {
+    title: 'Heading 2',
+    description: 'Medium section heading',
+    icon: <Icons.Heading2 className="w-4 h-4" />,
+    command: ({ editor, range }) => {
+      editor.chain().focus().deleteRange(range).setNode('heading', { level: 2 }).run()
+    },
+  },
+  {
+    title: 'Heading 3',
+    description: 'Small section heading',
+    icon: <Icons.Heading3 className="w-4 h-4" />,
+    command: ({ editor, range }) => {
+      editor.chain().focus().deleteRange(range).setNode('heading', { level: 3 }).run()
+    },
+  },
+  {
+    title: 'Bullet List',
+    description: 'Create a bullet list',
+    icon: <Icons.List className="w-4 h-4" />,
+    command: ({ editor, range }) => {
+      editor.chain().focus().deleteRange(range).toggleBulletList().run()
+    },
+  },
+  {
+    title: 'Numbered List',
+    description: 'Create a numbered list',
+    icon: <Icons.ListOrdered className="w-4 h-4" />,
+    command: ({ editor, range }) => {
+      editor.chain().focus().deleteRange(range).toggleOrderedList().run()
+    },
+  },
+  {
+    title: 'Task List',
+    description: 'Create a task list with checkboxes',
+    icon: <Icons.Check className="w-4 h-4" />,
+    command: ({ editor, range }) => {
+      editor.chain().focus().deleteRange(range).toggleTaskList().run()
+    },
+  },
+  {
+    title: 'Code Block',
+    description: 'Insert a code block',
+    icon: <Icons.Code className="w-4 h-4" />,
+    command: ({ editor, range }) => {
+      editor.chain().focus().deleteRange(range).toggleCodeBlock().run()
+    },
+  },
+  {
+    title: 'Blockquote',
+    description: 'Insert a quote',
+    icon: <Icons.Quote className="w-4 h-4" />,
+    command: ({ editor, range }) => {
+      editor.chain().focus().deleteRange(range).toggleBlockquote().run()
+    },
+  },
+  {
+    title: 'Horizontal Rule',
+    description: 'Insert a divider',
+    icon: <span className="w-4 h-4 flex items-center justify-center">—</span>,
+    command: ({ editor, range }) => {
+      editor.chain().focus().deleteRange(range).setHorizontalRule().run()
+    },
+  },
+  {
+    title: 'Image',
+    description: 'Insert an image from URL',
+    icon: <Icons.Image className="w-4 h-4" />,
+    command: ({ editor, range }) => {
+      const url = window.prompt('Enter image URL:')
+      if (url) {
+        editor.chain().focus().deleteRange(range).setImage({ src: url }).run()
+      }
+    },
+  },
+]
+
+interface CommandListProps {
+  items: CommandItem[]
+  command: (item: CommandItem) => void
+}
+
+interface CommandListRef {
+  onKeyDown: (props: { event: KeyboardEvent }) => boolean
+}
+
+const CommandList = forwardRef<CommandListRef, CommandListProps>(
+  ({ items, command }, ref) => {
+    const [selectedIndex, setSelectedIndex] = useState(0)
+
+    const selectItem = useCallback(
+      (index: number) => {
+        const item = items[index]
+        if (item) {
+          command(item)
+        }
+      },
+      [items, command]
+    )
+
+    useEffect(() => {
+      setSelectedIndex(0)
+    }, [items])
+
+    useImperativeHandle(ref, () => ({
+      onKeyDown: ({ event }) => {
+        if (event.key === 'ArrowUp') {
+          setSelectedIndex((prev) => (prev + items.length - 1) % items.length)
+          return true
+        }
+
+        if (event.key === 'ArrowDown') {
+          setSelectedIndex((prev) => (prev + 1) % items.length)
+          return true
+        }
+
+        if (event.key === 'Enter') {
+          selectItem(selectedIndex)
+          return true
+        }
+
+        return false
+      },
+    }))
+
+    if (items.length === 0) {
+      return (
+        <div className="bg-surface border border-border shadow-lg rounded p-2 text-sm text-muted">
+          No results
+        </div>
+      )
+    }
+
+    return (
+      <div className="bg-surface border border-border shadow-lg rounded py-1 min-w-[200px] max-h-[300px] overflow-y-auto">
+        {items.map((item, index) => (
+          <button
+            key={item.title}
+            onClick={() => selectItem(index)}
+            className={`w-full flex items-center gap-3 px-3 py-2 text-left text-sm transition-colors ${
+              index === selectedIndex
+                ? 'bg-accent/10 text-text'
+                : 'text-muted hover:bg-bg hover:text-text'
+            }`}
+          >
+            <span className="flex-shrink-0 text-muted">{item.icon}</span>
+            <div className="flex-1 min-w-0">
+              <div className="font-medium text-text">{item.title}</div>
+              <div className="text-xs text-muted truncate">{item.description}</div>
+            </div>
+          </button>
+        ))}
+      </div>
+    )
+  }
+)
+
+CommandList.displayName = 'CommandList'
+
+const suggestion: Omit<SuggestionOptions<CommandItem>, 'editor'> = {
+  items: ({ query }) => {
+    return commands.filter((item) =>
+      item.title.toLowerCase().includes(query.toLowerCase())
+    )
+  },
+
+  render: () => {
+    let component: ReactRenderer<CommandListRef> | null = null
+    let popup: TippyInstance[] | null = null
+
+    return {
+      onStart: (props) => {
+        component = new ReactRenderer(CommandList, {
+          props,
+          editor: props.editor,
+        })
+
+        if (!props.clientRect) return
+
+        popup = tippy('body', {
+          getReferenceClientRect: props.clientRect as () => DOMRect,
+          appendTo: () => document.body,
+          content: component.element,
+          showOnCreate: true,
+          interactive: true,
+          trigger: 'manual',
+          placement: 'bottom-start',
+        })
+      },
+
+      onUpdate: (props) => {
+        component?.updateProps(props)
+
+        if (!props.clientRect) return
+
+        popup?.[0]?.setProps({
+          getReferenceClientRect: props.clientRect as () => DOMRect,
+        })
+      },
+
+      onKeyDown: (props) => {
+        if (props.event.key === 'Escape') {
+          popup?.[0]?.hide()
+          return true
+        }
+
+        return component?.ref?.onKeyDown(props) ?? false
+      },
+
+      onExit: () => {
+        popup?.[0]?.destroy()
+        component?.destroy()
+      },
+    }
+  },
+}
+
+export const SlashCommands = Extension.create({
+  name: 'slashCommands',
+
+  addOptions() {
+    return {
+      suggestion: {
+        char: '/',
+        command: ({ editor, range, props }: { editor: any; range: any; props: CommandItem }) => {
+          props.command({ editor, range })
+        },
+      },
+    }
+  },
+
+  addProseMirrorPlugins() {
+    return [
+      Suggestion({
+        editor: this.editor,
+        ...suggestion,
+        ...this.options.suggestion,
+      }),
+    ]
+  },
+})
diff --git a/studio/src/components/editor/SourceEditor.tsx b/studio/src/components/editor/SourceEditor.tsx
new file mode 100644
index 0000000..5a13b75
--- /dev/null
+++ b/studio/src/components/editor/SourceEditor.tsx
@@ -0,0 +1,105 @@
+import { useCallback, useRef } from 'react'
+import Editor, { type Monaco } from '@monaco-editor/react'
+import type { editor } from 'monaco-editor'
+import { useStore } from '@nanostores/react'
+import { $editorPost } from '../../stores/editor'
+
+interface SourceEditorProps {
+  onChange?: (markdown: string) => void
+}
+
+const defineWriteKitTheme = (monaco: Monaco) => {
+  monaco.editor.defineTheme('writekit-dark', {
+    base: 'vs-dark',
+    inherit: false,
+    rules: [
+      { token: '', foreground: 'c4c4c4' },
+      { token: 'comment', foreground: '525252', fontStyle: 'italic' },
+      { token: 'keyword', foreground: 'd4d4d4' },
+      { token: 'string', foreground: '34d399' },
+      { token: 'number', foreground: 'fbbf24' },
+      { token: 'type', foreground: '22d3ee' },
+      { token: 'function', foreground: 'f5f5f5' },
+      { token: 'variable', foreground: 'c4c4c4' },
+      { token: 'operator', foreground: '737373' },
+      { token: 'delimiter', foreground: '525252' },
+      { token: 'tag', foreground: '22d3ee' },
+      { token: 'attribute.name', foreground: 'a3a3a3' },
+      { token: 'attribute.value', foreground: '34d399' },
+      { token: 'string.link', foreground: '34d399', fontStyle: 'underline' },
+    ],
+    colors: {
+      'editor.background': '#1c1c1e',
+      'editor.foreground': '#c4c4c4',
+      'editor.lineHighlightBackground': '#232326',
+      'editor.lineHighlightBorder': '#00000000',
+      'editor.selectionBackground': '#10b98135',
+      'editor.inactiveSelectionBackground': '#10b98118',
+      'editorCursor.foreground': '#10b981',
+      'editorLineNumber.foreground': '#3f3f46',
+      'editorLineNumber.activeForeground': '#71717a',
+      'editorIndentGuide.background1': '#27272a',
+      'editorIndentGuide.activeBackground1': '#3f3f46',
+      'scrollbarSlider.background': '#3f3f4660',
+      'scrollbarSlider.hoverBackground': '#52525b80',
+      'editorWidget.background': '#1e1e21',
+      'editorWidget.border': '#3f3f46',
+    },
+  })
+}
+
+export function SourceEditor({ onChange }: SourceEditorProps) {
+  const post = useStore($editorPost)
+  const editorRef = useRef<editor.IStandaloneCodeEditor | null>(null)
+
+  const handleBeforeMount = useCallback((monaco: Monaco) => {
+    defineWriteKitTheme(monaco)
+  }, [])
+
+  const handleMount = useCallback((editor: editor.IStandaloneCodeEditor, monaco: Monaco) => {
+    editorRef.current = editor
+    monaco.editor.setTheme('writekit-dark')
+  }, [])
+
+  const handleChange = useCallback((value: string | undefined) => {
+    onChange?.(value || '')
+  }, [onChange])
+
+  return (
+    <div className="h-full overflow-hidden">
+      <Editor
+        height="100%"
+        language="markdown"
+        value={post.content}
+        onChange={handleChange}
+        beforeMount={handleBeforeMount}
+        onMount={handleMount}
+        theme="vs-dark"
+        options={{
+          minimap: { enabled: false },
+          fontSize: 14,
+          fontFamily: '"JetBrains Mono", "SF Mono", Consolas, monospace',
+          lineNumbers: 'on',
+          scrollBeyondLastLine: false,
+          automaticLayout: true,
+          tabSize: 2,
+          padding: { top: 16, bottom: 16 },
+          renderLineHighlight: 'line',
+          renderLineHighlightOnlyWhenFocus: true,
+          wordWrap: 'on',
+          lineHeight: 1.6,
+          overviewRulerLanes: 0,
+          hideCursorInOverviewRuler: true,
+          cursorBlinking: 'blink',
+          smoothScrolling: true,
+          scrollbar: {
+            vertical: 'auto',
+            horizontal: 'hidden',
+            verticalScrollbarSize: 10,
+            useShadows: false,
+          },
+        }}
+      />
+    </div>
+  )
+}
diff --git a/studio/src/components/editor/index.ts b/studio/src/components/editor/index.ts
new file mode 100644
index 0000000..d942b92
--- /dev/null
+++ b/studio/src/components/editor/index.ts
@@ -0,0 +1,4 @@
+export { PluginEditor } from './PluginEditor'
+export { PostEditor } from './PostEditor'
+export { SourceEditor } from './SourceEditor'
+export { MetadataPanel } from './MetadataPanel'
diff --git a/studio/src/components/layout/Header.tsx b/studio/src/components/layout/Header.tsx
new file mode 100644
index 0000000..adef630
--- /dev/null
+++ b/studio/src/components/layout/Header.tsx
@@ -0,0 +1,76 @@
+import { useState } from 'react'
+import { useStore } from '@nanostores/react'
+import { $router } from '../../stores/router'
+import { Icons, type IconComponent } from '../shared/Icons'
+
+interface NavItem {
+  route: string
+  label: string
+  Icon: IconComponent
+}
+
+const navItems: NavItem[] = [
+  { route: 'posts', label: 'Posts', Icon: Icons.Posts },
+  { route: 'analytics', label: 'Analytics', Icon: Icons.Analytics },
+  { route: 'general', label: 'General', Icon: Icons.Settings },
+  { route: 'design', label: 'Design', Icon: Icons.Design },
+  { route: 'domain', label: 'Domain', Icon: Icons.Domain },
+  { route: 'engagement', label: 'Engagement', Icon: Icons.Engagement },
+  { route: 'monetization', label: 'Monetization', Icon: Icons.Monetization },
+  { route: 'api', label: 'API Keys', Icon: Icons.ApiKeys },
+  { route: 'data', label: 'Data', Icon: Icons.Data },
+  { route: 'billing', label: 'Billing', Icon: Icons.Billing },
+]
+
+interface HeaderProps {
+  className?: string
+}
+
+export function Header({ className = '' }: HeaderProps) {
+  const [menuOpen, setMenuOpen] = useState(false)
+  const page = useStore($router)
+  const currentRoute = page?.route ?? 'posts'
+
+  return (
+    <header className={`lg:hidden bg-surface border-b border-border sticky top-0 z-50 ${className}`}>
+      <div className="h-14 flex items-center justify-between px-4">
+        <a href="/" className="block">
+          <div className="text-[15px] font-bold tracking-tight text-text">WriteKit</div>
+          <div className="text-[11px] font-medium text-muted tracking-wide">Studio</div>
+        </a>
+        <button
+          onClick={() => setMenuOpen(!menuOpen)}
+          className="w-9 h-9 flex items-center justify-center hover:bg-border transition-colors"
+        >
+          {menuOpen ? <Icons.Close className="text-lg" /> : <Icons.Menu className="text-lg" />}
+        </button>
+      </div>
+
+      {menuOpen && (
+        <nav className="p-2 border-t border-border bg-surface">
+          {navItems.map(item => (
+            <a
+              key={item.route}
+              href={`/studio/${item.route}`}
+              onClick={() => setMenuOpen(false)}
+              className={currentRoute === item.route ? 'nav-item-active' : 'nav-item'}
+            >
+              <item.Icon className={`text-sm ${currentRoute === item.route ? 'text-accent opacity-100' : 'opacity-50'}`} />
+              <span>{item.label}</span>
+            </a>
+          ))}
+          <div className="border-t border-border mt-2 pt-2">
+            <a
+              href="/"
+              target="_blank"
+              className="nav-item"
+            >
+              <Icons.ExternalLink className="text-sm opacity-50" />
+              <span>View Site</span>
+            </a>
+          </div>
+        </nav>
+      )}
+    </header>
+  )
+}
diff --git a/studio/src/components/layout/Sidebar.tsx b/studio/src/components/layout/Sidebar.tsx
new file mode 100644
index 0000000..0255fc9
--- /dev/null
+++ b/studio/src/components/layout/Sidebar.tsx
@@ -0,0 +1,102 @@
+import { useStore } from '@nanostores/react'
+import { $router } from '../../stores/router'
+import { Icons, type IconComponent } from '../shared/Icons'
+
+interface NavItem {
+  route: string
+  label: string
+  Icon: IconComponent
+}
+
+interface NavSection {
+  title: string
+  items: NavItem[]
+}
+
+const navigation: NavSection[] = [
+  {
+    title: '',
+    items: [
+      { route: 'home', label: 'Home', Icon: Icons.Home },
+    ],
+  },
+  {
+    title: 'Content',
+    items: [
+      { route: 'posts', label: 'Posts', Icon: Icons.Posts },
+      { route: 'analytics', label: 'Analytics', Icon: Icons.Analytics },
+    ],
+  },
+  {
+    title: 'Site',
+    items: [
+      { route: 'general', label: 'General', Icon: Icons.Settings },
+      { route: 'design', label: 'Design', Icon: Icons.Design },
+      { route: 'domain', label: 'Domain', Icon: Icons.Domain },
+    ],
+  },
+  {
+    title: 'Readers',
+    items: [
+      { route: 'engagement', label: 'Engagement', Icon: Icons.Engagement },
+      { route: 'monetization', label: 'Monetization', Icon: Icons.Monetization },
+    ],
+  },
+  {
+    title: 'Developer',
+    items: [
+      { route: 'plugins', label: 'Plugins', Icon: Icons.Code },
+      { route: 'api', label: 'API Keys', Icon: Icons.ApiKeys },
+      { route: 'data', label: 'Data', Icon: Icons.Data },
+    ],
+  },
+  {
+    title: 'Account',
+    items: [
+      { route: 'billing', label: 'Billing', Icon: Icons.Billing },
+    ],
+  },
+]
+
+export function Sidebar() {
+  const page = useStore($router)
+  const currentRoute = page?.route ?? 'posts'
+
+  return (
+    <aside className="w-56 h-screen bg-bg border-r border-border flex flex-col">
+      <div className="px-4 py-6">
+        <a href="/" className="block group">
+          <div className="text-[15px] font-bold tracking-tight text-text">
+            WriteKit
+          </div>
+          <div className="text-[11px] font-medium text-muted tracking-wide">
+            Studio
+          </div>
+        </a>
+      </div>
+
+      <nav className="flex-1 overflow-y-auto px-3">
+        {navigation.map((section, idx) => (
+          <div key={section.title || idx} className="mb-1">
+            {section.title && <div className="nav-section">{section.title}</div>}
+            <div className="space-y-0.5">
+              {section.items.map(item => {
+                const href = item.route === 'home' ? '/studio' : `/studio/${item.route}`
+                return (
+                  <a
+                    key={item.route}
+                    href={href}
+                    className={currentRoute === item.route ? 'nav-item-active' : 'nav-item'}
+                  >
+                    <item.Icon className={`text-sm ${currentRoute === item.route ? 'text-accent opacity-100' : 'opacity-50'}`} />
+                    <span>{item.label}</span>
+                  </a>
+                )
+              })}
+            </div>
+          </div>
+        ))}
+      </nav>
+    </aside>
+  )
+}
diff --git a/studio/src/components/layout/index.ts b/studio/src/components/layout/index.ts
new file mode 100644
index 0000000..fd6b0e5
--- /dev/null
+++ b/studio/src/components/layout/index.ts
@@ -0,0 +1,2 @@
+export { Sidebar } from './Sidebar'
+export { Header } from './Header'
diff --git a/studio/src/components/shared/Breadcrumb.tsx b/studio/src/components/shared/Breadcrumb.tsx
new file mode 100644
index 0000000..02e9dff
--- /dev/null
+++ b/studio/src/components/shared/Breadcrumb.tsx
@@ -0,0 +1,45 @@
+import { useStore } from '@nanostores/react'
+import { $router } from '../../stores/router'
+import { Icons } from './Icons'
+
+const routeLabels: Record<string, string> = {
+  home: 'Home',
+  posts: 'Posts',
+  postNew: 'New Post',
+  postEdit: 'Edit Post',
+  analytics: 'Analytics',
+  general: 'General',
+  design: 'Design',
+  domain: 'Domain',
+  engagement: 'Engagement',
+  monetization: 'Monetization',
+  plugins: 'Plugins',
+  api: 'API Keys',
+  data: 'Data',
+  billing: 'Billing',
+}
+
+interface BreadcrumbProps {
+  title?: string
+}
+
+export function Breadcrumb({ title }: BreadcrumbProps) {
+  const page = useStore($router)
+  const routeKey = page?.route ?? 'home'
+  const displayTitle = title || routeLabels[routeKey] || ''
+  const isHome = routeKey === 'home'
+
+  if (isHome) {
+    return <span className="font-medium text-text">{displayTitle}</span>
+  }
+
+  return (
+    <div className="flex items-center gap-1.5 text-sm">
+      <a href="/studio" className="text-muted hover:text-text transition-colors">
+        Studio
+      </a>
+      <Icons.ChevronRight className="text-muted opacity-50" />
+      <span className="font-medium text-text">{displayTitle}</span>
+    </div>
+  )
+}
diff --git a/studio/src/components/shared/BreakdownList.tsx b/studio/src/components/shared/BreakdownList.tsx
new file mode 100644
index 0000000..9c86179
--- /dev/null
+++ b/studio/src/components/shared/BreakdownList.tsx
@@ -0,0 +1,51 @@
+import type { IconComponent } from './Icons'
+
+interface BreakdownItem {
+  label: string
+  value: number
+  percentage: number
+  Icon?: IconComponent
+  flagUrl?: string
+}
+
+interface BreakdownListProps {
+  items: BreakdownItem[]
+  limit?: number
+}
+
+export function BreakdownList({ items, limit = 6 }: BreakdownListProps) {
+  const displayItems = items.slice(0, limit)
+
+  return (
+    <div className="space-y-3">
+      {displayItems.map(item => (
+        <div key={item.label} className="flex items-center gap-3">
+          {item.flagUrl ? (
+            <div className="w-5 h-5 flex-shrink-0 rounded-sm overflow-hidden bg-border">
+              <img
+                src={item.flagUrl}
+                alt={item.label}
+                className="w-full h-full object-cover"
+                loading="lazy"
+              />
+            </div>
+          ) : item.Icon ? (
+            <item.Icon className="text-sm flex-shrink-0 opacity-50" />
+          ) : null}
+          <div className="flex-1 min-w-0 space-y-1">
+            <div className="flex items-center justify-between text-sm">
+              <span className="text-text truncate">{item.label}</span>
+              <span className="text-muted ml-2 flex-shrink-0">{item.percentage.toFixed(0)}%</span>
+            </div>
+            <div className="h-1.5 bg-border overflow-hidden">
+              <div
+                className="h-full bg-accent"
+                style={{ width: `${Math.min(item.percentage, 100)}%` }}
+              />
+            </div>
+          </div>
+        </div>
+      ))}
+    </div>
+  )
+}
diff --git a/studio/src/components/shared/EmptyState.tsx b/studio/src/components/shared/EmptyState.tsx
new file mode 100644
index 0000000..7e997d9
--- /dev/null
+++ b/studio/src/components/shared/EmptyState.tsx
@@ -0,0 +1,24 @@
+import type { ReactNode } from 'react'
+import type { IconComponent } from './Icons'
+
+interface EmptyStateProps {
+  Icon: IconComponent
+  title: string
+  description?: string
+  action?: ReactNode
+}
+
+export function EmptyState({ Icon, title, description, action }: EmptyStateProps) {
+  return (
+    <div className="card text-center py-12">
+      <div className="w-16 h-16 mx-auto mb-4 bg-border flex items-center justify-center">
+        <Icon className="text-muted text-2xl" />
+      </div>
+      <h3 className="text-sm font-medium text-text mb-1">{title}</h3>
+      {description && (
+        <p className="text-xs text-muted mb-4">{description}</p>
+      )}
+      {action}
+    </div>
+  )
+}
diff --git a/studio/src/components/shared/Field.tsx b/studio/src/components/shared/Field.tsx
new file mode 100644
index 0000000..b201f03
--- /dev/null
+++ b/studio/src/components/shared/Field.tsx
@@ -0,0 +1,27 @@
+import { Input, Textarea } from '../ui'
+
+interface FieldProps {
+  label: string
+  value: string
+  onChange: (value: string) => void
+  placeholder?: string
+  multiline?: boolean
+  hint?: string
+}
+
+export function Field({ label, value, onChange, placeholder, multiline, hint }: FieldProps) {
+  const InputComponent = multiline ? Textarea : Input
+  return (
+    <div>
+      <label className="label">{label}</label>
+      <InputComponent
+        value={value}
+        onChange={onChange}
+        placeholder={placeholder}
+      />
+      {hint && (
+        <p className="text-xs text-muted mt-1">{hint}</p>
+      )}
+    </div>
+  )
+}
diff --git a/studio/src/components/shared/Icons.tsx b/studio/src/components/shared/Icons.tsx
new file mode 100644
index 0000000..e5569e2
--- /dev/null
+++ b/studio/src/components/shared/Icons.tsx
@@ -0,0 +1,316 @@
+import type { ComponentProps, ReactElement } from 'react'
+
+export type IconProps = ComponentProps<'span'>
+export type IconComponent = (props: IconProps) => ReactElement
+
+function createIcon(className: string): IconComponent {
+  return function Icon(props: IconProps) {
+    return <span {...props} className={`${className}${props.className ? ' ' + props.className : ''}`} />
+  }
+}
+
+export const Icons = {
+  // Navigation
+  Home: createIcon('i-lucide-home'),
+  Posts: createIcon('i-lucide-file-text'),
+  Analytics: createIcon('i-lucide-bar-chart-2'),
+  Settings: createIcon('i-lucide-settings'),
+  Design: createIcon('i-lucide-palette'),
+  Domain: createIcon('i-lucide-globe'),
+  Engagement: createIcon('i-lucide-message-circle'),
+  Monetization: createIcon('i-lucide-credit-card'),
+  ApiKeys: createIcon('i-lucide-key'),
+  Data: createIcon('i-lucide-database'),
+  Billing: createIcon('i-lucide-receipt'),
+  ExternalLink: createIcon('i-lucide-external-link'),
+
+  // Actions
+  Plus: createIcon('i-lucide-plus'),
+  Edit: createIcon('i-lucide-pencil'),
+  Trash: createIcon('i-lucide-trash-2'),
+  Copy: createIcon('i-lucide-copy'),
+  Download: createIcon('i-lucide-download'),
+  Upload: createIcon('i-lucide-upload'),
+  Refresh: createIcon('i-lucide-refresh-cw'),
+  Search: createIcon('i-lucide-search'),
+  Close: createIcon('i-lucide-x'),
+  Menu: createIcon('i-lucide-menu'),
+  Check: createIcon('i-lucide-check'),
+  CheckCircle: createIcon('i-lucide-check-circle'),
+  AlertCircle: createIcon('i-lucide-alert-circle'),
+  Info: createIcon('i-lucide-info'),
+  Eye: createIcon('i-lucide-eye'),
+  Loader: createIcon('i-lucide-loader-2'),
+  ArrowLeft: createIcon('i-lucide-arrow-left'),
+  Key: createIcon('i-lucide-key'),
+  Play: createIcon('i-lucide-play'),
+  Save: createIcon('i-lucide-save'),
+
+  // Content
+  PenTool: createIcon('i-lucide-pen-tool'),
+  Image: createIcon('i-lucide-image'),
+  Link: createIcon('i-lucide-link'),
+  Crown: createIcon('i-lucide-crown'),
+  Ghost: createIcon('i-lucide-ghost'),
+
+  // Languages
+  TypeScript: createIcon('i-logos-typescript-icon'),
+  Go: createIcon('i-logos-go'),
+  CSharp: createIcon('i-logos-c-sharp'),
+  JavaScript: createIcon('i-logos-javascript'),
+  Rust: createIcon('i-logos-rust'),
+  Python: createIcon('i-logos-python'),
+
+  // Text formatting
+  Bold: createIcon('i-lucide-bold'),
+  Italic: createIcon('i-lucide-italic'),
+  Strikethrough: createIcon('i-lucide-strikethrough'),
+  CodeInline: createIcon('i-lucide-code'),
+  Heading1: createIcon('i-lucide-heading-1'),
+  Heading2: createIcon('i-lucide-heading-2'),
+  Heading3: createIcon('i-lucide-heading-3'),
+  List: createIcon('i-lucide-list'),
+  ListOrdered: createIcon('i-lucide-list-ordered'),
+  Quote: createIcon('i-lucide-quote'),
+  LinkOff: createIcon('i-lucide-link-2-off'),
+
+  // UI
+  ChevronDown: createIcon('i-lucide-chevron-down'),
+  ChevronUp: createIcon('i-lucide-chevron-up'),
+  ChevronRight: createIcon('i-lucide-chevron-right'),
+  Send: createIcon('i-lucide-send'),
+  Undo: createIcon('i-lucide-undo'),
+  History: createIcon('i-lucide-history'),
+  EyeOff: createIcon('i-lucide-eye-off'),
+  MoreHorizontal: createIcon('i-lucide-more-horizontal'),
+  TrendingUp: createIcon('i-lucide-trending-up'),
+  TrendingDown: createIcon('i-lucide-trending-down'),
+  AlertTriangle: createIcon('i-lucide-alert-triangle'),
+  Clock: createIcon('i-lucide-clock'),
+  ArrowRight: createIcon('i-lucide-arrow-right'),
+
+  // Code / Developer
+  Code: createIcon('i-lucide-code-2'),
+  WordPress: createIcon('i-lucide-pen-tool'),
+
+  // Devices
+  Desktop: createIcon('i-lucide-monitor'),
+  Mobile: createIcon('i-lucide-smartphone'),
+  Tablet: createIcon('i-lucide-tablet'),
+
+  // Browsers
+  Chrome: createIcon('i-simple-icons-googlechrome'),
+  Firefox: createIcon('i-simple-icons-firefox'),
+  Safari: createIcon('i-simple-icons-safari'),
+  Edge: createIcon('i-simple-icons-microsoftedge'),
+  Opera: createIcon('i-simple-icons-opera'),
+  Brave: createIcon('i-simple-icons-brave'),
+  Vivaldi: createIcon('i-simple-icons-vivaldi'),
+  Arc: createIcon('i-simple-icons-arc'),
+  Samsung: createIcon('i-simple-icons-samsung'),
+
+  // Operating Systems
+  Windows: createIcon('i-simple-icons-windows'),
+  MacOS: createIcon('i-simple-icons-apple'),
+  Linux: createIcon('i-simple-icons-linux'),
+  Android: createIcon('i-simple-icons-android'),
+  iOS: createIcon('i-simple-icons-apple'),
+  ChromeOS: createIcon('i-simple-icons-googlechrome'),
+  Ubuntu: createIcon('i-simple-icons-ubuntu'),
+
+  // Referrer brand icons
+  Google: createIcon('i-simple-icons-google'),
+  Bing: createIcon('i-simple-icons-bing'),
+  DuckDuckGo: createIcon('i-simple-icons-duckduckgo'),
+  Twitter: createIcon('i-simple-icons-x'),
+  Facebook: createIcon('i-simple-icons-facebook'),
+  LinkedIn: createIcon('i-simple-icons-linkedin'),
+  Instagram: createIcon('i-simple-icons-instagram'),
+  Pinterest: createIcon('i-simple-icons-pinterest'),
+  Reddit: createIcon('i-simple-icons-reddit'),
+  GitHub: createIcon('i-simple-icons-github'),
+  DevTo: createIcon('i-simple-icons-devdotto'),
+  HackerNews: createIcon('i-simple-icons-ycombinator'),
+  YouTube: createIcon('i-simple-icons-youtube'),
+  Medium: createIcon('i-simple-icons-medium'),
+  Substack: createIcon('i-simple-icons-substack'),
+  Mastodon: createIcon('i-simple-icons-mastodon'),
+  Bluesky: createIcon('i-simple-icons-bluesky'),
+  Discord: createIcon('i-simple-icons-discord'),
+  Slack: createIcon('i-simple-icons-slack'),
+  ProductHunt: createIcon('i-simple-icons-producthunt'),
+  StackOverflow: createIcon('i-simple-icons-stackoverflow'),
+  Direct: createIcon('i-lucide-globe'),
+  Mail: createIcon('i-lucide-mail'),
+  RSS: createIcon('i-lucide-rss'),
+} as const
+
+const referrerIconMap: Record<string, IconComponent> = {
+  'direct': Icons.Direct,
+  'google': Icons.Google,
+  'bing': Icons.Bing,
+  'duckduckgo': Icons.DuckDuckGo,
+  'twitter': Icons.Twitter,
+  'x.com': Icons.Twitter,
+  't.co': Icons.Twitter,
+  'facebook': Icons.Facebook,
+  'linkedin': Icons.LinkedIn,
+  'instagram': Icons.Instagram,
+  'pinterest': Icons.Pinterest,
+  'reddit': Icons.Reddit,
+  'github': Icons.GitHub,
+  'dev.to': Icons.DevTo,
+  'hacker news': Icons.HackerNews,
+  'ycombinator': Icons.HackerNews,
+  'youtube': Icons.YouTube,
+  'youtu.be': Icons.YouTube,
+  'medium': Icons.Medium,
+  'substack': Icons.Substack,
+  'mastodon': Icons.Mastodon,
+  'bluesky': Icons.Bluesky,
+  'bsky': Icons.Bluesky,
+  'discord': Icons.Discord,
+  'slack': Icons.Slack,
+  'producthunt': Icons.ProductHunt,
+  'product hunt': Icons.ProductHunt,
+  'stackoverflow': Icons.StackOverflow,
+  'stack overflow': Icons.StackOverflow,
+}
+
+export function getReferrerIcon(name: string): IconComponent {
+  if (!name || name === 'Direct') return Icons.Direct
+  const lower = name.toLowerCase()
+  for (const [key, icon] of Object.entries(referrerIconMap)) {
+    if (lower.includes(key)) return icon
+  }
+  return Icons.Link
+}
+
+const countryNameToCode: Record<string, string> = {
+  'united states': 'us',
+  'united kingdom': 'gb',
+  'canada': 'ca',
+  'australia': 'au',
+  'germany': 'de',
+  'france': 'fr',
+  'japan': 'jp',
+  'china': 'cn',
+  'india': 'in',
+  'brazil': 'br',
+  'mexico': 'mx',
+  'spain': 'es',
+  'italy': 'it',
+  'netherlands': 'nl',
+  'sweden': 'se',
+  'norway': 'no',
+  'denmark': 'dk',
+  'finland': 'fi',
+  'poland': 'pl',
+  'russia': 'ru',
+  'ukraine': 'ua',
+  'south korea': 'kr',
+  'taiwan': 'tw',
+  'singapore': 'sg',
+  'hong kong': 'hk',
+  'indonesia': 'id',
+  'thailand': 'th',
+  'vietnam': 'vn',
+  'philippines': 'ph',
+  'malaysia': 'my',
+  'new zealand': 'nz',
+  'ireland': 'ie',
+  'switzerland': 'ch',
+  'austria': 'at',
+  'belgium': 'be',
+  'portugal': 'pt',
+  'czech republic': 'cz',
+  'czechia': 'cz',
+  'romania': 'ro',
+  'hungary': 'hu',
+  'greece': 'gr',
+  'turkey': 'tr',
+  'israel': 'il',
+  'united arab emirates': 'ae',
+  'saudi arabia': 'sa',
+  'south africa': 'za',
+  'argentina': 'ar',
+  'chile': 'cl',
+  'colombia': 'co',
+  'peru': 'pe',
+  'egypt': 'eg',
+  'nigeria': 'ng',
+  'kenya': 'ke',
+  'pakistan': 'pk',
+  'bangladesh': 'bd',
+  'sri lanka': 'lk',
+}
+
+export function getCountryCode(name: string): string | null {
+  if (!name) return null
+  const lower = name.toLowerCase()
+  return countryNameToCode[lower] || null
+}
+
+export function getCountryFlagUrl(name: string, size: number = 24): string | null {
+  const code = getCountryCode(name)
+  if (!code) return null
+  return `https://flagcdn.com/w${size}/${code}.png`
+}
+
+const browserIconMap: Record<string, IconComponent> = {
+  'chrome': Icons.Chrome,
+  'firefox': Icons.Firefox,
+  'safari': Icons.Safari,
+  'edge': Icons.Edge,
+  'opera': Icons.Opera,
+  'brave': Icons.Brave,
+  'vivaldi': Icons.Vivaldi,
+  'arc': Icons.Arc,
+  'samsung': Icons.Samsung,
+}
+
+export function getBrowserIcon(name: string): IconComponent | null {
+  if (!name) return null
+  const lower = name.toLowerCase()
+  for (const [key, icon] of Object.entries(browserIconMap)) {
+    if (lower.includes(key)) return icon
+  }
+  return null
+}
+
+const deviceIconMap: Record<string, IconComponent> = {
+  'desktop': Icons.Desktop,
+  'mobile': Icons.Mobile,
+  'tablet': Icons.Tablet,
+  'phone': Icons.Mobile,
+}
+
+export function getDeviceIcon(name: string): IconComponent | null {
+  if (!name) return null
+  const lower = name.toLowerCase()
+  for (const [key, icon] of Object.entries(deviceIconMap)) {
+    if (lower.includes(key)) return icon
+  }
+  return null
+}
+
+const osIconMap: Record<string, IconComponent> = {
+  'windows': Icons.Windows,
+  'macos': Icons.MacOS,
+  'mac os': Icons.MacOS,
+  'ios': Icons.iOS,
+  'android': Icons.Android,
+  'linux': Icons.Linux,
+  'ubuntu': Icons.Ubuntu,
+  'chrome os': Icons.ChromeOS,
+  'chromeos': Icons.ChromeOS,
+}
+
+export function getOSIcon(name: string): IconComponent | null {
+  if (!name) return null
+  const lower = name.toLowerCase()
+  for (const [key, icon] of Object.entries(osIconMap)) {
+    if (lower.includes(key)) return icon
+  }
+  return null
+}
diff --git a/studio/src/components/shared/LoadingState.tsx b/studio/src/components/shared/LoadingState.tsx
new file mode 100644
index 0000000..9bb4d42
--- /dev/null
+++ b/studio/src/components/shared/LoadingState.tsx
@@ -0,0 +1,9 @@
+import { Icons } from './Icons'
+
+export function LoadingState() {
+  return (
+    <div className="flex items-center justify-center py-12">
+      <Icons.Loader className="animate-spin text-muted text-2xl" />
+    </div>
+  )
+}
diff --git a/studio/src/components/shared/PageHeader.tsx b/studio/src/components/shared/PageHeader.tsx
new file mode 100644
index 0000000..42d1f36
--- /dev/null
+++ b/studio/src/components/shared/PageHeader.tsx
@@ -0,0 +1,16 @@
+import type { ReactNode } from 'react'
+import { Breadcrumb } from './Breadcrumb'
+
+interface PageHeaderProps {
+  title?: string
+  children?: ReactNode
+}
+
+export function PageHeader({ title, children }: PageHeaderProps) {
+  return (
+    <div className="flex items-center justify-between mb-6">
+      <Breadcrumb title={title} />
+      {children && <div className="flex items-center gap-2">{children}</div>}
+    </div>
+  )
+}
diff --git a/studio/src/components/shared/SaveBar.tsx b/studio/src/components/shared/SaveBar.tsx
new file mode 100644
index 0000000..c74239c
--- /dev/null
+++ b/studio/src/components/shared/SaveBar.tsx
@@ -0,0 +1,39 @@
+import { Button } from '../ui'
+
+interface SaveBarProps {
+  onSave: () => void
+  loading?: boolean
+  disabled?: boolean
+  changes?: string[]
+}
+
+export function SaveBar({ onSave, loading, disabled, changes = [] }: SaveBarProps) {
+  return (
+    <div className="fixed bottom-0 left-0 right-0 z-50 border-t border-border bg-bg/95 backdrop-blur-sm">
+      <div className="max-w-4xl mx-auto px-6 py-3 flex items-center justify-between">
+        <div className="flex items-center gap-2">
+          <div className="w-2 h-2 rounded-full bg-amber-500 animate-pulse" />
+          <span className="text-sm">
+            {changes.length > 0 ? (
+              <>
+                <span className="text-muted">Changed: </span>
+                <span className="font-medium">{changes.slice(0, 3).join(', ')}</span>
+                {changes.length > 3 && <span className="text-muted"> +{changes.length - 3} more</span>}
+              </>
+            ) : (
+              <span className="text-muted">Unsaved changes</span>
+            )}
+          </span>
+        </div>
+        <Button
+          variant="primary"
+          onClick={onSave}
+          loading={loading}
+          disabled={disabled}
+        >
+          Save
+        </Button>
+      </div>
+    </div>
+  )
+}
diff --git a/studio/src/components/shared/Section.tsx b/studio/src/components/shared/Section.tsx
new file mode 100644
index 0000000..00c0ea1
--- /dev/null
+++ b/studio/src/components/shared/Section.tsx
@@ -0,0 +1,21 @@
+import type { ReactNode } from 'react'
+
+interface SectionProps {
+  title: string
+  description?: string
+  children: ReactNode
+}
+
+export function Section({ title, description, children }: SectionProps) {
+  return (
+    <div className="section">
+      <div className="mb-4">
+        <h2 className="text-sm font-medium text-text">{title}</h2>
+        {description && (
+          <p className="text-xs text-muted mt-1">{description}</p>
+        )}
+      </div>
+      <div className="space-y-4">{children}</div>
+    </div>
+  )
+}
diff --git a/studio/src/components/shared/Skeleton.tsx b/studio/src/components/shared/Skeleton.tsx
new file mode 100644
index 0000000..3056bbc
--- /dev/null
+++ b/studio/src/components/shared/Skeleton.tsx
@@ -0,0 +1,596 @@
+import { PageHeader } from './PageHeader'
+
+interface SkeletonProps {
+  className?: string
+}
+
+export function Skeleton({ className = '' }: SkeletonProps) {
+  return <div className={`bg-border/60 animate-shimmer ${className}`} />
+}
+
+export function SkeletonText({ className = '' }: SkeletonProps) {
+  return <Skeleton className={`h-4 rounded ${className}`} />
+}
+
+export function SkeletonCard({ className = '' }: SkeletonProps) {
+  return <Skeleton className={`h-24 ${className}`} />
+}
+
+// Page header skeleton with optional action button placeholder
+interface PageHeaderSkeletonProps {
+  showAction?: boolean
+}
+
+export function PageHeaderSkeleton({ showAction = true }: PageHeaderSkeletonProps) {
+  return (
+    <PageHeader>
+      {showAction && <Skeleton className="w-28 h-9" />}
+    </PageHeader>
+  )
+}
+
+export function PostsPageSkeleton() {
+  return (
+    <div>
+      <PageHeader>
+        <Skeleton className="w-24 h-9" />
+      </PageHeader>
+
+      <div className="-mx-6 lg:-mx-10 mt-6">
+        <div className="relative">
+          <div className="absolute top-0 bottom-0 border-l border-border" style={{ left: '33.333%' }} />
+          <div className="absolute top-0 bottom-0 border-l border-border" style={{ left: '66.666%' }} />
+
+          <div className="grid grid-cols-3">
+            <div className="py-4 pl-6 lg:pl-10 pr-6">
+              <div className="text-xs text-muted mb-0.5">Total Posts</div>
+              <Skeleton className="w-10 h-6" />
+            </div>
+            <div className="py-4 px-6">
+              <div className="text-xs text-muted mb-0.5">Published</div>
+              <Skeleton className="w-10 h-6" />
+            </div>
+            <div className="py-4 pr-6 lg:pr-10 pl-6">
+              <div className="text-xs text-muted mb-0.5">Total Views</div>
+              <Skeleton className="w-16 h-6" />
+            </div>
+          </div>
+        </div>
+
+        <div className="border-t border-border" />
+
+        <div className="px-6 lg:px-10 py-4 flex flex-col sm:flex-row sm:items-center gap-4">
+          <div className="flex bg-border/50 border border-border">
+            {['All', 'Published', 'Drafts'].map((label, i) => (
+              <div
+                key={label}
+                className={`px-3 py-1.5 text-xs font-medium tracking-wide text-muted ${
+                  i === 0 ? 'bg-surface border-x border-border/50' : ''
+                }`}
+              >
+                {label}
+              </div>
+            ))}
+          </div>
+          <div className="flex-1 sm:max-w-xs sm:ml-auto">
+            <Skeleton className="h-10" />
+          </div>
+        </div>
+
+        <div className="border-t border-border" />
+
+        {[1, 2, 3, 4, 5].map(i => (
+          <div key={i} className={`flex items-center gap-4 px-6 lg:px-10 py-4 ${i > 1 ? 'border-t border-border' : ''}`}>
+            <div className="flex-1 min-w-0 space-y-2">
+              <div className="flex items-center gap-2.5">
+                {i <= 2 && <Skeleton className="w-12 h-5" />}
+                <SkeletonText className={i <= 2 ? 'w-40' : 'w-56'} />
+              </div>
+              <div className="flex items-center gap-3">
+                <SkeletonText className="w-24 h-3" />
+                <SkeletonText className="w-16 h-3" />
+              </div>
+            </div>
+            <Skeleton className="w-8 h-8" />
+          </div>
+        ))}
+      </div>
+    </div>
+  )
+}
+
+export function AnalyticsPageSkeleton() {
+  return (
+    <div>
+      <PageHeader>
+        <div className="flex bg-border/50 border border-border">
+          {['7d', '30d', '90d'].map((label, i) => (
+            <div
+              key={label}
+              className={`px-3 py-1.5 text-xs font-medium tracking-wide text-muted ${
+                i === 0 ? 'bg-surface border-x border-border/50' : ''
+              }`}
+            >
+              {label}
+            </div>
+          ))}
+        </div>
+      </PageHeader>
+
+      <div className="-mx-6 lg:-mx-10 mt-6">
+        <div className="relative">
+          <div className="absolute top-0 bottom-0 left-1/2 border-l border-border lg:hidden" />
+          <div className="hidden lg:block absolute top-0 bottom-0 border-l border-border" style={{ left: '25%' }} />
+          <div className="hidden lg:block absolute top-0 bottom-0 border-l border-border" style={{ left: '50%' }} />
+          <div className="hidden lg:block absolute top-0 bottom-0 border-l border-border" style={{ left: '75%' }} />
+
+          <div className="grid grid-cols-2 lg:grid-cols-4">
+            <div className="py-5 pl-6 lg:pl-10 pr-6">
+              <div className="text-xs text-muted mb-1">Total Views</div>
+              <Skeleton className="w-20 h-8" />
+              <div className="text-xs mt-1 text-muted">
+                <Skeleton className="w-24 h-3 inline-block" />
+              </div>
+            </div>
+            <div className="py-5 px-6 lg:pr-6">
+              <div className="text-xs text-muted mb-1">Page Views</div>
+              <Skeleton className="w-16 h-8" />
+            </div>
+            <div className="py-5 px-6 lg:pl-6 border-t border-border lg:border-t-0">
+              <div className="text-xs text-muted mb-1">Unique Visitors</div>
+              <Skeleton className="w-14 h-8" />
+            </div>
+            <div className="py-5 pr-6 lg:pr-10 pl-6 border-t border-border lg:border-t-0">
+              <div className="text-xs text-muted mb-1">Bandwidth</div>
+              <Skeleton className="w-16 h-8" />
+            </div>
+          </div>
+        </div>
+
+        <div className="border-t border-border" />
+
+        <div className="px-6 lg:px-10 py-6">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide mb-4">Views Over Time</div>
+          <Skeleton className="h-48" />
+        </div>
+
+        <div className="border-t border-border" />
+
+        <div className="relative">
+          <div className="hidden lg:block absolute top-0 bottom-0 left-1/2 border-l border-border" />
+          <div className="grid lg:grid-cols-2">
+            <div className="py-6 pl-6 lg:pl-10 pr-6 border-b border-border lg:border-b-0">
+              <div className="text-xs font-medium text-muted uppercase tracking-wide mb-4">Top Pages</div>
+              {[1, 2, 3].map(j => (
+                <div key={j} className="space-y-2 mb-3">
+                  <div className="flex justify-between">
+                    <SkeletonText className="w-32" />
+                    <SkeletonText className="w-8" />
+                  </div>
+                  <Skeleton className="h-1.5" />
+                </div>
+              ))}
+            </div>
+            <div className="py-6 pr-6 lg:pr-10 pl-6">
+              <div className="text-xs font-medium text-muted uppercase tracking-wide mb-4">Top Referrers</div>
+              {[1, 2, 3].map(j => (
+                <div key={j} className="space-y-2 mb-3">
+                  <div className="flex justify-between">
+                    <SkeletonText className="w-24" />
+                    <SkeletonText className="w-8" />
+                  </div>
+                  <Skeleton className="h-1.5" />
+                </div>
+              ))}
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+  )
+}
+
+// Generic settings page skeleton
+export function SettingsPageSkeleton() {
+  return (
+    <div className="space-y-6">
+      <PageHeaderSkeleton showAction={false} />
+      {[1, 2].map(i => (
+        <div key={i} className="card p-6 space-y-4">
+          <div className="space-y-1">
+            <SkeletonText className="w-24" />
+            <SkeletonText className="w-48 h-3" />
+          </div>
+          <div className="space-y-4">
+            {[1, 2, 3].map(j => (
+              <div key={j} className="space-y-1">
+                <SkeletonText className="w-16 h-3" />
+                <Skeleton className="h-10" />
+              </div>
+            ))}
+          </div>
+        </div>
+      ))}
+    </div>
+  )
+}
+
+// General page skeleton - 3 sections with fields
+export function GeneralPageSkeleton() {
+  return (
+    <div className="space-y-6 pb-20">
+      <PageHeaderSkeleton showAction={false} />
+      {/* Site Information */}
+      <div className="card p-6 space-y-4">
+        <div className="space-y-1">
+          <h3 className="text-sm font-medium text-text">Site Information</h3>
+          <p className="text-xs text-muted">Basic details about your blog</p>
+        </div>
+        <div className="space-y-4">
+          <div className="space-y-1">
+            <span className="text-xs text-muted">Site Title</span>
+            <Skeleton className="h-10" />
+          </div>
+          <div className="space-y-1">
+            <span className="text-xs text-muted">Description</span>
+            <Skeleton className="h-20" />
+          </div>
+        </div>
+      </div>
+      {/* Author */}
+      <div className="card p-6 space-y-4">
+        <div className="space-y-1">
+          <h3 className="text-sm font-medium text-text">Author</h3>
+          <p className="text-xs text-muted">Information displayed on your posts</p>
+        </div>
+        <div className="space-y-4">
+          {['Name', 'Email', 'Avatar URL', 'Bio'].map((label, i) => (
+            <div key={label} className="space-y-1">
+              <span className="text-xs text-muted">{label}</span>
+              <Skeleton className={i === 3 ? 'h-20' : 'h-10'} />
+            </div>
+          ))}
+        </div>
+      </div>
+      {/* Social Links */}
+      <div className="card p-6 space-y-4">
+        <div className="space-y-1">
+          <h3 className="text-sm font-medium text-text">Social Links</h3>
+          <p className="text-xs text-muted">Links to your social profiles</p>
+        </div>
+        <div className="space-y-4">
+          {['Twitter', 'GitHub', 'LinkedIn', 'Website'].map(label => (
+            <div key={label} className="space-y-1">
+              <span className="text-xs text-muted">{label}</span>
+              <Skeleton className="h-10" />
+            </div>
+          ))}
+        </div>
+      </div>
+    </div>
+  )
+}
+
+// Design page skeleton - preview, colors, grids
+export function DesignPageSkeleton() {
+  return (
+    <div className="space-y-8 pb-20">
+      <PageHeaderSkeleton showAction={false} />
+      {/* Live Preview */}
+      <div>
+        <span className="text-xs text-muted block mb-3">Live Preview</span>
+        <Skeleton className="h-64 border border-border" />
+      </div>
+      {/* Accent Color */}
+      <div>
+        <span className="text-xs text-muted block mb-3">Accent Color</span>
+        <div className="flex items-center gap-3">
+          <Skeleton className="w-12 h-12" />
+          <Skeleton className="w-32 h-10" />
+          <div className="flex gap-1.5">
+            {[1, 2, 3, 4, 5, 6].map(i => (
+              <Skeleton key={i} className="w-7 h-7" />
+            ))}
+          </div>
+        </div>
+      </div>
+      {/* Typography */}
+      <div>
+        <span className="text-xs text-muted block mb-3">Typography</span>
+        <div className="grid grid-cols-2 gap-2">
+          {[1, 2, 3, 4, 5, 6].map(i => (
+            <Skeleton key={i} className="h-20 border border-border" />
+          ))}
+        </div>
+      </div>
+      {/* Code Theme */}
+      <div>
+        <span className="text-xs text-muted block mb-3">Code Theme</span>
+        <div className="grid grid-cols-2 gap-2">
+          {[1, 2, 3, 4, 5].map(i => (
+            <Skeleton key={i} className="h-24 border border-border" />
+          ))}
+        </div>
+      </div>
+      {/* Layout */}
+      <div>
+        <span className="text-xs text-muted block mb-3">Layout</span>
+        <div className="grid grid-cols-3 gap-3">
+          {[1, 2, 3].map(i => (
+            <Skeleton key={i} className="h-28 border border-border" />
+          ))}
+        </div>
+      </div>
+    </div>
+  )
+}
+
+// Engagement page skeleton - toggles and options
+export function EngagementPageSkeleton() {
+  return (
+    <div className="space-y-6 pb-20">
+      <PageHeaderSkeleton showAction={false} />
+      {/* Comments section */}
+      <div className="card p-6 space-y-4">
+        <div className="space-y-1">
+          <h3 className="text-sm font-medium text-text">Comments</h3>
+          <p className="text-xs text-muted">Let readers comment on your posts</p>
+        </div>
+        <div className="flex items-center justify-between">
+          <div className="space-y-1">
+            <span className="text-sm text-text">Enable Comments</span>
+            <SkeletonText className="w-48 h-3" />
+          </div>
+          <Skeleton className="w-12 h-6 rounded-full" />
+        </div>
+      </div>
+      {/* Reactions section */}
+      <div className="card p-6 space-y-4">
+        <div className="space-y-1">
+          <h3 className="text-sm font-medium text-text">Reactions</h3>
+          <p className="text-xs text-muted">Let readers react to posts</p>
+        </div>
+        <div className="flex items-center justify-between">
+          <div className="space-y-1">
+            <span className="text-sm text-text">Enable Reactions</span>
+            <SkeletonText className="w-44 h-3" />
+          </div>
+          <Skeleton className="w-12 h-6 rounded-full" />
+        </div>
+      </div>
+    </div>
+  )
+}
+
+export function APIPageSkeleton() {
+  return (
+    <div>
+      <PageHeader>
+        <Skeleton className="w-28 h-9" />
+      </PageHeader>
+
+      <div className="-mx-6 lg:-mx-10 mt-6">
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Your API Keys</div>
+          <div className="text-xs text-muted mt-0.5">Use these keys to authenticate API requests</div>
+        </div>
+        <div className="border-t border-border">
+          {[1, 2].map(i => (
+            <div key={i} className={`flex flex-col sm:flex-row sm:items-center gap-4 px-6 lg:px-10 py-4 ${i > 1 ? 'border-t border-border' : ''}`}>
+              <div className="flex-1 min-w-0 space-y-2">
+                <SkeletonText className="w-24" />
+                <div className="flex items-center gap-3">
+                  <SkeletonText className="w-20 h-3" />
+                  <SkeletonText className="w-28 h-3" />
+                  <SkeletonText className="w-24 h-3" />
+                </div>
+              </div>
+              <Skeleton className="w-16 h-8" />
+            </div>
+          ))}
+        </div>
+
+        <div className="border-t border-border" />
+
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Webhooks</div>
+          <div className="text-xs text-muted mt-0.5">Get notified when posts are published, updated, or deleted</div>
+        </div>
+        <div className="px-6 lg:px-10 py-6 space-y-3">
+          <div className="border border-border p-4 space-y-3">
+            <div className="flex items-center gap-2">
+              <Skeleton className="w-2 h-2 rounded-full" />
+              <SkeletonText className="w-24" />
+            </div>
+            <SkeletonText className="w-48 h-3" />
+            <div className="flex gap-1">
+              <Skeleton className="w-20 h-5" />
+              <Skeleton className="w-16 h-5" />
+            </div>
+          </div>
+          <Skeleton className="w-28 h-9" />
+        </div>
+
+        <div className="border-t border-border" />
+
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">API Reference</div>
+          <div className="text-xs text-muted mt-0.5">Base URL: <Skeleton className="w-32 h-3 inline-block" /></div>
+        </div>
+        <div className="px-6 lg:px-10 py-6 space-y-2">
+          {['GET', 'POST', 'GET', 'PUT', 'DELETE'].map((method, i) => (
+            <div key={i} className="flex items-center gap-3 px-4 py-3 border border-border">
+              <Skeleton className={`w-12 h-5 ${method === 'GET' ? 'bg-success/15' : method === 'POST' ? 'bg-blue-500/15' : method === 'PUT' ? 'bg-warning/15' : 'bg-danger/15'}`} />
+              <SkeletonText className="w-32" />
+              <SkeletonText className="flex-1 hidden sm:block" />
+              <Skeleton className="w-4 h-4" />
+            </div>
+          ))}
+        </div>
+      </div>
+    </div>
+  )
+}
+
+export function HomePageSkeleton() {
+  return (
+    <div>
+      <PageHeader>
+        <Skeleton className="w-24 h-9" />
+      </PageHeader>
+
+      <div className="-mx-6 lg:-mx-10 mt-6">
+        <div className="relative">
+          <div className="absolute top-0 bottom-0 border-l border-border" style={{ left: '33.333%' }} />
+          <div className="absolute top-0 bottom-0 border-l border-border" style={{ left: '66.666%' }} />
+
+          <div className="grid grid-cols-3">
+            <div className="py-5 pl-6 lg:pl-10 pr-6">
+              <div className="text-xs text-muted mb-1">Views</div>
+              <Skeleton className="w-16 h-8" />
+              <div className="text-xs mt-1 text-muted">
+                <Skeleton className="w-24 h-3 inline-block" />
+              </div>
+            </div>
+            <div className="py-5 px-6">
+              <div className="text-xs text-muted mb-1">Visitors</div>
+              <Skeleton className="w-12 h-8" />
+            </div>
+            <div className="py-5 pr-6 lg:pr-10 pl-6">
+              <div className="text-xs text-muted mb-1">Posts</div>
+              <Skeleton className="w-8 h-8" />
+              <SkeletonText className="w-16 h-3 mt-1" />
+            </div>
+          </div>
+        </div>
+
+        <div className="border-t border-border" />
+
+        <div className="relative">
+          <div className="absolute top-0 bottom-0 left-1/2 border-l border-border" />
+
+          <div className="grid grid-cols-2">
+            <div className="pl-6 lg:pl-10 pr-6 py-6 space-y-6">
+              <div>
+                <div className="mb-3">
+                  <span className="text-xs font-medium text-muted uppercase tracking-wide">Continue Writing</span>
+                </div>
+                <div className="space-y-1">
+                  {[1, 2].map(i => (
+                    <div key={i} className="flex items-center justify-between py-2">
+                      <div className="flex items-center gap-2.5">
+                        <Skeleton className="w-3.5 h-3.5" />
+                        <SkeletonText className="w-32" />
+                      </div>
+                      <div className="flex items-center gap-2">
+                        <SkeletonText className="w-10 h-3" />
+                        <Skeleton className="w-4 h-4" />
+                      </div>
+                    </div>
+                  ))}
+                </div>
+              </div>
+              <div>
+                <div className="mb-3">
+                  <span className="text-xs font-medium text-muted uppercase tracking-wide">Recent Posts</span>
+                </div>
+                <div className="space-y-1">
+                  {[1, 2, 3, 4].map(i => (
+                    <div key={i} className="flex items-center justify-between py-2">
+                      <div className="flex items-center gap-2.5">
+                        <Skeleton className="w-3.5 h-3.5" />
+                        <SkeletonText className="w-40" />
+                      </div>
+                      <div className="flex items-center gap-3 text-xs text-muted">
+                        <SkeletonText className="w-6 h-3" />
+                        <SkeletonText className="w-12 h-3" />
+                      </div>
+                    </div>
+                  ))}
+                </div>
+              </div>
+            </div>
+
+            <div className="pr-6 lg:pr-10 pl-6 py-6">
+              <div className="mb-3">
+                <span className="text-xs font-medium text-muted uppercase tracking-wide">Top Referrers</span>
+              </div>
+              <div className="space-y-3">
+                {[1, 2, 3, 4, 5].map(i => (
+                  <div key={i} className="space-y-2">
+                    <div className="flex justify-between">
+                      <SkeletonText className="w-24" />
+                      <SkeletonText className="w-8" />
+                    </div>
+                    <Skeleton className="h-1.5" />
+                  </div>
+                ))}
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+  )
+}
+
+export function BillingPageSkeleton() {
+  return (
+    <div>
+      <PageHeader />
+
+      <div className="-mx-6 lg:-mx-10 mt-6">
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Current Plan</div>
+        </div>
+        <div className="px-6 lg:px-10 pb-6">
+          <div className="p-4 border border-border">
+            <div className="flex items-center justify-between">
+              <div className="space-y-2">
+                <Skeleton className="w-24 h-6" />
+                <SkeletonText className="w-32 h-3" />
+              </div>
+              <Skeleton className="w-32 h-9" />
+            </div>
+          </div>
+        </div>
+
+        <div className="border-t border-border" />
+
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Upgrade to Pro</div>
+        </div>
+        <div className="px-6 lg:px-10 pb-6">
+          <div className="flex items-center justify-center gap-3 mb-6">
+            <Skeleton className="w-20 h-8" />
+            <Skeleton className="w-24 h-8" />
+          </div>
+          <div className="max-w-md mx-auto p-6 border border-border">
+            <div className="text-center mb-6 space-y-2">
+              <SkeletonText className="w-12 mx-auto" />
+              <Skeleton className="w-24 h-10 mx-auto" />
+            </div>
+            <div className="space-y-3 mb-6">
+              {[1, 2, 3, 4, 5].map(i => (
+                <div key={i} className="flex items-center gap-2">
+                  <Skeleton className="w-4 h-4" />
+                  <SkeletonText className="w-40" />
+                </div>
+              ))}
+            </div>
+            <Skeleton className="w-full h-10" />
+          </div>
+        </div>
+
+        <div className="border-t border-border" />
+
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Feature Comparison</div>
+        </div>
+        <div className="px-6 lg:px-10 pb-6">
+          <Skeleton className="w-full h-64" />
+        </div>
+      </div>
+    </div>
+  )
+}
diff --git a/studio/src/components/shared/StatCard.tsx b/studio/src/components/shared/StatCard.tsx
new file mode 100644
index 0000000..979d44d
--- /dev/null
+++ b/studio/src/components/shared/StatCard.tsx
@@ -0,0 +1,26 @@
+interface StatCardProps {
+  label: string
+  value: string
+  icon?: string
+  change?: string
+  positive?: boolean
+}
+
+export function StatCard({ label, value, icon, change, positive }: StatCardProps) {
+  return (
+    <div className="card">
+      {icon && (
+        <div className="w-10 h-10 bg-accent/10 flex items-center justify-center mb-3">
+          <span className={`${icon} text-accent text-lg`} />
+        </div>
+      )}
+      <div className="text-xs text-muted uppercase tracking-wide mb-1">{label}</div>
+      <div className="text-2xl font-semibold text-text">{value}</div>
+      {change && (
+        <div className={`text-xs mt-1 ${positive ? 'text-success' : 'text-danger'}`}>
+          {change}
+        </div>
+      )}
+    </div>
+  )
+}
diff --git a/studio/src/components/shared/index.ts b/studio/src/components/shared/index.ts
new file mode 100644
index 0000000..dab9ff4
--- /dev/null
+++ b/studio/src/components/shared/index.ts
@@ -0,0 +1,23 @@
+export { Section } from './Section'
+export { Field } from './Field'
+export { StatCard } from './StatCard'
+export { BreakdownList } from './BreakdownList'
+export { EmptyState } from './EmptyState'
+export { LoadingState } from './LoadingState'
+export { SaveBar } from './SaveBar'
+export { Breadcrumb } from './Breadcrumb'
+export { PageHeader } from './PageHeader'
+export {
+  Skeleton,
+  SkeletonText,
+  SkeletonCard,
+  PostsPageSkeleton,
+  AnalyticsPageSkeleton,
+  SettingsPageSkeleton,
+  GeneralPageSkeleton,
+  DesignPageSkeleton,
+  EngagementPageSkeleton,
+  APIPageSkeleton,
+  BillingPageSkeleton,
+  HomePageSkeleton,
+} from './Skeleton'
diff --git a/studio/src/components/ui/ActionMenu.tsx b/studio/src/components/ui/ActionMenu.tsx
new file mode 100644
index 0000000..ea3b485
--- /dev/null
+++ b/studio/src/components/ui/ActionMenu.tsx
@@ -0,0 +1,92 @@
+import { useState, useRef, useEffect } from 'react'
+import type { IconComponent } from '../shared/Icons'
+import { Icons } from '../shared/Icons'
+
+export interface ActionMenuItem {
+  label: string
+  Icon?: IconComponent
+  onClick?: () => void
+  href?: string
+  external?: boolean
+  variant?: 'default' | 'danger'
+}
+
+interface ActionMenuProps {
+  items: ActionMenuItem[]
+  className?: string
+}
+
+export function ActionMenu({ items, className = '' }: ActionMenuProps) {
+  const [open, setOpen] = useState(false)
+  const containerRef = useRef<HTMLDivElement>(null)
+
+  useEffect(() => {
+    function handleClickOutside(e: MouseEvent) {
+      if (containerRef.current && !containerRef.current.contains(e.target as Node)) {
+        setOpen(false)
+      }
+    }
+    document.addEventListener('mousedown', handleClickOutside)
+    return () => document.removeEventListener('mousedown', handleClickOutside)
+  }, [])
+
+  return (
+    <div ref={containerRef} className={`relative ${className}`} data-action-menu>
+      <button
+        type="button"
+        onClick={(e) => {
+          e.preventDefault()
+          e.stopPropagation()
+          setOpen(!open)
+        }}
+        className="p-2 text-muted/60 hover:text-text hover:bg-bg rounded transition-all duration-150"
+        aria-label="Actions"
+      >
+        <Icons.MoreHorizontal className="w-4 h-4" />
+      </button>
+
+      {open && (
+        <div className="absolute right-0 top-full mt-1 w-36 bg-surface border border-border shadow-lg z-[100] py-1">
+          {items.map((item, i) => {
+            const itemClass = `w-full flex items-center gap-2.5 px-3 py-2 text-sm transition-colors ${
+              item.variant === 'danger'
+                ? 'text-danger hover:bg-danger/5'
+                : 'text-text hover:bg-bg'
+            }`
+
+            if (item.href) {
+              return (
+                <a
+                  key={i}
+                  href={item.href}
+                  target={item.external ? '_blank' : undefined}
+                  rel={item.external ? 'noopener noreferrer' : undefined}
+                  className={itemClass}
+                  onClick={() => setOpen(false)}
+                >
+                  {item.Icon && <item.Icon className="w-3.5 h-3.5 opacity-60" />}
+                  {item.label}
+                </a>
+              )
+            }
+
+            return (
+              <button
+                key={i}
+                type="button"
+                onClick={() => {
+                  setOpen(false)
+                  item.onClick?.()
+                }}
+                className={itemClass}
+              >
+                {item.Icon && <item.Icon className="w-3.5 h-3.5 opacity-70" />}
+                {item.label}
+              </button>
+            )
+          })}
+        </div>
+      )}
+    </div>
+  )
+}
diff --git a/studio/src/components/ui/Badge.tsx b/studio/src/components/ui/Badge.tsx
new file mode 100644
index 0000000..f110645
--- /dev/null
+++ b/studio/src/components/ui/Badge.tsx
@@ -0,0 +1,20 @@
+type BadgeVariant = 'draft' | 'published' | 'default'
+
+interface BadgeProps {
+  variant?: BadgeVariant
+  children: string
+}
+
+const variantClasses: Record<BadgeVariant, string> = {
+  draft: 'badge-draft',
+  published: 'badge-published',
+  default: 'badge text-muted border-border',
+}
+
+export function Badge({ variant = 'default', children }: BadgeProps) {
+  return (
+    <span className={variantClasses[variant]}>
+      {children}
+    </span>
+  )
+}
diff --git a/studio/src/components/ui/Button.tsx b/studio/src/components/ui/Button.tsx
new file mode 100644
index 0000000..c4d6531
--- /dev/null
+++ b/studio/src/components/ui/Button.tsx
@@ -0,0 +1,63 @@
+import type { ButtonHTMLAttributes, AnchorHTMLAttributes, ReactNode } from 'react'
+import { Icons, type IconComponent } from '../shared/Icons'
+
+type ButtonVariant = 'primary' | 'secondary' | 'danger' | 'ghost'
+
+type ButtonBaseProps = {
+  variant?: ButtonVariant
+  loading?: boolean
+  Icon?: IconComponent
+  children: ReactNode
+}
+
+type ButtonAsButton = ButtonBaseProps & ButtonHTMLAttributes<HTMLButtonElement> & { href?: never }
+type ButtonAsLink = ButtonBaseProps & AnchorHTMLAttributes<HTMLAnchorElement> & { href: string }
+
+type ButtonProps = ButtonAsButton | ButtonAsLink
+
+const variantClasses: Record<ButtonVariant, string> = {
+  primary: 'btn-primary',
+  secondary: 'btn-secondary',
+  danger: 'btn-danger',
+  ghost: 'btn-ghost',
+}
+
+export function Button({
+  variant = 'secondary',
+  loading = false,
+  Icon,
+  children,
+  className = '',
+  ...props
+}: ButtonProps) {
+  const content = (
+    <>
+      {loading ? (
+        <Icons.Loader className="animate-spin text-xs" />
+      ) : Icon ? (
+        <Icon className="text-xs opacity-70" />
+      ) : null}
+      <span>{children}</span>
+    </>
+  )
+
+  if ('href' in props && props.href) {
+    const { href, ...linkProps } = props
+    return (
+      <a href={href} className={`${variantClasses[variant]} ${className}`} {...linkProps}>
+        {content}
+      </a>
+    )
+  }
+
+  const { disabled, ...buttonProps } = props as ButtonAsButton
+  return (
+    <button
+      className={`${variantClasses[variant]} ${className}`}
+      disabled={disabled || loading}
+      {...buttonProps}
+    >
+      {content}
+    </button>
+  )
+}
diff --git a/studio/src/components/ui/Dropdown.tsx b/studio/src/components/ui/Dropdown.tsx
new file mode 100644
index 0000000..52a0bb4
--- /dev/null
+++ b/studio/src/components/ui/Dropdown.tsx
@@ -0,0 +1,86 @@
+import { useState, useRef, useEffect } from 'react'
+import type { IconComponent } from '../shared/Icons'
+import { Icons } from '../shared/Icons'
+
+export interface DropdownOption<T extends string = string> {
+  value: T
+  label: string
+  Icon?: IconComponent
+  description?: string
+}
+
+interface DropdownProps<T extends string = string> {
+  value: T
+  onChange: (value: T) => void
+  options: DropdownOption<T>[]
+  placeholder?: string
+  className?: string
+}
+
+export function Dropdown<T extends string = string>({
+  value,
+  onChange,
+  options,
+  placeholder = 'Select...',
+  className = '',
+}: DropdownProps<T>) {
+  const [open, setOpen] = useState(false)
+  const containerRef = useRef<HTMLDivElement>(null)
+
+  const selected = options.find(opt => opt.value === value)
+
+  useEffect(() => {
+    function handleClickOutside(e: MouseEvent) {
+      if (containerRef.current && !containerRef.current.contains(e.target as Node)) {
+        setOpen(false)
+      }
+    }
+    document.addEventListener('mousedown', handleClickOutside)
+    return () => document.removeEventListener('mousedown', handleClickOutside)
+  }, [])
+
+  return (
+    <div ref={containerRef} className={`relative ${className}`}>
+      <button
+        type="button"
+        onClick={() => setOpen(!open)}
+        className="w-full flex items-center justify-between gap-2 px-3 py-2 text-sm bg-bg border border-border transition-colors hover:border-muted focus:outline-none focus:border-muted"
+      >
+        <span className="flex items-center gap-2 min-w-0">
+          {selected?.Icon && <selected.Icon className="w-4 h-4 flex-shrink-0" />}
+          <span className="truncate">{selected?.label || placeholder}</span>
+        </span>
+        <Icons.ChevronDown className={`w-4 h-4 flex-shrink-0 text-muted transition-transform ${open ? 'rotate-180' : ''}`} />
+      </button>
+
+      {open && (
+        <div className="absolute z-50 w-full mt-1 bg-surface border border-border shadow-lg max-h-60 overflow-auto">
+          {options.map((opt) => (
+            <button
+              key={opt.value}
+              type="button"
+              onClick={() => {
+                onChange(opt.value)
+                setOpen(false)
+              }}
+              className={`w-full flex items-start gap-2 px-3 py-2 text-sm text-left transition-colors ${
+                opt.value === value ? 'bg-accent/5 border-l-2 border-l-accent' : 'hover:bg-bg'
+              }`}
+            >
+              {opt.Icon && <opt.Icon className="w-4 h-4 flex-shrink-0 mt-0.5" />}
+              <div className="min-w-0 flex-1">
+                <div className="truncate">{opt.label}</div>
+                {opt.description && (
+                  <div className="text-xs text-muted truncate">{opt.description}</div>
+                )}
+              </div>
+              {opt.value === value && (
+                <Icons.Check className="w-4 h-4 flex-shrink-0 text-accent" />
+              )}
+            </button>
+          ))}
+        </div>
+      )}
+    </div>
+  )
+}
diff --git a/studio/src/components/ui/Input.tsx b/studio/src/components/ui/Input.tsx
new file mode 100644
index 0000000..74d8647
--- /dev/null
+++ b/studio/src/components/ui/Input.tsx
@@ -0,0 +1,50 @@
+import type { InputHTMLAttributes, TextareaHTMLAttributes } from 'react'
+import type { IconComponent } from '../shared/Icons'
+
+interface InputProps extends Omit<InputHTMLAttributes<HTMLInputElement>, 'onChange'> {
+  value: string
+  onChange: (value: string) => void
+  Icon?: IconComponent
+}
+
+interface TextareaProps extends Omit<TextareaHTMLAttributes<HTMLTextAreaElement>, 'onChange'> {
+  value: string
+  onChange: (value: string) => void
+  rows?: number
+}
+
+export function Input({ value, onChange, Icon, className = '', ...props }: InputProps) {
+  if (Icon) {
+    return (
+      <div className="relative">
+        <Icon className="absolute left-3 top-1/2 -translate-y-1/2 text-muted text-sm" />
+        <input
+          className={`input pl-9 ${className}`}
+          value={value}
+          onChange={e => onChange(e.target.value)}
+          {...props}
+        />
+      </div>
+    )
+  }
+  return (
+    <input
+      className={`input ${className}`}
+      value={value}
+      onChange={e => onChange(e.target.value)}
+      {...props}
+    />
+  )
+}
+
+export function Textarea({ value, onChange, rows = 4, className = '', ...props }: TextareaProps) {
+  return (
+    <textarea
+      className={`input resize-none ${className}`}
+      value={value}
+      onChange={e => onChange(e.target.value)}
+      rows={rows}
+      {...props}
+    />
+  )
+}
diff --git a/studio/src/components/ui/Modal.tsx b/studio/src/components/ui/Modal.tsx
new file mode 100644
index 0000000..41c28f9
--- /dev/null
+++ b/studio/src/components/ui/Modal.tsx
@@ -0,0 +1,51 @@
+import type { ReactNode } from 'react'
+import { useEffect } from 'react'
+import { Icons } from '../shared/Icons'
+
+interface ModalProps {
+  open: boolean
+  onClose: () => void
+  title: string
+  children: ReactNode
+}
+
+export function Modal({ open, onClose, title, children }: ModalProps) {
+  useEffect(() => {
+    const handleEscape = (e: KeyboardEvent) => {
+      if (e.key === 'Escape') onClose()
+    }
+    if (open) {
+      document.addEventListener('keydown', handleEscape)
+      document.body.style.overflow = 'hidden'
+    }
+    return () => {
+      document.removeEventListener('keydown', handleEscape)
+      document.body.style.overflow = ''
+    }
+  }, [open, onClose])
+
+  if (!open) return null
+
+  return (
+    <div className="fixed inset-0 z-50 flex items-center justify-center">
+      <div
+        className="absolute inset-0 bg-black/50"
+        onClick={onClose}
+      />
+      <div className="relative bg-surface border border-border shadow-lg w-full max-w-md mx-4">
+        <div className="flex items-center justify-between p-4 border-b border-border">
+          <h2 className="text-sm font-medium text-text">{title}</h2>
+          <button
+            onClick={onClose}
+            className="btn-ghost p-1 -m-1"
+          >
+            <Icons.Close />
+          </button>
+        </div>
+        <div className="p-4">
+          {children}
+        </div>
+      </div>
+    </div>
+  )
+}
diff --git a/studio/src/components/ui/Select.tsx b/studio/src/components/ui/Select.tsx
new file mode 100644
index 0000000..f5be218
--- /dev/null
+++ b/studio/src/components/ui/Select.tsx
@@ -0,0 +1,33 @@
+interface SelectOption {
+  value: string
+  label: string
+}
+
+interface SelectProps {
+  value: string
+  onChange: (value: string) => void
+  options: SelectOption[]
+  placeholder?: string
+  className?: string
+}
+
+export function Select({ value, onChange, options, placeholder, className = '' }: SelectProps) {
+  return (
+    <select
+      value={value}
+      onChange={e => onChange(e.target.value)}
+      className={`input ${className}`}
+    >
+      {placeholder && (
+        <option value="" disabled>
+          {placeholder}
+        </option>
+      )}
+      {options.map(opt => (
+        <option key={opt.value} value={opt.value}>
+          {opt.label}
+        </option>
+      ))}
+    </select>
+  )
+}
diff --git a/studio/src/components/ui/Tabs.tsx b/studio/src/components/ui/Tabs.tsx
new file mode 100644
index 0000000..eddcbde
--- /dev/null
+++ b/studio/src/components/ui/Tabs.tsx
@@ -0,0 +1,74 @@
+import { useRef, useState, useLayoutEffect } from 'react'
+import type { IconComponent } from '../shared/Icons'
+
+export interface Tab<T extends string = string> {
+  value: T
+  label: string
+  Icon?: IconComponent
+}
+
+interface TabsProps<T extends string = string> {
+  value: T
+  onChange: (value: T) => void
+  tabs: Tab<T>[]
+  className?: string
+}
+
+export function Tabs<T extends string = string>({
+  value,
+  onChange,
+  tabs,
+  className = '',
+}: TabsProps<T>) {
+  const containerRef = useRef<HTMLDivElement>(null)
+  const [indicatorStyle, setIndicatorStyle] = useState({ left: 0, width: 0 })
+
+  useLayoutEffect(() => {
+    const container = containerRef.current
+    if (!container) return
+
+    const activeIndex = tabs.findIndex(tab => tab.value === value)
+    const buttons = container.querySelectorAll('button')
+    const activeButton = buttons[activeIndex]
+
+    if (activeButton) {
+      setIndicatorStyle({
+        left: activeButton.offsetLeft,
+        width: activeButton.offsetWidth,
+      })
+    }
+  }, [value, tabs])
+
+  return (
+    <div
+      ref={containerRef}
+      className={`relative flex bg-border/50 border border-border ${className}`}
+    >
+      <div
+        className="absolute inset-y-0 bg-surface border-x border-border/50 transition-all duration-200 ease-out"
+        style={{
+          left: indicatorStyle.left,
+          width: indicatorStyle.width,
+        }}
+      />
+      {tabs.map((tab) => {
+        const isActive = tab.value === value
+        return (
+          <button
+            key={tab.value}
+            type="button"
+            onClick={() => onChange(tab.value)}
+            className={`relative z-10 inline-flex items-center gap-1.5 px-3 py-1.5 text-xs font-medium tracking-wide transition-colors duration-150 ${
+              isActive
+                ? 'text-text'
+                : 'text-muted hover:text-text/70'
+            }`}
+          >
+            {tab.Icon && <tab.Icon className="w-3.5 h-3.5" />}
+            <span>{tab.label}</span>
+          </button>
+        )
+      })}
+    </div>
+  )
+}
diff --git a/studio/src/components/ui/Toast.tsx b/studio/src/components/ui/Toast.tsx
new file mode 100644
index 0000000..021d67b
--- /dev/null
+++ b/studio/src/components/ui/Toast.tsx
@@ -0,0 +1,33 @@
+import { useStore } from '@nanostores/react'
+import { $toasts, removeToast } from '../../stores/app'
+import { Icons } from '../shared/Icons'
+
+export function Toasts() {
+  const toasts = useStore($toasts)
+
+  if (toasts.length === 0) return null
+
+  return (
+    <div className="fixed bottom-4 right-4 z-50 space-y-2">
+      {toasts.map(toast => (
+        <div
+          key={toast.id}
+          className={`flex items-center gap-3 px-4 py-3 border shadow-lg ${
+            toast.type === 'success'
+              ? 'bg-success text-white border-success'
+              : 'bg-danger text-white border-danger'
+          }`}
+        >
+          {toast.type === 'success' ? <Icons.CheckCircle /> : <Icons.AlertCircle />}
+          <span className="text-sm font-medium">{toast.message}</span>
+          <button
+            onClick={() => removeToast(toast.id)}
+            className="ml-2 opacity-70 hover:opacity-100"
+          >
+            <Icons.Close className="text-sm" />
+          </button>
+        </div>
+      ))}
+    </div>
+  )
+}
diff --git a/studio/src/components/ui/Toggle.tsx b/studio/src/components/ui/Toggle.tsx
new file mode 100644
index 0000000..8397fbc
--- /dev/null
+++ b/studio/src/components/ui/Toggle.tsx
@@ -0,0 +1,29 @@
+interface ToggleProps {
+  checked: boolean
+  onChange: (checked: boolean) => void
+  label?: string
+  description?: string
+}
+
+export function Toggle({ checked, onChange, label, description }: ToggleProps) {
+  return (
+    <label className="flex items-start gap-3 cursor-pointer">
+      <div className="relative mt-0.5">
+        <input
+          type="checkbox"
+          checked={checked}
+          onChange={e => onChange(e.target.checked)}
+          className="sr-only peer"
+        />
+        <div className="w-10 h-6 bg-border rounded-full peer-checked:bg-accent transition-colors" />
+        <div className="absolute left-1 top-1 w-4 h-4 bg-white rounded-full shadow transition-transform peer-checked:translate-x-4" />
+      </div>
+      <div className="flex-1">
+        <div className="text-sm font-medium text-text">{label || ""}</div>
+        {description && (
+          <div className="text-xs text-muted mt-0.5">{description}</div>
+        )}
+      </div>
+    </label>
+  )
+}
diff --git a/studio/src/components/ui/UsageIndicator.tsx b/studio/src/components/ui/UsageIndicator.tsx
new file mode 100644
index 0000000..7f51f70
--- /dev/null
+++ b/studio/src/components/ui/UsageIndicator.tsx
@@ -0,0 +1,42 @@
+interface UsageIndicatorProps {
+  used: number
+  max: number
+  label: string
+}
+
+export function UsageIndicator({ used, max, label }: UsageIndicatorProps) {
+  const atLimit = used >= max
+  const segments = Array.from({ length: max }, (_, i) => i < used)
+
+  return (
+    <div className={`flex items-center gap-3 px-3 py-2 rounded-md border ${atLimit ? 'bg-warning/5 border-warning/30' : 'bg-accent/5 border-accent/20'}`}>
+      {/* Segmented dots */}
+      <div className="flex gap-1.5">
+        {segments.map((filled, i) => (
+          <div
+            key={i}
+            className={`
+              w-2.5 h-2.5 rounded-full transition-all duration-200
+              ${filled
+                ? atLimit
+                  ? 'bg-warning shadow-[0_0_6px_rgba(245,158,11,0.5)]'
+                  : 'bg-accent shadow-[0_0_6px_rgba(16,185,129,0.4)]'
+                : 'bg-border'
+              }
+            `}
+          />
+        ))}
+      </div>
+
+      {/* Count */}
+      <div className="flex items-baseline gap-1">
+        <span className={`text-sm font-bold tabular-nums ${atLimit ? 'text-warning' : 'text-accent'}`}>
+          {used}
+        </span>
+        <span className="text-muted text-xs font-medium">/</span>
+        <span className="text-muted text-xs font-medium tabular-nums">{max}</span>
+        <span className="text-muted text-xs ml-0.5">{label}</span>
+      </div>
+    </div>
+  )
+}
diff --git a/studio/src/components/ui/index.ts b/studio/src/components/ui/index.ts
new file mode 100644
index 0000000..b96055c
--- /dev/null
+++ b/studio/src/components/ui/index.ts
@@ -0,0 +1,11 @@
+export { Button } from './Button'
+export { Input, Textarea } from './Input'
+export { Toggle } from './Toggle'
+export { Modal } from './Modal'
+export { Toasts } from './Toast'
+export { Select } from './Select'
+export { Dropdown, type DropdownOption } from './Dropdown'
+export { Tabs, type Tab } from './Tabs'
+export { Badge } from './Badge'
+export { ActionMenu, type ActionMenuItem } from './ActionMenu'
+export { UsageIndicator } from './UsageIndicator'
diff --git a/studio/src/main.tsx b/studio/src/main.tsx
new file mode 100644
index 0000000..a838e39
--- /dev/null
+++ b/studio/src/main.tsx
@@ -0,0 +1,11 @@
+import { StrictMode } from 'react'
+import { createRoot } from 'react-dom/client'
+import '@unocss/reset/tailwind.css'
+import 'virtual:uno.css'
+import App from './App'
+
+createRoot(document.getElementById('root')!).render(
+  <StrictMode>
+    <App />
+  </StrictMode>,
+)
diff --git a/studio/src/pages/APIPage.tsx b/studio/src/pages/APIPage.tsx
new file mode 100644
index 0000000..5d77600
--- /dev/null
+++ b/studio/src/pages/APIPage.tsx
@@ -0,0 +1,749 @@
+import { useStore } from '@nanostores/react'
+import { useState } from 'react'
+import { $apiKeys, createAPIKey, $deleteAPIKey, $creating } from '../stores/apiKeys'
+import { $webhooks, createWebhook, updateWebhook, $deleteWebhook, testWebhook, fetchWebhookDeliveries } from '../stores/webhooks'
+import { $billing } from '../stores/billing'
+import { addToast } from '../stores/app'
+import { EmptyState, APIPageSkeleton, PageHeader } from '../components/shared'
+import { Icons } from '../components/shared/Icons'
+import { Button, Input, Modal, UsageIndicator } from '../components/ui'
+import type { Webhook, WebhookDelivery, WebhookEvent } from '../types'
+
+type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE'
+
+interface QueryParam {
+  name: string
+  description: string
+  default?: string
+  options?: string[]  // For select dropdowns
+}
+
+interface Endpoint {
+  method: HttpMethod
+  path: string
+  description: string
+  queryParams?: QueryParam[]
+  requestBody?: string
+  responseExample: string
+}
+
+const endpoints: Endpoint[] = [
+  {
+    method: 'GET',
+    path: '/api/v1/posts',
+    description: 'List published posts with pagination',
+    queryParams: [
+      { name: 'limit', description: 'Results per page (max 100)', default: '20' },
+      { name: 'offset', description: 'Skip N results', default: '0' },
+      { name: 'tag', description: 'Filter by tag' },
+      { name: 'include', description: 'Include extra fields', options: ['', 'content'] },
+    ],
+    responseExample: `{
+  "posts": [
+    {
+      "id": "uuid",
+      "slug": "hello-world",
+      "title": "Hello World",
+      "description": "My first post",
+      "tags": ["intro"],
+      "date": "2024-01-15",
+      "draft": false
+    }
+  ],
+  "total": 42,
+  "limit": 20,
+  "offset": 0
+}`,
+  },
+  {
+    method: 'POST',
+    path: '/api/v1/posts',
+    description: 'Create a new post',
+    requestBody: `{
+  "title": "My New Post",
+  "slug": "my-new-post",
+  "content": "# Markdown content",
+  "description": "Optional description",
+  "tags": ["tutorial"],
+  "draft": false
+}`,
+    responseExample: `{
+  "id": "uuid",
+  "slug": "my-new-post",
+  "title": "My New Post",
+  ...
+}`,
+  },
+  {
+    method: 'GET',
+    path: '/api/v1/posts/{slug}',
+    description: 'Get a single post by slug (includes content)',
+    responseExample: `{
+  "id": "uuid",
+  "slug": "hello-world",
+  "title": "Hello World",
+  "description": "My first post",
+  "content": {
+    "markdown": "# Full markdown...",
+    "html": "<h1>Full markdown...</h1>"
+  },
+  "tags": ["intro"],
+  "date": "2024-01-15"
+}`,
+  },
+  {
+    method: 'PUT',
+    path: '/api/v1/posts/{slug}',
+    description: 'Update an existing post',
+    requestBody: `{
+  "title": "Updated Title",
+  "content": "# Updated content"
+}`,
+    responseExample: `{
+  "id": "uuid",
+  "slug": "hello-world",
+  "title": "Updated Title",
+  ...
+}`,
+  },
+  {
+    method: 'DELETE',
+    path: '/api/v1/posts/{slug}',
+    description: 'Delete a post permanently',
+    responseExample: `204 No Content`,
+  },
+  {
+    method: 'GET',
+    path: '/api/v1/settings',
+    description: 'Get public site configuration',
+    responseExample: `{
+  "site_name": "My Blog",
+  "site_description": "A developer blog",
+  "author_name": "Jane Doe",
+  "author_bio": "Software engineer",
+  "twitter_handle": "janedoe",
+  "accent_color": "#10b981"
+}`,
+  },
+]
+
+const methodColors: Record<HttpMethod, string> = {
+  GET: 'bg-success/15 text-success',
+  POST: 'bg-blue-500/15 text-blue-500',
+  PUT: 'bg-warning/15 text-warning',
+  DELETE: 'bg-danger/15 text-danger',
+}
+
+const webhookEvents: { value: WebhookEvent; label: string }[] = [
+  { value: 'post.published', label: 'Post Published' },
+  { value: 'post.updated', label: 'Post Updated' },
+  { value: 'post.deleted', label: 'Post Deleted' },
+]
+
+function EndpointCard({ endpoint, baseUrl, apiKey }: { endpoint: Endpoint; baseUrl: string; apiKey?: string }) {
+  const [expanded, setExpanded] = useState(false)
+  const [slugInput, setSlugInput] = useState('hello-world')
+  const [requestBody, setRequestBody] = useState(endpoint.requestBody || '')
+  const [queryParams, setQueryParams] = useState<Record<string, string>>(() => {
+    const initial: Record<string, string> = {}
+    endpoint.queryParams?.forEach(p => {
+      initial[p.name] = p.default || ''
+    })
+    return initial
+  })
+  const [response, setResponse] = useState<{ status: number; body: string; time: number } | null>(null)
+  const [loading, setLoading] = useState(false)
+
+  const basePath = endpoint.path.replace('{slug}', slugInput)
+  const queryString = Object.entries(queryParams)
+    .filter(([_, v]) => v !== '')
+    .map(([k, v]) => `${k}=${encodeURIComponent(v)}`)
+    .join('&')
+  const actualPath = queryString ? `${basePath}?${queryString}` : basePath
+  const fullUrl = `${baseUrl}${actualPath}`
+
+  const curlExample = endpoint.requestBody
+    ? `curl -X ${endpoint.method} "${fullUrl}" \\
+  -H "Authorization: Bearer ${apiKey || 'YOUR_API_KEY'}" \\
+  -H "Content-Type: application/json" \\
+  -d '${endpoint.requestBody.replace(/\n\s*/g, ' ')}'`
+    : `curl -X ${endpoint.method} "${fullUrl}" \\
+  -H "Authorization: Bearer ${apiKey || 'YOUR_API_KEY'}"`
+
+  const copyCode = (code: string) => {
+    navigator.clipboard.writeText(code)
+    addToast('Copied to clipboard', 'success')
+  }
+
+  const updateQueryParam = (name: string, value: string) => {
+    setQueryParams(prev => ({ ...prev, [name]: value }))
+  }
+
+  const sendRequest = async () => {
+    setLoading(true)
+    setResponse(null)
+    const start = Date.now()
+    try {
+      const headers: Record<string, string> = {
+        'Content-Type': 'application/json',
+      }
+      if (apiKey) {
+        headers['Authorization'] = `Bearer ${apiKey}`
+      }
+      const res = await fetch(actualPath, {
+        method: endpoint.method,
+        headers,
+        body: endpoint.requestBody ? requestBody : undefined,
+      })
+      const time = Date.now() - start
+      let body: string
+      try {
+        const json = await res.json()
+        body = JSON.stringify(json, null, 2)
+      } catch {
+        body = res.status === 204 ? '(No Content)' : await res.text()
+      }
+      setResponse({ status: res.status, body, time })
+    } catch (err) {
+      setResponse({ status: 0, body: `Error: ${err instanceof Error ? err.message : 'Request failed'}`, time: Date.now() - start })
+    } finally {
+      setLoading(false)
+    }
+  }
+
+  return (
+    <div className="border border-border hover:border-muted transition-colors">
+      <button
+        onClick={() => setExpanded(!expanded)}
+        className="group w-full flex items-center gap-3 px-4 py-3 text-left hover:bg-muted/5 transition-colors cursor-pointer"
+      >
+        <span className={`px-2 py-0.5 text-xs font-mono font-medium ${methodColors[endpoint.method]}`}>
+          {endpoint.method}
+        </span>
+        <code className="text-sm font-mono flex-1 group-hover:text-accent transition-colors">{endpoint.path}</code>
+        <span className="text-xs text-muted hidden sm:block">{endpoint.description}</span>
+        <Icons.ChevronRight className={`text-muted transition-transform group-hover:text-text ${expanded ? 'rotate-90' : ''}`} />
+      </button>
+
+      {expanded && (
+        <div className="border-t border-border bg-muted/5 p-4 space-y-4">
+          <p className="text-sm text-muted">{endpoint.description}</p>
+
+          {endpoint.path.includes('{slug}') && (
+            <div className="flex items-center gap-2">
+              <label className="text-xs text-muted w-16">slug:</label>
+              <Input
+                value={slugInput}
+                onChange={setSlugInput}
+                className="max-w-48 text-sm"
+                placeholder="post-slug"
+              />
+            </div>
+          )}
+
+          {endpoint.queryParams && endpoint.queryParams.length > 0 && (
+            <div className="space-y-2">
+              <div className="text-xs text-muted">Query Parameters</div>
+              {endpoint.queryParams.map(param => (
+                <div key={param.name} className="flex items-center gap-2">
+                  <label className="text-xs text-muted w-16 shrink-0">{param.name}:</label>
+                  {param.options ? (
+                    <select
+                      value={queryParams[param.name] || ''}
+                      onChange={e => updateQueryParam(param.name, e.target.value)}
+                      className="px-2 py-1.5 text-sm bg-surface border border-border focus:border-accent focus:outline-none"
+                    >
+                      {param.options.map(opt => (
+                        <option key={opt} value={opt}>{opt || '(none)'}</option>
+                      ))}
+                    </select>
+                  ) : (
+                    <Input
+                      value={queryParams[param.name] || ''}
+                      onChange={v => updateQueryParam(param.name, v)}
+                      className="max-w-32 text-sm"
+                      placeholder={param.default || ''}
+                    />
+                  )}
+                  <span className="text-xs text-muted">{param.description}</span>
+                </div>
+              ))}
+            </div>
+          )}
+
+          {endpoint.requestBody && (
+            <div>
+              <div className="text-xs text-muted mb-2">Request Body</div>
+              <textarea
+                value={requestBody}
+                onChange={e => setRequestBody(e.target.value)}
+                className="w-full p-3 bg-surface border border-border text-xs font-mono resize-y min-h-32"
+                spellCheck={false}
+              />
+            </div>
+          )}
+
+          <Button
+            variant="primary"
+            Icon={loading ? undefined : Icons.Play}
+            onClick={sendRequest}
+            loading={loading}
+          >
+            {loading ? 'Sending...' : 'Try it'}
+          </Button>
+
+          {response && (
+            <div>
+              <div className="flex items-center gap-3 mb-2">
+                <span className="text-xs text-muted">Response</span>
+                <span className={`px-2 py-0.5 text-xs font-mono ${response.status >= 200 && response.status < 300 ? 'bg-success/15 text-success' : response.status >= 400 ? 'bg-danger/15 text-danger' : 'bg-warning/15 text-warning'}`}>
+                  {response.status || 'Error'}
+                </span>
+                <span className="text-xs text-muted">{response.time}ms</span>
+              </div>
+              <pre className="p-3 bg-surface border border-border text-xs font-mono max-h-64 overflow-y-auto whitespace-pre-wrap break-words">
+                {response.body}
+              </pre>
+            </div>
+          )}
+
+          <div>
+            <div className="text-xs text-muted mb-2">Example Response</div>
+            <pre className="p-3 bg-surface border border-border text-xs font-mono overflow-x-auto">
+              {endpoint.responseExample}
+            </pre>
+          </div>
+
+          <div>
+            <div className="flex items-center justify-between mb-2">
+              <span className="text-xs text-muted">cURL</span>
+              <button onClick={() => copyCode(curlExample)} className="text-xs text-muted hover:text-text">
+                <Icons.Copy className="inline mr-1" />Copy
+              </button>
+            </div>
+            <pre className="p-3 bg-surface border border-border text-xs font-mono overflow-x-auto whitespace-pre-wrap">
+              {curlExample}
+            </pre>
+          </div>
+        </div>
+      )}
+    </div>
+  )
+}
+
+function WebhookCard({ webhook, onEdit, onDelete, onTest }: {
+  webhook: Webhook
+  onEdit: () => void
+  onDelete: () => void
+  onTest: () => void
+}) {
+  const [showLogs, setShowLogs] = useState(false)
+  const [deliveries, setDeliveries] = useState<WebhookDelivery[]>([])
+  const [loadingLogs, setLoadingLogs] = useState(false)
+
+  const loadDeliveries = async () => {
+    setLoadingLogs(true)
+    try {
+      const data = await fetchWebhookDeliveries(webhook.id)
+      setDeliveries(data)
+      setShowLogs(true)
+    } catch {
+      addToast('Failed to load delivery logs', 'error')
+    } finally {
+      setLoadingLogs(false)
+    }
+  }
+
+  return (
+    <div className="border border-border p-4">
+      <div className="flex items-start justify-between gap-4">
+        <div className="min-w-0 flex-1">
+          <div className="flex items-center gap-2 mb-1">
+            <span className={`w-2 h-2 rounded-full ${webhook.enabled ? (webhook.last_status === 'success' ? 'bg-success' : webhook.last_status === 'failed' ? 'bg-danger' : 'bg-muted') : 'bg-muted'}`} />
+            <span className="font-medium text-sm">{webhook.name}</span>
+            {!webhook.enabled && <span className="text-xs text-muted">(disabled)</span>}
+          </div>
+          <code className="text-xs text-muted break-all">{webhook.url}</code>
+          <div className="flex flex-wrap gap-1 mt-2">
+            {webhook.events.map(event => (
+              <span key={event} className="px-1.5 py-0.5 text-xs bg-muted/20 text-muted">
+                {event}
+              </span>
+            ))}
+          </div>
+        </div>
+        <div className="flex items-center gap-1">
+          <button onClick={loadDeliveries} className="p-1.5 text-muted hover:text-text" title="View logs">
+            <Icons.List className="w-4 h-4" />
+          </button>
+          <button onClick={onTest} className="p-1.5 text-muted hover:text-text" title="Test">
+            <Icons.Play className="w-4 h-4" />
+          </button>
+          <button onClick={onEdit} className="p-1.5 text-muted hover:text-text" title="Edit">
+            <Icons.Edit className="w-4 h-4" />
+          </button>
+          <button onClick={onDelete} className="p-1.5 text-danger hover:text-danger/80" title="Delete">
+            <Icons.Trash className="w-4 h-4" />
+          </button>
+        </div>
+      </div>
+
+      {showLogs && (
+        <div className="mt-4 pt-4 border-t border-border">
+          <div className="flex items-center justify-between mb-2">
+            <span className="text-xs font-medium text-muted">Recent Deliveries</span>
+            <button onClick={() => setShowLogs(false)} className="text-xs text-muted hover:text-text">Close</button>
+          </div>
+          {loadingLogs ? (
+            <div className="text-xs text-muted">Loading...</div>
+          ) : deliveries.length === 0 ? (
+            <div className="text-xs text-muted">No deliveries yet</div>
+          ) : (
+            <div className="space-y-2 max-h-48 overflow-y-auto">
+              {deliveries.slice(0, 10).map(d => (
+                <div key={d.id} className="flex items-center gap-2 text-xs">
+                  <span className={`w-2 h-2 rounded-full ${d.status === 'success' ? 'bg-success' : 'bg-danger'}`} />
+                  <span className="text-muted">{d.event}</span>
+                  <span className="text-muted">•</span>
+                  <span className={d.status === 'success' ? 'text-success' : 'text-danger'}>
+                    {d.response_code || d.status}
+                  </span>
+                  <span className="text-muted ml-auto">
+                    {new Date(d.created_at).toLocaleString()}
+                  </span>
+                </div>
+              ))}
+            </div>
+          )}
+        </div>
+      )}
+    </div>
+  )
+}
+
+export default function APIPage() {
+  const { data: keys } = useStore($apiKeys)
+  const { data: webhooks } = useStore($webhooks)
+  const { data: billing } = useStore($billing)
+  const creating = useStore($creating)
+  const deleteKey = useStore($deleteAPIKey)
+  const deleteWebhookMutation = useStore($deleteWebhook)
+
+  const [showCreateKey, setShowCreateKey] = useState(false)
+  const [newKeyName, setNewKeyName] = useState('')
+  const [createdKey, setCreatedKey] = useState<string | null>(null)
+  const [deleteKeyModal, setDeleteKeyModal] = useState<string | null>(null)
+
+  const [showWebhookModal, setShowWebhookModal] = useState(false)
+  const [editingWebhook, setEditingWebhook] = useState<Webhook | null>(null)
+  const [webhookForm, setWebhookForm] = useState({ name: '', url: '', events: [] as WebhookEvent[], secret: '', enabled: true })
+  const [deleteWebhookModal, setDeleteWebhookModal] = useState<string | null>(null)
+  const [savingWebhook, setSavingWebhook] = useState(false)
+
+  const handleCreateKey = async () => {
+    if (!newKeyName.trim()) return
+    try {
+      const result = await createAPIKey(newKeyName)
+      setCreatedKey(result.key)
+      setNewKeyName('')
+      setShowCreateKey(false)
+      addToast('API key created', 'success')
+    } catch {
+      addToast('Failed to create API key', 'error')
+    }
+  }
+
+  const handleDeleteKey = async () => {
+    if (!deleteKeyModal) return
+    try {
+      await deleteKey.mutate(deleteKeyModal)
+      addToast('API key deleted', 'success')
+      setDeleteKeyModal(null)
+    } catch {
+      addToast('Failed to delete API key', 'error')
+    }
+  }
+
+  const copyKey = (key: string) => {
+    navigator.clipboard.writeText(key)
+    addToast('Copied to clipboard', 'success')
+  }
+
+  const formatDate = (dateStr: string | null) => {
+    if (!dateStr) return 'Never'
+    return new Date(dateStr).toLocaleDateString('en-US', { month: 'short', day: 'numeric', year: 'numeric' })
+  }
+
+  const openWebhookModal = (webhook?: Webhook) => {
+    if (webhook) {
+      setEditingWebhook(webhook)
+      setWebhookForm({ name: webhook.name, url: webhook.url, events: webhook.events, secret: webhook.secret || '', enabled: webhook.enabled })
+    } else {
+      setEditingWebhook(null)
+      setWebhookForm({ name: '', url: '', events: [], secret: '', enabled: true })
+    }
+    setShowWebhookModal(true)
+  }
+
+  const handleSaveWebhook = async () => {
+    if (!webhookForm.name || !webhookForm.url || webhookForm.events.length === 0) {
+      addToast('Name, URL, and at least one event are required', 'error')
+      return
+    }
+    setSavingWebhook(true)
+    try {
+      if (editingWebhook) {
+        await updateWebhook(editingWebhook.id, webhookForm)
+        addToast('Webhook updated', 'success')
+      } else {
+        await createWebhook(webhookForm)
+        addToast('Webhook created', 'success')
+      }
+      setShowWebhookModal(false)
+    } catch {
+      addToast('Failed to save webhook', 'error')
+    } finally {
+      setSavingWebhook(false)
+    }
+  }
+
+  const handleDeleteWebhook = async () => {
+    if (!deleteWebhookModal) return
+    try {
+      await deleteWebhookMutation.mutate(deleteWebhookModal)
+      addToast('Webhook deleted', 'success')
+      setDeleteWebhookModal(null)
+    } catch {
+      addToast('Failed to delete webhook', 'error')
+    }
+  }
+
+  const handleTestWebhook = async (id: string) => {
+    try {
+      await testWebhook(id)
+      addToast('Test webhook sent', 'success')
+    } catch {
+      addToast('Failed to send test webhook', 'error')
+    }
+  }
+
+  const toggleEvent = (event: WebhookEvent) => {
+    setWebhookForm(f => ({
+      ...f,
+      events: f.events.includes(event) ? f.events.filter(e => e !== event) : [...f.events, event]
+    }))
+  }
+
+  if (!keys) return <APIPageSkeleton />
+
+  const baseUrl = window.location.origin
+  const firstKey = keys.length > 0 ? keys[0].key : undefined
+
+  return (
+    <div>
+      <PageHeader>
+        <Button variant="primary" Icon={Icons.Plus} onClick={() => setShowCreateKey(true)}>
+          Create Key
+        </Button>
+      </PageHeader>
+
+      <div className="-mx-6 lg:-mx-10 mt-6">
+        {createdKey && (
+          <div className="px-6 lg:px-10 py-4 bg-success/10 border-b border-success">
+            <div className="flex items-center gap-2 mb-2">
+              <Icons.CheckCircle className="text-success" />
+              <span className="text-sm font-medium">API Key Created</span>
+            </div>
+            <p className="text-xs text-muted mb-3">Copy this key now. You won't be able to see it again.</p>
+            <div className="flex items-center gap-2">
+              <code className="flex-1 p-2 bg-surface border border-border text-xs font-mono truncate">{createdKey}</code>
+              <Button variant="secondary" Icon={Icons.Copy} onClick={() => copyKey(createdKey)}>Copy</Button>
+            </div>
+            <button onClick={() => setCreatedKey(null)} className="mt-2 text-xs text-muted hover:text-text">Dismiss</button>
+          </div>
+        )}
+
+        {/* API Keys */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Your API Keys</div>
+          <div className="text-xs text-muted mt-0.5">Use these keys to authenticate API requests</div>
+        </div>
+        <div className="border-t border-border">
+          {keys.length === 0 ? (
+            <div className="px-6 lg:px-10 py-12">
+              <EmptyState
+                Icon={Icons.ApiKeys}
+                title="No API keys"
+                description="Create an API key to access the API"
+                action={<Button variant="primary" Icon={Icons.Plus} onClick={() => setShowCreateKey(true)}>Create Key</Button>}
+              />
+            </div>
+          ) : (
+            keys.map((key, i) => (
+              <div key={key.key} className={`flex flex-col sm:flex-row sm:items-center gap-4 px-6 lg:px-10 py-4 ${i > 0 ? 'border-t border-border' : ''}`}>
+                <div className="flex-1 min-w-0">
+                  <div className="text-sm font-medium">{key.name}</div>
+                  <div className="flex flex-wrap items-center gap-x-3 gap-y-1 text-xs text-muted mt-1">
+                    <code className="font-mono">{key.key.slice(0, 8)}...{key.key.slice(-4)}</code>
+                    <span className="hidden sm:inline">•</span>
+                    <span>Created {formatDate(key.created_at)}</span>
+                    <span className="hidden sm:inline">•</span>
+                    <span>Last used {formatDate(key.last_used_at)}</span>
+                  </div>
+                </div>
+                <Button variant="ghost" Icon={Icons.Trash} className="text-danger hover:text-danger self-start sm:self-center" onClick={() => setDeleteKeyModal(key.key)}>Delete</Button>
+              </div>
+            ))
+          )}
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* Webhooks */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="flex items-center justify-between">
+            <div>
+              <div className="text-xs font-medium text-muted uppercase tracking-wide">Webhooks</div>
+              <div className="text-xs text-muted mt-0.5">Get notified when posts are published, updated, or deleted</div>
+            </div>
+            {billing && (
+              <UsageIndicator
+                used={billing.usage.webhooks}
+                max={billing.tiers[billing.current_tier].max_webhooks}
+                label="used"
+              />
+            )}
+          </div>
+        </div>
+        <div className="px-6 lg:px-10 py-6 space-y-3">
+          {webhooks && webhooks.length > 0 ? (
+            webhooks.map(webhook => (
+              <WebhookCard
+                key={webhook.id}
+                webhook={webhook}
+                onEdit={() => openWebhookModal(webhook)}
+                onDelete={() => setDeleteWebhookModal(webhook.id)}
+                onTest={() => handleTestWebhook(webhook.id)}
+              />
+            ))
+          ) : (
+            <div className="text-sm text-muted">No webhooks configured</div>
+          )}
+          {billing && billing.usage.webhooks >= billing.tiers[billing.current_tier].max_webhooks ? (
+            <div className="flex items-center gap-3 p-3 border border-warning/30 bg-warning/5">
+              <Icons.AlertCircle className="text-warning flex-shrink-0" />
+              <span className="text-sm text-muted">Webhook limit reached.</span>
+              <Button variant="primary" href="/studio/billing">Upgrade</Button>
+            </div>
+          ) : (
+            <Button variant="secondary" Icon={Icons.Plus} onClick={() => openWebhookModal()}>Add Webhook</Button>
+          )}
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* API Reference */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">API Reference</div>
+          <div className="text-xs text-muted mt-0.5">Base URL: <code className="text-text">{baseUrl}</code></div>
+        </div>
+        <div className="px-6 lg:px-10 py-6 space-y-2">
+          {endpoints.map((endpoint) => (
+            <EndpointCard key={`${endpoint.method}-${endpoint.path}`} endpoint={endpoint} baseUrl={baseUrl} apiKey={firstKey} />
+          ))}
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* Authentication */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Authentication</div>
+          <div className="text-xs text-muted mt-0.5">How to authenticate your requests</div>
+        </div>
+        <div className="px-6 lg:px-10 py-6">
+          <p className="text-sm text-muted mb-3">All API requests require a Bearer token in the Authorization header:</p>
+          <pre className="p-3 bg-surface border border-border text-xs font-mono overflow-x-auto">
+            Authorization: Bearer {firstKey ? `${firstKey.slice(0, 8)}...` : 'YOUR_API_KEY'}
+          </pre>
+          <p className="text-xs text-muted mt-3">Keep API keys secure and never expose them in client-side code.</p>
+        </div>
+      </div>
+
+      {/* Create Key Modal */}
+      <Modal open={showCreateKey} onClose={() => setShowCreateKey(false)} title="Create API Key">
+        <div className="space-y-4">
+          <div className="space-y-1">
+            <label className="label">Key Name</label>
+            <Input value={newKeyName} onChange={setNewKeyName} placeholder="My API Key" />
+            <p className="text-xs text-muted">A name to identify this key</p>
+          </div>
+          <div className="flex justify-end gap-2">
+            <Button variant="secondary" onClick={() => setShowCreateKey(false)}>Cancel</Button>
+            <Button variant="primary" onClick={handleCreateKey} loading={creating} disabled={!newKeyName.trim()}>Create</Button>
+          </div>
+        </div>
+      </Modal>
+
+      {/* Delete Key Modal */}
+      <Modal open={!!deleteKeyModal} onClose={() => setDeleteKeyModal(null)} title="Delete API Key">
+        <p className="text-sm text-muted mb-4">Are you sure? Applications using this key will stop working.</p>
+        <div className="flex justify-end gap-2">
+          <Button variant="secondary" onClick={() => setDeleteKeyModal(null)}>Cancel</Button>
+          <Button variant="danger" onClick={handleDeleteKey} loading={deleteKey.loading}>Delete</Button>
+        </div>
+      </Modal>
+
+      {/* Webhook Modal */}
+      <Modal open={showWebhookModal} onClose={() => setShowWebhookModal(false)} title={editingWebhook ? 'Edit Webhook' : 'Add Webhook'}>
+        <div className="space-y-4">
+          <div className="space-y-1">
+            <label className="label">Name</label>
+            <Input value={webhookForm.name} onChange={v => setWebhookForm(f => ({ ...f, name: v }))} placeholder="Discord Notification" />
+          </div>
+          <div className="space-y-1">
+            <label className="label">URL</label>
+            <Input value={webhookForm.url} onChange={v => setWebhookForm(f => ({ ...f, url: v }))} placeholder="https://your-server.com/webhook" />
+          </div>
+          <div className="space-y-2">
+            <label className="label">Events</label>
+            <div className="flex flex-wrap gap-2">
+              {webhookEvents.map(e => (
+                <button
+                  key={e.value}
+                  onClick={() => toggleEvent(e.value)}
+                  className={`px-3 py-1.5 text-xs border transition-colors ${webhookForm.events.includes(e.value) ? 'border-accent bg-accent/10 text-accent' : 'border-border text-muted hover:border-muted'}`}
+                >
+                  {e.label}
+                </button>
+              ))}
+            </div>
+          </div>
+          <div className="space-y-1">
+            <label className="label">Secret (optional)</label>
+            <Input value={webhookForm.secret} onChange={v => setWebhookForm(f => ({ ...f, secret: v }))} placeholder="For HMAC signature verification" />
+            <p className="text-xs text-muted">Used to sign payloads with X-WriteKit-Signature header</p>
+          </div>
+          {editingWebhook && (
+            <label className="flex items-center gap-2 text-sm">
+              <input type="checkbox" checked={webhookForm.enabled} onChange={e => setWebhookForm(f => ({ ...f, enabled: e.target.checked }))} />
+              Enabled
+            </label>
+          )}
+          <div className="flex justify-end gap-2">
+            <Button variant="secondary" onClick={() => setShowWebhookModal(false)}>Cancel</Button>
+            <Button variant="primary" onClick={handleSaveWebhook} loading={savingWebhook}>{editingWebhook ? 'Save' : 'Create'}</Button>
+          </div>
+        </div>
+      </Modal>
+
+      {/* Delete Webhook Modal */}
+      <Modal open={!!deleteWebhookModal} onClose={() => setDeleteWebhookModal(null)} title="Delete Webhook">
+        <p className="text-sm text-muted mb-4">Are you sure you want to delete this webhook?</p>
+        <div className="flex justify-end gap-2">
+          <Button variant="secondary" onClick={() => setDeleteWebhookModal(null)}>Cancel</Button>
+          <Button variant="danger" onClick={handleDeleteWebhook} loading={deleteWebhookMutation.loading}>Delete</Button>
+        </div>
+      </Modal>
+    </div>
+  )
+}
diff --git a/studio/src/pages/AnalyticsPage.tsx b/studio/src/pages/AnalyticsPage.tsx
new file mode 100644
index 0000000..75db680
--- /dev/null
+++ b/studio/src/pages/AnalyticsPage.tsx
@@ -0,0 +1,318 @@
+import { useEffect, useRef } from 'react'
+import { useStore } from '@nanostores/react'
+import { Chart, LineController, LineElement, PointElement, LinearScale, CategoryScale, Filler, Tooltip } from 'chart.js'
+import { $analytics, $days } from '../stores/analytics'
+import { BreakdownList, AnalyticsPageSkeleton, EmptyState, PageHeader } from '../components/shared'
+import { Tabs } from '../components/ui'
+import { Icons, getReferrerIcon, getCountryFlagUrl, getBrowserIcon, getDeviceIcon, getOSIcon } from '../components/shared/Icons'
+
+Chart.register(LineController, LineElement, PointElement, LinearScale, CategoryScale, Filler, Tooltip)
+
+const periodTabs = [
+  { value: '7', label: '7d' },
+  { value: '30', label: '30d' },
+  { value: '90', label: '90d' },
+]
+
+function formatBytes(bytes: number): string {
+  if (bytes === 0) return '0 B'
+  const k = 1024
+  const sizes = ['B', 'KB', 'MB', 'GB']
+  const i = Math.floor(Math.log(bytes) / Math.log(k))
+  return `${parseFloat((bytes / Math.pow(k, i)).toFixed(1))} ${sizes[i]}`
+}
+
+function formatChange(change: number): { text: string; positive: boolean } {
+  const sign = change >= 0 ? '+' : ''
+  return {
+    text: `${sign}${change.toFixed(1)}%`,
+    positive: change >= 0,
+  }
+}
+
+export default function AnalyticsPage() {
+  const { data, error } = useStore($analytics)
+  const days = useStore($days)
+  const chartRef = useRef<HTMLCanvasElement>(null)
+  const chartInstance = useRef<Chart | null>(null)
+  const prevDataRef = useRef(data)
+
+  useEffect(() => {
+    if (!data?.views_by_day?.length || !chartRef.current) return
+
+    if (chartInstance.current) {
+      chartInstance.current.destroy()
+    }
+
+    const ctx = chartRef.current.getContext('2d')
+    if (!ctx) return
+
+    const sortedData = [...data.views_by_day].sort((a, b) => a.date.localeCompare(b.date))
+
+    const fontFamily = '"SF Mono", "JetBrains Mono", "Fira Code", Consolas, monospace'
+
+    chartInstance.current = new Chart(ctx, {
+      type: 'line',
+      data: {
+        labels: sortedData.map(d => new Date(d.date).toLocaleDateString('en-US', { month: 'short', day: 'numeric' })),
+        datasets: [{
+          data: sortedData.map(d => d.views),
+          borderColor: '#10b981',
+          backgroundColor: 'rgba(16, 185, 129, 0.08)',
+          borderWidth: 2,
+          fill: true,
+          tension: 0.3,
+          pointRadius: 3,
+          pointBackgroundColor: '#10b981',
+          pointBorderColor: '#10b981',
+          pointHoverRadius: 6,
+          pointHoverBackgroundColor: '#10b981',
+          pointHoverBorderColor: '#ffffff',
+          pointHoverBorderWidth: 2,
+        }]
+      },
+      options: {
+        responsive: true,
+        maintainAspectRatio: false,
+        interaction: {
+          intersect: false,
+          mode: 'index',
+        },
+        plugins: {
+          tooltip: {
+            backgroundColor: '#0a0a0a',
+            titleColor: '#fafafa',
+            bodyColor: '#fafafa',
+            titleFont: { family: fontFamily, size: 11 },
+            bodyFont: { family: fontFamily, size: 12 },
+            padding: 10,
+            cornerRadius: 0,
+            displayColors: false,
+            callbacks: {
+              label: (ctx) => `${(ctx.parsed.y ?? 0).toLocaleString()} views`
+            }
+          }
+        },
+        scales: {
+          x: {
+            grid: { display: false },
+            border: { display: false },
+            ticks: {
+              color: '#737373',
+              font: { family: fontFamily, size: 10 },
+              padding: 8,
+              maxRotation: 0,
+            }
+          },
+          y: {
+            grid: { color: '#e5e5e5' },
+            border: { display: false },
+            ticks: {
+              color: '#737373',
+              font: { family: fontFamily, size: 10 },
+              padding: 12,
+            },
+            beginAtZero: true
+          }
+        }
+      }
+    })
+
+    return () => {
+      if (chartInstance.current) {
+        chartInstance.current.destroy()
+      }
+    }
+  }, [data])
+
+  // Keep previous data while loading to prevent flickering
+  if (data) {
+    prevDataRef.current = data
+  }
+  const displayData = data || prevDataRef.current
+
+  if (error && !displayData) return <EmptyState Icon={Icons.AlertCircle} title="Failed to load analytics" description={error.message} />
+  if (!displayData) return <AnalyticsPageSkeleton />
+
+  const change = formatChange(displayData.views_change)
+
+  return (
+    <div>
+      <PageHeader>
+        <Tabs
+          value={String(days)}
+          onChange={(v) => $days.set(Number(v))}
+          tabs={periodTabs}
+        />
+      </PageHeader>
+
+      {/* Panel container - full-bleed borders */}
+      <div className="-mx-6 lg:-mx-10 mt-6">
+        {/* Stats row - 4 columns on lg, 2 on mobile */}
+        <div className="relative">
+          {/* Vertical dividers at column boundaries (lg: 4 cols, mobile: 2 cols) */}
+          <div className="absolute top-0 bottom-0 left-1/2 border-l border-border lg:hidden" />
+          <div className="hidden lg:block absolute top-0 bottom-0 border-l border-border" style={{ left: '25%' }} />
+          <div className="hidden lg:block absolute top-0 bottom-0 border-l border-border" style={{ left: '50%' }} />
+          <div className="hidden lg:block absolute top-0 bottom-0 border-l border-border" style={{ left: '75%' }} />
+
+          <div className="grid grid-cols-2 lg:grid-cols-4">
+            <div className="py-5 pl-6 lg:pl-10 pr-6">
+              <div className="text-xs text-muted mb-1">Total Views</div>
+              <div className="text-2xl font-semibold tracking-tight">{displayData.total_views.toLocaleString()}</div>
+              <div className={`text-xs mt-1 ${change.positive ? 'text-success' : 'text-danger'}`}>
+                {change.text} vs last period
+              </div>
+            </div>
+            <div className="py-5 px-6 lg:pr-6">
+              <div className="text-xs text-muted mb-1">Page Views</div>
+              <div className="text-2xl font-semibold tracking-tight">{displayData.total_page_views.toLocaleString()}</div>
+            </div>
+            <div className="py-5 px-6 lg:pl-6 border-t border-border lg:border-t-0">
+              <div className="text-xs text-muted mb-1">Unique Visitors</div>
+              <div className="text-2xl font-semibold tracking-tight">{displayData.unique_visitors.toLocaleString()}</div>
+            </div>
+            <div className="py-5 pr-6 lg:pr-10 pl-6 border-t border-border lg:border-t-0">
+              <div className="text-xs text-muted mb-1">Bandwidth</div>
+              <div className="text-2xl font-semibold tracking-tight">{formatBytes(displayData.total_bandwidth)}</div>
+            </div>
+          </div>
+        </div>
+
+        {/* Horizontal divider */}
+        <div className="border-t border-border" />
+
+        {/* Chart section */}
+        {displayData.views_by_day.length > 0 && (
+          <>
+            <div className="px-6 lg:px-10 py-6">
+              <div className="text-xs font-medium text-muted uppercase tracking-wide mb-4">Views Over Time</div>
+              <div className="h-48">
+                <canvas ref={chartRef} />
+              </div>
+            </div>
+            <div className="border-t border-border" />
+          </>
+        )}
+
+        {/* Breakdown sections - 2 columns */}
+        <div className="relative">
+          {/* Vertical divider at center on lg */}
+          <div className="hidden lg:block absolute top-0 bottom-0 left-1/2 border-l border-border" />
+
+          <div className="grid lg:grid-cols-2">
+            {/* Top Pages */}
+            {displayData.top_pages.length > 0 && (
+              <div className="py-6 pl-6 lg:pl-10 pr-6 border-b border-border lg:border-b-0">
+                <div className="text-xs font-medium text-muted uppercase tracking-wide mb-4">Top Pages</div>
+                <BreakdownList
+                  items={displayData.top_pages.map(p => ({
+                    label: p.path,
+                    value: p.views,
+                    percentage: (p.views / displayData.total_page_views) * 100,
+                  }))}
+                />
+              </div>
+            )}
+
+            {/* Top Referrers */}
+            {displayData.top_referrers.length > 0 && (
+              <div className="py-6 pr-6 lg:pr-10 pl-6 border-b border-border lg:border-b-0">
+                <div className="text-xs font-medium text-muted uppercase tracking-wide mb-4">Top Referrers</div>
+                <BreakdownList
+                  items={displayData.top_referrers.map(r => {
+                    const label = r.referrer || 'Direct'
+                    return {
+                      label,
+                      value: r.views,
+                      percentage: (r.views / displayData.total_views) * 100,
+                      Icon: getReferrerIcon(label),
+                    }
+                  })}
+                />
+              </div>
+            )}
+          </div>
+        </div>
+
+        {/* Row 2: Browsers & Devices */}
+        {(displayData.browsers.length > 0 || displayData.devices.length > 0) && (
+          <>
+            <div className="border-t border-border" />
+            <div className="relative">
+              <div className="hidden lg:block absolute top-0 bottom-0 left-1/2 border-l border-border" />
+              <div className="grid lg:grid-cols-2">
+                {displayData.browsers.length > 0 && (
+                  <div className="py-6 pl-6 lg:pl-10 pr-6 border-b border-border lg:border-b-0">
+                    <div className="text-xs font-medium text-muted uppercase tracking-wide mb-4">Browsers</div>
+                    <BreakdownList
+                      items={displayData.browsers.map(b => ({
+                        label: b.name,
+                        value: b.count,
+                        percentage: (b.count / displayData.unique_visitors) * 100,
+                        Icon: getBrowserIcon(b.name) || undefined,
+                      }))}
+                    />
+                  </div>
+                )}
+
+                {displayData.devices.length > 0 && (
+                  <div className="py-6 pr-6 lg:pr-10 pl-6 border-b border-border lg:border-b-0">
+                    <div className="text-xs font-medium text-muted uppercase tracking-wide mb-4">Devices</div>
+                    <BreakdownList
+                      items={displayData.devices.map(d => ({
+                        label: d.name,
+                        value: d.count,
+                        percentage: (d.count / displayData.unique_visitors) * 100,
+                        Icon: getDeviceIcon(d.name) || undefined,
+                      }))}
+                    />
+                  </div>
+                )}
+              </div>
+            </div>
+          </>
+        )}
+
+        {/* Row 3: Countries & OS */}
+        {(displayData.countries.length > 0 || displayData.os.length > 0) && (
+          <>
+            <div className="border-t border-border" />
+            <div className="relative">
+              <div className="hidden lg:block absolute top-0 bottom-0 left-1/2 border-l border-border" />
+              <div className="grid lg:grid-cols-2">
+                {displayData.countries.length > 0 && (
+                  <div className="py-6 pl-6 lg:pl-10 pr-6 border-b border-border lg:border-b-0">
+                    <div className="text-xs font-medium text-muted uppercase tracking-wide mb-4">Countries</div>
+                    <BreakdownList
+                      items={displayData.countries.map(c => ({
+                        label: c.name,
+                        value: c.count,
+                        percentage: (c.count / displayData.unique_visitors) * 100,
+                        flagUrl: getCountryFlagUrl(c.name, 40) || undefined,
+                      }))}
+                    />
+                  </div>
+                )}
+
+                {displayData.os.length > 0 && (
+                  <div className="py-6 pr-6 lg:pr-10 pl-6">
+                    <div className="text-xs font-medium text-muted uppercase tracking-wide mb-4">Operating Systems</div>
+                    <BreakdownList
+                      items={displayData.os.map(o => ({
+                        label: o.name,
+                        value: o.count,
+                        percentage: (o.count / displayData.unique_visitors) * 100,
+                        Icon: getOSIcon(o.name) || undefined,
+                      }))}
+                    />
+                  </div>
+                )}
+              </div>
+            </div>
+          </>
+        )}
+      </div>
+    </div>
+  )
+}
diff --git a/studio/src/pages/BillingPage.tsx b/studio/src/pages/BillingPage.tsx
new file mode 100644
index 0000000..be5d3eb
--- /dev/null
+++ b/studio/src/pages/BillingPage.tsx
@@ -0,0 +1,251 @@
+import { useState } from 'react'
+import { useStore } from '@nanostores/react'
+import { PageHeader, BillingPageSkeleton } from '../components/shared'
+import { Icons } from '../components/shared/Icons'
+import { Button } from '../components/ui'
+import { $billing } from '../stores/billing'
+import type { Tier, TierConfig } from '../types'
+
+type BillingCycle = 'monthly' | 'annual'
+
+function formatPrice(cents: number): string {
+  return `$${(cents / 100).toFixed(0)}`
+}
+
+function getFeatureList(config: TierConfig, tier: Tier): { name: string; included: boolean }[] {
+  if (tier === 'free') {
+    return [
+      { name: 'Unlimited posts', included: true },
+      { name: 'Comments & reactions', included: true },
+      { name: 'writekit.dev subdomain', included: true },
+      { name: `${config.analytics_retention}-day analytics`, included: true },
+      { name: `API access (${config.api_rate_limit} req/hr)`, included: true },
+      { name: `${config.max_webhooks} webhooks`, included: true },
+      { name: `${config.max_plugins} plugins`, included: true },
+      { name: 'Custom domain', included: false },
+      { name: 'Remove "Powered by" badge', included: false },
+    ]
+  }
+  return [
+    { name: 'Unlimited posts', included: true },
+    { name: 'Comments & reactions', included: true },
+    { name: 'writekit.dev subdomain', included: true },
+    { name: 'Custom domain', included: true },
+    { name: 'No "Powered by" badge', included: true },
+    { name: `${config.analytics_retention}-day analytics`, included: true },
+    { name: `API access (${config.api_rate_limit} req/hr)`, included: true },
+    { name: `${config.max_webhooks} webhooks`, included: true },
+    { name: `${config.max_plugins} plugins`, included: true },
+    { name: 'Priority support', included: true },
+  ]
+}
+
+export default function BillingPage() {
+  const { data: billing } = useStore($billing)
+  const [billingCycle, setBillingCycle] = useState<BillingCycle>('annual')
+
+  if (!billing) return <BillingPageSkeleton />
+
+  const currentTier = billing.current_tier
+  const currentConfig = billing.tiers[currentTier]
+  const proConfig = billing.tiers.pro
+  const proFeatures = getFeatureList(proConfig, 'pro')
+
+  const annualSavings = (proConfig.monthly_price * 12 - proConfig.annual_price) / 100
+
+  return (
+    <div>
+      <PageHeader />
+
+      <div className="-mx-6 lg:-mx-10 mt-6">
+        {/* Current Plan */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Current Plan</div>
+        </div>
+        <div className="px-6 lg:px-10 pb-6">
+          <div className="p-4 border border-accent bg-accent/5">
+            <div className="flex items-center justify-between">
+              <div>
+                <div className="flex items-center gap-2">
+                  <span className="text-lg font-medium">{currentConfig.name}</span>
+                  <span className="px-2 py-0.5 bg-accent/20 text-accent text-xs font-medium">Active</span>
+                </div>
+                <div className="text-sm text-muted mt-1">{currentConfig.description}</div>
+              </div>
+              {currentTier === 'free' && (
+                <Button variant="primary" href="#upgrade">Upgrade to Pro</Button>
+              )}
+            </div>
+          </div>
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* Upgrade Section */}
+        {currentTier === 'free' && (
+          <>
+            <div id="upgrade" className="px-6 lg:px-10 py-5">
+              <div className="text-xs font-medium text-muted uppercase tracking-wide">Upgrade to Pro</div>
+              <div className="text-xs text-muted mt-0.5">Get custom domain, extended analytics, and more</div>
+            </div>
+
+            <div className="px-6 lg:px-10 pb-6">
+              {/* Billing Toggle */}
+              <div className="flex items-center justify-center gap-3 mb-6">
+                <button
+                  onClick={() => setBillingCycle('monthly')}
+                  className={`px-3 py-1.5 text-sm font-medium transition-colors ${
+                    billingCycle === 'monthly' ? 'text-text' : 'text-muted hover:text-text'
+                  }`}
+                >
+                  Monthly
+                </button>
+                <button
+                  onClick={() => setBillingCycle('annual')}
+                  className={`px-3 py-1.5 text-sm font-medium transition-colors flex items-center gap-2 ${
+                    billingCycle === 'annual' ? 'text-text' : 'text-muted hover:text-text'
+                  }`}
+                >
+                  Annual
+                  <span className="px-1.5 py-0.5 bg-success/20 text-success text-xs">
+                    Save ${annualSavings}
+                  </span>
+                </button>
+              </div>
+
+              {/* Pro Plan Card */}
+              <div className="max-w-md mx-auto p-6 border border-border">
+                <div className="text-center mb-6">
+                  <div className="text-sm font-medium text-muted mb-2">Pro</div>
+                  <div className="text-4xl font-semibold tracking-tight">
+                    {formatPrice(billingCycle === 'monthly' ? proConfig.monthly_price : proConfig.annual_price)}
+                    <span className="text-base font-normal text-muted">
+                      /{billingCycle === 'monthly' ? 'mo' : 'yr'}
+                    </span>
+                  </div>
+                  {billingCycle === 'annual' && (
+                    <div className="text-xs text-muted mt-1">
+                      {formatPrice(Math.round(proConfig.annual_price / 12))}/mo billed annually
+                    </div>
+                  )}
+                </div>
+
+                <ul className="space-y-3 mb-6">
+                  {proFeatures.map((feature) => (
+                    <li key={feature.name} className="flex items-center gap-2 text-sm">
+                      <Icons.Check className="text-success flex-shrink-0" />
+                      <span>{feature.name}</span>
+                    </li>
+                  ))}
+                </ul>
+
+                <Button variant="primary" className="w-full">
+                  Upgrade to Pro
+                </Button>
+
+                <p className="text-xs text-muted text-center mt-3">
+                  Secure payment via Lemon Squeezy. Cancel anytime.
+                </p>
+              </div>
+            </div>
+
+            <div className="border-t border-border" />
+          </>
+        )}
+
+        {/* Feature Comparison */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Feature Comparison</div>
+        </div>
+        <div className="px-6 lg:px-10 pb-6">
+          <div className="border border-border overflow-hidden">
+            <table className="w-full text-sm">
+              <thead>
+                <tr className="border-b border-border bg-muted/5">
+                  <th className="text-left px-4 py-3 font-medium">Feature</th>
+                  <th className="text-center px-4 py-3 font-medium w-24">Free</th>
+                  <th className="text-center px-4 py-3 font-medium w-24">Pro</th>
+                </tr>
+              </thead>
+              <tbody>
+                <tr className="border-b border-border">
+                  <td className="px-4 py-3">Custom domain</td>
+                  <td className="text-center px-4 py-3"><Icons.Close className="text-muted/50 inline" /></td>
+                  <td className="text-center px-4 py-3"><Icons.Check className="text-success inline" /></td>
+                </tr>
+                <tr className="border-b border-border">
+                  <td className="px-4 py-3">"Powered by WriteKit" badge</td>
+                  <td className="text-center px-4 py-3 text-muted">Required</td>
+                  <td className="text-center px-4 py-3 text-muted">Hidden</td>
+                </tr>
+                <tr className="border-b border-border">
+                  <td className="px-4 py-3">Analytics retention</td>
+                  <td className="text-center px-4 py-3 text-muted">{billing.tiers.free.analytics_retention} days</td>
+                  <td className="text-center px-4 py-3 text-muted">{billing.tiers.pro.analytics_retention} days</td>
+                </tr>
+                <tr className="border-b border-border">
+                  <td className="px-4 py-3">API rate limit</td>
+                  <td className="text-center px-4 py-3 text-muted">{billing.tiers.free.api_rate_limit}/hr</td>
+                  <td className="text-center px-4 py-3 text-muted">{billing.tiers.pro.api_rate_limit}/hr</td>
+                </tr>
+                <tr className="border-b border-border">
+                  <td className="px-4 py-3">Webhooks</td>
+                  <td className="text-center px-4 py-3 text-muted">{billing.tiers.free.max_webhooks}</td>
+                  <td className="text-center px-4 py-3 text-muted">{billing.tiers.pro.max_webhooks}</td>
+                </tr>
+                <tr className="border-b border-border">
+                  <td className="px-4 py-3">Plugins</td>
+                  <td className="text-center px-4 py-3 text-muted">{billing.tiers.free.max_plugins}</td>
+                  <td className="text-center px-4 py-3 text-muted">{billing.tiers.pro.max_plugins}</td>
+                </tr>
+                <tr className="border-b border-border">
+                  <td className="px-4 py-3">Posts</td>
+                  <td className="text-center px-4 py-3 text-muted">Unlimited</td>
+                  <td className="text-center px-4 py-3 text-muted">Unlimited</td>
+                </tr>
+                <tr>
+                  <td className="px-4 py-3">Support</td>
+                  <td className="text-center px-4 py-3 text-muted">Community</td>
+                  <td className="text-center px-4 py-3 text-muted">Priority</td>
+                </tr>
+              </tbody>
+            </table>
+          </div>
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* FAQ */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Questions</div>
+        </div>
+        <div className="px-6 lg:px-10 pb-6 space-y-4">
+          <div>
+            <div className="text-sm font-medium mb-1">Can I cancel anytime?</div>
+            <div className="text-sm text-muted">
+              Yes. Cancel anytime and keep access until the end of your billing period.
+            </div>
+          </div>
+          <div>
+            <div className="text-sm font-medium mb-1">Can I switch from monthly to annual?</div>
+            <div className="text-sm text-muted">
+              Yes. Switch anytime and we'll prorate your payment.
+            </div>
+          </div>
+          <div>
+            <div className="text-sm font-medium mb-1">What happens to my content if I downgrade?</div>
+            <div className="text-sm text-muted">
+              Your content stays. Custom domain will stop working, badge will appear, and analytics older than 7 days won't be accessible.
+            </div>
+          </div>
+          <div>
+            <div className="text-sm font-medium mb-1">Can I export my data?</div>
+            <div className="text-sm text-muted">
+              Yes. Export all your posts, settings, and assets anytime from the Data page. Your data is always yours.
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+  )
+}
diff --git a/studio/src/pages/DataPage.tsx b/studio/src/pages/DataPage.tsx
new file mode 100644
index 0000000..8741a42
--- /dev/null
+++ b/studio/src/pages/DataPage.tsx
@@ -0,0 +1,106 @@
+import { PageHeader } from '../components/shared'
+import { Icons } from '../components/shared/Icons'
+import { Button } from '../components/ui'
+
+export default function DataPage() {
+  const handleExport = () => {
+    window.location.href = '/api/studio/export'
+  }
+
+  return (
+    <div>
+      <PageHeader />
+
+      {/* Panel container - full-bleed borders */}
+      <div className="-mx-6 lg:-mx-10 mt-6">
+        {/* Import */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Import</div>
+          <div className="text-xs text-muted mt-0.5">Import posts from other platforms</div>
+        </div>
+        <div className="px-6 lg:px-10 py-6 space-y-4">
+          <div className="p-4 border border-dashed border-border text-center">
+            <Icons.Upload className="text-2xl text-muted mb-2" />
+            <p className="text-sm font-medium mb-1">Upload files</p>
+            <p className="text-xs text-muted mb-3">
+              Supports Markdown files or JSON exports
+            </p>
+            <Button variant="secondary" Icon={Icons.Upload}>
+              Choose Files
+            </Button>
+          </div>
+          <div className="grid grid-cols-1 sm:grid-cols-2 gap-2">
+            <button className="p-3 border border-border text-left hover:border-muted transition-colors">
+              <div className="flex items-center gap-2 mb-1">
+                <Icons.Ghost className="text-muted" />
+                <span className="text-sm font-medium">Ghost</span>
+              </div>
+              <p className="text-xs text-muted">Import from Ghost JSON export</p>
+            </button>
+            <button className="p-3 border border-border text-left hover:border-muted transition-colors">
+              <div className="flex items-center gap-2 mb-1">
+                <Icons.PenTool className="text-muted" />
+                <span className="text-sm font-medium">Substack</span>
+              </div>
+              <p className="text-xs text-muted">Import from Substack export</p>
+            </button>
+            <button className="p-3 border border-border text-left hover:border-muted transition-colors">
+              <div className="flex items-center gap-2 mb-1">
+                <Icons.Posts className="text-muted" />
+                <span className="text-sm font-medium">Markdown</span>
+              </div>
+              <p className="text-xs text-muted">Import Markdown files</p>
+            </button>
+            <button className="p-3 border border-border text-left hover:border-muted transition-colors">
+              <div className="flex items-center gap-2 mb-1">
+                <Icons.WordPress className="text-muted" />
+                <span className="text-sm font-medium">WordPress</span>
+              </div>
+              <p className="text-xs text-muted">Import from WordPress XML</p>
+            </button>
+          </div>
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* Export */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Export</div>
+          <div className="text-xs text-muted mt-0.5">Download all your blog data</div>
+        </div>
+        <div className="px-6 lg:px-10 py-6 space-y-3">
+          <p className="text-sm text-muted">
+            Export all your posts, settings, and assets as a ZIP file. This includes:
+          </p>
+          <ul className="text-sm text-muted space-y-1 list-disc list-inside">
+            <li>All posts as Markdown files</li>
+            <li>Settings as JSON</li>
+            <li>Uploaded images and assets</li>
+          </ul>
+          <Button variant="secondary" Icon={Icons.Download} onClick={handleExport}>
+            Export All Data
+          </Button>
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* Danger Zone */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Danger Zone</div>
+          <div className="text-xs text-muted mt-0.5">Irreversible actions</div>
+        </div>
+        <div className="px-6 lg:px-10 py-6">
+          <div className="p-4 border border-danger/30 bg-danger/5">
+            <h4 className="text-sm font-medium text-danger mb-2">Delete All Content</h4>
+            <p className="text-xs text-muted mb-3">
+              Permanently delete all posts and assets. This cannot be undone.
+            </p>
+            <Button variant="danger" Icon={Icons.Trash}>
+              Delete All Content
+            </Button>
+          </div>
+        </div>
+      </div>
+    </div>
+  )
+}
diff --git a/studio/src/pages/DesignPage.preview.css b/studio/src/pages/DesignPage.preview.css
new file mode 100644
index 0000000..19ea445
--- /dev/null
+++ b/studio/src/pages/DesignPage.preview.css
@@ -0,0 +1,236 @@
+/* Blog Preview Styles - mirrors writekit/internal/build/assets/css/style.css */
+
+.blog-preview {
+  /* Base colors - light mode */
+  --text: #18181b;
+  --text-muted: #71717a;
+  --bg: #ffffff;
+  --bg-secondary: #fafafa;
+  --border: #e4e4e7;
+
+  /* Defaults (cozy) */
+  --content-spacing: 1.75rem;
+  --paragraph-spacing: 1.25rem;
+  --heading-spacing: 2.5rem;
+  --line-height: 1.7;
+
+  background: var(--bg);
+  color: var(--text);
+  font-family: var(--font-body);
+  line-height: 1.6;
+  overflow: hidden;
+}
+
+/* Compactness: Compact */
+.blog-preview.compactness-compact {
+  --content-spacing: 1.25rem;
+  --paragraph-spacing: 0.875rem;
+  --heading-spacing: 1.75rem;
+  --line-height: 1.55;
+}
+
+/* Compactness: Cozy (default) */
+.blog-preview.compactness-cozy {
+  --content-spacing: 1.75rem;
+  --paragraph-spacing: 1.25rem;
+  --heading-spacing: 2.5rem;
+  --line-height: 1.7;
+}
+
+/* Compactness: Spacious */
+.blog-preview.compactness-spacious {
+  --content-spacing: 2.25rem;
+  --paragraph-spacing: 1.5rem;
+  --heading-spacing: 3rem;
+  --line-height: 1.85;
+}
+
+/* Preview Chrome (browser frame) */
+.preview-chrome {
+  display: flex;
+  align-items: center;
+  gap: 0.5rem;
+  padding: 0.5rem 0.75rem;
+  background: var(--bg-secondary);
+  border-bottom: 1px solid var(--border);
+}
+
+.preview-chrome-dots {
+  display: flex;
+  gap: 0.375rem;
+}
+
+.preview-chrome-dot {
+  width: 0.625rem;
+  height: 0.625rem;
+  border-radius: 50%;
+}
+
+.preview-chrome-dot.red { background: #ef4444; }
+.preview-chrome-dot.yellow { background: #eab308; }
+.preview-chrome-dot.green { background: #22c55e; }
+
+.preview-chrome-url {
+  font-size: 0.625rem;
+  color: var(--text-muted);
+  margin-left: 0.5rem;
+}
+
+/* Header */
+.preview-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 0.875rem 1rem;
+}
+
+.preview-site-name {
+  font-weight: 600;
+  font-size: 0.6875rem;
+  color: var(--text);
+  letter-spacing: -0.01em;
+}
+
+.preview-nav {
+  display: flex;
+  gap: 0.875rem;
+  font-size: 0.625rem;
+  color: var(--text-muted);
+  font-weight: 450;
+}
+
+.preview-nav a {
+  color: var(--text-muted);
+  text-decoration: none;
+}
+
+.preview-nav a:hover {
+  color: var(--text);
+}
+
+/* Layout: Minimal */
+.blog-preview.layout-minimal .preview-header {
+  justify-content: center;
+}
+
+.blog-preview.layout-minimal .preview-nav {
+  display: none;
+}
+
+.blog-preview.layout-minimal .preview-footer {
+  border-top: none;
+  opacity: 0.7;
+}
+
+/* Layout: Magazine */
+.blog-preview.layout-magazine .preview-posts {
+  display: grid;
+  grid-template-columns: repeat(2, 1fr);
+  gap: 0.625rem;
+  padding: 1rem;
+}
+
+.blog-preview.layout-magazine .preview-post-card {
+  border: 1px solid var(--border);
+  padding: 0.75rem;
+  background: var(--bg);
+  transition: border-color 0.2s, box-shadow 0.2s;
+}
+
+.blog-preview.layout-magazine .preview-post-card:hover {
+  border-color: var(--accent);
+  box-shadow: 0 2px 6px rgba(0, 0, 0, 0.04);
+}
+
+/* Post Content */
+.preview-content {
+  padding: 1rem;
+}
+
+.preview-date {
+  font-size: 0.5625rem;
+  color: var(--text-muted);
+  margin-bottom: 0.25rem;
+}
+
+.preview-title {
+  font-size: 0.875rem;
+  font-weight: 700;
+  margin: 0 0 0.375rem;
+  line-height: 1.2;
+  letter-spacing: -0.02em;
+}
+
+.preview-description {
+  font-size: 0.625rem;
+  color: var(--text-muted);
+  line-height: 1.5;
+  margin-bottom: var(--paragraph-spacing);
+}
+
+/* Prose styling */
+.preview-prose {
+  line-height: var(--line-height);
+}
+
+.preview-prose p {
+  margin: 0 0 var(--paragraph-spacing);
+  font-size: 0.625rem;
+  color: var(--text-muted);
+}
+
+/* Code block */
+.preview-code {
+  margin: var(--content-spacing) 0;
+  padding: 0.5rem 0.75rem;
+  font-family: 'SF Mono', 'Fira Code', Consolas, monospace;
+  font-size: 0.5625rem;
+  border-radius: 0.25rem;
+  border: 1px solid var(--border);
+  overflow: hidden;
+  line-height: 1.6;
+}
+
+/* Tags - matches real blog: subtle background */
+.preview-tags {
+  display: flex;
+  gap: 0.375rem;
+  margin-top: var(--paragraph-spacing);
+}
+
+.preview-tag {
+  font-size: 0.5rem;
+  color: var(--text-muted);
+  background: var(--bg-secondary);
+  padding: 0.125rem 0.375rem;
+  border-radius: 0.125rem;
+}
+
+/* Footer */
+.preview-footer {
+  padding: 0.625rem 1rem;
+  text-align: center;
+  font-size: 0.5rem;
+  color: var(--text-muted);
+  border-top: 1px solid var(--border);
+}
+
+/* Magazine post card (simplified) */
+.preview-post-card .preview-title {
+  font-size: 0.6875rem;
+  font-weight: 600;
+  letter-spacing: -0.015em;
+}
+
+.preview-post-card .preview-date {
+  font-size: 0.5rem;
+}
+
+.preview-post-card .preview-description {
+  font-size: 0.5rem;
+  display: -webkit-box;
+  -webkit-line-clamp: 2;
+  -webkit-box-orient: vertical;
+  overflow: hidden;
+  line-height: 1.55;
+}
diff --git a/studio/src/pages/DesignPage.tsx b/studio/src/pages/DesignPage.tsx
new file mode 100644
index 0000000..e658fbd
--- /dev/null
+++ b/studio/src/pages/DesignPage.tsx
@@ -0,0 +1,474 @@
+import { useStore } from '@nanostores/react'
+import { useEffect, useState } from 'react'
+import { $settings, $settingsData, $hasChanges, $saveSettings, $changedFields } from '../stores/settings'
+import { addToast } from '../stores/app'
+import { SaveBar, DesignPageSkeleton } from '../components/shared'
+import './DesignPage.preview.css'
+
+const fontConfigs = {
+  system: { family: 'system-ui, -apple-system, sans-serif', url: '' },
+  inter: { family: "'Inter', sans-serif", url: 'https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600&display=swap' },
+  georgia: { family: 'Georgia, serif', url: '' },
+  merriweather: { family: "'Merriweather', serif", url: 'https://fonts.googleapis.com/css2?family=Merriweather:wght@400;700&display=swap' },
+  'source-serif': { family: "'Source Serif 4', serif", url: 'https://fonts.googleapis.com/css2?family=Source+Serif+4:wght@400;600&display=swap' },
+  'jetbrains-mono': { family: "'JetBrains Mono', monospace", url: 'https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;500&display=swap' },
+}
+
+const themePreviewColors: Record<string, { label: string; bg: string; text: string; keyword: string; string: string; comment: string }> = {
+  github:            { label: 'GitHub Light',     bg: '#f6f8fa', text: '#24292e', keyword: '#d73a49', string: '#032f62', comment: '#6a737d' },
+  'github-dark':     { label: 'GitHub Dark',      bg: '#0d1117', text: '#c9d1d9', keyword: '#ff7b72', string: '#a5d6ff', comment: '#8b949e' },
+  vs:                { label: 'VS Light',         bg: '#ffffff', text: '#000000', keyword: '#0000ff', string: '#a31515', comment: '#008000' },
+  xcode:             { label: 'Xcode Light',      bg: '#ffffff', text: '#000000', keyword: '#aa0d91', string: '#c41a16', comment: '#007400' },
+  'xcode-dark':      { label: 'Xcode Dark',       bg: '#1f1f24', text: '#ffffff', keyword: '#fc5fa3', string: '#fc6a5d', comment: '#6c7986' },
+  'solarized-light': { label: 'Solarized Light',  bg: '#fdf6e3', text: '#657b83', keyword: '#859900', string: '#2aa198', comment: '#93a1a1' },
+  'solarized-dark':  { label: 'Solarized Dark',   bg: '#002b36', text: '#839496', keyword: '#859900', string: '#2aa198', comment: '#586e75' },
+  'gruvbox-light':   { label: 'Gruvbox Light',    bg: '#fbf1c7', text: '#3c3836', keyword: '#9d0006', string: '#79740e', comment: '#928374' },
+  gruvbox:           { label: 'Gruvbox Dark',     bg: '#282828', text: '#ebdbb2', keyword: '#fb4934', string: '#b8bb26', comment: '#928374' },
+  nord:              { label: 'Nord',             bg: '#2e3440', text: '#d8dee9', keyword: '#81a1c1', string: '#a3be8c', comment: '#616e88' },
+  onedark:           { label: 'One Dark',         bg: '#282c34', text: '#abb2bf', keyword: '#c678dd', string: '#98c379', comment: '#5c6370' },
+  dracula:           { label: 'Dracula',          bg: '#282a36', text: '#f8f8f2', keyword: '#ff79c6', string: '#f1fa8c', comment: '#6272a4' },
+  monokai:           { label: 'Monokai',          bg: '#272822', text: '#f8f8f2', keyword: '#f92672', string: '#e6db74', comment: '#75715e' },
+}
+
+const defaultDarkColors = { bg: '#1e1e1e', text: '#d4d4d4', keyword: '#569cd6', string: '#ce9178', comment: '#6a9955' }
+const defaultLightColors = { bg: '#ffffff', text: '#000000', keyword: '#0000ff', string: '#a31515', comment: '#008000' }
+
+function getThemeColors(theme: string) {
+  if (themePreviewColors[theme]) return themePreviewColors[theme]
+  const isDark = theme.includes('dark') || ['monokai', 'dracula', 'nord', 'gruvbox', 'onedark', 'vim', 'emacs'].some(d => theme.includes(d))
+  return { label: theme, ...(isDark ? defaultDarkColors : defaultLightColors) }
+}
+
+function formatThemeLabel(theme: string): string {
+  if (themePreviewColors[theme]) return themePreviewColors[theme].label
+  return theme.split(/[-_]/).map(w => w.charAt(0).toUpperCase() + w.slice(1)).join(' ')
+}
+
+const fonts = [
+  { value: 'system', label: 'System Default' },
+  { value: 'inter', label: 'Inter' },
+  { value: 'georgia', label: 'Georgia' },
+  { value: 'merriweather', label: 'Merriweather' },
+  { value: 'source-serif', label: 'Source Serif' },
+  { value: 'jetbrains-mono', label: 'JetBrains Mono' },
+]
+
+
+const layouts = [
+  { value: 'default', label: 'Classic' },
+  { value: 'minimal', label: 'Minimal' },
+  { value: 'magazine', label: 'Magazine' },
+]
+
+function useFontLoader(fontKey: string) {
+  useEffect(() => {
+    const config = fontConfigs[fontKey as keyof typeof fontConfigs]
+    if (!config?.url) return
+
+    const existing = document.querySelector(`link[href="${config.url}"]`)
+    if (existing) return
+
+    const link = document.createElement('link')
+    link.rel = 'stylesheet'
+    link.href = config.url
+    document.head.appendChild(link)
+  }, [fontKey])
+}
+
+function CodePreview({ theme }: { theme: string }) {
+  const colors = getThemeColors(theme)
+
+  return (
+    <div
+      className="p-3 text-xs font-mono overflow-hidden"
+      style={{ background: colors.bg, color: colors.text }}
+    >
+      <div><span style={{ color: colors.keyword }}>function</span> greet(name) {'{'}</div>
+      <div className="pl-4"><span style={{ color: colors.keyword }}>return</span> <span style={{ color: colors.string }}>`Hello, ${'{'}name{'}'}`</span></div>
+      <div>{'}'}</div>
+      <div style={{ color: colors.comment }}>// Welcome to your blog</div>
+    </div>
+  )
+}
+
+function LayoutPreview({ layout, selected }: { layout: string; selected: boolean }) {
+  const accent = selected ? 'var(--color-accent)' : 'var(--color-border)'
+  const mutedBar = selected ? 'var(--color-accent)' : 'var(--color-muted)'
+
+  if (layout === 'minimal') {
+    return (
+      <svg viewBox="0 0 120 80" className="w-full h-auto">
+        <rect x="45" y="8" width="30" height="4" rx="1" fill={mutedBar} opacity="0.5" />
+        <rect x="30" y="20" width="60" height="6" rx="1" fill={accent} />
+        <rect x="20" y="32" width="80" height="3" rx="1" fill={mutedBar} opacity="0.3" />
+        <rect x="25" y="40" width="70" height="3" rx="1" fill={mutedBar} opacity="0.3" />
+        <rect x="30" y="48" width="60" height="3" rx="1" fill={mutedBar} opacity="0.3" />
+        <rect x="50" y="64" width="20" height="3" rx="1" fill={mutedBar} opacity="0.2" />
+      </svg>
+    )
+  }
+
+  if (layout === 'magazine') {
+    return (
+      <svg viewBox="0 0 120 80" className="w-full h-auto">
+        <rect x="8" y="8" width="30" height="4" rx="1" fill={mutedBar} opacity="0.5" />
+        <rect x="8" y="20" width="32" height="24" rx="2" fill={accent} opacity="0.3" />
+        <rect x="44" y="20" width="32" height="24" rx="2" fill={accent} opacity="0.3" />
+        <rect x="80" y="20" width="32" height="24" rx="2" fill={accent} opacity="0.3" />
+        <rect x="8" y="48" width="28" height="3" rx="1" fill={mutedBar} opacity="0.4" />
+        <rect x="44" y="48" width="28" height="3" rx="1" fill={mutedBar} opacity="0.4" />
+        <rect x="80" y="48" width="28" height="3" rx="1" fill={mutedBar} opacity="0.4" />
+        <rect x="8" y="54" width="20" height="2" rx="1" fill={mutedBar} opacity="0.2" />
+        <rect x="44" y="54" width="20" height="2" rx="1" fill={mutedBar} opacity="0.2" />
+        <rect x="80" y="54" width="20" height="2" rx="1" fill={mutedBar} opacity="0.2" />
+      </svg>
+    )
+  }
+
+  // Default layout
+  return (
+    <svg viewBox="0 0 120 80" className="w-full h-auto">
+      <rect x="8" y="8" width="30" height="4" rx="1" fill={mutedBar} opacity="0.5" />
+      <rect x="85" y="8" width="27" height="4" rx="1" fill={mutedBar} opacity="0.3" />
+      <rect x="8" y="24" width="70" height="6" rx="1" fill={accent} />
+      <rect x="8" y="36" width="90" height="3" rx="1" fill={mutedBar} opacity="0.3" />
+      <rect x="8" y="44" width="85" height="3" rx="1" fill={mutedBar} opacity="0.3" />
+      <rect x="8" y="52" width="75" height="3" rx="1" fill={mutedBar} opacity="0.3" />
+      <rect x="8" y="64" width="50" height="3" rx="1" fill={mutedBar} opacity="0.2" />
+    </svg>
+  )
+}
+
+function PreviewCodeBlock({ theme }: { theme: string }) {
+  const colors = getThemeColors(theme)
+  return (
+    <div className="preview-code" style={{ background: colors.bg, color: colors.text }}>
+      <div><span style={{ color: colors.keyword }}>const</span> api = <span style={{ color: colors.keyword }}>await</span> fetch(<span style={{ color: colors.string }}>'/posts'</span>)</div>
+    </div>
+  )
+}
+
+function PreviewPostCard() {
+  return (
+    <div className="preview-post-card">
+      <div className="preview-date">Jan 15, 2024</div>
+      <h3 className="preview-title">Building APIs</h3>
+      <p className="preview-description">A deep dive into REST patterns and best practices.</p>
+    </div>
+  )
+}
+
+function LivePreview({ settings }: { settings: Record<string, string> }) {
+  const fontKey = settings.font || 'system'
+  const fontConfig = fontConfigs[fontKey as keyof typeof fontConfigs] || fontConfigs.system
+  const codeTheme = settings.code_theme || 'github'
+  const accent = settings.accent_color || '#10b981'
+  const layout = settings.layout || 'default'
+  const compactness = settings.compactness || 'cozy'
+
+  useFontLoader(fontKey)
+
+  return (
+    <div
+      className={`blog-preview layout-${layout} compactness-${compactness} border border-border`}
+      style={{ '--accent': accent, '--font-body': fontConfig.family } as React.CSSProperties}
+    >
+      {/* Browser chrome */}
+      <div className="preview-chrome">
+        <div className="preview-chrome-dots">
+          <div className="preview-chrome-dot red" />
+          <div className="preview-chrome-dot yellow" />
+          <div className="preview-chrome-dot green" />
+        </div>
+        <span className="preview-chrome-url">yourblog.writekit.dev</span>
+      </div>
+
+      {/* Header */}
+      <header className="preview-header">
+        <span className="preview-site-name">Your Blog</span>
+        <nav className="preview-nav">
+          <a href="#">Posts</a>
+          <span>About</span>
+        </nav>
+      </header>
+
+      {/* Content - varies by layout */}
+      {layout === 'magazine' ? (
+        <div className="preview-posts">
+          <PreviewPostCard />
+          <PreviewPostCard />
+        </div>
+      ) : (
+        <div className="preview-content">
+          <div className="preview-date">Jan 15, 2024</div>
+          <h3 className="preview-title">Building Better APIs</h3>
+          <p className="preview-description">
+            A deep dive into REST design patterns and best practices for modern web development.
+          </p>
+          <div className="preview-prose">
+            <PreviewCodeBlock theme={codeTheme} />
+          </div>
+          <div className="preview-tags">
+            <span className="preview-tag">typescript</span>
+            <span className="preview-tag">react</span>
+          </div>
+        </div>
+      )}
+
+      {/* Footer */}
+      <footer className="preview-footer">
+        &copy; 2024 Your Blog
+      </footer>
+    </div>
+  )
+}
+
+export default function DesignPage() {
+  const settings = useStore($settings)
+  const { data } = useStore($settingsData)
+  const hasChanges = useStore($hasChanges)
+  const changedFields = useStore($changedFields)
+  const saveSettings = useStore($saveSettings)
+  const [availableThemes, setAvailableThemes] = useState<string[]>(Object.keys(themePreviewColors))
+
+  useEffect(() => {
+    fetch('/api/studio/code-themes')
+      .then(r => r.json())
+      .then((themes: string[]) => setAvailableThemes(themes))
+      .catch(() => {})
+  }, [])
+
+  // Load all fonts for previews
+  Object.keys(fontConfigs).forEach(useFontLoader)
+
+  const handleSave = async () => {
+    try {
+      await saveSettings.mutate(settings)
+      addToast('Settings saved', 'success')
+    } catch {
+      addToast('Failed to save settings', 'error')
+    }
+  }
+
+  if (!data) return <DesignPageSkeleton />
+
+  return (
+    <div className="pb-20">
+      <div className="mb-6">
+        <h1 className="text-xl font-semibold">Design</h1>
+        <p className="text-sm text-muted mt-1">Customize how your blog looks</p>
+      </div>
+
+      {/* Panel container - full-bleed borders */}
+      <div className="-mx-6 lg:-mx-10">
+        {/* Live Preview */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Live Preview</div>
+        </div>
+        <div className="px-6 lg:px-10 py-6">
+          <LivePreview settings={settings as Record<string, string>} />
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* Presets */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Quick Presets</div>
+        </div>
+        <div className="px-6 lg:px-10 py-6">
+          <div className="grid grid-cols-1 sm:grid-cols-3 gap-3">
+            {([
+              { name: 'Developer', desc: 'Monospace, dark code, minimal', font: 'jetbrains-mono', code_theme: 'onedark', layout: 'minimal', compactness: 'compact', accent_color: '#10b981' },
+              { name: 'Writer', desc: 'Serif, light code, spacious', font: 'merriweather', code_theme: 'github', layout: 'default', compactness: 'spacious', accent_color: '#6366f1' },
+              { name: 'Magazine', desc: 'Sans-serif, grid layout', font: 'inter', code_theme: 'nord', layout: 'magazine', compactness: 'cozy', accent_color: '#f59e0b' },
+            ] as const).map(preset => (
+              <button
+                key={preset.name}
+                onClick={() => {
+                  $settings.setKey('font', preset.font)
+                  $settings.setKey('code_theme', preset.code_theme)
+                  $settings.setKey('layout', preset.layout)
+                  $settings.setKey('compactness', preset.compactness)
+                  $settings.setKey('accent_color', preset.accent_color)
+                }}
+                className="p-4 border border-border text-left hover:border-accent hover:bg-accent/5 transition-colors"
+              >
+                <div className="font-medium text-sm">{preset.name}</div>
+                <div className="text-xs text-muted mt-1">{preset.desc}</div>
+              </button>
+            ))}
+          </div>
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* Accent Color */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Accent Color</div>
+        </div>
+        <div className="px-6 lg:px-10 py-6">
+          <div className="flex flex-wrap items-center gap-3">
+            <input
+              type="color"
+              value={settings.accent_color ?? '#10b981'}
+              onChange={e => $settings.setKey('accent_color', e.target.value)}
+              className="w-12 h-12 border border-border cursor-pointer bg-transparent"
+            />
+            <input
+              type="text"
+              value={settings.accent_color ?? '#10b981'}
+              onChange={e => $settings.setKey('accent_color', e.target.value)}
+              className="input w-32 font-mono text-sm"
+              placeholder="#10b981"
+            />
+            <div className="flex gap-1.5">
+              {['#10b981', '#6366f1', '#f59e0b', '#ef4444', '#8b5cf6', '#06b6d4'].map(color => (
+                <button
+                  key={color}
+                  onClick={() => $settings.setKey('accent_color', color)}
+                  className={`w-7 h-7 border-2 transition-transform hover:scale-110 ${
+                    settings.accent_color === color ? 'border-text scale-110' : 'border-transparent'
+                  }`}
+                  style={{ background: color }}
+                />
+              ))}
+            </div>
+          </div>
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* Typography */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Typography</div>
+        </div>
+        <div className="px-6 lg:px-10 py-6">
+          <div className="grid grid-cols-1 sm:grid-cols-2 gap-2">
+            {fonts.map(font => {
+              const config = fontConfigs[font.value as keyof typeof fontConfigs]
+              return (
+                <button
+                  key={font.value}
+                  onClick={() => $settings.setKey('font', font.value)}
+                  className={`p-4 border text-left transition-all ${
+                    settings.font === font.value
+                      ? 'border-accent bg-accent/5'
+                      : 'border-border hover:border-muted'
+                  }`}
+                >
+                  <div
+                    className="text-lg mb-1 truncate"
+                    style={{ fontFamily: config?.family }}
+                  >
+                    The quick brown fox
+                  </div>
+                  <div className="text-xs text-muted">{font.label}</div>
+                </button>
+              )
+            })}
+          </div>
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* Code Theme */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Code Theme</div>
+        </div>
+        <div className="px-6 lg:px-10 py-6">
+          <div className="grid grid-cols-1 sm:grid-cols-2 gap-2">
+            {availableThemes.map(theme => (
+              <button
+                key={theme}
+                onClick={() => $settings.setKey('code_theme', theme)}
+                className={`border text-left transition-all overflow-hidden ${
+                  settings.code_theme === theme
+                    ? 'border-accent ring-1 ring-accent'
+                    : 'border-border hover:border-muted'
+                }`}
+              >
+                <CodePreview theme={theme} />
+                <div className="px-3 py-2 text-xs border-t border-border">{formatThemeLabel(theme)}</div>
+              </button>
+            ))}
+          </div>
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* Layout */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Layout</div>
+        </div>
+        <div className="px-6 lg:px-10 py-6">
+          <div className="grid grid-cols-3 gap-3">
+            {layouts.map(layout => (
+              <button
+                key={layout.value}
+                onClick={() => $settings.setKey('layout', layout.value)}
+                className={`border p-4 transition-all ${
+                  settings.layout === layout.value
+                    ? 'border-accent bg-accent/5'
+                    : 'border-border hover:border-muted'
+                }`}
+              >
+                <div className="mb-3">
+                  <LayoutPreview
+                    layout={layout.value}
+                    selected={settings.layout === layout.value}
+                  />
+                </div>
+                <div className="text-sm font-medium">{layout.label}</div>
+              </button>
+            ))}
+          </div>
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* Density */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Content Density</div>
+        </div>
+        <div className="px-6 lg:px-10 py-6">
+          <div className="flex border border-border divide-x divide-border">
+            {([
+              { value: 'compact', label: 'Compact', lines: 4 },
+              { value: 'cozy', label: 'Cozy', lines: 3 },
+              { value: 'spacious', label: 'Spacious', lines: 2 },
+            ] as const).map(option => (
+              <button
+                key={option.value}
+                onClick={() => $settings.setKey('compactness', option.value)}
+                className={`flex-1 py-4 px-3 transition-colors ${
+                  settings.compactness === option.value
+                    ? 'bg-accent/10'
+                    : 'hover:bg-secondary/50'
+                }`}
+              >
+                <div className="flex flex-col items-center gap-1 mb-2">
+                  {Array.from({ length: option.lines }).map((_, i) => (
+                    <div
+                      key={i}
+                      className={`h-1 rounded-full transition-colors ${
+                        settings.compactness === option.value ? 'bg-accent' : 'bg-muted/40'
+                      }`}
+                      style={{ width: `${60 - i * 10}%` }}
+                    />
+                  ))}
+                </div>
+                <div className={`text-sm ${
+                  settings.compactness === option.value ? 'font-medium' : ''
+                }`}>
+                  {option.label}
+                </div>
+              </button>
+            ))}
+          </div>
+        </div>
+      </div>
+
+      {hasChanges && <SaveBar onSave={handleSave} loading={saveSettings.loading} changes={changedFields} />}
+    </div>
+  )
+}
diff --git a/studio/src/pages/DomainPage.tsx b/studio/src/pages/DomainPage.tsx
new file mode 100644
index 0000000..231f101
--- /dev/null
+++ b/studio/src/pages/DomainPage.tsx
@@ -0,0 +1,82 @@
+import { Field, PageHeader } from '../components/shared'
+import { Icons } from '../components/shared/Icons'
+import { Button } from '../components/ui'
+
+export default function DomainPage() {
+  return (
+    <div>
+      <PageHeader />
+
+      {/* Panel container - full-bleed borders */}
+      <div className="-mx-6 lg:-mx-10 mt-6">
+        {/* Subdomain */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Subdomain</div>
+          <div className="text-xs text-muted mt-0.5">Your default blog address</div>
+        </div>
+        <div className="px-6 lg:px-10 py-6 space-y-3">
+          <div className="flex items-center gap-2">
+            <input
+              type="text"
+              className="input flex-1"
+              placeholder="myblog"
+              defaultValue=""
+            />
+            <span className="text-sm text-muted">.writekit.dev</span>
+          </div>
+          <p className="text-xs text-muted">
+            This is your default blog URL. You can also add a custom domain below.
+          </p>
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* Custom Domain */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Custom Domain</div>
+          <div className="text-xs text-muted mt-0.5">Use your own domain for your blog</div>
+        </div>
+        <div className="px-6 lg:px-10 py-6 space-y-4">
+          <Field
+            label="Domain"
+            value=""
+            onChange={() => {}}
+            placeholder="blog.example.com"
+            hint="Enter your custom domain without https://"
+          />
+          <div className="p-4 bg-border/30 space-y-3">
+            <h4 className="text-sm font-medium">DNS Configuration</h4>
+            <p className="text-xs text-muted">
+              Point your domain to our servers by adding these DNS records:
+            </p>
+            <div className="space-y-2 overflow-x-auto">
+              <div className="flex items-center gap-4 p-2 bg-surface border border-border text-xs font-mono min-w-max">
+                <span className="text-muted w-16">Type</span>
+                <span className="text-muted w-24">Name</span>
+                <span className="text-text">Value</span>
+              </div>
+              <div className="flex items-center gap-4 p-2 bg-surface border border-border text-xs font-mono min-w-max">
+                <span className="w-16">CNAME</span>
+                <span className="w-24">blog</span>
+                <span>cname.writekit.dev</span>
+              </div>
+            </div>
+          </div>
+          <div className="flex flex-wrap items-center gap-4">
+            <div className="flex items-center gap-2">
+              <span className="w-2 h-2 rounded-full bg-warning" />
+              <span className="text-sm text-muted">DNS: Pending</span>
+            </div>
+            <div className="flex items-center gap-2">
+              <span className="w-2 h-2 rounded-full bg-muted" />
+              <span className="text-sm text-muted">SSL: Not configured</span>
+            </div>
+          </div>
+          <Button variant="secondary" Icon={Icons.Refresh}>
+            Check DNS
+          </Button>
+        </div>
+      </div>
+    </div>
+  )
+}
diff --git a/studio/src/pages/EngagementPage.tsx b/studio/src/pages/EngagementPage.tsx
new file mode 100644
index 0000000..c57d8d4
--- /dev/null
+++ b/studio/src/pages/EngagementPage.tsx
@@ -0,0 +1,118 @@
+import { useStore } from '@nanostores/react'
+import { $interactions, $interactionsData, $hasInteractionChanges, $saveInteractions, $changedInteractionFields } from '../stores/interactions'
+import { addToast } from '../stores/app'
+import { SaveBar, EngagementPageSkeleton, PageHeader } from '../components/shared'
+import { Toggle, Input } from '../components/ui'
+
+export default function EngagementPage() {
+  const config = useStore($interactions)
+  const { data } = useStore($interactionsData)
+  const hasChanges = useStore($hasInteractionChanges)
+  const changedFields = useStore($changedInteractionFields)
+  const saveInteractions = useStore($saveInteractions)
+
+  const handleSave = async () => {
+    try {
+      await saveInteractions.mutate(config)
+      addToast('Settings saved', 'success')
+    } catch {
+      addToast('Failed to save settings', 'error')
+    }
+  }
+
+  if (!data) return <EngagementPageSkeleton />
+
+  return (
+    <div className="pb-20">
+      <PageHeader />
+
+      {/* Panel container - full-bleed borders */}
+      <div className="-mx-6 lg:-mx-10 mt-6">
+        {/* Comments - single row toggle */}
+        <div className="px-6 lg:px-10 py-5 flex items-center justify-between gap-4">
+          <div>
+            <div className="text-sm font-medium">Comments</div>
+            <div className="text-xs text-muted mt-0.5">Allow readers to comment on your posts</div>
+          </div>
+          <Toggle
+            checked={config.comments_enabled}
+            onChange={v => $interactions.setKey('comments_enabled', v)}
+          />
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* Reactions - toggle with expandable options */}
+        <div className="px-6 lg:px-10 py-5 flex items-center justify-between gap-4">
+          <div>
+            <div className="text-sm font-medium">Reactions</div>
+            <div className="text-xs text-muted mt-0.5">Let readers react to your posts</div>
+          </div>
+          <Toggle
+            checked={config.reactions_enabled}
+            onChange={v => $interactions.setKey('reactions_enabled', v)}
+          />
+        </div>
+
+        {config.reactions_enabled && (
+          <div className="px-6 lg:px-10 py-6 space-y-4">
+            <div className="space-y-1">
+              <label className="label">Reaction Mode</label>
+              <div className="flex gap-2">
+                {['emoji', 'upvote'].map(mode => (
+                  <button
+                    key={mode}
+                    onClick={() => $interactions.setKey('reaction_mode', mode)}
+                    className={`flex-1 p-3 border capitalize transition-colors ${
+                      config.reaction_mode === mode
+                        ? 'border-accent bg-accent/5'
+                        : 'border-border hover:border-muted'
+                    }`}
+                  >
+                    {mode}
+                  </button>
+                ))}
+              </div>
+            </div>
+
+            {config.reaction_mode === 'emoji' && (
+              <div className="space-y-1">
+                <label className="label">Reaction Emojis</label>
+                <Input
+                  value={config.reaction_emojis}
+                  onChange={v => $interactions.setKey('reaction_emojis', v)}
+                  placeholder="👍 ❤️ 🎉 🤔"
+                />
+                <p className="text-xs text-muted">Space-separated list of emoji reactions</p>
+              </div>
+            )}
+
+            {config.reaction_mode === 'upvote' && (
+              <div className="space-y-1">
+                <label className="label">Upvote Icon</label>
+                <Input
+                  value={config.upvote_icon}
+                  onChange={v => $interactions.setKey('upvote_icon', v)}
+                  placeholder="👍"
+                />
+              </div>
+            )}
+
+            <div className="flex items-center justify-between gap-4 pt-2">
+              <div>
+                <div className="text-sm font-medium">Require Authentication</div>
+                <div className="text-xs text-muted mt-0.5">Users must be logged in to react</div>
+              </div>
+              <Toggle
+                checked={config.reactions_require_auth}
+                onChange={v => $interactions.setKey('reactions_require_auth', v)}
+              />
+            </div>
+          </div>
+        )}
+      </div>
+
+      {hasChanges && <SaveBar onSave={handleSave} loading={saveInteractions.loading} changes={changedFields} />}
+    </div>
+  )
+}
diff --git a/studio/src/pages/GeneralPage.tsx b/studio/src/pages/GeneralPage.tsx
new file mode 100644
index 0000000..6a5c9c6
--- /dev/null
+++ b/studio/src/pages/GeneralPage.tsx
@@ -0,0 +1,125 @@
+import { useStore } from '@nanostores/react'
+import { $settings, $settingsData, $hasChanges, $saveSettings, $changedFields } from '../stores/settings'
+import { addToast } from '../stores/app'
+import { Field, SaveBar, GeneralPageSkeleton, PageHeader } from '../components/shared'
+
+export default function GeneralPage() {
+  const settings = useStore($settings)
+  const { data } = useStore($settingsData)
+  const hasChanges = useStore($hasChanges)
+  const changedFields = useStore($changedFields)
+  const saveSettings = useStore($saveSettings)
+
+  const handleSave = async () => {
+    try {
+      await saveSettings.mutate(settings)
+      addToast('Settings saved', 'success')
+    } catch {
+      addToast('Failed to save settings', 'error')
+    }
+  }
+
+  if (!data) return <GeneralPageSkeleton />
+
+  return (
+    <div className="pb-20">
+      <PageHeader />
+
+      {/* Panel container - full-bleed borders */}
+      <div className="-mx-6 lg:-mx-10 mt-6">
+        {/* Site Information */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Site Information</div>
+          <div className="text-xs text-muted mt-0.5">Basic details about your blog</div>
+        </div>
+        <div className="px-6 lg:px-10 py-6 space-y-4">
+          <Field
+            label="Site Name"
+            value={settings.site_name ?? ''}
+            onChange={v => $settings.setKey('site_name', v)}
+            placeholder="My Blog"
+          />
+          <Field
+            label="Description"
+            value={settings.site_description ?? ''}
+            onChange={v => $settings.setKey('site_description', v)}
+            placeholder="A short description of your blog"
+            multiline
+          />
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* Author */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Author</div>
+          <div className="text-xs text-muted mt-0.5">Information about the blog author</div>
+        </div>
+        <div className="px-6 lg:px-10 py-6 space-y-4">
+          <Field
+            label="Name"
+            value={settings.author_name ?? ''}
+            onChange={v => $settings.setKey('author_name', v)}
+            placeholder="John Doe"
+          />
+          <Field
+            label="Role"
+            value={settings.author_role ?? ''}
+            onChange={v => $settings.setKey('author_role', v)}
+            placeholder="Software Engineer"
+          />
+          <Field
+            label="Bio"
+            value={settings.author_bio ?? ''}
+            onChange={v => $settings.setKey('author_bio', v)}
+            placeholder="A short bio about yourself"
+            multiline
+          />
+          <Field
+            label="Photo URL"
+            value={settings.author_photo ?? ''}
+            onChange={v => $settings.setKey('author_photo', v)}
+            placeholder="https://example.com/photo.jpg"
+            hint="URL to your profile photo"
+          />
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* Social Links */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Social Links</div>
+          <div className="text-xs text-muted mt-0.5">Connect your social profiles</div>
+        </div>
+        <div className="px-6 lg:px-10 py-6 space-y-4">
+          <Field
+            label="Twitter Handle"
+            value={settings.twitter_handle ?? ''}
+            onChange={v => $settings.setKey('twitter_handle', v)}
+            placeholder="@username"
+          />
+          <Field
+            label="GitHub Handle"
+            value={settings.github_handle ?? ''}
+            onChange={v => $settings.setKey('github_handle', v)}
+            placeholder="username"
+          />
+          <Field
+            label="LinkedIn Handle"
+            value={settings.linkedin_handle ?? ''}
+            onChange={v => $settings.setKey('linkedin_handle', v)}
+            placeholder="username"
+          />
+          <Field
+            label="Email"
+            value={settings.email ?? ''}
+            onChange={v => $settings.setKey('email', v)}
+            placeholder="hello@example.com"
+          />
+        </div>
+      </div>
+
+      {hasChanges && <SaveBar onSave={handleSave} loading={saveSettings.loading} changes={changedFields} />}
+    </div>
+  )
+}
diff --git a/studio/src/pages/HomePage.tsx b/studio/src/pages/HomePage.tsx
new file mode 100644
index 0000000..689de2b
--- /dev/null
+++ b/studio/src/pages/HomePage.tsx
@@ -0,0 +1,229 @@
+import { useStore } from '@nanostores/react'
+import { $posts } from '../stores/posts'
+import { $analytics } from '../stores/analytics'
+import { Button } from '../components/ui'
+import { BreakdownList, EmptyState, HomePageSkeleton, PageHeader } from '../components/shared'
+import { Icons, getReferrerIcon } from '../components/shared/Icons'
+
+function formatChange(change: number): { text: string; positive: boolean } {
+  const sign = change >= 0 ? '+' : ''
+  return {
+    text: `${sign}${change.toFixed(1)}%`,
+    positive: change >= 0,
+  }
+}
+
+function formatRelativeTime(dateStr: string) {
+  const date = new Date(dateStr)
+  const now = new Date()
+  const diffMs = now.getTime() - date.getTime()
+  const diffMins = Math.floor(diffMs / 60000)
+  const diffHours = Math.floor(diffMs / 3600000)
+  const diffDays = Math.floor(diffMs / 86400000)
+
+  if (diffMins < 1) return 'Just now'
+  if (diffMins < 60) return `${diffMins}m ago`
+  if (diffHours < 24) return `${diffHours}h ago`
+  if (diffDays < 7) return `${diffDays}d ago`
+  return date.toLocaleDateString('en-US', { month: 'short', day: 'numeric' })
+}
+
+function formatDate(dateStr: string) {
+  return new Date(dateStr).toLocaleDateString('en-US', {
+    month: 'short',
+    day: 'numeric',
+  })
+}
+
+function formatViews(views: number) {
+  if (views >= 1000) return `${(views / 1000).toFixed(1)}k`
+  return views.toString()
+}
+
+export default function HomePage() {
+  const { data: posts, error: postsError } = useStore($posts)
+  const { data: analytics } = useStore($analytics)
+
+  if (!posts) return <HomePageSkeleton />
+  if (postsError) return <EmptyState Icon={Icons.AlertCircle} title="Failed to load data" description={postsError.message} />
+
+  const drafts = posts
+    .filter(p => p.draft)
+    .sort((a, b) => new Date(b.updated_at).getTime() - new Date(a.updated_at).getTime())
+    .slice(0, 3)
+
+  const published = posts
+    .filter(p => !p.draft)
+    .sort((a, b) => new Date(b.date).getTime() - new Date(a.date).getTime())
+    .slice(0, 5)
+
+  const publishedCount = posts.filter(p => !p.draft).length
+  const draftCount = posts.filter(p => p.draft).length
+
+  const getPostViews = (slug: string): number => {
+    if (!analytics?.top_pages) return 0
+    const page = analytics.top_pages.find(p => p.path === `/posts/${slug}`)
+    return page?.views || 0
+  }
+
+  const change = analytics ? formatChange(analytics.views_change) : null
+
+  if (posts.length === 0) {
+    return (
+      <div className="space-y-6">
+        <PageHeader />
+        <EmptyState
+          Icon={Icons.PenTool}
+          title="Welcome to WriteKit"
+          description="Create your first post to get started"
+          action={<Button variant="primary" Icon={Icons.Plus} href="/studio/posts/new">Write Your First Post</Button>}
+        />
+      </div>
+    )
+  }
+
+  return (
+    <div>
+      <PageHeader>
+        <Button variant="primary" Icon={Icons.Plus} href="/studio/posts/new">New Post</Button>
+      </PageHeader>
+
+      {/* Panel container - uses negative margins for full-bleed borders */}
+      <div className="-mx-6 lg:-mx-10 mt-6">
+        {/* Stats row */}
+        <div className="relative">
+          {/* Vertical dividers at column boundaries */}
+          <div className="absolute top-0 bottom-0 border-l border-border" style={{ left: '33.333%' }} />
+          <div className="absolute top-0 bottom-0 border-l border-border" style={{ left: '66.666%' }} />
+
+          <div className="grid grid-cols-3">
+            <div className="py-5 pl-6 lg:pl-10 pr-6">
+              <div className="text-xs text-muted mb-1">Views</div>
+              <div className="text-2xl font-semibold tracking-tight">{analytics?.total_views.toLocaleString() || '0'}</div>
+              {change && (
+                <div className={`text-xs mt-1 ${change.positive ? 'text-success' : 'text-danger'}`}>
+                  {change.text} vs last period
+                </div>
+              )}
+            </div>
+            <div className="py-5 px-6">
+              <div className="text-xs text-muted mb-1">Visitors</div>
+              <div className="text-2xl font-semibold tracking-tight">{analytics?.unique_visitors.toLocaleString() || '0'}</div>
+            </div>
+            <div className="py-5 pr-6 lg:pr-10 pl-6">
+              <div className="text-xs text-muted mb-1">Posts</div>
+              <div className="text-2xl font-semibold tracking-tight">{publishedCount}</div>
+              {draftCount > 0 && (
+                <div className="text-xs text-muted mt-1">{draftCount} draft{draftCount > 1 ? 's' : ''}</div>
+              )}
+            </div>
+          </div>
+        </div>
+
+        {/* Full-bleed horizontal divider */}
+        <div className="border-t border-border" />
+
+        {/* Content sections with vertical divider */}
+        <div className="relative">
+          {/* Vertical divider at exact center */}
+          <div className="absolute top-0 bottom-0 left-1/2 border-l border-border" />
+
+          <div className="grid grid-cols-2">
+            {/* Left column: Posts */}
+            <div className="pl-6 lg:pl-10 pr-6 py-6 space-y-6">
+              {/* Drafts */}
+              {drafts.length > 0 && (
+                <div>
+                  <div className="mb-3">
+                    <span className="text-xs font-medium text-muted uppercase tracking-wide">Continue Writing</span>
+                  </div>
+                  <div className="space-y-1">
+                    {drafts.map((post) => (
+                      <a
+                        key={post.id}
+                        href={`/studio/posts/${post.slug}/edit`}
+                        className="group flex items-center justify-between py-2 transition-colors"
+                      >
+                        <div className="flex items-center gap-2.5 min-w-0">
+                          <Icons.Ghost className="text-muted opacity-40 flex-shrink-0 text-sm" />
+                          <span className="text-sm text-text truncate group-hover:text-accent transition-colors">
+                            {post.title || 'Untitled'}
+                          </span>
+                        </div>
+                        <div className="flex items-center gap-2 flex-shrink-0">
+                          <span className="text-xs text-muted">{formatRelativeTime(post.updated_at)}</span>
+                          <Icons.ArrowRight className="w-4 h-4 text-muted group-hover:text-accent transition-colors" />
+                        </div>
+                      </a>
+                    ))}
+                  </div>
+                </div>
+              )}
+
+              {/* Recent posts */}
+              {published.length > 0 && (
+                <div>
+                  <div className="mb-3">
+                    <span className="text-xs font-medium text-muted uppercase tracking-wide">Recent Posts</span>
+                  </div>
+                  <div className="space-y-1">
+                    {published.map((post) => {
+                      const views = getPostViews(post.slug)
+                      return (
+                        <a
+                          key={post.id}
+                          href={`/studio/posts/${post.slug}/edit`}
+                          className="group flex items-center justify-between py-2 transition-colors"
+                        >
+                          <div className="flex items-center gap-2.5 min-w-0">
+                            <Icons.Clock className="text-muted opacity-40 flex-shrink-0 text-sm" />
+                            <span className="text-sm text-text truncate group-hover:text-accent transition-colors">
+                              {post.title}
+                            </span>
+                          </div>
+                          <div className="flex items-center gap-3 flex-shrink-0 text-xs text-muted">
+                            {views > 0 && (
+                              <span className="flex items-center gap-1">
+                                <Icons.Eye className="opacity-50 text-xs" />
+                                {formatViews(views)}
+                              </span>
+                            )}
+                            <span>{formatDate(post.date)}</span>
+                            <Icons.ChevronRight className="w-4 h-4 opacity-0 group-hover:opacity-50 transition-opacity" />
+                          </div>
+                        </a>
+                      )
+                    })}
+                  </div>
+                </div>
+              )}
+            </div>
+
+            {/* Right column: Referrers */}
+            <div className="pr-6 lg:pr-10 pl-6 py-6">
+              <div className="mb-3">
+                <span className="text-xs font-medium text-muted uppercase tracking-wide">Top Referrers</span>
+              </div>
+              {analytics && analytics.top_referrers.length > 0 ? (
+                <BreakdownList
+                  items={analytics.top_referrers.slice(0, 5).map(r => {
+                    const label = r.referrer || 'Direct'
+                    return {
+                      label,
+                      value: r.views,
+                      percentage: (r.views / analytics.total_views) * 100,
+                      Icon: getReferrerIcon(label),
+                    }
+                  })}
+                  limit={5}
+                />
+              ) : (
+                <div className="text-sm text-muted py-8">No referrer data yet</div>
+              )}
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+  )
+}
diff --git a/studio/src/pages/MonetizationPage.tsx b/studio/src/pages/MonetizationPage.tsx
new file mode 100644
index 0000000..c103456
--- /dev/null
+++ b/studio/src/pages/MonetizationPage.tsx
@@ -0,0 +1,75 @@
+import { EmptyState, PageHeader } from '../components/shared'
+import { Icons } from '../components/shared/Icons'
+import { Button } from '../components/ui'
+
+export default function MonetizationPage() {
+  return (
+    <div>
+      <PageHeader />
+
+      {/* Panel container - full-bleed borders */}
+      <div className="-mx-6 lg:-mx-10 mt-6">
+        {/* Membership Tiers */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Membership Tiers</div>
+          <div className="text-xs text-muted mt-0.5">Create subscription tiers for your readers</div>
+        </div>
+        <div className="px-6 lg:px-10 py-6">
+          <EmptyState
+            Icon={Icons.Crown}
+            title="No tiers created"
+            description="Create membership tiers to offer exclusive content"
+            action={<Button variant="primary" Icon={Icons.Plus}>Create Tier</Button>}
+          />
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* Pricing */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="text-xs font-medium text-muted uppercase tracking-wide">Pricing</div>
+          <div className="text-xs text-muted mt-0.5">Set up payments for your membership</div>
+        </div>
+        <div className="px-6 lg:px-10 py-6">
+          <div className="p-4 bg-border/30">
+            <div className="flex items-center gap-3 mb-3">
+              <Icons.Info className="text-muted" />
+              <span className="text-sm font-medium">Payment Integration</span>
+            </div>
+            <p className="text-xs text-muted mb-4">
+              Connect your Stripe account to start accepting payments from your members.
+            </p>
+            <Button variant="secondary" Icon={Icons.Monetization}>
+              Connect Stripe
+            </Button>
+          </div>
+        </div>
+
+        {/* Member-Only Content - inline toggle rows */}
+        <div className="border-t border-border px-6 lg:px-10 py-5 flex items-center justify-between gap-4">
+          <div>
+            <div className="text-sm font-medium">Free Preview</div>
+            <div className="text-xs text-muted mt-0.5">Show a preview before the paywall</div>
+          </div>
+          <label className="relative inline-flex cursor-pointer">
+            <input type="checkbox" className="sr-only peer" />
+            <div className="w-9 h-5 bg-border rounded-full peer peer-checked:bg-accent transition-colors" />
+            <div className="absolute left-0.5 top-0.5 w-4 h-4 bg-surface rounded-full transition-transform peer-checked:translate-x-4" />
+          </label>
+        </div>
+
+        <div className="border-t border-border px-6 lg:px-10 py-5 flex items-center justify-between gap-4">
+          <div>
+            <div className="text-sm font-medium">Show Member Count</div>
+            <div className="text-xs text-muted mt-0.5">Display number of members publicly</div>
+          </div>
+          <label className="relative inline-flex cursor-pointer">
+            <input type="checkbox" className="sr-only peer" />
+            <div className="w-9 h-5 bg-border rounded-full peer peer-checked:bg-accent transition-colors" />
+            <div className="absolute left-0.5 top-0.5 w-4 h-4 bg-surface rounded-full transition-transform peer-checked:translate-x-4" />
+          </label>
+        </div>
+      </div>
+    </div>
+  )
+}
diff --git a/studio/src/pages/PluginsPage.tsx b/studio/src/pages/PluginsPage.tsx
new file mode 100644
index 0000000..fc9f207
--- /dev/null
+++ b/studio/src/pages/PluginsPage.tsx
@@ -0,0 +1,784 @@
+import { useState, useEffect } from 'react'
+import { useStore } from '@nanostores/react'
+import { $plugins, $currentPlugin, $compileResult, $isCompiling, $savePlugin, $deletePlugin, $togglePlugin, compilePlugin, type Plugin } from '../stores/plugins'
+import { $secrets, $createSecret, $deleteSecret } from '../stores/secrets'
+import { $hooks, fetchTemplate } from '../stores/hooks'
+import { $billing } from '../stores/billing'
+import { addToast } from '../stores/app'
+import { SettingsPageSkeleton, EmptyState, PageHeader } from '../components/shared'
+import { Icons } from '../components/shared/Icons'
+import { Button, Input, Modal, Toggle, Tabs, Dropdown, UsageIndicator } from '../components/ui'
+import type { Tab } from '../components/ui'
+import { PluginEditor } from '../components/editor'
+
+interface TestResult {
+  success: boolean
+  phase: 'compile' | 'execute'
+  output?: string
+  logs?: string[]
+  errors?: string[]
+  error?: string
+  compile_ms?: number
+  run_ms?: number
+}
+
+const LANGUAGE_TABS: Tab<'typescript' | 'go'>[] = [
+  { value: 'typescript', label: 'TypeScript', Icon: Icons.TypeScript },
+  { value: 'go', label: 'Go', Icon: Icons.Go },
+]
+
+export default function PluginsPage() {
+  const { data: plugins } = useStore($plugins)
+  const { data: secrets } = useStore($secrets)
+  const { data: hooks } = useStore($hooks)
+  const { data: billing } = useStore($billing)
+  const currentPlugin = useStore($currentPlugin)
+  const compileResult = useStore($compileResult)
+  const isCompiling = useStore($isCompiling)
+
+  const [view, setView] = useState<'list' | 'edit'>('list')
+  const [editingId, setEditingId] = useState<string | null>(null)
+  const [showSecretsPanel, setShowSecretsPanel] = useState(false)
+  const [showTestPanel, setShowTestPanel] = useState(false)
+  const [showSecretModal, setShowSecretModal] = useState(false)
+  const [newSecretKey, setNewSecretKey] = useState('')
+  const [newSecretValue, setNewSecretValue] = useState('')
+  const [isTesting, setIsTesting] = useState(false)
+  const [testResult, setTestResult] = useState<TestResult | null>(null)
+  const [testData, setTestData] = useState<string>('')
+
+  const handleNew = async () => {
+    const template = await fetchTemplate('post.published', 'typescript')
+    $currentPlugin.set({
+      name: '',
+      language: 'typescript',
+      source: template,
+      hooks: ['post.published'],
+      enabled: true,
+    })
+    setEditingId(null)
+    setView('edit')
+  }
+
+  const handleEdit = (plugin: Plugin) => {
+    $currentPlugin.set(plugin)
+    setEditingId(plugin.id)
+    setView('edit')
+  }
+
+  const handleLanguageChange = async (lang: string) => {
+    const prevLang = currentPlugin.language
+    $currentPlugin.setKey('language', lang as Plugin['language'])
+
+    // Update template if this is a new plugin or source matches the old template
+    const currentHook = currentPlugin.hooks?.[0] || 'post.published'
+    if (!editingId) {
+      const template = await fetchTemplate(currentHook, lang)
+      $currentPlugin.setKey('source', template)
+    } else {
+      // Check if current source is the default template for the old language
+      const oldTemplate = await fetchTemplate(currentHook, prevLang || 'typescript')
+      if (currentPlugin.source === oldTemplate) {
+        const newTemplate = await fetchTemplate(currentHook, lang)
+        $currentPlugin.setKey('source', newTemplate)
+      }
+    }
+  }
+
+  const handleHookChange = async (hook: string) => {
+    const prevHook = currentPlugin.hooks?.[0]
+    $currentPlugin.setKey('hooks', [hook])
+
+    // Update test data for new hook from backend
+    const hookInfo = hooks?.find(h => h.name === hook)
+    if (hookInfo?.test_data) {
+      setTestData(JSON.stringify(hookInfo.test_data, null, 2))
+    }
+    setTestResult(null)
+
+    // Update template if this is a new plugin or source matches the old template
+    const lang = currentPlugin.language || 'typescript'
+    if (!editingId) {
+      const template = await fetchTemplate(hook, lang)
+      $currentPlugin.setKey('source', template)
+    } else {
+      // Check if current source is the default template for the old hook
+      const oldTemplate = await fetchTemplate(prevHook || 'post.published', lang)
+      if (currentPlugin.source === oldTemplate) {
+        const newTemplate = await fetchTemplate(hook, lang)
+        $currentPlugin.setKey('source', newTemplate)
+      }
+    }
+  }
+
+  const handleTest = async () => {
+    if (!currentPlugin.source) return
+
+    setIsTesting(true)
+    setTestResult(null)
+
+    try {
+      let testDataObj = {}
+      try {
+        testDataObj = testData ? JSON.parse(testData) : {}
+      } catch {
+        addToast('Invalid test data JSON', 'error')
+        setIsTesting(false)
+        return
+      }
+
+      const res = await fetch('/api/studio/plugins/test', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          language: currentPlugin.language || 'typescript',
+          source: currentPlugin.source,
+          hook: currentPlugin.hooks?.[0] || 'post.published',
+          test_data: testDataObj,
+        }),
+      })
+
+      const result = await res.json()
+      setTestResult(result)
+
+      if (result.success) {
+        addToast('Test passed', 'success')
+      } else if (result.phase === 'compile') {
+        addToast('Compilation failed', 'error')
+      } else {
+        addToast('Execution failed', 'error')
+      }
+    } catch {
+      addToast('Test request failed', 'error')
+    } finally {
+      setIsTesting(false)
+    }
+  }
+
+  // Initialize test data when entering edit mode
+  useEffect(() => {
+    if (view === 'edit' && hooks && hooks.length > 0) {
+      const hook = currentPlugin.hooks?.[0] || 'post.published'
+      const hookInfo = hooks.find(h => h.name === hook)
+      if (hookInfo?.test_data) {
+        setTestData(JSON.stringify(hookInfo.test_data, null, 2))
+      }
+      setTestResult(null)
+    }
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [view, hooks])
+
+  const handleCompile = async () => {
+    const result = await compilePlugin(currentPlugin.language!, currentPlugin.source!)
+    if (result.success) {
+      addToast('Compiled successfully', 'success')
+    } else {
+      addToast('Compilation failed', 'error')
+    }
+  }
+
+  const handleSave = async () => {
+    if (!currentPlugin.name) {
+      addToast('Plugin name is required', 'error')
+      return
+    }
+
+    const result = await compilePlugin(currentPlugin.language!, currentPlugin.source!)
+    if (!result.success) {
+      addToast('Fix compilation errors before saving', 'error')
+      return
+    }
+
+    try {
+      await $savePlugin.mutate({
+        ...(currentPlugin as Plugin),
+        id: editingId || crypto.randomUUID(),
+        wasm: result.wasm,
+      })
+      addToast('Plugin saved', 'success')
+      setView('list')
+    } catch (err) {
+      console.error('Save plugin error:', err)
+      addToast(`Failed to save plugin: ${err instanceof Error ? err.message : 'Unknown error'}`, 'error')
+    }
+  }
+
+  const handleDelete = async (id: string) => {
+    if (!confirm('Delete this plugin?')) return
+    try {
+      await $deletePlugin.mutate(id)
+      addToast('Plugin deleted', 'success')
+    } catch {
+      addToast('Failed to delete plugin', 'error')
+    }
+  }
+
+  const handleToggle = async (id: string, enabled: boolean) => {
+    await $togglePlugin.mutate({ id, enabled })
+  }
+
+  const handleAddSecret = async () => {
+    if (!newSecretKey || !newSecretValue) return
+    try {
+      await $createSecret.mutate({ key: newSecretKey, value: newSecretValue })
+      addToast('Secret added', 'success')
+      setNewSecretKey('')
+      setNewSecretValue('')
+      setShowSecretModal(false)
+    } catch {
+      addToast('Failed to add secret', 'error')
+    }
+  }
+
+  const handleDeleteSecret = async (key: string) => {
+    if (!confirm(`Delete secret "${key}"?`)) return
+    try {
+      await $deleteSecret.mutate(key)
+      addToast('Secret deleted', 'success')
+    } catch {
+      addToast('Failed to delete secret', 'error')
+    }
+  }
+
+  if (!plugins || !secrets || !hooks) return <SettingsPageSkeleton />
+
+  // ═══════════════════════════════════════════════════════════════════════════
+  // EDIT VIEW - Full-screen editor experience
+  // ═══════════════════════════════════════════════════════════════════════════
+  if (view === 'edit') {
+    return (
+      <div className="fixed inset-0 z-40 flex flex-col bg-bg">
+        {/* Header Bar */}
+        <div className="flex-none border-b border-border bg-surface px-4 py-3">
+          <div className="flex items-center justify-between gap-4">
+            {/* Left: Back + Name */}
+            <div className="flex items-center gap-3 flex-1 min-w-0">
+              <button
+                onClick={() => setView('list')}
+                className="p-1.5 -ml-1.5 text-muted hover:text-text hover:bg-bg rounded transition-colors"
+                title="Back to plugins"
+              >
+                <Icons.ArrowLeft className="w-5 h-5" />
+              </button>
+              <input
+                type="text"
+                value={currentPlugin.name || ''}
+                onChange={e => $currentPlugin.setKey('name', e.target.value)}
+                placeholder="Plugin name..."
+                className="flex-1 min-w-0 text-lg font-medium bg-transparent border-none outline-none placeholder:text-muted/50"
+              />
+            </div>
+
+            {/* Right: Actions */}
+            <div className="flex items-center gap-2 flex-none">
+              <button
+                onClick={() => { setShowTestPanel(!showTestPanel); setShowSecretsPanel(false) }}
+                className={`flex items-center gap-1.5 px-3 py-1.5 text-sm rounded transition-colors ${
+                  showTestPanel ? 'bg-accent/10 text-accent' : 'text-muted hover:text-text hover:bg-bg'
+                }`}
+              >
+                <Icons.Play className="w-4 h-4" />
+                <span className="hidden sm:inline">Test</span>
+              </button>
+              <button
+                onClick={() => { setShowSecretsPanel(!showSecretsPanel); setShowTestPanel(false) }}
+                className={`flex items-center gap-1.5 px-3 py-1.5 text-sm rounded transition-colors ${
+                  showSecretsPanel ? 'bg-accent/10 text-accent' : 'text-muted hover:text-text hover:bg-bg'
+                }`}
+              >
+                <Icons.Key className="w-4 h-4" />
+                <span className="hidden sm:inline">Secrets</span>
+                {secrets?.length ? (
+                  <span className="ml-1 px-1.5 py-0.5 text-xs bg-bg rounded-full">{secrets.length}</span>
+                ) : null}
+              </button>
+              <div className="w-px h-6 bg-border mx-1" />
+              <Button variant="secondary" onClick={handleCompile} disabled={isCompiling}>
+                {isCompiling ? (
+                  <>
+                    <Icons.Loader className="w-4 h-4 animate-spin" />
+                    <span className="hidden sm:inline ml-1.5">Compiling...</span>
+                  </>
+                ) : (
+                  <>
+                    <Icons.Check className="w-4 h-4" />
+                    <span className="hidden sm:inline ml-1.5">Compile</span>
+                  </>
+                )}
+              </Button>
+              <Button variant="primary" onClick={handleSave} disabled={isCompiling}>
+                <Icons.Save className="w-4 h-4" />
+                <span className="hidden sm:inline ml-1.5">Save</span>
+              </Button>
+            </div>
+          </div>
+
+          {/* Configuration Row */}
+          <div className="flex items-center gap-4 mt-3">
+            <Tabs
+              value={(currentPlugin.language || 'typescript') as 'typescript' | 'go'}
+              onChange={handleLanguageChange}
+              tabs={LANGUAGE_TABS}
+            />
+            <div className="w-px h-6 bg-border" />
+            <div className="flex items-center gap-2">
+              <label className="text-xs text-muted">Hook</label>
+              <Dropdown
+                value={currentPlugin.hooks?.[0] || 'post.published'}
+                onChange={handleHookChange}
+                options={(hooks || []).map(h => ({ value: h.name, label: h.label, description: h.description }))}
+                className="w-56"
+              />
+            </div>
+          </div>
+        </div>
+
+        {/* Main Content Area */}
+        <div className="flex-1 flex min-h-0 overflow-hidden">
+          {/* Editor */}
+          <div className="flex-1 flex flex-col min-w-0">
+            <div className="flex-1 min-h-0">
+              <PluginEditor
+                language={currentPlugin.language || 'typescript'}
+                value={currentPlugin.source || ''}
+                onChange={v => $currentPlugin.setKey('source', v)}
+                height="100%"
+                secretKeys={secrets?.map(s => s.key) || []}
+                hook={currentPlugin.hooks?.[0] || 'post.published'}
+              />
+            </div>
+
+            {/* Compile Status Bar */}
+            {compileResult && (
+              <div className={`flex-none px-4 py-2 text-sm font-mono border-t ${
+                compileResult.success
+                  ? 'bg-success/5 text-success border-success/20'
+                  : 'bg-danger/5 text-danger border-danger/20'
+              }`}>
+                {compileResult.success ? (
+                  <div className="flex items-center gap-2">
+                    <Icons.Check className="w-4 h-4" />
+                    <span>Compiled successfully</span>
+                    <span className="text-muted">·</span>
+                    <span className="text-muted">{(compileResult.size! / 1024).toFixed(1)} KB</span>
+                    <span className="text-muted">·</span>
+                    <span className="text-muted">{compileResult.time_ms}ms</span>
+                  </div>
+                ) : (
+                  <div className="flex items-start gap-2">
+                    <Icons.AlertCircle className="w-4 h-4 mt-0.5 flex-none" />
+                    <pre className="whitespace-pre-wrap overflow-auto max-h-32">{compileResult.errors?.join('\n')}</pre>
+                  </div>
+                )}
+              </div>
+            )}
+          </div>
+
+          {/* Test Panel (Slide-in) */}
+          {showTestPanel && (
+            <div className="w-96 flex-none border-l border-border bg-surface overflow-y-auto flex flex-col">
+              <div className="p-4 border-b border-border flex-none">
+                <div className="flex items-center justify-between mb-2">
+                  <h3 className="font-medium">Test Plugin</h3>
+                  <button
+                    onClick={() => setShowTestPanel(false)}
+                    className="p-1 text-muted hover:text-text rounded"
+                  >
+                    <Icons.Close className="w-4 h-4" />
+                  </button>
+                </div>
+                <p className="text-xs text-muted">
+                  Run your plugin with test data to verify it works correctly.
+                </p>
+              </div>
+
+              <div className="flex-1 flex flex-col min-h-0 overflow-hidden">
+                {/* Test Data Input */}
+                <div className="p-4 border-b border-border flex-none">
+                  <label className="text-xs font-medium text-muted uppercase tracking-wide mb-2 block">
+                    Test Data (JSON)
+                  </label>
+                  <textarea
+                    value={testData}
+                    onChange={e => setTestData(e.target.value)}
+                    className="w-full h-40 p-3 text-xs font-mono bg-bg border border-border rounded resize-none focus:outline-none focus:border-accent"
+                    placeholder="{}"
+                  />
+                </div>
+
+                {/* Run Button */}
+                <div className="p-4 border-b border-border flex-none">
+                  <Button
+                    variant="primary"
+                    className="w-full"
+                    onClick={handleTest}
+                    disabled={isTesting}
+                  >
+                    {isTesting ? (
+                      <>
+                        <Icons.Loader className="w-4 h-4 animate-spin" />
+                        Running...
+                      </>
+                    ) : (
+                      <>
+                        <Icons.Play className="w-4 h-4" />
+                        Run Test
+                      </>
+                    )}
+                  </Button>
+                </div>
+
+                {/* Test Results */}
+                {testResult && (
+                  <div className="flex-1 overflow-y-auto p-4">
+                    <div className={`mb-4 p-3 rounded ${
+                      testResult.success
+                        ? 'bg-success/10 text-success border border-success/20'
+                        : 'bg-danger/10 text-danger border border-danger/20'
+                    }`}>
+                      <div className="flex items-center gap-2 text-sm font-medium">
+                        {testResult.success ? (
+                          <>
+                            <Icons.Check className="w-4 h-4" />
+                            Test Passed
+                          </>
+                        ) : (
+                          <>
+                            <Icons.AlertCircle className="w-4 h-4" />
+                            Test Failed ({testResult.phase})
+                          </>
+                        )}
+                      </div>
+                      {(testResult.compile_ms != null || testResult.run_ms != null) && (
+                        <div className="text-xs mt-1 opacity-80">
+                          {testResult.compile_ms != null && <span>Compile: {testResult.compile_ms}ms</span>}
+                          {testResult.compile_ms != null && testResult.run_ms != null && <span> · </span>}
+                          {testResult.run_ms != null && <span>Run: {testResult.run_ms}ms</span>}
+                        </div>
+                      )}
+                    </div>
+
+                    {/* Errors */}
+                    {testResult.errors && testResult.errors.length > 0 && (
+                      <div className="mb-4">
+                        <label className="text-xs font-medium text-muted uppercase tracking-wide mb-2 block">
+                          Compile Errors
+                        </label>
+                        <pre className="p-3 text-xs font-mono bg-danger/5 text-danger border border-danger/20 rounded overflow-x-auto whitespace-pre-wrap">
+                          {testResult.errors.join('\n')}
+                        </pre>
+                      </div>
+                    )}
+
+                    {testResult.error && (
+                      <div className="mb-4">
+                        <label className="text-xs font-medium text-muted uppercase tracking-wide mb-2 block">
+                          Runtime Error
+                        </label>
+                        <pre className="p-3 text-xs font-mono bg-danger/5 text-danger border border-danger/20 rounded overflow-x-auto whitespace-pre-wrap">
+                          {testResult.error}
+                        </pre>
+                      </div>
+                    )}
+
+                    {/* Logs */}
+                    {testResult.logs && testResult.logs.length > 0 && (
+                      <div className="mb-4">
+                        <label className="text-xs font-medium text-muted uppercase tracking-wide mb-2 block">
+                          Logs
+                        </label>
+                        <div className="p-3 text-xs font-mono bg-bg border border-border rounded overflow-x-auto">
+                          {testResult.logs.map((log, i) => (
+                            <div key={i} className={`${
+                              log.startsWith('[HTTP]') ? 'text-cyan-500' :
+                              log.startsWith('[KV]') ? 'text-yellow-500' :
+                              log.startsWith('[LOG]') ? 'text-text' : 'text-muted'
+                            }`}>
+                              {log}
+                            </div>
+                          ))}
+                        </div>
+                      </div>
+                    )}
+
+                    {/* Output */}
+                    {testResult.output && (
+                      <div>
+                        <label className="text-xs font-medium text-muted uppercase tracking-wide mb-2 block">
+                          Output
+                        </label>
+                        <pre className="p-3 text-xs font-mono bg-bg border border-border rounded overflow-x-auto whitespace-pre-wrap">
+                          {testResult.output}
+                        </pre>
+                      </div>
+                    )}
+                  </div>
+                )}
+              </div>
+            </div>
+          )}
+
+          {/* Secrets Panel (Slide-in) */}
+          {showSecretsPanel && (
+            <div className="w-72 flex-none border-l border-border bg-surface overflow-y-auto">
+              <div className="p-4">
+                <div className="flex items-center justify-between mb-4">
+                  <h3 className="font-medium">Secrets</h3>
+                  <button
+                    onClick={() => setShowSecretsPanel(false)}
+                    className="p-1 text-muted hover:text-text rounded"
+                  >
+                    <Icons.Close className="w-4 h-4" />
+                  </button>
+                </div>
+
+                <p className="text-xs text-muted mb-4">
+                  Access secrets in your code as <code className="px-1 py-0.5 bg-bg rounded">Runner.secrets.KEY_NAME</code>
+                </p>
+
+                {secrets?.length ? (
+                  <div className="space-y-2 mb-4">
+                    {secrets.map(s => (
+                      <div key={s.key} className="flex items-center justify-between p-2 bg-bg rounded group">
+                        <code className="text-xs font-mono truncate">{s.key}</code>
+                        <button
+                          onClick={() => handleDeleteSecret(s.key)}
+                          className="p-1 text-muted hover:text-danger opacity-0 group-hover:opacity-100 transition-opacity"
+                        >
+                          <Icons.Trash className="w-3.5 h-3.5" />
+                        </button>
+                      </div>
+                    ))}
+                  </div>
+                ) : (
+                  <div className="py-6 text-center text-sm text-muted">
+                    <Icons.Key className="w-8 h-8 mx-auto mb-2 opacity-30" />
+                    <p>No secrets yet</p>
+                  </div>
+                )}
+
+                <Button variant="secondary" className="w-full" onClick={() => setShowSecretModal(true)}>
+                  <Icons.Plus className="w-4 h-4" />
+                  Add Secret
+                </Button>
+              </div>
+            </div>
+          )}
+        </div>
+
+        {/* Secret Modal */}
+        <Modal open={showSecretModal} onClose={() => setShowSecretModal(false)} title="Add Secret">
+          <div className="space-y-4">
+            <div>
+              <label className="label">Key</label>
+              <Input
+                value={newSecretKey}
+                onChange={v => setNewSecretKey(v.toUpperCase().replace(/[^A-Z0-9_]/g, ''))}
+                placeholder="SLACK_WEBHOOK"
+              />
+              <p className="text-xs text-muted mt-1.5">Use UPPER_SNAKE_CASE</p>
+            </div>
+            <div>
+              <label className="label">Value</label>
+              <Input
+                type="password"
+                value={newSecretValue}
+                onChange={setNewSecretValue}
+                placeholder="https://hooks.slack.com/..."
+              />
+            </div>
+            <div className="flex justify-end gap-2 pt-2">
+              <Button variant="secondary" onClick={() => setShowSecretModal(false)}>Cancel</Button>
+              <Button variant="primary" onClick={handleAddSecret}>Add Secret</Button>
+            </div>
+          </div>
+        </Modal>
+      </div>
+    )
+  }
+
+  // ═══════════════════════════════════════════════════════════════════════════
+  // LIST VIEW - Plugin management
+  // ═══════════════════════════════════════════════════════════════════════════
+  return (
+    <div>
+      <PageHeader>
+        {billing && billing.usage.plugins >= billing.tiers[billing.current_tier].max_plugins ? (
+          <div className="flex items-center gap-3">
+            <span className="text-sm text-muted">Plugin limit reached</span>
+            <Button variant="primary" href="/studio/billing">Upgrade</Button>
+          </div>
+        ) : (
+          <Button variant="primary" onClick={handleNew}>
+            <Icons.Plus className="w-4 h-4" />
+            New Plugin
+          </Button>
+        )}
+      </PageHeader>
+
+      {/* Panel container - full-bleed borders */}
+      <div className="-mx-6 lg:-mx-10">
+        {/* Plugin List */}
+        <div className="px-6 lg:px-10 py-5">
+          <div className="flex items-center justify-between">
+            <div className="text-xs font-medium text-muted uppercase tracking-wide">Your Plugins</div>
+            {billing && (
+              <UsageIndicator
+                used={billing.usage.plugins}
+                max={billing.tiers[billing.current_tier].max_plugins}
+                label="used"
+              />
+            )}
+          </div>
+        </div>
+        <div className="border-t border-border">
+          {!plugins?.length ? (
+            <div className="px-6 lg:px-10 py-12">
+              <EmptyState
+                Icon={Icons.Code}
+                title="No plugins yet"
+                description="Create plugins to add notifications, integrations, content moderation, and more"
+              />
+              <div className="flex justify-center mt-6">
+                <Button variant="primary" onClick={handleNew}>
+                  <Icons.Plus className="w-4 h-4" />
+                  Create your first plugin
+                </Button>
+              </div>
+            </div>
+          ) : (
+            plugins.map((plugin, i) => {
+              const hookInfo = hooks?.find(h => h.name === plugin.hooks[0])
+              const langTab = LANGUAGE_TABS.find(l => l.value === plugin.language)
+              const LangIcon = langTab?.Icon
+
+              return (
+                <div
+                  key={plugin.id}
+                  className={`group flex items-center justify-between px-6 lg:px-10 py-4 hover:bg-surface/50 transition-colors ${i > 0 ? 'border-t border-border' : ''}`}
+                >
+                  <div className="flex items-center gap-4 min-w-0">
+                    <div
+                      className={`w-2.5 h-2.5 rounded-full flex-none ${
+                        plugin.enabled ? 'bg-success' : 'bg-border'
+                      }`}
+                      title={plugin.enabled ? 'Enabled' : 'Disabled'}
+                    />
+                    <div className="min-w-0">
+                      <div className="font-medium truncate">{plugin.name}</div>
+                      <div className="flex items-center gap-2 text-xs text-muted mt-0.5">
+                        <span>{hookInfo?.label || plugin.hooks[0]}</span>
+                        <span>·</span>
+                        <span className="flex items-center gap-1">
+                          {LangIcon && <LangIcon className="w-3.5 h-3.5" />}
+                          {langTab?.label || plugin.language}
+                        </span>
+                        {plugin.wasm_size ? (
+                          <>
+                            <span>·</span>
+                            <span>{(plugin.wasm_size / 1024).toFixed(1)} KB</span>
+                          </>
+                        ) : null}
+                      </div>
+                    </div>
+                  </div>
+
+                  <div className="flex items-center gap-1">
+                    <Toggle
+                      checked={plugin.enabled}
+                      onChange={v => handleToggle(plugin.id, v)}
+                    />
+                    <button
+                      onClick={() => handleEdit(plugin)}
+                      className="p-2 text-muted hover:text-text hover:bg-bg rounded transition-colors"
+                      title="Edit"
+                    >
+                      <Icons.Edit className="w-4 h-4" />
+                    </button>
+                    <button
+                      onClick={() => handleDelete(plugin.id)}
+                      className="p-2 text-muted hover:text-danger hover:bg-danger/5 rounded transition-colors"
+                      title="Delete"
+                    >
+                      <Icons.Trash className="w-4 h-4" />
+                    </button>
+                  </div>
+                </div>
+              )
+            })
+          )}
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* Secrets Section */}
+        <div className="px-6 lg:px-10 py-5 flex items-center justify-between">
+          <div>
+            <div className="text-xs font-medium text-muted uppercase tracking-wide">Secrets</div>
+            <div className="text-xs text-muted mt-0.5">API keys and sensitive data available to all plugins</div>
+          </div>
+          <Button variant="secondary" onClick={() => setShowSecretModal(true)}>
+            <Icons.Plus className="w-4 h-4" />
+            Add Secret
+          </Button>
+        </div>
+        <div className="px-6 lg:px-10 py-6">
+          {!secrets?.length ? (
+            <div className="py-8 text-center border border-dashed border-border">
+              <Icons.Key className="w-8 h-8 mx-auto text-muted/30 mb-2" />
+              <p className="text-sm text-muted">No secrets configured</p>
+              <p className="text-xs text-muted mt-1">Add API keys for services like Slack, Resend, or OpenAI</p>
+            </div>
+          ) : (
+            <div className="grid gap-2 sm:grid-cols-2 lg:grid-cols-3">
+              {secrets.map(s => (
+                <div key={s.key} className="flex items-center justify-between p-3 bg-surface border border-border group">
+                  <div className="flex items-center gap-2 min-w-0">
+                    <Icons.Key className="w-4 h-4 text-muted flex-none" />
+                    <code className="text-sm font-mono truncate">{s.key}</code>
+                  </div>
+                  <button
+                    onClick={() => handleDeleteSecret(s.key)}
+                    className="p-1.5 text-muted hover:text-danger hover:bg-danger/5 rounded opacity-0 group-hover:opacity-100 transition-all"
+                    title="Delete"
+                  >
+                    <Icons.Trash className="w-4 h-4" />
+                  </button>
+                </div>
+              ))}
+            </div>
+          )}
+        </div>
+      </div>
+
+      {/* Add Secret Modal */}
+      <Modal open={showSecretModal} onClose={() => setShowSecretModal(false)} title="Add Secret">
+        <div className="space-y-4">
+          <div>
+            <label className="label">Key</label>
+            <Input
+              value={newSecretKey}
+              onChange={v => setNewSecretKey(v.toUpperCase().replace(/[^A-Z0-9_]/g, ''))}
+              placeholder="SLACK_WEBHOOK"
+            />
+            <p className="text-xs text-muted mt-1.5">Use UPPER_SNAKE_CASE for consistency</p>
+          </div>
+          <div>
+            <label className="label">Value</label>
+            <Input
+              type="password"
+              value={newSecretValue}
+              onChange={setNewSecretValue}
+              placeholder="https://hooks.slack.com/..."
+            />
+            <p className="text-xs text-muted mt-1.5">Stored encrypted, never displayed again</p>
+          </div>
+          <div className="flex justify-end gap-2 pt-2">
+            <Button variant="secondary" onClick={() => setShowSecretModal(false)}>Cancel</Button>
+            <Button variant="primary" onClick={handleAddSecret}>Add Secret</Button>
+          </div>
+        </div>
+      </Modal>
+    </div>
+  )
+}
diff --git a/studio/src/pages/PostEditorPage.tsx b/studio/src/pages/PostEditorPage.tsx
new file mode 100644
index 0000000..aebed5f
--- /dev/null
+++ b/studio/src/pages/PostEditorPage.tsx
@@ -0,0 +1,285 @@
+import { useState, useEffect } from 'react'
+import { useStore } from '@nanostores/react'
+import { $router } from '../stores/router'
+import {
+  $editorMode,
+  $editorPost,
+  $hasChanges,
+  $isNewPost,
+  $hasDraft,
+  $isSaving,
+  $isPublishing,
+  $savePost,
+  initNewPost,
+  loadPost,
+  updateTitle,
+  triggerAutoSave,
+  discardDraft,
+  publishPost,
+  unpublishPost,
+  getPreviewUrl,
+  type EditorMode
+} from '../stores/editor'
+import { addToast } from '../stores/app'
+import { SettingsPageSkeleton } from '../components/shared'
+import { Icons } from '../components/shared/Icons'
+import { Button, Tabs } from '../components/ui'
+import type { Tab } from '../components/ui'
+import { PostEditor } from '../components/editor/PostEditor'
+import { SourceEditor } from '../components/editor/SourceEditor'
+import { MetadataPanel } from '../components/editor/MetadataPanel'
+
+const MODE_TABS: Tab<EditorMode>[] = [
+  { value: 'edit', label: 'Edit' },
+  { value: 'source', label: 'Source' },
+]
+
+export default function PostEditorPage() {
+  const router = useStore($router)
+  const mode = useStore($editorMode)
+  const post = useStore($editorPost)
+  const hasChanges = useStore($hasChanges)
+  const isNew = useStore($isNewPost)
+  const hasDraft = useStore($hasDraft)
+  const isSaving = useStore($isSaving)
+  const isPublishing = useStore($isPublishing)
+  const savePostStore = useStore($savePost)
+
+  const [showMetadata, setShowMetadata] = useState(true)
+  const [isLoading, setIsLoading] = useState(true)
+
+  useEffect(() => {
+    const init = async () => {
+      setIsLoading(true)
+      if (router?.route === 'postNew') {
+        initNewPost()
+      } else if (router?.route === 'postEdit' && router.params && 'slug' in router.params) {
+        const success = await loadPost(router.params.slug as string)
+        if (!success) {
+          addToast('Post not found', 'error')
+          $router.open('posts')
+          return
+        }
+      }
+      setIsLoading(false)
+    }
+    init()
+  }, [router])
+
+  const handleContentChange = (markdown: string) => {
+    $editorPost.setKey('content', markdown)
+    triggerAutoSave()
+  }
+
+  const handleTitleChange = (title: string) => {
+    updateTitle(title)
+    triggerAutoSave()
+  }
+
+  const handleCreate = async () => {
+    if (!post.title) {
+      addToast('Title is required', 'error')
+      return
+    }
+
+    try {
+      await savePostStore.mutate(post)
+      addToast('Post created', 'success')
+      if (post.slug) {
+        window.history.replaceState(null, '', `/studio/posts/${post.slug}/edit`)
+      }
+    } catch (err) {
+      addToast(err instanceof Error ? err.message : 'Failed to create post', 'error')
+    }
+  }
+
+  const handlePublish = async () => {
+    const success = await publishPost()
+    if (success) {
+      addToast('Published successfully', 'success')
+    } else {
+      addToast('Failed to publish', 'error')
+    }
+  }
+
+  const handleUnpublish = async () => {
+    const success = await unpublishPost()
+    if (success) {
+      addToast('Unpublished', 'success')
+    } else {
+      addToast('Failed to unpublish', 'error')
+    }
+  }
+
+  const handleDiscardDraft = async () => {
+    if (!confirm('Discard all changes and revert to the published version?')) {
+      return
+    }
+    const success = await discardDraft()
+    if (success) {
+      addToast('Draft discarded', 'success')
+    } else {
+      addToast('Failed to discard draft', 'error')
+    }
+  }
+
+  const handlePreview = () => {
+    const url = getPreviewUrl()
+    if (url) window.open(url, '_blank')
+  }
+
+  const handleBack = () => {
+    if (hasChanges && !confirm('You have unsaved changes. Leave anyway?')) {
+      return
+    }
+    $router.open('posts')
+  }
+
+  if (isLoading) return <SettingsPageSkeleton />
+
+  return (
+    <div className="fixed inset-0 z-40 flex flex-col bg-bg">
+      {/* Header Bar */}
+      <div className="flex-none border-b border-border bg-surface px-4 py-3">
+        <div className="flex items-center justify-between gap-4">
+          {/* Left: Back + Title */}
+          <div className="flex items-center gap-3 flex-1 min-w-0">
+            <button
+              onClick={handleBack}
+              className="p-1.5 -ml-1.5 text-muted hover:text-text hover:bg-bg rounded transition-colors"
+              title="Back to posts"
+            >
+              <Icons.ArrowLeft className="w-5 h-5" />
+            </button>
+            <input
+              type="text"
+              value={post.title}
+              onChange={e => handleTitleChange(e.target.value)}
+              placeholder="Post title..."
+              className="flex-1 min-w-0 text-lg font-medium bg-transparent border-none outline-none placeholder:text-muted/50"
+            />
+          </div>
+
+          {/* Center: Mode Toggle */}
+          <div className="flex-none">
+            <Tabs
+              value={mode}
+              onChange={(v) => $editorMode.set(v as EditorMode)}
+              tabs={MODE_TABS}
+            />
+          </div>
+
+          {/* Right: Actions */}
+          <div className="flex items-center gap-2 flex-none">
+            <button
+              onClick={() => setShowMetadata(!showMetadata)}
+              className={`flex items-center gap-1.5 px-3 py-1.5 text-sm rounded transition-colors ${
+                showMetadata ? 'bg-accent/10 text-accent' : 'text-muted hover:text-text hover:bg-bg'
+              }`}
+              title="Toggle metadata panel"
+            >
+              <Icons.Settings className="w-4 h-4" />
+            </button>
+            <Button
+              variant="secondary"
+              onClick={handlePreview}
+              disabled={!post.slug}
+            >
+              <Icons.Eye className="w-4 h-4" />
+              <span className="hidden sm:inline ml-1.5">Preview</span>
+            </Button>
+
+            {isNew ? (
+              <Button
+                variant="primary"
+                onClick={handleCreate}
+                disabled={savePostStore.loading}
+              >
+                {savePostStore.loading ? (
+                  <>
+                    <Icons.Loader className="w-4 h-4 animate-spin" />
+                    <span className="hidden sm:inline ml-1.5">Creating...</span>
+                  </>
+                ) : (
+                  <>
+                    <Icons.Plus className="w-4 h-4" />
+                    <span className="hidden sm:inline ml-1.5">Create</span>
+                  </>
+                )}
+              </Button>
+            ) : (
+              <>
+                {isSaving && (
+                  <span className="flex items-center gap-1.5 text-xs text-muted">
+                    <Icons.Loader className="w-3.5 h-3.5 animate-spin" />
+                    <span className="hidden sm:inline">Saving...</span>
+                  </span>
+                )}
+                {!isSaving && hasChanges && (
+                  <span className="text-xs text-muted">Unsaved</span>
+                )}
+                {hasDraft && (
+                  <Button
+                    variant="secondary"
+                    onClick={handleDiscardDraft}
+                    disabled={isSaving || isPublishing}
+                  >
+                    <Icons.Undo className="w-4 h-4" />
+                    <span className="hidden sm:inline ml-1.5">Discard</span>
+                  </Button>
+                )}
+                {!post.draft ? (
+                  <Button
+                    variant="secondary"
+                    onClick={handleUnpublish}
+                    disabled={isPublishing}
+                  >
+                    <Icons.EyeOff className="w-4 h-4" />
+                    <span className="hidden sm:inline ml-1.5">Unpublish</span>
+                  </Button>
+                ) : (
+                  <Button
+                    variant="primary"
+                    onClick={handlePublish}
+                    disabled={isPublishing}
+                  >
+                    {isPublishing ? (
+                      <>
+                        <Icons.Loader className="w-4 h-4 animate-spin" />
+                        <span className="hidden sm:inline ml-1.5">Publishing...</span>
+                      </>
+                    ) : (
+                      <>
+                        <Icons.Send className="w-4 h-4" />
+                        <span className="hidden sm:inline ml-1.5">Publish</span>
+                      </>
+                    )}
+                  </Button>
+                )}
+              </>
+            )}
+          </div>
+        </div>
+      </div>
+
+      {/* Main Content Area */}
+      <div className="flex-1 flex min-h-0 overflow-hidden">
+        {/* Editor */}
+        <div className="flex-1 flex flex-col min-w-0 overflow-hidden">
+          <div className="flex-1 min-h-0 overflow-auto">
+            {mode === 'edit' ? (
+              <PostEditor onChange={handleContentChange} />
+            ) : (
+              <SourceEditor onChange={handleContentChange} />
+            )}
+          </div>
+        </div>
+
+        {/* Metadata Panel (Slide-in) */}
+        {showMetadata && (
+          <MetadataPanel onClose={() => setShowMetadata(false)} />
+        )}
+      </div>
+    </div>
+  )
+}
diff --git a/studio/src/pages/PostsPage.tsx b/studio/src/pages/PostsPage.tsx
new file mode 100644
index 0000000..ccd2ed1
--- /dev/null
+++ b/studio/src/pages/PostsPage.tsx
@@ -0,0 +1,302 @@
+import { useStore } from '@nanostores/react'
+import { $posts, $deletePost } from '../stores/posts'
+import { $analytics } from '../stores/analytics'
+import { addToast } from '../stores/app'
+import { Button, Modal, Badge, ActionMenu, Input, Tabs } from '../components/ui'
+import { EmptyState, PostsPageSkeleton, PageHeader } from '../components/shared'
+import { Icons } from '../components/shared/Icons'
+import { useState, useMemo } from 'react'
+import type { Post } from '../types'
+
+type FilterTab = 'all' | 'published' | 'drafts'
+
+export default function PostsPage() {
+  const { data, error } = useStore($posts)
+  const { data: analytics } = useStore($analytics)
+  const deletePostMutation = useStore($deletePost)
+  const [deleteModal, setDeleteModal] = useState<Post | null>(null)
+  const [search, setSearch] = useState('')
+  const [filter, setFilter] = useState<FilterTab>('all')
+
+  const handleDelete = async () => {
+    if (!deleteModal) return
+    try {
+      await deletePostMutation.mutate(deleteModal.slug)
+      addToast('Post deleted', 'success')
+      setDeleteModal(null)
+    } catch {
+      addToast('Failed to delete post', 'error')
+    }
+  }
+
+  const copyUrl = (slug: string) => {
+    const url = `${window.location.origin}/posts/${slug}`
+    navigator.clipboard.writeText(url)
+    addToast('URL copied', 'success')
+  }
+
+  const getPostViews = (slug: string): number => {
+    if (!analytics?.top_pages) return 0
+    const page = analytics.top_pages.find(p => p.path === `/posts/${slug}`)
+    return page?.views || 0
+  }
+
+  const formatRelativeTime = (dateStr: string) => {
+    const date = new Date(dateStr)
+    const now = new Date()
+    const diffMs = now.getTime() - date.getTime()
+    const diffMins = Math.floor(diffMs / 60000)
+    const diffHours = Math.floor(diffMs / 3600000)
+    const diffDays = Math.floor(diffMs / 86400000)
+
+    if (diffMins < 1) return 'Just now'
+    if (diffMins < 60) return `${diffMins}m ago`
+    if (diffHours < 24) return `${diffHours}h ago`
+    if (diffDays < 7) return `${diffDays}d ago`
+    return date.toLocaleDateString('en-US', { month: 'short', day: 'numeric' })
+  }
+
+  const formatDate = (dateStr: string) => {
+    return new Date(dateStr).toLocaleDateString('en-US', {
+      month: 'short',
+      day: 'numeric',
+    })
+  }
+
+  const formatViews = (views: number) => {
+    if (views >= 1000) return `${(views / 1000).toFixed(1)}k`
+    return views.toString()
+  }
+
+  const filteredPosts = useMemo(() => {
+    if (!data) return []
+
+    let posts = [...data]
+
+    if (filter === 'published') {
+      posts = posts.filter(p => !p.draft)
+    } else if (filter === 'drafts') {
+      posts = posts.filter(p => p.draft)
+    }
+
+    if (search.trim()) {
+      const q = search.toLowerCase()
+      posts = posts.filter(p =>
+        p.title.toLowerCase().includes(q) ||
+        p.slug.toLowerCase().includes(q) ||
+        p.tags.some(t => t.toLowerCase().includes(q))
+      )
+    }
+
+    return posts.sort((a, b) => {
+      if (a.draft && !b.draft) return -1
+      if (!a.draft && b.draft) return 1
+      const dateA = a.draft ? new Date(a.updated_at) : new Date(a.date)
+      const dateB = b.draft ? new Date(b.updated_at) : new Date(b.date)
+      return dateB.getTime() - dateA.getTime()
+    })
+  }, [data, filter, search])
+
+  if (!data) return <PostsPageSkeleton />
+  if (error) return <EmptyState Icon={Icons.AlertCircle} title="Failed to load posts" description={error.message} />
+
+  const totalPosts = data.length
+  const draftCount = data.filter(p => p.draft).length
+  const publishedCount = data.filter(p => !p.draft).length
+  const totalViews = analytics?.total_views || 0
+
+  if (data.length === 0) {
+    return (
+      <div className="space-y-6">
+        <PageHeader />
+        <EmptyState
+          Icon={Icons.Posts}
+          title="No posts yet"
+          description="Create your first post to get started"
+          action={<Button variant="primary" Icon={Icons.Plus} href="/studio/posts/new">New Post</Button>}
+        />
+      </div>
+    )
+  }
+
+  const tabs = [
+    { value: 'all' as FilterTab, label: `All (${totalPosts})` },
+    { value: 'published' as FilterTab, label: `Published (${publishedCount})` },
+    { value: 'drafts' as FilterTab, label: `Drafts (${draftCount})` },
+  ]
+
+  return (
+    <div>
+      <PageHeader>
+        <Button variant="primary" Icon={Icons.Plus} href="/studio/posts/new">New Post</Button>
+      </PageHeader>
+
+      {/* Panel container - full-bleed borders */}
+      <div className="-mx-6 lg:-mx-10 mt-6">
+        {/* Stats row */}
+        <div className="relative">
+          <div className="absolute top-0 bottom-0 border-l border-border" style={{ left: '33.333%' }} />
+          <div className="absolute top-0 bottom-0 border-l border-border" style={{ left: '66.666%' }} />
+
+          <div className="grid grid-cols-3">
+            <div className="py-4 pl-6 lg:pl-10 pr-6">
+              <div className="text-xs text-muted mb-0.5">Total Posts</div>
+              <div className="text-xl font-semibold tracking-tight">{totalPosts}</div>
+            </div>
+            <div className="py-4 px-6">
+              <div className="text-xs text-muted mb-0.5">Published</div>
+              <div className="text-xl font-semibold tracking-tight">{publishedCount}</div>
+            </div>
+            <div className="py-4 pr-6 lg:pr-10 pl-6">
+              <div className="text-xs text-muted mb-0.5">Total Views</div>
+              <div className="text-xl font-semibold tracking-tight">{totalViews.toLocaleString()}</div>
+            </div>
+          </div>
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* Filter and Search */}
+        <div className="px-6 lg:px-10 py-4 flex flex-col sm:flex-row sm:items-center gap-4">
+          <Tabs value={filter} onChange={setFilter} tabs={tabs} />
+          <div className="flex-1 sm:max-w-xs sm:ml-auto">
+            <Input
+              value={search}
+              onChange={setSearch}
+              placeholder="Search posts..."
+              Icon={Icons.Search}
+            />
+          </div>
+        </div>
+
+        <div className="border-t border-border" />
+
+        {/* Posts list */}
+        {filteredPosts.length === 0 ? (
+          <div className="px-6 lg:px-10 py-12">
+            <EmptyState
+              Icon={Icons.Search}
+              title="No posts found"
+              description={search ? `No posts matching "${search}"` : 'No posts in this category'}
+            />
+          </div>
+        ) : (
+          filteredPosts.map((post, i) => {
+            const views = getPostViews(post.slug)
+            const isDraft = post.draft
+            const hasWarning = !isDraft && !post.description
+
+            return (
+              <div
+                key={post.id}
+                className={`group relative flex items-center gap-4 px-6 lg:px-10 py-4 transition-colors hover:bg-surface/50 cursor-pointer ${i > 0 ? 'border-t border-border' : ''}`}
+                onClick={(e) => {
+                  if ((e.target as HTMLElement).closest('[data-action-menu]')) return
+                  window.location.href = `/studio/posts/${post.slug}/edit`
+                }}
+              >
+                <a
+                  href={`/studio/posts/${post.slug}/edit`}
+                  className="flex-1 min-w-0"
+                  onClick={(e) => e.stopPropagation()}
+                >
+                  <div className="flex items-center gap-2.5 mb-1">
+                    {isDraft && <Badge variant="draft">Draft</Badge>}
+                    <h3 className="text-sm font-medium text-text truncate group-hover:text-accent transition-colors">
+                      {post.title || 'Untitled'}
+                    </h3>
+                    {post.members_only && (
+                      <Icons.Crown className="w-3.5 h-3.5 text-amber-500 flex-shrink-0" title="Members only" />
+                    )}
+                    {hasWarning && (
+                      <span className="flex-shrink-0 text-[10px] text-warning/80 font-medium uppercase tracking-wide">
+                        No description
+                      </span>
+                    )}
+                  </div>
+                  <div className="flex items-center gap-3 text-xs text-muted">
+                    <code className="text-[11px] opacity-60">/posts/{post.slug}</code>
+                    <span className="text-border">|</span>
+                    {isDraft ? (
+                      <span className="flex items-center gap-1">
+                        <Icons.Clock className="w-3 h-3 opacity-60" />
+                        {formatRelativeTime(post.updated_at)}
+                      </span>
+                    ) : (
+                      <>
+                        <span className="font-medium">{formatDate(post.date)}</span>
+                        {views > 0 && (
+                          <>
+                            <span className="text-border">|</span>
+                            <span className="flex items-center gap-1">
+                              <Icons.Eye className="w-3 h-3 opacity-60" />
+                              {formatViews(views)}
+                            </span>
+                          </>
+                        )}
+                      </>
+                    )}
+                    {post.tags.length > 0 && (
+                      <>
+                        <span className="text-border hidden sm:inline">|</span>
+                        <span className="truncate opacity-70 hidden sm:inline">
+                          {post.tags.slice(0, 2).join(', ')}
+                          {post.tags.length > 2 && ` +${post.tags.length - 2}`}
+                        </span>
+                      </>
+                    )}
+                  </div>
+                </a>
+
+                <ActionMenu
+                  items={[
+                    {
+                      label: 'Edit',
+                      Icon: Icons.Edit,
+                      href: `/studio/posts/${post.slug}/edit`,
+                    },
+                    ...(!isDraft ? [{
+                      label: 'View',
+                      Icon: Icons.Eye,
+                      href: `/posts/${post.slug}`,
+                      external: true,
+                    }] : []),
+                    {
+                      label: 'Copy URL',
+                      Icon: Icons.Copy,
+                      onClick: () => copyUrl(post.slug),
+                    },
+                    {
+                      label: 'Delete',
+                      Icon: Icons.Trash,
+                      variant: 'danger' as const,
+                      onClick: () => setDeleteModal(post),
+                    },
+                  ]}
+                />
+              </div>
+            )
+          })
+        )}
+      </div>
+
+      <Modal
+        open={!!deleteModal}
+        onClose={() => setDeleteModal(null)}
+        title="Delete Post"
+      >
+        <p className="text-sm text-muted mb-6">
+          Are you sure you want to delete <span className="font-medium text-text">"{deleteModal?.title}"</span>? This action cannot be undone.
+        </p>
+        <div className="flex justify-end gap-3">
+          <Button variant="secondary" onClick={() => setDeleteModal(null)}>
+            Cancel
+          </Button>
+          <Button variant="danger" onClick={handleDelete} loading={deletePostMutation.loading}>
+            Delete Post
+          </Button>
+        </div>
+      </Modal>
+    </div>
+  )
+}
diff --git a/studio/src/pages/index.ts b/studio/src/pages/index.ts
new file mode 100644
index 0000000..12e8256
--- /dev/null
+++ b/studio/src/pages/index.ts
@@ -0,0 +1,10 @@
+export { default as PostsPage } from './PostsPage'
+export { default as AnalyticsPage } from './AnalyticsPage'
+export { default as GeneralPage } from './GeneralPage'
+export { default as DesignPage } from './DesignPage'
+export { default as DomainPage } from './DomainPage'
+export { default as EngagementPage } from './EngagementPage'
+export { default as MonetizationPage } from './MonetizationPage'
+export { default as APIPage } from './APIPage'
+export { default as DataPage } from './DataPage'
+export { default as BillingPage } from './BillingPage'
diff --git a/studio/src/stores/analytics.ts b/studio/src/stores/analytics.ts
new file mode 100644
index 0000000..5776ba6
--- /dev/null
+++ b/studio/src/stores/analytics.ts
@@ -0,0 +1,10 @@
+import { atom } from 'nanostores'
+import { createFetcherStore } from './fetcher'
+import type { AnalyticsSummary } from '../types'
+
+export const $days = atom(30)
+
+export const $analytics = createFetcherStore<AnalyticsSummary>([
+  '/api/studio/analytics?days=',
+  $days,
+])
diff --git a/studio/src/stores/apiKeys.ts b/studio/src/stores/apiKeys.ts
new file mode 100644
index 0000000..66295d9
--- /dev/null
+++ b/studio/src/stores/apiKeys.ts
@@ -0,0 +1,34 @@
+import { atom } from 'nanostores'
+import { createFetcherStore, createMutatorStore, invalidateKeys } from './fetcher'
+import type { APIKey } from '../types'
+
+export const $apiKeys = createFetcherStore<APIKey[]>(['/api/studio/api-keys'])
+
+export const $creating = atom(false)
+export const $newKey = atom<string | null>(null)
+
+export async function createAPIKey(name: string): Promise<APIKey> {
+  $creating.set(true)
+  try {
+    const res = await fetch('/api/studio/api-keys', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ name }),
+    })
+    if (!res.ok) throw new Error('Failed to create API key')
+    const key = await res.json()
+    $newKey.set(key.key)
+    invalidateKeys('/api/studio/api-keys')
+    return key
+  } finally {
+    $creating.set(false)
+  }
+}
+
+export const $deleteAPIKey = createMutatorStore<string>(
+  async ({ data: key, invalidate }) => {
+    const res = await fetch(`/api/studio/api-keys/${key}`, { method: 'DELETE' })
+    if (!res.ok) throw new Error('Failed to delete API key')
+    invalidate('/api/studio/api-keys')
+  }
+)
diff --git a/studio/src/stores/app.ts b/studio/src/stores/app.ts
new file mode 100644
index 0000000..b0b174a
--- /dev/null
+++ b/studio/src/stores/app.ts
@@ -0,0 +1,19 @@
+import { atom } from 'nanostores'
+
+export interface Toast {
+  id: string
+  message: string
+  type: 'success' | 'error'
+}
+
+export const $toasts = atom<Toast[]>([])
+
+export const addToast = (message: string, type: 'success' | 'error' = 'success') => {
+  const id = Math.random().toString(36).slice(2)
+  $toasts.set([...$toasts.get(), { id, message, type }])
+  setTimeout(() => removeToast(id), 4000)
+}
+
+export const removeToast = (id: string) => {
+  $toasts.set($toasts.get().filter(t => t.id !== id))
+}
diff --git a/studio/src/stores/assets.ts b/studio/src/stores/assets.ts
new file mode 100644
index 0000000..8485b8d
--- /dev/null
+++ b/studio/src/stores/assets.ts
@@ -0,0 +1,33 @@
+import { atom } from 'nanostores'
+import { createFetcherStore, createMutatorStore, invalidateKeys } from './fetcher'
+import type { Asset } from '../types'
+
+export const $assets = createFetcherStore<Asset[]>(['/api/studio/assets'])
+
+export const $uploading = atom(false)
+
+export async function uploadAsset(file: File): Promise<Asset> {
+  $uploading.set(true)
+  try {
+    const formData = new FormData()
+    formData.append('file', file)
+    const res = await fetch('/api/studio/assets', {
+      method: 'POST',
+      body: formData,
+    })
+    if (!res.ok) throw new Error('Failed to upload')
+    const asset = await res.json()
+    invalidateKeys('/api/studio/assets')
+    return asset
+  } finally {
+    $uploading.set(false)
+  }
+}
+
+export const $deleteAsset = createMutatorStore<string>(
+  async ({ data: id, invalidate }) => {
+    const res = await fetch(`/api/studio/assets/${id}`, { method: 'DELETE' })
+    if (!res.ok) throw new Error('Failed to delete asset')
+    invalidate('/api/studio/assets')
+  }
+)
diff --git a/studio/src/stores/billing.ts b/studio/src/stores/billing.ts
new file mode 100644
index 0000000..20cbc87
--- /dev/null
+++ b/studio/src/stores/billing.ts
@@ -0,0 +1,4 @@
+import { createFetcherStore } from './fetcher'
+import type { BillingInfo } from '../types'
+
+export const $billing = createFetcherStore<BillingInfo>('/api/studio/billing')
diff --git a/studio/src/stores/editor.ts b/studio/src/stores/editor.ts
new file mode 100644
index 0000000..85b53b7
--- /dev/null
+++ b/studio/src/stores/editor.ts
@@ -0,0 +1,467 @@
+import { atom, map, computed } from 'nanostores'
+import { createMutatorStore } from './fetcher'
+import type { Post } from '../types'
+
+export type EditorMode = 'edit' | 'source'
+
+export interface EditorPost {
+  id?: string
+  slug: string
+  title: string
+  description: string
+  content: string
+  date: string
+  draft: boolean
+  members_only: boolean
+  tags: string[]
+  cover_image?: string
+}
+
+export interface PostVersion {
+  id: number
+  title: string
+  created_at: string
+}
+
+export interface DraftState {
+  slug: string
+  title: string
+  description: string
+  content: string
+  tags: string[]
+  cover_image: string
+  members_only: boolean
+  modified_at: string
+}
+
+const defaultPost: EditorPost = {
+  slug: '',
+  title: '',
+  description: '',
+  content: '',
+  date: new Date().toISOString().split('T')[0],
+  draft: true,
+  members_only: false,
+  tags: [],
+  cover_image: '',
+}
+
+export const $editorMode = atom<EditorMode>('edit')
+export const $editorPost = map<EditorPost>({ ...defaultPost })
+export const $initialPost = atom<EditorPost | null>(null)
+export const $isNewPost = atom(true)
+export const $hasDraft = atom(false)
+export const $versions = atom<PostVersion[]>([])
+export const $isSaving = atom(false)
+export const $isPublishing = atom(false)
+
+export const $hasChanges = computed(
+  [$editorPost, $initialPost],
+  (current, initial) => initial !== null && JSON.stringify(current) !== JSON.stringify(initial)
+)
+
+export const $changedFields = computed(
+  [$editorPost, $initialPost],
+  (current, initial) => {
+    if (!initial) return []
+    const changes: string[] = []
+    const labels: Record<keyof EditorPost, string> = {
+      id: 'ID',
+      slug: 'Slug',
+      title: 'Title',
+      description: 'Description',
+      content: 'Content',
+      date: 'Date',
+      draft: 'Draft',
+      members_only: 'Members only',
+      tags: 'Tags',
+      cover_image: 'Cover image',
+    }
+    for (const key of Object.keys(current) as (keyof EditorPost)[]) {
+      const currentVal = JSON.stringify(current[key])
+      const initialVal = JSON.stringify(initial[key])
+      if (currentVal !== initialVal) {
+        changes.push(labels[key] || key)
+      }
+    }
+    return changes
+  }
+)
+
+export function initNewPost() {
+  const newPost = {
+    ...defaultPost,
+    date: new Date().toISOString().split('T')[0],
+  }
+  $editorPost.set(newPost)
+  $initialPost.set({ ...newPost })
+  $isNewPost.set(true)
+  $hasDraft.set(false)
+  $versions.set([])
+  $editorMode.set('edit')
+}
+
+export async function loadPost(slug: string): Promise<boolean> {
+  try {
+    const res = await fetch(`/api/studio/posts/${slug}`)
+    if (!res.ok) return false
+
+    const post: Post = await res.json()
+    const editorPost: EditorPost = {
+      id: post.id,
+      slug: post.slug,
+      title: post.title,
+      description: post.description,
+      content: post.content || '',
+      date: post.date,
+      draft: post.draft,
+      members_only: post.members_only,
+      tags: post.tags || [],
+      cover_image: '',
+    }
+
+    $editorPost.set(editorPost)
+    $initialPost.set({ ...editorPost })
+    $isNewPost.set(false)
+    $editorMode.set('edit')
+
+    if (post.id) {
+      loadDraft(post.id)
+      loadVersions(post.id)
+    }
+
+    return true
+  } catch {
+    return false
+  }
+}
+
+async function loadDraft(postId: string) {
+  try {
+    const res = await fetch(`/api/studio/posts/${postId}/draft`)
+    if (!res.ok) {
+      $hasDraft.set(false)
+      return
+    }
+    const draft = await res.json()
+    if (draft) {
+      $hasDraft.set(true)
+      $editorPost.set({
+        ...$editorPost.get(),
+        slug: draft.slug,
+        title: draft.title,
+        description: draft.description,
+        content: draft.content,
+        tags: draft.tags || [],
+        cover_image: draft.cover_image || '',
+        members_only: draft.members_only,
+      })
+      $initialPost.set({ ...$editorPost.get() })
+    } else {
+      $hasDraft.set(false)
+    }
+  } catch {
+    $hasDraft.set(false)
+  }
+}
+
+async function loadVersions(postId: string) {
+  try {
+    const res = await fetch(`/api/studio/posts/${postId}/versions`)
+    if (res.ok) {
+      const versions = await res.json()
+      $versions.set(versions || [])
+    }
+  } catch {
+    $versions.set([])
+  }
+}
+
+function slugify(text: string): string {
+  return text
+    .toLowerCase()
+    .trim()
+    .replace(/[^\w\s-]/g, '')
+    .replace(/[\s_-]+/g, '-')
+    .replace(/^-+|-+$/g, '')
+}
+
+export function updateTitle(title: string) {
+  const current = $editorPost.get()
+  const isNew = $isNewPost.get()
+  const initial = $initialPost.get()
+
+  $editorPost.setKey('title', title)
+
+  if (isNew || (initial && current.slug === slugify(initial.title))) {
+    $editorPost.setKey('slug', slugify(title))
+  }
+}
+
+export const $savePost = createMutatorStore<EditorPost>(
+  async ({ data: post, invalidate }) => {
+    const isNew = $isNewPost.get()
+    const url = isNew ? '/api/studio/posts' : `/api/studio/posts/${post.slug}`
+    const method = isNew ? 'POST' : 'PUT'
+
+    const res = await fetch(url, {
+      method,
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(post),
+    })
+
+    if (!res.ok) {
+      const err = await res.json().catch(() => ({ error: 'Unknown error' }))
+      throw new Error(err.error || 'Failed to save post')
+    }
+
+    const saved: Post = await res.json()
+
+    const editorPost: EditorPost = {
+      id: saved.id,
+      slug: saved.slug,
+      title: saved.title,
+      description: saved.description,
+      content: saved.content || post.content,
+      date: saved.date,
+      draft: saved.draft,
+      members_only: saved.members_only,
+      tags: saved.tags || [],
+      cover_image: post.cover_image,
+    }
+
+    $editorPost.set(editorPost)
+    $initialPost.set({ ...editorPost })
+    $isNewPost.set(false)
+
+    invalidate('/api/studio/posts')
+    return editorPost
+  }
+)
+
+export async function saveDraft(): Promise<boolean> {
+  const post = $editorPost.get()
+  if (!post.id) return false
+
+  $isSaving.set(true)
+  try {
+    const res = await fetch(`/api/studio/posts/${post.id}/draft`, {
+      method: 'PUT',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        slug: post.slug,
+        title: post.title,
+        description: post.description,
+        content: post.content,
+        tags: post.tags,
+        cover_image: post.cover_image,
+        members_only: post.members_only,
+      }),
+    })
+
+    if (!res.ok) {
+      throw new Error('Failed to save draft')
+    }
+
+    $hasDraft.set(true)
+    $initialPost.set({ ...post })
+    return true
+  } catch {
+    return false
+  } finally {
+    $isSaving.set(false)
+  }
+}
+
+let autoSaveTimer: ReturnType<typeof setTimeout> | null = null
+
+export function triggerAutoSave() {
+  if ($isNewPost.get()) return
+  if (!$hasChanges.get()) return
+
+  if (autoSaveTimer) clearTimeout(autoSaveTimer)
+
+  autoSaveTimer = setTimeout(async () => {
+    await saveDraft()
+  }, 2000)
+}
+
+export async function discardDraft(): Promise<boolean> {
+  const post = $editorPost.get()
+  if (!post.id) return false
+
+  try {
+    const res = await fetch(`/api/studio/posts/${post.id}/draft`, {
+      method: 'DELETE',
+    })
+
+    if (!res.ok) {
+      throw new Error('Failed to discard draft')
+    }
+
+    $hasDraft.set(false)
+    await loadPost(post.slug)
+    return true
+  } catch {
+    return false
+  }
+}
+
+export async function publishPost(): Promise<boolean> {
+  const post = $editorPost.get()
+  if (!post.id) return false
+
+  $isPublishing.set(true)
+  try {
+    if ($hasChanges.get()) {
+      await saveDraft()
+    }
+
+    const res = await fetch(`/api/studio/posts/${post.id}/publish`, {
+      method: 'POST',
+    })
+
+    if (!res.ok) {
+      throw new Error('Failed to publish')
+    }
+
+    const saved: Post = await res.json()
+    const editorPost: EditorPost = {
+      id: saved.id,
+      slug: saved.slug,
+      title: saved.title,
+      description: saved.description,
+      content: saved.content || post.content,
+      date: saved.date,
+      draft: saved.draft,
+      members_only: saved.members_only,
+      tags: saved.tags || [],
+      cover_image: post.cover_image,
+    }
+
+    $editorPost.set(editorPost)
+    $initialPost.set({ ...editorPost })
+    $hasDraft.set(false)
+
+    if (post.id) {
+      loadVersions(post.id)
+    }
+
+    return true
+  } catch {
+    return false
+  } finally {
+    $isPublishing.set(false)
+  }
+}
+
+export async function unpublishPost(): Promise<boolean> {
+  const post = $editorPost.get()
+  if (!post.id) return false
+
+  $isPublishing.set(true)
+  try {
+    const res = await fetch(`/api/studio/posts/${post.id}/unpublish`, {
+      method: 'POST',
+    })
+
+    if (!res.ok) {
+      throw new Error('Failed to unpublish')
+    }
+
+    const saved: Post = await res.json()
+    $editorPost.setKey('draft', saved.draft)
+    $initialPost.set({ ...$editorPost.get() })
+
+    return true
+  } catch {
+    return false
+  } finally {
+    $isPublishing.set(false)
+  }
+}
+
+export async function restoreVersion(versionId: number): Promise<boolean> {
+  const post = $editorPost.get()
+  if (!post.id) return false
+
+  try {
+    const res = await fetch(`/api/studio/posts/${post.id}/versions/${versionId}/restore`, {
+      method: 'POST',
+    })
+
+    if (!res.ok) {
+      throw new Error('Failed to restore version')
+    }
+
+    await loadPost(post.slug)
+    return true
+  } catch {
+    return false
+  }
+}
+
+export function getPreviewUrl(): string {
+  const post = $editorPost.get()
+  if (!post.slug) return ''
+  return `/posts/${post.slug}?preview=true`
+}
+
+const previewChannel = new BroadcastChannel('writekit-preview')
+let debounceTimer: ReturnType<typeof setTimeout> | null = null
+let pendingMarkdown: string | null = null
+
+async function sendPreview(markdown: string) {
+  const post = $editorPost.get()
+  if (!post.id) return
+
+  try {
+    const res = await fetch(`/api/studio/posts/${post.id}/render`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ markdown }),
+    })
+
+    if (!res.ok) return
+
+    const { html } = await res.json()
+
+    previewChannel.postMessage({
+      type: 'content-update',
+      slug: post.slug,
+      title: post.title,
+      description: post.description,
+      html,
+    })
+  } catch {
+    // Silently fail - preview is non-critical
+  }
+}
+
+export function broadcastPreview(markdown: string) {
+  pendingMarkdown = markdown
+
+  previewChannel.postMessage({
+    type: 'rebuilding',
+    slug: $editorPost.get().slug,
+  })
+
+  if (debounceTimer) clearTimeout(debounceTimer)
+
+  debounceTimer = setTimeout(() => {
+    if (pendingMarkdown) {
+      sendPreview(pendingMarkdown)
+      pendingMarkdown = null
+    }
+  }, 500)
+}
+
+if (typeof document !== 'undefined') {
+  document.addEventListener('visibilitychange', () => {
+    if (document.hidden && pendingMarkdown) {
+      if (debounceTimer) clearTimeout(debounceTimer)
+      sendPreview(pendingMarkdown)
+      pendingMarkdown = null
+    }
+  })
+}
diff --git a/studio/src/stores/fetcher.ts b/studio/src/stores/fetcher.ts
new file mode 100644
index 0000000..a46f2a2
--- /dev/null
+++ b/studio/src/stores/fetcher.ts
@@ -0,0 +1,24 @@
+import { nanoquery } from '@nanostores/query'
+
+export const [createFetcherStore, createMutatorStore, { invalidateKeys }] = nanoquery({
+  fetcher: async (...keys: unknown[]) => {
+    const url = keys.map(k => String(k)).join('')
+    const res = await fetch(url)
+    if (!res.ok) throw new Error(`${res.status}`)
+    return res.json()
+  },
+  dedupeTime: 60_000,
+  cacheLifetime: 300_000,
+})
+
+const blogChannel = new BroadcastChannel('writekit-studio')
+
+export function createBlogMutatorStore<T>(
+  mutator: (args: { data: T }) => Promise<T>
+) {
+  return createMutatorStore<T>(async (args) => {
+    const result = await mutator(args)
+    blogChannel.postMessage({ type: 'settings-changed' })
+    return result
+  })
+}
diff --git a/studio/src/stores/hooks.ts b/studio/src/stores/hooks.ts
new file mode 100644
index 0000000..c428dd4
--- /dev/null
+++ b/studio/src/stores/hooks.ts
@@ -0,0 +1,35 @@
+import { map } from 'nanostores'
+import { createFetcherStore } from './fetcher'
+
+export interface HookInfo {
+  name: string
+  label: string
+  description: string
+  pattern: string
+  test_data: Record<string, unknown>
+}
+
+export const $hooks = createFetcherStore<HookInfo[]>(['/api/studio/hooks'])
+
+export const $templates = map<Record<string, string>>({})
+
+export async function fetchTemplate(hook: string, language: string): Promise<string> {
+  const key = `${hook}:${language}`
+  const cached = $templates.get()[key]
+  if (cached) return cached
+
+  try {
+    const res = await fetch(`/api/studio/template?hook=${encodeURIComponent(hook)}&language=${encodeURIComponent(language)}`)
+    if (!res.ok) return ''
+    const data = await res.json()
+    const template = data.template || ''
+    $templates.setKey(key, template)
+    return template
+  } catch {
+    return ''
+  }
+}
+
+export function getTemplate(hook: string, language: string): string {
+  return $templates.get()[`${hook}:${language}`] || ''
+}
diff --git a/studio/src/stores/index.ts b/studio/src/stores/index.ts
new file mode 100644
index 0000000..6b0ed97
--- /dev/null
+++ b/studio/src/stores/index.ts
@@ -0,0 +1,9 @@
+export * from './router'
+export * from './fetcher'
+export * from './app'
+export * from './posts'
+export * from './settings'
+export * from './analytics'
+export * from './interactions'
+export * from './assets'
+export * from './apiKeys'
diff --git a/studio/src/stores/interactions.ts b/studio/src/stores/interactions.ts
new file mode 100644
index 0000000..1dc24ec
--- /dev/null
+++ b/studio/src/stores/interactions.ts
@@ -0,0 +1,74 @@
+import { atom, map, computed, onMount } from 'nanostores'
+import { createFetcherStore, createBlogMutatorStore } from './fetcher'
+import type { InteractionConfig } from '../types'
+
+const defaultConfig: InteractionConfig = {
+  comments_enabled: false,
+  reactions_enabled: false,
+  reaction_mode: 'emoji',
+  reaction_emojis: '👍,❤️,🎉,🚀',
+  upvote_icon: 'arrow',
+  reactions_require_auth: false,
+}
+
+export const $interactionsData = createFetcherStore<InteractionConfig>(['/api/studio/interaction-config'])
+
+export const $interactions = map<InteractionConfig>({ ...defaultConfig })
+export const $initialInteractions = atom<InteractionConfig | null>(null)
+
+export const $hasInteractionChanges = computed(
+  [$interactions, $initialInteractions],
+  (current, initial) => initial !== null && JSON.stringify(current) !== JSON.stringify(initial)
+)
+
+export const $changedInteractionFields = computed(
+  [$interactions, $initialInteractions],
+  (current, initial) => {
+    if (!initial) return []
+    const changes: string[] = []
+    const labels: Record<string, string> = {
+      comments_enabled: 'Comments',
+      reactions_enabled: 'Reactions',
+      reaction_mode: 'Reaction mode',
+      reaction_emojis: 'Emojis',
+      upvote_icon: 'Upvote icon',
+      reactions_require_auth: 'Auth required',
+    }
+    for (const key of Object.keys(current) as (keyof InteractionConfig)[]) {
+      if (current[key] !== initial[key]) {
+        changes.push(labels[key] || key)
+      }
+    }
+    return changes
+  }
+)
+
+onMount($interactionsData, () => {
+  $interactionsData.listen(({ data }) => {
+    if (data) {
+      const merged = { ...defaultConfig, ...data }
+      $interactions.set(merged)
+      $initialInteractions.set(merged)
+    }
+  })
+})
+
+export const $saveInteractions = createBlogMutatorStore<InteractionConfig>(
+  async ({ data: config }) => {
+    const previous = $initialInteractions.get()
+    $initialInteractions.set({ ...config })
+
+    const res = await fetch('/api/studio/interaction-config', {
+      method: 'PUT',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(config),
+    })
+
+    if (!res.ok) {
+      $initialInteractions.set(previous)
+      throw new Error('Failed to save interactions')
+    }
+
+    return config
+  }
+)
diff --git a/studio/src/stores/plugins.ts b/studio/src/stores/plugins.ts
new file mode 100644
index 0000000..f6c3c3e
--- /dev/null
+++ b/studio/src/stores/plugins.ts
@@ -0,0 +1,102 @@
+import { atom, map } from 'nanostores'
+import { createFetcherStore, createMutatorStore } from './fetcher'
+
+export interface Plugin {
+  id: string
+  name: string
+  language: 'typescript' | 'go'
+  source: string
+  hooks: string[]
+  enabled: boolean
+  wasm?: string
+  wasm_size?: number
+  created_at: string
+  updated_at: string
+}
+
+export interface CompileResult {
+  success: boolean
+  wasm?: string
+  size?: number
+  errors?: string[]
+  time_ms?: number
+}
+
+export const $plugins = createFetcherStore<Plugin[]>(['/api/studio/plugins'])
+
+export const $currentPlugin = map<Partial<Plugin>>({
+  name: '',
+  language: 'typescript',
+  source: '',
+  hooks: [],
+  enabled: true,
+})
+
+export const $compileResult = atom<CompileResult | null>(null)
+export const $isCompiling = atom(false)
+
+export const $savePlugin = createMutatorStore(async ({ data, invalidate }: { data: Plugin; invalidate: (key: string) => void }) => {
+  const res = await fetch('/api/studio/plugins', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(data),
+  })
+  if (!res.ok) throw new Error('Failed to save plugin')
+  invalidate('/api/studio/plugins')
+  return res.json()
+})
+
+export const $deletePlugin = createMutatorStore(async ({ data: id, invalidate }: { data: string; invalidate: (key: string) => void }) => {
+  const res = await fetch(`/api/studio/plugins/${id}`, { method: 'DELETE' })
+  if (!res.ok) throw new Error('Failed to delete plugin')
+  invalidate('/api/studio/plugins')
+})
+
+export const $togglePlugin = createMutatorStore(async ({ data, invalidate }: { data: { id: string; enabled: boolean }; invalidate: (key: string) => void }) => {
+  const res = await fetch(`/api/studio/plugins/${data.id}/toggle`, {
+    method: 'PUT',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ enabled: data.enabled }),
+  })
+  if (!res.ok) throw new Error('Failed to toggle plugin')
+  invalidate('/api/studio/plugins')
+})
+
+export async function compilePlugin(language: string, source: string): Promise<CompileResult> {
+  $isCompiling.set(true)
+  $compileResult.set(null)
+
+  try {
+    const res = await fetch('/api/studio/plugins/compile', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ language, source }),
+    })
+    const result = await res.json()
+    $compileResult.set(result)
+    return result
+  } finally {
+    $isCompiling.set(false)
+  }
+}
+
+export async function testPlugin(pluginId: string, hook: string, testData: object): Promise<any> {
+  const res = await fetch(`/api/studio/plugins/${pluginId}/test`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ hook, data: testData }),
+  })
+  return res.json()
+}
+
+export const AVAILABLE_HOOKS = [
+  { value: 'post.published', label: 'Post Published', description: 'Triggered when a post is published' },
+  { value: 'post.updated', label: 'Post Updated', description: 'Triggered when a published post is updated' },
+  { value: 'comment.created', label: 'Comment Created', description: 'Triggered when a new comment is posted' },
+  { value: 'subscriber.created', label: 'Subscriber Created', description: 'Triggered when someone subscribes' },
+]
+
+export const LANGUAGES = [
+  { value: 'typescript', label: 'TypeScript', extension: '.ts' },
+  { value: 'go', label: 'Go', extension: '.go' },
+]
diff --git a/studio/src/stores/posts.ts b/studio/src/stores/posts.ts
new file mode 100644
index 0000000..77bbaaf
--- /dev/null
+++ b/studio/src/stores/posts.ts
@@ -0,0 +1,41 @@
+import { atom, computed } from 'nanostores'
+import { createFetcherStore, createMutatorStore } from './fetcher'
+import type { Post } from '../types'
+
+export const $posts = createFetcherStore<Post[]>(['/api/studio/posts'])
+
+export const $search = atom('')
+export const $filterStatus = atom<'all' | 'published' | 'draft'>('all')
+
+export const $filteredPosts = computed(
+  [$posts, $search, $filterStatus],
+  (postsStore, search, status) => {
+    const posts = postsStore.data ?? []
+    return posts.filter(p => {
+      const searchLower = search.toLowerCase()
+      if (search && !p.title.toLowerCase().includes(searchLower) && !p.slug.toLowerCase().includes(searchLower)) {
+        return false
+      }
+      if (status === 'published' && p.draft) return false
+      if (status === 'draft' && !p.draft) return false
+      return true
+    })
+  }
+)
+
+export const $postCounts = computed([$posts], (postsStore) => {
+  const posts = postsStore.data ?? []
+  return {
+    all: posts.length,
+    published: posts.filter(p => !p.draft).length,
+    draft: posts.filter(p => p.draft).length,
+  }
+})
+
+export const $deletePost = createMutatorStore<string>(
+  async ({ data: slug, invalidate }) => {
+    const res = await fetch(`/api/studio/posts/${slug}`, { method: 'DELETE' })
+    if (!res.ok) throw new Error('Failed to delete post')
+    invalidate('/api/studio/posts')
+  }
+)
diff --git a/studio/src/stores/router.ts b/studio/src/stores/router.ts
new file mode 100644
index 0000000..6ac9b90
--- /dev/null
+++ b/studio/src/stores/router.ts
@@ -0,0 +1,18 @@
+import { createRouter } from '@nanostores/router'
+
+export const $router = createRouter({
+  postNew: '/studio/posts/new',
+  postEdit: '/studio/posts/:slug/edit',
+  posts: '/studio/posts',
+  analytics: '/studio/analytics',
+  general: '/studio/general',
+  design: '/studio/design',
+  domain: '/studio/domain',
+  engagement: '/studio/engagement',
+  monetization: '/studio/monetization',
+  plugins: '/studio/plugins',
+  api: '/studio/api',
+  data: '/studio/data',
+  billing: '/studio/billing',
+  home: '/studio',
+})
diff --git a/studio/src/stores/secrets.ts b/studio/src/stores/secrets.ts
new file mode 100644
index 0000000..00192cb
--- /dev/null
+++ b/studio/src/stores/secrets.ts
@@ -0,0 +1,36 @@
+import { atom } from 'nanostores'
+import { createFetcherStore, createMutatorStore } from './fetcher'
+
+export interface Secret {
+  key: string
+  created_at: string
+  updated_at: string
+}
+
+export const $secrets = createFetcherStore<Secret[]>(['/api/studio/secrets'])
+
+export const $createSecret = createMutatorStore(async ({ data, invalidate }: { data: { key: string; value: string }; invalidate: (key: string) => void }) => {
+  const res = await fetch('/api/studio/secrets', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(data),
+  })
+  if (!res.ok) throw new Error('Failed to create secret')
+  invalidate('/api/studio/secrets')
+})
+
+export const $deleteSecret = createMutatorStore(async ({ data: key, invalidate }: { data: string; invalidate: (key: string) => void }) => {
+  const res = await fetch(`/api/studio/secrets/${encodeURIComponent(key)}`, {
+    method: 'DELETE',
+  })
+  if (!res.ok) throw new Error('Failed to delete secret')
+  invalidate('/api/studio/secrets')
+})
+
+export const $secretKeys = atom<string[]>([])
+
+$secrets.subscribe(state => {
+  if (state.data) {
+    $secretKeys.set(state.data.map(s => s.key))
+  }
+})
diff --git a/studio/src/stores/settings.ts b/studio/src/stores/settings.ts
new file mode 100644
index 0000000..1ca23ae
--- /dev/null
+++ b/studio/src/stores/settings.ts
@@ -0,0 +1,93 @@
+import { atom, map, computed, onMount } from 'nanostores'
+import { createFetcherStore, createBlogMutatorStore } from './fetcher'
+import type { Settings } from '../types'
+
+const defaultSettings: Settings = {
+  site_name: '',
+  site_description: '',
+  author_name: '',
+  author_role: '',
+  author_bio: '',
+  author_photo: '',
+  twitter_handle: '',
+  github_handle: '',
+  linkedin_handle: '',
+  email: '',
+  show_powered_by: 'true',
+  accent_color: '#10b981',
+  code_theme: 'github',
+  font: 'system',
+  layout: 'default',
+  compactness: 'cozy',
+  custom_css: '',
+}
+
+export const $settingsData = createFetcherStore<Settings>(['/api/studio/settings'])
+
+export const $settings = map<Settings>({ ...defaultSettings })
+export const $initialSettings = atom<Settings | null>(null)
+
+export const $hasChanges = computed(
+  [$settings, $initialSettings],
+  (current, initial) => initial !== null && JSON.stringify(current) !== JSON.stringify(initial)
+)
+
+export const $changedFields = computed(
+  [$settings, $initialSettings],
+  (current, initial) => {
+    if (!initial) return []
+    const changes: string[] = []
+    const labels: Record<string, string> = {
+      site_name: 'Site name',
+      site_description: 'Description',
+      accent_color: 'Accent color',
+      font: 'Font',
+      code_theme: 'Code theme',
+      layout: 'Layout',
+      compactness: 'Density',
+      author_name: 'Author name',
+      author_bio: 'Bio',
+      custom_css: 'Custom CSS',
+    }
+    for (const key of Object.keys(current) as (keyof Settings)[]) {
+      if (current[key] !== initial[key]) {
+        changes.push(labels[key] || key)
+      }
+    }
+    return changes
+  }
+)
+
+onMount($settingsData, () => {
+  $settingsData.listen(({ data }) => {
+    if (data) {
+      const merged = { ...defaultSettings, ...data }
+      $settings.set(merged)
+      $initialSettings.set(merged)
+    }
+  })
+})
+
+export const $saveSettings = createBlogMutatorStore<Settings>(
+  async ({ data: settings }) => {
+    const previous = $initialSettings.get()
+    $initialSettings.set({ ...settings })
+
+    if (settings.accent_color) {
+      document.documentElement.style.setProperty('--accent', settings.accent_color)
+    }
+
+    const res = await fetch('/api/studio/settings', {
+      method: 'PUT',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(settings),
+    })
+
+    if (!res.ok) {
+      $initialSettings.set(previous)
+      throw new Error('Failed to save settings')
+    }
+
+    return settings
+  }
+)
diff --git a/studio/src/stores/webhooks.ts b/studio/src/stores/webhooks.ts
new file mode 100644
index 0000000..e4e756f
--- /dev/null
+++ b/studio/src/stores/webhooks.ts
@@ -0,0 +1,69 @@
+import { atom } from 'nanostores'
+import { createFetcherStore, createMutatorStore, invalidateKeys } from './fetcher'
+import type { Webhook, WebhookDelivery } from '../types'
+
+export const $webhooks = createFetcherStore<Webhook[]>(['/api/studio/webhooks'])
+
+export const $creating = atom(false)
+
+export async function createWebhook(data: {
+  name: string
+  url: string
+  events: string[]
+  secret?: string
+}): Promise<Webhook> {
+  $creating.set(true)
+  try {
+    const res = await fetch('/api/studio/webhooks', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(data),
+    })
+    if (!res.ok) throw new Error('Failed to create webhook')
+    const webhook = await res.json()
+    invalidateKeys('/api/studio/webhooks')
+    return webhook
+  } finally {
+    $creating.set(false)
+  }
+}
+
+export async function updateWebhook(
+  id: string,
+  data: {
+    name: string
+    url: string
+    events: string[]
+    secret?: string
+    enabled: boolean
+  }
+): Promise<Webhook> {
+  const res = await fetch(`/api/studio/webhooks/${id}`, {
+    method: 'PUT',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(data),
+  })
+  if (!res.ok) throw new Error('Failed to update webhook')
+  const webhook = await res.json()
+  invalidateKeys('/api/studio/webhooks')
+  return webhook
+}
+
+export const $deleteWebhook = createMutatorStore<string>(
+  async ({ data: id, invalidate }) => {
+    const res = await fetch(`/api/studio/webhooks/${id}`, { method: 'DELETE' })
+    if (!res.ok) throw new Error('Failed to delete webhook')
+    invalidate('/api/studio/webhooks')
+  }
+)
+
+export async function testWebhook(id: string): Promise<void> {
+  const res = await fetch(`/api/studio/webhooks/${id}/test`, { method: 'POST' })
+  if (!res.ok) throw new Error('Failed to test webhook')
+}
+
+export async function fetchWebhookDeliveries(id: string): Promise<WebhookDelivery[]> {
+  const res = await fetch(`/api/studio/webhooks/${id}/deliveries`)
+  if (!res.ok) throw new Error('Failed to fetch deliveries')
+  return res.json()
+}
diff --git a/studio/src/types.ts b/studio/src/types.ts
new file mode 100644
index 0000000..ebe6b72
--- /dev/null
+++ b/studio/src/types.ts
@@ -0,0 +1,128 @@
+export interface Post {
+  id: string
+  slug: string
+  title: string
+  description: string
+  cover_image?: string
+  content?: string
+  date: string
+  draft: boolean
+  members_only: boolean
+  tags: string[]
+  created_at: string
+  updated_at: string
+}
+
+export interface Settings {
+  site_name?: string
+  site_description?: string
+  author_name?: string
+  author_role?: string
+  author_bio?: string
+  author_photo?: string
+  twitter_handle?: string
+  github_handle?: string
+  linkedin_handle?: string
+  email?: string
+  show_powered_by?: string
+  accent_color?: string
+  code_theme?: string
+  font?: string
+  layout?: string
+  compactness?: 'compact' | 'cozy' | 'spacious'
+  custom_css?: string
+}
+
+export interface InteractionConfig {
+  comments_enabled: boolean
+  reactions_enabled: boolean
+  reaction_mode: string
+  reaction_emojis: string
+  upvote_icon: string
+  reactions_require_auth: boolean
+}
+
+export interface Asset {
+  id: string
+  filename: string
+  url: string
+  content_type: string
+  size: number
+  created_at: string
+}
+
+export interface APIKey {
+  key: string
+  name: string
+  created_at: string
+  last_used_at: string | null
+}
+
+export interface AnalyticsSummary {
+  total_views: number
+  total_page_views: number
+  unique_visitors: number
+  total_bandwidth: number
+  views_change: number
+  top_pages: { path: string; views: number }[]
+  top_referrers: { referrer: string; views: number }[]
+  views_by_day: { date: string; views: number; visitors: number }[]
+  browsers: { name: string; count: number }[]
+  os: { name: string; count: number }[]
+  devices: { name: string; count: number }[]
+  countries: { name: string; count: number }[]
+}
+
+export type WebhookEvent = 'post.published' | 'post.updated' | 'post.deleted'
+
+export interface Webhook {
+  id: string
+  name: string
+  url: string
+  events: WebhookEvent[]
+  secret?: string
+  enabled: boolean
+  created_at: string
+  last_triggered_at: string | null
+  last_status: 'success' | 'failed' | null
+}
+
+export interface WebhookDelivery {
+  id: number
+  webhook_id: string
+  event: string
+  payload: string
+  status: 'success' | 'failed'
+  response_code: number | null
+  response_body: string | null
+  attempts: number
+  created_at: string
+}
+
+export type Tier = 'free' | 'pro'
+
+export interface TierConfig {
+  name: string
+  description: string
+  monthly_price: number
+  annual_price: number
+  custom_domain: boolean
+  badge_required: boolean
+  analytics_retention: number
+  api_rate_limit: number
+  max_webhooks: number
+  webhook_deliveries: number
+  max_plugins: number
+  plugin_executions: number
+}
+
+export interface Usage {
+  webhooks: number
+  plugins: number
+}
+
+export interface BillingInfo {
+  current_tier: Tier
+  tiers: Record<Tier, TierConfig>
+  usage: Usage
+}
diff --git a/studio/tsconfig.json b/studio/tsconfig.json
new file mode 100644
index 0000000..109f0ac
--- /dev/null
+++ b/studio/tsconfig.json
@@ -0,0 +1,20 @@
+{
+  "compilerOptions": {
+    "target": "ES2020",
+    "useDefineForClassFields": true,
+    "lib": ["ES2020", "DOM", "DOM.Iterable"],
+    "module": "ESNext",
+    "skipLibCheck": true,
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "isolatedModules": true,
+    "moduleDetection": "force",
+    "noEmit": true,
+    "jsx": "react-jsx",
+    "strict": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "noFallthroughCasesInSwitch": true
+  },
+  "include": ["src"]
+}
diff --git a/studio/uno.config.ts b/studio/uno.config.ts
new file mode 100644
index 0000000..bb2fa30
--- /dev/null
+++ b/studio/uno.config.ts
@@ -0,0 +1,259 @@
+import { defineConfig, presetWind4, presetIcons, presetTypography } from 'unocss'
+
+export default defineConfig({
+  presets: [
+    presetWind4(),
+    presetTypography({
+      cssExtend: {
+        ':not(pre) > code': {
+          'font-family': '"SF Mono", "Fira Code", Consolas, monospace',
+          'font-size': '0.875em',
+          'background': '#fafafa',
+          'padding': '0.175rem 0.375rem',
+          'border-radius': '0.25rem',
+        },
+        'p': {
+          'margin': '1.25rem 0',
+          'line-height': '1.7',
+        },
+        'h1': {
+          'margin-top': '0',
+          'margin-bottom': '1.25rem',
+          'font-size': '2rem',
+          'font-weight': '700',
+          'letter-spacing': '-0.025em',
+          'line-height': '1.2',
+        },
+        'h2': {
+          'margin-top': '2.5rem',
+          'margin-bottom': '1.25rem',
+          'font-size': '1.5rem',
+          'font-weight': '650',
+          'letter-spacing': '-0.02em',
+          'line-height': '1.3',
+        },
+        'h3': {
+          'margin-top': '2rem',
+          'margin-bottom': '1rem',
+          'font-size': '1.25rem',
+          'font-weight': '600',
+          'letter-spacing': '-0.015em',
+          'line-height': '1.35',
+        },
+        'h4': {
+          'margin-top': '1.625rem',
+          'margin-bottom': '0.8rem',
+          'font-size': '1.0625rem',
+          'font-weight': '600',
+          'letter-spacing': '-0.01em',
+        },
+        'ul': {
+          'list-style-type': 'disc',
+          'margin': '1.25rem 0',
+          'padding-left': '1.375rem',
+        },
+        'ol': {
+          'list-style-type': 'decimal',
+          'margin': '1.25rem 0',
+          'padding-left': '1.375rem',
+        },
+        'li': {
+          'margin': '0.5rem 0',
+          'padding-left': '0.25rem',
+        },
+        'li::marker': {
+          'color': '#71717a',
+        },
+        'a': {
+          'color': '#2563eb',
+          'text-decoration': 'underline',
+          'text-underline-offset': '2px',
+          'text-decoration-color': 'rgba(37, 99, 235, 0.4)',
+        },
+        'a:hover': {
+          'text-decoration-color': '#2563eb',
+        },
+        'pre': {
+          'margin': '1.75rem 0',
+          'padding': '1.125rem 1.25rem',
+          'background': '#fafafa',
+          'border': '1px solid #e4e4e7',
+          'border-radius': '0.375rem',
+          'overflow-x': 'auto',
+          'font-family': '"SF Mono", "Fira Code", Consolas, monospace',
+          'font-size': '0.875rem',
+          'line-height': '1.6',
+        },
+        'pre code': {
+          'background': 'transparent',
+          'padding': '0',
+          'font-size': 'inherit',
+        },
+        'blockquote': {
+          'margin': '1.75rem 0',
+          'padding': '0 0 0 1.25rem',
+          'border-left': '2px solid #e4e4e7',
+          'color': '#71717a',
+          'font-style': 'normal',
+        },
+        'blockquote p': {
+          'margin': '0',
+        },
+        'hr': {
+          'border': 'none',
+          'border-top': '1px solid #e4e4e7',
+          'margin': '2.5rem 0',
+        },
+        'img': {
+          'max-width': '100%',
+          'height': 'auto',
+          'border-radius': '0.375rem',
+          'margin': '1.75rem 0',
+        },
+        'table': {
+          'width': '100%',
+          'margin': '1.75rem 0',
+          'border-collapse': 'collapse',
+          'font-size': '0.9375rem',
+        },
+        'th': {
+          'padding': '0.625rem 0.75rem',
+          'border': '1px solid #e4e4e7',
+          'text-align': 'left',
+          'background': '#fafafa',
+          'font-weight': '600',
+        },
+        'td': {
+          'padding': '0.625rem 0.75rem',
+          'border': '1px solid #e4e4e7',
+          'text-align': 'left',
+        },
+        'strong': {
+          'font-weight': '600',
+        },
+      },
+    }),
+    presetIcons({
+      scale: 1.2,
+      cdn: 'https://esm.sh/',
+      extraProperties: {
+        'display': 'inline-block',
+        'vertical-align': 'middle',
+      },
+    }),
+  ],
+  rules: [
+    ['animate-shimmer', { animation: 'shimmer 1.5s ease-in-out infinite' }],
+  ],
+  preflights: [
+    {
+      getCSS: () => `
+        @keyframes shimmer {
+          0% { opacity: 1; }
+          50% { opacity: 0.5; }
+          100% { opacity: 1; }
+        }
+        @keyframes fade-in {
+          from { opacity: 0; transform: translateY(4px); }
+          to { opacity: 1; transform: translateY(0); }
+        }
+
+        /* ProseMirror editor placeholder */
+        .ProseMirror p.is-editor-empty:first-child::before {
+          color: #a3a3a3;
+          content: attr(data-placeholder);
+          float: left;
+          height: 0;
+          pointer-events: none;
+        }
+
+        /* Task list styling */
+        .prose ul[data-type="taskList"] {
+          list-style: none;
+          padding-left: 0;
+        }
+
+        .prose ul[data-type="taskList"] li {
+          display: flex;
+          align-items: baseline;
+          gap: 0.5rem;
+        }
+
+        .prose ul[data-type="taskList"] li > label {
+          flex-shrink: 0;
+          user-select: none;
+          display: flex;
+          align-items: center;
+          height: 1.5em;
+        }
+
+        .prose ul[data-type="taskList"] li > label input[type="checkbox"] {
+          cursor: pointer;
+          accent-color: #10b981;
+          width: 1em;
+          height: 1em;
+          margin: 0;
+        }
+
+        .prose ul[data-type="taskList"] li > div {
+          flex: 1;
+        }
+
+        /* Code block syntax highlighting */
+        .prose pre .hljs {
+          background: transparent;
+        }
+      `,
+    },
+  ],
+  theme: {
+    colors: {
+      bg: '#fafafa',
+      surface: '#ffffff',
+      text: '#0a0a0a',
+      muted: '#737373',
+      border: '#e5e5e5',
+      accent: '#10b981',
+      success: '#10b981',
+      warning: '#f59e0b',
+      danger: '#ef4444',
+    },
+    fontFamily: {
+      sans: 'system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif',
+      mono: '"SF Mono", "JetBrains Mono", "Fira Code", Consolas, monospace',
+    },
+  },
+  shortcuts: {
+    // Buttons - dark bg with light text for primary
+    'btn': 'inline-flex items-center justify-center gap-2 px-4 py-2 text-xs font-medium border border-border transition-all duration-150 cursor-pointer disabled:opacity-50 disabled:cursor-not-allowed',
+    'btn-primary': 'btn bg-text text-bg border-text hover:bg-[#1a1a1a]',
+    'btn-secondary': 'btn bg-bg text-text hover:border-muted',
+    'btn-danger': 'btn text-danger border-danger hover:bg-danger hover:text-white hover:border-danger',
+    'btn-ghost': 'btn border-transparent hover:bg-border',
+
+    // Inputs - clean borders, minimal styling
+    'input': 'w-full px-3 py-2 text-sm bg-bg border border-border font-sans focus:outline-none focus:border-muted transition-colors placeholder:text-muted/60',
+    'textarea': 'input resize-none',
+
+    // Labels - small, muted
+    'label': 'block text-xs text-muted font-medium mb-1',
+
+    // Cards - minimal borders, no shadows
+    'card': 'bg-surface border border-border p-6',
+    'section': 'card',
+
+    // Navigation - matching old dashboard
+    'nav-item': 'relative flex items-center gap-2.5 px-2.5 py-2 text-[13px] font-[450] text-muted transition-all duration-150 hover:text-text hover:bg-black/4',
+    'nav-item-active': 'relative flex items-center gap-2.5 px-2.5 py-2 text-[13px] font-[450] text-text bg-black/4 before:content-[""] before:absolute before:left-0 before:top-1/2 before:-translate-y-1/2 before:w-[3px] before:h-4 before:bg-accent before:rounded-r-sm',
+    'nav-section': 'text-[10px] uppercase tracking-[0.06em] text-muted font-semibold px-2.5 pt-3 pb-1.5',
+
+    // Badges
+    'badge': 'inline-flex items-center text-xs px-2 py-0.5 border',
+    'badge-draft': 'badge text-warning border-warning/40 bg-warning/10',
+    'badge-published': 'badge text-success border-success/40 bg-success/10',
+
+    // Page structure
+    'page-header': 'flex items-center justify-between mb-6',
+    'page-title': 'text-base font-medium text-text',
+  },
+})
diff --git a/studio/vite.config.ts b/studio/vite.config.ts
new file mode 100644
index 0000000..8c43260
--- /dev/null
+++ b/studio/vite.config.ts
@@ -0,0 +1,47 @@
+import { defineConfig } from 'vite'
+import react from '@vitejs/plugin-react'
+import UnoCSS from 'unocss/vite'
+
+export default defineConfig(({ command }) => ({
+  plugins: [UnoCSS(), react()],
+  base: '/studio',
+  build: {
+    outDir: 'dist',
+  },
+  optimizeDeps: {
+    include: [
+      // Pre-bundle heavy Tiptap dependencies
+      '@tiptap/react',
+      '@tiptap/starter-kit',
+      '@tiptap/extension-link',
+      '@tiptap/extension-image',
+      '@tiptap/extension-placeholder',
+      '@tiptap/extension-table',
+      '@tiptap/extension-task-list',
+      '@tiptap/extension-task-item',
+      '@tiptap/extension-code-block-lowlight',
+      '@tiptap/markdown',
+      'lowlight',
+      // Monaco editor
+      '@monaco-editor/react',
+    ],
+  },
+  ...(command === 'serve' && {
+    server: {
+      host: true,
+      strictPort: true,
+      allowedHosts: true,
+      hmr: {
+        clientPort: 80,
+        path: '/studio',
+      },
+      warmup: {
+        clientFiles: [
+          './src/components/editor/PostEditor.tsx',
+          './src/components/editor/SourceEditor.tsx',
+          './src/pages/PostEditorPage.tsx',
+        ],
+      },
+    },
+  }),
+}))