docs.html

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Termpolis Documentation — Secure AI-Assisted Development</title>
  <meta
    name="description"
    content="Complete guide to Termpolis: AI Security Center (pre-paste secret scanner, Gemini paid-tier enforcement, audit log), copy-for-Slack/Teams output, multi-agent swarm orchestration, MCP server, shared memory, and live observability."
  >
  <meta name="author" content="Termpolis">
  <link rel="canonical" href="https://termpolis.com/docs.html">
  <link rel="icon" type="image/svg+xml" href="logo-termpolis-titlebar.svg">
  <link rel="shortcut icon" href="logo-termpolis-titlebar.svg">

  <!-- Open Graph -->
  <meta property="og:type" content="article">
  <meta property="og:site_name" content="Termpolis">
  <meta property="og:url" content="https://termpolis.com/docs.html">
  <meta property="og:title" content="Termpolis Documentation — Secure AI-Assisted Development">
  <meta property="og:description" content="Every feature, panel, and keyboard shortcut in Termpolis — the terminal where Claude, Codex, Gemini, and Qwen work as a team.">
  <meta property="og:image" content="https://termpolis.com/assets/screenshot-welcome.png">
  <meta property="og:image:width" content="1368">
  <meta property="og:image:height" content="908">
  <meta property="og:image:alt" content="Termpolis welcome screen with AI agents, workspaces, and swarm controls.">
  <meta property="og:locale" content="en_US">

  <!-- Twitter / X -->
  <meta name="twitter:card" content="summary_large_image">
  <meta name="twitter:title" content="Termpolis Documentation — Multi-Agent AI Terminal Guide">
  <meta name="twitter:description" content="Every feature, panel, and shortcut in the AI terminal where Claude, Codex, Gemini, and Qwen work as a team.">
  <meta name="twitter:image" content="https://termpolis.com/assets/screenshot-welcome.png">

  <link rel="stylesheet" href="styles.css">
  <link rel="stylesheet" href="docs.css">

  <!-- Cloudflare Web Analytics -->
  <script defer src='https://static.cloudflareinsights.com/beacon.min.js' data-cf-beacon='{"token": "69e1842746294b5bbb72378c748cb522"}'></script>
  <!-- End Cloudflare Web Analytics -->
</head>
<body class="docs-body">
  <div class="docs-shell">
    <header class="docs-header">
      <a class="brand" href="index.html" aria-label="Termpolis home">
        <img class="brand-logo" src="logo-termpolis.svg" alt="Termpolis logo">
        <span class="brand-text">Termpolis</span>
      </a>
      <nav class="site-nav" aria-label="Primary">
        <a href="index.html#security">Security</a>
        <a href="index.html#swarm">Smart Swarm</a>
        <a href="index.html#observability">Observability</a>
        <a href="index.html#share">Share to Slack/Teams</a>
        <a href="index.html#features">Features</a>
        <a href="index.html#downloads">Downloads</a>
        <a href="docs.html" aria-current="page" class="active">Docs</a>
      </nav>
      <div class="docs-search">
        <input
          id="docs-search-input"
          type="search"
          placeholder="Search docs…"
          aria-label="Search documentation"
          autocomplete="off"
        >
      </div>
    </header>

    <div class="docs-layout">
      <aside class="docs-sidebar" aria-label="Documentation sections">
        <div class="docs-sidebar-inner">
          <p class="docs-sidebar-eyebrow">Get started</p>
          <ul class="docs-toc">
            <li><a href="#overview" class="docs-toc-link">Overview</a></li>
            <li><a href="#install">Installation</a></li>
            <li><a href="#install-windows-defender" class="docs-toc-sub">↳ Windows Defender FP recovery</a></li>
            <li><a href="#api-keys">Before you begin · API keys</a></li>
            <li><a href="#first-launch">First launch (5 steps)</a></li>
            <li><a href="#first-agent">Launch your first AI agent</a></li>
            <li><a href="#swarm-vs-single">Swarm vs. single agent</a></li>
          </ul>

          <p class="docs-sidebar-eyebrow">🛡 Security</p>
          <ul class="docs-toc">
            <li><a href="#security-center">AI Security Center</a></li>
            <li><a href="#security-secret-scanner">Pre-paste secret scanner</a></li>
            <li><a href="#security-sensitive-file">Sensitive-file-read alert</a></li>
            <li><a href="#security-codechunk">Code-chunk + env-dump heuristics</a></li>
            <li><a href="#security-egress">Per-agent egress audit</a></li>
            <li><a href="#security-tos-drift">ToS drift watcher</a></li>
            <li><a href="#security-gemini">Gemini account-mode + Strict Mode</a></li>
            <li><a href="#security-audit">Audit log</a></li>
            <li><a href="#security-disclaimer">Legal disclaimer</a></li>
          </ul>

          <p class="docs-sidebar-eyebrow">Share output</p>
          <ul class="docs-toc">
            <li><a href="#copy-share">Copy for Slack / Teams / PRs</a></li>
          </ul>

          <p class="docs-sidebar-eyebrow">Core terminal</p>
          <ul class="docs-toc">
            <li><a href="#sidebar">Sidebar</a></li>
            <li><a href="#workspaces">Workspaces</a></li>
            <li><a href="#terminals">Terminals</a></li>
            <li><a href="#views">Tabs, splits &amp; grid</a></li>
            <li><a href="#settings">Settings</a></li>
            <li><a href="#themes">Themes</a></li>
            <li><a href="#keybindings">Keybindings</a></li>
          </ul>

          <p class="docs-sidebar-eyebrow">Productivity</p>
          <ul class="docs-toc">
            <li><a href="#command-palette">Command palette</a></li>
            <li><a href="#prompt-templates">Prompt templates</a></li>
            <li><a href="#workflows">Workflow templates</a></li>
            <li><a href="#context">Context panel</a></li>
            <li><a href="#context-handoff">Cross-AI context handoff</a></li>
            <li><a href="#history">History search</a></li>
            <li><a href="#conversation">Conversation search</a></li>
            <li><a href="#git">Git panel</a></li>
          </ul>

          <p class="docs-sidebar-eyebrow">AI &amp; swarm</p>
          <ul class="docs-toc">
            <li><a href="#agents">AI agent profiles</a></li>
            <li><a href="#capabilities">Capability ratings</a></li>
            <li><a href="#mcp">MCP server</a></li>
            <li><a href="#swarm">Swarm dashboard</a></li>
            <li><a href="#conductor">AI conductor</a></li>
            <li><a href="#activity">Activity feed</a></li>
            <li><a href="#intervention">Intervention controls</a></li>
            <li><a href="#review">Swarm review</a></li>
            <li><a href="#memory">Shared memory</a></li>
            <li><a href="#observability-docs">Observability</a></li>
          </ul>

          <p class="docs-sidebar-eyebrow">Reference</p>
          <ul class="docs-toc">
            <li><a href="#status-bar">Status bar</a></li>
            <li><a href="#shortcuts">Keyboard shortcuts</a></li>
            <li><a href="#architecture">Architecture</a></li>
            <li><a href="#troubleshooting">Troubleshooting</a></li>
          </ul>

          <p class="docs-sidebar-eyebrow">Help us improve</p>
          <ul class="docs-toc docs-toc-external">
            <li>
              <a
                class="docs-sidebar-bug"
                href="https://github.com/codedev-david/termpolis/issues/new?template=bug_report.md"
                target="_blank"
                rel="noreferrer"
              >🐛 Report a bug</a>
            </li>
            <li>
              <a
                href="https://github.com/codedev-david/termpolis/issues/new?template=feature_request.md"
                target="_blank"
                rel="noreferrer"
              >✨ Request a feature</a>
            </li>
            <li>
              <a
                href="https://github.com/codedev-david/termpolis/issues"
                target="_blank"
                rel="noreferrer"
              >💬 Browse all issues ↗</a>
            </li>
          </ul>
        </div>
      </aside>

      <main class="docs-content" id="docs-content">
        <article>
          <header class="docs-hero">
            <p class="eyebrow">Documentation</p>
            <h1>Termpolis Docs</h1>
            <p class="docs-lead">
              The definitive guide to Termpolis — <strong>Secure AI-Assisted Development</strong>.
              The local-first multi-agent terminal where Claude, Codex, Gemini, and Qwen work as a
              team without your source code leaving the machine. Built-in
              <a href="#security-center">AI Security Center</a>, swarm orchestration, MCP server,
              and a one-shortcut path from terminal to Slack, Teams, or a PR.
              Every feature, every panel, every shortcut.
            </p>
            <p class="docs-hero-actions">
              <a
                class="docs-bug-btn"
                href="https://github.com/codedev-david/termpolis/issues/new?template=bug_report.md"
                target="_blank"
                rel="noreferrer"
              >🐛 Submit a bug report</a>
              <a
                class="docs-feature-btn"
                href="https://github.com/codedev-david/termpolis/issues/new?template=feature_request.md"
                target="_blank"
                rel="noreferrer"
              >✨ Request a feature</a>
            </p>
          </header>

          <!-- OVERVIEW -->
          <section id="overview" class="docs-section">
            <h2>Overview</h2>
            <figure class="docs-shot">
              <img src="docs/screenshots/01-welcome-screen.png" alt="Termpolis welcome screen with AI agents and swarm.">
              <figcaption>The welcome screen, where new sessions begin.</figcaption>
            </figure>
            <p>
              Termpolis is a cross-platform desktop terminal manager (Windows, macOS, Linux) built on
              Electron + React + TypeScript with <code>node-pty</code> powering the underlying shells.
              It ships as a native app, code signed on Windows, notarized on macOS.
            </p>
            <p><strong>What makes it different:</strong></p>
            <ul class="docs-list">
              <li><strong>Secure AI-assisted development.</strong> Built-in <a href="#security-center">AI Security Center</a> auto-scans every AI prompt against 70+ secret patterns, enforces Gemini paid-tier mode, and keeps an auditable JSONL log of every AI-agent terminal launch — every check runs locally.</li>
              <li><strong>Multi-agent swarm.</strong> Claude Code, Codex, Gemini CLI, and Qwen Code work together on a task. A dedicated Claude Code instance acts as the conductor.</li>
              <li><strong>MCP server baked in.</strong> AI agents control Termpolis via Model Context Protocol, open terminals, run commands, send messages.</li>
              <li><strong>Transparent routing.</strong> Every subtask shows which agent got it, why, and what it cost.</li>
              <li><strong>Activity observability.</strong> Every token, every tool call, every message from every agent is visible in real time.</li>
              <li><strong>Intervention controls.</strong> Pause, cancel, or steer any agent mid-task without leaving the feed.</li>
              <li><strong>Shared memory.</strong> A RAG-backed memory store that any agent can read and write via MCP.</li>
              <li><strong>MCP-native end to end.</strong> All four agents speak MCP — no terminal-output parsers, no glue scripts, no bridge code paths.</li>
              <li><strong>Share-ready output.</strong> One shortcut from terminal to Slack, Teams, or a PR — see <a href="#copy-share">Copy for Slack / Teams / PRs</a>.</li>
            </ul>
          </section>

          <!-- AI SECURITY CENTER -->
          <section id="security-center" class="docs-section">
            <h2>🛡 AI Security Center</h2>
            <p>
              Termpolis ships an in-app AI Security Center at <strong>Settings → Security</strong>.
              Its goal is to give administrators visibility and layered controls around outbound
              AI traffic so a team can adopt Claude Code, Codex, Gemini CLI, and Qwen Code with
              the obvious accidents caught and a verifiable record of what was sent — knowing
              that no in-the-loop tool can guarantee a hosted-model prompt never reaches the
              provider.
            </p>
            <p>
              <strong>What it is and isn't.</strong> Any tool that lets you talk to a hosted model
              is, by definition, sending your prompt to that provider. Termpolis cannot air-gap
              a prompt you choose to send and cannot guarantee a provider's stated retention
              policy is enforced server-side. The Security Center is <em>defense in depth</em> —
              it catches recognisable secrets, flags oversize code/<code>.env</code> pastes,
              detects unexpected network endpoints, and writes everything to a local audit log.
              For absolute air-gap, run a local model and accept the quality / hardware
              trade-off.
            </p>
            <p><strong>Design principles:</strong></p>
            <ul class="docs-list">
              <li><strong>Local-first.</strong> Every check runs on the machine. None of these features send data to Termpolis or any third party.</li>
              <li><strong>Native, not a browser/IDE plugin.</strong> Termpolis is a terminal manager, not a Chrome extension piping your buffer to a SaaS backend.</li>
              <li><strong>No telemetry.</strong> No login, no phone-home. Optional crash reporting is opt-in and redacts user-folder paths first.</li>
              <li><strong>Verifiable.</strong> Every claim links to the provider's published ToS page; a weekly drift watcher (v1.11.52) opens a tracking issue when those pages change.</li>
              <li><strong>Honest about limits.</strong> Each control below names what it can <em>not</em> catch.</li>
            </ul>

            <h3>Per-provider training-disposition facts</h3>
            <p>
              The panel summarizes how each provider treats prompts on their commercial tier, sourced
              from the official ToS pages and updated with each release of Termpolis:
            </p>
            <ul class="docs-list">
              <li><strong>Anthropic (Claude Code).</strong> API + commercial usage — default off for training.</li>
              <li><strong>OpenAI (Codex).</strong> API platform — default off for training.</li>
              <li><strong>Google (Gemini CLI).</strong> Paid tier (API key, Vertex AI, Code Assist) — excluded from training. Free OAuth tier — Google may use prompts to improve products. Flagged yellow.</li>
              <li><strong>Alibaba (Qwen Code).</strong> Paid DashScope — excluded from training. Local Ollama mode — prompts stay on your machine instead of going to any provider.</li>
            </ul>

            <h3 id="security-secret-scanner">Auto-scan every prompt (v1.11.44+)</h3>
            <p>
              Once you launch <code>claude</code>, <code>codex</code>, <code>gemini</code>, or
              <code>qwen</code> in a terminal, every Enter and every paste-sized chunk
              (≥32 bytes) is scanned in main-process memory against 70+ regex rules
              <strong>before it reaches the PTY</strong>. Hits are redacted in place, audited
              as <code>redaction_hit</code> events, and surfaced via a dismissable banner.
              Non-AI terminals are not scanned (zero overhead). Coverage spans:
            </p>
            <ul class="docs-list">
              <li>AWS (access keys <code>AKIA…</code>/<code>ASIA…</code>, secrets, session tokens).</li>
              <li>GitHub (PAT <code>ghp_…</code>, fine-grained <code>github_pat_…</code>, OAuth secrets, runner tokens), GitLab, Bitbucket.</li>
              <li>Azure (Storage AccountKey, SAS signature, connection strings, AD client secret, DevOps PAT) and GCP (service-account JSON, OAuth client ID).</li>
              <li>AI providers: OpenAI, Anthropic, Google, HuggingFace, Cohere, Replicate.</li>
              <li>Payments (Stripe, PayPal Braintree, Square), comms (Slack, Discord, Telegram, Twilio, SendGrid, Mailgun, Mailchimp, Postmark).</li>
              <li>Cloud (Cloudflare, DigitalOcean, Heroku, Netlify, Vercel, Fly.io, Render, Pulumi), CI/CD (CircleCI, Travis, Codecov).</li>
              <li>Observability (Sentry DSN, Datadog, New Relic, Rollbar, Honeycomb, Mapbox, Okta, Auth0).</li>
              <li>Project mgmt (Linear, Notion, Asana, Jira, Figma), package registries (npm, PyPI, Docker Hub).</li>
              <li>Secrets vaults (HashiCorp Vault, Doppler, 1Password Connect), DB connection strings (Postgres/MySQL/MongoDB/Redis), HTTP basic-auth URLs.</li>
              <li>JWT, PEM/GPG private key blocks, and the <code>.env</code>-style catch-all (<code>SECRET_KEY=…</code>).</li>
            </ul>
            <p>
              A manual paste-and-scan box also lives in Settings → Security for one-off checks
              of clipboard text before pasting elsewhere.
            </p>
            <p>
              Hits return a redacted preview so you can decide whether the prompt is safe to send.
              The redaction scanner targets high-confidence patterns to keep false-positive rates
              low — it is <strong>not</strong> a comprehensive DLP solution. Custom corporate
              tokens may not be detected and must be vetted separately.
            </p>

            <h3 id="security-gemini">Gemini account-mode auto-detect + Strict Mode</h3>
            <p>
              The Gemini CLI is the highest-risk surface, because the free OAuth tier may be used
              for product improvement. Termpolis inspects the running shell environment to identify
              which tier the CLI will hit:
            </p>
            <ul class="docs-list">
              <li><strong>Vertex AI</strong> — <code>GOOGLE_APPLICATION_CREDENTIALS</code> + <code>GOOGLE_CLOUD_PROJECT</code>.</li>
              <li><strong>Code Assist (Workspace)</strong> — <code>GOOGLE_GENAI_USE_GCA=true</code>.</li>
              <li><strong>Paid API key</strong> — <code>GEMINI_API_KEY</code> or <code>GOOGLE_API_KEY</code>.</li>
              <li><strong>Free OAuth fallback</strong> — none of the above. Flagged in red.</li>
            </ul>
            <p>
              When <strong>Strict Mode</strong> is enabled, Termpolis intercepts <code>gemini</code>
              invocations from any terminal. If the resolved account mode isn't paid-tier-safe, the
              launch is cancelled with <kbd>Ctrl+C</kbd> and an in-band ANSI banner explains why.
              The blocked launch is recorded in the audit log as <em>BLOCKED: strict-mode + free-tier</em>.
              Strict Mode only intercepts shell-level invocations of the <code>gemini</code> binary —
              it does not block out-of-band paths (a renamed binary, a script that calls the Google
              API directly, etc.). It is a tripwire for the common-case mistake, not a full proxy.
            </p>

            <h3 id="security-audit">Local JSONL audit log</h3>
            <p>
              Every AI-agent terminal launch can be recorded in <code>ai-security-audit.jsonl</code>
              inside the userData directory. Each record is one JSON object containing the timestamp,
              the agent, the terminal id, and (optionally) byte counts and hit counts. The file is
              append-only with 10 MB rotation. It can be wiped from Settings → Security at any time.
              The audit log captures only what Termpolis observes locally — activity that bypasses
              Termpolis (a Gemini CLI run from a separate native terminal window, for example) is
              not visible to the audit log.
            </p>

            <h3 id="security-sensitive-file">Sensitive-file-read alert (v1.11.53)</h3>
            <p>
              The pre-send secret scanner can only see what <em>you</em> type. When the AI
              agent autonomously decides to read a sensitive file via its own
              <code>Read</code> tool (or runs <code>cat</code>/<code>head</code>/<code>grep</code>
              on one through <code>Bash</code>), the file's bytes have already been added to
              the agent's context and transmitted to the provider on the next turn. The
              terminal-side scanner never sees that path. This watcher closes the gap.
            </p>
            <p>
              <strong>How it works.</strong>
              <code>src/main/sensitiveFileWatcher.ts</code> subscribes to
              <code>agentEventBus</code> <code>tool_call</code> events emitted by the
              transcript watchers (Claude Code / Codex / Gemini). For each event it inspects
              the tool name and arguments:
            </p>
            <ul>
              <li>Filesystem-style tools (<code>Read</code>, <code>Edit</code>,
                  <code>Write</code>, <code>read_file</code>, <code>view</code>, …) →
                  pulls <code>file_path</code> / <code>path</code> / <code>filename</code> from the input.</li>
              <li>Shell-style tools (<code>Bash</code>, <code>run_shell_command</code>,
                  <code>container.exec</code>, …) → tokenises the command, splits on
                  <code>&amp;&amp;</code>/<code>;</code>/<code>|</code>, and identifies positional
                  arguments to <code>cat</code>/<code>head</code>/<code>tail</code>/<code>grep</code>/<code>cp</code>/<code>curl -F file=@</code> and 15 other reader commands.</li>
            </ul>
            <p>
              Each candidate path is matched against a hand-curated rule list:
              <code>.env</code>/<code>.env.local</code>/<code>.env.production</code>
              (excluding <code>.env.example</code>/<code>.sample</code>/<code>.template</code>);
              <code>*.pem</code>/<code>*.key</code>/<code>*.p12</code>/<code>*.pfx</code>/<code>*.jks</code>/<code>*.keystore</code>;
              <code>id_rsa</code>/<code>id_ed25519</code>/<code>id_ecdsa</code>/<code>id_dsa</code> (excluding <code>.pub</code>);
              <code>~/.aws/credentials</code> + <code>~/.aws/config</code>;
              GCP service-account JSONs;
              files under <code>~/.ssh/</code> excluding <code>known_hosts</code>/<code>config</code>/<code>*.pub</code>;
              <code>.netrc</code>/<code>.npmrc</code>/<code>.pypirc</code>;
              <code>~/.docker/config.json</code>; <code>~/.kube/config</code> + <code>*.kubeconfig</code>;
              <code>secrets.{yml,yaml,json,env,toml,ini}</code>; <code>credentials.{yml,json,…}</code>;
              <code>*.kdbx</code>/<code>*.kdb</code> (KeePass);
              and Chrome/Firefox/Edge cookie databases.
            </p>
            <p>
              On a match the watcher writes an audit entry tagged
              <code>sensitive_file_read</code> (with rule id, tool name, source path) and
              fires a <code>terminal:sensitive-file-read</code> IPC event to the renderer
              which displays a banner naming the file and the agent. A per-terminal counter
              is exposed via <code>aiSecurity.sensitiveReads(terminalId)</code> so the
              Security panel can show "3 sensitive reads this session" alongside the running
              list.
            </p>
            <p>
              <strong>What it cannot catch.</strong>
              The bytes have already been transmitted by the time the watcher runs — the
              transcript JSONL is downstream of the agent's tool runtime. Files exfiltrated
              via subprocesses the agent invokes through arbitrary code (e.g.
              <code>python -c 'open(".env").read()'</code>, network sockets opened by
              langchain wrappers, MCP servers run by the agent itself) are only caught if the
              wrapping <code>Bash</code> command parses cleanly to one of the known reader
              commands. The watcher is intentionally conservative on the false-positive side —
              flagging an irrelevant file once is cheap; missing a leak is expensive.
            </p>

            <h3 id="security-codechunk">Code-chunk + env-dump heuristics (v1.11.52)</h3>
            <p>
              Outbound prompts larger than 2&nbsp;KB are inspected for code-shaped structure
              (indentation density, braces/punctuation density, common keywords like
              <code>function</code>/<code>class</code>/<code>import</code>/<code>def</code>,
              and module declarations such as <code>import …</code> or <code>#include</code>).
              When two or more of those signals fire, the prompt is flagged via a
              <code>terminal:code-chunk-detected</code> event and an audit entry tagged
              <code>code-chunk:&lt;signals&gt;</code>. A separate detector counts
              <code>UPPER_SNAKE=value</code> lines (with an optional <code>export</code>
              prefix) — five or more triggers an <code>env-dump</code> flag and audit entry.
              Both detectors are <em>heuristic</em>: the prompt is not blocked. They exist so
              that a casual paste of an entire source file or <code>.env</code> does not slip
              past unnoticed. False negatives are possible on minified or unusual code shapes.
            </p>

            <h3 id="security-egress">Per-agent egress audit (v1.11.52)</h3>
            <p>
              When an AI agent is launched, Termpolis starts a 60-second poller that asks
              the OS what TCP connections the agent's PID has open
              (<code>netstat -ano</code> on Windows, <code>ss -tnp</code> on Linux,
              <code>lsof -nP -iTCP -p &lt;pid&gt;</code> on macOS) and records each unique
              remote <code>host:port</code>. The Security panel can read this back per
              terminal so you can answer "did Claude talk to anything other than
              <code>api.anthropic.com</code> today?". This is polling, not packet capture —
              sub-minute bursts can be missed, and we do not reverse-DNS or inspect the
              payload. If the platform tool is missing or the user has insufficient
              permissions, the poller silently returns nothing and the rest of the app
              continues to function.
            </p>

            <h3 id="security-tos-drift">Weekly ToS drift watcher (v1.11.52)</h3>
            <p>
              A scheduled GitHub Action
              (<a href="https://github.com/codedev-david/termpolis/blob/main/.github/workflows/tos-drift.yml" target="_blank" rel="noreferrer"><code>.github/workflows/tos-drift.yml</code></a>)
              runs every Monday at 13:00 UTC. It fetches the four provider pages this app
              cites, normalises the HTML aggressively (strips
              <code>&lt;script&gt;</code>/<code>&lt;style&gt;</code>/<code>&lt;svg&gt;</code>/<code>&lt;head&gt;</code>
              and HTML comments, decodes entities, collapses whitespace), hashes the result,
              and compares it to a snapshot committed under
              <code>docs/security-snapshots/</code>. When a hash differs the action opens a
              tracking issue tagged <code>security,tos-drift</code> so a human reviewer can
              decide whether the legal language has materially changed and Termpolis needs
              an update. The watcher detects rendered-text changes — it cannot infer legal
              intent.
            </p>

            <h3 id="security-disclaimer">Legal disclaimer</h3>
            <p>
              The AI Security Center is <strong>best-effort, not regulatory-grade</strong>. The
              project is licensed Apache 2.0 "AS IS". The full disclaimer ships in
              <a href="https://github.com/codedev-david/termpolis/blob/main/TERMS.md" target="_blank" rel="noreferrer"><code>TERMS.md §5a</code></a>
              and inside the app at Settings → Security. Provider terms can change without notice;
              you must verify provider terms before transmitting confidential data. To the maximum
              extent permitted by law, the authors and contributors of Termpolis disclaim all
              liability for any data leak, breach, regulatory violation, contractual breach, or
              business loss arising from your use of any AI agent launched through this application.
            </p>
          </section>

          <!-- COPY FOR SLACK / TEAMS / PRs -->
          <section id="copy-share" class="docs-section">
            <h2>Copy for Slack / Teams / PRs</h2>
            <p>
              AI workflows generate share-worthy output constantly: a stack trace to dump into a
              channel, a clean test run for a PR, a fenced code block for the engineering wiki.
              Termpolis ships a four-way Copy submenu on every terminal context menu, plus the
              keybinding <kbd>Ctrl+Shift+M</kbd> (rebindable) for the common case.
            </p>
            <h3>Copy as Code Block</h3>
            <p>
              Wraps the current selection — or the entire visible terminal buffer if nothing is
              selected — in triple-backtick fences and copies it to the clipboard. Drop the result
              into Slack, Teams, GitHub, GitLab, or any wiki that respects fenced code and the
              monospaced layout survives.
            </p>
            <h3>Copy as Plain Text</h3>
            <p>
              Strips ANSI color escapes and copies the result as raw text. Use this for emails,
              Jira tickets, Notion docs, or any surface where backticks would be noise.
            </p>
            <h3>Copy with Command</h3>
            <p>
              Prepends the last shell command (taken from history) to the copied output before
              fencing. Reproducer-ready snippets for bug reports — your reviewer sees both the
              command and the output in a single paste, instead of the usual back-and-forth.
            </p>
            <h3>Copy as Image (PNG)</h3>
            <p>
              Renders the underlying xterm.js canvas to a PNG via <code>canvas.toBlob</code> and
              writes it to the clipboard with <code>ClipboardItem</code>. Paste straight into
              Slack, Teams, or a Loom / wiki post. Colors, glyphs, and layout survive intact, so
              you don't end up with the typical "weird mojibake in the screenshot" awkwardness
              when the receiver is on a different OS or terminal font.
            </p>
            <p>
              All four actions live in the terminal right-click menu under <strong>Copy →</strong>.
              <kbd>Ctrl+Shift+M</kbd> defaults to Copy as Code Block; rebind it under Settings →
              Keybindings.
            </p>
          </section>

          <!-- INSTALL -->
          <section id="install" class="docs-section">
            <h2>Installation</h2>
            <p>
              Download the latest build from <a href="index.html#downloads">the downloads page</a> or
              <a href="https://github.com/codedev-david/termpolis/releases/latest" target="_blank" rel="noreferrer">GitHub Releases</a>.
            </p>
            <div class="docs-table-wrap">
              <table class="docs-table">
                <thead>
                  <tr><th>Platform</th><th>File</th><th>Signed</th></tr>
                </thead>
                <tbody>
                  <tr><td>Windows</td><td><code>termpolis-setup-&lt;ver&gt;.exe</code></td><td>Code-signed</td></tr>
                  <tr><td>macOS (Apple Silicon)</td><td><code>termpolis-&lt;ver&gt;-arm64.dmg</code></td><td>Notarized</td></tr>
                  <tr><td>macOS (Intel)</td><td><code>termpolis-&lt;ver&gt;.dmg</code></td><td>Notarized</td></tr>
                  <tr><td>Linux (Debian / Ubuntu)</td><td><code>termpolis_&lt;ver&gt;_amd64.deb</code></td><td>—</td></tr>
                  <tr><td>Linux (other distros)</td><td><code>termpolis-&lt;ver&gt;.AppImage</code></td><td>—</td></tr>
                </tbody>
              </table>
            </div>
            <h3>Installing the .deb on Debian / Ubuntu</h3>
            <p>
              Use <code>dpkg</code>, <strong>not</strong> <code>sudo apt install ./termpolis*.deb</code>.
              On Ubuntu 22.04+ apt drops to a sandboxed <code>_apt</code> user that can&rsquo;t read
              files in your home directory, which fails with
              <em>&ldquo;Permission denied / pkgAcquireRun: 13&rdquo;</em>. <code>dpkg</code> doesn&rsquo;t
              drop privileges, so it works regardless of where the .deb is saved:
            </p>
            <pre><code>sudo dpkg -i ./termpolis_*.deb</code></pre>
            <p>
              The package&rsquo;s postinst (v1.11.30+) takes care of the rest automatically:
              it runs <code>apt-get install -f -y</code> to pull any missing transitive
              dependencies (libgtk, libnss3, &hellip;), refreshes the desktop and hicolor
              icon caches so the launcher icon shows up immediately, and ships the .desktop
              entry with <code>--no-sandbox --disable-gpu</code> baked into the
              <code>Exec=</code> line so the dock icon launches a working window on
              NVIDIA / Wayland setups without any manual flags.
            </p>
            <h3 id="install-windows-defender">If Windows Defender quarantines Termpolis after install or auto-update</h3>
            <p>
              Termpolis is code-signed with an SSL.com OV certificate. Microsoft Defender&rsquo;s
              cloud ML classifier occasionally false-positives newly-released Electron apps
              that haven&rsquo;t yet accumulated SmartScreen reputation, typically flagging
              <code>Termpolis.exe</code> as <em>Trojan:Win32/Cinjo.O!cl</em> or a similar
              <code>!cl</code> (cloud) heuristic. Symptoms: the app refuses to launch, its
              taskbar / Start Menu / Desktop shortcuts disappear, and the installed
              <code>Termpolis.exe</code> shows blank version metadata.
            </p>
            <p>
              To recover, open <strong>PowerShell as Administrator</strong> and run:
            </p>
<pre><code>Add-MpPreference -ExclusionPath "$env:LOCALAPPDATA\Programs\Termpolis"
Add-MpPreference -ExclusionPath "$env:APPDATA\termpolis"
Add-MpPreference -ExclusionPath "$env:LOCALAPPDATA\termpolis-updater"
Add-MpPreference -ExclusionProcess "Termpolis.exe"
&amp; "$env:ProgramFiles\Windows Defender\MpCmdRun.exe" -Restore -Name "Trojan:Win32/Cinjo.O!cl" -All
Start-Process "$env:LOCALAPPDATA\termpolis-updater\pending\Termpolis.Setup.*.exe"</code></pre>
            <p>
              The first four lines tell Defender to stop scanning Termpolis (preventing the
              same FP on future auto-updates). The <code>-Restore</code> line pulls any
              already-quarantined Termpolis files back out. The final line re-runs the most
              recent pending installer to repair anything that went missing.
            </p>
            <p>
              If you prefer the GUI: <em>Windows Security &rarr; Virus &amp; threat protection
              &rarr; Protection history</em>, click the Termpolis detection, choose
              <strong>Actions &rarr; Allow on device</strong>, then reinstall from the
              <a href="index.html#downloads">downloads page</a>. Either way, please also
              <a href="https://www.microsoft.com/en-us/wdsi/filesubmission" target="_blank" rel="noreferrer">submit the binary as a false positive to Microsoft</a>
              &mdash; that&rsquo;s what builds reputation and stops it happening to other users.
            </p>
            <h4>If your machine is corporate-managed (Intune / Tamper Protection locked)</h4>
            <p>
              On Azure AD-joined or Intune-managed devices, the steps above may silently
              fail &mdash; including <strong>Allow on device</strong> in Protection History.
              You can confirm this by running in PowerShell:
            </p>
<pre><code>(Get-MpComputerStatus).TamperProtectionSource</code></pre>
            <p>
              If that returns <code>Intune</code> (or <code>EnterpriseClient</code>),
              your IT department&rsquo;s policy outranks local admin for any Defender
              modification. Open a ticket with your IT/security team and ask them to add
              one of:
            </p>
            <ul class="docs-list">
              <li>A <strong>per-machine folder exclusion</strong> for <code>%LOCALAPPDATA%\Programs\Termpolis</code>, <code>%LOCALAPPDATA%\termpolis-updater</code>, and <code>%APPDATA%\termpolis</code>.</li>
              <li>A <strong>process exclusion</strong> for <code>Termpolis.exe</code>.</li>
              <li>(Most durable) A <strong>publisher exclusion</strong> for code signed by <code>CN=David Engelhart, O=David Engelhart, L=Savannah, S=Georgia, C=US</code> &mdash; covers every future Termpolis release without per-version updates.</li>
            </ul>
            <p>
              Until IT processes the exclusion, the working stop-gap is to install an older
              release that hasn&rsquo;t been classified by Defender&rsquo;s cloud model:
              browse <a href="https://github.com/codedev-david/termpolis/releases" target="_blank" rel="noreferrer">GitHub Releases</a>,
              pick the version right before the one that got flagged, and disable
              auto-update in Termpolis Settings so it doesn&rsquo;t re-pull the flagged
              build.
            </p>
            <h3>Requirements</h3>
            <ul class="docs-list">
              <li>Windows 10 or 11 (x64)</li>
              <li>macOS 10.15 (Catalina) or later, Apple Silicon and Intel builds ship separately</li>
              <li>Linux: .deb for Debian/Ubuntu, AppImage for any other modern glibc distro</li>
              <li>~200 MB disk; 512 MB RAM minimum, 2 GB recommended when running multiple agents</li>
            </ul>
            <h3>Data directory</h3>
            <div class="docs-table-wrap">
              <table class="docs-table">
                <thead><tr><th>Platform</th><th>Path</th></tr></thead>
                <tbody>
                  <tr><td>Windows</td><td><code>%APPDATA%\termpolis\</code></td></tr>
                  <tr><td>macOS</td><td><code>~/Library/Application Support/termpolis/</code></td></tr>
                  <tr><td>Linux</td><td><code>~/.config/termpolis/</code></td></tr>
                </tbody>
              </table>
            </div>
          </section>

          <!-- API KEYS / BEFORE YOU BEGIN -->
          <section id="api-keys" class="docs-section">
            <h2>Before you begin · API keys</h2>
            <p>
              Termpolis is a terminal — it doesn't talk to AI providers itself. Each AI agent
              (Claude Code, Codex, Gemini CLI, Qwen Code) is a separate CLI tool you launch
              <em>inside</em> a Termpolis terminal, and that tool needs its own credentials.
              Termpolis never asks you for an API key, never sees one, and never stores one.
            </p>
            <div class="docs-callout">
              <p>
                <strong>The minimum to be productive: pick one provider, install its CLI, set
                its API key once.</strong> You do not need all four. A single agent is enough
                to use every Termpolis feature except the multi-agent swarm.
              </p>
            </div>
            <h3>Pick the agent that matches the account you already have</h3>
            <div class="docs-table-wrap">
              <table class="docs-table">
                <thead>
                  <tr><th>If you have…</th><th>Use this agent</th><th>Install</th></tr>
                </thead>
                <tbody>
                  <tr>
                    <td>Anthropic / Claude.ai paid plan</td>
                    <td>Claude Code</td>
                    <td><code>npm install -g @anthropic-ai/claude-code</code></td>
                  </tr>
                  <tr>
                    <td>OpenAI / ChatGPT paid plan</td>
                    <td>Codex</td>
                    <td><code>npm install -g @openai/codex</code></td>
                  </tr>
                  <tr>
                    <td>Google AI Studio key, Vertex AI, or Code Assist (Workspace)</td>
                    <td>Gemini CLI</td>
                    <td><code>npm install -g @google/gemini-cli</code></td>
                  </tr>
                  <tr>
                    <td>Alibaba DashScope key (or want to run Qwen locally with Ollama)</td>
                    <td>Qwen Code</td>
                    <td><code>npm install -g @qwen-code/qwen-code</code></td>
                  </tr>
                </tbody>
              </table>
            </div>
            <h3>Setting the key (one-time, per provider)</h3>
            <p>
              Each CLI reads its key from an environment variable. Set it once in your shell's
              startup file (<code>~/.bashrc</code>, <code>~/.zshrc</code>, or your PowerShell
              profile) and Termpolis terminals will pick it up automatically. The exact variable
              name per provider:
            </p>
            <div class="docs-table-wrap">
              <table class="docs-table">
                <thead>
                  <tr><th>Provider</th><th>Variable</th><th>Where to get the key</th></tr>
                </thead>
                <tbody>
                  <tr>
                    <td>Anthropic (Claude Code)</td>
                    <td><code>ANTHROPIC_API_KEY</code></td>
                    <td><a href="https://console.anthropic.com/settings/keys" target="_blank" rel="noreferrer">console.anthropic.com</a></td>
                  </tr>
                  <tr>
                    <td>OpenAI (Codex)</td>
                    <td><code>OPENAI_API_KEY</code></td>
                    <td><a href="https://platform.openai.com/api-keys" target="_blank" rel="noreferrer">platform.openai.com</a></td>
                  </tr>
                  <tr>
                    <td>Google AI Studio (Gemini)</td>
                    <td><code>GEMINI_API_KEY</code></td>
                    <td><a href="https://aistudio.google.com/apikey" target="_blank" rel="noreferrer">aistudio.google.com</a></td>
                  </tr>
                  <tr>
                    <td>Alibaba DashScope (Qwen)</td>
                    <td><code>DASHSCOPE_API_KEY</code></td>
                    <td><a href="https://dashscope.console.aliyun.com/apiKey" target="_blank" rel="noreferrer">dashscope.console.aliyun.com</a></td>
                  </tr>
                </tbody>
              </table>
            </div>
            <p>
              Example, bash/zsh:
            </p>
            <pre class="docs-code"><code>echo 'export ANTHROPIC_API_KEY="sk-ant-..."' &gt;&gt; ~/.zshrc
source ~/.zshrc</code></pre>
            <p>
              Example, PowerShell:
            </p>
            <pre class="docs-code"><code>[Environment]::SetEnvironmentVariable('ANTHROPIC_API_KEY', 'sk-ant-...', 'User')</code></pre>
            <p>
              <strong>Heads-up about Gemini.</strong> The <code>gemini</code> CLI defaults to a
              free OAuth tier when no env var is set, and Google may use that traffic to
              improve products. Termpolis flags this in <strong>Settings → Security</strong>
              and offers a <a href="#security-gemini">Strict Mode</a> that blocks the launch
              until you set <code>GEMINI_API_KEY</code> (or another paid-tier signal).
            </p>
            <h3>Verifying it worked</h3>
            <p>
              Open a Termpolis terminal (<kbd>Ctrl</kbd> + <kbd>T</kbd>) and type:
            </p>
            <pre class="docs-code"><code>echo $ANTHROPIC_API_KEY     # bash / zsh
$env:ANTHROPIC_API_KEY      # PowerShell</code></pre>
            <p>
              If the value prints, you're done. If it's empty, restart Termpolis after editing
              your shell's startup file so the new environment is inherited.
            </p>
          </section>

          <!-- FIRST LAUNCH -->
          <section id="first-launch" class="docs-section">
            <h2>First launch (5 steps)</h2>
            <p>
              The first time you start Termpolis you'll see a four-step onboarding tour:
              <em>What Termpolis is</em> → <em>Set an API key</em> → <em>Launch your first agent
              (or swarm)</em> → <em>Security &amp; crash reports</em> (opt-in checkbox). The
              tour is one-time; you can revisit it any time from <strong>Help / Support →
              Show tour again</strong>. After dismissing it you land on the welcome view. From
              there:
            </p>
            <ol class="docs-list docs-list-ordered">
              <li>
                <strong>Pick a shell.</strong> Click any of the quick-launch buttons in the
                center of the welcome view — bash, zsh, PowerShell, cmd, or whichever shells
                Termpolis detected on your machine. A terminal pane opens.
              </li>
              <li>
                <strong>(Optional) Open the AI Agents row.</strong> The sidebar has an
                <strong>AI Agents</strong> section with one-click launchers for Claude Code,
                Codex, Gemini CLI, and Qwen Code. A green check means the CLI is installed; a
                red X means it isn't (click for install instructions). Skip this on the first
                run if you just want to use Termpolis as a terminal.
              </li>
              <li>
                <strong>Open Settings.</strong> Click the gear in the top-left of the sidebar
                (or press <kbd>Ctrl</kbd> + <kbd>,</kbd>). Pick a theme, set your default shell,
                and look at the Security tab if you launch any AI agent. Changes save instantly.
              </li>
              <li>
                <strong>Save your first workspace.</strong> When you've got terminals you'd
                want to come back to, click <strong>+ Save Workspace</strong> in the sidebar.
                Termpolis snapshots the names, shells, themes, and working directories so they
                restore the next time you open the app.
              </li>
              <li>
                <strong>Press <kbd>Ctrl</kbd> + <kbd>/</kbd> any time</strong> to open the
                in-app Help drawer — it covers every feature, every panel, and every keyboard
                shortcut. You can also click <strong>Help / Support</strong> in the bottom
                status bar.
              </li>
            </ol>
            <figure class="docs-shot">
              <img src="docs/screenshots/02-sidebar-default.png" alt="Termpolis sidebar in default state.">
              <figcaption>The sidebar as it appears immediately after first launch.</figcaption>
            </figure>
          </section>

          <!-- LAUNCH FIRST AI AGENT -->
          <section id="first-agent" class="docs-section">
            <h2>Launch your first AI agent</h2>
            <p>
              The fastest way to do something useful with Termpolis is to drive a single agent.
              No swarm config, no MCP setup, no JSON. Once your <a href="#api-keys">API key</a>
              is in place:
            </p>
            <ol class="docs-list docs-list-ordered">
              <li>
                <strong>Open the AI Agents section</strong> in the sidebar (it's the row above
                Workspaces, with the robot icon).
              </li>
              <li>
                <strong>Click the agent you want to run</strong> — Claude Code, Codex, Gemini
                CLI, or Qwen Code. Termpolis opens a fresh terminal, sets the right working
                directory, runs the agent's interactive command, and color-codes the tab so
                you can see at a glance which agent is in which pane.
              </li>
              <li>
                <strong>Type your task in plain English.</strong> Examples:
                <ul class="docs-list">
                  <li><em>"Add a dark-mode toggle to the header component."</em></li>
                  <li><em>"Refactor <code>userService.ts</code> to use async/await throughout and add tests."</em></li>
                  <li><em>"Find every TODO in <code>src/</code> and tell me which ones look stale."</em></li>
                </ul>
              </li>
              <li>
                <strong>Watch the status bar.</strong> A colored badge appears next to the
                agent name with running token cost. The
                <a href="#observability-docs">Observability panels</a> light up the moment the
                agent makes a tool call.
              </li>
              <li>
                <strong>If the agent runs out of context</strong>, an amber banner offers a
                <a href="#context-handoff">cross-AI handoff</a> — one click to continue the
                same conversation in a different model with task, branch, and recent diff
                already in scope.
              </li>
            </ol>
            <p>
              You don't need to configure MCP, edit any JSON, or set up tooling — Termpolis
              auto-registers itself with each agent the first time you launch it. See
              <a href="#mcp">MCP server</a> for what that actually unlocks.
            </p>
            <p>
              Want to scale beyond one agent? Read <a href="#swarm-vs-single">Swarm vs. single
              agent</a> next to decide whether your task is worth orchestrating.
            </p>
          </section>

          <!-- SWARM VS SINGLE AGENT -->
          <section id="swarm-vs-single" class="docs-section">
            <h2>Swarm vs. single agent</h2>
            <p>
              Termpolis ships two ways to put AI to work. Pick the one that matches the shape
              of your task — they're not interchangeable.
            </p>
            <h3>Quick decision tree</h3>
            <ul class="docs-list">
              <li>
                <strong>Is the task one tight loop of "try → see → fix"?</strong>
                → <strong>Single agent.</strong> You're the conductor. Open Claude Code (or
                whichever agent you trust most for this domain) and iterate.
              </li>
              <li>
                <strong>Does the task split into independent chunks that can run in parallel?</strong>
                (e.g. "build the API + write the migration + add tests + write docs", or
                "rewrite three unrelated modules in the same style.")
                → <strong>Swarm.</strong> The conductor decomposes the task, hands subtasks to
                the agents best-rated for each, and merges results.
              </li>
              <li>
                <strong>Is the task a long spec rather than a single ask?</strong>
                → <strong>Swarm.</strong> Drop the spec into the Start Swarm wizard and let
                the conductor plan.
              </li>
              <li>
                <strong>Are you exploring or debugging interactively?</strong>
                → <strong>Single agent.</strong> Swarms are autonomous; an interactive back-and-forth
                is the wrong shape for them.
              </li>
              <li>
                <strong>Do you need different agents because they're individually best at
                different sub-skills</strong> (e.g. Codex for tests, Gemini for docs)?
                → <strong>Swarm.</strong> The capability ratings drive routing for you.
              </li>
            </ul>
            <h3>What you get with each</h3>
            <div class="docs-table-wrap">
              <table class="docs-table">
                <thead>
                  <tr><th>&nbsp;</th><th>Single agent</th><th>Swarm</th></tr>
                </thead>
                <tbody>
                  <tr>
                    <td><strong>Setup</strong></td>
                    <td>Click an agent in the sidebar.</td>
                    <td><kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>S</kbd> → fill the Start Swarm wizard.</td>
                  </tr>
                  <tr>
                    <td><strong>Best for</strong></td>
                    <td>Iteration, exploration, debugging, learning.</td>
                    <td>Parallelizable specs, multi-skill tasks, autonomous runs.</td>
                  </tr>
                  <tr>
                    <td><strong>Cost</strong></td>
                    <td>Just the agent you're using.</td>
                    <td>Conductor + each agent it picks. Set a budget cap in the wizard.</td>
                  </tr>
                  <tr>
                    <td><strong>Visibility</strong></td>
                    <td>One terminal pane.</td>
                    <td>Swarm Dashboard (Tasks · Messages · Trace tabs). Agent terminals are hidden by default — the conductor drives them.</td>
                  </tr>
                  <tr>
                    <td><strong>You drive</strong></td>
                    <td>Every prompt.</td>
                    <td>The first prompt; the conductor takes it from there.</td>
                  </tr>
                </tbody>
              </table>
            </div>
            <p>
              See <a href="#conductor">AI conductor</a> for the full swarm walkthrough or
              <a href="#agents">AI agent profiles</a> for single-agent details.
            </p>
          </section>

          <!-- SIDEBAR -->
          <section id="sidebar" class="docs-section">
            <h2>Sidebar</h2>
            <p>The sidebar is the navigation spine of the app. From top to bottom:</p>
            <ol class="docs-list docs-list-ordered">
              <li>Termpolis logo: click to return to the welcome view.</li>
              <li>Workspaces, one row per open workspace. See the <a href="#workspaces">Workspaces</a> section below for how they work.</li>
              <li>Tool buttons, Settings, Git Panel, Workflows, Activity, Swarm, each toggleable.</li>
              <li>Collapse/expand chevron, hides labels to save space.</li>
            </ol>
          </section>

          <!-- WORKSPACES -->
          <section id="workspaces" class="docs-section">
            <h2>Workspaces</h2>
            <p>
              Workspaces are the <strong>project-level container</strong> in Termpolis. Think of
              them as the tabs in a browser, except each one holds a full set of terminals, a
              split/grid layout, an active agent, a scrollback history, per-workspace settings,
              and any panels you've left pinned. You can run many workspaces side-by-side and
              switch between them without losing state.
            </p>
            <h3>What a workspace owns</h3>
            <ul class="docs-list">
              <li><strong>Terminals</strong>, every open pty in that workspace, with its shell, working directory, label, color, and scrollback buffer.</li>
              <li><strong>Layout</strong>, tab view, split view (the full pane tree), or grid view. Restored exactly on relaunch.</li>
              <li><strong>Focus</strong>, which terminal was active, cursor position, selection.</li>
              <li><strong>Agent sessions</strong>, any Claude Code, Codex, Gemini CLI, or Qwen Code runs tied to terminals in the workspace.</li>
              <li><strong>Panel state</strong>, which side panels are open and their size.</li>
              <li><strong>Per-workspace overrides</strong>, any setting scoped specifically to this workspace (shell default, font size, etc.).</li>
            </ul>
            <h3>How workspaces persist</h3>
            <p>
              Everything above is written to <code>session.json</code> in the Termpolis data
              directory (see <a href="#install">Installation</a> for the per-platform path) as
              soon as it changes, so an unclean shutdown still leaves you with last-known-good
              state. Re-opening the app restores the workspaces in the same order with the same
              terminals, split layouts, and focus.
            </p>
            <h3>Creating a workspace</h3>
            <p>
              Use the <strong>+ Workspace</strong> button at the top of the sidebar or the
              <kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>N</kbd> shortcut. Each new workspace
              starts empty; pick a shell to open the first terminal, or apply a
              <a href="#workflows">workflow template</a> to stamp a whole pre-built layout into it.
            </p>
            <h3>Managing workspaces</h3>
            <p>Right-click any workspace row in the sidebar for:</p>
            <ul class="docs-list">
              <li><strong>Rename</strong>, changes the label in the sidebar and the window title when the workspace is active.</li>
              <li><strong>Duplicate</strong>, creates a new workspace with the same terminal configuration (shell, cwd, label) but fresh, empty pty sessions. Useful when mirroring a setup for a second feature branch.</li>
              <li><strong>Close</strong>, removes the workspace. If any terminals have live child processes, a confirmation dialog lists what's still running.</li>
              <li><strong>Show in file explorer</strong>, opens the workspace's working directory in Finder / Explorer / your Linux file manager.</li>
            </ul>
            <h3>Switching between workspaces</h3>
            <p>
              Click a workspace row to activate it. Keyboard users can cycle with
              <kbd>Ctrl</kbd> + <kbd>Alt</kbd> + <kbd>[</kbd> / <kbd>]</kbd>. Unsaved terminal
              output in background workspaces keeps streaming, nothing is paused just because
              it's not visible.
            </p>
            <h3>Workspace root directory</h3>
            <p>
              Each workspace has a default working directory that new terminals start in. Set it
              when you create the workspace, or change it later from Settings → Workspace.
              Terminals started with the agent launcher or a workflow template inherit this unless
              they override it per-terminal.
            </p>
            <h3>Workspaces vs. workflows</h3>
            <p>
              Workspaces are <em>long-lived containers</em> that own state across restarts;
              <a href="#workflows">workflows</a> are <em>one-shot recipes</em> that populate the
              current workspace with a pre-configured set of terminals, commands, and a split
              layout. Think of a workspace as the room you're working in, and a workflow as the
              "set the room up like this" macro. Launching a workflow inside a workspace closes
              the existing terminals and replaces them with the workflow's terminals, the
              workspace stays, the contents get reset.
            </p>
          </section>

          <!-- TERMINALS -->
          <section id="terminals" class="docs-section">
            <h2>Terminals</h2>
            <figure class="docs-shot">
              <img src="docs/screenshots/03-new-terminal-modal.png" alt="New terminal modal with shell + agent options.">
              <figcaption>The new-terminal modal with shell, cwd, and agent profile options.</figcaption>
            </figure>
            <p>
              Every pane is a full pty-backed terminal powered by <code>node-pty</code>, real TTY
              semantics, xterm escapes, signal forwarding. Not a shim.
            </p>
            <p>Create one with <kbd>Ctrl</kbd> + <kbd>T</kbd>. Pick a shell, a working directory, optionally an agent profile, plus a label and color.</p>
            <figure class="docs-shot">
              <img src="docs/screenshots/04-terminal-running.png" alt="A running PowerShell terminal in Termpolis.">
              <figcaption>A running terminal, copy on selection, 256-color palette, mouse scroll.</figcaption>
            </figure>
            <p>
              Closing a terminal with an active process prompts for confirmation, this protects
              long-running tasks (model downloads, builds, agent sessions) from accidental loss.
            </p>
          </section>

          <!-- VIEWS -->
          <section id="views" class="docs-section">
            <h2>Tabs, splits &amp; grid</h2>
            <figure class="docs-shot">
              <img src="docs/screenshots/05-tab-view-multiple.png" alt="Tab view with multiple terminals open.">
              <figcaption>Tab view, every terminal gets its own tab.</figcaption>
            </figure>
            <p>
              Terminals are arranged in one of three view modes. Pick whichever fits the task, tabs
              for deep focus, splits for side-by-side work, grid for watching the swarm.
            </p>
            <figure class="docs-shot">
              <img src="docs/screenshots/06-split-view.png" alt="Split view with two terminals side by side.">
              <figcaption>Split view, recursive, drag the divider to resize.</figcaption>
            </figure>
            <ul class="docs-list">
              <li><kbd>Ctrl</kbd> + <kbd>\</kbd>, split horizontally</li>
              <li><kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>\</kbd>, split vertically</li>
              <li><kbd>Alt</kbd> + <kbd>Arrow</kbd>, focus adjacent pane</li>
              <li><kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>W</kbd>, close focused pane</li>
            </ul>
          </section>

          <!-- SETTINGS -->
          <section id="settings" class="docs-section">
            <h2>Settings</h2>
            <figure class="docs-shot">
              <img src="docs/screenshots/07-settings-panel.png" alt="Settings panel.">
              <figcaption>The settings panel, slides in from the right.</figcaption>
            </figure>
            <p>Open with the gear icon or <kbd>Ctrl</kbd> + <kbd>,</kbd>. Changes save immediately, no apply button.</p>
            <p>Tabs: <strong>Themes</strong>, <strong>Keybindings</strong>, <strong>Agent Capability</strong>, <strong>Shells</strong>, <strong>Behavior</strong>, <strong>Advanced</strong>.</p>
          </section>

          <!-- THEMES -->
          <section id="themes" class="docs-section">
            <h2>Themes</h2>
            <figure class="docs-shot">
              <img src="docs/screenshots/08-themes-picker.png" alt="Themes picker.">
              <figcaption>The theme picker, curated dark themes plus VS Code import.</figcaption>
            </figure>
            <p>
              Ships with Termpolis Dark (default), Dracula, Solarized Dark, Nord, Gruvbox Dark,
              Tokyo Night, Monokai. Each applies to terminals, app chrome, and AI conversation
              syntax highlighting. Import any VS Code theme JSON, the parser maps tokenColors to
              xterm colors automatically.
            </p>
          </section>

          <!-- KEYBINDINGS -->
          <section id="keybindings" class="docs-section">
            <h2>Keybindings</h2>
            <figure class="docs-shot">
              <img src="docs/screenshots/09-keybindings.png" alt="Keybindings settings tab.">
              <figcaption>Every user-facing action is rebindable.</figcaption>
            </figure>
            <p>
              Bindings are platform-aware, <kbd>Ctrl</kbd> becomes <kbd>⌘</kbd> on macOS
              automatically. Conflicts are flagged inline when rebinding.
            </p>
          </section>

          <!-- CAPABILITIES -->
          <section id="capabilities" class="docs-section">
            <h2>Agent capability ratings</h2>
            <figure class="docs-shot">
              <img src="docs/screenshots/10-agent-capability-ratings.png" alt="Agent capability ratings panel.">
              <figcaption>Score each agent across 10 categories, powers the swarm router.</figcaption>
            </figure>
            <p>
              The heart of smart swarm routing. Score each agent (Claude Code, Codex, Gemini CLI,
              Qwen Code) from 0–100 across 10 categories: Refactoring, Testing, Documentation,
              Code review, DevOps/Infra, Debugging, Frontend, Backend/API, Data/SQL, Bulk work.
              Defaults reflect model-family strengths; tune them to match your experience.
            </p>
            <p>The <strong>Token Cost</strong> column ($, $$, $$$) drives cost-aware routing.</p>
          </section>

          <!-- COMMAND PALETTE -->
          <section id="command-palette" class="docs-section">
            <h2>Command palette</h2>
            <figure class="docs-shot">
              <img src="docs/screenshots/11-command-palette.png" alt="Command palette open.">
              <figcaption><kbd>Ctrl</kbd> + <kbd>K</kbd>, the fastest way to do anything.</figcaption>
            </figure>
            <p>
              The palette is your keyboard-only shortcut to every action in Termpolis. Actions,
              workspaces, recent commands, files, all searchable with fuzzy matching, exact matches
              floating to the top.
            </p>
            <figure class="docs-shot">
              <img src="docs/screenshots/11b-command-palette-filtered.png" alt="Command palette filtered by 'launch'.">
              <figcaption>Type to filter, "launch" surfaces every agent and terminal launch action.</figcaption>
            </figure>
            <h3>Why use it</h3>
            <ul class="docs-list">
              <li><strong>Don't remember keybindings?</strong> Type the feature name, the palette shows the shortcut next to the action.</li>
              <li><strong>Jump across workspaces in two keystrokes.</strong> <kbd>Ctrl</kbd> + <kbd>K</kbd>, type workspace name, <kbd>Enter</kbd>.</li>
              <li><strong>Re-run a recent command anywhere.</strong> The palette surfaces your last 50 commands across every terminal, type a fragment, hit Enter, and it runs in the focused pane.</li>
            </ul>
            <h3>How to use it</h3>
            <ol class="docs-list docs-list-ordered">
              <li>Press <kbd>Ctrl</kbd> + <kbd>K</kbd>.</li>
              <li>Type a query, e.g. <em>split</em>, <em>new terminal</em>, <em>workspace</em>, <em>launch claude</em>.</li>
              <li>Use <kbd>↑</kbd> / <kbd>↓</kbd> to select; <kbd>Enter</kbd> runs it; <kbd>Esc</kbd> closes.</li>
            </ol>
          </section>

          <!-- PROMPT TEMPLATES -->
          <section id="prompt-templates" class="docs-section">
            <h2>Prompt templates</h2>
            <figure class="docs-shot">
              <img src="docs/screenshots/12-prompt-templates.png" alt="Prompt templates library.">
              <figcaption>Reusable prompts with variable substitution, <kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>P</kbd> to open.</figcaption>
            </figure>
            <p>
              Save the prompts you type over and over. Each template supports
              <code>{{variables}}</code> that get filled from your current selection, cwd, or a
              free-form input when you launch it.
            </p>
            <h3>Built-in templates</h3>
            <ul class="docs-list">
              <li><strong>Explain this code</strong>, pastes current selection as context, asks the agent to walk through it.</li>
              <li><strong>Write tests</strong>, generates unit tests for the focused file.</li>
              <li><strong>Refactor for readability</strong>, rewrites with a focus on clarity, not behavior changes.</li>
              <li><strong>Find security issues</strong>, static-analysis-style review for OWASP-top-10 patterns.</li>
              <li><strong>Document this API</strong>, produces JSDoc / TSDoc / docstrings for the selection.</li>
              <li><strong>Code review, strict</strong>, adversarial review with a "what would break?" lens.</li>
            </ul>
            <h3>How to use it</h3>
            <ol class="docs-list docs-list-ordered">
              <li>Select the code you want to discuss in any terminal (or leave empty to use free-form input).</li>
              <li>Press <kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>P</kbd>.</li>
              <li>Pick a template, Termpolis fills <code>{{selection}}</code>, <code>{{cwd}}</code>, <code>{{branch}}</code>, etc. automatically.</li>
              <li>Fill any remaining prompts in the form, then click <strong>Send to active agent</strong>.</li>
              <li>The fully-expanded prompt is written to the focused agent's stdin.</li>
            </ol>
            <h3>Customizing</h3>
            <p>
              Click <strong>+ New</strong> in the template picker or edit
              <code>prompt-templates.json</code> in your data directory directly. Each entry is
              <code>{id, label, body, variables, defaultAgent}</code>.
            </p>
          </section>

          <!-- WORKFLOWS -->
          <section id="workflows" class="docs-section">
            <h2>Workflow templates</h2>
            <figure class="docs-shot">
              <img src="docs/screenshots/13-workflow-templates.png" alt="Workflow templates panel.">
              <figcaption>One-shot recipes that stamp a pre-built terminal layout into the current workspace.</figcaption>
            </figure>
            <p>
              A workflow template is a <strong>one-shot setup recipe</strong> for the current
              workspace. Each template describes a set of terminals, their names, colors, shell,
              and an optional startup command, and a layout (vertical splits or a 2×2 grid).
              Clicking <strong>Launch</strong> closes the terminals you have open, spawns the
              template's terminals in the configured split layout, and fires the startup commands
              after a brief delay so the shells finish initializing first.
            </p>
            <p>Open the Workflows panel from the <strong>Workflows</strong> sidebar button.</p>
            <h3>Built-in workflows</h3>
            <ul class="docs-list">
              <li><strong>Claude Code + Shell</strong>, Claude Code on the left, plain shell on the right (2-pane vertical split).</li>
              <li><strong>Full Stack Dev</strong>, AI agent + Frontend + Backend + Tests in a 2×2 grid.</li>
              <li><strong>Code Review</strong>, AI reviewer + Git pane (2-pane vertical split).</li>
            </ul>
            <p>Built-ins are read-only. Use <strong>Duplicate</strong> on a built-in to get an editable copy with the <code>(copy)</code> suffix.</p>
            <h3>Creating your own</h3>
            <figure class="docs-shot">
              <img src="docs/screenshots/13b-workflow-create.png" alt="New Workflow creation form with name, description, icon, layout, and terminal configuration fields.">
              <figcaption>The New Workflow editor, name it, pick a layout, configure 1–8 terminals, save.</figcaption>
            </figure>
            <p>Click <strong>+ New Workflow</strong> at the bottom of the picker. You get a form for:</p>
            <ul class="docs-list">
              <li><strong>Name</strong> and <strong>Description</strong></li>
              <li><strong>Icon</strong> (Font Awesome solid) and <strong>Layout</strong> (vertical splits or 2×2 grid, the grid requires exactly four terminals to tile cleanly)</li>
              <li><strong>Terminals</strong> (1–8), per terminal: name, startup command (optional), shell, and color</li>
            </ul>
            <p>
              Saved workflows appear with a <strong>Custom</strong> badge in the picker, are
              persisted as part of your session alongside workspaces and prompt templates, and sync
              via the same save mechanism (<code>session.json</code> in your Termpolis data
              directory). You can <strong>edit</strong> or <strong>delete</strong> any custom
              workflow from its row. On Windows, templates that specify <code>bash</code> are
              auto-resolved to Git Bash.
            </p>
            <h3>Difference from workspaces</h3>
            <p>
              Workflows don't <em>own</em> state the way <a href="#workspaces">workspaces</a> do,
              they're a template you apply. After launch, the terminals they spawn live inside
              your current workspace and behave like any other terminals. Closing and re-launching
              the same workflow gives you fresh terminals, not the ones from last time.
            </p>
          </section>

          <!-- CONTEXT -->
          <section id="context" class="docs-section">
            <h2>Context panel</h2>
            <figure class="docs-shot">
              <img src="docs/screenshots/14-context-panel.png" alt="Context panel.">
              <figcaption><kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>E</kbd> toggles it.</figcaption>
            </figure>
            <p>
              The Context panel is Termpolis's answer to the "what does the AI actually know right
              now?" question. It's a sliding pane on the right that shows everything currently in
              scope for the agents you're working with, so you never have to guess whether Claude
              saw the file you just edited, or whether Codex knows which branch you're on.
            </p>
            <h3>What it shows</h3>
            <ul class="docs-list">
              <li><strong>Project root + git branch</strong>, the cwd of the focused terminal and the active branch, so an agent can ground its answers in the right repo state.</li>
              <li><strong>File tree</strong>, collapsible directory view of the project, click to pin a file into context.</li>
              <li><strong>Active agent</strong>, which AI is focused and its model.</li>
              <li><strong>Recent files</strong>, last 20 files the agent (or you) read, edited, or ran. Click to re-open in Monaco's diff view.</li>
              <li><strong>Pinned items</strong>, anything you've pinned: a file, an activity event, a prompt, a memory entry. Pins stay visible across sessions.</li>
              <li><strong>Task chain</strong>, when a swarm is running, the current task, its parent, and its dependencies.</li>
            </ul>
            <h3>Why it's helpful</h3>
            <ul class="docs-list">
              <li><strong>No more "please re-share the file" loops.</strong> Pin it once and every agent can read it.</li>
              <li><strong>Explicit context, not implicit slurp.</strong> Agents only see what you've put here, no silent indexing of your filesystem. Safer for private code.</li>
              <li><strong>Share context across agents.</strong> Pin a spec once and Claude, Codex, Gemini, and Qwen all read from the same truth.</li>
            </ul>
            <h3>How to use it</h3>
            <ol class="docs-list docs-list-ordered">
              <li>Press <kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>E</kbd> to open.</li>
              <li>Click <strong>File tree</strong> to browse; right-click a file → <strong>Pin to context</strong> to make it permanent.</li>
              <li>Right-click any activity feed event → <strong>Pin</strong> to float it to the top.</li>
              <li>When an agent asks "what am I looking at?", it reads from this pane directly via MCP.</li>
              <li>Click the <strong>×</strong> on any pin to remove it; pins save to <code>~/.termpolis/context-pins.json</code>.</li>
            </ol>
          </section>

          <!-- CROSS-AI CONTEXT HANDOFF -->
          <section id="context-handoff" class="docs-section">
            <h2>Cross-AI context handoff &amp; Past AI Sessions</h2>
            <p>
              Open <strong>Past AI Sessions</strong> from the sidebar. Termpolis indexes every
              <code>~/.claude/projects/**/*.jsonl</code> transcript on your machine, shows
              them with project label, age, message count, and size, and lets you continue
              the work in any of the four supported agents — without copy-pasting anything
              by hand. (v1.11.47 added the cross-AI bridge; v1.11.48 fixed the freeze on
              large session histories; v1.11.51 added Inject + Resume-here gating;
              v1.11.52 made the inject paste land as a single bracketed-paste blob.)
            </p>
            <h3>What you can do with a past session</h3>
            <ul class="docs-list">
              <li><strong>Resume natively</strong> — spawns a new terminal at the original cwd and runs <code>claude --resume &lt;session-id&gt;</code>.</li>
              <li><strong>Resume in active shell</strong> — runs the same <code>claude --resume</code> command in the focused plain terminal instead of opening a new tab. Disabled when the focused tab is already an AI agent (so the command doesn't land inside the running agent's input box).</li>
              <li><strong>Continue in another AI</strong> — pick Codex, Gemini, or Qwen from the Continue ▾ menu. Termpolis spawns a fresh terminal at the same cwd, boots the chosen agent, and pastes a synthesised <code>CONTEXT HANDOFF</code> prompt summarising what's been done so the new agent picks up exactly where the old one left off.</li>
              <li><strong>Inject context into the focused AI</strong> — pastes the same handoff prompt into the active AI shell's input box. Disabled for plain shells (where it would just splat into the command line); the tooltip explains why.</li>
            </ul>
            <h3>Pasted as one blob, not a stream of commands</h3>
            <p>
              The handoff prompt is wrapped in xterm bracketed-paste markers
              (<code>ESC[200~ … ESC[201~</code>) and its embedded newlines are normalised to
              <code>\r</code> so the receiving agent treats the whole thing as a single paste
              event rather than dispatching one keypress / submit per embedded line. Result:
              the agent sees one coherent context block, not what previously looked like a
              flurry of random commands.
            </p>
          </section>

          <!-- HISTORY -->
          <section id="history" class="docs-section">
            <h2>History search</h2>
            <figure class="docs-shot">
              <img src="docs/screenshots/15-history-search.png" alt="History search panel.">
              <figcaption>Search every command you've ever run in Termpolis.</figcaption>
            </figure>
            <p>
              Spans every terminal Termpolis has ever opened, not just the current shell's history
              file. Filter by command, cwd, exit code, time range, or shell type. Click a result to
              copy, re-run, or pin to context.
            </p>
          </section>

          <!-- CONVERSATION -->
          <section id="conversation" class="docs-section">
            <h2>Conversation search</h2>
            <figure class="docs-shot">
              <img src="docs/screenshots/16-conversation-search.png" alt="Conversation search panel.">
              <figcaption>The AI-session equivalent of history search, find any prompt, tool call, or answer across every agent you've ever run.</figcaption>
            </figure>
            <p>
              Open with <kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>I</kbd>. Every AI agent session in
              Termpolis, Claude Code, Codex, Gemini CLI, Qwen Code, swarm runs, and the conductor
              itself, is recorded event-by-event to <code>~/.termpolis/activity.jsonl</code>.
              Conversation search is the UI on top of that log.
            </p>
            <h3>What's indexed</h3>
            <ul class="docs-list">
              <li><strong>Prompts</strong>, every user message sent to an agent.</li>
              <li><strong>Assistant messages</strong>, the full reply text, plus intermediate thinking blocks where available.</li>
              <li><strong>Tool calls</strong>, the tool name and arguments (e.g. <code>Edit</code>, <code>Bash</code>, <code>WebSearch</code>).</li>
              <li><strong>Tool results</strong>, the response the agent got back (stdout, file contents, etc.).</li>
              <li><strong>Errors</strong>, anything the agent raised or the pty emitted on stderr.</li>
              <li><strong>Token updates</strong>, periodic snapshots of cumulative input/output tokens.</li>
              <li><strong>Interventions</strong>, every Pause / Cancel / Steer action you took, who took it, and when.</li>
            </ul>
            <h3>Filters</h3>
            <ul class="docs-list">
              <li><strong>Full-text</strong>, matches prompt text, assistant replies, and tool arguments.</li>
              <li><strong>Agent</strong>, narrow to Claude, Codex, Gemini, Qwen, Conductor, or "all".</li>
              <li><strong>Kind</strong>, prompt / tool_call / tool_result / error / message.</li>
              <li><strong>Time range</strong>, last hour, today, last 7 days, or custom.</li>
              <li><strong>Scope</strong>, current terminal only, current session, or all history.</li>
            </ul>
            <h3>Why it's helpful</h3>
            <ul class="docs-list">
              <li><strong>"How did I fix this last time?"</strong>, find the exact prompt and solution from a month ago.</li>
              <li><strong>Audit what an agent actually did.</strong> When something breaks, grep the tool-call log, every <code>Edit</code>, every <code>Bash</code>, every file touched.</li>
              <li><strong>Reuse successful prompts.</strong> Click a hit → <strong>Copy prompt</strong> to rerun it in a fresh session.</li>
              <li><strong>Compare agent answers.</strong> Search the same question across agents to see how Claude, Codex, and Gemini differed.</li>
            </ul>
            <h3>How to use it</h3>
            <ol class="docs-list docs-list-ordered">
              <li>Press <kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>I</kbd>.</li>
              <li>Type a query, e.g. <em>"regex for ISO dates"</em>, <em>"docker-compose error"</em>, <em>"why did claude say no"</em>.</li>
              <li>Narrow with the kind + agent dropdowns if the hit list is noisy.</li>
              <li>Click a result to expand the full event, prompt and answer side by side.</li>
              <li>Use the <strong>Copy prompt</strong>, <strong>Re-run in new session</strong>, or <strong>Pin to context</strong> actions from the hit's kebab menu.</li>
            </ol>
          </section>

          <!-- GIT -->
          <section id="git" class="docs-section">
            <h2>Git panel</h2>
            <figure class="docs-shot">
              <img src="docs/screenshots/17-git-panel.png" alt="Git panel.">
              <figcaption>Staged/unstaged, inline diff, AI-drafted commit messages.</figcaption>
            </figure>
            <p>
              Current branch + ahead/behind, staged &amp; unstaged sections with inline diff, last 50
              commits as a graph, actions for commit/push/pull/fetch/stash/branch switch. Click the
              ✨ next to the commit-message input and an agent drafts a message from the staged diff.
            </p>
            <p>
              Every action runs as a real <code>git</code> command in a spawned process, no
              reimplementation, so you can always drop to the CLI and see the same state.
            </p>
          </section>

          <!-- AGENTS -->
          <section id="agents" class="docs-section">
            <h2>AI agent profiles</h2>
            <p>
              An <strong>agent profile</strong> is a one-click launcher in the sidebar that
              opens a terminal pre-wired for a specific AI CLI: Claude Code, Codex, Gemini CLI,
              or Qwen Code. The profile owns the shell, the working directory, the MCP
              registration, the tab color, and the label. Click the profile and you go from
              "I want to use Claude" to "Claude is open and ready" in one step.
            </p>
            <p>
              <strong>New here?</strong> Read <a href="#api-keys">Before you begin · API keys</a>
              first to set the right env var, then follow
              <a href="#first-agent">Launch your first AI agent</a> for the 5-step walkthrough.
            </p>
            <h3>What ships out of the box</h3>
            <ul class="docs-list">
              <li><strong>Claude Code</strong> — runs <code>claude --dangerously-skip-permissions</code> in interactive mode so the swarm conductor can drive it via MCP.</li>
              <li><strong>Codex</strong> — runs <code>codex --full-auto</code>.</li>
              <li><strong>Gemini CLI</strong> — runs <code>gemini</code>; respects Strict Mode (see <a href="#security-gemini">Gemini account-mode</a>).</li>
              <li><strong>Qwen Code</strong> — runs <code>qwen</code> (Alibaba's Gemini-CLI fork).</li>
            </ul>
            <h3>Install status indicators</h3>
            <p>
              Each profile shows a green check if Termpolis can find the CLI on your PATH and a
              red X if it can't. Click a missing one for the <code>npm install</code> command.
              The check runs every launch — install the CLI, restart Termpolis, the indicator
              flips green.
            </p>
            <h3>Custom profiles</h3>
            <p>
              Click <strong>+</strong> in the AI Agents row to add a profile for any other CLI.
              You name it, point it at the binary (anything in PATH works), pick a shell, color,
              and optional working directory. Custom profiles don't get MCP auto-registration,
              so they participate as plain terminals — fine for tools that don't speak MCP.
            </p>
            <h3>Renaming an agent terminal</h3>
            <p>
              Agent terminals get default names ("Claude Code", "Codex", etc). Right-click the
              terminal tab to rename it, change its color, or swap themes — the underlying
              agent stays put.
            </p>
          </section>

          <!-- MCP -->
          <section id="mcp" class="docs-section">
            <h2>MCP server</h2>
            <h3>What MCP is, in plain English</h3>
            <p>
              MCP (Model Context Protocol) is the channel that lets an AI agent <em>do things</em>
              instead of just <em>print things</em>. With MCP wired up, when you ask Claude
              "open a new terminal in the repo root and run the test suite," it can actually do
              that — open a real Termpolis terminal, type the command, and stream the output back
              into the conversation. Without MCP, the agent could only suggest the command and
              ask you to copy/paste it.
            </p>
            <div class="docs-callout">
              <p>
                <strong>If you're launching agents from inside Termpolis, you don't have to do
                anything.</strong> Termpolis auto-registers itself with each of the four
                supported agents on first launch. The rest of this section is for people who
                want to understand what's running, debug an integration, or wire up a custom
                MCP client.
              </p>
            </div>
            <h3>How it's wired up</h3>
            <p>
              Termpolis runs an MCP server on <code>http://localhost:9315</code> (the port is
              shown in the bottom status bar — if 9315 is taken, Termpolis falls back to the
              next free port and writes the actual port to the data directory). It's bound to
              the loopback interface only and rejects any request without the right bearer
              token, so nothing on your network can reach it.
            </p>
            <h3>Connecting a custom client</h3>
            <p>
              Any MCP-aware client can talk to the server. Register it once in the client's MCP
              config — Termpolis writes a fresh bearer token to <code>mcp-token</code> in the
              data directory (Windows: <code>%APPDATA%\termpolis\</code>, macOS:
              <code>~/Library/Application Support/termpolis/</code>, Linux:
              <code>~/.config/termpolis/</code>) on every launch:
            </p>
            <pre class="docs-code"><code>{
  "mcpServers": {
    "termpolis": {
      "url": "http://localhost:9315",
      "headers": {
        "Authorization": "Bearer &lt;contents of mcp-token&gt;"
      }
    }
  }
}</code></pre>
            <h3>The 17 tools an agent can call</h3>
            <p>
              Each entry below is a function call an MCP-aware agent makes through the protocol —
              not a command you type. Every invocation shows up in the
              <a href="#activity">Activity Feed</a>.
            </p>
            <div class="docs-table-wrap">
              <table class="docs-table">
                <thead><tr><th>Tool</th><th>What the agent does when it calls this</th></tr></thead>
                <tbody>
                  <tr><td colspan="2" style="font-weight:600;color:#7ee2a3;">Terminals</td></tr>
                  <tr><td><code>list_terminals</code></td><td>Enumerate open terminals — find an existing session to work in.</td></tr>
                  <tr><td><code>create_terminal</code></td><td>Spawn a new terminal with a chosen name, shell, and working directory.</td></tr>
                  <tr><td><code>run_command</code></td><td>Run a one-shot command in a terminal (used to start a long-running agent CLI).</td></tr>
                  <tr><td><code>write_to_terminal</code></td><td>Type arbitrary text or control chars into a terminal's stdin (this is how the conductor sends task prompts to other agents).</td></tr>
                  <tr><td><code>read_output</code></td><td>Read the recent output buffer from a terminal.</td></tr>
                  <tr><td><code>close_terminal</code></td><td>Kill the underlying pty and remove the terminal.</td></tr>
                  <tr><td colspan="2" style="font-weight:600;color:#7ee2a3;">Project context</td></tr>
                  <tr><td><code>get_file_tree</code></td><td>Walk the workspace's working directory and return a JSON file tree.</td></tr>
                  <tr><td><code>get_git_status</code></td><td>Summarise the active repo: branch, ahead/behind, staged + unstaged files.</td></tr>
                  <tr><td colspan="2" style="font-weight:600;color:#7ee2a3;">Swarm coordination</td></tr>
                  <tr><td><code>swarm_send_message</code></td><td>Post an inter-agent message (broadcast or directed). Visible in the Messages tab of the Swarm Dashboard.</td></tr>
                  <tr><td><code>swarm_read_messages</code></td><td>Read the message stream — agents poll this to check for handoffs.</td></tr>
                  <tr><td><code>swarm_create_task</code></td><td>Create a task record in the swarm DAG (called by the conductor for every subtask).</td></tr>
                  <tr><td><code>swarm_list_tasks</code></td><td>Enumerate tasks with status filters (pending / in-progress / completed / failed).</td></tr>
                  <tr><td><code>swarm_update_task</code></td><td>Mark a task complete or failed and attach a result summary.</td></tr>
                  <tr><td><code>swarm_list_agents</code></td><td>List the running swarm agent terminals so the conductor can route work.</td></tr>
                  <tr><td colspan="2" style="font-weight:600;color:#7ee2a3;">Shared memory</td></tr>
                  <tr><td><code>memory_write</code></td><td>Persist a labeled memory entry into the <a href="#memory">shared memory</a> store.</td></tr>
                  <tr><td><code>memory_search</code></td><td>RAG search (semantic + keyword) across shared memory.</td></tr>
                  <tr><td><code>memory_list</code></td><td>List recent memory entries with filters.</td></tr>
                </tbody>
              </table>
            </div>
            <h3>Security</h3>
            <ul class="docs-list">
              <li><strong>Bearer token.</strong> A random 256-bit token is generated per app launch and written to <code>mcp-token</code> in the data directory. Every request must include it in the <code>Authorization</code> header.</li>
              <li><strong>Loopback only.</strong> The server binds to <code>127.0.0.1</code> and refuses non-loopback connections.</li>
              <li><strong>Origin checks.</strong> Requests from browser origins are rejected unless explicitly allowlisted.</li>
              <li><strong>Rate limits.</strong> Per-client rate limiting protects the host from a runaway agent loop.</li>
              <li><strong>Audit log.</strong> Every tool call is written to the MCP audit JSONL and emitted as an Activity Feed event.</li>
            </ul>
          </section>

          <!-- SWARM -->
          <section id="swarm" class="docs-section">
            <h2>Swarm dashboard</h2>
            <figure class="docs-shot">
              <img src="docs/screenshots/19-swarm-tasks-tab.png" alt="Swarm tasks tab, the default dashboard view.">
              <figcaption><kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>S</kbd> opens the nerve center for multi-agent work. You land on the Tasks tab.</figcaption>
            </figure>
            <p>
              The dashboard is where you watch a running swarm. Three tabs, each answering a
              different question about the active run.
            </p>
            <figure class="docs-shot">
              <img src="docs/screenshots/20-swarm-messages-tab.png" alt="Swarm messages tab.">
              <figcaption>Messages tab, live stream of every handoff and broadcast between agents.</figcaption>
            </figure>
            <figure class="docs-shot">
              <img src="docs/screenshots/21-swarm-trace-tab.png" alt="Swarm trace tab.">
              <figcaption>Trace tab, the conductor's event timeline for the active run: plan → delegate → watch → merge.</figcaption>
            </figure>
            <h3>What each tab is for</h3>
            <ul class="docs-list">
              <li><strong>Tasks</strong>, answers <em>"where are we?"</em>. Full DAG with Pending / In&nbsp;progress / Completed columns, per-task assignee and status, dependencies drawn as edges. Click a task to see its prompt, the agent's output so far, and the handoff chain.</li>
              <li><strong>Messages</strong>, answers <em>"what are the agents saying?"</em>. Live stream of every handoff, broadcast, and tool result routed between agents. Use this to diagnose "why is Codex waiting?"</li>
              <li><strong>Trace</strong>, answers <em>"what is the conductor thinking?"</em>. Timeline of the conductor's own decisions, planning, re-planning, agent picks, merge calls.</li>
            </ul>
            <h3>How to use it</h3>
            <ol class="docs-list docs-list-ordered">
              <li>Open with <kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>S</kbd> at any time, no swarm needs to be running.</li>
              <li>If no swarm is active, click <strong>Start Swarm</strong> to launch the <a href="#conductor">Start Swarm wizard</a>.</li>
              <li>Switch tabs freely, the dashboard stays scoped to the active run.</li>
              <li>Right-click any task → <strong>Open agent terminal</strong> to drop into that agent's live pty.</li>
              <li>Need to abort? Click the trash icon next to the swarm title to clear all messages and tasks (see below).</li>
            </ol>
            <figure class="docs-shot">
              <img src="docs/screenshots/18-swarm-dashboard.png" alt="Clear Swarm confirmation dialog.">
              <figcaption>Clearing a swarm, the trash icon prompts for confirmation before wiping the current run's tasks and messages.</figcaption>
            </figure>
            <p>
              Clearing does <strong>not</strong> kill the underlying agent pty's. Use the
              <a href="#intervention">intervention controls</a> if you need to stop agents mid-flight
              too.
            </p>
          </section>

          <!-- CONDUCTOR -->
          <section id="conductor" class="docs-section">
            <h2>AI conductor</h2>
            <figure class="docs-shot">
              <img src="docs/screenshots/22-start-swarm-wizard.png" alt="Start swarm wizard.">
              <figcaption>Start Swarm wizard, describe the task, pick your agents, set a budget, choose the working directory.</figcaption>
            </figure>
            <p>
              The conductor is a dedicated Claude Code instance running with a system prompt
              purpose-built for orchestration. When you launch a swarm, it's the conductor that
              reads your task, searches <a href="#memory">shared memory</a> for relevant prior work,
              decomposes the task into subtasks, picks the best-fit agent per subtask (based on
              <a href="#capabilities">capability ratings</a> + current load + cost), delegates via
              <a href="#mcp">MCP</a>, watches progress, and decides when to merge partial results,
              re-plan, or declare done.
            </p>
            <p>
              Not keyword matching, <strong>actual AI reasoning</strong>, because the conductor is
              itself a frontier model. Open its terminal and watch it think live.
            </p>
            <h3>Launching a swarm, step by step</h3>
            <ol class="docs-list docs-list-ordered">
              <li>Press <kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>S</kbd> or click <strong>Start Swarm</strong> on the Welcome screen.</li>
              <li><strong>Task</strong>, describe what you want built in plain English. Be specific; the conductor's decomposition quality scales with your clarity.</li>
              <li><strong>Working directory</strong>, pick the repo the swarm will operate in. All agents inherit this cwd.</li>
              <li><strong>Agents</strong>, toggle which agents are allowed to participate. Unchecked agents won't be assigned work.</li>
              <li><strong>Budget</strong>, optional token and time ceilings. The conductor halts the run and asks you before exceeding.</li>
              <li><strong>Launch</strong>, the wizard spawns the conductor in a hidden terminal and opens the <a href="#swarm">Swarm Dashboard</a>.</li>
            </ol>
            <h3>What happens next</h3>
            <ol class="docs-list docs-list-ordered">
              <li>Conductor reads your task → queries <a href="#memory">shared memory</a> for related prior work.</li>
              <li>Decomposes into a DAG of subtasks with explicit dependencies.</li>
              <li>For each subtask, picks an agent: capability rating × inverse cost × current load.</li>
              <li>Spawns the agent terminal via <code>open_terminal</code> (MCP) and sends the prompt via <code>send_input</code>.</li>
              <li>Watches tool calls + token usage via the Activity Feed; intervenes if an agent stalls or errors out.</li>
              <li>When a task completes, writes the result to shared memory and unblocks dependents.</li>
              <li>When the DAG is done, presents a summary and offers a <a href="#review">swarm review</a>.</li>
            </ol>
            <p>
              Not sure whether your task fits a swarm or a single agent? See the
              <a href="#swarm-vs-single">Swarm vs. single agent</a> decision tree.
            </p>
          </section>

          <!-- ACTIVITY -->
          <section id="activity" class="docs-section">
            <h2>Activity feed</h2>
            <figure class="docs-shot">
              <img src="docs/screenshots/23-activity-feed.png" alt="Activity feed.">
              <figcaption>Observability layer for every agent, every session.</figcaption>
            </figure>
            <p>
              Open from the sidebar (<kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>A</kbd>) or any
              terminal's context menu. Event types: <code>message</code>, <code>tool_call</code>,
              <code>tool_result</code>, <code>token_update</code>, <code>compaction</code>,
              <code>error</code>, <code>status_change</code>, <code>mcp_audit</code>.
            </p>
            <p>
              Three filters combine: full-text search, kind dropdown, agent-type dropdown. Open
              scoped to a terminal or globally across all sessions, scope is labeled in the header.
              Right-click an event → <strong>Pin</strong> to float it to the top of the context panel.
            </p>
          </section>

          <!-- INTERVENTION -->
          <section id="intervention" class="docs-section">
            <h2>Intervention controls</h2>
            <p>Every scoped Activity Feed includes a row of intervention controls above the event list:</p>
            <ul class="docs-list">
              <li><strong>Pause</strong>, sends <code>ESC</code> (0x1B) to the agent's pty.</li>
              <li><strong>Cancel</strong>, sends a single <code>Ctrl+C</code> (0x03).</li>
              <li><strong>Interrupt</strong>, sends double <code>Ctrl+C</code> (0x03 0x03), hard stop.</li>
              <li><strong>Steer</strong>, type a new instruction and send it directly to the agent's stdin.</li>
            </ul>
            <p>
              Every agent is a pty, so writing control chars or text to stdin is the fastest, most
              reliable way to take over. No new IPC surface. Each intervention is logged as an event
             , full audit trail of every mid-flight correction.
            </p>
          </section>

          <!-- REVIEW -->
          <section id="review" class="docs-section">
            <h2>Swarm review</h2>
            <p>
              When a task requires review before handoff (default for code-review tasks), the
              conductor pauses and opens the <strong>Swarm Review Panel</strong>, task title,
              assignee output, diff if applicable, and three buttons: <strong>Approve</strong>,
              <strong>Request Changes</strong>, <strong>Reject</strong>, plus an optional comment.
            </p>
            <p>
              Approve hands off downstream. Request Changes reassigns to the same agent with your
              comment. Reject drops the output and re-plans.
            </p>
          </section>

          <!-- MEMORY -->
          <section id="memory" class="docs-section">
            <h2>Shared memory (RAG)</h2>
            <p>A cross-agent memory store backed by JSONL + embeddings. Any agent can:</p>
            <ul class="docs-list">
              <li><strong>Write</strong> via <code>memory_write</code>, stores <code>{label, content, tags, terminalId, ts}</code> plus an embedding from Ollama's <code>nomic-embed-text</code>.</li>
              <li><strong>Search</strong> via <code>memory_search</code>, cosine similarity over embeddings, blended with keyword overlap.</li>
              <li><strong>List</strong> via <code>memory_list</code>, recent entries with filters.</li>
            </ul>
            <p>
              Why it matters: when Claude figures out your auth module, Codex shouldn't have to
              figure it out again. Memory is context-sharing at the swarm level. Lives at
              <code>~/.termpolis/swarm-memory.jsonl</code>, plain text.
            </p>
          </section>

          <!-- OBSERVABILITY -->
          <section id="observability-docs" class="docs-section">
            <h2>Observability</h2>
            <p>A full observability stack for AI work, the "watchers" system. A lightweight in-process event bus that watches for:</p>
            <ul class="docs-list">
              <li><strong>Stuck sessions</strong>, agent silent for &gt; N seconds.</li>
              <li><strong>Error cascades</strong>, repeated errors in a short window.</li>
              <li><strong>Redundancy</strong>, two agents doing overlapping work.</li>
              <li><strong>Efficiency</strong>, rolling token-cost-per-task average.</li>
            </ul>
            <p>Watchers surface alerts in the status bar, activity feed, or system notifications. Thresholds tunable in settings.</p>
          </section>

          <!-- STATUS BAR -->
          <section id="status-bar" class="docs-section">
            <h2>Status bar</h2>
            <figure class="docs-shot">
              <img src="docs/screenshots/24-status-bar.png" alt="Status bar at the bottom of the window.">
              <figcaption>Active workspace, git branch, agents, swarm status, tokens, MCP health.</figcaption>
            </figure>
            <p>
              Bottom strip, left to right: workspace + git branch, focused terminal's shell + cwd,
              active-agents summary, swarm progress %, session-wide token counter, watcher
              notifications, MCP server indicator (green = healthy).
            </p>
          </section>

          <!-- SHORTCUTS -->
          <section id="shortcuts" class="docs-section">
            <h2>Keyboard shortcuts</h2>
            <div class="docs-table-wrap">
              <table class="docs-table">
                <thead>
                  <tr><th>Action</th><th>Windows / Linux</th><th>macOS</th></tr>
                </thead>
                <tbody>
                  <tr><td>New terminal</td><td><kbd>Ctrl</kbd>+<kbd>T</kbd></td><td><kbd>⌘</kbd>+<kbd>T</kbd></td></tr>
                  <tr><td>Close focused terminal</td><td><kbd>Ctrl</kbd>+<kbd>W</kbd></td><td><kbd>⌘</kbd>+<kbd>W</kbd></td></tr>
                  <tr><td>Next tab</td><td><kbd>Ctrl</kbd>+<kbd>Tab</kbd></td><td><kbd>⌘</kbd>+<kbd>]</kbd></td></tr>
                  <tr><td>Previous tab</td><td><kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>Tab</kbd></td><td><kbd>⌘</kbd>+<kbd>[</kbd></td></tr>
                  <tr><td>Jump to tab N</td><td><kbd>Ctrl</kbd>+<kbd>1…9</kbd></td><td><kbd>⌘</kbd>+<kbd>1…9</kbd></td></tr>
                  <tr><td>Split horizontal</td><td><kbd>Ctrl</kbd>+<kbd>\</kbd></td><td><kbd>⌘</kbd>+<kbd>\</kbd></td></tr>
                  <tr><td>Split vertical</td><td><kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>\</kbd></td><td><kbd>⌘</kbd>+<kbd>⇧</kbd>+<kbd>\</kbd></td></tr>
                  <tr><td>Focus adjacent pane</td><td><kbd>Alt</kbd>+<kbd>Arrow</kbd></td><td><kbd>⌥</kbd>+<kbd>Arrow</kbd></td></tr>
                  <tr><td>Command palette</td><td><kbd>Ctrl</kbd>+<kbd>K</kbd></td><td><kbd>⌘</kbd>+<kbd>K</kbd></td></tr>
                  <tr><td>Settings</td><td><kbd>Ctrl</kbd>+<kbd>,</kbd></td><td><kbd>⌘</kbd>+<kbd>,</kbd></td></tr>
                  <tr><td>Prompt templates</td><td><kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>P</kbd></td><td><kbd>⌘</kbd>+<kbd>⇧</kbd>+<kbd>P</kbd></td></tr>
                  <tr><td>Workflow templates</td><td><kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>F</kbd></td><td><kbd>⌘</kbd>+<kbd>⇧</kbd>+<kbd>F</kbd></td></tr>
                  <tr><td>Context panel</td><td><kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>E</kbd></td><td><kbd>⌘</kbd>+<kbd>⇧</kbd>+<kbd>E</kbd></td></tr>
                  <tr><td>History search</td><td><kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>H</kbd></td><td><kbd>⌘</kbd>+<kbd>⇧</kbd>+<kbd>H</kbd></td></tr>
                  <tr><td>Conversation search</td><td><kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>I</kbd></td><td><kbd>⌘</kbd>+<kbd>⇧</kbd>+<kbd>I</kbd></td></tr>
                  <tr><td>Git panel</td><td><kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>G</kbd></td><td><kbd>⌘</kbd>+<kbd>⇧</kbd>+<kbd>G</kbd></td></tr>
                  <tr><td>Activity feed</td><td><kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>A</kbd></td><td><kbd>⌘</kbd>+<kbd>⇧</kbd>+<kbd>A</kbd></td></tr>
                  <tr><td>Swarm dashboard</td><td><kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>S</kbd></td><td><kbd>⌘</kbd>+<kbd>⇧</kbd>+<kbd>S</kbd></td></tr>
                  <tr><td>New workspace</td><td><kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>N</kbd></td><td><kbd>⌘</kbd>+<kbd>⇧</kbd>+<kbd>N</kbd></td></tr>
                  <tr><td>Paste</td><td><kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>V</kbd></td><td><kbd>⌘</kbd>+<kbd>V</kbd></td></tr>
                  <tr><td>Zoom in / out</td><td><kbd>Ctrl</kbd>+<kbd>=</kbd> / <kbd>Ctrl</kbd>+<kbd>-</kbd></td><td><kbd>⌘</kbd>+<kbd>=</kbd> / <kbd>⌘</kbd>+<kbd>-</kbd></td></tr>
                  <tr><td>Reset zoom</td><td><kbd>Ctrl</kbd>+<kbd>0</kbd></td><td><kbd>⌘</kbd>+<kbd>0</kbd></td></tr>
                </tbody>
              </table>
            </div>
          </section>

          <!-- ARCHITECTURE -->
          <section id="architecture" class="docs-section">
            <h2>Architecture</h2>
            <pre class="docs-pre">┌─────────────────────────────────────────────────────┐
│  Renderer (React)                                   │
│  ├── Sidebar, Terminals, Panels                     │
│  ├── Activity Feed (observability UI)               │
│  ├── Swarm Dashboard + Conductor view               │
│  └── IPC client → window.termpolis bridge           │
└──────────────────┬──────────────────────────────────┘
                   │  Electron IPC
┌──────────────────▼──────────────────────────────────┐
│  Main process (Node)                                │
│  ├── Terminal manager (node-pty)                    │
│  ├── Session persistence (session.json)             │
│  ├── Git adapter                                    │
│  ├── MCP server (HTTP, 17 tools)                    │
│  ├── Swarm memory (JSONL + embeddings)              │
│  ├── AI conductor (spawns Claude Code as a child)   │
│  └── Watchers (event bus + alerts)                  │
└──────────────────┬──────────────────────────────────┘
                   │  localhost:48211 (MCP)
┌──────────────────▼──────────────────────────────────┐
│  AI agents (Claude, Codex, Gemini, Qwen Code)       │
│  Each in its own pty-backed terminal                │
└─────────────────────────────────────────────────────┘</pre>
            <p><strong>Tech stack:</strong> Electron 29, React 18, TypeScript 5, Vite 5 (electron-vite), node-pty, xterm.js, Vitest (2100+ tests, &gt;90% line coverage), Playwright, electron-builder, Azure Trusted Signing, notarytool.</p>
          </section>

          <!-- TROUBLESHOOTING -->
          <section id="troubleshooting" class="docs-section">
            <h2>Troubleshooting</h2>
            <p class="docs-callout">
              <strong>Found a bug that isn't here?</strong>
              <a href="https://github.com/codedev-david/termpolis/issues/new?template=bug_report.md" target="_blank" rel="noreferrer">Open an issue on GitHub →</a>
              Include your OS + version, Termpolis version (Settings → About), and the most recent entries from <code>~/.termpolis/logs/</code>.
            </p>

            <h3>Installation &amp; first-run</h3>
            <p><strong>Windows: "Windows protected your PC" SmartScreen warning.</strong> Click <strong>More info</strong> → <strong>Run anyway</strong>. Termpolis is code-signed (SSL.com), but newly signed builds need reputation time before SmartScreen stops flagging them. The warning disappears once enough people download the release.</p>
            <p><strong>macOS: "Termpolis is damaged and can't be opened."</strong> Gatekeeper couldn't verify the signature, usually a partial download. Re-download the DMG from GitHub Releases, verify the file size matches, and mount again. If it still fails, open <strong>System Settings → Privacy &amp; Security</strong>, scroll to the bottom, and click <strong>Open Anyway</strong> next to the Termpolis entry.</p>
            <p><strong>macOS: "Permission denied" when launching a terminal.</strong> Grant Termpolis <strong>Full Disk Access</strong> in System Settings → Privacy &amp; Security → Full Disk Access. Re-launch after granting.</p>
            <p><strong>Linux: AppImage won't run.</strong> Mark it executable: <code>chmod +x Termpolis-*.AppImage</code>. On systems with hardened FUSE, extract and run the inner binary: <code>./Termpolis-*.AppImage --appimage-extract &amp;&amp; ./squashfs-root/termpolis</code>.</p>
            <p><strong>Linux: .deb fails with &ldquo;Permission denied / pkgAcquireRun: 13&rdquo;.</strong> apt&rsquo;s sandboxed <code>_apt</code> user can&rsquo;t read files in your home directory on Ubuntu 22.04+. Install with <code>dpkg</code> instead, which doesn&rsquo;t drop privileges: <code>sudo dpkg -i ./termpolis_*.deb</code>. v1.11.30+ ships a postinst that auto-runs <code>apt-get install -f -y</code> to resolve any missing dependencies, so a single <code>dpkg -i</code> is now enough.</p>
            <p><strong>Linux: window opens as a blank black box.</strong> Common on Ubuntu setups with NVIDIA proprietary drivers or some Wayland compositors &mdash; Chromium&rsquo;s GPU process initializes but fails to compose output. v1.11.30+ ships <code>--no-sandbox --disable-gpu</code> baked into the .desktop launcher so the dock icon Just Works on these systems. If you launch the binary directly from a shell on an older build, pass the same flags: <code>/opt/Termpolis/termpolis --no-sandbox --disable-gpu</code>. <code>TERMPOLIS_DISABLE_GPU=1 termpolis</code> remains as an env-var escape hatch.</p>
            <p><strong>Data directory didn't appear.</strong> Termpolis creates it on first run, make sure you actually clicked "Open" rather than dismissing the first-launch dialog. Paths: <code>%APPDATA%\termpolis\</code> (Windows), <code>~/Library/Application Support/termpolis/</code> (macOS), <code>~/.config/termpolis/</code> (Linux).</p>

            <h3>Terminals</h3>
            <p><strong>Terminal won't start.</strong> Check the shell path in Settings → Shells. On Windows, PowerShell 7 lives at <code>C:\Program Files\PowerShell\7\pwsh.exe</code>; WSL needs <code>wsl.exe</code> on PATH. On macOS, if <code>/bin/zsh</code> gives "permission denied", re-grant Termpolis Full Disk Access, launchd blocks unsigned/unapproved apps from spawning shells by default.</p>
            <p><strong>Terminal hangs on first prompt.</strong> Your shell's startup files (<code>.bashrc</code>, <code>.zshrc</code>, PowerShell <code>$PROFILE</code>) may be waiting on input or hitting a slow network check. Open the shell outside Termpolis to confirm; the fix is in your dotfiles, not the app.</p>
            <p><strong>Output looks garbled / escape codes show as text.</strong> The shell detected a non-TTY environment. Make sure the <strong>Agent profile</strong> field is empty if you're launching a plain shell. Settings → Shells → Reset defaults fixes most cases.</p>
            <p><strong>Copy/paste shortcuts don't work.</strong> On Windows/Linux, use <kbd>Ctrl</kbd> + <kbd>Shift</kbd> + <kbd>C</kbd> / <kbd>V</kbd> inside terminals (bare <kbd>Ctrl</kbd> + <kbd>C</kbd> sends SIGINT). On macOS, <kbd>⌘</kbd> + <kbd>C</kbd> / <kbd>V</kbd> work everywhere.</p>
            <p><strong>Font looks wrong / icons are boxes.</strong> The app ships its own icon font, but if it failed to load (usually due to a theme override), re-select a built-in theme or run <strong>Reset theme</strong> from Settings → Themes.</p>

            <h3>Agents &amp; CLI tools</h3>
            <p><strong>Agent launch button fails silently.</strong> The CLI isn't on your PATH. Run <code>claude --version</code> (or <code>codex</code>, <code>gemini</code>, <code>qwen</code>) in a Termpolis terminal to confirm. On macOS, GUI-launched apps don't always inherit <code>$PATH</code>, restart Termpolis after updating <code>~/.zprofile</code> (not just <code>~/.zshrc</code>), or relaunch from Terminal with <code>open -a Termpolis</code>.</p>
            <p><strong>Wrong <code>claude</code> / <code>codex</code> binary runs.</strong> If you've installed the CLI via multiple package managers (Homebrew, npm, cargo), PATH order decides the winner. Use <code>which claude</code> to see which one Termpolis will launch. Override per-agent in Settings → Agents.</p>
            <p><strong>Agent exits with "API key not set".</strong> Each agent's env vars come from the login shell, not from a <code>.env</code> in your workspace. Put <code>export ANTHROPIC_API_KEY=...</code> in <code>~/.zprofile</code> / <code>~/.bash_profile</code> / PowerShell <code>$PROFILE</code>, then relaunch Termpolis.</p>

            <h3>Swarm, MCP, and memory</h3>
            <p><strong>MCP indicator in status bar is red.</strong> The MCP server failed to start. Check <code>~/.termpolis/logs/mcp.log</code>. Common causes:</p>
            <ul class="docs-list">
              <li><strong>Port 48211 already in use</strong>, another instance or a crashed process still owns it. Kill stray <code>termpolis</code> processes, or change the port in Settings → Advanced.</li>
              <li><strong>Firewall blocking localhost</strong>, rare but possible. Add an exception for the Termpolis binary.</li>
              <li><strong>Token file write failed</strong>, <code>~/.termpolis/mcp-token</code> couldn't be written. Fix directory permissions (<code>chmod 700 ~/.termpolis</code>).</li>
            </ul>
            <p><strong>Swarm conductor doesn't launch.</strong> The conductor spawns a Claude Code child process that needs <code>claude</code> on PATH. Watch <code>~/.termpolis/logs/conductor.log</code> for startup output.</p>
            <p><strong>Swarm hangs mid-task / agents stop posting activity.</strong> Open Activity Feed, if the agent is running but not emitting events, its MCP connection may have dropped. Use <strong>Pause → Reset session</strong> in the Swarm Dashboard to recover. If a specific agent repeatedly drops, its MCP token probably expired, restart Termpolis for fresh tokens.</p>
            <p><strong>Memory search returns nothing.</strong> Embeddings require Ollama with <code>nomic-embed-text</code> pulled. Run <code>ollama serve</code> and <code>ollama pull nomic-embed-text</code>. New writes will succeed; historical keyword-only entries still match.</p>

            <h3>Updates &amp; performance</h3>
            <p><strong>Update notification appears but the update doesn't install.</strong> The auto-updater needs write access to the app bundle. On Windows, run the installer manually from GitHub Releases if the in-app updater fails. On macOS, drag the new DMG contents over the existing app. On Linux, download and replace the AppImage.</p>
            <p><strong>App is slow to start / very high memory.</strong> A corrupted session file occasionally causes runaway restoration. Back up <code>session.json</code> in your data directory, delete it, and relaunch, you lose restored workspace state but get a clean baseline.</p>
            <p><strong>Terminal scrollback is sluggish.</strong> Default xterm scrollback is 10,000 lines. If you've pasted very large logs, scrolling slows down. Settings → Terminals → Clear scrollback resets without restarting.</p>

            <h3>Session corruption &amp; reset</h3>
            <p><strong>App opens to a blank screen.</strong> Sign of a broken <code>session.json</code>. Close Termpolis, rename <code>session.json</code> in the data directory, relaunch, the app creates a fresh session. Workspaces will be empty but the app is usable again; the old file is preserved for diffing later.</p>
            <p><strong>Reset everything.</strong> Close Termpolis, delete the entire data directory (see <a href="#install">Installation</a>), relaunch. Wipes workspaces, settings, themes, prompt templates, custom workflows, swarm history, and memory.</p>

            <h3>Reporting a bug</h3>
            <p>If none of the above fixes your problem, <a href="https://github.com/codedev-david/termpolis/issues/new?template=bug_report.md" target="_blank" rel="noreferrer">open an issue</a>. Please include:</p>
            <ol class="docs-list docs-list-ordered">
              <li>OS + version (e.g., Windows 11 23H2, macOS 14.3, Ubuntu 22.04).</li>
              <li>Termpolis version (Settings → About).</li>
              <li>Steps to reproduce, as minimal as you can make them.</li>
              <li>Relevant log tail from <code>~/.termpolis/logs/</code> (main log plus <code>mcp.log</code> or <code>conductor.log</code> if swarm/MCP-related).</li>
              <li>A screenshot or short screen recording if it's a UI bug.</li>
            </ol>
          </section>

          <footer class="docs-footer">
            <p>Termpolis is open source, <a href="https://github.com/codedev-david/termpolis" target="_blank" rel="noreferrer">view on GitHub</a>. If it's useful to you, consider <a href="https://github.com/sponsors/codedev-david" target="_blank" rel="noreferrer">sponsoring the project</a>.</p>
          </footer>
        </article>
      </main>
    </div>
  </div>

  <script src="docs.js"></script>
</body>
</html>